⚰️ Remove apt-update cronjob and standardise apt cleanup syntax

deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml

@@ -36,12 +36,6 @@ write_files:
     content: |
       Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000";
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/cron.d/push-to-internal-mirrors"
     permissions: "0644"
     content: |
@@ -167,12 +161,15 @@ ntp:
 
 runcmd:
   # Suppress apt prompts and warning messages
-  - export DEBIAN_FRONTEND=noninteractive
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
 
-  # Upgrade installation then clean up
-  - echo ">=== Upgrade and clean up apt-get packages... ===<"
-  - apt-get -y upgrade
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
   - apt-get clean
+  - apt --fix-broken install
 
   # Set up and partition data disk
   - echo ">=== Setting up local disk... ===<"

deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml

@@ -90,12 +90,6 @@ write_files:
           macos
           freebsd
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/cron.d/push-to-internal-mirrors"
     permissions: "0644"
     content: |
@@ -243,12 +237,15 @@ ntp:
 
 runcmd:
   # Suppress apt prompts and warning messages
-  - export DEBIAN_FRONTEND=noninteractive
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
 
-  # Upgrade installation then clean up
-  - echo ">=== Upgrade and clean up apt-get packages... ===<"
-  - apt-get -y upgrade
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
   - apt-get clean
+  - apt --fix-broken install
 
   # Set up and partition data disk
   - echo ">=== Setting up local disk... ===<"

deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml

@@ -33,12 +33,6 @@ write_files:
     content: |
       Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000";
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: /var/local/cran-mirror-apache.conf
     permissions: "0644"
     content: |
@@ -78,7 +72,15 @@ ntp:
 
 runcmd:
   # Suppress apt prompts and warning messages
-  - export DEBIAN_FRONTEND=noninteractive
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
+
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
+  - apt-get clean
+  - apt --fix-broken install
 
   # Show authorised SSH keys
   - echo ">=== Authorised SSH keys... ===<"

deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml

@@ -33,12 +33,6 @@ write_files:
     content: |
       Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000";
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/systemd/system/pypiserver.service"
     content: |
       [Unit]
@@ -175,7 +169,15 @@ ntp:
 
 runcmd:
   # Suppress apt prompts and warning messages
-  - export DEBIAN_FRONTEND=noninteractive
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
+
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
+  - apt-get clean
+  - apt --fix-broken install
 
   # Show authorised SSH keys
   - echo ">=== Authorised SSH keys... ===<"

deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-proxy.mustache.yaml

@@ -6,12 +6,6 @@ write_files:
     content: |
       Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000";
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/nexus/docker-compose.yaml"
     permissions: "0400"
     content: |
@@ -75,6 +69,17 @@ users:
     sudo: false        # This user will not have sudo privileges
 
 runcmd:
+  # Suppress apt prompts and warning messages
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
+
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
+  - apt-get clean
+  - apt --fix-broken install
+
   # Ensure that Docker is running and enabled at startup
   - echo ">=== Configuring Docker... ===<"
   - systemctl enable docker

deployment/safe_haven_management_environment/cloud_init/cloud-init-update-server-linux.mustache.yaml

@@ -1,12 +1,6 @@
 #cloud-config
 
 write_files:
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/squid-deb-proxy/mirror-dstdomain.acl.d/20-data-safe-haven"
     content: |
       # Additional mirror domains that are allowed by this cache
@@ -38,6 +32,17 @@ package_update: true
 package_upgrade: true
 
 runcmd:
+  # Suppress apt prompts and warning messages
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
+
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
+  - apt-get clean
+  - apt --fix-broken install
+
   # Remove the unnecessary squid service and prevent it from running
   - service squid stop
   - systemctl disable -f squid

deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml

@@ -12,12 +12,6 @@ write_files:
     content: |
       {{audit.rules}}
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/pip.conf"
     permissions: "0444"
     content: |

deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml

@@ -12,12 +12,6 @@ write_files:
     content: |
       {{audit.rules}}
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/opt/codimd/docker-compose.yml"
     permissions: "0400"
     content: |

deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml

@@ -12,12 +12,6 @@ write_files:
     content: |
       {{audit.rules}}
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/gitlab/gitlab.rb"
     permissions: "0600"
     content: |

deployment/secure_research_environment/cloud_init/cloud-init-guacamole.mustache.yaml

@@ -11,12 +11,6 @@ write_files:
     content: |
       {{audit.rules}}
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/cron.d/ldap-db-sync"
     permissions: "0644"
     content: |
@@ -100,20 +94,22 @@ runcmd:
   - DEBIAN_FRONTEND=noninteractive
   - export DEBIAN_FRONTEND
 
-  # Install pg-ldap-sync
-  - echo ">=== Installing pg-ldap-sync... ===<"
-  - gem install pg-ldap-sync
-
   # Clean up installation
   - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
   - apt-get -y autoremove
   - apt-get clean
+  - apt --fix-broken install
 
   # Ensure that auditd is running and enabled at startup
   - echo ">=== Enabling auditd services... ===<"
   - systemctl start auditd
   - systemctl enable auditd
 
+  # Install pg-ldap-sync
+  - echo ">=== Installing pg-ldap-sync... ===<"
+  - gem install pg-ldap-sync
+
   # Ensure that Docker is running and enabled at startup
   - echo ">=== Configuring Docker... ===<"
   - systemctl enable docker

deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml

@@ -42,12 +42,6 @@ write_files:
     content: |
       {{audit.rules}}
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/cron.d/ldap-db-sync"
     permissions: "0644"
     content: |
@@ -199,6 +193,17 @@ manage_etc_hosts: true
 prefer_fqdn_over_hostname: true
 
 runcmd:
+  # Suppress apt prompts and warning messages
+  - DEBIAN_FRONTEND=noninteractive
+  - export DEBIAN_FRONTEND
+
+  # Clean up installation
+  - echo ">=== Cleaning up apt-get packages... ===<"
+  - apt update
+  - apt-get -y autoremove
+  - apt-get clean
+  - apt --fix-broken install
+
   # Ensure that auditd is running and enabled at startup
   - echo ">=== Enabling auditd services... ===<"
   - systemctl start auditd

deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml

@@ -60,12 +60,6 @@ write_files:
       OnAccessExcludeUname clamav
       OnAccessExcludeRootUID yes
 
-  - path: "/etc/cron.d/apt-update"
-    permissions: "0644"
-    content: |
-      # Run every day at 01:45
-      45 1 * * * root  apt update
-
   - path: "/etc/cron.d/clamav-update"
     permissions: "0644"
     content: |