puppet: Tell needrestart to not default to restarting core services.

The `needrestart` tool added in 22.04 is useful in terms of listing
which services may need to be restarted to pick up updated libraries.
However, it prompts about the current state of services needing
restart for *every* subsequent `apt-get upgrade`, and defaulting core
services to restarting requires carefully manually excluding them
every time, at risk of causing an unscheduled outage.

Build a list of default-off services based on the list in
unattended-upgrades.

puppet/zulip_ops/files/needrestart/zulip.conf

@@ -0,0 +1,11 @@
+# -*-cperl-*-
+my @ignore = (
+    qr/^memcached\.service$/,
+    qr/^nginx\.service$/,
+    qr/^postgresql(@[0-9a-zA-Z_-]+)?.service$/,
+    qr/^rabbitmq-server\.service$/,
+    qr/^redis-server\.service$/,
+    qr/^supervisor\.service$/,
+);
+
+$nrconf{override_rc}{$_} = 0 for @ignore;

puppet/zulip_ops/manifests/profile/base.pp

@@ -51,6 +51,13 @@ class zulip_ops::profile::base {
     mode   => '0644',
     source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/50unattended-upgrades',
   }
+  if $::os['distro']['release']['major'] == '22.04' {
+    file { '/etc/needrestart/conf.d/zulip.conf':
+      ensure => file,
+      mode   => '0644',
+      source => 'puppet:///modules/zulip_ops/needrestart/zulip.conf',
+    }
+  }
 
   file { '/home/zulip/.ssh':
     ensure  => directory,