---
- name: update and cleanup
  apt:
    update_cache: yes
    cache_valid_time: 600
    upgrade: dist
    autoclean: true
    autoremove: true
  tags:
  - update

- name: install unattended upgrades
  apt:
    name: unattended-upgrades
    purge: yes
    state: "{% if update.unattended %}present{% else %}absent{% endif %}"

- name: configure unattended upgrades
  when: update.unattended
  ansible.builtin.copy:
    src: "50unattended-upgrades"
    dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
    owner: root
    group: root
    mode: 0644

- name: overwrite apt-daily.timer
  when: update.unattended
  ansible.builtin.template:
    src: "apt-daily.timer.j2"
    dest: "/etc/systemd/system/apt-daily.timer"
    owner: root
    group: root
    mode: 0644
  notify:
  - restart apt-daily.timer

- name: overwrite apt-daily-upgrade.timer
  when: update.unattended
  ansible.builtin.template:
    src: "apt-daily-upgrade.timer.j2"
    dest: "/etc/systemd/system/apt-daily-upgrade.timer"
    owner: root
    group: root
    mode: 0644
  notify:
  - restart apt-daily-upgrade.timer

- name: enable auto upgrades
  when: update.unattended
  ansible.builtin.copy:
    src: "/usr/share/unattended-upgrades/20auto-upgrades"
    dest: "/etc/apt/apt.conf.d/20auto-upgrades"
    owner: root
    group: root
    mode: 0644
    remote_src: yes

- name: clean
  command: apt-get clean
  changed_when: False
  tags:
  - update