---

- name: (apt.yml) update configuration file - /etc/apt/sources.list
  template:
    src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
    dest: /etc/apt/sources.list
    owner: root
    group: root
    mode: 0644
  register: apt_config_updated
  when:
    - ansible_facts['distribution'] == "Debian"
    - apt_manage_sources_list|bool
  tags:
    - apt-configuration

- name: (apt.yml) apt update
  apt:
    update_cache: true
    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
  when: apt_update|bool
  tags:
    - apt-update
    - apt-upgrade
    - apt-dpkg-configure
    - apt-initial-install
    - apt-microcode
    - apt-compiler-pkgs
    - apt-webserver-pkgs

- name: (apt.yml) dpkg --configure
  command: >
    dpkg --configure -a
  args:
    warn: false
  changed_when: _dpkg_configure.stdout_lines | length
  register: _dpkg_configure
  when: apt_dpkg_configure|bool
  tags:
    - apt-dpkg-configure
    - apt-initial-install
    - apt-microcode
    - apt-compiler-pkgs
    - apt-webserver-pkgs

- name: (apt.yml) apt upgrade
  apt:
    upgrade: "{{ apt_upgrade_type }}"
    update_cache: true
    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
  when: apt_upgrade|bool
  tags:
    - apt-upgrade
    - apt-initial-install
    - apt-microcode
    - apt-compiler-pkgs
    - apt-webserver-pkgs

- name: (apt.yml) Initial install debian packages (stretch)
  apt:
    name: "{{ apt_initial_install_stretch }}"
    state: "{{ apt_install_state }}"
  when:
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version'] == "9"
  tags:
    - apt-initial-install

- name: (apt.yml) Initial install debian packages (buster)
  apt:
    name: "{{ apt_initial_install_buster }}"
    state: "{{ apt_install_state }}"
  when:
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version'] == "10"
  tags:
    - apt-initial-install

- name: (apt.yml) Initial install ubuntu packages (bionic)
  apt:
    name: "{{ apt_initial_install_bionic }}"
    state: "{{ apt_install_state }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "bionic"
  tags:
    - apt-initial-install

- name: (apt.yml) Initial install ubuntu packages (xenial)
  apt:
    name: "{{ apt_initial_install_xenial }}"
    state: "{{ apt_install_state }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "xenial"
  tags:
    - apt-initial-install

- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
  apt:
    name: "{{ microcode_package }}"
    state: present
    default_release: "{{ ansible_distribution_release }}-backports"
  when:
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version'] == "9"
    - ansible_facts['processor']|string is search("Intel")
  tags:
    - apt-initial-install
    - apt-microcode

- name: (apt.yml) Install CPU microcode (debian buster)
  apt:
    name: "{{ microcode_package }}"
    state: present
    default_release: "{{ ansible_distribution_release }}"
  when:
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version'] == "10"
    - ansible_facts['processor']|string is search("Intel")
  tags:
    - apt-initial-install
    - apt-microcode

- name: (apt.yml) Install CPU microcode (ubuntu bionic)
  apt:
    name: "{{ microcode_package }}"
    state: present
    default_release: "{{ ansible_distribution_release }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "bionic"
    - ansible_facts['processor']|string is search("Intel")
  tags:
    - apt-initial-install
    - apt-microcode

- name: (apt.yml) Install CPU microcode (ubuntu xenial)
  apt:
    name: "{{ microcode_package }}"
    state: present
    default_release: "{{ ansible_distribution_release }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "xenial"
    - ansible_facts['processor']|string is search("Intel")
  tags:
    - apt-initial-install
    - apt-microcode

- name: (apt.yml) Remove unwanted packages
  apt:
    name: "{{ apt_remove }}"
    state: absent
    purge: "{{ apt_remove_purge }}"
  tags:
    - apt-remove

- name: (apt.yml) autoremove
  apt:
    autoremove: true
    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
  when: apt_autoremove|bool
  tags:
    - apt-autoremove
    - apt-initial-install
    - apt-microcode
    - apt-compiler-pkgs
    - apt-webserver-pkgs

- name: (apt.yml) clean
  command: apt-get -y clean
  args:
    warn: false
  changed_when: false
  when: apt_clean|bool
  tags:
    - apt-clean
    - apt-initial-install
    - apt-microcode
    - apt-compiler-pkgs
    - apt-mysql-server-pkgs
    - apt-webserver-pkgs