---
# tasks for all hosts

- hosts: all
  become: true

  vars:
    ansible_python_interpreter: /usr/bin/python3

  roles:
    - role: ansible.timezone
      vars:
        ag_timezone: "{{ timezone }}"
    - role: users

  tasks:
    - name: Update and clean package cache
      apt:
        update_cache: true
        cache_valid_time: 3600
        autoclean: true
      changed_when: false

    - name: Ensure unattended-upgrades is installed and up to date
      apt:
        name: unattended-upgrades
        state: present

    - name: Setup unattended-upgrades
      include_role:
        name: hifis.unattended_upgrades
      vars:
        unattended_origins_patterns:
          - "origin=${ distro_id },archive=${ distro_codename }-security"
          - "origin=${ distro_id },archive=${ distro_codename }-updates"
        unattended_package_blacklist: [cowsay]
        unattended_mail: "root"
        unattended_mail_only_on_error: true
        unattended_syslog_enable: true

    - name: Install some common software packages
      ansible.builtin.apt:
        state: present
        name:
          - molly-guard
          - mc
          - bsd-mailx