---
# tasks for all hosts

- hosts: all
  become: true

  vars:
    ansible_python_interpreter: /usr/bin/python3

  roles:
    - role: ansible.timezone

  tasks:
    - name: Update and clean package cache
      apt:
        update_cache: true
        cache_valid_time: 3600
        autoclean: true
      changed_when: false

    - name: Ensure unattended-upgrades is installed and up to date
      apt:
        name: unattended-upgrades
        state: present

    - name: Setup unattended-upgrades
      include_role:
        name: hifis.unattended_upgrades
      vars:
        unattended_origins_patterns:
          - "origin=Debian,archive={{ ansible_distribution_release }}-security"
          - "o=Debian,a={{ ansible_distribution_release }}-updates"
        unattended_package_blacklist: [cowsay]
        unattended_mail: "root"

    - name: Setup users
      include_role:
        name: users