---
- hosts: all
  become: true

  vars:
    ansible_python_interpreter: /usr/bin/python3

  roles:
  - role: ansible.timezone

  tasks:
    - name: Update and clean package cache
      apt:
        update_cache: true
        cache_valid_time: 3600
        autoclean: true

    - name: Ensure unattended-upgrades is installed and up to date
      apt:
        name: unattended-upgrades
        state: latest

    - name: Setup unattended-upgrades
      include_role:
        name: ansible-role-unattended-upgrades
      vars:
        unattended_origins_patterns:
          - 'origin=Debian,archive=buster-security'
          - 'o=Debian,a=buster-updates'
        unattended_package_blacklist: [cowsay]
        unattended_mail: 'root'

    - name: Setup users
      include_role:
        name: users

- name: Tau specific setup
  import_playbook: tau.yml