---
- name: Install unattended-upgrades
  apt:
    name: unattended-upgrades
    state: present


- name: Create custom APT automatic timer directory
  file:
    state: directory
    path: /etc/systemd/system/apt-daily-upgrade.timer.d
    owner: root
    group: root
    mode: '0755'


- name: Ensure APT auto installs updates at {{ apt_update_time }}
  template:
    src: time.conf.j2
    dest: /etc/systemd/system/apt-daily-upgrade.timer.d/time.conf
    owner: root
    group: root
    mode: '0644'
  notify: daemon reload


- name: Enable unattended upgrades in debconf
  debconf:
    name: 'unattended-upgrades'
    question: 'unattended-upgrades/enable_auto_updates'
    vtype: 'boolean'
    value: 'true'


- name: Copy default config for local changes
  copy:
    src: /etc/apt/apt.conf.d/50unattended-upgrades
    dest: /etc/apt/apt.conf.d/52unattended-upgrades-local
    owner: root
    group: root
    mode: '0644'
    remote_src: True


- name: Configure auto reboots for unattended upgrades
  ansible.builtin.lineinfile:
    path: /etc/apt/apt.conf.d/52unattended-upgrades-local
    regexp: 'Unattended-Upgrade::Automatic-Reboot'
    line: 'Unattended-Upgrade::Automatic-Reboot "true";'


- name: Enable regular updates for unattended upgrades
  ansible.builtin.lineinfile:
    path: /etc/apt/apt.conf.d/52unattended-upgrades-local
    regexp: 'origin=Debian,codename=\$\{distro_codename\}-updates'
    line: '        "origin=Debian,codename=${distro_codename}-updates";'