roles/common/tasks/apt.yml

- name: install packages for HTTPS APT sources support
  apt:
    state: present
    package:
      - apt-transport-https
      - ca-certificates

- name: copy apt sources lists (debian + security + backports)
  template:
    src: "etc_apt_sources.list.j2"
    dest: "/etc/apt/sources.list"
    mode: "0644"
  when: ansible_facts.distribution == 'Debian'
  notify: update apt cache

- name: copy apt configuration
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "0644"
  with_items:
    - { src: 'etc_apt_apt.conf.d_99no-overwrite-conffiles.j2', dest: '/etc/apt/apt.conf.d/99no-overwrite-conffiles' }
    - { src: 'etc_apt_apt.conf.d_99norecommends.j2', dest: '/etc/apt/apt.conf.d/99norecommends' }
    - { src: 'etc_apt_apt.conf.d_50unattended-upgrades.j2', dest: '/etc/apt/apt.conf.d/50unattended-upgrades' }
    - { src: 'etc_apt_apt.conf.d_99-autoremove.j2', dest: '/etc/apt/apt.conf.d/99-autoremove' }

- name: enable/disable nightly purge of removed packages configuration files
  cron:
    user: root
    cron_file: apt-purge
    name: "purge configuration files of removed packages"
    minute: "00"
    hour: "23"
    day: "*"
    job: aptitude -q -y purge ~c 2>&1 | logger -t apt-purge
    disabled: "{{ False if apt_purge_nightly else True }}"

# update apt cache
- name: apply configuration (flush handlers)
  meta: flush_handlers

- name: install aptitude and unattended-upgrades
  apt:
    state: present
    package:
      - aptitude
      - unattended-upgrades
      - apt-listchanges

##### APT-LISTBUGS #####

- name: install apt-listbugs
  apt:
    state: present
    package: apt-listbugs
  when: apt_listbugs | bool
  tags: apt-listbugs

- name: configure apt-listbugs
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "0644"
  with_items:
    - src: etc_apt_listbugs_ignore_bugs.j2
      dest: /etc/apt/listbugs/ignore_bugs
    - src: etc_apt_apt.conf.d_10apt-listbugs.j2
      dest: /etc/apt/apt.conf.d/10apt-listbugs
  when: apt_listbugs | bool
  tags: apt-listbugs

- name: remove automatic APT pinnings added by apt-listbugs
  file:
    path: /etc/apt/preferences.d/apt-listbugs
    state: absent
  when: apt_listbugs | bool
  tags: apt-listbugs