---
- name: Update and reboot all hosts
  hosts: all, !stephanie
  gather_facts: true
  become: true

  tasks:
    - name: Perform a dist-upgrade.
      ansible.builtin.apt:
        upgrade: dist
        update_cache: true
      when: ansible_distribution in debian_derivatives
    # This is equivalent to: apk update && apk upgrade
    - name: Update cache and upgrade packages
      community.general.apk:
        upgrade: true
        update_cache: true
      when: ansible_distribution == "Alpine"

    - name: Check if a reboot is required.
      ansible.builtin.stat:
        path: /var/run/reboot-required
        get_checksum: true
      register: reboot_required_file
    # Set a variable for the currently *installed* linux-lts package version.
    # Importantly, the shell command reformats the package version string using
    # awk and sed into a string that we can match against what will be reported
    # by `uname -r`.
    #
    # I am no awk or sed expert and perhaps my abomination is overly verbose, but
    # it works and I can understand it. Longer awk/sed programs tend to confuse me.
    - name: Register installed linux-lts kernel version
      register: installed_kernel_version
      ansible.builtin.shell: |
        set -o pipefail
        apk list linux-lts --installed | awk '{ print $1 }' | sed 's/linux-lts-//' | sed 's/-r/\n/g' | awk '{printf("%s-",$0)}' | awk '{printf("%slts", $0)}'
      changed_when: installed_kernel_version != ""
      when: ansible_distribution == "Alpine"
    # Set a variable for the currently *running* linux-lts kernel version. We use
    # sed to strip off the arch.
    - name: Register running linux-lts kernel version
      register: running_kernel_version
      ansible.builtin.shell: |
        set -o pipefail
        uname -r | sed 's/-ARCH//'
      changed_when: running_kernel_version != ""
      when: ansible_distribution == "Alpine"
    # This is debugging output to tell us when the installed kernel version doesn't
    # match the running kernel version. The real magic happens in the following task.
    - name: Check installed_kernel_version != running_kernel_version = ???
      ansible.builtin.debug:
        msg: "{{ installed_kernel_version.stdout }} !=
          {{ running_kernel_version.stdout }} =
          {{ installed_kernel_version.stdout != running_kernel_version.stdout }}"
      when: ansible_distribution == "Alpine"
    # Now compare installed_kernel_version with running_kernel_version. When they
    # don't match, this means that we need to reboot. This is not a very sophisticated
    # heuristic, but it works.
    - name: Reboot if the running kernel version is not the installed kernel version
      ansible.builtin.reboot:
        reboot_timeout: 30 # These are very simple Alpine servers. They should boot extremely fast.
      when: (ansible_distribution == "Alpine") and (installed_kernel_version.stdout != running_kernel_version.stdout)


    - name: Reboot the server (if required).
      ansible.builtin.reboot:
      when: reboot_required_file.stat.exists

    - name: Remove dependencies that are no longer required.
      ansible.builtin.apt:
        autoremove: true
      when: ansible_distribution in debian_derivatives