feat(update): add update task to common role

2025-08-25 17:12:47 +02:00 · 2025-08-25 17:12:47 +02:00 · de422a9f0a
commit de422a9f0a
parent 3c4e26e4a6
2 changed files with 68 additions and 0 deletions
--- a/tasks/apt/update.yaml
+++ b/tasks/apt/update.yaml
@ -0,0 +1,63 @@
+---
+
+# apt update
+- name: "apt update"
+  tags: "apt-update"
+  when: 'ansible_os_family == "Debian"'
+  block:
+
+    # run apt update
+    - name: "apt update"
+      ansible.builtin.apt:
+        upgrade: "yes"
+        cache_valid_time: 60
+      failed_when: false
+
+    # cleanup apt
+    - name: "apt cleanup"
+      ansible.builtin.apt:
+        autoclean: true
+        autoremove: true
+        clean: true
+      changed_when: false
+      failed_when: false
+
+    # cleanup journal
+    - name: "cleanup journal"
+      ansible.builtin.command:
+        cmd: "journalctl --flush --rotate --vacuum-time=1s"
+      changed_when: false
+      failed_when: false
+
+    # run fstrim on vms
+    - name: "run fstrim on vm"
+      ansible.builtin.command:
+        cmd: "fstrim /"
+      changed_when: false
+      failed_when: false
+      when: 'type == "vm"'
+
+    # check for reboots
+    - name: "check if reboot required"
+      ansible.builtin.stat:
+        path: "/var/run/reboot-required"
+      changed_when: false
+      failed_when: false
+      register: "reboot_required"
+
+    # execute reboot
+    - name: "execute reboot"
+      when: "reboot_required.stat.exists"
+      block:
+
+        # reboot
+        - name: "reboot now"
+          ansible.builtin.reboot:
+          when: 'inventory_hostname != "ansible.siempie.internal"'
+
+        # schedule reboot
+        - name: "schedule reboot"
+          ansible.builtin.command:
+            cmd: 'shutdown -r +1 "Ansible: Reboot after updates"'
+          changed_when: false
+          when: 'inventory_hostname == "ansible.siempie.internal"'
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -48,6 +48,11 @@
 - name: "flush handlers"
  ansible.builtin.meta: "flush_handlers"

+- name: "apt - update"
+  ansible.builtin.import_tasks: "apt/update.yaml"
+  when: "ansible_os_family == 'Debian'"
+  tags: "apt-update"
+
 - name: "apt - packages"
  ansible.builtin.import_tasks: "apt/packages.yaml"
  when: "ansible_os_family == 'Debian'"