From 1fbeaed4574024f176acb6e8a311e6836fde6e0e Mon Sep 17 00:00:00 2001
From: Kevin Midboe <kevin.midboe@gmail.com>
Date: Fri, 7 Nov 2025 20:59:00 +0100
Subject: [PATCH] update system role

---
 plays/upgrade.yml                     | 21 ++-------------------
 roles/update_system/defaults/main.yml |  7 +++++++
 roles/update_system/tasks/main.yml    | 23 +++++++++++++++++++++++
 3 files changed, 32 insertions(+), 19 deletions(-)
 create mode 100644 roles/update_system/defaults/main.yml
 create mode 100644 roles/update_system/tasks/main.yml

diff --git a/plays/upgrade.yml b/plays/upgrade.yml
index 5925597..cbcf64d 100644
--- a/plays/upgrade.yml
+++ b/plays/upgrade.yml
@@ -2,22 +2,5 @@
 - hosts: all
   gather_facts: yes
 
-  tasks:
-    - name: Perform a dist-upgrade.
-      ansible.builtin.apt:
-        upgrade: dist
-        update_cache: yes
-
-    - name: Check if a reboot is required.
-      ansible.builtin.stat:
-        path: /var/run/reboot-required
-        get_checksum: no
-      register: reboot_required_file
-
-    - name: Reboot the server (if required).
-      ansible.builtin.reboot:
-      when: reboot_required_file.stat.exists == true
-
-    - name: Remove dependencies that are no longer required.
-      ansible.builtin.apt:
-        autoremove: yes
+  roles:
+    - role: roles/update_system
diff --git a/roles/update_system/defaults/main.yml b/roles/update_system/defaults/main.yml
new file mode 100644
index 0000000..bb0dc6f
--- /dev/null
+++ b/roles/update_system/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# Default upgrade type
+# Options:
+#   safe  → only upgrade already installed packages
+#   dist  → perform a full distribution upgrade
+
+update_system_upgrade_type: safe
diff --git a/roles/update_system/tasks/main.yml b/roles/update_system/tasks/main.yml
new file mode 100644
index 0000000..59e3817
--- /dev/null
+++ b/roles/update_system/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+# Ensures a Debian/Ubuntu system is up to date
+# Upgrade type is controlled by 'update_system_upgrade_type' (default: 'safe')
+
+- name: Ensure apt cache is up to date
+  apt:
+    update_cache: yes
+  become: yes
+
+- name: Upgrade installed packages
+  apt:
+    upgrade: "{{ update_system_upgrade_type }}"
+  become: yes
+
+- name: Autoremove unnecessary packages
+  apt:
+    autoremove: yes
+  become: yes
+
+- name: Clean up retrieved package files
+  apt:
+    autoclean: yes
+  become: yes