---
- name: GNU/Linux Update Playbook
  hosts: debian
  gather_facts: false
  become: true

  tasks:
    - name: Update the Apt cache
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: 3600

    - name: Ensure needrestart is installed
      ansible.builtin.apt:
        name: needrestart
        state: present

    - name: Upgrade all packages to latest version
      ansible.builtin.apt:
        upgrade: full
        clean: yes
        autoremove: yes
        autoclean: yes
      environment:
        NEEDRESTART_MODE: automatically

    - name: Check if a reboot is required
      stat:
        path: /var/run/reboot-required
      register: reboot_required

    - name: Reboot the machine if required
      ansible.builtin.reboot:
        msg: "Rebooting after security updates"
        connect_timeout: 5
        reboot_timeout: 360
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime
      when: reboot_required.stat.exists