- name: Upgrade all installed packages
  apt:
    upgrade: full
    update_cache: yes
  notify: 
    - apt cleanup

- name: Check if a kernel update is available
  shell: |
    dpkg -l | grep -E '^ii' | grep 'linux-image-[0-9]' | awk '{print $2}' | sort | tail -n 1
  register: latest_kernel

- name: Check if running kernel matches the latest installed kernel
  shell: |
    echo "{{ latest_kernel.stdout }}" | grep -c $(uname -r)
  register: kernel_match
  changed_when: false
  ignore_errors: true

- name: Mark reboot required if a new kernel is installed
  set_fact:
    reboot_required: "yes"
  when: kernel_match.stdout == "0"