operating-automation/playbooks/os-update.yml

- hosts: all
  user: tincadmin
  become: true
  vars:
    os_also_update_mirror: false # Can either be true or false | To toggle if mirrors should be updated during major upgrade
    os_update_version_codename: "trixie" # Change to switch major release (e.g. bookworm or trixie) | Used for jinja2 Template fill in as it determines the current codename of system where ansible is run on
    do_snapshots: true # Can either be true or false | To toggle if snapshots should be created before os update
    snapshot_name: "AUTO_before_os_update_{{ ansible_date_time.date }}" # Name
  vars_files:
  # Load vault file for sensitive data like Proxmox API tokens
  - ../vault.yml
  tasks:
    - name: Verify if system is Debian
      debug:
        msg: "This playbook is running on a Debian system."
      when: ansible_os_family == "Debian"

    - name: Stop playbook if system is not Debian
      fail:
        msg: "This playbook only supports Debian."
      when: ansible_os_family != "Debian"

    - name: Check for available updates
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: 0
      register: apt_update
      when: ansible_os_family == "Debian"

    - name: Check if upgrades are available
      ansible.builtin.command: apt list --upgradable
      register: upgradable_packages
      changed_when: false
      when: ansible_os_family == "Debian"

    - name: Set fact if updates are needed
      set_fact:
        updates_needed: "{{ upgradable_packages.stdout_lines | length > 1 }}"
      when: ansible_os_family == "Debian"

    - name: Include Proxmox Info task
      ansible.builtin.include_role:
        name: proxmox-automation
        tasks_from: get-vmid
      when:
        - ansible_os_family == "Debian"
        - do_snapshots | default(false)
        - updates_needed | default(false)

    - name: Create Snapshot before Modifications
      ansible.builtin.include_role:
        name: proxmox-automation
        tasks_from: create-snapshots
      when:
        - ansible_os_family == "Debian"
        - do_snapshots | default(false)
        - updates_needed | default(false)

    - name: Include OS update role
      ansible.builtin.include_role:
        name: os-updates
      when:
        - ansible_os_family == "Debian"
        - updates_needed | default(false)