---
- name: Add LTTng-CI PPA
  # This provides gdb with no babeltrace; however, it's only made
  # available for certain releases
  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version in ['22']
  block:
    - name: LTTng-CI PPA | apt key
      ansible.builtin.copy:
        src: efficios_ubuntu_ci.gpg
        dest: /etc/apt/trusted.gpg.d/efficios_ubuntu_ci.gpg
        owner: root
        group: root
        mode: '0644'

    - name: LTTng-CI PPA | apt source
      ansible.builtin.apt_repository:
        repo: "deb [signed-by=/etc/apt/trusted.gpg.d/efficios_ubuntu_ci.gpg] http://ppa.launchpad.net/efficios/ci/ubuntu {{ ansible_distribution_release }} main"
        state: present
        filename: efficios-ubuntu-ci

- name: Update apt cache.
  apt: update_cache=yes cache_valid_time=86400

- name: Ensure common packages are installed.
  apt: "name={{ common_packages }} state=present"

- name: Install unattended upgrades
  apt:
    name: 'unattended-upgrades'
    state:  "{{(unattended_upgrades|bool)|ternary('present', 'absent')}}"

- name: Enable extra repos for unattended upgrades
  template:
    dest: /etc/apt/apt.conf.d/51unattended_upgrades_extra_repos.conf
    src: unattended_upgrades_extra_repos.conf.j2
  vars:
    repos_base:
      - "${distro_id}:${distro_codename}-updates"
      - "${distro_id}:${distro_codename}-backports"
    repos_Ubuntu:
      - "LP-PPA-efficios-ci:${distro_codename}"
    repose_Debian: []
    repos: "{{repos_base|union(lookup('vars', 'repos_' + ansible_distribution, default=[]))}}"

- name: Enable unattended upgrades
  block:
    - copy:
        dest: /etc/apt/apt.conf.d/20auto-upgrades
        content: "APT::Periodic::Update-Package-Lists \"1\";\nAPT::Periodic::Unattended-Upgrade \"1\";\n"
      when: unattended_upgrades | bool
    - file:
        path: /etc/apt/apt.conf.d/20auto-upgrades
        state: "{{(unattended_upgrades|bool)|ternary('file', 'absent')}}"
        owner: root
        group: root
        mode: '0644'
- name: Install microcode for physical hosts
  when: ansible_virtualization_role == 'host'
  block:
    - name: Install AMD microcode
      when: "'AuthenticAMD' in ansible_processor"
      ansible.builtin.apt:
        name: amd64-microcode
      register: amd64_microcode
    - name: Install Intel microcode
      when: "'GenuineIntel' in ansible_processor"
      ansible.builtin.apt:
        name: intel-microcode
      register: intel_microcode
    - name: Update initramfs
      when: amd64_microcode.changed or intel_microcode.changed
      ansible.builtin.command:
        argv: ['update-initramfs', '-u', '-k', 'all']
    - name: Set reboot required
      when: amd64_microcode.changed or intel_microcode.changed
      ansible.builtin.copy:
        dest: /var/run/reboot-required
        content: '*** System restart required ***'
        owner: root
        group: root
        mode: '0644'
- name: Install prometheus node exporter for physical hosts
  when: "'hosts' in group_names"
  ansible.builtin.apt:
    name:
      - prometheus-node-exporter
      - prometheus-node-exporter-collectors

- name: Work-around for git hanging during checkouts
  # @see https://support.efficios.com/issues/1532
  when: ansible_distribution_release == 'bookworm'
  block:
    - name: Use HTTP/1.1 with git HTTP operations
      community.general.git_config:
        file: '/etc/gitconfig'
        name: 'http.version'
        value: 'HTTP/1.1'