---

- ansible.builtin.include_role:
    name: evolix/remount-usr

- name: "hold packages (apt)"
  ansible.builtin.shell:
    cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
    executable: /bin/bash
  check_mode: no
  register: apt_mark
  changed_when: "item + ' set on hold.' in apt_mark.stdout"
  failed_when:
    - apt_mark.rc != 0
    - apt_mark.stdout | length > 0
  loop: "{{ apt_hold_packages }}"
  tags:
    - apt

- name: "/etc/evolinux is present"
  ansible.builtin.file:
    dest: /etc/evolinux
    mode: "0700"
    state: directory
  tags:
    - apt

- name: "hold packages (config)"
  ansible.builtin.lineinfile:
    dest: /etc/evolinux/apt_hold_packages.cf
    line: "{{ item }}"
    create: True
    state: present
  loop: "{{ apt_hold_packages }}"
  tags:
    - apt

- name: "unhold packages (apt)"
  ansible.builtin.shell:
    cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
    executable: /bin/bash
  check_mode: no
  register: apt_mark
  changed_when: "'Canceled hold on' + item in apt_mark.stdout"
  failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
  loop: "{{ apt_unhold_packages }}"
  tags:
    - apt

- name: "unhold packages (config)"
  ansible.builtin.lineinfile:
    dest: /etc/evolinux/apt_hold_packages.cf
    line: "{{ item }}"
    create: True
    state: absent
  loop: "{{ apt_unhold_packages }}"
  tags:
    - apt

- name: /usr/share/scripts exists
  ansible.builtin.file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
    group: root
    state: directory
  tags:
    - apt

- name: Check scripts is installed
  ansible.builtin.copy:
    src: check_held_packages.sh
    dest: /usr/share/scripts/check_held_packages.sh
    force: yes
    mode: "0755"
  tags:
    - apt

- name: Check if Cron is installed
  ansible.builtin.shell:
    cmd: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
  register: is_cron
  changed_when: False
  failed_when: False
  check_mode: no
  tags:
    - apt

- name: Check for held packages (script)
  ansible.builtin.cron:
    cron_file: apt-hold-packages
    name: check_held_packages
    job: "/usr/share/scripts/check_held_packages.sh"
    user: root
    minute: "{{ apt_check_hold_cron_minute }}"
    hour: "{{ apt_check_hold_cron_hour }}"
    weekday: "{{ apt_check_hold_cron_weekday }}"
    day: "{{ apt_check_hold_cron_day }}"
    month: "{{ apt_check_hold_cron_month }}"
    state: "present"
  tags:
    - apt
  when: is_cron.rc == 0