---
# file: roles/kernel/tasks/ubuntu_focal.yaml

- name: Get Available Kernel Versions
  command: "apt-cache showpkg linux-headers-*"
  changed_when: false
  register: apt_kernel_list
  tags:
    - kernel-inst

- name: Get installed packages with APT
  command: "dpkg -l"
  changed_when: false
  register: apt_packages_list
  tags:
    - kernel-inst

- name: Set target APT kernel version
  set_fact:
    _kernel: "{{ apt_kernel_list | deb_kernel(
                 kernel_version, ansible_kernel) }}"
  tags:
    - kernel-inst

- name: Disable APT auto upgrade
  lineinfile:
    path: "/etc/apt/apt.conf.d/20auto-upgrades"
    state: "present"
    regexp: "APT::Periodic::Unattended-Upgrade \"[0-9]\";"
    line: "APT::Periodic::Unattended-Upgrade \"0\";"
    create: true
    mode: 0644
  tags:
    - kernel-inst

- name: Ensure Packages Versions
  apt:
    name: "{{ apt_kernel_list | deb_kernel_pkg(
              kernel_version, ansible_kernel, ansible_distribution,
              ansible_architecture, item) }}"
  loop: "{{ kernel_packages }}"
  tags:
    - kernel-inst

- name: Ensure Any Other Kernel Packages Are Removed
  apt:
    name: "{{ apt_packages_list | deb_installed_kernel(
              apt_kernel_list, kernel_version, ansible_kernel) }}"
    state: absent
    purge: true
  notify:
    - "Reboot Server"
  tags:
    - kernel-inst

- name: Ensure Any Microcode Is Absent
  apt:
    name: "{{ absent_packages }}"
    state: absent
    purge: true
  tags:
    - kernel-inst