- name: Upgrade packages
  become: true
  ansible.builtin.apt:
    update_cache: true
    upgrade: dist
    install_recommends: false
  notify: apt_reboot

- name: Reboot if necessary
  ansible.builtin.meta: flush_handlers

- name: Clean up dependencies
  become: true
  ansible.builtin.apt:
    autoremove: true
    purge: true
  notify: apt_reboot

- name: Install packages
  become: true
  ansible.builtin.apt:
    name: '{{ apt_packages }}'
    state: present
    install_recommends: false

- name: Configure unattended-upgrades
  ansible.builtin.include_tasks: unattended_upgrades.yml
  when: apt_unattended