# vim:ts=2:sw=2:et:filetype=ansible
---

- name: FreeBSD patches
  hosts: all
  become: true
  serial: 4
  order: shuffle
  vars_files:
    - ~/.ansible/my_vault.yml

  vars:
    restart_files: []
    restart_files_packages: []
    restart_services: []

  tasks:
    - block:
        - name: Send alert to operators that patching caused alarms
          fail:
            msg: 'Not patching EOL system {{ inventory_hostname }}/{{ ansible_hostname }} ({{ansible_distribution_release}}/{{ ansible_distribution_version }}), aborting. Please upgrade to supported version'
          when: "ansible_distribution == 'Debian' and ansible_distribution_release not in ['bullseye','buster','stretch']"

        - name: Use update task for debian
          import_tasks: tasks/update_all_debian.yml
      when: "ansible_facts['os_family']|lower == 'debian'"

    - block:
        - name: Send alert to operators that patching caused alarms
          fail:
            msg: 'Not patching EOL system {{ inventory_hostname }}/{{ ansible_hostname }} ({{ansible_distribution_major_version}}/{{ ansible_distribution_version }}), aborting. Please upgrade to supported version'
          when: "ansible_distribution == 'FreeBSD' and ansible_distribution_major_version not in ['13','14']"

        - name: Use update task for debian
          import_tasks: tasks/update_all_freebsd.yml
      when: "ansible_facts['os_family']|lower == 'freebsd'"

    - name: Flush handlers
      meta: flush_handlers

    - name: Check whether the remote node is still reachable
      ansible.builtin.wait_for_connection: