---
- name: Update system (APT + Flatpak)
  hosts: all
  become: yes
  gather_facts: yes
  serial: 5

  tasks:

    - name: Ensure SSH is reachable (skip host if not)
      delegate_to: localhost
      wait_for:
        host: "{{ inventory_hostname }}"
        port: 22
        timeout: 5
      register: ssh_check
      ignore_errors: yes

    - meta: end_host
      when: ssh_check is failed

    - name: Ping with retries (handle intermittent flaps)
      ping:
      register: ping_result
      retries: 5
      delay: 5
      until: ping_result is success

    - name: Wait for apt lock to be released
      shell: |
        while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
          echo "Waiting for apt lock..."
          sleep 5
        done
      changed_when: false

    - name: Update apt cache
      apt:
        update_cache: yes

    - name: Perform full upgrade
      apt:
        upgrade: full
        autoremove: yes
        autoclean: yes
      register: apt_upgrade
      retries: 3
      delay: 10
      until: apt_upgrade is succeeded

    - name: Fix broken packages
      command: apt-get -f install -y
      register: fix_result
      failed_when: false
      changed_when: "'Setting up' in fix_result.stdout"

    - name: Check if Flatpak is installed
      command: which flatpak
      register: flatpak_check
      failed_when: false
      changed_when: false

    - name: Update Flatpak packages
      command: flatpak update -y
      when: flatpak_check.rc == 0
      register: flatpak_update
      failed_when: false

    - name: Remove unused Flatpak packages
      command: flatpak uninstall --unused -y
      when: flatpak_check.rc == 0
      failed_when: false

    - name: Check if reboot is required
      stat:
        path: /var/run/reboot-required
      register: reboot_required

    - name: Notify if reboot required
      debug:
        msg: "Reboot required on {{ inventory_hostname }}"
      when: reboot_required.stat.exists