From ad318c50fd365d983051e6760c2c059c11bdc2f2 Mon Sep 17 00:00:00 2001
From: jakub <jakub@zacekj.cz>
Date: Wed, 11 Mar 2026 16:02:07 +0000
Subject: [PATCH] Update update.yml

---
 update.yml | 201 ++++++++++++++++-------------------------------------
 1 file changed, 59 insertions(+), 142 deletions(-)

diff --git a/update.yml b/update.yml
index 848d69b..de81095 100644
--- a/update.yml
+++ b/update.yml
@@ -1,165 +1,82 @@
+---
 - name: Update system (APT + Flatpak)
   hosts: all
-  gather_facts: false
-  strategy: free
-  serial: 2
+  become: yes
+  gather_facts: yes
+  serial: 5
 
-  become: true
-  become_user: root
-  become_method: sudo
+  tasks:
 
-  vars:
-    ssh_precheck_timeout: 8
-    apt_async: 1800
-    apt_poll: 10
-    apt_retries: 3
-    apt_retry_delay: 5
-    flatpak_timeout: 300
-    flatpak_async: 600
-    flatpak_poll: 5
-
-  pre_tasks:
     - name: Ensure SSH is reachable (skip host if not)
-      wait_for:
-        host: "{{ ansible_host | default(inventory_hostname) }}"
-        port: "{{ ansible_port | default(22) }}"
-        timeout: "{{ ssh_precheck_timeout }}"
       delegate_to: localhost
-      register: ssh_ok
-      ignore_errors: true
+      wait_for:
+        host: "{{ inventory_hostname }}"
+        port: 22
+        timeout: 5
+      register: ssh_check
+      ignore_errors: yes
 
     - meta: end_host
-      when: ssh_ok is failed
+      when: ssh_check is failed
 
     - name: Ping with retries (handle intermittent flaps)
       ping:
-      register: ping_r
-      retries: 3
-      delay: 3
-      until: ping_r is succeeded
-      ignore_errors: true
+      register: ping_result
+      retries: 5
+      delay: 5
+      until: ping_result is success
 
-    - meta: end_host
-      when: ping_r is failed
+    - name: Wait for apt lock to be released
+      shell: |
+        while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
+          echo "Waiting for apt lock..."
+          sleep 5
+        done
+      changed_when: false
 
-  tasks:
-    - name: Update APT cache (bounded + retried)
-      environment: { DEBIAN_FRONTEND: noninteractive }
+    - name: Update apt cache
       apt:
         update_cache: yes
-        cache_valid_time: 3600
-      async: "{{ apt_async }}"
-      poll: "{{ apt_poll }}"
-      register: apt_update
-      retries: "{{ apt_retries }}"
-      delay: "{{ apt_retry_delay }}"
-      until: apt_update is succeeded
 
-    - name: If APT cache update failed, try to fix dpkg and retry once
-      block:
-        - name: Fix partially configured packages
-          command: dpkg --configure -a
-          changed_when: false
-        - name: Retry APT cache update after dpkg fix
-          environment: { DEBIAN_FRONTEND: noninteractive }
-          apt:
-            update_cache: yes
-          async: 600
-          poll: 5
-      when: apt_update is failed
-
-    - name: Upgrade all APT packages (bounded + retried)
-      environment: { DEBIAN_FRONTEND: noninteractive }
+    - name: Perform full upgrade
       apt:
-        upgrade: dist
-      async: "{{ apt_async }}"
-      poll: "{{ apt_poll }}"
+        upgrade: full
+        autoremove: yes
+        autoclean: yes
       register: apt_upgrade
-      retries: "{{ apt_retries }}"
-      delay: "{{ apt_retry_delay }}"
+      retries: 3
+      delay: 10
       until: apt_upgrade is succeeded
 
-    - name: If APT upgrade failed, try to fix dpkg and retry once
-      block:
-        - name: Fix partially configured packages
-          command: dpkg --configure -a
-          changed_when: false
-        - name: Retry APT upgrade after dpkg fix
-          environment: { DEBIAN_FRONTEND: noninteractive }
-          apt:
-            upgrade: dist
-          async: 1200
-          poll: 5
-      when: apt_upgrade is failed
+    - name: Fix broken packages
+      command: apt-get -f install -y
+      register: fix_result
+      failed_when: false
+      changed_when: "'Setting up' in fix_result.stdout"
 
-    - name: Check if flatpak binary exists
-      become: false
+    - name: Check if Flatpak is installed
+      command: which flatpak
+      register: flatpak_check
+      failed_when: false
+      changed_when: false
+
+    - name: Update Flatpak packages
+      command: flatpak update -y
+      when: flatpak_check.rc == 0
+      register: flatpak_update
+      failed_when: false
+
+    - name: Remove unused Flatpak packages
+      command: flatpak uninstall --unused -y
+      when: flatpak_check.rc == 0
+      failed_when: false
+
+    - name: Check if reboot is required
       stat:
-        path: /usr/bin/flatpak
-      register: flatpak_bin
+        path: /var/run/reboot-required
+      register: reboot_required
 
-    - name: Update system Flatpaks (bounded; treat timeout as non-fatal)
-      command: bash -lc "timeout {{ flatpak_timeout }} flatpak update -y --noninteractive"
-      register: flatpak_sys
-      async: "{{ flatpak_async }}"
-      poll: "{{ flatpak_poll }}"
-      failed_when: flatpak_sys.rc is defined and flatpak_sys.rc not in [0, 124]
-      when: flatpak_bin.stat.exists
-
-    # ---- User-agnostic Flatpak updates (all non-system users) ----
-
-    - name: Get passwd database
-      getent:
-        database: passwd
-      register: ge
-
-    - name: Build list of regular users (uid >= 1000, real shells)
-      set_fact:
-        regular_users: >-
-          {{
-            ge.ansible_facts.getent_passwd
-            | dict2items
-            | map(attribute='value')
-            | selectattr('uid', 'defined')
-            | selectattr('uid', '>=', 1000)
-            | rejectattr('shell', 'in', ['/usr/sbin/nologin','/sbin/nologin','/bin/false'])
-            | list
-          }}
-      when: ge is succeeded
-
-    - name: Stat per-user runtime dir if flatpak is present
-      stat:
-        path: "/run/user/{{ item.uid }}"
-      loop: "{{ regular_users | default([]) }}"
-      loop_control:
-        label: "{{ item.name }}"
-      register: user_runtime_stats
-      when: flatpak_bin.stat.exists
-
-    - name: Merge runtime stats keyed by username
-      set_fact:
-        user_runtime_map: >-
-          {{
-            user_runtime_stats.results
-            | items2dict(key_name='item.name', value_name='stat')
-          }}
-      when: flatpak_bin.stat.exists
-
-    - name: Update user Flatpaks (use XDG_RUNTIME_DIR when available)
-      become_user: "{{ item.name }}"
-      environment: >-
-        {{
-          user_runtime_map[item.name].exists
-          | default(false)
-          | ternary({'XDG_RUNTIME_DIR': '/run/user/' ~ item.uid|string}, {})
-        }}
-      command: bash -lc "timeout {{ flatpak_timeout }} flatpak --user update -y --noninteractive"
-      register: flatpak_user_res
-      async: "{{ flatpak_async }}"
-      poll: "{{ flatpak_poll }}"
-      failed_when: flatpak_user_res.rc is defined and flatpak_user_res.rc not in [0, 124]
-      changed_when: "'Installing' in (flatpak_user_res.stdout | default('')) or 'Installing' in (flatpak_user_res.stderr | default('')) or 'Updating' in (flatpak_user_res.stdout | default('')) or 'Updating' in (flatpak_user_res.stderr | default(''))"
-      loop: "{{ regular_users | default([]) }}"
-      loop_control:
-        label: "{{ item.name }}"
-      when: flatpak_bin.stat.exists
+    - name: Notify if reboot required
+      debug:
+        msg: "Reboot required on {{ inventory_hostname }}"
+      when: reboot_required.stat.exists
\ No newline at end of file