---
# file: tasks/ubuntu_noble.yaml

- name: "Get Available Kernel Versions"
  ansible.builtin.command: "apt-cache showpkg linux-headers-*"
  changed_when: false
  register: apt_kernel_list
  tags:
    - kernel-inst

- name: "Get installed packages with APT"
  ansible.builtin.command: "dpkg -l"
  changed_when: false
  register: apt_packages_list
  tags:
    - kernel-inst

- name: "Set target APT kernel version"
  ansible.builtin.set_fact:
    _kernel: "{{ apt_kernel_list | deb_kernel(
                 kernel_version, ansible_kernel) }}"
  tags:
    - kernel-inst

- name: "Disable APT auto upgrade"
  ansible.builtin.lineinfile:
    path: "/etc/apt/apt.conf.d/20auto-upgrades"
    state: "present"
    regexp: "APT::Periodic::Unattended-Upgrade \"[0-9]\";"
    line: "APT::Periodic::Unattended-Upgrade \"0\";"
    create: true
    mode: 0644
  tags:
    - kernel-inst

- name: "Ensure Packages Versions"
  ansible.builtin.apt:
    name: "{{ apt_kernel_list | deb_kernel_pkg(
              kernel_version, ansible_kernel, ansible_distribution,
              ansible_architecture, item) }}"
  loop: "{{ kernel_packages }}"
  tags:
    - kernel-inst

- name: "Ensure Any Other Kernel Packages Are Removed"
  ansible.builtin.apt:
    name: "{{ apt_packages_list | deb_installed_kernel(
              apt_kernel_list, kernel_version, ansible_kernel) }}"
    state: "absent"
    purge: true
  notify:
    - "Reboot Server"
  tags:
    - kernel-inst

- name: "Ensure Any Microcode Is Absent"
  ansible.builtin.apt:
    name: "{{ absent_packages }}"
    state: "absent"
    purge: true
  tags:
    - kernel-inst