---
- name: Ensure cron-apt is installed
  apt: 
    name: cron-apt 
    update_cache: yes
  notify:
    - Restart cron

- name: Deploy config file
  template:
    src: config.j2
    dest: /etc/cron-apt/config

- name: Apply security updates on download
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - src: action.5-secupdates.j2
      dest: /etc/cron-apt/action.d/5-security-updates
    - src: config.5-secupdates.j2
      dest: /etc/cron-apt/config.d/5-security-updates
  when: cron_apt_apply_security

- name: Create separate file for security updates
  shell: |
    cat /etc/apt/sources.list | grep security \
    | grep -v '#' \
    > /etc/apt/sources.list.d/security.list
  args:
    creates: /etc/apt/sources.list.d/security.list
  when: cron_apt_apply_security

- name: Comment out security lines in /etc/apt/sources.list
  lineinfile:
    dest: /etc/apt/sources.list
    regexp: '^(deb.*security.*?main.*)'
    line: '# \1'
    backrefs: yes
    state: present
  when: cron_apt_apply_security