--- - name: Check for system updates (Debian/Ubuntu) apt: update_cache: yes cache_valid_time: 3600 register: apt_cache_update when: ansible_os_family == "Debian" - name: Check available upgrades shell: apt list --upgradable 2>/dev/null | grep -v WARNING | wc -l register: available_upgrades changed_when: false when: ansible_os_family == "Debian" - name: Apply system updates if available apt: upgrade: yes autoremove: yes autoclean: yes when: - ansible_os_family == "Debian" - available_upgrades.stdout | int > 1 notify: reboot if needed