---
# =============================================================================
# proxmox_upgrade_node — tasks
# Runs apt dist-upgrade on a single node, reboots if required,
# and waits for the node to rejoin the cluster.
#
# Required vars:
#   current_node — the node being upgraded (used for logging)
# =============================================================================

- name: "Upgrade | {{ current_node }} | apt-get update"
  ansible.builtin.apt:
    update_cache: "{{ upgrade_apt_update_cache }}"
    cache_valid_time: "{{ upgrade_apt_cache_valid_time }}"
  changed_when: false

- name: "Upgrade | {{ current_node }} | apt dist-upgrade"
  ansible.builtin.apt:
    upgrade: dist
    autoremove: "{{ upgrade_apt_autoremove }}"
    autoclean: true
  register: upgrade_apt_result

- name: "Upgrade | {{ current_node }} | Log upgraded packages"
  ansible.builtin.debug:
    msg: "{{ upgrade_apt_result.stdout_lines | last | default('No output') }}"

- name: "Upgrade | {{ current_node }} | Check if reboot required"
  ansible.builtin.stat:
    path: /var/run/reboot-required
  register: upgrade_reboot_required_file

- name: "Upgrade | {{ current_node }} | Set reboot needed fact"
  ansible.builtin.set_fact:
    upgrade_needs_reboot: >-
      {{ upgrade_reboot_required_file.stat.exists or upgrade_reboot_force }}

- name: "Upgrade | {{ current_node }} | Reboot node"
  ansible.builtin.reboot:
    reboot_timeout: "{{ upgrade_reboot_timeout }}"
    msg: "Ansible controlled reboot for Proxmox upgrade"
    pre_reboot_delay: 5
    post_reboot_delay: 15
  when:
    - upgrade_needs_reboot
    - upgrade_reboot_if_required

- name: "Upgrade | {{ current_node }} | Skip reboot (not required)"
  ansible.builtin.debug:
    msg: "No reboot required on {{ current_node }} — skipping."
  when: not upgrade_needs_reboot

# ── Wait for cluster rejoin ───────────────────────────────────────────────────
- name: "Upgrade | {{ current_node }} | Wait for node to rejoin cluster"
  community.proxmox.proxmox_node_info:
    api_host: "{{ api_host }}"
    api_user: "{{ api_user }}"
    api_token_id: "{{ api_token_id }}"
    api_token_secret: "{{ api_token_secret }}"
    api_port: "{{ api_port }}"
    validate_certs: "{{ validate_certs }}"
  register: upgrade_rejoin_check
  delegate_to: localhost
  until: >-
    upgrade_rejoin_check.proxmox_nodes
    | selectattr('node', 'equalto', current_node)
    | selectattr('status', 'equalto', 'online')
    | list
    | length > 0
  retries: "{{ upgrade_node_rejoin_retries }}"
  delay: "{{ upgrade_node_rejoin_delay }}"
  when: upgrade_needs_reboot

- name: "Upgrade | {{ current_node }} | Node back online"
  ansible.builtin.debug:
    msg: >-
      ✓ Node {{ current_node }} has rejoined the cluster
      {{ '(after reboot)' if upgrade_needs_reboot else '(no reboot needed)' }}.

- name: "Upgrade | {{ current_node }} | Complete"
  ansible.builtin.debug:
    msg: >-
      ━━━ Upgrade complete: {{ current_node }}
      {% if upgrade_apt_result.changed %}(packages updated){% else %}(already up to date){% endif %}
      {% if upgrade_needs_reboot %}(rebooted){% else %}(no reboot){% endif %} ━━━