From 65d98ce50a62d4e1856e5f165e16e47ae3d392e9 Mon Sep 17 00:00:00 2001
From: cloudneutral <haitaopanhq@gmail.com>
Date: Sun, 14 Dec 2025 15:17:21 +0800
Subject: [PATCH] Add optional Debian package cleanup and refresh apt cache

---
 playbooks/roles/vhosts/common/defaults/main.yml  | 12 ++++++++++++
 .../roles/vhosts/common/tasks/common_debian.yml  |  6 ++++++
 playbooks/roles/vhosts/common/tasks/packages.yml |  9 +++++++++
 .../vhosts/common/tasks/packages_cleanup.yml     | 16 ++++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 playbooks/roles/vhosts/common/tasks/packages_cleanup.yml

diff --git a/playbooks/roles/vhosts/common/defaults/main.yml b/playbooks/roles/vhosts/common/defaults/main.yml
index 23006e7..f3130c1 100644
--- a/playbooks/roles/vhosts/common/defaults/main.yml
+++ b/playbooks/roles/vhosts/common/defaults/main.yml
@@ -51,3 +51,15 @@ packages:
       - audit
       - uidmap
       - fuse-overlayfs
+
+packages_cleanup:
+  enabled: false
+  ubuntu:
+    purge: true
+    list:
+      - snapd
+      - resolvconf
+      - popularity-contest
+      - apport
+      - whoopsie
+      - modemmanager
diff --git a/playbooks/roles/vhosts/common/tasks/common_debian.yml b/playbooks/roles/vhosts/common/tasks/common_debian.yml
index 8743f83..5d02cdc 100644
--- a/playbooks/roles/vhosts/common/tasks/common_debian.yml
+++ b/playbooks/roles/vhosts/common/tasks/common_debian.yml
@@ -13,3 +13,9 @@
     package_manager: apt
   when: (packages.apt.enabled | default(false)) | bool
   tags: [pkgs, baseline]
+
+- name: Common(Debian) | cleanup optional packages
+  ansible.builtin.include_tasks: packages_cleanup.yml
+  when:
+    - (packages_cleanup.enabled | default(false)) | bool
+  tags: [pkgs, baseline, cleanup]
diff --git a/playbooks/roles/vhosts/common/tasks/packages.yml b/playbooks/roles/vhosts/common/tasks/packages.yml
index 5d94edb..8963f31 100644
--- a/playbooks/roles/vhosts/common/tasks/packages.yml
+++ b/playbooks/roles/vhosts/common/tasks/packages.yml
@@ -15,6 +15,15 @@
     - normalized_base_dependencies | length > 0
   become: true
 
+# 确保仓库缓存更新后再安装主包
+- name: Refresh apt cache before package install
+  ansible.builtin.apt:
+    update_cache: true
+  when:
+    - package_manager == 'apt'
+    - normalized_package_list | length > 0
+  become: true
+
 # 实际安装
 - name: Install packages via apt
   ansible.builtin.apt:
diff --git a/playbooks/roles/vhosts/common/tasks/packages_cleanup.yml b/playbooks/roles/vhosts/common/tasks/packages_cleanup.yml
new file mode 100644
index 0000000..b2efac4
--- /dev/null
+++ b/playbooks/roles/vhosts/common/tasks/packages_cleanup.yml
@@ -0,0 +1,16 @@
+---
+- name: Cleanup | normalize config
+  ansible.builtin.set_fact:
+    cleanup_config: "{{ packages_cleanup[ansible_facts.distribution | lower] | default({}) }}"
+  tags: [pkgs, baseline, cleanup]
+
+- name: Cleanup | remove optional packages
+  ansible.builtin.apt:
+    name: "{{ cleanup_config.list | default([]) }}"
+    state: absent
+    purge: "{{ cleanup_config.purge | default(true) }}"
+  when:
+    - ansible_facts.distribution == "Ubuntu"
+    - (cleanup_config.list | default([])) | length > 0
+  tags: [pkgs, baseline, cleanup]
+  become: true