---
# Ansible playbook to apply system updates to various Windows systems
# This playbook uses the win_updates module to install specified categories of updates
# and handles reboots if necessary.
#
# Requirements:
# - Ansible with ansible.windows collection installed
# - WinRM configured on target Windows hosts with admin credentials
# - Inventory group 'windows' with target hosts

- name: Apply system updates to Windows systems
  hosts: windows
  vars:
    update_categories:
      - SecurityUpdates
      - CriticalUpdates
      - UpdateRollups
  tasks:
    - name: Install Windows updates
      ansible.windows.win_updates:
        category_names: "{{ update_categories }}"
        state: installed
        reboot: true
      # Runs with elevated privileges via WinRM connection