summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-06-25 02:47:54 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:49 +0200
commitaa909a31051a661ed301f14060e660417dde4d46 (patch)
tree65f9cfd42c80c3072b45a2fa25ef14aac3f6e199 /roles
parentd6b03b72e8081c983822502e436ec548aa36901e (diff)
Support non-free firmwares. (Can be required :-()
Also, always install contrib's intel-microcode on Intel CPUs.
Diffstat (limited to 'roles')
-rw-r--r--roles/common/templates/etc/apt/preferences.j224
-rw-r--r--roles/common/templates/etc/apt/sources.list.j210
2 files changed, 26 insertions, 8 deletions
diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2
index 6a715b5..448248a 100644
--- a/roles/common/templates/etc/apt/preferences.j2
+++ b/roles/common/templates/etc/apt/preferences.j2
@@ -7,8 +7,30 @@ Pin: release a={{ ansible_lsb.codename }}-updates
Pin-Priority: 990
{% if 'backports' in group_names -%}
-# Install automatically new versions from backports
+# Automatically install new versions from backports
Package: *
Pin: release a={{ ansible_lsb.codename }}-backports
Pin-Priority: 200
{% endif %}
+
+{% if 'non-free' in group_names -%}
+# Install automatically new firmwares from backports
+Package: firmware-linux-nonfree
+Pin-Priority: 200
+{% endif %}
+
+{% if ansible_processor[0] | search("^Intel.*") -%}
+# Automatically upgrade the microcode
+Package: intel-microcode iucode-tool
+Pin-Priority: 200
+{% endif %}
+
+# Never, ever install things from contrib or non-free unless they have been
+# whitelisted above
+Package: *
+Pin: release c=contrib
+Pin-Priority: -1
+
+Package: *
+Pin: release c=non-free
+Pin-Priority: -1
diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2
index b2c30d0..2a948d2 100644
--- a/roles/common/templates/etc/apt/sources.list.j2
+++ b/roles/common/templates/etc/apt/sources.list.j2
@@ -1,16 +1,12 @@
# {{ ansible_managed }}
# Do NOT edit this file directly!
-deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main
-deb-src http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main
+deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %}
-deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
-deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %}
deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main
-deb-src http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main
{% if 'backports' in group_names -%}
-deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
-deb-src http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
+deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
{% endif %}