summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--group_vars/all.yml6
-rw-r--r--production2
-rw-r--r--roles/common/templates/etc/apt/preferences.j25
-rw-r--r--roles/common/templates/etc/apt/sources.list.j24
4 files changed, 11 insertions, 6 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 089c75f..97e2024 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,4 +1,10 @@
---
+non_free_packages:
+ civett:
+ - firmware-linux-nonfree
+ elefant:
+ - firmware-linux-nonfree
+
# Virtual (non-routable) IPv4 subnet for IPsec. It is always nullrouted
# in the absence of xfrm lookup (i.e., when there is no matching IPsec
# Security Association) to avoid data leaks.
diff --git a/production b/production
index 2b78b20..70cc332 100644
--- a/production
+++ b/production
@@ -68,8 +68,6 @@ wiki
[munin-master:children]
benjamin
-[non-free:children]
-elefant
[backports:children]
webmail
diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2
index ba10834..5d4b415 100644
--- a/roles/common/templates/etc/apt/preferences.j2
+++ b/roles/common/templates/etc/apt/preferences.j2
@@ -13,9 +13,10 @@ Pin: release a={{ ansible_lsb.codename }}-backports
Pin-Priority: 200
{% endif %}
-{% if 'non-free' in group_names -%}
+{% if inventory_hostname_short in non_free_packages.keys() -%}
# Automatically upgrade non-free firmwares (when manually installed)
-Package: firmware-linux-nonfree
+Package: {{ non_free_packages[inventory_hostname_short] | join (' ') }}
+Pin: version *
Pin-Priority: 200
{% endif %}
diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2
index 565c2c2..2dbaee4 100644
--- a/roles/common/templates/etc/apt/sources.list.j2
+++ b/roles/common/templates/etc/apt/sources.list.j2
@@ -2,9 +2,9 @@
# Do NOT edit this file directly!
# vim: set filetype=debsources :
-deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
+deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }} main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
-deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }}-updates main