diff options
| -rw-r--r-- | group_vars/all.yml | 6 | ||||
| -rw-r--r-- | production | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/apt/preferences.j2 | 5 | ||||
| -rw-r--r-- | roles/common/templates/etc/apt/sources.list.j2 | 4 |
4 files changed, 11 insertions, 6 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index 089c75f..97e2024 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,4 +1,10 @@ --- +non_free_packages: + civett: + - firmware-linux-nonfree + elefant: + - firmware-linux-nonfree + # Virtual (non-routable) IPv4 subnet for IPsec. It is always nullrouted # in the absence of xfrm lookup (i.e., when there is no matching IPsec # Security Association) to avoid data leaks. @@ -68,8 +68,6 @@ wiki [munin-master:children] benjamin -[non-free:children] -elefant [backports:children] webmail diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2 index ba10834..5d4b415 100644 --- a/roles/common/templates/etc/apt/preferences.j2 +++ b/roles/common/templates/etc/apt/preferences.j2 @@ -13,9 +13,10 @@ Pin: release a={{ ansible_lsb.codename }}-backports Pin-Priority: 200 {% endif %} -{% if 'non-free' in group_names -%} +{% if inventory_hostname_short in non_free_packages.keys() -%} # Automatically upgrade non-free firmwares (when manually installed) -Package: firmware-linux-nonfree +Package: {{ non_free_packages[inventory_hostname_short] | join (' ') }} +Pin: version * Pin-Priority: 200 {% endif %} diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2 index 565c2c2..2dbaee4 100644 --- a/roles/common/templates/etc/apt/sources.list.j2 +++ b/roles/common/templates/etc/apt/sources.list.j2 @@ -2,9 +2,9 @@ # Do NOT edit this file directly! # vim: set filetype=debsources : -deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %} +deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }} main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %} -deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %} +deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %} deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }}-updates main |