summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/common/templates/etc/apt/preferences.j224
-rw-r--r--roles/common/templates/etc/apt/sources.list.j210
2 files changed, 26 insertions, 8 deletions
diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2
index 6a715b5..448248a 100644
--- a/roles/common/templates/etc/apt/preferences.j2
+++ b/roles/common/templates/etc/apt/preferences.j2
@@ -7,8 +7,30 @@ Pin: release a={{ ansible_lsb.codename }}-updates
Pin-Priority: 990
{% if 'backports' in group_names -%}
-# Install automatically new versions from backports
+# Automatically install new versions from backports
Package: *
Pin: release a={{ ansible_lsb.codename }}-backports
Pin-Priority: 200
{% endif %}
+
+{% if 'non-free' in group_names -%}
+# Install automatically new firmwares from backports
+Package: firmware-linux-nonfree
+Pin-Priority: 200
+{% endif %}
+
+{% if ansible_processor[0] | search("^Intel.*") -%}
+# Automatically upgrade the microcode
+Package: intel-microcode iucode-tool
+Pin-Priority: 200
+{% endif %}
+
+# Never, ever install things from contrib or non-free unless they have been
+# whitelisted above
+Package: *
+Pin: release c=contrib
+Pin-Priority: -1
+
+Package: *
+Pin: release c=non-free
+Pin-Priority: -1
diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2
index b2c30d0..2a948d2 100644
--- a/roles/common/templates/etc/apt/sources.list.j2
+++ b/roles/common/templates/etc/apt/sources.list.j2
@@ -1,16 +1,12 @@
# {{ ansible_managed }}
# Do NOT edit this file directly!
-deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main
-deb-src http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main
+deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %}
-deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
-deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %}
deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main
-deb-src http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main
{% if 'backports' in group_names -%}
-deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
-deb-src http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
+deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
{% endif %}