summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/tasks/main.yml2
-rw-r--r--roles/common/templates/etc/apt/preferences.j22
-rw-r--r--roles/common/templates/etc/apt/sources.list.j24
3 files changed, 4 insertions, 4 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index df609d3..470a6b2 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,27 +1,27 @@
---
- include: sysctl.yml tags=sysctl
- include: hosts.yml
- include: apt.yml tags=apt
- name: Install intel-microcode
apt: pkg=intel-microcode
- when: "ansible_processor[0] | search('^Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
+ when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
tags: intel
- include: firewall.yml tags=firewall,iptables
- include: samhain.yml tags=samhain
- include: auditd.yml tags=auditd
- include: rkhunter.yml tags=rkhunter
- include: clamav.yml tags=clamav
- include: fail2ban.yml tags=fail2ban
- include: smart.yml tags=smartmontools,smart
when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
- include: haveged.yml tags=haveged,entropy
- name: Copy genkeypair.sh and gendhparam.sh
copy: src=usr/local/bin/{{ item }}
dest=/usr/local/bin/{{ item }}
owner=root group=root
mode=0755
tags: genkey
with_items:
- genkeypair.sh
- gendhparam.sh
- name: Generate DH parameters
diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2
index 7774cba..ba10834 100644
--- a/roles/common/templates/etc/apt/preferences.j2
+++ b/roles/common/templates/etc/apt/preferences.j2
@@ -2,37 +2,37 @@
# Do NOT edit this file directly!
# Install updates as soon as they're available
Package: *
Pin: release a={{ ansible_lsb.codename }}-updates
Pin-Priority: 990
{% if 'backports' in group_names -%}
# Automatically packages from backports (those manually installed)
Package: *
Pin: release a={{ ansible_lsb.codename }}-backports
Pin-Priority: 200
{% endif %}
{% if 'non-free' in group_names -%}
# Automatically upgrade non-free firmwares (when manually installed)
Package: firmware-linux-nonfree
Pin-Priority: 200
{% endif %}
-{% if ansible_processor[0] | search('^Intel.*') and
+{% if ansible_processor[0] | search('^(Genuine)?Intel.*') and
not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') -%}
# Automatically upgrade the microcode (when manually installed)
Package: intel-microcode iucode-tool
Pin: version *
Pin-Priority: 200
{% endif %}
# Never, ever install things from contrib or non-free unless they have been
# whitelisted above
Package: *
Pin: release c=contrib
Pin-Priority: -1
Package: *
Pin: release c=non-free
Pin-Priority: -1
diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2
index ee4f20d..5788ade 100644
--- a/roles/common/templates/etc/apt/sources.list.j2
+++ b/roles/common/templates/etc/apt/sources.list.j2
@@ -1,13 +1,13 @@
# {{ ansible_managed }}
# Do NOT edit this file directly!
# vim: set filetype=debsources :
-deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or (ansible_processor[0] | search("^Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
+deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
-deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or (ansible_processor[0] | search("^Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %}
deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main
{% if 'backports' in group_names -%}
deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main
{% endif %}