diff options
Diffstat (limited to 'roles/common')
-rw-r--r-- | roles/common/templates/etc/apt/preferences.j2 | 24 | ||||
-rw-r--r-- | roles/common/templates/etc/apt/sources.list.j2 | 10 |
2 files changed, 26 insertions, 8 deletions
diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2 index 6a715b5..448248a 100644 --- a/roles/common/templates/etc/apt/preferences.j2 +++ b/roles/common/templates/etc/apt/preferences.j2 @@ -7,8 +7,30 @@ Pin: release a={{ ansible_lsb.codename }}-updates Pin-Priority: 990 {% if 'backports' in group_names -%} -# Install automatically new versions from backports +# Automatically install new versions from backports Package: * Pin: release a={{ ansible_lsb.codename }}-backports Pin-Priority: 200 {% endif %} + +{% if 'non-free' in group_names -%} +# Install automatically new firmwares from backports +Package: firmware-linux-nonfree +Pin-Priority: 200 +{% endif %} + +{% if ansible_processor[0] | search("^Intel.*") -%} +# Automatically upgrade the microcode +Package: intel-microcode iucode-tool +Pin-Priority: 200 +{% endif %} + +# Never, ever install things from contrib or non-free unless they have been +# whitelisted above +Package: * +Pin: release c=contrib +Pin-Priority: -1 + +Package: * +Pin: release c=non-free +Pin-Priority: -1 diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2 index b2c30d0..2a948d2 100644 --- a/roles/common/templates/etc/apt/sources.list.j2 +++ b/roles/common/templates/etc/apt/sources.list.j2 @@ -1,16 +1,12 @@ # {{ ansible_managed }} # Do NOT edit this file directly! -deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main -deb-src http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main +deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %} -deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main -deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main +deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %} deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main -deb-src http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main {% if 'backports' in group_names -%} -deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main -deb-src http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main +deb http://ftp.debian.org/debian/ {{ ansible_lsb.codename }}-backports main {% endif %} |