--- - name: Fix GRUB nouveau errors and reboot ansible.builtin.lineinfile: path: /etc/default/grub regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=".*quiet' # line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet nouveau.modeset=0"' register: grubfix when: "'ThinkPad' in ansible_local['cpu_info']['productname']" - name: Update grub # noqa: no-handler ansible.builtin.command: update-grub when: grubfix.changed changed_when: grubfix.changed - name: Reboot after fixing GRUB # noqa: no-handler ansible.builtin.reboot: when: grubfix.changed changed_when: grubfix.changed - name: Install additional firmware ansible.builtin.apt: pkg: - firmware-realtek - firmware-misc-nonfree - firmware-iwlwifi - firmware-sof-signed state: present when: "'proxmox_servers' not in group_names" - name: Inform user of the intention with the microcode package ansible.builtin.debug: msg: "This is an Intel system, but it is a libreboot system. Removing intel-microcode package." when: "'GenuineIntel' in ansible_facts['processor'] and 'installed' in ansible_local['cpu_info']['libreboot']" - name: Block for actions that need to be done when libreboot present when: "'GenuineIntel' in ansible_facts['processor'] and 'installed' in ansible_local['cpu_info']['libreboot']" block: - name: Remove intel-microcode on Intel libreboot systems ansible.builtin.apt: name: intel-microcode state: absent purge: true - name: Blacklist mei_me module on libreboot systems ansible.builtin.copy: dest: /etc/modprobe.d/blacklist-mei.conf content: | # Disable Intel Management Engine Interface driver for libreboot systems blacklist mei_me owner: root group: root mode: '0644' notify: Update initramfs - name: Run depmod -ae as root ansible.builtin.command: depmod -ae become: true changed_when: false # end block - name: Install intel-microcode on Intel non-libreboot systems ansible.builtin.apt: name: intel-microcode state: present when: "'GenuineIntel' in ansible_facts['processor'] and 'installed' not in ansible_local['cpu_info']['libreboot']"