I like running Debian stable as well as making use of recent kernels. Since I’m managing most of my infrastructure using puppet, I came up with a simple module which is included in my baseline role deployed on all systems.
The puppet apt module is needed here.
class js::module::kernel_update { class { 'apt': update => { frequency => 'daily', } } if $facts['os']['architecture'] == 'amd64' { if $facts['os']['distro']['codename'] == 'stretch' { package { ['linux-image-amd64']: ensure => latest, install_options => ['-t', 'stretch-backports'] } } if $facts['os']['distro']['codename'] == 'buster' { package { ['linux-image-amd64']: ensure => latest, install_options => ['-t', 'buster-backports'] } } } }
Naturally the backports repo needs to be included for this to work. My sources.list.erb (also included in the baseline role) looks like this:
<% if @os['distro']['id'] == 'Debian' -%> deb http://aptmirror/debian/ <%= @os['distro']['codename'] %> main contrib non-free deb http://aptmirror/debian-security/ <%= @os['distro']['codename'] %>/updates main contrib non-free deb http://aptmirror/debian/ <%= @os['distro']['codename'] %>-updates main contrib non-free deb http://aptmirror/debian/ <%= @os['distro']['codename'] %>-backports main contrib non-free deb http://apt.puppetlabs.com <%= @os['distro']['codename'] %> puppet <% end -%>
Just replace ‘aptmirror‘ with an apt mirror to your liking. Or run one yourself.