+# note turn off fsf vpn, so route to coresite is the normal route.
+echo 1 > /proc/sys/net/ipv4/ip_forward
+m s iptables -t nat -A POSTROUTING -o $(ip -4 route get 8.8.8.8 | sed -nr 's,^.* dev\s+(\S+).*,\1,p') -j MASQUERADE
+
+
+change /p/c/machine_specific/vps/bind-initial/db.b8.nz
+faiserver 10.0.44.1
+TARGET_HOSTNAME 10.0.44.2
+
+apt install isc-dhcp-server
+
+cat >> /etc/default/isc-dhcp-server <<'EOF'
+INTERFACESv4="eth0"
+EOF
+
+edit ./dhcpd.conf to change mac address and target host name.
+
+s cp /b/fai/dhcpd.conf /etc/dhcp/
+ser restart isc-dhcp-server
+
+edit /a/bin/fai/fai/config/class/51-multi-boot
+
+pxe-server -d TARGET fai
+
+Then do a pxe boot on the target host
+
+
+
+##### linode notes ######
+
+* create 2 disks, installer (3000 mb, raw), boot (remaining, raw)
+* create 2 profiles w direct boot, no helpers:
+ * installer (sda=boot, sdb=installer, boot dev=sdb)
+ * boot (sda=boot)
+* Boot into rescue mode, ssh in with lish,
+ curl url_to_some_fai_cd_created_image | dd of=/dev/sda
+ poweroff
+* boot into installer.
+* Lish shows console, at the end of install, it gives prompt because
+ logs failed to save remotely, check the logs, then reboot into boot
+ profile if all is well. If that doesn't happen, turn off lassie in
+ settings.
+
+
+
+###### ubuntu notes ######
+
+For someone who really needed ubuntu on host tp, otherwise they would
+end up on a non-gnu os, and I didn't want to figure out how to get all
+the default software installed, I did the following:
+
+# On remote host:
+# install etiona
+cd /b/fai
+# set 51-multi-boot to set classes outside of fai-wrapper conditional, including NOWIPE
+. fai-wrapper
+./fai/config/hooks/partition.DEFAULT
+
+# on remote host
+# install ubuntu 20.04 using virt-install
+sudo -i
+virt-install --os-variant=ubuntu16.04 --cdrom ubuntu-20.04-desktop-amd64.iso --disk path=u2004.qcow2 -r 2048 --vcpus 1 -n u2004
+qemu-img create -o preallocation=metadata -f qcow2 u2004.qcow2 15G
+# alternatively, also tried a physical install, because I know the virtual install ends up
+# with some differen things, like some spice service. then pulled the data out with
+rsync -ahSAX --numeric-ids --exclude=proc --exclude=sys --exclude=dev --exclude=tmp --exclude=run root@tp:/ .; mkdir proc sys dev tmp
+
+modprobe nbd
+qemu-nbd --connect=/dev/nbd0 u1804.qcow2 -f qcow2
+qemu-nbd --connect=/dev/nbd0 u2004.qcow2 -f qcow2
+mount /dev/nbd0p1 /mnt/1 # bionic
+mount /dev/nbd0p5 /mnt/1 # focal
+mount -o bind /mnt/root/root_ubuntubionic /mnt/2
+mount -o bind /mnt/root/root_ubuntufocal /mnt/2
+mkdir -p /mnt/2/boot
+mount -o bind /mnt/boot/boot_ubuntubionic /mnt/2/boot
+mount -o bind /mnt/boot/boot_ubuntufocal /mnt/2/boot
+# S = sparse, A = acls, X = xattrs
+rsync -ahSAX --numeric-ids /mnt/1/ /mnt/2
+
+cd /mnt/2
+cp /tmp/fai/crypttab etc
+sed -i "s#/root/keyscript,#decrypt_keyctl,#" etc/crypttab
+cp /tmp/fai/fstab etc
+echo "tmpfs /tmp tmpfs nodev,nosuid,size=50%,mode=1777 0 0" >> etc/fstab
+chrbind
+chroot .
+mv /etc/resolv.conf /etc/resolv.conf.old
+echo nameserver 1.1.1.1 >/etc/resolv.conf
+# install programs from /a/bin/fai/fai/config/package_config/STANDARD:
+apt install -y openssh-client openssh-server cryptsetup keyutils btrfs-progs console-setup kbd pciutils usbutils unattended-upgrades initramfs-tools-core dropbear-initramfs
+mv /etc/resolv.conf.old /etc/resolv.conf
+exit
+d=etc/initramfs-tools
+mkdir -p $d/root/.ssh etc/dropbear-initramfs root/.ssh
+chmod 700 $d/root $d/root/.ssh root/.ssh
+cp -p /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys
+cp -p /root/.ssh/authorized_keys etc/dropbear-initramfs
+cp -p /root/.ssh/authorized_keys root/.ssh/authorized_keys
+chroot .
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="rd.luks.crypttab=no"/' /etc/default/grub
+grub-install --no-floppy $(grub-probe -tdrive -d /dev/sda)
+update-grub
+grub-bios-setup -d /boot/grub/i386-pc -s /dev/sda
+exit
+umount proc
+umount dev
+umount sys
+reboot