+src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
+dst=$target/etc/ssh
+if [[ -e $src && -e $dst ]]; then
+ # outside of fai context or setting up a brand new host, we skip this
+ cp -rT $src $dst
+fi
+
+root_pw_f=/q/root/shadow/standard
+if [[ ! -e $root_pw_f ]]; then
+ root_pw_f=/q/root/shadow/$HOSTNAME
+fi
+
+au() { # add user. i don't use adduser for portability
+ local user=${@: -1}
+ if ! $ROOTCMD getent passwd $user; then
+ $ROOTCMD useradd -c $user -Um -s /bin/bash $@
+ fi
+}
+
+
+# only setup root pass for bootstrap vol
+if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+ exit 0
+fi
+
+
+# return of 9 = user already exists. so we are idempotent.
+au iank
+# generating a hashed password:
+# under debian, you can do
+# mkpasswd -m sha-512 -s >/q/root/shadow/standard
+# On arch, best seems to be copy your shadow file to a temp location,
+# then passwd, get out the new pass, then copy the shadow file back.
+if [[ -e $root_pw_f ]]; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
+ sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+fi
+
+au user2
+if ifclass frodo; then
+ sed 's/^/user2:/' /q/root/shadow/user2 | $ROOTCMD chpasswd -e
+fi
+# comparing iank's groups to user2, I see none she should join on arch
+$ROOTCMD usermod -a -G user2 iank
+
+
+$ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
+$ROOTCMD usermod -a -G docker iank