+
+
+if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+ fcopy /etc/systemd/system/faicheck.service
+ chroot $FAI_ROOT bash <<'EOFOUTER'
+systemctl enable faicheck.service
+EOFOUTER
+ exit 0 # avoid unnecessary stuff in bootstrap vol
+fi
+
+
+## misc settings
+chroot $FAI_ROOT bash <<'EOFOUTER'
+#### begin .ssh setup ###
+set -x
+set -eE -o pipefail
+if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
+ mkdir -p /home/iank/.ssh
+ f=/root/.ssh/authorized_keys
+ if [[ -e $f ]]; then
+ cp $f /home/iank/.ssh
+ fi
+ chown -R 1000:1000 /home/iank/.ssh
+ chmod -R u=Xrw,og= /home/iank/.ssh
+ rm -rf /root/.ssh
+ # remove broken symlinks or the following cp will fail
+ find /home/iank/.ssh -xtype l -exec rm '{}' \;
+ cp -rL /home/iank/.ssh /root
+ chown -R root:root /root/.ssh
+ chmod 700 /root/.ssh
+fi
+
+# old link from
+# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
+# but that made a service that started too soon and didn't pick up our
+# x env vars. instead, copy from the root ssh-agent just the
+# appropriate things into a new service.
+rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service
+
+rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
+ /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
+
+#### end .ssh setup ###
+
+## duplicated in ssh-emacs-setup
+# done here so its setup earlier for convenience
+line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
+f=/etc/ssh/sshd_config
+grep -xFq "$line" $f || tee -a $f <<<"$line"
+
+
+# default debian groups (jessie through buster) + adm, root, admin
+for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
+ if getent group $g >/dev/null; then
+ usermod -aG $g iank
+ fi
+done
+
+if getent group systemd-journal >/dev/null; then
+ usermod -aG systemd-journal iank
+fi
+EOFOUTER
+
+rm -f $target/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
+# needed for bitfolk image
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+ systemctl enable systemd-resolved
+ systemctl start systemd-resolved
+fi
+
+
+
+# reading through the groups that iank is in but user2 isn't,
+for g in plugdev audio video cdrom; do
+ $ROOTCMD usermod -a -G $g user2
+done