+
+if [[ ! -e $basefile ]]; then
+ printf "%s\n" "$0: error basefile=$basefile does not exist" >&2
+ exit 1
+fi
+
+if [[ ! -d $BASEFILE_DIR ]]; then
+ printf "%s\n" "$0: error BASEFILE_DIR=$BASEFILE_DIR does not exist" >&2
+ exit 1
+fi
+
+
+if ! type -p wget &>/dev/null; then
+ apt-get install -y wget
+fi
+
+armhf() {
+ [[ $(dpkg --print-architecture) == armhf ]]
+}
+
+if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
+ gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
+ cat >/etc/apt/sources.list.d/fai.list <<'EOF'
+deb https://fai-project.org/download jessie koeln
+EOF
+elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|bullseye|etiona|nabia)' /etc/os-release; then
+ # fai on ubuntu only has official support using the universe repo, but newer
+ # tends to have less bugs.
+ wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+
+ case $base in
+ stretch|buster|bullseye)
+ cat >/etc/apt/sources.list.d/fai.list <<EOF
+deb https://fai-project.org/download $base koeln
+EOF
+ ;;
+ *)
+ echo "$0: error: script needs updating for new base" >&2
+ exit 1
+ ;;
+ esac
+else
+ rm -f /etc/apt/sources.list.d/fai.list
+fi
+
+apt-get update
+
+# Relevant packages from fai-quickstart depends and fai-server recommends.
+# I especially do not wait isc-dhcp-server or an inetd. Also excludes
+# nfs-kernel-server. On an android chroot, we don\'t have nfs in the
+# kernel, or the ability to install it.
+# xorriso is for running fai-cd -a, not strictly need for fai-server
+# perl-tk is for fai-monitor-gui
+pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
+if modprobe nfsd &>/dev/null; then
+ pkgs+=(nfs-kernel-server)
+else
+ pkgs+=(apache2)
+fi
+
+
+e apt-get install -y ${pkgs[@]}
+# confnew since we edit /etc/fai/NFSROOT in an automated way
+# fai-client is already a fai-server dependency, but make sure it gets upgraded
+e apt-get install --no-install-recommends -y -o Dpkg::Options::=--no-force-confdef -o Dpkg::Options::=--force-confnew fai-server fai-client
+
+r=http://http.us.debian.org/debian
+# like default, but scrap httpredir, and nonfree.
+# All my systems should be able to get along without nonfree
+# for a base working system afaik.
+
+cat >/etc/fai/apt/sources.list <<EOF
+deb $r $base main contrib
+EOF
+case $base in
+ jessie|stretch|buster)
+ cat >>/etc/fai/apt/sources.list <<EOF
+deb http://security.debian.org/debian-security $base/updates main contrib
+EOF
+ ;;
+ *)
+ # new naming convention
+ cat >>/etc/fai/apt/sources.list <<EOF
+deb http://security.debian.org/debian-security $base-security main contrib
+EOF
+esac
+
+
+cat >>/etc/fai/apt/sources.list <<EOF
+# use fai repo. it's commented in the defaults. it's got bug fixes.
+# and may contain newer packages.
+deb http://fai-project.org/download $base koeln
+EOF
+
+if [[ $base == jessie ]]; then
+ cat >>/etc/fai/apt/sources.list <<'EOF'
+# fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
+deb http://ftp.debian.org/debian jessie-backports main
+EOF
+ # note, fai doesn\'t look at /etc/fai/apt/preferences.d
+ cat >/etc/fai/apt/preferences <<'EOF'
+Package: tar
+Pin: release a=jessie-backports
+Pin-Priority: 500
+EOF
+fi
+
+
+$sed -f - /etc/fai/nfsroot.conf <<EOF
+$ a FAI_ROOTPW='$(</q/root/shadow/standard)'
+/^\s*FAI_ROOTPW/d
+$ a SSH_IDENTITY=/root/.ssh/home.pub
+/^\s*SSH_IDENTITY/d
+s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
+# add --arch amd64. this is needed on arm system which is
+# used to install amd64 clients. On amd64 servers, it's redundant.
+# disabled for now, since creating fai nfsroot on my arm machine
+# is not working
+#/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
+EOF
+