+# somewhat duplicated in brc hostip()
+case $host in
+ default) : ;;
+ [0-9:])
+ hostip=$host
+ ;;
+ *)
+ hostip=$(getent ahostsv4 "$host" | awk '{ print $1 }' | head -n1)
+ ;;
+esac
+
+if [[ $hostip ]]; then
+
+ # assuming ipv4, or else we might need to deal with multiple addresses
+ # in an ipv4 + ipv6 network.
+ my_ip=$(ip -4 route get $hostip | sed -nr 's,^.*src\s+(\S+).*,\1,p')
+ if [[ ! $my_ip || $my_ip =~ [[:space:]] ]]; then
+ echo "$0: error: failed to get \$my_ip, got: $my_ip"
+ exit 1
+ fi
+else
+ my_ip=$(ip r show default | sed -r 's/.*via ([^ ]*).*/\1/' | head -n1)
+fi
+
+if [[ $host == default ]]; then
+ ip='*'
+elif [[ $host == [0-9]*.[0-9]*.[0-9]*.[0-9]* ]]; then
+ ip=$host/32
+else
+ type -t host &>/dev/null || apt-get -y install dnsutils
+ ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
+ if [[ ! $ip || $ip =~ [[:space:]] ]]; then
+ echo "$0: error: failed to get \$ip, got: $ip"
+ exit 1
+ fi
+ ip=$ip/32
+ echo "$0: found ip of $host: $ip"
+fi
+
+if modprobe nfsd &>/dev/null; then
+ std_arg="-u nfs://faiserver/srv/fai/config"
+ # nfsv4 wont do rw with overlayfs yet
+ # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
+ root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
+ # fai-setup without -e sets the ip to the local_ip/local_network, eg 192.168.1.3/24
+ # I restrict it to one ip as simple but imperfect access control.
+
+ # we may chattr +i /etc/exports if we dun want it modified
+ # for example, if we made these exports more widely available
+ # while doing multiple installs or a recovery.
+ if [[ -w /etc/exports ]]; then
+ sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports
+ cat >>/etc/exports <<EOF
+/srv/fai/config $ip(async,ro,no_subtree_check,no_root_squash)
+/srv/fai/nfsroot $ip(async,ro,no_subtree_check,no_root_squash)
+EOF
+ exportfs -ra
+ fi
+ systemctl start nfs-server # assumes recent os
+else
+ std_arg="-u http://faiserver:8080/config.tar.gz"
+ root_arg="live:http://faiserver:8080/squash.img"
+ /a/exe/web-conf -i -p 8080 - apache2 faiserver <<EOF
+<Location />
+ Deny from all
+ Allow from $ip
+</Location>
+EOF
+fi
+
+
+