From 0963c8a7cc43c5380fa8085d41243aa3f2ead5a3 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Fri, 18 Nov 2016 06:43:05 -0800
Subject: [PATCH 01/16] moving nocow to post fai phase

---
 fai/config/hooks/partition.DEFAULT | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index f81c6af..c4f26ea 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -363,9 +363,6 @@ if [[ $DISTRO != debianstable_bootstrap ]]; then
     cd /mnt
 
     btrfs subvolume create root_$DISTRO
-    [[ -e nocow ]] || btrfs subvolume create nocow
-    chown root:1000 nocow
-    chattr +C nocow
 
     mkdir -p /mnt/root_$DISTRO/boot
     # could set default subvol like this, but no reason to.
@@ -418,10 +415,9 @@ BOOT_DEVICE="${short_devs[@]}"
 ROOT_PARTITION=$first_boot_dev
 EOF
 else
-    # note, fai creates the mountpoints like /nocow
+    # note, fai creates the mountpoints listed here
     cat > /tmp/fai/fstab <<EOF
 $first_root_crypt  /  btrfs  noatime,subvol=root_$DISTRO  0 0
-$first_root_crypt  /nocow  btrfs  noatime,subvol=nocow  0 0
 $first_root_crypt  /mnt/root  btrfs  noatime,subvolid=0  0 0
 $first_boot_dev  /boot  btrfs  noatime,subvol=$boot_vol  0 0
 EOF
-- 
2.30.2


From 708c79e5611549280b988c607e1a1a19fc63e991 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Tue, 22 Nov 2016 18:28:17 -0800
Subject: [PATCH 02/16] various fixes

---
 fai-redep                                     |  2 ++
 fai/config/class/50-host-classes              |  7 +++--
 .../distro-install-common/libreboot_grub.cfg  | 12 +++++--
 .../files/root/fai-check/STABLE_BOOTSTRAP     |  7 +++--
 faiserver-setup                               | 31 ++++++++++---------
 myfai-chboot                                  |  5 ---
 pxe-server                                    |  3 +-
 wrt-setup                                     |  4 +--
 8 files changed, 41 insertions(+), 30 deletions(-)

diff --git a/fai-redep b/fai-redep
index ca8fb60..c342d4b 100755
--- a/fai-redep
+++ b/fai-redep
@@ -65,3 +65,5 @@ chmod -R a+rX /srv/fai/config/distro-install-common
 #u=http://fai-project.org/download/basefiles/XENIAL64.tar.xz
 #wget -nv -N $u
 EOF
+
+faiserver-enable
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index f8e46de..12349be 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -51,8 +51,11 @@
 #     esac
 # fi
 #
-if [[ -e /a/bin/fai/fai-wrapper ]] && isdebian-stable; then
-    echo "STABLE"
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+    source /a/bin/distro-functions/src/identify-distros
+    if isdebian-stable; then
+        echo "STABLE"
+    fi
 fi
 
 # use a list of classes for our demo machine
diff --git a/fai/config/distro-install-common/libreboot_grub.cfg b/fai/config/distro-install-common/libreboot_grub.cfg
index 32ab392..69e1c52 100644
--- a/fai/config/distro-install-common/libreboot_grub.cfg
+++ b/fai/config/distro-install-common/libreboot_grub.cfg
@@ -13,7 +13,15 @@ function save_chosen {
     save_vars did_fai_check last_boot
 }
 
-# we don't set this to fai check so we can't get into
+# fai_check is so we can act like a pxe boot, but just for fai, and by
+# using /debian_bootstrap to do it.  We toggle on and off the grub var
+# did_fai_check so we can do the check every other boot. Then
+# /debian_bootstrap checks for that var on boot and if we want to do a
+# fai check, it does it, then reboots. But it also sets did_fai_check to
+# a 3rd state os_true which means we did the fai check, and we don't
+# want to do it again. This is useful for systems without libreboot.
+
+# We don't set this to fai check so we can't get into
 # an infinite reboot cycle. We depend on the os to
 # create the initial grubenv file.
 set default=/debianstable_bootstrap # could use 0 here.
@@ -23,7 +31,7 @@ for part in (ahci*4) (ata*4); do
     envfile=$part/grubenv
     if [ -s $envfile ]; then
         load_env --file $envfile
-        if [ x$did_fai_check != xtrue -a x$last_boot != x$default ]; then
+        if [ x$did_fai_check == xfalse -a x$last_boot != x$default ]; then
             set default=fai-check
         elif [ ! -z $last_boot ]; then
             set default=$last_boot
diff --git a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP b/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
index 15c865f..e448c7f 100755
--- a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
+++ b/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
@@ -5,12 +5,12 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 # keep it short so we don't delay too much wnen we don't have networking.
 NETWORK_TIMOUT_SECS=10
-fai_check=false
+did_fai_check=false
 check-fai() {
     # we could just as well check if last_boot != /debianstable_boostrap
     # the intent with this one is just a little clearer.
     if [[ $did_fai_check == true ]]; then
-        fai_check=true
+        grub-editenv /mnt/grubenv set did_fai_check=os_true
         # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
         deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
         while ! systemctl status network-online.target && \
@@ -45,7 +45,8 @@ for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
     umount /mnt
 done
 
-if $fai_check && [[ $last_boot != /debianstable_boostrap ]]; then
+# the check for last_boot is not needed afaik, just sanity check.
+if [[ $did_fai_check == true && $last_boot != /debianstable_boostrap ]]; then
     # no need to reboot if we actually want to boot into this os.
     reboot
 fi
diff --git a/faiserver-setup b/faiserver-setup
index 96485a5..a48a00c 100755
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -52,6 +52,22 @@ fi
 
 # for debian:
 
+
+apt-get update
+# all the dependencies except the dhcp server
+deps="$(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\
+              sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')"
+to_install=(tar)
+for pkg in $deps; do
+    dpkg -s $pkg &>/dev/null && continue ||:
+    to_install+=($pkg)
+    # just so we have a record.
+    echo `date` $pkg >>/var/log/fai-manually-installed-packages.log
+done
+if [[ $to_install ]]; then
+  apt-get -y install ${to_install[@]}
+fi
+
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.
 # All my systems should be able to get along without nonfree
@@ -78,21 +94,6 @@ Pin-Priority: 500
 EOF
 fi
 
-apt-get update
-# all the dependencies except the dhcp server
-deps="$(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\
-              sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')"
-to_install=(tar)
-for pkg in $deps; do
-    dpkg -s $pkg &>/dev/null && continue ||:
-    to_install+=($pkg)
-    # just so we have a record.
-    echo `date` $pkg >>/var/log/fai-manually-installed-packages.log
-done
-if [[ $to_install ]]; then
-  apt-get -y install ${to_install[@]}
-fi
-
 
 # tried out a stretch base, doesn't work yet.
 $sed -f - /etc/fai/nfsroot.conf <<EOF
diff --git a/myfai-chboot b/myfai-chboot
index 32addc5..1abead8 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -17,8 +17,3 @@ cd "${BASH_SOURCE%/*}" # directory of the script
 
 host=$(chost faiserver)
 ssh root@$host bash -s "$@" <myfai-chboot-local
-if [[ $1 ]]; then
-    ./faiserver-enable
-else
-    ./faiserver-disable
-fi
diff --git a/pxe-server b/pxe-server
index 9c3f917..15d52e7 100755
--- a/pxe-server
+++ b/pxe-server
@@ -31,8 +31,9 @@ usage() {
 Usage: ${0##*/} [OPTIONS] [HOST TYPE]
 One line description
 
+Without HOST TYPE, disable pxe server and fai server.
 TYPE is one of arch, plain, fai.
-HOST is a hostname known to the dhcp server, or default for all, or none to disable
+HOST is a hostname known to the dhcp server, or default for all
 
 -r         Don't redeploy fai config. For example, if there is a different host
            that is mid-install.
diff --git a/wrt-setup b/wrt-setup
index 8293e9d..b244bca 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -231,9 +231,9 @@ v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 192.168.1.2 treetowl $IMPERSONAL_DOMAIN
 192.168.1.3 frodo
 192.168.1.4 htpc
-192.168.1.5 x2
+192.168.1.5 x2 faiserver
 192.168.1.6 demohost
-192.168.1.7 faiserver
+#192.168.1.7 faiserver
 192.168.1.8 tp
 72.14.176.105 li
 45.33.1.160 lj
-- 
2.30.2


From 114c4b67d43d7fa1cd7b5014153b82aa8492c74d Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Tue, 22 Nov 2016 18:34:12 -0800
Subject: [PATCH 03/16] fix chboot options

---
 chboot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chboot b/chboot
index 2a357e6..b90b926 100755
--- a/chboot
+++ b/chboot
@@ -44,7 +44,7 @@ grub_extn=4
 
 ###### begin command line parsing #####
 reboot=true
-temp=$(getopt -l opt o "$@") || usage 1
+temp=$(getopt -l help hdr "$@") || usage 1
 eval set -- "$temp"
 while true; do
     case $1 in
-- 
2.30.2


From cfe7d2a4eb0e0af4cd59df420f76ea4d5ee755fd Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Tue, 22 Nov 2016 19:03:50 -0800
Subject: [PATCH 04/16] install chboot to /boot in case its needed

---
 README                               |   1 +
 chboot                               | 111 +--------------------------
 fai/config/files/boot/chboot/DEFAULT | 110 ++++++++++++++++++++++++++
 fai/config/scripts/GRUB_PC/11-ian    |   1 +
 install-chboot                       |  44 +++++++++++
 5 files changed, 157 insertions(+), 110 deletions(-)
 mode change 100755 => 120000 chboot
 create mode 100755 fai/config/files/boot/chboot/DEFAULT
 create mode 100755 install-chboot

diff --git a/README b/README
index a3b16b7..def4fb5 100644
--- a/README
+++ b/README
@@ -39,6 +39,7 @@ Main scripts meant to be called interactively:
 
 arch-init-remote # install arch (after it's been booted into it's setup env)
 chboot # Set grub to boot into a different distro (installed earlier)
+install-chboot # reinstall chboot to /boot subvols, for when it changes
 dsfull # install & setup a new fai distro (if data partition already synced)
 eboot # reboot and keep disks encrypted
 fai-kexec # kexec to fai tftp server that pxe would normally point to
diff --git a/chboot b/chboot
deleted file mode 100755
index b90b926..0000000
--- a/chboot
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/bash
-# Copyright (C) 2016 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-
-usage() {
-    cat <<EOF
-Usage: ${0##*/} [OPTIONS] DISTRO_NAME
-Set grub to boot into a different distro, and reboot unless -r
-
-With no argument, print available distros
-DISTRO_NAME is based on the partition names in /boot.
-For example debianjessie for the partitionn boot_debianjessie.
-
--r         Do not reboot.
--d         Enable debug output.
--h|--help  Print help and exit.
-
-Note: Uses GNU getopt options parsing style
-EOF
-    exit $1
-}
-
-
-grub_extn=4
-
-###### begin command line parsing #####
-reboot=true
-temp=$(getopt -l help hdr "$@") || usage 1
-eval set -- "$temp"
-while true; do
-    case $1 in
-        -d) set -x; shift ;;
-        -r) reboot=false; shift ;;
-        -h|--help) usage ;;
-        --) shift; break ;;
-        *) echo "$0: Internal error!" ; exit 1 ;;
-    esac
-done
-
-
-distro=$1
-
-if [[ ! $distro ]]; then
-    echo "available distros:"
-    cur=$(btrfs subvol show /boot| sed -rn 's/^.*Name:\s*(\S*).*/\1/p')
-    btrfs subvolume list /boot | awk '{print $9}' | sed "s/$cur/$cur (current)/"
-    exit 0
-fi
-
-###### end command line parsing #####
-
-
-#### begin initial error checking #####
-
-if ! btrfs subvolume list /boot | grep "_$distro$" &>/dev/null; then
-    echo "$0: error: _$distro$ not found in btrfs subvolume list /boot:"
-    btrfs subvolume list /boot
-    exit 1
-fi
-
-#### end initial error checking #####
-
-e() { echo "$@"; "$@"; }
-
-boot_dev=$(mount | sed -rn "s#^(\S+) on /boot .*#\1#p")
-
-mount_point=$(mktemp -d)
-
-e mount -o subvol=boot_$distro $boot_dev $mount_point
-
-boot_disk=${boot_dev%%[0-9]*}
-
-# arch doesn't have $mount_point/grub/device.map, accoring to the grub manual,
-# it just generates one if the file doesn't exist.
-# https://www.gnu.org/software/grub/manual/html_node/Device-map.html
-e grub-bios-setup -d $mount_point/grub/i386-pc -s -m $mount_point/grub/device.map $boot_disk
-
-# todo, mount_point needs subvolid=0
-
-e umount $mount_point
-
-e mount $boot_disk$grub_extn $mount_point
-e grub-editenv $mount_point/grubenv set last_boot=/boot_$distro
-e grub-editenv $mount_point/grubenv set did_fai_check=true
-e umount $mount_point
-e rmdir $mount_point
-
-if $reboot; then
-    touch /tmp/keyscript-off
-    reboot now
-fi
diff --git a/chboot b/chboot
new file mode 120000
index 0000000..b311a15
--- /dev/null
+++ b/chboot
@@ -0,0 +1 @@
+fai/config/files/boot/chboot/DEFAULT
\ No newline at end of file
diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT
new file mode 100755
index 0000000..b90b926
--- /dev/null
+++ b/fai/config/files/boot/chboot/DEFAULT
@@ -0,0 +1,110 @@
+#!/bin/bash
+# Copyright (C) 2016 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+
+usage() {
+    cat <<EOF
+Usage: ${0##*/} [OPTIONS] DISTRO_NAME
+Set grub to boot into a different distro, and reboot unless -r
+
+With no argument, print available distros
+DISTRO_NAME is based on the partition names in /boot.
+For example debianjessie for the partitionn boot_debianjessie.
+
+-r         Do not reboot.
+-d         Enable debug output.
+-h|--help  Print help and exit.
+
+Note: Uses GNU getopt options parsing style
+EOF
+    exit $1
+}
+
+
+grub_extn=4
+
+###### begin command line parsing #####
+reboot=true
+temp=$(getopt -l help hdr "$@") || usage 1
+eval set -- "$temp"
+while true; do
+    case $1 in
+        -d) set -x; shift ;;
+        -r) reboot=false; shift ;;
+        -h|--help) usage ;;
+        --) shift; break ;;
+        *) echo "$0: Internal error!" ; exit 1 ;;
+    esac
+done
+
+
+distro=$1
+
+if [[ ! $distro ]]; then
+    echo "available distros:"
+    cur=$(btrfs subvol show /boot| sed -rn 's/^.*Name:\s*(\S*).*/\1/p')
+    btrfs subvolume list /boot | awk '{print $9}' | sed "s/$cur/$cur (current)/"
+    exit 0
+fi
+
+###### end command line parsing #####
+
+
+#### begin initial error checking #####
+
+if ! btrfs subvolume list /boot | grep "_$distro$" &>/dev/null; then
+    echo "$0: error: _$distro$ not found in btrfs subvolume list /boot:"
+    btrfs subvolume list /boot
+    exit 1
+fi
+
+#### end initial error checking #####
+
+e() { echo "$@"; "$@"; }
+
+boot_dev=$(mount | sed -rn "s#^(\S+) on /boot .*#\1#p")
+
+mount_point=$(mktemp -d)
+
+e mount -o subvol=boot_$distro $boot_dev $mount_point
+
+boot_disk=${boot_dev%%[0-9]*}
+
+# arch doesn't have $mount_point/grub/device.map, accoring to the grub manual,
+# it just generates one if the file doesn't exist.
+# https://www.gnu.org/software/grub/manual/html_node/Device-map.html
+e grub-bios-setup -d $mount_point/grub/i386-pc -s -m $mount_point/grub/device.map $boot_disk
+
+# todo, mount_point needs subvolid=0
+
+e umount $mount_point
+
+e mount $boot_disk$grub_extn $mount_point
+e grub-editenv $mount_point/grubenv set last_boot=/boot_$distro
+e grub-editenv $mount_point/grubenv set did_fai_check=true
+e umount $mount_point
+e rmdir $mount_point
+
+if $reboot; then
+    touch /tmp/keyscript-off
+    reboot now
+fi
diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian
index a10efef..7650340 100755
--- a/fai/config/scripts/GRUB_PC/11-ian
+++ b/fai/config/scripts/GRUB_PC/11-ian
@@ -24,6 +24,7 @@ EOF
 apt-get install -y pxe-kexec
 EOFOUTER
 
+fcopy -r /boot # -r = recursive
 # note: # fcopy -i = ignore nonmatching class error, always return 0.
 # this is also done by FABASE/10-misc by default.
 fcopy -ir /root
diff --git a/install-chboot b/install-chboot
new file mode 100755
index 0000000..838c0ae
--- /dev/null
+++ b/install-chboot
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copyright (C) 2016 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+# usage install-chboot: isntalls chboot to all /boot subvols,
+# in case there is an issue booting and it is needed.
+# Run this when chboot changes.
+
+cd "${BASH_SOURCE%/*}"
+
+e() { echo "$@"; "$@"; }
+
+boot_dev=$(mount | sed -rn "s#^(\S+) on /boot .*#\1#p")
+mount_point=$(mktemp -d)
+e mount -o subvolid=0 $boot_dev $mount_point
+
+shopt -s nullglob
+for dir in $mount_point/*; do
+    btrfs subvol show $dir &>/dev/null || continue
+    if [[ -e $dir/boot ]]; then
+        dir=$dir/boot
+    fi
+    e install -m 755 -o root -g root chboot $dir
+done
+e umount $mount_point
+e rmdir $mount_point
-- 
2.30.2


From c90a6fcdae53853a1e7d74dfcfa5d86cb7d81096 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 26 Nov 2016 11:33:33 -0800
Subject: [PATCH 05/16] just docs

---
 fai/config/files/boot/chboot/DEFAULT | 22 +++++++++++++++++++---
 pxe-server                           | 10 +++++++++-
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT
index b90b926..021c74d 100755
--- a/fai/config/files/boot/chboot/DEFAULT
+++ b/fai/config/files/boot/chboot/DEFAULT
@@ -30,6 +30,23 @@ With no argument, print available distros
 DISTRO_NAME is based on the partition names in /boot.
 For example debianjessie for the partitionn boot_debianjessie.
 
+For a system without libreboot, which is failing completely to
+boot on one distro, here is how I did a chboot for it:
+# arch-pxe had been run previously
+pxe-server treetowl arch
+# reboot treetowl into arch live env
+pxe-server # disable pxe server
+ssh root@treetowl
+lsblk # identify boot dev. if boot dev is a raid, this could be repeated on all boot devs.
+mount /dev/sdd3 /mnt
+mount_point=/mnt/boot_debiantesting # the subvol i want to chboot to
+boot_disk=/dev/sdd
+grub-bios-setup -d $mount_point/grub/i386-pc -s -m $mount_point/grub/device.map $boot_disk
+reboot
+
+todo: figure out if it's possible to make a multi-distro grub like I have with libreboot
+for non-libreboot systems
+
 -r         Do not reboot.
 -d         Enable debug output.
 -h|--help  Print help and exit.
@@ -94,11 +111,10 @@ boot_disk=${boot_dev%%[0-9]*}
 # https://www.gnu.org/software/grub/manual/html_node/Device-map.html
 e grub-bios-setup -d $mount_point/grub/i386-pc -s -m $mount_point/grub/device.map $boot_disk
 
-# todo, mount_point needs subvolid=0
-
 e umount $mount_point
 
-e mount $boot_disk$grub_extn $mount_point
+# i don't change the default subvolid, so the arg here is just being cautious
+e mount -o subvolid=0 $boot_disk$grub_extn $mount_point
 e grub-editenv $mount_point/grubenv set last_boot=/boot_$distro
 e grub-editenv $mount_point/grubenv set did_fai_check=true
 e umount $mount_point
diff --git a/pxe-server b/pxe-server
index 15d52e7..e59854a 100755
--- a/pxe-server
+++ b/pxe-server
@@ -29,11 +29,19 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 usage() {
     cat <<EOF
 Usage: ${0##*/} [OPTIONS] [HOST TYPE]
-One line description
+Configure dnsmasq pxe server options and fai-chboot if appropriate.
+
 
 Without HOST TYPE, disable pxe server and fai server.
 TYPE is one of arch, plain, fai.
 HOST is a hostname known to the dhcp server, or default for all
+Note, when switching between plain and arch, you will need to
+do something like:
+ssh wrt
+cd /mnt/usb
+rm tftpboot
+ln -s <arch/debian iso dir> tftpboot
+
 
 -r         Don't redeploy fai config. For example, if there is a different host
            that is mid-install.
-- 
2.30.2


From 1728af7e3060c8608c622f210d6e16f7d085d8f9 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Wed, 4 Jan 2017 12:47:34 -0800
Subject: [PATCH 06/16] small updates

---
 arch-init                            |  7 +++----
 fai/config/distro-install-common/end |  8 +++++---
 fai/config/hooks/instsoft.DEFAULT    |  2 ++
 myfai-chboot-local                   |  2 +-
 wrt-setup                            | 14 ++++++++++----
 5 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/arch-init b/arch-init
index e22b37a..37fa90b 100755
--- a/arch-init
+++ b/arch-init
@@ -48,7 +48,7 @@ export PARTITION_PROMPT=true
 # to be idempotent if we fail after partitioning
 already_partitioned=true
 mount_out=$(mount)
-for dir in /mnt{,/home,/boot,/q}; do
+for dir in /mnt{,/home,/boot,/a}; do
     regex=" on $dir "
     if [[ ! $mount_out =~ $regex ]]; then
         already_partitioned=false
@@ -73,8 +73,8 @@ sed -ri --follow-symlinks "/^crypt_dev_\S+$rootn /d" /tmp/fai/crypttab
 
 if ! $already_partitioned; then
     mount -o subvol=root_$DISTRO $ROOT_PARTITION /mnt
-    mkdir -p /mnt/{q,home,boot}
-    mount -o subvol=q $ROOT_PARTITION /mnt/q
+    mkdir -p /mnt/{a,home,boot}
+    mount -o subvol=a $ROOT_PARTITION /mnt/a
     mount -o subvol=boot_$DISTRO $BOOT_PARTITION /mnt/boot
 fi
 
@@ -101,7 +101,6 @@ bindmount() {
     mkdir -p $mountpoint
     mount -o bind $source $mountpoint
 }
-bindmount /a /mnt/a
 bindmount /root/shadow /mnt/q/root/shadow
 
 mkdir -p /mnt/etc/ssh
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 3735142..bc4e816 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -30,9 +30,9 @@ chpw() {
         echo "$0: warning: no pw set for $user" >&2
     fi
 }
-au() {
-    if ! $ROOTCMD getent passwd $1; then
-        $ROOTCMD useradd -m -s /bin/bash $1 || [[ $? == 9 ]]
+au() { # add user
+    if ! $ROOTCMD getent passwd ${@: -1}; then
+        $ROOTCMD useradd -m -s /bin/bash $@
     fi
 }
 
@@ -81,3 +81,5 @@ while true; do
     dir=$(dirname $dir)
     if [[ $dir == /p ]]; then break; fi
 done
+
+au -s /bin/false --home-dir /var/lib/bitcoind bitcoin
diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT
index de47766..36c0caf 100755
--- a/fai/config/hooks/instsoft.DEFAULT
+++ b/fai/config/hooks/instsoft.DEFAULT
@@ -29,6 +29,8 @@ EOF
 chmod +x $f
 
 
+# for hosts which don't have these data volumes, copy the specific
+# files we need.
 if ifclass demohost; then
     files=(/var/lib/fai/config/distro-install-common/luks/host-demohost)
 elif ifclass tp; then
diff --git a/myfai-chboot-local b/myfai-chboot-local
index 8d4e1ce..9eac43f 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -19,7 +19,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
 # man page doesn't explain this, but this deletes & thus disables
 # all chboot systems.
 type -t host &>/dev/null || apt-get -y install dnsutils
-gateway_ip=$(route -n | sed -rn 's/^(0\.){3}0\s+(\S+).*/\2/p')
+gateway_ip=$(route -n | sed -rn 's/^0\.0\.0\.0\s+(\S+).*/\1/p')
 my_ip=$(host faiserver $gateway_ip | sed -rn 's/^\S+ has address //p')
 k_args=$(fai-chboot -L '^default$' | \
              sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/")
diff --git a/wrt-setup b/wrt-setup
index b244bca..82f7193 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -172,6 +172,13 @@ v /etc/init.d/nfsd enable
 # EOF
 
 
+v cedit /etc/config/network <<'EOF' || v /etc/init.d/network reload
+config 'route' 'transmission'
+        option 'interface' 'lan'
+        option 'target' '10.173.0.0'
+        option 'netmask' '255.255.0.0'
+        option 'gateway' '192.168.1.2'
+EOF
 
 v cedit /etc/config/firewall <<'EOF' || firewall_restart=true
 config redirect
@@ -238,10 +245,9 @@ v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 72.14.176.105 li
 45.33.1.160 lj
 138.68.10.24 dopub
-# cant ssh to do when on vpn. some routing/firewall rule or something,
-# I don't know. I can get there from wrt but not my machine.
-# but we can get to it from this address, so, good enough.
-10.8.0.1 do
+# netns creation looks for next free subnet starting at 10.173, but I only
+# use one, and I would keep this one as the first created.
+10.173.0.2 transmission
 EOF
 
 
-- 
2.30.2


From a018c3030b0ebd751d5667efd96c2fd32f2423e0 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Thu, 5 Jan 2017 07:53:37 -0800
Subject: [PATCH 07/16] cleanup classes, populate ssh server keys

---
 README                                        |  2 +-
 fai-redep                                     |  5 +++
 fai/config/class/50-host-classes              | 43 ++++++++++++-------
 .../belenos/{BELANOS64 => BELANOS}            |  0
 .../etc/apt/preferences.d/stable/LINODESTABLE |  1 -
 .../files/etc/apt/preferences.d/stable/STABLE |  8 ++++
 .../apt/preferences.d/testing/LINODESTABLE    |  1 -
 .../etc/apt/preferences.d/testing/STABLE      |  7 ---
 .../belanos.list/{BELENOS64 => BELANOS}       |  0
 .../stable-non-free.list/STABLE_NON_FREE      | 11 -----
 .../STABLE_LINODE}                            | 12 ++++++
 .../sources.list.d/stable.list/STABLE_NONFREE | 11 +++++
 .../testing-non-free.list/DEBIAN_NON_FREE     |  8 ----
 .../sources.list.d/testing.list/STABLE_FREE   |  1 +
 .../testing.list/STABLE_NONFREE               |  1 +
 .../testing.list/{DEBIAN => TESTING_FREE}     |  3 ++
 .../testing.list/TESTING_NONFREE              | 11 +++++
 .../unstable-non-free.list/DEBIAN_NON_FREE    |  2 -
 .../apt/sources.list.d/unstable.list/DEBIAN   |  2 -
 .../files/root/fai-check/STABLE_BOOTSTRAP     | 23 +++++++---
 fai/config/hooks/partition.DEFAULT            | 10 ++---
 fai/config/scripts/GRUB_PC/11-ian             | 36 +++++++++-------
 wrt-setup                                     |  6 +--
 23 files changed, 128 insertions(+), 76 deletions(-)
 rename fai/config/files/etc/apt/preferences.d/belenos/{BELANOS64 => BELANOS} (100%)
 delete mode 120000 fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE
 delete mode 120000 fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE
 delete mode 100644 fai/config/files/etc/apt/preferences.d/testing/STABLE
 rename fai/config/files/etc/apt/sources.list.d/belanos.list/{BELENOS64 => BELANOS} (100%)
 delete mode 100644 fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE
 rename fai/config/files/etc/apt/sources.list.d/{linodestable.list/LINODESTABLE => stable.list/STABLE_LINODE} (53%)
 create mode 100644 fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE
 delete mode 100644 fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE
 create mode 120000 fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE
 create mode 120000 fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE
 rename fai/config/files/etc/apt/sources.list.d/testing.list/{DEBIAN => TESTING_FREE} (75%)
 create mode 100644 fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE
 delete mode 100644 fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE
 delete mode 100644 fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN

diff --git a/README b/README
index def4fb5..c3a88f8 100644
--- a/README
+++ b/README
@@ -41,7 +41,7 @@ arch-init-remote # install arch (after it's been booted into it's setup env)
 chboot # Set grub to boot into a different distro (installed earlier)
 install-chboot # reinstall chboot to /boot subvols, for when it changes
 dsfull # install & setup a new fai distro (if data partition already synced)
-eboot # reboot and keep disks encrypted
+eboot # reboot without automatic disk decryption
 fai-kexec # kexec to fai tftp server that pxe would normally point to
 fai-revm  # test fai on a fresh vm
 faiserver-revm # create a vm which is a fai server using pxe & preseed file
diff --git a/fai-redep b/fai-redep
index c342d4b..b035ef5 100755
--- a/fai-redep
+++ b/fai-redep
@@ -41,8 +41,13 @@ scp -q ~/.ssh/id_rsa.pub \
 # these files are not exposed.
 s scp -qr /q/root/luks /q/root/shadow \
   root@$faiserver_host:/srv/fai/config/distro-install-common
+
+# should tar ssh all the files, but these ones really justified it
+tar -cz /p/c/machine_specific/*/filesystem/etc/ssh | \
+  ssh root@$faiserver_host tar -xz -C /srv/fai/config/distro-install-common
 scp -q /a/bin/fai/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin
 
+
 # built BELANOS basefile with mk-basefile -J BELENOS64. it's stored in
 # it's own repo which is published alongside this one called
 # fai-basefiles due to being a large binary file.
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 12349be..278bcce 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -19,13 +19,30 @@
 
 
 # For multi-boot system.
-# Check that we aren't in a pxe boot environment.
+# We check that we aren't in a pxe boot environment.
 # There is probably a better way to do this.
 # We check the reverse condition in 51-multi-boot,
 # and set what os we are installing, but don't check it
-# into git since it changes regularly. Each host needs
-# to have a class of either DEBIAN + (STABLE or STRETCH64 or STABLE_BOOTSTRAP),
-# or UBUNTU + XENIAL64.
+# into git since it changes regularly.
+# It's code looks like this:
+# if [[ ! -e /a/bin/fai/fai-wrapper ]]; then
+#     case $HOSTNAME in
+#         tp) DEBIAN STABLE VOL_STABLE STABLE_FREE;;
+#         # add more multi-boot hostnames here
+#     esac
+# fi
+#
+# Each host defines the base distro: UBUNTU or DEBIAN.
+# the disto version, also the basefile name if we aren't installing debian stable:
+# STABLE, STRETCH64, XENIAL64, BELANOS64
+# the distro subvol name, we can add as many of these as we want:
+# VOL_STABLE, VOL_STABLE_BOOTSTRAP, VOL_STRETCH, VOL_XENIAL, VOL_BELANOS
+# and the class which defines the apt sources files we want,
+# STABLE_FREE, STABLE_NONFREE, TESTING_FREE, TESTING_NONFREE,
+# XENIAL_FREE (no XENIAL_NONFREE setup yet), BELANOS, STABLE_LINODE.
+# This is a little redundant in some cases, but it keeps things
+# simpler.
+#
 #
 # Other notable classes:
 #
@@ -43,13 +60,6 @@
 #
 # RAID0: Use raid 0 even if there are >= 4 disks with boot partititions.
 #
-# It's shell looks like this:
-# if [[ ! -e /a/bin/fai/fai-wrapper ]]; then
-#     case $HOSTNAME in
-#         tp) DEBIAN STABLE ;;
-#         # add more multi-boot hostnames here
-#     esac
-# fi
 #
 if [[ -e /a/bin/fai/fai-wrapper ]]; then
     source /a/bin/distro-functions/src/identify-distros
@@ -59,16 +69,19 @@ if [[ -e /a/bin/fai/fai-wrapper ]]; then
 fi
 
 # use a list of classes for our demo machine
-echo "FAIBASE PARTITION_PROMPT"
+echo "FAIBASE"
+
+#echo "PARTITION_PROMPT"
+#echo REPARTITION
+
 case $HOSTNAME in
     frodo|treetowl)
-        echo "DEBIAN_NON_FREE"
         if [[ -e /a/bin/fai/fai-wrapper ]] && isdebian-stable; then
-            echo "STABLE_NON_FREE"
+            echo "STABLE_NONFREE"
         fi
         ;;
     lj|lj)
-        echo "LINODESTABLE" ;;
+        echo "STABLE STABLE_LINODE" ;;
 esac
 
 if grep ^52:54:00: /sys/class/net/eth0/address &>/dev/null; then
diff --git a/fai/config/files/etc/apt/preferences.d/belenos/BELANOS64 b/fai/config/files/etc/apt/preferences.d/belenos/BELANOS
similarity index 100%
rename from fai/config/files/etc/apt/preferences.d/belenos/BELANOS64
rename to fai/config/files/etc/apt/preferences.d/belenos/BELANOS
diff --git a/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE b/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE
deleted file mode 120000
index 31109f8..0000000
--- a/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE
+++ /dev/null
@@ -1 +0,0 @@
-STABLE
\ No newline at end of file
diff --git a/fai/config/files/etc/apt/preferences.d/stable/STABLE b/fai/config/files/etc/apt/preferences.d/stable/STABLE
index bc0047b..662b957 100644
--- a/fai/config/files/etc/apt/preferences.d/stable/STABLE
+++ b/fai/config/files/etc/apt/preferences.d/stable/STABLE
@@ -11,3 +11,11 @@ Explanation:
 Package: tar linux-image-amd64 linux-base btrfs-tools
 Pin: release a=jessie-backports
 Pin-Priority: 500
+
+Package: *
+Pin: release a=testing
+Pin-Priority: -10
+
+Package: *
+Pin: release a=testing-updates
+Pin-Priority: -10
diff --git a/fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE b/fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE
deleted file mode 120000
index 31109f8..0000000
--- a/fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE
+++ /dev/null
@@ -1 +0,0 @@
-STABLE
\ No newline at end of file
diff --git a/fai/config/files/etc/apt/preferences.d/testing/STABLE b/fai/config/files/etc/apt/preferences.d/testing/STABLE
deleted file mode 100644
index 2203269..0000000
--- a/fai/config/files/etc/apt/preferences.d/testing/STABLE
+++ /dev/null
@@ -1,7 +0,0 @@
-Package: *
-Pin: release a=testing
-Pin-Priority: -10
-
-Package: *
-Pin: release a=testing-updates
-Pin-Priority: -10
diff --git a/fai/config/files/etc/apt/sources.list.d/belanos.list/BELENOS64 b/fai/config/files/etc/apt/sources.list.d/belanos.list/BELANOS
similarity index 100%
rename from fai/config/files/etc/apt/sources.list.d/belanos.list/BELENOS64
rename to fai/config/files/etc/apt/sources.list.d/belanos.list/BELANOS
diff --git a/fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE b/fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE
deleted file mode 100644
index 689921e..0000000
--- a/fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE
+++ /dev/null
@@ -1,11 +0,0 @@
-deb http://http.us.debian.org/debian jessie contrib non-free
-deb-src http://http.us.debian.org/debian jessie contrib non-free
-
-deb http://security.debian.org/ jessie/updates contrib non-free
-deb-src http://security.debian.org/ jessie/updates contrib non-free
-
-deb http://http.us.debian.org/debian jessie-updates contrib non-free
-deb-src http://http.us.debian.org/debian jessie-updates contrib non-free
-
-deb http://http.debian.net/debian jessie-backports contrib non-free
-deb-src http://http.debian.net/debian jessie-backports contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_LINODE
similarity index 53%
rename from fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE
rename to fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_LINODE
index 3e04cd4..3e6e183 100644
--- a/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE
+++ b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_LINODE
@@ -10,3 +10,15 @@ deb-src http://mirrors.linode.com/debian/ jessie-updates main
 
 deb http://mirrors.linode.com/debian/ jessie-backports main
 deb-src http://mirrors.linode.com/debian/ jessie-backports main
+
+deb http://mirrors.linode.com/debian testing main
+deb-src http://mirrors.linode.com/debian testing main
+
+deb http://security.debian.org/ testing/updates main
+deb-src http://security.debian.org/ testing/updates main
+
+deb http://mirrors.linode.com/debian testing-updates main
+deb-src http://mirrors.linode.com/debian testing-updates main
+
+deb http://mirrors.linode.com/debian unstable main
+deb-src http://mirrors.linode.com/debian unstable main
diff --git a/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE
new file mode 100644
index 0000000..d5cc0db
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE
@@ -0,0 +1,11 @@
+deb http://http.us.debian.org/debian jessie main contrib non-free
+deb-src http://http.us.debian.org/debian jessie main contrib non-free
+
+deb http://security.debian.org/ jessie/updates main contrib non-free
+deb-src http://security.debian.org/ jessie/updates main contrib non-free
+
+deb http://http.us.debian.org/debian jessie-updates main contrib non-free
+deb-src http://http.us.debian.org/debian jessie-updates main contrib non-free
+
+deb http://http.debian.net/debian jessie-backports main contrib non-free
+deb-src http://http.debian.net/debian jessie-backports main contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE b/fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE
deleted file mode 100644
index 35fc32e..0000000
--- a/fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE
+++ /dev/null
@@ -1,8 +0,0 @@
-deb http://http.us.debian.org/debian testing contrib non-free
-deb-src http://http.us.debian.org/debian testing contrib non-free
-
-deb http://security.debian.org/ testing/updates contrib non-free
-deb-src http://security.debian.org/ testing/updates contrib non-free
-
-deb http://http.us.debian.org/debian testing-updates contrib non-free
-deb-src http://http.us.debian.org/debian testing-updates contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE
new file mode 120000
index 0000000..586e320
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE
@@ -0,0 +1 @@
+TESTING_FREE
\ No newline at end of file
diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE
new file mode 120000
index 0000000..b277a35
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE
@@ -0,0 +1 @@
+TESTING_NONFREE
\ No newline at end of file
diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/DEBIAN b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_FREE
similarity index 75%
rename from fai/config/files/etc/apt/sources.list.d/testing.list/DEBIAN
rename to fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_FREE
index cddde59..031bddf 100644
--- a/fai/config/files/etc/apt/sources.list.d/testing.list/DEBIAN
+++ b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_FREE
@@ -6,3 +6,6 @@ deb-src http://security.debian.org/ testing/updates main
 
 deb http://http.us.debian.org/debian testing-updates main
 deb-src http://http.us.debian.org/debian testing-updates main
+
+deb http://http.us.debian.org/debian unstable main
+deb-src http://http.us.debian.org/debian unstable main
diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE
new file mode 100644
index 0000000..3b57312
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE
@@ -0,0 +1,11 @@
+deb http://http.us.debian.org/debian testing main contrib non-free
+deb-src http://http.us.debian.org/debian testing main contrib non-free
+
+deb http://security.debian.org/ testing/updates main contrib non-free
+deb-src http://security.debian.org/ testing/updates main contrib non-free
+
+deb http://http.us.debian.org/debian testing-updates main contrib non-free
+deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
+
+deb http://http.us.debian.org/debian unstable main contrib non-free
+deb-src http://http.us.debian.org/debian unstable main contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE b/fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE
deleted file mode 100644
index 4a92405..0000000
--- a/fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE
+++ /dev/null
@@ -1,2 +0,0 @@
-deb http://http.us.debian.org/debian unstable contrib non-free
-deb-src http://http.us.debian.org/debian unstable contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN b/fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN
deleted file mode 100644
index 520a1a8..0000000
--- a/fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN
+++ /dev/null
@@ -1,2 +0,0 @@
-deb http://http.us.debian.org/debian unstable main
-deb-src http://http.us.debian.org/debian unstable main
diff --git a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP b/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
index e448c7f..c067029 100755
--- a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
+++ b/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
@@ -3,21 +3,32 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-# keep it short so we don't delay too much wnen we don't have networking.
-NETWORK_TIMOUT_SECS=10
+# Keep it short so we don't delay too much wnen we don't have networking.
+# In practice, on my home network, on an x200, it took 15 seconds, so
+# give it an extra 10 seconds, which seems fairly short as I write this.
+NETWORK_TIMOUT_SECS=25
 did_fai_check=false
+
+m() { printf "%s\n" "$*";  "$@"; }
+
 check-fai() {
     # we could just as well check if last_boot != /debianstable_boostrap
     # the intent with this one is just a little clearer.
     if [[ $did_fai_check == true ]]; then
         grub-editenv /mnt/grubenv set did_fai_check=os_true
+        # our service does not wait for network-online.target,
+        # because it will wait for too long when we don't have a network
+        # connection. So, we wait for 10 seconds.
         # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
         deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
-        while ! systemctl status network-online.target && \
-                (( `date +%s` < deadline )); do
+        while ! nc -zu faiserver 69; do
+            if (( `date +%s` > deadline )); then
+                echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
+                return 0
+            fi
             sleep 1
         done
-        pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
+        m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
     else
         return 0
     fi
@@ -30,7 +41,9 @@ for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
     mount $dev /mnt
     if $first; then
         if [[ -e /mnt/grubenv ]]; then
+            set -x
             source <(grub-editenv /mnt/grubenv list)
+            set +x
         fi
         first=false
         check-fai
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index c4f26ea..8dffd82 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -190,15 +190,15 @@ fi
 
 
 if [[ ! $DISTRO ]]; then
-    if ifclass STABLE_BOOTSTRAP; then
+    if ifclass VOL_STABLE_BOOTSTRAP; then
         DISTRO=debianstable_bootstrap
-    elif ifclass STRETCH64; then
+    elif ifclass VOL_STRETCH; then
         DISTRO=debiantesting
-    elif ifclass STABLE; then
+    elif ifclass VOL_STABLE; then
         DISTRO=debianstable
-    elif ifclass XENIAL64; then
+    elif ifclass VOL_XENIAL; then
         DISTRO=ubuntuxenial
-    elif ifclass BELENOS64; then
+    elif ifclass VOL_BELENOS; then
         DISTRO=trisquelbelenos
     else
         echo "PARTITIONER ERROR: no distro class/var set" >&2
diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian
index 7650340..866cc6f 100755
--- a/fai/config/scripts/GRUB_PC/11-ian
+++ b/fai/config/scripts/GRUB_PC/11-ian
@@ -24,10 +24,12 @@ EOF
 apt-get install -y pxe-kexec
 EOFOUTER
 
-fcopy -r /boot # -r = recursive
-# note: # fcopy -i = ignore nonmatching class error, always return 0.
+# -r = recursive
+# -i = ignore non-matching class warnings, always exit 0
+# -B = no backup files
+fcopy -riB /boot
 # this is also done by FABASE/10-misc by default.
-fcopy -ir /root
+fcopy -riB /root
 if ifclass STABLE_BOOTSTRAP; then
   fcopy -ri /etc/systemd/system
   chroot $FAI_ROOT bash <<'EOFOUTER'
@@ -36,24 +38,28 @@ EOFOUTER
   exit 0
 fi
 
-dir=/q/root/shadow
-fai_shadow=$FAI/distro-install-common/shadow
-if [[ ! -e $dir && -e $fai_shadow ]]; then
-  mkdir -p $dir
-  mount -o bind $fai_shadow $dir
-fi
-$FAI/distro-install-common/end
+bind-common() {
+    src=$1
+    dst=$2
+    if [[ ! -e $dst && -e $src ]]; then
+      mkdir -p $dst
+      mount -o bind $src $dst
+    fi
 
+}
+bind-common $FAI/distro-install-common/shadow /q/root/shadow
+
+# todo, port this over to the arch install script.
+cp -rT $FAI/distro-install-common/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh /target/etc/ssh
+
+$FAI/distro-install-common/end
 
 # these get copied in an earlier stage by fai, but leaving it here since
 # I run this as a single post-fai script to update things that have changed.
-fcopy -ri /etc/apt/preferences.d
-fcopy -ri /etc/apt/sources.list.d
+fcopy -riB /etc/apt
 $ROOTCMD apt-get update
 
-
-
-rm -f $FAI_ROOT/etc/apt/sources.list
+fcopy -riB /etc/ssh
 
 chroot $FAI_ROOT bash <<'EOF'
 set -eE -o pipefail
diff --git a/wrt-setup b/wrt-setup
index 82f7193..c04708d 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -235,10 +235,10 @@ EOF
 dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 192.168.1.1 wrt
-192.168.1.2 treetowl $IMPERSONAL_DOMAIN
+192.168.1.2 treetowl $IMPERSONAL_DOMAIN faiserver
 192.168.1.3 frodo
 192.168.1.4 htpc
-192.168.1.5 x2 faiserver
+192.168.1.5 x2
 192.168.1.6 demohost
 #192.168.1.7 faiserver
 192.168.1.8 tp
@@ -311,7 +311,7 @@ dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
 # reformatted. The mac is from doing a virt-install, cancelling it,
 # and copying the generated mac, so it should be randomish.
 dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
-dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
+#dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
 # this is the ip it picks by default if dhcp fails,
 # so might as well use it.
-- 
2.30.2


From 1fe036ae3d279dbd1d60bef38dc42154507892c4 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sun, 15 Jan 2017 09:38:03 -0800
Subject: [PATCH 08/16] improve host repo detection outside fai

---
 fai/config/class/50-host-classes | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 278bcce..31f3f9a 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -75,13 +75,18 @@ echo "FAIBASE"
 #echo REPARTITION
 
 case $HOSTNAME in
-    frodo|treetowl)
-        if [[ -e /a/bin/fai/fai-wrapper ]] && isdebian-stable; then
-            echo "STABLE_NONFREE"
+    lj|lj) echo "STABLE STABLE_LINODE" ;;
+    *)
+        if [[ -e /a/bin/fai/fai-wrapper ]] && isdebian; then
+            if isdebian-stable; then
+                # nonfree repo is not going away any time soon due to
+                # gcc-doc being in nonfree
+                echo "STABLE_NONFREE"
+            elif isdebian-testing; then
+                echo "TESTING_NONFREE"
+            fi
         fi
         ;;
-    lj|lj)
-        echo "STABLE STABLE_LINODE" ;;
 esac
 
 if grep ^52:54:00: /sys/class/net/eth0/address &>/dev/null; then
-- 
2.30.2


From 4513744c21305718caaf0ebce22ec328c0367860 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sun, 15 Jan 2017 09:38:44 -0800
Subject: [PATCH 09/16] fix persistent host ssh identities and dpkg error

---
 fai/config/scripts/GRUB_PC/11-ian | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian
index 866cc6f..6a55e44 100755
--- a/fai/config/scripts/GRUB_PC/11-ian
+++ b/fai/config/scripts/GRUB_PC/11-ian
@@ -38,25 +38,31 @@ EOFOUTER
   exit 0
 fi
 
-bind-common() {
-    src=$1
-    dst=$2
-    if [[ ! -e $dst && -e $src ]]; then
-      mkdir -p $dst
-      mount -o bind $src $dst
-    fi
-
-}
-bind-common $FAI/distro-install-common/shadow /q/root/shadow
 
+src=$FAI/distro-install-common/shadow
+dst=/q/root/shadow
+if [[ ! -e $dst && -e $src ]]; then
+  # outside of fai context, we skip this
+  mkdir -p $dst
+  mount -o bind $src $dst
+fi
 # todo, port this over to the arch install script.
-cp -rT $FAI/distro-install-common/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh /target/etc/ssh
+src=$FAI/distro-install-common/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
+dst=/target/etc/ssh
+if [[ -e $src && -e $dst ]]; then
+  # outside of fai context, we skip this
+  cp -rT $src
+fi
 
 $FAI/distro-install-common/end
 
 # these get copied in an earlier stage by fai, but leaving it here since
 # I run this as a single post-fai script to update things that have changed.
 fcopy -riB /etc/apt
+# outside of fai, this seems to regularly lead to
+# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
+# so add a sleep. 1 sec is probably way more than needed.
+sleep 1
 $ROOTCMD apt-get update
 
 fcopy -riB /etc/ssh
-- 
2.30.2


From a030c6b0d89340212d3c04023dcd1fe2a52d31d1 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Wed, 18 Jan 2017 14:18:56 -0800
Subject: [PATCH 10/16] minor fixes for vps

---
 fai-wrapper                      |  3 ++-
 fai/config/class/50-host-classes | 27 +++++++++++++--------------
 wrt-setup                        |  2 +-
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/fai-wrapper b/fai-wrapper
index 45804a5..c3cc4f2 100644
--- a/fai-wrapper
+++ b/fai-wrapper
@@ -35,7 +35,8 @@ eval-fai-classfile() {
     fai-setclass $(bash -l $file)
 }
 export -f ifclass
-classes=  # used by fcopy
+classes=DEFAULT  # used by fcopy
+export CLASS_DEFAULT=true
 eval-fai-classfile /a/bin/fai/fai/config/class/50-host-classes
 export FAI_ROOT=/
 export FAI=/a/bin/fai/fai/config
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 31f3f9a..9aa05cc 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -63,8 +63,21 @@
 #
 if [[ -e /a/bin/fai/fai-wrapper ]]; then
     source /a/bin/distro-functions/src/identify-distros
+    if isdebian; then
+        echo "DEBIAN"
+    fi
     if isdebian-stable; then
         echo "STABLE"
+        case $HOSTNAME in
+            li|lj) echo "STABLE_LINODE" ;;
+            *)
+                # nonfree repo is not going away any time soon due to
+                # gcc-doc being in nonfree
+                echo "STABLE_NONFREE"
+                ;;
+        esac
+    elif isdebian-testing; then
+        echo "TESTING_NONFREE"
     fi
 fi
 
@@ -74,20 +87,6 @@ echo "FAIBASE"
 #echo "PARTITION_PROMPT"
 #echo REPARTITION
 
-case $HOSTNAME in
-    lj|lj) echo "STABLE STABLE_LINODE" ;;
-    *)
-        if [[ -e /a/bin/fai/fai-wrapper ]] && isdebian; then
-            if isdebian-stable; then
-                # nonfree repo is not going away any time soon due to
-                # gcc-doc being in nonfree
-                echo "STABLE_NONFREE"
-            elif isdebian-testing; then
-                echo "TESTING_NONFREE"
-            fi
-        fi
-        ;;
-esac
 
 if grep ^52:54:00: /sys/class/net/eth0/address &>/dev/null; then
     # if our eth0 mac is in the kvm range, we are a vm.
diff --git a/wrt-setup b/wrt-setup
index c04708d..0416309 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -243,7 +243,7 @@ v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 #192.168.1.7 faiserver
 192.168.1.8 tp
 72.14.176.105 li
-45.33.1.160 lj
+45.33.9.11 lj
 138.68.10.24 dopub
 # netns creation looks for next free subnet starting at 10.173, but I only
 # use one, and I would keep this one as the first created.
-- 
2.30.2


From 99b1c5bd4925a7cf5619a80a8e8bafe1b6c12cc1 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Thu, 19 Jan 2017 08:10:25 -0800
Subject: [PATCH 11/16] improve docs

---
 README | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/README b/README
index c3a88f8..157bb78 100644
--- a/README
+++ b/README
@@ -1,13 +1,16 @@
 Multi-boot/distro btrfs provisioning
 
-Some things are specific to my home network. Uses pxe or pxe-kexec (for
-systems like libreboot with no pxe rom, we boot into a live cd or distro
-for bootsraping). Works for bare-metal or vms.
+Some things are specific to my home network. Uses pxe or pxe-kexec (on
+libreboot, I have not addded a pxe rom. I use a minimal debian stable
+subvolume which acts like a pxe rom). I use this for bare metal and vms,
+and two scripts which can run post boot so I use them on vps distributed
+image as well.
 
 Features people may find useful: installs encrypted trisquel belanos,
-arch, debian stable, & debian testing all on the same btrfs filesystem.
-Smartly utilizes multiple disks, with scripts to automatically decrypt
-on reboots. The partititioning and filesystem script is at
+arch (havne't done recently, probably a bit broken), debian stable, &
+debian testing which all share the same btrfs filesystem.  Smartly
+utilizes multiple disks, with scripts to automatically decrypt on
+reboots. The partititioning and filesystem script is at
 fai/config/hooks/partition.DEFAULT. Other debian based distros at least
 as new as ubuntu 14.04 should work fine, and I'm planning to add Fedora
 support. Disks are grouped as ssd or hdd and raided in raid 1 or raid 0
@@ -15,14 +18,17 @@ per configuration. The base partitions are divided into boot, swap, and
 root, (only boot is unencrypted). There are scripts to resize those
 partitions post-provision and while the system is running.
 
-The repo name fai is copied from the debian project of the same name,
-meaning "fully automated installer."
+The repo name fai copied from the project of the same name because it
+uses it for debian based installs. People who are familiar with fai may
+find these things usefull: it uses dnsmasq (on a openwrt machine) for
+dhcp instead of the isc dhcp server. fai-wrapper is a small script to
+use basic fai classes outside of fai.
 
 It also fully automates configuration of an openwrt router after manual
 initial installation.
 
-After provisionining is done, I sync files using unison, then automate
-further setup using a different set of scripts,
+After provisionining is done, I sync files using btrfs, or unison for
+vps, then automate further setup using a different set of scripts,
 https://iankelling.org/git/?p=distro-setup;a=tree.
 
 My network is a wndr3700v2 router with openwrt on it and a few pcs/laptops.
@@ -44,6 +50,7 @@ dsfull # install & setup a new fai distro (if data partition already synced)
 eboot # reboot without automatic disk decryption
 fai-kexec # kexec to fai tftp server that pxe would normally point to
 fai-revm  # test fai on a fresh vm
+fai-wrapper # Evaluate and use fai classes outside of fai.
 faiserver-revm # create a vm which is a fai server using pxe & preseed file
 faiserver-uninstall # uninstall fai-server
 faiserver-setup # install fai-server on the current machine
-- 
2.30.2


From 2f13039525488532756a089b8329ab6ee64a6c17 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Thu, 19 Jan 2017 08:35:05 -0800
Subject: [PATCH 12/16] little bette readme

---
 README | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/README b/README
index 157bb78..10d52fe 100644
--- a/README
+++ b/README
@@ -6,11 +6,14 @@ subvolume which acts like a pxe rom). I use this for bare metal and vms,
 and two scripts which can run post boot so I use them on vps distributed
 image as well.
 
-Features people may find useful: installs encrypted trisquel belanos,
-arch (havne't done recently, probably a bit broken), debian stable, &
-debian testing which all share the same btrfs filesystem.  Smartly
-utilizes multiple disks, with scripts to automatically decrypt on
-reboots. The partititioning and filesystem script is at
+Features people may find useful: installs encrypted trisquel belanos, ,
+debian jessie, debian stretch, ubuntu 16.04, and arch (havne't done
+recently, probably a bit broken), in a multi-boot setup using multiple
+subvolumes of a single btrfs filesystem.  Utilizes multiple disks, with
+scripts to automatically decrypt on intentional reboots, but not after
+shutdown or power loss.
+
+The partititioning and filesystem script is at
 fai/config/hooks/partition.DEFAULT. Other debian based distros at least
 as new as ubuntu 14.04 should work fine, and I'm planning to add Fedora
 support. Disks are grouped as ssd or hdd and raided in raid 1 or raid 0
@@ -18,13 +21,13 @@ per configuration. The base partitions are divided into boot, swap, and
 root, (only boot is unencrypted). There are scripts to resize those
 partitions post-provision and while the system is running.
 
-The repo name fai copied from the project of the same name because it
-uses it for debian based installs. People who are familiar with fai may
-find these things usefull: it uses dnsmasq (on a openwrt machine) for
-dhcp instead of the isc dhcp server. fai-wrapper is a small script to
-use basic fai classes outside of fai.
+People who use fai may find these things as useful examples: it uses
+dnsmasq (on a openwrt machine) for dhcp instead of the isc
+dhcp. fai-wrapper is a small script to use basic fai classes outside of
+fai. It does not use the fai partitioning tool, but the script is
+inspired from it and works outside of fai.
 
-It also fully automates configuration of an openwrt router after manual
+It also automates configuration of an openwrt router after manual
 initial installation.
 
 After provisionining is done, I sync files using btrfs, or unison for
-- 
2.30.2


From 83828fe2683227f4d8ecb2343eff28439741b490 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 21 Jan 2017 17:39:34 -0800
Subject: [PATCH 13/16] fixes mostly for bootstrap vol, better docs

---
 README                                        | 11 +--
 arch-init                                     |  2 +-
 fai-kexec                                     | 21 +++++-
 fai-redep                                     | 16 ++++-
 fai/config/class/50-host-classes              |  5 +-
 ...{STABLE_BOOTSTRAP => VOL_STABLE_BOOTSTRAP} |  0
 ...{STABLE_BOOTSTRAP => VOL_STABLE_BOOTSTRAP} | 68 +++++++++++++------
 fai/config/hooks/instsoft.DEFAULT             |  2 +-
 fai/config/scripts/GRUB_PC/11-ian             | 21 +++---
 faiserver-revm                                |  2 +-
 install-chboot                                |  2 +-
 myfai-chboot                                  | 15 ++--
 myfai-chboot-local                            |  7 ++
 pxe-server                                    | 14 ++--
 wrt-setup-remote                              |  2 +-
 15 files changed, 130 insertions(+), 58 deletions(-)
 rename fai/config/files/etc/systemd/system/fai_check.service/{STABLE_BOOTSTRAP => VOL_STABLE_BOOTSTRAP} (100%)
 rename fai/config/files/root/fai-check/{STABLE_BOOTSTRAP => VOL_STABLE_BOOTSTRAP} (50%)

diff --git a/README b/README
index 10d52fe..5e09791 100644
--- a/README
+++ b/README
@@ -1,10 +1,10 @@
 Multi-boot/distro btrfs provisioning
 
-Some things are specific to my home network. Uses pxe or pxe-kexec (on
-libreboot, I have not addded a pxe rom. I use a minimal debian stable
-subvolume which acts like a pxe rom). I use this for bare metal and vms,
-and two scripts which can run post boot so I use them on vps distributed
-image as well.
+Some things are specific to my home network, and uses files with secrets
+that are not in this repo. Uses pxe or pxe-kexec (on libreboot, I have
+not added a pxe rom, I use a minimal debian stable subvolume which acts
+like a pxe rom). I use this for bare metal and vms, and two scripts
+which can run post boot so I use them on vps distributed image as well.
 
 Features people may find useful: installs encrypted trisquel belanos, ,
 debian jessie, debian stretch, ubuntu 16.04, and arch (havne't done
@@ -52,6 +52,7 @@ install-chboot # reinstall chboot to /boot subvols, for when it changes
 dsfull # install & setup a new fai distro (if data partition already synced)
 eboot # reboot without automatic disk decryption
 fai-kexec # kexec to fai tftp server that pxe would normally point to
+fai-redep # Deploy fai configuration to host "faiserver"
 fai-revm  # test fai on a fresh vm
 fai-wrapper # Evaluate and use fai classes outside of fai.
 faiserver-revm # create a vm which is a fai server using pxe & preseed file
diff --git a/arch-init b/arch-init
index 37fa90b..aa26ffd 100755
--- a/arch-init
+++ b/arch-init
@@ -18,7 +18,7 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-cd $(dirname $(readlink -f "$BASH_SOURCE"))
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
 export HOSTNAME="$1"
 mirror=$2
diff --git a/fai-kexec b/fai-kexec
index 5e10ac2..dbf003b 100755
--- a/fai-kexec
+++ b/fai-kexec
@@ -14,11 +14,28 @@
 # limitations under the License.
 
 
-# kexec to fai tftp server that pxe would normally point to
-
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+
+usage() {
+    cat <<'EOF'
+usage: $0 [-h|--help] [SERVER]
+kexec to SERVER (faiserver by default), pxe boot from it's tftp server
+
+This does what pxe would do, but skipping boot sequence up to and
+including the pxe dhcp.
+
+EOF
+    exit $1
+}
+
+case $1 in
+    -h|--help) usage ;;
+esac
+
+
+
 if [[ $1 ]]; then
     prefix="ssh root@$1"
 fi
diff --git a/fai-redep b/fai-redep
index b035ef5..b8fabac 100755
--- a/fai-redep
+++ b/fai-redep
@@ -16,13 +16,23 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 set -x
 
-# Deploy fai configuration to faiserver,
-# then start a virtual machine to test the config.
+
 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-cd $(dirname $(readlink -f "$BASH_SOURCE"))
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+
+usage() {
+    cat <<EOF
+usage: ${0##*/} [-h|--help]
+Deploy fai configuration to host "faiserver"
+EOF
+    exit $1
+}
+case $1 in
+    -h|--help) usage ;;
+esac
 
 
 # i use faiserver as a dns alias, but ssh key is associated with
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 9aa05cc..c6ac9fc 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -37,6 +37,8 @@
 # STABLE, STRETCH64, XENIAL64, BELANOS64
 # the distro subvol name, we can add as many of these as we want:
 # VOL_STABLE, VOL_STABLE_BOOTSTRAP, VOL_STRETCH, VOL_XENIAL, VOL_BELANOS
+# Using VOL_STABLE_BOOTSTRAP sets up the install to act like a pxe rom if
+# grub sets a specific var.
 # and the class which defines the apt sources files we want,
 # STABLE_FREE, STABLE_NONFREE, TESTING_FREE, TESTING_NONFREE,
 # XENIAL_FREE (no XENIAL_NONFREE setup yet), BELANOS, STABLE_LINODE.
@@ -81,10 +83,9 @@ if [[ -e /a/bin/fai/fai-wrapper ]]; then
     fi
 fi
 
-# use a list of classes for our demo machine
 echo "FAIBASE"
 
-#echo "PARTITION_PROMPT"
+echo "PARTITION_PROMPT"
 #echo REPARTITION
 
 
diff --git a/fai/config/files/etc/systemd/system/fai_check.service/STABLE_BOOTSTRAP b/fai/config/files/etc/systemd/system/fai_check.service/VOL_STABLE_BOOTSTRAP
similarity index 100%
rename from fai/config/files/etc/systemd/system/fai_check.service/STABLE_BOOTSTRAP
rename to fai/config/files/etc/systemd/system/fai_check.service/VOL_STABLE_BOOTSTRAP
diff --git a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_STABLE_BOOTSTRAP
similarity index 50%
rename from fai/config/files/root/fai-check/STABLE_BOOTSTRAP
rename to fai/config/files/root/fai-check/VOL_STABLE_BOOTSTRAP
index c067029..7621bdf 100755
--- a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP
+++ b/fai/config/files/root/fai-check/VOL_STABLE_BOOTSTRAP
@@ -3,6 +3,23 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+
+
+usage() {
+    cat <<EOF
+Usage: ${0##*/} [OPTION]
+If grub var set, act like pxe rom and pxe-kexec to faiserver
+
+-f|--force  do kexec if we can reach faiserver
+-h|--help  Print help and exit.
+
+Note: Uses GNU getopt options parsing style
+EOF
+    exit $1
+}
+
+
+
 # Keep it short so we don't delay too much wnen we don't have networking.
 # In practice, on my home network, on an x200, it took 15 seconds, so
 # give it an extra 10 seconds, which seems fairly short as I write this.
@@ -11,29 +28,25 @@ did_fai_check=false
 
 m() { printf "%s\n" "$*";  "$@"; }
 
-check-fai() {
-    # we could just as well check if last_boot != /debianstable_boostrap
-    # the intent with this one is just a little clearer.
-    if [[ $did_fai_check == true ]]; then
-        grub-editenv /mnt/grubenv set did_fai_check=os_true
-        # our service does not wait for network-online.target,
-        # because it will wait for too long when we don't have a network
-        # connection. So, we wait for 10 seconds.
-        # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
-        deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
-        while ! nc -zu faiserver 69; do
-            if (( `date +%s` > deadline )); then
-                echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
-                return 0
-            fi
-            sleep 1
-        done
-        m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
-    else
-        return 0
-    fi
+try-kexec() {
+    deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
+    while ! nc -zu faiserver 69; do
+        if (( `date +%s` > deadline )); then
+            echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
+            return 0
+        fi
+        sleep 1
+    done
+    m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
 }
 
+case $1 in
+    -f|--force)
+        try-kexec
+        exit
+        ;;
+esac
+
 first=true
 for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
                  |sort); do
@@ -46,7 +59,18 @@ for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
             set +x
         fi
         first=false
-        check-fai
+        # we could just as well check if last_boot != /debianstable_boostrap
+        # the intent with this one is just a little clearer.
+        if [[ $did_fai_check == true ]]; then
+            grub-editenv /mnt/grubenv set did_fai_check=os_true
+            # our service does not wait for network-online.target,
+            # because it will wait for too long when we don't have a network
+            # connection. So, we wait for 10 seconds.
+            # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
+            try-kexec
+        else
+            return 0
+        fi
     else
         # we make sure there is only 1 grubenv,
         # so grub can just find the first one, in whatever order
diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT
index 36c0caf..6d7f4c0 100755
--- a/fai/config/hooks/instsoft.DEFAULT
+++ b/fai/config/hooks/instsoft.DEFAULT
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # exit for any vm which is not our test vm
-if ifclass VM && ! ifclass demohost || ifclass STABLE_BOOTSTRAP; then
+if ifclass VM && ! ifclass demohost || ifclass VOL_STABLE_BOOTSTRAP; then
     exit 0
 fi
 
diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian
index 6a55e44..0a3bbdb 100755
--- a/fai/config/scripts/GRUB_PC/11-ian
+++ b/fai/config/scripts/GRUB_PC/11-ian
@@ -30,13 +30,6 @@ EOFOUTER
 fcopy -riB /boot
 # this is also done by FABASE/10-misc by default.
 fcopy -riB /root
-if ifclass STABLE_BOOTSTRAP; then
-  fcopy -ri /etc/systemd/system
-  chroot $FAI_ROOT bash <<'EOFOUTER'
-systemctl enable fai_check.service
-EOFOUTER
-  exit 0
-fi
 
 
 src=$FAI/distro-install-common/shadow
@@ -51,9 +44,20 @@ src=$FAI/distro-install-common/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
 dst=/target/etc/ssh
 if [[ -e $src && -e $dst ]]; then
   # outside of fai context, we skip this
-  cp -rT $src
+  cp -rT $src $dst
 fi
 
+fcopy -riB /etc/ssh
+
+if ifclass VOL_STABLE_BOOTSTRAP; then
+  fcopy -ri /etc/systemd/system
+  chroot $FAI_ROOT bash <<'EOFOUTER'
+systemctl enable fai_check.service
+EOFOUTER
+  exit 0
+fi
+
+
 $FAI/distro-install-common/end
 
 # these get copied in an earlier stage by fai, but leaving it here since
@@ -65,7 +69,6 @@ fcopy -riB /etc/apt
 sleep 1
 $ROOTCMD apt-get update
 
-fcopy -riB /etc/ssh
 
 chroot $FAI_ROOT bash <<'EOF'
 set -eE -o pipefail
diff --git a/faiserver-revm b/faiserver-revm
index 7842723..a0a0bb8 100755
--- a/faiserver-revm
+++ b/faiserver-revm
@@ -10,7 +10,7 @@ set -eE -o pipefail
 cleanup() { :; }
 trap 'cleanup; echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-cd "${BASH_SOURCE%/*}"
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
 cleanup() { pxe-server :; }
 ./debian-pxe-preseed -i 192.168.1.1 -u ian -g vda
diff --git a/install-chboot b/install-chboot
index 838c0ae..d066101 100755
--- a/install-chboot
+++ b/install-chboot
@@ -24,7 +24,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 # in case there is an issue booting and it is needed.
 # Run this when chboot changes.
 
-cd "${BASH_SOURCE%/*}"
+x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
 
 e() { echo "$@"; "$@"; }
 
diff --git a/myfai-chboot b/myfai-chboot
index 1abead8..310969e 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -3,17 +3,24 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
 
 usage() {
-    cat <<'EOF'
-usage $0 [hostname|ip|default]...
+    cat <<EOF
+usage: ${0##*/} [-h|--help] [hostname|ip|default]...
 
-Sets up tftp pxe config. No argument disables for all hosts.
+Sets up tftp pxe config on host "faiserver". Argument sets the host to
+enable it for, "default" is for all hosts.  No argument disables for all
+hosts.
 EOF
     exit $1
 }
 
-cd "${BASH_SOURCE%/*}" # directory of the script
+
+case $1 in
+    -h|--help) usage ;;
+esac
+
 
 host=$(chost faiserver)
 ssh root@$host bash -s "$@" <myfai-chboot-local
diff --git a/myfai-chboot-local b/myfai-chboot-local
index 9eac43f..66c496d 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -3,6 +3,13 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+case $1 in
+    -h|--help)
+        echo "see help from myfai-chboot"
+        exit 0
+        ;;
+esac
+
 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
 
 e() { echo "$@"; "$@"; }
diff --git a/pxe-server b/pxe-server
index e59854a..9e74eeb 100755
--- a/pxe-server
+++ b/pxe-server
@@ -45,12 +45,14 @@ ln -s <arch/debian iso dir> tftpboot
 
 -r         Don't redeploy fai config. For example, if there is a different host
            that is mid-install.
--a         Wait for 2 dhcp acks, then disable the pxe server after a delay.
-           First ack is for pxe boot, 2nd ack is for os boot. Sometimes
-           on debian, there is a 3rd one shortly after the 2nd. I can't remember
-           exactly why this caused a problem, but I'm hoping the sleep
-           will take care of it.
--w         Initially setup pxe, then wait like -a.
+
+-a         Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
+           server after a delay.  First ack is for pxe boot, 2nd ack is
+           for os boot. Sometimes on debian, there is a 3rd one shortly
+           after the 2nd. I can't remember exactly why this caused a
+           problem, but I'm hoping the sleep will take care of it.
+
+-w         Setup pxe, then wait like -a.
 -h|--help  Print help and exit
 
 
diff --git a/wrt-setup-remote b/wrt-setup-remote
index 57e2c59..f2948b0 100755
--- a/wrt-setup-remote
+++ b/wrt-setup-remote
@@ -21,7 +21,7 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-cd "${BASH_SOURCE%/*}"
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
 h=root@192.168.1.1
 scp /a/bin/fai/wrt-setup /a/bin/cedit/cedit $h:/usr/bin
-- 
2.30.2


From c2a77d08447f1ff55a23d6022a24e97b0583f1fd Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Fri, 3 Feb 2017 16:44:55 -0800
Subject: [PATCH 14/16] do not install isc-dhcp & inetd recommended packages

---
 faiserver-setup | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/faiserver-setup b/faiserver-setup
index a48a00c..2ecf45b 100755
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -57,16 +57,11 @@ apt-get update
 # all the dependencies except the dhcp server
 deps="$(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\
               sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')"
-to_install=(tar)
-for pkg in $deps; do
-    dpkg -s $pkg &>/dev/null && continue ||:
-    to_install+=($pkg)
-    # just so we have a record.
-    echo `date` $pkg >>/var/log/fai-manually-installed-packages.log
-done
-if [[ $to_install ]]; then
-  apt-get -y install ${to_install[@]}
-fi
+
+# Relevant packages from fai-quickstart depends and fai-server recommends.
+# I especially do not wait isc-dhcp-server or an inetd
+apt-get install -y fai-doc nfs-kernel-server tftpd-hpa tar reprepro squashfs-tools binutils
+apt-get install -y --no-recommends fai-server
 
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.
-- 
2.30.2


From ffc1ca65d70d929126759df4012f5c38265adb7b Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 4 Feb 2017 20:05:18 -0800
Subject: [PATCH 15/16] small dns changes

---
 wrt-setup        | 2 +-
 wrt-setup-remote | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wrt-setup b/wrt-setup
index 0416309..caaa0df 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -235,7 +235,7 @@ EOF
 dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 192.168.1.1 wrt
-192.168.1.2 treetowl $IMPERSONAL_DOMAIN faiserver
+192.168.1.2 treetowl mail.iankelling.org faiserver $HOME_DOMAIN
 192.168.1.3 frodo
 192.168.1.4 htpc
 192.168.1.5 x2
diff --git a/wrt-setup-remote b/wrt-setup-remote
index f2948b0..d67035b 100755
--- a/wrt-setup-remote
+++ b/wrt-setup-remote
@@ -30,6 +30,6 @@ if ! opkg list-installed|grep bash; then
     opkg update
     opkg install bash
 fi
-export IMPERSONAL_DOMAIN=$IMPERSONAL_DOMAIN
+export HOME_DOMAIN=$HOME_DOMAIN
 wrt-setup
 EOF
-- 
2.30.2


From f384863a1c4dada1a241e693ab99b8a850edf34f Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sun, 5 Feb 2017 16:53:10 -0800
Subject: [PATCH 16/16] add syncthing port forward

---
 live-kexec |  1 +
 wrt-setup  | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/live-kexec b/live-kexec
index fd4bf6f..01e8f72 100644
--- a/live-kexec
+++ b/live-kexec
@@ -12,6 +12,7 @@
 
 set -ex
 if grep -q ID=ubuntu /etc/os-release; then
+    # add universe, pxe-kexec is there
     sed -ri '/^\s*deb/{/universe/!s/$/ universe/}' /etc/apt/sources.list
 fi
 if ! type -p pxe-kexec &>/dev/null; then
diff --git a/wrt-setup b/wrt-setup
index caaa0df..981a290 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -193,7 +193,7 @@ config rule
     option dest_port        22
 
 config redirect
-    option name ssh
+    option name sshalt
     option src              wan
     option src_dport        2222
     option dest_port        22
@@ -227,6 +227,18 @@ config rule
        option target           ACCEPT
        option dest_port        80
        option proto            tcp
+
+config redirect
+    option name syncthing
+    option src              wan
+    option src_dport        22001
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        22001
+
 EOF
 
 
@@ -263,6 +275,10 @@ fi
 
 # useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
 
+# sometimes /mnt/usb fails, cuz it's just a flash drive,
+# so make sure we have this dir or else dnsmasq will fail
+# to start.
+mkdir -p /mnt/usb/tftpboot
 v cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
 
 ############ updating dns servers ###################3
-- 
2.30.2