# On arch, best seems to be copy your shadow file to a temp location,
# then passwd, get out the new pass, then copy the shadow file back.
-if [[ -e /q/root/shadow/standard ]]; then
- # note, it would be best to have some kind of security on this file
+f=/q/root/shadow/standard
+if s test -e $f; then
ssh root@faiserver tee -a /srv/fai/config/class/DEFAULT.var <<EOF
-ROOTPW='$(cat /q/root/shadow/standard)'
+ROOTPW='$(s cat $f)'
EOF
fi
scp ~/.ssh/id_rsa.pub \
root@faiserver:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
+# todo: automatically disable faiserver after a period so
+# these files are not exposed.
s scp -r /q/root/luks /q/root/shadow/traci{,-simple} \
root@faiserver:/srv/fai/config/distro-install-common
scp /a/bin/devbyid root@faiserver:/srv/fai/nfsroot/usr/local/bin
-ssh root@faiserver chmod -R a+rX /srv/fai/config/distro-install-common
+ssh root@faiserver bash <<'EOF'
+set -eE -o pipefail
+chmod 644 /srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
+chmod -R a+rX /srv/fai/config/distro-install-common
+EOF