chroot $FAI_ROOT bash <<'EOF'
+#### begin .ssh setup ###
set -eE -o pipefail
mkdir -p /home/iank/.ssh
f=/root/.ssh/authorized_keys
chown -R 1000:1000 /home/iank/.ssh
chmod -R u=Xrw,og= /home/iank/.ssh
rm -rf /root/.ssh
+# remove broken symlinks or the following cp will fail
+find /home/iank/.ssh -xtype l -exec rm '{}' \;
cp -rL /home/iank/.ssh /root
chown -R root:root /root/.ssh
chmod 700 /root/.ssh
+#### end .ssh setup ###
+# this is needed to enable resolvconf, making /etc/resolv.conf be a symlink.
+# why? i dun know, it\'s really dumb.
+dpkg-reconfigure -fnoninteractive resolvconf
# default jessie groups + kvm, systemd-journal, adm
usermod -aG adm,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev iank