+#!/bin/bash
+
+# initial setup of a fai server on debian
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+
+[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+
+# for ubuntu:
+#add-apt-repository -y ppa:fai/ppa
+
+# for debian:
+wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add -
+cat >/etc/apt/sources.list.d/fai.list <<'EOF'
+deb http://fai-project.org/download jessie koeln
+EOF
+
+apt-get update
+# all the dependencies except the dhcp server
+apt-get -y install $(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\
+ sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')
+sed -i 's/^#deb/deb/' /etc/fai/apt/sources.list
+sed -i 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
+fai-setup -v
+{ head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
+ | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \
+ } >>/srv/fai/nfsroot/root/.ssh/known_hosts
+
+# from config machine. todo: clean this up.
+sed -ri 's#^([[:space:]]*TFTP_DIRECTORY[[:space:]]*=).*#\1"/srv/tftp"#' \
+ /etc/default/tftpd-hpa
+
+service tftpd-hpa restart
+
+# initially did the basic fai-chboot -Iv $std_arg default
+# but found in console that it wanted to mount nfsroot
+# to be the same as my dhcp server.
+# Figured out to change the root= parameter from googling,
+# and seeing fai-chboot -L
+# using hostname failed.
+# for -f, combined the 2 defaults so it will reboot and print to screen.
+
+# Add debug to -f flag for more verbose output.
+
+std_arg="-u nfs://faiserver/srv/fai/config"
+fai-chboot -Iv $std_arg default
+kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
+my_ip=$(getent hosts faiserver | awk '{ print $1 }')
+k_args=$(fai-chboot -L '^default$' | \
+ sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/")
+fai-chboot -k "$k_args" -v -f verbose,sshd,createvt,reboot $std_arg $kernel default
+
+# make the faiserver also the apt proxy server
+apt-get install apt-cacher-ng
+
+# background on choosing apt-cacher-ng:
+# googling around a bit finds 2 main solutions:
+# http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
+# apt-cacher-ng doesn't have zeroconf.
+# so I'm not sure how smart it will be if the server goes down.
+# It touts having minimal dependencies, but I don't care.
+# The downside to squid-deb-proxy is that it's config is for specific repos,
+# you have to add all the repos you use.
+# That is the main reason I use apt-cacher-ng.
+# It has a web portal, at http://faiserver:3142/acng-report.html
+
+
+# random fai note: as far as I can tell, profiles are just for putting
+# in a selectable boot menu, which I don't want.
+
+if [[ ! -e ~/.ssh/id_rsa.pub ]]; then
+ ssh-keygen -t rsa -N ''
+fi
+x=$(mktemp); ssh -F /dev/null -oUserKnownHostsFile=$x localhost :
+cat x | tee -a /srv/fai/nfsroot/root/.ssh/known_hosts