From 845c2b9e9e7e25b3dfa3d7f750d0acae0e50caf4 Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Fri, 3 Jul 2020 17:37:56 -0400
Subject: [PATCH] bunch of minor updates

---
 README                               |  49 +++++++----
 fai/config/class/50-host-classes     |  72 ++++++++--------
 fai/config/distro-install-common/end |   5 +-
 fai/config/files/boot/chboot/DEFAULT |   4 +-
 fai/config/hooks/partition.DEFAULT   |  24 +++---
 fai/config/scripts/GRUB_PC/11-iank   |  33 ++++++--
 wrt-setup                            |  27 ++++--
 wrt-setup-local                      | 120 ++++++++++++++++++---------
 8 files changed, 219 insertions(+), 115 deletions(-)

diff --git a/README b/README
index 5dd5d3d..12d3b06 100644
--- a/README
+++ b/README
@@ -216,29 +216,50 @@ cd /b/fai
 . fai-wrapper
 ./fai/config/hooks/partition.DEFAULT
 
-# on local host
+# on remote host
 # install ubuntu 20.04 using virt-install
-s virt-install --os-variant=ubuntu16.04 --cdrom ubuntu-20.04-desktop-amd64.iso --disk path=u2004.qcow2 -r 2048 --vcpus 1 -n u2004
-sudo qemu-img create -o preallocation=metadata -f qcow2 u2004.qcow2 15G
+sudo -i
+virt-install --os-variant=ubuntu16.04 --cdrom ubuntu-20.04-desktop-amd64.iso --disk path=u2004.qcow2 -r 2048 --vcpus 1 -n u2004
+qemu-img create -o preallocation=metadata -f qcow2 u2004.qcow2 15G
+# alternatively, also tried a physical install, because I know the virtual install ends up
+# with some differen things, like some spice service. then pulled the data out with
+rsync -ahSAX --numeric-ids --exclude=proc --exclude=sys --exclude=dev --exclude=tmp --exclude=run root@tp:/ .; mkdir proc sys dev tmp
+
 modprobe nbd
+qemu-nbd --connect=/dev/nbd0 u1804.qcow2 -f qcow2
 qemu-nbd --connect=/dev/nbd0 u2004.qcow2 -f qcow2
-s mount /dev/nbd0p5 /mnt/1
-s rsync -avhSAXP --numeric-ids /mnt/1/ root@tp:/mnt/root/root_ubuntubionic
-
-# on remote host:
-# mount boot and root to /mnt/1
-sudo -i
-cd /mnt/1
+mount /dev/nbd0p1 /mnt/1 # bionic
+mount /dev/nbd0p5 /mnt/1 # focal
+mount -o bind /mnt/root/root_ubuntubionic /mnt/2
+mount -o bind /mnt/root/root_ubuntufocal /mnt/2
+mkdir -p /mnt/2/boot
+mount -o bind /mnt/boot/boot_ubuntubionic /mnt/2/boot
+mount -o bind /mnt/boot/boot_ubuntufocal /mnt/2/boot
+# S = sparse, A = acls, X = xattrs
+rsync -ahSAX --numeric-ids /mnt/1/ /mnt/2
+
+cd /mnt/2
 cp /tmp/fai/crypttab etc
-cp /tmp/fstab etc
+sed -i "s#/root/keyscript,#decrypt_keyctl,#" etc/crypttab
+cp /tmp/fai/fstab etc
+echo "tmpfs     /tmp tmpfs     nodev,nosuid,size=50%,mode=1777   0    0" >> etc/fstab
 chrbind
 chroot .
+mv /etc/resolv.conf /etc/resolv.conf.old
+echo nameserver 1.1.1.1 >/etc/resolv.conf
 # install programs from /a/bin/fai/fai/config/package_config/STANDARD:
-apt install openssh-client openssh-server cryptsetup keyutils btrfs-progs console-setup kbd pciutils usbutils unattended-upgrades initramfs-tools-core dropbear-initramfs
+apt install -y openssh-client openssh-server cryptsetup keyutils btrfs-progs console-setup kbd pciutils usbutils unattended-upgrades initramfs-tools-core dropbear-initramfs
+mv /etc/resolv.conf.old /etc/resolv.conf
 exit
-# install authorized keys in dropbear and .ssh folder
+d=etc/initramfs-tools
+mkdir -p $d/root/.ssh etc/dropbear-initramfs root/.ssh
+chmod 700 $d/root $d/root/.ssh root/.ssh
+cp -p /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys
+cp -p /root/.ssh/authorized_keys etc/dropbear-initramfs
+cp -p /root/.ssh/authorized_keys root/.ssh/authorized_keys
 chroot .
-grub-install --no-floppy $(grub-probe -tdrive -d /dev/sda3)
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="rd.luks.crypttab=no"/' /etc/default/grub
+grub-install --no-floppy $(grub-probe -tdrive -d /dev/sda)
 update-grub
 grub-bios-setup -d /boot/grub/i386-pc -s /dev/sda
 exit
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 9f4f8a6..6f2e407 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -73,45 +73,43 @@
 
 #!/bin/bash
 if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
-    case $HOSTNAME in
-        # stretch based minimal recovery / bootstraping os:
-        _) echo DEBIAN STRETCH64 VOL_STRETCH_BOOTSTRAP STRETCH_FREE ;;
-        # flidas
-        _) echo UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS ;;
-        # etiona
-        _) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;;
-        # stretch
-        _) echo DEBIAN STRETCH64 VOL_STRETCH STRETCH_FREE ;;
-        # buster
-        _) echo DEBIAN BUSTER64 VOL_BUSTER BUSTER_FREE ;;
-        # testing
-        _) echo DEBIAN STRETCH64 VOL_TESTING TESTING_FREE ;;
-        # xenial
-        _) echo UBUNTU XENIAL64 VOL_XENIAL XENIAL_FREE ;;
-        # bionic
-        _) echo UBUNTU BIONIC64 VOL_BIONIC BIONIC ;;
-        # focal
-        _) echo UBUNTU FOCAL64 VOL_FOCAL FOCAL ;;
-    esac
+  case $HOSTNAME in
+    # stretch based minimal recovery / bootstraping os:
+    _) echo DEBIAN STRETCH64 VOL_STRETCH_BOOTSTRAP STRETCH_FREE ;;
+    # flidas
+    _) echo UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS ;;
+    # etiona
+    _) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;;
+    # stretch
+    _) echo DEBIAN STRETCH64 VOL_STRETCH STRETCH_FREE ;;
+    # buster
+    _) echo DEBIAN BUSTER64 VOL_BUSTER BUSTER_FREE ;;
+    # testing
+    _) echo DEBIAN STRETCH64 VOL_TESTING TESTING_FREE ;;
+    # xenial
+    _) echo UBUNTU XENIAL64 VOL_XENIAL XENIAL_FREE ;;
+    # bionic
+    _) echo UBUNTU BIONIC64 VOL_BIONIC BIONIC ;;
+    # focal
+    _) echo UBUNTU FOCAL64 VOL_FOCAL FOCAL ;;
+  esac
 fi
 ###### end Template for 51-multi-boot ######
 
 if [[ -e /a/bin/fai/fai-wrapper ]]; then
-    source /a/bin/distro-functions/src/identify-distros
-    if isdebian; then
-        echo "DEBIAN"
-    fi
-    if isdebian-stable; then
-        echo "STRETCH"
-        case $HOSTNAME in
-            li|lj) echo "STRETCH_LINODE" ;;
-            *)
-                # nonfree repo is not going away any time soon due to
-                # gcc-doc being in nonfree
-                echo "STRETCH_NONFREE"
-                ;;
-        esac
-    fi
+  source /a/bin/distro-functions/src/identify-distros
+  if isdebian; then
+    echo "DEBIAN"
+    tmp=$(debian-codename)
+    echo ${tmp^^}
+    # nonfree repo is not going away any time soon due to
+    # gcc-doc being in nonfree
+    echo ${tmp^^}_NONFREE
+  fi
+  case $HOSTNAME in
+    li|lj) echo "LINODE" ;;
+    bk) echo "NOCRYPT" ;;
+  esac
 fi
 
 echo FAIBASE STANDARD
@@ -121,6 +119,6 @@ echo FAIBASE STANDARD
 
 
 if grep ^52:54:00: /sys/class/net/eth0/address &>/dev/null; then
-    # if our eth0 mac is in the kvm range, we are a vm.
-    echo "VM"
+  # if our eth0 mac is in the kvm range, we are a vm.
+  echo "VM"
 fi
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index e764c32..ec0d1cf 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -41,8 +41,9 @@ chpw() {
   fi
 }
 au() { # add user. i don't use adduser for portability
-  if ! $ROOTCMD getent passwd ${@: -1}; then
-    $ROOTCMD useradd -Um -s /bin/bash $@
+  local user=${@: -1}
+  if ! $ROOTCMD getent passwd $user; then
+    $ROOTCMD useradd -c $user -Um -s /bin/bash $@
   fi
 }
 
diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT
index 7c89c47..4abb486 100755
--- a/fai/config/files/boot/chboot/DEFAULT
+++ b/fai/config/files/boot/chboot/DEFAULT
@@ -46,9 +46,9 @@ pxe-server # disable pxe server
 ssh root@some_hostname
 lsblk # identify boot dev. if boot dev is a raid, this could be repeated on all boot devs.
 mount /dev/sdd3 /mnt
-mount_point=/mnt/boot_debiantesting # the subvol i want to chboot to
+mp=/mnt/boot_debiantesting # the subvol i want to chboot to
 boot_disk=/dev/sdd
-grub-bios-setup -d $mount_point/grub/i386-pc -s -m $mount_point/grub/device.map $boot_disk
+grub-bios-setup -d $mp/grub/i386-pc -s -m $mp/grub/device.map $boot_disk
 reboot
 
 todo: figure out if it's possible to make a multi-distro grub like I have with libreboot
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index afd88a0..ebd3866 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -153,18 +153,20 @@ else
   wipe=true
 fi
 
-## ignore disks that are mounted, eg when running from fai-cd
-declare -A disk_excludes
-while read -r l; do
-  eval "$l"
-  if [[ ! $PKNAME ]]; then
-    PKNAME="$KNAME"
-  fi
-  if [[ $MOUNTPOINT ]]; then
-    disk_excludes[$PKNAME]=true
-  fi
-done < <(lsblk -nP -o KNAME,MOUNTPOINT,PKNAME)
 
+declare -A disk_excludes
+if ! ifclass USE_MOUNTED; then
+  ## ignore disks that are mounted, eg when running from fai-cd
+  while read -r l; do
+    eval "$l"
+    if [[ ! $PKNAME ]]; then
+      PKNAME="$KNAME"
+    fi
+    if [[ $MOUNTPOINT ]]; then
+      disk_excludes[$PKNAME]=true
+    fi
+  done < <(lsblk -nP -o KNAME,MOUNTPOINT,PKNAME)
+fi
 
 hdds=()
 ssds=()
diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index d8fb48d..19be284 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -38,6 +38,9 @@ if [[ ! -e $dst && -e $src ]]; then
 fi
 
 $FAI/distro-install-common/end
+
+
+
 if ifclass VOL_STRETCH_BOOTSTRAP; then
   fcopy -riM /etc/systemd/system
   chroot $FAI_ROOT bash <<'EOFOUTER'
@@ -49,7 +52,15 @@ fi
 
 # these get copied in an earlier stage by fai, but leaving it here since
 # I run this as a single post-fai script to update things that have changed.
+tmpfile1=$(mktemp)
+chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1
 fcopy -riBM /etc/apt
+tmpfile2=$(mktemp)
+chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2
+if ! diff -q $tmpfile1 $tmpfile2; then
+  chroot $FAI_ROOT /usr/bin/apt update
+fi
+
 # outside of fai, this seems to regularly lead to
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
 # so add a sleep. 1 sec is probably way more than needed.
@@ -114,8 +125,8 @@ f=/etc/ssh/sshd_config
 grep -xFq "$line" $f || tee -a $f <<<"$line"
 
 
-# default jessie groups + kvm, systemd-journal, adm
-for g in adm cdrom floppy sudo audio dip video plugdev netdev; do
+# default debian groups (jessie through buster) + adm, sudo
+for g in cdrom floppy audio dip video plugdev netdev adm sudo; do
   if getent gropu $g >/dev/null; then
     usermod -aG $g iank
   fi
@@ -133,7 +144,13 @@ sed -i '$a kernel.sysrq=1
 EOFOUTER
 
 
-if [[ $FAI_ACTION != dirinstall ]]; then
+# bitfolk installer handles the rest
+case $HOSTNAME in
+  bk) exit 0 ;;
+esac
+
+
+if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
   # luks options, see man systemd-cryptsetup-generator
   # all i know is that with luks.crypttab=no, swap still timed out on boot.
   # and with rd.luks.crypttab=no, it works.
@@ -178,7 +195,7 @@ sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
 
 update-grub2
 EOF
-fi ##### end != dirinstall
+fi ##### end != dirinstall && != NOCRYPT
 
 
 # reading through the groups that iank is in but user2 isn't,
@@ -198,7 +215,8 @@ done
 ln -sf /dev/null $target/etc/systemd/network/99-default.link
 
 # use networkmanager if this host has wireless.
-if [[ $(iw dev) ]]; then
+
+if type -p iw &>/dev/null && [[ $(iw dev) ]]; then
   chroot $FAI_ROOT bash <<EOF
 apt-get -y install network-manager
 EOF
@@ -243,6 +261,11 @@ fi
 
 rm -f $target/etc/resolv.conf
 ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
+# needed for bitfolk image
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+  systemctl enable systemd-resolved
+  systemctl start systemd-resolved
+fi
 
 if ifclass LINODE; then
   mkdir -p $target/etc/initramfs-tools/conf.d
diff --git a/wrt-setup b/wrt-setup
index 3c572f2..c86a0d5 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -26,7 +26,8 @@ usage() {
 usage: ${0##*/} [-h|--help] [HOST/IP] [wrt-setup-local_ARGS]
 setup my router in general: dhcp, dns, etc.
 
-Default HOST is root@10.0.0.1
+Default HOST is 10.0.0.1 or 10.2.0.1 if they are the gateway, otherwise
+it must be specified.
 
 Note, use -m "''" to send an empty mac arg. When we get a new enough
 bash, we can use ${@@Q} to properly pass an empty var.
@@ -45,7 +46,6 @@ EOF
   exit $1
 }
 
-h=root@10.0.0.1
 
 case $1 in
   -h|--help) usage ;;
@@ -53,6 +53,19 @@ case $1 in
   ?*) h="$1"; shift ;;
 esac
 
+if [[ ! $h ]]; then
+  read -r _ _  gateway _ < <(ip -4 route get 8.8.8.8)
+  case $gateway in
+    10.0.0.1|10.2.0.1)
+      h=root@$gateway
+      ;;
+    *)
+      echo "$0: error: gateway = $gateway and no HOST/IP specified"
+      exit 1
+      ;;
+  esac
+fi
+
 echo "$0: host=$h"
 
 cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
@@ -60,14 +73,17 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-setup-local /a/bin/cedit/cedi
 # relay is built for openwrt 18.06.2, r7676-cddd7b4c77
 sudo scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
      /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
-     /p/c/machine_specific/wrt/etc/wg.{key,psk} $h:
+     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} $h:
 scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
 ssh $h <<EOFOUTER
 set -x
 # librecmc 1.5.1 is missing nfs-kernel-server and screen
-cat >/etc/opkg/customfeeds.conf <<'EOF'
-src/gz openwrt_packages http://downloads.openwrt.org/releases/19.07.2/packages/mips_24kc/packages
+source /etc/os-release
+if [[ $ID == librecmc && $VERSION == v1.5.1-core]]; then
+ cat >/etc/opkg/customfeeds.conf <<'EOF'
+src/gz openwrt_packages http://downloads.openwrt.org/releases/19.07.3/packages/mips_24kc/packages
+fi
 EOF
 
 if ! opkg list-installed|grep bash; then
@@ -75,6 +91,5 @@ if ! opkg list-installed|grep bash; then
     opkg install bash
 fi
 export HOME_DOMAIN=$HOME_DOMAIN
-export WIRELESSMAC=$WIRELESSMAC
 wrt-setup-local $@
 EOFOUTER
diff --git a/wrt-setup-local b/wrt-setup-local
index b8d36e0..18b4b91 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -39,15 +39,19 @@ EOF
 
 
 
+dnsmasq_restart=false
+firewall_restart=false
 dev2=false
 test=false
 libremanage_host=wrt2
 
-if [[ -e /p/router-secrets ]]; then
-  source /p/router-secrets
+secrets=false
+if [[ -e /root/router-secrets ]]; then
+  secrets=true
+  source /root/router-secrets
 fi
 rmac=$(cat /sys/class/net/eth0/address)
-if [[ $rhost ]]; then
+if $secrets; then
   hostname=${rhost[$rmac]}
 fi
 : ${hostname:=wrt}
@@ -83,10 +87,10 @@ while getopts hm:t: opt; do
 done
 shift "$((OPTIND-1))"   # Discard the options and sentinel --
 
-if [[ ! $mac ]] && ! $test; then
+if [[ ! $mac ]] && ! $test && $secrets; then
   # if we wanted to increment it
-  #WIRELESSMAC=${WIRELESSMAC:0: -1}$((${WIRELESSMAC: -1} + 2))
-  mac=$WIRELESSMAC
+  #mac=${mac:0: -1}$((${mac: -1} + 2))
+  mac=${rwmac[$rmac]}
 fi
 
 if (( $# != 0 )); then
@@ -183,17 +187,23 @@ udel() {
 
 ### network config
 ###
-ssid="check out gnu.org"
 lan=10.0.0.0
 if $test; then
-  ssid="gnuv3"
   lan=10.1.0.0
 elif [[ $hostname == cmc ]]; then
-  ssid=Svenska
   lan=10.2.0.0
 fi
 
-if [[ $rkey ]]; then
+if $test; then
+  ssid="gnuv3"
+elif $secrets; then
+  ssid=${rssid[$rmac]}
+fi
+
+: ${ssid:=librecmc}
+
+
+if $secrets; then
   key=${rkey[$rmac]}
 fi
 : ${key:=pictionary49}
@@ -437,17 +447,32 @@ config wireguard_wg0 'wgclient'
 EOF
 
 
-firewall_restart=false
 
 firewall-cedit() {
-  v cedit /etc/config/firewall <<EOF
-
+  case $hostname in
+    wrt)
+      v cedit host /etc/config/firewall <<EOF
+config redirect
+ option name ssh
+ option src              wan
+ option src_dport        22
+ option dest_ip          $l.3
+ option dest             lan
+EOF
+      ;;
+    cmc)
+      v cedit host /etc/config/firewall <<EOF
 config redirect
  option name ssh
  option src              wan
  option src_dport        22
  option dest_ip          $l.2
  option dest             lan
+EOF
+      ;;
+  esac
+
+  v cedit /etc/config/firewall <<EOF
 config rule
  option src              wan
  option target           ACCEPT
@@ -465,18 +490,6 @@ config rule
  option target           ACCEPT
  option dest_port        2202
 
-config redirect
- option name sshfrodo
- option src              wan
- option src_dport        2203
- option dest_port        22
- option dest_ip          $l.3
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2203
-
 config redirect
  option name sshx2
  option src              wan
@@ -637,28 +650,57 @@ if ! uci get firewall.@zone[1].network | grep wg0 &>/dev/null; then
 fi
 
 
-dnsmasq_restart=false
+
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 127.0.1.1 $hostname
-$l.1 $hostname b8.nz
-$l.2 kd faiserver
-$l.3 frodo
-$l.4 wrt2
-$l.5 x2
 $l.6 demohost
 #$l.7 x3
-$l.8 tp
-$l.9 bb8
-$l.14 wrt3
-2600:3c00::f03c:91ff:fe6d:baf8 li
 72.14.176.105 li
-2a01:7e01::f03c:91ff:feb5:baec l2
-172.105.84.95 l2
+2600:3c00::f03c:91ff:fe6d:baf8 li
+85.119.83.50 bk
+2001:ba8:1f1:f0c9::2 bk
 
 # netns creation looks for next free subnet starting at 10.173, but I only
 # use one, and I would keep this one as the first created.
 10.173.0.2 transmission
 EOF
+case $hostname in
+  wrt)
+    v cedit host /etc/hosts <<EOF || dnsmasq_restart=true
+$l.1 $hostname t.b8.nz
+$l.3 frodo
+$l.4 wrt2
+EOF
+    v cedit host /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+server=/b8.nz/#
+
+server=/kd.b8.nz/#
+server=/x2.b8.nz/#
+server=/tp.b8.nz/#
+server=/bb8.b8.nz/#
+server=/wrt3.b8.nz/#
+EOF
+    ;;
+
+  cmc)
+    v cedit host /etc/hosts <<EOF || dnsmasq_restart=true
+$l.1 $hostname b8.nz
+$l.2 kd
+$l.5 x2 faiserver
+$l.8 tp
+$l.9 bb8
+$l.14 wrt3
+EOF
+    v cedit host /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+server=/t.b8.nz/#
+
+server=/frodo.b8.nz/#
+server=/wrt.b8.nz/#
+server=/wrt2.b8.nz/#
+EOF
+    ;;
+esac
+
 
 #mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
 # if [[ $mail_host ]]; then
@@ -740,7 +782,9 @@ dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd
 #dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd
 dhcp-host=00:26:18:97:bb:16,set:frodo,$l.3,frodo
 # 4 is reserved for a staticly configured host.
-dhcp-host=00:1f:16:16:39:24,set:x2,$l.5,x2
+# old x2 with bad fan
+#dhcp-host=00:1f:16:16:39:24,set:x2,$l.5,x2
+dhcp-host=f0:de:f1:81:ec:88,set:x2,$l.5,x2
 # This is so fai can have an explicit name to use for testing,
 # or else any random machine which did a pxe boot would get
 # reformatted. The mac is from doing a virt-install, cancelling it,
-- 
2.30.2