2 tool
=$
(readlink
-e "${0%/*}/..")
5 sudo debconf-set-selections
<<-EOF
6 grub-pc grub-pc/install_devices multiselect
8 "$tool"/local
/apt-get-install grub-pc
9 sudo
install -d -m 644 -o root
-g root
/boot
/grub
10 "$tool"/local
/apt-get-install linux-image-
$vm_arch
11 sudo
install -m 644 -o root
-g root
/dev
/stdin \
12 /etc
/default
/grub
<<-EOF
15 GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
16 GRUB_CMDLINE_LINUX_DEFAULT="quiet"
17 GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$vm_ipv4::$vm_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
18 GRUB_DISABLE_RECOVERY="true"
19 #GRUB_PRELOAD_MODULES="lvm"
21 sudo
install -m 644 -o root
-g root
/dev
/stdin \
22 /boot
/grub
/device.map
<<-EOF
24 (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g')
26 sudo update-grub2
# NOTE: prend en compte /boot/grub/device.map
27 "$tool"/local
/initramfs-configure
28 "$tool"/local
/apt-get-install molly-guard
29 sudo
install -m 644 -o root
-g root
/dev
/stdin \
30 /etc
/molly-guard
/rc
<<-EOF
31 ALWAYS_QUERY_HOSTNAME=true
32 # NOTE: une alternative est de dire à sudo de conserver les SSH_*
33 # néamoins demander tout le temps n'est pas trop contraignant
34 # et davantage sécurisant.