#!/bin/sh -eu
tool=$(readlink -e "${0%/*}/..")
. "$tool"/local/lib.sh

sudo debconf-set-selections <<-EOF
	grub-pc	grub-pc/install_devices	multiselect	
	EOF
"$tool"/local/apt-get-install grub-pc
sudo install -d -m 644 -o root -g root /boot/grub
"$tool"/local/apt-get-install linux-image-$local_arch
sudo install -m 644 -o root -g root /dev/stdin \
 /etc/default/grub <<-EOF
	GRUB_DEFAULT=0
	GRUB_TIMEOUT=5
	GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
	GRUB_CMDLINE_LINUX_DEFAULT="quiet"
	GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$local_ipv4::$local_gateway:$local_netmask:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
	GRUB_DISABLE_RECOVERY="true"
	#GRUB_PRELOAD_MODULES="lvm"
	EOF
sudo install -m 644 -o root -g root /dev/stdin \
 /boot/grub/device.map <<-EOF
	(hd0)   /dev/xvda
	(hd0)   /dev/mapper/domU-$(printf %s $local_fqdn-disk | sed -e 's/-/--/g')
	EOF
sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
"$tool"/local/initramfs-configure
"$tool"/local/apt-get-install molly-guard
sudo install -m 644 -o root -g root /dev/stdin \
 /etc/molly-guard/rc <<-EOF
	ALWAYS_QUERY_HOSTNAME=true
	 # NOTE: une alternative est de dire à sudo de conserver les SSH_*
	 #       néamoins demander tout le temps n'est pas trop contraignant
	 #       et davantage sécurisant.
	EOF