-* add pam_mkhomedir to common-session:
-{{{
- grep pam_mkhomedir /etc/pam.d/common-session || \
- echo "session optional pam_mkhomedir.so skel=/etc/skel umask=0022" >> /etc/pam.d/common-session
-}}}
-
-* install debian.org which brings you shells and much other fun
-{{{
- apt-get install debian.org
-}}}
-
-* try to login using your user and ssh key. you should get a homedir.
-
-* make ca-certificates sane: (choose to *not* trust new certs, and we only want the spi cert activated)
-{{{
- echo "ca-certificates ca-certificates/trust_new_crts select no" | debconf-set-selections
- sed -i -e 's/^[^#!].*/!&/; s#^!spi-inc.org/spi-cacert-2008.crt#spi-inc.org/spi-cacert-2008.crt#' /etc/ca-certificates.conf
- dpkg-reconfigure ca-certificates
-}}}
-
-* Add debian-admin@debian.org to root in /etc/aliases
-
-* sane default editor
-{{{
- apt-get install vim && update-alternatives --set editor /usr/bin/vim.basic
-}}}
-
-* setup sudo
-{{{
- grep '^%adm' /etc/sudoers || echo '%adm ALL=(ALL) ALL' >> /etc/sudoers
- grep '^%adm.*apt-get' /etc/sudoers || echo '%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none' >> /etc/sudoers
-
- apt-get install libpam-pwdfile
- cat > /etc/pam.d/sudo << EOF
-#%PAM-1.0
-
-auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
-auth required pam_unix.so nullok_secure try_first_pass
-#@include common-auth
-@include common-account
-
-session required pam_permit.so
-session required pam_limits.so
-EOF
-}}}
-
-* OPEN A NEW SHELL - DO _NOT_ LOG OUT OF THIS ONE:<BR>
- test that the dedicated sudo password works. if not, undo the pam sudo config.
- (comment out the auth lines and include common-auth again)
-
-* setup ldap.conf:
-{{{
- grep '^URI.*db.debian.org' /etc/ldap/ldap.conf || cat >> /etc/ldap/ldap.conf << EOF
-
-URI ldap://db.debian.org
-BASE dc=debian,dc=org
-
-TLS_CACERT /etc/ssl/certs/spi-cacert-2008.pem
-TLS_REQCERT hard
-EOF
-}}}
-
-* add to munin on spohr
-{{{
- : :: spohr :: && sudo vi /etc/munin/munin.conf
-}}}
-
-
-* add host to nagios config
-
-* disable password auth with ssh, once you verified you can log in
- and become root using keys.