#!/usr/bin/env bash
set -euxo pipefail

# This will work in sd-boot 251 to auto-enroll secure boot keys.
# https://www.freedesktop.org/software/systemd/man/systemd-boot.html
# > CHANGES WITH 252 in spe:
# > [...]
# >     * sd-boot can automatically enroll SecureBoot keys from files found on
# >       the ESP. This enrollment can be either automatic ('force' mode) or
# >       controlled by the user ('manual' mode).
# > [...]
#
# echo "secure-boot-enroll force" >> /boot/loader/loader.conf

# create mountpoints in /etc
mkdir -p /etc/{cni,kubernetes}

# move issue files away from /etc
# to allow /run/issue and /run/issue.d to take precedence
mv /etc/issue.d /usr/lib/issue.d || true
rm -f /etc/issue
rm -f /etc/issue.net

# update /etc/os-release
echo "IMAGE_ID=\"${IMAGE_ID}\"" >> /etc/os-release
echo "IMAGE_VERSION=\"${IMAGE_VERSION}\"" >> /etc/os-release