#!/bin/sh -efu

FACILITY=user
PROG="${0##*/}"

VM_DIR=/etc/pve/qemu-server

info() {
    echo "[$PROG]: $*" >&2
    logger -t "$PROG" -p "$FACILITY.info" "$*"
}

alert() {
    echo "[$PROG]: $*" >&2
    logger -t "$PROG" -p "$FACILITY.alert" "$*"
}

if ! grep -q -e '-[[:space:]]\+/usr/share/OVMF'; then
    info "OVMF integrity OK"
else
    alert "OVMF integrity failure! Locking down all VMs that use OVMF..."

    [ -d "$VM_DIR" ] || exit 0

    find -L "$VM_DIR" -mindepth 1 -maxdepth 1 \
	 ! -type d -name '*.conf' \
	 -exec grep -l 'ovmf' '{}' \; | \
	sort -u | while read f; do
	    vm="${f##*/}"
	    vm="${vm%.conf}"
	    qm stop "$vm" && qm block "$vm" ||:
        done
fi
