diff --git a/netboot.sh b/netboot.sh
index 3854ae3..571ea0a 100644
--- a/netboot.sh
+++ b/netboot.sh
@@ -18,6 +18,21 @@
 
 set -e
 
+command_exists() {
+	command -v "$@" > /dev/null 2>&1
+}
+
+user="$(id -un 2>/dev/null || true)"
+
+sudo=''
+if [ "$user" != 'root' ]; then
+  if command_exists sudo; then
+    sudo='sudo'
+  else
+    exit 1
+  fi
+fi
+
 while [ $# -gt 0 ]; do
   case $1 in
     --template)
@@ -118,6 +133,9 @@ while [ $# -gt 0 ]; do
     --boot-partition)
       DEBI_BOOT_PARTITION=true
       ;;
+    --poweroff)
+      DEBI_POWEROFF=true
+      ;;
     *)
       echo "Illegal option $1"
       exit 1
@@ -146,7 +164,11 @@ DEBI_MIRROR=${DEBI_MIRROR:-deb.debian.org}
 DEBI_DIRECTORY=${DEBI_DIRECTORY:-/debian}
 
 if [ -z "$DEBI_ARCHITECTURE" ]; then
-  DEBI_ARCHITECTURE=$(dpkg --print-architecture)
+  if command_exists dpkg; then
+    DEBI_ARCHITECTURE=$(dpkg --print-architecture)
+  else
+    DEBI_ARCHITECTURE=amd64
+  fi
 fi
 
 DEBI_SUITE=${DEBI_SUITE:-stretch}
@@ -174,6 +196,7 @@ if [ "$DEBI_MANUAL" != true ]; then
   fi
 fi
 
+echo='cat'
 if [ "$DEBI_DRY_RUN" != true ]; then
   DEBI_TARGET="debian-$DEBI_SUITE"
   if [ "$DEBI_BOOT_PARTITION" = true ]; then
@@ -184,19 +207,21 @@ if [ "$DEBI_DRY_RUN" != true ]; then
   DEBI_WORKDIR="/boot/$DEBI_TARGET"
   DEBI_TARGET_PATH="$DEBI_BOOT_DIRECTORY$DEBI_TARGET"
   DEBI_BASE_URL=$DEBI_PROTOCOL://$DEBI_MIRROR$DEBI_DIRECTORY/dists/$DEBI_SUITE/main/installer-$DEBI_ARCHITECTURE/current/images/netboot/debian-installer/$DEBI_ARCHITECTURE
-  if type update-grub >/dev/null; then
-    update-grub
+  if command_exists update-grub; then
+    $sudo update-grub
     DEBI_GRUB_CONFIG=/boot/grub/grub.cfg
   else
     DEBI_GRUB_CONFIG=/boot/grub2/grub.cfg
-    grub2-mkconfig > "$DEBI_GRUB_CONFIG"
+    $sudo grub2-mkconfig -o "$DEBI_GRUB_CONFIG"
   fi
-  rm -fr "$DEBI_WORKDIR"
-  mkdir -p "$DEBI_WORKDIR"
+  $sudo rm -rf "$DEBI_WORKDIR"
+  $sudo mkdir -p "$DEBI_WORKDIR"
   cd "$DEBI_WORKDIR"
+  $sudo rm -f preseed.cfg
+  echo="$sudo tee -a preseed.cfg"
 fi
 
-cat > preseed.cfg << EOF
+$echo << EOF
 # Localization
 
 d-i debian-installer/locale string en_US.UTF-8
@@ -208,81 +233,83 @@ d-i netcfg/choose_interface select auto
 EOF
 
 if [ -n "$DEBI_IP" ]; then
-  echo "d-i netcfg/disable_autoconfig boolean true" >> preseed.cfg
-  echo "d-i netcfg/get_ipaddress string $DEBI_IP" >> preseed.cfg
+  echo "d-i netcfg/disable_autoconfig boolean true" | $echo
+  echo "d-i netcfg/get_ipaddress string $DEBI_IP" | $echo
   if [ -n "$DEBI_NETMASK" ]; then
-    echo "d-i netcfg/get_netmask string $DEBI_NETMASK" >> preseed.cfg
+    echo "d-i netcfg/get_netmask string $DEBI_NETMASK" | $echo
   fi
   if [ -n "$DEBI_GATEWAY" ]; then
-    echo "d-i netcfg/get_gateway string $DEBI_GATEWAY" >> preseed.cfg
+    echo "d-i netcfg/get_gateway string $DEBI_GATEWAY" | $echo
   fi
   if [ -n "$DEBI_DNS" ]; then
-    echo "d-i netcfg/get_nameservers string $DEBI_DNS" >> preseed.cfg
+    echo "d-i netcfg/get_nameservers string $DEBI_DNS" | $echo
   fi
-  echo "d-i netcfg/confirm_static boolean true" >> preseed.cfg
+  echo "d-i netcfg/confirm_static boolean true" | $echo
 fi
 
-cat >> preseed.cfg << EOF
+$echo << EOF
 d-i netcfg/get_hostname string debian
 d-i netcfg/get_domain string
 EOF
 
 if [ -n "$DEBI_HOSTNAME" ]; then
-  echo "d-i netcfg/hostname string $DEBI_HOSTNAME" >> preseed.cfg
+  echo "d-i netcfg/hostname string $DEBI_HOSTNAME" | $echo
 fi
 
-cat >> preseed.cfg << EOF
-d-i hw-detect/load_firmware boolean true
-EOF
+echo "d-i hw-detect/load_firmware boolean true" | $echo
 
 if [ "$DEBI_SSH" = true ]; then
-  echo "d-i anna/choose_modules string network-console" >> preseed.cfg
-  echo "d-i preseed/early_command string anna-install network-console" >> preseed.cfg
+  $echo << EOF
+
+# Network console
+
+d-i anna/choose_modules string network-console
+d-i preseed/early_command string anna-install network-console
+EOF
   if [ -n "$DEBI_SSH_PASSWORD" ]; then
-    echo "d-i network-console/password password $DEBI_SSH_PASSWORD" >> preseed.cfg
-    echo "d-i network-console/password-again password $DEBI_SSH_PASSWORD" >> preseed.cfg
+    echo "d-i network-console/password password $DEBI_SSH_PASSWORD" | $echo
+    echo "d-i network-console/password-again password $DEBI_SSH_PASSWORD" | $echo
   fi
   if [ -n "$DEBI_SSH_KEYS" ]; then
-    echo "d-i network-console/authorized_keys_url string $DEBI_SSH_KEYS" >> preseed.cfg
+    echo "d-i network-console/authorized_keys_url string $DEBI_SSH_KEYS" | $echo
   fi
-  echo "d-i network-console/start select Continue" >> preseed.cfg
+  echo "d-i network-console/start select Continue" | $echo
 fi
 
-cat >> preseed.cfg << EOF
+$echo << EOF
 
 # Mirror settings
 
 d-i mirror/country string manual
-d-i mirror/protocol string {{-PROTOCOL-}}
-d-i mirror/{{-PROTOCOL-}}/hostname string {{-MIRROR-}}
-d-i mirror/{{-PROTOCOL-}}/directory string {{-DIRECTORY-}}
-d-i mirror/{{-PROTOCOL-}}/proxy string
-d-i mirror/suite string {{-SUITE-}}
-d-i mirror/udeb/suite string {{-SUITE-}}
+d-i mirror/protocol string $DEBI_PROTOCOL
+d-i mirror/$DEBI_PROTOCOL/hostname string $DEBI_MIRROR
+d-i mirror/$DEBI_PROTOCOL/directory string $DEBI_DIRECTORY
+d-i mirror/$DEBI_PROTOCOL/proxy string
+d-i mirror/suite string $DEBI_SUITE
+d-i mirror/udeb/suite string $DEBI_SUITE
 
 # Clock and time zone setup
 
 d-i clock-setup/utc boolean true
-d-i time/zone string {{-TIMEZONE-}}
+d-i time/zone string $DEBI_TIMEZONE
 d-i clock-setup/ntp boolean true
-d-i clock-setup/ntp-server string {{-NTP_SERVER-}}
+d-i clock-setup/ntp-server string $DEBI_NTP_SERVER
 EOF
 
 if [ "$DEBI_MANUAL" != true ]; then
-  cat >> preseed.cfg << EOF
+  $echo << EOF
 
-# User account setup
+# Account setup
 
 d-i passwd/root-login boolean false
 d-i passwd/user-fullname string
-d-i passwd/username string {{-USERNAME-}}
-d-i passwd/user-password-crypted password {{-PASSWORD-}}
+d-i passwd/username string $DEBI_USERNAME
+d-i passwd/user-password-crypted password $DEBI_PASSWORD
 
-# Disk partitioning
+# Partitioning
 
-d-i partman-basicfilesystems/no_swap boolean false
-d-i partman/default_filesystem string {{-FILESYSTEM-}}
-d-i partman-auto/method string {{-DISK_ENCRYPTION-}}
+d-i partman/default_filesystem string $DEBI_FILESYSTEM
+d-i partman-auto/method string $DEBI_DISK_ENCRYPTION
 d-i partman-lvm/device_remove_lvm boolean true
 d-i partman-md/device_remove_md boolean true
 d-i partman-lvm/confirm boolean true
@@ -290,21 +317,19 @@ d-i partman-lvm/confirm_nooverwrite boolean true
 EOF
 
   if [ "$DEBI_DISK_ENCRYPTION" = "regular" ]; then
-    cat >> preseed.cfg << EOF
+    $echo << EOF
 d-i partman-auto/expert_recipe string naive :: 0 1 -1 \$default_filesystem \$primary{ } \$bootable{ } method{ format } format{ } use_filesystem{ } \$default_filesystem{ } mountpoint{ / } .
 d-i partman-auto/choose_recipe select naive
+d-i partman-basicfilesystems/no_swap boolean false
 EOF
   fi
 
-  cat >> preseed.cfg << EOF
+  $echo << EOF
 d-i partman-partitioning/confirm_write_new_label boolean true
 d-i partman/choose_partition select finish
 d-i partman/confirm boolean true
 d-i partman/confirm_nooverwrite boolean true
 d-i partman/mount_style select uuid
-EOF
-
-  cat >> preseed.cfg << EOF
 
 # Base system installation
 
@@ -312,8 +337,8 @@ d-i base-installer/install-recommends boolean false
 
 # Apt setup
 
-d-i apt-setup/services-select multiselect updates
-d-i apt-setup/local0/repository string {{-SECURITY_MIRROR-}} {{-SUITE-}}/updates main
+d-i apt-setup/services-select multiselect updates, backports
+d-i apt-setup/local0/repository string $DEBI_SECURITY_MIRROR $DEBI_SUITE/updates main
 d-i apt-setup/local0/source boolean true
 
 # Package selection
@@ -322,11 +347,11 @@ tasksel tasksel/first multiselect ssh-server
 EOF
 
   if [ -n "$DEBI_INCLUDE" ]; then
-    echo "d-i pkgsel/include string $DEBI_INCLUDE" >> preseed.cfg
+    echo "d-i pkgsel/include string $DEBI_INCLUDE" | $echo
   fi
 
-  cat >> preseed.cfg << EOF
-d-i pkgsel/upgrade select {{-UPGRADE-}}
+  $echo << EOF
+d-i pkgsel/upgrade select $DEBI_UPGRADE
 popularity-contest popularity-contest/participate boolean false
 
 # Boot loader installation
@@ -338,28 +363,19 @@ d-i grub-installer/bootdev string default
 
 d-i finish-install/reboot_in_progress note
 EOF
-fi
 
-sed -i 's/{{-PROTOCOL-}}/'"$DEBI_PROTOCOL"'/g' preseed.cfg
-sed -i 's/{{-MIRROR-}}/'"$DEBI_MIRROR"'/g' preseed.cfg
-sed -i 's/{{-DIRECTORY-}}/'$(echo "$DEBI_DIRECTORY" | sed 's/\//\\\//g')'/g' preseed.cfg
-sed -i 's/{{-SUITE-}}/'"$DEBI_SUITE"'/g' preseed.cfg
-sed -i 's/{{-USERNAME-}}/'"$DEBI_USERNAME"'/g' preseed.cfg
-sed -i 's/{{-PASSWORD-}}/'$(echo "$DEBI_PASSWORD" | sed 's/\//\\\//g')'/g' preseed.cfg
-sed -i 's/{{-TIMEZONE-}}/'$(echo "$DEBI_TIMEZONE" | sed 's/\//\\\//g')'/g' preseed.cfg
-sed -i 's/{{-NTP_SERVER-}}/'"$DEBI_NTP_SERVER"'/g' preseed.cfg
-sed -i 's/{{-SECURITY_MIRROR-}}/'$(echo "$DEBI_SECURITY_MIRROR" | sed 's/\//\\\//g')'/g' preseed.cfg
-sed -i 's/{{-UPGRADE-}}/'"$DEBI_UPGRADE"'/g' preseed.cfg
-sed -i 's/{{-FILESYSTEM-}}/'"$DEBI_FILESYSTEM"'/g' preseed.cfg
-sed -i 's/{{-DISK_ENCRYPTION-}}/'"$DEBI_DISK_ENCRYPTION"'/g' preseed.cfg
+  if [ "$DEBI_POWEROFF" = true ]; then
+    echo 'd-i debian-installer/exit/poweroff boolean true' | $echo
+  fi
+fi
 
 if [ "$DEBI_DRY_RUN" != true ]; then
-  wget "$DEBI_BASE_URL/linux" "$DEBI_BASE_URL/initrd.gz"
-  gunzip initrd.gz
-  echo preseed.cfg | cpio -H newc -o -A -F initrd
-  gzip initrd
+  $sudo wget "$DEBI_BASE_URL/linux" "$DEBI_BASE_URL/initrd.gz"
+  $sudo gunzip initrd.gz
+  echo preseed.cfg | $sudo cpio -H newc -o -A -F initrd
+  $sudo gzip initrd
 
-  cat >> "$DEBI_GRUB_CONFIG" << EOF
+  $sudo tee -a "$DEBI_GRUB_CONFIG" << EOF
 menuentry 'Debian Installer' --id debi {
 insmod part_msdos
 insmod ext2
@@ -370,6 +386,3 @@ initrd $DEBI_TARGET_PATH/initrd.gz
 EOF
 
 fi
-
-cat preseed.cfg
-tail -n 7 "$DEBI_GRUB_CONFIG"