expunge_do

#!/bin/bash

# Run this on digital ocean recovery OS to wipe out whatever is on disk /dev/vda
# and replace it with an ipxe image configured with the machine's IP addresses,
# from DO's metadata service.
# It also creates an unformatted partition spanning the rest of /dev/vda. (It's
# used for cache once booted.)

set -e

apt-get update
apt-get install -y git build-essential liblzma-dev
git clone git://git.ipxe.org/ipxe.git
cd ipxe/src

hostname=$(curl http://169.254.169.254/metadata/v1/hostname)
ip4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)
nm4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/netmask)
gw4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/gateway)
ip6=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address)
gw6=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/gateway)
dns4=1.1.1.1
dns6=2606:4700:4700::1111

cat >ipxe.cfg <<EOF
#!ipxe
set net0/ip       $ip4
set net0/netmask  $nm4
set net0/gateway  $gw4
set net0/dns      $dns4
set net0/ip6      $ip6
set net0/gateway6 $gw6
set net0/dns6     $dns6
ifopen net0
kernel https://boot.0f.io/kernel ro ip=$ip4::$gw4:$nm4:$hostname:::$dns4
initrd https://boot.0f.io/initrd.img
boot
EOF

partsize=$( (( length= $(blockdev --getsize /dev/vda) -  0x00001800 )); printf '0x%08x' $length )

cat >arch/x86/prefix/usbdisk.S <<EOF
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )
	.text
	.arch i386
	.section ".prefix", "awx", @progbits
	.code16
	.org 0
#include "mbr.S"
/* Partition table: ignoring CHS because who reads it anyway */
	.org 446
	/* Partition 1: the rest o the disk */
	.byte 0x00, 0x00, 0x00, 0x00
	.byte 0x83, 0x00, 0x00, 0x00
	.long 0x00001800
	.long $partsize
	.space 16
	.space 16
	/* Partition 4: boot partition */
	.byte 0x80, 0x00, 0x00, 0x00
	.byte 0xeb, 0x00, 0x00, 0x00
	.long 0x00000800
	.long 0x00001000
	.org 510
	.byte 0x55, 0xaa
/* Skip to start of boot partition */
	.org 2048 * 512
EOF

cat >config/general.h <<EOF
#ifndef CONFIG_GENERAL_H
#define CONFIG_GENERAL_H
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <config/defaults.h>
#define BANNER_TIMEOUT		20
#define ROM_BANNER_TIMEOUT	( 2 * BANNER_TIMEOUT )
#define	NET_PROTO_IPV4		/* IPv4 protocol */
#define	NET_PROTO_IPV6		/* IPv6 protocol */
#undef	NET_PROTO_FCOE		/* Fibre Channel over Ethernet protocol */
#define	NET_PROTO_STP		/* Spanning Tree protocol */
#define	NET_PROTO_LACP		/* Link Aggregation control protocol */
#define	DOWNLOAD_PROTO_TFTP	/* Trivial File Transfer Protocol */
#define	DOWNLOAD_PROTO_HTTP	/* Hypertext Transfer Protocol */
#define	DOWNLOAD_PROTO_HTTPS	/* Secure Hypertext Transfer Protocol */
#undef	DOWNLOAD_PROTO_FTP	/* File Transfer Protocol */
#undef	DOWNLOAD_PROTO_SLAM	/* Scalable Local Area Multicast */
#undef	DOWNLOAD_PROTO_NFS	/* Network File System Protocol */
#define HTTP_AUTH_BASIC		/* Basic authentication */
#define HTTP_AUTH_DIGEST	/* Digest authentication */
#define	CRYPTO_80211_WEP	/* WEP encryption (deprecated and insecure!) */
#define	CRYPTO_80211_WPA	/* WPA Personal, authenticating with passphrase */
#define	CRYPTO_80211_WPA2	/* Add support for stronger WPA cryptography */
#define	DNS_RESOLVER		/* DNS resolver */
#define	IMAGE_PNG		/* PNG image support */
#define	IMAGE_DER		/* DER image support */
#define	IMAGE_PEM		/* PEM image support */
#define	AUTOBOOT_CMD		/* Automatic booting */
#define	NVO_CMD			/* Non-volatile option storage commands */
#define	CONFIG_CMD		/* Option configuration console */
#define	IFMGMT_CMD		/* Interface management commands */
#define	IWMGMT_CMD		/* Wireless interface management commands */
#define IBMGMT_CMD		/* Infiniband management commands */
#define FCMGMT_CMD		/* Fibre Channel management commands */
#define	ROUTE_CMD		/* Routing table management commands */
#define IMAGE_CMD		/* Image management commands */
#define DHCP_CMD		/* DHCP management commands */
#define SANBOOT_CMD		/* SAN boot commands */
#define MENU_CMD		/* Menu commands */
#define LOGIN_CMD		/* Login command */
#define SYNC_CMD		/* Sync command */
#define SHELL_CMD		/* Shell command */
//#define NSLOOKUP_CMD		/* DNS resolving command */
//#define TIME_CMD		/* Time commands */
//#define DIGEST_CMD		/* Image crypto digest commands */
//#define LOTEST_CMD		/* Loopback testing commands */
//#define VLAN_CMD		/* VLAN commands */
//#define PXE_CMD		/* PXE commands */
//#define REBOOT_CMD		/* Reboot command */
//#define POWEROFF_CMD		/* Power off command */
//#define IMAGE_TRUST_CMD	/* Image trust management commands */
//#define PCI_CMD		/* PCI commands */
//#define PARAM_CMD		/* Form parameter commands */
//#define NEIGHBOUR_CMD		/* Neighbour management commands */
//#define PING_CMD		/* Ping command */
//#define CONSOLE_CMD		/* Console command */
//#define IPSTAT_CMD		/* IP statistics commands */
//#define PROFSTAT_CMD		/* Profiling commands */
//#define NTP_CMD		/* NTP commands */
//#define CERT_CMD		/* Certificate management commands */
#undef	NONPNP_HOOK_INT19	/* Hook INT19 on non-PnP BIOSes */
#define	AUTOBOOT_ROM_FILTER	/* Autoboot only devices matching our ROM */
#define VNIC_IPOIB		/* Infiniband IPoIB virtual NICs */
#undef	ERRMSG_80211		/* All 802.11 error descriptions (~3.3kb) */
#undef	BUILD_SERIAL		/* Include an automatic build serial
				 * number.  Add "bs" to the list of
				 * make targets.  For example:
				 * "make bin/rtl8139.dsk bs" */
#undef	BUILD_ID		/* Include a custom build ID string,
				 * e.g "test-foo" */
#undef	NULL_TRAP		/* Attempt to catch NULL function calls */
#undef	GDBSERIAL		/* Remote GDB debugging over serial */
#undef	GDBUDP			/* Remote GDB debugging over UDP
				 * (both may be set) */
#define	TIVOLI_VMM_WORKAROUND	/* Work around the Tivoli VMM's garbling of SSE
				 * registers when iPXE traps to it due to
				 * privileged instructions */
#include <config/named.h>
#include NAMED_CONFIG(general.h)
#include <config/local/general.h>
#include LOCAL_NAMED_CONFIG(general.h)
#endif /* CONFIG_GENERAL_H */
EOF

make bin/ipxe.usb EMBED=ipxe.cfg
cat bin/ipxe.usb > /dev/vda
mkfs.ext4 /dev/vda1