saljam/expunge_do

## expunge_do
#!/bin/bash

# Run this on digital ocean recovery OS to wipe out whatever is on disk /dev/vda
# and replace it with an ipxe image configured with the machine's IP addresses,
# from DO's metadata service.
# It also creates an unformatted partition spanning the rest of /dev/vda. (It's
# used for cache once booted.)

set -e

apt-get update
apt-get install -y git build-essential liblzma-dev
git clone git://git.ipxe.org/ipxe.git
cd ipxe/src

hostname=$(curl http://169.254.169.254/metadata/v1/hostname)
ip4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)
nm4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/netmask)
gw4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/gateway)
ip6=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address)
gw6=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/gateway)
dns4=1.1.1.1
dns6=2606:4700:4700::1111

cat >ipxe.cfg <<EOF
#!ipxe
set net0/ip       $ip4
set net0/netmask  $nm4
set net0/gateway  $gw4
set net0/dns      $dns4
set net0/ip6      $ip6
set net0/gateway6 $gw6
set net0/dns6     $dns6
ifopen net0
kernel https://boot.0f.io/kernel ro ip=$ip4::$gw4:$nm4:$hostname:::$dns4
initrd https://boot.0f.io/initrd.img
boot
EOF

partsize=$( (( length= $(blockdev --getsize /dev/vda) -  0x00001800 )); printf '0x%08x' $length )

cat >arch/x86/prefix/usbdisk.S <<EOF
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )
	.text
	.arch i386
	.section ".prefix", "awx", @progbits
	.code16
	.org 0
#include "mbr.S"
/* Partition table: ignoring CHS because who reads it anyway */
	.org 446
	/* Partition 1: the rest o the disk */
	.byte 0x00, 0x00, 0x00, 0x00
	.byte 0x83, 0x00, 0x00, 0x00
	.long 0x00001800
	.long $partsize
	.space 16
	.space 16
	/* Partition 4: boot partition */
	.byte 0x80, 0x00, 0x00, 0x00
	.byte 0xeb, 0x00, 0x00, 0x00
	.long 0x00000800
	.long 0x00001000
	.org 510
	.byte 0x55, 0xaa
/* Skip to start of boot partition */
	.org 2048 * 512
EOF

cat >config/general.h <<EOF
#ifndef CONFIG_GENERAL_H
#define CONFIG_GENERAL_H
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <config/defaults.h>
#define BANNER_TIMEOUT		20
#define ROM_BANNER_TIMEOUT	( 2 * BANNER_TIMEOUT )
#define	NET_PROTO_IPV4		/* IPv4 protocol */
#define	NET_PROTO_IPV6		/* IPv6 protocol */
#undef	NET_PROTO_FCOE		/* Fibre Channel over Ethernet protocol */
#define	NET_PROTO_STP		/* Spanning Tree protocol */
#define	NET_PROTO_LACP		/* Link Aggregation control protocol */
#define	DOWNLOAD_PROTO_TFTP	/* Trivial File Transfer Protocol */
#define	DOWNLOAD_PROTO_HTTP	/* Hypertext Transfer Protocol */
#define	DOWNLOAD_PROTO_HTTPS	/* Secure Hypertext Transfer Protocol */
#undef	DOWNLOAD_PROTO_FTP	/* File Transfer Protocol */
#undef	DOWNLOAD_PROTO_SLAM	/* Scalable Local Area Multicast */
#undef	DOWNLOAD_PROTO_NFS	/* Network File System Protocol */
#define HTTP_AUTH_BASIC		/* Basic authentication */
#define HTTP_AUTH_DIGEST	/* Digest authentication */
#define	CRYPTO_80211_WEP	/* WEP encryption (deprecated and insecure!) */
#define	CRYPTO_80211_WPA	/* WPA Personal, authenticating with passphrase */
#define	CRYPTO_80211_WPA2	/* Add support for stronger WPA cryptography */
#define	DNS_RESOLVER		/* DNS resolver */
#define	IMAGE_PNG		/* PNG image support */
#define	IMAGE_DER		/* DER image support */
#define	IMAGE_PEM		/* PEM image support */
#define	AUTOBOOT_CMD		/* Automatic booting */
#define	NVO_CMD			/* Non-volatile option storage commands */
#define	CONFIG_CMD		/* Option configuration console */
#define	IFMGMT_CMD		/* Interface management commands */
#define	IWMGMT_CMD		/* Wireless interface management commands */
#define IBMGMT_CMD		/* Infiniband management commands */
#define FCMGMT_CMD		/* Fibre Channel management commands */
#define	ROUTE_CMD		/* Routing table management commands */
#define IMAGE_CMD		/* Image management commands */
#define DHCP_CMD		/* DHCP management commands */
#define SANBOOT_CMD		/* SAN boot commands */
#define MENU_CMD		/* Menu commands */
#define LOGIN_CMD		/* Login command */
#define SYNC_CMD		/* Sync command */
#define SHELL_CMD		/* Shell command */
//#define NSLOOKUP_CMD		/* DNS resolving command */
//#define TIME_CMD		/* Time commands */
//#define DIGEST_CMD		/* Image crypto digest commands */
//#define LOTEST_CMD		/* Loopback testing commands */
//#define VLAN_CMD		/* VLAN commands */
//#define PXE_CMD		/* PXE commands */
//#define REBOOT_CMD		/* Reboot command */
//#define POWEROFF_CMD		/* Power off command */
//#define IMAGE_TRUST_CMD	/* Image trust management commands */
//#define PCI_CMD		/* PCI commands */
//#define PARAM_CMD		/* Form parameter commands */
//#define NEIGHBOUR_CMD		/* Neighbour management commands */
//#define PING_CMD		/* Ping command */
//#define CONSOLE_CMD		/* Console command */
//#define IPSTAT_CMD		/* IP statistics commands */
//#define PROFSTAT_CMD		/* Profiling commands */
//#define NTP_CMD		/* NTP commands */
//#define CERT_CMD		/* Certificate management commands */
#undef	NONPNP_HOOK_INT19	/* Hook INT19 on non-PnP BIOSes */
#define	AUTOBOOT_ROM_FILTER	/* Autoboot only devices matching our ROM */
#define VNIC_IPOIB		/* Infiniband IPoIB virtual NICs */
#undef	ERRMSG_80211		/* All 802.11 error descriptions (~3.3kb) */
#undef	BUILD_SERIAL		/* Include an automatic build serial
				 * number.  Add "bs" to the list of
				 * make targets.  For example:
				 * "make bin/rtl8139.dsk bs" */
#undef	BUILD_ID		/* Include a custom build ID string,
				 * e.g "test-foo" */
#undef	NULL_TRAP		/* Attempt to catch NULL function calls */
#undef	GDBSERIAL		/* Remote GDB debugging over serial */
#undef	GDBUDP			/* Remote GDB debugging over UDP
				 * (both may be set) */
#define	TIVOLI_VMM_WORKAROUND	/* Work around the Tivoli VMM's garbling of SSE
				 * registers when iPXE traps to it due to
				 * privileged instructions */
#include <config/named.h>
#include NAMED_CONFIG(general.h)
#include <config/local/general.h>
#include LOCAL_NAMED_CONFIG(general.h)
#endif /* CONFIG_GENERAL_H */
EOF

make bin/ipxe.usb EMBED=ipxe.cfg
cat bin/ipxe.usb > /dev/vda
mkfs.ext4 /dev/vda1
	#!/bin/bash

	# Run this on digital ocean recovery OS to wipe out whatever is on disk /dev/vda
	# and replace it with an ipxe image configured with the machine's IP addresses,
	# from DO's metadata service.
	# It also creates an unformatted partition spanning the rest of /dev/vda. (It's
	# used for cache once booted.)

	set -e

	apt-get update
	apt-get install -y git build-essential liblzma-dev
	git clone git://git.ipxe.org/ipxe.git
	cd ipxe/src

	hostname=$(curl http://169.254.169.254/metadata/v1/hostname)
	ip4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)
	nm4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/netmask)
	gw4=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/gateway)
	ip6=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address)
	gw6=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/gateway)
	dns4=1.1.1.1
	dns6=2606:4700:4700::1111

	cat >ipxe.cfg <<EOF
	#!ipxe
	set net0/ip $ip4
	set net0/netmask $nm4
	set net0/gateway $gw4
	set net0/dns $dns4
	set net0/ip6 $ip6
	set net0/gateway6 $gw6
	set net0/dns6 $dns6
	ifopen net0
	kernel https://boot.0f.io/kernel ro ip=$ip4::$gw4:$nm4:$hostname:::$dns4
	initrd https://boot.0f.io/initrd.img
	boot
	EOF

	partsize=$( (( length= $(blockdev --getsize /dev/vda) - 0x00001800 )); printf '0x%08x' $length )

	cat >arch/x86/prefix/usbdisk.S <<EOF
	FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )
	.text
	.arch i386
	.section ".prefix", "awx", @progbits
	.code16
	.org 0
	#include "mbr.S"
	/* Partition table: ignoring CHS because who reads it anyway */
	.org 446
	/* Partition 1: the rest o the disk */
	.byte 0x00, 0x00, 0x00, 0x00
	.byte 0x83, 0x00, 0x00, 0x00
	.long 0x00001800
	.long $partsize
	.space 16
	.space 16
	/* Partition 4: boot partition */
	.byte 0x80, 0x00, 0x00, 0x00
	.byte 0xeb, 0x00, 0x00, 0x00
	.long 0x00000800
	.long 0x00001000
	.org 510
	.byte 0x55, 0xaa
	/* Skip to start of boot partition */
	.org 2048 * 512
	EOF

	cat >config/general.h <<EOF
	#ifndef CONFIG_GENERAL_H
	#define CONFIG_GENERAL_H
	FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
	#include <config/defaults.h>
	#define BANNER_TIMEOUT 20
	#define ROM_BANNER_TIMEOUT ( 2 * BANNER_TIMEOUT )
	#define NET_PROTO_IPV4 /* IPv4 protocol */
	#define NET_PROTO_IPV6 /* IPv6 protocol */
	#undef NET_PROTO_FCOE /* Fibre Channel over Ethernet protocol */
	#define NET_PROTO_STP /* Spanning Tree protocol */
	#define NET_PROTO_LACP /* Link Aggregation control protocol */
	#define DOWNLOAD_PROTO_TFTP /* Trivial File Transfer Protocol */
	#define DOWNLOAD_PROTO_HTTP /* Hypertext Transfer Protocol */
	#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
	#undef DOWNLOAD_PROTO_FTP /* File Transfer Protocol */
	#undef DOWNLOAD_PROTO_SLAM /* Scalable Local Area Multicast */
	#undef DOWNLOAD_PROTO_NFS /* Network File System Protocol */
	#define HTTP_AUTH_BASIC /* Basic authentication */
	#define HTTP_AUTH_DIGEST /* Digest authentication */
	#define CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
	#define CRYPTO_80211_WPA /* WPA Personal, authenticating with passphrase */
	#define CRYPTO_80211_WPA2 /* Add support for stronger WPA cryptography */
	#define DNS_RESOLVER /* DNS resolver */
	#define IMAGE_PNG /* PNG image support */
	#define IMAGE_DER /* DER image support */
	#define IMAGE_PEM /* PEM image support */
	#define AUTOBOOT_CMD /* Automatic booting */
	#define NVO_CMD /* Non-volatile option storage commands */
	#define CONFIG_CMD /* Option configuration console */
	#define IFMGMT_CMD /* Interface management commands */
	#define IWMGMT_CMD /* Wireless interface management commands */
	#define IBMGMT_CMD /* Infiniband management commands */
	#define FCMGMT_CMD /* Fibre Channel management commands */
	#define ROUTE_CMD /* Routing table management commands */
	#define IMAGE_CMD /* Image management commands */
	#define DHCP_CMD /* DHCP management commands */
	#define SANBOOT_CMD /* SAN boot commands */
	#define MENU_CMD /* Menu commands */
	#define LOGIN_CMD /* Login command */
	#define SYNC_CMD /* Sync command */
	#define SHELL_CMD /* Shell command */
	//#define NSLOOKUP_CMD /* DNS resolving command */
	//#define TIME_CMD /* Time commands */
	//#define DIGEST_CMD /* Image crypto digest commands */
	//#define LOTEST_CMD /* Loopback testing commands */
	//#define VLAN_CMD /* VLAN commands */
	//#define PXE_CMD /* PXE commands */
	//#define REBOOT_CMD /* Reboot command */
	//#define POWEROFF_CMD /* Power off command */
	//#define IMAGE_TRUST_CMD /* Image trust management commands */
	//#define PCI_CMD /* PCI commands */
	//#define PARAM_CMD /* Form parameter commands */
	//#define NEIGHBOUR_CMD /* Neighbour management commands */
	//#define PING_CMD /* Ping command */
	//#define CONSOLE_CMD /* Console command */
	//#define IPSTAT_CMD /* IP statistics commands */
	//#define PROFSTAT_CMD /* Profiling commands */
	//#define NTP_CMD /* NTP commands */
	//#define CERT_CMD /* Certificate management commands */
	#undef NONPNP_HOOK_INT19 /* Hook INT19 on non-PnP BIOSes */
	#define AUTOBOOT_ROM_FILTER /* Autoboot only devices matching our ROM */
	#define VNIC_IPOIB /* Infiniband IPoIB virtual NICs */
	#undef ERRMSG_80211 /* All 802.11 error descriptions (~3.3kb) */
	#undef BUILD_SERIAL /* Include an automatic build serial
	* number. Add "bs" to the list of
	* make targets. For example:
	* "make bin/rtl8139.dsk bs" */
	#undef BUILD_ID /* Include a custom build ID string,
	* e.g "test-foo" */
	#undef NULL_TRAP /* Attempt to catch NULL function calls */
	#undef GDBSERIAL /* Remote GDB debugging over serial */
	#undef GDBUDP /* Remote GDB debugging over UDP
	* (both may be set) */
	#define TIVOLI_VMM_WORKAROUND /* Work around the Tivoli VMM's garbling of SSE
	* registers when iPXE traps to it due to
	* privileged instructions */
	#include <config/named.h>
	#include NAMED_CONFIG(general.h)
	#include <config/local/general.h>
	#include LOCAL_NAMED_CONFIG(general.h)
	#endif /* CONFIG_GENERAL_H */
	EOF

	make bin/ipxe.usb EMBED=ipxe.cfg
	cat bin/ipxe.usb > /dev/vda
	mkfs.ext4 /dev/vda1