#!/bin/bash
# Copyright (C) 2016 Ian Kelling

# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.


[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
script_dir="${this_file%/*}"
# shellcheck source=./bash-trace
source "${script_dir}/bash-trace"
cd $script_dir
PATH="$PATH:$PWD"


usage() {
  cat <<EOF
Usage: ${0##*/} [OPTIONS] [HOST] [TYPE]
Configure dnsmasq boot options and fai-chboot if appropriate. This is
not general purpose, it has code specific to dhcp servers I run.

Without TYPE, disable  server and fai server. In that case, HOST is only
needed for fsf office network.

HOST       Only do dhcp pxe for HOST. The hostname must be known to the dhcp
           server to target its mac. Use "default" for all hosts.
           Required in fsf office environment.

TYPE       One of arch, parabola, plain, fai.

-a         Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
           server after a delay.  First ack is for pxe boot, 2nd ack is
           for os boot. Sometimes on debian, there is a 3rd one shortly
           after the 2nd. I can't remember exactly why this caused a
           problem, but I'm hoping the sleep will take care of it.
-d         Don't alter dhcp config. Only make sense for fai type, and on network
           other than home or fsf, when using fai-cd, or pxe-kexec.
-k         Pass -k to myfai-chboot.
--no-r     Pass --no-r to myfai-chboot.
-r         Don't redeploy fai config. For example, if there is a different host
           that is mid-install.

-S         sets FAI_ACTION=sysinfo, see myfai-chboot for more info.
-w         Setup pxe, then wait like -a.
-h|--help  Print help and exit


Note, when switching between plain and arch or parabola, you will need to
do something like:
ssh wrt
cd /mnt/usb
rm tftpboot
ln -s <arch/parabola/debian iso dir> tftpboot


Notes on debugging pxe dhcp tftp:

For debugging dhcp, add to /etc/dnsmasq.conf: log-dhcp

Newer openwrt runs dnsmasq with a whitelist of readable files and dirs:

ps ww :
/sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.d -r /tmp/hosts -r /tmp/resolv.conf.d -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.sh -r /usr/share/dnsmasq/dhcpbogushostname.conf -r /usr/share/dnsmasq/rfc6761.conf -r /usr/share/dnsmasq/trust-anchors.conf -r /usr/share/libubox/jshn.sh -r /var/etc/dnsmasq.conf.cfg01411c -w /var/run/dnsmasq/ -- /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid

logging tftp requests:
/etc/default/tftpd-hpa:
add -vv:
TFTP_OPTIONS="--secure -vv"
jr -u tftpd-hpa -f

Note: Uses GNU getopt options parsing style
EOF
  exit $1
}

pre="${0##*/}:"
m() { printf "$pre %s\n"  "$*"; "$@"; }
e() { printf "$pre %s\n"  "$*"; }
err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }

PATH="/a/exe:$PATH"

##### begin command line parsing ########

dhcp=true
redep=true
acks=2
wait=false
fsf_office=false

case $HOSTNAME in
  x3|kw) fsf_office=true ;;
esac

chboot_args=()
temp=$(getopt -l no-r,help adkrSwh "$@") || usage 1
eval set -- "$temp"
while true; do
  case $1 in
    -a) wait=true; set=false; shift ;;
    -d) dhcp=false; shift ;;
    -k) chboot_args+=(-k); shift ;;
    --no-r) chboot_args+=(--no-r); shift ;;
    -r) redep=false; shift ;;
    -S) chboot_args+=(-S); shift ;;
    -w) wait=true; set=true; shift ;;
    -h|--help) usage ;;
    --) shift; break ;;
    *) echo "$0: Internal error!" ; exit 1 ;;
  esac
done

read -r host type <<<"$@"

case $# in
  [01]);;
  2)
    case $type in
      arch|parabola) cmd=archlike ;;
      fai) cmd=fai ;;
      *)
        echo "$0: error expected type of arch|parabola|fai"
        echo
        usage 1
        ;;
    esac
    ;;
  *)
    echo "$0: error: expected 0-2 arguments"
    echo
    usage 1
    ;;
esac


if $wait && ! $dhcp; then
  echo "$0: error -w conflicts with -d, choose one or other" >&2
  exit 1
fi

if $fsf_office && [[ ! $host ]]; then
  echo "$0: at fsf_office, provide HOST arg" >&2
  exit 1
  fi

if [[ $host && $host != default ]]; then
  host_tag="tag:$host,"
fi

##### end command line parsing ########

archlike() {
  cat <<EOF
${host_tag}209,boot/syslinux/${type}iso.cfg
${host_tag}210,/${type}/
${host_tag}option:bootfile-name,/${type}/boot/syslinux/lpxelinux.0
EOF
}

plain() {
  # if arch based was used before, this additionally needs
  # the tftp link in /mnt/usb to be changed.
  cat <<EOF
${host_tag}option:bootfile-name,pxelinux.0
EOF
}

fai() {
  cat <<EOF
${host_tag}option:bootfile-name,pxelinux.0
${host_tag}option:server-ip-address,$faiserverip
${host_tag}option:tftp-server,$faiserverip
EOF
  # Note, previously used normal dnsmasq option, but it requires dnsmasq
  # restart, which causes momentary dns failures, which can bork an
  # install.
  #
  # dhcp-boot=${host_tag}pxelinux.0,faiserver.b8.nz,faiserver.b8.nz
}

ack-wait() {
  if $fsf_office; then
    wait_cmd="ssh tarantula.office.fsf.org tail -n0 -f /var/log/syslog"
  else
    wait_cmd="ssh cmc logread -f"
  fi
  wait_count=$1
  if [[ $host ]]; then
    if $fsf_office; then
      host_regex=" $(getent hosts kw | awk '{print $1}' | sed 's/\./\\./g')"
    else
      host_regex=" $host"
    fi
  fi
  regex=".*DHCPACK.*$host_regex\b"
  i=0
  while (( i != wait_count )) && read -r line; do
    if [[ $line =~ $regex ]]; then
      i=$((i+1))
      echo $line
    fi
  done < <($wait_cmd ||:) # tail returns 2 it seems
  m sleep 20
}

set-pxe() {
  $dhcp || return 0
  if $fsf_office; then
    if [[ ! $cmd ]]; then
      e "removing pxe for $host on tarantula"
      ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
EOF
    elif [[ $cmd == fai ]]; then
      e "adding pxe for $host on tarantula"
      ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
EOF
    fi
  else
    e "updating dnsmasq.conf:"
    m $cmd
    ${cmd:-:}|ssh cmc "dd of=/var/run/dnsmasq/dhcpopts.conf; /etc/init.d/dnsmasq reload
$([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
  fi
}

type -t host &>/dev/null || sudo apt-get -y install dnsutils
faiserverip=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
if [[ ! $faiserverip || $faiserverip =~ [[:space:]] ]]; then
  echo "$0: error: failed to get \$faiserverip, got: $faiserverip"
  exit 1
fi


if $set; then
  set-pxe
  if [[ $type == fai ]]; then
    if $redep; then
      m fai-redep
    fi
    m myfai-chboot ${chboot_args[@]} $host
  else
    # This will fail if faiserver is not setup, so ignore any
    # failure and don't bother us about it.
    m myfai-chboot &>/dev/null ||:
  fi
fi

if $wait; then
  # fai's debian jessie 8.5ish does 2 dhcp requests when booting,
  # roughly 4 seconds apart. Earlier
  # versions did just 1. Now testing on a vm, it does 1.
  # bleh.
  echo "waiting for $acks dhcp acks then disabling pxe"
  ack-wait $acks
  type=
  unset cmd
  set-pxe

  # previously tried waiting for one more ack then disabling faiserver,
  # since it can contain sensitive info, so turn it off when not in use,
  # but disabling that for now as it's inconvenient to clean this
  # up and run it in the background etc.

  # if [[ $type == fai ]]; then
  #     echo "waiting for 1 dhcp ack then disabling fai server"
  #     ack-wait 1
  #     faiserver-disable
  # fi
fi