linuxlab.nix/machines/nfs/netinstaller.nix

{ pkgs, config, nodes, ... }:

let
  installer = pkgs.nixos [
    ../../installer.nix
  ];

  installer-script =
    let
      target = nodes."client".config.system.build;

    in
    pkgs.writers.writeBash "installer" ''
      set -o errexit
      set -o nounset
      set -o pipefail
    
      set -x
    
      "${target.diskoScript}"
    
      "${target.nixos-install}/bin/nixos-install" \
        --root /mnt \
        --system "${target.toplevel}" \
        --no-channel-copy \
        --no-root-password \
        --verbose

      ${pkgs.util-linux}/bin/umount -R /mnt

      reboot
    '';

  ipxe-script = pkgs.writeText "boot-local.ipxe" ''
    #!ipxe

    sleep 2

    prompt --key 0x18 --timeout 5000 Press Ctrl-X to re-deploy system... || goto local

    echo Starting installer...
    sleep 2

    kernel --name kernel http://''${next-server:ipv4}/bzImage || goto err
    initrd --name initrd http://''${next-server:ipv4}/initrd || goto err

    boot kernel initrd=initrd init=${installer.config.system.build.toplevel}/init nixos.install=${installer-script} loglevel=4 || goto err

    :err
    :shell
    shell ||

    :local
    prompt --key 0x19 --timeout 2000 Booting local disk... && goto shell ||

    sanboot -d 0x80 || goto err
  '';


in
{
  services.nginx = {
    enable = true;

    virtualHosts."boot.${config.networking.domain}" = {
      locations."/" = {
        root = pkgs.linkFarm "root" {
          "bzImage" = installer.config.system.build.kernel + "/bzImage";
          "initrd" = installer.config.system.build.netbootRamdisk + "/initrd";
        };
      };
    };
  };

  services.pixiecore = {
    enable = true;
    debug = true;

    dhcpNoBind = true;

    port = 5080;

    mode = "boot";
    kernel = toString ipxe-script;

    openFirewall = true;
  };

  networking.extraHosts = ''
    127.0.0.1 boot.${config.networking.domain}
  '';

  networking.firewall.allowedTCPPorts = [
    80 # HTTP
  ];
}