linuxlab.nix/machines/nfs/netinstaller.nix

{ pkgs, lib, config, nodes, ... }:

with lib;

let
  installer = pkgs.nixos [
    ../../installer.nix
  ];

  installer-script =
    let
      target = nodes."client".config.system.build;

    in
    pkgs.writers.writeBash "installer" ''
      set -o errexit
      set -o nounset
      set -o pipefail
    
      set -x
    
      "${target.diskoScript}"
    
      "${target.nixos-install}/bin/nixos-install" \
        --root /mnt \
        --system "${target.toplevel}" \
        --no-channel-copy \
        --no-root-password \
        --verbose

      umount -R /mnt

      reboot
    '';

  ipxe-script = pkgs.writeText "boot-local.ipxe" ''
    #!ipxe

    sleep 2

    prompt --key 0x18 --timeout 5000 Press Ctrl-X to re-deploy system... || goto local

    echo Starting installer...
    sleep 2

    kernel --name kernel http://''${next-server:ipv4}/bzImage || goto err
    initrd --name initrd http://''${next-server:ipv4}/initrd || goto err

    boot kernel initrd=initrd init=${installer.config.system.build.toplevel}/init nixos.install=${installer-script} loglevel=4 || goto err

    :err
    :shell
    shell ||

    :local
    prompt --key 0x19 --timeout 2000 Booting local disk... && goto shell ||

    sanboot -d 0x80 || goto err
  '';

in
{
  services.nginx = {
    enable = true;

    virtualHosts."boot.${config.networking.domain}" = {
      locations."/" = {
        root = pkgs.linkFarm "root" {
          "bzImage" = installer.config.system.build.kernel + "/bzImage";
          "initrd" = installer.config.system.build.netbootRamdisk + "/initrd";
        };
      };
    };
  };

  services.pixiecore =
    {
      enable = true;
      debug = true;

      dhcpNoBind = true;

      port = 5080;

      mode = "boot";
      kernel = toString ipxe-script;

      openFirewall = true;
    };

  networking.extraHosts = ''
    127.0.0.1 boot.${config.networking.domain}
  '';

  networking.firewall.allowedTCPPorts = [
    80 # HTTP
  ];
}