{ pkgs, lib, config, nodes, ... }:

with lib;

let
  installer = pkgs.nixos [
    ../../installer

    {
      _module.args = {
        target = nodes."client";
      };
    }
  ];

  ipxe-script = pkgs.writeText "boot-local.ipxe" ''
    #!ipxe

    sleep 2

    prompt --key 0x18 --timeout 5000 Press Ctrl-X to re-deploy system... || goto local

    echo "Starting installer..."
    sleep 2

    kernel --name kernel http://''${next-server:ipv4}/bzImage || goto err
    initrd --name initrd http://''${next-server:ipv4}/initrd || goto err

    boot kernel initrd=initrd init=${installer.config.system.build.toplevel}/init loglevel=4 || goto err

    :err
    shell

    :local
    echo "Booting local disk..."
    sleep 2

    sanboot -n -d 0x80
  '';

in
{
  services.nginx = {
    enable = true;

    virtualHosts."boot.${config.networking.domain}" = {
      locations."/" = {
        root = pkgs.linkFarm "root" {
          "bzImage" = installer.config.system.build.kernel + "/bzImage";
          "initrd" = installer.config.system.build.netbootRamdisk + "/initrd";
        };
      };
    };
  };

  services.pixiecore =
    {
      enable = true;
      debug = true;

      dhcpNoBind = true;

      port = 5080;

      mode = "boot";
      kernel = toString ipxe-script;

      openFirewall = true;
    };

  # Ensure the intaller script and therefore the client system is part of the
  # store so it can be fetched by the installer.
  boot.postBootCommands = ''
    ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/installer --set "${installer.installer}"
  '';

  networking.extraHosts = ''
    127.0.0.1 boot.${config.networking.domain}
  '';

  networking.firewall.allowedTCPPorts = [
    80 # HTTP
  ];
}