Files
nixos/docs/pxe-boot.md
T
beatzaplenty 83abba4e25
Check NixOS configurations / eval-hosts (push) Failing after 6m29s
updated ipxe configuration
2026-06-02 18:05:39 +10:00

1.9 KiB

pxe-boot

The pxe-boot host serves HTTP boot assets for iPXE clients.

Host Role

  • Hostname: pxe-boot
  • Web service: nginx on TCP port 80
  • PXE root: /srv/pxe
  • iPXE entry script: /srv/pxe/boot.ipxe
  • Generated iPXE menu: /srv/pxe/menu.ipxe
  • TFTP fallback script: /srv/pxe/boot/autoexec.ipxe
  • Boot binaries copied from the Nix ipxe package:
    • /srv/pxe/boot/ipxe.efi
    • /srv/pxe/boot/undionly.kpxe

Directory Layout

The host creates these directories with systemd tmpfiles:

/srv/pxe
/srv/pxe/boot
/srv/pxe/nixos
/srv/pxe/ubuntu
/srv/pxe/rescue

The HTTP iPXE chain is:

undionly.kpxe or ipxe.efi
  -> autoexec.ipxe from the TFTP root, when iPXE requests it
  -> http://192.168.2.247/boot.ipxe
  -> http://192.168.2.247/menu.ipxe

The same scripts are also exposed under /boot/ for compatibility with older checks and any DHCP option that already points there.

The generated menu currently exposes entries for:

  • NixOS installer
  • Rescue environment
  • iPXE shell
  • Reboot

Kernel and initrd artifacts for installer or rescue entries must be placed under the matching /srv/pxe/<entry>/ directories by an operator or a separate build process. This repository defines the service and menu, not the installer images.

Validation

Safe evaluation check:

nix eval .#nixosConfigurations.pxe-boot.config.system.build.toplevel.drvPath --raw

After deployment by an operator, basic service checks are:

curl http://pxe-boot/boot.ipxe
curl http://pxe-boot/menu.ipxe
curl http://pxe-boot/boot/menu.ipxe
curl http://pxe-boot/boot/autoexec.ipxe
curl -I http://pxe-boot/boot/ipxe.efi
curl -I http://pxe-boot/boot/undionly.kpxe

During a successful BIOS chainload, TFTP should deliver undionly.kpxe once, then nginx should log requests for /boot.ipxe and /menu.ipxe. Repeated TFTP downloads of undionly.kpxe indicate the iPXE stage is still not reaching the HTTP chain.