photoncloud-monorepo/baremetal/vm-cluster/pxe-server/configuration.nix

{ config, pkgs, lib, modulesPath, ... }:

{
  imports = [
    "${modulesPath}/profiles/qemu-guest.nix"
  ];

  # Network configuration
  networking.hostName = "pxe-server";
  networking.domain = "plasma.local";
  networking.useDHCP = false;

  # eth0: multicast network (static IP)
  networking.interfaces.eth0 = {
    useDHCP = false;
    ipv4.addresses = [{
      address = "192.168.100.1";
      prefixLength = 24;
    }];
  };

  # eth1: user network (DHCP for internet)
  networking.interfaces.eth1.useDHCP = true;

  # DNS
  networking.nameservers = [ "8.8.8.8" "8.8.4.4" ];

  # Firewall
  networking.firewall.enable = false;

  # dnsmasq for DHCP/DNS/TFTP
  services.dnsmasq = {
    enable = true;
    settings = {
      # Listen only on eth0 (multicast network)
      interface = "eth0";

      # DHCP configuration
      dhcp-range = "192.168.100.100,192.168.100.150,12h";
      dhcp-option = [
        "3,192.168.100.1"  # Gateway
        "6,192.168.100.1"  # DNS server
      ];

      # Static DHCP leases
      dhcp-host = [
        "52:54:00:00:01:01,node01,192.168.100.11"
        "52:54:00:00:01:02,node02,192.168.100.12"
        "52:54:00:00:01:03,node03,192.168.100.13"
      ];

      # DNS configuration
      domain = "plasma.local";
      local = "/plasma.local/";
      address = "/deployer.local/192.168.100.1";

      # TFTP configuration
      enable-tftp = true;
      tftp-root = "/var/lib/tftpboot";

      # Logging
      log-queries = true;
      log-dhcp = true;
    };
  };

  # Create TFTP boot directory
  systemd.tmpfiles.rules = [
    "d /var/lib/tftpboot 0755 root root -"
  ];

  # SSH for remote access
  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "yes";
  };

  # Deployer API for ISO phone-home bootstrap
  services.deployer = {
    enable = true;
    bindAddr = "0.0.0.0:8080";
    clusterId = "plasmacloud-vm-cluster";
    requireChainfire = false;
    allowUnauthenticated = true;
    allowUnknownNodes = true;
    allowTestMappings = false;
  };

  # Root password (for SSH access)
  users.users.root.password = "plasmacloud";

  # Packages
  environment.systemPackages = with pkgs; [
    vim
    curl
    htop
    deployer-server
  ];

  # System state version
  system.stateVersion = "24.05";
}