# IPXE Boot server

Boot from ipxe.nuc.lan:8080

## Files

| File                    | Purpose                                         |
|-------------------------|-------------------------------------------------|
| `ipxe-server.container` | Quadlet unit joining `internal_caddy` network   |
| `Containerfile`         | Alpine + nginx serving boot assets on port 8080 |
| `snippets/ipxe`         | Caddy snippet with reusable proxy directives    |
| `caddy/ipxe.caddyfile`  | Site block for `ipxe.nuc.lan` (HTTP + HTTPS)    |
| `setup.sh`              | Automated deployment script                     |

**Integration with existing Caddyfile:**

1. Copy `snippets/ipxe` to your snippets directory
2. Add to top of your Caddyfile:

   ```
   import snippets/ipxe
   ```

3. Add the `ipxe.nuc.lan` block (or paste the content from `ipxe.caddyfile`)


**Or** since you have `*.nuc.lan` already, add this matcher to your wildcard block:

```caddy
@ipxe host ipxe.nuc.lan
handle @ipxe {
    reverse_proxy ipxe-server:8080
}
```

**Quick deploy:**

```bash
./setup.sh install   # Creates dirs, builds image, installs Quadlet
./setup.sh start     # Starts via systemd

# Add boot files
cp vmlinuz initrd.img ~/ipxe/boot/
cp squashfs.img ~/ipxe/images/fedora-42/
```

**Note:** HTTP is intentionally kept open for `ipxe.nuc.lan:80` because most PXE ROMs chainload via HTTP before the full iPXE stack with HTTPS support is loaded. The local network restriction handles security.