initial commit

README.md

@@ -0,0 +1,25 @@
+## netboot.xyz - v2 - Under Construction
+
+** THIS IS A WORK IN PROGRESS, DO NOT USE **
+
+** Templates are incomplete and still being worked ** 
+
+netboot.xyz rewritten in ansible to generate standalone netboot environments.
+
+The goal is to use this to generate the primary netboot.xyz site 
+but at the same time allow it to be customizable for any type of environment or user.
+
+The source files are now templates in order to make things a bit easier to generate.
+
+This is a seperate repo for now but will more than likely roll into the existing repo.
+
+To generate, run:
+
+```
+ansible-playbook -i inventory/all netbootxyz.yml
+```
+
+It'll handle source generation as well as ipxe disk generation with the users settings.  The disk generation was worked on a while back so it needs work to catch it up to the existing state of netboot.xyz.
+
+If you want to override the defaults, you can put overrides in user_overrides.yml.  See file for examples.
+

TODO.md

@@ -0,0 +1,12 @@
+## TODO
+
+* Finish the templates
+* Convert utilties to dictionary
+* Signature generation
+* Custom iPXE Certificate generation
+* Logic to mirror repos locally for airgapped environments or those with plenty of space.
+* Webserver optimization, make configurable (nginx, apache, etc)
+* More host OS support
+* Docker images
+* package cacher
+* port netboot.xyz to this in staging env to validate and test

inventory/all

@@ -0,0 +1 @@
+localhost ansible_connection=local

netbootxyz.yml

@@ -0,0 +1,7 @@
+---
+- hosts: localhost
+  user: root
+  roles:
+    - netbootxyz
+  vars_files:
+    - user_overrides.yml

roles/netbootxyz/defaults/main.yml

@@ -0,0 +1,347 @@
+---
+
+boot_domain: boot.mydomain.com
+boot_version: 1.00
+
+ipxe_repo: https://github.com/ipxe/ipxe.git
+ipxe_branch: master
+ipxe_source_dir: /usr/src/ipxe
+
+netbootxyz_repo: https://github.com/antonym/netboot.xyz.git
+netbootxyz_branch: master
+netbootxyz_root: /var/www/html
+
+releases:
+  alpinelinux:
+    name: "Alpine Linux"
+    mirror: "http://dl-cdn.alpinelinux.org"
+    base_dir: "alpine"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "3.10"
+        code_name: "v3.10"
+      - name: "Edge (development)"
+        code_name: "edge"
+  archlinux:
+    name: "Arch Linux"
+    mirror: "mirror.rackspace.com"
+    base_dir: "archlinux"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "2019.10.01"
+        code_name: "2019.10.01"
+  blackarch:
+    name: "BlackArch"
+    enabled: true
+    menu: "security"
+    versions:
+      - name: "2019.06.01"
+        code_name: "2019.06.01"
+  centos:
+    name: "CentOS"
+    mirror: "http://mirror.centos.org"
+    base_dir: "centos"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "8.0"
+        code_name: "8.0.1905"
+      - name: "8.0 Stream"
+        code_name: "8-stream"
+      - name: "7.7"
+        code_name: "7.7.1908"
+  coreos:
+    name: "CoreOS"
+    enabled: true
+    menu: "linux"    
+    versions:
+      - name: "30"
+        code_name: "beta"
+  debian:
+    name: "Debian"      
+    mirror: "deb.debian.org"
+    archive_mirror: "archive.debian.org"
+    base_dir: "debian"
+    enabled: true
+    menu: "linux"    
+    versions:
+      stable:
+        - name: "9.0 (stretch)"
+          code_name: "stretch"
+        - name: "8.0 (jessie)"
+          code_name: "jessie"
+        - name: "7.0 (jessie)"
+          code_name: "wheezy"
+      testing:
+        - name: "buster (testing)"
+          code_name: "buster"
+        - name: "sid (unstable)"
+          code_name: "sid"
+  devuan:
+    name: "Devuan"
+    mirror: "auto.mirror.devuan.org"
+    base_dir: "devuan"
+    enabled: true
+    menu: "linux"
+    versions:
+      stable:
+        - name: "ascii (stable)"
+          code_name: "ascii"
+        - name: "1.0 (jessie)"
+          code_name: "jessie"
+      testing:
+        - name: "beowulf (testing)"
+          code_name: "beowulf"
+  fedora:
+    name: "Fedora"
+    mirror: "mirrors.kernel.org"
+    base_dir: "fedora"
+    enabled: true
+    menu: "linux"    
+    versions:
+      - name: "31"
+        code_name: "31"
+      - name: "30"
+        code_name: "30"
+      - name: "29"
+        code_name: "29"
+  flatcar:
+    name: "Container Linux by Flatcar"
+    mirror: ""
+    enabled: true
+    menu: "linux"    
+    versions:
+      - name: "Stable Channel"
+        code_name: "stable"
+      - name: "Beta Channel"
+        code_name: "beta"
+      - name: "Alpha Channel"
+        code_name: "edge"
+  freebsd:
+    name: "FreeBSD"
+    menu: "bsd"
+    versions:
+      - name: "FreeBSD 12.0"
+        code_name: "12.0"
+        image_subdir: "12"
+      - name: "FreeBSD 11.2"
+        code_name: "11.2"
+        image_subdir: "11"
+      - name: "FreeBSD 11.1"
+        code_name: "11.1"
+        image_subdir: "11"
+      - name: "FreeBSD 11.0"
+        code_name: "11.0"
+        image_subdir: "11"
+      - name: "FreeBSD 10.4"
+        code_name: "10.4"
+        image_subdir: "10"
+  freedos:
+    name: "FreeDOS"
+    mirror: "http://www.freedos.org"
+    base_dir: "/download/download/"
+    enabled: true
+    menu: "dos"
+    versions:
+      - name: "1.2 Full Installer"
+        code_name: "FD12FULL"
+      - name: "1.2 Lite Installer"
+        code_name: "FD12LITE"
+  gentoo:
+    name: "Gentoo"
+    mirror: ""
+    menu: "linux"
+    versions:
+      - name: "TBA"
+        code_name: "TBA"
+  ipfire:
+    name: "IPFire"
+    mirror: "downloads.ipfire.org"
+    menu: "linux"
+    versions:
+      - name: "2.21 Core 126"
+        code_name: "2.21-core126"
+  kail:
+    name: "Kali Linux"
+    mirror: "http://http.kali.org"
+    base_dir: "kali"
+    enabled: true
+    menu: "security"
+    versions:
+      - name: "Rolling Edition (2019.2)"
+        code_name: "rolling"
+  livedebian:
+    name: "Debian Live"
+    mirror: "http://cdimage.debian.org"
+    base_dir: "cdimage/archive"
+    enabled: true
+    menu: "live"
+    versions:
+      - name: "8.11.0"
+        code_name: "8.11.0"
+    flavors:
+      - name: "Cinnamon"
+        code_name: "cinnamon-desktop"
+      - name: "Gnome"
+        code_name: "gnome-desktop"
+      - name: "KDE"
+        code_name: "kde-desktop"
+      - name: "LXDE"
+        code_name: "lxde-desktop"
+      - name: "MATE"
+        code_name: "mate-desktop"
+      - name: "Standard"
+        code_name: "standard"
+      - name: "XFCE"
+        code_name: "xfce-desktop"
+  livegrml:
+    name: "Grml Live Linux"
+    mirror: "http://download.grml.org"
+    enabled: true
+    menu: "live"
+    versions:
+      - name: "2018.12 Full"
+        code_name: "grml-full"
+      - name: "2018.12 Small"
+        code_name: "grml-small"
+  mageia:
+    name: "Mageia"
+    mirror: "http://mirrors.kernel.org"
+    base_dir: "mageia"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "7.1"
+        code_name: "7.1"
+      - name: "cauldron"
+        code_name: "cauldron"
+  mirbsd:
+    name: "MirOS"
+    mirror: "https://www.mirbsd.org/"
+    base_dir: "MirOS"
+    enabled: true
+    menu: "bsd"
+    versions:
+      - name: "Latest (i386)"
+        code_name: "mirbsd"
+  nixos:
+    name: "NixOS"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "Nixos 19.09"
+        code_name: "19.09"
+      - name: "Nixos 19.03"
+        code_name: "19.03"
+      - name: "Nixox Unstable"
+        code_name: "unstable"
+  openbsd:
+    name: "OpenBSD"
+    mirror: "ftp.openbsd.org"
+    base_dir: "pub/OpenBSD"
+    enabled: true
+    menu: "bsd"
+    versions:
+      - name: "OpenBSD 6.6"
+        code_name: "6.6"
+        image_ver: "66"
+      - name: "OpenBSD 6.5"
+        code_name: "6.5"
+        image_ver: "65"
+      - name: "OpenBSD 6.4"
+        code_name: "6.4"
+        image_ver: "64"
+      - name: "OpenBSD 6.3"
+        code_name: "6.3"
+        image_ver: "63"
+      - name: "OpenBSD 6.6 Latest Snapshot"
+        code_name: "snapshots"
+        image_ver: "66"
+  opensuse:
+    name: "OpenSUSE"
+    mirror: ""
+    base_dir: ""
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "openSUSE Leap 15.1"
+        code_name: "15.1"
+      - name: "openSUSE Leap 15.0"
+        code_name: "15.0"
+      - name: "openSUSE Leap 42.3"
+        code_name: "42.3"
+      - name: "openSUSE tumbleweed"
+        code_name: "tumbleweed"
+  parrotsec:
+    name: "Parrot Security"
+    mirror: "https://mirrordirector.archive.parrotsec.org"
+    base_dir: "parrot"
+    enabled: true
+    menu: "security"
+    versions:
+      - name: "Stable Netinstall"
+        code_name: "stable"
+  rancheros:
+    name: "RancherOS"
+    mirror: "releases.rancher.com"
+    base_dir: "os/latest"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "Latest (20 MB)"
+        code_name: "latest"
+  scientific:
+    name: "Scientific Linux"
+    mirror: "ftp1.scientificlinux.org"
+    base_dir: ""
+    menu: "linux"
+    versions:
+      - name: "7.7"
+        code_name: "7.7"
+      - name: "7.6"
+        code_name: "7.6"
+      - name: "6.10"
+        code_name: "6.10"
+      - name: "6.9"
+        code_name: "6.9" 
+  slackware:
+    name: "Slackware"
+    mirror: "mirror.rackspace.com"
+    base_dir: "slackware"
+    menu: "linux"
+    versions:
+      - name: "Current"
+        code_name: "current"
+      - name: "14.2"
+        code_name: "14.2"
+      - name: "14.1"
+        code_name: "14.1"
+  tinycore:
+    name: "Tiny Core Linux"
+    mirror: "tinycorelinux.net"
+    menu: "linux"
+    versions:
+      - name: "Core [ISO]"
+        code_name: "Core"
+      - name: "TinyCore [ISO]"
+        code_name: "TinyCore"
+      - name: "CorePlus [ISO]"
+        code_name: "CorePlus"
+  ubuntu:
+    name: "Ubuntu"
+    mirror: "archive.ubuntu.com"
+    archive_mirror: "old-releases.ubuntu.com"
+    base_dir: "ubuntu"
+    enabled: true
+    menu: "linux"
+    versions:
+      - name: "19.10 Eoan Ermine"
+        code_name: "eoan"
+      - name: "19.04 Disco Dingo"
+        code_name: "disco"
+      - name: "18.04 LTS Bionic Beaver"
+        code_name: "bionic"
+      - name: "16.04 LTS Xenial Xerus"
+        code_name: "xenial"

roles/netbootxyz/tasks/generate_disks.yml

@@ -0,0 +1,128 @@
+---
+  - name: Adds python packages if python is not present
+    raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-yaml)
+
+  - name: Gathering facts
+    setup:
+
+  - name: Gather variables for each operating system
+    include_vars: "{{ item }}"
+    with_first_found:
+      - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
+      - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
+      - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
+      - "{{ ansible_distribution | lower }}.yml"
+      - "{{ ansible_os_family | lower }}.yml"
+
+  - name: Install required packages
+    package:
+      name: "{{ item }}"
+      state: latest
+    with_items: "{{ netbootxyz_packages }}"
+
+  - name: Check out latest iPXE sources
+    git:
+      repo: "{{ ipxe_repo }}"
+      dest: /usr/src/ipxe
+      version: "{{ ipxe_branch }}"
+
+  - name: Check out latest netboot.xyz sources
+    git:
+      repo: "{{ netbootxyz_repo }}"
+      dest: /usr/src/netboot.xyz
+      version: "{{ netbootxyz_branch }}"
+
+  - name: Copy iPXE Bootloader template to iPXE source directory
+    template:
+      src: disks/ipxe-bootloader.j2
+      dest: /usr/src/ipxe/src/ipxe-bootloader
+
+  - name: Copy netboot.xyz colour.h iPXE config
+    file:
+      src: /usr/src/netboot.xyz/ipxe/local/colour.h
+      dest: /usr/src/ipxe/src/config/local/colour.h
+      state: link
+
+  - name: Copy netboot.xyz general.h iPXE config
+    file:
+      src: /usr/src/netboot.xyz/ipxe/local/general.h
+      dest: /usr/src/ipxe/src/config/local/general.h
+      state: link
+
+  - name: Touch iPXE config local files
+    file:
+      path: "{{ item }}"
+      state: touch
+    with_items:
+    - /usr/src/ipxe/src/config/local/console.h
+    - /usr/src/ipxe/src/config/local/umalloc.h
+    - /usr/src/ipxe/src/config/local/nap.h
+    - /usr/src/ipxe/src/config/local/timer.h
+    - /usr/src/ipxe/src/config/local/branding.h
+    - /usr/src/ipxe/src/config/local/serial.h
+    - /usr/src/ipxe/src/config/local/reboot.h
+    - /usr/src/ipxe/src/config/local/sanboot.h
+    - /usr/src/ipxe/src/config/local/fault.h
+    - /usr/src/ipxe/src/config/local/dhcp.h
+    - /usr/src/ipxe/src/config/local/sideband.h
+    - /usr/src/ipxe/src/config/local/entropy.h
+    - /usr/src/ipxe/src/config/local/crypto.h
+    - /usr/src/ipxe/src/config/local/usb.h
+    - /usr/src/ipxe/src/config/local/settings.h
+
+  - name: Create iPXE file directory
+    file:
+      path: /var/www/html/ipxe
+      state: directory
+
+  - name: Compile iPXE bootloader for Legacy BIOS
+    shell: "{{ item }}"
+    with_items:
+    - make EMBED=ipxe-bootloader bin/ipxe.dsk bin/ipxe.iso bin/ipxe.lkrn bin/ipxe.usb bin/ipxe.kpxe bin/undionly.kpxe
+    args:
+      chdir: /usr/src/ipxe/src
+
+  - name: Copy iPXE files for Legacy BIOS to http directory
+    copy:
+      src: /usr/src/ipxe/src/bin/{{ item }}
+      dest: /var/www/html/ipxe/{{ boot_domain }}-{{ item }}
+      remote_src: True
+    with_items:
+    - ipxe.dsk
+    - ipxe.iso
+    - ipxe.lkrn
+    - ipxe.usb
+    - ipxe.kpxe
+    - undionly.kpxe
+
+  - name: Copy netboot.xyz general.h.efi iPXE config
+    file:
+      src: /usr/src/netboot.xyz/ipxe/local/general.h.efi
+      dest: /usr/src/ipxe/src/config/local/general.h
+      state: link
+
+  - name: Compile iPXE bootloader for EFI
+    shell: "{{ item }}"
+    with_items:
+    - make clean
+    - make EMBED=ipxe-bootloader bin-x86_64-efi/ipxe.efi
+    args:
+      chdir: /usr/src/ipxe/src
+
+  - name: Generate iPXE EFI ISO Disk
+    shell: "{{ item }}"
+    with_items:
+    - mkdir -p efi_tmp/EFI/BOOT/
+    - cp bin-x86_64-efi/ipxe.efi efi_tmp/EFI/BOOT/bootx64.efi
+    - genisoimage -o ipxe-efi.iso efi_tmp
+    args:
+      chdir: /usr/src/ipxe/src
+
+  - name: Copy iPXE EFI builds to http directory
+    copy:
+      src: "{{ ipxe_source_dir }}/src/{{ item.src }}"
+      dest: "{{ netbootxyz_root }}/ipxe/{{ item.dest }}"
+      remote_src: True
+    with_items:
+      - { src: "bin-x86_64-efi/ipxe.efi", dest: "{{ boot_domain }}-ipxe.efi" }
+      - { src: "ipxe-efi.iso", dest: "{{ boot_domain }}-ipxe-efi.iso" }

roles/netbootxyz/tasks/generate_menus.yml

@@ -0,0 +1,24 @@
+---
+  - name: Combine overrides with defaults
+    set_fact: 
+      _my_releases: "{{ releases|combine(release_overrides, recursive=True) }}"
+
+  - name: Set releases with user overrides
+    set_fact:
+      releases: "{{ _my_releases }}"
+
+  - name: Generate directories
+    file:
+      path: "{{ netbootxyz_root }}"
+      state: directory
+
+  - name: Dump releases vars for debugging
+    debug:
+      var: releases
+
+  - name: Generate netboot.xyz source files templates
+    template:
+      src: "{{ item.src }}"
+      dest: "{{ netbootxyz_root }}/{{ item.path | regex_replace('.j2','') }}"
+    with_filetree: "templates/menu/"
+    when: item.state == "file"

roles/netbootxyz/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+  - include: generate_menus.yml
+    when:
+    - generate_menus | default(true) | bool
+
+  - include: generate_disks.yml
+    when:
+    - generate_disks | default(true) | bool

roles/netbootxyz/templates/disks/ipxe-bootloader.j2

@@ -0,0 +1,69 @@
+#!ipxe
+set esc:hex 1b
+set bold ${esc:string}[1m
+set boldoff ${esc:string}[22m
+set fg_gre ${esc:string}[32m
+set fg_cya ${esc:string}[36m
+set fg_whi ${esc:string}[37m
+set HTTPS_ERR HTTPS appears to have failed... attempting HTTP
+set HTTP_ERR HTTP has failed, localbooting...
+set boot_domain {{ boot_domain }}
+set version {{ boot_version }}
+
+:start
+echo ${bold}${fg_gre}${boot_domain} - ${fg_whi}v${version}${boldoff}
+echo ${bold}${fg_whi}Powered by${fg_gre}netboot.xyz${boldoff}
+prompt --key m --timeout 4000 Hit the ${bold}m${boldoff} key to open failsafe menu... && goto failsafe || goto dhcp
+
+:dhcp
+echo
+dhcp || goto netconfig
+goto menu
+
+:failsafe
+menu ${boot_domain} Failsafe Menu
+item localboot Boot to local drive
+item netconfig Manual network configuration
+item retry Retry boot
+item debug iPXE Debug Shell
+item reboot Reboot System
+choose failsafe_choice || exit
+goto ${failsafe_choice}
+
+:netconfig
+echo Network Configuration:
+echo Available interfaces...
+ifstat
+imgfree
+echo -n Set network interface number [0 for net0, defaults to 0]: ${} && read net
+isset ${net} || set net 0
+echo -n IP: && read net${net}/ip
+echo -n Subnet mask: && read net${net}/netmask
+echo -n Gateway: && read net${net}/gateway
+echo -n DNS: && read dns
+ifopen net${net}
+echo Attempting chainload of ${boot_domain}...
+goto menu || goto failsafe
+
+:menu
+set conn_type https
+chain --autofree https://${boot_domain}/menu.ipxe || echo ${HTTPS_ERR}
+sleep 5
+set conn_type http
+chain --autofree http://${boot_domain}/menu.ipxe || echo ${HTTP_ERR}
+goto localboot
+
+:localboot
+exit
+
+:retry
+goto start
+
+:reboot
+reboot
+goto start
+
+:debug
+echo Type "exit" to return to menu
+shell
+goto failsafe

roles/netbootxyz/templates/disks/ipxe-dhcp.j2

@@ -0,0 +1,38 @@
+#!ipxe
+
+:start
+set version {{ loader_version }}
+echo {{ domain_name }} iPXE loader v${version}
+goto dhcp
+
+:dhcp
+dhcp || goto static
+goto menu
+
+:static
+echo DHCP Server not found, enabling manual override:
+imgfree
+ifclose net0
+echo -n IP: && read net0/ip
+echo -n Subnet mask: && read net0/netmask
+echo -n Gateway: && read net0/gateway
+echo -n DNS: && read dns
+ifopen net0
+echo Attempting chainload of {{ domain_name }}...
+goto menu || goto failsafe
+
+:menu
+chain --autofree http://{{ domain_name }}/menu.ipxe
+goto boot
+
+:failsafe
+echo Attempt to load {{ domain_name }} failed... restarting...
+goto start
+
+:boot
+sanboot --no-describe --drive 0x80
+
+:debug
+echo Type "exit" to return to menu
+shell
+goto start

roles/netbootxyz/templates/disks/ipxe-static.j2

@@ -0,0 +1,34 @@
+#!ipxe
+
+:start
+set version {{ loader_version }}
+echo {{ domain_name }} iPXE loader v${version}
+goto static
+
+:static
+echo Please enter in the networking information of your Server:
+imgfree
+ifclose net0
+echo -n IP: && read net0/ip
+echo -n Subnet mask: && read net0/netmask
+echo -n Gateway: && read net0/gateway
+echo -n DNS: && read dns
+ifopen net0
+echo Attempting chainload of {{ domain_name }}...
+goto menu || goto failsafe
+
+:menu
+chain --autofree http://{{ domain_name }}/menu.ipxe
+goto boot
+
+:failsafe
+echo Attempt to load {{ domain_name }} failed... restarting...
+goto start
+
+:boot
+sanboot --no-describe --drive 0x80
+
+:debug
+echo Type "exit" to return to menu
+shell
+goto start

roles/netbootxyz/templates/menu/alpinelinux.ipxe.j2

@@ -0,0 +1,46 @@
+#!ipxe
+
+# Alpine Linux
+# https://alpinelinux.org
+
+isset ${dhcp-server} && set ipparam ip=dhcp || set ipparam ip=${ip}::${gateway}:${netmask}::eth0:none:${dns}
+
+goto ${menu}
+
+:alpinelinux
+clear alpine_version
+set os {{ releases.alpinelinux.name }}
+iseq ${arch} x86_64 && set bootarch x86_64 || set bootarch x86
+menu ${os} [${bootarch}] - Image Sig Checks: [${img_sigs_enabled}]
+item --gap Releases
+{% for item in releases.alpinelinux.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose alpine_version || goto alpine_exit
+goto boot
+
+:boot
+set base-url {{ releases.alpinelinux.mirror }}
+set dir {{ releases.alpinelinux.base_dir }}/${alpine_version}/releases/${bootarch}/netboot
+set repo-url {{ releases.alpinelinux.mirror }}/{{ releases.alpinelinux.base_dir }}/${alpine_version}/main
+imgfree
+kernel ${base-url}/${dir}/vmlinuz-vanilla ${ipparam} alpine_repo=${repo-url} modules=loop,squashfs modloop=${base-url}/${dir}/modloop-vanilla quiet nomodeset
+initrd ${base-url}/${dir}/initramfs-vanilla
+echo
+echo MD5sums:
+md5sum vmlinuz-vanilla initramfs-vanilla
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz-vanilla ${sigs}${dir}/vmlinuz-vanilla.sig || goto error
+imgverify initramfs-vanilla ${sigs}${dir}/initramfs-vanilla.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+goto alpine_exit
+
+:alpine_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/archlinux.ipxe.j2

@@ -0,0 +1,55 @@
+#!ipxe
+
+# Arch Linux Operating System
+# http://www.archlinux.org
+
+isset ${dhcp-server} || goto static_ip
+set ipparam BOOTIF=${netX/mac} ip=dhcp
+set real_archlinux_mirror http://{{ releases.archlinux.mirror }}
+goto goto_menu
+
+:static_ip
+# Arch Linux cannot use DNS if booted with a static IP
+# See https://bugs.archlinux.org/task/63174
+# Remove this hack when the above bug is properly resolved
+nslookup real_archlinux_mirror {{ releases.archlinux.mirror }}
+set ipparam BOOTIF=${netX/mac} ip=${ip}::${gateway}:${netmask}
+
+:goto_menu
+goto ${menu} ||
+
+:archlinux
+set os {{ releases.archlinux.name }}
+clear arch_version
+menu ${os} - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+item --gap Latest Releases
+{% for item in releases.archlinux.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose arch_version || goto archlinux_exit
+goto boot
+
+:boot
+imgfree
+set dir {{ releases.archlinux.base_dir }}/iso/${arch_version}/arch/boot
+set params initrd=archiso.img archiso_http_srv=http://${real_archlinux_mirror}/{{ releases.archlinux.base_dir }}/iso/${arch_version}/ archisobasedir=arch verify=y ${ipparam} net.ifnames=0 ${console}
+kernel http://{{ releases.archlinux.mirror }}/${dir}/x86_64/vmlinuz ${params} initrd=archiso.img
+initrd http://{{ releases.archlinux.mirror }}/${dir}/x86_64/archiso.img
+echo
+echo MD5sums:
+md5sum vmlinuz archiso.img
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz ${sigs}${dir}/x86_64/vmlinuz.sig || goto error
+imgverify archiso.img ${sigs}${dir}/x86_64/archiso.img.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+goto archlinux_exit
+
+:archlinux_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/blackarch.ipxe.j2

@@ -0,0 +1,27 @@
+#!ipxe
+
+# BlackArch Linux Operating System
+# https://blackarch.org/
+
+goto ${menu}
+
+:blackarch
+set os {{ releases.blackarch.name }}
+menu ${os} Installers
+item --gap Official Releases
+{% for item in releases.blackarch.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose blackarch_version || goto blackarch_exit
+goto blackarch_boot
+
+:blackarch_boot
+set blackarch_initrd http://distro.ibiblio.org/blackarch/iso/blackarch-linux-netinst-${blackarch_version}-x86_64.iso
+kernel ${memdisk} iso raw
+initrd ${blackarch_initrd}
+boot
+goto blackarch_exit
+
+:blackarch_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/boot.ipxe.j2

@@ -0,0 +1,134 @@
+#!ipxe
+
+:global_vars
+# set site name
+set site_name netboot.xyz
+
+# set boot domain
+set boot_domain boot.netboot.xyz
+
+# set location of memdisk
+set memdisk http://${boot_domain}/memdisk
+
+# signature check enabled?
+set sigs_enabled true
+
+# image signatures check enabled?
+set img_sigs_enabled true
+
+# set location of signatures for sources
+set sigs http://${boot_domain}/sigs/
+
+# set location of latest iPXE
+set ipxe_disk netboot.xyz-undionly.kpxe
+
+##################
+# official mirrors
+##################
+:mirrors
+### Alpine Linux
+set alpinelinux_mirror dl-cdn.alpinelinux.org
+set alpinelinux_base_dir alpine
+
+### ArchLinux
+set archlinux_mirror mirror.rackspace.com
+set archlinux_base_dir archlinux
+
+### CentOS
+set centos_mirror mirror.centos.org
+set centos_base_dir centos
+
+### Devuan
+set devuan_mirror auto.mirror.devuan.org
+set devuan_base_dir devuan
+
+### Fedora
+set fedora_mirror mirrors.kernel.org
+set fedora_base_dir fedora
+
+### Mageia
+set mageia_mirror mirrors.kernel.org
+set mageia_base_dir mageia
+
+### OpenSUSE
+set opensuse_mirror download.opensuse.org
+set opensuse_base_dir distribution/leap
+
+### Slackware
+set slackware_mirror mirror.rackspace.com
+set slackware_base_dir slackware
+
+### Ubuntu
+set ubuntu_mirror archive.ubuntu.com
+set ubuntu_base_dir ubuntu
+
+
+#################################################
+# determine architectures and enable menu options
+#################################################
+:architectures
+set menu_linux 1
+set menu_bsd 1
+set menu_freedos 1
+set menu_live 1
+set menu_security 1
+set menu_windows 1
+set menu_utils 1
+iseq ${buildarch} i386 && goto x86_64 ||
+iseq ${buildarch} x86_64 && goto x86_64 ||
+iseq ${buildarch} arm64 && goto arm64 ||
+goto architectures_end
+:x86_64
+goto architectures_end
+:arm64
+set menu_freedos 0
+set menu_live 0
+set menu_security 0
+set menu_windows 0
+set menu_utils 0
+goto architectures_end
+:architectures_end
+goto clouds
+
+###################################
+# set iPXE cloud provider specifics
+###################################
+:clouds
+iseq ${ipxe_cloud_config} gce && goto gce ||
+iseq ${ipxe_cloud_config} packet && goto packet ||
+goto clouds_end
+
+:gce
+set console console=ttyS0,115200n8
+goto clouds_end
+
+:packet
+iseq ${buildarch} i386 && goto packet_x86_64 ||
+iseq ${buildarch} x86_64 && goto packet_x86_64 ||
+iseq ${buildarch} arm64 && goto packet_arm64 ||
+goto clouds_end
+
+:packet_x86_64
+set console console=ttyS1,115200n8
+set ipxe_disk netboot.xyz-packet.kpxe
+set menu_freedos 0
+set menu_windows 0
+set menu_utils 0
+goto clouds_end
+
+:packet_arm64
+set console console=ttyAMA0,115200
+set ipxe_disk netboot.xyz-packet-arm64.efi
+set menu_bsd 0
+set menu_freedos 0
+set menu_live 0
+set menu_security 0
+set menu_windows 0
+set menu_utils 0
+goto clouds_end
+
+:clouds_end
+goto end
+
+:end
+exit

roles/netbootxyz/templates/menu/bsd.ipxe.j2

@@ -0,0 +1,41 @@
+#!ipxe
+
+goto ${menu} ||
+
+:bsd_menu
+
+menu BSD Installers - Current Selected Architecture [ ${arch} ]
+iseq ${arch} x86_64 && set arch_a amd64 || set arch_a ${arch}
+
+# BSD based systems
+item --gap BSD Based Operating Systems
+{% for key, value in releases.items() | sort %}
+{% if value.enabled is defined and value.menu == "bsd" and value.enabled | bool %}
+item {{ key }} ${space} {{ value.name }}
+{% endif %}
+{% endfor %}
+# Options
+item --gap Options:
+iseq ${arch} x86_64 && set bits 64 || set bits 32
+item changebits ${space} Architecture: ${arch} (${bits}bit)
+choose menu || goto bsd_exit
+
+echo ${cls}
+goto ${menu} ||
+iseq ${sigs_enabled} true && goto verify_sigs || goto change_menu
+
+:verify_sigs
+imgverify ${menu}.ipxe ${sigs}${menu}.ipxe.sig || goto error
+goto change_menu
+
+:change_menu
+chain ${menu}.ipxe || goto error
+goto bsd_menu
+
+:bsd_exit
+clear menu
+exit 0
+
+:changebits
+iseq ${arch} x86_64 && set arch i386 || set arch x86_64
+goto bsd_menu

roles/netbootxyz/templates/menu/centos.ipxe.j2

@@ -0,0 +1,83 @@
+#!ipxe
+
+# CentOS Operating System
+# http://www.centos.org
+
+isset ${dhcp-server} && set ipparam ip=dhcp || set ipparam ip=${ip}::${gateway}:${netmask}:::none nameserver=${dns}
+set ipparam BOOTIF=${netX/mac} ${ipparam}
+
+goto ${menu} ||
+
+:centos
+clear osversion
+set os {{ releases.centos.name }}
+menu ${os} - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+{% for item in releases.centos.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+isset ${osversion} || choose osversion || goto linux_menu
+echo ${cls}
+set dir {{ releases.centos.base_dir }}/${osversion}/BaseOS/${arch}/os
+iseq ${osversion} 7.7.1908 && set dir {{ releases.centos.base_dir }}/${osversion}/os/${arch} ||
+set repo {{ releases.centos.mirror }}/{{ releases.centos.base_dir }}
+goto boottype
+
+:boottype
+set ova ${os} ${osversion}
+menu ${os} ${arch} boot type
+item graphical ${ova} graphical installer
+item text ${ova} text based installer
+item rescue ${ova} rescue
+item kickstart ${ova} set kickstart url [ ${ksurl} ]
+item kickstart_device ${ova} set ksdevice [ ${ksdevice} ]
+isset ${bt} || choose bt || goto centos
+echo ${cls}
+iseq ${bt} text && goto text ||
+iseq ${bt} rescue && goto rescue ||
+iseq ${bt} kickstart && goto kickstart ||
+iseq ${bt} kickstart_device && goto kickstart_device ||
+goto bootos_images
+
+:text
+set params text ||
+goto bootos_images
+
+:rescue
+set params rescue ||
+goto bootos_images
+
+:kickstart
+echo -n Specify kickstart URL for ${os} ${osversion}: && read ksurl
+set params ks=${ksurl} ||
+clear bt
+goto boottype
+
+:kickstart_device
+echo -n Specify ksdevice param for ${os} ${osversion}: && read ksdevice
+set ksdevice ${ksdevice} ||
+clear bt
+goto boottype
+
+:bootos_images
+imgfree
+kernel {{ releases.centos.mirror }}/${dir}/images/pxeboot/vmlinuz repo=${repo} ${params} ${console} ${ipparam} initrd=initrd.img
+initrd {{ releases.centos.mirror }}/${dir}/images/pxeboot/initrd.img
+echo
+echo MD5sums:
+md5sum vmlinuz initrd.img
+iseq ${osversion} 8-stream && echo Rolling release, skipping sig checks && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz ${sigs}${dir}/images/pxeboot/vmlinuz.sig || goto error
+imgverify initrd.img ${sigs}${dir}/images/pxeboot/initrd.img.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+goto linux_menu
+
+:linux_menu
+clear menu
+exit 0

roles/netbootxyz/templates/menu/debian.ipxe.j2

@@ -0,0 +1,99 @@
+#!ipxe
+
+# Debian Operating System
+# http://www.debian.org
+
+goto ${menu}
+
+:debian
+set os Debian
+clear debian_version
+clear older_release
+menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
+item --gap Latest Releases
+{% for item in releases.debian.versions.stable %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+item --gap Testing Releases
+{% for item in releases.debian.versions.testing %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+item --gap Older Releases
+item older_release ${space} Set release codename...
+choose debian_version || goto debian_exit
+iseq ${debian_version} older_release && goto older_release ||
+goto mirrorcfg
+
+:older_release
+set older_release true
+set debian_mirror {{ releases.debian.archive_mirror }}
+echo Setting mirror to ${debian_mirror}
+clear debian_version
+echo -n Please set enter code name of release: ${} && read debian_version
+set dir {{ releases.debian.base_dir }}/dists/${debian_version}/main/installer-${arch_a}/current/images/netboot/
+goto deb_boot_type
+
+:mirrorcfg
+set debian_mirror {{ releases.debian.mirror }}
+set mirrorcfg mirror/suite=${debian_version}
+set dir {{ releases.debian.base_dir }}/dists/${debian_version}/main/installer-${arch_a}/current/images/netboot/
+goto deb_boot_type
+
+:deb_boot_type
+menu ${os} [${debian_version}] Installer
+item --gap Install types
+item text ${space} Text Based Install
+item graphical ${space} Graphical Based Install
+item rescue ${space} Rescue Mode
+item expert ${space} Expert Install
+item preseed ${space} Specify preseed url...
+choose --default ${type} type || goto debian
+
+echo ${cls}
+goto deb_${type}
+
+:deb_rescue
+set install_params rescue/enable=true
+goto deb_text
+
+:deb_expert
+set install_params priority=low
+goto deb_text
+
+:deb_preseed
+echo -n Specify preseed URL for ${os} ${debian_version}: && read preseedurl
+set install_params auto=true priority=critical preseed/url=${preseedurl}
+goto deb_text
+
+:deb_text
+set dir ${dir}${menu}-installer/${arch_a}
+goto deb_boot
+
+:deb_graphical
+set dir ${dir}gtk/${menu}-installer/${arch_a}
+set install_params vga=788
+goto deb_boot
+
+:deb_boot
+imgfree
+echo Boot parameters: ${install_params} -- quiet ${params}
+kernel http://${debian_mirror}/${dir}/linux ${install_params} ${netcfg} ${mirrorcfg} ${console} -- quiet ${params} initrd=initrd.gz
+initrd http://${debian_mirror}/${dir}/initrd.gz
+echo
+echo MD5sums:
+md5sum linux initrd.gz
+iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${dir}/linux.sig || goto error
+imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+
+:debian_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/devuan.ipxe.j2

@@ -0,0 +1,86 @@
+#!ipxe
+
+# Devuan Operating System
+# http://www.devuan.org
+
+goto ${menu}
+
+:devuan
+set os Devuan
+clear devuan_version
+clear older_release
+menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
+item --gap Latest Releases
+{% for item in releases.devuan.versions.stable %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+item --gap Testing Releases
+{% for item in releases.devuan.versions.testing %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose devuan_version || goto devuan_exit
+goto mirrorcfg
+
+:mirrorcfg
+set mirrorcfg mirror/suite=${devuan_version}
+set dir ${devuan_base_dir}/dists/${devuan_version}/main/installer-${arch_a}/current/images/netboot/
+goto devuan_boot_type
+
+:devuan_boot_type
+menu ${os} [${devuan_version}] Installer
+item --gap Install types
+item text ${space} Text Based Install
+item graphical ${space} Graphical Based Install
+item rescue ${space} Rescue Mode
+item expert ${space} Expert Install
+item preseed ${space} Specify preseed url...
+choose --default ${type} type || goto devuan
+
+echo ${cls}
+goto devuan_${type}
+
+:devuan_rescue
+set install_params rescue/enable=true
+goto devuan_text
+
+:devuan_expert
+set install_params priority=low
+goto devuan_text
+
+:devuan_preseed
+echo -n Specify preseed URL for ${os} ${devuan_version}: && read preseedurl
+set install_params auto=true priority=critical preseed/url=${preseedurl}
+goto devuan_text
+
+:devuan_text
+set dir ${dir}debian-installer/${arch_a}
+goto devuan_boot
+
+:devuan_graphical
+set dir ${dir}gtk/debian-installer/${arch_a}
+set install_params vga=788
+goto devuan_boot
+
+:devuan_boot
+imgfree
+echo Boot parameters: ${install_params} -- quiet ${params}
+kernel http://${devuan_mirror}/${dir}/linux ${install_params} ${mirrorcfg} ${console} -- quiet ${params} initrd=initrd.gz
+initrd http://${devuan_mirror}/${dir}/initrd.gz
+echo
+echo MD5sums:
+md5sum linux initrd.gz
+iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${dir}/linux.sig || goto error
+imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+
+:devuan_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/fedora.ipxe.j2

@@ -0,0 +1,83 @@
+#!ipxe
+
+# Fedora Operating System
+# https://getfedora.org/
+
+isset ${dhcp-server} && set ipparam ip=dhcp || set ipparam ip=${ip}::${gateway}:${netmask}:::none nameserver=${dns}
+set ipparam BOOTIF=${netX/mac} ${ipparam}
+
+goto ${menu} ||
+
+:fedora
+clear osversion
+clear sku_type
+clear ova
+set os Fedora
+menu Fedora - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+item --gap Latest Releases
+{% for item in releases.fedora.versions %}
+item {{ item.name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+iseq ${arch} x86_64 && item rawhide ${space} ${os} rawhide ||
+isset ${osversion} || choose osversion || goto linux_menu
+set ova ${os} ${osversion}
+goto product_sku
+
+:product_sku
+menu ${os} ${arch} sku type
+item Everything ${ova} Everything
+item Server ${ova} Server
+item Workstation ${ova} Workstation
+item Atomic ${ova} Atomic
+iseq ${arch} x86_64 && item Silverblue ${ova} Silverblue ||
+isset ${sku_type} || choose sku_type || goto fedora
+set dir ${fedora_base_dir}/releases/${osversion}/${sku_type}/${arch}/os
+iseq ${osversion} rawhide && set dir ${fedora_base_dir}/development/${osversion}/${sku_type}/${arch}/os ||
+iseq ${sku_type} Atomic && iseq ${osversion} 29 && set dir fedora-alt/atomic/stable/Fedora-Atomic-29-20181025.1/AtomicHost/x86_64/os ||
+set ova ${ova} ${sku_type}
+echo ${cls}
+goto boottype
+
+:boottype
+menu ${os} ${arch} boot type
+item normal ${ova} install
+item rescue ${ova} rescue
+item kickstart ${ova} specify kickstart url
+isset ${bt} || choose bt || goto fedora
+echo ${cls}
+iseq ${bt} rescue && goto rescue ||
+iseq ${bt} kickstart && goto kickstart ||
+goto boot
+
+:rescue
+set params rescue ||
+goto boot
+
+:kickstart
+echo -n Specify kickstart URL for ${os} ${osversion}: && read ksurl
+set params ks=${ksurl} ||
+goto boot
+
+:boot
+imgfree
+kernel http://${fedora_mirror}/${dir}/images/pxeboot/vmlinuz repo=http://${fedora_mirror}/${dir} ${params} ${console} ${ipparam} initrd=initrd.img
+initrd http://${fedora_mirror}/${dir}/images/pxeboot/initrd.img
+echo
+echo MD5sums:
+md5sum vmlinuz initrd.img
+iseq ${osversion} rawhide && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz ${sigs}${dir}/images/pxeboot/vmlinuz.sig || goto error
+imgverify initrd.img ${sigs}${dir}/images/pxeboot/initrd.img.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+goto linux_menu
+
+:linux_menu
+clear menu
+exit 0

roles/netbootxyz/templates/menu/index.html

@@ -0,0 +1,7 @@
+#!ipxe
+####       boot.netboot.xyz initial loader        ####
+#### see https://netboot.xyz for more information ####
+set conn_type https
+chain --autofree https://boot.netboot.xyz/menu.ipxe || echo HTTPS failed... attempting HTTP...
+set conn_type http
+chain --autofree http://boot.netboot.xyz/menu.ipxe || echo HTTP failed, localbooting...

roles/netbootxyz/templates/menu/linux.ipxe.j2

@@ -0,0 +1,30 @@
+#!ipxe
+
+goto ${menu} ||
+
+:linux_menu
+menu Linux Installers - Current Arch [ ${arch} ]
+iseq ${arch} x86_64 && set arch_a amd64 || set arch_a ${arch}
+item --gap Popular Linux Operating Systems:
+{% for key, value in releases.items() | sort %}
+{% if value.enabled is defined and value.menu == "linux" and value.enabled | bool %}
+item {{ key }} ${space} {{ value.name }}
+{% endif %}
+{% endfor %}
+item --gap All Others:
+choose menu || goto linux_exit
+echo ${cls}
+goto ${menu} ||
+iseq ${sigs_enabled} true && goto verify_sigs || goto change_menu
+
+:verify_sigs
+imgverify ${menu}.ipxe ${sigs}${menu}.ipxe.sig || goto error
+goto change_menu
+
+:change_menu
+chain ${menu}.ipxe || goto error
+goto linux_menu
+
+:linux_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/menu.ipxe.j2

@@ -0,0 +1,103 @@
+#!ipxe
+
+:start
+chain --autofree boot.cfg ||
+iseq ${cls} serial && goto ignore_cls ||
+set cls:hex 1b:5b:4a  # ANSI clear screen sequence - "^[[J"
+set cls ${cls:string}
+:ignore_cls
+
+:version_check
+set latest_version 1.04
+echo ${cls}
+iseq ${version} ${latest_version} && goto version_up2date ||
+echo
+echo Updated version of netboot.xyz is available:
+echo
+echo Running version.....${version}
+echo Updated version.....${latest_version}
+echo
+echo Please download the latest version from netboot.xyz.
+echo
+echo Attempting to chain to latest version...
+chain --autofree http://${boot_domain}/ipxe/${ipxe_disk} ||
+:version_up2date
+
+isset ${arch} && goto skip_arch_detect ||
+cpuid --ext 29 && set arch x86_64 || set arch i386
+iseq ${buildarch} arm64 && set arch arm64 ||
+:skip_arch_detect
+isset ${menu} && goto ${menu} ||
+
+isset ${ip} || dhcp || echo DHCP failed
+
+:main_menu
+clear menu
+set space:hex 20:20
+set space ${space:string}
+iseq ${arch} x86_64 && set arch_a amd64 || set arch_a ${arch}
+menu ${site_name}
+item --gap Default:
+item local ${space} Boot from local hdd
+item --gap Distributions:
+iseq ${menu_linux} 1 && item linux ${space} Linux Installs ||
+iseq ${menu_bsd} 1 && item bsd ${space} BSD Installs ||
+iseq ${menu_freedos} 1 && item freedos ${space} FreeDOS || 
+iseq ${menu_live} 1 && item live ${space} Live Boot ||
+iseq ${menu_security} 1 && item security ${space} Security Related ||
+iseq ${menu_windows} 1 && item windows ${space} Windows ||
+item --gap Tools:
+iseq ${menu_utils} 1 && item utils ${space} Utilities ||
+iseq ${arch} x86_64 && set bits 64 || set bits 32
+item changebits ${space} Architecture: ${arch} (${bits}bit)
+item shell ${space} iPXE shell
+item netinfo ${space} Network card info
+item --gap Signature Checks:
+item sig_check ${space} netboot.xyz [ enabled: ${sigs_enabled} ]
+item img_sigs_check ${space} Images [ enabled: ${img_sigs_enabled} ]
+isset ${github_user} && item --gap Custom Menu: ||
+isset ${github_user} && item nbxyz-custom ${space} ${github_user}'s Custom Menu ||
+isset ${menu} && set timeout 0 || set timeout 300000
+choose --timeout ${timeout} --default ${menu} menu || goto local
+echo ${cls}
+goto ${menu} ||
+iseq ${sigs_enabled} true && goto verify_sigs || goto change_menu
+
+:verify_sigs
+imgverify ${menu}.ipxe ${sigs}${menu}.ipxe.sig || goto error
+goto change_menu
+
+:change_menu
+chain ${menu}.ipxe || goto error
+goto main_menu
+
+:error
+echo Error occured, press any key to return to menu ...
+prompt
+goto main_menu
+
+:local
+echo Booting from local disks ...
+exit 0
+
+:shell
+echo Type "exit" to return to menu.
+set menu main_menu
+shell
+goto main_menu
+
+:changebits
+iseq ${arch} x86_64 && set arch i386 || set arch x86_64
+goto main_menu
+
+:sig_check
+iseq ${sigs_enabled} true && set sigs_enabled false || set sigs_enabled true
+goto main_menu
+
+:img_sigs_check
+iseq ${img_sigs_enabled} true && set img_sigs_enabled false || set img_sigs_enabled true
+goto main_menu
+
+:nbxyz-custom
+chain https://raw.githubusercontent.com/${github_user}/netboot.xyz-custom/master/custom.ipxe || goto error
+goto main_menu

roles/netbootxyz/templates/menu/openbsd.ipxe.j2

@@ -0,0 +1,32 @@
+#!ipxe
+
+# OpenBSD Operating System
+# http://www.openbsd.org
+
+:openbsd_menu
+menu {{ releases.openbsd.name }}
+{% for item in releases.openbsd.versions %}
+item {{ item.code_name }} ${space} {{ item.name }}
+{% endfor %}
+choose ver || goto openbsd_exit
+{% for item in releases.openbsd.versions %}
+iseq ${ver} {{ item.code_name }} && set image_ver {{ item.image_ver }} ||
+{% endfor %}
+iseq ${arch} x86_64 && goto openbsd_x64 ||
+set openbsd_arch i386
+goto boot_openbsd
+
+:openbsd_x64
+set openbsd_arch amd64
+goto boot_openbsd
+
+:boot_openbsd
+set src http://{{ releases.openbsd.mirror }}/{{ releases.openbsd.base_dir }}/${ver}/${openbsd_arch}/cd${image_ver}.iso
+imgfree
+initrd ${src}
+chain ${memdisk} iso raw
+exit
+
+:openbsd_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/opensuse.ipxe.j2

@@ -0,0 +1,89 @@
+#!ipxe
+
+# OpenSUSE Operating System
+# http://opensuse.org
+
+isset ${dhcp-server} || goto static_ip
+set netsetup netsetup=dhcp
+goto goto_menu
+
+:static_ip
+# Need to convert netmask into prefix, because otherwise the installer
+# accepts it but configures the network with /32 prefix, which installs
+# fine but breaks connectivity to devices in the same network.
+set prefix 32
+
+iseq ${netmask} 0.0.0.0 && set prefix 0 ||
+
+iseq ${netmask} 128.0.0.0 && set prefix 1 ||
+iseq ${netmask} 192.0.0.0 && set prefix 2 ||
+iseq ${netmask} 224.0.0.0 && set prefix 3 ||
+iseq ${netmask} 240.0.0.0 && set prefix 4 ||
+iseq ${netmask} 248.0.0.0 && set prefix 5 ||
+iseq ${netmask} 252.0.0.0 && set prefix 6 ||
+iseq ${netmask} 254.0.0.0 && set prefix 7 ||
+iseq ${netmask} 255.0.0.0 && set prefix 8 ||
+
+iseq ${netmask} 255.128.0.0 && set prefix 9 ||
+iseq ${netmask} 255.192.0.0 && set prefix 10 ||
+iseq ${netmask} 255.224.0.0 && set prefix 11 ||
+iseq ${netmask} 255.240.0.0 && set prefix 12 ||
+iseq ${netmask} 255.248.0.0 && set prefix 13 ||
+iseq ${netmask} 255.252.0.0 && set prefix 14 ||
+iseq ${netmask} 255.254.0.0 && set prefix 15 ||
+iseq ${netmask} 255.255.0.0 && set prefix 16 ||
+
+iseq ${netmask} 255.255.128.0 && set prefix 17 ||
+iseq ${netmask} 255.255.192.0 && set prefix 18 ||
+iseq ${netmask} 255.255.224.0 && set prefix 19 ||
+iseq ${netmask} 255.255.240.0 && set prefix 20 ||
+iseq ${netmask} 255.255.248.0 && set prefix 21 ||
+iseq ${netmask} 255.255.252.0 && set prefix 22 ||
+iseq ${netmask} 255.255.254.0 && set prefix 23 ||
+iseq ${netmask} 255.255.255.0 && set prefix 24 ||
+
+iseq ${netmask} 255.255.255.128 && set prefix 25 ||
+iseq ${netmask} 255.255.255.192 && set prefix 26 ||
+iseq ${netmask} 255.255.255.224 && set prefix 27 ||
+iseq ${netmask} 255.255.255.240 && set prefix 28 ||
+iseq ${netmask} 255.255.255.248 && set prefix 29 ||
+iseq ${netmask} 255.255.255.252 && set prefix 30 ||
+iseq ${netmask} 255.255.255.254 && set prefix 31 ||
+iseq ${netmask} 255.255.255.255 && set prefix 32 ||
+
+set netsetup netsetup=hostip,gateway,nameserver hostip=${ip}/${prefix} gateway=${gateway} nameserver=${dns}
+
+:goto_menu
+set netsetup ${netsetup} BOOTIF=${netX/mac}
+
+set distro opensuse
+menu openSUSE - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+{% for item in releases.opensuse.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose version || goto opensuse_exit
+set dir ${opensuse_base_dir}/${version}/repo/oss
+iseq ${version} tumbleweed && set dir ${version}/repo/oss ||
+
+imgfree
+kernel http://${opensuse_mirror}/${dir}/boot/x86_64/loader/linux
+initrd http://${opensuse_mirror}/${dir}/boot/x86_64/loader/initrd
+imgargs linux ${netsetup} install=http://${opensuse_mirror}/${dir} ${params} ${console} initrd=initrd
+echo
+echo MD5sums:
+md5sum linux initrd
+iseq ${img_sigs_enabled} true && iseq ${version} tumbleweed && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${distro}/${dir}/boot/x86_64/loader/linux.sig || goto error
+imgverify initrd ${sigs}${distro}/${dir}/boot/x86_64/loader/initrd.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+
+:opensuse_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/parrotsec.ipxe.j2

@@ -0,0 +1,27 @@
+#!ipxe
+
+# Parrot Security Linux
+# https://www.parrotsec.org
+
+goto ${menu}
+
+:parrotsec
+set os {{ releases.parrotsec.name }}
+menu ${os} Installers
+item --gap Official Releases
+{% for item in releases.parrotsec.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose parrotsec_version || goto parrotsec_exit
+goto parrotsec_boot
+
+:parrotsec_boot
+set parrotsec_initrd https://mirrordirector.archive.parrotsec.org/parrot/dists/${parrotsec_version}/main/installer-${arch_a}/current/images/netboot/mini.iso
+kernel ${memdisk} iso raw
+initrd ${parrotsec_initrd}
+boot
+goto parrotsec_exit
+
+:parrotsec_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/scientific.ipxe.j2

@@ -0,0 +1,59 @@
+#!ipxe
+
+# Scientific Linux Operating System
+# https://www.scientificlinux.org/
+
+isset ${dhcp-server} && set ipparam ip=dhcp || set ipparam ip=${ip}::${gateway}:${netmask}:::none nameserver=${dns}
+set ipparam BOOTIF=${netX/mac} ${ipparam}
+
+goto ${menu} ||
+
+:scientific
+clear osversion
+set os Scientific Linux
+menu ${os} ${arch}
+{% for item in releases.scientific.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+item other Choose other version [o]
+isset ${osversion} || choose osversion || goto linux_menu
+iseq ${osversion} other || goto scientific_skip_read_osversion
+echo ${cls}
+echo -n Enter version: ${} && read osversion
+:scientific_skip_read_osversion
+set dir linux/scientific/${osversion}/${arch}/os
+set repo http://ftp1.scientificlinux.org/${dir}
+
+goto boottype
+
+:boottype
+set ova ${os} ${osversion}
+menu ${os} ${arch} boot type
+item normal ${ova}
+item rescue ${ova} rescue
+item kickstart ${ova} specify kickstart url
+isset ${bt} || choose bt || goto scientific
+echo ${cls}
+iseq ${bt} rescue && goto rescue ||
+iseq ${bt} kickstart && goto kickstart ||
+goto bootos_images
+
+:rescue
+set params rescue ||
+goto bootos_images
+
+:kickstart
+echo -n Specify kickstart URL for ${os} ${osversion}: && read ksurl
+set params ks=${ksurl} ||
+goto bootos_images
+
+:bootos_images
+imgfree
+kernel http://ftp1.scientificlinux.org/${dir}/images/pxeboot/vmlinuz repo=${repo} ${params} ${console} ${ipparam}
+initrd http://ftp1.scientificlinux.org/${dir}/images/pxeboot/initrd.img
+boot
+goto linux_menu
+
+:linux_menu
+clear menu
+exit 0

roles/netbootxyz/templates/menu/security.ipxe.j2

@@ -0,0 +1,29 @@
+#!ipxe
+
+goto ${menu} ||
+
+:security_menu
+menu Security Distributions - Current Arch [ ${arch} ]
+iseq ${arch} x86_64 && set arch_a amd64 || set arch_a ${arch}
+item --gap Security Distributions
+{% for key, value in releases.items() | sort %}
+{% if value.enabled is defined and value.menu == "security" and value.enabled | bool %}
+item {{ key }} ${space} {{ value.name }}
+{% endif %}
+{% endfor %}
+choose menu || goto security_exit
+echo ${cls}
+goto ${menu} ||
+iseq ${sigs_enabled} true && goto verify_sigs || goto change_menu
+
+:verify_sigs
+imgverify ${menu}.ipxe ${sigs}${menu}.ipxe.sig || goto error
+goto change_menu
+
+:change_menu
+chain ${menu}.ipxe || goto error
+goto security_menu
+
+:security_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/slackware.ipxe.j2

@@ -0,0 +1,31 @@
+#!ipxe
+
+# Slackware Operating System
+# http://www.slackware.com
+
+goto ${menu}
+
+:slackware
+set os slackware
+iseq ${arch} x86_64 && set sbits 64 || clear sbits
+
+menu ${os}
+{% for item in releases.slackware.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+item --key o other Choose other version [o]
+choose version || exit 0
+iseq ${version} other || goto skip_read_version
+echo ${cls}
+echo -n Enter version: ${} && read version
+:skip_read_version
+set dir ${slackware_base_dir}/slackware${sbits}-${version}
+goto boot
+
+:boot
+imgfree
+kernel http://${slackware_mirror}/${dir}/kernels/huge.s/bzImage
+initrd http://${slackware_mirror}/${dir}/isolinux/initrd.img
+imgargs bzImage load_ramdisk=1 prompt_ramdisk=0 rw printk.time=0 SLACK_KERNEL=huge.s ${params} ${console}
+isset ${debug} && prompt ||
+boot

roles/netbootxyz/templates/menu/tinycore.ipxe.j2

@@ -0,0 +1,24 @@
+#!ipxe
+
+# Tiny Core Linux
+# http://tinycorelinux.net/downloads.html
+
+set tinycore_mirror {{ releases.tinycore.mirror }}
+
+:tinycore_menu
+set dir 10.x/x86/release
+menu Tiny Core Linux 10.x
+{% for item in releases.tinycore.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+choose version || goto tinycore_exit
+
+echo ${cls}
+
+kernel ${memdisk} iso raw ${params}
+initrd http://${tinycore_mirror}/${dir}/${version}-current.iso
+boot
+
+:tinycore_exit
+clear menu
+exit 0

roles/netbootxyz/templates/menu/ubuntu.ipxe.j2

@@ -0,0 +1,83 @@
+#!ipxe
+
+# Ubuntu Operating System
+# https://www.ubuntu.com
+
+goto ${menu}
+
+:ubuntu
+set os Ubuntu
+clear ubuntu_version
+menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
+item --gap Latest Releases
+{% for item in releases.ubuntu.versions %}
+item {{ item.code_name }} ${space} ${os} {{ item.name }}
+{% endfor %}
+item --gap Older Releases
+item older_release ${space} Set release codename...
+choose ubuntu_version || goto ubuntu_exit
+iseq ${ubuntu_version} older_release && goto older_release ||
+goto mirrorcfg
+
+:older_release
+set older_release true
+set ubuntu_mirror {{ releases.ubuntu.archive_mirror }}
+echo Setting mirror to ${ubuntu_mirror}
+clear ubuntu_version
+echo -n Please set enter code name of release: ${} && read ubuntu_version
+set dir ${ubuntu_base_dir}/dists/${ubuntu_version}-updates/main/installer-${arch_a}/current/images/netboot/
+goto deb_boot_type
+
+:mirrorcfg
+set mirrorcfg mirror/suite=${ubuntu_version}
+set dir ${ubuntu_base_dir}/dists/${ubuntu_version}-updates/main/installer-${arch_a}/current/images/netboot/
+iseq ${ubuntu_version} eoan && set dir ${ubuntu_base_dir}/dists/${ubuntu_version}/main/installer-${arch_a}/current/images/netboot/ ||
+
+:deb_boot_type
+menu ${os} [${ubuntu_version}] Installer
+item --gap Install types
+item install ${space} Install
+item rescue ${space} Rescue Mode
+item expert ${space} Expert Install
+item preseed ${space} Specify preseed url...
+choose --default ${type} type || goto ubuntu
+echo ${cls}
+goto deb_${type}
+
+:deb_rescue
+set install_params rescue/enable=true
+goto deb_boot
+
+:deb_expert
+set install_params priority=low
+goto deb_boot
+
+:deb_preseed
+echo -n Specify preseed URL for ${os} ${ubuntu_version}: && read preseedurl
+set install_params auto=true priority=critical preseed/url=${preseedurl}
+goto deb_boot
+
+:deb_install
+:deb_boot
+set dir ${dir}${menu}-installer/${arch_a}
+imgfree
+kernel http://${ubuntu_mirror}/${dir}/linux ${install_params} ${mirrorcfg} ${console} -- quiet ${params} initrd=initrd.gz
+initrd http://${ubuntu_mirror}/${dir}/initrd.gz
+echo
+echo MD5sums:
+md5sum linux initrd.gz
+iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${dir}/linux.sig || goto error
+imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
+boot
+
+:ubuntu_exit
+clear menu
+exit 0

roles/netbootxyz/vars/main.yml

@@ -0,0 +1 @@
+---

roles/netbootxyz/vars/redhat.yml

@@ -0,0 +1,9 @@
+---
+netbootxyz_packages:
+  - gcc
+  - genisoimage
+  - git
+  - httpd
+  - minizip-devel
+  - syslinux
+  - xz-devel

roles/netbootxyz/vars/ubuntu.yml

@@ -0,0 +1,8 @@
+---
+netbootxyz_packages:
+  - apache2
+  - build-essential
+  - genisoimage
+  - git
+  - liblzma-dev
+  - syslinux

user_overrides.yml

@@ -0,0 +1,15 @@
+---
+
+# overrides defaults in netbootxyz role
+generate_menus: true
+generate_disks: false
+
+# set desired boot domain 
+boot_domain: boot.mydomain.com
+
+# set overrides from standard netboot.xyz defaults
+release_overrides:
+  alpinelinux:
+    name: "ALPINELINUX"
+  fedora:
+    mirror: "iad.mirror.rackspace.com"