nixos/pkgs/netboot.nix

{
  writeShellApplication,
  pixiecore,
  nix,
  iptables,
  inputs,
  build ? inputs.self.nixosConfigurations.chrysomallon-squamiferum.config.system.build,
  ...
}: let
  netboot = writeShellApplication {
    name = "netboot";
    runtimeInputs = [pixiecore];
    text = ''
      exec pixiecore boot \
        ${build.kernel}/bzImage \
        ${build.netbootRamdisk}/initrd \
        --cmdline "init=${build.toplevel}/init loglevel=4" \
        --dhcp-no-bind \
        --debug \
        --port 64172 \
        --status-port 64172 \
        "$@"
    '';
  };
in
  writeShellApplication {
    name = "run-netboot-server";
    runtimeInputs = [
      netboot
      nix
      iptables
    ];
    text = ''
      # Open required firewall ports
      sudo iptables -w -I nixos-fw -p udp -m multiport --dports 67,69,4011 -j ACCEPT
      sudo iptables -w -I nixos-fw -p tcp -m tcp --dport 64172 -j ACCEPT

      sudo netboot || echo "Closed netboot"

      # Close ports
      sudo iptables -w -D nixos-fw -p udp -m multiport --dports 67,69,4011 -j ACCEPT
      sudo iptables -w -D nixos-fw -p tcp -m tcp --dport 64172 -j ACCEPT
    '';
  }