shrink boot media footprint

.gitignore

@@ -30,3 +30,6 @@ go.work.sum
 
 # Vscode directory
 .vscode/
+
+# Nix results
+result

client/facts/facts.go

@@ -7,6 +7,8 @@ import (
 	"github.com/zcalusic/sysinfo"
 )
 
+const APIVersion string = "facts/v1alpha1"
+
 type FactsResponse struct {
 	APIVersion  string                  `json:"apiVersion"`
 	CPUInfo     sysinfo.CPU             `json:"cpu"`
@@ -24,7 +26,7 @@ func GetFacts(next http.Handler) http.Handler {
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		resp := FactsResponse{
-			APIVersion:  "v1",
+			APIVersion:  APIVersion,
 			CPUInfo:     si.CPU,
 			BoardInfo:   si.Board,
 			DeviceInfo:  si.Product,

client/power/power.go

@@ -0,0 +1,9 @@
+package power
+
+const APIVersion string = "power/v1alpha1"
+
+type PowerActionResponse struct {
+	APIVersion string `json:"apiVersion"`
+	Action     string `json:"action"`
+	Success    bool   `json:"success"`
+}

client/power/poweroff.go

@@ -0,0 +1,30 @@
+package power
+
+import (
+	"net/http"
+	"os/exec"
+
+	"git.dubyatp.xyz/orphanage/client/httputil"
+)
+
+func PowerOffResponse(success bool) PowerActionResponse {
+	resp := PowerActionResponse{
+		APIVersion: APIVersion,
+		Action:     "poweroff",
+		Success:    success,
+	}
+	return resp
+}
+
+func PowerOff(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		cmd := exec.Command("systemctl", "poweroff")
+		err := cmd.Run()
+
+		if err != nil {
+			httputil.WriteJSON(w, http.StatusOK, PowerOffResponse(false))
+		} else {
+			httputil.WriteJSON(w, http.StatusOK, PowerOffResponse(true))
+		}
+	})
+}

client/power/reboot.go

@@ -0,0 +1,30 @@
+package power
+
+import (
+	"net/http"
+	"os/exec"
+
+	"git.dubyatp.xyz/orphanage/client/httputil"
+)
+
+func RebootResponse(success bool) PowerActionResponse {
+	resp := PowerActionResponse{
+		APIVersion: APIVersion,
+		Action:     "reboot",
+		Success:    success,
+	}
+	return resp
+}
+
+func Reboot(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		cmd := exec.Command("systemctl", "reboot")
+		err := cmd.Run()
+
+		if err != nil {
+			httputil.WriteJSON(w, http.StatusOK, RebootResponse(false))
+		} else {
+			httputil.WriteJSON(w, http.StatusOK, RebootResponse(true))
+		}
+	})
+}

client/routes/routes.go

@@ -5,14 +5,17 @@ import (
 
 	"git.dubyatp.xyz/orphanage/client/facts"
 	"git.dubyatp.xyz/orphanage/client/httputil"
+	"git.dubyatp.xyz/orphanage/client/power"
 	"git.dubyatp.xyz/orphanage/client/testfunc"
 )
 
 func AddRoutes(
 	mux *http.ServeMux,
 ) {
-	mux.Handle("/", http.NotFoundHandler())
+	mux.Handle("GET /", http.NotFoundHandler())
-	mux.Handle("/helloworld", httputil.HelloWorld(nil))
+	mux.Handle("GET /helloworld", httputil.HelloWorld(nil))
-	mux.Handle("/testjson", testfunc.HelloWorldJSON(nil))
+	mux.Handle("GET /testjson", testfunc.HelloWorldJSON(nil))
-	mux.Handle("/facts", facts.GetFacts(nil))
+	mux.Handle("GET /facts", facts.GetFacts(nil))
+	mux.Handle("POST /power/reboot", power.Reboot(nil))
+	mux.Handle("POST /power/poweroff", power.PowerOff(nil))
 }

flake.lock

@@ -1,12 +1,48 @@
 {
   "nodes": {
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1751903740,
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1751637120,
+        "lastModified": 1752950548,
-        "narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=",
+        "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5c724ed1388e53cc231ed98330a60eb2f7be4be3",
+        "rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
         "type": "github"
       },
       "original": {
@@ -17,6 +53,7 @@
     },
     "root": {
       "inputs": {
+        "nixos-generators": "nixos-generators",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -3,9 +3,13 @@
 
   inputs = {
     nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
-  outputs = { self, nixpkgs }:
+  outputs = { self, nixpkgs, nixos-generators, ... }:
     let
       lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101";
       version = builtins.substring 0 8 lastModifiedDate;
@@ -17,14 +21,116 @@
       packages = forAllSystems (system:
         let
           pkgs = nixpkgsFor.${system};
-        in
+          clientPackage = pkgs.buildGoModule {
-        {
+            pname = "client";
-          default = pkgs.buildGoModule {
-            pname = "orphanage-client";
             inherit version;
             src = ./client;
             vendorHash = null;
           };
+        in
+        {
+          default = clientPackage;
+          boot-env-iso = nixos-generators.nixosGenerate {
+            inherit system;
+            format = "iso";
+            modules = [
+              ({modulesPath, ...}: {
+                imports = [
+                  (modulesPath + "/profiles/minimal.nix")
+                  (modulesPath + "/profiles/base.nix")
+                ];
+
+                system.stateVersion = "25.05";
+
+                boot.initrd.kernelModules = ["hv_vmbus" "hv_storvsc"]; # Hyper-V Support
+
+                # Disable unneeded features
+                documentation.enable = false;
+                fonts.fontconfig.enable = false;
+                services.udisks2.enable = false;
+
+                networking.firewall.enable = false; # Technically we COULD use the firewall, but given that this is a network-dependent, one-time-use service, it would cause more issues
+
+                services.getty.autologinUser = "root";
+
+                environment.systemPackages = [ clientPackage ];
+                environment.etc."profile.local".text = ''
+                  client
+                '';
+
+                isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+            })
+          ];
+        };
+          boot-env-pxe = let
+            systemConfig = nixpkgs.lib.nixosSystem {
+              inherit system;
+              modules = [
+                ({modulesPath, ...}: {
+                  imports = [
+                    (modulesPath + "/installer/netboot/netboot-minimal.nix")
+                  ];
+                  system.stateVersion = "25.05";
+
+                  boot.initrd.kernelModules = ["hv_vmbus" "hv_storvsc"]; # Hyper-V Support
+
+                  # Disable unneeded features
+                  documentation.enable = nixpkgs.lib.mkForce false;
+                  documentation.nixos.enable = nixpkgs.lib.mkForce false;
+                  fonts.fontconfig.enable = false;
+                  services.udisks2.enable = false;
+
+                  users.allowNoPasswordLogin = true;
+                  users.mutableUsers = false;
+
+                  security.sudo.enable = false;
+
+                  services.getty.helpLine = nixpkgs.lib.mkForce "";
+
+                  nix.enable = false;
+
+                  networking.firewall.enable = false; # Technically we COULD use the firewall, but given that this is a network-dependent, one-time-use service, it would cause more issues
+                  
+                  services.getty.autologinUser = nixpkgs.lib.mkForce "root";
+
+                  environment.systemPackages = [ clientPackage ];
+                  environment.etc."profile.local".text = ''
+                    client
+                  '';
+                })
+              ];
+            }; in pkgs.stdenv.mkDerivation {
+              name = "boot-env-pxe";
+              buildCommand = ''
+                mkdir -p $out
+                cp -r ${systemConfig.config.system.build.kernel}/bzImage $out/kernel
+                cp -r ${systemConfig.config.system.build.netbootRamdisk} $out/initrd
+                cat <<EOF > $out/boot.ipxe
+                #!ipxe
+
+                imgfree
+                kernel http://127.0.0.1:8081/kernel init=${systemConfig.config.system.build.toplevel}/init initrd=initrd ${toString systemConfig.config.boot.kernelParams} ''${cmdline}
+                initrd http://127.0.0.1:8081/initrd
+                boot
+                EOF
+              '';
+            };
+        });
+
+        apps = forAllSystems (system:
+        let
+          pkgs = nixpkgsFor.x86_64-linux;
+          iso = self.packages.x86_64-linux.boot-env-iso;
+        in
+        {
+          test-iso-x86_64 = {
+            type = "app";
+            program = "${pkgs.writeScriptBin "test-iso" ''
+              #!/bin/sh
+              ${pkgs.qemu}/bin/qemu-system-x86_64 -cdrom ${iso}/iso/*.iso -m 1G \
+                -net nic,model=rtl8139 -net user,hostfwd=tcp::8080-:8080
+            ''}/bin/test-iso";
+          };
         });
 
         devShells = forAllSystems (system:
@@ -38,6 +144,7 @@
                 pkgs.bashInteractive
                 pkgs.go
                 pkgs.delve
+                pkgs.qemu_kvm
               ];
             };
           });