commit 16d7ad73d66ec9fb5f1ea4bf89a01c39c7bb691c Author: Thomas Lovén Date: Thu Apr 24 10:50:18 2025 +0200 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c91027c --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +**/* +!docker-compose.yaml +!.gitignore +!Readme.md +!build +!build/* +!assets/ +!assets/win-pe +!assets/win-pe/configs +!assets/win-pe/configs/* +assets/win-pe/configs/autounattend.xml diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..fb0500e --- /dev/null +++ b/Readme.md @@ -0,0 +1,23 @@ +This runs a single docker container which serves netboot.xyz and also a samba server on the same IP to serve e.g. windows installation files. + +# Setup instructions + +Create bootable Windows PE iso according to [instructions here](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive?view=windows-11#create-a-winpe-iso-dvd-or-cd). +Extract the iso to `config/win-pe/x64/` + +Download windows 11 install iso from microsoft. +Extract the iso to `config/windows/win-os/win11/` + +Generate autounattend.xml [https://schneegans.de/windows/unattend-generator/](https://schneegans.de/windows/unattend-generator/) and place in `assets/win-pe/configs` + + +#In Netboot.xyz web interface: +Add the following to windows.ipxe right before the other `initrd´ lines + +``` +initrd ${win_base_url}/configs/auto.bat auto.bat +initrd ${win_base_url}/configs/winpeshl.ini winpeshl.ini +``` + +Add new file `local-vars.ipxe` with the following content: +set win_base_url http://10.0.0.9/win-pe diff --git a/assets/win-pe/configs/auto.bat b/assets/win-pe/configs/auto.bat new file mode 100644 index 0000000..70979fc --- /dev/null +++ b/assets/win-pe/configs/auto.bat @@ -0,0 +1,16 @@ +@echo off + +set SERVER=10.0.0.9 +set SHARE=assets +set SETUP_PATH=windows\win-os\win11 +set UNATTEND_PATH=windows-pe\configs + +wpeinit +ping 127.0.0.1 -n 10 > nul + +ping %SERVER% -n 4 + +net use F: \\%SERVER%\%SHARE% +F:\%SETUP_PATH%\setup.exe /unattend:F:\%UNATTEND_PATH%\autounattend.xml + +pause diff --git a/assets/win-pe/configs/winpeshl.ini b/assets/win-pe/configs/winpeshl.ini new file mode 100644 index 0000000..e8fd316 --- /dev/null +++ b/assets/win-pe/configs/winpeshl.ini @@ -0,0 +1,2 @@ +[LaunchApps] +"auto.bat" diff --git a/build/Dockerfile b/build/Dockerfile new file mode 100644 index 0000000..7c03693 --- /dev/null +++ b/build/Dockerfile @@ -0,0 +1,8 @@ +FROM ghcr.io/netbootxyz/netbootxyz + +COPY smb.conf /etc/samba/smb.conf +COPY samba.ini /etc/supervisor.d/samba.ini +RUN apk add samba \ + && adduser isos --disabled-password \ + && echo -e "isos\nisos" | smbpasswd -a -s -c /etc/samba/smb.conf isos +RUN cat /etc/supervisor.d/samba.ini >> /etc/supervisor.conf diff --git a/build/samba.ini b/build/samba.ini new file mode 100644 index 0000000..f992f75 --- /dev/null +++ b/build/samba.ini @@ -0,0 +1,5 @@ +[program:smbd] +command=smbd --foreground --no-process-group --debug-stdout --configfile /etc/samba/smb.conf + +[program:nmbd] +command=nmbd --foreground --no-process-group --debug-stdout --configfile /etc/samba/smb.conf diff --git a/build/smb.conf b/build/smb.conf new file mode 100644 index 0000000..174ccc5 --- /dev/null +++ b/build/smb.conf @@ -0,0 +1,10 @@ +[global] + workgroup = WORKGROUP + security = user + +[assets] + path = /assets + read only = yes + guest ok = yes + browseable = yes + guest account = isos diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..f594e4a --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,27 @@ +networks: + web: + external: true + lan: + external: true + +services: + netboot: + build: + context: ./build-netbootxyz + # image: ghcr.io/netbootxyz/netbootxyz + restart: unless-stopped + volumes: + - ./config:/config + - ./assets:/assets + networks: + web: + lan: + ipv4_address: ${NETBOOT_IP} + labels: + traefik.enable: true + traefik.http.services.netboot.loadbalancer.server.port: 3000 + traefik.http.routers.netboot.rule: Host(`netboot.${PRIVATE_URL}`) + traefik.http.routers.netboot.tls.certResolver: le + traefik.http.routers.netboot.middlewares: auth@file + traefik.docker.network: web +