A lightweight Docker container bundling iPXE and dnsmasq to PXE boot Talos Linux using schematic IDs.
Get started · Report Bug · Request Feature

📖 Table of Contents

• Features
• Get Started
• How It Works
• Configuration
• Examples
• Contributing
• License

🚀 Features

• Runs dnsmasq with minimal configuration
• Bundled iPXE built from source with HTTPS support
• Runs alongside your existing DHCP
• Wake-on-LAN support
• One-liner container start for bare-metal deployment
• Ideal for Talos Image Factory PXE boot workflows

🛠️ Get Started

To start a PXE server using the default options in your 192.168.1.0/24 subnet:

docker run -it --rm --cap-add=NET_ADMIN --net=host ghcr.io/feenx-lab/flint-pxe --network 192.168.1.0/24

Important

Make sure to run your docker host is in the same network as your Talos nodes.

See more examples down below

🔧 How It Works

This image:

• Starts a minimal dnsmasq DHCP proxy and TFTP server
• Uses a built-in iPXE binary (compiled from source) with HTTPS support
• Builds the url for Talos Linux iPXE boot scripts via schematic ID, arch and version
• Sends the previously built url to your machines when PXE booting
• Optionally sends a Wake-on-LAN signal to target machines

It’s meant to be a fast, ephemeral, local PXE boot solution to stand up Talos nodes.

⚙️ Configuration

Required

Docker run parameters

• --net=host to allow PXE broadcasts
• --cap-add=NET_ADMIN for dnsmasq and WoL

Container command parameters:

Flag	Description
--network, -n	Subnet in CIDR notation (e.g: 192.168.1.0/24)

Optional

Container command parameters:

Flag	Description
--arch, -a	Architecture to use from the Image Factory (default: amd64)
--base-url, -b	Base URL to fetch the iPXE script from (default: https://pxe.factory.talos.dev/pxe)
--dry-run, -d	Enables test mode (dry-run, no changes applied) (default: false)
--help, -h	Prints help message
--mac-address, -m	MAC address for Wake-on-LAN. Can be used multiple times (default: none)
--ipxe-url-override, -o	Override the full URL for the iPXE script (default: none)
--schematic-id, -s	The Talos Image Factory schematic ID to boot from (default: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba)
--talos-version, -v	Talos version number to use (default: 1.10.4)

🧪 Examples

1. Run flint-pxe with default settings

docker run -it --rm --cap-add=NET_ADMIN --net=host \
  ghcr.io/feenx-lab/flint-pxe \
  --network 192.168.1.0/24

2. Run flint-pxe + Wake target machines

docker run -it --rm --cap-add=NET_ADMIN --net=host \
  ghcr.io/feenx-lab/flint-pxe \
  --network 192.168.1.0/24 \
  --mac-address aa:bb:cc:dd:ee:ff \
  --mac-address a1:b2:c3:d4:e5:f6

3. Run flint-pxe with a custom schematic ID on arm64

docker run -it --rm --cap-add=NET_ADMIN --net=host \
  ghcr.io/feenx-lab/flint-pxe \
  --network 192.168.1.0/24 \
  --arch arm64 \
  --schematic-id 09dbcadc567d93b02a1610c70d651fadbe56aeac3aaca36bc488a38f3fffe99d

🤝 Contributing

Contributions, issues and feature requests are welcome! Feel free to check out the issues page or submit a PR.

⚖️️ License

Distributed under the MIT License. See LICENSE for more information.

📦 Image Availability

Registry	Image
GitHub Container Registry	ghcr.io/feenx-lab/flint-pxe

Note

Let us know if you'd like us to publish on Docker Hub as well by opening an issue or discussion.

⬆️Back to top