Let's talk about how Talos Linux can be remotely configured using a simple HTTP endpoint.

We love this capability, but not everyone knows about it. So here's how you can send a machine configuration directly to the Talos API. This will enable automated provisioning flows, for example, pre-flashed devices can contact a backend service, identify themselves, and receive their configuration after a user authenticates or scans a QR code. It allows flexible device onboarding and account assignment using standard Talos features without extra infrastructure.

Build a custom image with https://factory.talos.dev
Example code available at https://github.com/siderolabs/talos-remote-config
PXE boot with booter https://github.com/siderolabs/booter

Sidero Labs

Talos Linux supports a lesser-known feature where the machine configuration can be fetched from a remote HTTP endpoint at boot time, rather than being embedded directly in kernel parameters. When Talos starts and network becomes available, it reaches out to a configured URL, sending device identifiers like MAC address, UUID, hostname, and serial number. A remote server can use these variables to match devices and return the appropriate full or partial config. The walkthrough demonstrates building a custom Talos image with the endpoint baked in via the image factory, running a simple demo web server that maps device variables to YAML config files, and using Omni's partial join config to automatically onboard a bare-metal machine into a cluster. The feature also supports OAuth authentication, displaying a QR code at the console for device authorization. This approach is particularly useful for pre-flashing devices and shipping them globally without knowing their final destination or customer assignment in advance.

Remotely configure Talos Linux with HTTP