diff --git a/nixos/modules/nixos/services/talos/bootstrapAssets/default.nix b/nixos/modules/nixos/services/talos/bootstrapAssets/default.nix
new file mode 100644
index 0000000..8b11ee5
--- /dev/null
+++ b/nixos/modules/nixos/services/talos/bootstrapAssets/default.nix
@@ -0,0 +1,41 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+  cfg = config.mySystem.services.talos.bootstrapAssets;
+  download-undionly = pkgs.writeShellScript "download-undionly" import ./resources/download-undionly.sh;
+in
+{
+  options.mySystem.services.talos.bootstrapAssets = {
+    enable = mkEnableOption "talos.bootstrapAssets";
+    bootAsset = mkOption {
+      type = types.str;
+      example = "http://10.1.1.57:8086/boot.ipxe";
+    };
+    tftpRoot = mkOption {
+      type = types.str;
+      example = "/srv/tftp";
+    };
+    matchboxDataPath = mkOption {
+      type = types.str;
+      example = "/var/lib/matchbox";
+    };
+    matchboxAssetPath = mkOption {
+      type = types.str;
+      example = "/var/lib/matchbox/assets";
+    };
+    talosSchematicIds = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      example = [ "22b1d04da881ef7c57edb0f24d1f3ba2c78a8e22cbe3fa9af4f42d487b2863f7" ];
+    };
+    talhelperConfig = mkOption {
+      type = types.str;
+      example = "/etc/talhelper/config.yaml";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # nix grab talconfig.yaml from git repo
+    #
+  };
+}
diff --git a/nixos/modules/nixos/services/talos/bootstrapAssets/resources/download-undionly.sh b/nixos/modules/nixos/services/talos/bootstrapAssets/resources/download-undionly.sh
new file mode 100755
index 0000000..f396dfa
--- /dev/null
+++ b/nixos/modules/nixos/services/talos/bootstrapAssets/resources/download-undionly.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p cacert curl --pure
+#shellcheck shell=bash
+set -eu -o pipefail
+
+# Check if argument $1 is set
+if [ -z "${1:-}" ]; then
+    echo "Usage: $0 <path>"
+    exit 1
+fi
+
+path="$1"
+
+# Check is file exists and exit with success.
+if [ -f "$path/undionly.kpxe" ]; then
+    echo "File $path/undionly.kpxe already exists."
+    exit 0
+fi
+
+echo "Downloading assets to $path"
+
+# Check if the directory exists
+if [ ! -d "$(dirname "$path")" ]; then
+    echo "Error: "$path" does not exist."
+    exit 1
+fi
+
+# Check if the path is writable
+if [ ! -w "$path" ]; then
+    echo "Error: $path is not writable."
+    exit 1
+fi
+
+# Download the file
+curl -o "$path/undionly.kpxe" http://boot.ipxe.org/undionly.kpxe
diff --git a/nixos/modules/nixos/services/talos/bootstrapAssets/resources/update-assets.yaml b/nixos/modules/nixos/services/talos/bootstrapAssets/resources/update-assets.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/nixos/modules/nixos/services/talos/default.nix b/nixos/modules/nixos/services/talos/default.nix
new file mode 100644
index 0000000..3bd1dfa
--- /dev/null
+++ b/nixos/modules/nixos/services/talos/default.nix
@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./bootstrapAssets
+  ];
+}