Installing Talos Linux on Bare Metal: USB Boot and BIOS Configuration for GEEKOM Mini PCs

Overview

Installing Talos Linux on both GEEKOM XT15 MEGA nodes. This is the physical installation phase - getting the OS onto the hardware. After this, both nodes will be in maintenance mode waiting for configuration.

Talos is different from traditional Linux¹ - it's immutable, API-driven, and has no SSH. All configuration is done via YAML files applied through talosctl.

Before You Begin

Prerequisites

UniFi Flat Network Setup completed
Static IP addresses assigned (192.168.1.30, 192.168.1.31)
Both nodes connected to network via Ethernet
Management machine (Mac) with terminal access
USB drive (8GB+) for bootable installer

What We're Setting Up

Talos Linux on both GEEKOM nodes
Nodes in maintenance mode, waiting for configuration
Network access via talosctl with --insecure flag

Install talosctl

Run Installer

curl -sL https://talos.dev/install | sh

This downloads, validates checksum, and installs automatically.

Verify Installation

talosctl version --client

Download Talos ISO

Check the Talos releases page² for the latest version.

Download ISO

# Replace version as needed
curl -LO https://github.com/siderolabs/talos/releases/download/v1.11.6/metal-amd64.iso

Verify Checksum

# Download checksum file
curl -LO https://github.com/siderolabs/talos/releases/download/v1.11.6/sha256sum.txt

# Verify
shasum -a 256 -c sha256sum.txt --ignore-missing

Create Bootable USB

Identify Drive

diskutil list

Look for your USB drive (e.g., /dev/disk8). Note the disk identifier, not the partition (disk8, not disk8s1).

Write ISO

# Unmount first (required)
diskutil unmountDisk /dev/<disk>

# CAUTION: will erase the drive!
# Use rdisk for faster writes (raw, bypasses buffer cache)
sudo dd if=metal-amd64.iso of=/dev/r<disk> bs=1m

Takes about 20 seconds for the ~287MB ISO.

Eject

diskutil eject /dev/<disk>


Tip:	Balena Etcher provides a GUI with drive validation if you prefer not using command line.

Boot Nodes from USB

Repeat these steps for each node (Node 1 at .30, then Node 2 at .31). The GEEKOM XT15 MEGA nodes come with Windows 11 preinstalled:

Insert USB drive (move from previous node if needed)
Restart and press Delete to enter BIOS (Aptio Setup - AMI)
Change these settings:

Setting	Location	Default	Action
Boot Device Priority	Boot	varies	Set USB KEY: UEFI:... first
Wake Up by LAN	Advanced > Power Management Configuration	Disabled	Enable
Power-On after Power-Fail	Advanced > Power Management Configuration	Off	Set to Power On

Verify these defaults (usually already correct):

Setting	Location	Default
Turbo Mode	Advanced > CPU Configuration	Enabled
Secure Boot Control	Security > Secure Boot	Disabled


Note:	You may see Intel virtualization settings (VT-x for CPU virtualization, VT-d for device passthrough to VMs). These are only needed when running hypervisors like Proxmox or VMware. On bare metal Talos, containers access hardware directly through the kernel - no virtualization layer involved. This is different from Windows where Docker Desktop and WSL2 run containers inside a hidden Hyper-V VM (which is why Windows requires VT-x enabled). For bare metal Linux, leave these at defaults.

Note:

You may see Intel virtualization settings (VT-x for CPU virtualization, VT-d for device passthrough to VMs). These are only needed when running hypervisors like Proxmox or VMware. On bare metal Talos, containers access hardware directly through the kernel - no virtualization layer involved. This is different from Windows where Docker Desktop and WSL2 run containers inside a hidden Hyper-V VM (which is why Windows requires VT-x enabled). For bare metal Linux, leave these at defaults.

Save and exit - boots directly into Talos
Talos boots into maintenance mode, gets IP from DHCP reservation

Node	IP
Node 1	192.168.1.30
Node 2	192.168.1.31

Verify Nodes Accessible

Once both nodes are booted, verify they're reachable from your management machine.

Check Connectivity

# Node 1
talosctl get disks --insecure --nodes 192.168.1.30

# Node 2
talosctl get disks --insecure --nodes 192.168.1.31

Should show the 2TB NVMe drive on each node. If nodes aren't at expected IPs, check your UniFi DHCP reservations from UniFi Flat Network Setup.

Next Steps

With Talos installed on both nodes, we'll set up our Git repository to store configurations.

See: SOPS and Age GitOps Secrets

Resources

Sidero Labs, "Getting Started Guide," talos.dev. Accessed: Dec. 16, 2025. [Online]. Available: https://www.talos.dev/latest/introduction/getting-started/ ↩
Sidero Labs, "Talos Linux Releases," github.com. Accessed: Dec. 16, 2025. [Online]. Available: https://github.com/siderolabs/talos/releases ↩