{ config, pkgs, lib, ... }:

{
  imports = [
    ./netboot-base.nix
    ../modules  # Import PlasmaCloud service modules
  ];

  # ============================================================================
  # ALL-IN-ONE PROFILE
  # ============================================================================
  # This profile includes all 8 PlasmaCloud services for a single-node deployment:
  # - Chainfire: Distributed configuration and coordination
  # - FlareDB: Time-series metrics and events database
  # - IAM: Identity and access management
  # - PlasmaVMC: Virtual machine control plane
  # - PrismNET: Software-defined networking controller
  # - FlashDNS: High-performance DNS server
  # - FiberLB: Layer 4/7 load balancer
  # - LightningStor: Distributed block storage
  # - K8sHost: Kubernetes hosting component
  #
  # This profile is optimized for:
  # - Development/testing environments
  # - Small deployments (1-3 nodes)
  # - Edge locations with limited infrastructure
  # - Proof-of-concept installations
  #
  # Services are DISABLED by default in the netboot image.
  # They will be enabled in the final installed system configuration.
  # ============================================================================

  # ============================================================================
  # SERVICE PACKAGE AVAILABILITY
  # ============================================================================
  # Make all service packages available in the netboot image
  environment.systemPackages = with pkgs; [
    # Core services
    chainfire-server
    flaredb-server
    iam-server

    # Compute and networking
    plasmavmc-server
    prismnet-server

    # Network services
    flashdns-server
    fiberlb-server

    # Storage
    lightningstor-server

    # Container orchestration
    k8shost-server

    # Additional tools for all-in-one deployment
    qemu               # For running VMs
    libvirt            # Virtualization management
    bridge-utils       # Network bridge configuration
    openvswitch        # Software-defined networking
  ];

  # ============================================================================
  # CHAINFIRE CONFIGURATION (DISABLED)
  # ============================================================================
  services.chainfire = {
    enable = lib.mkDefault false;
    port = 2379;
    raftPort = 2380;
    gossipPort = 2381;
  };

  # ============================================================================
  # FLAREDB CONFIGURATION (DISABLED)
  # ============================================================================
  services.flaredb = {
    enable = lib.mkDefault false;
    port = 2479;
    raftPort = 2480;
  };

  # ============================================================================
  # IAM CONFIGURATION (DISABLED)
  # ============================================================================
  services.iam = {
    enable = lib.mkDefault false;
    port = 8080;
  };

  # ============================================================================
  # PLASMAVMC CONFIGURATION (DISABLED)
  # ============================================================================
  services.plasmavmc = {
    enable = lib.mkDefault false;
    port = 8081;
  };

  # ============================================================================
  # PRISMNET CONFIGURATION (DISABLED)
  # ============================================================================
  services.prismnet = {
    enable = lib.mkDefault false;
    port = 8082;
  };

  # ============================================================================
  # FLASHDNS CONFIGURATION (DISABLED)
  # ============================================================================
  services.flashdns = {
    enable = lib.mkDefault false;
    port = 53;
  };

  # ============================================================================
  # FIBERLB CONFIGURATION (DISABLED)
  # ============================================================================
  services.fiberlb = {
    enable = lib.mkDefault false;
    port = 8083;
  };

  # ============================================================================
  # LIGHTNINGSTOR CONFIGURATION (DISABLED)
  # ============================================================================
  services.lightningstor = {
    enable = lib.mkDefault false;
    port = 8084;
  };

  # ============================================================================
  # K8SHOST CONFIGURATION (DISABLED)
  # ============================================================================
  services.k8shost = {
    enable = lib.mkDefault false;
    port = 8085;
  };

  # ============================================================================
  # VIRTUALIZATION SUPPORT
  # ============================================================================
  # Enable KVM virtualization
  boot.kernelModules = [ "kvm-intel" "kvm-amd" ];

  # Enable nested virtualization
  boot.extraModprobeConfig = ''
    options kvm_intel nested=1
    options kvm_amd nested=1
  '';

  # ============================================================================
  # NETWORKING CONFIGURATION
  # ============================================================================
  # Enable Open vSwitch for SDN
  networking.vswitches = lib.mkDefault {};

  # Open firewall ports for all services
  networking.firewall.allowedTCPPorts = [
    # Chainfire
    2379   # API
    2380   # Raft
    2381   # Gossip

    # FlareDB
    2479   # API
    2480   # Raft

    # IAM
    8080

    # PlasmaVMC
    8081

    # PrismNET
    8082

    # FlashDNS
    53

    # FiberLB
    8083

    # LightningStor
    8084

    # K8sHost
    8085

    # QEMU/LibVirt
    16509  # libvirtd
    5900   # VNC (for VM console access)
  ];

  networking.firewall.allowedUDPPorts = [
    # FlashDNS
    53

    # Chainfire gossip
    2381

    # VXLAN for overlay networking
    4789
  ];

  # ============================================================================
  # STORAGE CONFIGURATION
  # ============================================================================
  # Enable LVM for flexible storage management
  services.lvm.enable = true;

  # Enable ZFS if needed
  boot.supportedFilesystems = [ "ext4" "xfs" "btrfs" "zfs" ];

  # ============================================================================
  # RESOURCE LIMITS (BALANCED FOR ALL-IN-ONE)
  # ============================================================================
  # Balance resources between services on a single node
  # These are minimal limits for netboot; adjust in final config based on hardware

  systemd.services.chainfire.serviceConfig = lib.mkIf config.services.chainfire.enable {
    MemoryMax = "1G";
    CPUQuota = "100%";
  };

  systemd.services.flaredb.serviceConfig = lib.mkIf config.services.flaredb.enable {
    MemoryMax = "1G";
    CPUQuota = "100%";
  };

  systemd.services.iam.serviceConfig = lib.mkIf config.services.iam.enable {
    MemoryMax = "512M";
    CPUQuota = "50%";
  };

  systemd.services.plasmavmc.serviceConfig = lib.mkIf config.services.plasmavmc.enable {
    MemoryMax = "512M";
    CPUQuota = "50%";
  };

  systemd.services.prismnet.serviceConfig = lib.mkIf config.services.prismnet.enable {
    MemoryMax = "512M";
    CPUQuota = "50%";
  };

  # ============================================================================
  # PERFORMANCE TUNING
  # ============================================================================
  # Optimize for mixed workload (services + VMs)
  boot.kernel.sysctl = {
    # Increase max number of open files
    "fs.file-max" = 1000000;

    # Increase network buffer sizes
    "net.core.rmem_max" = 134217728;
    "net.core.wmem_max" = 134217728;

    # Enable IP forwarding for VM networking
    "net.ipv4.ip_forward" = 1;
    "net.ipv6.conf.all.forwarding" = 1;

    # Optimize for high-performance networking
    "net.core.netdev_max_backlog" = 5000;

    # Swappiness for server workloads
    "vm.swappiness" = 10;
  };
}