{ config, pkgs, lib, ... }: let surface = import ../single-node/surface.nix; corePackages = map (service: builtins.getAttr service.packageAttr pkgs) surface.vmPlatformCore; in { imports = [ ./netboot-base.nix ../modules ]; # ============================================================================ # SINGLE-NODE / ALL-IN-ONE INSTALL IMAGE # ============================================================================ # This netboot image is the bare-metal companion to the QEMU-first # `single-node-quickstart` profile. It keeps only the minimum VM stack in the # image by default and leaves DNS, load-balancing, storage, API, metrics, and # Kubernetes layers as explicit add-ons in the final installed system. # # Included by default: # - Chainfire: local coordination and placement metadata # - FlareDB: metadata/event storage # - IAM: local identity plane for the dev profile # - PrismNET: VM networking control plane # - PlasmaVMC: VM control plane # # Intentionally not included by default: # - Deployer / Nix Agent: rollout and install authority # - Fleet Scheduler / Node Agent: native host-service placement # - K8sHost: tenant pod and service control plane # # Optional after install: # - LightningStor, CoronaFS # - FlashDNS, FiberLB # - API Gateway, Nightlight, CreditService # - K8sHost # ============================================================================ environment.systemPackages = corePackages ++ (with pkgs; [ qemu libvirt bridge-utils openvswitch curl jq ]); environment.etc."ultracloud-product-surface.json".text = builtins.toJSON { profile = "single-node dev"; coreServices = map (service: builtins.removeAttrs service [ "packageAttr" "unit" ]) surface.vmPlatformCore; optionalBundles = map (bundle: { inherit (bundle) option name summary; services = map (service: service.name) bundle.services; } // lib.optionalAttrs (bundle ? requires) { requires = bundle.requires; }) surface.optionalBundles; responsibilityBoundaries = surface.responsibilityBoundaries; easyTrial = surface.easyTrial; }; services.chainfire = { enable = lib.mkDefault false; port = 2379; raftPort = 2380; gossipPort = 2381; httpPort = 8081; }; services.flaredb = { enable = lib.mkDefault false; port = 2479; raftPort = 2480; httpPort = 8082; }; services.iam = { enable = lib.mkDefault false; port = 50080; httpPort = 8083; }; services.prismnet = { enable = lib.mkDefault false; port = 50081; httpPort = 8087; }; services.plasmavmc = { enable = lib.mkDefault false; port = 50082; httpPort = 8084; }; services.deployer.enable = lib.mkDefault false; services.nix-agent.enable = lib.mkDefault false; services.node-agent.enable = lib.mkDefault false; services.fleet-scheduler.enable = lib.mkDefault false; services.k8shost.enable = lib.mkDefault false; boot.kernelModules = [ "kvm-intel" "kvm-amd" "tun" ]; boot.extraModprobeConfig = '' options kvm_intel nested=1 options kvm_amd nested=1 ''; networking.vswitches = lib.mkDefault {}; networking.firewall.allowedTCPPorts = [ 22 2379 2380 2381 2479 2480 50080 50081 50082 8081 8082 8083 8084 8087 16509 5900 ]; networking.firewall.allowedUDPPorts = [ 2381 4789 ]; services.lvm.enable = true; boot.supportedFilesystems = [ "ext4" "xfs" "btrfs" "zfs" ]; systemd.services.chainfire.serviceConfig = lib.mkIf config.services.chainfire.enable { MemoryMax = "1G"; CPUQuota = "100%"; }; systemd.services.flaredb.serviceConfig = lib.mkIf config.services.flaredb.enable { MemoryMax = "1G"; CPUQuota = "100%"; }; systemd.services.iam.serviceConfig = lib.mkIf config.services.iam.enable { MemoryMax = "512M"; CPUQuota = "50%"; }; systemd.services.plasmavmc.serviceConfig = lib.mkIf config.services.plasmavmc.enable { MemoryMax = "512M"; CPUQuota = "50%"; }; systemd.services.prismnet.serviceConfig = lib.mkIf config.services.prismnet.enable { MemoryMax = "512M"; CPUQuota = "50%"; }; boot.kernel.sysctl = { "fs.file-max" = 1000000; "net.core.netdev_max_backlog" = 5000; "net.core.rmem_max" = 134217728; "net.core.wmem_max" = 134217728; "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; "vm.swappiness" = 10; }; }