# node02 - Control Plane Secondary
#
# Services: ChainFire, FlareDB, IAM

{ config, lib, pkgs, ... }:

{
  imports = [
    ./common.nix
    ../modules/chainfire.nix
    ../modules/flaredb.nix
    ../modules/iam.nix
  ];

  networking.hostName = "node02";
  
  virtualisation = {
    memorySize = 1792;
    diskSize = 20480;
  };

  networking.interfaces.eth1.ipv4.addresses = [{
    address = "10.100.0.12";
    prefixLength = 24;
  }];

  services.chainfire = {
    enable = true;
    nodeId = "node02";
    raftAddr = "10.100.0.12:2380";
    apiAddr = "10.100.0.12:2379";
    initialPeers = [
      "node01=10.100.0.11:2380"
      "node02=10.100.0.12:2380"
      "node03=10.100.0.13:2380"
    ];
  };

  services.flaredb = {
    enable = true;
    nodeId = "node02";
    raftAddr = "10.100.0.12:2480";
    apiAddr = "10.100.0.12:2479";
    initialPeers = [
      "node01=10.100.0.11:2479"
      "node02=10.100.0.12:2479"
      "node03=10.100.0.13:2479"
    ];
    settings.namespace_modes = {
      default = "strong";
      validation = "eventual";
      plasmavmc = "strong";
      lightningstor = "eventual";
      prismnet = "eventual";
      flashdns = "eventual";
      fiberlb = "eventual";
      creditservice = "strong";
      k8shost = "eventual";
    };
  };

  services.iam = {
    enable = true;
    port = 50080;
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
  };

  systemd.services.iam.environment = {
    IAM_ALLOW_RANDOM_SIGNING_KEY = "1";
    IAM_ALLOW_UNAUTHENTICATED_ADMIN = "true";
  };
}