{ vmPlatformCore = [ { name = "chainfire"; packageAttr = "chainfire-server"; unit = "chainfire.service"; summary = "replicated coordination store"; ports = { api = 2379; raft = 2380; gossip = 2381; http = 8081; }; healthUrl = "http://127.0.0.1:8081/health"; } { name = "flaredb"; packageAttr = "flaredb-server"; unit = "flaredb.service"; summary = "replicated metadata and event store"; ports = { api = 2479; raft = 2480; http = 8082; }; healthUrl = "http://127.0.0.1:8082/health"; } { name = "iam"; packageAttr = "iam-server"; unit = "iam.service"; summary = "identity, token, and authorization control plane"; ports = { grpc = 50080; http = 8083; }; healthUrl = "http://127.0.0.1:8083/health"; } { name = "prismnet"; packageAttr = "prismnet-server"; unit = "prismnet.service"; summary = "tenant network control plane"; ports = { grpc = 50081; http = 8087; }; healthUrl = "http://127.0.0.1:8087/health"; } { name = "plasmavmc"; packageAttr = "plasmavmc-server"; unit = "plasmavmc.service"; summary = "VM control plane"; ports = { grpc = 50082; http = 8084; }; healthUrl = "http://127.0.0.1:8084/health"; } ]; optionalBundles = [ { option = "enableLightningStor"; name = "lightningstor"; summary = "object storage and VM image backing"; services = [ { name = "lightningstor"; packageAttr = "lightningstor-server"; unit = "lightningstor.service"; tcpPort = 50086; } ]; } { option = "enableCoronafs"; name = "coronafs"; summary = "shared mutable VM volume layer"; services = [ { name = "coronafs"; packageAttr = "coronafs-server"; unit = "coronafs.service"; healthUrl = "http://127.0.0.1:50088/healthz"; } ]; } { option = "enableFlashDNS"; name = "flashdns"; summary = "DNS publication layer"; services = [ { name = "flashdns"; packageAttr = "flashdns-server"; unit = "flashdns.service"; tcpPort = 50084; } ]; } { option = "enableFiberLB"; name = "fiberlb"; summary = "service publication and VIP layer"; services = [ { name = "fiberlb"; packageAttr = "fiberlb-server"; unit = "fiberlb.service"; tcpPort = 50085; } ]; } { option = "enableApiGateway"; name = "apigateway"; summary = "external API and proxy surface"; services = [ { name = "apigateway"; packageAttr = "apigateway-server"; unit = "apigateway.service"; healthUrl = "http://127.0.0.1:8080/health"; } ]; } { option = "enableNightlight"; name = "nightlight"; summary = "metrics ingestion and query service"; services = [ { name = "nightlight"; packageAttr = "nightlight-server"; unit = "nightlight.service"; healthUrl = "http://127.0.0.1:9101/healthz"; } ]; } { option = "enableCreditService"; name = "creditservice"; summary = "quota, wallet, reservation, and admission-control service"; services = [ { name = "creditservice"; packageAttr = "creditservice-server"; unit = "creditservice.service"; healthUrl = "http://127.0.0.1:3011/health"; } ]; } { option = "enableK8sHost"; name = "k8shost"; summary = "tenant pod and service control plane layered on top of network providers"; requires = [ "enableFlashDNS" "enableFiberLB" ]; services = [ { name = "k8shost"; packageAttr = "k8shost-server"; unit = "k8shost.service"; healthUrl = "http://127.0.0.1:8085/health"; } ]; } ]; responsibilityBoundaries = { deployer = { owns = [ "machine enrollment and /api/v1/phone-home" "install plans and desired-system references" "cluster inventory and rollout intent" ]; excludes = [ "host-local switch-to-configuration execution" "native service process placement" "tenant pod scheduling" ]; }; nix-agent = { owns = [ "host-local NixOS convergence" "health-check and rollback handling for desired systems" ]; excludes = [ "node enrollment" "native process scheduling" "tenant workload APIs" ]; }; node-agent = { owns = [ "host-local runtime reconciliation for scheduled service instances" "process and optional container execution plus heartbeats" ]; excludes = [ "NixOS system switching" "cluster-wide placement decisions" "tenant pod scheduling" ]; }; fleet-scheduler = { owns = [ "cluster-wide placement of native host services" "instance failover and placement updates written to ChainFire" ]; excludes = [ "node-local execution" "OS rollout switching" "tenant pod semantics" ]; }; k8shost = { owns = [ "tenant pod and service APIs" "translation of tenant intent into prismnet, flashdns, and fiberlb objects" ]; excludes = [ "native host service placement" "machine enrollment or install plans" "host-local NixOS switching" ]; }; }; easyTrial = { kind = "vm-appliance"; package = "single-node-trial-vm"; app = "single-node-trial"; smokeApp = "single-node-quickstart"; rationale = "The minimal supported surface is a VM platform, not a stateless HTTP service. An OCI/Docker artifact would need privileged host KVM, /dev/net/tun, and OVS/libvirt access, so the lightest credible trial path is a host-built NixOS VM plus the one-command smoke launcher."; }; }