centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
photoncloud-monorepo/docs/por/T024-nixos-packaging/task.yaml
centra a7ec7e2158 Add T026 practical test + k8shost to flake + workspace files 
- Created T026-practical-test task.yaml for MVP smoke testing
- Added k8shost-server to flake.nix (packages, apps, overlays)
- Staged all workspace directories for nix flake build
- Updated flake.nix shellHook to include k8shost

Resolves: T026.S1 blocker (R8 - nix submodule visibility)
2025-12-09 06:07:50 +09:00

237 lines
8.5 KiB
YAML
Raw Blame History

id: T024
name: NixOS Packaging + Flake
goal: Package all 8 platform components for NixOS deployment with reproducible builds
status: pending
priority: P0
owner: peerA (strategy) + peerB (implementation)
created: 2025-12-09
depends_on: [T023]
context: |
MVP-Beta achieved: E2E tenant path validated.
Next milestone: Deployment packaging for production use.
Components to package:
- chainfire (cluster KVS)
- flaredb (DBaaS)
- iam (authentication/authorization)
- plasmavmc (VM infrastructure)
- novanet (overlay networking)
- flashdns (DNS)
- fiberlb (load balancer)
- lightningstor (object storage)
NixOS provides:
- Reproducible builds
- Declarative configuration
- Atomic upgrades/rollbacks
- systemd service management
acceptance:
- All 8 components build via Nix flake
- NixOS modules for each service
- systemd unit files with proper dependencies
- Configuration options exposed via NixOS module system
- Development shell with all build dependencies
- CI/CD integration (GitHub Actions with Nix)
- Basic bare-metal bootstrap guide
steps:
- step: S1
name: Flake Foundation
done: flake.nix with Rust toolchain, all 8 packages buildable
status: complete
owner: peerB
priority: P0
outputs:
- path: flake.nix
note: Nix flake (278L) with devShell + all 8 packages
notes: |
Implemented:
1. flake.nix at repo root (278 lines)
2. Rust toolchain via oxalica/rust-overlay (stable.latest)
3. All 8 cargo workspaces buildable via rustPlatform
4. devShell drop-in replacement for shell.nix
5. Apps output for `nix run .#<server>`
Key dependencies included:
- protobuf (PROTOC env var)
- openssl + pkg-config
- clang/libclang (LIBCLANG_PATH env var)
- rocksdb (ROCKSDB_LIB_DIR env var)
- rustToolchain with rust-src + rust-analyzer
Packages defined:
- chainfire-server, flaredb-server, iam-server, plasmavmc-server
- novanet-server, flashdns-server, fiberlb-server, lightningstor-server
- default: all 8 servers combined
Usage:
- `nix develop` (devShell)
- `nix build .#<package>` (build specific server)
- `nix run .#<package>` (run server directly)
- step: S2
name: Service Packages
done: Individual Nix packages for each service binary
status: complete
owner: peerB
priority: P0
outputs:
- path: flake.nix
note: Enhanced buildRustWorkspace with doCheck, meta blocks
notes: |
Implemented:
1. Enhanced buildRustWorkspace helper function with:
- doCheck = true (enables cargo test during build)
- cargoTestFlags for per-crate testing
- meta blocks with description, homepage, license, maintainers, platforms
2. Added descriptions for all 8 packages:
- chainfire-server: "Distributed key-value store with Raft consensus and gossip protocol"
- flaredb-server: "Distributed time-series database with Raft consensus for metrics and events"
- iam-server: "Identity and access management service with RBAC and multi-tenant support"
- plasmavmc-server: "Virtual machine control plane for managing compute instances"
- novanet-server: "Software-defined networking controller with OVN integration"
- flashdns-server: "High-performance DNS server with pattern-based reverse DNS"
- fiberlb-server: "Layer 4/7 load balancer for distributing traffic across services"
- lightningstor-server: "Distributed block storage service for persistent volumes"
3. Runtime dependencies verified (rocksdb, openssl in buildInputs)
4. Build-time dependencies complete (protobuf, pkg-config, clang in nativeBuildInputs)
Each package now:
- Builds from workspace via rustPlatform.buildRustPackage
- Includes all runtime dependencies (rocksdb, openssl)
- Runs cargo test in check phase (doCheck = true)
- Has proper metadata (description, license Apache-2.0, platforms linux)
- Supports per-crate testing via cargoTestFlags
- step: S3
name: NixOS Modules
done: NixOS modules for each service with options
status: complete
owner: peerB
priority: P0
outputs:
- path: nix/modules/
note: 8 NixOS modules (646L total) + aggregator
- path: flake.nix
note: Updated to export nixosModules + overlay (302L)
notes: |
Implemented:
1. 8 NixOS modules in nix/modules/: chainfire (87L), flaredb (82L), iam (76L),
plasmavmc (76L), novanet (76L), flashdns (85L), fiberlb (76L), lightningstor (76L)
2. default.nix aggregator (12L) importing all modules
3. flake.nix exports: nixosModules.default + nixosModules.plasmacloud
4. overlays.default for package injection into nixpkgs
Each module includes:
- services.<name>.enable
- services.<name>.port (+ raftPort/gossipPort for chainfire/flaredb, dnsPort for flashdns)
- services.<name>.dataDir
- services.<name>.settings (freeform)
- services.<name>.package (overrideable)
- systemd service with proper ordering (after + requires)
- User/group creation
- StateDirectory management (0750 permissions)
- Security hardening (NoNewPrivileges, PrivateTmp, ProtectSystem, ProtectHome)
Service dependencies implemented:
- chainfire: no deps
- flaredb: requires chainfire.service
- iam: requires flaredb.service
- plasmavmc, novanet, flashdns, fiberlb, lightningstor: require iam.service + flaredb.service
Usage:
```nix
{
inputs.plasmacloud.url = "github:yourorg/plasmacloud";
nixpkgs.overlays = [ inputs.plasmacloud.overlays.default ];
imports = [ inputs.plasmacloud.nixosModules.default ];
services.chainfire.enable = true;
services.flaredb.enable = true;
services.iam.enable = true;
}
```
- step: S4
name: Configuration Templates
done: Example NixOS configurations for common deployments
status: pending
owner: peerB
priority: P1
notes: |
Example configurations:
1. Single-node development (all services on one machine)
2. 3-node cluster (HA chainfire + services)
3. Minimal (just iam + flaredb for testing)
Each includes:
- imports for all required modules
- Networking (firewall rules)
- Storage paths
- Inter-service configuration
- step: S5
name: CI/CD Integration
done: GitHub Actions workflow using Nix
status: pending
owner: peerB
priority: P1
notes: |
GitHub Actions with Nix:
1. nix flake check (all packages build)
2. nix flake test (all tests pass)
3. Cache via cachix or GitHub cache
4. Matrix: x86_64-linux, aarch64-linux (if feasible)
Replaces/augments existing cargo-based CI.
- step: S6
name: Bare-Metal Bootstrap Guide
done: Documentation for deploying to bare metal
status: complete
owner: peerB
priority: P1
outputs:
- path: docs/deployment/bare-metal.md
note: Comprehensive deployment guide (480L)
notes: |
Implemented:
1. Complete NixOS installation guide with disk partitioning
2. Repository setup and flake verification
3. Single-node configuration for all 8 services
4. Deployment via nixos-rebuild switch
5. Health checks for all services with expected responses
6. Troubleshooting section (dependencies, permissions, ports, firewall)
7. Multi-node scaling patterns (Core+Workers, Service Separation)
8. Example configs for 3-node HA and worker nodes
9. Load balancing and monitoring hints
Guide structure:
- Prerequisites (hardware, network requirements)
- NixOS installation (bootable USB, partitioning, base config)
- Repository setup (clone, verify flake)
- Configuration (single-node with all services)
- Deployment (test, apply, monitor)
- Verification (systemctl status, health checks, logs)
- Troubleshooting (common issues and solutions)
- Multi-Node Scaling (architecture patterns, examples)
- Next steps (HA, monitoring, backup)
Target achieved: User can deploy from zero to running platform following step-by-step guide.
blockers: []
evidence: []
notes: |
Priority within T024:
- P0: S1 (Flake), S2 (Packages), S3 (Modules) — Core packaging
- P1: S4 (Templates), S5 (CI/CD), S6 (Bootstrap) — Production readiness
This unlocks production deployment capability.
Success = platform deployable via `nixos-rebuild switch`.
Post-T024: T025 K8s hosting or T023 S3/S4/S5 full stack.
Reference in a new issue View git blame Copy permalink