240 lines
6.2 KiB
Nix
240 lines
6.2 KiB
Nix
{
|
|
vmPlatformCore = [
|
|
{
|
|
name = "chainfire";
|
|
packageAttr = "chainfire-server";
|
|
unit = "chainfire.service";
|
|
summary = "replicated coordination store";
|
|
ports = {
|
|
api = 2379;
|
|
raft = 2380;
|
|
gossip = 2381;
|
|
http = 8081;
|
|
};
|
|
healthUrl = "http://127.0.0.1:8081/health";
|
|
}
|
|
{
|
|
name = "flaredb";
|
|
packageAttr = "flaredb-server";
|
|
unit = "flaredb.service";
|
|
summary = "replicated metadata and event store";
|
|
ports = {
|
|
api = 2479;
|
|
raft = 2480;
|
|
http = 8082;
|
|
};
|
|
healthUrl = "http://127.0.0.1:8082/health";
|
|
}
|
|
{
|
|
name = "iam";
|
|
packageAttr = "iam-server";
|
|
unit = "iam.service";
|
|
summary = "identity, token, and authorization control plane";
|
|
ports = {
|
|
grpc = 50080;
|
|
http = 8083;
|
|
};
|
|
healthUrl = "http://127.0.0.1:8083/health";
|
|
}
|
|
{
|
|
name = "prismnet";
|
|
packageAttr = "prismnet-server";
|
|
unit = "prismnet.service";
|
|
summary = "tenant network control plane";
|
|
ports = {
|
|
grpc = 50081;
|
|
http = 8087;
|
|
};
|
|
healthUrl = "http://127.0.0.1:8087/health";
|
|
}
|
|
{
|
|
name = "plasmavmc";
|
|
packageAttr = "plasmavmc-server";
|
|
unit = "plasmavmc.service";
|
|
summary = "VM control plane";
|
|
ports = {
|
|
grpc = 50082;
|
|
http = 8084;
|
|
};
|
|
healthUrl = "http://127.0.0.1:8084/health";
|
|
}
|
|
];
|
|
|
|
optionalBundles = [
|
|
{
|
|
option = "enableLightningStor";
|
|
name = "lightningstor";
|
|
summary = "object storage and VM image backing";
|
|
services = [
|
|
{
|
|
name = "lightningstor";
|
|
packageAttr = "lightningstor-server";
|
|
unit = "lightningstor.service";
|
|
tcpPort = 50086;
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableCoronafs";
|
|
name = "coronafs";
|
|
summary = "shared mutable VM volume layer";
|
|
services = [
|
|
{
|
|
name = "coronafs";
|
|
packageAttr = "coronafs-server";
|
|
unit = "coronafs.service";
|
|
healthUrl = "http://127.0.0.1:50088/healthz";
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableFlashDNS";
|
|
name = "flashdns";
|
|
summary = "DNS publication layer";
|
|
services = [
|
|
{
|
|
name = "flashdns";
|
|
packageAttr = "flashdns-server";
|
|
unit = "flashdns.service";
|
|
tcpPort = 50084;
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableFiberLB";
|
|
name = "fiberlb";
|
|
summary = "service publication and VIP layer";
|
|
services = [
|
|
{
|
|
name = "fiberlb";
|
|
packageAttr = "fiberlb-server";
|
|
unit = "fiberlb.service";
|
|
tcpPort = 50085;
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableApiGateway";
|
|
name = "apigateway";
|
|
summary = "external API and proxy surface";
|
|
services = [
|
|
{
|
|
name = "apigateway";
|
|
packageAttr = "apigateway-server";
|
|
unit = "apigateway.service";
|
|
healthUrl = "http://127.0.0.1:8080/health";
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableNightlight";
|
|
name = "nightlight";
|
|
summary = "metrics ingestion and query service";
|
|
services = [
|
|
{
|
|
name = "nightlight";
|
|
packageAttr = "nightlight-server";
|
|
unit = "nightlight.service";
|
|
healthUrl = "http://127.0.0.1:9101/healthz";
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableCreditService";
|
|
name = "creditservice";
|
|
summary = "quota, wallet, reservation, and admission-control service";
|
|
services = [
|
|
{
|
|
name = "creditservice";
|
|
packageAttr = "creditservice-server";
|
|
unit = "creditservice.service";
|
|
healthUrl = "http://127.0.0.1:3011/health";
|
|
}
|
|
];
|
|
}
|
|
{
|
|
option = "enableK8sHost";
|
|
name = "k8shost";
|
|
summary = "tenant pod and service control plane layered on top of network providers";
|
|
requires = [
|
|
"enableFlashDNS"
|
|
"enableFiberLB"
|
|
];
|
|
services = [
|
|
{
|
|
name = "k8shost";
|
|
packageAttr = "k8shost-server";
|
|
unit = "k8shost.service";
|
|
healthUrl = "http://127.0.0.1:8085/health";
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
responsibilityBoundaries = {
|
|
deployer = {
|
|
owns = [
|
|
"machine enrollment and /api/v1/phone-home"
|
|
"install plans and desired-system references"
|
|
"cluster inventory and rollout intent"
|
|
];
|
|
excludes = [
|
|
"host-local switch-to-configuration execution"
|
|
"native service process placement"
|
|
"tenant pod scheduling"
|
|
];
|
|
};
|
|
nix-agent = {
|
|
owns = [
|
|
"host-local NixOS convergence"
|
|
"health-check and rollback handling for desired systems"
|
|
];
|
|
excludes = [
|
|
"node enrollment"
|
|
"native process scheduling"
|
|
"tenant workload APIs"
|
|
];
|
|
};
|
|
node-agent = {
|
|
owns = [
|
|
"host-local runtime reconciliation for scheduled service instances"
|
|
"process and optional container execution plus heartbeats"
|
|
];
|
|
excludes = [
|
|
"NixOS system switching"
|
|
"cluster-wide placement decisions"
|
|
"tenant pod scheduling"
|
|
];
|
|
};
|
|
fleet-scheduler = {
|
|
owns = [
|
|
"cluster-wide placement of native host services"
|
|
"instance failover and placement updates written to ChainFire"
|
|
];
|
|
excludes = [
|
|
"node-local execution"
|
|
"OS rollout switching"
|
|
"tenant pod semantics"
|
|
];
|
|
};
|
|
k8shost = {
|
|
owns = [
|
|
"tenant pod and service APIs"
|
|
"translation of tenant intent into prismnet, flashdns, and fiberlb objects"
|
|
];
|
|
excludes = [
|
|
"native host service placement"
|
|
"machine enrollment or install plans"
|
|
"host-local NixOS switching"
|
|
];
|
|
};
|
|
};
|
|
|
|
easyTrial = {
|
|
kind = "vm-appliance";
|
|
package = "single-node-trial-vm";
|
|
app = "single-node-trial";
|
|
smokeApp = "single-node-quickstart";
|
|
rationale = "The minimal supported surface is a VM platform, not a stateless HTTP service. An OCI/Docker artifact would need privileged host KVM, /dev/net/tun, and OVS/libvirt access, so the lightest credible trial path is a host-built NixOS VM plus the one-command smoke launcher.";
|
|
};
|
|
}
|