147 lines
3.3 KiB
Nix
147 lines
3.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./netboot-base.nix
|
|
../modules
|
|
];
|
|
|
|
# ============================================================================
|
|
# SINGLE-NODE / ALL-IN-ONE INSTALL IMAGE
|
|
# ============================================================================
|
|
# This netboot image is the bare-metal companion to the QEMU-first
|
|
# `single-node-quickstart` profile. It keeps only the minimum VM stack in the
|
|
# image by default and leaves DNS, load-balancing, storage, API, metrics, and
|
|
# Kubernetes layers as explicit add-ons in the final installed system.
|
|
#
|
|
# Included by default:
|
|
# - Chainfire: local coordination and placement metadata
|
|
# - FlareDB: metadata/event storage
|
|
# - IAM: local identity plane for the dev profile
|
|
# - PrismNET: VM networking control plane
|
|
# - PlasmaVMC: VM control plane
|
|
#
|
|
# Optional after install:
|
|
# - LightningStor, CoronaFS
|
|
# - FlashDNS, FiberLB
|
|
# - API Gateway, Nightlight, CreditService
|
|
# - K8sHost
|
|
# ============================================================================
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
chainfire-server
|
|
flaredb-server
|
|
iam-server
|
|
prismnet-server
|
|
plasmavmc-server
|
|
qemu
|
|
libvirt
|
|
bridge-utils
|
|
openvswitch
|
|
curl
|
|
jq
|
|
];
|
|
|
|
services.chainfire = {
|
|
enable = lib.mkDefault false;
|
|
port = 2379;
|
|
raftPort = 2380;
|
|
gossipPort = 2381;
|
|
httpPort = 8081;
|
|
};
|
|
|
|
services.flaredb = {
|
|
enable = lib.mkDefault false;
|
|
port = 2479;
|
|
raftPort = 2480;
|
|
httpPort = 8082;
|
|
};
|
|
|
|
services.iam = {
|
|
enable = lib.mkDefault false;
|
|
port = 50080;
|
|
httpPort = 8083;
|
|
};
|
|
|
|
services.prismnet = {
|
|
enable = lib.mkDefault false;
|
|
port = 50081;
|
|
httpPort = 8087;
|
|
};
|
|
|
|
services.plasmavmc = {
|
|
enable = lib.mkDefault false;
|
|
port = 50082;
|
|
httpPort = 8084;
|
|
};
|
|
|
|
boot.kernelModules = [ "kvm-intel" "kvm-amd" "tun" ];
|
|
boot.extraModprobeConfig = ''
|
|
options kvm_intel nested=1
|
|
options kvm_amd nested=1
|
|
'';
|
|
|
|
networking.vswitches = lib.mkDefault {};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
22
|
|
2379
|
|
2380
|
|
2381
|
|
2479
|
|
2480
|
|
50080
|
|
50081
|
|
50082
|
|
8081
|
|
8082
|
|
8083
|
|
8084
|
|
8087
|
|
16509
|
|
5900
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
2381
|
|
4789
|
|
];
|
|
|
|
services.lvm.enable = true;
|
|
boot.supportedFilesystems = [ "ext4" "xfs" "btrfs" "zfs" ];
|
|
|
|
systemd.services.chainfire.serviceConfig = lib.mkIf config.services.chainfire.enable {
|
|
MemoryMax = "1G";
|
|
CPUQuota = "100%";
|
|
};
|
|
|
|
systemd.services.flaredb.serviceConfig = lib.mkIf config.services.flaredb.enable {
|
|
MemoryMax = "1G";
|
|
CPUQuota = "100%";
|
|
};
|
|
|
|
systemd.services.iam.serviceConfig = lib.mkIf config.services.iam.enable {
|
|
MemoryMax = "512M";
|
|
CPUQuota = "50%";
|
|
};
|
|
|
|
systemd.services.plasmavmc.serviceConfig = lib.mkIf config.services.plasmavmc.enable {
|
|
MemoryMax = "512M";
|
|
CPUQuota = "50%";
|
|
};
|
|
|
|
systemd.services.prismnet.serviceConfig = lib.mkIf config.services.prismnet.enable {
|
|
MemoryMax = "512M";
|
|
CPUQuota = "50%";
|
|
};
|
|
|
|
boot.kernel.sysctl = {
|
|
"fs.file-max" = 1000000;
|
|
"net.core.netdev_max_backlog" = 5000;
|
|
"net.core.rmem_max" = 134217728;
|
|
"net.core.wmem_max" = 134217728;
|
|
"net.ipv4.ip_forward" = 1;
|
|
"net.ipv6.conf.all.forwarding" = 1;
|
|
"vm.swappiness" = 10;
|
|
};
|
|
}
|