photoncloud-monorepo/nix/test-cluster/node01.nix

# node01 - Control Plane Primary
#
# Services: ChainFire, FlareDB, IAM, PrismNET, FlashDNS, FiberLB, K8SHost

{ config, lib, pkgs, ... }:

{
  imports = [
    ./common.nix
    ../modules/chainfire.nix
    ../modules/flaredb.nix
    ../modules/iam.nix
    ../modules/prismnet.nix
    ../modules/ultracloud-tenant-networking.nix
    ../modules/flashdns.nix
    ../modules/fiberlb.nix
    ../modules/k8shost.nix
    ../modules/plasmavmc.nix
    ../modules/coronafs.nix
    ../modules/lightningstor.nix
  ];

  networking.hostName = "node01";
  
  virtualisation = {
    memorySize = 3072;
    diskSize = 61440;
  };

  networking.interfaces.eth1.ipv4.addresses = [{
    address = "10.100.0.11";
    prefixLength = 24;
  }];

  services.chainfire = {
    enable = true;
    nodeId = "node01";
    raftAddr = "10.100.0.11:2380";
    apiAddr = "10.100.0.11:2379";
    initialPeers = [
      "node01=10.100.0.11:2380"
      "node02=10.100.0.12:2380"
      "node03=10.100.0.13:2380"
    ];
  };

  services.flaredb = {
    enable = true;
    nodeId = "node01";
    raftAddr = "10.100.0.11:2480";
    apiAddr = "10.100.0.11:2479";
    initialPeers = [
      "node01=10.100.0.11:2479"
      "node02=10.100.0.12:2479"
      "node03=10.100.0.13:2479"
    ];
    settings.namespace_modes = {
      default = "strong";
      validation = "eventual";
      plasmavmc = "strong";
      lightningstor = "eventual";
      prismnet = "eventual";
      flashdns = "eventual";
      fiberlb = "eventual";
      creditservice = "strong";
      k8shost = "eventual";
    };
  };

  services.iam = {
    enable = true;
    port = 50080;
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
    allowRandomSigningKey = true;
    allowUnauthenticatedAdmin = true;
  };

  services.prismnet = {
    enable = true;
    port = 50081;
    iamAddr = "10.100.0.11:50080";
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
  };

  services.flashdns = {
    enable = true;
    iamAddr = "10.100.0.11:50080";
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
  };

  services.fiberlb = {
    enable = true;
    port = 50085;
    iamAddr = "10.100.0.11:50080";
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
  };

  services.plasmavmc = {
    enable = true;
    mode = "server";
    port = 50082;
    httpPort = 8084;
    prismnetAddr = "10.100.0.11:50081";
    iamAddr = "10.100.0.11:50080";
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
    lightningstorAddr = "10.100.0.11:50086";
    coronafsControllerEndpoint = "http://127.0.0.1:50088";
    coronafsNodeEndpoint = "http://127.0.0.1:50088";
  };

  services.coronafs = {
    enable = true;
    metadataBackend = "chainfire";
    chainfireKeyPrefix = "/coronafs/test-cluster/control/volumes";
    port = 50088;
    advertiseHost = "10.100.0.11";
    exportBasePort = 11000;
    exportPortCount = 256;
    exportSharedClients = 64;
    exportCacheMode = "none";
    exportAioMode = "io_uring";
    exportDiscardMode = "unmap";
    exportDetectZeroesMode = "unmap";
    preallocate = true;
    syncOnWrite = false;
  };

  services.lightningstor = {
    enable = true;
    mode = "all-in-one";
    port = 50086;
    nodePort = 50090;
    s3Port = 9000;
    objectStorageBackend = "distributed";
    distributedRequestTimeoutMs = 300000;
    distributedNodeEndpoints = [
      "http://10.100.0.21:50086"
      "http://10.100.0.22:50086"
    ];
    replicaCount = 3;
    readQuorum = 1;
    writeQuorum = 2;
    nodeMetricsPort = 9198;
    chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    iamAddr = "10.100.0.11:50080";
    flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
    zone = "zone-a";
    region = "test";
  };

  services.k8shost = {
    enable = true;
    port = 50087;
    iamAddr = "http://10.100.0.11:50080";
    chainfireAddr = "http://${config.photonTestCluster.chainfireControlPlaneAddrs}";
    prismnetAddr = "http://10.100.0.11:50081";
    flaredbPdAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
    flaredbDirectAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
    fiberlbAddr = "http://10.100.0.11:50085";
    flashdnsAddr = "http://10.100.0.11:50084";
  };

  services.lightningstor.s3AccessKeyId = "ultracloud-test";
  services.lightningstor.s3SecretKey = "ultracloud-test-secret";

  ultracloud.tenantNetworking = {
    enable = true;
    endpoint = "http://127.0.0.1:50081";
    iamEndpoint = "http://127.0.0.1:50080";
    controllerPrincipalId = "ultracloud-reconciler";
    prune = true;
    tenants = [
      {
        org_id = "matrix-tenant-org";
        project_id = "matrix-tenant-project";
        security_groups = [
          {
            name = "vm-default";
            description = "Default tenant SG for matrix VMs";
            rules = [
              {
                direction = "ingress";
                protocol = "tcp";
                port_range_min = 22;
                port_range_max = 22;
                remote_cidr = "10.100.0.0/24";
                description = "Allow SSH from the cluster network";
              }
              {
                direction = "egress";
                protocol = "any";
                remote_cidr = "0.0.0.0/0";
                description = "Allow outbound traffic";
              }
            ];
          }
          {
            name = "web";
            description = "HTTP ingress from default tenant members";
            rules = [
              {
                direction = "ingress";
                protocol = "tcp";
                port_range_min = 80;
                port_range_max = 80;
                remote_group = "vm-default";
                description = "Allow HTTP from vm-default members";
              }
            ];
          }
        ];
        service_ip_pools = [
          {
            name = "cluster-services";
            cidr_block = "10.62.200.0/24";
            description = "ClusterIP allocations for matrix tenant services";
            pool_type = "cluster_ip";
          }
          {
            name = "public-services";
            cidr_block = "10.62.210.0/24";
            description = "Load balancer allocations for matrix tenant services";
            pool_type = "load_balancer";
          }
        ];
        vpcs = [
          {
            name = "matrix-vpc";
            cidr_block = "10.62.0.0/16";
            description = "Declarative PrismNET tenant network for VM matrix validation";
            router = {
              name = "matrix-router";
              gateway_cidr = "10.62.0.1/24";
              mac_address = "02:00:00:00:62:01";
              external_ip = "203.0.113.62";
              description = "Tenant edge router";
            };
            subnets = [
              {
                name = "matrix-subnet";
                cidr_block = "10.62.10.0/24";
                gateway_ip = "10.62.10.1";
                description = "Primary VM subnet for matrix validation";
                dhcp_enabled = true;
              }
            ];
          }
        ];
      }
    ];
  };
}