photoncloud-monorepo/nix/images/netboot-control-plane.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ./netboot-base.nix
    ../modules  # Import PlasmaCloud service modules
  ];

  # ============================================================================
  # CONTROL PLANE PROFILE
  # ============================================================================
  # This profile includes all 8 PlasmaCloud services for a control plane node:
  # - Chainfire: Distributed configuration and coordination
  # - FlareDB: Time-series metrics and events database
  # - IAM: Identity and access management
  # - PlasmaVMC: Virtual machine control plane
  # - PrismNET: Software-defined networking controller
  # - FlashDNS: High-performance DNS server
  # - FiberLB: Layer 4/7 load balancer
  # - LightningStor: Distributed block storage
  # - K8sHost: Kubernetes hosting component
  #
  # Services are DISABLED by default in the netboot image.
  # They will be enabled in the final installed system configuration.
  # ============================================================================

  # ============================================================================
  # SERVICE PACKAGE AVAILABILITY
  # ============================================================================
  # Service packages will be installed during nixos-anywhere provisioning
  # Not included in netboot image to avoid package resolution issues
  # environment.systemPackages = with pkgs; [
  #   chainfire-server
  #   flaredb-server
  #   iam-server
  #   plasmavmc-server
  #   prismnet-server
  #   flashdns-server
  #   fiberlb-server
  #   lightningstor-server
  #   k8shost-server
  # ];

  # ============================================================================
  # CHAINFIRE CONFIGURATION (DISABLED)
  # ============================================================================
  services.chainfire = {
    enable = lib.mkDefault false;
    port = 2379;
    raftPort = 2380;
    gossipPort = 2381;
  };

  # ============================================================================
  # FLAREDB CONFIGURATION (DISABLED)
  # ============================================================================
  services.flaredb = {
    enable = lib.mkDefault false;
    port = 2479;
    raftPort = 2480;
  };

  # ============================================================================
  # IAM CONFIGURATION (DISABLED)
  # ============================================================================
  services.iam = {
    enable = lib.mkDefault false;
    port = 8080;
  };

  # ============================================================================
  # PLASMAVMC CONFIGURATION (DISABLED)
  # ============================================================================
  services.plasmavmc = {
    enable = lib.mkDefault false;
    port = 8081;
  };

  # ============================================================================
  # NOVANET CONFIGURATION (DISABLED)
  # ============================================================================
  services.prismnet = {
    enable = lib.mkDefault false;
    port = 8082;
  };

  # ============================================================================
  # FLASHDNS CONFIGURATION (DISABLED)
  # ============================================================================
  services.flashdns = {
    enable = lib.mkDefault false;
    port = 53;
  };

  # ============================================================================
  # FIBERLB CONFIGURATION (DISABLED)
  # ============================================================================
  services.fiberlb = {
    enable = lib.mkDefault false;
    port = 8083;
  };

  # ============================================================================
  # LIGHTNINGSTOR CONFIGURATION (DISABLED)
  # ============================================================================
  services.lightningstor = {
    enable = lib.mkDefault false;
    port = 8084;
  };

  # ============================================================================
  # K8SHOST CONFIGURATION (DISABLED)
  # ============================================================================
  services.k8shost = {
    enable = lib.mkDefault false;
    port = 8085;
  };

  # ============================================================================
  # NETWORKING CONFIGURATION
  # ============================================================================
  # Open firewall ports for all services (will be active after installation)
  networking.firewall.allowedTCPPorts = [
    # Chainfire
    2379   # API
    2380   # Raft
    2381   # Gossip

    # FlareDB
    2479   # API
    2480   # Raft

    # IAM
    8080

    # PlasmaVMC
    8081

    # PrismNET
    8082

    # FlashDNS
    53

    # FiberLB
    8083

    # LightningStor
    8084

    # K8sHost
    8085
  ];

  networking.firewall.allowedUDPPorts = [
    # FlashDNS
    53

    # Chainfire gossip
    2381
  ];

  # ============================================================================
  # RESOURCE LIMITS
  # ============================================================================
  # Minimal resource configuration for netboot environment
  # These will be overridden in the final installed system
  systemd.services.chainfire.serviceConfig = lib.mkIf config.services.chainfire.enable {
    MemoryMax = "512M";
    CPUQuota = "50%";
  };

  systemd.services.flaredb.serviceConfig = lib.mkIf config.services.flaredb.enable {
    MemoryMax = "512M";
    CPUQuota = "50%";
  };
}