partial implementation of terranix

modules/flake/deploy.nix

@@ -53,7 +53,7 @@ in
     autoRollback = false;
     magicRollback = true;
     user = "root";
-    # remoteBuild = true;
+    remoteBuild = true;
     nodes = lib.mapAttrs genNode deployableNodes;
   };
 }

modules/flake/terranix.nix

@@ -0,0 +1,35 @@
+{
+  inputs,
+  ...
+}:
+{
+  imports = [
+    inputs.terranix.flakeModule
+  ];
+  perSystem =
+    { pkgs, ... }:
+    let
+      package = pkgs.opentofu.withPlugins (p: [
+        p.external
+        p.local
+        p.null
+        p.tls
+        p.incus
+      ]);
+    in
+    {
+      terranix = {
+        terranixConfigurations = {
+          tnix = {
+            terraformWrapper = {
+              inherit package;
+            };
+            workdir = "terraform";
+            modules = [
+              # ../terranix/default.nix
+            ];
+          };
+        };
+      };
+    };
+}

modules/flake/toplevel.nix

@@ -6,11 +6,13 @@
     inputs.nixos-unified.flakeModules.default
     inputs.nixos-unified.flakeModules.autoWire
   ];
-  perSystem = { self', pkgs, ... }: {
+  perSystem =
-    # For 'nix fmt'
+    { self', pkgs, ... }:
-    formatter = pkgs.nixpkgs-fmt;
+    {
+      # For 'nix fmt'
+      formatter = pkgs.nixpkgs-fmt;
 
-    # Enables 'nix run' to activate.
+      # Enables 'nix run' to activate.
-    packages.default = self'.packages.activate;
+      packages.default = self'.packages.activate;
-  };
+    };
 }

modules/terranix/default.nix

@@ -0,0 +1,101 @@
+{ config, lib, ... }:
+{
+
+  terraform = {
+    cloud = {
+      hostname = "tofu.skdevstudios.com";
+      organization = "skdevs";
+      workspaces.name = "dev";
+    };
+    required_providers.incus = {
+      source = "lxc/incus";
+      version = "0.3.1";
+    };
+  };
+  variable = {
+    incus_token.type = "string";
+  };
+
+  provider = {
+    incus = {
+      generate_client_certificates = true;
+      accept_remote_certificate = true;
+      remote = {
+        default = true;
+        name = "tofu-prod";
+        scheme = "https";
+        address = "olympus.tailfc9f5.ts.net";
+        token = lib.tfRef "var.incus_token";
+      };
+    };
+  };
+  resource = {
+    incus_profile.d = {
+      name = "d";
+      config = {
+        "limits.cpu" = "2";
+        "security.nesting" = "true";
+        "boot.autostart" = "true";
+        "security.privileged" = "false";
+        "security.syscalls.intercept.mount" = "false";
+      };
+      device = [
+        {
+          name = "eth0";
+          type = "nic";
+          properties = {
+            network = "incusbr0";
+          };
+        }
+        {
+          name = "root";
+          type = "disk";
+          properties = {
+            pool = "default";
+            path = "/";
+          };
+        }
+      ];
+    };
+
+    incus_instance.observer-tofu = {
+      name = "observer-tofu";
+      image = "images:nixos/25.05/amd64";
+      profiles = [ "\${incus_profile.d.name}" ];
+      config = {
+        "limits.cpu" = "1";
+        "limits.memory" = "1GiB";
+      };
+      device = [
+        {
+          name = "http";
+          type = "proxy";
+          properties = {
+            listen = "tcp:0.0.0.0:8889";
+            connect = "tcp:127.0.0.1:3001";
+          };
+        }
+      ];
+    };
+
+    incus_instance.forgejo-runner-tofu = {
+      name = "forgejo-runner-tofu";
+      image = "images:nixos/25.05/amd64";
+      profiles = [ "\${incus_profile.d.name}" ];
+      config = {
+        "limits.cpu" = "6";
+        "limits.memory" = "8GiB";
+      };
+    };
+
+    incus_instance.base-tofu = {
+      name = "base-tofu";
+      image = "images:nixos/25.05/amd64";
+      profiles = [ "\${incus_profile.d.name}" ];
+      config = {
+        "limits.cpu" = "1";
+        "limits.memory" = "1GiB";
+      };
+    };
+  };
+}