# See /modules/nixos/* for actual settings
# This file is just *top-level* configuration.
{
  flake,
  modulesPath,
  config,
  ...
}:

let
  inherit (flake) inputs;
  inherit (inputs) self;
in
{
  imports = [
    self.nixosModules.default
    "${modulesPath}/virtualisation/lxc-container.nix"
  ];
  deploy = {
    address = "200:1978:6503:e6f0:2dbe:11fd:74b:ff64";
  };
  sops.secrets = {
    otfenv = {
      owner = "otf";
      group = "otf";
      mode = "0550";
    };
  };

  services = {
    tty-ips.enable = true;
    otf = {
      enable = true;
      environment = {
        OTF_ADDRESS = "0.0.0.0:9000";
        OTF_HOSTNAME = "tofu.skdevstudios.com";
        OTF_DEFAULT_ENGINE = "tofu";
        OTF_RESTRICT_ORG_CREATION = "true";
      };
      environmentFile = config.sops.secrets.otfenv.path;
    };
  };
  networking = {
    firewall.enable = false;
    yggdrasil = {
      enable = true;
      AllowedPublicKeys = [
        "d0e265fcf663451ae9bc048dc1297749819ce9d48042a986f2866c15a779a074"
      ];
    };
    hostName = "tofu";
  };
  environment.systemPackages = [
  ];
  system.stateVersion = "25.05";
}