{ config, lib, ... }: { terraform = { cloud = { hostname = "tofu.skdevstudios.com"; organization = "skdevs"; workspaces.name = "dev"; }; required_providers.incus = { source = "lxc/incus"; version = "0.3.1"; }; }; variable = { incus_token.type = "string"; }; provider = { incus = { generate_client_certificates = true; accept_remote_certificate = true; remote = { default = true; name = "tofu-prod"; scheme = "https"; address = "olympus.tailfc9f5.ts.net"; token = lib.tfRef "var.incus_token"; }; }; }; resource = { incus_profile.d = { name = "d"; config = { "limits.cpu" = "2"; "security.nesting" = "true"; "boot.autostart" = "true"; "security.privileged" = "false"; "security.syscalls.intercept.mount" = "false"; }; device = [ { name = "eth0"; type = "nic"; properties = { network = "incusbr0"; }; } { name = "root"; type = "disk"; properties = { pool = "default"; path = "/"; }; } ]; }; incus_instance.observer-tofu = { name = "observer-tofu"; image = "images:nixos/25.05/amd64"; profiles = [ "\${incus_profile.d.name}" ]; config = { "limits.cpu" = "1"; "limits.memory" = "1GiB"; }; device = [ { name = "http"; type = "proxy"; properties = { listen = "tcp:0.0.0.0:8889"; connect = "tcp:127.0.0.1:3001"; }; } ]; }; incus_instance.forgejo-runner-tofu = { name = "forgejo-runner-tofu"; image = "images:nixos/25.05/amd64"; profiles = [ "\${incus_profile.d.name}" ]; config = { "limits.cpu" = "6"; "limits.memory" = "8GiB"; }; }; incus_instance.base-tofu = { name = "base-tofu"; image = "images:nixos/25.05/amd64"; profiles = [ "\${incus_profile.d.name}" ]; config = { "limits.cpu" = "1"; "limits.memory" = "1GiB"; }; }; }; }