Nixos-Configuration/modules/terranix/default.nix

{ config, lib, ... }:
{

  terraform = {
    cloud = {
      hostname = "tofu.skdevstudios.com";
      organization = "skdevs";
      workspaces.name = "dev";
    };
    required_providers.incus = {
      source = "lxc/incus";
      version = "0.3.1";
    };
  };
  variable = {
    incus_token.type = "string";
  };

  provider = {
    incus = {
      generate_client_certificates = true;
      accept_remote_certificate = true;
      remote = {
        default = true;
        name = "tofu-prod";
        scheme = "https";
        address = "olympus.tailfc9f5.ts.net";
        token = lib.tfRef "var.incus_token";
      };
    };
  };
  resource = {
    incus_profile.d = {
      name = "d";
      config = {
        "limits.cpu" = "2";
        "security.nesting" = "true";
        "boot.autostart" = "true";
        "security.privileged" = "false";
        "security.syscalls.intercept.mount" = "false";
      };
      device = [
        {
          name = "eth0";
          type = "nic";
          properties = {
            network = "incusbr0";
          };
        }
        {
          name = "root";
          type = "disk";
          properties = {
            pool = "default";
            path = "/";
          };
        }
      ];
    };

    incus_instance.observer-tofu = {
      name = "observer-tofu";
      image = "images:nixos/25.05/amd64";
      profiles = [ "\${incus_profile.d.name}" ];
      config = {
        "limits.cpu" = "1";
        "limits.memory" = "1GiB";
      };
      device = [
        {
          name = "http";
          type = "proxy";
          properties = {
            listen = "tcp:0.0.0.0:8889";
            connect = "tcp:127.0.0.1:3001";
          };
        }
      ];
    };

    incus_instance.forgejo-runner-tofu = {
      name = "forgejo-runner-tofu";
      image = "images:nixos/25.05/amd64";
      profiles = [ "\${incus_profile.d.name}" ];
      config = {
        "limits.cpu" = "6";
        "limits.memory" = "8GiB";
      };
    };

    incus_instance.base-tofu = {
      name = "base-tofu";
      image = "images:nixos/25.05/amd64";
      profiles = [ "\${incus_profile.d.name}" ];
      config = {
        "limits.cpu" = "1";
        "limits.memory" = "1GiB";
      };
    };
  };
}