resource "incus_profile" "d" {
  name = "d"

  config = {
    "limits.cpu"                        = 2
    "security.nesting"                  = true
    "boot.autostart"                    = true
    "security.privileged"               = false
    "security.syscalls.intercept.mount" = false
  }
  device {
    name = "eth0"
    type = "nic"
    properties = {
      network = "incusbr0"
    }
  }

  device {
    type = "disk"
    name = "root"

    properties = {
      pool = "default"
      path = "/"
    }
  }
}

resource "incus_instance" "observer-tofu" {
  name  = "observer-tofu"
  image = "images:nixos/25.05/amd64"
  profiles = [
    incus_profile.d.name
  ]
  config = {
    "limits.cpu"    = 2
    "limits.memory" = "4GiB"
  }
  device {
    name = "http"
    type = "proxy"
    properties = {
      # Listen on Incus host's TCP port 80
      listen = "tcp:0.0.0.0:8888"
      # And connect to the instance's TCP port 80
      connect = "tcp:127.0.0.1:80"
    }
  }
}