terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
      version = "~> 1.45"
    }
  }
}

variable "hcloud_token" {
  sensitive = true
}

provider "hcloud" {
  token = var.hcloud_token
}

resource "hcloud_ssh_key" "main" {
  name       = "my-ssh-key"
  public_key = file("~/.ssh/id_ed25519.pub")
}

resource "hcloud_server" "vpn" {
  name        = "vpn"
  image       = "debian-12"
  server_type = "cpx11"
  location    = "hil"
  ssh_keys    = [hcloud_ssh_key.main.id]
  
  //provisioner "local-exec" {
  //  command = "sleep 120"
  //}

  //provisioner "remote-exec" {
  //  connection {
  //    type        = "ssh"
  //    user        = "root"
  //    host        = self.ipv4_address
  //    // private_key = file("~/.ssh/id_ed25519")
  //    agent       = true
  //  }
  //  inline = [
  //    "curl https://raw.githubusercontent.com/elitak/NixOS-infect/master/NixOS-infect | PROVIDER=hetznercloud Nix_CHANNEL=NixOS-Unstable bash 2>&1 | tee /tmp/infect.  log",
  //  ]
  //}
}

module "deploy" {
  //depends_on             = [local_file.nixos_vars]
  source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
  nixos_system_attr      = ".#nixosConfigurations.vpn.config.system.build.toplevel"
  nixos_partitioner_attr = ".#nixosConfigurations.vpn.config.system.build.diskoScript"
  target_host            = hcloud_server.vpn.ipv4_address
  instance_id            = hcloud_server.vpn.id
  //extra_files_script     = "${path.module}/decrypt-age-keys.sh"
  //extra_environment = {
  //  SOPS_FILE = var.sops_file
  //}
  debug_logging = true
}