{ lib, ... }:
let
  # Set to false to boostrap the containers
  addNetworking = true;
  
  pmHost = "https://192.168.1.100";
  
  creds = {
    ctPassword = "password";
  };

  sshKeys = ''
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDTbclOyOwIAPgVE/v5lIuf0P+Tq/Qkw3+GFa4YuRaCC amy@nixon
  '';
  
  templates = {
    nixos = "nas-main:vztmpl/nixos-system-x86_64-linux.tar.xz";
  };
in {
  terraform = {
    required_providers = {
      proxmox = {
        source  = "telmate/proxmox";
        version = "3.0.2-rc01";
      };
    };
  };
  
  provider.proxmox = {
    pm_api_url = "${pmHost}:8006/api2/json";
    pm_tls_insecure = true;
    
    pm_user = "root@pam";
    pm_password = "";
  };
  
  resource.proxmox_lxc = {
    nix01 = {
      target_node = "strawberry";
      hostname = "nix01";
      ostemplate = templates.nixos;
      password = creds.ctPassword;
      unprivileged = true;
      swap = 1024;
      ostype = "nixos";
      cmode = "console";

      rootfs = {
        storage = "local-lvm";
        size = "16G";
      };

      network = lib.mkIf addNetworking {
        name   = "eth0";
        bridge = "vmbr0";
        ip     = "192.168.1.220/32";
        gw = "192.168.1.1";
        firewall = false;
      };

      features = {
        nesting = true;
      };
    };

    nix02 = {
      target_node = "strawberry";
      hostname = "nix02";
      ostemplate = templates.nixos;
      password = creds.ctPassword;
      unprivileged = true;
      swap = 1024;
      ostype = "nixos";
      cmode = "console";

      rootfs = {
        storage = "local-lvm";
        size = "16G";
      };

      network = lib.mkIf addNetworking {
        name   = "eth0";
        bridge = "vmbr0";
        ip     = "192.168.1.221/32";
        gw = "192.168.1.1";
        firewall = false;
      };

      features = {
        nesting = true;
      };
    };
  };
}