variable "location" {
  description = "Hetzner datacenter (nbg1=Nuremberg, fsn1=Falkenstein, hel1=Helsinki)"
  type        = string
  default     = "nbg1"
}

variable "server_type" {
  description = <<-EOT
    Hetzner server type. Must be x86 — the flake is x86_64-linux; NEVER use cax* (ARM).
    cpx22 = AMD 2 vCPU / 4 GB (default; dedicated vCPU, NVMe — the orchestrator loops runtime).
    cpx32 = AMD 4 vCPU / 8 GB (upgrade if more CPU headroom needed).
    cx23  = Intel 2 vCPU / 4 GB (shared vCPU, cheaper alternative).
    Note: cpx11/cpx21 are retired in nbg1.
  EOT
  type        = string
  default     = "cpx22"

  validation {
    condition     = !startswith(var.server_type, "cax")
    error_message = "ARM server types (cax*) are not supported — the flake is x86_64-linux only."
  }
}

variable "image" {
  description = "Base OS image. nixos-infect supports debian-12 and ubuntu-24.04. debian-12 preferred."
  type        = string
  default     = "debian-12"
}

variable "ssh_public_key" {
  description = "SSH public key content (the full line). Registered with Hetzner for root access post-infect. Pass via TF_VAR_ssh_public_key."
  type        = string
}

variable "server_name" {
  description = "Hetzner server name and initial NixOS hostname"
  type        = string
  default     = "cc-ci-orchestrator"
}