variable "location" {
  description = "Hetzner datacenter (nbg1=Nuremberg, fsn1=Falkenstein, hel1=Helsinki, ash=Ashburn, hil=Hillsboro)"
  type        = string
  default     = "nbg1"
}

variable "server_type" {
  description = <<-EOT
    Hetzner server type. Must be x86 — the flake is x86_64-linux; NEVER use cax* (ARM).
    cpx32 = AMD 4 vCPU / 8 GB (default; replaces cpx31 which is retired in some DCs).
    cx33  = Intel 4 vCPU / 8 GB (alternative).
  EOT
  type        = string
  default     = "cpx32"

  validation {
    condition     = !startswith(var.server_type, "cax")
    error_message = "ARM server types (cax*) are not supported — the cc-ci flake is x86_64-linux only."
  }
}

variable "image" {
  description = "Base OS image. nixos-infect supports debian-12 and ubuntu-24.04. debian-12 preferred."
  type        = string
  default     = "debian-12"
}

variable "ssh_public_key" {
  description = "SSH public key content (the full line, e.g. 'ssh-ed25519 AAAA... comment'). Registered with Hetzner for root access post-infect. Pass via TF_VAR_ssh_public_key or terraform.tfvars (gitignored)."
  type        = string
}

variable "server_name" {
  description = "Hetzner server name and initial NixOS hostname"
  type        = string
  default     = "cc-ci"
}