16 files changed, 60 insertions, 57 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2f4695a..6baab68 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,4 +11,4 @@ updates:
     schedule:
       interval: "weekly"
     commit-message:
-      prefix: "tofu"
+      prefix: "tf"
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 9a00df7..083269b 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -49,52 +49,57 @@ jobs:
           nix develop --accept-flake-config \
             --command deploy
 
-  #opentofu:
-  #  name: Apply OpenTofu plan
-  #  needs: nixos
-
-  #  runs-on: ubuntu-latest
-
-  #  concurrency:
-  #    group: tofu
-  #    cancel-in-progress: true
-
-  #  steps:
-  #    - uses: actions/checkout@v4
-
-  #    - name: Install Nix
-  #      uses: DeterminateSystems/nix-installer-action@v9
-
-  #    - name: Setup local Nix cache
-  #      uses: DeterminateSystems/magic-nix-cache-action@v2
-
-  #    - name: Setup OpenTofu cache
-  #      uses: terraform-cache/terraform-cache@v1
-
-  #    - name: Authenticate with TF Cloud
-  #      run: |
-  #        dir="$HOME/.terraform.d"
-  #        [ ! -d "$dir" ] && mkdir -p "$dir"
-
-  #        cat > "$dir"/credentials.tfrc.json << EOF
-  #        {
-  #          "credentials": {
-  #            "app.terraform.io": {
-  #              "token": "${{ secrets.TF_API_TOKEN }}"
-  #            }
-  #          }
-  #        }
-  #        EOF
-
-  #    - name: Generate configuration
-  #      run: nix run .#gen-tofu
-
-  #    - name: Run plan
-  #      run: |
-  #        nix develop --accept-flake-config \
-  #          --command tofu plan
-
-  #    - name: Apply
-  #      run: |
-  #        nix develop --accept-flake-config \
-  #          --command tofu apply -auto-approve
+  opentofu:
+    name: Apply OpenTofu plan
+    needs: nixos
+
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: tofu
+      cancel-in-progress: true
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v9
+
+      - name: Setup local Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@v2
+
+      - name: Setup OpenTofu cache
+        uses: terraform-cache/terraform-cache@v1
+
+      - name: Authenticate with TF Cloud
+        run: |
+          dir="$HOME/.terraform.d"
+          [ ! -d "$dir" ] && mkdir -p "$dir"
+
+          cat > "$dir"/credentials.tfrc.json << EOF
+          {
+            "credentials": {
+              "app.terraform.io": {
+                "token": "${{ secrets.TF_API_TOKEN }}"
+              }
+            }
+          }
+          EOF
+
+      - name: Generate configuration
+        run: nix run .#gen-tf
+
+      - name: Init workspace
+        run: |
+          nix develop --accept-flake-config \
+            --command tofu init
+
+      - name: Validate plan
+        run: |
+          nix develop --accept-flake-config \
+            --command tofu validate 
+
+      - name: Apply
+        run: |
+          nix develop --accept-flake-config \
+            --command tofu apply -auto-approve
diff --git a/flake.nix b/flake.nix
index 2cd1c75..ac378c3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -146,7 +146,7 @@
         ./modules
         ./overlay
         ./systems
-        ./tofu
+        ./tf
         ./users
         ./ci.nix
         ./dev.nix
diff --git a/tofu/cloud.nix b/tf/cloud.nix
index 5ee0113..5ee0113 100644
--- a/tofu/cloud.nix
+++ b/tf/cloud.nix
diff --git a/tofu/cloudflare/default.nix b/tf/cloudflare/default.nix
index 80e8e39..80e8e39 100644
--- a/tofu/cloudflare/default.nix
+++ b/tf/cloudflare/default.nix
diff --git a/tofu/cloudflare/dns.nix b/tf/cloudflare/dns.nix
index 9618019..9618019 100644
--- a/tofu/cloudflare/dns.nix
+++ b/tf/cloudflare/dns.nix
diff --git a/tofu/cloudflare/ruleset.nix b/tf/cloudflare/ruleset.nix
index 1be98aa..1be98aa 100644
--- a/tofu/cloudflare/ruleset.nix
+++ b/tf/cloudflare/ruleset.nix
diff --git a/tofu/cloudflare/tunnels.nix b/tf/cloudflare/tunnels.nix
index bea9811..bea9811 100644
--- a/tofu/cloudflare/tunnels.nix
+++ b/tf/cloudflare/tunnels.nix
diff --git a/tofu/default.nix b/tf/default.nix
index fe0d3bd..0112339 100644
--- a/tofu/default.nix
+++ b/tf/default.nix
@@ -5,7 +5,7 @@
     system,
     ...
   }: let
-    tofuConfig = inputs.terranix.lib.terranixConfiguration {
+    tfConfig = inputs.terranix.lib.terranixConfiguration {
       inherit system;
       modules = [
         ./cloudflare
@@ -16,18 +16,16 @@
       ];
     };
   in {
-    apps.gen-tofu = {
+    apps.gen-tf = {
       type = "app";
 
       program = pkgs.writeShellApplication {
-        name = "tofu-config";
-
-        runtimeInputs = [pkgs.opentofu];
+        name = "gen-tf";
 
         text = ''
           config_file="config.tf.json"
           [ -e "$config_file" ] && rm -f "$config_file"
-          cp ${tofuConfig} "$config_file"
+          cp ${tfConfig} "$config_file"
         '';
       };
     };
diff --git a/tofu/tailscale/acl.nix b/tf/tailscale/acl.nix
index d27d3e1..d27d3e1 100644
--- a/tofu/tailscale/acl.nix
+++ b/tf/tailscale/acl.nix
diff --git a/tofu/tailscale/default.nix b/tf/tailscale/default.nix
index 2225fd5..2225fd5 100644
--- a/tofu/tailscale/default.nix
+++ b/tf/tailscale/default.nix
diff --git a/tofu/tailscale/devices.nix b/tf/tailscale/devices.nix
index 44ee3f1..44ee3f1 100644
--- a/tofu/tailscale/devices.nix
+++ b/tf/tailscale/devices.nix
diff --git a/tofu/tailscale/dns.nix b/tf/tailscale/dns.nix
index 320a24b..320a24b 100644
--- a/tofu/tailscale/dns.nix
+++ b/tf/tailscale/dns.nix
diff --git a/tofu/tailscale/tags.nix b/tf/tailscale/tags.nix
index c519a25..c519a25 100644
--- a/tofu/tailscale/tags.nix
+++ b/tf/tailscale/tags.nix
diff --git a/tofu/vars.nix b/tf/vars.nix
index 2f640c2..2f640c2 100644
--- a/tofu/vars.nix
+++ b/tf/vars.nix
diff --git a/tofu/versions.nix b/tf/versions.nix
index d4b6713..d4b6713 100644
--- a/tofu/versions.nix
+++ b/tf/versions.nix