first commit

hosts/hetzner/configuration.nix

@@ -0,0 +1,64 @@
+{
+  pkgs,
+  lib,
+  domain,
+  isProd,
+  inputs,
+  config,
+  modulesPath,
+  ...
+}:
+{
+
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+
+    ./disko-config.nix
+    ./secret.nix
+    ./media.nix
+    ./nginx.nix
+    ./immich.nix
+    ./forego.nix
+
+    # ./vm.nix
+  ];
+
+  system.stateVersion = "25.11";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    cifs-utils
+    btrfs-progs
+    forgejo
+  ];
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  boot.loader.grub = {
+    # enable = true;
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBUxBUar3CyZCZTet3s8s28Pu1d0viuDe6YoMQBVdFB louis@T14p"
+  ];
+
+  networking.hostName = "webserver";
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    22
+  ];
+
+
+  security.acme = lib.mkIf isProd {
+    acceptTerms = true;
+    defaults.email = "admin@${domain}";
+  };
+}