nix-config/hosts/hetzner/configuration.nix

{
  pkgs,
  lib,
  domain,
  isProd,
  inputs,
  config,
  modulesPath,
  ...
}:
{

  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")

    ./disko-config.nix
    ./secret.nix
    ./media.nix
    ./nginx.nix
    ./immich.nix
    ./forego.nix

    # ./vm.nix
  ];

  system.stateVersion = "25.11";

  environment.systemPackages = with pkgs; [
    vim
    cifs-utils
    btrfs-progs
    forgejo
  ];

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  boot.loader.grub = {
    # enable = true;
    efiSupport = true;
    efiInstallAsRemovable = true;
  };

  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBUxBUar3CyZCZTet3s8s28Pu1d0viuDe6YoMQBVdFB louis@T14p"
  ];

  networking.hostName = "webserver";
  networking.firewall.allowedTCPPorts = [
    80
    443
    22
  ];


  security.acme = lib.mkIf isProd {
    acceptTerms = true;
    defaults.email = "admin@${domain}";
  };
}