Different Nix configurations for qs and prod

nix/deploy/prod/default.nix

@@ -0,0 +1,19 @@
+{ pkgs, localArchtikaPackage, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../shared.nix
+    ../../module.nix
+  ];
+
+  networking.hostName = "archtika-prod";
+
+  services.archtika = {
+    enable = true;
+    package = localArchtikaPackage;
+    domain = "demo.archtika.com";
+    acmeEmail = "thilo.hohlt@tutanota.com";
+    dnsProvider = "porkbun";
+    dnsEnvironmentFile = /var/lib/porkbun.env;
+  };
+}

nix/deploy/qs/default.nix

@@ -0,0 +1,19 @@
+{ pkgs, localArchtikaPackage, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../shared.nix
+    ../../module.nix
+  ];
+
+  networking.hostName = "archtika-qs";
+
+  services.archtika = {
+    enable = true;
+    package = localArchtikaPackage;
+    domain = "qs.archtika.com";
+    acmeEmail = "thilo.hohlt@tutanota.com";
+    dnsProvider = "porkbun";
+    dnsEnvironmentFile = /var/lib/porkbun.env;
+  };
+}

nix/deploy/qs/hardware-configuration.nix

@@ -0,0 +1,48 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "virtio_scsi"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/04fa460b-c39f-47f8-bece-c044d767209c";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/BA11-3E3D";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/abace260-6904-4b38-8532-0235f77cb2bf"; } ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

nix/deploy/shared.nix

@@ -0,0 +1,60 @@
+{ pkgs, ... }:
+{
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  time.timeZone = "Europe/Amsterdam";
+
+  nixpkgs.config.allowUnfree = true;
+
+  networking = {
+    networkmanager.enable = true;
+    firewall = {
+      allowedTCPPorts = [
+        80
+        443
+      ];
+    };
+  };
+
+  users = {
+    mutableUsers = false;
+    users = {
+      root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE42q8e7egSSTs4YJo8vQFDbRWqrGTQkR1weq8nT0Zx thiloho@pc"
+        ];
+        hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7";
+      };
+      thiloho = {
+        isNormalUser = true;
+        extraGroups = [
+          "wheel"
+          "networkmanager"
+        ];
+        hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1";
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj6+r+vMXJyy5wvQTLyfd2rIw62WCg9eIpwsciHg4ym thiloho@pc"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgfOa8N46PBUO2gj8UeyrV0R+MRZFnJqUzG132UjaFS thiloho@laptop"
+        ];
+      };
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+  };
+
+  system.stateVersion = "24.11";
+}