feat(T01): bootstrap IHP v1.5 project scaffold

Merged ihp-new generated scaffold into repo. Sets appName to inter-hub,
adds Nix flake with IHP inputs, devenv config, and standard IHP project
structure. Nix + ihp-new + direnv installed system-wide.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Config/Config.hs

@@ -0,0 +1,11 @@
+module Config where
+
+import IHP.Prelude
+import IHP.Environment
+import IHP.FrameworkConfig
+
+config :: ConfigBuilder
+config = do
+    -- See https://ihp.digitallyinduced.com/Guide/config.html
+    -- for what you can do here
+    pure ()

Config/nix/hosts/production/configuration.nix

@@ -0,0 +1,92 @@
+{ ihp, lib, pkgs, ... }: {
+    imports = [
+        ./hardware-configuration.nix
+
+        # This sets several default options. It's designed for simple, small apps where the database and app server
+        # are on the same host.
+        #
+        # See https://github.com/digitallyinduced/ihp/blob/master/NixSupport/nixosModules/appWithPostgres.nix for details
+        # 
+        # For more complex production deployments, consider ihp.nixosModules.app (https://github.com/digitallyinduced/ihp/blob/master/NixSupport/nixosModules/app.nix)
+        ihp.nixosModules.appWithPostgres
+    ];
+
+    networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [ 22 80 443 ];
+    };
+
+    # Enable the Let's encrypt certificate
+    security.acme.defaults.email = "CHANGE-ME@example.com";
+
+    # Accept the terms of service of the Let's encrypt provider.
+    security.acme.acceptTerms = true;
+
+    services.nginx = {
+        virtualHosts."CHANGE-ME.com" =  {
+            # Uncomment to have http auth with username `foo` and password `bar`.
+            # basicAuth = { foo = "bar"; };
+        };
+    };
+
+    # Logging to AWS CloudWatch
+    # services.vector = {
+    #     enable = true;
+    #     journaldAccess = true;
+    #     settings = {
+    #         sources.journald = {
+    #             type = "journald";
+    #             # Log only the services we care about
+    #             include_units = ["app.service" "nginx.service" "worker.service"];
+    #         };
+
+    #         sinks.out = {
+    #             group_name = "CHANGE-ME";
+    #             stream_name = "CHANGE-ME";
+    #             # Change the region to the correct one, e.g. `us-east-1`
+    #             region = "CHANGE-ME";
+    #             auth = {
+    #                 access_key_id = "CHANGE-ME";
+    #                 secret_access_key = "CHANGE-ME";
+    #             };
+    #             inputs  = ["journald"];
+    #             type = "aws_cloudwatch_logs";
+    #             compression = "gzip";
+    #             encoding.codec = "json";
+    #         };
+    #     };
+    # };
+
+    services.ihp = {
+        domain = "CHANGE-ME.com";
+        migrations = ./Application/Migration;
+        schema = ./Application/Schema.sql;
+        fixtures = ./Application/Fixtures.sql;
+        sessionSecret = "CHANGE-ME";
+        # Uncomment to use a custom database URL
+        # databaseUrl = lib.mkForce "postgresql://postgres:...CHANGE-ME";
+
+        additionalEnvVars = {
+            # Uncomment to use a custom session secret, ensuring sessions aren't invalidated
+            # on each deploy.
+            # Learn how to create the secret key in https://ihp.digitallyinduced.com/Guide/deployment.html#ihpsessionsecret
+            # IHP_SESSION_SECRET = "CHANGE-ME";
+
+            SMTP_HOST = "email-smtp.eu-west-1.amazonaws.com";
+            SMTP_PORT = "587";
+            SMTP_ENCRYPTION = "STARTTLS";
+
+            SMTP_USER = "CHANGE-ME";
+            SMTP_PASSWORD = "CHANGE-ME";
+
+            AWS_ACCESS_KEY_ID = "CHANGE-ME";
+            AWS_SECRET_ACCESS_KEY = "CHANGE-ME";
+        };
+    };
+    # As we use a pre-built AMI on AWS,
+    # it is essential to enable automatic updates.
+    # @see https://nixos.wiki/wiki/Automatic_system_upgrades
+    system.autoUpgrade.enable = true;
+    # Keep as is. See https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    system.stateVersion = "25.05";
+}

Config/nix/hosts/production/hardware-configuration.nix

@@ -0,0 +1,13 @@
+# Autogenerated hardware config
+# Run 'nixos-generate-config' on the deployment host to generate it
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+    imports = [
+        # For AWS EC2: "${inputs.nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
+    ];
+
+    # For testing purposes only, remove on bootable hosts.
+    boot.loader.grub.enable = pkgs.lib.mkDefault false;
+    fileSystems."/".device = pkgs.lib.mkDefault "/dev/null";
+}

Config/nix/hosts/production/host.nix

@@ -0,0 +1,6 @@
+{ inputs }:
+inputs.nixpkgs-nixos.lib.nixosSystem {
+    system = "x86_64-linux"; # or alternatively: aarch64-linux
+    specialArgs = inputs // { nixpkgs = inputs.nixpkgs-nixos; };
+    modules = [ ./configuration.nix ];
+}

Config/nix/nixpkgs-config.nix

@@ -0,0 +1,7 @@
+# See https://ihp.digitallyinduced.com/Guide/package-management.html
+{ ihp, additionalNixpkgsOptions, ... }:
+import "${toString ihp}/NixSupport/make-nixpkgs-from-options.nix" {
+    ihp = ihp;
+    haskellPackagesDir = ./haskell-packages/.;
+    additionalNixpkgsOptions = additionalNixpkgsOptions;
+}