{ config, pkgs, ... }: let hostConfigs = { crossbox = [ ./sdr.nix ./syncthing.nix ./forgejo.nix ./radicale.nix ./ollama.nix ./docuseal.nix ./nginx.nix ]; anvil = [ ./sdr.nix ./syncthing.nix ]; }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ] ++ hostConfigs.crossbox; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ cargo curl docker-compose gcc git gnupg imv lmstudio mpv neovim openssl # Alias vi even with sudo. (pkgs.writeShellScriptBin "vi" '' exec ${pkgs.neovim}/bin/nvim "$@" '') pinentry-curses rsync rustc tldr vscodium # Hyprland essentials hyprpaper # Wallpaper daemon hypridle # Idle daemon hyprlock # Lock screen xdg-utils # XDG utilities #polkit-kde-agent # Polkit authentication agent ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; hardware.graphics = { enable = true; extraPackages = with pkgs; [ rocmPackages.clr.icd # ROCm OpenCL runtime rocmPackages.clr rocmPackages.rocminfo rocmPackages.rocm-runtime ]; }; networking.hostName = "crossbox"; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; networking.networkmanager.enable = true; time.timeZone = "America/Los_Angeles"; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; programs.gnupg.agent = { enable = true; pinentryPackage = pkgs.pinentry-curses; }; # Hyprland configuration programs.hyprland = { enable = true; xwayland.enable = true; }; # Display manager for Hyprland services.displayManager.sddm = { enable = true; wayland.enable = true; }; # XDG portal for screen sharing and other desktop features xdg.portal = { enable = true; extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; services.xserver = { enable = true; xkb = { layout = "us"; variant = ""; }; }; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound with pipewire. services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; }; # Define a user account. Don't forget to set a password with 'passwd'. users.users.brimlock = { isNormalUser = true; home = "/home/brimlock"; description = "brimlock"; extraGroups = [ "docker" "networkmanager" "wheel" "video" "render" ]; packages = with pkgs; [ # Hyprland utilities and applications waybar # Status bar wofi # Application launcher kitty # Terminal emulator dunst # Notification daemon swaylock # Screen locker swayidle # Idle management daemon wlogout # Logout menu grim # Screenshot tool slurp # Screen area selector wl-clipboard # Clipboard utilities brightnessctl # Brightness control pavucontrol # Audio control networkmanagerapplet # Network manager applet # File manager and utilities nautilus gnome-themes-extra # Additional tools libreoffice grub2_efi exfatprogs ]; }; # Install firefox system-wide as well programs.firefox.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; # Add cachix for faster builds nix.settings = { substituters = [ "https://cache.nixos.org/" "https://nix-community.cachix.org" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; }; environment.variables.EDITOR = "nvim"; # Polkit for privilege escalation #security.polkit.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; system.stateVersion = "25.11"; # Crossbox Configuration environment.shellAliases = { vi = "nvim"; vim = "nvim"; }; security.sudo = { enable = true; extraRules = [ { users = [ "brimlock" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; }; programs.steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; # List services that you want to enable: services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; }; # Disable automatic suspend. # Otherwise SSH tunnels and HDMI signals break. services.logind = { settings = { Login = { HandleLidSwitch = "ignore"; HandleHibernateKey = "ignore"; HandleSuspendKey = "ignore"; HandlePowerKey = "ignore"; }; }; }; # Disable automatic suspend for SystemD. systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; virtualisation.docker = { enable = true; autoPrune = { enable = true; dates = "weekly"; }; rootless = { enable = true; setSocketVariable = true; }; }; }