nixos-config/configuration.nix

{ config, pkgs, ... }:

{

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };

  environment.systemPackages = with pkgs; [
    cargo
    chromium
    claude-code
    curl
    docker-compose
    gcc
    git
    gnupg
    imv
    keepassxc
    mdbook
    mpv
    neovim
    openssl
    # Alias vi even with sudo.
    (pkgs.writeShellScriptBin "vi" ''
      exec ${pkgs.neovim}/bin/nvim "$@"
    '')
    pinentry-curses
    python3
    rsync
    rustc
    tldr
    tor                 # Tor anonymity network
    vscodium

    # Hyprland essentials
    hyprpaper           # Wallpaper daemon
    hypridle            # Idle daemon
    hyprlock            # Lock screen
    xdg-utils           # XDG utilities
    #polkit-kde-agent    # Polkit authentication agent
  ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Enables wireless support via wpa_supplicant.
  # networking.wireless.enable = true;

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  networking.networkmanager.enable = true;

  time.timeZone = "America/Los_Angeles";

  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  programs.gnupg.agent = {
    enable = true;
    pinentryPackage = pkgs.pinentry-curses;
  };

  # Hyprland configuration
  programs.hyprland = {
    enable = true;
    xwayland.enable = true;
  };

  # Display manager for Hyprland
  services.displayManager.sddm = {
    enable = true;
    wayland.enable = true;
  };

  # XDG portal for screen sharing and other desktop features
  xdg.portal = {
    enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-hyprland ];
  };

  services.xserver = {
    enable = true;
    xkb = {
      layout = "us";
      variant = "";
    };
  };

  # Enable CUPS to print documents.
  services.printing.enable = true;

  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;
  };

  # Define a user account. Don't forget to set a password with 'passwd'.
  users.users.brimlock = {
    isNormalUser = true;
    home = "/home/brimlock";
    description = "brimlock";
    extraGroups = [ "docker" "networkmanager" "wheel" "video" "render" ];
    packages = with pkgs; [
      # Hyprland utilities and applications
      waybar              # Status bar
      wofi                # Application launcher
      kitty               # Terminal emulator
      dunst               # Notification daemon
      swaylock            # Screen locker
      swayidle            # Idle management daemon
      wlogout             # Logout menu
      grim                # Screenshot tool
      slurp               # Screen area selector
      wl-clipboard        # Clipboard utilities
      brightnessctl       # Brightness control
      pavucontrol         # Audio control
      networkmanagerapplet # Network manager applet

      # File manager and utilities
      nautilus
      gnome-themes-extra

      # Additional tools
      libreoffice
      grub2_efi
      exfatprogs
      tor-browser         # Tor Browser
    ];
  };

  programs.firefox.enable = true;

  # Enable Tor service
  services.tor = {
    enable = true;
    client.enable = true;
  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Add cachix for faster builds
  nix.settings = {
    substituters = [
      "https://cache.nixos.org/"
      "https://nix-community.cachix.org"
    ];
    trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
  };

  environment.variables.EDITOR = "nvim";
  # Polkit for privilege escalation
  #security.polkit.enable = true;

  environment.shellAliases = {
    vi = "nvim";
    vim = "nvim";
  };

  security.sudo = {
    enable = true;
    extraRules = [
      {
        users = [ "brimlock" ];
        commands = [
          {
            command = "ALL";
            options = [ "NOPASSWD" ];
          }
        ];
      }
    ];
  };

  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };

  # Disable automatic suspend for SystemD.
  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
  systemd.targets.hybrid-sleep.enable = false;
}