feat: initialize repo with NixOS and Home Manager configs

- Add .gitignore for common languages, tools, and OS/editor artifacts
- Configure .gitattributes for Git LFS (fonts, images, archives, ISOs)
- Add README with repo description
- Add flake.nix defining inputs and outputs for NixOS, Home Manager, and related modules
- Introduce home-manager configs:
  - Base home.nix with packages, services, and programs
  - Hyprland WM configuration (waybar, fuzzel, keybindings, theming)
  - Vim (nixvim) setup with LSP and plugins
  - Zsh setup with aliases, Oh My Zsh, clipboard helpers
  - Systemd user services (e.g., librespot)
- Add scripts (GPU monitor, RAM build helper, install automation)
- Add host configurations:
  - Nixbook (Apple laptop) with hardware, disko, and install script
  - Nixstation (desktop) with firewall, virtualization, Btrfs scrub timer
  - Nixtest (test VM) with QEMU + Alpine-based install test harness
  - Common modules (network, NVIDIA, rclone, screen, keychron, users)
- Include statix config for linting

hosts/common/network.nix

@@ -0,0 +1,116 @@
+{ pkgs, ... }:
+{
+  networking = {
+    hostName = "Nixstation";
+    networkmanager.enable = true;
+
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [
+        2375
+        4780
+        11470
+        25565
+      ];
+      allowedUDPPorts = [
+        8888
+        8899
+      ];
+    };
+  };
+
+  services = {
+    tailscale.enable = true;
+    openssh.enable = true;
+    # openssh.settings.X11Forwarding = true;
+  };
+
+  virtualisation.docker = {
+    enable = true;
+    package = pkgs.docker_25;
+    storageDriver = "btrfs";
+    daemon.settings = {
+      hosts = [ "unix:///var/run/docker.sock" ];
+      features.cdi = true;
+      userland-proxy = false;
+      experimental = true;
+      metrics-addr = "0.0.0.0:9323";
+    };
+
+    # daemon.settings = {
+
+    #   hosts = [
+    #     "unix:///var/run/docker.sock"
+    #   ];
+
+    #   features = {
+    #     cdi = true;
+    #   };
+
+    #   userland-proxy = false;
+    #   experimental = true;
+    #   metrics-addr = "0.0.0.0:9323";
+
+    #   default-runtime = "nvidia";
+    #   runtimes = {
+    #     nvidia = {
+    #       path = "nvidia-container-runtime";
+    #     };
+    #     nvidia-cdi = {
+    #       path = "nvidia-container-runtime.cdi";
+    #     };
+    #     nvidia-legacy = {
+    #       path = "nvidia-container-runtime.legacy";
+    #     };
+    #   };
+    # };
+  };
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+
+    settings = {
+      global = {
+        "workgroup" = "WORKGROUP";
+        "server string" = "smbnix";
+        "netbios name" = "smbnix";
+
+        # "use sendfile" = "yes";
+        # "max protocol" = "smb2";
+        # note: localhost is the ipv6 localhost ::1
+        "hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 localhost";
+        "hosts deny" = "0.0.0.0/0";
+        "guest account" = "nobody";
+        "map to guest" = "bad user";
+        security = "user";
+        # shared = {
+        #  path = "/home/thiago/Downloads/oblivion";
+        #  browseable = true;
+        #  writable = false;
+        #  guestOk = true;
+        #  "force user" = "thiago";
+        # };
+      };
+
+      # shares = {
+      #   OneDrive = ''
+      #     path = "/run/media/thiago/hdd0/OneDrive/"
+      #     browseable = "yes"
+      #     "read only" = "no"
+      #     "guest ok" = "no"
+      #     "create mask" = "0644"
+      #     "directory mask" = "0755"
+      #     "force user" = "thiago"
+      #     "force group" = "users"
+      #   '';
+      # };
+    };
+  };
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+}