From 4dbb70199a2bc40c0499e15461ecf9a1c0947def Mon Sep 17 00:00:00 2001
From: Don Harper <duck@duckland.org>
Date: Wed, 24 Sep 2025 13:38:50 -0500
Subject: [PATCH] hosts | upstream changes python3Full -> python313

---
 hosts/pi-server/default.nix   |   4 +-
 hosts/server/default.nix      |   2 +-
 hosts/workstation/default.nix | 143 ++++++++++++++++++----------------
 3 files changed, 80 insertions(+), 69 deletions(-)

diff --git a/hosts/pi-server/default.nix b/hosts/pi-server/default.nix
index 9edcbaf..9c67dc2 100644
--- a/hosts/pi-server/default.nix
+++ b/hosts/pi-server/default.nix
@@ -8,7 +8,7 @@ let
       setuptools
       requests
     ];
-  python-with-my-packages = pkgs.python3Full.withPackages my-python-packages;
+  python-with-my-packages = pkgs.python313.withPackages my-python-packages;
 in {
   nix = {
     settings = {
@@ -146,7 +146,7 @@ in {
 
   environment.systemPackages = with pkgs; [
     # python-with-my-packages
-    python3Full
+    python313
     aspell
     aspellDicts.en
     base16-schemes
diff --git a/hosts/server/default.nix b/hosts/server/default.nix
index 1fff0d2..4fed04d 100644
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -8,7 +8,7 @@ let
       setuptools
       requests
     ];
-  python-with-my-packages = pkgs.python3Full.withPackages my-python-packages;
+  python-with-my-packages = pkgs.python313.withPackages my-python-packages;
 in {
   nix = {
     settings = {
diff --git a/hosts/workstation/default.nix b/hosts/workstation/default.nix
index 954810a..afe3769 100644
--- a/hosts/workstation/default.nix
+++ b/hosts/workstation/default.nix
@@ -1,5 +1,11 @@
-{ inputs, outputs, lib, config, pkgs, ... }:
-let
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
   my-python-packages = python-packages:
     with python-packages; [
       # pipx
@@ -11,14 +17,14 @@ let
       requests
       setuptools
     ];
-  python-with-my-packages = pkgs.python3Full.withPackages my-python-packages;
+  python-with-my-packages = pkgs.python313.withPackages my-python-packages;
 in {
   nix = {
     settings = {
       # experimental-features = ["nix-command" "flakes"];
       warn-dirty = false;
       auto-optimise-store = true;
-      trusted-users = [ "root" "don" ];
+      trusted-users = ["root" "don"];
     };
     gc = {
       automatic = true;
@@ -52,23 +58,26 @@ in {
   networking = {
     networkmanager.enable = true;
     enableIPv6 = true;
-    networkmanager = { wifi = { powersave = true; }; };
+    networkmanager = {wifi = {powersave = true;};};
     useDHCP = false;
     firewall = {
       enable = true;
-      trustedInterfaces =
-        [ "tailscale0" ]; # always allow traffic from your Tailscale network
+      trustedInterfaces = ["tailscale0"]; # always allow traffic from your Tailscale network
       checkReversePath = "loose";
-      allowedUDPPorts = [ config.services.tailscale.port ];
-      allowedTCPPortRanges = [{
-        from = 1714;
-        to = 1764;
-      }];
-      allowedUDPPortRanges = [{
-        from = 1714;
-        to = 1764;
-      }];
-      allowedTCPPorts = [ 22 ];
+      allowedUDPPorts = [config.services.tailscale.port];
+      allowedTCPPortRanges = [
+        {
+          from = 1714;
+          to = 1764;
+        }
+      ];
+      allowedUDPPortRanges = [
+        {
+          from = 1714;
+          to = 1764;
+        }
+      ];
+      allowedTCPPorts = [22];
     };
   };
 
@@ -84,7 +93,7 @@ in {
     inputMethod = {
       enable = true;
       type = "fcitx5";
-      fcitx5.addons = with pkgs; [ fcitx5-mozc fcitx5-gtk ];
+      fcitx5.addons = with pkgs; [fcitx5-mozc fcitx5-gtk];
     };
   };
 
@@ -92,33 +101,38 @@ in {
   boot = {
     # kernelPackages = pkgs.linuxPackages_latest;
     kernelPackages = pkgs.linuxPackages_zen;
-    kernelParams = [ "consoleblank=60" "mem_sleep_default=deep" ];
+    kernelParams = ["consoleblank=60" "mem_sleep_default=deep"];
     # extraModulePackages = [config.boot.kernelPackages.ddcci-driver];
     # kernelModules = ["i2c-dev" "ddcci_backlight"];
-    loader = if (pkgs.hostPlatform != lib.mkDefault "aarch64-linux") then {
-      systemd-boot = { enable = true; };
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
+    loader =
+      if (pkgs.hostPlatform != lib.mkDefault "aarch64-linux")
+      then {
+        systemd-boot = {enable = true;};
+        efi = {
+          canTouchEfiVariables = true;
+          efiSysMountPoint = "/boot";
+        };
+      }
+      else {
+        grub.enable = false;
+        generic-extlinux-compatible.enable = true;
       };
-    } else {
-      grub.enable = false;
-      generic-extlinux-compatible.enable = true;
-    };
-    plymouth = { enable = true; };
-    kernel = { sysctl = { "vm.swappiness" = 10; }; };
+    plymouth = {enable = true;};
+    kernel = {sysctl = {"vm.swappiness" = 10;};};
   };
 
   security = {
-    polkit = { enable = true; };
+    polkit = {enable = true;};
     sudo.enable = false;
     doas = {
       enable = true;
-      extraRules = [{
-        users = [ "don" ];
-        keepEnv = true;
-        noPass = true;
-      }];
+      extraRules = [
+        {
+          users = ["don"];
+          keepEnv = true;
+          noPass = true;
+        }
+      ];
     };
   };
 
@@ -135,17 +149,17 @@ in {
         userServices = true;
       };
     };
-    bpftune = { enable = true; };
-    flatpak = { enable = true; };
-    fstrim = { enable = true; };
-    fwupd = { enable = true; };
+    bpftune = {enable = true;};
+    flatpak = {enable = true;};
+    fstrim = {enable = true;};
+    fwupd = {enable = true;};
     locate = {
       enable = true;
       package = pkgs.mlocate;
     };
     logind = {
-      lidSwitchDocked = "ignore";
-      lidSwitchExternalPower = "ignore";
+      # lidSwitchDocked = "ignore";
+      # lidSwitchExternalPower = "ignore";
       settings = {
         Login = {
           HandleLidSwitchDocked = "ignore";
@@ -153,7 +167,7 @@ in {
         };
       };
     };
-    nscd = { enableNsncd = true; };
+    nscd = {enableNsncd = true;};
     openssh = {
       enable = true;
       settings = {
@@ -161,34 +175,34 @@ in {
         KbdInteractiveAuthentication = false;
       };
     };
-    pcscd = { enable = true; };
+    pcscd = {enable = true;};
     pipewire = {
       enable = true;
       alsa = {
         enable = true;
         support32Bit = true;
       };
-      pulse = { enable = true; };
+      pulse = {enable = true;};
     };
     printing = {
       enable = true;
-      drivers = [ pkgs.hplipWithPlugin ];
+      drivers = [pkgs.hplipWithPlugin];
     };
-    pulseaudio = { enable = false; };
-    tailscale = { enable = true; };
+    pulseaudio = {enable = false;};
+    tailscale = {enable = true;};
     udev = {
       extraRules = ''
         ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="ext4", ATTR{../queue/scheduler}="none" '';
     };
-    udisks2 = { enable = true; };
+    udisks2 = {enable = true;};
   };
 
   hardware = {
-    bluetooth = { enable = true; };
+    bluetooth = {enable = true;};
     sane = {
       enable = true;
-      extraBackends = [ pkgs.sane-airscan ];
-      disabledDefaultBackends = [ "escl" "v4l" ];
+      extraBackends = [pkgs.sane-airscan];
+      disabledDefaultBackends = ["escl" "v4l"];
     };
   };
   security.rtkit.enable = true;
@@ -215,8 +229,7 @@ in {
         isNormalUser = true;
         initialPassword = "changeme";
         description = "Don Harper";
-        extraGroups =
-          [ "networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk" ];
+        extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"];
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
         ];
@@ -235,9 +248,9 @@ in {
     config = {
       allowUnfree = true;
       allowUnfreePredicate = true;
-      permittedInsecurePackages = [ "libsoup-2.74.3" "qtwebengine-5.15.19" ];
+      permittedInsecurePackages = ["libsoup-2.74.3" "qtwebengine-5.15.19"];
       allowInsecurePredicate = pkg:
-        builtins.elem (lib.getName pkg) [ "broadcom-sta" ];
+        builtins.elem (lib.getName pkg) ["broadcom-sta"];
     };
   };
 
@@ -302,7 +315,6 @@ in {
     # toot
     udiskie
     wireplumber
-    wlsunset
     xdg-utils
     xfce.thunar
     xsane
@@ -310,10 +322,10 @@ in {
   ];
 
   programs = {
-    dconf = { enable = true; };
-    light = { enable = true; };
-    mtr = { enable = true; };
-    kdeconnect = { enable = true; };
+    dconf = {enable = true;};
+    light = {enable = true;};
+    mtr = {enable = true;};
+    kdeconnect = {enable = true;};
     gnupg = {
       agent = {
         enable = true;
@@ -325,14 +337,14 @@ in {
 
   nixpkgs.overlays = [
     (final: prev: {
-      qutebrowser = prev.qutebrowser.override { enableWideVine = true; };
+      qutebrowser = prev.qutebrowser.override {enableWideVine = true;};
     })
     (final: super: {
-      khal = super.khal.overridePythonAttrs (_: { doCheck = false; });
+      khal = super.khal.overridePythonAttrs (_: {doCheck = false;});
     })
   ];
 
-  nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+  nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
@@ -363,6 +375,5 @@ in {
     "x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
     "x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
   };
-  environment.sessionVariables.DEFAULT_BROWSER =
-    "${pkgs.qutebrowser}/bin/qutebrowser";
+  environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.qutebrowser}/bin/qutebrowser";
 }