fix: RocksDB build

Also change some links to the new ones, removing reliance on June's github repos in some places

flake.lock

@@ -10,11 +10,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1738524606,
+        "lastModified": 1751403276,
-        "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
+        "narHash": "sha256-V0EPQNsQko1a8OqIWc2lLviLnMpR1m08Ej00z5RVTfs=",
         "owner": "zhaofengli",
         "repo": "attic",
-        "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
+        "rev": "896ad88fa57ad5dbcd267c0ac51f1b71ccfcb4dd",
         "type": "github"
       },
       "original": {
@@ -32,11 +32,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1737621947,
+        "lastModified": 1748883665,
-        "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
+        "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
         "owner": "cachix",
         "repo": "cachix",
-        "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
+        "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
         "type": "github"
       },
       "original": {
@@ -63,11 +63,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1728672398,
+        "lastModified": 1744206633,
-        "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
+        "narHash": "sha256-pb5aYkE8FOoa4n123slgHiOf1UbNSnKe5pEZC+xXD5g=",
         "owner": "cachix",
         "repo": "cachix",
-        "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
+        "rev": "8a60090640b96f9df95d1ab99e5763a586be1404",
         "type": "github"
       },
       "original": {
@@ -77,23 +77,6 @@
         "type": "github"
       }
     },
-    "complement": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1741891349,
-        "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
-        "owner": "girlbossceo",
-        "repo": "complement",
-        "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
-        "type": "github"
-      },
-      "original": {
-        "owner": "girlbossceo",
-        "ref": "main",
-        "repo": "complement",
-        "type": "github"
-      }
-    },
     "crane": {
       "inputs": {
         "nixpkgs": [
@@ -117,11 +100,11 @@
     },
     "crane_2": {
       "locked": {
-        "lastModified": 1739936662,
+        "lastModified": 1750266157,
-        "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
+        "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
+        "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48",
         "type": "github"
       },
       "original": {
@@ -149,11 +132,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733323168,
+        "lastModified": 1748273445,
-        "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
+        "narHash": "sha256-5V0dzpNgQM0CHDsMzh+ludYeu1S+Y+IMjbaskSSdFh0=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
+        "rev": "668a50d8b7bdb19a0131f53c9f6c25c9071e1ffb",
         "type": "github"
       },
       "original": {
@@ -170,11 +153,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1740724364,
+        "lastModified": 1751525020,
-        "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=",
+        "narHash": "sha256-oDO6lCYS5Bf4jUITChj9XV7k3TP38DE0Ckz5n5ORCME=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "edf7d9e431cda8782e729253835f178a356d3aab",
+        "rev": "a1a5f92f47787e7df9f30e5e5ac13e679215aa1e",
         "type": "github"
       },
       "original": {
@@ -203,11 +186,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1733328505,
+        "lastModified": 1747046372,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -219,11 +202,11 @@
     "flake-compat_3": {
       "flake": false,
       "locked": {
-        "lastModified": 1733328505,
+        "lastModified": 1747046372,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -306,15 +289,14 @@
         "nixpkgs": [
           "cachix",
           "nixpkgs"
-        ],
+        ]
-        "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1733318908,
+        "lastModified": 1747372754,
-        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
+        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
+        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
         "type": "github"
       },
       "original": {
@@ -361,23 +343,6 @@
         "type": "github"
       }
     },
-    "liburing": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1740613216,
-        "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=",
-        "owner": "axboe",
-        "repo": "liburing",
-        "rev": "e1003e496e66f9b0ae06674869795edf772d5500",
-        "type": "github"
-      },
-      "original": {
-        "owner": "axboe",
-        "ref": "master",
-        "repo": "liburing",
-        "type": "github"
-      }
-    },
     "nix": {
       "inputs": {
         "flake-compat": [
@@ -401,11 +366,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727438425,
+        "lastModified": 1745930071,
-        "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
+        "narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=",
         "owner": "domenkozar",
         "repo": "nix",
-        "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
+        "rev": "b455edf3505f1bf0172b39a735caef94687d0d9c",
         "type": "github"
       },
       "original": {
@@ -484,29 +449,13 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1730741070,
-        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1730531603,
+        "lastModified": 1733212471,
-        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
+        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
         "type": "github"
       },
       "original": {
@@ -534,11 +483,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1733212471,
+        "lastModified": 1748190013,
-        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+        "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
+        "rev": "62b852f6c6742134ade1abdd2a21685fd617a291",
         "type": "github"
       },
       "original": {
@@ -550,11 +499,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1740547748,
+        "lastModified": 1751498133,
-        "narHash": "sha256-Ly2fBL1LscV+KyCqPRufUBuiw+zmWrlJzpWOWbahplg=",
+        "narHash": "sha256-QWJ+NQbMU+NcU2xiyo7SNox1fAuwksGlQhpzBl76g1I=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3a05eebede89661660945da1f151959900903b6a",
+        "rev": "d55716bb59b91ae9d1ced4b1ccdea7a442ecbfdb",
         "type": "github"
       },
       "original": {
@@ -569,28 +518,26 @@
       "locked": {
         "lastModified": 1741308171,
         "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=",
-        "owner": "girlbossceo",
+        "ref": "v9.11.1",
-        "repo": "rocksdb",
         "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986",
-        "type": "github"
+        "revCount": 13177,
+        "type": "git",
+        "url": "https://forgejo.ellis.link/continuwuation/rocksdb"
       },
       "original": {
-        "owner": "girlbossceo",
         "ref": "v9.11.1",
-        "repo": "rocksdb",
+        "type": "git",
-        "type": "github"
+        "url": "https://forgejo.ellis.link/continuwuation/rocksdb"
       }
     },
     "root": {
       "inputs": {
         "attic": "attic",
         "cachix": "cachix",
-        "complement": "complement",
         "crane": "crane_2",
         "fenix": "fenix",
         "flake-compat": "flake-compat_3",
         "flake-utils": "flake-utils",
-        "liburing": "liburing",
         "nix-filter": "nix-filter",
         "nixpkgs": "nixpkgs_5",
         "rocksdb": "rocksdb"
@@ -599,11 +546,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1740691488,
+        "lastModified": 1751433876,
-        "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=",
+        "narHash": "sha256-IsdwOcvLLDDlkFNwhdD5BZy20okIQL01+UQ7Kxbqh8s=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5",
+        "rev": "11d45c881389dae90b0da5a94cde52c79d0fc7ef",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,113 +2,127 @@
   inputs = {
     attic.url = "github:zhaofengli/attic?ref=main";
     cachix.url = "github:cachix/cachix?ref=master";
-    complement = { url = "github:girlbossceo/complement?ref=main"; flake = false; };
+    crane = {
-    crane = { url = "github:ipetkov/crane?ref=master"; };
+      url = "github:ipetkov/crane?ref=master";
-    fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; };
+    };
-    flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; };
+    fenix = {
+      url = "github:nix-community/fenix?ref=main";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    flake-compat = {
+      url = "github:edolstra/flake-compat?ref=master";
+      flake = false;
+    };
     flake-utils.url = "github:numtide/flake-utils?ref=main";
     nix-filter.url = "github:numtide/nix-filter?ref=main";
     nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable";
-    rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.11.1"; flake = false; };
+    rocksdb = {
-    liburing = { url = "github:axboe/liburing?ref=master"; flake = false; };
+      url = "git+https://forgejo.ellis.link/continuwuation/rocksdb?ref=v9.11.1";
+      flake = false;
+    };
   };
 
-  outputs = inputs:
+  outputs =
-    inputs.flake-utils.lib.eachDefaultSystem (system:
+    inputs:
+    inputs.flake-utils.lib.eachDefaultSystem (
+      system:
       let
-      pkgsHost = import inputs.nixpkgs{
+        pkgsHost = import inputs.nixpkgs {
           inherit system;
         };
-      pkgsHostStatic = pkgsHost.pkgsStatic;
 
         # The Rust toolchain to use
         toolchain = inputs.fenix.packages.${system}.fromToolchainFile {
           file = ./rust-toolchain.toml;
 
           # See also `rust-toolchain.toml`
-        sha256 = "sha256-X/4ZBHO3iW0fOenQ3foEvscgAPJYl2abspaBThDOukI=";
+          sha256 = "sha256-KUm16pHj+cRedf8vxs/Hd2YWxpOrWZ7UOrwhILdSJBU=";
         };
 
-      mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {
+        mkScope =
-        inherit pkgs;
+          pkgs:
-        book = self.callPackage ./nix/pkgs/book {};
+          pkgs.lib.makeScope pkgs.newScope (self: {
-        complement = self.callPackage ./nix/pkgs/complement {};
+            inherit pkgs inputs;
-        craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain));
+            craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain);
-        inherit inputs;
+            main = self.callPackage ./nix/pkgs/main { };
-        main = self.callPackage ./nix/pkgs/main {};
-        oci-image = self.callPackage ./nix/pkgs/oci-image {};
-        tini = pkgs.tini.overrideAttrs {
-            # newer clang/gcc is unhappy with tini-static: <https://3.dog/~strawberry/pb/c8y4>
-            patches = [ (pkgs.fetchpatch {
-                url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch";
-                hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k=";
-              })
-            ];
-        };
             liburing = pkgs.liburing.overrideAttrs {
               # Tests weren't building
-          outputs = [ "out" "dev" "man" ];
+              outputs = [
+                "out"
+                "dev"
+                "man"
+              ];
               buildFlags = [ "library" ];
-          src = inputs.liburing;
             };
-        rocksdb = (pkgs.rocksdb.override {
+            rocksdb =
-          liburing = self.liburing;
+              (pkgs.rocksdb_9_10.override {
-        }).overrideAttrs (old: {
+                # Override the liburing input for the build with our own so
+                # we have it built with the library flag
+                inherit (self) liburing;
+              }).overrideAttrs
+                (old: {
                   src = inputs.rocksdb;
-          version = pkgs.lib.removePrefix
+                  version = "v9.11.1";
-            "v"
+                  cmakeFlags =
-            (builtins.fromJSON (builtins.readFile ./flake.lock))
+                    pkgs.lib.subtractLists [
-              .nodes.rocksdb.original.ref;
+                      # No real reason to have snappy or zlib, no one uses this
-          # we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
-          # unsetting this so i don't have to revert it and make this nix exclusive
-          patches = [];
-          cmakeFlags = pkgs.lib.subtractLists
-            [
-              # no real reason to have snappy or zlib, no one uses this
                       "-DWITH_SNAPPY=1"
                       "-DZLIB=1"
                       "-DWITH_ZLIB=1"
-              # we dont need to use ldb or sst_dump (core_tools)
+                      # We don't need to use ldb or sst_dump (core_tools)
                       "-DWITH_CORE_TOOLS=1"
-              # we dont need to build rocksdb tests
+                      # We don't need to build rocksdb tests
                       "-DWITH_TESTS=1"
-              # we use rust-rocksdb via C interface and dont need C++ RTTI
+                      # We use rust-rocksdb via C interface and don't need C++ RTTI
                       "-DUSE_RTTI=1"
-              # this doesn't exist in RocksDB, and USE_SSE is deprecated for
+                      # This doesn't exist in RocksDB, and USE_SSE is deprecated for
                       # PORTABLE=$(march)
                       "-DFORCE_SSE42=1"
                       # PORTABLE will get set in main/default.nix
                       "-DPORTABLE=1"
-            ]
+                    ] old.cmakeFlags
-            old.cmakeFlags
                     ++ [
-              # no real reason to have snappy, no one uses this
+                      # No real reason to have snappy, no one uses this
                       "-DWITH_SNAPPY=0"
                       "-DZLIB=0"
                       "-DWITH_ZLIB=0"
-              # we dont need to use ldb or sst_dump (core_tools)
+                      # We don't need to use ldb or sst_dump (core_tools)
                       "-DWITH_CORE_TOOLS=0"
-              # we dont need trace tools
+                      # We don't need trace tools
                       "-DWITH_TRACE_TOOLS=0"
-              # we dont need to build rocksdb tests
+                      # We don't need to build rocksdb tests
                       "-DWITH_TESTS=0"
-              # we use rust-rocksdb via C interface and dont need C++ RTTI
+                      # We use rust-rocksdb via C interface and don't need C++ RTTI
                       "-DUSE_RTTI=0"
                     ];
 
-          # outputs has "tools" which we dont need or use
+                  # outputs has "tools" which we don't need or use
                   outputs = [ "out" ];
 
-          # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
+                  # preInstall hooks has stuff for messing with ldb/sst_dump which we don't need or use
                   preInstall = "";
+
+                  # We have this already at https://forgejo.ellis.link/continuwuation/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
+                  # Unsetting this so we don't have to revert it and make this nix exclusive
+                  patches = [ ];
+
+                  postPatch = ''
+                    # Fix gcc-13 build failures due to missing <cstdint> and
+                    # <system_error> includes, fixed upstream since 8.x
+                    sed -e '1i #include <cstdint>' -i db/compaction/compaction_iteration_stats.h
+                    sed -e '1i #include <cstdint>' -i table/block_based/data_block_hash_index.h
+                    sed -e '1i #include <cstdint>' -i util/string_util.h
+                    sed -e '1i #include <cstdint>' -i include/rocksdb/utilities/checkpoint.h
+                  '';
                 });
           });
 
         scopeHost = mkScope pkgsHost;
-      scopeHostStatic = mkScope pkgsHostStatic;
+        mkCrossScope =
-      scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic;
+          crossSystem:
-      mkCrossScope = crossSystem:
+          let
-        let pkgsCrossStatic = (import inputs.nixpkgs {
+            pkgsCrossStatic =
+              (import inputs.nixpkgs {
                 inherit system;
                 crossSystem = {
                   config = crossSystem;
@@ -117,85 +131,19 @@
           in
           mkScope pkgsCrossStatic;
 
-      mkDevShell = scope: scope.pkgs.mkShell {
-        env = scope.main.env // {
-          # Rust Analyzer needs to be able to find the path to default crate
-          # sources, and it can read this environment variable to do so. The
-          # `rust-src` component is required in order for this to work.
-          RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";
-
-          # Convenient way to access a pinned version of Complement's source
-          # code.
-          COMPLEMENT_SRC = inputs.complement.outPath;
-
-          # Needed for Complement: <https://github.com/golang/go/issues/52690>
-          CGO_CFLAGS = "-Wl,--no-gc-sections";
-          CGO_LDFLAGS = "-Wl,--no-gc-sections";
-        };
-
-        # Development tools
-        packages = [
-          # Always use nightly rustfmt because most of its options are unstable
-          #
-          # This needs to come before `toolchain` in this list, otherwise
-          # `$PATH` will have stable rustfmt instead.
-          inputs.fenix.packages.${system}.latest.rustfmt
-
-          toolchain
-        ]
-        ++ (with pkgsHost.pkgs; [
-          # Required by hardened-malloc.rs dep
-          binutils
-
-          cargo-audit
-          cargo-auditable
-
-          # Needed for producing Debian packages
-          cargo-deb
-
-          # Needed for CI to check validity of produced Debian packages (dpkg-deb)
-          dpkg
-
-	  engage
-
-          # Needed for Complement
-          go
-
-          # Needed for our script for Complement
-          jq
-          gotestfmt
-
-          # Needed for finding broken markdown links
-          lychee
-
-          # Needed for linting markdown files
-          markdownlint-cli
-
-          # Useful for editing the book locally
-          mdbook
-
-          # used for rust caching in CI to speed it up
-          sccache
-        ]
-        # liburing is Linux-exclusive
-        ++ lib.optional stdenv.hostPlatform.isLinux liburing
-        ++ lib.optional stdenv.hostPlatform.isLinux numactl)
-        ++ scope.main.buildInputs
-        ++ scope.main.propagatedBuildInputs
-        ++ scope.main.nativeBuildInputs;
-      };
       in
       {
-      packages = {
+        packages =
+          {
             default = scopeHost.main.override {
               disable_features = [
-                # dont include experimental features
+                # Don't include experimental features
                 "experimental"
                 # jemalloc profiling/stats features are expensive and shouldn't
                 # be expected on non-debug builds.
                 "jemalloc_prof"
                 "jemalloc_stats"
-                # this is non-functional on nix for some reason
+                # This is non-functional on nix for some reason
                 "hardened_malloc"
                 # conduwuit_mods is a development-only hot reload feature
                 "conduwuit_mods"
@@ -203,23 +151,23 @@
             };
             default-debug = scopeHost.main.override {
               profile = "dev";
-            # debug build users expect full logs
+              # Debug build users expect full logs
               disable_release_max_log_level = true;
               disable_features = [
-                # dont include experimental features
+                # Don't include experimental features
                 "experimental"
-                # this is non-functional on nix for some reason
+                # This is non-functional on nix for some reason
                 "hardened_malloc"
                 # conduwuit_mods is a development-only hot reload feature
                 "conduwuit_mods"
               ];
             };
-        # just a test profile used for things like CI and complement
+            # Just a test profile used for things like CI and complement
             default-test = scopeHost.main.override {
               profile = "test";
               disable_release_max_log_level = true;
               disable_features = [
-                # dont include experimental features
+                # Don't include experimental features
                 "experimental"
                 # this is non-functional on nix for some reason
                 "hardened_malloc"
@@ -230,13 +178,13 @@
             all-features = scopeHost.main.override {
               all_features = true;
               disable_features = [
-                # dont include experimental features
+                # Don't include experimental features
                 "experimental"
                 # jemalloc profiling/stats features are expensive and shouldn't
                 # be expected on non-debug builds.
                 "jemalloc_prof"
                 "jemalloc_stats"
-                # this is non-functional on nix for some reason
+                # This is non-functional on nix for some reason
                 "hardened_malloc"
                 # conduwuit_mods is a development-only hot reload feature
                 "conduwuit_mods"
@@ -245,71 +193,24 @@
             all-features-debug = scopeHost.main.override {
               profile = "dev";
               all_features = true;
-            # debug build users expect full logs
+              # Debug build users expect full logs
               disable_release_max_log_level = true;
               disable_features = [
-                # dont include experimental features
+                # Don't include experimental features
                 "experimental"
-                # this is non-functional on nix for some reason
+                # This is non-functional on nix for some reason
                 "hardened_malloc"
                 # conduwuit_mods is a development-only hot reload feature
                 "conduwuit_mods"
               ];
             };
-        hmalloc = scopeHost.main.override { features = ["hardened_malloc"]; };
+            hmalloc = scopeHost.main.override { features = [ "hardened_malloc" ]; };
-
-        oci-image = scopeHost.oci-image;
-        oci-image-all-features = scopeHost.oci-image.override {
-          main = scopeHost.main.override {
-            all_features = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # jemalloc profiling/stats features are expensive and shouldn't
-                # be expected on non-debug builds.
-                "jemalloc_prof"
-                "jemalloc_stats"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-          };
-        };
-        oci-image-all-features-debug = scopeHost.oci-image.override {
-          main = scopeHost.main.override {
-            profile = "dev";
-            all_features = true;
-            # debug build users expect full logs
-            disable_release_max_log_level = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-          };
-        };
-        oci-image-hmalloc = scopeHost.oci-image.override {
-          main = scopeHost.main.override {
-            features = ["hardened_malloc"];
-          };
-        };
-
-        book = scopeHost.book;
-
-        complement = scopeHost.complement;
-        static-complement = scopeHostStatic.complement;
-        # macOS containers don't exist, so the complement images must be forced to linux
-        linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement;
           }
-      //
+          // builtins.listToAttrs (
-      builtins.listToAttrs
+            builtins.concatLists (
-        (builtins.concatLists
+              builtins.map
-          (builtins.map
+                (
-            (crossSystem:
+                  crossSystem:
                   let
                     binaryName = "static-${crossSystem}";
                     scopeCrossStatic = mkCrossScope crossSystem;
@@ -326,7 +227,8 @@
                     {
                       name = "${binaryName}-x86_64-haswell-optimised";
                       value = scopeCrossStatic.main.override {
-                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                        x86_64_haswell_target_optimised =
+                          if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false;
                       };
                     }
 
@@ -396,7 +298,8 @@
                           # conduwuit_mods is a development-only hot reload feature
                           "conduwuit_mods"
                         ];
-                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                        x86_64_haswell_target_optimised =
+                          if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false;
                       };
                     }
 
@@ -423,121 +326,9 @@
                     {
                       name = "${binaryName}-hmalloc";
                       value = scopeCrossStatic.main.override {
-                    features = ["hardened_malloc"];
+                        features = [ "hardened_malloc" ];
                       };
                     }
-
-                # An output for an OCI image based on that binary
-                {
-                  name = "oci-image-${crossSystem}";
-                  value = scopeCrossStatic.oci-image;
-                }
-
-                # An output for an OCI image based on that binary with x86_64 haswell
-                # target optimisations
-                {
-                  name = "oci-image-${crossSystem}-x86_64-haswell-optimised";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that unstripped debug ("dev") binary
-                {
-                  name = "oci-image-${crossSystem}-debug";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                        profile = "dev";
-                        # debug build users expect full logs
-                        disable_release_max_log_level = true;
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that binary with `--all-features`
-                {
-                  name = "oci-image-${crossSystem}-all-features";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      all_features = true;
-                      disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # jemalloc profiling/stats features are expensive and shouldn't
-                        # be expected on non-debug builds.
-                        "jemalloc_prof"
-                        "jemalloc_stats"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                      ];
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell
-                # target optimisations
-                {
-                  name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      all_features = true;
-                      disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # jemalloc profiling/stats features are expensive and shouldn't
-                        # be expected on non-debug builds.
-                        "jemalloc_prof"
-                        "jemalloc_stats"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                      ];
-                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features`
-                {
-                  name = "oci-image-${crossSystem}-all-features-debug";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      profile = "dev";
-                      all_features = true;
-                      # debug build users expect full logs
-                      disable_release_max_log_level = true;
-                      disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                      ];
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that binary with hardened_malloc
-                {
-                  name = "oci-image-${crossSystem}-hmalloc";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      features = ["hardened_malloc"];
-                    };
-                  };
-                }
-
-                # An output for a complement OCI image for the specified platform
-                {
-                  name = "complement-${crossSystem}";
-                  value = scopeCrossStatic.complement;
-                }
                   ]
                 )
                 [
@@ -549,30 +340,6 @@
                 ]
             )
           );
-
+      }
-      devShells.default = mkDevShell scopeHostStatic;
+    );
-      devShells.all-features = mkDevShell
-        (scopeHostStatic.overrideScope (final: prev: {
-          main = prev.main.override {
-            all_features = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # jemalloc profiling/stats features are expensive and shouldn't
-                # be expected on non-debug builds.
-                "jemalloc_prof"
-                "jemalloc_stats"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        }));
-      devShells.no-features = mkDevShell
-        (scopeHostStatic.overrideScope (final: prev: {
-          main = prev.main.override { default_features = false; };
-        }));
-      devShells.dynamic = mkDevShell scopeHost;
-    });
 }

nix/pkgs/book/default.nix

@@ -1,36 +0,0 @@
-{ inputs
-
-# Dependencies
-, main
-, mdbook
-, stdenv
-}:
-
-stdenv.mkDerivation {
-  inherit (main) pname version;
-
-  src = inputs.nix-filter {
-    root = inputs.self;
-    include = [
-      "book.toml"
-      "conduwuit-example.toml"
-      "CODE_OF_CONDUCT.md"
-      "CONTRIBUTING.md"
-      "README.md"
-      "development.md"
-      "debian/conduwuit.service"
-      "debian/README.md"
-      "arch/conduwuit.service"
-      "docs"
-      "theme"
-    ];
-  };
-
-  nativeBuildInputs = [
-    mdbook
-  ];
-
-  buildPhase = ''
-    mdbook build -d $out
-  '';
-}

nix/pkgs/complement/certificate.crt

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDfzCCAmegAwIBAgIUcrZdSPmCh33Evys/U6mTPpShqdcwDQYJKoZIhvcNAQEL
-BQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29mZXJz
-IGluYy4xDDAKBgNVBAMMA2hzMTAgFw0yNTAzMTMxMjU4NTFaGA8yMDUyMDcyODEy
-NTg1MVowPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29m
-ZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjHuCLZLpYt
-/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZRxmOhtp88
-awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZbo61q8HBp
-L0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42BhGtnJZsK
-K5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBevUdBh8gl
-8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaNxMG8wCQYDVR0TBAIwADALBgNV
-HQ8EBAMCBPAwNgYDVR0RBC8wLYIRKi5kb2NrZXIuaW50ZXJuYWyCA2hzMYIDaHMy
-ggNoczOCA2hzNIcEfwAAATAdBgNVHQ4EFgQUr4VYrmW1d+vjBTJewvy7fJYhLDYw
-DQYJKoZIhvcNAQELBQADggEBADkYqkjNYxjWX8hUUAmFHNdCwzT1CpYe/5qzLiyJ
-irDSdMlC5g6QqMUSrpu7nZxo1lRe1dXGroFVfWpoDxyCjSQhplQZgtYqtyLfOIx+
-HQ7cPE/tUU/KsTGc0aL61cETB6u8fj+rQKUGdfbSlm0Rpu4v0gC8RnDj06X/hZ7e
-VkWU+dOBzxlqHuLlwFFtVDgCyyTatIROx5V+GpMHrVqBPO7HcHhwqZ30k2kMM8J3
-y1CWaliQM85jqtSZV+yUHKQV8EksSowCFJuguf+Ahz0i0/koaI3i8m4MRN/1j13d
-jbTaX5a11Ynm3A27jioZdtMRty6AJ88oCp18jxVzqTxNNO4=
------END CERTIFICATE-----

nix/pkgs/complement/config.toml

@@ -1,50 +0,0 @@
-[global]
-address = "0.0.0.0"
-allow_device_name_federation = true
-allow_guest_registration = true
-allow_public_room_directory_over_federation = true
-allow_public_room_directory_without_auth = true
-allow_registration = true
-database_path = "/database"
-log = "trace,h2=debug,hyper=debug"
-port = [8008, 8448]
-trusted_servers = []
-only_query_trusted_key_servers = false
-query_trusted_key_servers_first = false
-query_trusted_key_servers_first_on_join = false
-yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
-ip_range_denylist = []
-url_preview_domain_contains_allowlist = ["*"]
-url_preview_domain_explicit_denylist = ["*"]
-media_compat_file_link = false
-media_startup_check = true
-prune_missing_media = true
-log_colors = true
-admin_room_notices = false
-allow_check_for_updates = false
-intentionally_unknown_config_option_for_testing = true
-rocksdb_log_level = "info"
-rocksdb_max_log_files = 1
-rocksdb_recovery_mode = 0
-rocksdb_paranoid_file_checks = true
-log_guest_registrations = false
-allow_legacy_media = true
-startup_netburst = true
-startup_netburst_keep = -1
-
-allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
-
-# valgrind makes things so slow
-dns_timeout = 60
-dns_attempts = 20
-request_conn_timeout = 60
-request_timeout = 120
-well_known_conn_timeout = 60
-well_known_timeout = 60
-federation_idle_timeout = 300
-sender_timeout = 300
-sender_idle_timeout = 300
-sender_retry_backoff_limit = 300
-
-[global.tls]
-dual_protocol = true

nix/pkgs/complement/default.nix

@@ -1,89 +0,0 @@
-# Dependencies
-{ bashInteractive
-, buildEnv
-, coreutils
-, dockerTools
-, lib
-, main
-, stdenv
-, tini
-, writeShellScriptBin
-}:
-
-let
-  main' = main.override {
-    profile = "test";
-    all_features = true;
-    disable_release_max_log_level = true;
-    disable_features = [
-        # console/CLI stuff isn't used or relevant for complement
-        "console"
-        "tokio_console"
-        # sentry telemetry isn't useful for complement, disabled by default anyways
-        "sentry_telemetry"
-        "perf_measurements"
-        # this is non-functional on nix for some reason
-        "hardened_malloc"
-        # dont include experimental features
-        "experimental"
-        # compression isn't needed for complement
-        "brotli_compression"
-        "gzip_compression"
-        "zstd_compression"
-        # complement doesn't need hot reloading
-        "conduwuit_mods"
-        # complement doesn't have URL preview media tests
-        "url_preview"
-    ];
-  };
-
-  start = writeShellScriptBin "start" ''
-    set -euxo pipefail
-
-    ${lib.getExe' coreutils "env"} \
-      CONDUWUIT_SERVER_NAME="$SERVER_NAME" \
-      ${lib.getExe main'}
-  '';
-in
-
-dockerTools.buildImage {
-  name = "complement-conduwuit";
-  tag = "main";
-
-  copyToRoot = buildEnv {
-    name = "root";
-    pathsToLink = [
-      "/bin"
-    ];
-    paths = [
-      bashInteractive
-      coreutils
-      main'
-      start
-    ];
-  };
-
-  config = {
-    Cmd = [
-      "${lib.getExe start}"
-    ];
-
-    Entrypoint = if !stdenv.hostPlatform.isDarwin
-      # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
-      # are handled as expected
-      then [ "${lib.getExe' tini "tini"}" "--" ]
-      else [];
-
-    Env = [
-      "CONTINUWUITY_TLS__KEY=${./private_key.key}"
-      "CONTINUWUITY_TLS__CERTS=${./certificate.crt}"
-      "CONTINUWUITY_CONFIG=${./config.toml}"
-      "RUST_BACKTRACE=full"
-    ];
-
-    ExposedPorts = {
-      "8008/tcp" = {};
-      "8448/tcp" = {};
-    };
-  };
-}

nix/pkgs/complement/private_key.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDS/odmZivxajeb
-iyT7SMuhXqnMm+hF+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnT
-LvGEvNNx0px5M54H+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a
-09CphCFswO4PpxUUORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5ucc
-ebGMmCoO660hROSTBaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUga
-Qs/2tdT4kBzBH6kZOiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO
-/Ncsro/fAgMBAAECggEAITCCkfv+a5I+vwvrPE/eIDso0JOxvNhfg+BLQVy3AMnu
-WmeoMmshZeREWgcTrEGg8QQnk4Sdrjl8MnkO6sddJ2luza3t7OkGX+q7Hk5aETkB
-DIo+f8ufU3sIhlydF3OnVSK0fGpUaBq8AQ6Soyeyrk3G5NVufmjgae5QPbDBnqUb
-piOGyfcwagL4JtCbZsMk8AT7vQSynLm6zaWsVzWNd71jummLqtVV063K95J9PqVN
-D8meEcP3WR5kQrvf+mgy9RVgWLRtVWN8OLZfJ9yrnl4Efj62elrldUj4jaCFezGQ
-8f0W+d8jjt038qhmEdymw2MWQ+X/b0R79lJar1Up8QKBgQD1DtHxauhl+JUoI3y+
-3eboqXl7YPJt1/GTnChb4b6D1Z1hvLsOKUa7hjGEfruYGbsWXBCRMICdfzp+iWcq
-/lEOp7/YU9OaW4lQMoG4sXMoBWd9uLgg0E+aH6VDJOBvxsfafqM4ufmtspzwEm90
-FU1cq6oImomFnPChSq4X+3+YpwKBgQDcalaK9llCcscWA8HAP8WVVNTjCOqiDp9q
-td61E9IO/FIB/gW5y+JkaFRrA2CN1zY3s3K92uveLTNYTArecWlDcPNNFDuaYu2M
-Roz4bC104HGh+zztJ0iPVzELL81Lgg6wHhLONN+eVi4gTftJxzJFXybyb+xVT25A
-91ynKXB+CQKBgQC+Ub43MoI+/6pHvBfb3FbDByvz6D0flgBmVXb6tP3TQYmzKHJV
-8zSd2wCGGC71V7Z3DRVIzVR1/SOetnPLbivhp+JUzfWfAcxI3pDksdvvjxLrDxTh
-VycbWcxtsywjY0w/ou581eLVRcygnpC0pP6qJCAwAmUfwd0YRvmiYo6cLQKBgHIW
-UIlJDdaJFmdctnLOD3VGHZMOUHRlYTqYvJe5lKbRD5mcZFZRI/OY1Ok3LEj+tj+K
-kL+YizHK76KqaY3N4hBYbHbfHCLDRfWvptQHGlg+vFJ9eoG+LZ6UIPyLV5XX0cZz
-KoS1dXG9Zc6uznzXsDucDsq6B/f4TzctUjXsCyARAoGAOKb4HtuNyYAW0jUlujR7
-IMHwUesOGlhSXqFtP9aTvk6qJgvV0+3CKcWEb4y02g+uYftP8BLNbJbIt9qOqLYh
-tOVyzCoamAi8araAhjA0w4dXvqDCDK7k/gZFkojmKQtRijoxTHnWcDc3vAjYCgaM
-9MVtdgSkuh2gwkD/mMoAJXM=
------END PRIVATE KEY-----

nix/pkgs/complement/signing_request.csr

@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIChDCCAWwCAQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQK
-DAx3b29mZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjH
-uCLZLpYt/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZR
-xmOhtp88awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZb
-o61q8HBpL0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42B
-hGtnJZsKK5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBe
-vUdBh8gl8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaAAMA0GCSqGSIb3DQEB
-CwUAA4IBAQDR/gjfxN0IID1MidyhZB4qpdWn3m6qZnEQqoTyHHdWalbfNXcALC79
-ffS+Smx40N5hEPvqy6euR89N5YuYvt8Hs+j7aWNBn7Wus5Favixcm2JcfCTJn2R3
-r8FefuSs2xGkoyGsPFFcXE13SP/9zrZiwvOgSIuTdz/Pbh6GtEx7aV4DqHJsrXnb
-XuPxpQleoBqKvQgSlmaEBsJg13TQB+Fl2foBVUtqAFDQiv+RIuircf0yesMCKJaK
-MPH4Oo+r3pR8lI8ewfJPreRhCoV+XrGYMubaakz003TJ1xlOW8M+N9a6eFyMVh76
-U1nY/KP8Ua6Lgaj9PRz7JCRzNoshZID/
------END CERTIFICATE REQUEST-----

nix/pkgs/complement/v3.ext

@@ -1,12 +0,0 @@
-authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = *.docker.internal
-DNS.2 = hs1
-DNS.3 = hs2
-DNS.4 = hs3
-DNS.5 = hs4
-IP.1 = 127.0.0.1

nix/pkgs/main/cross-compilation-env.nix

@@ -4,20 +4,16 @@
 , stdenv
 }:
 
-lib.optionalAttrs stdenv.hostPlatform.isStatic {
+lib.optionalAttrs stdenv.hostPlatform.isStatic
+  {
     ROCKSDB_STATIC = "";
-}
+  }
 //
 {
   CARGO_BUILD_RUSTFLAGS =
     lib.concatStringsSep
       " "
-      ([]
+      (lib.optionals
-        # This disables PIE for static builds, which isn't great in terms
-        # of security. Unfortunately, my hand is forced because nixpkgs'
-        # `libstdc++.a` is built without `-fPIE`, which precludes us from
-        # leaving PIE enabled.
-        ++ lib.optionals
         stdenv.hostPlatform.isStatic
         [ "-C" "relocation-model=static" ]
       ++ lib.optionals
@@ -35,13 +31,13 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
       );
 }
 
-# What follows is stolen from [here][0]. Its purpose is to properly
+  # What follows is stolen from [here][0]. Its purpose is to properly
-# configure compilers and linkers for various stages of the build, and
+  # configure compilers and linkers for various stages of the build, and
-# even covers the case of build scripts that need native code compiled and
+  # even covers the case of build scripts that need native code compiled and
-# run on the build platform (I think).
+  # run on the build platform (I think).
-#
+  #
-# [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68
+  # [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68
-//
+  //
 (
   let
     inherit (rust.lib) envVars;

nix/pkgs/main/default.nix

@@ -12,10 +12,10 @@
 , rust-jemalloc-sys
 , stdenv
 
-# Options (keep sorted)
+  # Options (keep sorted)
 , all_features ? false
 , default_features ? true
-# default list of disabled features
+  # default list of disabled features
 , disable_features ? [
     # dont include experimental features
     "experimental"
@@ -27,47 +27,47 @@
     "hardened_malloc"
     # conduwuit_mods is a development-only hot reload feature
     "conduwuit_mods"
-]
+  ]
 , disable_release_max_log_level ? false
-, features ? []
+, features ? [ ]
 , profile ? "release"
-# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
+  # rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
-# haswell is pretty much any x86 cpu made in the last 12 years, and
+  # haswell is pretty much any x86 cpu made in the last 12 years, and
-# supports modern CPU extensions that rocksdb can make use of.
+  # supports modern CPU extensions that rocksdb can make use of.
-# disable if trying to make a portable x86_64 build for very old hardware
+  # disable if trying to make a portable x86_64 build for very old hardware
 , x86_64_haswell_target_optimised ? false
 }:
 
 let
-# We perform default-feature unification in nix, because some of the dependencies
+  # We perform default-feature unification in nix, because some of the dependencies
-# on the nix side depend on feature values.
+  # on the nix side depend on feature values.
-crateFeatures = path:
+  crateFeatures = path:
     let manifest = lib.importTOML "${path}/Cargo.toml"; in
     lib.remove "default" (lib.attrNames manifest.features);
-crateDefaultFeatures = path:
+  crateDefaultFeatures = path:
     (lib.importTOML "${path}/Cargo.toml").features.default;
-allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main";
+  allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main";
-allFeatures = crateFeatures "${inputs.self}/src/main";
+  allFeatures = crateFeatures "${inputs.self}/src/main";
-features' = lib.unique
+  features' = lib.unique
     (features ++
       lib.optionals default_features allDefaultFeatures ++
       lib.optionals all_features allFeatures);
-disable_features' = disable_features ++ lib.optionals disable_release_max_log_level ["release_max_log_level"];
+  disable_features' = disable_features ++ lib.optionals disable_release_max_log_level [ "release_max_log_level" ];
-features'' = lib.subtractLists disable_features' features';
+  features'' = lib.subtractLists disable_features' features';
 
-featureEnabled = feature : builtins.elem feature features'';
+  featureEnabled = feature: builtins.elem feature features'';
 
-enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin;
+  enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin;
 
-# This derivation will set the JEMALLOC_OVERRIDE variable, causing the
+  # This derivation will set the JEMALLOC_OVERRIDE variable, causing the
-# tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's
+  # tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's
-# own. In order for this to work, we need to set flags on the build that match
+  # own. In order for this to work, we need to set flags on the build that match
-# whatever flags tikv-jemalloc-sys was going to use. These are dependent on
+  # whatever flags tikv-jemalloc-sys was going to use. These are dependent on
-# which features we enable in tikv-jemalloc-sys.
+  # which features we enable in tikv-jemalloc-sys.
-rust-jemalloc-sys' = (rust-jemalloc-sys.override {
+  rust-jemalloc-sys' = (rust-jemalloc-sys.override {
     # tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature
     unprefixed = true;
-}).overrideAttrs (old: {
+  }).overrideAttrs (old: {
     configureFlags = old.configureFlags ++
       # we dont need docs
       [ "--disable-doc" ] ++
@@ -77,9 +77,9 @@ rust-jemalloc-sys' = (rust-jemalloc-sys.override {
       lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" ++
       # tikv-jemalloc-sys/stats feature
       (if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]);
-});
+  });
 
-buildDepsOnlyEnv =
+  buildDepsOnlyEnv =
     let
       rocksdb' = (rocksdb.override {
         jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
@@ -93,14 +93,16 @@ buildDepsOnlyEnv =
 
         # for some reason enableLiburing in nixpkgs rocksdb is default true
         # which breaks Darwin entirely
-      enableLiburing = enableLiburing;
+        inherit enableLiburing;
       }).overrideAttrs (old: {
-      enableLiburing = enableLiburing;
+        inherit enableLiburing;
-      cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [
+        cmakeFlags = (if x86_64_haswell_target_optimised then
+          (lib.subtractLists [
             # dont make a portable build if x86_64_haswell_target_optimised is enabled
             "-DPORTABLE=1"
-      ] old.cmakeFlags
+          ]
-      ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
+            old.cmakeFlags
+          ++ [ "-DPORTABLE=haswell" ]) else [ "-DPORTABLE=1" ]
         )
         ++ old.cmakeFlags;
 
@@ -129,21 +131,21 @@ buildDepsOnlyEnv =
         stdenv;
     });
 
-buildPackageEnv = {
+  buildPackageEnv = {
     GIT_COMMIT_HASH = inputs.self.rev or inputs.self.dirtyRev or "";
     GIT_COMMIT_HASH_SHORT = inputs.self.shortRev or inputs.self.dirtyShortRev or "";
-} // buildDepsOnlyEnv // {
+  } // buildDepsOnlyEnv // {
     # Only needed in static stdenv because these are transitive dependencies of rocksdb
     CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS
       + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic)
       " -L${lib.getLib liburing}/lib -luring"
       + lib.optionalString x86_64_haswell_target_optimised
       " -Ctarget-cpu=haswell";
-};
+  };
 
 
 
-commonAttrs = {
+  commonAttrs = {
     inherit
       (craneLib.crateNameFromCargoToml {
         cargoToml = "${inputs.self}/Cargo.toml";
@@ -167,7 +169,7 @@ commonAttrs = {
 
     cargoExtraArgs = "--no-default-features --locked "
       + lib.optionalString
-        (features'' != [])
+      (features'' != [ ])
       "--features " + (builtins.concatStringsSep "," features'');
 
     dontStrip = profile == "dev" || profile == "test";
@@ -199,7 +201,7 @@ commonAttrs = {
   };
 in
 
-craneLib.buildPackage ( commonAttrs // {
+craneLib.buildPackage (commonAttrs // {
   cargoArtifacts = craneLib.buildDepsOnly (commonAttrs // {
     env = buildDepsOnlyEnv;
   });
@@ -208,7 +210,7 @@ craneLib.buildPackage ( commonAttrs // {
 
   cargoExtraArgs = "--no-default-features --locked "
     + lib.optionalString
-      (features'' != [])
+    (features'' != [ ])
     "--features " + (builtins.concatStringsSep "," features'');
 
   env = buildPackageEnv;

nix/pkgs/oci-image/default.nix

@@ -1,46 +0,0 @@
-{ inputs
-
-# Dependencies
-, dockerTools
-, lib
-, main
-, stdenv
-, tini
-}:
-
-dockerTools.buildLayeredImage {
-  name = main.pname;
-  tag = "main";
-  created = "@${toString inputs.self.lastModified}";
-  contents = [
-    dockerTools.caCertificates
-    main
-  ];
-  config = {
-    Entrypoint = if !stdenv.hostPlatform.isDarwin
-      # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
-      # are handled as expected
-      then [ "${lib.getExe' tini "tini"}" "--" ]
-      else [];
-    Cmd = [
-      "${lib.getExe main}"
-    ];
-    Env = [
-      "RUST_BACKTRACE=full"
-    ];
-    Labels = {
-      "org.opencontainers.image.authors" = "June Clementine Strawberry <june@girlboss.ceo> and Jason Volk
-      <jason@zemos.net>";
-      "org.opencontainers.image.created" ="@${toString inputs.self.lastModified}";
-      "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust";
-      "org.opencontainers.image.documentation" = "https://continuwuity.org/";
-      "org.opencontainers.image.licenses" = "Apache-2.0";
-      "org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or "";
-      "org.opencontainers.image.source" = "https://forgejo.ellis.link/continuwuation/continuwuity";
-      "org.opencontainers.image.title" = main.pname;
-      "org.opencontainers.image.url" = "https://continuwuity.org/";
-      "org.opencontainers.image.vendor" = "continuwuation";
-      "org.opencontainers.image.version" = main.version;
-    };
-  };
-}