misc nix tweaks to maybe speedup ci

Signed-off-by: strawberry <strawberry@puppygock.gay>
2025-02-06 18:07:49 -05:00 · 2025-02-06 18:07:49 -05:00 · 43e6c27bb7
commit 43e6c27bb7
parent c7c9f0e4a6
6 changed files with 54 additions and 57 deletions
--- a/bin/complement
+++ b/bin/complement
@ -34,7 +34,8 @@ toplevel="$(git rev-parse --show-toplevel)"
 pushd "$toplevel" > /dev/null
-bin/nix-build-and-cache just .#linux-complement
+#bin/nix-build-and-cache just .#linux-complement
 bin/nix-build-and-cache just .#complement
 docker load < result
 popd > /dev/null
--- a/flake.nix
+++ b/flake.nix
@ -169,21 +169,9 @@
          # used for rust caching in CI to speed it up
          sccache
          # needed so we can get rid of gcc and other unused deps that bloat OCI images
          removeReferencesTo
        ]
        # liburing is Linux-exclusive
-        ++ lib.optional stdenv.hostPlatform.isLinux liburing
+        ++ lib.optional stdenv.hostPlatform.isLinux liburing)
        # needed to build Rust applications on macOS
        ++ lib.optionals stdenv.hostPlatform.isDarwin [
            # https://github.com/NixOS/nixpkgs/issues/206242
            # ld: library not found for -liconv
            libiconv
            # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
            # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
            pkgsBuildHost.darwin.apple_sdk.frameworks.Security
            ])
        ++ scope.main.buildInputs
        ++ scope.main.propagatedBuildInputs
        ++ scope.main.nativeBuildInputs;
--- a/nix/pkgs/complement/config.toml
+++ b/nix/pkgs/complement/config.toml
@ -17,19 +17,32 @@ ip_range_denylist = []
 url_preview_domain_contains_allowlist = ["*"]
 url_preview_domain_explicit_denylist = ["*"]
 media_compat_file_link = false
-media_startup_check = false
+media_startup_check = true
-prune_missing_media = false
+prune_missing_media = true
 log_colors = false
 admin_room_notices = false
 allow_check_for_updates = false
-allow_unstable_room_versions = true
+intentionally_unknown_config_option_for_testing = true
 rocksdb_log_level = "debug"
 rocksdb_max_log_files = 1
 rocksdb_recovery_mode = 0
 rocksdb_paranoid_file_checks = true
 log_guest_registrations = false
 allow_legacy_media = true
-startup_netburst = false
+startup_netburst = true
 startup_netburst_keep = -1
 # valgrind makes things so slow
 dns_timeout = 60
 dns_attempts = 20
 request_conn_timeout = 60
 request_timeout = 120
 well_known_conn_timeout = 60
 well_known_timeout = 60
 federation_idle_timeout = 300
 sender_timeout = 300
 sender_idle_timeout = 300
 sender_retry_backoff_limit = 300
 [global.tls]
 certs = "/certificate.crt"
--- a/nix/pkgs/complement/default.nix
+++ b/nix/pkgs/complement/default.nix
@ -18,18 +18,12 @@ let
    all_features = true;
    disable_release_max_log_level = true;
    disable_features = [
        # no reason to use jemalloc for complement, just has compatibility/build issues
        "jemalloc"
        "jemalloc_stats"
        "jemalloc_prof"
        # console/CLI stuff isn't used or relevant for complement
        "console"
        "tokio_console"
        # sentry telemetry isn't useful for complement, disabled by default anyways
        "sentry_telemetry"
        "perf_measurements"
        # the containers don't use or need systemd signal support
        "systemd"
        # this is non-functional on nix for some reason
        "hardened_malloc"
        # dont include experimental features
--- a/nix/pkgs/main/default.nix
+++ b/nix/pkgs/main/default.nix
@ -82,7 +82,7 @@ rust-jemalloc-sys' = (rust-jemalloc-sys.override {
 buildDepsOnlyEnv =
  let
    rocksdb' = (rocksdb.override {
-      jemalloc = rust-jemalloc-sys';
+      jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
      # rocksdb fails to build with prefixed jemalloc, which is required on
      # darwin due to [1]. In this case, fall back to building rocksdb with
      # libc malloc. This should not cause conflicts, because all of the
@ -103,6 +103,12 @@ buildDepsOnlyEnv =
      ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
      )
      ++ old.cmakeFlags;
      # outputs has "tools" which we dont need or use
      outputs = [ "out" ];
      # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
      preInstall = "";
    });
  in
  {
@ -156,6 +162,19 @@ commonAttrs = {
      ];
    };
    # This is redundant with CI
    doCheck = false;
    cargoTestCommand = "cargo test --locked ";
    cargoExtraArgs = "--no-default-features --locked "
      + lib.optionalString
        (features'' != [])
        "--features " + (builtins.concatStringsSep "," features'');
    cargoTestExtraArgs = "--no-default-features --locked "
      + lib.optionalString
        (features'' != [])
        "--features " + (builtins.concatStringsSep "," features'');
    dontStrip = profile == "dev" || profile == "test";
    dontPatchELF = profile == "dev" || profile == "test";
@ -181,27 +200,7 @@ commonAttrs = {
      # differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious
      # rebuilds of bindgen and its depedents.
      jq
-
+  ];
      # needed so we can get rid of gcc and other unused deps that bloat OCI images
      removeReferencesTo
  ]
  # needed to build Rust applications on macOS
  ++ lib.optionals stdenv.hostPlatform.isDarwin [
      # https://github.com/NixOS/nixpkgs/issues/206242
      # ld: library not found for -liconv
      libiconv
      # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
      # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
      pkgsBuildHost.darwin.apple_sdk.frameworks.Security
    ];
    # for some reason gcc and other weird deps are added to OCI images and bloats it up
    #
    # <https://github.com/input-output-hk/haskell.nix/issues/829>
    postInstall = with pkgsBuildHost; ''
        find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${llvm} -t ${rustc.unwrapped} -t ${rustc} '{}' +
    '';
 };
 in
@ -210,15 +209,18 @@ craneLib.buildPackage ( commonAttrs // {
    env = buildDepsOnlyEnv;
  });
-  cargoExtraArgs = "--no-default-features "
+  # This is redundant with CI
  doCheck = false;
  cargoTestCommand = "cargo test --locked ";
  cargoExtraArgs = "--no-default-features --locked "
    + lib.optionalString
      (features'' != [])
      "--features " + (builtins.concatStringsSep "," features'');
  cargoTestExtraArgs = "--no-default-features --locked "
    + lib.optionalString
      (features'' != [])
      "--features " + (builtins.concatStringsSep "," features'');
  # This is redundant with CI
  cargoTestCommand = "";
  cargoCheckCommand = "";
  doCheck = false;
  env = buildPackageEnv;
--- a/src/router/serve/tls.rs
+++ b/src/router/serve/tls.rs
@ -17,14 +17,13 @@ pub(super) async fn serve(
 	addrs: Vec<SocketAddr>,
 ) -> Result {
 	let tls = &server.config.tls;
-	let certs = tls
+	let certs = tls.certs.as_ref().ok_or_else(|| {
-		.certs
+		err!(Config("tls.certs", "Missing required value in tls config section"))
-		.as_ref()
+	})?;
 		.ok_or(err!(Config("tls.certs", "Missing required value in tls config section")))?;
 	let key = tls
 		.key
 		.as_ref()
-		.ok_or(err!(Config("tls.key", "Missing required value in tls config section")))?;
+		.ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
 	// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
 	// without this, TLS mode will panic.