{ inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; }; outputs = { nixpkgs, ... }: let supportedSystems = [ "aarch64-darwin" "aarch64-linux" "x86_64-darwin" "x86_64-linux" ]; forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems ( system: let pkgs = import nixpkgs { inherit system; }; in f { inherit pkgs; } ); in { devShells = forEachSupportedSystem ( { pkgs, ... }: let inherit (pkgs) lib; # only bump toolchain versions here go = pkgs.go_1_26; nodejs = pkgs.nodejs_24; python3 = pkgs.python314; pnpm = pkgs.pnpm_10; commonPackages = with pkgs; [ # generic git git-lfs gnumake gnused gnutar gzip zip # frontend nodejs pnpm cairo pixman pkg-config # linting python3 uv # backend go gofumpt sqlite golangci-lint govulncheck tea ]; commonEnv = { GO = "${go}/bin/go"; GOROOT = "${go}/share/go"; TAGS = ""; }; in { # production build shell: cgo links statically against glibc.static default = pkgs.mkShell { packages = commonPackages ++ lib.optionals pkgs.stdenv.isLinux [ pkgs.glibc.static ]; env = commonEnv // { STATIC = "true"; } // lib.optionalAttrs pkgs.stdenv.isLinux { CFLAGS = "-I${pkgs.glibc.static.dev}/include"; LDFLAGS = "-L ${pkgs.glibc.static}/lib"; }; }; # test/dev shell: no static glibc — avoids cgo NSS segfaults in `go test` test = pkgs.mkShell { packages = commonPackages; env = commonEnv; }; } ); }; }