| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
postgresql: implement opt-in JIT support
|
|
Make sure that JIT is actually available when using
services.postgresql = {
enable = true;
enableJIT = true;
package = pkgs.postgresql_15;
};
The current behavior is counter-intuitive because the docs state that
`enableJIT = true;` is sufficient even though it wasn't in that case
because the declared package doesn't have the LLVM dependency.
Fixed by using `package.withJIT` if `enableJIT = true;` and
`package.jitSupport` is `false`.
Also updated the postgresql-jit test to test for that case.
|
|
|
|
This is useful if your postgresql version is dependant on
`system.stateVersion` and not pinned down manually. Then it's not
necessary to find out which version exactly is in use and define
`package` manually, but just stay with what NixOS provides as default:
$ nix-instantiate -A postgresql
/nix/store/82fzmb77mz2b787dgj7mn4a8i4f6l6sn-postgresql-14.7.drv
$ nix-instantiate -A postgresql_jit
/nix/store/qsjkb72fcrrfpsszrwbsi9q9wgp39m50-postgresql-14.7.drv
$ nix-instantiate -A postgresql.withJIT
/nix/store/qsjkb72fcrrfpsszrwbsi9q9wgp39m50-postgresql-14.7.drv
$ nix-instantiate -A postgresql.withJIT.withoutJIT
/nix/store/82fzmb77mz2b787dgj7mn4a8i4f6l6sn-postgresql-14.7.drv
I.e. you can use postgresql with JIT (for complex queries only[1]) like
this:
services.postgresql = {
enable = true;
enableJIT = true;
};
Performing a new override instead of re-using the `_jit`-variants for
that has the nice property that overlays for the original package apply
to the JIT-enabled variant, i.e.
with import ./. {
overlays = [
(self: super: {
postgresql = super.postgresql.overrideAttrs (_: { fnord = "snens"; });
})
];
};
postgresql.withJIT.fnord
still gives the string `snens` whereas `postgresql_jit` doesn't have the
attribute `fnord` in its derivation.
[1] https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-JIT-ABOVE-COST
|
|
Closes #150801
Note: I decided against resuming directly on #150801 because the
conflict was too big (and resolving it seemed too error-prone to me).
Also the `this`-refactoring could be done in an easier manner, i.e. by
exposing JIT attributes with the correct configuration. More on that
below.
This patch creates variants of the `postgresql*`-packages with JIT[1]
support. Please note that a lot of the work was derived from previous
patches filed by other contributors, namely dasJ, andir and abbradar,
hence the co-authored-by tags below.
Effectively, the following things have changed:
* For JIT variants an LLVM-backed stdenv with clang is now used as
suggested by dasJ[2]. We need LLVM and CLang[3] anyways to build the
JIT-part, so no need to mix this up with GCC's stdenv. Also, using the
`dev`-output of LLVM and clang's stdenv for building (and adding llvm
libs as build-inputs) seems more cross friendly to me (which will
become useful when cross-building for JIT-variants will actually be
supported).
* Plugins inherit the build flags from the Makefiles in
`$out/lib/pgxs/src` (e.g. `-Werror=unguarded-availability-new`). Since
some of the flags are clang-specific (and stem from the use of the
CLang stdenv) and don't work on gcc, the stdenv of `pkgs.postgresql`
is passed to the plugins. I.e., plugins for non-JIT variants are built
with a gcc stdenv on Linux and plugins for JIT variants with a clang
stdenv.
Since `plv8` hard-codes `gcc` as `$CC` in its Makefile[4], I marked it
as broken for JIT-variants of postgresql only.
* Added a test-matrix to confirm that JIT works fine on each
`pkgs.postgresql_*_jit` (thanks Andi for the original test in
#124804!).
* For each postgresql version, a new attribute
`postgresql_<version>_jit` (and a corresponding
`postgresqlPackages<version>JitPackages`) are now exposed for better
discoverability and prebuilt artifacts in the binary cache.
* In #150801 the `this`-argument was replaced by an internal recursion.
I decided against this approach because it'd blow up the diff even
more which makes the readability way harder and also harder to revert
this if necessary.
Instead, it is made sure that `this` always points to the correct
variant of `postgresql` and re-using that in an additional
`.override {}`-expression is trivial because the JIT-variant is
exposed in `all-packages.nix`.
* I think the changes are sufficiently big to actually add myself as
maintainer here.
* Added `libxcrypt` to `buildInputs` for versions <v13. While
building things with an LLVM stdenv, these versions complained that
the extern `crypt()` symbol can't be found. Not sure what this is
exactly about, but since we want to switch to libxcrypt for `crypt()`
usage anyways[5] I decided to add it. For >=13 it's not relevant
anymore anyways[6].
* JIT support doesn't work with cross-compilation. It is attempted to
build LLVM-bytecode (`%.bc` is the corresponding `make(1)`-rule) for
each sub-directory in `backend/` for the JIT apparently, but with a
$(CLANG) that can produce binaries for the build, not the host-platform.
I managed to get a cross-build with JIT support working with
`depsBuildBuild = [ llvmPackages.clang ] ++ buildInputs`, but
considering that the resulting LLVM IR isn't platform-independent this
doesn't give you much. In fact, I tried to test the result in a VM-test,
but as soon as JIT was used to optimize a query, postgres would
coredump with `Illegal instruction`.
A common concern of the original approach - with llvm as build input -
was the massive increase of closure size. With the new approach of using
the LLVM stdenv directly and patching out references to the clang drv in
`$out` the effective closure size changes are:
$ nix path-info -Sh $(nix-build -A postgresql_14)
/nix/store/kssxxqycwa3c7kmwmykwxqvspxxa6r1w-postgresql-14.7 306.4M
$ nix path-info -Sh $(nix-build -A postgresql_14_jit)
/nix/store/xc7qmgqrn4h5yr4vmdwy56gs4bmja9ym-postgresql-14.7 689.2M
Most of the increase in closure-size stems from the `lib`-output of
LLVM
$ nix path-info -Sh /nix/store/5r97sbs5j6mw7qnbg8nhnq1gad9973ap-llvm-11.1.0-lib
/nix/store/5r97sbs5j6mw7qnbg8nhnq1gad9973ap-llvm-11.1.0-lib 349.8M
which is why this shouldn't be enabled by default.
While this is quite much because of LLVM, it's still a massive
improvement over the simple approach of adding llvm/clang as
build-inputs and building with `--with-llvm`:
$ nix path-info -Sh $(nix-build -E '
with import ./. {};
postgresql.overrideAttrs ({ configureFlags ? [], buildInputs ? [], ... }: {
configureFlags = configureFlags ++ [ "--with-llvm" ];
buildInputs = buildInputs ++ [ llvm clang ];
})' -j0)
/nix/store/i3bd2r21c6c3428xb4gavjnplfqxn27p-postgresql-14.7 1.6G
Co-authored-by: Andreas Rammhold <andreas@rammhold.de>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
[1] https://www.postgresql.org/docs/current/jit-reason.html
[2] https://github.com/NixOS/nixpkgs/pull/124804#issuecomment-864616931
& https://github.com/NixOS/nixpkgs/pull/150801#issuecomment-1467868321
[3] This fails with the following error otherwise:
```
configure: error: clang not found, but required when compiling --with-llvm, specify with CLANG=
```
[4] https://github.com/plv8/plv8/blob/v3.1.5/Makefile#L14
[5] https://github.com/NixOS/nixpkgs/pull/181764
[6] https://github.com/postgres/postgres/commit/c45643d618e35ec2fe91438df15abd4f3c0d85ca
|
|
bind: remove hard-coded `allow-query` config setting
|
|
vaultwarden: 1.27.0 -> 1.28.0
|
|
|
|
The motivation is to make overriding `services.xserver.xkbDir` easier.
|
|
Diff: https://github.com/dani-garcia/vaultwarden/compare/1.27.0..1.28.0
Changelog: https://github.com/dani-garcia/vaultwarden/releases/tag/1.28.0
|
|
steam: add extraEnv argument
|
|
protonmail-bridge: 3.0.18 -> 3.0.21
|
|
`bridge` is used by iproute2, so using this name for protonmail-bridge
made it very likely to produce a name "conflict".
Also `bridge` is used in the Makefile by upstream project Makefile but
it apparently is renamed later on when packaged in rpm/deb so even for
coherence purposes it does make sense to revert it back to the name
`protonmail-bridge` that were previously being used.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
|
|
Fixes #223458
Fixes #223331
|
|
linuxPackages.nvidia_x11: 525.89.02 -> 530.41.03
|
|
garage: fix missing stateVersion and default pkg
|
|
* stateVersion was not in scope, added config.system.systemVersion
* garage_0_8_0 -> garage_0_8, the former does not exist
|
|
libnitrokey: init at 3.8
|
|
authelia: move module under security and minor fixes
|
|
zfsUnstable: make it compatible again with 6.2.8 and potentially 6.3
|
|
nixos/mattermost: add secretFile option for declarative configs (again)
|
|
This adds an option `services.mattermost.environmentFile`, intended to be
useful especially when `services.mattermost.mutableConfig` is set to `false`.
Since all mattermost configuration options can also be set by environment
variables, this allows managing secret configuration values in a declarative
manner without placing them in the nix store.
|
|
|
|
kubo: 0.18.1 -> 0.19.0
|
|
qtile: add more options to NixOS module and expose unwrapped package
|
|
Fixed test access to lib
Added nixos test to passthru
|
|
nixos/synapse: fix path
|
|
|
|
|
|
Fixes: 22f3d4e4dbc415c880dabca13fcc11d45e8d53ab ("nixos: move matrix services into their category")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Before, setting {option}`programs.steam.package` would result in a steam without
the {option}`hardware.opengl.package`, {option}`hardware.opengl.extraPackages`
etc. You had to manually add them yourself.
Additionally, overlaying `steam = prev.steam.override { extraLibraries = [ ... ]; }`
resulted in those extra libraries not actually being put into the fhsenv because
they'd be fully overridden by the option's default.
Now, the user can supply a custom steam to {option}`programs.steam.package` with
its own list of extraLibraries which will not be overridden and overlays work as
expected too.
|
|
nixos/nextcloud: set X-Robots-Tag to "noindex, nofollow"
|
|
|
|
nixos/gdk-pixbuf: move GDK_PIXBUF_MODULE_FILE to sessionVariables
|
|
nixos/opengl: fix wrong function application
|
|
No idea how that one slipped through. Thanks for catching @maxeaubrey!
|
|
|
|
mesa_23: init at 23.0.1
|
|
Upstream did so in https://github.com/nextcloud/server/pull/36689 and
Nextcloud now complains that
The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow".
This is a potential security or privacy risk, as it is recommended
to adjust this setting accordingly.
|
|
|
|
|
|
This allows us to bump the mesa attribute (used by many packages, see
https://github.com/NixOS/nixpkgs/issues/218232) independently from the packages
used by NixOS users.
|
|
|
|
- set service type to notify
- allow unix socket which is needed by systemd notify
|
