From 6ee5ae4d6888c1e2e57201d304aaba0cbfaee6ec Mon Sep 17 00:00:00 2001
From: "m.huber" <m.huber@kithara.com>
Date: Wed, 23 Jul 2025 15:39:10 +0200
Subject: [PATCH 1/6] nix flake build static with sqlite support

---
 Makefile  |  2 +-
 flake.nix | 56 +++++++++++++++++++++++++++++++------------------------
 2 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/Makefile b/Makefile
index 08ff938972d59..de55a471d9f3a 100644
--- a/Makefile
+++ b/Makefile
@@ -746,7 +746,7 @@ security-check:
 	go run $(GOVULNCHECK_PACKAGE) -show color ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+	CGO_ENABLED=1 CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w -extldflags "-static" $(LDFLAGS)' -o $@
 
 .PHONY: release
 release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-check
diff --git a/flake.nix b/flake.nix
index e3375b82b35d5..0629ac7fd9bde 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,33 +11,41 @@
         pkgs = nixpkgs.legacyPackages.${system};
       in
       {
-        devShells.default = pkgs.mkShell {
-          buildInputs = with pkgs; [
-            # generic
-            git
-            git-lfs
-            gnumake
-            gnused
-            gnutar
-            gzip
+        devShells.default =
+          with pkgs;
+          let
+            go = go_1_24;
+          in
+          pkgs.mkShell {
+            buildInputs = [
+              # generic
+              git
+              git-lfs
+              gnumake
+              gnused
+              gnutar
+              gzip
 
-            # frontend
-            nodejs_22
+              # frontend
+              nodejs_22
 
-            # linting
-            python312
-            uv
+              # linting
+              python312
+              uv
 
-            # backend
-            go_1_24
-            gofumpt
-            sqlite
-          ];
-          shellHook = ''
-            export GO="${pkgs.go_1_24}/bin/go"
-            export GOROOT="${pkgs.go_1_24}/share/go"
-          '';
-        };
+              # backend
+              go
+              glibc.static
+              gofumpt
+              sqlite
+            ];
+            CFLAGS = "-I${glibc.static.dev}/include";
+            LDFLAGS = "-L ${glibc.static}/lib";
+            GO = "${go}/bin/go";
+            GOROOT = "${go}/share/go";
+
+            TAGS = "sqlite sqlite_unlock_notify";
+          };
       }
     );
 }

From d5485c42d4f274ff1c4da035b02227f042f7e791 Mon Sep 17 00:00:00 2001
From: "m.huber" <m.huber@kithara.com>
Date: Wed, 23 Jul 2025 16:08:40 +0200
Subject: [PATCH 2/6] toolchains to bump reguarry

---
 flake.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index 0629ac7fd9bde..0777bc88e68fe 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,10 @@
         devShells.default =
           with pkgs;
           let
+            # only bump toolchain versions here
             go = go_1_24;
+            nodejs = nodejs_24;
+            python3 = python312;
           in
           pkgs.mkShell {
             buildInputs = [
@@ -27,10 +30,10 @@
               gzip
 
               # frontend
-              nodejs_22
+              nodejs
 
               # linting
-              python312
+              python3
               uv
 
               # backend

From f70025b43419c7267f4e71af005de4e40b229190 Mon Sep 17 00:00:00 2001
From: "m.huber" <m.huber@kithara.com>
Date: Thu, 24 Jul 2025 16:22:42 +0200
Subject: [PATCH 3/6] make statik build config via env var

---
 Makefile  | 13 ++++++++++++-
 flake.nix |  1 +
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index de55a471d9f3a..9339b5b7138a9 100644
--- a/Makefile
+++ b/Makefile
@@ -48,6 +48,17 @@ ifeq ($(HAS_GO), yes)
 	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
 endif
 
+CGO_ENABLED ?= 0
+ifneq (,$(findstring sqlite,$(TAGS)))
+	CGO_ENABLED = 1
+endif
+
+STATIC ?=
+EXTLDFLAGS ?=
+ifneq ($(STATIC),)
+	EXTLDFLAGS = -extldflags "-static"
+endif
+
 ifeq ($(GOOS),windows)
 	IS_WINDOWS := yes
 else ifeq ($(patsubst Windows%,Windows,$(OS)),Windows)
@@ -746,7 +757,7 @@ security-check:
 	go run $(GOVULNCHECK_PACKAGE) -show color ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_ENABLED=1 CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w -extldflags "-static" $(LDFLAGS)' -o $@
+	CGO_ENABLED="$(CGO_ENABLED)" CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(EXTLDFLAGS) $(LDFLAGS)' -o $@
 
 .PHONY: release
 release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-check
diff --git a/flake.nix b/flake.nix
index 0777bc88e68fe..13aa5008e6e86 100644
--- a/flake.nix
+++ b/flake.nix
@@ -48,6 +48,7 @@
             GOROOT = "${go}/share/go";
 
             TAGS = "sqlite sqlite_unlock_notify";
+            STATIC = "true";
           };
       }
     );

From 508c63cfc314f1c13450b5f0292d0d8117326703 Mon Sep 17 00:00:00 2001
From: "m.huber" <m.huber@kithara.com>
Date: Thu, 24 Jul 2025 17:35:58 +0200
Subject: [PATCH 4/6] pam

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 9339b5b7138a9..be86f07573019 100644
--- a/Makefile
+++ b/Makefile
@@ -49,7 +49,7 @@ ifeq ($(HAS_GO), yes)
 endif
 
 CGO_ENABLED ?= 0
-ifneq (,$(findstring sqlite,$(TAGS)))
+ifneq (,$(findstring sqlite,$(TAGS))$(findstring pam,$(TAGS)))
 	CGO_ENABLED = 1
 endif
 

From 8f1946ac13337d5c80e868f678e43f8db8363679 Mon Sep 17 00:00:00 2001
From: "m.huber" <m.huber@kithara.com>
Date: Thu, 24 Jul 2025 17:41:43 +0200
Subject: [PATCH 5/6] pam err

---
 Makefile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Makefile b/Makefile
index be86f07573019..2169d26b186d8 100644
--- a/Makefile
+++ b/Makefile
@@ -757,6 +757,11 @@ security-check:
 	go run $(GOVULNCHECK_PACKAGE) -show color ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
+ifneq ($(STATIC),)
+ifneq (,$(findstring pam,$(TAGS)))
+	$(error pam support set via TAGS dont support static builds)
+endif
+endif
 	CGO_ENABLED="$(CGO_ENABLED)" CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(EXTLDFLAGS) $(LDFLAGS)' -o $@
 
 .PHONY: release

From 7e34c7005914dcd722abe65fa473330823a35ef6 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Wed, 6 Aug 2025 17:44:58 +0200
Subject: [PATCH 6/6] combine

---
 Makefile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index d026037c1e6c0..53671e9927683 100644
--- a/Makefile
+++ b/Makefile
@@ -757,10 +757,8 @@ security-check:
 	go run $(GOVULNCHECK_PACKAGE) -show color ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
-ifneq ($(STATIC),)
-ifneq (,$(findstring pam,$(TAGS)))
-	$(error pam support set via TAGS dont support static builds)
-endif
+ifneq ($(and $(STATIC),$(findstring pam,$(TAGS))),)
+  $(error pam support set via TAGS doesn't support static builds)
 endif
 	CGO_ENABLED="$(CGO_ENABLED)" CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(EXTLDFLAGS) $(LDFLAGS)' -o $@