Use pkgsStatic instead of pkgsCross.musl64 for static builds

pkgsStatic explicitly sets isStatic=true, which means packages
like postgresql automatically disable optional features (jit,
perl, python, tcl) that are guarded by !isStatic. This removes
the need for 4 explicit override flags.

pkgsStatic also handles both x86_64 and aarch64 automatically
(via makeMuslParsedPlatform), simplifying the static-pkgs
definition.

Author: angerman

flake.nix

@@ -56,69 +56,42 @@
           cddl = final.callPackage ./pkgs/cddl { };
          });
 
+         # Fixes for static (musl) builds. pkgsStatic sets isStatic=true,
+         # so most optional features (jit, perl, python, tcl) already
+         # default to false. Only cross-compilation quirks remain.
          musl = (final: prev: prev.lib.optionalAttrs prev.stdenv.hostPlatform.isMusl {
-           # We don't need a ruby static build. We're only interested in producing static
-           # outputs, not necessarily build tools.
+           # Use build-platform ruby instead of building a static one.
            ruby = prev.pkgsBuildBuild.ruby;
 
-           # OpenSSL 3.6.0 test 82-test_ocsp_cert_chain.t fails in the nix sandbox
-           # because the OCSP stapling test requires network/timing conditions that
-           # aren't reliably available during cross-compilation builds. Only 1 of 3888
-           # tests fails, and it's unrelated to the actual crypto functionality.
+           # OpenSSL OCSP stapling test is flaky in the nix sandbox.
            openssl = prev.openssl.overrideAttrs (old: {
              preCheck = (old.preCheck or "") + ''
                rm -f test/recipes/82-test_ocsp_cert_chain.t
              '';
            });
 
-           # PostgreSQL fixes for musl cross-compilation:
-           #
-           # nixpkgs-2511 postgresql/generic.nix has multiple issues with
-           # musl64 because pkgsCross.musl64 doesn't set isStatic=true:
-           #
-           # 1. jitSupport defaults true → pulls in LLVM build inputs.
-           # 2. perlSupport defaults true → musl perl lacks shared libperl.
-           # 3. pythonSupport/tclSupport default true → adds plpython3/pltcl
-           #    outputs. These are unnecessary for musl cross-builds and
-           #    each extra output widens the nix-copy window, exacerbating
-           #    the min-free GC race on darwin builders.
-           # 4. generic.nix switches to LLVM stdenv+bintools for LTO when
-           #    GCC is used. Cross-compiled LLVM 20 OOMs on darwin builders.
-           #    We override llvmPackages_20 to prevent the switch (avoids
-           #    LLVM dependency), then explicitly disable LTO with -fno-lto
-           #    since GCC LTO + GNU ld is broken for postgresql (.ltrans
-           #    link failures). Can't use hardeningDisable=["lto"] because
-           #    "lto" is not a recognized hardening flag on musl cross.
-           # 5. outputChecks unconditionally reference llvmPackages.llvm.
+           # PostgreSQL cross-compilation fixes:
+           # - generic.nix switches to LLVM stdenv for LTO when GCC is
+           #   used. Cross-compiled LLVM 20 OOMs on darwin builders.
+           #   Override llvmPackages_20 to prevent the switch.
+           # - GCC LTO + GNU ld produces .ltrans link failures; disable.
+           # - outputChecks unconditionally reference llvmPackages.llvm.
+           # - disallowedReferences fails for cross (cc refs in .pc/.la).
+           # - Multi-output reference cycles (dev↔out, lib↔out) must be
+           #   broken or Nix refuses to register the outputs.
            postgresql = (prev.postgresql.override {
-             jitSupport = false;
-             perlSupport = false;
-             pythonSupport = false;
-             tclSupport = false;
-             # Prevent the LTO stdenv switch: provide normal GCC-based
-             # musl stdenv as llvmPackages_20, making the switch a no-op.
              llvmPackages_20 = prev.llvmPackages_20 // {
                inherit (prev) stdenv;
                bintools = prev.stdenv.cc.bintools;
              };
            }).overrideAttrs (old: {
-             # Explicitly disable LTO since we're using GCC + GNU ld
-             # (not the LLVM bintools the stdenv switch would provide).
              env = (old.env or {}) // {
                NIX_CFLAGS_COMPILE = (old.env.NIX_CFLAGS_COMPILE or "") + " -fno-lto";
              };
              doCheck = false;
              outputChecks = {};
              separateDebugInfo = false;
              disallowedReferences = [];
-             # Break multi-output reference cycles. Nix refuses to register
-             # outputs that form cycles. The cycles are:
-             #   dev ↔ out: dev has .pc files referencing out; out has
-             #              baked-in dev paths from configure
-             #   lib ↔ out: lib has embedded out paths (share/locale refs
-             #              in libpq); out links against lib
-             # Fix: strip dev refs from out+lib, strip out refs from lib.
-             # out→lib is the only legitimate runtime dependency.
              postFixup = (old.postFixup or "") + ''
                find "$out" -name '*.la' -delete
                find "$out" -type f -exec remove-references-to -t "$dev" {} +
@@ -150,9 +123,7 @@
            # nix develop github:input-output-hk/devx#ghc96 --no-write-lock-file -c cabal build
            #
            static-pkgs = if pkgs.stdenv.hostPlatform.isLinux
-                         then if pkgs.stdenv.hostPlatform.isAarch64
-                              then pkgs.pkgsCross.aarch64-multiplatform-musl
-                              else pkgs.pkgsCross.musl64
+                         then pkgs.pkgsStatic
                          else pkgs;
            js-pkgs = pkgs.pkgsCross.ghcjs;
            windows-pkgs = pkgs.pkgsCross.mingwW64;