Initial import

.gitignore

@@ -0,0 +1,7 @@
+# Hidden files
+.*
+!.git*
+
+# Nix
+/result
+/result-*

clang.nix

@@ -0,0 +1 @@
+

extendEnv.nix

@@ -0,0 +1,6 @@
+{ lib, addAttrsToDerivation }: let
+  inherit (lib) toList filterAttrs mapAttrs;
+in env: addAttrsToDerivation (prevAttrs: {
+  env = prevAttrs.env or { }
+    // (filterAttrs (n: v: !prevAttrs ? ${n}) env |> mapAttrs (n: v: toList prevAttrs.env.${n} or [ ] ++ v |> toString));
+} // (filterAttrs (n: v: prevAttrs ? ${n}) env |> mapAttrs (n: v: toList prevAttrs.${n} ++ v)))

flake.lock

@@ -0,0 +1,114 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flakey-profile": {
+      "locked": {
+        "lastModified": 1712898590,
+        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "type": "github"
+      }
+    },
+    "lix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1732806742,
+        "narHash": "sha256-2RNOVB3UIIxxjiFKrEqSgnSoHK+olbw2o5g/63dDjJ8=",
+        "rev": "f5754dc90ae9b1207656d0e29ad2704d3ef1e554",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f5754dc90ae9b1207656d0e29ad2704d3ef1e554.tar.gz?rev=f5754dc90ae9b1207656d0e29ad2704d3ef1e554"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
+      }
+    },
+    "lix-module": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "flakey-profile": "flakey-profile",
+        "lix": [
+          "lix"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1732603698,
+        "narHash": "sha256-Jw2MhzgCCrKV2MJytehG0cCLIAosBX71p8qmQ6XQlR4=",
+        "rev": "15b999f9c958c475f71fb8c543b9fc2f36ae8730",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/15b999f9c958c475f71fb8c543b9fc2f36ae8730.tar.gz?rev=15b999f9c958c475f71fb8c543b9fc2f36ae8730"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1732617236,
+        "narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "lix": "lix",
+        "lix-module": "lix-module",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,79 @@
+{
+  description = "I do not have to explain myself";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+
+    lix = {
+      url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
+      flake = false;
+    };
+
+    lix-module = {
+      url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.lix.follows = "lix";
+    };
+  };
+
+  outputs = { self, nixpkgs, lix-module, ... }: let
+    inherit (nixpkgs) lib;
+  in {
+    inherit lib;
+
+    overlays.default = lib.composeExtensions
+      lix-module.overlays.default
+      (import ./overlay.nix);
+
+    nixosModules.default = import ./module.nix;
+
+    legacyPackages = lib.genAttrs [ "riscv64-linux" "aarch64-linux" "x86_64-linux" ] (system: import nixpkgs {
+      localSystem = {
+        inherit system;
+
+        gcc.arch = {
+          riscv64-linux = "rv64gc";
+          aarch64-linux = "armv8.2-a+fp16+rcpc+dotprod";
+          x86_64-linux = "x86-64-v3";
+        }.${system};
+      };
+
+      overlays = [ self.overlays.default ];
+      config = let
+        extendEnv = import ./extendEnv.nix;
+        env = {
+          NIX_CFLAGS_COMPILE = [ "-pipe" ];
+          NIX_LDFLAGS_BEFORE = [ "-O2" "--hash-style=gnu" ];
+          NIX_RUSTFLAGS = [ "-C" "codegen-units=1" "-C" "opt-level=2" ];
+        };
+      in {
+        allowUnfree = true;
+        replaceStdenv = { pkgs }:
+          extendEnv { inherit (pkgs) lib addAttrsToDerivation; } env pkgs.stdenv;
+        replaceCrossStdenv = { buildPackages, baseStdenv }:
+          extendEnv { inherit (buildPackages) lib addAttrsToDerivation; } env baseStdenv;
+      };
+    });
+
+    hydraJobs = {
+      nixos = self.legacyPackages |> lib.mapAttrs (system: pkgs: let
+        nixos = lib.nixosSystem {
+          modules = [
+            self.nixosModules.default {
+              system.stateVersion = "25.05";
+              nixpkgs = { inherit (pkgs) hostPlatform overlays config; };
+              boot = {
+                kernel.enable = false;
+                initrd.enable = false;
+                loader.grub.enable = false;
+              };
+            }
+          ];
+        };
+      in lib.hydraJob nixos.config.system.build.toplevel);
+    } // (lib.genAttrs (import ./packages.nix) (name: lib.mapAttrs (system: pkgs: pkgs.${name}) self.legacyPackages
+      |> lib.filterAttrs (system: pkg: pkg.meta.hydraPlatforms or pkg.meta.platforms or [ ]
+        |> lib.any (lib.meta.platformMatch self.legacyPackages.${system}.hostPlatform))
+      |> lib.mapAttrs (system: pkg: lib.hydraJob pkg)));
+  };
+}

libflame.nix

@@ -0,0 +1,7 @@
+{ lib, stdenv, fetchfromGitHub }:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "libflame";
+  version = "5.2.0";
+  
+})

module.nix

@@ -0,0 +1,10 @@
+{ lib, config, pkgs, ... }: {
+  environment.memoryAllocator.provider = lib.mkForce "mimalloc";
+
+  networking = {
+    nftables.enable = lib.mkDefault true;
+    useNetworkd = lib.mkDefault true;
+  };
+
+  services.dbus.implementation = lib.mkDefault "broker";
+}

overlay.nix

@@ -0,0 +1,361 @@
+final: prev: let
+  inherit (prev) lib stdenv;
+  inherit (stdenv) buildPlatform hostPlatform;
+  inherit (lib) toList optionals;
+
+  fetchFromGitHub = let
+    fetchzip = final.buildPackages.fetchzip.override { withUnzip = false; };
+  in lib.makeOverridable ({ owner, repo, rev, hash, ... }: fetchzip {
+    url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz";
+    inherit hash;
+  });
+in {
+  # stdenv
+  extendEnv = final.callPackage ./extendEnv.nix { };
+
+  clangStdenv = let
+    inherit (final) overrideCC llvmPackages;
+    stdenv = overrideCC prev.stdenv (llvmPackages.clangUseLLVM.override {
+      inherit (llvmPackages) bintools;
+    });
+  in final.extendEnv {
+    NIX_CFLAGS_COMPILE_BEFORE = [ "-flto" "-ffp-contract=fast-honor-pragmas" ];
+    NIX_LDFLAGS_BEFORE = [ "--icf=safe" "--lto-O2" ];
+    NIX_RUSTFLAGS = [
+      "-C" "linker-plugin-lto"
+      "-C" "linker=${lib.getExe stdenv.cc}"
+    ];
+  } stdenv;
+
+  hardenedStdenv = final.extendEnv {
+    NIX_CFLAGS_COMPILE_BEFORE = [
+      "-ftrivial-auto-var-init=zero"
+      "-fsanitize-minimal-runtime"
+      "-fsanitize=bounds,object-size,vla-bound"
+    ];
+
+    NIX_LDFLAGS = [ "${lib.getLib final.mimalloc}/lib/mimalloc-secure.o" ];
+  } final.clangStdenv;
+
+  # memory allocation
+  mimalloc = (prev.mimalloc.overrideAttrs (prevAttrs: {
+    cmakeFlags = let
+      cppdefs = {
+        MI_DEFAULT_EAGER_COMMIT = 0;
+        MI_DEFAULT_ALLOW_LARGE_OS_PAGES = 1;
+      } |> lib.mapAttrsToList (name: value: "${name}=${toString value}")
+        |> lib.concatStringsSep ";";
+    in prevAttrs.cmakeFlags or [ ] ++ [ ''-DMI_EXTRA_CPPDEFS="${cppdefs}"'' ];
+  })).override {
+    secureBuild = true;
+
+    stdenv = final.clangStdenv;
+  };
+
+  # incompatible allocators
+  gperftools = null;
+  jemalloc = null;
+  rust-jemalloc-sys = null;
+
+  # package alternatives
+  nix = final.lix;
+  zlib = final.callPackage ./zlib.nix { };
+  minizip = final.minizip-ng;
+
+  blas = prev.blas.override { blasProvider = final.blis; };
+  blis = (prev.blis.overrideAttrs (prevAttrs: {
+    buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.llvmPackages.openmp ];
+
+    env = prevAttrs.env or { } // {
+      NIX_CFLAGS_COMPILE = toList prevAttrs.env.NIX_CFLAGS_COMPILE or [ ]
+        ++ optionals hostPlatform.isx86 [ "-fno-lto" ] |> toString;
+    };
+
+    meta = prevAttrs.meta or { } // { platforms = lib.platforms.all; };
+  })).override {
+    withArchitecture =
+      if hostPlatform.isRiscV then "rv64i"
+      else if hostPlatform.isAarch then "arm64"
+      else if hostPlatform.isx86 then "x86_64"
+      else "generic";
+
+    stdenv = final.clangStdenv;
+  };
+
+  # cURL
+  curl = prev.curl.override {    
+    gssSupport = false;
+    #http3Support = true;
+    scpSupport = false;
+    zstdSupport = true;
+
+    stdenv = final.clangStdenv;
+  };
+
+  # cURL HTTP3 dependencies
+  #ngtcp2 = prev.ngtcp2.override { inherit fetchFromGitHub; };
+  #nghttp3 = prev.nghttp3.override { inherit fetchFromGitHub; };
+
+  # scopes
+  gst_all_1 = prev.gst_all_1 // {
+    gst-plugins-base = prev.gst_all_1.gst-plugins-base.override {
+      enableAlsa = false;
+      enableX11 = false;
+    };
+ 
+    gst-plugins-good = prev.gst_all_1.gst-plugins-good.override {
+      enableJack = false;
+      enableX11 = false;
+ 
+      aalib = null;
+      libcaca = null;
+    }; 
+    gst-plugins-bad = prev.gst_all_1.gst-plugins-bad.override {
+      guiSupport = false;
+    };
+  };
+
+  rustPlatform = prev.rustPlatform // {
+    buildRustPackage = prev.rustPlatform.buildRustPackage.override {
+      stdenv = final.clangStdenv;
+    };
+  };
+
+  # individual packages
+  SDL2 = prev.SDL2.override {
+    alsaSupport = false;
+    x11Support = false;
+  };
+
+  beam = prev.beam_nox;
+  cairo = prev.cairo.override { x11Support = false; };
+
+  conduwuit = prev.conduwuit.override { enableJemalloc = false; };
+  dbus = prev.dbus.override { x11Support = false; };
+  dconf = prev.dconf.overrideAttrs { doCheck = false; };
+
+  electron = prev.electron.override {
+    stdenv = final.hardenedStdenv;
+
+    electron-unwrapped = prev.electron.unwrapped.overrideAttrs (prevAttrs: {
+      gnFlags = prevAttrs.gnFlags or "" + ''
+        # Disable X11
+        ozone_platform_x11 = false
+
+        # Disable internal memory allocator
+        use_partition_alloc_as_malloc = false
+        enable_backup_ref_ptr_support = false
+        enable_pointer_compression_support = false
+      '';
+    });
+  };
+
+  ffmpeg-headless = prev.ffmpeg-headless.override {
+    withAlsa = false;
+    withSsh = false;
+  };
+
+  ffmpeg = prev.ffmpeg.override {
+    withAlsa = false;
+    withCodec2 = true;
+    withSdl2 = false;
+    withSsh = false;
+  };
+
+  gd = prev.gd.override { withXorg = false; };
+
+  ghostscript = prev.ghostscript.override {
+    x11Support = false;
+    stdenv = final.hardenedStdenv;
+  };
+
+  gobject-introspection = prev.gobject-introspection.override { x11Support = false; };
+  graphviz = prev.graphviz-nox;
+
+  gtk3 = prev.gtk3.override {
+    x11Support = false;
+    xineramaSupport = false;
+
+    stdenv = final.clangStdenv;
+  };
+
+  gtk4 = prev.gtk4.override {
+    x11Support = false;
+    xineramaSupport = false;
+
+    stdenv = final.clangStdenv;
+  };
+
+  imlib2 = prev.imlib2.override { x11Support = false; };
+
+  jdk8 = prev.jdk8_headless;
+  jre8 = prev.jre8_headless;
+
+  libjpeg = final.libjpeg_turbo;
+  libjpeg_turbo = (prev.libjpeg_turbo.overrideAttrs (prevAttrs: {
+    postPatch = prevAttrs.postPatch or "" + ''
+      cat >>CMakeLists.txt <<EOF
+      set_tests_properties(djpeg12-shared-3x2-float-prog-cmp PROPERTIES DISABLED True)
+      EOF
+    '';
+
+    cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DFLOATTEST12=fp-contract" ];    
+  })).override { stdenv = final.clangStdenv; };
+
+  libpng = (prev.libpng.overrideAttrs (prevAttrs: {
+    postPatch = prevAttrs.postPatch or "" + ''
+
+      substituteInPlace tests/pngtest-all \
+        --replace-warn --strict --relaxed
+    '';
+  })).override { stdenv = final.clangStdenv; };
+
+  libpng-apng = final.libpng.override { apngSupport = true; };
+
+  lix = prev.lix.override { enableGC = true; };
+
+  lkl = prev.lkl.overrideAttrs (prevAttrs: {
+    env = prevAttrs.env or { } // {
+      NIX_CFLAGS_COMPILE = toList prevAttrs.env.NIX_CFLAGGS_COMPILE or [ ] ++ [ "--hash-style=both" ] |> toString;
+    };
+  });
+
+  mesa = (prev.mesa.overrideAttrs (prevAttrs: {
+    outputs = prevAttrs.outputs |> lib.remove "spirv2dxil";
+  })).override {
+    galliumDrivers = [
+      "llvmpipe"
+      "nouveau"
+      "radeonsi"
+      "virgl"
+      "zink"
+    ];
+
+    vulkanDrivers = [
+      "amd"
+      "intel"
+      "nouveau"
+      "swrast"
+      "virtio"
+    ];
+
+    stdenv = final.clangStdenv;
+  };
+
+  mpv = final.mpv-unwrapped.wrapper { mpv = final.mpv-unwrapped; };
+  mpv-unwrapped = prev.mpv-unwrapped.override {
+    alsaSupport = false;
+    cacaSupport = false;
+    openalSupport = false;
+    sdl2Support = false;
+    vdpauSupport = false;
+    x11Support = false;
+
+    stdenv = final.clangStdenv;
+  };
+
+  nodejs = prev.nodejs.overrideAttrs { doCheck = false; };
+  nodejs-slim = prev.nodejs-slim.overrideAttrs { doCheck = false; };
+  pango = prev.pango.override { x11Support = false; };
+
+  patchelf = prev.patchelf.overrideAttrs (prevAttrs: {
+    patches = prevAttrs.patches or [ ] ++ [ ./patches/patchelf-hash-optional.patch ];
+  });
+  
+  pipewire = prev.pipewire.override {
+    x11Support = false;
+    stdenv = final.clangStdenv;
+  };
+
+  postgresql = prev.postgresql.override { gssSupport = false; };
+
+  rocksdb = prev.rocksdb.overrideAttrs (prevAttrs: {
+    env = prevAttrs.env or { } // {
+      NIX_CFLAGS_COMPILE = toList prevAttrs.env.NIX_CFLAGS_COMPILE or [ ]
+        ++ optionals hostPlatform.sse4_2Support [ "-msse2" "-mpclmul" ] |> toString;
+    };
+  });
+
+  sqlite = prev.sqlite.overrideAttrs (prevAttrs: {
+    env = prevAttrs.env or { } // {
+      NIX_CFLAGS_COMPILE = lib.toList prevAttrs.env.NIX_CFLAGS_COMPILE or [ ] ++ [
+        "-DSQLITE_THREADSAFE=2"
+
+        # memory allocation
+        "-DSQLITE_DEFAULT_PAGE_SIZE=2097152"
+        "-DSQLITE_DEFAULT_CACHE_SIZE=-64"
+        "-DSQLITE_DEFAULT_PCACHE_INITSZ=1"
+        "-DSQLITE_MALLOC_SOFT_LIMIT=0"
+        "-DSQLITE_USE_ALLOCA"
+        #"-DSQLITE_DEFAULT_MEMSTATUS=0"
+
+        "-DSQLITE_OMIT_LOOKASIDE"
+        #"-DSQLITE_OMIT_SHARED_CACHE"
+
+        # I/O
+        "-DSQLITE_DEFAULT_MMAP_SIZE=281474976710656"
+        "-DSQLITE_MAX_MMAP_SIZE=281474976710656"
+        "-DSQLITE_DEFAULT_FILE_PERMISSIONS=0600"
+        "-DSQLITE_DEFAULT_WAL_SYNCHRONOUS=1"
+        "-DSQLITE_DEFAULT_WORKER_THREADS=4"
+        "-USQLITE_SECURE_DELETE"
+        "-DSQLITE_ENABLE_NULL_TRIM"
+      ] |> toString;
+    };
+  });
+
+  systemd = prev.systemd.override {
+    withApparmor = false;
+    withIptables = false;
+  };
+
+  umockdev = prev.umockdev.overrideAttrs { doCheck = false; };
+  uutils-coreutils = prev.uutils-coreutils.override { stdenv = final.clangStdenv; };
+
+  vim-full = prev.vim-full.override { guiSupport = false; };
+
+  w3m = prev.w3m.override {
+    x11Support = false;
+    imlib2 = final.imlib2;
+  };
+
+  wayland = prev.wayland.override {
+    withDocumentation = false;
+    stdenv = final.clangStdenv;
+  };
+
+  wireplumber = prev.wireplumber.override {
+    stdenv = final.clangStdenv;
+  };
+
+  xvfb-run = final.callPackage ./xvfb-run.nix {
+    cage = final.cage.override {
+      wlroots = final.wlroots.override { enableXWayland = false; };
+      xwayland = null;
+    };
+  };
+} // lib.optionalAttrs (!buildPlatform.isx86) {
+  # no shellcheck on RISC-V and ARM
+  writeShellApplication = { ... }@args: prev.writeShellApplication (args // {
+    checkPhase = args.checkPhase or ''
+      runHook preCheck
+      ${stdenv.shellDryRun} "$target"
+      runHook postCheck
+    '';
+  });
+
+  # Tests fail in QEMU
+  libuv = prev.libuv.overrideAttrs { doCheck = false; };
+
+  # no GHC support for RISC-V and ARM
+  pandoc = null;
+
+  # no pandoc on RISC-V and ARM
+  sudo-rs = prev.sudo-rs.overrideAttrs {
+    postInstall = "";
+  };
+} // lib.optionalAttrs (!hostPlatform.isx86) {
+  # JDK 17 is not available for RISC-V and ARM
+  jdk17 = final.jdk21_headless;
+  jdk17_headless = final.jdk21_headless;
+}

packages.nix

@@ -0,0 +1,49 @@
+[
+  "stdenv"
+
+  "akkoma"
+  "bat"
+  "blis"
+  "bottom"
+  "cargo"
+  "ceph"
+  "clang"
+  "cockroachdb"
+  "conduwuit"
+  "cryptsetup"
+  "curl"
+  "cyme"
+  "dbus-broker"
+  "electron"
+  "fd"
+  "ffmpeg"
+  "helix"
+  "jaq"
+  "kitty"
+  "libinput"
+  "lix"
+  "lld"
+  "mesa"
+  "mimalloc"
+  "mpv"
+  "nftables"
+  "niri"
+  "nushell"
+  "openssh"
+  "qemu-user"
+  "pipewire"
+  "postgresql"
+  "python3"
+  "ripgrep"
+  "rustc"
+  "sd"
+  "sioyek"
+  "sqlite"
+  "sudo-rs"
+  "systemd"
+  "uutils-coreutils"
+  "wayland"
+  "wireplumber"
+  "xh"
+  "zlib"
+]

patches/patchelf-hash-optional.patch

@@ -0,0 +1,18 @@
+diff --git a/src/patchelf.cc b/src/patchelf.cc
+index 35a5dc1..a133d2e 100644
+--- a/src/patchelf.cc
++++ b/src/patchelf.cc
+@@ -1201,9 +1201,10 @@ void ElfFile<ElfFileParamNames>::rewriteHeaders(Elf_Addr phdrAddress)
+                 dyn->d_un.d_val = findSectionHeader(".dynstr").sh_size;
+             else if (d_tag == DT_SYMTAB)
+                 dyn->d_un.d_ptr = findSectionHeader(".dynsym").sh_addr;
+-            else if (d_tag == DT_HASH)
+-                dyn->d_un.d_ptr = findSectionHeader(".hash").sh_addr;
+-            else if (d_tag == DT_GNU_HASH) {
++            else if (d_tag == DT_HASH) {
++                auto shdr = tryFindSectionHeader(".hash");
++                if (shdr) dyn->d_un.d_ptr = (*shdr).get().sh_addr;
++            } else if (d_tag == DT_GNU_HASH) {
+                 auto shdr = tryFindSectionHeader(".gnu.hash");
+                 // some binaries might this section stripped
+                 // in which case we just ignore the value.

xvfb-run.nix

@@ -0,0 +1,20 @@
+{ lib, writeShellApplication, cage }:
+
+writeShellApplication {
+  name = "xvfb-run";
+  text = ''
+    # Discard all options
+    while [[ "$1" =~ ^- ]]; do
+      case "$1" in
+        (-e|-f|-n|-p|-s|-w) shift ;&
+        (*) shift ;;
+      esac
+    done
+
+    WLR_BACKENDS=headless \
+    WLR_LIBINPUT_NO_DEVICES=1 \
+    WLR_RENDERER=pixman \
+    XDG_RUNTIME_DIR="$(mktemp -d)" \
+      exec '${lib.getExe cage}' -- "$@"
+  '';
+}

zlib.nix

@@ -0,0 +1,31 @@
+{ lib, stdenv, fetchurl, zlib-ng, ... }:
+
+assert zlib-ng.version == "2.2.2";
+
+stdenv.mkDerivation (finalAttrs: {
+  inherit (zlib-ng) pname version meta;
+
+  src = fetchurl {
+    url = "https://github.com/zlib-ng/zlib-ng/archive/refs/tags/${finalAttrs.version}.tar.gz";
+    hash = "sha256-/LQd1Zo/FwAq6xuyHwRpbJtyFASJC7lFxas50stpZUw=";
+  };
+
+  outputs = [ "out" "dev" "man" ];
+
+  setOutputFlags = false;
+  dontAddDisableDepTrack = true;
+  configurePlatforms = [ ];
+
+  env = {
+    CHOST = stdenv.hostPlatform.config;
+  };
+
+  configureFlags = [
+    "--libdir=${placeholder "dev"}/lib"
+    "--sharedlibdir=${placeholder "out"}/lib"
+    "--includedir=${placeholder "dev"}/include"
+    "--zlib-compat"
+  ];
+
+  makeFlags = [ "mandir=$(man)/share/man" ];
+})