Cardano Updates

Flake lock file updates:

• Updated input 'cabal':
    'github:stable-haskell/cabal/c0d52b2' (2025-03-30)
  → 'github:stable-haskell/cabal/0a74ea1' (2025-07-28)
• Updated input 'cabal-experimental':
    'github:stable-haskell/cabal/7e50837' (2025-04-07)
  → 'github:stable-haskell/cabal/7ea381f' (2025-05-22)
• Updated input 'haskellNix':
    'github:input-output-hk/haskell.nix/835d1d8' (2025-04-04)
  → 'github:input-output-hk/haskell.nix/a1dc767' (2026-02-14)
• Removed input 'haskellNix/ghc-8.6.5-iohk'
• Updated input 'haskellNix/hackage':
    'github:input-output-hk/hackage.nix/9f3c25c' (2025-04-04)
  → 'github:input-output-hk/hackage.nix/26b99ff' (2026-02-14)
• Updated input 'haskellNix/hackage-for-stackage':
    'github:input-output-hk/hackage.nix/fdd3d2b' (2025-04-04)
  → 'github:input-output-hk/hackage.nix/0e5a1b2' (2026-02-14)
• Added input 'haskellNix/hackage-internal':
    'github:input-output-hk/hackage.nix/f7867ba' (2025-06-19)
• Added input 'haskellNix/hls-2.11':
    'github:haskell/haskell-language-server/46ef452' (2025-05-15)
• Added input 'haskellNix/hls-2.12':
    'github:haskell/haskell-language-server/7d983de' (2025-09-24)
• Updated input 'haskellNix/iserv-proxy':
    'github:stable-haskell/iserv-proxy/e9dc86e' (2025-03-16)
  → 'github:stable-haskell/iserv-proxy/91ef7ff' (2026-02-04)
• Updated input 'haskellNix/nixpkgs-2411':
    'github:NixOS/nixpkgs/94792ab' (2025-02-10)
  → 'github:NixOS/nixpkgs/5ab036a' (2025-06-30)
• Added input 'haskellNix/nixpkgs-2505':
    'github:NixOS/nixpkgs/6c8f0cc' (2025-12-01)
• Added input 'haskellNix/nixpkgs-2511':
    'github:NixOS/nixpkgs/b0924ea' (2025-12-01)
• Updated input 'haskellNix/nixpkgs-unstable':
    'github:NixOS/nixpkgs/041c867' (2025-01-17)
  → 'github:NixOS/nixpkgs/c1cb7d0' (2025-12-01)
• Updated input 'haskellNix/stackage':
    'github:input-output-hk/stackage.nix/b7d2fd6' (2025-04-04)
  → 'github:input-output-hk/stackage.nix/f656c6e' (2026-02-11)
• Updated input 'iohk-nix':
    'github:input-output-hk/iohk-nix/3acad18' (2025-04-03)
  → 'github:input-output-hk/iohk-nix/0ce7cc2' (2026-02-02)
• Updated input 'iohk-nix/nixpkgs':
    'github:nixos/nixpkgs/55af203' (2023-05-15)
  → 'github:nixos/nixpkgs/a47938d' (2025-06-28)

The postgresql build for musl cross-compilation was producing 7 outputs
(out, dev, doc, lib, man, plpython3, pltcl) because pythonSupport and
tclSupport default to true when !isStatic && canExecute. Since
pkgsCross.musl64 doesn't set isStatic=true, these were enabled.

Each extra output widens the nix-copy window between build completion
and output transfer, exacerbating the min-free GC race on darwin
builders where outputs vanish before they can be copied to hydra.

Reducing from 7 to 5 outputs (removing plpython3 and pltcl) should
help. These PL extensions are unnecessary for musl cross-builds anyway.

hardeningDisable=["lto"] is not valid on musl cross stdenv (causes
eval failure: "unsupported hardening flags"). Instead:
- Restore llvmPackages_20 override to prevent LLVM dependency
- Add -fno-lto via NIX_CFLAGS_COMPILE to disable GCC LTO
  (GCC LTO + GNU ld produces .ltrans link failures in postgresql)

The actual nixpkgs-2511 generic.nix takes llvmPackages_20 as the
callPackage argument (line 90), then internally creates llvmPackages
from it with a version pin warning. The previous override used
llvmPackages which doesn't exist as a parameter, causing:
  error: function 'generic' called with unexpected argument 'llvmPackages'

libtool fails with "can't build x86_64-w64-mingw32 shared library
unless -no-undefined is specified" because Windows DLLs require all
symbols resolved at link time. Same fix used by ocl-icd and libxcrypt
in nixpkgs.

The previous outputChecks fix (9fc9f95) only removed the LLVM
validation references but left LLVM as a direct build dependency.

pkgsCross.musl64 doesn't set isStatic=true, so postgresql's
jitSupport defaults to true (canExecute returns true for same-arch
musl/glibc cross). This configures postgresql with --with-llvm,
pulling LLVM into buildInputs.

Chain both override (jitSupport=false) and overrideAttrs
(outputChecks={}, doCheck=false) to fully eliminate the LLVM
dependency that OOMs during musl cross-compilation.

On macOS builders with Determinate Nix, the build sandbox places a
read-only builder.json in the build directory. When tzdata tarballs
extract into '.' (no subdirectory), the standard makeSourcesWritable
step (chmod -R u+w .) fails trying to chmod the build directory itself
and the sandbox's builder.json file.

Set dontMakeSourcesWritable = true for tzdata in the mingw overlay,
since tar-extracted files are already writable.