Migrate Nix build: bump nixpkgs to 25.11/unstable, expose `torus-node` package via crane

[steinerkelvin]

Migrate Nix build: bump nixpkgs to 25.11/unstable, expose torus-node package via crane

Context

Right now flake.nix pins nixos-25.05 and only ships devShells.default. There is no packages.torus-node output — downstream consumers who want a Nix-built node binary have to re-implement the whole toolchain + cargo build themselves.

Concrete example: torusform currently maintains nix/packages/torus-node.nix (~170 lines) that reimplements the upstream dev-shell toolchain, adds crane on top, and works around the compiler_builtins lookup for the Substrate WASM -Z build-std sub-build. That file opens with:

TODO: Move this build into the torus-substrate flake itself and pin nixpkgs there to 25.11, so this repo can consume the upstream package instead of recreating the toolchain and cargo environment locally.

Every downstream (torusform, containers, CI, Nix-based deploy) currently pays the same "assemble the toolchain from scratch" cost. Upstreaming the build flips that: one canonical recipe, consumed via inputs.torus-substrate.packages.${system}.torus-node.

Additional forcing function: llvmPackages_17 was removed from nixos-25.11. Staying on 25.05 means we're one release off from current nixpkgs and will fall further behind every six months.

Goal

1. Bump nixpkgs input from nixos-25.05 to nixos-25.11 (or nixos-unstable if 25.11 isn't out yet — check first).
2. Migrate llvmPackages_17 → llvmPackages_18 (or whatever 25.11 ships) throughout the flake and shellHook. The upstream dep chain allegedly requires clang 17; verify whether that's still true with current polkadot-sdk. If clang 18 doesn't work, pin llvmPackages_17 explicitly from an older nixpkgs overlay instead of staying on old nixpkgs wholesale.
3. Add packages.${system}.torus-node as a Nix-built binary using crane (preferred — already battle-tested in torusform's fork; better incremental caching story than naersk for our cargo workspace).
4. The dev shell stays functional and ideally shares toolchain definition with the package build so they can't drift.

Sketch

Rough shape (adapt to flake-parts or flake-utils per existing conventions):

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";  # or unstable
    rust-overlay.url = "github:oxalica/rust-overlay";
    rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
    crane.url = "github:ipetkov/crane";
    # ... existing pre-commit-hooks, flake-utils
  };

  outputs = { self, nixpkgs, rust-overlay, crane, ... }@inputs:
    flake-utils.lib.eachDefaultSystem (system:
      let
        pkgs = import nixpkgs { inherit system; overlays = [ (import rust-overlay) ]; };
        rustToolchain = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
        craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;
        # ... commonArgs shared with devShell
      in {
        packages.torus-node = craneLib.buildPackage { ... };
        devShells.default = pkgs.mkShell { ... };
      });
}

The fiddly part is the WASM -Z build-std sub-build — Substrate's build.rs invokes a cargo sub-command that needs compiler_builtins available. torusform's version patches Cargo.toml in preBuild to add a [patch.crates-io] entry pointing at rust-src's compiler-builtins path. That workaround is candidate for upstreaming verbatim, but worth a second look — there might be a cleaner path with newer crane.

Acceptance criteria

• nix flake check passes on 25.11 / unstable.
• nix build .#torus-node produces a working node binary on x86_64-linux and aarch64-linux.
• nix develop still works for day-to-day dev (cargo build, just test, etc.).
• torusform can drop its local nix/packages/torus-node.nix and consume torus-substrate.packages.${system}.torus-node directly (this is the validation that the upstream package is actually usable downstream).
• Darwin dev shell still works (Linux-only build is fine, but dev shell should stay cross-platform).
• Build is reproducible — same input → same output hash.

Non-goals

• Binary caching / Cachix setup (separate concern).
• Docker image build changes (can migrate later once the Nix package is stable).
• nix2container or image layering refactors.

References

• Current upstream flake: flake.nix
• Downstream reimplementation to upstream: torusform/nix/packages/torus-node.nix — specifically the crane setup, env vars, and compiler_builtins preBuild patch.
• crane: https://github.com/ipetkov/crane
• rust-overlay: https://github.com/oxalica/rust-overlay (already in use for dev shell)

[coderabbitai]

⚠️ Possible Duplicate Issue(s)

• Move torus-node build into the flake and pin nixpkgs to 25.11 #154

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!