Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

roaming laptop: network proxy configuration #27535

Closed
vmandela opened this issue Jul 21, 2017 · 12 comments
Closed

roaming laptop: network proxy configuration #27535

vmandela opened this issue Jul 21, 2017 · 12 comments

Comments

@vmandela
Copy link
Contributor

Issue description

Is there a way to setup nixos to automatically choose the right proxy based on the network it is on? I have nixos installed on my laptop which I use

  • on work network which has a proxy
  • on home network where there is no proxy

I have so far been modifying

networking.proxy.default

and doing

nixos-rebuild switch

each time I switch network.

What is the right way to handle changing proxy configuration in nixos?

@joachifm joachifm changed the title help: nixos roaming laptop: network proxy configuration roaming laptop: network proxy configuration Jul 22, 2017
@rnhmjoj
Copy link
Contributor

rnhmjoj commented Jul 23, 2017

I would say it's impossible: switching network happens at "runtime" and the option is set once when you build the configuration. Anyway you don't have to switch the configuration just for that.
All networking.proxy.<protocol> does is setting the environment variable <protocol>_proxy. You only need to change it from the shell, or write a function/script to toggle it.

@rnhmjoj
Copy link
Contributor

rnhmjoj commented Jul 23, 2017

To make it really automatic you could write a PAC file and configure a webserver to serve it locally. I don't know which programs support proxy auto-configuration though, probably only browsers.

Something like this should do it:

function FindProxyForURL(url, host) {
  // at work
  if (shExpMatch(myIpAddress(), "10.0.*")) {
    return "PROXY 10.0.1.200:8118";
  }
  // at home
  return "DIRECT";
}

update: curl doesn't so this rules out a lot of programs.

@vmandela
Copy link
Contributor Author

@rnhmjoj Exporting environment variables does not seem to work when trying to do

nix-env -i

Does nix-env -i run in a different environment? If yes, how do I set the proxy variables for that environment?

@rnhmjoj
Copy link
Contributor

rnhmjoj commented Jul 25, 2017

I think this happens because the nix-daemon is doing the actual downloading and it gets the proxy variable from the systemd unit file.

$ systemctl cat nix-daemon | grep proxy
Environment="http_proxy=http://localhost:8118"

So... no, you do have to switch the configuration to change it effectively in this case.

@rnhmjoj
Copy link
Contributor

rnhmjoj commented Jul 25, 2017

You could use nixos-rebuild test instead.

@dpflug
Copy link
Contributor

dpflug commented Aug 18, 2017

What I did on my last laptop to manage this was run a squid proxy locally and point everything to it. When I changed networks/needed to change proxies, a script would rewrite its upstream proxy setting and restart it.

I'm still working out how to make that happen on Nix.

@vmandela
Copy link
Contributor Author

vmandela commented Aug 9, 2018

I have worked around this using the nesting.clone option.

nesting.clone = [
        {
                boot.loader.grub.configurationName = "Work";
                networking.proxy.default = "http://proxy.work.com:80";
                networking.proxy.noProxy = "127.0.0.1,localhost,work.com";
                nix.binaryCaches = [
                        "http://nixcache.work.com"
                        "https://cache.nixos.org"
                ];
        }
];

When I need to switch network configuration, I use

$ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test

to switch to the configuration with proxy enabled. The only problem I have now is having this cloned configuration show up in the grub menu. I have filed PR #44495 to track this.

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/how-to-use-nix-behind-corporate-proxy-on-mac/12990/2

@contrun
Copy link
Contributor

contrun commented Jul 8, 2022

As far as I can tell, the best way to do that is

sudo mkdir /run/systemd/system/nix-daemon.service.d/
cat << EOF >/run/systemd/system/nix-daemon.service.d/override.conf  
[Service]
Environment="http_proxy=socks5h://localhost:7891"
Environment="https_proxy=socks5h://localhost:7891"
Environment="all_proxy=socks5h://localhost:7891"
EOF
sudo systemctl daemon-reload
sudo systemctl restart nix-daemon

Note the directory /run/systemd/ is volatile. You need to change it everytime you reboot.

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/installation-woes-internet-connection-warnings/22428/3

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/use-nix-behind-proxy/23769/2

@ryan4yin
Copy link
Contributor

ryan4yin commented Feb 16, 2024

As far as I can tell, the best way to do that is

sudo mkdir /run/systemd/system/nix-daemon.service.d/
cat << EOF >/run/systemd/system/nix-daemon.service.d/override.conf  
[Service]
Environment="http_proxy=socks5h://localhost:7891"
Environment="https_proxy=socks5h://localhost:7891"
Environment="all_proxy=socks5h://localhost:7891"
EOF
sudo systemctl daemon-reload
sudo systemctl restart nix-daemon

@contrun The corresponding declarative and non-volatile approach is to add the following Module to your NixOS configuration(But it may be a problem when your proxy server stops to work...):

{
  systemd.services.nix-daemon.environment = {
    # socks5h mean that the hostname is resolved by the SOCKS server
    https_proxy = "socks5h://localhost:7891";
    # https_proxy = "http://localhost:7890"; # or use http prctocol instead of socks5
  };
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

8 participants