roaming laptop: network proxy configuration

[vmandela]

Issue description

Is there a way to setup nixos to automatically choose the right proxy based on the network it is on? I have nixos installed on my laptop which I use

• on work network which has a proxy
• on home network where there is no proxy

I have so far been modifying

networking.proxy.default

and doing

nixos-rebuild switch

each time I switch network.

What is the right way to handle changing proxy configuration in nixos?

[rnhmjoj]

I would say it's impossible: switching network happens at "runtime" and the option is set once when you build the configuration. Anyway you don't have to switch the configuration just for that.
All networking.proxy.<protocol> does is setting the environment variable <protocol>_proxy. You only need to change it from the shell, or write a function/script to toggle it.

[rnhmjoj]

To make it really automatic you could write a PAC file and configure a webserver to serve it locally. I don't know which programs support proxy auto-configuration though, probably only browsers.

Something like this should do it:

function FindProxyForURL(url, host) {
  // at work
  if (shExpMatch(myIpAddress(), "10.0.*")) {
    return "PROXY 10.0.1.200:8118";
  }
  // at home
  return "DIRECT";
}

update: curl doesn't so this rules out a lot of programs.

[vmandela]

@rnhmjoj Exporting environment variables does not seem to work when trying to do

nix-env -i

Does nix-env -i run in a different environment? If yes, how do I set the proxy variables for that environment?

[rnhmjoj]

I think this happens because the nix-daemon is doing the actual downloading and it gets the proxy variable from the systemd unit file.

$ systemctl cat nix-daemon | grep proxy
Environment="http_proxy=http://localhost:8118"

So... no, you do have to switch the configuration to change it effectively in this case.

[rnhmjoj]

You could use nixos-rebuild test instead.

What I did on my last laptop to manage this was run a squid proxy locally and point everything to it. When I changed networks/needed to change proxies, a script would rewrite its upstream proxy setting and restart it.

I'm still working out how to make that happen on Nix.

[vmandela]

I have worked around this using the nesting.clone option.

nesting.clone = [
        {
                boot.loader.grub.configurationName = "Work";
                networking.proxy.default = "http://proxy.work.com:80";
                networking.proxy.noProxy = "127.0.0.1,localhost,work.com";
                nix.binaryCaches = [
                        "http://nixcache.work.com"
                        "https://cache.nixos.org"
                ];
        }
];

When I need to switch network configuration, I use

$ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test

to switch to the configuration with proxy enabled. The only problem I have now is having this cloned configuration show up in the grub menu. I have filed PR #44495 to track this.

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/how-to-use-nix-behind-corporate-proxy-on-mac/12990/2

[contrun]

As far as I can tell, the best way to do that is

sudo mkdir /run/systemd/system/nix-daemon.service.d/
cat << EOF >/run/systemd/system/nix-daemon.service.d/override.conf  
[Service]
Environment="http_proxy=socks5h://localhost:7891"
Environment="https_proxy=socks5h://localhost:7891"
Environment="all_proxy=socks5h://localhost:7891"
EOF
sudo systemctl daemon-reload
sudo systemctl restart nix-daemon

Note the directory /run/systemd/ is volatile. You need to change it everytime you reboot.