-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nix Flakes is not usable without access to github.com #8953
Comments
I have a reproduction of this error at https://github.com/a-h/nix-issue-8953 - it uses Multipass to create a VM. First, I define a It then clones a flake's repo for offline use with Finally, it sets up a firewall rule to deny outbound traffic. #cloud-config
users:
- default
- name: nix-issue-8953
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
runcmd:
- # Install Nix.
- curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm
- . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
- # Initialize flakes.
- nix registry list
- # Download for offline.
- nix flake clone "github:numtide/system-manager" --dest /flakes/github.com/numtide/system-manager
- nix registry add "github:numtide/system-manager" /flakes/github.com/numtide/system-manager
- # Disable outbound traffic, e.g. to github.
- iptables -t filter -I OUTPUT 1 -m state --state NEW -j DROP When I attempt to run the flake, I expect it to not require downloading the system-manager flake's source code, because I've cloned it for offline use, and placed a pointer in the registry.
However it does, which is a bug. multipass exec nix-issue-8953 -- sudo bash --login -c nix run github:numtide/system-manager
warning: error: unable to download 'https://api.github.com/repos/numtide/system-manager/commits/HEAD': Couldn't resolve host name (6); retrying in 256 ms
warning: error: unable to download 'https://api.github.com/repos/numtide/system-manager/commits/HEAD': Couldn't resolve host name (6); retrying in 683 ms
warning: error: unable to download 'https://api.github.com/repos/numtide/system-manager/commits/HEAD': Couldn't resolve host name (6); retrying in 1133 ms
warning: error: unable to download 'https://api.github.com/repos/numtide/system-manager/commits/HEAD': Couldn't resolve host name (6); retrying in 2605 ms See https://github.com/a-h/nix-issue-8953/ for step-by-step instructions. NotesIn a more realistic offline scenario, I expect to need to use I expected There's a chat where I explore this issue at https://matrix.to/#/!KqkRjyTEzAGRiZFBYT:nixos.org/$52VhywMgI8f2h-kOTjl6shkksIC997sqSXnyioey0-U?via=fairydust.space&via=matrix.org&via=tchncs.de |
Please post the output of the |
|
You can configure a different location to fetch the global registry. Since I don't need the global registry at all (and I'd rather not waste time on a network round trip for almost every nix command), I did this in my nixos config: {
nix.settings.flake-registry = toFile "global-registry.json" ''{"flakes":[],"version":2}'';
} |
I've tested the above setup with Nix 2.16 and Nix 2.13.2 to see if this was a regression added in Nix 2.17, but it wasn't. So, this behaviour has been in place for some time. Workaround to stop downloading flake-registry.jsonIt is possible to pre-configure Nix with a flake registry which prevents it from attempting to download the In my cloud-init.yaml I run this: echo "flake-registry = /etc/nix/flake-registry.json" >> /etc/nix/nix.conf Then remotely, I can push a pre-downloaded flake-registry.json into the target. scp $PWD/flake-registry.json worker@$WORKER_IP:/home/worker/registry.json
ssh worker@$WORKER_IP 'sudo mv /home/worker/registry.json /etc/nix/flake-registry.json'
ssh worker@$WORKER_IP 'sudo chown root:root /etc/nix/flake-registry.json'
ssh worker@$WORKER_IP 'sudo chmod 664 /etc/nix/flake-registry.json'
ssh worker@$WORKER_IP 'sudo systemctl restart nix-daemon' This is an ugly workaround, and maybe a better solution would be to include a flake-registry.json file in the installation. This doesn't fix the problemAlthough this stops the first problem of I'd like to see:
|
See #6895. |
|
NixOS/nix#8953. I don't use it, and it causes unnecessary downloads.
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/pre-rfc-implement-dependency-retrieval-primitive/43418/5 |
Describe the bug
I want to try/use Nix Flakes on an offline network. I have configured a local registry entry for offline use, but Nix still insists on getting the global registry from github.com, which prevents me from using it (the Flakes feature).
Example:
Non-Flakes Nix parts work fine on offline network.
Expected behavior
Nix Flakes can be configured with local registry and be usable without access to github.com.
nix-env --version
outputnix (Nix) 2.13.5
Priorities
Add 👍 to issues you find important.
The text was updated successfully, but these errors were encountered: