disable proxy

parisni · January 2, 2020, 5:09pm

hi

i installed my system with a proxy to access network (configured
networing.proxy.default in the configuration.nix file).
Right now I am using a network without a proxy. Then I commented the
networing.proxy.default line and run
nixos-rebuild switch

however the rebuild tries to access some remote url ... with the previous proxy
configuration.

how to turn on / off the proxy (manually unset the *_proxy env variable is not
working)?

thanks

jonringer · January 2, 2020, 7:15pm

nixos-rebuild may not actually restart some services if it impacts your current session. I would try rebooting to see if it fixes your issue.

zimbatm · January 2, 2020, 8:59pm

github.com

NixOS/nixpkgs/blob/0b5c6267bbc9d9377b9bf7d7596962702d17cf5e/nixos/modules/config/networking.nix#L196-L215


      
            networking.proxy.envVars =
              optionalAttrs (cfg.proxy.default != null) {
                # other options already fallback to proxy.default
                no_proxy = "127.0.0.1,localhost";
              } // optionalAttrs (cfg.proxy.httpProxy != null) {
                http_proxy  = cfg.proxy.httpProxy;
              } // optionalAttrs (cfg.proxy.httpsProxy != null) {
                https_proxy = cfg.proxy.httpsProxy;
              } // optionalAttrs (cfg.proxy.rsyncProxy != null) {
                rsync_proxy = cfg.proxy.rsyncProxy;
              } // optionalAttrs (cfg.proxy.ftpProxy != null) {
                ftp_proxy   = cfg.proxy.ftpProxy;
              } // optionalAttrs (cfg.proxy.allProxy != null) {
                all_proxy   = cfg.proxy.allProxy;
              } // optionalAttrs (cfg.proxy.noProxy != null) {
                no_proxy    = cfg.proxy.noProxy;
              };
          
          
# Install the proxy environment variables
          environment.sessionVariables = cfg.proxy.envVars;

The module sets environment variables and those are updated after a successful nixos-rebuild switch. On top of that the user has to logout and login back again for the new variables to take effect.

If the proxy is enabled but log longer available it can affect the nixos-rebuild because those environment variables are taken into account by nix. To work around that you can unset http_proxy and the other proxy variables outputted by env | grep proxy in the terminal before running nixos-rebuild switch.

parisni · January 3, 2020, 4:50pm

To work around that you can unset http_proxy and the other proxy variables
outputted by env | grep proxy in the terminal before running nixos-rebuild
switch.

I tried to unset every result of env|grep proxy. Still nixos-rebuild
switch returns “couldn’t resolve proxy name”. Thanks for any help on
this

zimbatm · January 3, 2020, 9:14pm

You’re right, the proxy env vars are actually set on the nix-daemon directly instead of being forwarded by the client:

github.com

NixOS/nixpkgs/blob/dce9dfaa9809b3e2d3a564b4b590b1e59a9a6103/nixos/modules/services/misc/nix-daemon.nix#L428-L430


      
          environment = cfg.envVars
            // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
            // config.networking.proxy.envVars;

Typically with systemd it’s possible to override existing units but not on NixOS:

$ sudo systemctl edit nix-daemon
Failed to create temporary file for "/etc/systemd/system/nix-daemon.service.d/override.conf": Read-only file system

This is because /etc/systemd/system points into the /nix/store which is mounted read-only for everyone except the nix-daemon. You also can’t edit the unit itself because of the same reason.

Now I am running a bit out of ideas.

ESCAPE HATCH. DON’T PRESS THE RED BUTTON.

As a last recourse, you can re-mount the /nix/store read-write and edit the unit. This is obviously really bad as the store becomes no longer consistent.

$ sudo mount -o remount,rw /nix/store
# Look for the file and remove the lines:
$ sudo systemstd cat nix-daemon
$ sudo mount -o remount,ro /nix/store
$ sudo systemctl stop nix-daemon.socket nix-daemon
$ sudo systemctl start nix-daemon

Try running the nixos-rebuild. Since the nix-daemon is socket-actived it will only start after nix-build has been invoked. If it doesn’t work you can also check what environment variables the daemon has like that:

sudo cat /proc/$(pgrep nix-daemon)/environ | tr '\0' '\n'

parisni · January 4, 2020, 9:53am

Hi Zimatm

thanks for your help. I change proxy configuration several times a day.
I am not confident such complicated a solution is appropriate in this case.

This may require a fix in the nixos-rebuild strategy isnt’it ? For
example changing the proxy before trying to access remote url ?

7c6f434c · January 4, 2020, 10:19am

thanks for your help. I change proxy configuration several times a day.
I am not confident such complicated a solution is appropriate in this case.

In such a situation I just instlled a local proxy, installed multiple configuration files for it, used the local proxy as the proxy in most programs and restarted the proxy with a proper upstream as needed.

parisni · January 4, 2020, 11:05am

In such a situation I just instlled a local proxy, installed multiple

Thanks for the suggestion. However, how can I install a local proxy, if
I am unable to install anything (because nixos-rebuild is stuck) ?

7c6f434c · January 4, 2020, 11:38am

In such a situation I just instlled a local proxy, installed multiple

Thanks for the suggestion. However, how can I install a local proxy, if
I am unable to install anything (because nixos-rebuild is stuck) ?

I think you could run the following as root:

NIX_REMOTE= http_proxy= https_proxy= nix-build ‘<nixpkgs/nixos>’ -I ‘nixos-config=/etc/nixos/configuration.nix’ --no-out-link -A system

Afterwards nixos-rebuild will not need to build anything, so lack of network access should be OK.

parisni · January 4, 2020, 11:59am

NIX_REMOTE= http_proxy= https_proxy= nix-build ‘<nixpkgs/nixos>’ -I
‘nixos-config=/etc/nixos/configuration.nix’ --no-out-link -A system

Afterwards nixos-rebuild will not need to build anything, so lack of network
access should be OK.

This worked, also I had to add this “all_proxy=”:

NIX_REMOTE= http_proxy= https_proxy= all_proxy= nix-build ‘<nixpkgs/nixos>’ -I ‘nixos-config=/etc/nixos/configuration.nix’ --no-out-link -A system

Afterward, the proxy was indeed disabled and nixos-rebuild able to run

Thanks.

SRGOM · February 10, 2020, 3:18pm

I don’t recall the exact syntax/semantics buy there is a clone thingy which you probably want