Fetching ruby gems from private gemservers

I’m trying to wrap my head around where I should put the logic to inject authentication to fetch gems from my company’s private gemserver. All the developer machines I manage have credentials written in a file at ~/.bundle/config, which looks like:

BUNDLE_PACKAGES__SHOPIFY__IO: 1234hexencodedtoken123412341234

The key in this file corresponds to the hostname ‘packages.shopify.io’, and is identical to the environment variable name that would override this setting—this is just how bundler works.

Right now, I’ve already taught bundix how to prefetch private gems, but it writes out a gemset.nix that nix is still incapable of fetching later on. I’ve hacked together a solution for this but I don’t think it’s a very good one and I’d like feedback on how I could do this better, or what the best practice would be.

My modified gemset.nix is:


  hostnameFromURL = url: # String -> String
    builtins.elemAt (
      builtins.match "https?://([^/]+)/.*" url # [ "packages.shopify.io" ]
    ) 0; # "packages.shopify.io"

  bundlerVarFromHostname = hostname: # String -> String
    with import <nixpkgs> { }; "BUNDLE_" + lib.toUpper (
      builtins.replaceStrings ["."] ["__"] hostname # "packages__shopify__io"

  lookUpBundlerConfig = var: # String -> String
    if   builtins.getEnv var != ""
    then builtins.getEnv var
    else builtins.elemAt (
      builtins.match ".*\n${var}: ([^\n]+)\n.*" (
        builtins.readFile ((builtins.getEnv "HOME") + "/.bundle/config")
    ) 0;

  injectAuth = url: # String -> String
      hostname = hostnameFromURL url;
      var = bundlerVarFromHostname hostname;
      token = lookUpBundlerConfig var;
      builtins.replaceStrings ["://"] ["://${token}@"] url;


  abc = {
    dependencies = ["def"];
    groups = ["development" "test"];
    platforms = [];
    source = {
      remotes = [(injectAuth "https://packages.shopify.io/shopify/gems")];
      sha256 = "0000000000000000000000000000000000000000000000000001";
      type = "gem";
    version = "0.0.1";

I originally posted this with a different version of the code, which still exists at: Fetching private gems using bundler's credentials · Issue #61 · nix-community/bundix · GitHub

@burke It’s been a while, I know, but did you make any progress with this? I’ve started using sidekiq and the private gem repos are a bit of a stumbling block.