How to use nix profile without github.com?

Kamilcuk · November 19, 2025, 11:11am

Github is blocked at my company:

$ nix profile install nixpkgs#{chrome,firefox,mcp-hub}
warning: 'install' is a deprecated alias for 'add'
[4.2/45.6 MiB DL] downloading 'https://github.com/NixOS/nixpkgs/archive/6f374686605df381de8541c072038472a5ea2e2d.tar.gz'
$ nix profile install nixpkgs#{chrome,firefox,mcp-hub}
warning: 'install' is a deprecated alias for 'add'
error:
       … while fetching the input 'github:NixOS/nixpkgs/nixpkgs-unstable'

       error: cannot read file from tarball: Truncated tar archive detected while reading data

How do I use nix profile without github.com connection?

Is there a mirror? where and how to find a mirror of github.com and configure nix to use it?

The nix-channel does not mention github at all:

$ nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable

So why does it use github.com? I wonder how it works. Thank you

TLATER · November 19, 2025, 11:52am

Kamilcuk:

The nix-channel does not mention github at all:
$ nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
So why does it use github.com? I wonder how it works. Thank you

The (experimental) 3.0 commands use the flake registry, not channels.

This comes with a hard-coded list of default entries, one of which is nixpkgs - this one currently points to the unstable branch of the GitHub repo.

Up until recently there was no real alternative (for flakes), but a recent change introduced “lockable tarballs”, which makes it feasible to lock to the channel tarballs instead of a raw git repo. This has a bunch of benefits, but the default registry doesn’t currently do so.

All that said, you can change your registry imperatively so that it uses those tarballs, e.g.:

$ nix registry add nixpkgs https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz

It won’t solve the rate limit for anything not rehosted by hydra, of course, but anything that’s prebuilt in the cache (or projects whose sources are hosted elsewhere) should no longer hit GitHub.

If you use NixOS or home-manager with flakes (which I urgently recommend over using nix profile, let alone nix-env, by the way, precisely because the other commands implicitly depend on this imperatively maintained flake/channel list that you don’t know about), changing your flake’s nixpkgs input to that URL should also fix ratelimiting, since both projects include some code to change the registry’s nixpkgs entry to their nixpkgs input.

The default should probably be changed, tbh.

You can also of course use the 2.0 command equivalents and sidestep the flake mess, but I recommend using nix-shell and never nix-env.

waffle8946 · November 20, 2025, 3:02am

They use whatever you give them. If you give them a registry-based flakeref (flake:), or a non-registry-based flakeref (any other protocol), or a path (-f <path>) then it will use it.

But yes in this case @Kamilcuk you’re using the registry, hence you’ll want to manually maintain the registry entry as mentioned.

Or, you can maintain an entire registry file, and set flake-registry in the global nix.conf to point at said file.
The format should be the same as flake-registry/flake-registry.json at cb70c9306b44501de412649c356dee503a25f119 · NixOS/flake-registry · GitHub. More docs in https://nix.dev/manual/nix/2.32/command-ref/new-cli/nix3-registry.html#registry-format.

Of course, you can also just use the channel directly:

for the local channel, use nix profile install -f '<nixpkgs>' hello
for the remote channel, use nix profile install -f 'channel:nixpkgs-unstable' hello

(Replacing hello with the appropriate attrs.)