Hello everyone, I’m trying to use NixOS in my personal setup and I’m encountering a few issues.
Our setup is the following:
Windows machine with WSL (Ubuntu)
We use a proxy
Zscaler for security (or whatever it does, really)
Artifactory to cache binaries (binaries we download with apt for example), containers and similar stuff
Now, I manged to install NixOS inside WSL, I’ve setup the proxy by translating a bash script we use to configue Ubuntu, added the zscaler root certificate to the nix configuration.
However if I try to sudo nix-channel --update I get “SSL peer certificate or SSH remote key was not OK”. If I do curl -v https://duckduckgo.com I get “curl: (35) OpenSSL/3.0.14: error:16000069:STORE routines::unregistered scheme”. So I guess I did something wrong while setting the certificate.
Sorry for being imprecise. WSL works roughly like a virtual machine, I don’t know much of it either, but you can install multiple instances. I mentioned the one we use with Ubuntu because we have a bash script to set some things up, like the proxy and the zscaler certificate, which I need to replicate in the NixOs one.
@mightyiam: nixos works totally fine in WSL. You can run whatever distro you want with it.
@Krahos: the most likely issue here is that your network configuration is incompatible with what the corp network is expecting. We probably can’t help you more without significantly more info about the services running on your corp network, which you should not be sharing over the public internet.
If your IT staff have good Linux skills, they will be able to help you figure it out. If not, you should probably just stick with Ubuntu or Debian + nix
I am having the same problem here.
During installation of nixos on a corporate machine in Hyper-V (similar to wsl) the NixOS Installer shows an error: “The system is not connected to the Internet.”
When I open Firefox and go to https://nixos.org it shows an ssl error, our corporate firewall does some kind of man-in-the-middle check, but this certificate is not installed. (youtube.com works because it is exluced)
When opening a terminal window curl also does not work for https://nixos.org, so I exported some .pem certificates from firefox and imported them in openssl (I think because I have verry little Linux experience)
Then I executed these 2 commands in the terminal window:
My company uses an F5 firewall and we don’t have to set the proxy because ALL internet traffic is intercepted. (except for youtube and ms office/teams)
Anyway I installed nixos by using my phone as a hotspot over wifi, lame but it worked.
Because, after the installation, updating the configuration.nix with sudo nixos-rebuild switch did not work. The certificates were not active yet so I edited the configuration.nix file and added the certificates:
# security.pki.certificateFiles = [ "/etc/nixos/nixos-org-chain.pem" ]; --> this might just work as well if you put the Firefox downloaded certificates here, otherwise just paste them like this:
security.pki.certificates = [ ''
*.nixos.org:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Company Firewall:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Company Issuing CA:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Company Root CA:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
''
];
and then activated the new configuration with: sudo HOME=/root NIX_SSL_CERT_FILE=/etc/nixos/nixos-org-chain.pem nixos-rebuild switch
( more info about this “special” switch command: https://github.com/NixOS/nixpkgs/issues/70939 )
After this I could edit the configuration.nix file and just switch with the normal sudo nixos-rebuild switch command.
Maybe these steps could be useful for someone in the future, although it would be more useful to be able to start the calamares nixos installer with the extra arguments, ex: sudo HOME=/root NIX_SSL_CERT_FILE=/etc/nixos/nixos-org-chain.pem start-nixos-installer...