Set go package **not** to use the Go proxy?

Help
1

Due to proxy.golang.org: Forbidden for https://proxy.golang.org/github.com/klauspost/compress/@v/v1.18.0.zip · Issue #75218 · golang/go · GitHub I’d like to temporarily disable usage of the Go Proxy for a package. This appears to be utterly impossible, maybe someone knows the secret combination without spending the next 2 hours digging through layers of Nix derivation code (which I’d like to avoid).

So far I have this and according to the documentation it should do something I think but of course doesn’t:

   services.caddy = {
      # Enable extra modules in Caddy (based on NixOS 25.05 packaging)
      package = (pkgs.caddy.overrideAttrs (finalAttrs: prevAttrs: {
         env.GOPROXY = "off";
         env.GOPRIVATE = "*";
         passthru = prevAttrs.passthru // {
            overrideModAttrs = lib.composeExtensions prevAttrs.passthru.overrideModAttrs (
               finalModAttrs: prevModAttrs: {
                  preBuild = ''
                     export GOPROXY=off
                     export GOPRIVATE='*'
                  '';
               }
            );
         };
      })).withPlugins {
         plugins = [
            "github.com/caddyserver/transform-encoder@v0.0.0-20241223111140-47f376e021ef"
            "github.com/mpilhlt/caddy-conneg@v0.1.4"
            "github.com/mholt/caddy-l4@v0.0.0-20250124234235-87e3e5e2c7f9"
         ];
         hash = "sha256-d+tzRtX9f2nAOq3Qt6ZY9S2ZdbAWAgPXpeOCdoNW69A=";
      };

      # … other settings …
  };

With pkgs.caddy being (overlay):

let
   snapshot-caddy = import (builtins.fetchTarball {
      url = "https://github.com/NixOS/nixpkgs/archive/28ace32529a63842e4f8103e4f9b24960cf6c23a.tar.gz";
      sha256 = "1zphnsa5dhwgi4dsqza15cjvpi7kksidfmjkjymjninqpv04wgfc";
      #sha256 = "b2acf21f97488b762819c9b6e3ae285ada4039f970347f3f40e55e93b068de15";
   }) {};
in {
   # Caddy from unstable with its official plugin support
   caddy = prev.callPackage snapshot-caddy.caddy.override {};
}
2

Thankfully there’s a module and docs for exactly this usecase.

Crucial bit even if you don’t want to use athens:

3

Thank you! I tried manually adding

experimental-features = nix-command flakes configurable-impure-env
impure-env = GOPROXY=off GOPRIVATE=*

to /etc/nix/nix.conf since the system derivation cannot be built without fixing this first, but properly updating that file first requires rebuilding the system derivation…

Unfortunately, it also doesn’t appear to be doing anything. The only workaround that I found was to temporarily disable IPv6 on the server so that it was forces to fetch the Go packages using IPv4 which somehow isn’t affected by this issue. This worked because, as mentioned in the linked issue, it only affects one specific package when fetched using one specific IPv6 address from the official Go proxy. I strongly suspect this is a bug in Google’s infrastructure. (Go stands for “Google Online” after all…)

Blerg, I really wished I didn’t have to care about Go. Why is there so much good software written in it? :sweat_smile:

So yeah, I have a ridiculous workaround but no solution from Google yet and also no proper way to work around the issue in NixOS. Only thing that’s clear is that everything is cursed. :laughing: