Sops-nix: Another China GFW Problem

I am trying to setup sops-nix. It fails because sops-nix tries to download some things from google like this:

>  golang.org/x/crypto/ssh: golang.org/x/crypto@v0.29.0: Get "https://proxy.golang.org/golang.org/x/crypto/@v/v0.29.0.zip": dial tcp 142.251.33.113:443: i/o timeout

Does this mean I am simply not able to use sops-nix from China? Is this the wrong forum for this? It seems that the problem could be related to any packages from golang at all.

1 Like

It might be possible to override the sops-nix derivations to search and replace all instances of golang.org with a mirror. If this guide is right, then you could use Go · GitHub.

It seems like something that could be added to nixpkgs go builders to fix problems for all go packages, but I’m not sure if anyone has tried it before and if there would be any issues.

Techies use VPNs in China. Reddit’s r/dumbclub is a good place to find out more.

Is there something we could do on our end to help with this?

I use a VPN from the browser, not for all traffic. I set up my own VPS before using Outline, but Outline’s client ships only an AppImage, which never really works on NixOS. I was never able to make it work, to be honest, so I have just been using my browser-based one for less headache :smiley:

But basically I was thinking there are surely people in enterprise situations without access to a VPN who will need to use solutions like this. Also VPNs are unstable in China because many of them are illegal (contrary to popular opinion, VPNs are actually not always illegal in China), so the government sometimes finds and shuts them down or figures out a way to knock a bunch of them offline for a day or whatever.

1 Like

The link you made to the guide mistakenly points to this thread. Can you please point me to the guide you are talking about? Thank you

whoops, here it is: Notes/Golang/china/get-golang-packages-on-golang-org-in-china.md at dfa1387697ec7dd5ef971a3931f42193c3248aa8 · northbright/Notes · GitHub

(I edited my original post too)

Universities have reliable VPNs. Probably large companies also.

I have used reliable VPNs in the past - Astrill most recently.

There’s also this project:

I’ve never used it, not an endorsement.

You can package it with nix, see appimageTools in the nixpkgs manual