I recently moved into a university campus. I have been using sops-nix before, but it stopped working in the campus. I get this error:
> google.golang.org/api/transport/grpc: google.golang.org/api@v0.266.0: Get "https://storage.googleapis.com/proxy-golang-org-prod/9e54aad8ab093803-google.golang.org:api-v0.266.0.zip?Expires=1772496027&GoogleAccessId=gcs-urlsigner-prod%40golang-modproxy.iam.gserviceaccount.com&Signature=OSeURzXDlXOpSdeas7jtlz4NnqrQ8FOHt0IWnig9RN4PM0vzY2VMa%2BK%2FeG4C4eDeozekkjugWZffFUqFHqKDzOwsRKOVnc8Fpu7cNUfykocn8OPmR%2F5TTRuHgtciL8ysubR3jc1NE0ROntojWBkQUiqPF3XaBkp%2BxG9xa23KsbCpOW6whNhmp762TfFYRETSX6xA5sQrNl68KmTba6gfyx8X6a4Brwnj89pqFVDrmfQyFu%2BVKnbuh80L0l8T%2BF%2FYRJ%2BVI6uoGXz%2FkAVGOgJUGxmcfAiTZW71ogq0ecNM5TCU3HPFVobe7pw6xX8UyVTvmouRKhU8lNHz8Fr7uar%2FyA%3D%3D": tls: first record does not look like a TLS handshake
Full logs of sops-nix can be found here:
My nix-config for reference:
I disabled sops-nix temporarily.
Is there a workaround I can use to make sops-nix work in the university network? I do not use a VPN, but I think I will have to invest into one if there is no other option.
Possibly, what do you get if you open that URL in a browser?
FWIW, free VPNs exist and are probably sufficient for what’s going on here. Your campuses’ IT staff looks to be a bit overzealous with their filtering. Can probably also just ask them to lift it.
Nix should still be able to build that software downstream; there should be no need to trust random subtituters. This might still indicate an issue with your config or networking.
That said, I’ve experienced golang dependencies being pulled from the internet before. It’s quite possible the issue is that the software simply cannot be built anymore, rather than it being networking related.