URI paths in substituters and hashed-mirrors

My question is similar to Using NixOS in an isolated environment but my environment is not isolated, rather I want to leverage the existing infrastructure which is based on JFrog Artifactory. The issue is both settings (substituters and hashed-mirrors) seem to expect host names only, not full URLs. I’d like to be able to say something like


Is that possible?

I am answering my own question. It turned out that nix has no issues with the paths. The challenge was to make nix-daemon use login credentials and custom SSL certificates to connect to Artifactory.

  1. The settings in nix.conf from my original message.

  2. Credentials go to netrc file which is configured in /etc/nix/nix.conf:

netrc-file = /path/to/my/netrc
  1. SSL for nix-daemon needs to be configured in /etc/systemd/system/nix-daemon.service.d/override.conf (I also have to configure TMPDIR because of noexec bit on /tmp):
Environment="TMPDIR=/path/to/my/tmp" "NIX_SSL_CERT_FILE=/path/to/my/curl-ca-bundle.crt"

After systemctl daemon-reload and systemctl restart nix-daemon nix-daemon uses our artifactory for caching.