Enterprise: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 1:

When trying to use Nix and NixOS in corporations there are a number of issues one will run into. This page tries to provide a solution to each of these issues.

When trying to use Nix and NixOS in corporations there are a number of issues one will run into normally because of networking restrictions. This page tries to provide a solution to each of these issues.

== Private resources ==

Line 7:

=== fetchurl ===

<code>fetchurl</code> is used to retrieve HTTP resources, but is also used by <code>~~fetchFromGithub~~</code>. For private resources this will usually result in an error like the following:

<code>fetchurl</code> is used to retrieve HTTP resources, but is also used by <code>fetchFromGitHub</code>. For private resources this will usually result in an error like the following:

curl: (22) The requested URL returned error: 401 Unauthorized

Line 27:

mypackage = callPackage <mypackage.nix> {

fetchurl = fetchurlBoot;

fetchurl = stdenv.fetchurlBoot;

};

</syntaxHighlight>

Line 39:

The proxy itself can be set via the environment variables <code>HTTP_PROXY</code> and <code>HTTPS_PROXY</code>.

== Dynamic generation of netrc files ==

Sometimes you have to deal with dynamically short-lived tokens that must be generated on the fly. The above options do not cover this, so the best way forward is to use `fetchurl`'s `netrcPhase` option:

newPkgs = pkgs.extend (

final: prev: {

fetchurl =

args:

(prev.fetchurl.override {

inherit (pkgs) cacert; # required to avoid infrec

})

(

args

// {

netrcPhase =

# do stuff here to get credentials

BAR=\'\'$(dynamic-shell-script)

cat > netrc <<EOF

machine foobar

login FOO

password \'\'$BAR

EOF

'';''

}

);

}

);

now any fetch in newPkgs will dynamically generate tokens with `fetchurl`.

[[Category:Networking]]

@@ Line 1: / Line 1: @@
-When trying to use Nix and NixOS in corporations there are a number of issues one will run into. This page tries to provide a solution to each of these issues.
+When trying to use Nix and NixOS in corporations there are a number of issues one will run into normally because of networking restrictions. This page tries to provide a solution to each of these issues.
 == Private resources ==
@@ Line 7: / Line 7: @@
 === fetchurl ===
-<code>fetchurl</code> is used to retrieve HTTP resources, but is also used by <code>fetchFromGithub</code>. For private resources this will usually result in an error like the following:
+<code>fetchurl</code> is used to retrieve HTTP resources, but is also used by <code>fetchFromGitHub</code>. For private resources this will usually result in an error like the following:
   curl: (22) The requested URL returned error: 401 Unauthorized
@@ Line 27: / Line 27: @@
 <syntaxHighlight lang=nix>
 mypackage = callPackage <mypackage.nix> {
-   fetchurl = fetchurlBoot;
+   fetchurl = stdenv.fetchurlBoot;
 };
 </syntaxHighlight>
@@ Line 39: / Line 39: @@
 The proxy itself can be set via the environment variables <code>HTTP_PROXY</code> and <code>HTTPS_PROXY</code>.
+== Dynamic generation of netrc files ==
+Sometimes you have to deal with dynamically short-lived tokens that must be generated on the fly. The above options do not cover this, so the best way forward is to use `fetchurl`'s `netrcPhase` option:
+ newPkgs = pkgs.extend (
+    final: prev: {
+      fetchurl =
+        args:
+        (prev.fetchurl.override {
+          inherit (pkgs) cacert; # required to avoid infrec
+        })
+          (
+            args
+            // {
+              netrcPhase =
+                # do stuff here to get credentials
+                BAR=\'\'$(dynamic-shell-script)
+                cat > netrc <<EOF
+                machine foobar
+                        login FOO
+                        password \'\'$BAR
+                EOF
+              '';''
+            }
+          );
+    }
+  );
+now any fetch in newPkgs will dynamically generate tokens with `fetchurl`.
+[[Category:Networking]]