From a1766125aabf918f4bc1ab998dfc7dcde1648958 Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Fri, 16 Feb 2024 10:06:59 +0800 Subject: [PATCH] feat: set proxy for nix-daemon only --- .../add-custom-cache-servers.md | 27 ++++++++-------- .../add-custom-cache-servers.md | 32 +++++++++---------- 2 files changed, 28 insertions(+), 31 deletions(-) diff --git a/docs/nixos-with-flakes/add-custom-cache-servers.md b/docs/nixos-with-flakes/add-custom-cache-servers.md index 2ebd2f4..9b9892b 100644 --- a/docs/nixos-with-flakes/add-custom-cache-servers.md +++ b/docs/nixos-with-flakes/add-custom-cache-servers.md @@ -225,31 +225,30 @@ In other words, you can use it like this: }; } ``` -## Using Local HTTP Proxy to Accelerate Package Downloads {#use-local-http-proxy-to-speed-up-nix-package-download} +## Using Local Proxy to Accelerate Package Downloads {#use-local-http-proxy-to-speed-up-nix-package-download} > Related: [roaming laptop: network proxy configuration - NixOS/nixpkgs](https://github.com/NixOS/nixpkgs/issues/27535#issuecomment-1178444327) While it has been mentioned earlier that a bypass route can completely solve the NixOS package download speed issue, configuring a bypass route is relatively cumbersome and often requires additional support from a software routing device. -Many users may prefer to directly accelerate package downloads through a locally running HTTP proxy. Here's how to set it up. +Many users may prefer to directly accelerate package downloads through a locally running HTTP/Sock5 proxy. Here's how to set it up. Directly using methods like `export HTTPS_PROXY=http://127.0.0.1:7890` in the terminal won't be effective because Nix does its work in a background process called `nix-daemon`, not directly in the terminal. -To enable `nix-daemon` to use a proxy, you need to modify its systemd configuration. Here's how: +nix-daemon is implemented in [nixpkgs/nixos/modules/services/system/nix-daemon.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/system/nix-daemon.nix#L184-L191), +It sets environment variables through the `systemd.services.nix-daemon.environment` option, and we can also use the same method to add proxy-related environment variables to the running environment of nix-daemon. Here's an example Module: -```bash -sudo mkdir /run/systemd/system/nix-daemon.service.d/ -cat << EOF >/run/systemd/system/nix-daemon.service.d/override.conf -[Service] -Environment="http_proxy=socks5h://localhost:7891" -Environment="https_proxy=socks5h://localhost:7891" -Environment="all_proxy=socks5h://localhost:7891" -EOF -sudo systemctl daemon-reload -sudo systemctl restart nix-daemon +```nix +{ + systemd.services.nix-daemon.environment = { + # socks5h mean that the hostname is resolved by the SOCKS server + https_proxy = "socks5h://localhost:7891"; + # https_proxy = "http://localhost:7890"; # or use http prctocol instead of socks5 + }; +} ``` -Using this approach, you might need to execute the above commands every time the system is restarted because the `/run` directory is a temporary file system that gets cleared upon a restart. +After deploying this configuration, you can use `sudo cat /proc/$(pidof nix-daemon)/environ | tr '\0' '\n'` to view all environment variables of the nix-daemon process and confirm whether the environment variable settings are effective. > You may encounter HTTP 403 errors when downloading from GitHub using some commercial or public proxies, such as [nixos-and-flakes-book/issues/74]](https://github.com/ryan4yin/nixos-and-flakes-book/issues/74), > You can try to solve this by changing the proxy server or setting [access-tokens](https://github.com/NixOS/nix/issues/6536) diff --git a/docs/zh/nixos-with-flakes/add-custom-cache-servers.md b/docs/zh/nixos-with-flakes/add-custom-cache-servers.md index d8913a7..5245eb1 100644 --- a/docs/zh/nixos-with-flakes/add-custom-cache-servers.md +++ b/docs/zh/nixos-with-flakes/add-custom-cache-servers.md @@ -210,10 +210,10 @@ Nix 提供了 [`extra-` 前缀](https://nixos.org/manual/nix/stable/command-ref/ "https://mirror.sjtu.edu.cn/nix-channels/store" # status: https://mirrors.ustc.edu.cn/status/ # "https://mirrors.ustc.edu.cn/nix-channels/store" - + "https://cache.nixos.org" ]; - + trusted-public-keys = [ # the default public key of cache.nixos.org, it's built-in, no need to add it here "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" @@ -229,32 +229,30 @@ Nix 提供了 [`extra-` 前缀](https://nixos.org/manual/nix/stable/command-ref/ } ``` -## 通过本地 HTTP 代理加速包下载 {#use-local-http-proxy-to-speed-up-nix-package-download} +## 通过本地代理加速包下载 {#use-local-http-proxy-to-speed-up-nix-package-download} > 参考了 Issue: [roaming laptop: network proxy configuration - NixOS/nixpkgs](https://github.com/NixOS/nixpkgs/issues/27535#issuecomment-1178444327) 虽然前面提到了,旁路由可以完全解决 NixOS 的包下载速度问题,但是旁路由的配置比较麻烦,而且经常需要额外的软路由设备支持。 -更多的用户会希望能直接通过本机运行的 HTTP 代理来加速包下载,这里介绍下怎么设置。 +更多的用户会希望能直接通过本机运行的 HTTP/Socks5 代理来加速包下载,这里介绍下怎么设置。 直接在 Terminal 中使用 `export HTTPS_PROXY=http://127.0.0.1:7890` 这类方式是无法生效的,因为 nix 实际干活的是一个叫 `nix-daemon` 的后台进程,而不是直接在 Terminal 中执行的命令。 -要让 nix-daemon 使用代理,需要修改它的 systemd 配置,方法如下: +nix-daemon 的实现代码是 [nixpkgs/nixos/modules/services/system/nix-daemon.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/system/nix-daemon.nix#L184-L191), +它通过 `systemd.services.nix-daemon.environment` 选项设置了环境变量,我们也能通过同样的手段来往 nix-daemon 的运行环境中添加代理相关的环境变量,一个示例 Module 如下: -```bash -sudo mkdir /run/systemd/system/nix-daemon.service.d/ -cat << EOF >/run/systemd/system/nix-daemon.service.d/override.conf -[Service] -Environment="http_proxy=socks5h://localhost:7891" -Environment="https_proxy=socks5h://localhost:7891" -Environment="all_proxy=socks5h://localhost:7891" -EOF -sudo systemctl daemon-reload -sudo systemctl restart nix-daemon +```nix +{ + systemd.services.nix-daemon.environment = { + # socks5h mean that the hostname is resolved by the SOCKS server + https_proxy = "socks5h://localhost:7891"; + # https_proxy = "http://localhost:7890"; # or use http prctocol instead of socks5 + }; +} ``` -使用此方案,每次重启系统可能都需要重新执行一遍上述命令,因为 `/run` 目录是临时文件系统,重启后会被清空。 +部署此配置后,可通过 `sudo cat /proc/$(pidof nix-daemon)/environ | tr '\0' '\n'` 查看 nix-daemon 进程的所有环境变量,确认环境变量的设置是否生效。 > 使用一些商用代理或公共代理时你可能会遇到 GitHub 下载时报 HTTP 403 错误([nixos-and-flakes-book/issues/74](https://github.com/ryan4yin/nixos-and-flakes-book/issues/74)), > 可尝试通过更换代理服务器或者设置 [access-tokens](https://github.com/NixOS/nix/issues/6536) 来解决。 -