Client ssl auth or simple auth for private nix channels

[offlinehacker]

We would like to continous build all systems on central server (with hydra or with some other build system) and have private nix channel protected with client ssl auth or simple http auth is that possible?

[copumpkin]

👂

[rvl]

I just tested this.

1. Simple HTTP auth is possible by putting the username and password into the URL, in both nix.binaryCaches and nix.trustedBinaryCaches.
2. Client SSL auth (my preferred solution) is only possible by adding more curl options to scripts/download-from-binary-cache.pl.in and nix-daemon.nix. This has worked for me. I could possibly make pull requests. Only problem is that the Perl is currently being rewritten in C++.

[alexvorobiev]

I am using Artifactory for caching which requires both http authentication and custom SSL certificates. I described my configuration at https://discourse.nixos.org/t/uri-paths-in-substituters-and-hashed-mirrors/3877/2?u=alexv