dotfiles icon indicating copy to clipboard operation
dotfiles copied to clipboard
verified publisher icon samhh

Deploy Nix config remotely

Open samhh opened this issue 3 years ago • 5 comments

I'd like to be able to do this:

# nixos-rebuild --flake ".#tentacool" --target-host sam@tentacool switch

It connects over SSH and starts copying until if fails with:

copying path '/nix/store/0ab7s7la2i4nkfa645prjn19lrx80r6y-linux-5.15.43-modules-shrunk' to 'ssh://sam@tentacool'...
error: cannot add path '/nix/store/0ab7s7la2i4nkfa645prjn19lrx80r6y-linux-5.15.43-modules-shrunk' because it lacks a valid signature

samhh avatar Jun 02 '22 17:06 samhh

There's a permissions error with --build-host localhost. There's --use-remote-sudo, however this doesn't appear to support doas.

samhh avatar Jun 03 '22 11:06 samhh

https://github.com/NixOS/nixpkgs/issues/169193#issuecomment-1107925258

samhh avatar Aug 24 '22 17:08 samhh

https://github.com/samhh/dotfiles/commit/a18deef88f4630b7e2b76a859f2cf9575b4c6c7d

The following now appears to work:

$ NIX_SSHOPTS="-t" nixos-rebuild switch --flake ".#tentacool" --target-host sam@tentacool --use-remote-sudo

The ssh -t bit was described here: https://discourse.nixos.org/t/which-commands-are-required-for-remote-switch/17936/2

Edit: This no longer works...

samhh avatar Aug 24 '22 18:08 samhh

Something declarative and which doesn't require entering the remote's password would be ideal.

samhh avatar Aug 24 '22 18:08 samhh

Another option is Cachix Deploy:

  • https://blog.cachix.org/posts/2022-07-29-cachix-deploy-public-beta/
  • https://discourse.nixos.org/t/cachix-deploy-public-beta/20641/5

samhh avatar Aug 31 '22 22:08 samhh

deploy-rs is worth trying again: https://github.com/serokell/deploy-rs/pull/207

samhh avatar May 27 '23 11:05 samhh

https://github.com/samhh/dotfiles/commit/8840013bac3f56ebe40af1439bb2046cef9f3355

samhh avatar Aug 05 '23 17:08 samhh