Accessing a private GitHub repo using builtins.fetchGit?

I have a custom package defined in my nixOS config. I can’t get builtins.fetchGit to access a private GitHub repo running nixOS 23.05. This previously worked with nixOS 22.11.

  src = builtins.fetchGit {
    url = "ssh://";
    ref = "main";
    rev = "commithash";
    allRefs = true;

nixos-rebuild fails with this message: Permission denied (publickey).
fatal: Could not read from remote repository.

ssh -T works…
so does git clone ssh://
I can also run nix profile install .#mypackage and it works.

So why can’t I install/build via nixos-rebuild?

Running nixOS 23.05, and my SSH config ~/.ssh is proper, and I’m also using an SSH_AUTH_SOCK that has SSH access to GitHub.

Just now realizing that I run:

sudo nixos-rebuild switch --flake ~/.nix-config/#

Running as sudo isn’t going to use the ~/.ssh/ config, but instead /root/.ssh. I put my key in /root/.ssh and this is fixed, but I guess I should ask: what’s the recommended approach for downloading private repos during a nixos-rebuild? Should nixos-rebuild run as sudo?

NixOS manual doesn’t mention running sudo when using nixos-install or nixes-rebuild… Hmm.

1 Like