I understand.
I have to say I’m not 100% happy with the --use-remote-sudo, both because of the password requirement not being upfront and mainly because this feels a bit hacky and I don’t want to rely on something that MIGHT change behaviour (I am not familiar with nix developement but I could understand if they changed it so that --use-remote-sudo required the remote to actually be a remote, to avoid misunderstandings).
As an alternative solution, I have tried symlinking both public and private keys from ~/.ssh to /root/.ssh and (unsurprisingly) it works (as in, it works when using sudo), and I’m 99% happy with this so I think I might stick to this. I have only checked out nh briefely and I might look into it more, thanks for the tip!
I now have a “working” setup that I’m almost happy with, but I would like to know how other people with private repos solve this issue, because in many sources they seem to propose either fetchGit or a flake input with flake = false as a it-just-works-out-of-the-box solution (for example these sources: [1], [2], though I’ve seen it mentioned here where they also suggest the /root/.ssh fix), which is not my experience.
I’d like to know how many other people with private repos have faced this issue, and how they solved it, because by the looks of it it seems like I’m the odd one.
Anyway, thanks for the help!