Best way to run `nixos-rebuild switch` to remote host on slow network

I am very new to nix/nixos, I like it a lot so far, but I’m still trying to figure things out.
I have setup a remote server with various services, which works nicely (bare metal machine hosted in a datacenter). This is not a config question :slight_smile: I am currently working remotely on a slow network (4g that works, but is weak).

I have been updating/rebuilding my server with:

  • nixos-rebuild switch --flake ./cloud#mynixserver --target-host "root@<server_ip>" or
  • nixos-rebuild switch --flake ./cloud#mynixserver --build-host "root@<server_ip>" --target-host "root@<server_ip>"

I am not cross compiling, both systems are x86_64 (but my laptop runs debian, I haven’t switched to nixos there yet).
Both work fine when I’m at home on a fast fiber network, but when on slow network, I almost invariably get network errors like:

error:
       … writing file '/nix/store/z76vsdh69cvwkwhwg69k7d1znwjmx6hf-bash52-005'

       error: unable to download 'https://ftpmirror.gnu.org/bash/bash-5.2-patches/bash52-005': Timeout was reached (28)

or

copying path '/nix/store/9wzpv02xw4arax92g3wbwjri2nqx6y08-busybox-static-x86_64-unknown-linux-musl-1.36.1' to 'ssh://root@<server_ip>'...
error: writing to file: Broken pipe

These sometimes happen after 20+ minutes of building/copying, which is quite frustrating.

My impression is that despite setting build-host and target-host to the remote machine, there is still a lot of download/upload to and from my laptop. I was hoping to find a way to just upload the config files to the remote machine, and let it do all the heavy lifting, so that my laptop’s connection is only used for a few kB, not thousands of MB.
I guess I could ssh into the remote machine and run nixos-rebuild --switch there, but is there a way to do this with nixos-rebuild from my laptop, or do I need another deployment tool?

Thanks for any tips!

afaik eval happens locally even with build/target-host set, so ssh’ing might get you better results.

@waffle8946 Thank you for your feedback (sorry, I seem to never have hit “send” on this message)! Is there a “best practice” way to do that? My config is in a repo that holds nix config for a few machines.