I expect I’m missing something in my configuration, or some symlink somewhere that would allow Docker to find ssh where it expects it to be. I’m hoping someone here is more familiar with docker/ssh on NixOS and can help me fix my ability to pull from private GitHub repositories.
When trying to build an image for a private repo, I get an error like the following:
docker build git@github.com:<org>/<repo>.git --ssh default
=> ERROR [internal] load git source git@github.com:<org>/<repo> 0.0s
------
> [internal] load git source git@github.com:<org>/<repo>.git:
0.029 ssh -F /dev/null -o UserKnownHostsFile=/var/lib/docker/tmp/2678581424: line 1: ssh: command not found
0.024 fatal: Could not read from remote repository.
0.024
0.024 Please make sure you have the correct access rights
0.024 and the repository exists.
------
ERROR: failed to solve: failed to read dockerfile: failed to load cache key: error fetching default branch for repository git@github.com:<org>/<repo>.git: exit status 128
I actually need it for maintaining a docker-compose setup, but this is the simplest thing that reproduces the error.
- This is docker itself attempting to use ssh agent forwarding via BuildKit, not a container just not having ssh installed.
- This seems to be a different error from ones many people seem to get for ssh agent forwarding not doing the interactive login process.
- Adding keys with
ssh-add
doesn’t fix the issue. -
ssh: command not found
seems to suggest it can’t locate it, but I can’t figure out where it’s looking.ssh
is installed for all users viaservices.openssh.enable
in configuration.nix, is on my$PATH
, and otherwise works fine;which ssh
returns/run/current-system/sw/bin/ssh
. -
systemctl status sshd.service
shows that it’s running, listening on port 22. -
$SSH_AUTH_SOCK
points to/run/user/1000/ssh-agent
, which does exist.
I think the only things in my configuration that are relevant are:
services.openssh.enable = true;
programs.ssh.startAgent = true;
virtualisation.docker = {
enable = true;
enableOnBoot = true;
logDriver = "json-file";
};
nix-info -m
:
- system: `"x86_64-linux"`
- host os: `Linux 6.8.4, NixOS, 24.05 (Uakari), 24.05.20240406.ff0dbd9`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.18.2`
- channels(root): `"nixos"`
- nixpkgs: `/nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source`
docker version
:
Client:
Version: 24.0.5
API version: 1.43
Go version: go1.22.1
Git commit: v24.0.5
Built: Thu Jan 1 00:00:00 1970
OS/Arch: linux/amd64
Context: default
Server:
Engine:
Version: 24.0.5
API version: 1.43 (minimum version 1.12)
Go version: go1.22.1
Git commit: v24.0.5
Built: Tue Jan 1 00:00:00 1980
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.7.14
GitCommit: v1.7.14
runc:
Version: 1.1.8
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
ssh -V
:
OpenSSH_9.7p1, OpenSSL 3.0.13 30 Jan 2024
Thanks in advance for any help.