Fetching a private derivation from git and building with nixos-generate

Nixos-generators does not work well with private repositories.

I have a git repository with a derivation. The repo is private. The derivation is not named default.nix, but rather somethingcustom.nix.

This means we can not build:

let thingrepo = builtins.fetchgit { url = "git@gitub.com:owner/repo.git"; rev = "..." };
    thing =  pkgs.callPackage (thingrepo + "/thingderivation.nix") {};
in {
   environment.systemPackages = [ thing ];

Because nixos-generate will fail with (see issue):

Host key verification failed.
fatal: Could not read from remote repository.

The only way forward seems to be to clone thingrepo outside of nix and callpackage the on-disk derivation. Is there a way to do this entirely in nix?