is there any fix for this that is relatively simple and declarative?
nixos-rebuild switch --flake .#server --target-host shaniag@<my-ip-is-here> --use-remote-sudo
building the system configuration...
copying 0 paths...
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
This marks the user as trusted with respect to operations on the nix store. It is not related to allowing the user to run sudo nixos-rebuild (or the sudo switch-to-configuration) without entering a password.
That just disables password checks for all commands. I probably wouldn’t recommend this to future readers (or you), see the other thread for less nuclear options. But hey, you know your security requirements best.