GitLab + OpenTofu + NixOS

Help
1

I am trying to use GitLab (gitlab.com SaaS, not self hosted) + OpenTofu to deploy a NixOS server on AWS.

I am using the opentofu CI template, this is the .gitlab-ci.yml:

include:
  - component: gitlab.com/components/opentofu/full-pipeline@3.7.0
    inputs:
      auto_define_backend: true
      base_os: "debian"
      root_dir: "./terraform"

stages: [validate, test, build, deploy, cleanup]

variables:
  AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
  AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}

before_script:
  - apt-get update && apt-get install -y nix
  - nix-channel --add https://nixos.org/channels/nixpkgs-unstable && nix-channel --update

I am using a Nixos 25.05 AWS image and the tweag deploy_nixos module to deploy:

module "deploy_nixos" {
  source          = "git::https://github.com/tweag/terraform-nixos.git//deploy_nixos?ref=646cacb12439ca477c05315a7bfd49e9832bc4e3"
  nixos_config    = "${path.module}/../nixos/configuration.nix"
  target_host     = aws_instance.myinstance.public_ip
  ssh_private_key = tls_private_key.mystatekey.private_key_pem
  ssh_agent       = false
}

And the nixos configuration:

{ modulesPath, lib, pkgs, config, ... }: {
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
  ];
  ec2.hvm = true;

  environment.systemPackages = with pkgs; [
    btop
    iftop
    git
    neofetch
    vim
  ];
}

However it runs into an error during the deploy stage:

╷
│ Error: local-exec provisioner error
│ 
│   with module.deploy_nixos.null_resource.deploy_nixos,
│   on .terraform/modules/deploy_nixos/deploy_nixos/main.tf line 190, in resource "null_resource" "deploy_nixos":
│  190:   provisioner "local-exec" {
│ 
│ Error running command 'ignoreme': exit status 1. Output: --- building on
│ deployer
│ don't know how to build these paths:
│   /nix/store/qgxnnxf3nyp8pjmk4pnzvbq45lq5qd99-nixos-system-unnamed-25.11pre871443.d7f52a7a640b.drv
│ error: cannot build missing derivation
│ '/nix/store/qgxnnxf3nyp8pjmk4pnzvbq45lq5qd99-nixos-system-unnamed-25.11pre871443.d7f52a7a640b.drv'
│ --- closing persistent ssh-connection
│ debug1: OpenSSH_10.0p2 Debian-7, OpenSSL 3.5.1 1 Jul 2025
│ debug1: Reading configuration data /etc/ssh/ssh_config
│ debug1: Reading configuration data
│ /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
│ debug1: /etc/ssh/ssh_config line 21: Applying options for *
│ debug1: auto-mux: Trying existing master at
│ '/tmp/tmp.mBG3RCgYga/ssh_control'
│ Control socket connect(/tmp/tmp.mBG3RCgYga/ssh_control): No such file or
│ directory
│ 
╵

The instance gets created but the error seems to occur during applying the nixos configuration.