Background
The problem I am trying to solve (and I am happy to take suggestions for different approaches) is to have a NixOS machine that I manage with users who can edit their own Home Manager configurations separately from the NixOS configuration. The method suggested to me elsewhere was to create a per-user git repository containing a user flake that can be both integrated into the system-wide flake setup as an input and used standalone by the relevant end user.
Setup
NixOS unstable
Flakes
Home Manager
System flake.nix
The system-wide flake.nix contains the following (the $VARIABLES are only to remove identifying information):
inputs = {
# ... SNIPPED IRRELEVANT STUFF
# Home Manager User Flakes
# $USER
user-$USER = {
url = "git+https://git.$REPOSITORY/$GIT-USER/user-$USER.git?ref=trunk";
inputs.nixpkgs.follows = "nixpkgs";
};
};
With this specific setup, I have to login with a username and password each time I want to update the input. If, however, I change the url to an ssh command and execute a nixos-rebuild, I get a failure related to permissions and my ssh key. A helpful person elsewhere suggested this was because sudo doesn’t have access to my user’s ssh keys, as I am executing nixos-rebuild with sudo.
- My assumption is that this won’t be an issue when updating through Home Manager as I don’t use
sudofor that. I have only tried this in the **system ** - If
sudonot having access to the user’s (my) ssh keys looks like a likely culprit, how can I (a) grant sudo access to user ssh keys or (b) otherwise solve the issue of not being able to access the git repository that is authenticated via ssh key?