The basic problem I have is that I’m trying to use private repositories as dependencies in Nix Flakes.
Specifically, I’m trying to build an EC2 webserver using static web files compiled into a Nix derivation with Flakes, that then gets used in a Nix Flakes NixOS definition. While this builds fine on my computer, because I’ve set SSH keys for GitHub and am using a SSH link, I’m not sure how best to successfully deploy it.
A few ideas I’ve had:
- make the repository public (not ideal, but possible)
- hard-code ssh keys into the nixos config (no, insecure)
- Set up a private flake registry (complex, but possibly workable)
- Write ansible/ssh scripts to deploy NixOS and create SSH keys (probably easiest, but a bit of work and additional layer of complexity)
Edit: It’s kinda a hack, but I ended up just building the web site locally and pushing it and the NixOS config via
scp. Not ideal though, so I’m still definitely looking into these recommendations