Rebuild remote host without root

wpcarro · October 19, 2022, 5:38pm

I’m trying to rebuild a remote NixOS host, but I’m encountering permissions issues. I’m rebuilding the host “manually” (i.e. not using nixos-rebuild) because my monorepo setup is a bit unorthodox.

Currently this step fails with Permission denied:

$ ssh ci@$target 'nix-env --profile /nix/var/nix/profiles/system --set $system'
$ # note: ci is a member of trusted-users

How can I do this without using

$ nixos-rebuild --target-host ci@$target --use-remote-sudo switch

IOW what is --use-remote-sudo doing internally that I can replicate in my release script?

NobbZ · October 19, 2022, 7:06pm

nixos-rebuild is a pretty simple bash script.

Basically all what use-remote-sudo does, ist to prefix all remote commands with sudo rather than assuming that one will be connected as root.

wpcarro · October 19, 2022, 7:09pm

So it’s not possible to rebuild a host without root privileges? I could add ci to wheel and then prefix with sudo if that’s the recommended way.

NobbZ · October 19, 2022, 8:45pm

You can build, but activation requires elevated privileges.