When trying to run nixos-rebuild switch with a --target-host I get this error
copying path '/nix/store/h1v5xdkmhgyggsfbm42q205svwvkiy6j-nginx.conf' to 'ssh://mercury2'...
error: cannot add path '/nix/store/h1v5xdkmhgyggsfbm42q205svwvkiy6j-nginx.conf' because it lacks a signature by a trusted key
error: unexpected end-of-file
Looking around the discourse/GitHub the recommended solution is to add myself to trusted-users in nix.conf, but I have done this and receive the same error.
You have to tell it to log in as a trusted user (e.g. --target-host root@machine), or configure a secret-key-files in /etc/nix.conf so that derivations are signed before being copied over (in which case the target host needs the public key in its trusted-public-keys).
You should be aware that trusted users (at least on NixOS) have essentially password-less root access, because they can import and “repair” store paths with unsigned NARs.