Trusting the remote store of my own machines ("because it lacks a signature by a trusted key")

Hi everyone. I am trying to copy a big derivation from one of my machines, but get a complaint:

nix copy --from ssh-ng://$(tailscale ip -4 vno1-oh2)?trusted=true /nix/store/dgr3f918x09nblmvmfm66794p0qsfysc-qgis-ltr-unwrapped-3.34.7.drv^* |& nom

copying 1 paths...
copying path '/nix/store/l2cwymkz5hh4987b2gzhm2qwp417mhln-qgis-ltr-unwrapped-3.34.7' from 'ssh-ng://'...
error: cannot add path '/nix/store/l2cwymkz5hh4987b2gzhm2qwp417mhln-qgis-ltr-unwrapped-3.34.7' because it lacks a signature by a trusted key
  1. I am happy to add the trusted key of the machine to nix.conf – but how do I figure out the trusted key?
  2. How come ?trusted=true does not work? ssh-ng options seem to imply ?trusted=true should work, but alas.
  3. Also tried nix copy --no-require-sigs, no avail.
  4. I tried adding the SSH pubkey to trusted keys (trusted-public-keys = ip:pubkey), also no avail.

How can I make my machine trust my other machine? :slight_smile:

This seems to have worked:

nix-copy-closure --from $(tailscale ip -4 vno1-oh2) /nix/store/l2cwymkz5hh4987b2gzhm2qwp417mhln-qgis-ltr-unwrapped-3.34.7