Which commands are required for remote switch?

If you don’t mind actually typing out a password occasionally, you can use export NIX_SSHOPTS="-t" (ideally in a devShell so you don’t forget) to work around the bug that --use-remote-sudo doesn’t launch a proper TTY to type your password into.

If you really insist on nopasswd, the nixos-rebuild script isn’t too hard to reverse-engineer, just anything called using targetHostCmd here: https://github.com/NixOS/nixpkgs/blob/44174de622d458623d5042c756c8d7cb351d9a78/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh

You’d specify the commands in security.sudo.extraRules.*.commands. I don’t think it’s guaranteed that those commands stay stable, though, so make sure you have an escape hatch somewhere.

Or if you’d like to over-engineer, parse nixos-rebuild during the build, so your commands are always up-to-date?

1 Like