Remotely deploying NixOS configuration using SSH Jump Host

Published by Philipp Schuster on

nixos-rebuild --target-host <user@host> is a powerful tool to remotely deploy a NixOS configuration. However, there are scenarios where you can’t reach a machine directly but need an SSH jump host.

Suppose you want to deploy to the host 192.168.124.42, which is only reachable from the host ssh-gate. Then your nixos-rebuild invocation might look as follows:

NIX_SSHOPTS="-J user1@ssh-gate" nixos-rebuild switch --flake ".#target-host" \
      --target-host "user2@192.168.124.42" \
      --use-remote-sudo \
      --use-substitutes \
      --verbose

It’s simple as that. Using -J <jumphost> option (see man page), we instruct SSH to find the right remote via the jump host.

Categories: Programming & DevOps
Tags:

Philipp Schuster

Hi, I'm Philipp and interested in Computer Science. I especially like low level development, making ugly things nice, and de-mystify "low level magic".

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Programming & DevOps

Nix: How to Package a Shell Script

Nix with its ecosystem is amazing tooling and the library functions in nixpkgs provide great builders to package certain programs, scripts, and stuff. But in this jungle of options, it’s also sometimes not clear which Read more

Programming & DevOps

Live-Migration of QEMU/KVM VMs with libvirt: Insights, Cheat Sheet, Tips

Update: The original post is from November 2024. I updated the post in the meantime a couple of times to reflect my latest knowledge. During my work as virtualization engineer at Cyberus Technology, I work Read more

Programming & DevOps

Programmatically Start Long-Running Command via SSH in Background and Disconnect (and get the PID)

UPDATE: Turns out, I googled the wrong thing/keywords. There is a helpful answer on StackOverflow. It was surprisingly difficult to programmatically start a long-running command via SSH in background and disconnect the SSH session immediately. Read more