Remotely deploying NixOS configuration using SSH Jump Host

Published by Philipp Schuster on

nixos-rebuild --target-host <user@host> is a powerful tool to remotely deploy a NixOS configuration. However, there are scenarios where you can’t reach a machine directly but need an SSH jump host.

Suppose you want to deploy to the host 192.168.124.42, which is only reachable from the host ssh-gate. Then your nixos-rebuild invocation might look as follows:

NIX_SSHOPTS="-J user1@ssh-gate" nixos-rebuild switch --flake ".#target-host" \
      --target-host "user2@192.168.124.42" \
      --use-remote-sudo \
      --use-substitutes \
      --verbose

It’s simple as that. Using -J <jumphost> option (see man page), we instruct SSH to find the right remote via the jump host.

Categories: Programming & DevOps
Tags:

Philipp Schuster

Hi, I'm Philipp and interested in Computer Science. I especially like low level development, making ugly things nice, and de-mystify "low level magic".

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Archer TX20U Nano
Programming & DevOps

Enabling TP-Link Archer TX20U Nano on NixOS and Linux 6.12

Recently, I’ve bought a TP-Link Archer TX20U Nano WiFi USB dongle (vendor website) for my desktop PC. The driver for Windows is provided by the stick itself, as it exposes a storage volume with the Read more…

Programming & DevOps

Live-Migration of QEMU/KVM VMs with libvirt: Command Cheat Sheet and Tips

Since recently, I am working with libvirt to perform live-migration VMs with QEMU/KVM VMs (QEMU as VMM and KVM as hypervisor). A few things were not very clear nor well documented. Therefore, I’d like to Read more…

Programming & DevOps

Configure a systemd Service to Perform Side Effects and Corresponding Cleanup

Problem and Motivation For a Linux-based demo setup, I need certain side effects and corresponding cleanup steps every time the system boots or relevant system configuration changes. I’m using NixOS, and systemd is the easiest Read more…