Basic NixOS System Management things to know about
Signing the packages in the store with a new key
Put the key in /etc/nix/nix.conf similar to this:
secret-key-files = /etc/nix/private-key
then run nix store sign --all to sign all the packages
at once.
To be able to remote rebuild, you can then add the public key to the remote computer’s nix.conf
trusted-public-keys = hostname:pubkeyyou can get the pubkey by running
nix key convert-secret-to-public < /etc/nix/private-key