hosts: nixos: porthos: migrate to new host

OVH/Kimsufi are deprecating my current server by the end of the year. So
let's migrate to a new host.

This was more painful than initially planned, OVH introduced a change to
their rescue system which messes with the NixOS installation [1].

In the end I used a kexec image [2] to run the installation.

[1]: https://github.com/NixOS/nix/issues/7790
[2]: https://github.com/nix-community/nixos-images

hosts/nixos/porthos/boot.nix

@@ -3,15 +3,14 @@
 
 {
   boot = {
-    # Use the GRUB 2 boot loader.
+    # Use the systemd-boot EFI boot loader.
-    loader.grub = {
+    loader = {
-      enable = true;
+      systemd-boot.enable = true;
-      # Define on which hard drive you want to install Grub.
+      efi.canTouchEfiVariables = true;
-      device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P";
     };
 
     initrd = {
-      availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ];
+      availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
       kernelModules = [ "dm-snapshot" ];
     };
 

hosts/nixos/porthos/default.nix

@@ -16,11 +16,5 @@
   # Set your time zone.
   time.timeZone = "Europe/Paris";
 
-  # This value determines the NixOS release from which the default
+  system.stateVersion = "24.05"; # Did you read the comment?
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
 }

hosts/nixos/porthos/hardware.nix

@@ -1,5 +1,5 @@
 # Hardware configuration
-{ lib, modulesPath, ... }:
+{ modulesPath, ... }:
 
 {
   imports = [
@@ -11,9 +11,18 @@
     fsType = "ext4";
   };
 
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
   swapDevices = [
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  my.hardware = {
+    firmware = {
+      cpuFlavor = "intel";
+    };
+  };
 }

hosts/nixos/porthos/install.sh

@@ -3,7 +3,7 @@
 SWAP_SIZE=16GiB
 
 parted /dev/sda --script -- \
-    mklabel msdos \
+    mklabel gpt \
     mkpart primary 512MiB -$SWAP_SIZE \
     mkpart primary linux-swap -$SWAP_SIZE 100% \
     mkpart ESP fat32 1MiB 512MiB \
@@ -11,14 +11,24 @@ parted /dev/sda --script -- \
 
 parted /dev/sdb --script -- \
     mklabel gpt \
-    mkpart primary 0MiB 100%
+    mkpart primary 0% 100%
+parted /dev/sdc --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
+parted /dev/sdd --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
 
 mkfs.ext4 -L media1 /dev/sda1
 mkfs.ext4 -L media2 /dev/sdb1
+mkfs.ext4 -L media3 /dev/sdc1
+mkfs.ext4 -L media4 /dev/sdd1
 
 pvcreate /dev/sda1
 pvcreate /dev/sdb1
-vgcreate lvm /dev/sda1 /dev/sdb1
+pvcreate /dev/sdc1
+pvcreate /dev/sdd1
+vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
 lvcreate -l 100%FREE -n media lvm
 
 mkfs.ext4 -L nixos /dev/mapper/lvm-media
@@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3
 
 mount /dev/disk/by-label/nixos /mnt
 swapon /dev/sda2
+mkdir -p /mnt/boot
+mount /dev/disk/by-label/boot /mnt/boot
 
 apt install sudo
 useradd -m -G sudo setupuser
-# shellcheck disable=2117
-su setupuser
 
 cat << EOF
 # Run the following commands as setup user
-curl -L https://nixos.org/nix/install | sh
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
-. $HOME/.nix-profile/etc/profile.d/nix.sh
+. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
-nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
+nix profile install nixpkgs#nixos-install-tools
 sudo "$(which nixos-generate-config)" --root /mnt
 
 # Change uuids to labels
@@ -54,3 +64,6 @@ git crypt unlock
 
 nixos-install --root /mnt --flake '.#<hostname>'
 EOF
+
+# shellcheck disable=2117
+su setupuser

hosts/nixos/porthos/networking.nix

@@ -6,30 +6,17 @@
     hostName = "porthos"; # Define your hostname.
     domain = "belanyi.fr"; # Define your domain.
 
-
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+    # (the default) this is the recommended approach. When using systemd-networkd it's
-    # Per-interface useDHCP will be mandatory in the future, so this generated config
+    # still possible to use this option, but it's recommended to use it in conjunction
-    # replicates the default behaviour.
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    useDHCP = false;
+    useDHCP = true;
-
     interfaces = {
-      bond0.useDHCP = true;
+      eno1.useDHCP = true;
-      bonding_masters.useDHCP = true;
+      eno2.useDHCP = true;
-      dummy0.useDHCP = true;
-      erspan0.useDHCP = true;
-      eth0.useDHCP = true;
-      eth1.useDHCP = true;
-      gre0.useDHCP = true;
-      gretap0.useDHCP = true;
-      ifb0.useDHCP = true;
-      ifb1.useDHCP = true;
-      ip6tnl0.useDHCP = true;
-      sit0.useDHCP = true;
-      teql0.useDHCP = true;
-      tunl0.useDHCP = true;
     };
   };
 
   # Which interface is used to connect to the internet
-  my.hardware.networking.externalInterface = "eth0";
+  my.hardware.networking.externalInterface = "eno1";
 }

modules/home/ssh/default.nix

@@ -49,7 +49,7 @@ in
           };
 
           porthos = {
-            hostname = "91.121.177.163";
+            hostname = "37.187.146.15";
             identityFile = "~/.ssh/shared_rsa";
             user = "ambroisie";
           };

modules/nixos/services/wireguard/default.nix

@@ -13,7 +13,7 @@ let
     porthos = {
       clientNum = 1;
       publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ=";
-      externalIp = "91.121.177.163";
+      externalIp = "37.187.146.15";
     };
 
     # "Clients"