NixOS on Contabo

Published: 2024-02-26 Tags: nixos Category: Linux

Contabo is an EU-based VPS provider with reasonably affordable pricing. However, it does come with some compromises. The billing structure is monthly with a setup fee, making it more suitable for specific workloads. Another limitation is the limited official OS support, specifically the absence of NixOS as an option. Online resources on setting up NixOS on Contabo are scarce and can be clunky or outdated. Here's my approach that's hopefully easy to follow.

This is not necessarily the most automated way. One could use nix-infect in similar manner for example. But given the manual nature of creating Contabo VMs both on user and Contabo side, NixOS (re)installation is probably not going to be a regular occurrence worth automating. For more frequent NixOS deployment, using the paid custom images option might be more suitable. My approach here is a bit more ad-hoc.

Creating VPS🔗

There are many options available, this was tested with the cheapest VPS, so any of them should work. Just select whatever suits your needs. Here are few hints to help you a bit:

• I've picked the latest version of Ubuntu as OS. This does not really matter, but I chose this one in case Contabo sets some VM parameters based on OS selection. (they very likely don't)
• The root password for the VM does not matter at all, we're not going to use the provided OS.

Once happy with your selection, go through the checkout, payment and wait for the confirmation email from Contabo. It should contain assigned IPv4 and IPv6 address. (not to be confused with VNC IP, that's also provided - we won't use that here, but it might be handy for recovery in the future if you mess up your network configuration)

Entering rescue system🔗

Now that our VPS is ready, log into Contabo and head over to VPS control panel. It's not the flashiest of interfaces, but we only need it to start the rescue system. To access that, click the 💾 floppy disk icon in the Rescue system column for the VPS where you want to install the NixOS. If you have multiple VPS systems, pay attention to which one are you clicking on, otherwise you might end up rebooting (or even erasing) wrong server.

On the next screen leave the Rescue System Version on the default "Debian Rescue", it already has all the utilities we need. Enter or generate root password. We will need this one briefly, so write it down, but there's no need to keep it long-term.

Click Start Rescue System, it should be booted in a couple of minutes.

kexec into the NixOS installer🔗

Once the rescue system is accessible over SSH (it will be accessible on the same IP as you got assigned for your VPS earlier) we can continue starting NixOS installer system.

First, we need to add our public key to the authorized_keys list of the root user in rescue system. The most convenient way on Linux is by using ssh-copy-id on your desktop:

ssh-copy-id root@<IP of your system here>

You will be asked to enter the root password that you written down earlier.

Afterwards you should be able to ssh as root into the rescue system without entering password. So do just that. The SSH key functionality is rather important as the script we'll be executing makes sure the same key is also allowed to log into the NixOS installer system.

First download and extract the OS:

curl -L https://github.com/nix-community/nixos-images/releases/download/nixos-23.11/nixos-kexec-installer-noninteractive-x86_64-linux.tar.gz | tar -xzf- -C /root

You should be able to choose different version of NixOS if you'd like. Here I'm using 23.11.

And now, let's kexec into it:

/root/kexec/run

This will drop your current ssh session. (It will probably hang, you can terminate it with enter, followed by ~. key sequence) Give it a few seconds to start and you should be able to log into the NixOS installer system with the same ssh -l root <system IP> you used before. There's no password set which is why it was important you set your key correctly earlier.

There's also likely to be a different server key that you'll be warned about.

If everything went well, you have essentially booted into minimal ISO image on your VPS and you can continue installation just like you're used to. 🎊

NixOS configuration🔗

I will not bother guiding you through the installation, NixOS manual can take it from here. Besides you likely have your own flake ready, don't you?

So here's just couple helpful pointers for your *.nix files:

• The VPS is a VM so you should import qemu-related profile with couple reasonable defaults in your NixOS configuration:

  imports = [
    "${modulesPath}/profiles/qemu-guest.nix"
  ];
  

• VPS boots in Legacy (often referred to as BIOS mode) so you need to configure your system accordingly:

  boot.loader.grub = {
      enable = true;
      device = "/dev/sda";
  };
  

• It should get IPv4 via DHCP, but I would still recommend setting it statically. It's server after all and the IP does not change. You can find the details in Contabo console under IP Management. (configuration details are hidden under that little ℹ️ bubble on hover...)

  Here's sample config to help you write one:

  networking.useDHCP = false;
  systemd.network = {
      enable = true;
      networks."10-internet" = {
        matchConfig.MACAddress = "XX:XX:XX:XX:XX:XX"; # Interface MAC address here
        linkConfig.RequiredForOnline = "routable";
  
        address = [
            "198.51.100.99/24" # Your server IPv4 address here
            "2001:db8::1/64"   # Your server IPv6 address here
        ];
        routes = [
            {
              routeConfig = {
                  Gateway = "198.51.100.1"; # Your gateway address here
                  GatewayOnLink = true;
              };
            }
            {
              routeConfig = {
                  Gateway = "fe80::1"; # This should be correct as is
                  GatewayOnLink = true;
              };
            }
        ];
        dns = [
            "79.143.183.251"
            "79.143.183.252"
            "2a02:c207::1:53"
            "2a02:c207::2:53"
        ];
      };
  };
  

  The IPv6 Gateway and DNS setup is based on pretty dated tutorial provided by Contabo, but it still seems to be relevant. Read at least the Obtaining the necessary information part thoroughly as you might need to use different set of IPv6 DNS servers.

Fin🔗

At the end of the day, NixOS is quite usable on Contabo. I just wish there were fewer hoops to jump through.