A while ago I wrote an article about how to install NixOS with encrypted ZFS on a netcup.de root server. Since writing this article I have been able to gain some experience running NixOS on my servers.

While updating from NixOS from 20.03 to 20.09, boot.initrd.network.ssh.hostECDSAKey became deprecated. It now uses OpenSSH instead of Dropbear. Luckily, the solution is is provided right in the error message:

If you want to keep your existing initrd SSH host keys, convert them with

$ dropbearconvert dropbear openssh dropbear*host*$type_key ssh_host_$type_key

and then set options.boot.initrd.network.ssh.hostKeys.

So the actual command I ran was

$ dropbearconvert dropbear openssh /var/dropbear/initrd-ssh-key /var/ssh/ssh_host_rsa_key

With this new key available, configuration.nix can be updated accordingly

...
boot.initrd.network = {
  ...
  ssh = {
    ...
    hostKeys = [ "/var/ssh/ssh_host_rsa_key" ];
    ...
  };
  ...
};
...