feat: add minimall nixos installation

flake.nix

@@ -33,7 +33,7 @@
                 #to set user login password
                 passwd_hash=$(mkpasswd -m sha-512  2>/dev/null)
                 cd /mnt/etc/nixos/Flakes 
-                sed -i "/initialHashedPassword/c\ \ \ \ initialHashedPassword\ =\ \"$passwd_hash\";" ./hosts/laptop/{wayland,x11}/default.nix
+                sed -i "/initialHashedPassword/c\ \ \ \ initialHashedPassword\ =\ \"$passwd_hash\";" ./hosts/{laptop,laptop_minimal}/{wayland,x11}/default.nix
                 read -p  "device name: " -r device
                 nixos-install --no-root-passwd --flake .#"$device"
               '';
@@ -83,8 +83,8 @@
                 mount -o bind /mnt/nix/persist/etc/nixos /mnt/etc/nixos
                 nixos-generate-config --no-filesystems --root /mnt
                 cd /mnt/etc/nixos 
-                cp hardware-configuration.nix "$FLAKE_ROOT"/hosts/laptop/hardware-configuration.nix 
-                sed -i 's/imports\ =/imports\ = [(import\ .\/disko_layout\/multi-device-luks.nix\ {})]++/g' "$FLAKE_ROOT"/hosts/laptop/hardware-configuration.nix
+                cp hardware-configuration.nix "$FLAKE_ROOT"/hosts/{laptop,laptop_minimal}/hardware-configuration.nix 
+                sed -i 's/imports\ =/imports\ = [(import\ .\/disko_layout\/multi-device-luks.nix\ {})]++/g' "$FLAKE_ROOT"/hosts/{laptop,laptop_minimal}/hardware-configuration.nix
                 cp -r "$FLAKE_ROOT" /mnt/etc/nixos  
                 lsblk
               '';

hosts/default.nix

@@ -56,5 +56,18 @@ in
       }
     ];
   };
+  laptop-minimal = lib.nixosSystem {
+    # Laptop-minimal profile
+    inherit system;
+    specialArgs = { inherit inputs user; };
+    modules = [
+      ./laptop-minimal
+    ] ++ [
+      ./system.nix
+    ] ++ [
+      inputs.impermanence.nixosModules.impermanence
+      inputs.disko.nixosModules.disko
+    ];
+  };
 
 }

hosts/laptop/wayland/default.nix

@@ -41,9 +41,9 @@
     supportedFilesystems = [ "ntfs" ];
     kernelPackages = pkgs.linuxPackages_xanmod_latest;
     loader = {
+      bootspec.enable = true;
       systemd-boot = {
-        enable = lib.mkForce false; #lanzaboote
-        # enable = true;
+        enable = (lib.mkIf config.boot.lanzaboote.enable) lib.mkForce false; #lanzaboote
         consoleMode = "auto";
       };
       efi = {
@@ -52,7 +52,6 @@
       };
       timeout = 3;
     };
-    bootspec.enable = true;
     lanzaboote = {
       enable = true;
       pkiBundle = "/etc/secureboot";

hosts/laptop/x11/default.nix

@@ -39,9 +39,9 @@
     supportedFilesystems = [ "ntfs" ];
     kernelPackages = pkgs.linuxPackages_xanmod_latest;
     loader = {
+      bootspec.enable = true;
       systemd-boot = {
-        enable = lib.mkForce false; #lanzaboote
-        # enable = true;
+        enable = (lib.mkIf config.boot.lanzaboote.enable) lib.mkForce false; #lanzaboote
         consoleMode = "auto";
       };
       efi = {
@@ -50,7 +50,6 @@
       };
       timeout = 3;
     };
-    bootspec.enable = true;
     lanzaboote = {
       enable = true;
       pkiBundle = "/etc/secureboot";

hosts/laptop_minimal/default.nix

@@ -0,0 +1,114 @@
+{ config, pkgs, user, inputs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  users.mutableUsers = false;
+  users.users.root = {
+    initialHashedPassword = "$6$4lwj3AGq8M9CQE2.$q8cNPghWHTl/dfE0dMPm2vsh0cMpY2gWxw91/Uadi8jShbvUHJJu3Jg0CvSpqrlEB7a3kvWDf/p2CI3mSqP1c/";
+  };
+  users.users.${user} = {
+    initialHashedPassword = "$6$4lwj3AGq8M9CQE2.$q8cNPghWHTl/dfE0dMPm2vsh0cMpY2gWxw91/Uadi8jShbvUHJJu3Jg0CvSpqrlEB7a3kvWDf/p2CI3mSqP1c/";
+    # shell = pkgs.fish;
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    packages = (with pkgs; [
+    ]) ++ (with config.nur.repos;[
+      # linyinfeng.icalingua-plus-plus
+      # linyinfeng.wemeet
+    ]);
+  };
+  boot = {
+    supportedFilesystems = [ "ntfs" ];
+    kernelPackages = pkgs.linuxPackages_xanmod_latest;
+    loader = {
+      systemd-boot = {
+        enable = true;
+        consoleMode = "auto";
+      };
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+      timeout = 3;
+    };
+    kernelParams = [
+      "quiet"
+      "splash"
+    ];
+    consoleLogLevel = 0;
+    initrd.verbose = false;
+  };
+
+  environment = {
+    persistence."/nix/persist" = {
+      directories = [
+        "/etc/nixos" # bind mounted from /nix/persist/etc/nixos to /etc/nixos
+        "/etc/NetworkManager/system-connections"
+        "/etc/v2raya"
+        "/etc/secureboot"
+        "/var/log"
+        "/var/lib"
+      ];
+      users.${user} = {
+        directories = [
+          "Downloads"
+          "Music"
+          "Pictures"
+          "Documents"
+          "Videos"
+          ".cache"
+          "Codelearning"
+          ".npm-global"
+          ".config"
+          ".thunderbird"
+          ".go-musicfox"
+          "Flakes"
+          "Kvm"
+          ".cabal"
+          { directory = ".gnupg"; mode = "0700"; }
+          { directory = ".ssh"; mode = "0700"; }
+          ".local"
+          ".mozilla"
+          ".emacs.d"
+        ];
+        files = [
+          ".npmrc"
+        ];
+      };
+    };
+    systemPackages = with pkgs; [
+    ];
+  };
+
+  services.xserver = {
+    xkbOptions = "caps:escape";
+  };
+  console.useXkbConfig = true;
+
+  services.xserver.libinput = {
+    enable = true;
+    touchpad.naturalScrolling = true;
+  };
+
+  services = {
+    getty.autologinUser = "${user}";
+  };
+
+  security.sudo = {
+    enable = false;
+    extraConfig = ''
+      ${user} ALL=(ALL) NOPASSWD:ALL
+    '';
+  };
+  security.doas = {
+    enable = true;
+    extraConfig = ''
+      permit nopass :wheel
+    '';
+  };
+
+}

hosts/laptop_minimal/disko_layout

@@ -0,0 +1 @@
+../laptop/disko_layout

hosts/laptop_minimal/hardware-configuration.nix

@@ -0,0 +1,48 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "none";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=12G" "mode=755" ];
+    };
+
+  fileSystems."/nix" =
+    {
+      device = "/dev/disk/by-uuid/49e24551-c0e0-48ed-833d-da8289d79cdd";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/3C0D-7D32";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp65s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}