make qcow image as small as possible

Author: IogaMaster

images/qcow.nix

@@ -1,30 +1,53 @@
 { lib, config, pkgs, modulesPath, ... }: {
   imports = [ "${toString modulesPath}/profiles/qemu-guest.nix" ];
+
+  formatAttr = lib.mkForce "qcow";
+
+  system.build.qcow = lib.mkForce
+    (import "${pkgs.path}/nixos/lib/make-disk-image.nix" {
+      inherit lib config pkgs;
+      diskSize = "auto";
+      memSize = "2048";
+      format = "qcow2";
+      partitionTableType = "legacy";
+      additionalSpace = "256M";
+      copyChannel = false;
+
+      postVM = ''
+        echo "Compressing final image with zstd..."
+        ${pkgs.qemu-utils}/bin/qemu-img convert -c -O qcow2 -o compression_type=zstd "$diskImage" "$out/nixos-minimal.qcow2"
+        rm "$diskImage"
+      '';
+    });
+
+  # Standard minimal ext4 filesystem
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos";
     autoResize = true;
     fsType = "ext4";
   };
-  boot.growPartition = true;
-  environment.systemPackages = [ pkgs.cloud-utils ];
 
-  system.build.qcow2 = import "${modulesPath}/../lib/make-disk-image.nix" {
-    inherit lib config pkgs;
-    diskSize = "auto";
-    additionalSpace = "512M";
-    format = "qcow2-compressed";
-    partitionTableType = "hybrid";
+  # Simplest bootloader for a "legacy" partition table
+  boot.loader.grub = {
+    enable = lib.mkForce true;
+    device = "/dev/vda";
+    efiSupport = lib.mkForce false;
   };
 
-  boot = {
-    kernelParams = [ "console=ttyS0" ];
-    loader = {
-      grub = {
-        device = lib.mkDefault "/dev/vda";
-        efiInstallAsRemovable = true;
-        efiSupport = true;
-      };
-      efi.canTouchEfiVariables = lib.mkForce false;
-    };
+  hardware.enableRedistributableFirmware = false;
+  fonts.fontconfig.enable = false;
+  systemd.network.wait-online.enable = false;
+  systemd.services.NetworkManager-wait-online.enable = false;
+  networking = {
+    usePredictableInterfaceNames = false;
+    interfaces.eth0.useDHCP = true;
+    dhcpcd.wait = "background";
   };
+  boot.initrd.availableKernelModules =
+    [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_ring" ];
+
+  # Minimize closure size
+  documentation.enable = false;
+  environment.defaultPackages = lib.mkForce [ ];
+  programs.command-not-found.enable = false;
 }

modules/home.nix

@@ -3,7 +3,6 @@ lib.mkModule args "home" {
   imports = [ inputs.hjem.nixosModules.default ];
   options = with lib;
     with lib.types; {
-      enable = lib.mkBoolOpt' true; # enabled by default
       files = mkOpt' attrs { };
       configFiles = mkOpt' attrs { };
       persist = mkOpt attrs { } "Files and directories to persist in the home";

modules/profiles/base.nix

@@ -2,7 +2,13 @@
 lib.mkModule args "ioga.profiles.base" {
   options.enable = lib.mkBoolOpt' true; # enable by default
   config = { cfg }: {
-    ioga.hardware = { networking.enable = true; };
+    ioga = {
+      services.ssh.enable = true;
+      hardware = { networking.enable = true; };
+    };
+    user.enable = true;
+    shell.enable = true;
+    home.enable = true;
 
     programs.dconf.enable = true;
     documentation.enable = false; # pretty big, use the internet

modules/secrets.nix

@@ -12,7 +12,6 @@
 
     nixpkgs.overlays = with inputs; [ vault-secrets.overlays.default ];
     environment.systemPackages = with pkgs; [
-      vault
       (vault-push-approle-envs inputs.self)
       (vault-push-approles inputs.self)
     ];

modules/services/ssh.nix

@@ -1,6 +1,5 @@
 { lib, colors, pkgs, ... }@args:
 lib.mkModule args "ioga.services.ssh" {
-  options.enable = lib.mkBoolOpt' true; # enabled by default
   config = { cfg }: {
     services.openssh = {
       enable = true;

modules/shell/default.nix

@@ -1,9 +1,5 @@
 { lib, pkgs, ... }@args:
 lib.mkModule args "shell" {
-  options = with lib;
-    with lib.types; {
-      enable = lib.mkBoolOpt' true; # enabled by default
-    };
   config = { cfg }:
     with lib;
     with lib.types; {

modules/user.nix

@@ -2,7 +2,6 @@
 lib.mkModule args "user" {
   options = with lib;
     with lib.types; {
-      enable = lib.mkBoolOpt' true; # enabled by default
       name = mkOpt' str "iogamaster";
       extraGroups =
         mkOpt (listOf str) [ ] "Groups for the user to be assigned.";