Image building take 2

We want verity protected partitions as well as encrypted state/data along with verified boot.
This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨

https://github.com/petm5/nixlet/

modules/profiles/server.nix

@@ -0,0 +1,43 @@
+{
+  modulesPath,
+  ...
+}:
+{
+
+  imports = [
+    (modulesPath + "/profiles/minimal.nix")
+    ./network.nix
+  ];
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_unprivileged_port_start" = 0;
+  };
+
+  users.users."admin" = {
+    isNormalUser = true;
+    linger = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  environment.etc = {
+    subuid = {
+      text = "admin:100000:65536";
+      mode = "0644";
+    };
+
+    subgid = {
+      text = "admin:100000:65536";
+      mode = "0644";
+    };
+  };
+
+  services.openssh.enable = true;
+  system.image.sshKeys.enable = true;
+  system.image.sshKeys.keys = [
+    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln1"
+    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln2"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDx+7ZEJi7lUCAtoHRRIduJzH3hrpx4YS1f0ZxrJ+uW dln3"
+  ];
+
+  virtualisation.podman.enable = true;
+}