img/app: extract from appvm-{lynx,catgirl}

This patch introduces a generic application VM image.  It mounts a
filesystem containing the application, and then launches a "run"
script on that filesystem to start the application.  The Nix store on
the application filesystem is overlaid onto the generic Nix store, so
shared paths don't have to be duplicated in the application
filesystem.

The "appvm" image is part of the Spectrum system — it lives on the
root filesystem, not the user data partition.  Users of course have
the choice not to use the built in image if they don't want to, but
this gives us a default to use for future features like starting VMs
at runtime.

Individual application VMs are now defined in a single Nix file each,
using a VM builder function.  I expect this is how Nix-based VMs would
be defined in the user data partition, and then built with Nix into
Spectrum VM configurations.

The new top-level vm-lib directory is intended to be copied into user
Nix expressions that build VMs, and therefore has to be usable
standalone.  User-defined VMs should not do any path deduplication
with the system-provided base VM, so that the two can independently
update Nixpkgs.  But for VMs that are part of the system (which I
consider the pre-built VMs to be, even though they're currently on the
user data partition), we can safely deduplicate paths that we know to
be present in the base image.  So they go through vm/make-vm.nix,
which is a wrapper around vm-lib/make-vm.nix that does this
deduplication.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-7-hi@alyssa.is>

1 files changed, 1 insertions, 0 deletions

diff --git a/img/app/etc/ssl/certs/ca-certificates.crt b/img/app/etc/ssl/certs/ca-certificates.crt
new file mode 120000
index 0000000..42d8e23
--- /dev/null
+++ b/img/app/etc/ssl/certs/ca-certificates.crt
@@ -0,0 +1 @@
+/usr/share/ssl/certs/ca-bundle.crt
\ No newline at end of file