img/app: extract from appvm-{lynx,catgirl}

This patch introduces a generic application VM image.  It mounts a
filesystem containing the application, and then launches a "run"
script on that filesystem to start the application.  The Nix store on
the application filesystem is overlaid onto the generic Nix store, so
shared paths don't have to be duplicated in the application
filesystem.

The "appvm" image is part of the Spectrum system — it lives on the
root filesystem, not the user data partition.  Users of course have
the choice not to use the built in image if they don't want to, but
this gives us a default to use for future features like starting VMs
at runtime.

Individual application VMs are now defined in a single Nix file each,
using a VM builder function.  I expect this is how Nix-based VMs would
be defined in the user data partition, and then built with Nix into
Spectrum VM configurations.

The new top-level vm-lib directory is intended to be copied into user
Nix expressions that build VMs, and therefore has to be usable
standalone.  User-defined VMs should not do any path deduplication
with the system-provided base VM, so that the two can independently
update Nixpkgs.  But for VMs that are part of the system (which I
consider the pre-built VMs to be, even though they're currently on the
user data partition), we can safely deduplicate paths that we know to
be present in the base image.  So they go through vm/make-vm.nix,
which is a wrapper around vm-lib/make-vm.nix that does this
deduplication.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-7-hi@alyssa.is>

24 files changed, 131 insertions, 0 deletions

diff --git a/img/app/etc/fstab b/img/app/etc/fstab
new file mode 100644
index 0000000..95bfe2b
--- /dev/null
+++ b/img/app/etc/fstab
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: CC0-1.0
+# SPDX-FileCopyrightText: 2020-2022 Alyssa Ross <hi@alyssa.is>
+proc		/proc		proc	defaults					0	0
+devpts		/dev/pts	devpts	defaults,gid=4,mode=620				0	0
+tmpfs		/dev/shm	tmpfs	defaults					0	0
+sysfs		/sys		sysfs	defaults					0	0
+LABEL=ext	/run/ext	ext4	ro						0	0
+store		/nix/store	overlay	ro,lowerdir=/nix/store:/run/ext/nix/store	0	0
diff --git a/img/app/etc/init b/img/app/etc/init
new file mode 100755
index 0000000..6424e22
--- /dev/null
+++ b/img/app/etc/init
@@ -0,0 +1,5 @@
+#!/bin/execlineb -s0
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+/bin/s6-linux-init -Bc /etc/s6-linux-init -- $@
diff --git a/img/app/etc/mdev.conf b/img/app/etc/mdev.conf
new file mode 100644
index 0000000..f114719
--- /dev/null
+++ b/img/app/etc/mdev.conf
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+
+-$MODALIAS=.* 0:0 660 +importas -iu MODALIAS MODALIAS modprobe -q $MODALIAS
+$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface
diff --git a/img/app/etc/mdev/iface b/img/app/etc/mdev/iface
new file mode 100755
index 0000000..d8ceda5
--- /dev/null
+++ b/img/app/etc/mdev/iface
@@ -0,0 +1,36 @@
+#!/bin/execlineb -P
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
+
+importas -i INTERFACE INTERFACE
+
+if { test $INTERFACE != lo }
+
+# Our IP is encoded in the NIC-specific portion of the interface's MAC
+# address.
+backtick -E LOCAL_IP {
+  awk -F: "{printf \"100.64.%d.%d\\n\", \"0x\" $5, \"0x\" $6}"
+  /sys/class/net/${INTERFACE}/address
+}
+
+if { ip address add ${LOCAL_IP}/32 dev $INTERFACE }
+if { ip link set $INTERFACE up }
+if { ip route add 169.254.0.1 dev $INTERFACE }
+if { ip route add default via 169.254.0.1 dev $INTERFACE }
+
+# Try to wait for the network to be up.
+# If we time out, well, there's not much we can do, so just carry on.
+# In future, it would be better if the network VM notified us about
+# network changes.
+foreground { printf "Waiting for network… " }
+foreground {
+  ifte { echo "Connected." } { echo "Timed out." }
+  pipeline { seq 10 }
+  forstdin _
+  if -n {
+    redirfd -w 2 /dev/null
+    wget -qT 6 -O /dev/null http://ipv4.connman.net/online/status.html
+  }
+}
+
+s6-rc -u change app
diff --git a/img/app/etc/passwd b/img/app/etc/passwd
new file mode 100644
index 0000000..29f3b25
--- /dev/null
+++ b/img/app/etc/passwd
@@ -0,0 +1 @@
+root:x:0:0:System administrator:/:/bin/sh
diff --git a/img/app/etc/passwd.license b/img/app/etc/passwd.license
new file mode 100644
index 0000000..2b3b032
--- /dev/null
+++ b/img/app/etc/passwd.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/etc/resolv.conf b/img/app/etc/resolv.conf
new file mode 100644
index 0000000..7fcdf3a
--- /dev/null
+++ b/img/app/etc/resolv.conf
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: CC0-1.0
+# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+
+nameserver 1.1.1.1
diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s6-linux-init/scripts/rc.init
new file mode 100755
index 0000000..b46afb7
--- /dev/null
+++ b/img/app/etc/s6-linux-init/scripts/rc.init
@@ -0,0 +1,11 @@
+#!/bin/execlineb -P
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2020-2022 Alyssa Ross <hi@alyssa.is>
+
+if { s6-rc-init -c /etc/s6-rc /run/service }
+
+if { mkdir -p /dev/pts /dev/shm }
+if { modprobe overlay }
+if { mount -a }
+
+s6-rc change ok-all
diff --git a/img/app/etc/s6-rc/app/run b/img/app/etc/s6-rc/app/run
new file mode 100755
index 0000000..2a628b7
--- /dev/null
+++ b/img/app/etc/s6-rc/app/run
@@ -0,0 +1,26 @@
+#!/bin/execlineb -P
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+
+export TERM foot
+export TERMINFO_DIRS /usr/share/terminfo
+export TMPDIR /run
+
+backtick USER { id -un }
+backtick HOME {
+  importas -i user USER
+  homeof $user
+}
+
+importas -i home HOME
+cd $home
+
+redirfd -u 0 /dev/hvc0
+fdmove -c 1 0
+fdmove -c 2 0
+
+foreground { clear }
+unexport ?
+
+foreground { /run/ext/run }
+exec -l sh
diff --git a/img/app/etc/s6-rc/app/type b/img/app/etc/s6-rc/app/type
new file mode 100644
index 0000000..5883cff
--- /dev/null
+++ b/img/app/etc/s6-rc/app/type
@@ -0,0 +1 @@
+longrun
diff --git a/img/app/etc/s6-rc/app/type.license b/img/app/etc/s6-rc/app/type.license
new file mode 100644
index 0000000..c49c11b
--- /dev/null
+++ b/img/app/etc/s6-rc/app/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/etc/s6-rc/mdevd-coldplug/dependencies b/img/app/etc/s6-rc/mdevd-coldplug/dependencies
new file mode 100644
index 0000000..59b02b7
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd-coldplug/dependencies
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: CC0-1.0
+# SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is>
+#
+mdevd
diff --git a/img/app/etc/s6-rc/mdevd-coldplug/type b/img/app/etc/s6-rc/mdevd-coldplug/type
new file mode 100644
index 0000000..bdd22a1
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd-coldplug/type
@@ -0,0 +1 @@
+oneshot
diff --git a/img/app/etc/s6-rc/mdevd-coldplug/type.license b/img/app/etc/s6-rc/mdevd-coldplug/type.license
new file mode 100644
index 0000000..2b3b032
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd-coldplug/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/etc/s6-rc/mdevd-coldplug/up b/img/app/etc/s6-rc/mdevd-coldplug/up
new file mode 100644
index 0000000..8698f7d
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd-coldplug/up
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
+
+mdevd-coldplug
diff --git a/img/app/etc/s6-rc/mdevd/notification-fd b/img/app/etc/s6-rc/mdevd/notification-fd
new file mode 100644
index 0000000..00750ed
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd/notification-fd
@@ -0,0 +1 @@
+3
diff --git a/img/app/etc/s6-rc/mdevd/notification-fd.license b/img/app/etc/s6-rc/mdevd/notification-fd.license
new file mode 100644
index 0000000..2b3b032
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd/notification-fd.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/etc/s6-rc/mdevd/run b/img/app/etc/s6-rc/mdevd/run
new file mode 100644
index 0000000..6dacb13
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd/run
@@ -0,0 +1,5 @@
+#!/bin/execlineb -P
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
+
+mdevd -D3
diff --git a/img/app/etc/s6-rc/mdevd/type b/img/app/etc/s6-rc/mdevd/type
new file mode 100644
index 0000000..5883cff
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd/type
@@ -0,0 +1 @@
+longrun
diff --git a/img/app/etc/s6-rc/mdevd/type.license b/img/app/etc/s6-rc/mdevd/type.license
new file mode 100644
index 0000000..2b3b032
--- /dev/null
+++ b/img/app/etc/s6-rc/mdevd/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/etc/s6-rc/ok-all/contents b/img/app/etc/s6-rc/ok-all/contents
new file mode 100644
index 0000000..c4ea84f
--- /dev/null
+++ b/img/app/etc/s6-rc/ok-all/contents
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: CC0-1.0
+# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+#
+mdevd-coldplug
diff --git a/img/app/etc/s6-rc/ok-all/type b/img/app/etc/s6-rc/ok-all/type
new file mode 100644
index 0000000..757b422
--- /dev/null
+++ b/img/app/etc/s6-rc/ok-all/type
@@ -0,0 +1 @@
+bundle
diff --git a/img/app/etc/s6-rc/ok-all/type.license b/img/app/etc/s6-rc/ok-all/type.license
new file mode 100644
index 0000000..c49c11b
--- /dev/null
+++ b/img/app/etc/s6-rc/ok-all/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/etc/ssl/certs/ca-certificates.crt b/img/app/etc/ssl/certs/ca-certificates.crt
new file mode 120000
index 0000000..42d8e23
--- /dev/null
+++ b/img/app/etc/ssl/certs/ca-certificates.crt
@@ -0,0 +1 @@
+/usr/share/ssl/certs/ca-bundle.crt
\ No newline at end of file