feat: enable conf/sys ext services and make /etc read-only without overlay

pkgs/image/mkimage.sh

@@ -12,23 +12,6 @@ find rootfs/ -type d -exec chmod 755 {} \;
 # set default target to multi-user
 ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
 
-# Overlay mount for /etc which makes it read-write in runtime
-cat <<EOF > rootfs/usr/lib/systemd/system/etc.mount
-[Unit]
-Description=Overlay mount for /etc
-Before=local-fs.target
-
-[Mount]
-What=overlay
-Where=/etc
-Type=overlay
-Options=lowerdir=/etc,upperdir=/run/.rw-etc/upper,workdir=/run/.rw-etc/work
-
-[Install]
-WantedBy=local-fs.target
-EOF
-ln -sf ../etc.mount rootfs/usr/lib/systemd/system/local-fs.target.wants/etc.mount
-
 # enable dbus
 ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
 ln -sf ../dbus.socket rootfs/usr/lib/systemd/system/sockets.target.wants/dbus.socket
@@ -40,8 +23,9 @@ ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.tar
 # enable default network config
 mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
 
-#FIXME: generate a temporary machine id (replace with overlay/confext later?)
-$systemd/usr/bin/systemd-machine-id-setup --root=rootfs/
+# enable confext/sysext services
+ln -sf ../systemd-confext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-confext.service
+ln -sf ../systemd-sysext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-sysext.service
 
 # install sys users
 mkdir creds