nixos containers: boot race condition around copying the host's resolv.conf with DHCP

[steveej]

Describe the bug

A clear and concise description of what the bug is.

Steps To Reproduce

Steps to reproduce the behavior:

1. set up a NixOS host with all default network settings (DHCP)
2. declare a NixOS container with all default network settings (share host's container namespace and copy it's resolv.conf) and with container.<name>.autoStart = true
3. reboot the host

4. observe the /etc/resolv.conf in the container even after the host's DHCP request has successfully populated the host's resolv.conf. compare host and container resolv.conf:

   [root@github-runner-host:~]# cat /etc/resolv.conf
   # Generated by resolvconf
   domain contaboserver.net
   nameserver 161.97.189.51
   nameserver 161.97.189.52
   options edns0
   
   [root@github-runner-host:~]# nixos-container run githubRunner0 cat /etc/resolv.conf
   # Generated by resolvconf
   options edns0
   options edns0

5. reboot the container and see the resolv.conf updated

   [root@github-runner-host:~]# nixos-container restart githubRunner0
   
   [root@github-runner-host:~]# nixos-container run githubRunner0 cat /etc/resolv.conf
   # Generated by resolvconf
   domain contaboserver.net
   nameserver 161.97.189.51
   nameserver 161.97.189.52
   options edns0
   options edns0

Expected behavior

container has functional DNS resolving on first boot

Metadata

rev: 83b198a2083774844962c854f811538323f9f7b1

Workaround

tell systemd.nspawn to bind-mount the hosts's resolv.conf:

          extraFlags = [
            "--resolv-conf=bind-host"
          ];

[vincentbernat]

The workaround seems to work fine for me. It looks like it could be applied for everyone instead of copying /etc/resolv.conf on start.

[vincentbernat]

Related: #162686.