nixos/nspawn-container: init a new nspawn-container profile

This shares a lot in common with the
<nixos/modules/virtualisation/nixos-containers.nix> infrastructure, but
is designed to behave like our `qemu-vm.nix` profile (provides a lot of
the same `virtualisation.*` options, produces a simple script you can
run).

This lays the groundwork to be able to rework the nixos test
infrastructure to allow for containers as well as qemu nodes. That work
isn't quite done yet, but if you want more context, you can see the
followup work in <https://github.com/applicative-systems/nixpkgs/compare/nspawn-container-profile...applicative-systems:nixpkgs:nixos-test-containers>.

Credit due to the [Clan.lol](https://clan.lol/) team for first
implementing this. I'm just cleaning it up and making it play nicely
with upstream.

To try it out, create a `demo.nix`:

```nix
let
  pkgs = import ./. { };
  mkContainer =
    {
      nodeNumber,
      vlans,
    }:
    pkgs.nixos (
      {
        config,
        modulesPath,
        pkgs,
        lib,
        ...
      }:
      let
        interfaces = lib.attrValues config.virtualisation.allInterfaces;

        # Automatically assign IP addresses to requested interfaces.
        assignIPs = lib.filter (i: i.assignIP) interfaces;
        ipInterfaces = lib.forEach assignIPs (
          i:
          lib.nameValuePair i.name {
            ipv4.addresses = [
              {
                address = "192.168.${toString i.vlan}.${toString nodeNumber}";
                prefixLength = 24;
              }
            ];
          }
        );
      in
      {
        imports = [ "${modulesPath}/virtualisation/nspawn-container" ];
        users.users.root.password = "";

        networking.hostName = "c${toString nodeNumber}";
        virtualisation.vlans = vlans;
        networking.interfaces = lib.listToAttrs ipInterfaces;

        environment.systemPackages = [ pkgs.neovim ];
        system.stateVersion = lib.trivial.release;
      }
    );
in
{
  container1 = mkContainer {
    nodeNumber = 1;
    vlans = [ 1 ];
  };
  container2 = mkContainer {
    nodeNumber = 2;
    vlans = [ 2 ];
  };
  container12 = mkContainer {
    nodeNumber = 12;
    vlans = [
      1
      2
    ];
  };
}
```

Build and run the machines in separate terminals (unfortunately,
`systemd-nspawn` requires `sudo`):

```console
$ sudo $(nix-build ./demo.nix -A container1.config.system.build.nspawn)/bin/run-c1-nspawn
$ sudo $(nix-build ./demo.nix -A container2.config.system.build.nspawn)/bin/run-c2-nspawn
$ sudo $(nix-build ./demo.nix -A container12.config.system.build.nspawn)/bin/run-c12-nspawn
```

You can log into this machines as `root`, and verify they can ping each
other:

`c1` can ping `c12`:

```
[root@c1:~]# ping 192.168.1.12 -c 1
PING 192.168.1.12 (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=0.164 ms
...
```

So can `c2`:

```
[root@c2:~]# ping 192.168.2.12
PING 192.168.2.12 (192.168.2.12) 56(84) bytes of data.
64 bytes from 192.168.2.12: icmp_seq=1 ttl=64 time=0.127 ms
```

0 files changed, 0 insertions, 0 deletions