Adding railcar container module

[spacekookie]

Motivation for this change

The OCI container spec describes a simple way of creating a container with a config.json and a rootfs. These containers can be run by a container runner (such as runc or railcar) without having to rely on a daemon to manage containers outside of a NixOS config.

This PR adds two things

• A simple builder function that can create an OCI spec container in the nix-store
• A module to configure one particular container runner (railcar)

I also added documentation to the manual to explain how to use the underlying container-building function, so that other container runner modules can be added down the line.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Assured whether relevant documentation is up to date
• Fits CONTRIBUTING.md.

---

[alyssais]

First, a disclosure for other reviewers: I helped a bit with the development of this, especially in the initial exploration. With that in mind, I'm giving feedback on the code, but I won't be merging this, nor making any judgement about whether this should be in nixpkgs (though I'd hope it won't be controversial). I'll leave that to a fresh pair of eyes.

As for this review, it's mostly little niggly style stuff. There are a lot of comments but they're pretty trivial and nothing to worry about. :)

[Lassulus]

@GrahamcOfBorg eval

[Mic92]

Some updates regarding documentation.

[spacekookie]

I updated the documentation according to the given advice.

I also ended up removing os and arch from the docs. The options still exist in the module as I think it's important to expose them as they're part of the spec, but more work needs to be put into making them useful before they should be mentioned in the manual.

[alyssais]

This has been open for ages, and nobody has had any concerns, so I'm going to merge this in a couple of days if nothing comes up before then.

[spacekookie]

Woops

[spacekookie]

Ping @alyssais I changed the ociTools folder name

[edef1c]

I'm slightly unsure if having mounts be a list of attrsets is the right move… it's tempting to mirror the NixOS fileSystems option.

[cw789]

I'm looking forward to see ociTools within Nix.

[spacekookie]

Alright, it's been a while but I finally made some progress on this ✨

Mounts into an OCI container now use a similar declarative structure as filesystems, making it all a bit less boilerplate-y. I adjusted the railcar module and docs accordingly.

I kinda wanted to add a test for all this, but couldn't figure out how to make that work. I'd love to add one later, but also kinda just wanna see this merged 😬 So I'll do another PR at some point with tests (famous last words, I know)

[alyssais]

Tiny style things. We’re so close!!