nixos/containers: add 'ephemeral' option

[uvNikita]

Motivation for this change

The new option allows defining completely ephemeral nixos containers that bootstrap themselves on each boot from scratch without leaving any artifacts after shutdown. Useful when all you want is to run stateless, nix-configured services. Some use cases include:

• reverse proxy
• stateless dns server
• gateway/router/firewall
• static web page
• nix-provisioned grafana (thanks to the recent changes from Grafana configuration #53874)

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

Notify maintainers

cc @grahamc @danbst @flokli @arianvp

[mmahut]

@uvNikita do you mind adding this test to all-tests.nix?

[uvNikita]

@mmahut sure, thanks for the input!

[mmahut]

@GrahamcOfBorg test containers-ephemeral

[mmahut]

Thank you for your contribution.

[nixos-discourse]

This pull request has been mentioned on Nix community. There might be relevant details there:

https://discourse.nixos.org/t/using-nixos-as-an-stateless-workstation/3081/17

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/ephemeral-containers-for-devs/9447/7