Little known (possibly unintended) feature, but you can put the `toplevel` attribute of a nixosSystem into docker image `contents`, which lets you use NixOS modules to set things up. Just be sure to import the minimal preset, because those images get large.
Unfortunately booting the entire system with /init is largely broken, especially without --privileged. This would be an amazing feature if it didn't require so much extra tinkering.
If you skip the docker and use systemd-nspawn automated by NixOS, that's just `containers.foo = { autoStart=true; ...; config = {config,pkgs}: { just another nixos config here }; };`
Unfortunately booting the entire system with /init is largely broken, especially without --privileged. This would be an amazing feature if it didn't require so much extra tinkering.