caa: adjust peer-pod image to immutable /etc

packages/by-name/mkNixosConfig/package.nix

@@ -39,7 +39,6 @@ lib.makeOverridable (
           inherit (outerPkgs)
             azure-no-agent
             cloud-api-adaptor
-            kernel-podvm-azure
             pause-bundle
             nvidia-ctk-oci-hook
             nvidia-ctk-with-config

packages/nixos/azure.nix

@@ -55,7 +55,8 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    boot.kernelPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor pkgs.kernel-podvm-azure);
+    # TODO(burgerdev): find a recent kernel tailored for Azure.
+    boot.kernelPackages = pkgs.linuxPackages_latest;
 
     boot.initrd = {
       kernelModules = [

packages/nixos/peerpods.nix

@@ -97,6 +97,20 @@ in
         ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
       };
     };
+    # Contrary to bare-metal, a peer pod needs regular network access and DNS. The default setup
+    # with dhcpcd and resolvconf does not play well with the immutable /etc, so we use the full
+    # systemd stack instead.
+    networking.dhcpcd.enable = false;
+    systemd.network.enable = true;
+    networking.useNetworkd = true;
+    services.resolved.enable = true;
+
+    # The /etc/machine-id should be populated by systemd, but the immutable /etc seems to prevent
+    # that. However, systemd-networkd requires this file to exist, so we add an empty file which
+    # will then be bind-mounted over by systemd. Let's hope no important services are gated on
+    # first-boot.
+    # https://www.man7.org/linux//man-pages/man5/machine-id.5.html#FIRST_BOOT_SEMANTICS
+    environment.etc."machine-id".text = "uninitialized";
 
     environment.etc."kata-opa/default-policy.rego".source = pkgs.cloud-api-adaptor.default-policy;
   };