I ran into this error when trying to run `opendkim-genkey` in a vars
generator:
```console
=========================================================================== Command ===========================================================================
nix \
--extra-experimental-features 'nix-command flakes' \
shell \
--inputs-from /nix/store/9r3ddw80dz4qzci9pj57ppbh6gy2pgv9-clan-cli/lib/python3.12/site-packages/clan_cli/nixpkgs \
'nixpkgs#bash' \
'nixpkgs#bubblewrap' \
-c bwrap \
--unshare-all --tmpfs \
/ \
--ro-bind /nix/store \
/nix/store \
--dev /dev \
--bind /tmp/nix-shell.ClOjgJ/vars-kh4qrnas \
/tmp/nix-shell.ClOjgJ/vars-kh4qrnas \
--chdir / \
--bind /proc \
/proc \
--uid 1000 \
--gid 1000 \
-- bash \
-c /nix/store/p0089w4y1w3h535g7ipv4jl4r6mb2hs2-generator-dkim-playground.jflei.com.mail
=========================================================================== Stderr ============================================================================
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = (unset),
LC_NUMERIC = (unset),
LC_COLLATE = (unset),
LC_TIME = (unset),
LC_MESSAGES = (unset),
LC_MONETARY = (unset),
LC_ADDRESS = (unset),
LC_IDENTIFICATION = (unset),
LC_MEASUREMENT = (unset),
LC_PAPER = (unset),
LC_TELEPHONE = (unset),
LC_NAME = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Can't exec "/bin/sh": No such file or directory at /nix/store/nfawbww80p1hgpymfgq1vq8wqlak75yh-opendkim-2.11.0-Beta2/sbin/.opendkim-genkey-wrapped line 139.
.opendkim-genkey-wrapped: openssl died with signal %d
127
Return Code: 1
1 hosts failed with an error. Check the logs above
```
As we allow `/bin/sh` in the nix build sandbox, I assume we're OK
allowing it here as well?
... for now only when updating a machine (not when installing)
Whenever the user clicks on the update button in the machine view, and only if user input is needed for some missing vars, the user will be forwarded to a vars page.
Invalidation doesn't need to be done after each generator is executed.
We cannot interpolate values from other generators into another
generator. The generators are executed in order. The finalScript of each
generator stays constant.
After the complete closure is generated the caller of generate may
decide to invalidate the flake cache
* Switch `Generator`'s `validation` from a regular property to
an `@property` annotated method backed by `Machine`'s `eval_nix()`.
* Ensure that `Machine`'s flake cache is flushed after each
effectful generator execution (rather than only after all
generators have been executed).
