Drop macOS-specific remote-program param from nix copy command

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5693

devFlake/flake.lock

@@ -3,10 +3,10 @@
     "clan-core-for-checks": {
       "flake": false,
       "locked": {
-        "lastModified": 1762113984,
-        "narHash": "sha256-Gwah5F3ONMhvTYbsnJM4bAv0qcaI3wjz1Nq0rBGWVgo=",
+        "lastModified": 1761204206,
+        "narHash": "sha256-A4KDudGblln1yh8c95OVow2NRlHtbGZXr/pgNenyrNc=",
         "ref": "main",
-        "rev": "0f847b4799deee4a2c878ba69bda9c446fe16177",
+        "rev": "aabbe0dfac47b7cfbe2210bcb27fb7ecce93350f",
         "shallow": true,
         "type": "git",
         "url": "https://git.clan.lol/clan/clan-core"
@@ -105,11 +105,11 @@
     },
     "nixpkgs-dev": {
       "locked": {
-        "lastModified": 1762080734,
-        "narHash": "sha256-fFunzA7ITlPHRr7dECaFGTBucNiWYEVDNPBw/9gFmII=",
+        "lastModified": 1762168314,
+        "narHash": "sha256-+DX6mIF47gRGoK0mqkTg1Jmcjcup0CAXJFHVkdUx8YA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bc7f6fa86de9b208edf4ea7bbf40bcd8cc7d70a5",
+        "rev": "94fc102d2c15d9c1a861e59de550807c65358e1b",
         "type": "github"
       },
       "original": {

docs/site/guides/contributing/testing.md

@@ -150,10 +150,61 @@ Those are very similar to NixOS VM tests, as in they run virtualized nixos machi
 As of now the container test driver is a downstream development in clan-core.
 Basically everything stated under the NixOS VM tests sections applies here, except some limitations.
 
-Limitations:
+### Using Container Tests vs VM Tests
 
-- Cannot run in interactive mode, however while the container test runs, it logs a nsenter command that can be used to log into each of the container.
-- setuid binaries don't work
+Container tests are **enabled by default** for all tests using the clan testing framework.
+They offer significant performance advantages over VM tests:
+
+- **Faster startup**
+- **Lower resource usage**: No full kernel boot or hardware emulation overhead
+
+To control whether a test uses containers or VMs, use the `clan.test.useContainers` option:
+
+```nix
+{
+  clan = {
+    directory = ./.;
+    test.useContainers = true;  # Use containers (default)
+    # test.useContainers = false;  # Use VMs instead
+  };
+}
+```
+
+**When to use VM tests instead of container tests:**
+
+- Testing kernel features, modules, or boot processes
+- Testing hardware-specific features
+- When you need full system isolation
+
+### System Requirements for Container Tests
+
+Container tests require the **`uid-range`** system feature** in the Nix sandbox.
+This feature allows Nix to allocate a range of UIDs for containers to use, enabling `systemd-nspawn` containers to run properly inside the Nix build sandbox.
+
+**Configuration:**
+
+The `uid-range` feature requires the `auto-allocate-uids` setting to be enabled in your Nix configuration.
+
+To verify or enable it, add to your `/etc/nix/nix.conf` or NixOS configuration:
+
+```nix
+settings.experimental-features = [
+    "auto-allocate-uids"
+];
+
+nix.settings.auto-allocate-uids = true;
+nix.settings.system-features = [ "uid-range" ];
+```
+
+**Technical details:**
+
+- Container tests set `requiredSystemFeatures = [ "uid-range" ];` in their derivation (see `lib/test/container-test-driver/driver-module.nix:98`)
+- Without this feature, containers cannot properly manage user namespaces and will fail to start
+
+### Limitations
+
+- Cannot run in interactive mode, however while the container test runs, it logs a nsenter command that can be used to log into each of the containers.
+- Early implementation and limited by features.
 
 ### Where to find examples for NixOS container tests
 

flake.lock

@@ -115,10 +115,10 @@
     "nixpkgs": {
       "locked": {
         "lastModified": 315532800,
-        "narHash": "sha256-yDxtm0PESdgNetiJN5+MFxgubBcLDTiuSjjrJiyvsvM=",
-        "rev": "d7f52a7a640bc54c7bb414cca603835bf8dd4b10",
+        "narHash": "sha256-LDT9wuUZtjPfmviCcVWif5+7j4kBI2mWaZwjNNeg4eg=",
+        "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre871443.d7f52a7a640b/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre887438.a7fc11be66bd/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",

pkgs/clan-cli/clan_lib/machines/update.py

@@ -59,9 +59,7 @@ def upload_sources(machine: Machine, ssh: Host, upload_inputs: bool) -> str:
     if not has_path_inputs and not upload_inputs:
         # Just copy the flake to the remote machine, we can substitute other inputs there.
         path = flake_data["path"]
-        if machine._class_ == "darwin":
-            remote_program_params = "?remote-program=bash -lc 'exec nix-daemon --stdio'"
-        remote_url = f"ssh-ng://{remote_url_base}{remote_program_params}"
+        remote_url = f"ssh-ng://{remote_url_base}"
         cmd = nix_command(
             [
                 "copy",