1_: {
 2  boot = {
 3    binfmt.emulatedSystems = [
 4      "armv6l-linux"
 5      "armv7l-linux"
 6      "aarch64-linux"
 7      "riscv32-linux"
 8      "riscv64-linux"
 9    ];
10
11    # On most distros, people use https://github.com/multiarch/qemu-user-static or
12    # https://github.com/tonistiigi/binfmt or https://github.com/dbhi/qus to setup
13    # binfmt_misc registrations with their kernel. This strategy works because in
14    # --privileged mode, docker containers can access the host filesystem via mounts.
15    # They ship with static builds of qemu-user, mount /proc/sys/fs/binfmt_misc,
16    # add registrations to it, and exit. Those binfmt_misc registrations have the F
17    # flag, so the kernel allocates file descriptors for the qemu binaries
18    # immediately upon registration. Now, when containers are created and the
19    # kernel comes across non-native binaries inside the chroot, instead of doing a
20    # path lookup for the qemu binary (which would obviously fail unless the qemu
21    # binary is added to the container manually), it simply uses the already-opened
22    # file descriptor for it. This requires the qemu binaries to be fully static, as
23    # any dynamic library lookups will obviously fail within the chroot/container.
24    # This article by the author of the binfmt_misc F flag explains everything really
25    # well: https://lwn.net/Articles/679308/
26    # Also see this StackOverflow answer: https://stackoverflow.com/a/72890225/11424968
27    binfmt.preferStaticEmulators = true;
28  };
29}