84dd897bcd
Enables migrating real services (config/cert dirs, stateless) to unikernels. Volume host dirs are copied into a per-VM staging tree mirroring guest paths; the ops config goes in the staging root with the top-level dirs in Dirs, so ops bakes them at the right absolute paths. (Staging is required — an absolute /srv MapDirs source makes ops descend into the agent's podman overlay storage and fail.) A component may set network = "user" to use QEMU user-mode NAT instead of the isolated bridge (Phase-1 networking for first migrations, before a gateway proxy). Verified: mcat (the MCIAS policy tester) deployed as a Nanos unikernel via 'mcp deploy', booting with its baked /srv/mcat config+certs, serving HTTPS verified against the platform CA, configured against MCIAS. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
24 KiB
24 KiB