fix installation cleanup,

disable ZFS hibernation (workaround),
enable (very very slow) cross-ISA VM installation

lib/setup-scripts/install.sh

@@ -15,8 +15,8 @@ Since the installation needs to format and mount (image files as) disks, it need
 * be run with the »sudo« argument (see »--help« output; this runs »nix« commands as the original user, and the rest as root),
 * or automatically perform the installation in a qemu VM (see »--vm« flag).
 
-Installing inside the VM is safer (will definitely only write wi the supplied »diskPaths«), more secure (executes the VM), and does not require privilege elevation, but does currently only work for the same ISA, is significantly slower (painfully slow without KVM), and may break custom »*Commands« hooks (esp. those passing in secrets).
-Without VM, installations across different ISAs (e.g. from an x64 desktop to a Raspberry Pi microSD) works if the installing host is NixOS and sets »boot.binfmt.emulatedSystems« for the target systems ISA, or on other Linux with a matching »binfmt_misc« registration with the preload (F) flag.
+Installing inside the VM is safer (will definitely only write to the supplied »diskPaths«), more secure (executes everything inside the VM), and does not require privilege elevation, is significantly slower (painfully slow without KVM), and may break custom »*Commands« hooks (esp. those passing in secrets). Across ISAs, the VM installation is even slower, taking many hours for even a simple system.
+Without VM, installations across different ISAs (e.g. from an x64 desktop to a Raspberry Pi microSD) works (even relatively fast) if the installing host is NixOS and sets »boot.binfmt.emulatedSystems« for the target systems ISA, or on other Linux with a matching »binfmt_misc« registration with the preload (F) flag.
 
 Once done, the disk(s) can be transferred -- or the image(s) be copied -- to the final system, and should boot there.
 If the target host's hardware target allows, a resulting image can also be passed to the »register-vbox« command to create a bootable VirtualBox instance for the current user, or to »run-qemu« to start it in a qemu VM.
@@ -77,8 +77,6 @@ declare-flag install-system vm-shared "" "When installing inside the VM, specifi
 ## Re-executes the current system's installation in a qemu VM.
 function reexec-in-qemu {
 
-    if [[ @{pkgs.buildPackages.system} != "@{native.system}" ]] ; then echo "VM installation (implicit when not running as root) of a system built on a different ISA than the current host's is not supported (yet)." 1>&2 ; \return 1 ; fi
-
     # (not sure whether this works for block devices)
     ensure-disks "$1" 1 || return
     qemu=( -m 3072 ) ; declare -A qemuDevs=( )
@@ -101,6 +99,10 @@ function reexec-in-qemu {
 
     #local output=@{inputs.self}'#'nixosConfigurations.@{config.installer.outputName:?}.config.system.build.vmExec
     local output=@{config.system.build.vmExec.drvPath!unsafeDiscardStringContext} # this is more accurate, but also means another system needs to get evaluated every time
+    if [[ @{pkgs.buildPackages.system} != "@{native.system}" ]] ; then
+        echo 'Performing the installation in a cross-ISA qemu system VM; this will be very, very slow (many hours) ...'
+        output=@{inputs.self}'#'nixosConfigurations.@{config.installer.outputName:?}.config.system.build.vmExec-@{pkgs.buildPackages.system}
+    fi
     local scripts=$0 ; if [[ @{pkgs.system} != "@{native.system}" ]] ; then
         scripts=$( build-lazy @{inputs.self}'#'apps.@{pkgs.system}.@{config.installer.outputName:?}.derivation ) || return
     fi

lib/setup-scripts/maintenance.sh

@@ -56,7 +56,7 @@ declare-flag run-qemu dry-run           "" "Instead of running the (main) qemu (
 declare-flag run-qemu efi               "" "Treat the target system as EFI system, even if not recognized as such automatically."
 declare-flag run-qemu efi-vars      "path" "For »--efi« systems, path to a file storing the EFI variables. The default is in »XDG_RUNTIME_DIR«, i.e. it does not persist across host reboots."
 declare-flag run-qemu graphic           "" "Open a graphical window even of the target system logs to serial and not (explicitly) TTY1."
-declare-flag run-qemu install   "[always]" "If any of the guest system's disk images does not exist, perform the its installation before starting the VM. If set to »always«, always install before starting the VM. With this flag set, »diskImages« defaults to paths in »/tmp/."
+declare-flag run-qemu install "[1|always]" "If any of the guest system's disk images does not exist, perform the its installation before starting the VM. If set to »always«, always install before starting the VM. With this flag set, »diskImages« defaults to paths in »/tmp/."
 declare-flag run-qemu mem            "num" "VM RAM in MiB (»qemu -m«)."
 declare-flag run-qemu nat-fw    "forwards" "Port forwards to the guest's NATed NIC. E.g: »--nat-fw=:8000-:8000,:8001-:8001,127.0.0.1:2022-:22«."
 declare-flag run-qemu no-kvm            "" "Do not rey to use (or complain about the unavailability of) KVM."

lib/setup-scripts/zfs.sh

@@ -53,7 +53,6 @@ function ensure-datasets {
     if (( @{#config.setup.zfs.datasets[@]} == 0 )) ; then \return ; fi
     local mnt=$1 ; while [[ "$mnt" == */ ]] ; do mnt=${mnt:0:(-1)} ; done # (remove any tailing slashes)
     local filterExp=${2:-'^'}
-    local tmpMnt=$(mktemp -d) ; trap "rmdir $tmpMnt" EXIT
     local zfs=@{native.zfs}/bin/zfs
 
     local name ; while IFS= read -u3 -r -d $'\0' name ; do
@@ -119,7 +118,8 @@ function ensure-datasets {
                 ( PATH=@{native.zfs}/bin ; ${_set_x:-:} ; zfs create "${zfsCreate[@]}" "${dataset[name]}" ) || exit
             fi
             if [[ ${props[canmount]} != off ]] ; then (
-                @{native.util-linux}/bin/mount -t zfs -o zfsutil "${dataset[name]}" $tmpMnt && trap "@{native.util-linux}/bin/umount '${dataset[name]}'" EXIT &&
+                tmpMnt=$(mktemp -d) ; trap "" EXIT && @{native.util-linux}/bin/mount -t zfs -o zfsutil "${dataset[name]}" $tmpMnt &&
+                trap "@{native.util-linux}/bin/umount '${dataset[name]}' ; rmdir $tmpMnt" EXIT &&
                 chmod 000 -- "$tmpMnt" && chown "${dataset[uid]}:${dataset[gid]}" -- "$tmpMnt" && chmod "${dataset[mode]}" -- "$tmpMnt"
             ) || exit ; fi
             if [[ $explicitKeylocation && $explicitKeylocation != "${props[keylocation]:-}" ]] ; then