diff --git a/nixos/doc/manual/installation/installing-nspawn-container.xml b/nixos/doc/manual/installation/installing-nspawn-container.xml
deleted file mode 100644
index ae893c53c905..000000000000
--- a/nixos/doc/manual/installation/installing-nspawn-container.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         version="5.0"
-         xml:id="sec-installing-nspawn-container">
- <title>Installing into a nspawn container</title>
-
- <para>
-  For installing a NixOS into a systemd nspawn container the NixOS installation tools are needed.
-  If you run another distribution than NixOS on your host,
-  please follow <xref linkend="sec-installing-from-other-distro"/> steps 1, 2, and 3.
- </para>
-
- <para>
-  Create a NixOS configuration file <filename>/var/lib/machines/my-container/etc/nixos/configuration.nix</filename>.
-  It is important that the container root file system is under <filename>/var/lib/machines</filename>.
-  This is the standard location where <command>machinectl</command> will look for containers.
-  If you choose place the root into another location you need to start the container directly with <command>systemd-nspawn</command>.
-  The file needs to have at least following options enabled:
-<programlisting>
-<xref linkend="opt-boot.isContainer"/> = true;
-<xref linkend="opt-boot.loader.initScript.enable"/> = true;
-</programlisting>
-  If your host uses <command>systemd-networkd</command> to configure the network,
-  you can also enable <xref linkend="opt-networking.useNetworkd"/> to use networkd default network configuration for your host and container.
- </para>
-
- <para>
-  Install the container by running following command:
-   <screen>nixos-install --root /var/lib/machines/my-container \
-     --no-channel-copy --no-root-passwd --no-bootloader</screen>
- </para>
-
- <para>
-  Start the container by running following command:
-  <screen>machinectl start my-container</screen>
- </para>
-
-</section>
diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml
index 270372022fac..f1e1568c0349 100644
--- a/nixos/doc/manual/installation/installing.xml
+++ b/nixos/doc/manual/installation/installing.xml
@@ -563,8 +563,5 @@ Retype new UNIX password: ***</screen>
   <xi:include href="installing-from-other-distro.xml" />
 
   <xi:include href="installing-behind-a-proxy.xml" />
-
-  <xi:include href="installing-nspawn-container.xml" />
-
  </section>
 </chapter>
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh
index be3b5c0687a6..8685cb345e1e 100644
--- a/nixos/modules/installer/tools/nixos-install.sh
+++ b/nixos/modules/installer/tools/nixos-install.sh
@@ -132,9 +132,8 @@ if [[ -z $noBootLoader ]]; then
     echo "installing the boot loader..."
     # Grub needs an mtab.
     ln -sfn /proc/mounts $mountPoint/etc/mtab
-    export NIXOS_INSTALL_BOOTLOADER=1
+    NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
 fi
-nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
 
 # Ask the user to set a root password, but only if the passwd command
 # exists (i.e. when mutable user accounts are enabled).
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix
index 2f716f92c62e..ddfd1af4a319 100644
--- a/nixos/modules/system/activation/activation-script.nix
+++ b/nixos/modules/system/activation/activation-script.nix
@@ -184,14 +184,7 @@ in
         find /var/empty -mindepth 1 -delete
         chmod 0555 /var/empty
         chown root:root /var/empty
-
-        ${ # reasons for not setting immutable flag:
-           # 1. flag is not changeable inside a container
-           # 2. systemd-nspawn can not perform chown in case of --private-users-chown
-           #    then the owner is nobody and ssh will not start
-          optionalString (!config.boot.isContainer) ''
         ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
-          ''}
       '';
 
     system.activationScripts.usrbinenv = if config.environment.usrbinenv != null
diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix
index adb2f78a0a64..f7a37d8c9f3b 100644
--- a/nixos/modules/virtualisation/container-config.nix
+++ b/nixos/modules/virtualisation/container-config.nix
@@ -11,7 +11,7 @@ with lib;
     services.udisks2.enable = mkDefault false;
     powerManagement.enable = mkDefault false;
 
-    networking.useHostResolvConf = mkDefault (!config.services.resolved.enable);
+    networking.useHostResolvConf = mkDefault true;
 
     # Containers should be light-weight, so start sshd on demand.
     services.openssh.startWhenNeeded = mkDefault true;
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 2c6c3a429707..5643da99e557 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -262,7 +262,6 @@ in
   syncthing-relay = handleTest ./syncthing-relay.nix {};
   systemd = handleTest ./systemd.nix {};
   systemd-confinement = handleTest ./systemd-confinement.nix {};
-  systemd-machinectl = handleTest ./systemd-machinectl.nix {};
   systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
   systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {};
   pdns-recursor = handleTest ./pdns-recursor.nix {};
diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix
deleted file mode 100644
index 091f855d043b..000000000000
--- a/nixos/tests/systemd-machinectl.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-import ./make-test.nix (let
-
-  container = { ... }: {
-    boot.isContainer = true;
-
-    # use networkd to obtain systemd network setup
-    networking.useNetworkd = true;
-
-    # systemd-nspawn expects /sbin/init
-    boot.loader.initScript.enable = true;
-
-    imports = [ ../modules/profiles/minimal.nix ];
-  };
-
-  containerSystem = (import ../lib/eval-config.nix {
-    modules = [ container ];
-  }).config.system.build.toplevel;
-
-  containerName = "container";
-  containerRoot = "/var/lib/machines/${containerName}";
-
-in {
-  name = "systemd-machinectl";
-
-  machine = { lib, ... }: {
-    # use networkd to obtain systemd network setup
-    networking.useNetworkd = true;
-
-    # open DHCP server on interface to container
-    networking.firewall.trustedInterfaces = [ "ve-+" ];
-
-    # do not try to access cache.nixos.org
-    nix.binaryCaches = lib.mkForce [];
-
-    virtualisation.pathsInNixDB = [ containerSystem ];
-  };
-
-  testScript = ''
-    startAll;
-
-    $machine->waitForUnit("default.target");
-    $machine->succeed("mkdir -p ${containerRoot}");
-    $machine->succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd --no-bootloader");
-
-    $machine->succeed("machinectl start ${containerName}");
-    $machine->waitUntilSucceeds("systemctl -M ${containerName} is-active default.target");
-    $machine->succeed("ping -n -c 1 ${containerName}");
-    $machine->succeed("test `stat ${containerRoot}/var/empty -c %u%g` != 00");
-
-    $machine->succeed("machinectl stop ${containerName}");
-  '';
-})