Debian 13 LXCs require nesting
Systemd 256+ (Debian 13) requires nesting=1 on unprivileged LXC containers. Without it, systemd can't create namespaces — services fail with credential errors.
Always enable nesting for Debian 13+ LXCs. Without `nesting=1`, the container starts degraded — systemd can't create namespaces for service isolation.
Discovered during Pi-hole deployment (2026-02-26).
Affected entities:Jack