lifecycle: preserve stopped state across rebuild (closes #371)

hive-c0re/src/lifecycle.rs

@@ -336,14 +336,25 @@ pub async fn rebuild_no_meta(
     let container = container_name(name);
     let flake_ref = format!("{}#{name}", crate::meta::meta_dir().display());
     if container_exists(name).await {
-        // Existing container: update nspawn flags, then rebuild + restart
+        // Existing container: preserve the prior running state across
-        // so any bind-mount / networking changes take effect.
+        // rebuild (closes #371). If it was running, cycle stop+start so
+        // any bind-mount / networking changes in the nspawn conf take
+        // effect. If it was stopped, leave it stopped — even if
+        // `nixos-container update` brought it up to run the in-container
+        // switch, the operator's explicit "stopped" intent wins.
+        let was_running = is_running(name).await;
         set_nspawn_flags(&container, agent_dir, claude_dir, notes_dir)?;
         set_resource_limits(&container)?;
         systemd_daemon_reload().await?;
         run(&["update", &container, "--flake", &flake_ref]).await?;
-        run(&["stop", &container]).await?;
+        if was_running {
-        run(&["start", &container]).await
+            run(&["stop", &container]).await?;
+            run(&["start", &container]).await
+        } else if is_running(name).await {
+            run(&["stop", &container]).await
+        } else {
+            Ok(())
+        }
     } else {
         // First spawn: create the container first (which writes the nspawn
         // conf file), then overwrite with our flags and start.