Distro: NixOS 17

I have an nspawn "machine" in "/var/lib/machines/ubuntu1" containing an fs-root

I have a systemd unit "systemd-nspawn@ubuntu1.service" containing

[Service]
DeviceAllow=char-alsa rwm
DeviceAllow=/dev/net/tun rwm
DeviceAllow=char-pts rw
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rw
DeviceAllow=block-blkext rw
DeviceAllow=/dev/fuse rwm

However, /sys/fs/cgroup/systemd/machine.slice/systemd-nspawn@ubuntu1.service/ does not contain a device.allow file; I also don't have access to these device as a result.

I am unable to create this file manually (even as root), receiving "Permission Denied" when attempting to write anything is this directory (or anything else under /sys/fs/cgroups for that matter)

unsure where to go from here