What a way to discover that this was missing- PipeWire camera was
freezing unless something on the host was already streaming it…
gstclock.c:1086:gst_clock_get_internal_time:<pipewireclock0> internal time 1:01:04.622699903
gstclock.c:1129:gst_clock_get_time:<pipewireclock0> adjusted time 5123776:20:12.866176008
Well, that wasn't even caused by the TZ but it made me think to fix it..
NOTE for local dev, rebuild micro-activate now
muvm was interpreting command arguments like '-c' (from /bin/sh -c)
as its own options. Adding '--' separates muvm options from the
command and its arguments.
D-Bus is supposed to (?) use it to decide whether it can use FD passing,
shared memory, etc. and while we do a lot of cross-domain magic it's not
quite seamless :) so let's not reuse the host one.
Instead of interpreting all that shell and running actual tmpfiles, use
a tiny stage before systemd that mounts a tmpfs at /run (preventing
systemd from doing the same), populates it with NixOS symlinks and
preserved resolv.conf, and mounts the immutable /etc overlay before
passing control over to systemd.
