These services evolve as munix evolves, so they should not be part of
the system closures themselves. Mount them into /run/systemd instead.
(Yes, making /run/systemd/system a symlink to RO files is unfortunate,
that could be changed in the future. FS prep code is annoying too..)
This introduces support for drag&drop and printing portals, and later
camera/screencasting should be possible as well. However we break
backwards compatibility with already built closures because the
nixosModule needs to be changed.
In the next commit, the runtime environment related services will be
removed from the nixosModule to prevent unnecessary future breakage.
What a way to discover that this was missing- PipeWire camera was
freezing unless something on the host was already streaming it…
gstclock.c:1086:gst_clock_get_internal_time:<pipewireclock0> internal time 1:01:04.622699903
gstclock.c:1129:gst_clock_get_time:<pipewireclock0> adjusted time 5123776:20:12.866176008
Well, that wasn't even caused by the TZ but it made me think to fix it..
NOTE for local dev, rebuild micro-activate now
muvm was interpreting command arguments like '-c' (from /bin/sh -c)
as its own options. Adding '--' separates muvm options from the
command and its arguments.
D-Bus is supposed to (?) use it to decide whether it can use FD passing,
shared memory, etc. and while we do a lot of cross-domain magic it's not
quite seamless :) so let's not reuse the host one.
Instead of interpreting all that shell and running actual tmpfiles, use
a tiny stage before systemd that mounts a tmpfs at /run (preventing
systemd from doing the same), populates it with NixOS symlinks and
preserved resolv.conf, and mounts the immutable /etc overlay before
passing control over to systemd.
