Instead of interpreting all that shell and running actual tmpfiles, use
a tiny stage before systemd that mounts a tmpfs at /run (preventing
systemd from doing the same), populates it with NixOS symlinks and
preserved resolv.conf, and mounts the immutable /etc overlay before
passing control over to systemd.
Avoid spending ~100ms of userspace boot time on unnecessary regeneration
of entirely static /etc/{passwd,group,shadow}. This will be proposed to nixpkgs.
Relying on udev to assign permissions to the virtgpu was very "proper"
but really excessive. We have a simple static configuration, built into
the kernel, so there are no dynamic shenanigans, we can always reliably
just chmod/chown the permissions. Let's go back to faster booting.
