This allows using normal nix-managed services that register sockets for
lazy activation. Also brings in some red errors about starting services
that we don't have, but that will be fixed
Instead of interpreting all that shell and running actual tmpfiles, use
a tiny stage before systemd that mounts a tmpfs at /run (preventing
systemd from doing the same), populates it with NixOS symlinks and
preserved resolv.conf, and mounts the immutable /etc overlay before
passing control over to systemd.
Avoid spending ~100ms of userspace boot time on unnecessary regeneration
of entirely static /etc/{passwd,group,shadow}. This will be proposed to nixpkgs.
Relying on udev to assign permissions to the virtgpu was very "proper"
but really excessive. We have a simple static configuration, built into
the kernel, so there are no dynamic shenanigans, we can always reliably
just chmod/chown the permissions. Let's go back to faster booting.
