previous behavior was that overlays were *implicitly* applied when i
imported nixpkgs, and then explicitly applied again later in the config.
for some reason i can't remove (or adjust?) the implicit application
without causing evals to hang w/o so much as any error message.
i haven't actually deployed this yet: i'm pulling it for crappy-staging, but had to update all branches because the trust-dns patch didn't apply cleanly