diff --git a/outputs.nix b/outputs.nix index ec83cf8..c87b806 100644 --- a/outputs.nix +++ b/outputs.nix @@ -29,8 +29,9 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems ] ++ pkgs.lib.optionals (options.varPath != "") [ { source = "${options.varPath}"; - mountPoint = "/var/lib"; - tag = "varlib"; + securityModel = "mapped"; + mountPoint = "/var"; + tag = "var"; } ]); interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{ @@ -84,7 +85,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems buildVM = host: networking: sopsDummy: disableDisko: varPath: (self.nixosConfigurations.${host}.extendModules { modules = [ - (vmMicroVMOverwrites { withNetworking = networking; varPath = "${varPath}"; }) + (vmMicroVMOverwrites host { withNetworking = networking; varPath = "${varPath}"; }) (if sopsDummy then (vmSopsOverwrites host) else {}) (if disableDisko then vmDiskoOverwrites else {}) ] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [ @@ -153,7 +154,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems echo "--networking setup interfaces. requires root and hostbridge enabled on the host" echo "--dummy-secrets run vm with dummy sops secrets" echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny" - echo "--varlib path to directory that should be shared as /var/lib. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate" + echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate" exit 1 } @@ -177,7 +178,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems --networking) NETWORK=true ;; --dummy-secrets) DUMMY_SECRETS=true ;; --no-disko) NO_DISKO=true ;; - --varlib) + --var) if [[ -n "$2" && ! "$2" =~ ^- ]]; then VAR_PATH="$2" shift