[run-vm] handle edgecase for prometheus mmaped file on 9p share

outputs.nix

@@ -15,7 +15,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     pkgs-unstable = nixpkgs-unstable.legacyPackages."${system}";
     pkgs = nixpkgs.legacyPackages."${system}";
 
-    vmMicroVMOverwrites = options: {
+    vmMicroVMOverwrites = hostname: options: {
       microvm = {
         mem = pkgs.lib.mkForce 4096;
         hypervisor = pkgs.lib.mkForce "qemu";
@@ -29,8 +29,9 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
         ] ++ pkgs.lib.optionals (options.varPath != "") [
           {
             source = "${options.varPath}";
-            mountPoint = "/var/lib";
+            securityModel = "mapped";
-            tag = "varlib";
+            mountPoint = "/var";
+            tag = "var";
           }
         ]);
         interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{
@@ -42,9 +43,12 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
 
       fileSystems = {
         "/".fsType = pkgs.lib.mkForce "tmpfs";
-        "/var/lib" = pkgs.lib.mkIf (options.varPath != "") {
+
-          depends = [ "/var" ];
+        # prometheus uses a memory mapped file which doesnt seem supported by 9p shares
-        };
+        # therefore we mount a tmpfs inside the datadir
+        "/var/lib/prometheus2/data" = pkgs.lib.mkIf (hostname == "overwatch" && options.varPath != "") (pkgs.lib.mkForce {
+          fsType = pkgs.lib.mkForce "tmpfs";
+        });
       };
 
       boot.isContainer = pkgs.lib.mkForce false;
@@ -84,7 +88,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
 
     buildVM = host: networking: sopsDummy: disableDisko: varPath: (self.nixosConfigurations.${host}.extendModules {
         modules = [
-          (vmMicroVMOverwrites { withNetworking = networking; varPath = "${varPath}"; })
+          (vmMicroVMOverwrites host { withNetworking = networking; varPath = "${varPath}"; })
           (if sopsDummy then (vmSopsOverwrites host) else {})
           (if disableDisko then vmDiskoOverwrites else {})
         ] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [
@@ -153,7 +157,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
             echo "--networking setup interfaces. requires root and hostbridge enabled on the host"
             echo "--dummy-secrets run vm with dummy sops secrets"
             echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny"
-            echo "--varlib path to directory that should be shared as /var/lib. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
+            echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
             exit 1
         }
         
@@ -177,7 +181,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
                 --networking) NETWORK=true ;;
                 --dummy-secrets) DUMMY_SECRETS=true ;;
                 --no-disko) NO_DISKO=true ;;
-                --varlib) 
+                --var) 
                   if [[ -n "$2" && ! "$2" =~ ^- ]]; then
                       VAR_PATH="$2"
                       shift