i don't know if this should be used

Since only passing though the ssh dir doesn't work, the host would be polluted by all the other hosts writing to etc

doc/src/anleitung/microvm.md

@@ -44,6 +44,9 @@ sudo mkdir -p /var/lib/microvms/durruti/{var,etc}
 # alternatively u can run the vm in interactive mode (maybe stop the microvm@durruti.service first)
 microvm -r durruti
 
+#if you get an error like "Error booting VM: VmBoot(DeviceManager(CreateVirtioFs(VhostUserConnect)))", try starting the virtio service manually
+sudo systemctl start microvm-virtiofsd@{host}.service
+
 # after u made changes to the microvm update and restart the vm 
 microvm -uR durruti
 

machines/configuration.nix

@@ -56,11 +56,11 @@ let
             socket = "store.socket";
           }
           {
-            source = "/var/lib/microvms/${hostName}/etc";
+            source = "/var/lib/microvms/test/etc/";
             mountPoint = "/etc";
-            tag = "etc";
+            tag = "etcssh";
             proto = "virtiofs";
-            socket = "etc.socket";
+            socket = "etcssh.socket";
           }
           {
             source = "/var/lib/microvms/${hostName}/var";
@@ -114,6 +114,15 @@ in
     ];
   };
 
+  lucia = nixosSystem {
+    system = "aarch64-linux";
+    specialArgs.inputs = inputs;
+    modules = defaultModules ++ [
+      ./lucia/configuration.nix
+      ./lucia/hardware_configuration.nix
+    ];
+  };
+
   fanny = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputsMod;
@@ -152,12 +161,12 @@ in
     ];
   };
 
-  lucia = nixosSystem {
+  uptimekuma = nixosSystem {
-    system = "aarch64-linux";
+    system = "x86_64-linux";
     specialArgs.inputs = inputs;
-    modules = defaultModules ++ [
+    specialArgs.self = self;
-      ./lucia/configuration.nix
+    modules = makeMicroVM "uptimekuma" "10.0.0.12" "D0:E5:CA:F0:D7:E8" [
-      ./lucia/hardware_configuration.nix
+      ./uptimekuma/configuration.nix
     ];
   };
 

machines/durruti/documentation.nix

@@ -8,6 +8,15 @@
         { addr = "0.0.0.0"; port = 9000; } 
       ];
       root = "${self.packages.x86_64-linux.docs}/share/doc";
+      extraConfig = ''
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_http_version 1.1; 
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+      '';
     };
   };
 

machines/durruti/host_config.nix

@@ -36,7 +36,21 @@ in
     services.nginx.virtualHosts."docs.malobeo.org" = {
       forceSSL = true;
       enableACME= true;
-      locations."/".proxyPass = "http://10.0.0.10";
+      locations."/" = {
+        proxyPass = "http://10.0.0.10";
+        extraConfig = ''
+        '';
+      };
+    };
+
+    services.nginx.virtualHosts."status.malobeo.org" = {
+      forceSSL = true;
+      enableACME= true;
+      locations."/" = {
+        proxyPass = "http://10.0.0.12";
+        extraConfig = ''
+        '';
+      };
     };
 
     services.nginx.virtualHosts."tasklist.malobeo.org" = {

machines/fanny/configuration.nix

@@ -55,9 +55,21 @@ in
   services.malobeo.microvm.enableHostBridge = true;
   services.malobeo.microvm.deployHosts = [ "infradocs" ];
 
+  networking = {
+    firewall = {
+      allowedTCPPorts = [ 80 ];
+    };
+  };
 
-  services.nginx.virtualHosts."docs.malobeo.org" = {
+  services.nginx = {
-    locations."/".proxyPass = "http://10.0.0.11:9000";
+    enable = true;
+    virtualHosts."docs.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://10.0.0.11:9000";
+        extraConfig = ''
+        '';
+      };
+    };
   };
 
   services.tor = {

machines/modules/malobeo/wireguard.nix

@@ -69,6 +69,7 @@ in
     networking.wg-quick = {
       interfaces = {
         malovpn = {
+          mtu = 1340; #seems to be necessary to proxypass nginx traffic through vpn
           address = myPeer.address;
           autostart = cfg.autostart;
           listenPort = mkIf (myPeer.role == "server") myPeer.listenPort;

machines/uptimekuma/configuration.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, inputs, ... }:
+
+with lib;
+
+{
+  networking = {
+    hostName = mkDefault "uptimekuma";
+    useDHCP = false;
+    nameservers = [ "1.1.1.1" ];
+  };
+
+  imports = [
+    ../modules/malobeo_user.nix
+    ../modules/sshd.nix
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."status.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3001";
+        extraConfig = ''
+        '';
+      };
+
+    };
+  };
+
+  services.uptime-kuma = {
+    enable = true;
+  };
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+

machines/vpn/configuration.nix

@@ -12,6 +12,7 @@ with lib;
     nameservers = [ "1.1.1.1" ];
     firewall = {
       allowedUDPPorts = [ 51821 ];
+      allowedTCPPorts = [ 80 ];
     };
   };
 
@@ -27,8 +28,16 @@ with lib;
     privateKeyFile = config.sops.secrets.wg_private.path;
   };
 
-  services.nginx.virtualHosts."docs.malobeo.org" = {
+  services.nginx = {
-    locations."/".proxyPass = "http://10.100.0.101";
+    enable = true;
+    virtualHosts."docs.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://10.100.0.101";
+        extraConfig = ''
+        '';
+      };
+
+    };
   };
 
   system.stateVersion = "22.11"; # Did you read the comment?