i don't know if this should be used

Since only passing though the ssh dir doesn't work, the host would be polluted by all the other hosts writing to etc

.gitea/workflows/flake-check.yml

@@ -1,15 +0,0 @@
-name: "Check flake syntax"
-on:
-  pull_request:
-  push:
-jobs:
-  flake-check:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Install dependencies for Nix setup action
-      run: |
-        apt update -y
-        apt install sudo -y        
-    - uses: cachix/install-nix-action@v27
-    - run: nix flake check --no-update-lock-file --accept-flake-config .

doc/src/anleitung/microvm.md

@@ -44,6 +44,9 @@ sudo mkdir -p /var/lib/microvms/durruti/{var,etc}
 # alternatively u can run the vm in interactive mode (maybe stop the microvm@durruti.service first)
 microvm -r durruti
 
+#if you get an error like "Error booting VM: VmBoot(DeviceManager(CreateVirtioFs(VhostUserConnect)))", try starting the virtio service manually
+sudo systemctl start microvm-virtiofsd@{host}.service
+
 # after u made changes to the microvm update and restart the vm 
 microvm -uR durruti
 

machines/bakunin/configuration.nix

@@ -26,7 +26,6 @@ in
 
   malobeo.disks = {
     enable = true;
-    legacy = true;
     hostId = "a3c3102f";
     root = {
       disk0 = "disk/by-id/ata-HITACHI_HTS725016A9A364_110308PCKB04VNHX9XTJ";
@@ -34,7 +33,9 @@ in
   };
 
   malobeo.initssh = {
-    enable = false;
+    enable = true;
+    authorizedKeys = sshKeys.admins;
+    ethernetDrivers = ["r8169"];
   };
 
   hardware.sane.enable = true; #scanner support

machines/configuration.nix

@@ -3,7 +3,6 @@
 , nixpkgs
 , sops-nix
 , inputs
-, microvm
 , nixos-hardware
 , home-manager
 , ...
@@ -35,14 +34,15 @@ let
             };
           };
         })
+
         sops-nix.nixosModules.sops
-        microvm.nixosModules.microvm
       ];
     }
   ];
   defaultModules = baseModules;
 
   makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
+    inputs.microvm.nixosModules.microvm
     {
       microvm = {
         hypervisor = "cloud-hypervisor";
@@ -56,11 +56,11 @@ let
             socket = "store.socket";
           }
           {
-            source = "/var/lib/microvms/${hostName}/etc";
+            source = "/var/lib/microvms/test/etc/";
             mountPoint = "/etc";
-            tag = "etc";
+            tag = "etcssh";
             proto = "virtiofs";
-            socket = "etc.socket";
+            socket = "etcssh.socket";
           }
           {
             source = "/var/lib/microvms/${hostName}/var";

machines/modules/disko/default.nix

@@ -20,11 +20,6 @@ in
       default = true;
       description = "Allows encryption to be disabled for testing";
     };
-    legacy = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Enable legacy boot (bios)";
-    };
     devNodes = lib.mkOption {
       type = lib.types.str;
       default = "/dev/disk/by-id/";
@@ -86,25 +81,7 @@ in
     };
   };
 
-  config = lib.mkMerge [
+  config = lib.mkIf cfg.enable {
-    (lib.mkIf (cfg.enable && !cfg.legacy) {
-      boot = {
-        loader.systemd-boot.enable = true;
-        loader.efi.canTouchEfiVariables = true;
-        supportedFilesystems = [ "vfat" "zfs" ];
-      };
-      fileSystems."/boot".neededForBoot = true;
-    })
-    (lib.mkIf (cfg.enable && cfg.legacy) {
-      boot.loader.grub = {
-        enable = lib.mkForce true;
-        device = "/dev/${cfg.root.disk0}-part1";
-        efiSupport = false;
-        enableCryptodisk = cfg.encryption;
-        zfsSupport = true;
-      };
-    })
-    (lib.mkIf cfg.enable {
     networking.hostId = cfg.hostId;
     disko.devices = {
       disk = lib.mkMerge [
@@ -115,7 +92,7 @@ in
             content = {
               type = "gpt";
               partitions = {
-                  ESP = lib.mkIf (!cfg.legacy) {
+                ESP = {
                   size = "1024M";
                   type = "EF00";
                   content = {
@@ -125,10 +102,6 @@ in
                     mountOptions = [ "umask=0077" ];
                   };
                 };
-                  boot = lib.mkIf cfg.legacy {
-                    size = "1024M";
-                    type = "EF02";
-                  };
                 encryptedSwap = {
                   size = cfg.root.swap;
                   content =  {
@@ -297,9 +270,9 @@ in
 
     fileSystems."/".neededForBoot = true;
     fileSystems."/etc".neededForBoot = true;
+    fileSystems."/boot".neededForBoot = true;
     fileSystems."/var".neededForBoot = true;
     fileSystems."/home".neededForBoot = true;
     fileSystems."/nix".neededForBoot = true;
-    })
+  };
-  ];
 }

machines/modules/malobeo/initssh.nix

@@ -26,9 +26,13 @@ in
   
   config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
     boot = {
+      loader.systemd-boot.enable = true;
+      loader.efi.canTouchEfiVariables = true;
+      supportedFilesystems = [ "vfat" "zfs" ];
       zfs = {
         forceImportAll = true;
         requestEncryptionCredentials = true;
+        
       };
       initrd = {
         availableKernelModules = cfg.ethernetDrivers;

outputs.nix

@@ -20,7 +20,6 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     let
       sops = sops-nix.packages."${pkgs.system}";
       microvmpkg = microvm.packages."${pkgs.system}";
-      installed = builtins.attrNames self.legacyPackages."${pkgs.system}".scripts;
     in
     pkgs.mkShell {
       sopsPGPKeyDirs = [
@@ -38,14 +37,11 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
         pkgs.mdbook
         microvmpkg.microvm
       ];
-      packages = builtins.map (pkgName: self.legacyPackages."${pkgs.system}".scripts.${pkgName}) installed;
-      shellHook = ''echo "Available scripts: ${builtins.concatStringsSep " " installed}"'';
-    };
-    legacyPackages = {
-      scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
-      scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
     };
+
     packages = {
+      remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
+      boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
       docs = pkgs.stdenv.mkDerivation {
         name = "malobeo-docs";
         phases = [ "buildPhase" ];

scripts/remote-install-encrypt.sh

@@ -1,4 +1,5 @@
 set -o errexit
+set -o nounset
 set -o pipefail
 
 if [ $# -lt 2 ]; then
@@ -8,21 +9,6 @@ if [ $# -lt 2 ]; then
   exit 1
 fi
 
-if [ ! -e flake.nix ]
-    then
-    echo "flake.nix not found. Searching down."
-    while [ ! -e flake.nix ]
-        do
-        if [ $PWD = "/" ]
-            then
-            echo "Found root. Aborting."
-            exit 1
-            else
-            cd ..
-        fi
-    done
-fi
-
 hostname=$1
 ipaddress=$2
 

scripts/unlock-boot.sh

@@ -4,33 +4,19 @@ set -o pipefail
 sshoptions="-o StrictHostKeyChecking=no -o ServerAliveInterval=1 -o ServerAliveCountMax=1 -p 222 -T"
 HOSTNAME=$1
 
-if [ ! -e flake.nix ]
-    then
-    echo "flake.nix not found. Searching down."
-    while [ ! -e flake.nix ]
-        do
-        if [ $PWD = "/" ]
-            then
-            echo "Found root. Aborting."
-            exit 1
-            else
-            cd ..
-        fi
-    done
-fi
-
 echo
+diskkey=$(sops -d machines/$HOSTNAME/disk.key)
+
 if [ $# = 1 ]
     then
-    diskkey=$(sops -d machines/$HOSTNAME/disk.key)
     echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #storage
 
     echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root
 
 elif [ $# = 2 ]
     then
-    diskkey=$(sops -d machines/$HOSTNAME/disk.key)
     IP=$2
+    
     echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #storage
 
     echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root