Ok I believe solved this with .ssh/config
and forwarding ports to ssh in the router’s firewall
Host stack.luketic
Hostname my_external_hostname
Port 12345
So there’s just the question of creating images from live running “bare metal” servers left.
And since I have only 1 external IP / server. I’ll just use virbr0 for the network
add
namserver 192.168.122.1
to /etc/resolv.conf
and
ip r add default via 192.168.122.1
and on the host I can run nginx with per domain forwarding, which also works for MTAs.