"As a developer, I want to quickly stand up and tear down a Linux server with some sane defaults so I can have a reasonably secure sandbox to play around in and get on with my projects."
Deploy a Hetzner server (Linux VM) with some basic security using terraform and cloud-init.
This will create a VM with a public IPv4 IP and a network firewall with an ssh inbound rule tied to your local public IP. The VM will also have a passwordless sudo user, and the following will be disabled:
- password auth
- root login
- x11 forwarding
The default SSH port is also changed, and the OS packages should be fully up to date. Everything is variable-ized so feel free to change anything you want. The cloud-init.sh
file can be expanded quite a lot (for example, add as many packages as you want in the apt install
line).
Note: this assumes you're going to run an Ubuntu VM. If you want to run a different distro, further changes may be needed in cloud-init.sh
and you'll need to change the server_image
var in variables.tf
I intentionally chose the cheapest server type as a starting point, feel free to change it to whatever you want (see Helpful Stuff at the bottom).
- Create a Hetzner account
- Create a read/write API token and store it somewhere safe
- Create a local ssh key pair (defaults are fine):
ssh-keygen
- Install terraform and make sure it's in your
$PATH
- Clone repo, and go into directory
cd hetzner-tf
- Change variables as needed in
variables.tf
andcloud-init.sh
- Set a local environment variable for your API token (optional)
export TF_VAR_hcloud_toke=<PASTE TOKEN HERE>
- Initialize terraform
terraform init
- Run the plan
terraform plan
- Create all resources
terraform apply # enter yes to confirm
- Log into the Hetzner web console, and copy the public IP of your server
- Connect to the instance (change values as needed)
ssh -p <SSH PORT> <USERNAME>@<PUBLIC IP>
# e.g. given the defaults in the scripts:
ssh -p 55022 yoloadmin@<PUBLIC IP>
Note: It might take a couple minutes for everything to be provisioned and cloud-init to complete all its tasks before you can ssh in.
- Once connected, check if cloud-init completed successfully:
cloud-init status
. You can also check the cloud-init logs withless /var/log/cloud-init-output.log
terraform destroy # enter yes to confirm
On your local machine, create a new file in this location: ~/.ssh/config
And paste the following (change values as needed):
Host hetzner-testvm1
HostName <PUBLIC IP>
User <USERNAME>
Port <SSH PORT>
IdentityFile /path/to/private/ssh/key
Then you can run this to connect to your server: ssh hetzner-testvm1
- Install hcloud cli
- Authenticate with your API token:
hcloud context create default
- To get server types:
hcloud server-type list
- To get server images:
hcloud image list
- To get server regions:
hcloud location list