Skip to content
Homelab

External Cloud

Everything in this page is experimental or proposed architecture or systems.

Hetzner Cloud

Hetzner is possibly one of the cheapest providers of servers and virtual machines I have been able to find. While I usually prefer Azure for anything cloud related, it’s VM’s are not cheap.

This is the cloud-init configuration for the lowest spec VM offered by Hetzner. Note that currently I have not created any Terraform code for creating the VM. This cloud-init must be specified in the VM creation page.

  • Hostname, language, locale, and user account setup
  • Login is only permitted via SSH key and password login is disabled
  • fail2ban, ufw, docker.io are installed
  • Tailscale is installed (note this step is not currently working)
  • Packages are updated
  • VM reboots on completion
#cloud-config
hostname: homelab-external

locale: en_GB.UTF-8
keyboard: gb

users:
  - name: lloyd
    groups: users, admin
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBy0yn3GblLjBCOGr9OvnLVmc8jDbHfTHkWIoIhu6qgNpY/p1coSECBLHkTT3wYhHLPGOpGA013piPgvIpeBLu/7zjbR79GN9apl7yqGZIntSlqG1+xP8/6ZZr6xZz5E9265wd9FRrc/dgaHODIBYITO7PKtHfUseFgMcCV195EEiDWvqygSAWRqOpo2pVjDCVKq2CS6nyyEklnwY5dN9pbfpEM4vyvmKZBpOBka0eG/nR7MlmdgLWSp4DeKWyX5P4SB6czVX76muDoyuXRleNgGCXx3F3je+jIpkgpqYiCe390sObaGnGuSip/DLqgRHLrAAJnrr3IZSYDQJtdxHZVl491uT/bf/dJ0llaX5yIYVt7hBmXg3lVFiAfJBidqhY0JK9bEo/cygyvWnvlTE4QFPb8Yg4cA5kQ6JF9et9PlCToXJAVK14h+igihQTxq64J3uLAv63IHGP6ZmU5YmN2rCPcqFBw8G3inr8Hr7Ds7BYTcRv8+lIn25BOo2PDc5AWbqPtrOG/3YxEjCgO/DBbGt4QZ+b8bN4nVFHSYqs46BNcrSmvR/NsxPDGRXLermN90e432u/y8jf5jg2z+0Y3/TyhMCyuWrWlUmJvuk8wI7lx+8iAH0poa4BoDrboljzIqnDrK845jjtsdAkxuisOjQTb94OB2tDfS1U1nk9Nw== lloydjatkinson@gmail.com

disable_root: true
ssh_pwauth: no

packages:
  - fail2ban
  - ufw
  - docker.io

package_update: true
package_upgrade: true

runcmd:
  - ufw allow OpenSSH
  - ufw allow icmp
  - ufw enable
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
  - sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
  - sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
  - sed -i '$a AllowUsers lloyd' /etc/ssh/sshd_config
  - curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
  - curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
  - sudo apt-get update
  - sudo apt-get install tailscale

power_state:
  mode: reboot