Skip to content

Instantly share code, notes, and snippets.

@krzko

krzko/CloudConfig.md

Forked from OnSive/CloudConfig.md
Created April 16, 2026 04:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save krzko/64386ede077eda802625c29e1415dad6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save krzko/64386ede077eda802625c29e1415dad6 to your computer and use it in GitHub Desktop.
Download ZIP
My Hetzner Cloud Config (cloud-init)
Raw
CloudConfig.md

What is Hetzner cloud config? https://community.hetzner.com/tutorials/basic-cloud-config

An additional feature during creation of a Hetzner cloud server (CX11 and above) is user data.
This allows the execution of a cloud-init configuration for the newly created server.

How to use:

  1. Replace both {username} with the username of your choise and remove both <--- Insert username
  2. Replace ssh-rsa AAA...0w== with your public ssh key and remove the <--- Insert public ssh key
  3. Copy & Paste your config in the Cloud-init configuration field at the bottom of the create server dialogue.

My cloud config does the following:

  • Creates a new user as admin and docker user and disables the need for a password on sudo ....
  • Adds an ssh key to the user
  • Disables root login
  • Disables password login for all users (login is only by ssh key allowed)
  • Installs the latest stable docker and docker compose version
  • Updates all apt packages

After the configuration is done, the server reboots automatically, it can take up to 5 minutes.
To verify the process is finished take a look at the graphs in the Hetzner cloud interface.
If the huge CPU usage is down to a steady level then your server is ready.

#cloud-config
groups:
  - docker

users:
  - name: root
    lock_passwd: true
  - name: {username}              <--- Insert username
    groups: users, admin, docker
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-rsa AAA...0w==        <--- Insert public ssh key

chpasswd:
      expire: false
      
package_update: true
package_upgrade: true

packages:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg-agent
  - software-properties-common

runcmd:
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
  - sed -i '$a AllowUsers {username}' /etc/ssh/sshd_config                                        <--- Insert username
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
  - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  - apt-get update -y
  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
  - systemctl start docker
  - systemctl enable docker

power_state:
  mode: reboot
  condition: True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment