From 46d6077ef43996c5f0970f6bc372ba934e5611f5 Mon Sep 17 00:00:00 2001
From: kekskurse <git@ekskurse.de>
Date: Wed, 26 Mar 2025 22:23:47 +0100
Subject: [PATCH] cloudinit

---
 terraform/cloud-init/hetzner-cloud.yml | 33 ++++++++++++++++++++++++++
 terraform/docker-server.tf             | 26 ++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 terraform/cloud-init/hetzner-cloud.yml
 create mode 100644 terraform/docker-server.tf

diff --git a/terraform/cloud-init/hetzner-cloud.yml b/terraform/cloud-init/hetzner-cloud.yml
new file mode 100644
index 0000000..de7dc84
--- /dev/null
+++ b/terraform/cloud-init/hetzner-cloud.yml
@@ -0,0 +1,33 @@
+#cloud-config
+users:
+  - name: soeren
+    groups: users, admin
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_import_id:
+      - gh:kekskurse
+  - name: cloud
+    groups: users, admin
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_import_id:
+      - gh:kekskurse
+packages:
+  - ufw
+package_update: true
+package_upgrade: true
+runcmd:
+  - ufw allow 22522
+  - ufw enable
+  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)KbdInteractiveAuthentication/s/^.*$/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 5/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
+  - sed -i 's/^#Port 22/Port 22522/' /etc/ssh/sshd_config
+  - reboot
+
diff --git a/terraform/docker-server.tf b/terraform/docker-server.tf
new file mode 100644
index 0000000..f7a882c
--- /dev/null
+++ b/terraform/docker-server.tf
@@ -0,0 +1,26 @@
+variable "cloud_init_file" {
+  type        = string
+  description = "Der Inhalt der Cloud-Init-Datei"
+  default     = ""
+}
+
+locals {
+  cloud_init_content = file("cloud-init/hetzner-cloud.yml")
+}
+
+resource "hcloud_server" "server-4-docker-keks-cloud" {
+  name        = "4.docker.keks.cloud-test"
+  image       = "debian-12"
+  server_type = "cx22"
+  location    = "fsn1"
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+  keep_disk = true
+  labels {
+    server_type = "docker"
+  }
+  backups   = false
+  user_data = local.cloud_init_content
+}