Last active
February 5, 2026 15:23
-
-
Save thomasmerz/4d99868b270f636b59ef0e4643543cab to your computer and use it in GitHub Desktop.
Cloud-init for Hetzner VM for Pi-hole with WireGuard VPN setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| packages: | |
| # use https://docs.docker.com/engine/install/ubuntu#install-using-the-repository instead for latest docker! | |
| # - docker-compose | |
| # - docker.io | |
| - fail2ban | |
| - git | |
| - htop | |
| - moreutils | |
| - needrestart | |
| - screen | |
| - termshark | |
| - tig | |
| - tree | |
| - tshark | |
| package_update: true | |
| package_upgrade: true | |
| runcmd: | |
| - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| - sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config | |
| - sed -i -e '/^#Port 22/s/^.*$/Port 42027/g' /etc/ssh/sshd_config | |
| - snap install canonical-livepatch && canonical-livepatch enable 321… | |
| - pro attach ABC… | |
| - reboot | |
| # https://ubuntu.com/about/release-cycle | |
| # *pro* enables LTS (5y support) with an additional 5y Expanded Security Maintenance (*ESM*) plus *livepatch* :-) | |
| # https://ubuntu.com/pro/subscribe | |
| # Ubuntu Pro with a *free personal* subscription on *up to 5* machines | |
| # see https://community.hetzner.com/tutorials/basic-cloud-config/de |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment