ubuntu_hetzner_cloud
Hetzner Cloud Ubuntu baseline role
Ansible role for bootstrapping a Hetzner Ubuntu cloud image with useful tooling for that Cloud offering
Hetzner provides super cheap cloud server instances. However the offering is much more basic then other cloud providers suche as AWS, Digital Ocean etc.
The limitations are twofold:
- Their provided Ubuntu images are quite basic, just havin a root user, which is used for SSH signin (no other users, more secure SSH config)
- No Firewall product that let's you easily manage instance access through the Cloud offering itself (such as AWS seucrity groups or DO firewalls)
To leviate both of this shortcomings (and also install other essential tooling) this role exits. It will do the following:
- Setup a normal linux system user which then can be used for connecting (sudo enabled)
- Disable root login and PW login for SSH
- Installs UFW firewall and locks down all ports by default, only leaving SSH port open
Additionally this role provides those features:
- Move SSH port is moved to a non default port
- Upgrade all apt packages
- Install a bunch of useful server command line tools (htop, iptraf etc.)
For providing parameters see below.
Requirements
Ubuntu server bootet from Hetzner image. Probably anything newer then 18.04 is fine
Role Variables
Overwritable role default variables:
hetzner_cloud_custom_user: ubuntu
- linux system user to setup (to not use root for everything, like ssh)hetzner_cloud_update_apt: true
- run a full update upgrade, useful after brining up fresh instancehetzner_cloud_ssh_port: 2222
- put SSH onto different port (prevent scanning), this is respected in Firewall settingshetzner_cloud_open_ports: [{ name: http, port: 80 }]
- List of extra port to open (SSH will always be allowed, so you don't lock youself out)
For more see defaults/main.yml
file.
Dependencies
This role depends on no other roles.
Example Playbook
Use role like this in your playbook, after installing this role:
- name: Install server stuff
gather_facts: false # important if your inventory settings already use final ssh user (hetzner_cloud_custom_user)
hosts: cloud-servers
vars:
# vars for stefanhorning.ubuntu_hetzner_cloud role:
hetzner_cloud_custom_user: ubuntu
hetzner_cloud_update_apt: true
hetzner_cloud_ssh_port: 2222
hetzner_cloud_open_ports:
- { name: http, port: 80 }
- { name: https, port: 443 }
roles:
- stefanhorning.ubuntu_hetzner_cloud
tasks:
- name: Do other stuff
ping:
License
BSD
Author Information
Stefan Horning
Ansible role for bootstrapping a Hetzner Ubuntu cloud image with useful tooling
ansible-galaxy install stefanhorning/ansible-role-ubuntu-hetzner-cloud