Infrastructure and configuration to host my personal projects on Hetzner Cloud
- Secrets and Terraform state are stored in AWS (managed in personal-aws)
- CrowdSec helps to protect against malicious login attempts
- Automations:
- For each PR
terraform planis run and the result is added as comment to the PR - Pushes to
mastertriggerterraform apply - Packer builds a new base image with updated packages each month
- Dependabot creates PRs for dependency updates; non-major updates are merged automatically
- Traefik handles TLS certificates
- For each PR
Backups use the Hetzner Storagebox. There are some manual steps required to set it up:
- Create SSH key to access Storagebox:
ssh-keygen -f ~/.ssh/storagebox -N "" - Upload public SSH key to Storagebox:
cat ~/.ssh/storagebox.pub | ssh -p 23 <username>@<username>.your-storagebox.de install-ssh-key - Add private SSH key to Github secrets
- Create directory in Storagebox:
mkdir -p /home/backups/personal-projects
- bootstrap
- manage dns zone completely via terraform
- tag all resources with the source repo
- check if "env_file" can be removed from docker compose file
- replace domain in docker-compose with envsubst
- sandbox env
- traefik monitoring with crowdsec
- use ssm for SSH_PUBLIC_KEY instead of passing