davidgasquez.com
🔧 Where my dotfiles lives in harmony and peace, most of the time
1#!/usr/bin/env bash
2set -euo pipefail
3
4SCRIPT_DIR="$(dirname "$(realpath "$0")")"
5NAME="zen"
6LOCATION="nbg1"
7TYPE="cax11"
8IMAGE="ubuntu-24.04"
9SSH_KEY="helix"
10FIREWALL="ts-only"
11
12echo "Creating server ${NAME}..."
13hcloud server create \
14 --name "$NAME" \
15 --location "$LOCATION" \
16 --type "$TYPE" \
17 --image "$IMAGE" \
18 --ssh-key "$SSH_KEY" \
19 --user-data-from-file "${SCRIPT_DIR}/cloud-init.yaml"
20
21IP=$(hcloud server ip "$NAME")
22echo "Server ${NAME} created at ${IP}"
23
24echo "Waiting for cloud-init to finish..."
25until ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 "david@${IP}" "cloud-init status" 2>/dev/null | grep -q "done"; do
26 sleep 10
27done
28echo "Cloud-init done."
29
30echo ""
31echo "SSH into the server and run: sudo tailscale up"
32echo " ssh david@${IP}"
33echo ""
34read -r -p "Press Enter once Tailscale is set up on ${NAME}..."
35
36TS_IP=$(ssh "david@${IP}" "tailscale ip -4")
37echo "Tailscale IP: ${TS_IP}"
38
39echo "Creating firewall ${FIREWALL}..."
40hcloud firewall create --name "$FIREWALL" 2>/dev/null || true
41hcloud firewall add-rule --direction in --protocol udp --port 41641 --source-ips 0.0.0.0/0 --source-ips ::/0 "$FIREWALL" 2>/dev/null || true
42hcloud firewall add-rule --direction in --protocol tcp --port 22 --source-ips 100.64.0.0/10 "$FIREWALL" 2>/dev/null || true
43hcloud firewall apply-to-resource --type server --server "$NAME" "$FIREWALL"
44echo "Firewall ${FIREWALL} applied."
45
46echo ""
47echo "Verifying Tailscale SSH..."
48ssh -o ConnectTimeout=5 "david@${TS_IP}" "hostname"
49echo ""
50echo "Done. Connect with: ssh david@${TS_IP}"