notes/reference/server-setup/hetzner_coolify_setup.md

# Hetzner Coolify Setup

## Sources

- https://www.youtube.com/watch?v=taJlPG82Ucw&t=56s


## Hetzner dashboard setup
- add ssh key

- add this to cloud init
``` cloud_init.yml
# This config was written for Ubuntu 22.04
# If you are using a more recent version, see the comments of this gist for fixes
#cloud-config
users:
  - name: dkelly
    ssh_authorized_keys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQWloxYNqNyOw6KKXsQnYPakthlq9gqf5qR1QGR1g6w donovan.a.kelly@pm.me"
    sudo: ALL=(ALL:ALL) ALL
    groups: sudo
    shell: /bin/bash
chpasswd:
  expire: true
  users:
    - name: dkelly
      password: replacethispasswordplease
      type: text
runcmd:
  - sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config
  - echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
  - sed -i '/PubkeyAuthentication/d' /etc/ssh/sshd_config
  - echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
  - sed -i '/PasswordAuthentication/d' /etc/ssh/sshd_config
  - echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
  - systemctl restart sshd
  - echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
  - apt update
  - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages
  - reboot
  ```

## Setup
- ssh into root
```
apt update
apt upgrade
reboot
```

- Don't mess with ufw or ssh config or worry about create a sudo user. Do this at the end


## Install Coolify

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash

## Setup
- create username and password. we'll have to change this later because it doesn't use ssl

- select localhost

## Lock down the server

- ssh into dkelly user and change password
- Set the root password `passwd`
- setup ufw

## Add DNS Records

-add wildcard * and empty A records

## Proxy restart

- might need to restart the proxy for ssh keys to take effect