# Hetzner Cloud Primary cloud provider for the Hydra ecosystem. Hosts most infrastructure, manages all DNS zones. ## CLI Setup The `hcloud` CLI is the primary management tool. ```bash hcloud version # v1.54+ required for DNS support ``` ### Contexts Each Hetzner project has its own API token, managed as a context. **Never use `hcloud context use`** — it modifies the global config and affects all terminals. Instead, use per-terminal environment variables: ```bash export HCLOUD_CONTEXT=hydraexperiencenet export HCLOUD_CONTEXT=nimsforest export HCLOUD_CONTEXT=cederik ``` Available contexts: | Context | Project | Primary use | |---------|---------|-------------| | `hydraexperiencenet` | ExperienceNet | Streaming infrastructure, HydraGuard, release server | | `nimsforest` | NimsForest | Land servers, NimsForest platform, neoremote | | `cederik` | Cederik | Personal sites, Hugo static hosting | ## DNS Management All DNS is managed through Hetzner DNS regardless of where the server lives (including OVHcloud instances). ```bash # List zones hcloud zone list # List records for a zone hcloud zone rrset list hcloud zone rrset list --type A # Filter by type # Create A record hcloud zone rrset create --name --type A --record # Update existing record hcloud zone rrset set-records --record # Delete record hcloud zone rrset delete ``` ### Key DNS Zones | Zone | Zone ID | Context | Nameservers | |------|---------|---------|-------------| | experiencenet.com | 788422 | hydraexperiencenet | hydrogen/oxygen/helium.ns.hetzner | | hydrahardware.io | 788543 | hydraexperiencenet | hydrogen/oxygen/helium.ns.hetzner | | mynimsforest.com | 986638 | nimsforest | hydrogen/oxygen/helium.ns.hetzner | All domains use Hetzner nameservers. Domains are registered on Namecheap (user: HaverbekeC) with NS records pointing to Hetzner. ## Server Types | Type | vCPU | RAM | Disk | Use case | |------|------|-----|------|----------| | cx22 | 2 | 4 GB | 40 GB | Avoid — use cx23 instead | | cx23 | 2 | 4 GB | 40 GB | Standard for lightweight services | | cx32 | 4 | 8 GB | 80 GB | Medium workloads | Always use `cx23` as the minimum (not `cx22`). ## Firewall Hetzner has two firewall layers: 1. **Hetzner Cloud Firewall** — managed via `hcloud firewall` or web console. Applied at the network level before traffic reaches the instance. 2. **UFW on the instance** — standard Linux firewall. Both layers must allow a port for traffic to pass. When opening a port, check both: ```bash # Hetzner firewall (if applied to the server) hcloud firewall describe # UFW on the instance ssh root@ 'ufw status' ``` ## SSH Access Two key types used across Hetzner: | Key | File | Use | |-----|------|-----| | hydra_admin | `~/.ssh/hydra_admin_new.pem` | Legacy Hetzner servers | | neoremote (id_ed25519) | `~/.ssh/id_ed25519` | GitHub + newer servers | For servers without SSH access, use Hetzner rescue mode: ```bash export HCLOUD_CONTEXT= hcloud server enable-rescue --ssh-key hcloud server reboot # SSH in, mount disk, add key to /mnt/root/.ssh/authorized_keys # Then disable rescue and reboot back to normal hcloud server disable-rescue hcloud server reboot ``` ## Key Servers | Server | IP | Context | Purpose | |--------|-----|---------|---------| | hydracluster | 46.224.29.125 | hydraexperiencenet | Node fleet management | | releases | 46.225.120.7 | hydraexperiencenet | Release file server | | dashboard | 78.47.174.83 | hydraexperiencenet | hydrastreamingmonitor, hydranorthstar, hydrabodystatus, hydraissue, hydrabooks | | land-shared-one | 46.225.164.179 | nimsforest | Land server (NimsForest containers) | | neoremote | neo.nims.nimsforest.com | nimsforest | Headless Claude hub | | cederik-web | 188.245.221.34 | cederik | Hugo static sites | | hydraguard (old) | 89.167.57.232 | hydraexperiencenet | Former WireGuard hub (migrated to OVHcloud Brussels) | | hydraneckwebrtc (old) | 46.225.220.240 | hydraexperiencenet | Former WebRTC relay (migrated to OVHcloud Brussels) |