Setting up Arch Linux on Hetzner Cloud

This is a quick guide to how I setup a minimal, customized Arch Linux box on Hetzner Cloud. I use Keybase to bootstrap my secrets (SSH/GPG Keys and other credentials) and yadm to store and bootstrap my dotfiles.

Setup Server

Launch Rescue Console

Bootstrap Arch System

Login to the box

ssh root@ip

Install the bare minimum packages

pacman -Syu --noconfirm base-devel git

Create user

useradd -m -s /bin/bash deepak \
    && passwd -d deepak \
    && echo 'deepak ALL=(ALL) ALL' > /etc/sudoers.d/deepak

Install Trizen

su - deepak

git clone \
    && cd trizen \
    && makepkg -si --needed --noconfirm \

Install a few packages to start with

trizen --noconfirm -Syu \
      aws-cli \
      azure-cli \      
      bash-completion \
      docker \
      go \
      inetutils \
      iproute \
      iputils \
      man-db \
      man-pages \
      mosh \
      nano \
      neovim \
      python-neovim \
      neovim-remote \
      openssh \
      pacman-contrib \
      procps-ng \
      psmisc \
      python-pip \
      python-pipenv \
      ripgrep \
      svn \
      sysfsutils \
      tmux \
      unzip \
      yadm-git \
      zip \
      dotnet-sdk \

Bootstrap Secrets from Keybase

FIXME: Consider using an alternative way to bootstrap secrets like transcrypt.

Install Keybase and bootstrap machine

trizen -Syu --no-confirm keybase kbfs

keybase service &

keybase login debugjois

Check out secrets. I keep all my secrets in a keybase encrypted git repo.

mkdir .keybase
cd .keybase
git clone keybase://private/debugjois/secrets

Setup dotfiles with yadm

Use yadm to check out and bootstrap1 dotfiles

yadm clone --bootstrap


Finally, reboot the system and ssh into the system as deepak

ssh deepak@ip