projectsdrawing of a fox, shaded in rainbow accentsgallery

VPS setup


This setup will work on any of the (common) VPS providers, but I include some specific steps for Hetzner's Cloud (most importantly, the network setup).

I start with a CX11 server, as it's resources are easy to upgrade later. The OS Image doesn't matter as we'll be overwriting it with Arch later. Make sure to enable your SSH key for easy access.
Hostname isn't too important for now, as you can change it in the control panel later, and we'll set the final hostname during the Arch installation (but start thinking now :) )
From the control panel, we can now mount the archlinux iso Hetzner provides, (select server > iso images > pick arch from the list), and boot into it by restarting the server. The Arch ISO will not start without keypress, so you need to use the web console for the first steps.


In the web console, press enter to boot into Arch Linux. After boot, it's easiest to change the password, and then enable ssh for the installer, so you can do the following steps from the comfort of your own terminal:

passwd systemctl start sshd

You can now close the webconsole, and ssh to root@, with the password you just set.

Next we will mainly be following the Arch Installation Guide.
Internet should work automatically, albeit only over ipv4 (as Hetzner uses a non-standard ipv6 gateway). Set the keyboard layout and timezone as needed, after which we can partition the disk.


The Hetzner VPS has a 20gb disk, on /dev/sda1. Format it to BTRFS by running

mkfs.btrfs -f /dev/sda1

where -f is to overwrite the existing Ubuntu ext4 filesystem
Mount this to /mnt, with it's compression set to lzo:

mount -o compress-force=zstd /dev/sda1 /mnt

If you want to split your installation over different subvolumes, now is the time. If you do: make sure everything is mounted in /mnt, as genfstab will use the same setup for your installation.


Hetzner does not offer their own Arch mirror unfortunately, but using any of the mirrors close to your hosting location should be fine, as bandwidth is not really an issue.
View the available mirrors in /etc/pacman.d/mirrorlist, and prioritise mirrors close to your hosting location by moving them to the top of the file. The installation process will copy this over later.

Install the required base packages:

pacstrap /mnt base linux linux-firmware btrfs-progs dhcpcd neovim


genfstab will take the mounted (sub)volumes, to populate your install's fstab file

genfstab -U /mnt >> /mnt/etc/fstab

check the resulting /mnt/etc/fstab, fixing errors if neccesary.

chroot into the /mnt directory:

arch-chroot /mnt

set your timezone:

ln -sf /usr/share/zoneinfo/Region/City /etc/localtime # generates offset file hwclock --systohc

uncomment en_US.UTF-8 UTF-8 in /etc/locale.gen and generate it by running



Set your chosen hostname in /etc/hostname, and update the /etc/hosts file accordingly, taking your servers ipv4 address and the chosen hostname:

# /etc/hosts localhost ::1 localhost SERVER_IP4 YOUR_HOSTNAME
systemctl enable systemd-networkd

then edit create a network config file:

# /etc/systemd/network/ [Match] # check by running ip a Name=ens3 [Network] DHCP=yes # Set to the ipv6 address assigned to your server Address = IPV6::1/64 # Hetzner specific ipv6 gateway Gateway = fe80::1

and set a DNS nameserver:

# /etc/resolv.conf nameserver:

Generate the initramfs:

mkinitcpio -P

Set the root password:


Now install the GRUB bootloader:

pacman -S grub # install to the disk grub-install --target=i386-pc /dev/sda # generate the config grub-mkconfig -o /boot/grub/grub.cfg

Install and enable ssh:

pacman -S openssh systemctl enable sshd

then copy over your public key to /root/.ssh/authorized_keys

run exit to get out of the chroot, and poweroff to shut down the live enviroment. We can now remove the Arch ISO in the Hetzner control panel, and boot the server.

If your installation fails to boot (check the webconsole), you can always reboot into the arch iso by mounting it again, and (re)running the steps above.

Server Setup

SSH'ing into your new installation will give a fingerprint error, as it will be different from the live enviroment. Remove the fingerprint from your local ~/.ssh/known_hosts Lets start by upgrading, and then installing some of the utilities we need:

pacman -S nginx dehydrated borgmatic zsh git chsh -s /bin/zsh

I store my configs for these in git, so I set that as origin and pull from those. I would recommend forking these, so you can make changes (and hopefully send pullrequests :D)

cd / git init / git remote add origin git pull origin master

SSL config needs the dshparam file, generate it:

1 openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 8192


I use Borgmatic for backups, with storage rented at BorgBase.
The configuration will work with any (self-hosted) repo's though, just fill in the url under repositories. The password is stored separately in /etc/borgmatic/password
!! make sure it's only readable by root (chmod 600) !!


systemd timers for scheduled nightly backups and ssl cert renewal need to be enabled:

systemctl enable dehydrated.timer borgmatic.timer