Hetzner VMs With Auto-WireGuard Script

Leave a Comment / By /

Need a quick, disposable VM that connects to your private network, every time? Meet hcloud-wireguard-autovm: the fastest way to spin up, provision, and link Hetzner VMs to your own WireGuard network in minutes.

Visit the Git Repo at: https://gitlab.technologiehub.at/techhubwien-public/hcloud-wireguard-autovm

What is hcloud-wireguard-autovm?

If you ever wished for a one-command solution to create, configure, and then securely tear down VMs in Hetzner Cloud and you wanted those VMs to instantly appear in your own LAN or VPN via WireGuard, this is for you🫵.

hcloud-wireguard-autovm is a minimal, script-based automation toolkit that does all of the following:

  • Provisions a new VM on Hetzner Cloud, using your preferred OS and VM size
  • Waits until the server is accessible via SSH
  • Connects the VM to your own WireGuard VPN on first boot, giving it a stable internal IP address
  • Runs a fully-customizable Ansible playbook (site.yml) to install whatever you need
  • Destroys the VM when you’re done, so you never pay for unused resources

Why?

Spinning up VMs in the cloud is easy—but making them immediately part of your own secure private network (and tearing them down just as fast) usually isn’t. This project solves:

  • Temporary Dev/Test Environments: Need a safe, clean Linux server for a few hours? Now it’s one command away.
  • Private Cloud Apps: Instantly link throwaway SaaS, web apps, or monitoring nodes to your real infrastructure without public exposure.
  • Automated CI/CD Runners: Bring up a build node, have it join your network, run your job, destroy it—no manual networking required.
  • Learning & Labs: Explore, hack, and prototype in an isolated cloud sandbox—fully private.

How It Works

  1. Create a VM:./create_vm.sh
    • Calls Hetzner Cloud API (via hcloud CLI) to launch a new server
    • Waits for SSH to come online
    • Writes a one-host Ansible inventory file on the fly
    • Provisions the VM with site.yml (your Ansible playbook)
    • The VM connects to your WireGuard server as soon as it boots, guaranteed
  2. Destroy the VM:./destroy_vm.sh
    • Destroys the server by name in Hetzner Cloud

What You Need

  • Ansible (for provisioning)
  • hcloud CLI (for Hetzner API)
  • WireGuard (on your home/office router or a VPS) # optional, just remove the wireguard related lines in site.yml
  • Hetzner API token and SSH key uploaded

Example: Your Workflow in Action

  1. Edit your Ansible playbook (site.yml) with whatever you want on the new VM (Docker, Nextcloud, dev tools, etc).
  2. Run ./create_vm.sh. Wait a minute. VM is up, networked, and configured!
  3. Use it: SSH via your WireGuard IP, or deploy/test your app.
  4. Done? Run ./destroy_vm.sh. That’s it.

Why WireGuard?

  • Secure by default: No public ports or open security holes.
  • Consistent private IP: VMs always get the same IP, perfect for access rules, internal DNS, or NFS mounts.
  • Super simple to automate.

Extending/Customizing

The magic is in site.yml—install anything! Want Docker, a web server, a monitoring agent? Just add it to your playbook. Need NFS, VPN, or custom SSH configs? All possible.

You can even fork the repo to add more options or handle multiple roles with just a few Bash tweaks.

Ready to Try?

The full code and setup steps are here. Fork, clone, or star to follow updates.

TL;DR: Stop spending hours on throwaway VMs, launch, network, provision, and destroy, all with one simple toolkit. hcloud-wireguard-autovm is your shortcut to safer, faster cloud dev and automation.

Views: 3
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Scroll to Top