Go to the [Heztner console][] and clikety on the web interface to get
a new instance. Credentials are in `tor-passwords.git` in
`hosts-extra-info` under `hetzner`.
[Heztner console]: https://console.hetzner.cloud/
Pick the following settings:
1. Location: depends on the project, a monitoring server might be
better in a different location than the other VMs
1. Image: Debian 9
1. Type: depends on the project
1. Volume: only if extra space is required
1. Additional features: nothing (no user data or backups)
1. SSH key: enable all configured keys
1. Name: FQDN picked from the [[doc/naming-scheme]]
1. Create the server
Then, since we actually want our own Debian install, and since we want the root filesystem to be encrypted,
continue with:
1. Continue on Hetzner's web interface, select the server.
1. ISO-Images: Mount SystemRescueCD (2018-04-02)
1. reboot the system and it will boot into the rescue system
1. open the console (the icon is near the top right)
1. set a root password in the rescue system
1. get the `ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub` output
1. on your host, ssh-copy-id root@<ipaddr>
1. then copy over `/usr/share/keyrings/debian-archive-keyring.gpg` and `tor-install-hetzner` to the new host,
1. log into the host and run `./tor-install-hetzner`
1. once done, note down all the info and shutdown the VM
1. you might have to kill this terminal since the rescue system has done weird copy-paste settings to your terminal (you will know once the passphrase is not accepted at the copy/paste step a few items down)
1. unmount the iso (ISO Images tab), start the VM (power tab or top right).
1. `ssh -o FingerprintHash=md5 -o UserKnownHostsFile=~/.ssh/known_hosts.initramfs root@<ipaddr>` to unlock the host,
1. `ssh root@<ipaddr>` to access it once booted and then
Then
1. Document the LUKS passphrase and root password as well as initramfs ssh key fingerprints in tor-passwords,
1. follow the rest of [[new-machine]].