diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/Readme.md b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..15afe087c66ab2a542f5aed6e955a327a9259b65
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/Readme.md
@@ -0,0 +1,4 @@
+# Adding a volume
+
+
+
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/bin/.gitignore b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/bin/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..c96a04f008ee21e260b28f7701595ed59e2839e3
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/bin/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/gen/.gitignore b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/gen/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..c96a04f008ee21e260b28f7701595ed59e2839e3
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/gen/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/main.tf b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..27f503280ccb9d550939c35e9a76af3f35c67497
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/main.tf
@@ -0,0 +1,56 @@
+terraform {
+ required_providers {
+ hcloud = {
+ source = "hetznercloud/hcloud"
+ }
+ }
+ required_version = ">= 0.13"
+}
+
+provider "hcloud" {
+ token = var.hcloud_token
+}
+resource "tls_private_key" "host" {
+ algorithm = "ED25519"
+}
+
+resource "hcloud_ssh_key" "loginUser" {
+ name = "goik@hdm-stuttgart.de"
+ public_key = file("~/.ssh/id_ed25519.pub")
+}
+
+resource "hcloud_server" "helloServer" {
+ name = "hello"
+ image = "debian-12"
+ server_type = "cx11"
+ user_data = templatefile("tpl/userData.yml", {
+ host_ed25519_private = indent(4, tls_private_key.host.private_key_openssh) # yaml format parsing quirk, sigh!
+ host_ed25519_public = tls_private_key.host.public_key_openssh
+ devopsSshPublicKey = hcloud_ssh_key.loginUser.public_key
+ })
+ ssh_keys = [hcloud_ssh_key.loginUser.id]
+ firewall_ids = [hcloud_firewall.sshFw.id]
+}
+
+resource "hcloud_volume" "volume01" {
+ name = "volume1"
+ size = 10
+ server_id = hcloud_server.helloServer.id
+ automount = true
+ format = "xfs"
+}
+
+resource "local_file" "known_hosts" {
+ content = "${hcloud_server.helloServer.ipv4_address} ${tls_private_key.host.public_key_openssh}"
+ filename = "gen/known_hosts"
+ file_permission = "644"
+}
+
+resource "local_file" "ssh_script" {
+ content = templatefile("tpl/ssh.sh", {
+ ip = hcloud_server.helloServer.ipv4_address
+ })
+ filename = "bin/ssh"
+ file_permission = "700"
+ depends_on = [local_file.known_hosts]
+}
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/network.tf b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/network.tf
new file mode 100644
index 0000000000000000000000000000000000000000..0a58ea6647bf9530394a4d5491b0e76eab5da606
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/network.tf
@@ -0,0 +1,12 @@
+resource "hcloud_firewall" "sshFw" {
+ name = "www-firewall"
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "22"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+}
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/outputs.tf b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/outputs.tf
new file mode 100644
index 0000000000000000000000000000000000000000..f042c89a164a6b4adfa8232e5783b068f866f80c
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/outputs.tf
@@ -0,0 +1,9 @@
+output "hello_ip_addr" {
+ value = hcloud_server.helloServer.ipv4_address
+ description = "The server's IPv4 address"
+}
+
+output "volume_id" {
+ value = hcloud_volume.volume01.id
+ description = "The volume's id"
+}
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/secrets.auto.tfvars.template b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/secrets.auto.tfvars.template
new file mode 100644
index 0000000000000000000000000000000000000000..5929da087a27aa9b1d390187a3dd39a7ab347fc0
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/secrets.auto.tfvars.template
@@ -0,0 +1 @@
+hcloud_token="your_api_token_goes_here"
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/ssh.sh b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/ssh.sh
new file mode 100644
index 0000000000000000000000000000000000000000..5de61bbbfc9871279e8991caded30b635650ae7b
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/ssh.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+GEN_DIR=$(dirname "$0")/../gen
+
+ssh -o UserKnownHostsFile="$GEN_DIR/known_hosts" devops@${ip} "$@"
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/userData.yml b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/userData.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c8f9aa904b569a7d33bf273586a9177fa14a9450
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/userData.yml
@@ -0,0 +1,40 @@
+#cloud-config
+
+ssh_keys:
+ ed25519_private: |
+ ${host_ed25519_private}
+ ed25519_public: ${host_ed25519_public}
+users:
+ - name: devops
+ groups: sudo
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ${devopsSshPublicKey}
+
+package_update: true
+package_upgrade: true
+package_reboot_if_required: true
+
+packages:
+ - fail2ban
+ - python3-systemd # See https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12#answer-1830273
+ - vim # Enhanced vi command
+ - mlocate
+runcmd:
+ # Workaround https://github.com/hetznercloud/terraform-provider-hcloud/issues/473#issuecomment-971535629-permalink
+ - udevadm trigger -c add -s block -p ID_VENDOR=HC --verbose -p ID_MODEL=Volume
+ # Fail2ban activation (spanning multiple line syntax)
+ - >
+ printf "[sshd]\nenabled = true\nbackend = systemd\nbanaction = iptables-multiport" >
+ /etc/fail2ban/jail.d/defaults-debian.conf
+ - systemctl enable fail2ban
+ - systemctl start fail2ban
+ # ssh daemon defaults
+ - sed -ie '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+ - sed -ie '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+ - sed -ie '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh/authorized_keys/' /etc/ssh/sshd_config
+ - sed -i '$a AllowUsers devops' /etc/ssh/sshd_config
+ - systemctl restart ssh
+ # Generation mlocate index
+ - updatedb
diff --git a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/variables.tf b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..3eefa6804960a042381853d0ed36d7936b7b5c9b
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/variables.tf
@@ -0,0 +1,4 @@
+variable "hcloud_token" { # See secret.auto.tfvars
+ nullable = false
+ sensitive = true
+}
\ No newline at end of file
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/Readme.md b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..962ec7980b6317e8ec62f0b5485b11d5d53f699d
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/Readme.md
@@ -0,0 +1,4 @@
+# Adding a volume and supplying a mount point name
+
+
+
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/bin/.gitignore b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/bin/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..c96a04f008ee21e260b28f7701595ed59e2839e3
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/bin/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/gen/.gitignore b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/gen/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..c96a04f008ee21e260b28f7701595ed59e2839e3
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/gen/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/main.tf b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..5ba782d49ed96bf03cd1b1c6d483d5a6f56f4431
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/main.tf
@@ -0,0 +1,66 @@
+terraform {
+ required_providers {
+ hcloud = {
+ source = "hetznercloud/hcloud"
+ }
+ }
+ required_version = ">= 0.13"
+}
+
+provider "hcloud" {
+ token = var.hcloud_token
+}
+resource "tls_private_key" "host" {
+ algorithm = "ED25519"
+}
+
+resource "hcloud_ssh_key" "loginUser" {
+ name = "goik@hdm-stuttgart.de"
+ public_key = file("~/.ssh/id_ed25519.pub")
+}
+
+resource "hcloud_volume" "volume01" {
+ name = "volume1"
+ location = "nbg1"
+ size = 10
+ format = "xfs"
+}
+
+resource "hcloud_server" "helloServer" {
+ name = "hello"
+ location = "nbg1"
+ image = "debian-12"
+ server_type = "cx11"
+ user_data = templatefile("tpl/userData.yml", {
+ host_ed25519_private = indent(4, tls_private_key.host.private_key_openssh) # yaml format parsing quirk, sigh!
+ host_ed25519_public = tls_private_key.host.public_key_openssh
+ devopsSshPublicKey = hcloud_ssh_key.loginUser.public_key
+ volume01Id = hcloud_volume.volume01.id
+ })
+ ssh_keys = [hcloud_ssh_key.loginUser.id]
+ firewall_ids = [hcloud_firewall.sshFw.id]
+}
+
+resource "hcloud_volume_attachment" "main" {
+ volume_id = hcloud_volume.volume01.id
+ server_id = hcloud_server.helloServer.id
+
+
+
+}
+
+
+resource "local_file" "known_hosts" {
+ content = "${hcloud_server.helloServer.ipv4_address} ${tls_private_key.host.public_key_openssh}"
+ filename = "gen/known_hosts"
+ file_permission = "644"
+}
+
+resource "local_file" "ssh_script" {
+ content = templatefile("tpl/ssh.sh", {
+ ip = hcloud_server.helloServer.ipv4_address
+ })
+ filename = "bin/ssh"
+ file_permission = "700"
+ depends_on = [local_file.known_hosts]
+}
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/network.tf b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/network.tf
new file mode 100644
index 0000000000000000000000000000000000000000..0a58ea6647bf9530394a4d5491b0e76eab5da606
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/network.tf
@@ -0,0 +1,12 @@
+resource "hcloud_firewall" "sshFw" {
+ name = "www-firewall"
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "22"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+}
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/outputs.tf b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/outputs.tf
new file mode 100644
index 0000000000000000000000000000000000000000..f042c89a164a6b4adfa8232e5783b068f866f80c
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/outputs.tf
@@ -0,0 +1,9 @@
+output "hello_ip_addr" {
+ value = hcloud_server.helloServer.ipv4_address
+ description = "The server's IPv4 address"
+}
+
+output "volume_id" {
+ value = hcloud_volume.volume01.id
+ description = "The volume's id"
+}
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/secrets.auto.tfvars.template b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/secrets.auto.tfvars.template
new file mode 100644
index 0000000000000000000000000000000000000000..5929da087a27aa9b1d390187a3dd39a7ab347fc0
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/secrets.auto.tfvars.template
@@ -0,0 +1 @@
+hcloud_token="your_api_token_goes_here"
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/ssh.sh b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/ssh.sh
new file mode 100644
index 0000000000000000000000000000000000000000..5de61bbbfc9871279e8991caded30b635650ae7b
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/ssh.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+GEN_DIR=$(dirname "$0")/../gen
+
+ssh -o UserKnownHostsFile="$GEN_DIR/known_hosts" devops@${ip} "$@"
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/userData.yml b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/userData.yml
new file mode 100644
index 0000000000000000000000000000000000000000..af93678a6b4893753bc572abf8c58e1bb4aa8977
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/userData.yml
@@ -0,0 +1,44 @@
+#cloud-config
+
+ssh_keys:
+ ed25519_private: |
+ ${host_ed25519_private}
+ ed25519_public: ${host_ed25519_public}
+users:
+ - name: devops
+ groups: sudo
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ${devopsSshPublicKey}
+
+package_update: true
+package_upgrade: true
+package_reboot_if_required: true
+
+packages:
+ - fail2ban
+ - python3-systemd # See https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12#answer-1830273
+ - vim # Enhanced vi command
+ - mlocate
+runcmd:
+ # Fail2ban activation
+ - >
+ printf "[sshd]\nenabled = true\nbackend = systemd\nbanaction = iptables-multiport" >
+ /etc/fail2ban/jail.d/defaults-debian.conf
+ - systemctl enable fail2ban
+ - systemctl start fail2ban
+ # ssh daemon defaults
+ - sed -ie '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+ - sed -ie '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+ - sed -ie '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh/authorized_keys/' /etc/ssh/sshd_config
+ - sed -i '$a AllowUsers devops' /etc/ssh/sshd_config
+ - systemctl restart ssh
+ # Generation mlocate index
+ - updatedb
+ # Re-mounting volume to desired mount point
+ - mkdir /volume01
+ - echo `/bin/ls /dev/disk/by-id/*${volume01Id}` /volume01 xfs discard,nofail,defaults 0 0 >> /etc/fstab
+# - sed -ie '/\/mnt\/HC_Volume_'${volume01Id}'/s/\/mnt\/HC_Volume_'${volume01Id}'/\/volume01/' /etc/fstab
+ - systemctl daemon-reload
+ - mount -a
diff --git a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/variables.tf b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..3eefa6804960a042381853d0ed36d7936b7b5c9b
--- /dev/null
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/variables.tf
@@ -0,0 +1,4 @@
+variable "hcloud_token" { # See secret.auto.tfvars
+ nullable = false
+ sensitive = true
+}
\ No newline at end of file
diff --git a/Doc/Sdi/CloudProvider/gettingStarted.xml b/Doc/Sdi/CloudProvider/gettingStarted.xml
index a70b46c205e047f80d52f810564bf673c4aa55cf..84ad349a1ea8e24408365be4e6e43ed470dc545b 100644
--- a/Doc/Sdi/CloudProvider/gettingStarted.xml
+++ b/Doc/Sdi/CloudProvider/gettingStarted.xml
@@ -1110,4 +1110,100 @@ Status for the jail: sshd
</qandadiv>
</qandaset>
</section>
+
+ <section xml:id="sdi_cloudProvider_volume">
+ <title>Volumes</title>
+
+ <figure xml:id="sdi_cloudProvider_volumeTheEasyWay">
+ <title>A volume: The easy way</title>
+
+ <informaltable border="0">
+ <tr>
+ <td valign="top"><programlisting language="tf">resource "<emphasis
+ role="red">hcloud_server</emphasis>" "<emphasis role="red">helloServer</emphasis>" {
+ server_type = "cx11"
+...
+}
+
+resource "hcloud_volume" "volume01" {
+ name = "volume1"
+ size = 10
+ server_id = <emphasis role="red">hcloud_server</emphasis>.<emphasis
+ role="red">helloServer</emphasis>.id
+ automount = true
+ format = "xfs"
+}</programlisting></td>
+
+ <td valign="top"><screen>df
+...
+/mnt/HC_Volume_100723816</screen><tip>
+ <para>Consider the <link
+ xlink:href="https://github.com/hetznercloud/terraform-provider-hcloud/issues/473#issuecomment-971535629-permalink">automount
+ workaround</link>.</para>
+ </tip></td>
+ </tr>
+ </informaltable>
+ </figure>
+
+ <figure xml:id="sdi_cloudProvider_volumeEasyDetails">
+ <title>Volume details</title>
+
+ <informaltable border="0">
+ <tr>
+ <td valign="top"><programlisting language="tf">output "volume_id" {
+ value = hcloud_volume.volume01.id
+ description = "The volume's id"
+}</programlisting><screen>terraform apply
+...
+hello_ip_addr = "37.27.22.189"
+volume_id = "<emphasis role="red">100723816</emphasis>"</screen></td>
+
+ <td valign="top"><screen># ls /dev/disk/by-id/*<emphasis role="red">100723816</emphasis>
+/dev/disk/by-id/scsi-0HC_Volume_<emphasis role="red">100723816</emphasis></screen><para>Desired
+ <code>/etc/fstab</code>:</para><programlisting language="none">/dev/disk/by-id/scsi-0HC_Volume_<emphasis
+ role="red">100723816</emphasis>
+ /volume01 xfs discard,nofail,defaults 0 0</programlisting></td>
+ </tr>
+ </informaltable>
+ </figure>
+
+ <figure xml:id="sdi_cloudProvider_volumeMountPointNameStrategy">
+ <title>Providing a mount point's name</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Create volume and server independently</para>
+
+ <tip>
+ <para>Choose a common <code
+ xlink:href="https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/volume#location">location</code>
+ value for server and volume e.g. <code>nbg1</code>.</para>
+ </tip>
+ </listitem>
+
+ <listitem>
+ <para>Attach volume to server by virtue of <code
+ xlink:href="https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/volume_attachment">hcloud_volume_attachment</code>
+ setting <code>automount = false</code>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Pass the volume's id to your
+ <productname>Cloud-init</productname> template and add a
+ corresponding line to <filename>/etc/fstab</filename>.</para>
+
+ <tip>
+ <para>You may have to execute <command>systemctl</command>
+ <option>daemon-reload</option> after modifying
+ <filename>/etc/fstab</filename></para>
+ </tip>
+ </listitem>
+
+ <listitem>
+ <para>Execute <command>mount</command> <option>-a</option> for
+ taking your changes into effect</para>
+ </listitem>
+ </itemizedlist>
+ </figure>
+ </section>
</chapter>