Skip to content
mvm-deployment

Hetzner Cloud (no-KVM lane)

Hetzner Cloud is the no-KVM lane. Verified empirically May 2026 that no Hetzner Cloud tier (CCX, CPX, CAX) exposes nested virt — /dev/kvm is absent and Firecracker simply can’t run.

What runs here

Section titled “What runs here”
  • cargo fmt --all -- --check
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo test --workspace --no-fail-fast
  • cargo deny check
  • cargo audit

What does not

Section titled “What does not”
  • Anything that touches Firecracker.
  • The seccomp functional probe (cargo test -p mvm-guest --test seccomp_apply).
  • nix build of microVM images.
  • cargo fuzz.

For those, use the ephemeral lane on a /dev/kvm-capable provider.

Provisioning

Section titled “Provisioning”

ops/hetzner/cloud-init.yaml is system-only — apt + rustup + cargo-tools. There is no companion up.sh here; provisioning a Hetzner Cloud box is a one liner with hcloud:

Terminal window
hcloud server create \
  --name mvm-hetzner-test \
  --type cpx51 \
  --image ubuntu-24.04 \
  --user-data-from-file ops/hetzner/cloud-init.yaml \
  --ssh-key <your-key>

Then ssh in and bash ~/run-tests.sh.