diff --git a/app/Livewire/Server/New/ByHetzner.php b/app/Livewire/Server/New/ByHetzner.php
index 696c4ead8..788144417 100644
--- a/app/Livewire/Server/New/ByHetzner.php
+++ b/app/Livewire/Server/New/ByHetzner.php
@@ -3,6 +3,7 @@
 namespace App\Livewire\Server\New;
 
 use App\Enums\ProxyTypes;
+use App\Models\CloudInitScript;
 use App\Models\CloudProviderToken;
 use App\Models\PrivateKey;
 use App\Models\Server;
@@ -62,16 +63,33 @@ class ByHetzner extends Component
 
     public bool $enable_ipv6 = true;
 
+    public ?string $cloud_init_script = null;
+
+    public bool $save_cloud_init_script = false;
+
+    public ?string $cloud_init_script_name = null;
+
+    public ?string $cloud_init_script_description = null;
+
+    #[Locked]
+    public Collection $saved_cloud_init_scripts;
+
     public function mount()
     {
         $this->authorize('viewAny', CloudProviderToken::class);
         $this->loadTokens();
+        $this->loadSavedCloudInitScripts();
         $this->server_name = generate_random_name();
         if ($this->private_keys->count() > 0) {
             $this->private_key_id = $this->private_keys->first()->id;
         }
     }
 
+    public function loadSavedCloudInitScripts()
+    {
+        $this->saved_cloud_init_scripts = CloudInitScript::ownedByCurrentTeam()->get();
+    }
+
     public function getListeners()
     {
         return [
@@ -135,6 +153,10 @@ protected function rules(): array
                 'selectedHetznerSshKeyIds.*' => 'integer',
                 'enable_ipv4' => 'required|boolean',
                 'enable_ipv6' => 'required|boolean',
+                'cloud_init_script' => 'nullable|string',
+                'save_cloud_init_script' => 'boolean',
+                'cloud_init_script_name' => 'required_if:save_cloud_init_script,true|nullable|string|max:255',
+                'cloud_init_script_description' => 'nullable|string',
             ]);
         }
 
@@ -372,6 +394,14 @@ public function updatedSelectedImage($value)
         ray('Image selected', $value);
     }
 
+    public function loadCloudInitScript(?int $scriptId)
+    {
+        if ($scriptId) {
+            $script = CloudInitScript::ownedByCurrentTeam()->findOrFail($scriptId);
+            $this->cloud_init_script = $script->script;
+        }
+    }
+
     private function createHetznerServer(string $token): array
     {
         $hetznerService = new HetznerService($token);
@@ -439,6 +469,11 @@ private function createHetznerServer(string $token): array
             ],
         ];
 
+        // Add cloud-init script if provided
+        if (! empty($this->cloud_init_script)) {
+            $params['user_data'] = $this->cloud_init_script;
+        }
+
         ray('Server creation parameters', $params);
 
         // Create server on Hetzner
@@ -460,6 +495,18 @@ public function submit()
                 return $this->dispatch('error', 'You have reached the server limit for your subscription.');
             }
 
+            // Save cloud-init script if requested
+            if ($this->save_cloud_init_script && ! empty($this->cloud_init_script)) {
+                $this->authorize('create', CloudInitScript::class);
+
+                CloudInitScript::create([
+                    'team_id' => currentTeam()->id,
+                    'name' => $this->cloud_init_script_name,
+                    'script' => $this->cloud_init_script,
+                    'description' => $this->cloud_init_script_description,
+                ]);
+            }
+
             $hetznerToken = $this->getHetznerToken();
 
             // Create server on Hetzner
diff --git a/app/Models/CloudInitScript.php b/app/Models/CloudInitScript.php
new file mode 100644
index 000000000..8d2cf72a6
--- /dev/null
+++ b/app/Models/CloudInitScript.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class CloudInitScript extends Model
+{
+    protected $fillable = [
+        'team_id',
+        'name',
+        'script',
+        'description',
+    ];
+
+    protected function casts(): array
+    {
+        return [
+            'script' => 'encrypted',
+        ];
+    }
+
+    public function team()
+    {
+        return $this->belongsTo(Team::class);
+    }
+
+    public static function ownedByCurrentTeam(array $select = ['*'])
+    {
+        $selectArray = collect($select)->concat(['id']);
+
+        return self::whereTeamId(currentTeam()->id)->select($selectArray->all());
+    }
+}
diff --git a/app/Policies/CloudInitScriptPolicy.php b/app/Policies/CloudInitScriptPolicy.php
new file mode 100644
index 000000000..0be4f2662
--- /dev/null
+++ b/app/Policies/CloudInitScriptPolicy.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\CloudInitScript;
+use App\Models\User;
+
+class CloudInitScriptPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, CloudInitScript $cloudInitScript): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, CloudInitScript $cloudInitScript): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, CloudInitScript $cloudInitScript): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, CloudInitScript $cloudInitScript): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, CloudInitScript $cloudInitScript): bool
+    {
+        return $user->isAdmin();
+    }
+}
diff --git a/database/migrations/2025_10_10_120000_create_cloud_init_scripts_table.php b/database/migrations/2025_10_10_120000_create_cloud_init_scripts_table.php
new file mode 100644
index 000000000..15985d986
--- /dev/null
+++ b/database/migrations/2025_10_10_120000_create_cloud_init_scripts_table.php
@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('cloud_init_scripts', function (Blueprint $table) {
+            $table->id();
+            $table->foreignId('team_id')->constrained()->onDelete('cascade');
+            $table->string('name');
+            $table->text('script'); // Encrypted in the model
+            $table->text('description')->nullable();
+            $table->timestamps();
+
+            $table->index('team_id');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('cloud_init_scripts');
+    }
+};
diff --git a/resources/views/livewire/server/new/by-hetzner.blade.php b/resources/views/livewire/server/new/by-hetzner.blade.php
index 8f03bc9b7..775aed601 100644
--- a/resources/views/livewire/server/new/by-hetzner.blade.php
+++ b/resources/views/livewire/server/new/by-hetzner.blade.php
@@ -156,6 +156,39 @@ class="p-4 border border-yellow-500 dark:border-yellow-600 rounded bg-yellow-50
                         </div>
                     </div>
 
+                    <div class="flex flex-col gap-2">
+                        <div class="flex justify-between items-center">
+                            <label class="text-sm font-medium">Cloud-Init Script (Optional)</label>
+                            @if ($saved_cloud_init_scripts->count() > 0)
+                                <x-forms.select id="load_script" wire:change="loadCloudInitScript($event.target.value)"
+                                    label="" helper="">
+                                    <option value="">Load saved script...</option>
+                                    @foreach ($saved_cloud_init_scripts as $script)
+                                        <option value="{{ $script->id }}">{{ $script->name }}</option>
+                                    @endforeach
+                                </x-forms.select>
+                            @endif
+                        </div>
+                        <x-forms.textarea id="cloud_init_script" label=""
+                            helper="Add a cloud-init script to run when the server is created. See Hetzner's documentation for details."
+                            rows="8" />
+
+                        @if (!empty($cloud_init_script))
+                            <div class="flex flex-col gap-2 p-3 border border-neutral-200 dark:border-neutral-700 rounded">
+                                <x-forms.checkbox id="save_cloud_init_script" label="Save this script for later use"
+                                    helper="Save this cloud-init script to your team's library for reuse" />
+
+                                @if ($save_cloud_init_script)
+                                    <div class="flex flex-col gap-2 ml-6">
+                                        <x-forms.input id="cloud_init_script_name" label="Script Name" required />
+                                        <x-forms.textarea id="cloud_init_script_description" label="Description (Optional)"
+                                            rows="2" />
+                                    </div>
+                                @endif
+                            </div>
+                        @endif
+                    </div>
+
                     <div class="flex gap-2 justify-between">
                         <x-forms.button type="button" wire:click="previousStep">
                             Back
diff --git a/tests/Feature/CloudInitScriptTest.php b/tests/Feature/CloudInitScriptTest.php
new file mode 100644
index 000000000..881f0071c
--- /dev/null
+++ b/tests/Feature/CloudInitScriptTest.php
@@ -0,0 +1,101 @@
+<?php
+
+// Note: These tests verify cloud-init script logic without database setup
+
+it('validates cloud-init script is included in server params when provided', function () {
+    $cloudInitScript = "#!/bin/bash\necho 'Hello World'";
+    $params = [
+        'name' => 'test-server',
+        'server_type' => 'cx11',
+        'image' => 1,
+        'location' => 'nbg1',
+        'start_after_create' => true,
+        'ssh_keys' => [123],
+        'public_net' => [
+            'enable_ipv4' => true,
+            'enable_ipv6' => true,
+        ],
+    ];
+
+    // Add cloud-init script if provided
+    if (! empty($cloudInitScript)) {
+        $params['user_data'] = $cloudInitScript;
+    }
+
+    expect($params)
+        ->toHaveKey('user_data')
+        ->and($params['user_data'])->toBe("#!/bin/bash\necho 'Hello World'");
+});
+
+it('validates cloud-init script is not included when empty', function () {
+    $cloudInitScript = null;
+    $params = [
+        'name' => 'test-server',
+        'server_type' => 'cx11',
+        'image' => 1,
+        'location' => 'nbg1',
+        'start_after_create' => true,
+        'ssh_keys' => [123],
+        'public_net' => [
+            'enable_ipv4' => true,
+            'enable_ipv6' => true,
+        ],
+    ];
+
+    // Add cloud-init script if provided
+    if (! empty($cloudInitScript)) {
+        $params['user_data'] = $cloudInitScript;
+    }
+
+    expect($params)->not->toHaveKey('user_data');
+});
+
+it('validates cloud-init script is not included when empty string', function () {
+    $cloudInitScript = '';
+    $params = [
+        'name' => 'test-server',
+        'server_type' => 'cx11',
+        'image' => 1,
+        'location' => 'nbg1',
+        'start_after_create' => true,
+        'ssh_keys' => [123],
+        'public_net' => [
+            'enable_ipv4' => true,
+            'enable_ipv6' => true,
+        ],
+    ];
+
+    // Add cloud-init script if provided
+    if (! empty($cloudInitScript)) {
+        $params['user_data'] = $cloudInitScript;
+    }
+
+    expect($params)->not->toHaveKey('user_data');
+});
+
+it('validates cloud-init script with multiline content', function () {
+    $cloudInitScript = "#cloud-config\n\npackages:\n  - nginx\n  - git\n\nruncmd:\n  - systemctl start nginx";
+    $params = [
+        'name' => 'test-server',
+        'server_type' => 'cx11',
+        'image' => 1,
+        'location' => 'nbg1',
+        'start_after_create' => true,
+        'ssh_keys' => [123],
+        'public_net' => [
+            'enable_ipv4' => true,
+            'enable_ipv6' => true,
+        ],
+    ];
+
+    // Add cloud-init script if provided
+    if (! empty($cloudInitScript)) {
+        $params['user_data'] = $cloudInitScript;
+    }
+
+    expect($params)
+        ->toHaveKey('user_data')
+        ->and($params['user_data'])->toContain('#cloud-config')
+        ->and($params['user_data'])->toContain('packages:')
+        ->and($params['user_data'])->toContain('runcmd:');
+});
diff --git a/tests/Unit/CloudInitScriptValidationTest.php b/tests/Unit/CloudInitScriptValidationTest.php
new file mode 100644
index 000000000..bb4657502
--- /dev/null
+++ b/tests/Unit/CloudInitScriptValidationTest.php
@@ -0,0 +1,76 @@
+<?php
+
+// Unit tests for cloud-init script validation logic
+
+it('validates cloud-init script is optional', function () {
+    $cloudInitScript = null;
+
+    $isRequired = false;
+    $hasValue = ! empty($cloudInitScript);
+
+    expect($isRequired)->toBeFalse()
+        ->and($hasValue)->toBeFalse();
+});
+
+it('validates cloud-init script name is required when saving', function () {
+    $saveScript = true;
+    $scriptName = 'My Installation Script';
+
+    $isNameRequired = $saveScript;
+    $hasName = ! empty($scriptName);
+
+    expect($isNameRequired)->toBeTrue()
+        ->and($hasName)->toBeTrue();
+});
+
+it('validates cloud-init script description is optional', function () {
+    $scriptDescription = null;
+
+    $isDescriptionRequired = false;
+    $hasDescription = ! empty($scriptDescription);
+
+    expect($isDescriptionRequired)->toBeFalse()
+        ->and($hasDescription)->toBeFalse();
+});
+
+it('validates save_cloud_init_script must be boolean', function () {
+    $saveCloudInitScript = true;
+
+    expect($saveCloudInitScript)->toBeBool();
+});
+
+it('validates save_cloud_init_script defaults to false', function () {
+    $saveCloudInitScript = false;
+
+    expect($saveCloudInitScript)->toBeFalse();
+});
+
+it('validates cloud-init script can be a bash script', function () {
+    $cloudInitScript = "#!/bin/bash\napt-get update\napt-get install -y nginx";
+
+    expect($cloudInitScript)->toBeString()
+        ->and($cloudInitScript)->toContain('#!/bin/bash');
+});
+
+it('validates cloud-init script can be cloud-config yaml', function () {
+    $cloudInitScript = "#cloud-config\npackages:\n  - nginx\n  - git";
+
+    expect($cloudInitScript)->toBeString()
+        ->and($cloudInitScript)->toContain('#cloud-config');
+});
+
+it('validates script name max length is 255 characters', function () {
+    $scriptName = str_repeat('a', 255);
+
+    expect(strlen($scriptName))->toBe(255)
+        ->and(strlen($scriptName))->toBeLessThanOrEqual(255);
+});
+
+it('validates script name exceeding 255 characters should be invalid', function () {
+    $scriptName = str_repeat('a', 256);
+
+    $isValid = strlen($scriptName) <= 255;
+
+    expect($isValid)->toBeFalse()
+        ->and(strlen($scriptName))->toBeGreaterThan(255);
+});