docs: [#28] add floating IP network interface configuration to Hetzner guide

- Add comprehensive Step 6.5 covering server-side floating IP setup
- Document two-phase Hetzner floating IP configuration requirement
- Include netplan configuration with dual IP support (DHCP + floating)
- Add external connectivity verification and troubleshooting steps
- Explain network architecture with persistent configuration
- Cover 2-5 minute propagation time for external routing
- Include complete technical reference for floating IP implementation

Addresses server-side configuration requirement for Hetzner floating IP
external accessibility as documented in official Hetzner documentation.

Author: josecelano

docs/guides/providers/hetzner/hetzner-cloud-setup-guide.md

@@ -326,6 +326,191 @@ make infra-apply ENVIRONMENT_TYPE=production ENVIRONMENT_FILE=production-hetzner
 make app-deploy ENVIRONMENT_TYPE=production ENVIRONMENT_FILE=production-hetzner
 ```
 
+## Step 6.5: Configure Floating IP Network Interface
+
+After infrastructure deployment, Hetzner assigns the floating IP at the cloud level, but
+the server requires additional network configuration to use the floating IP for external
+connectivity. This is a **required step** for floating IP functionality.
+
+### Why This Step is Necessary
+
+Hetzner's floating IP system requires two-phase configuration:
+
+1. **Cloud-level assignment** (handled by Terraform during `infra-apply`)
+2. **Server-level network interface configuration** (manual step detailed below)
+
+Without the server-side configuration, the floating IP will not be accessible externally,
+even though it appears assigned in the Hetzner Cloud Console.
+
+### 6.5.1 Verify Current Network Configuration
+
+First, check the current network setup:
+
+```bash
+# SSH into your server
+make vm-ssh ENVIRONMENT=staging  # or production
+
+# Check current network interfaces
+ip addr show eth0
+
+# Check current netplan configuration
+sudo cat /etc/netplan/50-cloud-init.yaml
+```
+
+You should see output similar to:
+
+```text
+2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 96:00:00:12:34:56 brd ff:ff:ff:ff:ff:ff
+    inet 188.245.95.154/32 scope global dynamic eth0
+       valid_lft 86395sec preferred_lft 86395sec
+    inet6 2a01:4f8:c014:333e::1/64 scope global
+       valid_lft forever preferred_lft forever
+```
+
+Note that only the DHCP IP (e.g., `188.245.95.154`) and IPv6 address are configured.
+
+### 6.5.2 Configure Floating IP on Network Interface
+
+Create a separate netplan configuration for the floating IP:
+
+```bash
+# Create floating IP network configuration
+sudo tee /etc/netplan/60-floating-ip.yaml > /dev/null << 'EOF'
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    eth0:
+      dhcp4: true
+      addresses:
+        - 78.47.140.132/32
+EOF
+
+# Set proper permissions
+sudo chmod 600 /etc/netplan/60-floating-ip.yaml
+
+# Validate the configuration
+sudo netplan try
+
+# If validation succeeds, apply the configuration
+sudo netplan apply
+```
+
+**Important**: Replace `78.47.140.132` with your actual floating IP address from your
+environment configuration file.
+
+### 6.5.3 Verify Floating IP Configuration
+
+After applying the configuration, verify both IP addresses are active:
+
+```bash
+# Check that both IPs are configured on eth0
+ip addr show eth0
+
+# Expected output should show both addresses:
+# inet 78.47.140.132/32 scope global eth0        <- Floating IP
+# inet 188.245.95.154/32 scope global dynamic eth0  <- DHCP IP
+
+# Test internal connectivity to floating IP
+ping -c 3 78.47.140.132
+
+# Check systemd-networkd status
+sudo systemctl status systemd-networkd
+```
+
+### 6.5.4 Test External Connectivity
+
+From your local machine, test connectivity to the floating IP:
+
+```bash
+# Test SSH connectivity (may take a few minutes for routing to propagate)
+timeout 10 ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 \
+  [email protected] "echo 'Floating IP SSH works'"
+
+# Test ping connectivity
+ping -c 3 78.47.140.132
+
+# Test HTTP port connectivity
+timeout 5 nc -zv 78.47.140.132 22
+```
+
+**Note**: External connectivity may take 2-5 minutes to become available after configuration
+due to Hetzner's network routing propagation. If connectivity tests fail initially, wait
+a few minutes and retry.
+
+### 6.5.5 Understanding the Network Configuration
+
+The floating IP configuration uses this approach:
+
+```yaml
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    eth0:
+      dhcp4: true # Preserves DHCP for primary IP
+      addresses:
+        - 78.47.140.132/32 # Adds floating IP as additional address
+```
+
+This configuration:
+
+- ✅ **Preserves DHCP**: Maintains automatic IP assignment from Hetzner
+- ✅ **Adds Floating IP**: Configures floating IP as additional address
+- ✅ **Maintains Connectivity**: Ensures both IPs work simultaneously
+- ✅ **Persistent Setup**: Survives server reboots
+
+### 6.5.6 Troubleshooting
+
+If you encounter issues:
+
+1. **Check netplan syntax**:
+
+   ```bash
+   sudo netplan try
+   ```
+
+2. **Verify file permissions**:
+
+   ```bash
+   ls -la /etc/netplan/60-floating-ip.yaml
+   # Should show: -rw------- 1 root root
+   ```
+
+3. **Check systemd-networkd logs**:
+
+   ```bash
+   sudo journalctl -u systemd-networkd -f
+   ```
+
+4. **Reset network configuration if needed**:
+
+   ```bash
+   # Remove floating IP config and restart networking
+   sudo rm /etc/netplan/60-floating-ip.yaml
+   sudo netplan apply
+   # Then recreate the configuration
+   ```
+
+5. **Verify cloud-level assignment**:
+
+   ```bash
+   # Check Hetzner Cloud Console or use CLI
+   HCLOUD_TOKEN="$HETZNER_API_TOKEN" hcloud floating-ip list
+   ```
+
+### 6.5.7 Important Notes
+
+- **Two-phase requirement**: Both cloud assignment AND server configuration are required
+- **Propagation time**: External connectivity may take several minutes to become available
+- **Persistent configuration**: This setup survives server reboots
+- **Multiple IPs**: The server maintains both DHCP and floating IP addresses
+- **Firewall compatibility**: UFW rules apply to both IP addresses automatically
+
+After completing this step, your floating IP should be externally accessible and ready
+for DNS configuration in the next step.
+
 ## Step 7: Configure DNS
 
 After deployment, you need to configure DNS to point your domain to the floating