No description
Find a file
tegwick 19661ca0c6 feat(bootstrap): add HostEurope hardening playbook and workplan
- workplans/RAIL-BS-WP-0002-hosteurope-bootstrap.md: new workplan for
  Secure Single-Server Bootstrap at HostEurope (repo goal d7092599).
  T01-T03 done; T04+T05 require ansible on a box with network access to
  92.205.62.239 (hosts.ini is gitignored — recreate on new box).

- ansible/harden.yml: new playbook — disables root/password SSH auth,
  enables UFW (allow 22/tcp 6443/tcp 8472/udp, deny-all default),
  installs fail2ban with SSH jail, sets HISTCONTROL=ignorespace.

- ansible/bootstrap.yml: import_playbook harden.yml runs before k3s.

- ansible/hosts.ini.example: add [hosteurope] group template.

- QUICKSTART.md: document two-stage bootstrap (harden → k3s).

- CLAUDE.md: add goal_guidance handling to session protocol
  (needs_workplan + alignment_warnings).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 22:50:51 +01:00
.github/workflows railiance: initial bootstrap scaffold 2025-09-12 01:46:14 +02:00
ansible feat(bootstrap): add HostEurope hardening playbook and workplan 2026-03-08 22:50:51 +01:00
bin feat: backup + preflight commands, decisions log, gitignore update 2026-02-25 23:59:28 +01:00
cloudinit feat: rails style bootkit bin/railiance with quickstart 2025-09-13 01:32:19 +02:00
docs fix: correct pg_stat_user_tables column name in restore drill (relname not tablename) 2026-02-26 07:25:59 +01:00
lib refactor: separated command script 2025-09-13 02:39:47 +02:00
tests railiance: initial bootstrap scaffold 2025-09-12 01:46:14 +02:00
tools feat: backup + preflight commands, decisions log, gitignore update 2026-02-25 23:59:28 +01:00
wiki docs: add ThreePhoenix architecture concept and workplan 2026-02-25 01:13:05 +01:00
workplans feat(bootstrap): add HostEurope hardening playbook and workplan 2026-03-08 22:50:51 +01:00
.editorconfig chore: optimize .editorconfig for consistent coding style 2025-09-12 02:19:01 +02:00
.gitattributes chore: .gitattributes updated for line ending normalization 2025-09-12 02:21:05 +02:00
.gitignore feat: backup + preflight commands, decisions log, gitignore update 2026-02-25 23:59:28 +01:00
CLAUDE.md feat(bootstrap): add HostEurope hardening playbook and workplan 2026-03-08 22:50:51 +01:00
DECISIONS.md feat: backup + preflight commands, decisions log, gitignore update 2026-02-25 23:59:28 +01:00
LICENSE chore: add MIT License 2025-09-12 02:44:03 +02:00
pyproject.toml feat(deps): add pyproject.toml, uv.lock, and ansible/requirements.yml 2026-03-01 20:22:26 +01:00
QUICKSTART.md feat(bootstrap): add HostEurope hardening playbook and workplan 2026-03-08 22:50:51 +01:00
README.md chore: add MIT License 2025-09-12 02:44:03 +02:00
uv.lock feat(deps): add pyproject.toml, uv.lock, and ansible/requirements.yml 2026-03-01 20:22:26 +01:00

Railiance Bootstrap

License: MIT

Opinionated Infrastructure-as-Code framework for reproducible, self-reliant systems.

Railiance is an opinionated Infrastructure-as-Code framework
think Rails for Ops: convention over configuration, reproducibility first.

This repo (railiance-bootstrap) is the entry point:
from two bare Linux servers, a Git repo, and credentials, you can rebuild
a fully automated Kubernetes-based environment.


🚀 Quick Start

  1. Clone this repo

    git clone <your-gitea-url>/railiance-bootstrap.git
    cd railiance-bootstrap
    
  2. Configure Gitea access
    Edit ~/.railiance_gitea.conf with your server URL, username, and token.
    (Never commit this file!)

  3. Bootstrap a host
    Run the Ansible playbooks in ansible/ to set up k3s, Helm, kubectl.

  4. Deploy baseline services
    Use helm/ charts to roll out essential services (GitOps, monitoring, etc.).

  5. Validate
    Check the automated tests in tests/ to confirm infra health.


📂 Repo Structure

  • ansible/ — Playbooks for provisioning
  • helm/ — Opinionated Helm charts
  • k8s/ — Kubernetes manifests
  • tests/ — Automated validation
  • docs/ — Documentation (see docs/README.md)
  • tools/ — Helper scripts (e.g. create_railiance_repo.sh)

🤝 Contributing

See docs/CONTRIBUTING.md.


🌍 Vision

Railiance aims for self-reliant infrastructure:
automation you can rebuild from scratch, with calmness and clarity.

From bare metal to resilient clusters — in one repo.