2025-09-13 20:26:11 +02:00
# RailianceHosts
**Tagline:** Git-driven automation for secure, self-reliant servers.
2026-03-08 22:56:55 +01:00
RailianceHosts is an open-source control repo that provisions and manages servers on Hosteurope and Hetzner Cloud entirely from Git. It combines **Terraform** for lifecycle management, **cloud-init** for first-boot configuration, and **Ansible** for convergence. All secrets live in-repo encrypted with **SOPS** and are unlocked with your single **age** master key (which you keep in your password manager). The minimal server registry in `inventory/servers.yaml` is the source of truth.
2025-09-13 20:26:11 +02:00
## Quickstart
2025-09-14 02:14:34 +00:00
0. **Clone Repo** : clone the repo
1. **Prerequisites** : terraform >= 1.7, ansible >= 2.16, age, sops.
2. **Secrets Management** : Generate master key (age), provide it to sops and provide your SSH key.
3. **Setup Provider** : Create account, select payment option, establish API token.
4. **Provisioning** : Plan and apply `inventory/servers.yaml` to add hosts with terraform.
5. **Convergence** : Setup security and tooling with ansible.
2025-09-13 20:26:11 +02:00
2025-09-13 20:47:24 +02:00
2025-09-14 02:14:34 +00:00
## 🚀 0. Clone Repo
2025-09-13 21:49:38 +02:00
First, clone this repository to your workstation:
```bash
git clone https://< your-gitea-host > /coulomb/railliance-hosts.git
cd railiance-hosts
```
2025-09-14 02:14:34 +00:00
## 📦 1. Prerequisites
2025-09-13 21:49:38 +02:00
2025-09-13 22:48:15 +02:00
To use RailianceHosts, make sure you have the following tools installed on your workstation:
- **Git** → for version control
- **age** → for key management and encryption ([Install guide ](docs/age-keys.md ))
- **SOPS** → for managing encrypted secrets ([SOPS GitHub ](https://github.com/getsops/sops ))
- **Terraform** → for provisioning infrastructure ([Terraform Downloads ](https://developer.hashicorp.com/terraform/downloads ))
- **Ansible** → for server configuration ([Ansible Installation Guide ](https://docs.ansible.com/ansible/latest/installation_guide/ ))
- **Make** → to run the included `Makefile` tasks
### Example installation (Ubuntu/Debian)
```bash
# System tools
sudo apt update
sudo apt install -y git make ansible
# Terraform
sudo apt install -y wget unzip
wget https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip
unzip terraform_1.9.5_linux_amd64.zip
sudo mv terraform /usr/local/bin/
# age
sudo apt install age
# SOPS Get the latest release (example: v3.10.2 — check GitHub for updates)
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
sudo apt install ./sops_3.10.2_amd64.deb
```
2025-09-13 21:49:38 +02:00
2025-09-14 02:14:34 +00:00
## 🔑 2. Secrets Management
### Generate Age Masterkey and establish SOPS
2025-09-13 20:47:24 +02:00
This project uses [SOPS ](https://github.com/getsops/sops ) with [age ](https://age-encryption.org ) for secret encryption.
To set up your own key and configure SOPS, follow the guide here:
➡️ [Managing Age Keys ](docs/age-keys.md )
2025-09-14 02:14:34 +00:00
### SSH Access Preparations
2025-09-14 00:47:41 +02:00
Learn how to add your SSH key and test connectivity after provisioning:
➡️ [SSH Access & Connectivity Test ](docs/ssh-access.md )
2025-09-14 00:57:26 +02:00
TL;DR
- put your public key into keys/admin_ssh.pub
2025-09-14 02:14:34 +00:00
## 💻 3. Setup Provider
You need register an account and set it up for API access:
- register
- choose payment method
- generate api-key
- store api-key in secrets safely
## 🚀 4. Provisioning
2025-09-14 00:57:26 +02:00
How to declare hosts and bring them up on Hetzner:
➡️ [Provisioning Servers ](docs/provisioning.md )
TL;DR
- Define servers in inventory/servers.yaml (name, region, type, image, ssh_user, labels/role).
- Provision with make tf-apply (or make apply to also run Ansible).
- One-shot helper: scripts/hcloud_new_server.sh < name > --type ... --region ....
2025-09-14 00:47:41 +02:00
2025-09-14 02:14:34 +00:00
## 💻 5. Convergence
After provisioning a server with Terraform, RailianceHosts uses [Ansible ](https://docs.ansible.com/ ) to **converge** hosts into a secure, baseline state.
This includes admin user setup, SSH hardening, firewall rules, essential tooling, and secret handling.
📖 See the full guide here: [Convergence Documentation ](docs/convergence.md )
2025-09-14 00:47:41 +02:00
xxx
2025-09-13 20:47:24 +02:00