2025-09-13 20:26:11 +02:00
# RailianceHosts
**Tagline:** Git-driven automation for secure, self-reliant servers.
RailianceHosts is an open-source control repo that provisions and manages servers on Hetzner Cloud entirely from Git. It combines **Terraform** for lifecycle management, **cloud-init** for first-boot configuration, and **Ansible** for convergence. All secrets live in-repo encrypted with **SOPS** and are unlocked with your single **age** master key (which you keep in your password manager). The minimal server registry in `inventory/servers.yaml` is the source of truth.
## Quickstart
2025-09-13 21:49:38 +02:00
0. **Clone** : clone the repo
2025-09-13 20:26:11 +02:00
1. **Install** : terraform >= 1.7, ansible >= 2.16, age, sops.
2. **Generate master key (age)** and put the **private key** in your password manager. Save the **public key** to `keys/age.pub` .
3. **Create Hetzner Project** + API token and store it (encrypted) in `inventory/group_vars/secrets.sops.yaml` under `ops.hcloud_token` .
4. **Edit `inventory/servers.yaml`** to add your first host.
5. **Apply** :
```bash
make apply
```
See inline comments across the repo for details. Remember to **encrypt secrets** with SOPS before committing.
2025-09-13 20:47:24 +02:00
2025-09-13 21:49:38 +02:00
## 🚀 Getting Started
First, clone this repository to your workstation:
```bash
git clone https://< your-gitea-host > /coulomb/railliance-hosts.git
cd railiance-hosts
```
2025-09-13 22:48:15 +02:00
## 📦 Prerequisites
2025-09-13 21:49:38 +02:00
2025-09-13 22:48:15 +02:00
To use RailianceHosts, make sure you have the following tools installed on your workstation:
- **Git** → for version control
- **age** → for key management and encryption ([Install guide ](docs/age-keys.md ))
- **SOPS** → for managing encrypted secrets ([SOPS GitHub ](https://github.com/getsops/sops ))
- **Terraform** → for provisioning infrastructure ([Terraform Downloads ](https://developer.hashicorp.com/terraform/downloads ))
- **Ansible** → for server configuration ([Ansible Installation Guide ](https://docs.ansible.com/ansible/latest/installation_guide/ ))
- **Make** → to run the included `Makefile` tasks
### Example installation (Ubuntu/Debian)
```bash
# System tools
sudo apt update
sudo apt install -y git make ansible
# Terraform
sudo apt install -y wget unzip
wget https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip
unzip terraform_1.9.5_linux_amd64.zip
sudo mv terraform /usr/local/bin/
# age
sudo apt install age
# SOPS Get the latest release (example: v3.10.2 — check GitHub for updates)
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
sudo apt install ./sops_3.10.2_amd64.deb
```
2025-09-13 21:49:38 +02:00
2025-09-13 20:47:24 +02:00
## 🔑 Secrets Management
This project uses [SOPS ](https://github.com/getsops/sops ) with [age ](https://age-encryption.org ) for secret encryption.
To set up your own key and configure SOPS, follow the guide here:
➡️ [Managing Age Keys ](docs/age-keys.md )