No description
Find a file
2025-09-14 01:20:54 +00:00
.githooks fix: Makefile target hooks makes precommit work finally 2025-09-13 21:58:19 +00:00
ansible feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
docs docs: added fast path documentation 2025-09-14 01:08:26 +02:00
inventory build: first successfull plan, apply, destroy of server 2025-09-14 01:20:54 +00:00
keys security: add admin ssh key 2025-09-14 00:39:03 +02:00
scripts build: first successfull plan, apply, destroy of server 2025-09-14 01:20:54 +00:00
secrets security: added encrypted hetzner api token 2025-09-13 22:23:24 +00:00
terraform/hetzner feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
.gitignore feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
.sops.yaml chores: configure sops with age masterkey 2025-09-13 21:34:04 +02:00
Makefile build: first successfull plan, apply, destroy of server 2025-09-14 01:20:54 +00:00
README.md docs: add documentation for provisioning a server 2025-09-14 00:57:26 +02:00

RailianceHosts

Tagline: Git-driven automation for secure, self-reliant servers.

RailianceHosts is an open-source control repo that provisions and manages servers on Hetzner Cloud entirely from Git. It combines Terraform for lifecycle management, cloud-init for first-boot configuration, and Ansible for convergence. All secrets live in-repo encrypted with SOPS and are unlocked with your single age master key (which you keep in your password manager). The minimal server registry in inventory/servers.yaml is the source of truth.

Quickstart

  1. Clone: clone the repo
  2. Install: terraform >= 1.7, ansible >= 2.16, age, sops.
  3. Generate master key (age) and put the private key in your password manager. Save the public key to keys/age.pub.
  4. Create Hetzner Project + API token and store it (encrypted) in inventory/group_vars/secrets.sops.yaml under ops.hcloud_token.
  5. Edit inventory/servers.yaml to add your first host.
  6. Apply:
    make apply
    

See inline comments across the repo for details. Remember to encrypt secrets with SOPS before committing.

🚀 Getting Started

First, clone this repository to your workstation:

git clone https://<your-gitea-host>/coulomb/railliance-hosts.git
cd railiance-hosts

📦 Prerequisites

To use RailianceHosts, make sure you have the following tools installed on your workstation:

Example installation (Ubuntu/Debian)

# System tools
sudo apt update
sudo apt install -y git make ansible

# Terraform
sudo apt install -y wget unzip
wget https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip
unzip terraform_1.9.5_linux_amd64.zip
sudo mv terraform /usr/local/bin/

# age 
sudo apt install age 

# SOPS Get the latest release (example: v3.10.2 — check GitHub for updates)
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
sudo apt install ./sops_3.10.2_amd64.deb

🔑 Secrets Management

This project uses SOPS with age for secret encryption.
To set up your own key and configure SOPS, follow the guide here:

➡️ Managing Age Keys

🔑 SSH Access

Learn how to add your SSH key and test connectivity after provisioning:

➡️ SSH Access & Connectivity Test

TL;DR

  • put your public key into keys/admin_ssh.pub

🚀 Provisioning

How to declare hosts and bring them up on Hetzner:

➡️ Provisioning Servers

TL;DR

  • Define servers in inventory/servers.yaml (name, region, type, image, ssh_user, labels/role).
  • Provision with make tf-apply (or make apply to also run Ansible).
  • One-shot helper: scripts/hcloud_new_server.sh --type ... --region ....

xxx