No description
Find a file
2025-09-13 21:34:04 +02:00
ansible feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
docs docs: add documentation about secret key generation 2025-09-13 20:47:24 +02:00
inventory feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
keys chore: add my age public masterkey 2025-09-13 21:19:08 +02:00
scripts feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
terraform/hetzner feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
.gitignore feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
.sops.yaml chores: configure sops with age masterkey 2025-09-13 21:34:04 +02:00
Makefile feat: initial import of RailianceHosts starter 2025-09-13 20:26:11 +02:00
README.md docs: add documentation about secret key generation 2025-09-13 20:47:24 +02:00

RailianceHosts

Tagline: Git-driven automation for secure, self-reliant servers.

RailianceHosts is an open-source control repo that provisions and manages servers on Hetzner Cloud entirely from Git. It combines Terraform for lifecycle management, cloud-init for first-boot configuration, and Ansible for convergence. All secrets live in-repo encrypted with SOPS and are unlocked with your single age master key (which you keep in your password manager). The minimal server registry in inventory/servers.yaml is the source of truth.

Quickstart

  1. Install: terraform >= 1.7, ansible >= 2.16, age, sops.
  2. Generate master key (age) and put the private key in your password manager. Save the public key to keys/age.pub.
  3. Create Hetzner Project + API token and store it (encrypted) in inventory/group_vars/secrets.sops.yaml under ops.hcloud_token.
  4. Edit inventory/servers.yaml to add your first host.
  5. Apply:
    make apply
    

See inline comments across the repo for details. Remember to encrypt secrets with SOPS before committing.

🔑 Secrets Management

This project uses SOPS with age for secret encryption.
To set up your own key and configure SOPS, follow the guide here:

➡️ Managing Age Keys