# First Railiance Host — Setup Guide

## Prerequisites

The target server must be a converged `railiance-hosts` node before running
anything from this repo. The OS baseline (SSH hardening, UFW, fail2ban, SOPS
agent) is owned by `railiance-hosts`.

**Step 0 — Converge the host OS (railiance-hosts)**
```bash
# In railiance-hosts/
make converge          # apply OS baseline roles
make verify            # confirm all Goss assertions pass
```

See `railiance-hosts/docs/adr/ADR-002-repo-boundary-hosts-vs-bootstrap.md`
for the boundary definition between the two repos.

---

## Kubernetes bootstrap (this repo)

### 1) Inventory

Add the host to `ansible/hosts.ini` (gitignored — recreate on each machine):
```ini
[hosteurope]
92.205.62.239 ansible_user=tegwick
```

### 2) Install k3s
```bash
ansible-playbook -i ansible/hosts.ini ansible/bootstrap.yml
```

### 3) Smoke test
```bash
tests/smoke_kube.sh
```