coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
Files
19661ca0c6aadd98e5905b0660d6eed4ab1bf28a
railiance-cluster/QUICKSTART.md
tegwick 19661ca0c6
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details
feat(bootstrap): add HostEurope hardening playbook and workplan 
- workplans/RAIL-BS-WP-0002-hosteurope-bootstrap.md: new workplan for
  Secure Single-Server Bootstrap at HostEurope (repo goal d7092599).
  T01-T03 done; T04+T05 require ansible on a box with network access to
  92.205.62.239 (hosts.ini is gitignored — recreate on new box).

- ansible/harden.yml: new playbook — disables root/password SSH auth,
  enables UFW (allow 22/tcp 6443/tcp 8472/udp, deny-all default),
  installs fail2ban with SSH jail, sets HISTCONTROL=ignorespace.

- ansible/bootstrap.yml: import_playbook harden.yml runs before k3s.

- ansible/hosts.ini.example: add [hosteurope] group template.

- QUICKSTART.md: document two-stage bootstrap (harden → k3s).

- CLAUDE.md: add goal_guidance handling to session protocol
  (needs_workplan + alignment_warnings).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 22:50:51 +01:00

2.9 KiB
Raw Blame History

Railiance Newcomer Quickstart

Welcome to Railiance 🚂 — an opinionated InfrastructureasCode framework. This guide is written for newcomers who want to set up their very first Railiance host.

0. Get the code

Clone this repository locally and enter it:

git clone https://<your-gitea-domain>/<org-or-user>/railiance-bootstrap.git
cd railiance-bootstrap

(Replace <your-gitea-domain> and <org-or-user> with your setup.)

1. Check your environment

Make sure you have these installed locally:

  • Git
  • Ansible
  • Python 3
  • SSH client

Check with:

bin/railiance doctor

This command will confirm prerequisites.

2. Provision a new VM

Recommended host specs:

  • Ubuntu 24.04 LTS
  • 2 vCPU, 48 GB RAM
  • 60 GB SSD
bin/railiance plan-host

When creating the VM, inject your SSH key and, if possible, apply the provided cloudinit/user-data.yaml.

3. Prepare your SSH key

If you dont already have an SSH key:

bin/railiance gen-ssh-key

Upload your SSH public key to your cloud provider or VM host

Once your key pair is generated (~/.ssh/id_<KEY>.pub), copy the public key to the VM.
Replace <IP> with your servers public IP and <USER> with the default login user (commonly ubuntu or root).

scp ~/.ssh/id_<KEY>.pub <USER>@<IP>:/home/<USER>/authorized_keys.tmp
ssh <USER>@<IP> "mkdir -p ~/.ssh && cat ~/authorized_keys.tmp >> ~/.ssh/authorized_keys && rm ~/authorized_keys.tmp && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

This will:

  • copy your public key to the host,
  • append it to ~/.ssh/authorized_keys,
  • set correct permissions.

After this, you should be able to log in without a password:

ssh <USER>@<IP>

4. Create your inventory

Copy the example inventory:

cp ansible/hosts.ini.example ansible/hosts.ini

Edit ansible/hosts.ini and add the IP or hostname of your Railiance host.

Test that Ansible can reach it:

ansible -i ansible/hosts.ini all -m ping

5. Seed the host

Log in to the host and run the seed script:

tools/seed_node.sh

This will clone the repo on the host, set up housekeeping, and get ready for provisioning.

6. Bootstrap with Ansible

From your local machine:

ansible-playbook -i ansible/hosts.ini ansible/bootstrap.yml

This runs in two stages:

  1. Harden — disables root/password SSH login, enables UFW (ports 22/6443/8472), installs fail2ban
  2. Bootstrap — installs base packages and a singlenode k3s cluster

7. Verify

Run the smoke test:

tests/smoke_kube.sh

If successful, you now have a working Railiance host 🎉

Next steps

  • Explore ansible/ playbooks for services (e.g., uptime-kuma, postgres).
  • Read docs/README.md for philosophy and design.
  • Join the community and contribute improvements!
Reference in New Issue View Git Blame Copy Permalink