From 1433877aa22813d6e8ad26140a1b5e1b44ad95a4 Mon Sep 17 00:00:00 2001 From: tegwick Date: Tue, 10 Mar 2026 00:34:50 +0100 Subject: [PATCH] feat(relocate): receive cloudinit and railiance-plan-host from railiance-cluster Per ADR-003: cloud-init (S1 node provisioning) and host planning tool belong at the Infrastructure Substrate layer. Moved from railiance-cluster. Co-Authored-By: Claude Sonnet 4.6 --- cloudinit/user-data.yaml | 12 +++++ tools/cmd/railiance-plan-host | 87 +++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100644 cloudinit/user-data.yaml create mode 100644 tools/cmd/railiance-plan-host diff --git a/cloudinit/user-data.yaml b/cloudinit/user-data.yaml new file mode 100644 index 0000000..3b258af --- /dev/null +++ b/cloudinit/user-data.yaml @@ -0,0 +1,12 @@ +#cloud-config +package_update: true +package_upgrade: true +users: + - name: ubuntu + sudo: ALL=(ALL) NOPASSWD:ALL + groups: sudo + shell: /bin/bash + ssh_authorized_keys: + - ssh-ed25519 AAAA...replace_with_your_pubkey +runcmd: + - [ sh, -lc, 'echo Railiance seed host initialized' ] diff --git a/tools/cmd/railiance-plan-host b/tools/cmd/railiance-plan-host new file mode 100644 index 0000000..d26ca78 --- /dev/null +++ b/tools/cmd/railiance-plan-host @@ -0,0 +1,87 @@ +#!/usr/bin/env bash +# tools/cmd/railiance-plan-host +# Provider-neutral planning and checklist for a first Railiance host. + +set -euo pipefail + +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +CLOUDINIT="${ROOT}/cloudinit/user-data.yaml" + +usage() { + cat <<'EOF' +Usage: railiance-plan-host [--cloudinit] [--check] [--help] + + --cloudinit Print the recommended cloud-init user-data to stdout. + --check Print a pre-VM checklist only. + --help Show this help. + +Without flags, this command prints the recommended host plan and a checklist. +EOF +} + +print_hdr() { printf "\n%s\n" "$1"; printf "%0.s-" $(seq 1 "${#1}"); echo; } + +plan() { + print_hdr "Provider-neutral host plan" + cat <<'PLAN' +Distro: Ubuntu Server 24.04 LTS (or Debian 12) +CPU/RAM: 2 vCPU / 4–8 GB RAM (start) — scale as needed +Disk: 60–100 GB SSD (expand later for data) +Network: Public IPv4 (and/or IPv6), allow ports 22, 80, 443 +SSH: Use ed25519 key; disable password auth +User: 'ubuntu' or your provider's default user +Backups: Snapshot weekly; keep 2–4 rotations + +Security baseline: + - Regular updates (unattended-upgrades or Ansible role) + - UFW/iptables with allow 22,80,443; deny rest (adjust for cluster) + - Fail2ban (optional) + - Time sync (systemd-timesyncd or chrony) + +Cloud-init: + Use 'bin/railiance cloudinit' or this command with --cloudinit to get the template. +PLAN +} + +checklist() { + print_hdr "Rent-a-VM Checklist" + cat <<'CK' +[ ] Provider account ready (billing set) +[ ] Region chosen (low latency to you/users) +[ ] Image: Ubuntu 24.04 LTS (or Debian 12) +[ ] Size: 2 vCPU / 4–8 GB RAM / 60+ GB SSD +[ ] SSH key uploaded (use ed25519) +[ ] Firewall security group: allow 22,80,443 (tighten later) +[ ] Cloud-init pasted (from bin/railiance cloudinit) +[ ] Hostname set (e.g., railiance-seed-1) +[ ] Record public IP / DNS +CK +} + +cloudinit() { + if [[ -f "${CLOUDINIT}" ]]; then + cat "${CLOUDINIT}" + else + echo "cloud-init template not found at ${CLOUDINIT}" >&2 + exit 1 + fi +} + +# Parse flags +DO_PLAN=true +DO_CHECK=true +while [[ $# -gt 0 ]]; do + case "$1" in + --cloudinit) cloudinit; exit 0 ;; + --check) DO_PLAN=false; DO_CHECK=true; shift ;; + --help|-h) usage; exit 0 ;; + *) echo "Unknown option: $1" >&2; usage; exit 2 ;; + esac +done + +$DO_PLAN && plan +$DO_CHECK && checklist + +echo +echo "Tip: After renting the VM, seed it with: tools/seed_node.sh" +