feat(relocate): receive cloudinit and railiance-plan-host from railiance-cluster

Per ADR-003: cloud-init (S1 node provisioning) and host planning tool
belong at the Infrastructure Substrate layer. Moved from railiance-cluster.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cloudinit/user-data.yaml

@@ -0,0 +1,12 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+users:
+  - name: ubuntu
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    groups: sudo
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAA...replace_with_your_pubkey
+runcmd:
+  - [ sh, -lc, 'echo Railiance seed host initialized' ]

tools/cmd/railiance-plan-host

@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+# tools/cmd/railiance-plan-host
+# Provider-neutral planning and checklist for a first Railiance host.
+
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+CLOUDINIT="${ROOT}/cloudinit/user-data.yaml"
+
+usage() {
+  cat <<'EOF'
+Usage: railiance-plan-host [--cloudinit] [--check] [--help]
+
+  --cloudinit   Print the recommended cloud-init user-data to stdout.
+  --check       Print a pre-VM checklist only.
+  --help        Show this help.
+
+Without flags, this command prints the recommended host plan and a checklist.
+EOF
+}
+
+print_hdr() { printf "\n%s\n" "$1"; printf "%0.s-" $(seq 1 "${#1}"); echo; }
+
+plan() {
+  print_hdr "Provider-neutral host plan"
+  cat <<'PLAN'
+Distro:   Ubuntu Server 24.04 LTS (or Debian 12)
+CPU/RAM:  2 vCPU / 4–8 GB RAM (start) — scale as needed
+Disk:     60–100 GB SSD (expand later for data)
+Network:  Public IPv4 (and/or IPv6), allow ports 22, 80, 443
+SSH:      Use ed25519 key; disable password auth
+User:     'ubuntu' or your provider's default user
+Backups:  Snapshot weekly; keep 2–4 rotations
+
+Security baseline:
+  - Regular updates (unattended-upgrades or Ansible role)
+  - UFW/iptables with allow 22,80,443; deny rest (adjust for cluster)
+  - Fail2ban (optional)
+  - Time sync (systemd-timesyncd or chrony)
+
+Cloud-init:
+  Use 'bin/railiance cloudinit' or this command with --cloudinit to get the template.
+PLAN
+}
+
+checklist() {
+  print_hdr "Rent-a-VM Checklist"
+  cat <<'CK'
+[ ] Provider account ready (billing set)
+[ ] Region chosen (low latency to you/users)
+[ ] Image: Ubuntu 24.04 LTS (or Debian 12)
+[ ] Size: 2 vCPU / 4–8 GB RAM / 60+ GB SSD
+[ ] SSH key uploaded (use ed25519)
+[ ] Firewall security group: allow 22,80,443 (tighten later)
+[ ] Cloud-init pasted (from bin/railiance cloudinit)
+[ ] Hostname set (e.g., railiance-seed-1)
+[ ] Record public IP / DNS
+CK
+}
+
+cloudinit() {
+  if [[ -f "${CLOUDINIT}" ]]; then
+    cat "${CLOUDINIT}"
+  else
+    echo "cloud-init template not found at ${CLOUDINIT}" >&2
+    exit 1
+  fi
+}
+
+# Parse flags
+DO_PLAN=true
+DO_CHECK=true
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --cloudinit) cloudinit; exit 0 ;;
+    --check) DO_PLAN=false; DO_CHECK=true; shift ;;
+    --help|-h) usage; exit 0 ;;
+    *) echo "Unknown option: $1" >&2; usage; exit 2 ;;
+  esac
+done
+
+$DO_PLAN && plan
+$DO_CHECK && checklist
+
+echo
+echo "Tip: After renting the VM, seed it with: tools/seed_node.sh"
+