docs: link to convergence documentation from README
This commit is contained in:
44
README.md
44
README.md
@@ -6,19 +6,15 @@ RailianceHosts is an open-source control repo that provisions and manages server
|
||||
|
||||
## Quickstart
|
||||
|
||||
0. **Clone**: clone the repo
|
||||
1. **Install**: terraform >= 1.7, ansible >= 2.16, age, sops.
|
||||
2. **Generate master key (age)** and put the **private key** in your password manager. Save the **public key** to `keys/age.pub`.
|
||||
3. **Create Hetzner Project** + API token and store it (encrypted) in `inventory/group_vars/secrets.sops.yaml` under `ops.hcloud_token`.
|
||||
4. **Edit `inventory/servers.yaml`** to add your first host.
|
||||
5. **Apply**:
|
||||
```bash
|
||||
make apply
|
||||
```
|
||||
0. **Clone Repo**: clone the repo
|
||||
1. **Prerequisites**: terraform >= 1.7, ansible >= 2.16, age, sops.
|
||||
2. **Secrets Management**: Generate master key (age), provide it to sops and provide your SSH key.
|
||||
3. **Setup Provider**: Create account, select payment option, establish API token.
|
||||
4. **Provisioning**: Plan and apply `inventory/servers.yaml` to add hosts with terraform.
|
||||
5. **Convergence**: Setup security and tooling with ansible.
|
||||
|
||||
See inline comments across the repo for details. Remember to **encrypt secrets** with SOPS before committing.
|
||||
|
||||
## 🚀 Getting Started
|
||||
## 🚀 0. Clone Repo
|
||||
|
||||
First, clone this repository to your workstation:
|
||||
|
||||
@@ -27,7 +23,7 @@ git clone https://<your-gitea-host>/coulomb/railliance-hosts.git
|
||||
cd railiance-hosts
|
||||
```
|
||||
|
||||
## 📦 Prerequisites
|
||||
## 📦 1. Prerequisites
|
||||
|
||||
To use RailianceHosts, make sure you have the following tools installed on your workstation:
|
||||
|
||||
@@ -59,7 +55,9 @@ wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64
|
||||
sudo apt install ./sops_3.10.2_amd64.deb
|
||||
```
|
||||
|
||||
## 🔑 Secrets Management
|
||||
## 🔑 2. Secrets Management
|
||||
|
||||
### Generate Age Masterkey and establish SOPS
|
||||
|
||||
This project uses [SOPS](https://github.com/getsops/sops) with [age](https://age-encryption.org) for secret encryption.
|
||||
To set up your own key and configure SOPS, follow the guide here:
|
||||
@@ -67,7 +65,7 @@ To set up your own key and configure SOPS, follow the guide here:
|
||||
➡️ [Managing Age Keys](docs/age-keys.md)
|
||||
|
||||
|
||||
## 🔑 SSH Access
|
||||
### SSH Access Preparations
|
||||
|
||||
Learn how to add your SSH key and test connectivity after provisioning:
|
||||
|
||||
@@ -76,7 +74,15 @@ Learn how to add your SSH key and test connectivity after provisioning:
|
||||
TL;DR
|
||||
- put your public key into keys/admin_ssh.pub
|
||||
|
||||
## 🚀 Provisioning
|
||||
## 💻 3. Setup Provider
|
||||
|
||||
You need register an account and set it up for API access:
|
||||
- register
|
||||
- choose payment method
|
||||
- generate api-key
|
||||
- store api-key in secrets safely
|
||||
|
||||
## 🚀 4. Provisioning
|
||||
|
||||
How to declare hosts and bring them up on Hetzner:
|
||||
|
||||
@@ -87,5 +93,13 @@ TL;DR
|
||||
- Provision with make tf-apply (or make apply to also run Ansible).
|
||||
- One-shot helper: scripts/hcloud_new_server.sh <name> --type ... --region ....
|
||||
|
||||
## 💻 5. Convergence
|
||||
|
||||
After provisioning a server with Terraform, RailianceHosts uses [Ansible](https://docs.ansible.com/) to **converge** hosts into a secure, baseline state.
|
||||
This includes admin user setup, SSH hardening, firewall rules, essential tooling, and secret handling.
|
||||
|
||||
📖 See the full guide here: [Convergence Documentation](docs/convergence.md)
|
||||
|
||||
|
||||
xxx
|
||||
|
||||
|
||||
Reference in New Issue
Block a user