diff --git a/README.md b/README.md index 8d9ea96..a27d1c2 100644 --- a/README.md +++ b/README.md @@ -6,19 +6,15 @@ RailianceHosts is an open-source control repo that provisions and manages server ## Quickstart -0. **Clone**: clone the repo -1. **Install**: terraform >= 1.7, ansible >= 2.16, age, sops. -2. **Generate master key (age)** and put the **private key** in your password manager. Save the **public key** to `keys/age.pub`. -3. **Create Hetzner Project** + API token and store it (encrypted) in `inventory/group_vars/secrets.sops.yaml` under `ops.hcloud_token`. -4. **Edit `inventory/servers.yaml`** to add your first host. -5. **Apply**: - ```bash - make apply - ``` +0. **Clone Repo**: clone the repo +1. **Prerequisites**: terraform >= 1.7, ansible >= 2.16, age, sops. +2. **Secrets Management**: Generate master key (age), provide it to sops and provide your SSH key. +3. **Setup Provider**: Create account, select payment option, establish API token. +4. **Provisioning**: Plan and apply `inventory/servers.yaml` to add hosts with terraform. +5. **Convergence**: Setup security and tooling with ansible. -See inline comments across the repo for details. Remember to **encrypt secrets** with SOPS before committing. -## 🚀 Getting Started +## 🚀 0. Clone Repo First, clone this repository to your workstation: @@ -27,7 +23,7 @@ git clone https:///coulomb/railliance-hosts.git cd railiance-hosts ``` -## 📦 Prerequisites +## 📦 1. Prerequisites To use RailianceHosts, make sure you have the following tools installed on your workstation: @@ -59,7 +55,9 @@ wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64 sudo apt install ./sops_3.10.2_amd64.deb ``` -## 🔑 Secrets Management +## 🔑 2. Secrets Management + +### Generate Age Masterkey and establish SOPS This project uses [SOPS](https://github.com/getsops/sops) with [age](https://age-encryption.org) for secret encryption. To set up your own key and configure SOPS, follow the guide here: @@ -67,7 +65,7 @@ To set up your own key and configure SOPS, follow the guide here: ➡️ [Managing Age Keys](docs/age-keys.md) -## 🔑 SSH Access +### SSH Access Preparations Learn how to add your SSH key and test connectivity after provisioning: @@ -76,7 +74,15 @@ Learn how to add your SSH key and test connectivity after provisioning: TL;DR - put your public key into keys/admin_ssh.pub -## 🚀 Provisioning +## 💻 3. Setup Provider + +You need register an account and set it up for API access: + - register + - choose payment method + - generate api-key + - store api-key in secrets safely + +## 🚀 4. Provisioning How to declare hosts and bring them up on Hetzner: @@ -87,5 +93,13 @@ TL;DR - Provision with make tf-apply (or make apply to also run Ansible). - One-shot helper: scripts/hcloud_new_server.sh --type ... --region .... +## 💻 5. Convergence + +After provisioning a server with Terraform, RailianceHosts uses [Ansible](https://docs.ansible.com/) to **converge** hosts into a secure, baseline state. +This includes admin user setup, SSH hardening, firewall rules, essential tooling, and secret handling. + +📖 See the full guide here: [Convergence Documentation](docs/convergence.md) + + xxx