# RailianceHosts

**Tagline:** Git-driven automation for secure, self-reliant servers.

RailianceHosts is an open-source control repo that provisions and manages servers on Hetzner Cloud entirely from Git. It combines **Terraform** for lifecycle management, **cloud-init** for first-boot configuration, and **Ansible** for convergence. All secrets live in-repo encrypted with **SOPS** and are unlocked with your single **age** master key (which you keep in your password manager). The minimal server registry in `inventory/servers.yaml` is the source of truth.

## Quickstart

0. **Clone**: clone the repo
1. **Install**: terraform >= 1.7, ansible >= 2.16, age, sops.
2. **Generate master key (age)** and put the **private key** in your password manager. Save the **public key** to `keys/age.pub`.
3. **Create Hetzner Project** + API token and store it (encrypted) in `inventory/group_vars/secrets.sops.yaml` under `ops.hcloud_token`.
4. **Edit `inventory/servers.yaml`** to add your first host.
5. **Apply**:
   ```bash
   make apply
   ```

See inline comments across the repo for details. Remember to **encrypt secrets** with SOPS before committing.

## 🚀 Getting Started

First, clone this repository to your workstation:

```bash
git clone https://<your-gitea-host>/coulomb/railliance-hosts.git
cd railiance-hosts
```

## 📦 Prerequisites

To use RailianceHosts, make sure you have the following tools installed on your workstation:

- **Git** → for version control  
- **age** → for key management and encryption ([Install guide](docs/age-keys.md))  
- **SOPS** → for managing encrypted secrets ([SOPS GitHub](https://github.com/getsops/sops))  
- **Terraform** → for provisioning infrastructure ([Terraform Downloads](https://developer.hashicorp.com/terraform/downloads))  
- **Ansible** → for server configuration ([Ansible Installation Guide](https://docs.ansible.com/ansible/latest/installation_guide/))  
- **Make** → to run the included `Makefile` tasks  

### Example installation (Ubuntu/Debian)

```bash
# System tools
sudo apt update
sudo apt install -y git make ansible

# Terraform
sudo apt install -y wget unzip
wget https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip
unzip terraform_1.9.5_linux_amd64.zip
sudo mv terraform /usr/local/bin/

# age 
sudo apt install age 

# SOPS Get the latest release (example: v3.10.2 — check GitHub for updates)
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
sudo apt install ./sops_3.10.2_amd64.deb
```

## 🔑 Secrets Management

This project uses [SOPS](https://github.com/getsops/sops) with [age](https://age-encryption.org) for secret encryption.  
To set up your own key and configure SOPS, follow the guide here:

➡️ [Managing Age Keys](docs/age-keys.md)