tegwick
80e37fda7e
Updated by fix-consistency on 2026-05-08: - update .custodian-brief.md for railiance-infra
RailianceHosts
Tagline: Git-driven automation for secure, self-reliant servers.
RailianceHosts is an open-source control repo that provisions and manages servers on Hosteurope and Hetzner Cloud entirely from Git. It combines Terraform for lifecycle management, cloud-init for first-boot configuration, and Ansible for convergence. All secrets live in-repo encrypted with SOPS and are unlocked with your single age master key (which you keep in your password manager). The minimal server registry in inventory/servers.yaml is the source of truth.
Quickstart
- Clone Repo: clone the repo
- Prerequisites: terraform >= 1.7, ansible >= 2.16, age, sops.
- Secrets Management: Generate master key (age), provide it to sops and provide your SSH key.
- Setup Provider: Create account, select payment option, establish API token.
- Provisioning: Plan and apply
inventory/servers.yamlto add hosts with terraform. - Convergence: Setup security and tooling with ansible.
🚀 0. Clone Repo
First, clone this repository to your workstation:
git clone https://<your-gitea-host>/coulomb/railliance-hosts.git
cd railiance-infra
📦 1. Prerequisites
To use RailianceHosts, make sure you have the following tools installed on your workstation:
- Git → for version control
- age → for key management and encryption (Install guide)
- SOPS → for managing encrypted secrets (SOPS GitHub)
- Terraform → for provisioning infrastructure (Terraform Downloads)
- Ansible → for server configuration (Ansible Installation Guide)
- Make → to run the included
Makefiletasks
Example installation (Ubuntu/Debian)
# System tools
sudo apt update
sudo apt install -y git make ansible
# Terraform
sudo apt install -y wget unzip
wget https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip
unzip terraform_1.9.5_linux_amd64.zip
sudo mv terraform /usr/local/bin/
# age
sudo apt install age
# SOPS Get the latest release (example: v3.10.2 — check GitHub for updates)
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
sudo apt install ./sops_3.10.2_amd64.deb
🔑 2. Secrets Management
Generate Age Masterkey and establish SOPS
This project uses SOPS with age for secret encryption.
To set up your own key and configure SOPS, follow the guide here:
SSH Access Preparations
Learn how to add your SSH key and test connectivity after provisioning:
➡️ SSH Access & Connectivity Test
TL;DR
- put your public key into keys/admin_ssh.pub
💻 3. Setup Provider
You need register an account and set it up for API access:
- register
- choose payment method
- generate api-key
- store api-key in secrets safely
🚀 4. Provisioning
How to declare hosts and bring them up on Hetzner:
TL;DR
- Define servers in inventory/servers.yaml (name, region, type, image, ssh_user, labels/role).
- Provision with make tf-apply (or make apply to also run Ansible).
- One-shot helper: scripts/hcloud_new_server.sh --type ... --region ....
💻 5. Convergence
After provisioning a server with Terraform, RailianceHosts uses Ansible to converge hosts into a secure, baseline state.
This includes admin user setup, SSH hardening, firewall rules, essential tooling, and secret handling.
📖 See the full guide here: Convergence Documentation
xxx