Initial commit - combined iTerm2 scripts
Contains: - 1m-brag - tem - VaultMesh_Catalog_v1 - VAULTMESH-ETERNAL-PATTERN 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Vault Sovereign
68
VaultMesh_Catalog_v1/pages/page1-introduction.md
Normal file
68
VaultMesh_Catalog_v1/pages/page1-introduction.md
Normal file
@@ -0,0 +1,68 @@
|
||||
Page Title: VaultMesh Infrastructure Overview (Canon v1)
|
||||
Summary: VaultMesh runs on a sovereign mesh of home, cloud, and virtual nodes. Core services (GitLab, monitoring, backup, dual-vault) live on the BRICK hypervisor and v1-nl-gate, with all access flowing over a Tailscale-powered SSH fabric. The system is designed as a living "civilization ledger": verifiable, reproducible, and portable across hosts.
|
||||
|
||||
Key Findings:
|
||||
- Core "mesh-core-01" stack runs on a Debian VM (gate-vm) hosted on brick.
|
||||
- External edge/gate server (v1-nl-gate) fronts public connectivity and future tunnels.
|
||||
- shield-vm acts as the OffSec / TEM / machine-secrets node.
|
||||
- Dual-vault pattern: Vaultwarden for human secrets, HashiCorp Vault for machine/app secrets.
|
||||
- Tailscale tailnet + per-node SSH keys provide zero-trust style access across all layers.
|
||||
- Grafana + Prometheus give observability for both infrastructure and proof engines.
|
||||
|
||||
Components:
|
||||
- Tailscale mesh network (story-ule.ts.net tailnet).
|
||||
- GitLab (self-hosted) on gate-vm for source, CI, and artifacts.
|
||||
- MinIO object storage for backups and artifacts.
|
||||
- PostgreSQL for GitLab and future ledgers.
|
||||
- Prometheus + Grafana for metrics and dashboards.
|
||||
- Vaultwarden (human credentials) + HashiCorp Vault (machine secrets).
|
||||
- shield-vm: OffSec agents, TEM daemon, security experiments.
|
||||
- lab HV: experimental cluster for Phoenix/PSI and chaos drills.
|
||||
|
||||
Workflows / Pipelines:
|
||||
- Forge Flow: Android/laptop → SSH (Tailscale) → nexus-0 → edit/test → git push → GitLab on gate-vm → CI → deploy to shield-vm / lab.
|
||||
- Backup Flow: mesh-stack-migration bundle backs up GitLab/Postgres/Vaultwarden to MinIO with freshness monitoring and restore scripts.
|
||||
- Proof Flow: VaultMesh engines emit receipts and Merkle roots; DevOps release pipeline anchors PROOF.json and ROOT.txt to external ledgers.
|
||||
|
||||
Inputs:
|
||||
- Per-node SSH keypairs and Tailscale identities.
|
||||
- Git repositories (vaultmesh, mesh-stack-migration, offsec labs).
|
||||
- Docker/Compose definitions for core stack (gate-vm).
|
||||
- libvirt VM definitions on brick hypervisor.
|
||||
|
||||
Outputs:
|
||||
- Authenticated SSH sessions over Tailscale with per-node isolation.
|
||||
- Reproducible infrastructure stack (mesh-stack-migration) deployable onto any compatible host.
|
||||
- Cryptographically verifiable receipts, Merkle roots, and anchored proof artifacts.
|
||||
- Observability dashboards for infrastructure health and backup freshness.
|
||||
|
||||
Security Notes:
|
||||
- No password SSH: ed25519 keys only, with IdentitiesOnly enforced.
|
||||
- Tailscale tailnet isolates nodes from the public internet; v1-nl-gate used as controlled edge.
|
||||
- Dual-vault split: Vaultwarden for human secrets; HashiCorp Vault for machine/app secrets and CI.
|
||||
- Backups stored in MinIO, monitored by backup-freshness service with Prometheus metrics and Grafana alerts.
|
||||
|
||||
Nodes / Topology:
|
||||
- Forge Node: nexus-0 (BlackArch) – primary development forge.
|
||||
- Mine Nodes: gamma, beta, brick, w3 – home infra, storage, hypervisor.
|
||||
- Gate Nodes: v1-nl-gate (cloud edge), gate-vm (mesh-core-01 on brick).
|
||||
- VM Nodes on brick: debian-golden (template), gate-vm (core stack), shield-vm (security).
|
||||
- Lab HV Nodes: lab-mesh-01, lab-agent-01, lab-chaos-01, phoenix-01 – experiments and PSI/Phoenix.
|
||||
- Mobile Nodes: shield (Termux), bank-mobile (iOS).
|
||||
|
||||
Dependencies:
|
||||
- Tailscale client on all nodes (including VMs where needed).
|
||||
- libvirt/QEMU on brick for virtualization.
|
||||
- Docker/Compose on gate-vm for mesh-core stack.
|
||||
- SSH servers on all nodes; per-node SSH keys for access.
|
||||
|
||||
Deployment Requirements:
|
||||
- At least one capable hypervisor (brick) and one external gate (v1-nl-gate).
|
||||
- DNS or MagicDNS entries for internal hostnames (e.g. gitlab.mesh.local).
|
||||
- MinIO and backup-freshness configured via mesh-stack-migration bundle.
|
||||
- Dual-vault services deployed according to canonical pattern.
|
||||
|
||||
Linked Assets:
|
||||
- `/Users/sovereign/Library/CloudStorage/Dropbox/VaultMesh_Catalog_v1/VaultMesh_Infrastructure_Catalog_v1.*`
|
||||
- `mesh-stack-migration/` bundle for core stack deployment.
|
||||
- `vaultmesh` repo (Guardian, Console, Treasury, OffSec engines).
|
||||
Reference in New Issue
Block a user