vaultsovereign/test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
test/VaultMesh_Catalog_v1/pages/page1-introduction.md
Vault Sovereign 1583890199 Initial commit - combined iTerm2 scripts 
Contains:
- 1m-brag
- tem
- VaultMesh_Catalog_v1
- VAULTMESH-ETERNAL-PATTERN

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-28 03:58:39 +00:00

69 lines
4.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Page Title: VaultMesh Infrastructure Overview (Canon v1)
Summary: VaultMesh runs on a sovereign mesh of home, cloud, and virtual nodes. Core services (GitLab, monitoring, backup, dual-vault) live on the BRICK hypervisor and v1-nl-gate, with all access flowing over a Tailscale-powered SSH fabric. The system is designed as a living "civilization ledger": verifiable, reproducible, and portable across hosts.
Key Findings:
- Core "mesh-core-01" stack runs on a Debian VM (gate-vm) hosted on brick.
- External edge/gate server (v1-nl-gate) fronts public connectivity and future tunnels.
- shield-vm acts as the OffSec / TEM / machine-secrets node.
- Dual-vault pattern: Vaultwarden for human secrets, HashiCorp Vault for machine/app secrets.
- Tailscale tailnet + per-node SSH keys provide zero-trust style access across all layers.
- Grafana + Prometheus give observability for both infrastructure and proof engines.
Components:
- Tailscale mesh network (story-ule.ts.net tailnet).
- GitLab (self-hosted) on gate-vm for source, CI, and artifacts.
- MinIO object storage for backups and artifacts.
- PostgreSQL for GitLab and future ledgers.
- Prometheus + Grafana for metrics and dashboards.
- Vaultwarden (human credentials) + HashiCorp Vault (machine secrets).
- shield-vm: OffSec agents, TEM daemon, security experiments.
- lab HV: experimental cluster for Phoenix/PSI and chaos drills.
Workflows / Pipelines:
- Forge Flow: Android/laptop → SSH (Tailscale) → nexus-0 → edit/test → git push → GitLab on gate-vm → CI → deploy to shield-vm / lab.
- Backup Flow: mesh-stack-migration bundle backs up GitLab/Postgres/Vaultwarden to MinIO with freshness monitoring and restore scripts.
- Proof Flow: VaultMesh engines emit receipts and Merkle roots; DevOps release pipeline anchors PROOF.json and ROOT.txt to external ledgers.
Inputs:
- Per-node SSH keypairs and Tailscale identities.
- Git repositories (vaultmesh, mesh-stack-migration, offsec labs).
- Docker/Compose definitions for core stack (gate-vm).
- libvirt VM definitions on brick hypervisor.
Outputs:
- Authenticated SSH sessions over Tailscale with per-node isolation.
- Reproducible infrastructure stack (mesh-stack-migration) deployable onto any compatible host.
- Cryptographically verifiable receipts, Merkle roots, and anchored proof artifacts.
- Observability dashboards for infrastructure health and backup freshness.
Security Notes:
- No password SSH: ed25519 keys only, with IdentitiesOnly enforced.
- Tailscale tailnet isolates nodes from the public internet; v1-nl-gate used as controlled edge.
- Dual-vault split: Vaultwarden for human secrets; HashiCorp Vault for machine/app secrets and CI.
- Backups stored in MinIO, monitored by backup-freshness service with Prometheus metrics and Grafana alerts.
Nodes / Topology:
- Forge Node: nexus-0 (BlackArch) primary development forge.
- Mine Nodes: gamma, beta, brick, w3 home infra, storage, hypervisor.
- Gate Nodes: v1-nl-gate (cloud edge), gate-vm (mesh-core-01 on brick).
- VM Nodes on brick: debian-golden (template), gate-vm (core stack), shield-vm (security).
- Lab HV Nodes: lab-mesh-01, lab-agent-01, lab-chaos-01, phoenix-01 experiments and PSI/Phoenix.
- Mobile Nodes: shield (Termux), bank-mobile (iOS).
Dependencies:
- Tailscale client on all nodes (including VMs where needed).
- libvirt/QEMU on brick for virtualization.
- Docker/Compose on gate-vm for mesh-core stack.
- SSH servers on all nodes; per-node SSH keys for access.
Deployment Requirements:
- At least one capable hypervisor (brick) and one external gate (v1-nl-gate).
- DNS or MagicDNS entries for internal hostnames (e.g. gitlab.mesh.local).
- MinIO and backup-freshness configured via mesh-stack-migration bundle.
- Dual-vault services deployed according to canonical pattern.
Linked Assets:
- `/Users/sovereign/Library/CloudStorage/Dropbox/VaultMesh_Catalog_v1/VaultMesh_Infrastructure_Catalog_v1.*`
- `mesh-stack-migration/` bundle for core stack deployment.
- `vaultmesh` repo (Guardian, Console, Treasury, OffSec engines).
Reference in New Issue View Git Blame Copy Permalink