Initial commit: VaultMesh Skills collection

Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00
commit eac77ef7b4
213 changed files with 11724 additions and 0 deletions
--- a/container-registry/scripts/11_apply.sh
+++ b/container-registry/scripts/11_apply.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
+source "$SCRIPT_DIR/_common.sh"
+
+: "${REGISTRY_PORT:=5000}"
+: "${DATA_DIR:=$HOME/registry}"
+: "${AUTH_DIR:=$HOME/registry/auth}"
+: "${REGISTRY_USER:=}"
+
+compose_cmd() {
+  if command -v docker-compose >/dev/null 2>&1; then
+    echo "docker-compose"
+  else
+    echo "docker compose"
+  fi
+}
+
+main() {
+  confirm_gate
+  need docker
+  [[ -n "$REGISTRY_USER" ]] || die "REGISTRY_USER is required."
+
+  local ts; ts="$(date -Iseconds | tr ':' '-')"
+  local backup_dir="$SKILL_ROOT/outputs/backups/$ts"
+  mkdir -p "$backup_dir"
+
+  # Auth
+  if command -v htpasswd >/dev/null 2>&1; then
+    log_warn "Creating htpasswd entry for $REGISTRY_USER"
+    htpasswd -B -c "$AUTH_DIR/htpasswd" "$REGISTRY_USER"
+    cp -a "$AUTH_DIR/htpasswd" "$backup_dir/htpasswd"
+  else
+    die "htpasswd not available; install apache2-utils."
+  fi
+
+  # Compose
+  cat > "$SKILL_ROOT/outputs/compose.yml" <<EOF
+version: "3"
+services:
+  registry:
+    image: registry:2
+    restart: unless-stopped
+    ports:
+      - "${REGISTRY_PORT}:5000"
+    environment:
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+    volumes:
+      - ${DATA_DIR}:/var/lib/registry
+      - ${AUTH_DIR}:/auth
+EOF
+
+  cp -a "$SKILL_ROOT/outputs/compose.yml" "$backup_dir/compose.yml"
+
+  cd "$SKILL_ROOT/outputs"
+  $(compose_cmd) -f compose.yml up -d
+
+  log_info "Registry started on port $REGISTRY_PORT"
+}
+main "$@"