Initial commit: VaultMesh Skills collection

Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

disaster-recovery/references/recovery_playbook.md

@@ -0,0 +1,22 @@
+# Recovery Playbook (Staged)
+
+## Purpose
+Turn restoration into a repeatable operational habit.
+
+## Staged Restore Policy
+- Never restore into system directories during drills.
+- Always restore into a timestamped target under DR_TARGET_BASE.
+
+## Minimum Drill
+1. Validate backup artifacts (exist + ROOT recomputation)
+2. Decrypt archive
+3. Extract archive
+4. Verify file count > 0
+5. Spot-check content
+
+## Service-Specific Production Restore
+Create a dedicated procedure per service:
+- VaultMesh Portal (Axum)
+- Node gateway
+- Reverse proxy (nginx)
+- Monitoring (Prometheus/Grafana)