Initial commit: VaultMesh Skills collection
Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Vault Sovereign
88
disaster-recovery/scripts/99_report.sh
Normal file
88
disaster-recovery/scripts/99_report.sh
Normal file
@@ -0,0 +1,88 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
|
||||
source "$SCRIPT_DIR/_common.sh"
|
||||
|
||||
: "${BACKUP_SKILL_DIR:=}"
|
||||
: "${RUN_DIR:=}"
|
||||
: "${DR_TARGET_BASE:=$HOME/recovery-drills}"
|
||||
|
||||
main() {
|
||||
mkdir -p "$SKILL_ROOT/outputs"
|
||||
local report="$SKILL_ROOT/outputs/audit_report.md"
|
||||
local status="$SKILL_ROOT/outputs/status_matrix.json"
|
||||
local ptr="$SKILL_ROOT/outputs/last_drill_target.txt"
|
||||
local target="(none)"
|
||||
[[ -f "$ptr" ]] && target="$(cat "$ptr")"
|
||||
|
||||
local run_dir="(unknown)"
|
||||
if [[ -n "$BACKUP_SKILL_DIR" ]]; then
|
||||
run_dir="$(resolve_run_dir "$BACKUP_SKILL_DIR" "$RUN_DIR")"
|
||||
fi
|
||||
|
||||
cat > "$report" <<EOF
|
||||
# Disaster Recovery Audit Report
|
||||
|
||||
**Generated:** $(date -Iseconds)
|
||||
**Backup Run:** $(json_escape "$run_dir")
|
||||
**Drill Target:** $(json_escape "$target")
|
||||
**Skill Version:** 1.0.0
|
||||
|
||||
---
|
||||
|
||||
## What Happened
|
||||
1. Validated backup artifacts and recomputed ROOT
|
||||
2. Performed a staged restore into a timestamped drill directory
|
||||
3. Verified extracted content (file count + spot-check)
|
||||
|
||||
---
|
||||
|
||||
## Key Paths
|
||||
|
||||
| Item | Path |
|
||||
|---|---|
|
||||
| Backup Run (source) | \`$run_dir\` |
|
||||
| Encrypted Archive | \`$run_dir/archive.tar.gz.age\` |
|
||||
| Manifest | \`$run_dir/manifest.json\` |
|
||||
| ROOT | \`$run_dir/ROOT.txt\` |
|
||||
| Drill Target | \`$target\` |
|
||||
| Extracted Files | \`$target/extract\` |
|
||||
|
||||
---
|
||||
|
||||
## Status Matrix
|
||||
|
||||
$(if [[ -f "$status" ]]; then
|
||||
echo '```json'
|
||||
cat "$status"
|
||||
echo '```'
|
||||
else
|
||||
echo "_Missing status_matrix.json — run 90_verify.sh first._"
|
||||
fi)
|
||||
|
||||
---
|
||||
|
||||
## EU Compliance Declaration
|
||||
|
||||
| Aspect | Value |
|
||||
|---|---|
|
||||
| Data Residency | EU (Ireland - Dublin) |
|
||||
| Jurisdiction | Irish Law |
|
||||
| Recovery Drills | Local-only by default |
|
||||
| Encryption | age |
|
||||
|
||||
---
|
||||
|
||||
## Next Steps
|
||||
1. Run drills on a **second machine**
|
||||
2. Define a service-specific production restore (Portal, Node gateway, etc.)
|
||||
3. Keep at least one **offline** copy of age identity keys
|
||||
|
||||
EOF
|
||||
|
||||
log_info "Wrote $report"
|
||||
cat "$report"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user