Initial commit: VaultMesh Skills collection

Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00
commit eac77ef7b4
213 changed files with 11724 additions and 0 deletions
--- a/dns-sovereign/scripts/90_verify.sh
+++ b/dns-sovereign/scripts/90_verify.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
+source "$SCRIPT_DIR/_common.sh"
+
+: "${PDNS_WEB_PORT:=8081}"
+: "${PDNS_API_KEY:=}"
+: "${PDNS_PORT:=53}"
+
+main() {
+  local status="$SKILL_ROOT/outputs/status_matrix.json"
+  local ok_container=false ok_api=false ok_probe=false
+
+  if docker ps --format '{{.Names}}' | grep -q '^pdns-auth$'; then ok_container=true; fi
+  if [[ -n "${PDNS_API_KEY:-}" ]]; then
+    if curl -fsS -H "X-API-Key: $PDNS_API_KEY" "http://127.0.0.1:${PDNS_WEB_PORT}/api/v1/servers/localhost" >/dev/null 2>&1; then
+      ok_api=true
+    fi
+  fi
+  [[ -f "$SKILL_ROOT/outputs/pdns_api_probe.json" ]] && ok_probe=true
+
+  blockers="[]"
+  if [[ "$ok_container" != "true" ]]; then blockers='["pdns_container_not_running"]'
+  elif [[ "$ok_api" != "true" ]]; then blockers='["pdns_api_unreachable_or_key_missing"]'
+  fi
+
+  cat > "$status" <<EOF
+{
+  "skill": "dns-sovereign",
+  "timestamp": "$(date -Iseconds)",
+  "checks": [
+    {"name":"pdns_container_running", "ok": $ok_container},
+    {"name":"pdns_api_reachable", "ok": $ok_api},
+    {"name":"api_probe_saved", "ok": $ok_probe}
+  ],
+  "blockers": $blockers,
+  "warnings": [
+    "PowerDNS API is bound to localhost only in compose; keep it private"
+  ],
+  "next_steps": [
+    "Create/verify zones and NS records",
+    "Point domain registrar to your NS hosts when ready",
+    "Optionally mirror select records to Cloudflare"
+  ]
+}
+EOF
+
+  log_info "Wrote $status"
+  cat "$status"
+}
+main "$@"