Initial commit: VaultMesh Skills collection
Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Vault Sovereign
16
gitea-bootstrap/references/gitea_hardening_notes.md
Normal file
16
gitea-bootstrap/references/gitea_hardening_notes.md
Normal file
@@ -0,0 +1,16 @@
|
||||
# Gitea Hardening Notes
|
||||
|
||||
## Minimum Hardening
|
||||
- Put Gitea behind reverse proxy (nginx/Traefik) with TLS
|
||||
- Disable public registration if not needed
|
||||
- Enforce 2FA for admin/org owners
|
||||
- Restrict SSH to known networks or require VPN/tunnel
|
||||
- Back up the data dir regularly (repos + config + sqlite/db)
|
||||
|
||||
## Backups
|
||||
If using sqlite, backing up `/data/gitea/gitea.db` plus repos is enough.
|
||||
For Postgres/MySQL, dump database + repos.
|
||||
|
||||
## Next Skills
|
||||
- container-registry (self-hosted with signatures)
|
||||
- dns-sovereign (PowerDNS + Cloudflare hybrid)
|
||||
Reference in New Issue
Block a user