Initial commit: VaultMesh Skills collection
Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Vault Sovereign
51
hetzner-bootstrap/scripts/90_verify.sh
Executable file
51
hetzner-bootstrap/scripts/90_verify.sh
Executable file
@@ -0,0 +1,51 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
|
||||
source "$SCRIPT_DIR/_common.sh"
|
||||
|
||||
: "${NODE_NAME:=}"
|
||||
: "${SOVEREIGN_USER:=sovereign}"
|
||||
: "${WG_PORT:=51820}"
|
||||
: "${OUTPUT_DIR:=$SKILL_ROOT/outputs}"
|
||||
|
||||
main() {
|
||||
require_root
|
||||
status="$OUTPUT_DIR/status_matrix.json"
|
||||
mkdir -p "$OUTPUT_DIR"
|
||||
|
||||
ok_user=false; ok_hostname=false; ok_ufw=false; ok_ssh=false; ok_wg=false
|
||||
|
||||
id "$SOVEREIGN_USER" >/dev/null 2>&1 && ok_user=true
|
||||
[[ -n "$NODE_NAME" ]] && hostname | grep -q "$NODE_NAME" && ok_hostname=true || true
|
||||
ufw status 2>/dev/null | grep -qi "Status: active" && ok_ufw=true || true
|
||||
sshd -t >/dev/null 2>&1 && ok_ssh=true || true
|
||||
systemctl is-active wg-quick@wg0 >/dev/null 2>&1 && ok_wg=true || true
|
||||
|
||||
blockers="[]"
|
||||
if [[ "$ok_user" != "true" ]]; then blockers='["missing_sovereign_user"]'
|
||||
elif [[ "$ok_ufw" != "true" ]]; then blockers='["ufw_not_active"]'
|
||||
elif [[ "$ok_ssh" != "true" ]]; then blockers='["sshd_config_invalid"]'
|
||||
fi
|
||||
|
||||
cat > "$status" <<EOF
|
||||
{
|
||||
"skill":"hetzner-bootstrap",
|
||||
"timestamp":"$(date -Iseconds)",
|
||||
"checks":[
|
||||
{"name":"sovereign_user_present","ok": $ok_user, "user":"$(json_escape "$SOVEREIGN_USER")"},
|
||||
{"name":"hostname_set","ok": $ok_hostname, "hostname":"$(json_escape "$(hostname)")"},
|
||||
{"name":"ufw_active","ok": $ok_ufw, "wg_port":"$(json_escape "$WG_PORT")"},
|
||||
{"name":"sshd_config_valid","ok": $ok_ssh},
|
||||
{"name":"wireguard_active_optional","ok": $ok_wg}
|
||||
],
|
||||
"blockers": $blockers,
|
||||
"warnings": [],
|
||||
"next_steps": ["verify sovereign SSH login", "operator-bootstrap", "secrets-vault", "cloudflare-tunnel-manager"]
|
||||
}
|
||||
EOF
|
||||
|
||||
log_info "Wrote $status"
|
||||
cat "$status"
|
||||
}
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user