Initial commit: VaultMesh Skills collection

Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00
commit eac77ef7b4
213 changed files with 11724 additions and 0 deletions
--- a/rfc3161-anchor/scripts/11_apply.sh
+++ b/rfc3161-anchor/scripts/11_apply.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+: "${ROOT_FILE:=ROOT.txt}"
+: "${TSA_URL:=https://freetsa.org/tsr}"
+: "${DRY_RUN:=1}"
+: "${CONFIRM_PHRASE:=I UNDERSTAND THIS WILL ANCHOR A ROOT VIA TSA}"
+
+[[ "$DRY_RUN" == "0" ]] || { echo "DRY_RUN=1"; exit 1; }
+echo "Type confirmation:"
+read -r x; [[ "$x" == "$CONFIRM_PHRASE" ]] || exit 1
+
+openssl ts -query -data "$ROOT_FILE" -sha256 -certreq -out request.tsq
+curl -s -H "Content-Type: application/timestamp-query" \
+  --data-binary @request.tsq "$TSA_URL" > response.tsr
+
+cat > PROOF.json <<EOF
+{
+  "skill":"rfc3161-anchor",
+  "root_file":"$ROOT_FILE",
+  "tsa":"$TSA_URL",
+  "timestamp":"$(date -Iseconds)"
+}
+EOF
+echo "[OK] anchored"