vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vm-skills/backup-sovereign/scripts/90_verify.sh
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

140 lines
4.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
# === METADATA ===
SCRIPT_NAME="$(basename "$0")"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
CHECKS_DIR="$SKILL_ROOT/checks"
# === CONFIGURATION ===
: "${OUTPUT_DIR:=$SKILL_ROOT/outputs}"
: "${NODE_NAME:=node-a}"
# === FUNCTIONS ===
log_info() { echo "[INFO] $(date -Iseconds) $*"; }
die() { echo "[ERROR] $(date -Iseconds) $*" >&2; exit 1; }
run_check() {
local script="$1"
if [[ -x "$CHECKS_DIR/$script" ]]; then
if "$CHECKS_DIR/$script" &>/dev/null; then
echo "true"
else
echo "false"
fi
else
echo "skip"
fi
}
main() {
local last_run_file="$OUTPUT_DIR/last_run_dir.txt"
[[ -f "$last_run_file" ]] || die "No last run pointer. Run 11_backup_apply.sh first."
local run_dir
run_dir="$(cat "$last_run_file")"
mkdir -p "$OUTPUT_DIR"
local status="$OUTPUT_DIR/status_matrix.json"
# Check artifacts
local has_archive has_encrypted has_manifest has_proof has_root has_restore
[[ -f "$run_dir/archive.tar.gz" ]] && has_archive="true" || has_archive="false"
[[ -f "$run_dir/archive.tar.gz.age" ]] && has_encrypted="true" || has_encrypted="false"
[[ -f "$run_dir/manifest.json" ]] && has_manifest="true" || has_manifest="false"
[[ -f "$run_dir/PROOF.json" ]] && has_proof="true" || has_proof="false"
[[ -f "$run_dir/ROOT.txt" ]] && has_root="true" || has_root="false"
[[ -f "$run_dir/last_restore_dir.txt" ]] && has_restore="true" || has_restore="false"
# Run check scripts
local tools_ok space_ok restore_ok
tools_ok=$(run_check "check_tools.sh")
space_ok=$(run_check "check_space.sh")
restore_ok=$(run_check "check_restore.sh")
# Determine blockers and warnings
local blockers="" warnings="" next_steps=""
if [[ "$has_restore" == "false" ]]; then
blockers="${blockers}\"Restore drill not completed\","
fi
if [[ "$has_encrypted" == "false" ]]; then
blockers="${blockers}\"Archive not encrypted\","
fi
if [[ "$has_manifest" == "false" ]]; then
warnings="${warnings}\"Manifest missing\","
fi
if [[ "$has_proof" == "false" ]]; then
warnings="${warnings}\"Proof receipts missing\","
fi
# Determine next steps
if [[ "$has_restore" == "true" && "$has_encrypted" == "true" ]]; then
next_steps="${next_steps}\"Store encrypted bundle off-node\","
next_steps="${next_steps}\"Anchor ROOT.txt with rfc3161-anchor\","
next_steps="${next_steps}\"Proceed to disaster-recovery skill\","
else
if [[ "$has_encrypted" == "false" ]]; then
next_steps="${next_steps}\"Run 21_encrypt_apply.sh\","
fi
if [[ "$has_restore" == "false" ]]; then
next_steps="${next_steps}\"Run 50_restore_drill.sh (MANDATORY)\","
fi
fi
# Remove trailing commas
blockers="[${blockers%,}]"
warnings="[${warnings%,}]"
next_steps="[${next_steps%,}]"
# Get ROOT value if exists
local root_value="null"
if [[ -f "$run_dir/ROOT.txt" ]]; then
root_value="\"$(cat "$run_dir/ROOT.txt")\""
fi
cat > "$status" <<EOF
{
"skill": "backup-sovereign",
"node": "$NODE_NAME",
"timestamp": "$(date -Iseconds)",
"run_dir": "$run_dir",
"root": $root_value,
"checks": {
"archive": $has_archive,
"encrypted": $has_encrypted,
"manifest": $has_manifest,
"proof": $has_proof,
"root": $has_root,
"restore_drill": $has_restore,
"tools": $tools_ok,
"space": $space_ok
},
"blockers": $blockers,
"warnings": $warnings,
"next_steps": $next_steps
}
EOF
log_info "Wrote status matrix: $status"
echo ""
echo "============================================"
echo " VERIFICATION SUMMARY"
echo "============================================"
echo ""
echo " Archive: $has_archive"
echo " Encrypted: $has_encrypted"
echo " Manifest: $has_manifest"
echo " Proof: $has_proof"
echo " ROOT: $has_root"
echo " Restore Drill: $has_restore"
echo ""
# Return success only if restore drill passed
[[ "$has_restore" == "true" ]]
}
[[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"
Reference in New Issue View Git Blame Copy Permalink