eac77ef7b4
Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
72 lines
1.9 KiB
Bash
72 lines
1.9 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
|
|
source "$SCRIPT_DIR/_common.sh"
|
|
|
|
: "${PDNS_API_KEY:=}"
|
|
: "${PDNS_DATA_DIR:=$HOME/pdns}"
|
|
: "${PDNS_PORT:=53}"
|
|
: "${PDNS_WEB_PORT:=8081}"
|
|
|
|
main() {
|
|
confirm_gate
|
|
need docker
|
|
[[ -n "$PDNS_API_KEY" ]] || die "PDNS_API_KEY is required."
|
|
|
|
local ts; ts="$(date -Iseconds | tr ':' '-')"
|
|
local backup_dir="$SKILL_ROOT/outputs/backups/$ts"
|
|
mkdir -p "$backup_dir"
|
|
|
|
# pdns.conf (mounted into container)
|
|
cat > "$SKILL_ROOT/outputs/pdns.conf" <<EOF
|
|
launch=gsqlite3
|
|
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
|
|
|
|
api=yes
|
|
api-key=$PDNS_API_KEY
|
|
webserver=yes
|
|
webserver-address=0.0.0.0
|
|
webserver-port=8081
|
|
|
|
# security posture
|
|
disable-syslog=yes
|
|
loglevel=4
|
|
|
|
# allow API only from container network; bind published port to localhost in compose
|
|
webserver-allow-from=127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
|
EOF
|
|
|
|
# compose
|
|
cat > "$SKILL_ROOT/outputs/compose.yml" <<EOF
|
|
version: "3.8"
|
|
services:
|
|
pdns:
|
|
image: powerdns/pdns-auth-49:latest
|
|
container_name: pdns-auth
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${PDNS_PORT}:53/udp"
|
|
- "${PDNS_PORT}:53/tcp"
|
|
- "127.0.0.1:${PDNS_WEB_PORT}:8081/tcp"
|
|
volumes:
|
|
- ${PDNS_DATA_DIR}:/var/lib/powerdns
|
|
- ${SKILL_ROOT}/outputs/pdns.conf:/etc/powerdns/pdns.conf:ro
|
|
EOF
|
|
|
|
cp -a "$SKILL_ROOT/outputs/pdns.conf" "$backup_dir/pdns.conf"
|
|
cp -a "$SKILL_ROOT/outputs/compose.yml" "$backup_dir/compose.yml"
|
|
|
|
log_info "Starting PowerDNS..."
|
|
cd "$SKILL_ROOT/outputs"
|
|
$(compose_cmd) -f compose.yml up -d
|
|
|
|
# Probe API
|
|
log_info "Probing PDNS API..."
|
|
local api="http://127.0.0.1:${PDNS_WEB_PORT}/api/v1/servers/localhost"
|
|
curl -fsS -H "X-API-Key: $PDNS_API_KEY" "$api" | jq '.' > "$SKILL_ROOT/outputs/pdns_api_probe.json"
|
|
log_info "PDNS API probe saved: outputs/pdns_api_probe.json"
|
|
log_info "PDNS apply complete."
|
|
}
|
|
main "$@"
|