vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
009e93a80b3c58bbfaa2ceb153e3fba32a6efc3c
vm-skills/container-registry/SKILL.md
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

2.3 KiB
Raw Blame History

name, description, version
name description version
container-registry Bootstrap a sovereign container registry (OCI/Docker) with plan/apply/rollback, signature verification hooks, backups, and audit report. Designed to pair with gitea-bootstrap on Node B. Triggers: 'container registry', 'docker registry', 'oci registry', 'self-host registry', 'registry plan'. 1.0.0

Container Registry (Sovereign)

Tier 2 skill: establish a self-hosted OCI registry you control.

This skill deploys a Docker Registry v2 (with optional UI) using plan/apply gates and produces verifiable artifacts.

Quick Start

cd ~/.claude/skills/container-registry

export MODE="docker"                 # docker only in v1
export NODE_NAME="node-b"

# Network
export REGISTRY_PORT=5000
export DOMAIN="registry.example.com"   # optional (for reverse proxy)

# Storage
export DATA_DIR="$HOME/registry"
export AUTH_DIR="$HOME/registry/auth"

# Auth (basic auth for v1)
export REGISTRY_USER="sovereign"

# Safety
export DRY_RUN=1
export REQUIRE_CONFIRM=1
export CONFIRM_PHRASE="I UNDERSTAND THIS WILL DEPLOY A CONTAINER REGISTRY"

./scripts/00_preflight.sh
./scripts/10_plan.sh

export DRY_RUN=0
./scripts/11_apply.sh

./scripts/90_verify.sh
./scripts/99_report.sh

Inputs

Parameter Required Default Description
MODE Yes docker docker
REGISTRY_PORT No 5000 Registry port
DOMAIN No (empty) Hostname if proxied
DATA_DIR No ~/registry Registry storage
AUTH_DIR No ~/registry/auth htpasswd storage
REGISTRY_USER Yes (none) Registry username
DRY_RUN No 1 Apply refuses unless DRY_RUN=0
REQUIRE_CONFIRM No 1 Require confirmation phrase
CONFIRM_PHRASE No I UNDERSTAND THIS WILL DEPLOY A CONTAINER REGISTRY Safety phrase

Outputs

  • outputs/compose.yml
  • outputs/htpasswd
  • outputs/status_matrix.json
  • outputs/audit_report.md
  • Backups under outputs/backups/

Security Notes (v1)

  • Basic auth (htpasswd)
  • TLS termination expected via reverse proxy or Cloudflare Tunnel
  • Image signing handled upstream (cosign/notation integration planned)

EU Compliance

Aspect Value
Data Residency EU (Ireland - Dublin)
Jurisdiction Irish Law
Images Stored on Node B
Access Authenticated

References

Reference in New Issue View Git Blame Copy Permalink