vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
009e93a80b3c58bbfaa2ceb153e3fba32a6efc3c
vm-skills/disaster-recovery/SKILL.md
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

2.4 KiB
Raw Blame History

name, description, version
name description version
disaster-recovery Restore runbook as executable checks. Validates recent backups, performs safe, staged restore tests, and generates an audit report. Designed for sovereign EU infrastructure. Triggers: 'disaster recovery', 'restore runbook', 'test restore', 'recovery drill', 'verify backups'. 1.0.0

Disaster Recovery

Tier 1 skill: convert restoration into repeatable drills.

This skill assumes backup-sovereign produces run directories like:

backup-sovereign/outputs/runs/<node>_<label>_<timestamp>/

Each run should include:

  • archive.tar.gz.age
  • manifest.json
  • ROOT.txt
  • PROOF.json

Quick Start

export BACKUP_SKILL_DIR="$HOME/.claude/skills/backup-sovereign"
export RUN_DIR=""                    # optional; auto-uses backup-sovereign pointer
export DR_TARGET_BASE="$HOME/recovery-drills"
export AGE_IDENTITY_FILE="$HOME/.config/age/keys.txt"

export DRY_RUN=1
export REQUIRE_CONFIRM=1
export CONFIRM_PHRASE="I UNDERSTAND THIS CAN OVERWRITE RECOVERY TARGETS"

./scripts/00_preflight.sh
./scripts/10_validate_run.sh
./scripts/20_restore_plan.sh

export DRY_RUN=0
./scripts/21_restore_apply.sh

./scripts/30_verify_restored.sh
./scripts/90_verify.sh
./scripts/99_report.sh

Inputs

Parameter Required Default Description
BACKUP_SKILL_DIR Yes (none) Path to backup-sovereign skill
RUN_DIR No (auto) Backup run directory to restore
DR_TARGET_BASE No ~/recovery-drills Base directory for recovery drills
AGE_IDENTITY_FILE Yes (none) age private key file
DRY_RUN No 1 Apply scripts refuse unless DRY_RUN=0
REQUIRE_CONFIRM No 1 Require confirmation phrase
CONFIRM_PHRASE No I UNDERSTAND THIS CAN OVERWRITE RECOVERY TARGETS Safety phrase

Outputs

  • outputs/status_matrix.json
  • outputs/audit_report.md
  • outputs/last_drill_target.txt

Safety Guarantees

  1. Default DRY_RUN=1
  2. Confirmation phrase required
  3. Staged restore only (never writes to system paths)
  4. Pre-restore validation (artifacts exist, ROOT recomputation)
  5. Post-restore verification (file counts + spot-check)

EU Compliance

Aspect Value
Data Residency EU (Ireland - Dublin)
Jurisdiction Irish Law
Encryption age

References

Reference in New Issue View Git Blame Copy Permalink