vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eac77ef7b4b5a87f0a35a1181dacb4013b09b996
vm-skills/disaster-recovery/scripts/99_report.sh
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

89 lines
1.9 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
source "$SCRIPT_DIR/_common.sh"
: "${BACKUP_SKILL_DIR:=}"
: "${RUN_DIR:=}"
: "${DR_TARGET_BASE:=$HOME/recovery-drills}"
main() {
mkdir -p "$SKILL_ROOT/outputs"
local report="$SKILL_ROOT/outputs/audit_report.md"
local status="$SKILL_ROOT/outputs/status_matrix.json"
local ptr="$SKILL_ROOT/outputs/last_drill_target.txt"
local target="(none)"
[[ -f "$ptr" ]] && target="$(cat "$ptr")"
local run_dir="(unknown)"
if [[ -n "$BACKUP_SKILL_DIR" ]]; then
run_dir="$(resolve_run_dir "$BACKUP_SKILL_DIR" "$RUN_DIR")"
fi
cat > "$report" <<EOF
# Disaster Recovery Audit Report
**Generated:** $(date -Iseconds)
**Backup Run:** $(json_escape "$run_dir")
**Drill Target:** $(json_escape "$target")
**Skill Version:** 1.0.0
---
## What Happened
1. Validated backup artifacts and recomputed ROOT
2. Performed a staged restore into a timestamped drill directory
3. Verified extracted content (file count + spot-check)
---
## Key Paths
| Item | Path |
|---|---|
| Backup Run (source) | \`$run_dir\` |
| Encrypted Archive | \`$run_dir/archive.tar.gz.age\` |
| Manifest | \`$run_dir/manifest.json\` |
| ROOT | \`$run_dir/ROOT.txt\` |
| Drill Target | \`$target\` |
| Extracted Files | \`$target/extract\` |
---
## Status Matrix
$(if [[ -f "$status" ]]; then
echo '```json'
cat "$status"
echo '```'
else
echo "_Missing status_matrix.json — run 90_verify.sh first._"
fi)
---
## EU Compliance Declaration
| Aspect | Value |
|---|---|
| Data Residency | EU (Ireland - Dublin) |
| Jurisdiction | Irish Law |
| Recovery Drills | Local-only by default |
| Encryption | age |
---
## Next Steps
1. Run drills on a **second machine**
2. Define a service-specific production restore (Portal, Node gateway, etc.)
3. Keep at least one **offline** copy of age identity keys
EOF
log_info "Wrote $report"
cat "$report"
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink