← knowledge.oriz.in

chirag127/backup is the new-laptop bootstrap + disaster recovery repo

rule setupbootstrapbackupdisaster-recoverysopsagesecretsprivate

Setup repo — chirag127/backup (private)

Rule

The private repo chirag127/backup (submodule at repos/own/backup/) is the canonical place for:

  1. New-laptop bootstrapbootstrap.ps1 clones the umbrella + installs all software + wires MCPs + decrypts env + starts Hr
  2. Disaster recoveryRECOVERY.md + restic config + recovery keys
  3. Encrypted secrets — sops+age encrypted env vars, API keys, recovery seeds
  4. Setup scripts — Hr watchdog, install-mcps, decrypt-secrets, restic-init

What goes where

Content Repo Visibility
Public docs (architecture, decisions, rules) umbrella knowledge/ PUBLIC
Public MCP no-key configs umbrella .mcp.json PUBLIC
Software install steps chirag127/backup winget-packages.txt PRIVATE
Encrypted env vars chirag127/backup secrets/*.enc PRIVATE
age key recovery instructions (NOT the key) chirag127/backup secrets/age-key-instructions.md PRIVATE
The age key itself Bitwarden / hardware key NEVER COMMITTED
Bootstrap script chirag127/backup bootstrap.ps1 PRIVATE
Watchdog scripts umbrella scripts/ (no secrets) OR backup repo scripts/ (sensitive) depends
Hr Docker compose / Dockerfile umbrella .staging/headroom-extras/ PUBLIC
restic config + retention policy chirag127/backup PRIVATE
RECOVERY.md chirag127/backup PRIVATE

New-laptop bootstrap flow

# Pre-req: Windows 11, gh auth login
git clone https://github.com/chirag127/workspace.git C:\D\oriz --recurse-submodules
cd C:\D\oriz\repos\own\backup
.\bootstrap.ps1

The script:

  1. winget installs (Docker, Python, Node, VS Code, gh, age, sops, etc.)
  2. Docker Desktop config + start
  3. Hr image pull + container create
  4. Smithery CLI install + keyed MCP setup prompts
  5. sops+age decrypt of secrets/env.enc
  6. Windows env var hydration (setx for each decrypted var)
  7. restic init + first backup dry-run

Why NOT rename the slug

Keep slug backup even though scope expanded. Reasons:

Cross-refs