proxmox/scripts/omnl/omnl-baseline-create.sh

#!/usr/bin/env bash
# OMNL — Create Day 0 baseline: config-hash + audit packet, saved under reconciliation/baseline/<YYYYMMDD>/.
# Run once after confirming 5B in UI. Then copy baseline off-box (S3/Drive/Vault). See PRODUCTION_OPS_OFFICE20.md.

set -euo pipefail
REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}"
BASELINE_DATE="${BASELINE_DATE:-$(date -u +%Y%m%d)}"
BASELINE_ROOT="${BASELINE_ROOT:-${REPO_ROOT}/reconciliation/baseline/${BASELINE_DATE}}"

mkdir -p "$BASELINE_ROOT"

echo "Creating baseline at $BASELINE_ROOT (date=$BASELINE_DATE)..." >&2

# 1) Config hash
bash "${REPO_ROOT}/scripts/omnl/omnl-config-hash.sh" > "${BASELINE_ROOT}/config-hash.json" 2>/dev/null || echo "{\"error\": \"config-hash failed\"}" > "${BASELINE_ROOT}/config-hash.json"
echo "  config-hash.json" >&2

# 2) Audit packet (folder inside baseline)
OUT_BASE="${BASELINE_ROOT}" TIMESTAMP="${BASELINE_DATE}-000000" bash "${REPO_ROOT}/scripts/omnl/omnl-audit-packet-office20.sh" >/dev/null 2>&1 || true
# Packet dir will be ${BASELINE_ROOT}/audit-office20-${BASELINE_DATE}-000000
packet_dir=$(find "$BASELINE_ROOT" -maxdepth 1 -type d -name "audit-office20-*" 2>/dev/null | head -1)
if [ -n "$packet_dir" ]; then
  echo "  $packet_dir" >&2
else
  echo "  (audit packet folder not found; run omnl-audit-packet-office20.sh with OUT_BASE=$BASELINE_ROOT)" >&2
fi

echo "Baseline created. Next: copy $BASELINE_ROOT off-box (S3/Drive/Vault) for immutable Day 0." >&2
echo "BASELINE_ROOT=$BASELINE_ROOT"