dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Update DR runbook: mark backup paths as fixed

Browse source
This commit is contained in:
Dan 2026-01-10 14:37:30 -08:00
parent 6954fbec9a
commit 5db6c0dc7e
1 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docs/disaster-recovery-runbook.md
View file

@ -19,7 +19,8 @@ This runbook covers restore procedures for ops-jrz1, a NixOS homelab server runn
| Matrix | `/var/lib/matrix-continuwuity` | restic file backup | High |
| Maubot | `/var/lib/maubot` | restic file backup | Medium |
| Slack Bridge | `/var/lib/mautrix-slack` | restic file backup | Medium |
| User Homes | `/home/*` | **NOT YET BACKED UP** | High |
| User Homes | `/home/*` | restic file backup | High |
| ACME Certs | `/var/lib/acme` | restic file backup | Medium |
### What's NOT Backed Up (Reproducible via NixOS)
@ -505,14 +506,14 @@ Forgejo LFS objects and large repos may take significant time to restore. Consid
**Critical - Must Fix Before Relying on This Runbook:**
| Gap | Risk | Fix |
|-----|------|-----|
| `/home/*` not backed up | User work lost forever | Add to backup-b2.nix paths |
| `/var/lib/acme` not backed up | Let's Encrypt rate limit (7 days no HTTPS) | Add to backup-b2.nix paths |
| RocksDB backed up while running | Corrupt Matrix restore | Stop service in pre-backup hook |
| Sops key tied to SSH host key only | Lose host key = lose all secrets | Add offline recovery age key |
| Flake only on self-hosted Forgejo | Can't restore if Forgejo is dead | Mirror to GitHub |
| `rm -rf` in restore steps | Wrong snapshot = data destroyed | Always restore to staging first |
| Gap | Risk | Fix | Status |
|-----|------|-----|--------|
| ~~`/home/*` not backed up~~ | ~~User work lost forever~~ | ~~Add to backup-b2.nix paths~~ | **FIXED** |
| ~~`/var/lib/acme` not backed up~~ | ~~Let's Encrypt rate limit~~ | ~~Add to backup-b2.nix paths~~ | **FIXED** |
| RocksDB backed up while running | Corrupt Matrix restore | Stop service in pre-backup hook | Open (y8le) |
| Sops key tied to SSH host key only | Lose host key = lose all secrets | Add offline recovery age key | Open (93q9) |
| Flake only on self-hosted Forgejo | Can't restore if Forgejo is dead | Mirror to GitHub | Open (jboq) |
| `rm -rf` in restore steps | Wrong snapshot = data destroyed | Always restore to staging first | Docs only |
**Medium Priority:**