From 5db6c0dc7ef8cf0202c8a2947ba15b57f0c7959b Mon Sep 17 00:00:00 2001
From: Dan <dleink@gmail.com>
Date: Sat, 10 Jan 2026 14:37:30 -0800
Subject: [PATCH] Update DR runbook: mark backup paths as fixed

---
 docs/disaster-recovery-runbook.md | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/docs/disaster-recovery-runbook.md b/docs/disaster-recovery-runbook.md
index f87a768..bf45fd2 100644
--- a/docs/disaster-recovery-runbook.md
+++ b/docs/disaster-recovery-runbook.md
@@ -19,7 +19,8 @@ This runbook covers restore procedures for ops-jrz1, a NixOS homelab server runn
 | Matrix | `/var/lib/matrix-continuwuity` | restic file backup | High |
 | Maubot | `/var/lib/maubot` | restic file backup | Medium |
 | Slack Bridge | `/var/lib/mautrix-slack` | restic file backup | Medium |
-| User Homes | `/home/*` | **NOT YET BACKED UP** | High |
+| User Homes | `/home/*` | restic file backup | High |
+| ACME Certs | `/var/lib/acme` | restic file backup | Medium |
 
 ### What's NOT Backed Up (Reproducible via NixOS)
 
@@ -505,14 +506,14 @@ Forgejo LFS objects and large repos may take significant time to restore. Consid
 
 **Critical - Must Fix Before Relying on This Runbook:**
 
-| Gap | Risk | Fix |
-|-----|------|-----|
-| `/home/*` not backed up | User work lost forever | Add to backup-b2.nix paths |
-| `/var/lib/acme` not backed up | Let's Encrypt rate limit (7 days no HTTPS) | Add to backup-b2.nix paths |
-| RocksDB backed up while running | Corrupt Matrix restore | Stop service in pre-backup hook |
-| Sops key tied to SSH host key only | Lose host key = lose all secrets | Add offline recovery age key |
-| Flake only on self-hosted Forgejo | Can't restore if Forgejo is dead | Mirror to GitHub |
-| `rm -rf` in restore steps | Wrong snapshot = data destroyed | Always restore to staging first |
+| Gap | Risk | Fix | Status |
+|-----|------|-----|--------|
+| ~~`/home/*` not backed up~~ | ~~User work lost forever~~ | ~~Add to backup-b2.nix paths~~ | **FIXED** |
+| ~~`/var/lib/acme` not backed up~~ | ~~Let's Encrypt rate limit~~ | ~~Add to backup-b2.nix paths~~ | **FIXED** |
+| RocksDB backed up while running | Corrupt Matrix restore | Stop service in pre-backup hook | Open (y8le) |
+| Sops key tied to SSH host key only | Lose host key = lose all secrets | Add offline recovery age key | Open (93q9) |
+| Flake only on self-hosted Forgejo | Can't restore if Forgejo is dead | Mirror to GitHub | Open (jboq) |
+| `rm -rf` in restore steps | Wrong snapshot = data destroyed | Always restore to staging first | Docs only |
 
 **Medium Priority:**