diff --git a/db_restore.md b/db_restore.md new file mode 100644 index 0000000..8f990f9 --- /dev/null +++ b/db_restore.md @@ -0,0 +1,76 @@ +# 🧩 Database Restore Guide: Nextcloud + Immich + +This guide explains how to restore database backups created by your automated scripts from compressed `.sql.gz` files. + +--- + +## βœ… What You Need + +- `.sql.gz` dump file (stored in `/mnt/backup_nvme/db_dumps/` or `/mnt/nc_data/db_dumps/`) +- Shell access to the relevant host/container +- Database credentials (stored in Bitwarden) +- Docker (Nextcloud) or LXC (Immich) access + +--- + +## πŸ—ƒοΈ Restore Nextcloud DB (inside LXC 115) + +### 1. Copy the desired dump file into the container + +If restoring from PBS/B2: + +```bash +scp nextcloud-2025-07-22.sql.gz root@192.168.1.50:/mnt/nc_data/db_dumps/ +``` + +### 2. SSH into the Nextcloud container (LXC 115): + +```bash +pct enter 115 +``` + +### 3. Run the restore + +```bash +cd /mnt/nc_data/db_dumps +gunzip nextcloud-2025-07-22.sql.gz + +# Replace DB name/user as needed (see your env) +docker exec -i nextcloud-aio-database psql -U nextcloud -d nextcloud_database < nextcloud-2025-07-22.sql +``` + +--- + +## πŸ—ƒοΈ Restore Immich DB (from Proxmox04 via LXC 109) + +### 1. Copy the dump to Proxmox04 (if pulled from B2): + +```bash +rclone copy b2-pbs-encrypted:db_dumps/immich-2025-07-22.sql.gz /mnt/backup_nvme/db_dumps/ +``` + +### 2. Run the restore from Proxmox04: + +```bash +cd /mnt/backup_nvme/db_dumps +gunzip immich-2025-07-22.sql.gz + +# Attach to container and restore +lxc-attach -n 109 -- runuser -u immich -- bash -c "psql -d immich < /mnt/backup_nvme/db_dumps/immich-2025-07-22.sql" +``` + +--- + +## 🧠 Tips + +- Always test restores in a clone or sandbox container if possible +- After restore, confirm app behavior and log in to the web UI +- Back up `/opt/immich/.env` or Docker `.env` for full recovery context +- Use `pg_restore` instead of `psql` if using a binary format + +--- + +Created: 2025-07-22\ +Maintainer: chris.darrigo\@gmail.com\ +Stored in: Gitea (`HomeLabDocs`) + diff --git a/homelab_inventory.md b/homelab_inventory.md new file mode 100644 index 0000000..de4711f --- /dev/null +++ b/homelab_inventory.md @@ -0,0 +1,109 @@ +# 🏑 Homelab Inventory and Recovery Reference + +## πŸ–₯️ Physical Hosts + +### proxmox04 +- **IP**: `192.168.1.37` +- **Hostname**: `proxmox04` +- **Proxmox Version**: 8.4.0 +- **Kernel**: 6.8.12-9-pve +- **Boot Drive**: Crucial 256GB SATA SSD +- **Rack**: 10" Lab Rax (3D-printed) +- **Firewall**: Enabled (host-level) +- **NTP**: Enabled +- **Root Access**: Enabled +- **SSH**: Enabled (static IP) + +#### 🧠 Hardware +- **Motherboard**: ASRock B550 Phantom Gaming-ITX/AX +- **CPU**: AMD Ryzen 5 5600G (6c/12t) +- **RAM**: 62 GiB DDR4 +- **Swap**: 8 GiB + +#### πŸ’Ύ Storage +- **ZFS Pool: `vm_data` (NVMe)** + - `/vm_data/subvol-###-disk-0` + - `/vm_data/vm-100-disk-1` +- **ZFS Pool: `zfs_pool` (RAIDZ1)** + - 5x 6TB HDDs + - Usable: ~21.7TB + - `/zfs_pool/nc_data` β†’ Nextcloud + - `/zfs_pool/immich/immich_library` β†’ Immich media + - `/zfs_pool/immich/immich_database` β†’ Immich PostgreSQL +- **Additional SSD**: `/dev/sda`, 525GB, used for torrents β†’ `/mnt/torrents` + +## πŸ” Backup & Sync Overview + +### PBS (proxmox-backup-server) +- **Hostname**: `backup` +- **IP**: `192.168.1.35` +- **Datastore**: `/mnt/backup_nvme` (name: `proxmox04-backups`) +- **Prune Policy**: + - Hourly: 7 + - Daily: 4 + - Weekly: 6 + - Monthly: 2 + - Yearly: 1 +- **GC Schedule**: Daily +- **PBS Encryption**: ❌ Disabled (using rclone crypt only) +- **Offsite Sync**: Daily to B2 via `rclone` with encryption (`b2-pbs-encrypted`) +- **rclone path**: All of `/mnt/backup_nvme` + +## πŸ“¦ Database Backups + +### βœ… Immich +- **Runs in**: LXC 109 (Proxmox04) +- **DB Engine**: PostgreSQL +- **DB Path**: `/zfs_pool/immich/immich_database` +- **Script**: `/usr/local/bin/immich-db-backup.sh` (on proxmox04) +- **Dump Path**: `/mnt/backup_nvme/db_dumps/` +- **Cron**: `30 4 * * *` β†’ Immich DB dump + +### βœ… Nextcloud +- **Runs in**: LXC 115 (Nextcloud AIO via Docker) +- **DB Engine**: PostgreSQL 17.5 +- **DB Container**: `nextcloud-aio-database` +- **Script**: `/usr/local/bin/nextcloud-db-backup.sh` (inside LXC 115) +- **Dump Path**: `/mnt/nc_data/db_dumps/` +- **Cron**: `0 4 * * *` β†’ Nextcloud DB dump + +## 🧠 Credential Management +- All critical secrets are stored in **Bitwarden** under `homelab/` + - rclone crypt keys + - PBS access + - Database passwords (Nextcloud, Immich) + - Cloudflare tunnel tokens + +## 🧩 LXC Containers & Apps (Proxmox04) + +| CT ID | Name | IP Address | Role/Service | +|-------|-------------|----------------|----------------------------| +| 100 | HomeAssistant | 192.168.1.36 | Home automation | +| 102 | Gitea | 192.168.1.40 | Markdown/docs repo | +| 103 | Pi-hole | 192.168.1.3 | DNS ad blocker | +| 104 | Sonarr | 192.168.1.43 | TV automation | +| 105 | Radarr | 192.168.1.43 | Movie automation | +| 106 | Jackett | 192.168.1.45 | Indexer proxy | +| 107 | FlareSolverr| 192.168.1.46 | Cloudflare captcha bypass| +| 108 | qBittorrent | 192.168.1.47 | Torrent client | +| 109 | Immich | 192.168.1.48 | Photo library | +| 110 | Nextcloud | N/A | Legacy or placeholder | +| 111 | Cloudflared | 192.168.1.49 | Cloudflare tunnel | +| 112 | Homarr | 192.168.1.33 | Dashboard | +| 113 | Prowlarr | 192.168.1.34 | Indexer manager | +| 114 | Collabora | N/A | Office suite | +| 115 | Nextcloud | 192.168.1.50 | Nextcloud AIO stack | + +## 🎯 Restore Strategy (high-level) +- **PBS Restore**: + - Use GUI or CLI to select CT/VM β†’ restore to new ID +- **Database Restore**: + - `gunzip` the `.sql.gz` dump + - Use `psql` inside Immich (109) or docker exec for Nextcloud +- **Media Restore**: + - ZFS rollback or `rsync` from backup + +--- + +This doc should be stored in Gitea (`HomeLabDocs`) and printed to paper or PDF for offline disaster recovery. + diff --git a/pbs_restore.md b/pbs_restore.md new file mode 100644 index 0000000..aff2a68 --- /dev/null +++ b/pbs_restore.md @@ -0,0 +1,82 @@ +# πŸ› οΈ PBS Restore Guide (Proxmox Backup Server) + +This guide walks through restoring Proxmox VMs/CTs from local PBS backups or from encrypted offsite backups stored in Backblaze B2. + +--- + +## βœ… Restore from Local PBS (proxmox04-backups) + +### 🧭 Step-by-Step via Proxmox VE GUI +1. Log into **Proxmox VE UI** (`https://192.168.1.37:8006`) +2. Navigate to **Datacenter β†’ Storage β†’ proxmox04-backups** +3. Click **Backups β†’ Select a Snapshot** +4. Click **Restore** + - Set a new VM/CT ID (don’t overwrite unless testing) + - Choose target storage (e.g., `vm_data`) + - βœ… Tick β€œUnique MAC” if cloning + - βœ… Enable start after restore (optional) +5. Wait for restore to complete + +### πŸ–₯️ Or via CLI (on Proxmox04) +```bash +# Restore a container (CT) +pct restore /mnt/pve/proxmox04-backups/dump/vzdump-lxc-XXX.tar.zst \ + -storage vm_data -unique + +# Restore a VM +qmrestore /mnt/pve/proxmox04-backups/dump/vzdump-qemu-XXX.vma.zst +``` + +--- + +## πŸ” Restore from Offsite (Backblaze B2 via rclone) + +### πŸ”§ Requirements +- Access to `rclone` with `b2-pbs-encrypted` remote +- The `rclone` crypt password/salt (stored in Bitwarden) +- Destination path for recovered data (e.g., `/mnt/tmp_restore`) + +### πŸͺœ Steps +#### 1. Mount or sync the backup +```bash +# Mount B2 encrypted remote (temporary access) +rclone mount b2-pbs-encrypted: /mnt/b2-restore --vfs-cache-mode full + +# OR copy needed backup group to local disk +rclone copy b2-pbs-encrypted:host/immich-nocompress/2025-07-21T01:00:00Z \ + /mnt/tmp_restore/immich --progress +``` + +#### 2. Import into PBS (if needed) +```bash +# Place restored data under PBS datastore path +mv /mnt/tmp_restore/immich /mnt/backup_nvme/.chunks/... + +# Use the PBS UI or CLI to re-index if necessary +proxmox-backup-manager datastore verify proxmox04-backups +``` + +#### 3. Restore from PBS +Once data is in PBS, follow normal restore process as above. + +--- + +## πŸ’‘ Best Practices +- Always restore to a **new ID** first +- Snapshot the target before testing restore +- Confirm service boots and config is intact before re-linking DNS or tunnels +- Keep restore documentation printed or synced to mobile/Bitwarden vault + +--- + +### πŸ” Testing Restore Periodically +- Test at least **quarterly** +- Rotate restores across high-value services (Nextcloud, Immich, Home Assistant) +- Validate backups are working *before* you need them + +--- + +Created: 2025-07-22 +Maintainer: chris.darrigo@gmail.com +Stored in: Gitea (`HomeLabDocs`) +