Upload files to "/"

2025-07-22 04:39:26 +00:00 · 2025-07-22 04:39:26 +00:00 · 71c997b353
parent b28d6a6f38
commit 71c997b353
3 changed files with 267 additions and 0 deletions
--- a/db_restore.md
+++ b/db_restore.md
@ -0,0 +1,76 @@
+# 🧩 Database Restore Guide: Nextcloud + Immich
+
+This guide explains how to restore database backups created by your automated scripts from compressed `.sql.gz` files.
+
+---
+
+## ✅ What You Need
+
+- `.sql.gz` dump file (stored in `/mnt/backup_nvme/db_dumps/` or `/mnt/nc_data/db_dumps/`)
+- Shell access to the relevant host/container
+- Database credentials (stored in Bitwarden)
+- Docker (Nextcloud) or LXC (Immich) access
+
+---
+
+## 🗃️ Restore Nextcloud DB (inside LXC 115)
+
+### 1. Copy the desired dump file into the container
+
+If restoring from PBS/B2:
+
+```bash
+scp nextcloud-2025-07-22.sql.gz root@192.168.1.50:/mnt/nc_data/db_dumps/
+```
+
+### 2. SSH into the Nextcloud container (LXC 115):
+
+```bash
+pct enter 115
+```
+
+### 3. Run the restore
+
+```bash
+cd /mnt/nc_data/db_dumps
+gunzip nextcloud-2025-07-22.sql.gz
+
+# Replace DB name/user as needed (see your env)
+docker exec -i nextcloud-aio-database psql -U nextcloud -d nextcloud_database < nextcloud-2025-07-22.sql
+```
+
+---
+
+## 🗃️ Restore Immich DB (from Proxmox04 via LXC 109)
+
+### 1. Copy the dump to Proxmox04 (if pulled from B2):
+
+```bash
+rclone copy b2-pbs-encrypted:db_dumps/immich-2025-07-22.sql.gz /mnt/backup_nvme/db_dumps/
+```
+
+### 2. Run the restore from Proxmox04:
+
+```bash
+cd /mnt/backup_nvme/db_dumps
+gunzip immich-2025-07-22.sql.gz
+
+# Attach to container and restore
+lxc-attach -n 109 -- runuser -u immich -- bash -c "psql -d immich < /mnt/backup_nvme/db_dumps/immich-2025-07-22.sql"
+```
+
+---
+
+## 🧠 Tips
+
+- Always test restores in a clone or sandbox container if possible
+- After restore, confirm app behavior and log in to the web UI
+- Back up `/opt/immich/.env` or Docker `.env` for full recovery context
+- Use `pg_restore` instead of `psql` if using a binary format
+
+---
+
+Created: 2025-07-22\
+Maintainer: chris.darrigo\@gmail.com\
+Stored in: Gitea (`HomeLabDocs`)
+
--- a/homelab_inventory.md
+++ b/homelab_inventory.md
@ -0,0 +1,109 @@
+# 🏡 Homelab Inventory and Recovery Reference
+
+## 🖥️ Physical Hosts
+
+### proxmox04
+- **IP**: `192.168.1.37`
+- **Hostname**: `proxmox04`
+- **Proxmox Version**: 8.4.0
+- **Kernel**: 6.8.12-9-pve
+- **Boot Drive**: Crucial 256GB SATA SSD
+- **Rack**: 10" Lab Rax (3D-printed)
+- **Firewall**: Enabled (host-level)
+- **NTP**: Enabled
+- **Root Access**: Enabled
+- **SSH**: Enabled (static IP)
+
+#### 🧠 Hardware
+- **Motherboard**: ASRock B550 Phantom Gaming-ITX/AX
+- **CPU**: AMD Ryzen 5 5600G (6c/12t)
+- **RAM**: 62 GiB DDR4
+- **Swap**: 8 GiB
+
+#### 💾 Storage
+- **ZFS Pool: `vm_data` (NVMe)**
+  - `/vm_data/subvol-###-disk-0`
+  - `/vm_data/vm-100-disk-1`
+- **ZFS Pool: `zfs_pool` (RAIDZ1)**
+  - 5x 6TB HDDs
+  - Usable: ~21.7TB
+  - `/zfs_pool/nc_data` → Nextcloud
+  - `/zfs_pool/immich/immich_library` → Immich media
+  - `/zfs_pool/immich/immich_database` → Immich PostgreSQL
+- **Additional SSD**: `/dev/sda`, 525GB, used for torrents → `/mnt/torrents`
+
+## 🔁 Backup & Sync Overview
+
+### PBS (proxmox-backup-server)
+- **Hostname**: `backup`
+- **IP**: `192.168.1.35`
+- **Datastore**: `/mnt/backup_nvme` (name: `proxmox04-backups`)
+- **Prune Policy**:
+  - Hourly: 7
+  - Daily: 4
+  - Weekly: 6
+  - Monthly: 2
+  - Yearly: 1
+- **GC Schedule**: Daily
+- **PBS Encryption**: ❌ Disabled (using rclone crypt only)
+- **Offsite Sync**: Daily to B2 via `rclone` with encryption (`b2-pbs-encrypted`)
+- **rclone path**: All of `/mnt/backup_nvme`
+
+## 📦 Database Backups
+
+### ✅ Immich
+- **Runs in**: LXC 109 (Proxmox04)
+- **DB Engine**: PostgreSQL
+- **DB Path**: `/zfs_pool/immich/immich_database`
+- **Script**: `/usr/local/bin/immich-db-backup.sh` (on proxmox04)
+- **Dump Path**: `/mnt/backup_nvme/db_dumps/`
+- **Cron**: `30 4 * * *` → Immich DB dump
+
+### ✅ Nextcloud
+- **Runs in**: LXC 115 (Nextcloud AIO via Docker)
+- **DB Engine**: PostgreSQL 17.5
+- **DB Container**: `nextcloud-aio-database`
+- **Script**: `/usr/local/bin/nextcloud-db-backup.sh` (inside LXC 115)
+- **Dump Path**: `/mnt/nc_data/db_dumps/`
+- **Cron**: `0 4 * * *` → Nextcloud DB dump
+
+## 🧠 Credential Management
+- All critical secrets are stored in **Bitwarden** under `homelab/`
+  - rclone crypt keys
+  - PBS access
+  - Database passwords (Nextcloud, Immich)
+  - Cloudflare tunnel tokens
+
+## 🧩 LXC Containers & Apps (Proxmox04)
+
+| CT ID | Name        | IP Address     | Role/Service               |
+|-------|-------------|----------------|----------------------------|
+| 100   | HomeAssistant | 192.168.1.36 | Home automation           |
+| 102   | Gitea       | 192.168.1.40   | Markdown/docs repo        |
+| 103   | Pi-hole     | 192.168.1.3    | DNS ad blocker            |
+| 104   | Sonarr      | 192.168.1.43   | TV automation             |
+| 105   | Radarr      | 192.168.1.43   | Movie automation          |
+| 106   | Jackett     | 192.168.1.45   | Indexer proxy             |
+| 107   | FlareSolverr| 192.168.1.46   | Cloudflare captcha bypass|
+| 108   | qBittorrent | 192.168.1.47   | Torrent client            |
+| 109   | Immich      | 192.168.1.48   | Photo library             |
+| 110   | Nextcloud   | N/A            | Legacy or placeholder     |
+| 111   | Cloudflared | 192.168.1.49   | Cloudflare tunnel         |
+| 112   | Homarr      | 192.168.1.33   | Dashboard                 |
+| 113   | Prowlarr    | 192.168.1.34   | Indexer manager           |
+| 114   | Collabora   | N/A            | Office suite              |
+| 115   | Nextcloud   | 192.168.1.50   | Nextcloud AIO stack       |
+
+## 🎯 Restore Strategy (high-level)
+- **PBS Restore**:
+  - Use GUI or CLI to select CT/VM → restore to new ID
+- **Database Restore**:
+  - `gunzip` the `.sql.gz` dump
+  - Use `psql` inside Immich (109) or docker exec for Nextcloud
+- **Media Restore**:
+  - ZFS rollback or `rsync` from backup
+
+---
+
+This doc should be stored in Gitea (`HomeLabDocs`) and printed to paper or PDF for offline disaster recovery.
+
--- a/pbs_restore.md
+++ b/pbs_restore.md
@ -0,0 +1,82 @@
+# 🛠️ PBS Restore Guide (Proxmox Backup Server)
+
+This guide walks through restoring Proxmox VMs/CTs from local PBS backups or from encrypted offsite backups stored in Backblaze B2.
+
+---
+
+## ✅ Restore from Local PBS (proxmox04-backups)
+
+### 🧭 Step-by-Step via Proxmox VE GUI
+1. Log into **Proxmox VE UI** (`https://192.168.1.37:8006`)
+2. Navigate to **Datacenter → Storage → proxmox04-backups**
+3. Click **Backups → Select a Snapshot**
+4. Click **Restore**
+   - Set a new VM/CT ID (don’t overwrite unless testing)
+   - Choose target storage (e.g., `vm_data`)
+   - ✅ Tick “Unique MAC” if cloning
+   - ✅ Enable start after restore (optional)
+5. Wait for restore to complete
+
+### 🖥️ Or via CLI (on Proxmox04)
+```bash
+# Restore a container (CT)
+pct restore <NEW_ID> /mnt/pve/proxmox04-backups/dump/vzdump-lxc-XXX.tar.zst \
+  -storage vm_data -unique
+
+# Restore a VM
+qmrestore /mnt/pve/proxmox04-backups/dump/vzdump-qemu-XXX.vma.zst <NEW_ID>
+```
+
+---
+
+## 🔐 Restore from Offsite (Backblaze B2 via rclone)
+
+### 🔧 Requirements
+- Access to `rclone` with `b2-pbs-encrypted` remote
+- The `rclone` crypt password/salt (stored in Bitwarden)
+- Destination path for recovered data (e.g., `/mnt/tmp_restore`)
+
+### 🪜 Steps
+#### 1. Mount or sync the backup
+```bash
+# Mount B2 encrypted remote (temporary access)
+rclone mount b2-pbs-encrypted: /mnt/b2-restore --vfs-cache-mode full
+
+# OR copy needed backup group to local disk
+rclone copy b2-pbs-encrypted:host/immich-nocompress/2025-07-21T01:00:00Z \
+  /mnt/tmp_restore/immich --progress
+```
+
+#### 2. Import into PBS (if needed)
+```bash
+# Place restored data under PBS datastore path
+mv /mnt/tmp_restore/immich /mnt/backup_nvme/.chunks/...
+
+# Use the PBS UI or CLI to re-index if necessary
+proxmox-backup-manager datastore verify proxmox04-backups
+```
+
+#### 3. Restore from PBS
+Once data is in PBS, follow normal restore process as above.
+
+---
+
+## 💡 Best Practices
+- Always restore to a **new ID** first
+- Snapshot the target before testing restore
+- Confirm service boots and config is intact before re-linking DNS or tunnels
+- Keep restore documentation printed or synced to mobile/Bitwarden vault
+
+---
+
+### 🔁 Testing Restore Periodically
+- Test at least **quarterly**
+- Rotate restores across high-value services (Nextcloud, Immich, Home Assistant)
+- Validate backups are working *before* you need them
+
+---
+
+Created: 2025-07-22
+Maintainer: chris.darrigo@gmail.com
+Stored in: Gitea (`HomeLabDocs`)
+