Initial: backup/restore scripts + README for DO server

- backup.sh: weekly cron collecting scripts, systemd, WG, OLS vhosts, cron, mysql creds
- restore.sh: 8-phase interactive disaster recovery wizard
- README.md: full rebuild guide, credentials, architecture notes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-09 03:53:09 +00:00
commit 5b1f83b1ea
4 changed files with 690 additions and 0 deletions
+172
View File
@@ -0,0 +1,172 @@
# DO Server Config Backup & Restore
Weekly backup of the DigitalOcean production server (`orbis`, 165.22.1.228).
CyberPanel/OpenLiteSpeed, Ubuntu 24.04, 48GB disk.
---
## What's Backed Up
| Directory | Source | Contents |
|-----------|--------|----------|
| `scripts/` | `/usr/local/bin/` | jarvis-deploy, jarvis-watchdog, jarvis-backup, jarvis-agent, ttg-backup |
| `systemd/` | `/etc/systemd/system/` | jarvis-agent.service, fastapi_ssh_server.service |
| `wireguard/` | `/etc/wireguard/` | wg0.conf (VPN hub for home network), other WG profiles |
| `network/` | `/etc/netplan/` | 50-cloud-init.yaml, hosts, hostname |
| `cron/` | `crontab -l` | root_custom (JARVIS lines), root_full (everything) |
| `ssh/` | `/root/.ssh/` | authorized_keys, id_rsa.pub (no private keys) |
| `ols-vhosts/` | `/usr/local/lsws/conf/vhosts/` | All 8 site OLS vhost configs |
| `mysql/` | `/root/.my.cnf` | MySQL root credentials, database list |
| `infra/` | `/opt/infra/` | DO infra repo snapshot |
| `smtp-docs/` | `/opt/smtp-for-websites/` | CyberMail SMTP config docs |
**Backup schedule:** Every Sunday at 4:00 AM
**Log:** `/var/log/do-server-backup.log`
**Manual trigger:** `/usr/local/bin/do-server-backup`
---
## Sites on This Server
| Domain | GitHub Repo | DB |
|--------|-------------|-----|
| jarvis.orbishosting.com | myronblair/jarvis | jarvis_db |
| tomsjavajive.com | myronblair/tomsjavajive | toms_tjj_db |
| epictravelexpeditions.com | myronblair/epictravelexpeditions | epic_epic_db |
| parkerslingshot.epictravelexpeditions.com | myronblair/parkerslingshot | epic_parkersling |
| parkerslingshotrentals.com | myronblair/parkerslingshotrentals | parker_db |
| orbishosting.com | myronblair/orbishosting | — |
| orbis.orbishosting.com | myronblair/orbis-hosting-portal | — |
| tomtomgames.com | myronblair/tomtomgames | tomt_ttg_db |
GitHub PAT: `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` (expires ~2026-08-20)
---
## What Is NOT Backed Up Here
| Item | Location / Notes |
|------|-----------------|
| Website files | All in GitHub repos — `git pull` on restore |
| Databases | Backed up daily by `jarvis-backup.sh``/var/backups/jarvis/` |
| SSL certs | `/etc/letsencrypt/` — re-issue via CyberPanel after restore |
| Gitignored configs | `api/config.php` files — must recreate manually (see DB creds below) |
| SSH private key | `/root/.ssh/id_rsa` — regenerate or restore from secure storage |
| CyberPanel itself | Reinstall via `sh <(curl https://cyberpanel.net/install.sh)` |
| composer binary | Reinstall: `curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin` |
---
## Disaster Recovery — Full Server Rebuild
**Estimated time: 6090 minutes**
### Step 1 — Create new DigitalOcean Droplet
- Region: Same as original (NYC3 / SFO3 — check DO console)
- Image: Ubuntu 24.04 LTS
- Size: At minimum 4GB RAM, 80GB disk (original was 4vCPU/8GB/160GB)
- Add SSH key from your local machine
### Step 2 — Clone this repo
```bash
apt update && apt install -y git
git clone https://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@github.com/myronblair/do-server-config.git /opt/do-server-config
bash /opt/do-server-config/restore.sh
```
The restore script is interactive — it walks you through each phase and asks before applying each section.
### Step 3 — DNS Update (if IP changed)
If the new droplet has a different IP, update DNS before or immediately after:
- Cloudflare → DNS → Update A records for all domains
- Also update GitHub webhook URLs if they use IP directly (they don't — they use jarvis.orbishosting.com which is behind Cloudflare)
### Step 4 — Database Restore
Databases are in daily backups at `/var/backups/jarvis/`. If restoring to a new server:
```bash
# Copy the latest backup from old server (if still accessible)
scp root@165.22.1.228:/var/backups/jarvis/jarvis_backup_YYYY-MM-DD_*.tar.gz /tmp/
# Extract and restore
cd /tmp && tar -xzf jarvis_backup_*.tar.gz
# Then for each database:
mysql -u root -p jarvis_db < sql/jarvis_db.sql
mysql -u root -p toms_tjj_db < sql/toms_tjj_db.sql
mysql -u root -p tomt_ttg_db < sql/tomt_ttg_db.sql
mysql -u root -p epic_epic_db < sql/epic_epic_db.sql
mysql -u root -p epic_parkersling < sql/epic_parkersling.sql
mysql -u root -p parker_db < sql/parker_db.sql
```
You'll need to create the DB users first:
```sql
CREATE USER 'jarvis_user'@'localhost' IDENTIFIED BY 'J4rv1s_Pr0t0c0l_2026!';
GRANT ALL ON jarvis_db.* TO 'jarvis_user'@'localhost';
-- repeat for each DB user
```
### Step 5 — Recreate Gitignored Configs
After pulling website code, create these manually:
**`/home/jarvis.orbishosting.com/api/config.php`** — Contains all JARVIS credentials (Groq API key, Ollama URL, GitHub PAT, JARVIS DB credentials, ElevenLabs key, etc.)
**`/home/tomsjavajive.com/config/database.php`** — TJJ DB credentials
**`/home/epictravelexpeditions.com/api/config.php`** — Epic/Parker credentials
Reference: `api/config.php.example` or `config/database.php.example` in each repo.
---
## Key Credentials Quick Reference
| Service | User | Password |
|---------|------|----------|
| Root SSH | root | Gonewalk1974!@# |
| CyberPanel admin | admin | (set during reinstall) |
| MySQL root | root | Z9Of4NVs6ji74x (see mysql/my.cnf) |
| jarvis_db | jarvis_user | J4rv1s_Pr0t0c0l_2026! |
| toms_tjj_db | toms_tjj_user | +60wlPc+55e@gFq4 |
| tomt_ttg_db | tomt_ttg_user | q#q+mrOcozsa7I6J |
| epic_parkersling | epic_parkersling | Joker1974!!! |
---
## WireGuard VPN (wg0)
The DO server is the VPN hub for the home network tunnel:
- `wg0` on DO: `10.201.0.1/24`, ListenPort 51820
- Peer: Alpine LXC CT110 on home network → `10.201.0.2/32`
- Traffic flows: CT110 → DO for MediaStack VPN exit
Config is in `wireguard/wg0.conf`. Keys are included (this is a private repo).
---
## Architecture Notes
- **CyberPanel/OLS** manages PHP-FPM, virtual hosts, SSL, DNS (PowerDNS), mail (Postfix)
- **Cloudflare** is in front of all public sites — DNS proxy mode, Rocket Loader ON (breaks inline JS — `Cache-Control: no-transform` header is the fix)
- **JARVIS webhooks** at `/home/jarvis.orbishosting.com/public_html/webhook.php` handle auto-deploys for all 8+ GitHub repos
- **Deploy queue** `/tmp/jarvis-deploy-queue.txt` processed by `jarvis-deploy.sh` every minute
- **Watchdog** `jarvis-watchdog.sh` runs every 5 min — restarts lsws/mysql/redis if down, inserts alerts to DB
- **Daily DB backup** `jarvis-backup.sh` runs at 2am → `/var/backups/jarvis/` (7-day retention)
- **JARVIS agent** registers this server with JARVIS monitoring dashboard
---
## After Restore — Verify Services
```bash
systemctl status lsws mysql redis jarvis-agent
crontab -l
wg show
curl -sk https://jarvis.orbishosting.com/api.php?action=ping
tail -f /home/jarvis.orbishosting.com/logs/watchdog.log
```