# DO Server Config Backup & Restore

Weekly backup of the DigitalOcean production server (`orbis`, 165.22.1.228).  
CyberPanel/OpenLiteSpeed, Ubuntu 24.04, 48GB disk.

---

## What's Backed Up

| Directory | Source | Contents |
|-----------|--------|----------|
| `scripts/` | `/usr/local/bin/` | jarvis-deploy, jarvis-watchdog, jarvis-backup, jarvis-agent, ttg-backup |
| `systemd/` | `/etc/systemd/system/` | jarvis-agent.service, fastapi_ssh_server.service |
| `wireguard/` | `/etc/wireguard/` | wg0.conf (VPN hub for home network), other WG profiles |
| `network/` | `/etc/netplan/` | 50-cloud-init.yaml, hosts, hostname |
| `cron/` | `crontab -l` | root_custom (JARVIS lines), root_full (everything) |
| `ssh/` | `/root/.ssh/` | authorized_keys, id_rsa.pub (no private keys) |
| `ols-vhosts/` | `/usr/local/lsws/conf/vhosts/` | All 8 site OLS vhost configs |
| `mysql/` | `/root/.my.cnf` | MySQL root credentials, database list |
| `infra/` | `/opt/infra/` | DO infra repo snapshot |
| `smtp-docs/` | `/opt/smtp-for-websites/` | CyberMail SMTP config docs |

**Backup schedule:** Every Sunday at 4:00 AM  
**Log:** `/var/log/do-server-backup.log`  
**Manual trigger:** `/usr/local/bin/do-server-backup`

---

## Sites on This Server

| Domain | GitHub Repo | DB |
|--------|-------------|-----|
| jarvis.orbishosting.com | myronblair/jarvis | jarvis_db |
| tomsjavajive.com | myronblair/tomsjavajive | toms_tjj_db |
| epictravelexpeditions.com | myronblair/epictravelexpeditions | epic_epic_db |
| parkerslingshot.epictravelexpeditions.com | myronblair/parkerslingshot | epic_parkersling |
| parkerslingshotrentals.com | myronblair/parkerslingshotrentals | parker_db |
| orbishosting.com | myronblair/orbishosting | — |
| orbis.orbishosting.com | myronblair/orbis-hosting-portal | — |
| tomtomgames.com | myronblair/tomtomgames | tomt_ttg_db |

GitHub PAT: `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` (expires ~2026-08-20)

---

## What Is NOT Backed Up Here

| Item | Location / Notes |
|------|-----------------|
| Website files | All in GitHub repos — `git pull` on restore |
| Databases | Backed up daily by `jarvis-backup.sh` → `/var/backups/jarvis/` |
| SSL certs | `/etc/letsencrypt/` — re-issue via CyberPanel after restore |
| Gitignored configs | `api/config.php` files — must recreate manually (see DB creds below) |
| SSH private key | `/root/.ssh/id_rsa` — regenerate or restore from secure storage |
| CyberPanel itself | Reinstall via `sh <(curl https://cyberpanel.net/install.sh)` |
| composer binary | Reinstall: `curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin` |

---

## Disaster Recovery — Full Server Rebuild

**Estimated time: 60–90 minutes**

### Step 1 — Create new DigitalOcean Droplet

- Region: Same as original (NYC3 / SFO3 — check DO console)
- Image: Ubuntu 24.04 LTS
- Size: At minimum 4GB RAM, 80GB disk (original was 4vCPU/8GB/160GB)
- Add SSH key from your local machine

### Step 2 — Clone this repo

```bash
apt update && apt install -y git
git clone https://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@github.com/myronblair/do-server-config.git /opt/do-server-config
bash /opt/do-server-config/restore.sh
```

The restore script is interactive — it walks you through each phase and asks before applying each section.

### Step 3 — DNS Update (if IP changed)

If the new droplet has a different IP, update DNS before or immediately after:
- Cloudflare → DNS → Update A records for all domains
- Also update GitHub webhook URLs if they use IP directly (they don't — they use jarvis.orbishosting.com which is behind Cloudflare)

### Step 4 — Database Restore

Databases are in daily backups at `/var/backups/jarvis/`. If restoring to a new server:

```bash
# Copy the latest backup from old server (if still accessible)
scp root@165.22.1.228:/var/backups/jarvis/jarvis_backup_YYYY-MM-DD_*.tar.gz /tmp/

# Extract and restore
cd /tmp && tar -xzf jarvis_backup_*.tar.gz
# Then for each database:
mysql -u root -p jarvis_db     < sql/jarvis_db.sql
mysql -u root -p toms_tjj_db   < sql/toms_tjj_db.sql
mysql -u root -p tomt_ttg_db   < sql/tomt_ttg_db.sql
mysql -u root -p epic_epic_db  < sql/epic_epic_db.sql
mysql -u root -p epic_parkersling < sql/epic_parkersling.sql
mysql -u root -p parker_db     < sql/parker_db.sql
```

You'll need to create the DB users first:
```sql
CREATE USER 'jarvis_user'@'localhost' IDENTIFIED BY 'J4rv1s_Pr0t0c0l_2026!';
GRANT ALL ON jarvis_db.* TO 'jarvis_user'@'localhost';
-- repeat for each DB user
```

### Step 5 — Recreate Gitignored Configs

After pulling website code, create these manually:

**`/home/jarvis.orbishosting.com/api/config.php`** — Contains all JARVIS credentials (Groq API key, Ollama URL, GitHub PAT, JARVIS DB credentials, ElevenLabs key, etc.)

**`/home/tomsjavajive.com/config/database.php`** — TJJ DB credentials

**`/home/epictravelexpeditions.com/api/config.php`** — Epic/Parker credentials

Reference: `api/config.php.example` or `config/database.php.example` in each repo.

---

## Key Credentials Quick Reference

| Service | User | Password |
|---------|------|----------|
| Root SSH | root | Gonewalk1974!@# |
| CyberPanel admin | admin | (set during reinstall) |
| MySQL root | root | Z9Of4NVs6ji74x (see mysql/my.cnf) |
| jarvis_db | jarvis_user | J4rv1s_Pr0t0c0l_2026! |
| toms_tjj_db | toms_tjj_user | +60wlPc+55e@gFq4 |
| tomt_ttg_db | tomt_ttg_user | q#q+mrOcozsa7I6J |
| epic_parkersling | epic_parkersling | Joker1974!!! |

---

## WireGuard VPN (wg0)

The DO server is the VPN hub for the home network tunnel:
- `wg0` on DO: `10.201.0.1/24`, ListenPort 51820
- Peer: Alpine LXC CT110 on home network → `10.201.0.2/32`
- Traffic flows: CT110 → DO for MediaStack VPN exit

Config is in `wireguard/wg0.conf`. Keys are included (this is a private repo).

---

## Architecture Notes

- **CyberPanel/OLS** manages PHP-FPM, virtual hosts, SSL, DNS (PowerDNS), mail (Postfix)
- **Cloudflare** is in front of all public sites — DNS proxy mode, Rocket Loader ON (breaks inline JS — `Cache-Control: no-transform` header is the fix)
- **JARVIS webhooks** at `/home/jarvis.orbishosting.com/public_html/webhook.php` handle auto-deploys for all 8+ GitHub repos
- **Deploy queue** `/tmp/jarvis-deploy-queue.txt` processed by `jarvis-deploy.sh` every minute
- **Watchdog** `jarvis-watchdog.sh` runs every 5 min — restarts lsws/mysql/redis if down, inserts alerts to DB
- **Daily DB backup** `jarvis-backup.sh` runs at 2am → `/var/backups/jarvis/` (7-day retention)
- **JARVIS agent** registers this server with JARVIS monitoring dashboard

---

## After Restore — Verify Services

```bash
systemctl status lsws mysql redis jarvis-agent
crontab -l
wg show
curl -sk https://jarvis.orbishosting.com/api.php?action=ping
tail -f /home/jarvis.orbishosting.com/logs/watchdog.log
```