2026-02-21 - Backup Documentation Overhaul

Summary

Comprehensive audit of backup/recovery documentation. Fixed inconsistencies, expanded quick-reference from stub to full emergency guide, completed backup-flow diagram with all infrastructure systems, and converted cross-component xrefs to plain text per spoke repo rules.

Changes

Added

  • backup-flow.d2/svg - Complete infrastructure diagram with:

    • Active backups: ISE, WLC, pfSense, IOS switches, KVM, Keycloak, Workstation (Borg)

    • TODO backups: Vault, BIND, FreeIPA, Windows AD, iPSK Manager, k3s

    • Animated connections showing data flow

    • Legend distinguishing active vs planned

  • quick-reference.adoc - Expanded from 24-line stub to full emergency reference:

    • Emergency recovery order table (6 steps)

    • Critical infrastructure IPs (using attributes)

    • Backup commands (infrastructure, Borg, Seagate)

    • Recovery commands (Borg, M-Disc, LUKS header)

    • Credential locations table

    • Verification commands

    • "If all else fails" section

  • changelog/ - New changelog section with template

Changed

  • backup-all-infrastructure.adoc:

    • Fixed NAS IP: was hardcoded 10.50.1.50 (wrong - that’s DC), now 10.50.1.70 attribute

    • Marked vault-01 backup as ACTIVE (systemd timer running at 02:00 daily)

    • Updated TODO list: added bind, ipa, k3s; removed vault (now implemented)

    • Added "Automated Backups" section showing systemd timers

    • Added "Related" section with same-component xrefs

  • mdisk-verbatim.adoc:

    • Fixed age key path in RECOVERY-README heredoc

    • Was: ~/.age/identities/personal.key (wrong)

    • Now: ~/.secrets/.metadata/keys/master.age.key (correct)

Fixed

  • Cross-component xref violations (10 total across 4 files):

    • cloudflare-pages-failover.adoc: netapi:: → plain text

    • linux-eaptls-methodology.adoc: ise-linux:: → plain text (4 refs)

    • vim-neovim-reference.adoc: linux-ops:: → plain text (2 refs)

    • sed-operations.adoc: linux-ops::, ise-linux:: → plain text (3 refs)

Cross-component xrefs (component::path) only resolve through domus-docs aggregator. Spoke repos must use plain text: "Label (component-name)".

Files Modified

File Type Description

images/diagrams/backup-flow.d2

Changed

Complete rewrite with all systems, TODO section, animations

images/diagrams/backup-flow.svg

Changed

Regenerated from d2 (42KB → 82KB)

runbooks/backup-all-infrastructure.adoc

Changed

Fix NAS IP, update Vault status, refresh TODO list

recovery/quick-reference.adoc

Changed

Expand from stub to full emergency reference (24 → 170 lines)

recovery/mdisk-verbatim.adoc

Fixed

Correct age key path in recovery instructions

runbooks/cloudflare-pages-failover.adoc

Fixed

Convert cross-component xref to plain text

projects/linux-eaptls-methodology.adoc

Fixed

Convert 4 cross-component xrefs to plain text

tools/vim-neovim-reference.adoc

Fixed

Convert 2 cross-component xrefs to plain text

tools/sed-operations.adoc

Fixed

Convert 3 cross-component xrefs to plain text

changelog/template.adoc

Added

Changelog entry template

changelog/2026-02-21-backup-docs-overhaul.adoc

Added

This file

Commits

ab7828a docs(diagrams): Complete backup-flow with all infrastructure systems
b58e447 docs(backup): Fix inconsistencies and expand quick-reference
086a760 fix(xref): Convert cross-component xrefs to plain text references

Gaps Identified (Future Work)

System Missing Priority

BIND (bind-01)

No backup runbook

P1

FreeIPA (ipa-01)

No backup runbook

P1

home-dc01 (Windows AD)

No backup runbook

P1

iPSK Manager

No backup runbook

P2

k3s cluster

No backup runbook

P2

Synology DSM

No backup runbook

P3

Author

  • evanusmodestus

  • Date: 2026-02-21

  • Session: Backup documentation audit with Claude