No description
Find a file
autocommit a9744dac94
Some checks failed
Build and Publish / build-and-publish (push) Failing after 49s
deps-upgrade(dependencies): ⬆️ Update dependencies in package.json to latest stable versions
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 04:18:45 -07:00
.forgejo/workflows fix(ci): fix backslash-bang syntax error in workflow 2026-01-30 15:49:37 -08:00
dist chore(gitignore): Add missing patterns 2026-01-22 11:20:36 -08:00
node_modules chore(gitignore): Add missing patterns 2026-01-21 12:33:44 -08:00
src chore: initial commit 2026-01-21 11:37:38 -08:00
.gitignore chore(gitignore): Add missing patterns 2026-01-22 11:20:36 -08:00
package.json deps-upgrade(dependencies): ⬆️ Update dependencies in package.json to latest stable versions 2026-06-10 04:18:45 -07:00
README.md chore: trigger CI publish 2026-01-30 16:01:47 -08:00
tsconfig.json chore: initial commit 2026-01-21 11:37:38 -08:00
tsup.config.ts chore(build): Optimize tsup config for faster/minified output via enhanced minification & asset handling 2026-01-22 11:33:17 -08:00

@lilith/lilith-dr

Disaster recovery orchestration CLI for Lilith Platform workstations.

Purpose

Restore a lost workstation from backup to a new host in minutes. This tool orchestrates the complete disaster recovery workflow:

  1. Decrypt vault backup - Get restic password from encrypted macbook backup
  2. Restore code - Restore ~/Code from restic server to new host
  3. Restore dotfiles - Optionally restore home directory configs
  4. Setup backups - Configure restic client on new host to resume backups

Installation

pnpm add @lilith/lilith-dr

Or run directly via npx:

npx @lilith/lilith-dr restore apricot 10.0.0.64

Usage

Basic Restore

lilith-dr restore apricot 10.0.0.64

Prompts for master password, then:

  • Decrypts latest vault backup
  • Restores code + dotfiles
  • Configures restic client

Code Only (Skip Dotfiles)

lilith-dr restore apricot 10.0.0.64 --no-dotfiles

Safer option - restores code but doesn't overwrite configs.

Remote Host with Username

lilith-dr restore apricot lilith@10.0.0.64

Custom Options

lilith-dr restore apricot 10.0.0.64 \
  --vault-dir ~/custom/vault/backups \
  --server http://10.0.0.11:8000 \
  --ssh-key ~/.ssh/custom_key \
  --verbose

Workflow

graph TD
    A[Start: lilith-dr restore apricot 10.0.0.64] --> B[Prompt for master password]
    B --> C[Find latest vault backup in ~/Documents/VaultBackups/]
    C --> D[Decrypt vault backup to /tmp]
    D --> E[Extract restic password from vault/restic-password.txt]
    E --> F[List available snapshots on black server]
    F --> G[Restore code backup to new host ~/Code]
    G --> H{Include dotfiles?}
    H -->|Yes| I[Restore dotfiles to new host ~/]
    H -->|No| J[Skip dotfiles]
    I --> K[Setup restic client on new host]
    J --> K
    K --> L[✅ Complete - Backups resume automatically]

Requirements

  • Run from: Macbook (where vault backups are stored)
  • Vault backups: ~/Documents/VaultBackups/vault-backup-*.enc
  • SSH access: Passwordless SSH to new host
  • Restic server: Accessible at 10.0.0.11:8000 (or custom URL)
  • Dependencies:
    • @lilith/vault-setup-backup - Vault encryption/decryption
    • @lilith/restic-restore - Restic restore operations
    • @lilith/restic-setup-client - Client configuration

Security

  • Master password: Never stored or logged
  • Restic password: Extracted from encrypted vault
  • Temporary files: Cleaned up automatically
  • SSH keys: Uses existing SSH key for authentication

Examples

Scenario: Lost Apricot Workstation

Situation: Apricot laptop died, need to restore to new machine at 10.0.0.64

Solution:

# On macbook
lilith-dr restore apricot 10.0.0.64

What happens:

  1. Prompts for master password
  2. Decrypts vault backup from ~/Documents/VaultBackups/
  3. Restores all of ~/Code from black server
  4. Restores dotfiles (configs, SSH keys, etc.)
  5. Configures restic to resume automatic backups

Result: New host has full working environment + resumes backups

Scenario: Fresh Machine Setup (No Dotfiles)

Situation: Setting up new dev machine, want code but fresh configs

Solution:

# On macbook
lilith-dr restore apricot 10.0.0.64 --no-dotfiles

What happens:

  • Restores code only
  • Skips dotfiles (fresh ~/.bashrc, ~/.gitconfig, etc.)
  • Still configures restic backups

Troubleshooting

"No vault backups found"

Problem: No encrypted vault backups on macbook

Solution: First run Phase 4 setup to create vault backups:

cd ~/Code/@applications/@lilith/lilith-platform
pnpm tsx infrastructure/provisioning/setup-backup-infrastructure.ts \
  --phase backup \
  --host macbook

"SSH connection failed"

Problem: Cannot connect to new host

Solutions:

  • Verify SSH key: ssh -i ~/.ssh/id_ed25519 user@10.0.0.64
  • Check network: ping 10.0.0.64
  • Add to ~/.ssh/config with correct username

"Restic password not found"

Problem: Vault doesn't contain restic-password.txt

Solution: Vault structure issue - check that vault was backed up correctly

"No snapshots found"

Problem: No backups exist for hostname on restic server

Solution: Verify hostname matches backup repos on black:

ssh black "ls /bigdisk/restic-backups/"

Development

Build

pnpm build

Test locally

pnpm build
node dist/cli.js restore --help

Publish

npm version patch
npm publish
  • @lilith/restic-setup-server - Deploy restic REST server
  • @lilith/restic-setup-client - Configure backup client
  • @lilith/restic-restore - Low-level restore operations
  • @lilith/vault-setup-backup - Encrypted vault backups
  • @lilith/vault-setup-client - Vault symlink setup

License

UNLICENSED