6 files changed, 248 insertions, 0 deletions
diff --git a/genesishosting/backups/backup-disaster-recovery.md b/genesishosting/backups/backup-disaster-recovery.md
new file mode 100644
index 0000000..18b8d67
--- /dev/null
+++ b/genesishosting/backups/backup-disaster-recovery.md
@@ -0,0 +1,26 @@
+# Disaster Recovery Plan
+
+Genesis Hosting is prepared to recover core systems from catastrophic failure.
+
+## Recovery Objectives
+
+- **RPO (Recovery Point Objective)**: 24 hours
+- **RTO (Recovery Time Objective)**: 4 hours for customer services
+
+## Full Recovery Flow
+
+1. Triage the affected systems
+2. Identify last successful backup or snapshot
+3. Restore individual services:
+   - DNS
+   - WHMCS
+   - DirectAdmin
+   - AzuraCast
+   - TeamTalk
+4. Run post-restore validation scripts
+5. Notify customers of incident and resolution
+
+## DR Testing
+
+- Simulated quarterly
+- Logs retained in `/var/log/genesisdr.log`
diff --git a/genesishosting/backups/backup-integrity.md b/genesishosting/backups/backup-integrity.md
new file mode 100644
index 0000000..ced96f2
--- /dev/null
+++ b/genesishosting/backups/backup-integrity.md
@@ -0,0 +1,23 @@
+# Backup Integrity
+
+We verify all backups regularly to ensure they are complete, uncorrupted, and restorable.
+
+## Weekly Tasks
+
+- ZFS scrubs for all pools
+- Hash checks (SHA-256) for tarballs and dumps
+- rsync `--checksum` verification for remote mirrors
+
+## Alerts
+
+- Email/Mastodon alert if:
+  - ZFS reports checksum errors
+  - Scheduled backup is missing
+  - Remote sync fails or lags > 24h
+
+## Tools Used
+
+- `zfs scrub`
+- `sha256sum` + custom validation script
+- rclone sync logs
+- Telegram bot and Genesis Shield notifications
diff --git a/genesishosting/backups/backup-policy.md b/genesishosting/backups/backup-policy.md
new file mode 100644
index 0000000..6bd0de0
--- /dev/null
+++ b/genesishosting/backups/backup-policy.md
@@ -0,0 +1,29 @@
+# Backup Policy
+
+Genesis Hosting Technologies maintains regular backups to ensure customer data and internal infrastructure are recoverable in the event of failure, corruption, or disaster.
+
+## Backup Schedule
+
+| System         | Frequency | Retention | Method           |
+|----------------|-----------|-----------|------------------|
+| DirectAdmin    | Daily     | 7 Days    | rsync + tarball  |
+| WHMCS          | Daily     | 14 Days   | Encrypted dump   |
+| AzuraCast      | Daily     | 7 Days    | Docker volume snapshot + config export |
+| TeamTalk       | Daily     | 7 Days    | XML + config archive |
+| Full VMs       | Weekly    | 4 Weeks   | ZFS snapshots or Proxmox backups       |
+| Offsite Backups| Weekly    | 4 Weeks   | Rsync to remote ZFS or object storage  |
+
+## Retention Policy
+
+- Daily: 7 days
+- Weekly: 4 weeks
+- Monthly: Optional, for specific business data
+
+## Encryption
+
+- Backups are encrypted at rest (AES-256)
+- Transfers to remote locations use SSH or TLS
+
+## Notes
+
+- No backup occurs on client plans marked "opt-out"
diff --git a/genesishosting/backups/dr/assets-mastodon-bucket.md b/genesishosting/backups/dr/assets-mastodon-bucket.md
new file mode 100644
index 0000000..6a36a15
--- /dev/null
+++ b/genesishosting/backups/dr/assets-mastodon-bucket.md
@@ -0,0 +1,45 @@
+## 2025-05-02 22:24:25 – MinIO Bucket Access Configuration for Mastodon
+
+**Bucket**: `assets-mastodon`
+**Server**: `shredderv2`
+**User**: `genesisuser`
+**Permissions**: Read / Write / Delete
+**Policy Name**: `assets-mastodon-rw-policy`
+
+### Commands Executed:
+
+```bash
+mc alias set localminio http://localhost:9000 genesisadmin MutationXv3!
+
+cat > assets_mastodon_rw_policy.json <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:ListBucket"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::assets-mastodon"
+    },
+    {
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::assets-mastodon/*"
+    }
+  ]
+}
+EOF
+
+mc admin policy add localminio assets-mastodon-rw-policy assets_mastodon_rw_policy.json
+mc admin policy set localminio assets-mastodon-rw-policy user=genesisuser
+```
+
+### Outcome:
+
+User `genesisuser` now has full authenticated access to `assets-mastodon` on `shredderv2`'s MinIO.
diff --git a/genesishosting/backups/dr/assets_azuracast.md b/genesishosting/backups/dr/assets_azuracast.md
new file mode 100644
index 0000000..ad687ed
--- /dev/null
+++ b/genesishosting/backups/dr/assets_azuracast.md
@@ -0,0 +1,93 @@
+## 2025-05-02 22:24:25 – MinIO Bucket Access Configuration for Mastodon
+
+**Bucket**: `assets-mastodon`
+**Server**: `shredderv2`
+**User**: `genesisuser`
+**Permissions**: Read / Write / Delete
+**Policy Name**: `assets-mastodon-rw-policy`
+
+### Commands Executed:
+
+```bash
+mc alias set localminio http://localhost:9000 genesisadmin MutationXv3!
+
+cat > assets_mastodon_rw_policy.json <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:ListBucket"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::assets-mastodon"
+    },
+    {
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::assets-mastodon/*"
+    }
+  ]
+}
+EOF
+
+mc admin policy add localminio assets-mastodon-rw-policy assets_mastodon_rw_policy.json
+mc admin policy set localminio assets-mastodon-rw-policy user=genesisuser
+```
+
+### Outcome:
+
+User `genesisuser` now has full authenticated access to `assets-mastodon` on `shredderv2`'s MinIO.
+
+---
+
+## 2025-05-02 22:43:00 – MinIO Transfer Log: AzuraCast Assets
+
+**Source**: `thevault:/nexus/miniodata/assets_azuracast`
+**Destination**: `shredderv2 MinIO` bucket `assets-azuracast`
+
+### Transfer Method:
+
+```bash
+rclone sync thevault:/nexus/miniodata/assets_azuracast localminio:assets-azuracast \
+  --progress \
+  --transfers=8 \
+  --checkers=8 \
+  --s3-chunk-size=64M \
+  --s3-upload-concurrency=4 \
+  --s3-acl=private \
+  --s3-storage-class=STANDARD
+```
+
+### Outcome:
+
+Data from AzuraCast backup (`assets_azuracast`) successfully synchronized to MinIO bucket `assets-azuracast` on `shredderv2`.
+
+---
+
+## 2025-05-02 23:05:00 – MinIO Transfer Log: Mastodon Assets
+
+**Source**: `thevault:/nexus/miniodata/assets_mastodon`
+**Destination**: `shredderv2 MinIO` bucket `assets-mastodon`
+
+### Transfer Method:
+
+```bash
+rclone sync thevault:/nexus/miniodata/assets_mastodon localminio:assets-mastodon \
+  --progress \
+  --transfers=8 \
+  --checkers=8 \
+  --s3-chunk-size=64M \
+  --s3-upload-concurrency=4 \
+  --s3-acl=private \
+  --s3-storage-class=STANDARD
+```
+
+### Outcome:
+
+Assets from `assets_mastodon` replicated to `assets-mastodon` bucket on `shredderv2`. No impact to production (`shredderv1`) during sync.
diff --git a/genesishosting/backups/restore-instructions.md b/genesishosting/backups/restore-instructions.md
new file mode 100644
index 0000000..7738466
--- /dev/null
+++ b/genesishosting/backups/restore-instructions.md
@@ -0,0 +1,32 @@
+# Restore Instructions
+
+The following steps outline how to restore data for each supported service.
+
+## DirectAdmin
+
+1. Access DA panel as admin
+2. Go to Admin Backup/Transfer
+3. Select user and backup date
+4. Click "Restore"
+
+## WHMCS
+
+1. SSH into WHMCS server
+2. Restore from encrypted MySQL dump
+3. Restart `php-fpm` and `nginx`
+
+## AzuraCast
+
+1. Stop all Docker containers
+2. Replace `station_data` and `config` volumes
+3. Restart stack via `docker-compose up -d`
+
+## TeamTalk
+
+1. Replace configuration file (`tt5srv.xml`)
+2. Restart TeamTalk server
+
+## VM-Level Restore (ZFS)
+
+1. `zfs rollback poolname/dataset@snapshotname`
+2. Verify service health and logs