s8n/ARRFLIX
s8n/ARRFLIX
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ARRFLIX/snapshots/2026-05-08-pre-elegantfin/RESTORE.md
s8n 937589c7a2 redact: scrub leaked Jellyfin admin API token from public repo 
Token 76858153...f8b1 was committed across 9 docs + 1 snapshot RESTORE.md
and exposed via the brief public window of this repo. Replaced with
`<JELLYFIN_API_TOKEN>` placeholder.

WARNING: this commit only redacts HEAD — the token remains in git history.
Anyone who cloned during the public window has the full value. Treat the
old token as compromised and rotate at Jellyfin Dashboard > API Keys.
Original value backed up to private s8n/secrets/ARRFLIX/.
2026-05-08 15:36:14 +01:00

4.4 KiB
Raw Permalink Blame History

Rollback — 2026-05-08 pre-ElegantFin

Snapshot captured immediately before the Cineplex → ElegantFin theme migration. Restore one or all of the artefacts below to revert to the Cineplex-themed ARRFLIX deploy as of 2026-05-08 03:58 UTC.

Tag: snapshot-2026-05-08-pre-elegantfin Remote: git.s8n.ru/s8n/ARRFLIX

Files in this snapshot

File Source Purpose
branding.json GET /System/Configuration/branding CustomCss + LoginDisclaimer + SplashscreenEnabled
index.html nullstone:/opt/docker/jellyfin/web-overrides/index.html Bind-mounted Jellyfin web shim (critical-path CSS, branding, runtime shim include)
docker-compose.yml nullstone:/opt/docker/jellyfin/docker-compose.yml Compose file driving the jellyfin container
users.json GET /Users Full user list with policies + configurations
libraries.json GET /Library/VirtualFolders Library definitions (paths, types, options)
displayprefs-<userid>.json × 5 GET /DisplayPreferences/usersettings?userId=<id>&client=emby Per-user UI preferences (home sections, theme, etc.)

User IDs captured:

  • 571decc67cdc4ea683b4c936b0a31ff8 — 5
  • 82dd8542915740c8ae799b6723542c63 — guest
  • a4cbcdf95bb34888885af6fbf5c340d1 — house
  • d787fbfc373a44119a247e7406b2721e — marco
  • 2be0f0d3fe3a45dc9298138a15a01925 — s8n

Rollback — three concrete commands

SNAP=/tmp/ARRFLIX/snapshots/2026-05-08-pre-elegantfin
TOKEN="<JELLYFIN_API_TOKEN>"
BASE="https://arrflix.s8n.ru"

1. Restore CustomCss + LoginDisclaimer (branding)

curl -ksX POST "$BASE/System/Configuration/branding" \
  -H "Authorization: MediaBrowser Token=$TOKEN" \
  -H "Content-Type: application/json" \
  --data-binary @$SNAP/branding.json
# Expected: HTTP 204

2. Restore the bind-mounted index.html on nullstone

scp $SNAP/index.html user@nullstone:/opt/docker/jellyfin/web-overrides/index.html
# No restart needed — Traefik serves the file directly via the bind-mount.

3. Restore per-user DisplayPreferences

for uid in 571decc67cdc4ea683b4c936b0a31ff8 \
           82dd8542915740c8ae799b6723542c63 \
           a4cbcdf95bb34888885af6fbf5c340d1 \
           d787fbfc373a44119a247e7406b2721e \
           2be0f0d3fe3a45dc9298138a15a01925; do
  curl -ksX POST "$BASE/DisplayPreferences/usersettings?userId=$uid&client=emby" \
    -H "Authorization: MediaBrowser Token=$TOKEN" \
    -H "Content-Type: application/json" \
    --data-binary @$SNAP/displayprefs-$uid.json
done
# Expected: HTTP 204 each

One-shot rollback (all three at once)

SNAP=/tmp/ARRFLIX/snapshots/2026-05-08-pre-elegantfin
TOKEN="<JELLYFIN_API_TOKEN>"
BASE="https://arrflix.s8n.ru"

# 1. branding
curl -ksX POST "$BASE/System/Configuration/branding" \
  -H "Authorization: MediaBrowser Token=$TOKEN" \
  -H "Content-Type: application/json" \
  --data-binary @$SNAP/branding.json

# 2. index.html
scp $SNAP/index.html user@nullstone:/opt/docker/jellyfin/web-overrides/index.html

# 3. per-user displayprefs
for uid in 571decc67cdc4ea683b4c936b0a31ff8 82dd8542915740c8ae799b6723542c63 \
           a4cbcdf95bb34888885af6fbf5c340d1 d787fbfc373a44119a247e7406b2721e \
           2be0f0d3fe3a45dc9298138a15a01925; do
  curl -ksX POST "$BASE/DisplayPreferences/usersettings?userId=$uid&client=emby" \
    -H "Authorization: MediaBrowser Token=$TOKEN" \
    -H "Content-Type: application/json" \
    --data-binary @$SNAP/displayprefs-$uid.json
done

Reference (read-only — for diffing, not posting back)

  • users.json — sanity-check that policies/permissions match before/after a future user-mgmt change. The User API uses /Users/{id}/Policy and /Users/{id}/Configuration endpoints, NOT a bulk POST.
  • libraries.json — sanity-check that VirtualFolders are still intact. Library mutations go through /Library/VirtualFolders add/remove endpoints, not a single POST.
  • docker-compose.yml — reference only. If the compose file changes, restore by hand and docker compose up -d on nullstone.

What this snapshot does NOT cover

  • Jellyfin SQLite databases (library.db, users.db, etc.) — full data is preserved by Restic backups, not this snapshot.
  • Plugins / plugin config — not part of the CSS/branding migration scope.
  • Media files on disk — never touched by theme work.

If a recovery requires DB-level restore, fall back to the Restic snapshot job documented in SYSTEM.md rather than this CSS-scoped rollback.