s8n/ARRFLIX
s8n/ARRFLIX
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ARRFLIX/snapshots/2026-05-08-pre-elegantfin/RESTORE.md
s8n 937589c7a2 redact: scrub leaked Jellyfin admin API token from public repo 
Token 76858153...f8b1 was committed across 9 docs + 1 snapshot RESTORE.md
and exposed via the brief public window of this repo. Replaced with
`<JELLYFIN_API_TOKEN>` placeholder.

WARNING: this commit only redacts HEAD — the token remains in git history.
Anyone who cloned during the public window has the full value. Treat the
old token as compromised and rotate at Jellyfin Dashboard > API Keys.
Original value backed up to private s8n/secrets/ARRFLIX/.
2026-05-08 15:36:14 +01:00

119 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Rollback — 2026-05-08 pre-ElegantFin
Snapshot captured immediately before the Cineplex → ElegantFin theme migration.
Restore one or all of the artefacts below to revert to the Cineplex-themed
ARRFLIX deploy as of 2026-05-08 03:58 UTC.
Tag: `snapshot-2026-05-08-pre-elegantfin`
Remote: `git.s8n.ru/s8n/ARRFLIX`
---
## Files in this snapshot
| File | Source | Purpose |
|------|--------|---------|
| `branding.json` | `GET /System/Configuration/branding` | CustomCss + LoginDisclaimer + SplashscreenEnabled |
| `index.html` | `nullstone:/opt/docker/jellyfin/web-overrides/index.html` | Bind-mounted Jellyfin web shim (critical-path CSS, branding, runtime shim include) |
| `docker-compose.yml` | `nullstone:/opt/docker/jellyfin/docker-compose.yml` | Compose file driving the jellyfin container |
| `users.json` | `GET /Users` | Full user list with policies + configurations |
| `libraries.json` | `GET /Library/VirtualFolders` | Library definitions (paths, types, options) |
| `displayprefs-<userid>.json` × 5 | `GET /DisplayPreferences/usersettings?userId=<id>&client=emby` | Per-user UI preferences (home sections, theme, etc.) |
User IDs captured:
- `571decc67cdc4ea683b4c936b0a31ff8` — 5
- `82dd8542915740c8ae799b6723542c63` — guest
- `a4cbcdf95bb34888885af6fbf5c340d1` — house
- `d787fbfc373a44119a247e7406b2721e` — marco
- `2be0f0d3fe3a45dc9298138a15a01925` — s8n
---
## Rollback — three concrete commands
```bash
SNAP=/tmp/ARRFLIX/snapshots/2026-05-08-pre-elegantfin
TOKEN="<JELLYFIN_API_TOKEN>"
BASE="https://arrflix.s8n.ru"
```
### 1. Restore CustomCss + LoginDisclaimer (branding)
```bash
curl -ksX POST "$BASE/System/Configuration/branding" \
-H "Authorization: MediaBrowser Token=$TOKEN" \
-H "Content-Type: application/json" \
--data-binary @$SNAP/branding.json
# Expected: HTTP 204
```
### 2. Restore the bind-mounted index.html on nullstone
```bash
scp $SNAP/index.html user@nullstone:/opt/docker/jellyfin/web-overrides/index.html
# No restart needed — Traefik serves the file directly via the bind-mount.
```
### 3. Restore per-user DisplayPreferences
```bash
for uid in 571decc67cdc4ea683b4c936b0a31ff8 \
82dd8542915740c8ae799b6723542c63 \
a4cbcdf95bb34888885af6fbf5c340d1 \
d787fbfc373a44119a247e7406b2721e \
2be0f0d3fe3a45dc9298138a15a01925; do
curl -ksX POST "$BASE/DisplayPreferences/usersettings?userId=$uid&client=emby" \
-H "Authorization: MediaBrowser Token=$TOKEN" \
-H "Content-Type: application/json" \
--data-binary @$SNAP/displayprefs-$uid.json
done
# Expected: HTTP 204 each
```
---
## One-shot rollback (all three at once)
```bash
SNAP=/tmp/ARRFLIX/snapshots/2026-05-08-pre-elegantfin
TOKEN="<JELLYFIN_API_TOKEN>"
BASE="https://arrflix.s8n.ru"
# 1. branding
curl -ksX POST "$BASE/System/Configuration/branding" \
-H "Authorization: MediaBrowser Token=$TOKEN" \
-H "Content-Type: application/json" \
--data-binary @$SNAP/branding.json
# 2. index.html
scp $SNAP/index.html user@nullstone:/opt/docker/jellyfin/web-overrides/index.html
# 3. per-user displayprefs
for uid in 571decc67cdc4ea683b4c936b0a31ff8 82dd8542915740c8ae799b6723542c63 \
a4cbcdf95bb34888885af6fbf5c340d1 d787fbfc373a44119a247e7406b2721e \
2be0f0d3fe3a45dc9298138a15a01925; do
curl -ksX POST "$BASE/DisplayPreferences/usersettings?userId=$uid&client=emby" \
-H "Authorization: MediaBrowser Token=$TOKEN" \
-H "Content-Type: application/json" \
--data-binary @$SNAP/displayprefs-$uid.json
done
```
---
## Reference (read-only — for diffing, not posting back)
- `users.json` — sanity-check that policies/permissions match before/after a future user-mgmt change. The User API uses `/Users/{id}/Policy` and `/Users/{id}/Configuration` endpoints, NOT a bulk POST.
- `libraries.json` — sanity-check that VirtualFolders are still intact. Library mutations go through `/Library/VirtualFolders` add/remove endpoints, not a single POST.
- `docker-compose.yml` — reference only. If the compose file changes, restore by hand and `docker compose up -d` on nullstone.
---
## What this snapshot does NOT cover
- Jellyfin SQLite databases (`library.db`, `users.db`, etc.) — full data is preserved by Restic backups, not this snapshot.
- Plugins / plugin config — not part of the CSS/branding migration scope.
- Media files on disk — never touched by theme work.
If a recovery requires DB-level restore, fall back to the Restic snapshot job
documented in `SYSTEM.md` rather than this CSS-scoped rollback.
Reference in a new issue View git blame Copy permalink