Scheria

Safe harbor for the shipwrecked sailor

Emergency reference · Olympus infrastructure
The Island

Olympus

Raspberry Pi 5 · 2TB SSD at /mnt/gaia · boot blocks until SSD mounts. All services are Docker containers. SSD holds everything — configs, data, secrets, repos. Daily encrypted backups to cloud storage. Two credentials unlock full restore: storage login + repository password.

The Portals

What runs on Olympus

Ouranos
Cloud storage & file sync
Iris
Photo management & library
Forge
Git repositories & code
Prometheus
AI model gateway & router
Pandora
Backups & recovery
Hermes
Messages & communication
Cerberus
Reverse proxy & TLS
Charon
Network access & admin
The Awakening

How Olympus starts — order matters

System boots from SD card
Kernel and base OS load from the SD card
SSD mounts blocks until ready
All data lives on the SSD — boot will wait indefinitely if it's missing
Docker engine starts
Waits for SSD mount confirmation before starting
VPN mesh reconnects
Tailscale restores connection from saved state — normally automatic
Reverse proxy + coordination server circular dep
The proxy and VPN coordination depend on each other — see Scenario 3 if cold-starting both
Application services
Everything else: files, photos, git, AI, backups, messaging
When the Sea is Rough

What to do when things go wrong — read like an airplane card

1
Can't reach anything
All *.ithaque.ch URLs are unreachable
  1. Check your own internet connection first Try visiting any other website
  2. Check if your VPN client is connected Most services resolve to a VPN address — if your VPN is off, nothing will load
  3. Try reaching the public endpoint directly The VPN coordination server has a public DNS entry — if it responds, the server is alive
  4. Try SSH over the local network If you're physically near the server, connect via its local address
  5. Physical access — plug in a screen and keyboard Last resort if the network stack is entirely dead
Most common cause: VPN client disconnected on your device. Reconnect it and everything should resolve.
2
Locked out of the mesh
New device, factory reset, or VPN credentials lost
  1. Install the VPN client on your new device Tailscale — available on all platforms
  2. Connect using the self-hosted coordination server Point the client to the custom login URL instead of the default
  3. Approve the new device from an existing session Use the network admin panel or an already-connected device
  4. If no existing session — use LAN access SSH into the server from the local network to approve the new node
Chicken-and-egg: The coordination server is behind the proxy, which binds to the VPN. If both are down and VPN state is lost, you need local/physical access to bootstrap. See Scenario 5.
3
Services are down
SSH works but web services don't respond
  1. Check if the SSD is mounted All data lives there — if it's missing, nothing works
  2. Check if Docker is running All services are containers — Docker must be up first
  3. Check if the Docker image cache is healthy A dirty shutdown can corrupt the cache — see the warning below
  4. Start services in order: proxy first, then coordination, then the rest The boot sequence matters — see "The Awakening" above
  5. If cold-starting: temporarily open the proxy admin to all interfaces This breaks the circular dependency between proxy and VPN — restore after VPN connects
Dirty shutdown recovery: If there was a power loss, Docker's image cache may be corrupted. Stop Docker, clear the image cache directories (not your data), restart Docker, and re-pull the images. Service data in bind mounts is safe.
4
Data is gone
SSD failure, corruption, or accidental deletion
  1. Don't panic — everything is backed up Daily encrypted snapshots go to cloud storage automatically
  2. Get the backup credentials from your password manager You need two things: the storage login and the repository password
  3. Install the backup tool on a working system Kopia — available as a standalone binary for ARM64
  4. Connect to the remote backup repository Point the tool at the cloud storage URL with your credentials
  5. List available snapshots and restore Snapshots include all configs, data, secrets, and service state
What's in the backup: Everything on the SSD except Docker's disposable image cache. All secrets, all configs, all data, all git repos. Docker images are re-pulled automatically after restore.
5
Starting from nothing
Full disaster recovery — new hardware or total loss
  1. Flash a fresh OS on the SD card Raspberry Pi OS Lite 64-bit — the same as before
  2. Mount a new SSD and restore from backup See Scenario 4 for the backup restore procedure
  3. Recreate system symlinks The restored configs need to be linked back to their system locations
  4. Start Docker and bring up services in order Follow the boot sequence — proxy and VPN coordination first
  5. Verify all endpoints respond Check each portal in sequence — the dashboard shows live status
The full procedure is documented step-by-step in the disaster recovery guide, stored alongside the backups in cloud storage. With the backup credentials, you can restore everything.
The Provisions

What you need to rebuild Olympus from scratch

Password Manager
Stores the two critical credentials: cloud storage login and backup repository password. With these, everything else can be restored. Keep this accessible even when Olympus is down.
Cloud Backup Storage
3TB encrypted repository with daily snapshots. Contains all data, configs, secrets, and service state. Retention: 7 daily, 4 weekly, 6 monthly, 1 yearly. Tool: Kopia.
Disaster Recovery Guide
Step-by-step rebuild procedure stored in cloud backup alongside the data. Covers OS setup, SSD mounting, secret restoration, symlinks, Docker, and service startup in exact order.
Pulse
Checking connection…