From d2f49e91302d26c762784a03ba16f37e493812f0 Mon Sep 17 00:00:00 2001
From: Kaloyan Danchev <kaloyandanchev@Kaloyans-MacBook-Air.local>
Date: Wed, 11 Feb 2026 11:21:24 +0200
Subject: [PATCH] Add Vaultwarden sync script for MikroTik cold standby

Syncs the Vaultwarden database, RSA key, and config from Unraid
to the MikroTik container standby instance via a temporary PHP
HTTP server. Designed for manual daily runs before maintenance.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 scripts/vw-sync.sh | 66 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100755 scripts/vw-sync.sh

diff --git a/scripts/vw-sync.sh b/scripts/vw-sync.sh
new file mode 100755
index 0000000..d0e15e9
--- /dev/null
+++ b/scripts/vw-sync.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+# Vaultwarden Sync: Unraid → MikroTik (cold standby)
+# Run this from your Mac (must have VPN/network access to both devices)
+#
+# Usage: ./vw-sync.sh
+#   Syncs the Vaultwarden database from Unraid to MikroTik standby instance.
+#   The MikroTik container must be STOPPED during sync.
+
+set -euo pipefail
+
+UNRAID_SSH="ssh -i ~/.ssh/id_ed25519_unraid root@192.168.10.20 -p 422"
+MIKROTIK_SSH="ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.1"
+UNRAID_VW_PATH="/mnt/user/appdata/vaultwarden"
+MIKROTIK_USB_PATH="usb1/vaultwarden/data"
+HTTP_PORT=8888
+
+echo "=== Vaultwarden Sync: Unraid → MikroTik ==="
+echo ""
+
+# 1. Check MikroTik container is stopped
+echo "[1/5] Checking MikroTik Vaultwarden container status..."
+STATUS=$($MIKROTIK_SSH ':foreach c in=[/container/find where name~"server"] do={:put [/container/get $c status]}' 2>/dev/null || echo "unknown")
+if [ "$STATUS" = "running" ]; then
+    echo "  Container is running. Stopping it..."
+    $MIKROTIK_SSH '/container/stop [find where name~"server"]'
+    sleep 5
+fi
+echo "  Container is stopped."
+
+# 2. Start temporary HTTP server on Unraid
+echo "[2/5] Starting temp HTTP server on Unraid (port $HTTP_PORT)..."
+$UNRAID_SSH "cd $UNRAID_VW_PATH && php -S 0.0.0.0:$HTTP_PORT &>/dev/null &"
+sleep 2
+
+# Verify it's responding
+if ! $UNRAID_SSH "curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$HTTP_PORT/db.sqlite3" 2>/dev/null | grep -q "200"; then
+    echo "  ERROR: HTTP server not responding. Aborting."
+    $UNRAID_SSH "pkill -f 'php -S' 2>/dev/null" || true
+    exit 1
+fi
+echo "  HTTP server ready."
+
+# 3. Fetch files to MikroTik
+echo "[3/5] Syncing database to MikroTik..."
+$MIKROTIK_SSH "/tool/fetch url=\"http://192.168.10.20:$HTTP_PORT/db.sqlite3\" dst-path=\"$MIKROTIK_USB_PATH/db.sqlite3\""
+echo ""
+
+echo "[4/5] Syncing RSA key and config..."
+$MIKROTIK_SSH "/tool/fetch url=\"http://192.168.10.20:$HTTP_PORT/rsa_key.pem\" dst-path=\"$MIKROTIK_USB_PATH/rsa_key.pem\""
+$MIKROTIK_SSH "/tool/fetch url=\"http://192.168.10.20:$HTTP_PORT/config.json\" dst-path=\"$MIKROTIK_USB_PATH/config.json\""
+echo ""
+
+# 5. Cleanup
+echo "[5/5] Stopping HTTP server on Unraid..."
+$UNRAID_SSH "pkill -f 'php -S' 2>/dev/null" || true
+
+echo ""
+echo "=== Sync complete! ==="
+echo ""
+echo "To START the standby Vaultwarden:"
+echo "  $MIKROTIK_SSH '/container/start [find where name~\"server\"]'"
+echo ""
+echo "To STOP it after maintenance:"
+echo "  $MIKROTIK_SSH '/container/stop [find where name~\"server\"]'"
+echo ""
+echo "Access URL: http://192.168.10.1:4743"