Add ops, security, and troubleshooting docs

doccs/site/astro.config.mjs

@@ -16,7 +16,7 @@ export default defineConfig({
 			sidebar: [
 				{
 					label: 'Getting Started',
-					items: [{ label: 'Overview', slug: 'overview' }, { label: 'Installation', slug: 'install' }],
+					items: [{ label: 'Overview', slug: 'overview' }, { label: 'Installation', slug: 'install' }, { label: 'Quickstart', slug: 'quickstart' }, { label: 'Operations', slug: 'operations' }, { label: 'Security', slug: 'security' }, { label: 'Troubleshooting', slug: 'troubleshooting' }],
 				},
 				{
 					label: 'Admin Panel',

doccs/site/src/content/docs/operations.md

@@ -0,0 +1,58 @@
+---
+title: Operations and Maintenance
+---
+
+This page covers routine operations for stable, predictable hosting.
+
+## Backups
+
+- Use the admin backups page to configure schedules and retention.
+- Test restore workflows on a staging account before relying on them.
+- Keep at least one offsite destination configured.
+
+## Upgrades
+
+From the panel directory:
+
+```
+cd /var/www/jabali
+php artisan jabali:upgrade
+```
+
+Check for updates only:
+
+```
+php artisan jabali:upgrade --check
+```
+
+## Service health
+
+Key services:
+
+- `jabali-agent`
+- `jabali-queue`
+- `jabali-health-monitor`
+
+Check status:
+
+```
+systemctl status jabali-agent jabali-queue jabali-health-monitor
+```
+
+Restart if needed:
+
+```
+sudo systemctl restart jabali-agent jabali-queue jabali-health-monitor
+```
+
+## Log locations
+
+- Panel logs: `/var/www/jabali/storage/logs`
+- Nginx logs: `/var/log/nginx`
+- System services: `journalctl -u <service>`
+
+## Common maintenance tasks
+
+- Rotate or archive old backups to control disk usage.
+- Review failed jobs and mail queues regularly.
+- Audit admin users and remove unused accounts.

doccs/site/src/content/docs/platform/cli-cookbook.md

@@ -0,0 +1,89 @@
+---
+title: CLI Cookbook
+---
+
+This page provides practical CLI examples. For the full command list, see the CLI reference.
+
+## Backups
+
+Create a backup for a user:
+
+```
+jabali backup create <user>
+```
+
+Restore a backup to a user:
+
+```
+jabali backup restore <path> --user=<user>
+```
+
+## cPanel migration
+
+Analyze a cPanel archive:
+
+```
+jabali cpanel analyze <file>
+```
+
+Restore a cPanel archive into a user:
+
+```
+jabali cpanel restore <file> <user>
+```
+
+## DNS
+
+List DNS zones:
+
+```
+jabali dns zones list
+```
+
+Create a new DNS zone:
+
+```
+jabali dns zones create example.com --template=default
+```
+
+## SSL
+
+Issue a certificate:
+
+```
+jabali ssl issue example.com
+```
+
+Renew all certificates:
+
+```
+jabali ssl renew --all
+```
+
+## Users
+
+Create a user:
+
+```
+jabali users create user@example.com --plan=starter
+```
+
+Suspend a user:
+
+```
+jabali users suspend user@example.com
+```
+
+## Help and discovery
+
+List all commands:
+
+```
+jabali --help
+```
+
+Get help for a specific command:
+
+```
+jabali <command> --help
+```

doccs/site/src/content/docs/quickstart.md

@@ -0,0 +1,55 @@
+---
+title: Quickstart Checklist
+---
+
+This checklist helps you go from a fresh server to a verified, working panel.
+
+## Pre-flight
+
+- Fresh Debian 12 or 13 (no existing web/mail stack).
+- DNS points the panel host to the server IP.
+- PTR (reverse DNS) set for the mail hostname.
+- Ports open: 22, 80, 443, 25, 465, 587, 993, 995, 53.
+
+## Install
+
+```
+curl -fsSL https://raw.githubusercontent.com/shukiv/jabali-panel/main/install.sh | sudo bash
+```
+
+Optional flags:
+
+- `JABALI_MINIMAL=1` for core-only install
+- `JABALI_FULL=1` to force all optional components
+
+## First login
+
+- Admin panel: `https://your-host/jabali-admin`
+- User panel: `https://your-host/jabali-panel`
+- Webmail: `https://your-host/webmail`
+
+## Post-install verification
+
+1) Check services:
+
+```
+systemctl status jabali-agent jabali-queue jabali-health-monitor
+```
+
+2) Check SSL:
+
+- Open the admin panel URL and confirm HTTPS is valid.
+
+3) Check mail flow:
+
+- Create a test mailbox and send/receive via SMTP/IMAP.
+
+4) Check DNS:
+
+- If hosting DNS, confirm zone creation and record updates.
+
+## Common fixes
+
+- If the panel does not load, check nginx and ports 80/443.
+- If background jobs stall, check `jabali-queue` service status.
+- If agent actions fail, check `jabali-agent` service status.

doccs/site/src/content/docs/security.md

@@ -0,0 +1,36 @@
+---
+title: Security Hardening
+---
+
+Use this page as a baseline security checklist.
+
+## Core practices
+
+- Use SSH keys and disable password auth where possible.
+- Enable 2FA for all admin accounts.
+- Keep the OS up to date with regular security patches.
+
+## Firewall and intrusion prevention
+
+- Validate firewall rules match your required ports.
+- Enable Fail2ban and review ban logs.
+
+## Mail security
+
+- Confirm PTR, SPF, DKIM, and DMARC records.
+- Review mail logs and reject spikes.
+
+## SSL and TLS
+
+- Ensure certificates renew automatically.
+- Use strong TLS settings and disable obsolete protocols.
+
+## Least privilege
+
+- Limit admin access to known IPs when possible.
+- Remove unused accounts and API tokens.
+
+## Demo mode
+
+- Demo environments should be isolated and read-only.
+- Never reuse demo credentials in production.

doccs/site/src/content/docs/troubleshooting.md

@@ -0,0 +1,45 @@
+---
+title: Troubleshooting
+---
+
+Common issues and where to look first.
+
+## Panel does not load
+
+- Check nginx: `systemctl status nginx`
+- Confirm ports 80/443 are open.
+- Verify DNS points to the server IP.
+
+## Agent actions fail
+
+- Check agent service:
+
+```
+systemctl status jabali-agent
+journalctl -u jabali-agent -n 200 --no-pager
+```
+
+## Background jobs not running
+
+- Check queue service:
+
+```
+systemctl status jabali-queue
+journalctl -u jabali-queue -n 200 --no-pager
+```
+
+## SSL issuance issues
+
+- Confirm DNS for the domain resolves to the server.
+- Check nginx logs: `/var/log/nginx/error.log`
+
+## Mail delivery problems
+
+- Verify PTR and DNS records (SPF, DKIM, DMARC).
+- Review mail logs: `/var/log/mail.log` (path may vary by distro).
+
+## Logs
+
+- Panel logs: `/var/www/jabali/storage/logs`
+- Nginx logs: `/var/log/nginx`
+- Systemd logs: `journalctl -u <service>`