v1 · Add host

Add a host.

A focused two-column page, not a modal: the form lives where the cursor needs it, the contextual help and security footnote live where the eye naturally drifts. After the form is submitted the same URL renders the result state — token + install command — so the operator never loses their place.

Backed by POST /api/enrollment-tokens (P1-32). Repo creds become an AEAD blob bound to the token hash; ConsumeEnrollmentToken rebinds them under the new host_id and the WS push lands them on the agent.

State A · form
restic-manager
v0.1.0-alpha
steve@dcglab
Dashboard/Add host

Add a host

Mints a one-time enrolment token (TTL 1 hour) and binds the repo credentials to it. The token can only be used once — generate a fresh one if it expires or you typed something wrong.

Host

Becomes the host’s display name. Most operators use the box’s actual hostname so logs line up.
prod × cache ×
Free-form. Used for filtering and grouping on the dashboard.

Restic repository

repo:
Whatever restic -r would accept. Most fleets terminate at a restic/rest-server; s3: and b2: URLs work equally well.
For rest-server with htpasswd, this is the per-host user.
Encrypted at rest using the server’s AEAD key. Pushed to the agent only over the authenticated WebSocket.
State B · token minted, install command shown
restic-manager
v0.1.0-alpha
steve@dcglab
Dashboard/Add host/prod-redis-01

Token minted

expires in 59m 54s

Run the snippet below on the target box. The host will appear on the dashboard within a few seconds of the agent connecting.

Install command · paste-and-run
curl -fsSL https://restic.lab.example/install.sh | sudo \
  RM_SERVER=https://restic.lab.example \
  RM_TOKEN=HdqFbQh8U-I1fb52iP1M8qxvoYS5t9VZ-T-yghr_CzA sh
Awaiting agent connection
prod-redis-01 — enrolment will mark this online
11:42:18.221 server token minted · 1h ttl
awaiting POST /api/agents/enroll …