Schedules say when. Sources say what. Repo says itself.
+
+ Phase 2's first cut surfaced every restic verb as a schedule kind, and made the operator pick paths twice — once on the host, once on the schedule. That's how restic CLI thinks; it's not how an operator thinks. This redesign collapses the model around three nouns the operator actually has in their head:
+
+
+ Source groups own the "what" — a named bundle of include/exclude paths plus a retention policy. Default group default is created at host enrolment, ready to fill in. Schedules own the "when" — a cron expression pointing at one or more groups. Cron fires → one restic backup per group, each tagged with the group name so retention works cleanly. Repo maintenance (forget / prune / check) lives on the host detail's Repo tab with sensible default cadences — operators don't compose those by hand.
+
+
+ Pages mocked: /hosts/dev/sources · /hosts/dev/sources/<id>/edit · /hosts/dev/schedules · /hosts/dev/repo. Run-now lives on individual source-group rows; manual-schedule kind is gone. The Sources stage has a small Tweaks toggle to flip between fresh-host and multi-group states.
+
+
+
+
+
+
Stage 1/hosts/dev/sources · default group present (fresh-ish host)
+ linux/amd64
+ ·
+ online · last heartbeat 3s ago
+
+
+
+
+
+
+
+
Snapshots 14
+
Sources 3
+
Schedules 2
+
Repo
+
Jobs
+
Settings
+
+
+
+
+
+
+
+ Each source group is a named bundle of paths plus the rule for how long its snapshots stick around. Schedules point at one or more groups — one restic backup runs per group, tagged by name so forget can apply retention cleanly.
+
+
+
+
+
+
+
+
+ default
+
+
+ 2 includes · 1 exclude · keep last 7, daily 14, weekly 4
+
+
+ used by 1 schedule · last run succeeded · 12m ago · 52 snapshots
+
+
+
+
+
+
+
+
+
+
+
+
+
+ databases
+
+
+ 2 includes · 1 exclude · keep last 7, hourly 24, daily 14, weekly 6, monthly 6
+
+
+ used by 2 schedules · last run succeeded · 2h ago · 68 snapshots
+
+ used by 1 schedule · last run succeeded · 6h ago · 7 snapshots
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ default
+ empty
+
+
+ 0 includes · 0 excludes · no retention set — keep everything
+
+
+ used by 0 schedules · never run
+
+
+
+
+
+
+
+
+
+
+
+
+ default can't be deleted while it's the only group on the host.
+ ·
+ Run-now on a row dispatches one immediate backup using that group's paths and tag.
+
+ What this group covers and how long its snapshots are worth keeping. Snapshots produced for this group carry the tag databases — change the name with care: existing snapshots keep the old tag and won't get retained by a renamed group's policy.
+
+
+
+
+
+
+
Identity
+
+
+
+
Used as the snapshot tag. Lowercase, no spaces; matches what restic forget --tag sees.
+
+
+
Paths
+
+
+
+
What restic backup walks. Agent runs as root with CAP_DAC_READ_SEARCH, so any readable path is fair game.
+
+
+
+
+
Passed straight through as --exclude args.
+
+
+
Retention applied nightly · all blank = keep everything
+
+
+
+
⚠
+
+ keep-hourly is set, but no schedule pointing at this group fires more often than once a day.
+ The hourly bucket will never have snapshots to retain — restic forget treats the value as a no-op.
+ Either drop keep-hourly or add a sub-daily schedule.
+ Finest schedule interval: 24h · keep-hourly requires < 1h.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Translates to restic forget --tag databases --keep-last 7 --keep-hourly 24 --keep-daily 14 --keep-weekly 6 --keep-monthly 6. Forget runs nightly per host (cadence on the Repo tab); pruning the freed data is admin-only and weekly.
+
+
+
Retry on offline cron-fired runs only
+
+
+
+
+
+
+
+
+
+
+
+ Each retry doubles the wait. Manual run-now ignores this — it just fails immediately if the agent is offline, since the operator's eyes are on the page.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Stage 3/hosts/dev/schedules · simplified — when only
+ A schedule is just a cron expression pointing at one or more source groups. When it fires, the agent runs a separate restic backup per chosen group — independent jobs, independent snapshots, independent retention. Failure of one group doesn't fail the others.
+
+ Standard 5-field cron with descriptors. Server validates with the same parser the agent uses to fire — what saves here is what runs.
+
+
+
What — pick one or more source groups
+
+
default2 paths · keep last 7, daily 14
+
databases2 paths · keep last 7, daily 14, weekly 6
+
photos1 path · keep monthly 24
+
+
+ Each picked group runs as a separate restic backup with its own tag — its own snapshot, its own retention. Pick multiple to fire them all on the same cron tick.
+
+
+
Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Stage 4/hosts/dev/repo · connection · maintenance · danger zone
+ Applies to every backup, restore, and prune job for this host. Configure per-host because the network constraint usually is the host (its uplink). Per-source is rare enough we don't surface it.
+
+
+
+
+
Maintenance · auto-managed
+
+
+
+
forget
+
+
Cadence
+
daily · 03:00
+
+
+
Last run
+
succeeded · 12h ago
+
+
+ Per source group, using each group's retention policy.
+
+
+ enabled
+
+
+
+
+
+
prune
+
+
Cadence
+
weekly · Sun 04:00
+
+
+
Last run
+
succeeded · 4d ago
+
+
+ Reclaims storage made dead by forget. Heavy — runs weekly only.
+
+
+ enabled
+
+
+
+
+
+
check
+
+
Cadence
+
monthly · 1st 05:00
+
+
+
Last run
+
succeeded · 22d ago
+
+
+ --read-data-subset 5% · spreads full coverage over ~20 months.
+
+
+ enabled
+
+
+
+
+
+
+
Danger zone
+
+
+
+
Re-initialise repo
+
+ Tries to DELETE the rest-server's copy of this repo, then runs restic init against the empty path. Most rest-server setups run with --append-only and refuse the DELETE — in that case the page shows guided cleanup steps instead of attempting anything destructive.
+
+
+ All snapshots are lost; this host's schedule version stays the same and the agent's secrets.enc is reused.
+