{{define "title"}}{{.Title}}{{end}} {{define "content"}} {{$page := .Page}}
Dashboard/Add host
{{if eq $page.Token ""}} {{/* ============================================================ State A · form ============================================================ */}}

Add a host

Mints a one-time enrolment token (TTL 1 hour) and binds the repo credentials to it. The token can only be used once — generate a fresh one if it expires or you typed something wrong.

{{if $page.Error}}
{{$page.Error}}
{{end}}

Host

Becomes the host’s display name. Most operators use the box’s actual hostname so logs line up.
Free-form. Used for filtering and grouping on the dashboard.

Initial schedule · manual

These paths become an initial manual schedule on the new host — manual = no cron, only fires when you click Run now. You can edit this schedule (or add automated ones alongside it) from the host's Schedules tab. Leave blank to skip — the host will enrol but can't back up until you add a schedule.

Restic repository

Whatever restic -r would accept. Most fleets terminate at a restic/rest-server; s3: and b2: URLs work equally well.
For rest-server with htpasswd, this is the per-host user.
Encrypted at rest using the server’s AEAD key, pushed to the agent only over the authenticated WebSocket. Leave blank and we’ll mint a 24-byte URL-safe random password and surface it once on the next page (alongside the htpasswd snippet you’ll need to run on the rest-server).
Cancel
{{else}} {{/* ============================================================ State B · token minted ============================================================ */}}

Token minted

expires {{relTime $page.ExpiresAt}}

Run the snippet below on the target box. The host will appear on the dashboard within a few seconds of the agent connecting.

{{if and $page.RepoUsername $page.RepoPassword}}
Run on the rest-server box first {{if $page.PasswordGenerated}} password generated {{end}} · this is the only time you’ll see the password 
echo '{{$page.RepoPassword}}' | sudo htpasswd -B -i /path/to/htpasswd {{$page.RepoUsername}}
Replace /path/to/htpasswd with whatever your restic/rest-server reads (typically the file passed via --htpasswd-file, or /data/.htpasswd in the official Docker image). The -i flag reads the password from stdin so it never appears in your shell’s process list. Then either send SIGHUP to the rest-server process or restart the container to pick up the new entry.
{{end}}
Install command · paste-and-run on the host you’re backing up 
curl -fsSL {{$page.ServerURL}}/install/install.sh | sudo \
  RM_SERVER={{$page.ServerURL}} \
  RM_TOKEN={{$page.Token}} bash
Awaiting agent connection
{{if $page.Hostname}}{{$page.Hostname}}{{else}}new host{{end}} — enrolment will mark this online
{{$page.ExpiresAt.Format "15:04:05.000"}} server token minted · 1h ttl
awaiting POST /api/agents/enroll …

Enrolment will create a manual schedule from the paths above. Find it (and add automated ones) under Host > Schedules once the agent connects.

← Back to dashboard Add another host
{{end}}
{{end}}