steve
518c29ddb3
Post-brainstorm change after operator review: overnight-digest / "don't ping me at 03:00, email me in the morning" use case is poorly served by ntfy (push) and clumsy via webhook → email-gateway. SMTP joins webhook + ntfy as the third v1 channel; Apprise stays deferred. Spec updates: - Decision 5 reworded: three channels in v1. - Channel iface gains smtpChannel using net/smtp + crypto/tls. 10s timeout vs 5s for HTTP — STARTTLS handshake + DATA over a slow link legitimately needs the headroom. - Migration 0014 CHECK now allows 'smtp'. New smtpConfig struct: host, port, encryption (starttls/tls/none), username, password (AEAD), from, to. One channel = one To-address; multi-recipient = multiple channels (keeps failure attribution per-recipient). - Body shape documented: hardcoded subject pattern '[restic-manager] [<sev>] <host>: <kind>', Message-ID includes the alert id so threading groups raised → ack → resolved cleanly. Plain text only in v1. - Encryption defaults to STARTTLS on 465/587; PLAIN auth over TLS, no XOAUTH2 yet (app passwords recommended for Gmail / M365). - Test plan adds MailHog step in the Playwright sweep. - Non-goals expanded: HTML emails, OAuth2/XOAUTH2, multi-recipient channels are explicitly out of v1. Wireframe updates (_diag/p3-alerts-wireframe/wireframe.html): - Kind picker grows from 2 cards to 3 (Webhook / Ntfy / SMTP @). SMTP gets the --ok green colour family so it visually separates from webhook (accent) and ntfy (warm). - New SMTP variant section (3c): host+port+encryption row, user+pass row, from+to row, test result, plus right-rail email shape preview showing the RFC 5322 layout. - Channel list grows a third row: 'overnight-digest · smtp://… → ops-overnight@example.com'.
restic-manager
Self-hosted, browser-based, single-pane-of-glass for managing restic backups across a fleet of Linux and Windows endpoints.
Status: pre-alpha. Phase 0 (project bootstrap) complete; Phase 1 (MVP) in progress. See
spec.mdfor the design andtasks.mdfor the roadmap.
What it does (target)
- Central visibility into backup state for every endpoint
- Trigger any restic operation remotely (
backup,forget,prune,check,unlock,snapshots,stats,diff,restore) - Manage per-host backup schedules from the UI
- Live job progress streamed back to the UI
- Restore wizard (browse snapshots, pick paths, restore to original or alternate host)
- Repo health surfacing (size, dedup ratio, last check, lock state)
- Alerting on failure or staleness
- Cross-platform agent (Linux + Windows)
- Ransomware-resistant repo access via append-only credentials
Architecture (one-line summary)
A small Go control-plane on the Proxmox host, lightweight Go agents on each
endpoint that hold an outbound WebSocket to the control-plane, and a
restic/rest-server on Unraid that holds the actual backup data. The
control-plane never touches backup bytes.
Full architecture diagram and component breakdown:
spec.md §3.
Repository layout
cmd/server/ control-plane binary
cmd/agent/ endpoint agent binary
internal/api shared API types (REST + WS envelopes)
internal/server/ HTTP, WS, UI handlers
internal/agent/ service integration, restic runner, local scheduler
internal/restic restic CLI wrapper
internal/store SQLite persistence
internal/crypto secret encryption
internal/auth passwords, sessions, agent tokens
web/ server-rendered templates + static assets
deploy/ Dockerfile, docker-compose.yml, install scripts
design/ UI wireframes (Phase 0 design pass)
Local development
Requires Go 1.25+ (built and tested on 1.26). The floor is set by
modernc.org/sqlite v1.50.
make build # builds cmd/server and cmd/agent into ./bin
make test # runs go test ./...
make lint # runs golangci-lint
make run-server # runs the server (dev defaults)
License
PolyForm Noncommercial 1.0.0 — see LICENSE. Free for personal,
hobby, research, educational, governmental, and other noncommercial use.
Commercial use requires a separate license.