steve
f55747a281
Lands the bottom three layers of Phase 1: P1-08 internal/api: protocol_version + envelope + every WS message shape from spec.md §6.2 (Hello, Heartbeat, Job*, Schedule*, etc). Wire-format tests pin the JSON shape so a rename here breaks tests instead of silently breaking the agent. P1-02 + P1-03 internal/store: SQLite via modernc.org/sqlite, embed.FS + a tiny version table for hand-rolled migrations. 0001_initial.sql covers every table from spec.md §5 plus enrollment_tokens and host_schedule_version. Typed accessors for users / sessions / enrollment / audit. WAL + foreign_keys + busy_timeout on by default. P1-06 internal/crypto: XChaCha20-Poly1305 AEAD wrapper with per-message random nonce. Key file lifecycle (generate + refuse-to-overwrite, load with size validation). Optional additionalData binds ciphertext to the row that owns it. P1-04 internal/auth (partial — passwords + tokens; sessions middleware lands with the HTTP handlers): argon2id following RFC 9106 (64 MiB / t=3 / p=4 / 32B), constant-time verify. HashToken stores SHA-256 of session/agent/enrollment tokens so a stolen DB doesn't hand over credentials. Build floor moves to Go 1.25 (modernc.org/sqlite v1.50+ requires it); CI + Dockerfile + README updated. Markdown lint diagnostics on tasks.md cleared. All packages tested. ~70 new tests pass in <1s. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
69 lines
2.4 KiB
Markdown
69 lines
2.4 KiB
Markdown
# restic-manager
|
|
|
|
Self-hosted, browser-based, single-pane-of-glass for managing
|
|
[restic](https://restic.net) backups across a fleet of Linux and Windows
|
|
endpoints.
|
|
|
|
> Status: pre-alpha. Phase 0 (project bootstrap) complete; Phase 1 (MVP) in
|
|
> progress. See [`spec.md`](./spec.md) for the design and
|
|
> [`tasks.md`](./tasks.md) for the roadmap.
|
|
|
|
## What it does (target)
|
|
|
|
- Central visibility into backup state for every endpoint
|
|
- Trigger any restic operation remotely (`backup`, `forget`, `prune`,
|
|
`check`, `unlock`, `snapshots`, `stats`, `diff`, `restore`)
|
|
- Manage per-host backup schedules from the UI
|
|
- Live job progress streamed back to the UI
|
|
- Restore wizard (browse snapshots, pick paths, restore to original or
|
|
alternate host)
|
|
- Repo health surfacing (size, dedup ratio, last check, lock state)
|
|
- Alerting on failure or staleness
|
|
- Cross-platform agent (Linux + Windows)
|
|
- Ransomware-resistant repo access via append-only credentials
|
|
|
|
## Architecture (one-line summary)
|
|
|
|
A small Go control-plane on the Proxmox host, lightweight Go agents on each
|
|
endpoint that hold an outbound WebSocket to the control-plane, and a
|
|
`restic/rest-server` on Unraid that holds the actual backup data. The
|
|
control-plane never touches backup bytes.
|
|
|
|
Full architecture diagram and component breakdown:
|
|
[`spec.md` §3](./spec.md).
|
|
|
|
## Repository layout
|
|
|
|
```
|
|
cmd/server/ control-plane binary
|
|
cmd/agent/ endpoint agent binary
|
|
internal/api shared API types (REST + WS envelopes)
|
|
internal/server/ HTTP, WS, UI handlers
|
|
internal/agent/ service integration, restic runner, local scheduler
|
|
internal/restic restic CLI wrapper
|
|
internal/store SQLite persistence
|
|
internal/crypto secret encryption
|
|
internal/auth passwords, sessions, agent tokens
|
|
web/ server-rendered templates + static assets
|
|
deploy/ Dockerfile, docker-compose.yml, install scripts
|
|
design/ UI wireframes (Phase 0 design pass)
|
|
```
|
|
|
|
## Local development
|
|
|
|
Requires Go 1.25+ (built and tested on 1.26). The floor is set by
|
|
`modernc.org/sqlite` v1.50.
|
|
|
|
```sh
|
|
make build # builds cmd/server and cmd/agent into ./bin
|
|
make test # runs go test ./...
|
|
make lint # runs golangci-lint
|
|
make run-server # runs the server (dev defaults)
|
|
```
|
|
|
|
## License
|
|
|
|
PolyForm Noncommercial 1.0.0 — see [`LICENSE`](./LICENSE). Free for personal,
|
|
hobby, research, educational, governmental, and other noncommercial use.
|
|
Commercial use requires a separate license.
|