Releases: Holo795/CBMCoolifyBackup
Release list
v1.2.0 — disaster recovery
Adds a complete disaster-recovery story: CBM now backs up its own metadata, hands you a portable recovery file, and can restore your resources onto a fresh or different Coolify — even when the source Coolify is gone. The controller applies two new migrations automatically on start; no breaking changes.
Added
- Metadata self-backup. The controller keeps an always-current, encrypted
pg_dumpof its own database on an off-site destination (S3 or SSH) as a single overwritten artefact — change-driven and throttled, with a daily safety run and failure/overdue alerts. Configure it in Settings → Disaster recovery. - Portable recovery file. A reveal-once, password-gated download that carries the master key and the location of your latest self-backup. Import it on a fresh install to rebuild CBM: it fetches the latest metadata and re-encrypts every secret under the new master key. A Verify recovery path drill proves the backup is recoverable without a restore.
- Restore onto a fresh or different Coolify. Snapshots now capture the full resource definition (git/build pack, image, compose, domains, database credentials), so Restore → new works even when the source Coolify is gone: it recreates the missing projects/environments, remaps the target server, and re-injects the config. When several instances are connected, a Restore onto picker clones a backup onto another Coolify (migration).
- Re-point an instance in place (edit its URL + API token) to redirect every snapshot to a new Coolify, plus a per-instance multi-server restore map. See docs/disaster-recovery.md.
- Disaster recovery shortcut in the command palette.
Fixed / hardened
- The invitation signup gate now closes ~10 minutes after a link is opened (it was open for the invite's full 48h), so an intercepted-then-abandoned claim can't be used later.
- Documented the single-replica scheduler and added a Postgres advisory-lock backstop, so an accidental second controller replica doesn't double-fire schedules.
Upgrading
- The controller applies migrations
0016and0017automatically on start — no breaking changes. The controller image now bundles the PostgreSQL client used by the self-backup and recovery. Run exactly one controller replica. Pull the new images below (or:latest).
Images
Published to the GitHub Container Registry — also tagged :1.2 and :latest:
docker pull ghcr.io/holo795/cbm-controller:1.2.0
docker pull ghcr.io/holo795/cbm-agent:1.2.0v1.1.0 — multi-user accounts & email
Adds multi-user accounts with roles, SMTP email (password reset and optional verification), and a self-service Profile page — plus repo-wide linting and UI polish. The controller runs the new database migration automatically on start: no breaking changes, and your existing first account keeps its admin role.
Added
- Multiple users with roles. Invite people as admin / operator / viewer with one-time invitation links (copy or emailed). Operators run backups and restores; only admins configure instances, destinations, schedules and settings. Role checks are enforced server-side on every mutating action, and the UI hides controls and pages a role can't use. Invitations are single-use, expire after 48h, bound to the invited email, and stored only as a sha256 hash; the last admin can't be demoted or removed. New Users page and a public
/invite/<token>acceptance page. See docs/accounts.md. - Email (SMTP). Optional password reset (a Forgot password? link on sign-in) and soft account verification — configured from Settings → Email or via
SMTP_*env (config-as-code), with a built-in test that verifies the connection. The dev compose ships Mailpit to test every flow offline. See docs/email.md. - Profile page to change your name, email and password from the UI.
- ESLint across the monorepo and generic root scripts (
npm run lint/typecheck/test), with CI updated to match.
Fixed
- Closed JSX whitespace gaps that glued words after bold/inline tags.
- Fixed a horizontal overflow on mobile when a long copyable link was shown.
Upgrading
- The controller applies the new
Invitationmigration (0015) automatically on start. No breaking changes; the first account keeps its admin role, and email stays optional. Pull the new images below (or:latest).
Images
Published to the GitHub Container Registry — also tagged :1.1 and :latest:
docker pull ghcr.io/holo795/cbm-controller:1.1.0
docker pull ghcr.io/holo795/cbm-agent:1.1.0v1.0.2 — bug fixes & cleanup
Maintenance release — bug fixes and an internal cleanup pass. No migration needed; just pull the new images.
Fixed
- Large backups no longer risk excessive memory use. AES encryption now streams through the cipher with proper backpressure (and surfaces write errors) instead of buffering unbounded — relevant for multi-GB volume archives.
- Cancelling a queued backup is now race-free. A job the agent claims at the same instant can no longer be falsely marked "cancelled" while it keeps running.
- Restore is more robust when a target container rejects its input: the underlying pipe error no longer escapes or masks the real failure.
Changed
- The UI is now fully English (the few remaining French strings were translated); timestamps use a fixed, unambiguous locale.
- Internal cleanup: shared helpers for process spawning, restic-context cleanup, snapshot prune routing and agent-liveness; dead code removed; an N+1 query on the instances page collapsed to a single query.
Images
Published to the GitHub Container Registry — also tagged :1.0 and :latest:
docker pull ghcr.io/holo795/cbm-controller:1.0.2
docker pull ghcr.io/holo795/cbm-agent:1.0.2v1.0.1 — restic-over-SFTP bastion fix
Patch release.
Fixed
- restic over SFTP through a bastion / jump host. restic parses the
-o sftp.commandvalue (CSV) and shell-splits it before exec, so the nested quotes a bastionProxyCommandrequires broke its option parser. The full ssh invocation is now written to an executable connect script and restic receives only the script's space-free path.
Direct SFTP (key and password auth) was unaffected by the bug. All three paths — direct + key, direct + password, and via a jump host — are now verified end to end (backup, deduplication and restore).
Images
Published to the GitHub Container Registry — also tagged :1.0 and :latest:
docker pull ghcr.io/holo795/cbm-controller:1.0.1
docker pull ghcr.io/holo795/cbm-agent:1.0.1v1.0.0 — CBM, Coolify Backup Manager
CBM — Coolify Backup Manager: self-hosted backup & restore for your Coolify resources. First public release.
What CBM adds over Coolify's built-in backups
Coolify's built-in backups cover databases only. CBM backs up apps, services, volumes, bind mounts and environment variables, restores them (including restore-to-new), and adds missed-backup alerts and multi-server orchestration.
Highlights
- restic engine — incremental, deduplicated and encrypted snapshots to local, S3 or SSH/SFTP (key or password auth, bastion / jump host supported).
- Simple tar engine as well, for basic destinations.
- Full restore and restore-to-new (clones the Coolify resource before restoring into it).
- Per-container pre/post hooks (e.g. consistent application-DB dumps) plus service-internal Postgres/Redis exports.
- Alerts for missed / failed backups via notifications.
- Multi-server — one controller, one agent per server.
- Responsive UI with a command palette (⌘K).
Install
Published images: ghcr.io/holo795/cbm-controller and ghcr.io/holo795/cbm-agent. See the README and the /docs folder. The first account you create becomes the admin, after which registration closes.
Licensed under Apache-2.0.
Images
Published to the GitHub Container Registry:
docker pull ghcr.io/holo795/cbm-controller:1.0.0
docker pull ghcr.io/holo795/cbm-agent:1.0.0v0.1.0 — first release
First tagged release of Coolify Backup Manager — back up and restore Coolify resources without restarting your running services.
Features
- No-restart backups. Standalone databases are exported live (
pg_dump/mysqldump/mongodump). For everything else, the agent briefly freezes (docker pause) only the containers writing to a volume, copies it, and resumes them — never stopped or recreated. Optional per-resource "live, no freeze" mode. - Restore → new for every resource type: databases, git apps (commit re-pinned), docker-image apps (exact tag, or the deployed digest for a floating tag), and docker-compose services (volumes re-mapped to the clone). The original is never touched.
- Destinations: local folder, SSH/SFTP, or S3, with optional AES-256-GCM encryption at rest.
- Scheduling with grandfather-father-son retention, evaluated in a configurable timezone.
- One backup gate per resource; settings save automatically.
Known limitations
Bind mounts (host paths) and environment variables are not yet captured; no incremental backup, failure alerting, or automatic restore verification yet. See the README before relying on it — always test a restore.
Licensed under Apache-2.0.