fix: skip backups if in_progress

README.md

@@ -20,17 +20,14 @@
 
 ## Intro
 
-Ironmount is a backup automation platform that helps you protect your data across multiple storage backends. Built on top of Restic, it provides an intuitive web interface to schedule, manage, and monitor encrypted backups of your remote storage. With support for Docker integration, Ironmount makes it easy to backup your container volumes automatically.
+Ironmount is a backup automation tool that helps you save your data across multiple storage backends. Built on top of Restic, it provides an modern web interface to schedule, manage, and monitor encrypted backups of your remote storage.
 
 ### Features
 
-- 💾  **Automated backups** with encryption, compression and retention policies powered by Restic
-- 📅  **Flexible scheduling** using cron expressions for automated backup jobs
-- 🔐  **End-to-end encryption** ensuring your data is always protected
-- 📦  **Snapshot management** with retention policies to optimize storage usage
-- 📊  **Monitoring and statistics** to track backup health and storage usage
-- ✅  **Multi-protocol support**: Backup from NFS, SMB, WebDAV, or local directories
-- 🔍  **Health checks** and automatic recovery to ensure backup reliability
+-   **Automated backups** with encryption, compression and retention policies powered by Restic
+-   **Flexible scheduling** For automated backup jobs with fine-grained retention policies
+-   **End-to-end encryption** ensuring your data is always protected
+-   **Multi-protocol support**: Backup from NFS, SMB, WebDAV, or local directories
 
 ## Installation
 
@@ -48,7 +45,7 @@ services:
     devices:
       - /dev/fuse:/dev/fuse
     volumes:
-      - /var/lib/ironmount/:/var/lib/ironmount/
+      - /var/lib/ironmount:/var/lib/ironmount
 ```
 
 Then, run the following command to start Ironmount:
@@ -59,9 +56,158 @@ docker compose up -d
 
 Once the container is running, you can access the web interface at `http://<your-server-ip>:4096`.
 
-## Backups
+## Adding your first volume
 
-![Preview](https://github.com/nicotsx/ironmount/blob/main/screenshots/backups.png?raw=true)
+Ironmount supports multiple volume backends including NFS, SMB, WebDAV, and local directories. A volume represents the source data you want to back up and monitor.
+
+To add your first volume, navigate to the "Volumes" section in the web interface and click on "Create volume". Fill in the required details such as volume name, type, and connection settings.
+
+If you want to track a local directory on the same server where Ironmount is running, you'll first need to mount that directory into the Ironmount container. You can do this by adding a volume mapping in your `docker-compose.yml` file. For example, to mount `/path/to/your/directory` from the host to `/mydata` in the container, you would add the following line under the `volumes` section:
+
+```diff
+services:
+  ironmount:
+    image: ghcr.io/nicotsx/ironmount:v0.5.0
+    container_name: ironmount
+    restart: unless-stopped
+    cap_add:
+      - SYS_ADMIN
+    ports:
+      - "4096:4096"
+    devices:
+      - /dev/fuse:/dev/fuse
+    volumes:
+      - /var/lib/ironmount:/var/lib/ironmount
++     - /path/to/your/directory:/mydata
+```
+
+After updating the `docker-compose.yml` file, restart the Ironmount container to apply the changes:
+
+```bash
+docker compose down
+docker compose up -d
+```
+
+Now, when adding a new volume in the Ironmount web interface, you can select "Directory" as the volume type and search for your mounted path (e.g., `/mydata`) as the source path.
+
+![Preview](https://github.com/nicotsx/ironmount/blob/main/screenshots/add-volume.png?raw=true)
+
+## Creating a repository
+
+A repository is where your backups will be securely stored encrypted. Ironmount currently supports S3-compatible storage backends and local directories for storing your backup repositories.
+
+Repositories are optimized for storage efficiency and data integrity, leveraging Restic's deduplication and encryption features.
+
+To create a repository, navigate to the "Repositories" section in the web interface and click on "Create repository". Fill in the required details such as repository name, type, and connection settings. If you choose a local directory as the repository type, your backups will be stored at `/var/lib/ironmount/repositories/<repository-name>`.
+
+## Your first backup job
+
+Once you have added a volume and created a repository, you can create your first backup job. A backup job defines the schedule and parameters for backing up a specific volume to a designated repository.
+
+When creating a backup job, you can specify the following settings:
+- **Schedule**: Define how often the backup should run (e.g., daily, weekly)
+- **Retention Policy**: Set rules for how long backups should be retained (e.g., keep daily backups for 7 days, weekly backups for 4 weeks)
+- **Paths**: Specify which files or directories to include in the backup
+
+After configuring the backup job, save it and Ironmount will automatically execute the backup according to the defined schedule.
+You can monitor the progress and status of your backup jobs in the "Backups" section of the web interface.
+
+![Preview](https://github.com/nicotsx/ironmount/blob/main/screenshots/backups-list.png?raw=true)
+
+## Restoring data
+
+Ironmount allows you to easily restore your data from backups. To restore data, navigate to the "Backups" section and select the backup job from which you want to restore data. You can then choose a specific backup snapshot and select the files or directories you wish to restore. The data you select will be restored to their original location.
+
+![Preview](https://github.com/nicotsx/ironmount/blob/main/screenshots/restoring.png?raw=true)
+
+## Propagating mounts to host
+
+Ironmount is capable of propagating mounted volumes from within the container to the host system. This is particularly useful when you want to access the mounted data directly from the host to use it with other applications or services.
+
+In order to enable this feature, you need to run Ironmount with privileged mode and mount /proc from the host. Here is an example of how to set this up in your `docker-compose.yml` file:
+
+```diff
+services:
+  ironmount:
+    image: ghcr.io/nicotsx/ironmount:v0.5.0
+    container_name: ironmount
+    restart: unless-stopped
+-   cap_add:
+-     - SYS_ADMIN
++   privileged: true
+    ports:
+      - "4096:4096"
+    devices:
+      - /dev/fuse:/dev/fuse
+    volumes:
+      - /var/lib/ironmount:/var/lib/ironmount
++     - /proc:/host/proc
+```
+
+Restart the Ironmount container to apply the changes:
+
+```bash
+docker compose down
+docker compose up -d
+```
+
+## Docker plugin
+
+Ironmount can also be used as a Docker volume plugin, allowing you to mount your volumes directly into other Docker containers. This enables seamless integration with your containerized applications.
+
+In order to enable this feature, you need to run Ironmount with privileged mode and mount several items from the host. Here is an example of how to set this up in your `docker-compose.yml` file:
+
+```diff
+services:
+  ironmount:
+    image: ghcr.io/nicotsx/ironmount:v0.5.0
+    container_name: ironmount
+    restart: unless-stopped
+-   cap_add:
+-     - SYS_ADMIN
++   privileged: true
+    ports:
+      - "4096:4096"
+    devices:
+      - /dev/fuse:/dev/fuse
+    volumes:
+      - /var/lib/ironmount:/var/lib/ironmount
++     - /proc:/host/proc
++     - /run/docker/plugins:/run/docker/plugins
++     - /var/run/docker.sock:/var/run/docker.sock
+```
+
+Restart the Ironmount container to apply the changes:
+
+```bash
+docker compose down
+docker compose up -d
+```
+
+Your Ironmount volumes will now be available as Docker volumes that you can mount into other containers using the `--volume` flag:
+
+```bash
+docker run -v im-nfs:/path/in/container nginx:latest
+```
+
+Or using Docker Compose:
+
+```yaml
+services:
+  myservice:
+    image: nginx:latest
+    volumes:
+      - im-nfs:/path/in/container
+volumes:
+  im-nfs:
+    external: true
+```
+
+The volume name format is `im-<volume-name>` where `<volume-name>` is the name you assigned to the volume in Ironmount. You can verify that the volume is available by running:
+
+```bash
+docker volume ls
+```
 
 ## Third-Party Software
 

apps/client/app/api-client/@tanstack/react-query.gen.ts

@@ -37,6 +37,7 @@ import {
 	getBackupScheduleForVolume,
 	runBackupNow,
 	getSystemInfo,
+	downloadResticPassword,
 } from "../sdk.gen";
 import { queryOptions, type UseMutationOptions, type DefaultError } from "@tanstack/react-query";
 import type {
@@ -94,6 +95,9 @@ import type {
 	RunBackupNowData,
 	RunBackupNowResponse,
 	GetSystemInfoData,
+	DownloadResticPasswordData,
+	DownloadResticPasswordError,
+	DownloadResticPasswordResponse,
 } from "../types.gen";
 import { client as _heyApiClient } from "../client.gen";
 
@@ -1123,3 +1127,51 @@ export const getSystemInfoOptions = (options?: Options<GetSystemInfoData>) => {
 		queryKey: getSystemInfoQueryKey(options),
 	});
 };
+
+export const downloadResticPasswordQueryKey = (options?: Options<DownloadResticPasswordData>) =>
+	createQueryKey("downloadResticPassword", options);
+
+/**
+ * Download the Restic password file for backup recovery. Requires password re-authentication.
+ */
+export const downloadResticPasswordOptions = (options?: Options<DownloadResticPasswordData>) => {
+	return queryOptions({
+		queryFn: async ({ queryKey, signal }) => {
+			const { data } = await downloadResticPassword({
+				...options,
+				...queryKey[0],
+				signal,
+				throwOnError: true,
+			});
+			return data;
+		},
+		queryKey: downloadResticPasswordQueryKey(options),
+	});
+};
+
+/**
+ * Download the Restic password file for backup recovery. Requires password re-authentication.
+ */
+export const downloadResticPasswordMutation = (
+	options?: Partial<Options<DownloadResticPasswordData>>,
+): UseMutationOptions<
+	DownloadResticPasswordResponse,
+	DownloadResticPasswordError,
+	Options<DownloadResticPasswordData>
+> => {
+	const mutationOptions: UseMutationOptions<
+		DownloadResticPasswordResponse,
+		DownloadResticPasswordError,
+		Options<DownloadResticPasswordData>
+	> = {
+		mutationFn: async (localOptions) => {
+			const { data } = await downloadResticPassword({
+				...options,
+				...localOptions,
+				throwOnError: true,
+			});
+			return data;
+		},
+	};
+	return mutationOptions;
+};

apps/client/app/api-client/sdk.gen.ts

@@ -76,6 +76,9 @@ import type {
 	RunBackupNowResponses,
 	GetSystemInfoData,
 	GetSystemInfoResponses,
+	DownloadResticPasswordData,
+	DownloadResticPasswordResponses,
+	DownloadResticPasswordErrors,
 } from "./types.gen";
 import { client as _heyApiClient } from "./client.gen";
 
@@ -541,3 +544,23 @@ export const getSystemInfo = <ThrowOnError extends boolean = false>(
 		...options,
 	});
 };
+
+/**
+ * Download the Restic password file for backup recovery. Requires password re-authentication.
+ */
+export const downloadResticPassword = <ThrowOnError extends boolean = false>(
+	options?: Options<DownloadResticPasswordData, ThrowOnError>,
+) => {
+	return (options?.client ?? _heyApiClient).post<
+		DownloadResticPasswordResponses,
+		DownloadResticPasswordErrors,
+		ThrowOnError
+	>({
+		url: "/api/v1/system/restic-password",
+		...options,
+		headers: {
+			"Content-Type": "application/json",
+			...options?.headers,
+		},
+	});
+};

apps/client/app/api-client/types.gen.ts

@@ -18,6 +18,7 @@ export type RegisterResponses = {
 		message: string;
 		success: boolean;
 		user?: {
+			hasDownloadedResticPassword: boolean;
 			id: number;
 			username: string;
 		};
@@ -44,6 +45,7 @@ export type LoginResponses = {
 		message: string;
 		success: boolean;
 		user?: {
+			hasDownloadedResticPassword: boolean;
 			id: number;
 			username: string;
 		};
@@ -85,6 +87,7 @@ export type GetMeResponses = {
 		message: string;
 		success: boolean;
 		user?: {
+			hasDownloadedResticPassword: boolean;
 			id: number;
 			username: string;
 		};
@@ -149,6 +152,8 @@ export type ListVolumesResponses = {
 		config:
 			| {
 					backend: "directory";
+					path: string;
+					readOnly?: false;
 			  }
 			| {
 					backend: "nfs";
@@ -175,6 +180,7 @@ export type ListVolumesResponses = {
 					server: string;
 					port?: number;
 					password?: string;
+					readOnly?: boolean;
 					ssl?: boolean;
 					username?: string;
 			  };
@@ -196,6 +202,8 @@ export type CreateVolumeData = {
 		config:
 			| {
 					backend: "directory";
+					path: string;
+					readOnly?: false;
 			  }
 			| {
 					backend: "nfs";
@@ -222,6 +230,7 @@ export type CreateVolumeData = {
 					server: string;
 					port?: number;
 					password?: string;
+					readOnly?: boolean;
 					ssl?: boolean;
 					username?: string;
 			  };
@@ -241,6 +250,8 @@ export type CreateVolumeResponses = {
 		config:
 			| {
 					backend: "directory";
+					path: string;
+					readOnly?: false;
 			  }
 			| {
 					backend: "nfs";
@@ -267,6 +278,7 @@ export type CreateVolumeResponses = {
 					server: string;
 					port?: number;
 					password?: string;
+					readOnly?: boolean;
 					ssl?: boolean;
 					username?: string;
 			  };
@@ -288,6 +300,8 @@ export type TestConnectionData = {
 		config:
 			| {
 					backend: "directory";
+					path: string;
+					readOnly?: false;
 			  }
 			| {
 					backend: "nfs";
@@ -314,6 +328,7 @@ export type TestConnectionData = {
 					server: string;
 					port?: number;
 					password?: string;
+					readOnly?: boolean;
 					ssl?: boolean;
 					username?: string;
 			  };
@@ -386,6 +401,8 @@ export type GetVolumeResponses = {
 			config:
 				| {
 						backend: "directory";
+						path: string;
+						readOnly?: false;
 				  }
 				| {
 						backend: "nfs";
@@ -412,6 +429,7 @@ export type GetVolumeResponses = {
 						server: string;
 						port?: number;
 						password?: string;
+						readOnly?: boolean;
 						ssl?: boolean;
 						username?: string;
 				  };
@@ -435,6 +453,8 @@ export type UpdateVolumeData = {
 		config?:
 			| {
 					backend: "directory";
+					path: string;
+					readOnly?: false;
 			  }
 			| {
 					backend: "nfs";
@@ -461,6 +481,7 @@ export type UpdateVolumeData = {
 					server: string;
 					port?: number;
 					password?: string;
+					readOnly?: boolean;
 					ssl?: boolean;
 					username?: string;
 			  };
@@ -488,6 +509,8 @@ export type UpdateVolumeResponses = {
 		config:
 			| {
 					backend: "directory";
+					path: string;
+					readOnly?: false;
 			  }
 			| {
 					backend: "nfs";
@@ -514,6 +537,7 @@ export type UpdateVolumeResponses = {
 					server: string;
 					port?: number;
 					password?: string;
+					readOnly?: boolean;
 					ssl?: boolean;
 					username?: string;
 			  };
@@ -962,12 +986,11 @@ export type DoctorRepositoryResponses = {
 	 * Doctor operation completed
 	 */
 	200: {
-		message: string;
 		steps: Array<{
+			error: string | null;
+			output: string | null;
 			step: string;
 			success: boolean;
-			error?: string;
-			output?: string;
 		}>;
 		success: boolean;
 	};
@@ -1036,6 +1059,8 @@ export type ListBackupSchedulesResponses = {
 			config:
 				| {
 						backend: "directory";
+						path: string;
+						readOnly?: false;
 				  }
 				| {
 						backend: "nfs";
@@ -1062,6 +1087,7 @@ export type ListBackupSchedulesResponses = {
 						server: string;
 						port?: number;
 						password?: string;
+						readOnly?: boolean;
 						ssl?: boolean;
 						username?: string;
 				  };
@@ -1219,6 +1245,8 @@ export type GetBackupScheduleResponses = {
 			config:
 				| {
 						backend: "directory";
+						path: string;
+						readOnly?: false;
 				  }
 				| {
 						backend: "nfs";
@@ -1245,6 +1273,7 @@ export type GetBackupScheduleResponses = {
 						server: string;
 						port?: number;
 						password?: string;
+						readOnly?: boolean;
 						ssl?: boolean;
 						username?: string;
 				  };
@@ -1383,6 +1412,8 @@ export type GetBackupScheduleForVolumeResponses = {
 			config:
 				| {
 						backend: "directory";
+						path: string;
+						readOnly?: false;
 				  }
 				| {
 						backend: "nfs";
@@ -1409,6 +1440,7 @@ export type GetBackupScheduleForVolumeResponses = {
 						server: string;
 						port?: number;
 						password?: string;
+						readOnly?: boolean;
 						ssl?: boolean;
 						username?: string;
 				  };
@@ -1468,6 +1500,35 @@ export type GetSystemInfoResponses = {
 
 export type GetSystemInfoResponse = GetSystemInfoResponses[keyof GetSystemInfoResponses];
 
+export type DownloadResticPasswordData = {
+	body?: {
+		password: string;
+	};
+	path?: never;
+	query?: never;
+	url: "/api/v1/system/restic-password";
+};
+
+export type DownloadResticPasswordErrors = {
+	/**
+	 * Authentication required or incorrect password
+	 */
+	401: {
+		message?: string;
+	};
+};
+
+export type DownloadResticPasswordError = DownloadResticPasswordErrors[keyof DownloadResticPasswordErrors];
+
+export type DownloadResticPasswordResponses = {
+	/**
+	 * Restic password file content
+	 */
+	200: string;
+};
+
+export type DownloadResticPasswordResponse = DownloadResticPasswordResponses[keyof DownloadResticPasswordResponses];
+
 export type ClientOptions = {
 	baseUrl: "http://192.168.2.42:4096" | (string & {});
 };

apps/client/app/app.css

@@ -70,6 +70,8 @@ body {
 }
 
 :root {
+	color-scheme: dark;
+
 	--radius: 0.625rem;
 	--background: oklch(1 0 0);
 	--foreground: oklch(0.145 0 0);

apps/client/app/components/layout.tsx

@@ -1,6 +1,6 @@
 import { useMutation } from "@tanstack/react-query";
 import { LifeBuoy } from "lucide-react";
-import { Outlet, useNavigate } from "react-router";
+import { Outlet, redirect, useNavigate } from "react-router";
 import { toast } from "sonner";
 import { logoutMutation } from "~/api-client/@tanstack/react-query.gen";
 import { appContext } from "~/context";
@@ -16,6 +16,11 @@ export const clientMiddleware = [authMiddleware];
 
 export async function clientLoader({ context }: Route.LoaderArgs) {
 	const ctx = context.get(appContext);
+
+	if (ctx.user && !ctx.user.hasDownloadedResticPassword) {
+		throw redirect("/download-recovery-key");
+	}
+
 	return ctx;
 }
 

apps/client/app/components/ui/alert.tsx

@@ -10,6 +10,7 @@ const alertVariants = cva(
 			variant: {
 				default: "bg-background text-foreground",
 				destructive: "border-destructive/50 text-destructive dark:border-destructive [&>svg]:text-destructive",
+				warning: "border-orange-500/20 bg-orange-500/10 text-orange-500 [&>svg]:text-orange-500",
 			},
 		},
 		defaultVariants: {

apps/client/app/modules/auth/routes/download-recovery-key.tsx

@@ -0,0 +1,106 @@
+import { useMutation } from "@tanstack/react-query";
+import { AlertTriangle, Download } from "lucide-react";
+import { useState } from "react";
+import { useNavigate } from "react-router";
+import { toast } from "sonner";
+import { downloadResticPasswordMutation } from "~/api-client/@tanstack/react-query.gen";
+import { AuthLayout } from "~/components/auth-layout";
+import { Alert, AlertDescription, AlertTitle } from "~/components/ui/alert";
+import { Button } from "~/components/ui/button";
+import { Input } from "~/components/ui/input";
+import { Label } from "~/components/ui/label";
+import { authMiddleware } from "~/middleware/auth";
+import type { Route } from "./+types/download-recovery-key";
+
+export const clientMiddleware = [authMiddleware];
+
+export function meta(_: Route.MetaArgs) {
+	return [
+		{ title: "Download Recovery Key" },
+		{
+			name: "description",
+			content: "Download your backup recovery key to ensure you can restore your data.",
+		},
+	];
+}
+
+export default function DownloadRecoveryKeyPage() {
+	const navigate = useNavigate();
+	const [password, setPassword] = useState("");
+
+	const downloadResticPassword = useMutation({
+		...downloadResticPasswordMutation(),
+		onSuccess: (data) => {
+			const blob = new Blob([data], { type: "text/plain" });
+			const url = window.URL.createObjectURL(blob);
+			const a = document.createElement("a");
+			a.href = url;
+			a.download = "restic.pass";
+			document.body.appendChild(a);
+			a.click();
+			document.body.removeChild(a);
+			window.URL.revokeObjectURL(url);
+
+			toast.success("Recovery key downloaded successfully!");
+			navigate("/volumes", { replace: true });
+		},
+		onError: (error) => {
+			toast.error("Failed to download recovery key", { description: error.message });
+		},
+	});
+
+	const handleSubmit = (e: React.FormEvent) => {
+		e.preventDefault();
+
+		if (!password) {
+			toast.error("Password is required");
+			return;
+		}
+
+		downloadResticPassword.mutate({
+			body: {
+				password,
+			},
+		});
+	};
+
+	return (
+		<AuthLayout
+			title="Download Your Recovery Key"
+			description="This is a critical step to ensure you can recover your backups"
+		>
+			<Alert variant="warning" className="mb-6">
+				<AlertTriangle className="size-5" />
+				<AlertTitle>Important: Save This File Securely</AlertTitle>
+				<AlertDescription>
+					Your Restic password is essential for recovering your backup data. If you lose access to this server without
+					this file, your backups will be unrecoverable. Store it in a password manager or encrypted storage.
+				</AlertDescription>
+			</Alert>
+
+			<form onSubmit={handleSubmit} className="space-y-4">
+				<div className="space-y-2">
+					<Label htmlFor="password">Confirm Your Password</Label>
+					<Input
+						id="password"
+						type="password"
+						value={password}
+						onChange={(e) => setPassword(e.target.value)}
+						placeholder="Enter your password"
+						required
+						autoFocus
+						disabled={downloadResticPassword.isPending}
+					/>
+					<p className="text-xs text-muted-foreground">Enter your account password to download the recovery key</p>
+				</div>
+
+				<div className="flex flex-col gap-2">
+					<Button type="submit" loading={downloadResticPassword.isPending} className="w-full">
+						<Download size={16} className="mr-2" />
+						Download Recovery Key
+					</Button>
+				</div>
+			</form>
+		</AuthLayout>
+	);
+}

apps/client/app/modules/auth/routes/login.tsx

@@ -10,9 +10,20 @@ import { Button } from "~/components/ui/button";
 import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "~/components/ui/form";
 import { Input } from "~/components/ui/input";
 import { authMiddleware } from "~/middleware/auth";
+import type { Route } from "./+types/login";
 
 export const clientMiddleware = [authMiddleware];
 
+export function meta(_: Route.MetaArgs) {
+	return [
+		{ title: "Login" },
+		{
+			name: "description",
+			content: "Sign in to your Ironmount account.",
+		},
+	];
+}
+
 const loginSchema = type({
 	username: "2<=string<=50",
 	password: "string>=1",
@@ -33,8 +44,12 @@ export default function LoginPage() {
 
 	const login = useMutation({
 		...loginMutation(),
-		onSuccess: async () => {
-			navigate("/volumes");
+		onSuccess: async (data) => {
+			if (data.user && !data.user.hasDownloadedResticPassword) {
+				navigate("/download-recovery-key");
+			} else {
+				navigate("/volumes");
+			}
 		},
 		onError: (error) => {
 			console.error(error);

apps/client/app/modules/auth/routes/onboarding.tsx

@@ -10,9 +10,20 @@ import { Button } from "~/components/ui/button";
 import { Form, FormControl, FormDescription, FormField, FormItem, FormLabel, FormMessage } from "~/components/ui/form";
 import { Input } from "~/components/ui/input";
 import { authMiddleware } from "~/middleware/auth";
+import type { Route } from "./+types/onboarding";
 
 export const clientMiddleware = [authMiddleware];
 
+export function meta(_: Route.MetaArgs) {
+	return [
+		{ title: "Onboarding" },
+		{
+			name: "description",
+			content: "Welcome to Ironmount. Create your admin account to get started.",
+		},
+	];
+}
+
 const onboardingSchema = type({
 	username: "2<=string<=50",
 	password: "string>=8",
@@ -37,7 +48,7 @@ export default function OnboardingPage() {
 		...registerMutation(),
 		onSuccess: async () => {
 			toast.success("Admin user created successfully!");
-			navigate("/volumes");
+			navigate("/download-recovery-key");
 		},
 		onError: (error) => {
 			console.error(error);

apps/client/app/modules/backups/routes/backup-details.tsx

@@ -19,6 +19,16 @@ import type { Route } from "./+types/backup-details";
 import { SnapshotFileBrowser } from "../components/snapshot-file-browser";
 import { SnapshotTimeline } from "../components/snapshot-timeline";
 
+export function meta(_: Route.MetaArgs) {
+	return [
+		{ title: "Backup Job Details" },
+		{
+			name: "description",
+			content: "View and manage backup job configuration, schedule, and snapshots.",
+		},
+	];
+}
+
 export const clientLoader = async ({ params }: Route.LoaderArgs) => {
 	const { data } = await getBackupSchedule({ path: { scheduleId: params.id } });
 

apps/client/app/modules/backups/routes/backups.tsx

@@ -11,10 +11,10 @@ import type { Route } from "./+types/backups";
 
 export function meta(_: Route.MetaArgs) {
 	return [
-		{ title: "Ironmount" },
+		{ title: "Backup Jobs" },
 		{
 			name: "description",
-			content: "Create, manage, monitor, and automate your Docker volumes with ease.",
+			content: "Automate volume backups with scheduled jobs and retention policies.",
 		},
 	];
 }

apps/client/app/modules/backups/routes/create-backup.tsx

@@ -20,10 +20,10 @@ import { listRepositories, listVolumes } from "~/api-client";
 
 export function meta(_: Route.MetaArgs) {
 	return [
-		{ title: "Ironmount" },
+		{ title: "Create Backup Job" },
 		{
 			name: "description",
-			content: "Create, manage, monitor, and automate your Docker volumes with ease.",
+			content: "Create a new automated backup job for your volumes.",
 		},
 	];
 }

apps/client/app/modules/repositories/routes/repositories.tsx

@@ -17,10 +17,10 @@ import { EmptyState } from "~/components/empty-state";
 
 export function meta(_: Route.MetaArgs) {
 	return [
-		{ title: "Ironmount - Repositories" },
+		{ title: "Repositories" },
 		{
 			name: "description",
-			content: "Manage your backup repositories",
+			content: "Manage your backup repositories with encryption and compression.",
 		},
 	];
 }

apps/client/app/modules/repositories/routes/repository-details.tsx

@@ -27,10 +27,10 @@ import { RepositorySnapshotsTabContent } from "../tabs/snapshots";
 
 export function meta({ params }: Route.MetaArgs) {
 	return [
-		{ title: `Ironmount - ${params.name}` },
+		{ title: params.name },
 		{
 			name: "description",
-			content: "Manage your restic backup repositories with ease.",
+			content: "View repository configuration, status, and snapshots.",
 		},
 	];
 }

apps/client/app/modules/repositories/routes/snapshot-details.tsx

@@ -7,6 +7,16 @@ import { SnapshotFileBrowser } from "~/modules/backups/components/snapshot-file-
 import { getSnapshotDetails } from "~/api-client";
 import type { Route } from "./+types/snapshot-details";
 
+export function meta({ params }: Route.MetaArgs) {
+	return [
+		{ title: `Snapshot ${params.snapshotId}` },
+		{
+			name: "description",
+			content: "Browse and restore files from a backup snapshot.",
+		},
+	];
+}
+
 export const clientLoader = async ({ params }: Route.ClientLoaderArgs) => {
 	const snapshot = await getSnapshotDetails({ path: { name: params.name, snapshotId: params.snapshotId } });
 	if (snapshot.data) return snapshot.data;

apps/client/app/modules/repositories/tabs/info.tsx

@@ -135,9 +135,7 @@ export const RepositoryInfoTabContent = ({ repository }: Props) => {
 				<AlertDialogContent className="max-w-2xl">
 					<AlertDialogHeader>
 						<AlertDialogTitle>Doctor Results</AlertDialogTitle>
-						<AlertDialogDescription>
-							{doctorMutation.data?.message || "Repository doctor operation completed"}
-						</AlertDialogDescription>
+						<AlertDialogDescription>Repository doctor operation completed</AlertDialogDescription>
 					</AlertDialogHeader>
 
 					{doctorMutation.data && (

apps/client/app/modules/settings/routes/settings.tsx

@@ -1,11 +1,24 @@
 import { useMutation } from "@tanstack/react-query";
-import { KeyRound, User } from "lucide-react";
+import { Download, KeyRound, User } from "lucide-react";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { toast } from "sonner";
-import { changePasswordMutation, logoutMutation } from "~/api-client/@tanstack/react-query.gen";
+import {
+	changePasswordMutation,
+	downloadResticPasswordMutation,
+	logoutMutation,
+} from "~/api-client/@tanstack/react-query.gen";
 import { Button } from "~/components/ui/button";
-import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/components/ui/card";
+import { Card, CardContent, CardDescription, CardTitle } from "~/components/ui/card";
+import {
+	Dialog,
+	DialogContent,
+	DialogDescription,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "~/components/ui/dialog";
 import { Input } from "~/components/ui/input";
 import { Label } from "~/components/ui/label";
 import { appContext } from "~/context";
@@ -13,7 +26,7 @@ import type { Route } from "./+types/settings";
 
 export function meta(_: Route.MetaArgs) {
 	return [
-		{ title: "Settings - Ironmount" },
+		{ title: "Settings" },
 		{
 			name: "description",
 			content: "Manage your account settings and preferences.",
@@ -30,6 +43,8 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 	const [currentPassword, setCurrentPassword] = useState("");
 	const [newPassword, setNewPassword] = useState("");
 	const [confirmPassword, setConfirmPassword] = useState("");
+	const [downloadDialogOpen, setDownloadDialogOpen] = useState(false);
+	const [downloadPassword, setDownloadPassword] = useState("");
 	const navigate = useNavigate();
 
 	const logout = useMutation({
@@ -56,6 +71,28 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 		},
 	});
 
+	const downloadResticPassword = useMutation({
+		...downloadResticPasswordMutation(),
+		onSuccess: (data) => {
+			const blob = new Blob([data], { type: "text/plain" });
+			const url = window.URL.createObjectURL(blob);
+			const a = document.createElement("a");
+			a.href = url;
+			a.download = "restic.pass";
+			document.body.appendChild(a);
+			a.click();
+			document.body.removeChild(a);
+			window.URL.revokeObjectURL(url);
+
+			toast.success("Restic password file downloaded successfully");
+			setDownloadDialogOpen(false);
+			setDownloadPassword("");
+		},
+		onError: (error) => {
+			toast.error("Failed to download Restic password", { description: error.message });
+		},
+	});
+
 	const handleChangePassword = (e: React.FormEvent) => {
 		e.preventDefault();
 
@@ -77,6 +114,21 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 		});
 	};
 
+	const handleDownloadResticPassword = (e: React.FormEvent) => {
+		e.preventDefault();
+
+		if (!downloadPassword) {
+			toast.error("Password is required");
+			return;
+		}
+
+		downloadResticPassword.mutate({
+			body: {
+				password: downloadPassword,
+			},
+		});
+	};
+
 	return (
 		<Card className="p-0 gap-0">
 			<div className="border-b border-border/50 bg-card-header p-6">
@@ -143,6 +195,69 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 					</Button>
 				</form>
 			</CardContent>
+
+			<div className="border-t border-border/50 bg-card-header p-6">
+				<CardTitle className="flex items-center gap-2">
+					<Download className="size-5" />
+					Backup Recovery Key
+				</CardTitle>
+				<CardDescription className="mt-1.5">Download your Restic password file for disaster recovery</CardDescription>
+			</div>
+			<CardContent className="p-6 space-y-4">
+				<p className="text-sm text-muted-foreground max-w-2xl">
+					This file contains the encryption password used by Restic to secure your backups. Store it in a safe place
+					(like a password manager or encrypted storage). If you lose access to this server, you'll need this file to
+					recover your backup data.
+				</p>
+
+				<Dialog open={downloadDialogOpen} onOpenChange={setDownloadDialogOpen}>
+					<DialogTrigger asChild>
+						<Button variant="outline">
+							<Download size={16} className="mr-2" />
+							Download Restic Password
+						</Button>
+					</DialogTrigger>
+					<DialogContent>
+						<form onSubmit={handleDownloadResticPassword}>
+							<DialogHeader>
+								<DialogTitle>Download Restic Password</DialogTitle>
+								<DialogDescription>
+									For security reasons, please enter your account password to download the Restic password file.
+								</DialogDescription>
+							</DialogHeader>
+							<div className="space-y-4 py-4">
+								<div className="space-y-2">
+									<Label htmlFor="download-password">Your Password</Label>
+									<Input
+										id="download-password"
+										type="password"
+										value={downloadPassword}
+										onChange={(e) => setDownloadPassword(e.target.value)}
+										placeholder="Enter your password"
+										required
+										autoFocus
+									/>
+								</div>
+							</div>
+							<DialogFooter>
+								<Button
+									type="button"
+									variant="outline"
+									onClick={() => {
+										setDownloadDialogOpen(false);
+										setDownloadPassword("");
+									}}
+								>
+									Cancel
+								</Button>
+								<Button type="submit" loading={downloadResticPassword.isPending}>
+									Download
+								</Button>
+							</DialogFooter>
+						</form>
+					</DialogContent>
+				</Dialog>
+			</CardContent>
 		</Card>
 	);
 }

apps/client/app/modules/volumes/routes/volume-details.tsx

@@ -32,10 +32,10 @@ import { DockerTabContent } from "../tabs/docker";
 
 export function meta({ params }: Route.MetaArgs) {
 	return [
-		{ title: `Ironmount - ${params.name}` },
+		{ title: params.name },
 		{
 			name: "description",
-			content: "Create, manage, monitor, and automate your Docker volumes with ease.",
+			content: "View and manage volume details, configuration, and files.",
 		},
 	];
 }

apps/client/app/modules/volumes/routes/volumes.tsx

@@ -17,7 +17,7 @@ import type { Route } from "./+types/volumes";
 
 export function meta(_: Route.MetaArgs) {
 	return [
-		{ title: "Ironmount" },
+		{ title: "Volumes" },
 		{
 			name: "description",
 			content: "Create, manage, monitor, and automate your Docker volumes with ease.",

apps/client/app/routes.ts

@@ -3,6 +3,7 @@ import { layout, type RouteConfig, route } from "@react-router/dev/routes";
 export default [
 	route("onboarding", "./modules/auth/routes/onboarding.tsx"),
 	route("login", "./modules/auth/routes/login.tsx"),
+	route("download-recovery-key", "./modules/auth/routes/download-recovery-key.tsx"),
 	layout("./components/layout.tsx", [
 		route("/", "./routes/root.tsx"),
 		route("volumes", "./modules/volumes/routes/volumes.tsx"),

apps/server/drizzle/0010_perfect_proemial_gods.sql

@@ -0,0 +1 @@
+ALTER TABLE `users_table` ADD `has_downloaded_restic_password` integer DEFAULT false NOT NULL;

apps/server/drizzle/meta/0010_snapshot.json

@@ -0,0 +1,459 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "17f234ba-4123-4951-a39f-6002d537435f",
+  "prevId": "6a326ac0-cb3a-4c63-8800-bc86d18e0c1d",
+  "tables": {
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

apps/server/drizzle/meta/_journal.json

@@ -71,6 +71,13 @@
       "when": 1762095226041,
       "tag": "0009_little_adam_warlock",
       "breakpoints": true
+    },
+    {
+      "idx": 10,
+      "version": "6",
+      "when": 1762610065889,
+      "tag": "0010_perfect_proemial_gods",
+      "breakpoints": true
     }
   ]
 }

apps/server/src/db/schema.ts

@@ -32,6 +32,7 @@ export const usersTable = sqliteTable("users_table", {
 	id: int().primaryKey({ autoIncrement: true }),
 	username: text().notNull().unique(),
 	passwordHash: text("password_hash").notNull(),
+	hasDownloadedResticPassword: int("has_downloaded_restic_password", { mode: "boolean" }).notNull().default(false),
 	createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch())`),
 	updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch())`),
 });

apps/server/src/modules/auth/auth.controller.ts

@@ -43,7 +43,15 @@ export const authController = new Hono()
 			});
 
 			return c.json<RegisterDto>(
-				{ success: true, message: "User registered successfully", user: { id: user.id, username: user.username } },
+				{
+					success: true,
+					message: "User registered successfully",
+					user: {
+						id: user.id,
+						username: user.username,
+						hasDownloadedResticPassword: user.hasDownloadedResticPassword,
+					},
+				},
 				201,
 			);
 		} catch (error) {
@@ -64,7 +72,11 @@ export const authController = new Hono()
 			return c.json<LoginDto>({
 				success: true,
 				message: "Login successful",
-				user: { id: user.id, username: user.username },
+				user: {
+					id: user.id,
+					username: user.username,
+					hasDownloadedResticPassword: user.hasDownloadedResticPassword,
+				},
 			});
 		} catch (error) {
 			return c.json<LoginDto>({ success: false, message: toMessage(error) }, 401);

apps/server/src/modules/auth/auth.dto.ts

@@ -18,6 +18,7 @@ const loginResponseSchema = type({
 	user: type({
 		id: "number",
 		username: "string",
+		hasDownloadedResticPassword: "boolean",
 	}).optional(),
 });
 

apps/server/src/modules/auth/auth.middleware.ts

@@ -15,6 +15,7 @@ declare module "hono" {
 		user: {
 			id: number;
 			username: string;
+			hasDownloadedResticPassword: boolean;
 		};
 	}
 }

apps/server/src/modules/auth/auth.service.ts

@@ -38,7 +38,15 @@ export class AuthService {
 			expiresAt,
 		});
 
-		return { user: { id: user.id, username: user.username, createdAt: user.createdAt }, sessionId };
+		return {
+			user: {
+				id: user.id,
+				username: user.username,
+				createdAt: user.createdAt,
+				hasDownloadedResticPassword: user.hasDownloadedResticPassword,
+			},
+			sessionId,
+		};
 	}
 
 	/**
@@ -70,7 +78,11 @@ export class AuthService {
 
 		return {
 			sessionId,
-			user: { id: user.id, username: user.username },
+			user: {
+				id: user.id,
+				username: user.username,
+				hasDownloadedResticPassword: user.hasDownloadedResticPassword,
+			},
 			expiresAt,
 		};
 	}
@@ -109,6 +121,7 @@ export class AuthService {
 			user: {
 				id: session.user.id,
 				username: session.user.username,
+				hasDownloadedResticPassword: session.user.hasDownloadedResticPassword,
 			},
 			session: {
 				id: session.session.id,

apps/server/src/modules/backups/backups.service.ts

@@ -160,6 +160,11 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 		return;
 	}
 
+	if (schedule.lastBackupStatus === "in_progress") {
+		logger.info(`Backup schedule ${scheduleId} is already in progress. Skipping execution.`);
+		return;
+	}
+
 	const volume = await db.query.volumesTable.findFirst({
 		where: eq(volumesTable.id, schedule.volumeId),
 	});

apps/server/src/modules/system/system.controller.ts

@@ -1,9 +1,57 @@
 import { Hono } from "hono";
-import { systemInfoDto, type SystemInfoDto } from "./system.dto";
+import { validator } from "hono-openapi";
+import {
+	downloadResticPasswordBodySchema,
+	downloadResticPasswordDto,
+	systemInfoDto,
+	type SystemInfoDto,
+} from "./system.dto";
 import { systemService } from "./system.service";
+import { requireAuth } from "../auth/auth.middleware";
+import { RESTIC_PASS_FILE } from "../../core/constants";
+import { db } from "../../db/db";
+import { usersTable } from "../../db/schema";
+import { eq } from "drizzle-orm";
 
-export const systemController = new Hono().get("/info", systemInfoDto, async (c) => {
-	const info = await systemService.getSystemInfo();
+export const systemController = new Hono()
+	.get("/info", systemInfoDto, async (c) => {
+		const info = await systemService.getSystemInfo();
 
-	return c.json<SystemInfoDto>(info, 200);
-});
+		return c.json<SystemInfoDto>(info, 200);
+	})
+	.post(
+		"/restic-password",
+		downloadResticPasswordDto,
+		requireAuth,
+		validator("json", downloadResticPasswordBodySchema),
+		async (c) => {
+			const user = c.get("user");
+			const body = c.req.valid("json");
+
+			const [dbUser] = await db.select().from(usersTable).where(eq(usersTable.id, user.id));
+
+			if (!dbUser) {
+				return c.json({ message: "User not found" }, 401);
+			}
+
+			const isValid = await Bun.password.verify(body.password, dbUser.passwordHash);
+
+			if (!isValid) {
+				return c.json({ message: "Incorrect password" }, 401);
+			}
+
+			try {
+				const file = Bun.file(RESTIC_PASS_FILE);
+				const content = await file.text();
+
+				await db.update(usersTable).set({ hasDownloadedResticPassword: true }).where(eq(usersTable.id, user.id));
+
+				c.header("Content-Type", "text/plain");
+				c.header("Content-Disposition", 'attachment; filename="restic.pass"');
+
+				return c.text(content);
+			} catch (_error) {
+				return c.json({ message: "Failed to read Restic password file" }, 500);
+			}
+		},
+	);

apps/server/src/modules/system/system.dto.ts

@@ -26,3 +26,23 @@ export const systemInfoDto = describeRoute({
 		},
 	},
 });
+
+export const downloadResticPasswordBodySchema = type({
+	password: "string",
+});
+
+export const downloadResticPasswordDto = describeRoute({
+	description: "Download the Restic password file for backup recovery. Requires password re-authentication.",
+	tags: ["System"],
+	operationId: "downloadResticPassword",
+	responses: {
+		200: {
+			description: "Restic password file content",
+			content: {
+				"text/plain": {
+					schema: { type: "string" },
+				},
+			},
+		},
+	},
+});

apps/server/src/modules/volumes/volume.service.ts

@@ -7,10 +7,12 @@ import { eq } from "drizzle-orm";
 import { ConflictError, InternalServerError, NotFoundError } from "http-errors-enhanced";
 import slugify from "slugify";
 import { getCapabilities } from "../../core/capabilities";
+import { OPERATION_TIMEOUT } from "../../core/constants";
 import { db } from "../../db/db";
 import { volumesTable } from "../../db/schema";
 import { toMessage } from "../../utils/errors";
 import { getStatFs, type StatFs } from "../../utils/mountinfo";
+import { withTimeout } from "../../utils/timeout";
 import { createVolumeBackend } from "../backends/backend";
 import type { UpdateVolumeBody } from "./volume.dto";
 import { getVolumePath } from "./helpers";
@@ -128,7 +130,10 @@ const getVolume = async (name: string) => {
 
 	let statfs: Partial<StatFs> = {};
 	if (volume.status === "mounted") {
-		statfs = await getStatFs(getVolumePath(volume)).catch(() => ({}));
+		statfs = await withTimeout(getStatFs(getVolumePath(volume)), 1000, "getStatFs").catch((error) => {
+			logger.warn(`Failed to get statfs for volume ${name}: ${toMessage(error)}`);
+			return {};
+		});
 	}
 
 	return { volume, statfs };

docker-compose.yml

@@ -15,7 +15,7 @@ services:
     ports:
       - "4096:4097"
     volumes:
-      - /var/lib/ironmount/:/var/lib/ironmount/
+      - /var/lib/ironmount:/var/lib/ironmount
 
       - ./apps/client/app:/app/apps/client/app
       - ./apps/server/src:/app/apps/server/src