feat: add restic-exporter as metrics endpoint #84

Open

stevensting wants to merge 3 commits from restic-exporter into main

pull from: restic-exporter

merge into: coop-cloud:main

coop-cloud:main

coop-cloud:renovate/docker-29.x

coop-cloud:cmd-setup-restic-s3

coop-cloud:prom-mon

coop-cloud:feature/dockerfile

coop-cloud:bb2-classic

coop-cloud:feature/selective_paths

coop-cloud:list

coop-cloud:enable-label

coop-cloud:backupbot_revolution

coop-cloud:backup_volumes

coop-cloud:multi_path

Conversation 2 Commits 3 Files Changed 4 +94 -10

stevensting commented 2026-03-18 22:00:19 +00:00

Owner

Copy Link

closes #82

closes #82

❤️ 1

stevensting added 1 commit 2026-03-18 22:00:19 +00:00

first implementation of resti-exporter as metrics provider endpoint 179039fe55

stevensting added 1 commit 2026-03-18 22:05:16 +00:00

make env configurable ac24ac336a

stevensting requested review from p4u1 2026-03-18 22:10:53 +00:00

stevensting added 1 commit 2026-03-18 22:12:45 +00:00

small fix 2663968554

moritz requested changes 2026-03-24 21:13:03 +00:00

moritz left a comment

Owner

Copy Link

I haven't tested it yet but it looks fine. At least it won't affect the normal setup. But I would favor a clear warning that this setup opens a very dangerous attack vector. Per default the backup bot is not exposed in any way. The only attack vector would be to exploit the file parsing of restic.
The restic exporter is exposing port 8001. So if this tools has any security issues the whole system including all other apps could be compromised. And if the backup backend is not configured to be append only, even the backups could be deleted. For backup monitoring I would recommend the PUSH API with uptime kuma, as this doesn't expose any ports.

I haven't tested it yet but it looks fine. At least it won't affect the normal setup. But I would favor a clear warning that this setup opens a very dangerous attack vector. Per default the backup bot is not exposed in any way. The only attack vector would be to exploit the file parsing of restic. The restic exporter is exposing port 8001. So if this tools has any security issues the whole system including all other apps could be compromised. And if the backup backend is not configured to be append only, even the backups could be deleted. For backup monitoring I would recommend the PUSH API with uptime kuma, as this doesn't expose any ports.

stevensting commented 2026-03-31 13:20:27 +00:00

Author

Owner

Copy Link

I haven't tested it yet but it looks fine. At least it won't affect the normal setup. But I would favor a clear warning that this setup opens a very dangerous attack vector. Per default the backup bot is not exposed in any way. The only attack vector would be to exploit the file parsing of restic.
The restic exporter is exposing port 8001. So if this tools has any security issues the whole system including all other apps could be compromised. And if the backup backend is not configured to be append only, even the backups could be deleted. For backup monitoring I would recommend the PUSH API with uptime kuma, as this doesn't expose any ports.

Thank you for the hint. We now also switched to Uptime kuma with push monitoring.
Not sure what to do with this PR though. Maybe just leave it open if someone else some day wants to use it?

> I haven't tested it yet but it looks fine. At least it won't affect the normal setup. But I would favor a clear warning that this setup opens a very dangerous attack vector. Per default the backup bot is not exposed in any way. The only attack vector would be to exploit the file parsing of restic. > The restic exporter is exposing port 8001. So if this tools has any security issues the whole system including all other apps could be compromised. And if the backup backend is not configured to be append only, even the backups could be deleted. For backup monitoring I would recommend the PUSH API with uptime kuma, as this doesn't expose any ports. Thank you for the hint. We now also switched to Uptime kuma with push monitoring. Not sure what to do with this PR though. Maybe just leave it open if someone else some day wants to use it?

👍 1

All checks were successful

Hide all checks

continuous-integration/drone/push Build is passing

Details

continuous-integration/drone/pr Build is passing

Details

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin restic-exporter:restic-exporter

git checkout restic-exporter

Sign in to join this conversation.

Reviewers

No Reviewers

p4u1

moritz

Labels

Clear labels

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se devydave fauno flancian Frando iexos jade javielico jjsfunhouse jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moosemower moritz nicksellen notplants p4u1 pau pharaohgraphy PhiNatalie renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val vaznasty virtualboys wolcen wykwit xynosis yksflip

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/backup-bot-two#84

No description provided.