Overview
What is Valvet and how does it work
Valvet is a self-hosted, centralized backup management system built around restic. It provides a single dashboard to schedule, monitor, browse, and restore backups across all your servers.
Key Concepts
Hub — The central server that manages everything. It runs the web UI, REST API, job scheduler, and coordinates nodes over WebSocket. Ships as a single binary with an embedded SQLite database.
Node — A lightweight agent installed on each machine you want to back up. It connects to the hub, receives commands, and executes restic operations. The agent auto-downloads and manages its own restic binary.
Repository — A restic repository where encrypted, deduplicated backup data is stored. Supports local paths, SFTP, S3, and any backend restic supports.
Plan — A backup configuration that ties together a node, repository, schedule, paths, and retention policy. Plans run on cron schedules or can be triggered manually.
Snapshot — A point-in-time backup created by restic. You can browse snapshot contents, download individual files, or restore entire snapshots to the same or different node.
How It Works
- The hub runs on a server you control — bare metal, VM, or Docker container
- Nodes are enrolled on each machine using a one-time token
- Nodes connect to the hub over WebSocket and stay connected for real-time command dispatch
- When a backup plan triggers, the hub tells the node to run restic with the configured paths and repository
- The node reports progress in real-time — you see it live on the dashboard
- Snapshots are browsable and restorable directly from the web UI
Tech Stack
| Component | Technology |
|---|---|
| Hub | Rust, Axum, SQLite (WAL mode) |
| Node Agent | Rust, tokio, reqwest |
| Web UI | React, TypeScript, Tailwind CSS |
| Backup Engine | restic (auto-managed binary) |
| Auth | JWT access tokens + HTTP-only refresh cookies |
| Encryption | argon2id (passwords), SHA-256 (tokens), restic AES-256 (data) |