{"id":50356586,"url":"https://github.com/wvogel/backup-sentinel","last_synced_at":"2026-05-29T23:02:37.348Z","repository":{"id":349288479,"uuid":"1201593546","full_name":"wvogel/backup-sentinel","owner":"wvogel","description":"Compliance-focused Proxmox backup monitoring — track backup status, encryption, restore tests across PVE clusters and PBS instances. NIST CSF 2.0 / NIS2 aligned.","archived":false,"fork":false,"pushed_at":"2026-05-29T21:32:13.000Z","size":1147,"stargazers_count":2,"open_issues_count":10,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-29T22:18:53.760Z","etag":null,"topics":["backup-monitoring","compliance","docker","fastapi","nis2","nist-csf","oauth2-proxy","pbs","postgresql","prometheus","proxmox","proxmox-backup","proxmox-backup-server","proxmox-ve","pve","self-hosted"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wvogel.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":null},"created_at":"2026-04-04T22:17:28.000Z","updated_at":"2026-05-29T21:32:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/wvogel/backup-sentinel","commit_stats":null,"previous_names":["wvogel/backup-sentinel"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/wvogel/backup-sentinel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wvogel%2Fbackup-sentinel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wvogel%2Fbackup-sentinel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wvogel%2Fbackup-sentinel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wvogel%2Fbackup-sentinel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wvogel","download_url":"https://codeload.github.com/wvogel/backup-sentinel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wvogel%2Fbackup-sentinel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33673628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup-monitoring","compliance","docker","fastapi","nis2","nist-csf","oauth2-proxy","pbs","postgresql","prometheus","proxmox","proxmox-backup","proxmox-backup-server","proxmox-ve","pve","self-hosted"],"created_at":"2026-05-29T23:02:33.855Z","updated_at":"2026-05-29T23:02:37.334Z","avatar_url":"https://github.com/wvogel.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Backup Sentinel\n\n[![CI](https://github.com/wvogel/backup-sentinel/actions/workflows/ci.yml/badge.svg)](https://github.com/wvogel/backup-sentinel/actions/workflows/ci.yml)\n[![CodeQL](https://github.com/wvogel/backup-sentinel/actions/workflows/codeql.yml/badge.svg)](https://github.com/wvogel/backup-sentinel/actions/workflows/codeql.yml)\n[![Release](https://img.shields.io/github/v/release/wvogel/backup-sentinel)](https://github.com/wvogel/backup-sentinel/releases)\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n[![Python 3.12+](https://img.shields.io/badge/python-3.12+-blue.svg)](https://www.python.org/)\n[![FastAPI](https://img.shields.io/badge/FastAPI-0.116-009688.svg)](https://fastapi.tiangolo.com/)\n[![PostgreSQL 18](https://img.shields.io/badge/PostgreSQL-18-336791.svg)](https://www.postgresql.org/)\n[![Docker](https://img.shields.io/badge/Docker-ready-2496ED.svg)](https://www.docker.com/)\n[![Code style: ruff](https://img.shields.io/badge/code%20style-ruff-000000.svg)](https://docs.astral.sh/ruff/)\n[![Last commit](https://img.shields.io/github/last-commit/wvogel/backup-sentinel)](https://github.com/wvogel/backup-sentinel/commits/main)\n[![Stars](https://img.shields.io/github/stars/wvogel/backup-sentinel?style=social)](https://github.com/wvogel/backup-sentinel/stargazers)\n\nCompliance-focused monitoring for Proxmox backup infrastructure. Track backup status, encryption, verification, and document restore tests across PVE clusters and PBS instances — aligned with NIST CSF 2.0 and NIS2 requirements.\n\n![Screenshot](docs/screenshot-overview.png)\n\n![Architecture](docs/architecture-en.svg)\n\n## Features\n\n- **Dashboard** — Health bar, KPI cards (restore coverage, overdue tests), cluster overview with sync status\n- **Cluster Detail** — Per-VM backup status with 30-day sparklines, backup policy overrides, encryption audit\n- **Restore Test Documentation** — Record and track recovery tests (full, partial, file-based) for compliance evidence\n- **Monthly Reports** — Auto-generated PDF/JSON reports with per-cluster and per-VM breakdown, archive for audit\n- **Notifications** — Gotify push and SMTP email alerts for failed syncs, critical backups, and anomalies\n- **Multi-cluster** — Monitor multiple PVE clusters and PBS instances from a single dashboard\n- **Governance** — NIST CSF 2.0 / NIS2 mapping (Identify, Protect, Detect, Recover)\n- **Internationalization** — Full German and English UI with one-click language switching\n- **Theme** — Light, dark, and auto (system) modes\n\n## Requirements\n\n- Docker \u0026 Docker Compose\n- A reverse proxy such as [Nginx Proxy Manager](https://github.com/NginxProxyManager/nginx-proxy-manager)\n- [OAuth2-Proxy](https://github.com/oauth2-proxy/oauth2-proxy) for authentication (included in `docker-compose.yml`)\n- An OIDC-compatible identity provider (Keycloak, Azure Entra ID, Google, etc.)\n\n## Quick Start\n\n```bash\n# Clone and configure\ngit clone https://github.com/wvogel/backup-sentinel.git\ncd backup-sentinel\ncp .env.example .env\ncp oauth2-proxy.env.example oauth2-proxy.env\n\n# Edit .env and oauth2-proxy.env with your values\n# Then start the stack\ndocker compose up -d\n```\n\nThe app will be available behind the OAuth2-Proxy on port 4180.\n\n## Configuration\n\nSee [`.env.example`](.env.example) for all available environment variables.\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `APP_URL` | Public URL of the application | `https://backup-sentinel.example.com` |\n| `DB_NAME` | PostgreSQL database name | `backup_reports` |\n| `DB_USER` | PostgreSQL user | `backup_reports` |\n| `DB_PASSWORD` | PostgreSQL password | `backup_reports` |\n| `BSENTINEL_SECRET_KEY` | Fernet key for encrypting secrets | `changeme` |\n| `BSENTINEL_DEFAULT_TIMEZONE` | Timezone for display | `Europe/Berlin` |\n| `BSENTINEL_SYNC_INTERVAL_MINUTES` | Auto-sync interval | `60` |\n\nFor OAuth2-Proxy configuration, see [`oauth2-proxy.env.example`](oauth2-proxy.env.example).\n\n## Documentation\n\n- [User Guide (English)](docs/user-docs-en.md) · [Benutzerhandbuch (Deutsch)](docs/user-docs-de.md)\n- [Admin Guide (English)](docs/admin-docs-en.md) · [Admin-Handbuch (Deutsch)](docs/admin-docs-de.md)\n- [Architecture (English)](docs/architecture-en.svg) · [Architektur (Deutsch)](docs/architecture-de.svg)\n\n## Deployment\n\n### GitLab CI/CD\n\nSet these variables in your GitLab project:\n\n| Variable | Description |\n|----------|-------------|\n| `DEPLOY_USER` | SSH user for deployment |\n| `DEPLOY_HOST` | Target server hostname/IP |\n| `DEPLOY_PATH` | Path on the server |\n\nAll application secrets (`DB_PASSWORD`, `BSENTINEL_SECRET_KEY`, OAuth2 credentials) are configured in `.env` and `oauth2-proxy.env` directly on the server — they are never stored in CI/CD or the repository.\n\n## Project Structure\n\n```\nbackup-sentinel/\n├── app/                  # FastAPI application\n│   ├── i18n/             # Translations (en.json, de.json)\n│   ├── web/              # Route handlers\n│   └── ...\n├── templates/            # Jinja2 HTML templates\n├── static/               # CSS, JS, favicon\n├── scripts/              # Bootstrap shell scripts\n├── docs/                 # Documentation and architecture diagrams\n├── docker-compose.yml    # Container orchestration\n├── Dockerfile            # Application container\n├── .env.example          # Environment variable template\n└── oauth2-proxy.env.example  # OAuth2-Proxy configuration template\n```\n\n## Development\n\n```bash\npython -m venv .venv\nsource .venv/bin/activate\npip install -r requirements.txt\n\n# Run locally (requires PostgreSQL)\nuvicorn app.main:app --reload --host 0.0.0.0 --port 8000\n```\n\n## License\n\n[MIT](LICENSE) — Copyright (c) 2026 Backup Sentinel Contributors\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwvogel%2Fbackup-sentinel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwvogel%2Fbackup-sentinel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwvogel%2Fbackup-sentinel/lists"}