Summary
- Added host path backup sources alongside Docker volume sources, with read-only Docker bind mounts into the temporary
offen/docker-volume-backupcontainer. - Added optional
VOLUMEVAULT_HOST_PATH_ALLOWLISTenforcement so admins can restrict host-path backup jobs to approved Docker host path prefixes. - Added host path validation for absolute paths, root path rejection,
./..segment rejection, Docker mountability, and user-visible form/API errors. - Updated backup execution, restore naming, missing-volume detection, notifications, API/OpenAPI responses, frontend job forms/lists/details, and all supported locale files for source-aware backup jobs.
- Documented host path backup behavior, allowlist configuration, restore behavior, and security considerations.
- Added regression coverage for host path API creation, allowlist rejection, queueing without a Docker volume record, and Offen mount arguments.
Upgrade Notes
- This release includes a database migration adding
source_typeandhost_pathtobackup_jobs, and makingvolume_namenullable for host-path jobs. - Existing backup jobs default to
docker_volumeand keep their current Docker volume behavior. - Host path backup jobs require the path to exist as a directory on the Docker host and are mounted read-only into the backup container.
- Set
VOLUMEVAULT_HOST_PATH_ALLOWLIST=/srv,/mnt/dataif you want to restrict which host paths can be selected. Leave it empty to allow any non-root absolute host directory path. Stop containers before backupremains available for Docker volume sources only.- Host path backups restore into a new Docker volume; restore-to-host-path is intentionally not implemented.
Verification
- Local verification before merge included
npm run build. - Local verification before merge included
./vendor/bin/pint --dirty --format agentvia Docker. - Local verification before merge included
php artisan test --compactvia Docker.