The homelab control plane that actually knows how to back up your apps.
Samovar is a self-hosted control plane for your Docker stack. Built in Go, ships as a single binary, plays nicely with your existing reverse proxy. Its core differentiator is app-aware backup orchestration: it knows how to quiesce your databases before snapshotting, so your restores actually work.
curl -fsSL https://raw.githubusercontent.com/Tubifix77/samovar/main/install.sh | bashOr download a binary from Releases and see docs/getting-started.md for the manual install path.
Requirements: Linux, Docker running, sudo access.
Every homelab control plane on the market falls short on backup:
- Portainer's "backup" only saves its own config, not your container data.
- Cosmos Cloud paywalls per-app backup behind their commercial tier.
- Umbrel's v1.5 backup is broken on recent hardware.
- CasaOS is functionally abandoned — IceWhale pushed users to paid ZimaOS in 2025.
- Dockge is dormant. No release since early 2024.
- YunoHost does full backups only — no incremental, slow, painful.
Meanwhile, the actual mechanic that makes a backup restorable — pause the app, flush buffers, dump the database, snapshot at a known-good state, resume — is left to the user to figure out. Most users don't. They learn the hard way, usually at 3am, usually after a power outage.
Samovar ships with a curated library of quiesce recipes — per-app backup orchestration that knows pg_dump for Postgres, FLUSH TABLES WITH READ LOCK for MySQL, WAL checkpoint for SQLite, BGSAVE for Redis, and maintenance:mode for Nextcloud. Toggle it on per app. Your backups become restorable.
A single Go binary that runs on your homelab host and provides:
Container management
- Web UI: list containers, start/stop, view logs (live stream), shell exec into any container
- Health status polling with visual indicators
- CPU and memory usage per container
- Hostname display (reads your Traefik labels and shows the URL next to each app)
App catalog with one-click install
- 20 curated apps with correct default config, volume layout, and backup recipes
- Install an app without touching the command line; Samovar creates the network, volumes, and containers
- Category filter in the UI: security, media, monitoring, storage, documents, home, devtools
App-aware backup orchestration
- Quiesce recipe per app: pre-snapshot hooks (pg_dump, WAL checkpoint, BGSAVE, maintenance mode), snapshot, post hooks (cleanup, unlock)
- Volume snapshots via Docker API — no host filesystem access required, works on any Docker setup
- Cron scheduler backed by SQLite — add schedules in the UI, they survive restarts
- Restore flow: stop app → restore from archive → start app, all from the UI
- Full run log for every backup (success and failure)
| App | Category | Services | Backup strategy |
|---|---|---|---|
| Vaultwarden | Security | 1 | SQLite WAL checkpoint |
| Nextcloud | Storage | 3 (app + postgres + redis) | Maintenance mode + pg_dump |
| Immich | Media | 4 (server + ML + postgres + redis) | pg_dump |
| Jellyfin | Media | 1 | SQLite WAL checkpoint |
| Paperless-ngx | Documents | 3 (app + postgres + redis) | pg_dump |
| Home Assistant | Home | 1 | SQLite WAL checkpoint |
| n8n | Home | 1 | SQLite WAL checkpoint |
| Open WebUI | Home | 1 | SQLite WAL checkpoint |
| Ollama | Home | 1 | Volume snapshot |
| Uptime Kuma | Monitoring | 1 | SQLite WAL checkpoint |
| Pi-hole | Monitoring | 1 | SQLite WAL checkpoint |
| AdGuard Home | Monitoring | 1 | Config snapshot |
| Grafana | Monitoring | 1 | SQLite WAL checkpoint |
| Gitea | DevTools | 2 (app + postgres) | pg_dump |
| Nginx Proxy Manager | DevTools | 1 | SQLite WAL checkpoint |
| Navidrome | Media | 1 | SQLite WAL checkpoint |
| Sonarr | Media | 1 | SQLite WAL checkpoint |
| Radarr | Media | 1 | SQLite WAL checkpoint |
| qBittorrent | Media | 1 | Config snapshot |
| Syncthing | Storage | 1 | Config snapshot |
Apps not in the catalog still work — they get generic "stop, snapshot, start" backup. The quiesce recipes are what makes the difference for the apps that need it.
- Not a hosting platform (we don't ship our own reverse proxy)
- Not a Kubernetes alternative (we target standalone Docker)
- Not an appliance OS (you run it on your existing Linux box)
- Not multi-tenant (one operator, their stack)
- Not a replacement for Restic or Kopia (v1.1 will wrap them for remote targets)
| Version | Date | What shipped |
|---|---|---|
| v0.1 | 2026-05-20 | Walking skeleton: containers, auth, SQLite, web UI |
| v0.1.1 | 2026-05-20 | hash-password subcommand, status ordering fix |
| v0.2 | 2026-06-07 | App catalog (5 apps), one-click install, logs/exec, health monitor |
| v0.3 | 2026-06-07 | Backup engine: quiesce recipes, volume snapshots, cron, restore flow |
| v0.4 | 2026-06-07 | 20-app catalog, stats (CPU/mem), hostname extraction, category filter |
| v1.0 | next | Install script, systemd service, docs, launch |
See ROADMAP.md for the full plan and ARCHITECTURE.md for the system design.
- Getting Started — install, first backup, first restore
- Known Limitations — honest account of what v1.0 doesn't do
- Migration Guide — moving from Portainer, Cosmos, Dockge, and others
- Architecture — system design and decision history
Samovar reads a TOML config file (default: /etc/samovar/config.toml when installed via the script, or ~/.samovar/config.toml otherwise):
[server]
listen = "0.0.0.0:7080" # bind address
data_dir = "/var/lib/samovar" # SQLite DB and state
[auth]
password_hash = "$2a$10$..." # from: samovar hash-password
session_key = "random64hex" # cookie signing key
# api_token = "" # optional CLI tokenGenerate the password hash: samovar hash-password
git clone https://github.com/Tubifix77/samovar
cd samovar
make build # dev binary for current OS
make build-linux-amd64 # production Linux binary
make testRequires Go 1.24+.
A samovar is the heated central vessel that everyone gathers around — the warm, always-on thing at the center of the room. That's what a homelab control plane should feel like.
The name went through three rounds of clearance research against trademarks, GitHub collisions, package registries, and SEO. It survived where seven other candidates did not. See docs/decisions/0007-samovar-naming.md for the full story.
Samovar is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
Samovar's design emerged from a single multi-tool conversation: GitHub trending was scanned for a gap in what humanity actually needs, the unfilled wedge was identified (app-aware backups), three deep-research passes triangulated the architecture and the name, and a synthesis pass produced the v1 scope. The full design conversation, from "what's missing on GitHub today" to "samovar is the name," runs to about an hour of human-routing time.
Implementation happened across several sessions of collaborative development.
See CONTRIBUTING.md. Adding a new catalog app is just one YAML file — see internal/catalog/apps/vaultwarden.yaml as the template.