pbs-mcp
MCP server for Proxmox Backup Server. Exposes datastore status, snapshot inventory, garbage collection, verify, and prune over the PBS REST API as 13 LLM-callable tools.
README
pbs-mcp
MCP server for Proxmox Backup Server. Exposes datastore status, snapshot inventory, garbage collection, verify, and prune over the PBS REST API as 13 LLM-callable tools. Designed for the Model Context Protocol.
Türkçe için → README.tr.md
Why
PBS already has a polished web UI. This server is for the cases where the UI isn't where you are — answering "is anything broken?" from a chat assistant, or wiring PBS state into a homelab agent that schedules verifies and prunes based on real conditions.
Tools (13)
| # | Tool | Mode | Notes |
|---|---|---|---|
| 1 | pbs_list_datastores |
read | Configured datastores + schedules |
| 2 | pbs_datastore_status |
read | total / used / available bytes |
| 3 | pbs_list_groups |
read | Per-group snapshot count, owner, corruption flag |
| 4 | pbs_list_snapshots |
read | Size, files, last verify state, protected flag |
| 5 | pbs_get_task_status |
read | UPID → running / OK / error |
| 6 | pbs_get_task_log |
read | Tail or paginate a task log |
| 7 | pbs_list_tasks |
read | Recent tasks, optional filters |
| 8 | pbs_gc_status |
read | Last GC stats: bytes referenced, pending, removed |
| 9 | pbs_run_gc |
write | Trigger GC, returns UPID (async) |
| 10 | pbs_run_verify |
write | Trigger verify, optional snapshot scope |
| 11 | pbs_prune_dry_run |
read | Preview which snapshots a retention policy would drop |
| 12 | pbs_prune |
write | Apply retention policy |
| 13 | pbs_forget_snapshot |
write | Delete one snapshot (corrupt cleanup) |
Write tools require both PBS_ALLOW_WRITE=true in the environment and
confirm=true in the call itself. Restore is intentionally out of scope —
the standard proxmox-mcp already handles restore from PBS via archive=
on the Proxmox VE side.
Setup
1. Create an API token in PBS
In a shell on the PBS host (pct enter 205 from Proxmox if PBS lives in
an LXC, otherwise just SSH):
# Generate a token under root@pam
proxmox-backup-manager user generate-token root@pam mcp
# Grant it admin on your datastore
proxmox-backup-manager acl update /datastore/<your-datastore> \
DatastoreAdmin --auth-id 'root@pam!mcp'
The generate-token output includes a value field — that's the secret,
shown only once. Save it.
Why DatastoreAdmin? PBS performs an owner check on prune. Either you give the token DatastoreAdmin (this), or you keep moving backup ownership with
change-ownerafter every push. Admin scope is simpler and stays inside one datastore.
2. Configure the MCP server
git clone https://github.com/ahmetem/pbs-mcp.git
cd pbs-mcp
cp .env.example .env
# Edit .env: fill in PBS_HOST, PBS_TOKEN_ID, PBS_TOKEN_SECRET
pip install -e .
3. Register with your MCP client
For Claude Desktop, add to claude_desktop_config.json:
{
"mcpServers": {
"pbs": {
"command": "python",
"args": ["/absolute/path/to/pbs-mcp/pbs_mcp.py"]
}
}
}
Restart the client. The pbs_* tools should appear.
Safety model
- Read-only by default. Out of the box
PBS_ALLOW_WRITE=false, so every state-changing tool refuses regardless ofconfirm. - Two-key requirement on writes.
PBS_ALLOW_WRITE=trueopens the door; each call still needsconfirm=true. Two independent toggles, two intentional actions. - Async tasks return UPIDs, not results.
run_gcandrun_verifykick off work and hand back a UPID immediately. Poll withget_task_status. This prevents the MCP request from blocking for hours. - Token scoped to one datastore. ACLs live at
/datastore/<name>, not at/. A leaked token can't read PBS user lists or remote sync configs.
Notes / gotchas
- First-call cache lag: PBS caches ACLs for a few seconds. If you just granted permissions and the next call returns "permission check failed", wait 3 seconds and retry.
- Token vs user permissions: PBS API tokens get the intersection of the
parent user's ACLs and the token's ACLs. With
root@pam!mcpthe parent is unrestricted, so only the token's ACL matters in practice. - Self-signed cert: PBS ships with a self-signed cert. The default
PBS_VERIFY_TLS=falseis fine for a LAN setup. For real CAs, setPBS_VERIFY_TLS=trueandPBS_CA_BUNDLEto a PEM file. - UPIDs are tied to their creator: a UPID created by a now-deleted user becomes unreadable. Don't recycle PBS users while there are pending tasks.
License
GPL-3.0-or-later. See LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.