Restic Backupscript

1. ::
2. :: restic_BackupScript.cmd           12.04.2023
3. ::
4. :: Site     https://github.com/restic/restic
5. :: Docu     https://restic.readthedocs.io/en/latest/020_installation.html
6. ::
7. ::==========================================
8. ::  C O N F I G
9. ::==========================================
10.  
11. ::@set restic="%ProgramW6432%\restic\restic.exe"
12. :: scoop install restic
13. ::@set restic="%userprofile%\scoop\apps\restic\current\restic.exe"
14.  
15. @set Backup_SourceDir=C:\
16.  
17. @set Restic_TargetDir=Backup
18.  
19. ::Location of repository (replaces -r or --repo )
20. @set RESTIC_REPOSITORY=Z:\%Restic_TargetDir%
21. ::@set RESTIC_REPOSITORY=C:\restic\%Restic_TargetDir%
22.  
23. ::The actual password for the repository
24. @set RESTIC_PASSWORD=MyPassword
25.  
26. ::: Cleanup Options
27. ::  last  3
28. ::  daily 7
29. ::  weekly 7
30. ::  monthly 3
31. @set keep=monthly 3
32.  
33.  
34. ::==========================================
35. ::  M A I N
36. ::==========================================
37. @prompt -$G
38. @call :SetWorkingDir
39.  
40. ::@call :DelRepo
41. ::@call :InitRepo
42.  
43. @call :DoBackup
44. @call :ListSnapshots
45.  
46. ::@call :DoRestore
47.  
48. @call :DoCleanup
49.  
50. @goto :eof
51.  
52.  
53. :DoBackup
54.     restic backup   %Backup_SourceDir%  ^
55.         --use-fs-snapshot ^
56.         --exclude-caches ^
57.         --iexclude-file excludedfiles.txt ^
58.         --verbose=2
59.     ::  --dry-run  
60.     ::  --exclude-if-present CACHEDIR.TAG
61.     ::  --iexclude Firefox/**/cache2
62.    
63.     :: about exclude-caches
64.     :: ... a cache directory must have a file named:
65.     ::
66.     :: CACHEDIR.TAG
67.     ::
68.     :: consisting of the following ASCII header string:
69.     ::
70.     :: Signature: 8a477f597d28d172789f06886806bc55
71.     :: Case is important EOL is LF or CR/LF
72.     :: The hex value in the signature happens to be the MD5 hash of the string ".IsCacheDirectory".
73.     ::
74.     :: from https://bford.info/cachedir/
75.        
76.     ::By default VSS ignores Outlook OST files.
77.     :: The files not to snapshot are configured in the Windows registry under the following key:
78.     :: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot
79.  
80.     @echo RetVal=%errorlevel%
81.     :: 0 when the backup was successful (snapshot with all source files created)
82.    :: 1 when there was a fatal error (no snapshot created)
83.    :: 3 when some source files could not be read (incomplete snapshot with remaining files created)
84.  
85.  
86. @goto :eof
87.  
88. :DoRestore
89.     restic dump -a zip latest / > restored.zip
90.    
91. @goto :eof 
92.  
93.  
94.  
95. :Unzip
96.     tar -xf restored.zip
97.    
98. @goto :eof
99.  
100. :DoCleanup
101.     restic forget --keep-%keep% --prune
102.    
103.     ::vssadmin  Delete Shadows /all /Quiet
104.    
105. @goto :eof
106.  
107. :ListSnapshots
108.     restic snapshots
109.    
110. @goto :eof
111.  
112.  
113.  
114. :InitRepo
115.     restic init
116. @goto :eof
117.  
118.  
119. :DelRepo
120.     rmdir /S /Q %RESTIC_REPOSITORY%
121.     @if errorlevel 1 (
122.         @echo RetVal=%errorlevel%.  Maybe you need to run this script elevated.
123.         @goto :FatalError
124.     )
125. @goto :eof
126.  
127. :SetWorkingDir
128.     :: Essential so this restic script finds external files like "excludedfiles.txt"
129.     cd "%~dp0"
130. @goto :eof
131.  
132. :FixPermission
133.     @echo WARNING FixPermission not implemented completely!
134.     takeown /f C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
135.     icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /grant administrators:f
136. @goto :eof
137.  
138.  
139. :FatalError
140.     @echo.
141.     @echo An fatal error occured.  Exiting script...
142.     @pause
143. ::  @exit /b 1
144. @goto :eof
145.  
146. restic is a backup program which allows saving multiple revisions of files and
147. directories in an encrypted repository stored on different backends.
148.  
149. Usage:
150.   restic [command]
151.  
152. Available Commands:
153.   backup        Create a new backup of files and/or directories
154.   cache         Operate on local cache directories
155.   cat           Print internal objects to stdout
156.   check         Check the repository for errors
157.   copy          Copy snapshots from one repository to another
158.   diff          Show differences between two snapshots
159.   dump          Print a backed-up file to stdout
160.   find          Find a file, a directory or restic IDs
161.   forget        Remove snapshots from the repository
162.   generate      Generate manual pages and auto-completion files (bash, fish, zsh, powershell)
163.   help          Help about any command
164.   init          Initialize a new repository
165.   key           Manage keys (passwords)
166.   list          List objects in the repository
167.   ls            List files in a snapshot
168.   migrate       Apply migrations
169.   prune         Remove unneeded data from the repository
170.   rebuild-index Build a new index
171.   recover       Recover data from the repository not referenced by snapshots
172.   restore       Extract the data from a snapshot
173.   rewrite       Rewrite snapshots to exclude unwanted files
174.   self-update   Update the restic binary
175.   snapshots     List all snapshots
176.   stats         Scan the repository and show basic statistics
177.   tag           Modify tags on snapshots
178.   unlock        Remove locks other processes created
179.   version       Print version information
180.  
181. Flags:
182.       --cacert file                file to load root certificates from (default: use system certificates)
183.       --cache-dir directory        set the cache directory. (default: use system default cache directory)
184.       --cleanup-cache              auto remove old cache directories
185.       --compression mode           compression mode (only available for repository format version 2), one of (auto|off|max) (default auto)
186.   -h, --help                       help for restic
187.       --insecure-tls               skip TLS certificate verification when connecting to the repository (insecure)
188.       --json                       set output mode to JSON for commands that support it
189.       --key-hint key               key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
190.       --limit-download rate        limits downloads to a maximum rate in KiB/s. (default: unlimited)
191.       --limit-upload rate          limits uploads to a maximum rate in KiB/s. (default: unlimited)
192.       --no-cache                   do not use a local cache
193.       --no-lock                    do not lock the repository, this allows some operations on read-only repositories
194.   -o, --option key=value           set extended option (key=value, can be specified multiple times)
195.       --pack-size size             set target pack size in MiB, created pack files may be larger (default: $RESTIC_PACK_SIZE)
196.       --password-command command   shell command to obtain the repository password from (default: $RESTIC_PASSWORD_COMMAND)
197.   -p, --password-file file         file to read the repository password from (default: $RESTIC_PASSWORD_FILE)
198.   -q, --quiet                      do not output comprehensive progress report
199.   -r, --repo repository            repository to backup to or restore from (default: $RESTIC_REPOSITORY)
200.       --repository-file file       file to read the repository location from (default: $RESTIC_REPOSITORY_FILE)
201.       --tls-client-cert file       path to a file containing PEM encoded TLS client certificate and private key
202.   -v, --verbose n                  be verbose (specify multiple times or a level using --verbose=n, max level/times is 2)
203.  
204. Use "restic [command] --help" for more information about a command.
205.  
206.  
207.  
208. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
209. :: O U T A K E S
210.  
211. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
212. :: Mount not needed  restic also can deal with UNC paths
213.  
214. @set SMB_url="\\192.168.0.123\myShare"
215. @set SMB_vol=B:
216. @set RESTIC_REPOSITORY="%SMB_vol%\path"
217.  
218. @call :MountRepo
219. @if errorlevel 1 goto :eof
220.  
221. ::@call :InitRepo
222.  
223. @pause
224.  
225. @call :UnMountRepo
226. @if errorlevel 1 goto :eof
227.  
228. @goto :eof
229.  
230. :::::::::::::::::::::::::::::::::::::::::::::::::::::
231. :MountRepo
232.  
233.     net use %SMB_vol% %SMB_url%
234.    
235.     @if errorlevel 1 @echo RetVal=%errorlevel%
236.     @if errorlevel 2 @call :FatalError
237.    
238. @goto :eof 
239.  
240. :UnMountRepo
241.  
242.     net use %SMB_vol% /delete /y
243.    
244.     @if errorlevel 1 @echo RetVal=%errorlevel%
245.     @if errorlevel 2 @call :FatalError
246.    
247. @goto :eof 
248.  
249.  
250. ::____________________________________
251. ::restic_LaunchSetup.cmd
252.  
253. ::==========================================
254. ::  L A U N C H  S E T U P
255. ::==========================================
256. ::
257. :: Docu     https://ss64.com/nt/schtasks.html
258. @prompt -$G
259. @set taskName=restic_Backup
260.  
261. SCHTASKS    /TN %taskName%  /Create /F ^
262.             /TR "%~dp0restic_BackupScript.cmd"  ^
263.             /SC DAILY       /ST 19:00   /ET 07:00 /K ^
264.             /RL  HIGHEST /IT
265.            
266. SCHTASKS    /TN %taskName%  /change  /DISABLE
267.  
268. ::SCHTASKS  /TN %taskName%  /change  /ENABLE
269.  
270. :: SCHTASKS /TN %taskName%  /Run
271. :: SCHTASKS /TN %taskName%  /Query
272. :: SCHTASKS /TN %taskName%  /Delete
273.  
274.  
275.  
276.  
277. ::____________________________________
278. ::excludedfiles.txt
279.  
280.  
281. # restic exclude file
282. #
283. # b*ash matches \bin\bash but does not match \bin\ash
284. # b**ash will matches \bin\bash and \bin\ash
285. # $$ is $
286. # more examples: ?  [0-9a-fA-F] [^x] $tmp
287.  
288.  
289. # exclude tmp-files
290. *.tmp*
291.  
292. # exclude Registry tmp-files
293. *.LOG1
294. *.LOG2
295. *.regtrans-ms
296. *.blf
297.  
298. # exclude Memory Page File, hibernate and swapfile
299. pagefile.sys
300. swapfile.sys
301. hiberfil.sys
302. $$WinREAgent
303.  
304. # No restore points, performance logs and Recycle Bin
305. System Volume Information
306. PerfLogs
307. $$Recycle.Bin
308. Recycled
309. Recycler
310.  
311. #No crash reports
312. Windows/WER/ReportArchive
313. Microsoft/Diagnosis
314. Windows/DeviceMetadataCache
315.  
316.  
317. # To avoid  Access is denied error
318. Windows Defender Advanced Threat Protection\**
319. Microsoft\Crypto\RSA\MachineKeys
320. Microsoft\Windows\SystemData
321. #YourPhone SkypeApp XboxGaming
322. SystemAppData\Helium\Cache
323. Microsoft.SkypeApp_*\*\SystemAppData\Helium
324. Resources\Themes\aero\VSCache
325. #Client-Side Caching or Offline files
326. Windows\CSC\v2.0.6
327. #PIN and fingerprint related information (if missing windows allows you to set up a new PIN) However you still know ya local login password, do ya?
328. ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc
329. Microsoft\WindowsApps
330. System32\LogFiles\WMI\RtBackup
331.  
332. #  No need to save Windows Defender Definitions (WD will download a fresh definition incase it is missing)
333. Windows Defender\Definition Updates
334. Windows Defender\DLPCache
335. Windows Defender\Scans
336.  
337. # no stupid Windows Defender file and network hooking drivers - these create more headaches for admins than providing 'protection'
338. #WdBoot.sys
339. #WdDevFlt.sys
340. #WdFilter.sys
341. #WdNisDrv.sys
342.  
343.  
344. # exclude tmp and caches
345. Mozilla\**\Crash Reports
346. Mozilla\**\crashes
347. Mozilla\**\datareporting
348. Mozilla\**\cache2
349. Mozilla\**\cache
350. Mozilla\**\minidumps
351. Mozilla\**\jumpListCache
352. Mozilla\**\OfflineCache
353. Mozilla\**\startupCache
354. Mozilla\**\thumbnails
355.  
356.  
357. Windows\**\Explorer
358. Internet Explorer\**\CacheStorage
359.  
360. Edge\**\Crashpad
361. Edge\**\*Cache
362.  
363. Windows\**\Caches
364. Windows\SoftwareDistribution
365. Windows\Temp
366. Windows\Logs
367. Windows\DeliveryOptimization
368. Microsoft\CryptnetUrlCache
369. Windows\Prefetch
370. Windows\WinSxS\Temp
371. Windows\servicing\LCU
372. Windows\INF\*.PNF
373. Windows\Installer\$$PatchCache$$
374. Windows\Performance\WinSAT
375. Windows\WebCache
376. Windows\INetCache
377. Windows\History
378. Windows\CloudAPCache
379.  
380.  
381. #C:\Windows\system32\MSDtc
382. MSDTC.LOG
383. dtctrace.log
384.  
385.  
386. AppData\**\Temp
387. AppData\Local\D3DSCache
388. AppData\Local\ElevatedDiagnostics
389.  
390. # will be excluded via CACHEDIR.TAG when running restic backup with --exclude-caches
391. #AppData\**\restic