Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ::
- :: restic_BackupScript.cmd 12.04.2023
- ::
- :: Site https://github.com/restic/restic
- :: Docu https://restic.readthedocs.io/en/latest/020_installation.html
- ::
- ::==========================================
- :: C O N F I G
- ::==========================================
- ::@set restic="%ProgramW6432%\restic\restic.exe"
- :: scoop install restic
- ::@set restic="%userprofile%\scoop\apps\restic\current\restic.exe"
- @set Backup_SourceDir=C:\
- @set Restic_TargetDir=Backup
- ::Location of repository (replaces -r or --repo )
- @set RESTIC_REPOSITORY=Z:\%Restic_TargetDir%
- ::@set RESTIC_REPOSITORY=C:\restic\%Restic_TargetDir%
- ::The actual password for the repository
- @set RESTIC_PASSWORD=MyPassword
- ::: Cleanup Options
- :: last 3
- :: daily 7
- :: weekly 7
- :: monthly 3
- @set keep=monthly 3
- ::==========================================
- :: M A I N
- ::==========================================
- @prompt -$G
- @call :SetWorkingDir
- ::@call :DelRepo
- ::@call :InitRepo
- @call :DoBackup
- @call :ListSnapshots
- ::@call :DoRestore
- @call :DoCleanup
- @goto :eof
- :DoBackup
- restic backup %Backup_SourceDir% ^
- --use-fs-snapshot ^
- --exclude-caches ^
- --iexclude-file excludedfiles.txt ^
- --verbose=2
- :: --dry-run
- :: --exclude-if-present CACHEDIR.TAG
- :: --iexclude Firefox/**/cache2
- :: about exclude-caches
- :: ... a cache directory must have a file named:
- ::
- :: CACHEDIR.TAG
- ::
- :: consisting of the following ASCII header string:
- ::
- :: Signature: 8a477f597d28d172789f06886806bc55
- :: Case is important EOL is LF or CR/LF
- :: The hex value in the signature happens to be the MD5 hash of the string ".IsCacheDirectory".
- ::
- :: from https://bford.info/cachedir/
- ::By default VSS ignores Outlook OST files.
- :: The files not to snapshot are configured in the Windows registry under the following key:
- :: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot
- @echo RetVal=%errorlevel%
- :: 0 when the backup was successful (snapshot with all source files created)
- :: 1 when there was a fatal error (no snapshot created)
- :: 3 when some source files could not be read (incomplete snapshot with remaining files created)
- @goto :eof
- :DoRestore
- restic dump -a zip latest / > restored.zip
- @goto :eof
- :Unzip
- tar -xf restored.zip
- @goto :eof
- :DoCleanup
- restic forget --keep-%keep% --prune
- ::vssadmin Delete Shadows /all /Quiet
- @goto :eof
- :ListSnapshots
- restic snapshots
- @goto :eof
- :InitRepo
- restic init
- @goto :eof
- :DelRepo
- rmdir /S /Q %RESTIC_REPOSITORY%
- @if errorlevel 1 (
- @echo RetVal=%errorlevel%. Maybe you need to run this script elevated.
- @goto :FatalError
- )
- @goto :eof
- :SetWorkingDir
- :: Essential so this restic script finds external files like "excludedfiles.txt"
- cd "%~dp0"
- @goto :eof
- :FixPermission
- @echo WARNING FixPermission not implemented completely!
- takeown /f C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
- icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /grant administrators:f
- @goto :eof
- :FatalError
- @echo.
- @echo An fatal error occured. Exiting script...
- @pause
- :: @exit /b 1
- @goto :eof
- restic is a backup program which allows saving multiple revisions of files and
- directories in an encrypted repository stored on different backends.
- Usage:
- restic [command]
- Available Commands:
- backup Create a new backup of files and/or directories
- cache Operate on local cache directories
- cat Print internal objects to stdout
- check Check the repository for errors
- copy Copy snapshots from one repository to another
- diff Show differences between two snapshots
- dump Print a backed-up file to stdout
- find Find a file, a directory or restic IDs
- forget Remove snapshots from the repository
- generate Generate manual pages and auto-completion files (bash, fish, zsh, powershell)
- help Help about any command
- init Initialize a new repository
- key Manage keys (passwords)
- list List objects in the repository
- ls List files in a snapshot
- migrate Apply migrations
- prune Remove unneeded data from the repository
- rebuild-index Build a new index
- recover Recover data from the repository not referenced by snapshots
- restore Extract the data from a snapshot
- rewrite Rewrite snapshots to exclude unwanted files
- self-update Update the restic binary
- snapshots List all snapshots
- stats Scan the repository and show basic statistics
- tag Modify tags on snapshots
- unlock Remove locks other processes created
- version Print version information
- Flags:
- --cacert file file to load root certificates from (default: use system certificates)
- --cache-dir directory set the cache directory. (default: use system default cache directory)
- --cleanup-cache auto remove old cache directories
- --compression mode compression mode (only available for repository format version 2), one of (auto|off|max) (default auto)
- -h, --help help for restic
- --insecure-tls skip TLS certificate verification when connecting to the repository (insecure)
- --json set output mode to JSON for commands that support it
- --key-hint key key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
- --limit-download rate limits downloads to a maximum rate in KiB/s. (default: unlimited)
- --limit-upload rate limits uploads to a maximum rate in KiB/s. (default: unlimited)
- --no-cache do not use a local cache
- --no-lock do not lock the repository, this allows some operations on read-only repositories
- -o, --option key=value set extended option (key=value, can be specified multiple times)
- --pack-size size set target pack size in MiB, created pack files may be larger (default: $RESTIC_PACK_SIZE)
- --password-command command shell command to obtain the repository password from (default: $RESTIC_PASSWORD_COMMAND)
- -p, --password-file file file to read the repository password from (default: $RESTIC_PASSWORD_FILE)
- -q, --quiet do not output comprehensive progress report
- -r, --repo repository repository to backup to or restore from (default: $RESTIC_REPOSITORY)
- --repository-file file file to read the repository location from (default: $RESTIC_REPOSITORY_FILE)
- --tls-client-cert file path to a file containing PEM encoded TLS client certificate and private key
- -v, --verbose n be verbose (specify multiple times or a level using --verbose=n, max level/times is 2)
- Use "restic [command] --help" for more information about a command.
- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- :: O U T A K E S
- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- :: Mount not needed restic also can deal with UNC paths
- @set SMB_url="\\192.168.0.123\myShare"
- @set SMB_vol=B:
- @set RESTIC_REPOSITORY="%SMB_vol%\path"
- @call :MountRepo
- @if errorlevel 1 goto :eof
- ::@call :InitRepo
- @pause
- @call :UnMountRepo
- @if errorlevel 1 goto :eof
- @goto :eof
- :::::::::::::::::::::::::::::::::::::::::::::::::::::
- :MountRepo
- net use %SMB_vol% %SMB_url%
- @if errorlevel 1 @echo RetVal=%errorlevel%
- @if errorlevel 2 @call :FatalError
- @goto :eof
- :UnMountRepo
- net use %SMB_vol% /delete /y
- @if errorlevel 1 @echo RetVal=%errorlevel%
- @if errorlevel 2 @call :FatalError
- @goto :eof
- ::____________________________________
- ::restic_LaunchSetup.cmd
- ::==========================================
- :: L A U N C H S E T U P
- ::==========================================
- ::
- :: Docu https://ss64.com/nt/schtasks.html
- @prompt -$G
- @set taskName=restic_Backup
- SCHTASKS /TN %taskName% /Create /F ^
- /TR "%~dp0restic_BackupScript.cmd" ^
- /SC DAILY /ST 19:00 /ET 07:00 /K ^
- /RL HIGHEST /IT
- SCHTASKS /TN %taskName% /change /DISABLE
- ::SCHTASKS /TN %taskName% /change /ENABLE
- :: SCHTASKS /TN %taskName% /Run
- :: SCHTASKS /TN %taskName% /Query
- :: SCHTASKS /TN %taskName% /Delete
- ::____________________________________
- ::excludedfiles.txt
- # restic exclude file
- #
- # b*ash matches \bin\bash but does not match \bin\ash
- # b**ash will matches \bin\bash and \bin\ash
- # $$ is $
- # more examples: ? [0-9a-fA-F] [^x] $tmp
- # exclude tmp-files
- *.tmp*
- # exclude Registry tmp-files
- *.LOG1
- *.LOG2
- *.regtrans-ms
- *.blf
- # exclude Memory Page File, hibernate and swapfile
- pagefile.sys
- swapfile.sys
- hiberfil.sys
- $$WinREAgent
- # No restore points, performance logs and Recycle Bin
- System Volume Information
- PerfLogs
- $$Recycle.Bin
- Recycled
- Recycler
- #No crash reports
- Windows/WER/ReportArchive
- Microsoft/Diagnosis
- Windows/DeviceMetadataCache
- # To avoid Access is denied error
- Windows Defender Advanced Threat Protection\**
- Microsoft\Crypto\RSA\MachineKeys
- Microsoft\Windows\SystemData
- #YourPhone SkypeApp XboxGaming
- SystemAppData\Helium\Cache
- Microsoft.SkypeApp_*\*\SystemAppData\Helium
- Resources\Themes\aero\VSCache
- #Client-Side Caching or Offline files
- Windows\CSC\v2.0.6
- #PIN and fingerprint related information (if missing windows allows you to set up a new PIN) However you still know ya local login password, do ya?
- ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc
- Microsoft\WindowsApps
- System32\LogFiles\WMI\RtBackup
- # No need to save Windows Defender Definitions (WD will download a fresh definition incase it is missing)
- Windows Defender\Definition Updates
- Windows Defender\DLPCache
- Windows Defender\Scans
- # no stupid Windows Defender file and network hooking drivers - these create more headaches for admins than providing 'protection'
- #WdBoot.sys
- #WdDevFlt.sys
- #WdFilter.sys
- #WdNisDrv.sys
- # exclude tmp and caches
- Mozilla\**\Crash Reports
- Mozilla\**\crashes
- Mozilla\**\datareporting
- Mozilla\**\cache2
- Mozilla\**\cache
- Mozilla\**\minidumps
- Mozilla\**\jumpListCache
- Mozilla\**\OfflineCache
- Mozilla\**\startupCache
- Mozilla\**\thumbnails
- Windows\**\Explorer
- Internet Explorer\**\CacheStorage
- Edge\**\Crashpad
- Edge\**\*Cache
- Windows\**\Caches
- Windows\SoftwareDistribution
- Windows\Temp
- Windows\Logs
- Windows\DeliveryOptimization
- Microsoft\CryptnetUrlCache
- Windows\Prefetch
- Windows\WinSxS\Temp
- Windows\servicing\LCU
- Windows\INF\*.PNF
- Windows\Installer\$$PatchCache$$
- Windows\Performance\WinSAT
- Windows\WebCache
- Windows\INetCache
- Windows\History
- Windows\CloudAPCache
- #C:\Windows\system32\MSDtc
- MSDTC.LOG
- dtctrace.log
- AppData\**\Temp
- AppData\Local\D3DSCache
- AppData\Local\ElevatedDiagnostics
- # will be excluded via CACHEDIR.TAG when running restic backup with --exclude-caches
- #AppData\**\restic
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement