cjones/restic-windows-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cjones:1.7
Branches Tags
cjones:main cjones:dev cjones:prod cjones:release_1.8 cjones:release_1.7.1
cjones:1.8 cjones:1.7.1 cjones:1.7 cjones:1.6 cjones:1.5 cjones:1.4.1 cjones:1.4 cjones:1.3 cjones:1.2.1 cjones:1.1 cjones:1.0
..
compare: cjones:dev
Branches Tags
cjones:dev cjones:main cjones:prod cjones:release_1.8 cjones:release_1.7.1
cjones:1.8 cjones:1.7.1 cjones:1.7 cjones:1.6 cjones:1.5 cjones:1.4.1 cjones:1.4 cjones:1.3 cjones:1.2.1 cjones:1.1 cjones:1.0

38 Commits
1.7 ... dev

Author SHA1 Message Date
cjones
86aa349995 undoing dummy commit 2025-05-23 11:07:13 -04:00
cjones
de5cda2116 dummy commit 2025-05-23 11:05:44 -04:00
Kevin Woley
e9241c0744 Update CHANGELOG.md with 1.8 release notes 2025-02-20 21:59:09 -08:00
Kevin Woley
649d8dc119 Merge pull request #116 from kmwoley/release_1.8 
Release 1.8
 2025-02-20 21:42:14 -08:00
Kevin Woley
7ba3db056a comment cleanup in update.ps1 2025-02-20 21:41:03 -08:00
Kevin Woley
6244dbc910 remove testing string 2025-02-20 15:34:50 -08:00
Kevin Woley
033bdb3afd update to error strings in try/catch blocks 2025-02-20 15:32:55 -08:00
Kevin Woley
d7bc684e33 minor update to error strings 2025-02-20 15:30:26 -08:00
Kevin Woley
ce170f0685 bugfix: error checking was broken by release 1.7.1 (c8776b42c0) 2025-02-20 15:27:39 -08:00
Kevin Woley
efd7c78f59 default the installation location to the current working directory if not running as a script 2025-02-19 21:21:25 -08:00
Kevin Woley
463d1c9d42 update README with update.ps1 instructions 2025-02-19 21:14:33 -08:00
Kevin Woley
1af63b87e2 add additional usage instructions to update.ps1 2025-02-16 17:38:18 -08:00
Kevin Woley
71b7bd1407 adding 'update.ps1' which can be used to update the installed scripts from a branch or the latest release 2025-02-16 00:40:20 -08:00
Kevin Woley
916c11d20f create a sample configuration file and remove the config.ps1 from the repo 2025-02-08 21:18:36 -08:00
Kevin Woley
51a35ef109 small typo fix in config example 2025-02-08 01:10:23 -08:00
Kevin Woley
a0de49b804 revert unintended config changes 2025-02-08 00:58:54 -08:00
Kevin Woley
f68ff68ae2 add examples to for CustomAction configuration 2025-02-08 00:57:07 -08:00
Kevin Woley
eaf97cd2d7 add custom actions configuration to enable invoking scripts other commands on script start and end. Defined by $CustomAction* config variables. 2025-02-08 00:29:06 -08:00
Kevin Woley
7c0111308a updated install script task schedule setup to set LogonType, resolves #40 2025-02-07 23:28:57 -08:00
Kevin Woley
ec212218c8 explicitly test the backup source media for VSS support instead of assuming it is or is not supported 2025-02-07 22:55:32 -08:00
Kevin Woley
bc2969514c Update CHANGELOG.md with 1.7.1 release notes 2025-02-03 21:07:09 -08:00
Kevin Woley
6f3c31b6cb Merge pull request #114 from kmwoley/release_1.7.1 
Release 1.7.1
 2025-02-03 20:52:09 -08:00
Kevin Woley
edef828984 Merge pull request #112 from innovara/fix_typos_release_1.7.1 
Fix some typos on comments
 2025-02-03 10:18:19 -08:00
Manuel Fombuena
19d8e65d92 fix some typos 
Signed-off-by: Manuel Fombuena <fombuena@outlook.com>
 2025-02-03 11:00:54 +00:00
Kevin Woley
d180f3f30c Metered connection check is now works for PowerShell 7, improved internet connection check logging 2025-02-01 22:48:06 -08:00
Kevin Woley
b642afa509 fix logic for checking metered network configuration settings 2025-01-27 15:28:23 -08:00
Kevin Woley
add848471f make $BackupOnMeteredNetwork default to true in config 2025-01-27 15:16:27 -08:00
Kevin Woley
8fed01a1f6 Merge pull request #108 from innovara/metered-check 
Add feature to control backups on metered connections
 2025-01-27 15:12:00 -08:00
Kevin Woley
21e68f4b42 Merge branch 'release_1.7.1' into metered-check 2025-01-27 15:09:09 -08:00
Kevin Woley
c75bc74724 added more verose and explicit logging to the console via Write-Host 2025-01-27 11:14:41 -08:00
Kevin Woley
80fab4092c remove $Global: scoped variables in favor of $Script: scope, and explicitly scope each usage 2025-01-27 10:26:45 -08:00
Kevin Woley
c433c44b70 updated install script to use the global parameters, removed separate $SelfUpdateParameters 2025-01-27 10:15:13 -08:00
Kevin Woley
c8776b42c0 replaced "&" execution with Invoke-Expression, enabled refactoring to set $GlobalParameters in one place 
Removed $ResticExe, $StateFile, and $LogPath from config.ps1
 2025-01-26 12:53:12 -08:00
Kevin Woley
33163ecb60 reorganize the layout/order of the config.ps1 file 2025-01-26 10:41:09 -08:00
Kevin Woley
7673c83e3f Merge pull request #96 from woelfisch/main 
Add optional configuration options for additional parameters to resti…
 2025-01-26 00:03:30 -08:00
Kevin Woley
c930b9499e Merge branch 'main' into main 2025-01-26 00:00:29 -08:00
Manuel Fombuena
09b9066049 Add feature to control backups on metered connections 
restic-windows-backup runs backups irrespective of the host being on a metered connection or unrestricted. That can lead to situations in which the backup takes place when the user is on a metered connection and would rather not do it at that time, either because they would incur costs or use up their data allowance.

The default value of $BackupOnMeteredNetwork is set to $false following a conservative approach.

Closes https://github.com/kmwoley/restic-windows-backup/issues/82

Signed-off-by: Manuel Fombuena <fombuena@outlook.com>
 2024-11-11 22:10:00 +00:00
Joerg Reuter
0e8262ab05 Add optional configuration options for additional parameters to restic calls, $AdditionalParameters and $SelfUpdateParameters and make self update of restic binary configurable via $AllowResticSelfUpdate config option 2024-03-17 16:26:51 +01:00
9 changed files with 732 additions and 169 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,6 +2,7 @@ local.exclude
logs
restic.exe
secrets.ps1
config.ps1
state.xml
testing
restic.exe.bak

28
CHANGELOG.md
View File

@@ -1,5 +1,33 @@
# Changelog
## [1.8](https://github.com/kmwoley/restic-windows-backup/tree/1.8) (2025-02-20)
[Full Changelog](https://github.com/kmwoley/restic-windows-backup/compare/1.7.1...1.8)
## Summary
* New features
* Added `update.ps1` which makes updating `restic-windows-backup` installations easier.
* Added the ability to run custom actions at the start and end of the script execution. Can be used to invoke healthchecks or run custom scripts. Look at `config_sample.ps1` for examples.
* Bug fixes
* Explicitly test the backup source media for VSS support instead of assuming it is or is not supported
* Install script sets Task Scheduler user LogonType correctly, fixing #40
* Error checking of restic.exe results fixed (was broken by release 1.7.1)
## [1.7.1](https://github.com/kmwoley/restic-windows-backup/tree/1.7.1) (2025-02-03)
[Full Changelog](https://github.com/kmwoley/restic-windows-backup/compare/1.7...1.7.1)
## Summary
* (Optionally) prevent backup & maintenance while on a metered network connection. By default, backups will occur while on a metered network connection. To disable backups over metered network connections, set `$BackupOnMeteredNetwork = $false` in `config.ps1`
* Added `$GlobalParameters = @()` configuration variable, which will apply additional configuration parameters every time `restic.exe` is run. This is useful to add options for different types of backend targets.
* Added `$SelfUpdateEnabled = $true` configuration variable, which can be used to disable `restic.exe` from automatically updating to the latest version when maintenance is run. To disable self update, set `$SelfUpdateEnabled = $false` in `config.ps1`
 
## What's Changed
* Add optional configuration options for additional parameters to resti… by @woelfisch in https://github.com/kmwoley/restic-windows-backup/pull/96
* Add feature to control backups on metered connections by @innovara in https://github.com/kmwoley/restic-windows-backup/pull/108
## New Contributors
* @woelfisch made their first contribution in https://github.com/kmwoley/restic-windows-backup/pull/96
## [1.7](https://github.com/kmwoley/restic-windows-backup/tree/1.7) (2025-01-25)
[Full Changelog](https://github.com/kmwoley/restic-windows-backup/compare/1.6...1.7)

67
README.md
View File

@@ -6,6 +6,7 @@ Simplifies the process of installation and running daily backups.
* **VSS (Volume Snapshot Service) support** - backup everything, don't worry about what files are open/in-use
* **Removable, External Drives** - drives can be identified by their volume labels or serial numbers, making it easy to backup drives that occasionally aren't there or change drive letter.
* **Easy Installation** - `install.ps1` script downloads Restic, initializes the restic repository, and setups up a Windows Task Scheduler task to run the backup daily
* **Easy to update** - `update.ps1` script can be used to keep your scripts up to date with the latest release on GitHub
* **Backup, Maintenance and Monitoring are Automated** - `backup.ps1` script handles
* Emailing the results of each execution, including log files when there are problems
* Runs routine maintenence (pruning and checking the repo for errors on a regular basis)
@@ -13,26 +14,43 @@ Simplifies the process of installation and running daily backups.
# Installation Instructions
1. Create your restic repository
1. This is up to you to sort out where you want the data to go to. *Minio, B2, S3, oh my.*
1. Install Scripts
1. **Create your restic repository**
1. This is up to you to sort out where you want the data to go to. *Minio, B2, S3, etc.*. Refer to the restic documents about how to create your repository.
1. **Install the scripts**
1. Create script directory: `C:\restic`
1. Download scripts from https://github.com/kmwoley/restic-windows-backup, and unzip them into `C:\restic`
1. Download scripts using the `update.ps1` script.
1. Open PowerShell
1. Change your working directory to the installation directory
```
cd c:\restic
```
1. Run the `update.ps1` script:
```
Invoke-Expression (Invoke-WebRequest -Uri "https://raw.githubusercontent.com/kmwoley/restic-windows-backup/main/update.ps1" -UseBasicParsing).Content
```
*Alternatively, you can download the scripts from this repository and and unzip them into `C:\restic`*
1. Launch PowerShell as Administrator
1. Change your working directory to `C:\restic`
1. If you haven't done so in the past, set your Powershell script [execution policy](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1) to allow for scripts to run. For example, `Set-ExecutionPolicy -ExecutionPolicy RemoteSigned` is a good default.
1. If you haven't done so in the past, set your Powershell script [execution policy](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1) to allow for scripts to run. For example, this is a good default:
```
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
```
1. Depending on the policy you choose, may need to 'unblock' the execution of the scripts you download by running `Unblock-File *.ps1`
1. Create `secrets.ps1` file
1. The secrets file contains location and passwords for your restic repository.
1. `secrets_template.ps1` is a template for the `secrets.ps1` file - copy or rename this file to `secrets.ps1` and edit.
1. restic will pick up the repo destination from the environment variables you set in this file - see this doc for more information about configuring restic repos https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html
1. Email sending configuration is also contained with this file. The scripts assume you want to get emails about the success/failure of each backup attempt.
1. Create `secrets.ps1` file. The secrets file contains location and passwords for your restic repository.
1. `secrets_sample.ps1` is an example of the `secrets.ps1` file. Copy or rename this file to `secrets.ps1` and edit.
1. Restic will pick up the repo destination from the environment variables you set in this file - see this doc for more information about configuring restic repos https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html
1. Email sending configuration is also contained with this file. The scripts are able to send email about the success/failure of each backup attempt.
1. Create `config.ps1` file. The config file contains the settings that control how the script runs backups, forgets snapshots, and prunes the restic repository. It's important that you configure this file to meet your needs since it will be backing up and maintaining your repository.
1. `config_sample.ps1` contins an example configuration file. Copy or rename this file to `config.ps1` and edit to suit your needs.
1. Add your `$BackupSources` to `config.ps1`
1. By default, all of `C:\` will be backed up. You can add multiple root drives to be backed up. And you can define only specific folders you would like backed up.
1. External, removable disk drives (i.e. USB hard drives) can be identified by their Volume Label, Serial Number, or Device Name. For example, if you have an external device with the Volume Label "MY BOOK", you can define a backup source as `$BackupSources["MY BOOK"]=@()`. It is recommended to use the device serial number to identify external drives to backup, which you can find using the Powershell `get-disk` command. You may also want to set `$IgnoreMissingBackupSources=$true` to avoid seeing errors when the removable drive is not present.
1. Review all of the default settings in `config.ps1`.
1. Most of the defaults are safe, but you should be sure restic is configured to meet your specifics needs.
1. **Warning** - if you're using a shared restic repository across multiple machines, pay close attention to the `$SnapshotRetentionPolicy` settings to be sure this script does not intentionally destroy backup data in your repository.
1. Run `install.ps1` file
1. From the elevated (Run as Administrator) Powershell window, run `.\install.ps1`
1. This will initialize the repo, create your logfile directory, create a scheduled task in Windows Task Scheduler to run the task daily, and install Send-MailKitMessage module.
1. Add your `$BackupSources` to `config.ps1`
1. By default, all of `C:\` will be backed up. You can add multiple root drives to be backed up. And you can define only specific folders you would like backed up.
1. External, removable disk drives (i.e. USB hard drives) can be identified by their Volume Label, Serial Number, or Device Name. For example, if you have an external device with the Volume Label "MY BOOK", you can define a backup source as `$BackupSources["MY BOOK"]=@()`. I would recommend using the device serial number to identify external drives to backup, which you can find using the Powershell `get-disk` command. You may also want to set `$IgnoreMissingBackupSources=$true` to avoid seeing errors when the removable drive is not present.
1. Add files/paths not to backup to `local.exclude`
1. If you don't want to modify the included exclude file, you can add any files/paths you want to exclude from the backup to `local.exclude`
1. Add `C:\restic\restic.exe` to the Windows Defender / Virus & Threat Detection Exclude list
@@ -48,6 +66,29 @@ Simplifies the process of installation and running daily backups.
1. `& $ResticExe find -i "*filename*"`
1. `& $ResticExe restore ...`
## Updating restic-windows-backup
Use `update.ps1` to update the installed `restic-windows-backup` scripts to the latest release.
1. Open PowerShell (no need to be Administrator)
1. Change directory to your installation directory (e.g. `c:\restic`)
1. Run `update.ps1`
### `update.ps1` Details
Running `update.ps1` without any parameters will check for a new release from `kmwoley/restic-windows-backup`. If there is a newer release, the script will overwrite the local files in the script directory with the updated scripts.
* The script will not overwrite your local configuration files (i.e. `config.ps1` or `secrets.ps1`).
* Any custom files created in the installation directory will not be deleted or modified (e.g. any custom action scripts, log files, etc.)
* The script will warn before overwriting any files that have been changed since the last installation.
* When `update.ps1` is run the first time, it will prompt before overwriting (since it may not know the current version of the fiels installed).
### `update.ps1` Options
* `-Mode <release | branch> (Default: release)` - change if the script updates from the latest release or a branch of `kmwoley/restic-windows-backup`
* `-Branch <branch> (Default: 'main')` - When in branch mode, this parameter controls which branch to install from. Defaults to the `main` branch.
* `-InstallPath <directory>` - choose which directory to install the files into. Defaults to the directory that `update.ps1` is in.
## Backup over SFTP
You can use any restic repository type you like pretty easily. SFTP on Windows, however, can be particularly tricky given that these scripts execute as the SYSTEM user and need to have access to the .ssh keys. Here are some steps and tips to getting it working.

292
backup.ps1 Normal file → Executable file
View File

@@ -2,16 +2,19 @@
# Restic Windows Backup Script
#
# =========== start configuration =========== #
# =========== start configuration =========== #
# set restic configuration parmeters (destination, passwords, etc.)
# load restic configuration parameters (destination, passwords, etc.)
$SecretsScript = Join-Path $PSScriptRoot "secrets.ps1"
# backup configuration variables
# load backup configuration variables
$ConfigScript = Join-Path $PSScriptRoot "config.ps1"
# =========== end configuration =========== #
# make LASTEXITCODE global to enable error checking for Invoke-Expression commands
$global:LASTEXITCODE=0
# globals for state storage
$Script:ResticStateRepositoryInitialized = $null
$Script:ResticStateLastMaintenance = $null
@@ -19,8 +22,8 @@ $Script:ResticStateLastDeepMaintenance = $null
$Script:ResticStateMaintenanceCounter = $null
$Script:ResticStateLastBackupSuccessful = $true
$Script:ResticStateLastMaintenanceSuccessful = $true
# Returns all drive letters which exactly match the serial number, drive label, or drive name of
# Returns all drive letters which exactly match the serial number, drive label, or drive name of
# the input parameter. Returns all drives if no input parameter is provided.
# inspiration: https://stackoverflow.com/questions/31088930/combine-get-disk-info-and-logicaldisk-info-in-powershell
function Get-Drives {
@@ -35,16 +38,16 @@ function Get-Drives {
$drives = Get-CimAssociatedInstance -ResultClassName Win32_LogicalDisk -InputObject $partition
foreach($drive in $drives) {
$volume = Get-Volume |
Where-Object { $_.DriveLetter -eq $drive.DeviceID.Trim(":") } |
Select-Object -First 1
if(($diskMetadata.SerialNumber.trim() -eq $ID) -or
if(($diskMetadata.SerialNumber.trim() -eq $ID) -or
($disk.Caption -eq $ID) -or
($volume.FileSystemLabel -eq $ID) -or
($null -eq $ID)) {
[PSCustomObject] @{
DriveLetter = $drive.DeviceID
Number = $disk.Index
@@ -65,26 +68,46 @@ function Get-Drives {
}
}
# test the path's storage media for VSS support
# returns $true if VSS is supported at the provided path
function Test-VSSSupport {
Param($test_path)
$drive_letter = Split-Path $test_path -Qualifier
$volume = Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE DriveLetter = '$drive_letter'"
$deviceID = ($volume.DeviceID -replace '.*(\{.*\}).*', '$1')
### https://learn.microsoft.com/en-us/previous-versions/windows/desktop/vsswmi/win32-shadowvolumesupport
$supportedVolumes = Get-WmiObject -Query "SELECT * FROM Win32_ShadowVolumeSupport WHERE __PATH LIKE '%$deviceID%'"
return ($null -ne $supportedVolumes)
}
# restore backup state from disk
function Get-BackupState {
if(Test-Path $StateFile) {
Import-Clixml $StateFile | ForEach-Object{ Set-Variable -Scope Script $_.Name $_.Value }
if(Test-Path $Script:StateFile) {
Import-Clixml $Script:StateFile | ForEach-Object{ Set-Variable -Scope Script $_.Name $_.Value }
}
}
function Set-BackupState {
Get-Variable ResticState* | Export-Clixml $StateFile
Get-Variable ResticState* | Export-Clixml $Script:StateFile
}
# unlock the repository if need be
function Invoke-Unlock {
Param($SuccessLog, $ErrorLog)
$locks = & $ResticExe list locks --no-lock -q 3>&1 2>> $ErrorLog
$locks = Invoke-Expression "$Script:ResticExe list locks --no-lock -q 3>&1 2>> $ErrorLog"
if($LASTEXITCODE) {
"[[Unlock]] Warning: unable to list locks." | Tee-Object -Append $ErrorLog
}
if($locks.Length -gt 0) {
# unlock the repository (assumes this machine is the only one that will ever use it)
& $ResticExe unlock 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog
Invoke-Expression "$Script:ResticExe unlock 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog"
if($LASTEXITCODE) {
"[[Unlock]] Error - unable to unlock repository." | Tee-Object -Append $ErrorLog
}
"[[Unlock]] Repository was locked. Unlocking." | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
Start-Sleep 120
Start-Sleep 120
}
}
@@ -112,7 +135,7 @@ function Test-Maintenance {
}
}
else {
"[[Maintenance]] Running - no past maintenance history known." | Out-File -Append $SuccessLog
"[[Maintenance]] Running - no past maintenance history known." | Out-File -Append $SuccessLog
return $true
}
}
@@ -120,15 +143,15 @@ function Test-Maintenance {
# run maintenance on the backup set
function Invoke-Maintenance {
Param($SuccessLog, $ErrorLog)
"[[Maintenance]] Start $(Get-Date)" | Out-File -Append $SuccessLog
"[[Maintenance]] Start $(Get-Date)" | Tee-Object -Append $SuccessLog | Write-Host
$maintenance_success = $true
Start-Sleep 120
# forget snapshots based upon the retention policy
"[[Maintenance]] Start forgetting..." | Out-File -Append $SuccessLog
& $ResticExe forget $SnapshotRetentionPolicy 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog
if(-not $?) {
Invoke-Expression "$Script:ResticExe forget $SnapshotRetentionPolicy 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog"
if($LASTEXITCODE) {
"[[Maintenance]] Forget operation completed with errors" | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
$maintenance_success = $false
}
@@ -136,8 +159,8 @@ function Invoke-Maintenance {
# prune (remove) data from the backup step. Running this separate from `forget` because
# `forget` only prunes when it detects removed snapshots upon invocation, not previously removed
"[[Maintenance]] Start pruning..." | Out-File -Append $SuccessLog
& $ResticExe prune $SnapshotPrunePolicy 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog
if(-not $?) {
Invoke-Expression "$Script:ResticExe prune $SnapshotPrunePolicy 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog"
if($LASTEXITCODE) {
"[[Maintenance]] Prune operation completed with errors" | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
$maintenance_success = $false
}
@@ -163,22 +186,26 @@ function Invoke-Maintenance {
$Script:ResticStateLastDeepMaintenance = Get-Date
}
& $ResticExe check @data_check 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog
if(-not $?) {
"[[Maintenance]] Check completed with errors" | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
Invoke-Expression "$Script:ResticExe check $data_check 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog"
if($LASTEXITCODE) {
"[[Maintenance]] Data check completed with errors" | Tee-Object -Append $ErrorLog | Tee-Object -Append $SuccessLog | Write-Host
$maintenance_success = $false
}
# check for updated restic version
"[[Maintenance]] Checking for new version of restic..." | Out-File -Append $SuccessLog
& $ResticExe self-update 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog
if(-not $?) {
"[[Maintenance]] Self-update of restic.exe completed with errors" | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
$maintenance_success = $false
# Invoke restic self-update to check for a newer version
# This is enabled by default unless configuration disables self-update
if ([String]::IsNullOrEmpty($SelfUpdateEnabled) -or ($SelfUpdateEnabled -eq $true)) {
# check for updated restic version
"[[Maintenance]] Checking for new version of restic..." | Out-File -Append $SuccessLog
Invoke-Expression "$Script:ResticExe self-update 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog"
if($LASTEXITCODE) {
"[[Maintenance]] Self-update of restic.exe completed with errors" | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
$maintenance_success = $false
}
}
"[[Maintenance]] End $(Get-Date)" | Out-File -Append $SuccessLog
"[[Maintenance]] End $(Get-Date)" | Tee-Object -Append $SuccessLog | Write-Host
if($maintenance_success -eq $true) {
$Script:ResticStateLastMaintenance = Get-Date
$Script:ResticStateMaintenanceCounter = 0
@@ -187,11 +214,11 @@ function Invoke-Maintenance {
return $maintenance_success
}
# Run restic backup
# Run restic backup
function Invoke-Backup {
Param($SuccessLog, $ErrorLog)
"[[Backup]] Start $(Get-Date)" | Out-File -Append $SuccessLog
"[[Backup]] Start $(Get-Date)" | Tee-Object -Append $SuccessLog | Write-Host
$return_value = $true
$starting_location = Get-Location
ForEach ($item in $BackupSources.GetEnumerator()) {
@@ -200,8 +227,6 @@ function Invoke-Backup {
$root_path = $item.Key
$tag = $item.Key
$vss_option = "--use-fs-snapshot"
# Test if root path is a valid path, if not assume it is an external drive identifier
if(-not (Test-Path $root_path)) {
# attempt to find a drive letter associated with the identifier provided
@@ -215,7 +240,7 @@ function Invoke-Backup {
$ignore_error = ($null -ne $IgnoreMissingBackupSources) -and $IgnoreMissingBackupSources
$warning_message = "[[Backup]] Warning - backup path $root_path not found."
if($ignore_error) {
$warning_message | Out-File -Append $SuccessLog
$warning_message | Out-File -Append $SuccessLog
}
else {
$warning_message | Tee-Object -Append $SuccessLog | Out-File -Append $ErrorLog
@@ -223,30 +248,33 @@ function Invoke-Backup {
}
continue
}
# there is exactly one drive
$root_path = Join-Path $drives[0].DriveLetter ""
# disable VSS / file system snapshot for external drives
# TODO: would be best to just test for VSS compatibility on the drive, rather than assume it won't work
$vss_option = $null
}
"[[Backup]] Start $(Get-Date) [$tag]" | Out-File -Append $SuccessLog
# determine if VSS is supported by the drive
$vss_option = $null
if(Test-VSSSupport $root_path) {
$vss_option = "--use-fs-snapshot"
}
"[[Backup]] Start $(Get-Date) [$tag]" | Out-File -Append $SuccessLog
# build the list of folders to backup
$folder_list = New-Object System.Collections.Generic.List[System.Object]
if ($item.Value.Count -eq 0) {
# backup everything in the root if no folders are provided
$folder_list.Add($root_path)
$folder_list.Add("`"$root_path`"")
}
else {
# Build the list of folders from settings
ForEach ($path in $item.Value) {
$p = '{0}' -f ((Join-Path $root_path $path) -replace "\\$")
if(Test-Path ($p -replace '"')) {
# add the folder if it exists
$folder_list.Add($p)
$folder_list.Add("`"$p`"")
}
else {
# if the folder doesn't exist, log a warning/error
@@ -263,7 +291,7 @@ function Invoke-Backup {
}
}
if(-not $folder_list) {
# there are no folders to backup
$ignore_error = ($null -ne $IgnoreMissingBackupSources) -and $IgnoreMissingBackupSources
@@ -278,18 +306,18 @@ function Invoke-Backup {
}
else {
# Launch Restic
& $ResticExe backup $folder_list $vss_option --tag $tag --exclude-file=$WindowsExcludeFile --exclude-file=$LocalExcludeFile $AdditionalBackupParameters 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog
if(-not $?) {
"[[Backup]] Completed with errors" | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
Invoke-Expression "$Script:ResticExe backup $folder_list $vss_option --tag $tag --exclude-file=$WindowsExcludeFile --exclude-file=$LocalExcludeFile $AdditionalBackupParameters 3>&1 2>> $ErrorLog | Out-File -Append $SuccessLog"
if($LASTEXITCODE) {
"[[Backup]] Completed with errors" | Tee-Object -Append $ErrorLog | Tee-Object -Append $SuccessLog | Write-Host
$return_value = $false
}
}
"[[Backup]] End $(Get-Date) [$tag]" | Out-File -Append $SuccessLog
}
Set-Location $starting_location
"[[Backup]] End $(Get-Date)" | Out-File -Append $SuccessLog
"[[Backup]] End $(Get-Date)" | Tee-Object -Append $SuccessLog | Write-Host
return $return_value
}
@@ -313,19 +341,19 @@ function Send-Email {
}
}
# Backwards compatability for $ResticEmailConfig port definition:
# Backwards compatibility for $ResticEmailConfig port definition:
# $ResticEmailConfig is obsolete and should be replaced with $ResticEmailPort
if ($null -ne $ResticEmailConfig -and $ResticEmailConfig.ContainsKey('Port')) {
if ($null -eq $ResticEmailPort) {
$ResticEmailPort = $ResticEmailConfig['Port']
'[[Email]] Warning - $ResticEmailConfig is deprecated. Define $ResticEmailPort in secrets.ps1 instead.' | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
'[[Email]] Warning - $ResticEmailConfig is deprecated. Define $ResticEmailPort in secrets.ps1 instead.' | Tee-Object -Append $ErrorLog | Tee-Object -Append $SuccessLog | Write-Host
}
}
# Backwards compatibility for $PSEmailServer rename to $ResticEmailServer
if (($null -ne $PSEmailServer) -and ($null -eq $ResticEmailServer)) {
$ResticEmailServer = $PSEmailServer
'[[Email]] Warning - $PSEmailServer is deprecated. Define $ResticEmailServer in secrets.ps1 instead.' | Tee-Object -Append $ErrorLog | Out-File -Append $SuccessLog
'[[Email]] Warning - $PSEmailServer is deprecated. Define $ResticEmailServer in secrets.ps1 instead.' | Tee-Object -Append $ErrorLog | Tee-Object -Append $SuccessLog | Write-Host
}
$status = "SUCCESS"
@@ -334,7 +362,7 @@ function Send-Email {
if (($null -ne $SuccessLog) -and (Test-Path $SuccessLog) -and (Get-Item $SuccessLog).Length -gt 0) {
$body = $(Get-Content -Raw $SuccessLog)
# if previous run contained an error, send the success email confirming that the error has been resolved
# if previous run contained an error, send the success email confirming that the error has been resolved
if($Action -eq "Backup") {
$past_failure = -not $Script:ResticStateLastBackupSuccessful
}
@@ -352,7 +380,7 @@ function Send-Email {
$attachments.Add("$ErrorLog")
$status = "ERROR"
}
if((($status -eq "SUCCESS") -and ($SendEmailOnSuccess -ne $false)) -or ((($status -eq "ERROR") -or $past_failure) -and ($SendEmailOnError -ne $false))) {
$subject = "$env:COMPUTERNAME Restic $Action Report [$status]"
@@ -362,11 +390,11 @@ function Send-Email {
$from = [MimeKit.MailboxAddress]$ResticEmailFrom;
$recipients = [MimeKit.InternetAddressList]::new();
$recipients.Add([MimeKit.InternetAddress]$ResticEmailTo);
Send-MailKitMessage -SMTPServer $ResticEmailServer -Port $ResticEmailPort -UseSecureConnectionIfAvailable @credentials -From $from -RecipientList $recipients -Subject $subject -TextBody $body -AttachmentList $attachments 3>&1 2>> $temp_error_log | Out-File -Append $SuccessLog
if(-not $?) {
"[[Email]] Sending email completed with errors" | Tee-Object -Append $temp_error_log | Out-File -Append $SuccessLog
"[[Email]] Sending email completed with errors" | Tee-Object -Append $temp_error_log | Tee-Object -Append $SuccessLog | Write-Host
}
# join error logs and remove the temporary
@@ -375,24 +403,46 @@ function Send-Email {
}
}
# check if on metered network,
# returns $true the current connection is a metered network
function Invoke-MeteredCheck {
$scriptBlock = {
# load NetworkInformation class from the Windows Runtime (WinRT) environment
[void][Windows.Networking.Connectivity.NetworkInformation, Windows, ContentType = WindowsRuntime]
$cost = [Windows.Networking.Connectivity.NetworkInformation]::GetInternetConnectionProfile().GetConnectionCost()
return ($cost.ApproachingDataLimit -or $cost.OverDataLimit -or $cost.Roaming -or $cost.BackgroundDataUsageRestricted -or ($cost.NetworkCostType -ne 'Unrestricted'))
}
# run this check in PowerShell 5.1
# this is a workaround for lack of WinRT support in PowerShell 7
$result = powershell.exe -Version 5.1 -Command "$scriptBlock"
return ($result -ieq "True")
}
# check network conditions, retrying a limited number of times until a connection is established
# returns $true if the repository is accessible and the configuration allows us to use it
function Invoke-ConnectivityCheck {
Param($SuccessLog, $ErrorLog)
$sleep_time = 30
if($InternetTestAttempts -le 0) {
"[[Internet]] Internet connectivity check disabled. Skipping." | Out-File -Append $SuccessLog
"[[Internet]] Internet connectivity check disabled. Skipping." | Out-File -Append $SuccessLog
return $true
}
# skip the internet connectivity check for local repos
if(Test-Path $env:RESTIC_REPOSITORY) {
"[[Internet]] Local repository. Skipping internet connectivity check." | Out-File -Append $SuccessLog
"[[Internet]] Local repository. Skipping internet connectivity check." | Out-File -Append $SuccessLog
return $true
}
$repository_host = ''
# use generic internet service for non-specific repo types (e.g. swift:, rclone:, etc. )
if(($env:RESTIC_REPOSITORY -match "^swift:") -or
if(($env:RESTIC_REPOSITORY -match "^swift:") -or
($env:RESTIC_REPOSITORY -match "^rclone:")) {
$repository_host = "cloudflare.com"
}
@@ -424,19 +474,30 @@ function Invoke-ConnectivityCheck {
# test for internet connectivity
$connections = 0
$sleep_count = $InternetTestAttempts
$restricted_by_metered_network = $false
while($true) {
$connections = Get-NetRoute | Where-Object DestinationPrefix -eq '0.0.0.0/0' | Get-NetIPInterface | Where-Object ConnectionState -eq 'Connected' | Measure-Object | ForEach-Object{$_.Count}
if($sleep_count -le 0) {
"[[Internet]] Connection to repository ($repository_host) could not be established." | Tee-Object -Append $SuccessLog | Out-File -Append $ErrorLog
if($restricted_by_metered_network) {
"[[Internet]] Connection to repository ($repository_host) is available but blocked by metered network." | Tee-Object -Append $SuccessLog | Out-File -Append $ErrorLog
}
else {
"[[Internet]] Connection to repository ($repository_host) could not be established." | Tee-Object -Append $SuccessLog | Out-File -Append $ErrorLog
}
return $false
}
if(($null -eq $connections) -or ($connections -eq 0)) {
"[[Internet]] Waiting for internet connectivity... $sleep_count" | Out-File -Append $SuccessLog
Start-Sleep 30
"[[Internet]] Waiting $sleep_time seconds for internet connectivity... ($sleep_count/$InternetTestAttempts)" | Out-File -Append $SuccessLog
Start-Sleep $sleep_time
}
elseif(!(Test-Connection -ComputerName $repository_host -Quiet)) {
"[[Internet]] Waiting for connection to repository ($repository_host)... $sleep_count" | Out-File -Append $SuccessLog
Start-Sleep 30
"[[Internet]] Waiting $sleep_time seconds for connection to repository ($repository_host)... ($sleep_count/$InternetTestAttempts)" | Out-File -Append $SuccessLog
Start-Sleep $sleep_time
}
elseif((-not ([String]::IsNullOrEmpty($BackupOnMeteredNetwork) -or $BackupOnMeteredNetwork)) -and (Invoke-MeteredCheck)) {
"[[Internet]] Waiting $sleep_time seconds for an unmetered network connection... ($sleep_count/$InternetTestAttempts)" | Out-File -Append $SuccessLog
$restricted_by_metered_network = $true
Start-Sleep $sleep_time
}
else {
return $true
@@ -455,16 +516,16 @@ function Invoke-HistoryCheck {
}
$filter = "*$Action.err.txt".ToLower()
$logs = Get-ChildItem $LogPath -Filter $filter | ForEach-Object{$_.Length -gt 0}
$logs = Get-ChildItem $Script:LogPath -Filter $filter | ForEach-Object{$_.Length -gt 0}
$logs_with_success = ($logs | Where-Object {($_ -eq $false)}).Count
if($logs.Count -gt 0) {
Write-Output "[[History]] $Action success rate: $logs_with_success / $($logs.Count) ($(($logs_with_success / $logs.Count).tostring("P")))" | Tee-Object -Append $SuccessLog
"[[History]] $Action success rate: $logs_with_success / $($logs.Count) ($(($logs_with_success / $logs.Count).tostring("P")))" | Tee-Object -Append $SuccessLog | Write-Host
}
}
# main function
function Invoke-Main {
# check for elevation, required for creation of shadow copy (VSS)
if (-not (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
@@ -474,18 +535,31 @@ function Invoke-Main {
# initialize secrets
. $SecretsScript
# initialize config
. $ConfigScript
# apply global configuration
$Script:ResticExe = Join-Path $InstallPath $ExeName
if(-not [String]::IsNullOrEmpty($GlobalParameters)) {
$Script:ResticExe = "$Script:ResticExe $GlobalParameters"
}
$Script:StateFile = Join-Path $InstallPath "state.xml"
$Script:LogPath = Join-Path $InstallPath "logs"
Get-BackupState
if(!(Test-Path $LogPath)) {
Write-Error "[[Backup]] Log file directory $LogPath does not exist. Exiting."
if(!(Test-Path $Script:LogPath)) {
Write-Error "[[Backup]] Log file directory $Script:LogPath does not exist. Exiting."
Send-Email
exit 1
}
# custom start action
if($null -ne $CustomActionStart) {
Invoke-Expression $CustomActionStart
}
$error_count = 0
$backup_success = $false
$maintenance_success = $false
@@ -495,11 +569,11 @@ function Invoke-Main {
while ($attempt_count -gt 0) {
# setup logfiles
$timestamp = Get-Date -Format FileDateTime
$success_log = Join-Path $LogPath ($timestamp + ".backup.log.txt")
$error_log = Join-Path $LogPath ($timestamp + ".backup.err.txt")
$success_log = Join-Path $Script:LogPath ($timestamp + ".backup.log.txt")
$error_log = Join-Path $Script:LogPath ($timestamp + ".backup.err.txt")
$repository_available = Invoke-ConnectivityCheck $success_log $error_log
if($repository_available -eq $true) {
if($repository_available -eq $true) {
Invoke-Unlock $success_log $error_log
$backup_success = Invoke-Backup $success_log $error_log
@@ -509,30 +583,30 @@ function Invoke-Main {
$total_attempts = $GlobalRetryAttempts - $attempt_count + 1
if($backup_success -eq $true) {
# successful backup
Write-Output "[[Backup]] Succeeded after $total_attempts attempt(s)" | Tee-Object -Append $success_log
"[[Backup]] Succeeded after $total_attempts attempt(s)" | Tee-Object -Append $success_log | Write-Host
# test to see if maintenance is needed if the backup was successful
$maintenance_needed = Test-Maintenance $success_log $error_log
}
else {
Write-Output "[[Backup]] Ran with errors on attempt $total_attempts" | Tee-Object -Append $success_log | Tee-Object -Append $error_log
"[[Backup]] Ran with errors on attempt $total_attempts" | Tee-Object -Append $success_log | Tee-Object -Append $error_log | Write-Host
$error_count++
}
}
else {
Write-Output "[[Backup]] Failed - cannot access repository." | Tee-Object -Append $success_log | Tee-Object -Append $error_log
"[[Backup]] Failed - cannot access repository." | Tee-Object -Append $success_log | Tee-Object -Append $error_log | Write-Host
$error_count++
}
$attempt_count--
# update logs prior to sending email
if($backup_success -eq $false) {
if($backup_success -eq $false) {
if($attempt_count -gt 0) {
Write-Output "[[Backup]] Sleeping for 15 min and then retrying..." | Tee-Object -Append $success_log
"[[Backup]] Sleeping for 15 min and then retrying..." | Tee-Object -Append $success_log | Write-Host
}
else {
Write-Output "[[Backup]] Retry limit has been reached. No more attempts to backup will be made." | Tee-Object -Append $success_log
"[[Backup]] Retry limit has been reached. No more attempts to backup will be made." | Tee-Object -Append $success_log | Write-Host
}
}
@@ -541,7 +615,7 @@ function Invoke-Main {
# update the state of the last backup success or failure
$Script:ResticStateLastBackupSuccessful = $backup_success
# Save state to file
Set-BackupState
@@ -552,44 +626,44 @@ function Invoke-Main {
else {
break
}
}
}
# only run maintenance if the backup was successful and maintenance is needed
$attempt_count = $GlobalRetryAttempts
while (($maintenance_needed -eq $true) -and ($attempt_count -gt 0)) {
# setup logfiles
$timestamp = Get-Date -Format FileDateTime
$success_log = Join-Path $LogPath ($timestamp + ".maintenance.log.txt")
$error_log = Join-Path $LogPath ($timestamp + ".maintenance.err.txt")
$success_log = Join-Path $Script:LogPath ($timestamp + ".maintenance.log.txt")
$error_log = Join-Path $Script:LogPath ($timestamp + ".maintenance.err.txt")
$repository_available = Invoke-ConnectivityCheck $success_log $error_log
if($repository_available -eq $true) {
if($repository_available -eq $true) {
$maintenance_success = Invoke-Maintenance $success_log $error_log
# $maintenance_success = ($maintenance_success -eq $true) -and (!(Test-Path $error_log) -or ((Get-Item $error_log).Length -eq 0))
$total_attempts = $GlobalRetryAttempts - $attempt_count + 1
if($maintenance_success -eq $true) {
Write-Output "[[Maintenance]] Succeeded after $total_attempts attempt(s)" | Tee-Object -Append $success_log
"[[Maintenance]] Succeeded after $total_attempts attempt(s)" | Tee-Object -Append $success_log | Write-Host
}
else {
Write-Output "[[Maintenance]] Ran with errors on attempt $total_attempts" | Tee-Object -Append $success_log | Tee-Object -Append $error_log
"[[Maintenance]] Ran with errors on attempt $total_attempts" | Tee-Object -Append $success_log | Tee-Object -Append $error_log | Write-Host
$error_count++
}
}
else {
Write-Output "[[Maintenance]] Failed - cannot access repository." | Tee-Object -Append $success_log | Tee-Object -Append $error_log
"[[Maintenance]] Failed - cannot access repository." | Tee-Object -Append $success_log | Tee-Object -Append $error_log | Write-Host
$error_count++
}
$attempt_count--
# update logs prior to sending email
if($maintenance_success -eq $false) {
if($maintenance_success -eq $false) {
if($attempt_count -gt 0) {
Write-Output "[[Maintenance]] Sleeping for 15 min and then retrying..." | Tee-Object -Append $success_log
"[[Maintenance]] Sleeping for 15 min and then retrying..." | Tee-Object -Append $success_log | Write-Host
}
else {
Write-Output "[[Maintenance]] Retry limit has been reached. No more attempts to run maintenance will be made." | Tee-Object -Append $success_log
"[[Maintenance]] Retry limit has been reached. No more attempts to run maintenance will be made." | Tee-Object -Append $success_log | Write-Host
}
}
@@ -598,7 +672,7 @@ function Invoke-Main {
# update the state of the last maintenance success or failure
$Script:ResticStateLastMaintenanceSuccessful = $maintenance_success
# Save state to file
Set-BackupState
@@ -609,13 +683,27 @@ function Invoke-Main {
else {
break
}
}
}
# custom end actions
if((-not $backup_success) -or ($maintenance_needed -and -not $maintenance_success)) {
# call the custom error action if backup failed and/or maintenance was needed and failed
if($null -ne $CustomActionEndError) {
Invoke-Expression $CustomActionEndError
}
}
else {
# call custom success action if backup & maintenance were successful
if($null -ne $CustomActionEndSuccess) {
Invoke-Expression $CustomActionEndSuccess
}
}
# Save state to file
Set-BackupState
# cleanup older log files
Get-ChildItem $LogPath | Where-Object {$_.CreationTime -lt $(Get-Date).AddDays(-$LogRetentionDays)} | Remove-Item
Get-ChildItem $Script:LogPath | Where-Object {$_.CreationTime -lt $(Get-Date).AddDays(-$LogRetentionDays)} | Remove-Item
exit $error_count
}

39
config.ps1
View File

@@ -1,39 +0,0 @@
# backup configuration
$ExeName = "restic.exe"
$InstallPath = "C:\restic"
$ResticExe = Join-Path $InstallPath $ExeName
$StateFile = Join-Path $InstallPath "state.xml"
$WindowsExcludeFile = Join-Path $InstallPath "windows.exclude"
$LocalExcludeFile = Join-Path $InstallPath "local.exclude"
$LogPath = Join-Path $InstallPath "logs"
$LogRetentionDays = 30
$InternetTestAttempts = 10
$GlobalRetryAttempts = 4
$IgnoreMissingBackupSources = $false
$AdditionalBackupParameters = @("--exclude-if-present", ".nobackup", "--no-scan")
# maintenance configuration
$SnapshotMaintenanceEnabled = $true
$SnapshotRetentionPolicy = @("--host", $env:COMPUTERNAME, "--group-by", "host,tags", "--keep-daily", "30", "--keep-weekly", "52", "--keep-monthly", "24", "--keep-yearly", "10")
$SnapshotPrunePolicy = @("--max-unused", "1%")
$SnapshotMaintenanceInterval = 7
$SnapshotMaintenanceDays = 30
$SnapshotDeepMaintenanceDays = 90
# email configuration
$SendEmailOnSuccess = $false
$SendEmailOnError = $true
# Paths to backup
$BackupSources = @{}
$BackupSources["C:\"] = @(
# "Users\Example\Desktop\Source1",
# "Users\Example\Desktop\Source2"
)
# $BackupSources["D:\"] = @(
# "Example\Source3",
# "Example\Source4"
# )
#$BackupSources["DRIVE_LABEL_NAME_OR_SERIAL_NUMBER"] = @(
# "Example\FolderName"
#)

66
config_sample.ps1 Normal file
View File

@@ -0,0 +1,66 @@
# Sample configuration file
# Update this file to control how the restic backup, forget, and purge operations are run
# Rename to `config.ps1`
# general configuration
$InstallPath = "C:\restic"
$ExeName = "restic.exe"
$GlobalParameters = @()
$LogRetentionDays = 30
$BackupOnMeteredNetwork = $true
$InternetTestAttempts = 10
$GlobalRetryAttempts = 4
# email configuration
$SendEmailOnSuccess = $false
$SendEmailOnError = $true
# backup configuration
$WindowsExcludeFile = Join-Path $InstallPath "windows.exclude"
$LocalExcludeFile = Join-Path $InstallPath "local.exclude"
$IgnoreMissingBackupSources = $false
$AdditionalBackupParameters = @("--exclude-if-present", ".nobackup", "--no-scan")
# Paths to backup
$BackupSources = @{}
$BackupSources["C:\"] = @(
# "Users\Example\Desktop\Source1",
# "Users\Example\Desktop\Source2"
)
# $BackupSources["D:\"] = @(
# "Example\Source3",
# "Example\Source4"
# )
#$BackupSources["DRIVE_LABEL_NAME_OR_SERIAL_NUMBER"] = @(
# "Example\FolderName"
#)
# maintenance configuration
$SnapshotMaintenanceEnabled = $true
$SnapshotRetentionPolicy = @("--host", $env:COMPUTERNAME, "--group-by", "host,tags", "--keep-daily", "30", "--keep-weekly", "52", "--keep-monthly", "24", "--keep-yearly", "10")
$SnapshotPrunePolicy = @("--max-unused", "1%")
$SnapshotMaintenanceInterval = 7
$SnapshotMaintenanceDays = 30
$SnapshotDeepMaintenanceDays = 90
# restic.exe self update configuration
$SelfUpdateEnabled = $true
# (optional) custom actions
# Define commands to pass to Invoke-Expression at script start and script end
# note: Errors will only be reported if the script does not eventually succeed. Errors
# from unsuccessful attempts to backup or maintain the repository will not result
# in the custom error action being called unless all attempts to backup or maintain failed.
$CustomActionStart = $null
$CustomActionEndError = $null
$CustomActionEndSuccess = $null
# Example: Calling a healthcheck remote service
# $healthCheckURL = "https://healthcheckservice.com/etc/etc"
# $CustomActionStart = "Invoke-RestMethod $healthCheckURL/start"
# $CustomActionEndError = "Invoke-RestMethod $healthCheckURL/fail"
# $CustomActionEndSuccess = "Invoke-RestMethod $healthCheckURL"
# Example: Invoking a script
# $successScript = Join-Path $InstallPath "mySuccessScript.ps1"
# $CustomActionEndSuccess = "& $successScript"

71
install.ps1
View File

@@ -1,5 +1,29 @@
. .\config.ps1
. .\secrets.ps1
#
# Restic Windows Backup - Installation Script
#
# =========== start configuration =========== #
# load restic configuration parmeters (destination, passwords, etc.)
$SecretsScript = Join-Path $PSScriptRoot "secrets.ps1"
# load backup configuration variables
$ConfigScript = Join-Path $PSScriptRoot "config.ps1"
# initialize secrets
. $SecretsScript
# initialize config
. $ConfigScript
# apply global configuration
$ResticExe = Join-Path $InstallPath $ExeName
$LogPath = Join-Path $InstallPath "logs"
# make LASTEXITCODE global to enable error checking for Invoke-Expression commands
$global:LASTEXITCODE=0
# =========== end configuration =========== #
# download restic
if(-not (Test-Path $ResticExe)) {
@@ -10,20 +34,37 @@ if(-not (Test-Path $ResticExe)) {
else {
$url = "https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_windows_386.zip"
}
$output = Join-Path $InstallPath "restic.zip"
Invoke-WebRequest -Uri $url -OutFile $output
Expand-Archive -LiteralPath $output $InstallPath
Remove-Item $output
Get-ChildItem *.exe | Rename-Item -NewName $ExeName
try {
$output = Join-Path $InstallPath "restic.zip"
Invoke-WebRequest -Uri $url -OutFile $output
Expand-Archive -LiteralPath $output $InstallPath
Remove-Item $output
Get-ChildItem *.exe | Rename-Item -NewName $ExeName
}
catch {
Write-Error "[[Install]] restic.exe download failed. Check errors and resolve: $_"
exit 1
}
}
# Apply global paramters to $ResticExe, after the $ResticExe has been downloaded/confirmed to exist
if(-not [String]::IsNullOrEmpty($GlobalParameters)) {
$ResticExe = "$ResticExe $GlobalParameters"
}
# Invoke restic self-update to check for a newer version
& $ResticExe self-update
# This is enabled by default unless configuration disables self-update
if ([String]::IsNullOrEmpty($SelfUpdateEnabled) -or ($SelfUpdateEnabled -eq $true)) {
Invoke-Expression "$ResticExe self-update"
if($LASTEXITCODE) {
Write-Warning "[[Update]] Restic self-update failed. Check errors and resolve."
}
}
# Create log directory if it doesn't exit
if(-not (Test-Path $LogPath)) {
New-Item -ItemType Directory -Force -Path $LogPath | Out-Null
Write-Output "[[Init]] Repository successfully initialized."
Write-Output "[[Init]] Created log directory: $LogPath"
}
# Create the local exclude file
@@ -32,12 +73,12 @@ if(-not (Test-Path $LocalExcludeFile)) {
}
# Initialize the restic repository
& $ResticExe --verbose init
if($?) {
Write-Output "[[Init]] Repository successfully initialized."
Invoke-Expression "$ResticExe --verbose init"
if($LASTEXITCODE) {
Write-Warning "[[Init]] Repository initialization failed. Check errors and resolve."
}
else {
Write-Warning "[[Init]] Repository initialization failed. Check errors and resolve."
Write-Output "[[Init]] Repository successfully initialized."
}
# Scheduled Windows Task Scheduler to run the backup
@@ -46,14 +87,14 @@ $backup_task = Get-ScheduledTask $backup_task_name -ErrorAction SilentlyContinue
if($null -eq $backup_task) {
try {
$task_action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-ExecutionPolicy Bypass -NonInteractive -NoLogo -NoProfile -Command ".\backup.ps1; exit $LASTEXITCODE"' -WorkingDirectory $InstallPath
$task_user = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -RunLevel Highest
$task_user = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest
$task_settings = New-ScheduledTaskSettingsSet -RestartCount 4 -RestartInterval (New-TimeSpan -Minutes 15) -ExecutionTimeLimit (New-TimeSpan -Days 3) -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -MultipleInstances IgnoreNew -IdleDuration 0 -IdleWaitTimeout 0 -StartWhenAvailable -RestartOnIdle
$task_trigger = New-ScheduledTaskTrigger -Daily -At 4:00am
Register-ScheduledTask $backup_task_name -Action $task_action -Principal $task_user -Settings $task_settings -Trigger $task_trigger | Out-Null
Write-Output "[[Scheduler]] Backup task scheduled."
}
catch {
Write-Warning "[[Scheduler]] Scheduling failed."
Write-Error "[[Scheduler]] Setting up backup task schedule failed: $_"
}
}
else {

0
secrets_template.ps1 → secrets_sample.ps1
View File

337
update.ps1 Normal file
View File

@@ -0,0 +1,337 @@
<#
.SYNOPSIS
Updates the local installed restic backup scripts from GitHub,
either using the latest tagged release or by targeting a specific branch.
.DESCRIPTION
This script supports two modes:
1. **Release mode (default):**
- Fetches the latest release info via GitHubs API.
- Compares the release tag (after normalization) against a locally stored version (in state.xml).
- If the GitHub release is newer, downloads the release zip, extracts it, copies the files
over the local installation.
2. **Branch mode:**
- Targets a specific branch (default "main") by retrieving branch information from GitHub.
- Compares the latest commit SHA on that branch against a locally stored SHA (in state.xml).
- If the remote commit SHA differs, downloads the branch zip archive, extracts it,
copies the files over the local installation.
.NOTES
Example 1 - update scripts to the latest tagged release
.\update.ps1
Example 2 - update scripts from a branch
.\update.ps1 -Mode branch -BranchName 'release_1.8'
Example 3 - download a new copy of the update scripts and run it
1. Change your directory to your installation directory (e.g. `cd c:\restic`)
2. Invoke-WebRequest "https://raw.githubusercontent.com/kmwoley/restic-windows-backup/main/update.ps1" -OutFile update.ps1
3. .\update.ps1
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $false)]
[ValidateSet("release", "branch")]
[string]$Mode = "release",
[Parameter(Mandatory = $false)]
[string]$BranchName = "main",
[Parameter(Mandatory = $false)]
[string]$InstallPath = $null
)
# ====================================
# Configuration and Setup
# ====================================
# GitHub repository details
$repoOwner = "kmwoley"
$repoName = "restic-windows-backup"
# User-Agent header (GitHub requires this)
$headers = @{ "User-Agent" = "PowerShell" }
# default the installation directory to the location of the running script
if([string]::IsNullOrEmpty($InstallPath)) {
# default to the script's location, if running as a script
$InstallPath = $PSScriptRoot
if([string]::IsNullOrEmpty($InstallPath)) {
# default to the current working directory, if not running as a script
$InstallPath = Get-Location
}
}
# ====================================
# Functions for state management
# ====================================
function Get-State {
if(Test-Path $Script:StateFile) {
Import-Clixml $Script:StateFile | ForEach-Object{ Set-Variable -Scope Script $_.Name $_.Value }
}
}
function Set-State {
Get-Variable ResticState* | Export-Clixml $Script:StateFile
}
# ===========================================
# Functions for file management and download
# ===========================================
function Get-ModifiedFiles {
param(
[Parameter(Mandatory = $true)]
[string]$Source,
[Parameter(Mandatory = $true)]
[string]$Destination,
[Parameter(Mandatory = $true)]
[string]$DateTime
)
$modifiedFiles = New-Object System.Collections.Generic.List[System.Object]
if(-not (Test-Path $Source)) {
Write-Error "Source does not exist ($Source)"
exit 1
}
if(-not (Test-Path $Destination)) {
Write-Error "Destination does not exist ($Destination)"
exit 1
}
$sourceFiles = Get-ChildItem $Source
ForEach ($sourceFile in $sourceFiles) {
# find if there's a corrosponding file in the destination
$destFileName = Join-Path $Destination $sourceFile.Name
if(Test-Path $destFileName) {
$destFile = Get-ChildItem $destFileName
if($destFile.LastWriteTime -gt $DateTime) {
# destination file has been modified after $DateTime
$modifiedFiles.Add($destFile.FullName)
}
}
}
return $modifiedFiles
}
function Update-InstalledScripts {
param(
[Parameter(Mandatory=$true)][string]$ZipUrl,
[Parameter(Mandatory=$true)][string]$DestinationFolder
)
$timestamp = Get-Date -Format FileDateTime
$tempExtractDir = Join-Path $env:TEMP ("restic-windows-backup." + $timestamp)
$tempZipPath = Join-Path $env:TEMP ("restic-windows-backup." + $timestamp + ".zip")
# test temp location, fail if in use
if (Test-Path $tempExtractDir) {
Write-Error "Temporary directory already exists: $tempExtractDir"
exit 1
}
if (Test-Path $tempZipPath) {
Write-Error "Temporary directory already exists: $tempZipPath"
exit 1
}
# Create a temporary folder for extraction
New-Item -ItemType Directory -Path $tempExtractDir | Out-Null
Write-Host "Downloading from: $ZipUrl"
try {
Invoke-WebRequest -Uri $ZipUrl -OutFile $tempZipPath -Headers $headers
} catch {
Write-Error "Failed to download the file: $_"
exit 1
}
try {
Expand-Archive -LiteralPath $tempZipPath $tempExtractDir
} catch {
Write-Error "Error extracting zip file: $_"
exit 1
}
# Determine the actual folder containing the repository files.
$extractedContent = Get-ChildItem -Path $tempExtractDir | Where-Object { $_.PSIsContainer }
if ($extractedContent.Count -eq 1) {
$extractedFolder = $extractedContent[0].FullName
} else {
$extractedFolder = $tempExtractDir
}
# Check to make sure not to overwrite modified files
$installedDate = $Script:ResticStateInstalledDate
if([string]::IsNullOrEmpty($installedDate)) {
# unkown install date; setting the date
$installedDate = [datetime]::MinValue
}
$modifiedFiles = Get-ModifiedFiles -Source $extractedFolder -Destination $DestinationFolder -DateTime $installedDate
if($modifiedFiles) {
if([string]::IsNullOrEmpty($Script:ResticStateInstalledDate)) {
Write-Host "WARNING: The following files already exist in the target directory"
}
else {
Write-Host "WARNING: The following files have been modified since they were installed on $installedDate"
}
ForEach ($fileName in $modifiedFiles) {
Write-Host " - " $fileName
}
# TODO: add a "-Force" parameter to skip this check/question
Write-Host "Continuing will overwrite these files."
Write-host "Do you want to continue?"
$userInput = Read-Host "[Y] Yes [N] No (default is ""Y"")"
if ($userInput -ieq 'n') {
Write-Host "Operation cancelled."
exit 0
}
}
Write-Host "Updating files in installation directory ($DestinationFolder)..."
try {
# Recursively copy all content from the extracted folder to the local directory.
Copy-Item -Path (Join-Path $extractedFolder "*") -Destination $DestinationFolder -Recurse -Force
} catch {
Write-Error "Error copying files: $_"
exit 1
}
# Clean up temporary files
Remove-Item $tempZipPath -Force
Remove-Item $tempExtractDir -Recurse -Force
}
# ====================================
# Main
# ====================================
# load restic state
$Script:ResticStateInstalledVersion = $null
$Script:ResticStateInstalledBranchSHA = $null
$Script:ResticStateInstalledDate = $null
$Script:StateFile = Join-Path $InstallPath "state.xml"
Get-State
# ====================================
# Release mode
# ====================================
if ($Mode -eq "release") {
# Read the version of the scripts installed
$localVersion = $Script:ResticStateInstalledVersion
if ([string]::IsNullOrEmpty($localVersion)) {
# No version information stored locally
$localVersion = "0.0.0"
}
# Get the Latest Release Info from GitHub
$releaseApiUrl = "https://api.github.com/repos/$repoOwner/$repoName/releases/latest"
try {
Write-Host "Checking GitHub for latest release of '$repoOwner/$repoName'..."
$release = Invoke-RestMethod -Uri $releaseApiUrl -Headers $headers
} catch {
Write-Error "Error fetching release information from GitHub: $_"
exit 1
}
$latestTagRaw = $release.tag_name
$latestTag = $latestTagRaw.Trim()
# Normalize versions (remove leading "v" if present)
function Get-NormalizedVersion($versionString) {
if ($versionString.StartsWith("v", [System.StringComparison]::InvariantCultureIgnoreCase)) {
return $versionString.Substring(1)
}
return $versionString
}
$normalizedLocalVersion = Get-NormalizedVersion $localVersion
$normalizedLatestVersion = Get-NormalizedVersion $latestTag
try {
$localVersionObj = [Version]$normalizedLocalVersion
$latestVersionObj = [Version]$normalizedLatestVersion
} catch {
Write-Error "Error parsing version strings. Local: $normalizedLocalVersion, Latest: $normalizedLatestVersion. $_"
exit 1
}
if ($latestVersionObj -le $localVersionObj) {
Write-Host "Installed version ($localVersionObj) is up-to-date. No update needed."
exit 0
} else {
Write-Host "Newer release available: $latestVersionObj (installed: $localVersionObj). Proceeding with update..."
}
# get the zip URL from the release info
$zipUrl = $release.zipball_url
# Download and update the installed scripts
Update-InstalledScripts -ZipUrl $zipUrl -DestinationFolder $InstallPath
# Store the installed version number and time installed
$Script:ResticStateInstalledVersion = $normalizedLatestVersion
$Script:ResticStateInstalledDate = Get-Date
$Script:ResticStateInstalledBranchSHA = $null
Set-State
Write-Host "Update successful. Installed version is now $normalizedLatestVersion."
}
# ====================================
# Branch mode
# ====================================
elseif ($Mode -eq "branch") {
# Read the SHA of the branch source installed
$localCommitSHA = $Script:ResticStateInstalledBranchSHA
if ([string]::IsNullOrEmpty($localCommitSHA)) {
# Write-Host "No branch information stored locally."
$localCommitSHA = "unknown"
}
# Retrieve branch information from GitHub
$branchApiUrl = "https://api.github.com/repos/$repoOwner/$repoName/branches/$BranchName"
try {
Write-Host "Checking GitHub for latest commit of '$repoOwner/$repoName' on branch '$BranchName'..."
$branchInfo = Invoke-RestMethod -Uri $branchApiUrl -Headers $headers
} catch {
Write-Error "Error fetching branch information from GitHub: $_"
exit 1
}
$latestCommitSHA = $branchInfo.commit.sha
if ($localCommitSHA -eq $latestCommitSHA) {
Write-Host "Installed commit ($latestCommitSHA) is up-to-date. No update needed."
exit 0
} else {
Write-Host "Latest commit: $latestCommitSHA (installed: $localCommitSHA). Proceeding with update..."
}
# Construct the zip URL for the branch.
# GitHub provides branch archives at:
# https://github.com/{owner}/{repo}/archive/refs/heads/{branch}.zip
$zipUrl = "https://github.com/$repoOwner/$repoName/archive/refs/heads/$BranchName.zip"
# Download and update the installed scripts
Update-InstalledScripts -ZipUrl $zipUrl -DestinationFolder $InstallPath
# Store the installed branch commit SHA and time installed
$Script:ResticStateInstalledVersion = $null
$Script:ResticStateInstalledDate = Get-Date
$Script:ResticStateInstalledBranchSHA = $latestCommitSHA
Set-State
Write-Host "Update successful. Local branch is now at commit $latestCommitSHA."
}
else {
Write-Error "Unsupported mode."
exit 1
}