diff --git a/bin/ncp/BACKUPS/nc-restic-s3-backup.sh b/bin/ncp/BACKUPS/nc-restic-s3-backup.sh
new file mode 100644
index 000000000..b92cb54e4
--- /dev/null
+++ b/bin/ncp/BACKUPS/nc-restic-s3-backup.sh
@@ -0,0 +1,170 @@
+#!/bin/bash
+
+# Back up Nextcloud data to S3-compatible storage via restic
+#
+# Copyleft 2021 by Thomas Heller
+# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+# GPL licensed (see end of file) * Use at your own risk!
+#
+# More at: https://ownyourbits.com
+#
+
+install()
+{
+  apt-get update
+  apt-get install --no-install-recommends -y restic
+}
+
+configure()
+{
+  local start=$(date +%s)
+
+  [[ "$S3_BUCKET_URL" == "" ]] && {
+    echo "error: please specify S3 bucket URL"
+    return 1
+  }
+
+  [[ "$S3_KEY_ID" == "" ]] && {
+    echo "error: please specify S3 key ID"
+    return 2
+  }
+
+  [[ "$S3_SECRET_KEY" == "" ]] && {
+    echo "error: please specify S3 secret key"
+    return 3
+  }
+
+  [[ "$RESTIC_PASSWORD" == "" ]] && {
+    echo "error: please specify restic password"
+    return 4
+  }
+
+  [[ "$BACKUPLIMIT" == "" ]] && {
+    echo "error: please specify number of days to keep"
+    return 5
+  }
+
+  save_maintenance_mode || {
+    echo "error: failed to activate Nextcloud maintenance mode"
+    return 6
+  }
+
+  local DATADIR
+  DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || {
+    echo -e "Error reading data directory. Is NextCloud running and configured?"
+    return 7
+  }
+
+  cd "$DATADIR" || {
+    echo "error: failed to change to data directory $DATADIR"
+    return 8
+  }
+
+  echo "backing up from $DATADIR"
+
+  if [[ "$INCLUDE_DATABASE" != "yes" ]]; then
+    echo "info: database is not included in backup"
+  else
+    echo "preparing database dump for backup ..."
+
+    [[ -e ncdatabase-restic-dump.sql ]] && {
+      echo "warning: stale database dump ncdatabase-restic-dump.sql ($(stat --format='%s bytes, last modified: %y' ncdatabase-restic-dump.sql)) still exists, overwriting!"
+    }
+
+    mysqldump -u root --single-transaction nextcloud > ncdatabase-restic-dump.sql || {
+      echo "error: mysqldump failed"
+      echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+      return 9
+    }
+
+    echo "successfully created database dump for backup ($(stat --format='%s bytes' ncdatabase-restic-dump.sql))"
+  fi
+
+  echo "starting backup ..."
+
+  AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose --exclude-file=/dev/stdin backup . <<EXCLUDES_LIST
+.opcache
+EXCLUDES_LIST
+  [[ $? -eq 0 ]] || {
+    echo "error: restic backup failed"
+    echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+    return 10
+  }
+
+  echo "successfully created backup"
+
+  [[ "$INCLUDE_DATABASE" == "yes" ]] && {
+    echo "deleting temporary database dump ..."
+
+    rm -v ncdatabase-restic-dump.sql || {
+      echo "error: remove failed"
+      echo "notice: ncdatabase-restic-dump.sql ($(stat --format='%s bytes' ncdatabase-restic-dump.sql)) will be overwritten during next backup or restore, but you can also manually remove it from Nextcloud data directory $DATADIR"
+      echo "notice: backup has completed anyways"
+      echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+      return 11
+    }
+
+    echo "successfully deleted temporary database dump"
+  }
+
+  [[ "$BACKUPLIMIT" -gt 0 ]] && {
+    [[ "$FORCE_UNLOCK" == "yes" ]] && {
+      echo "forcefully unlocking repository ..."
+
+      AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose unlock || {
+        echo "error: restic unlock failed"
+        echo "notice: backup has completed anyways"
+        echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+        return 12
+      }
+
+      echo "successfully unlocked repository"
+    }
+
+    echo "pruning old backups (except for the last $BACKUPLIMIT days)"
+
+    AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose forget --keep-daily "$BACKUPLIMIT" --prune || {
+      echo "error: restic prune failed"
+      echo "notice: backup has completed anyways"
+      echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+      return 13
+    }
+
+    echo "successfully pruned old backups"
+  }
+
+  restore_maintenance_mode || {
+    echo "error: failed to disabled Nextcloud maintenance mode"
+    echo "notice: backup has completed anyways"
+    return 14
+  }
+
+  echo "gathering stats (How much space do the backups take up in the S3 bucket?) ..."
+
+  AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose stats --mode raw-data || {
+    echo "error: restic stats failed"
+    echo "notice: backup has completed anyways"
+    return 15
+  }
+
+  local end=$(date +%s)
+
+  echo "backup complete after $((($end-$start)/60)) minute(s)"
+}
+
+# License
+#
+# This script is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This script is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this script; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+# Boston, MA  02111-1307  USA
diff --git a/bin/ncp/BACKUPS/nc-restic-s3-init.sh b/bin/ncp/BACKUPS/nc-restic-s3-init.sh
new file mode 100644
index 000000000..71ec26cc1
--- /dev/null
+++ b/bin/ncp/BACKUPS/nc-restic-s3-init.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Prepare back up of Nextcloud data to S3-compatible storage via restic
+#
+# Copyleft 2021 by Thomas Heller
+# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+# GPL licensed (see end of file) * Use at your own risk!
+#
+# More at: https://ownyourbits.com
+#
+
+install()
+{
+  apt-get update
+  apt-get install --no-install-recommends -y restic
+}
+
+configure()
+{
+  [[ "$S3_BUCKET_URL" == "" ]] && {
+    echo "error: please specify S3 bucket URL"
+    return 1
+  }
+
+  [[ "$S3_KEY_ID" == "" ]] && {
+    echo "error: please specify S3 key ID"
+    return 2
+  }
+
+  [[ "$S3_SECRET_KEY" == "" ]] && {
+    echo "error: please specify S3 secret key"
+    return 3
+  }
+
+  [[ "$RESTIC_PASSWORD" == "" ]] && {
+    echo "error: please specify restic password"
+    return 4
+  }
+
+  AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose init || {
+    echo "error: failed to initialize restic repository"
+    return 5
+  }
+
+  echo "successfully initialized repository"
+}
+
+# License
+#
+# This script is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This script is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this script; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+# Boston, MA  02111-1307  USA
diff --git a/bin/ncp/BACKUPS/nc-restic-s3-restore.sh b/bin/ncp/BACKUPS/nc-restic-s3-restore.sh
new file mode 100644
index 000000000..8961577d0
--- /dev/null
+++ b/bin/ncp/BACKUPS/nc-restic-s3-restore.sh
@@ -0,0 +1,137 @@
+#!/bin/bash
+
+# Restore Nextcloud data from S3-compatible storage via restic
+#
+# Copyleft 2021 by Thomas Heller
+# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+# GPL licensed (see end of file) * Use at your own risk!
+#
+# More at: https://ownyourbits.com
+#
+
+install()
+{
+  apt-get update
+  apt-get install --no-install-recommends -y restic
+}
+
+configure()
+{
+  local start=$(date +%s)
+
+  [[ "$S3_BUCKET_URL" == "" ]] && {
+    echo "error: please specify S3 bucket URL"
+    return 1
+  }
+
+  [[ "$S3_KEY_ID" == "" ]] && {
+    echo "error: please specify S3 key ID"
+    return 2
+  }
+
+  [[ "$S3_SECRET_KEY" == "" ]] && {
+    echo "error: please specify S3 secret key"
+    return 3
+  }
+
+  [[ "$RESTIC_PASSWORD" == "" ]] && {
+    echo "error: please specify restic password"
+    return 4
+  }
+
+  save_maintenance_mode || {
+    echo "error: failed to activate Nextcloud maintenance mode"
+    return 5
+  }
+
+  local DATADIR
+  DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || {
+    echo -e "Error reading data directory. Is NextCloud running and configured?"
+    return 6
+  }
+
+  echo "restoring to $DATADIR"
+
+  AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose restore latest --exclude='ncdatabase-restic-dump.sql' --target "$DATADIR" || {
+    echo "error: restic restore failed"
+    return 7
+  }
+
+  echo "successfully restored backup"
+
+  if [[ "$RESTORE_DATABASE" != "yes" ]]; then
+    echo "info: database will not be restored"
+  else
+    set -o pipefail # Note: When pipefail is set, "grep -q" must be replaced with "grep >/dev/null"
+
+    AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose ls latest | grep '^/ncdatabase-restic-dump\.sql$' >/dev/null || {
+      echo "error: backup does not contain a database dump (ncdatabase-restic-dump.sql)"
+      echo "notice: if you want to restore the backup without the database, uncheck the \"Include database\" option"
+      echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+      return 8
+    }
+
+    echo "preparing database for restore ..."
+
+    local DBADMIN=ncadmin
+    local DBPASSWD="$( grep password /root/.my.cnf | sed 's|password=||' )"
+
+    mysql -u root <<EOFMYSQL
+DROP DATABASE IF EXISTS nextcloud;
+CREATE DATABASE nextcloud;
+GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
+DROP USER '$DBADMIN'@'localhost';
+CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
+GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost;
+EXIT
+EOFMYSQL
+    [[ $? -eq 0 ]] || {
+      echo "error: database restore failed, only Nextcloud data directory has been restored"
+      echo "notice: try to restore the database manually from ncdatabase-restic-dump.sql ($(stat --format='%s bytes' $DATADIR/ncdatabase-restic-dump.sql))"
+      echo "notice: ncdatabase-restic-dump.sql will be overwritten during next backup or restore, but you can also manually remove it from Nextcloud data directory $DATADIR"
+      echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+      return 9
+    }
+
+    echo "database prepared for restore"
+
+    echo "restoring database ..."
+
+    AWS_ACCESS_KEY_ID="$S3_KEY_ID" AWS_SECRET_ACCESS_KEY="$S3_SECRET_KEY" RESTIC_PASSWORD="$RESTIC_PASSWORD" restic -r "s3:$S3_BUCKET_URL/ncp-backup" --verbose dump latest ncdatabase-restic-dump.sql | mysql -u root nextcloud || {
+      echo "error: database restore failed, only Nextcloud data directory has been restored"
+      echo "notice: try to restore the database manually from ncdatabase-restic-dump.sql ($(stat --format='%s bytes' $DATADIR/ncdatabase-restic-dump.sql))"
+      echo "notice: ncdatabase-restic-dump.sql ($(stat --format='%s bytes' $DATADIR/ncdatabase-restic-dump.sql)) will be overwritten during next backup or restore, but you can also manually remove it from Nextcloud data directory $DATADIR"
+      echo "notice: use nc-maintenance to disable maintenance mode anyway if desired"
+      return 10
+    }
+
+    echo "successfully restored database"
+  fi
+
+  restore_maintenance_mode || {
+    echo "error: failed to disabled Nextcloud maintenance mode"
+    echo "notice: backup has been restored anyways"
+    return 11
+  }
+
+  local end=$(date +%s)
+
+  echo "restore complete after $((($end-$start)/60)) minute(s)"
+}
+
+# License
+#
+# This script is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This script is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this script; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+# Boston, MA  02111-1307  USA
diff --git a/etc/ncp-config.d/nc-restic-s3-backup.cfg b/etc/ncp-config.d/nc-restic-s3-backup.cfg
new file mode 100644
index 000000000..c39e44e2b
--- /dev/null
+++ b/etc/ncp-config.d/nc-restic-s3-backup.cfg
@@ -0,0 +1,50 @@
+{
+  "id": "nc-restic-s3-backup",
+  "name": "nc-restic-s3-backup",
+  "title": "nc-restic-s3-backup",
+  "description": "Back up Nextcloud data to S3-compatible storage via restic",
+  "info": "Note that this backs up only the Nextcloud data directory, not the database.\n\nBefore using this, you may need to prepare a restic repository using nc-restic-s3-init, if you haven't already done so.\n\nPlease enter the S3 bucket access details as well as an encryption password.\nThe password is required to retrieve the data later on!\nNOTE: The password is NOT stored here for security reasons!\n\nIf you specify a number of days to keep, all backups older than the number of days will be deleted.\nIn addition, only the latest backup of each day will be kept.\n\nIf restic reports <em>Fatal: unable to create lock in backend</em> and you're sure that no other process is running, use &quot;Force unlock&quot;.",
+  "infotitle": "",
+  "params": [
+    {
+      "id": "S3_BUCKET_URL",
+      "name": "S3 bucket URL",
+      "suggest": "https://<host>/<bucket>"
+    },
+    {
+      "id": "S3_KEY_ID",
+      "name": "S3 key ID",
+      "suggest": "S3 key ID"
+    },
+    {
+      "id": "S3_SECRET_KEY",
+      "name": "S3 secret key",
+      "suggest": "S3 secrey key",
+      "type": "password"
+    },
+    {
+      "id": "RESTIC_PASSWORD",
+      "name": "restic password",
+      "suggest": "restic password",
+      "type": "password"
+    },
+    {
+      "id": "INCLUDE_DATABASE",
+      "name": "Include database",
+      "value": "yes",
+      "type": "bool"
+    },
+    {
+      "id": "BACKUPLIMIT",
+      "name": "Number of days to keep (0 for all)",
+      "value": "0",
+      "suggest": "0"
+    },
+    {
+      "id": "FORCE_UNLOCK",
+      "name": "Force unlock",
+      "value": "no",
+      "type": "bool"
+    }
+  ]
+}
diff --git a/etc/ncp-config.d/nc-restic-s3-init.cfg b/etc/ncp-config.d/nc-restic-s3-init.cfg
new file mode 100644
index 000000000..38ecf6160
--- /dev/null
+++ b/etc/ncp-config.d/nc-restic-s3-init.cfg
@@ -0,0 +1,32 @@
+{
+  "id": "nc-restic-s3-init",
+  "name": "nc-restic-s3-init",
+  "title": "nc-restic-s3-init",
+  "description": "Prepare back up of Nextcloud data to S3-compatible storage via restic",
+  "info": "Prepare a restic repository for use with nc-restic-s3, if you haven't already done so.\nYou only need to do this once.\n\nPlease enter the S3 bucket access details as well as an encryption password.\nThe password is required to retrieve the data later on!\nNOTE: The password is NOT stored here for security reasons!",
+  "infotitle": "",
+  "params": [
+    {
+      "id": "S3_BUCKET_URL",
+      "name": "S3 bucket URL",
+      "suggest": "https://<host>/<bucket>"
+    },
+    {
+      "id": "S3_KEY_ID",
+      "name": "S3 key ID",
+      "suggest": "S3 key ID"
+    },
+    {
+      "id": "S3_SECRET_KEY",
+      "name": "S3 secret key",
+      "suggest": "S3 secrey key",
+      "type": "password"
+    },
+    {
+      "id": "RESTIC_PASSWORD",
+      "name": "restic password",
+      "suggest": "restic password",
+      "type": "password"
+    }
+  ]
+}
diff --git a/etc/ncp-config.d/nc-restic-s3-restore.cfg b/etc/ncp-config.d/nc-restic-s3-restore.cfg
new file mode 100644
index 000000000..85e0ecc91
--- /dev/null
+++ b/etc/ncp-config.d/nc-restic-s3-restore.cfg
@@ -0,0 +1,38 @@
+{
+  "id": "nc-restic-s3-restore",
+  "name": "nc-restic-s3-restore",
+  "title": "nc-restic-s3-restore",
+  "description": "Restore Nextcloud data from S3-compatible storage via restic",
+  "info": "WARNING: This will overwrite existing files in your current Nextcloud data directory with files from latest backup created by nc-restic-s3-backup!\n\nNote that files which already exist in the data directory, but are <strong>not</strong> present in the backup, are <strong>not</strong> deleted.",
+  "infotitle": "",
+  "params": [
+    {
+      "id": "S3_BUCKET_URL",
+      "name": "S3 bucket URL",
+      "suggest": "https://<host>/<bucket>"
+    },
+    {
+      "id": "S3_KEY_ID",
+      "name": "S3 key ID",
+      "suggest": "S3 key ID"
+    },
+    {
+      "id": "S3_SECRET_KEY",
+      "name": "S3 secret key",
+      "suggest": "S3 secrey key",
+      "type": "password"
+    },
+    {
+      "id": "RESTIC_PASSWORD",
+      "name": "restic password",
+      "suggest": "restic password",
+      "type": "password"
+    },
+    {
+      "id": "RESTORE_DATABASE",
+      "name": "Restore database",
+      "value": "yes",
+      "type": "bool"
+    }
+  ]
+}