diff --git a/README.md b/README.md
index bbef4432f8fe9759a2ad866f3523b323e5915bb2..0b0d5d7e5d871e6f21f56624820f434d368bdb3f 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,8 @@ export:
 #	  type: rsync
 #	  port: 22
 #	  key: "/etc/backup-client/id_ed25519"
+	# Bandwidth limit for upload, 20mbit/s by default
+	bwlimit: 2500
 
 # Settings to create a remote sftp user. Use this for restic sftp repos
 remote_sftp_user:
diff --git a/defaults/main.yml b/defaults/main.yml
index 116687fb68a1181e477b412bc67dfa972691952b..77ee36e70f56042c426654d523f82182ed5bacc1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,6 +28,7 @@ backups:
     years: 3
   export:
     destinations: []
+    bwlimit:  2500
   remote_sftp_user:
     name: backup
     host: ~
@@ -41,6 +42,7 @@ backups:
     '/tmp/*': true
     '/var/tmp/*': true
     '/var/cache/*': true
+    '/var/lib/php/sessions/*': true
     '/root/.ansible/*': true
   include_files:
     '/': true
diff --git a/tasks/main.yml b/tasks/main.yml
index 6cc38053f8c3ba3b7f8d3abd7a133a7217362088..2ac9ec5c9ae62be654a8bca0b4bf9fb00047fa69 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,6 +2,7 @@
   set_fact:
     backup_backend: "{% if backups.mode in ['standalone-restic', 'hypervisor-restic'] %}restic{% else %}False{% endif %}"
     backup_executor: "{% if backups.mode in ['vm-via-hypervisor'] %}False{% else %}True{% endif %}"
+    backup_restic_cache: "{% if backups.backends.restic.repo_type == 'local' %}False{% else %}True{% endif %}"
 
 - name: create config folder
   file:
@@ -106,7 +107,7 @@
       state: directory
       owner: root
       group: root
-      mode: 0700
+      mode: 0711
 
 - name: create a remote sftp user if enabled
   when:
diff --git a/templates/backup-check.j2 b/templates/backup-check.j2
index 7f4a0bfa18e5b0197cb72dcef2a5477d1f9483fd..67f73bbbd53f7c6606682cc97f3eae4f13bc14d8 100755
--- a/templates/backup-check.j2
+++ b/templates/backup-check.j2
@@ -5,7 +5,8 @@ set -euo pipefail
 # restic backend
 source /etc/backup-client/restic.env
 
-restic check --read-data --cleanup-cache
+restic check --read-data \
+	--cleanup-cache{% if not backup_restic_cache %} --no-cache{% endif %}
 
 {% endif %}
 
diff --git a/templates/backup-export.j2 b/templates/backup-export.j2
index 3cffe8e598e31bf4ee7a0e94b584e60fc1ae4ef0..f8e40cf4e49bedb48164f25bcf55614d9c468d7d 100755
--- a/templates/backup-export.j2
+++ b/templates/backup-export.j2
@@ -10,7 +10,7 @@ echo "Starting to export backups..."
 	{% if backups.backends.restic.repo_type == "local" %}
 		{% for i in backups.export.destinations if i.type == "rsync" %}
 			echo "exporting to {{ i.host }}"
-			rsync -h -r -a --append-verify --delete --stats  -e "ssh -p {{ i.port|d(22) }} -i {{ i.key|d('/etc/backup-client/id_ed25519') }}" "${RESTIC_REPOSITORY}/" "{{ i.user }}@{{ i.host }}:{{ i.remotepath }}"
+			rsync -h -r -a --append-verify --delete --stats{%if backups.export.bwlimit  %} --bwlimit={{ backups.export.bwlimit }}{% endif %} -e "ssh -p {{ i.port|d(22) }} -i {{ i.key|d('/etc/backup-client/id_ed25519') }}" "${RESTIC_REPOSITORY}/" "{{ i.user }}@{{ i.host }}:{{ i.remotepath }}"
 		{% endfor %}
 	{% else %}
 		echo "Repo is not local. Skipped."
diff --git a/templates/backup-retention.j2 b/templates/backup-retention.j2
index 478631d444cdf760a0c6e7a4a11050bc44e72f94..3778e51c9d0d6da9bac057b6fb95fa16a8b18ffc 100755
--- a/templates/backup-retention.j2
+++ b/templates/backup-retention.j2
@@ -7,7 +7,7 @@ source /etc/backup-client/retention.env
 # restic backend
 source /etc/backup-client/restic.env
 restic forget \
-	--cleanup-cache \
+	--cleanup-cache {% if not backup_restic_cache %} --no-cache{% endif %} \
 	--verbose \
 	--prune \
 	--group-by "host,paths,tags" \
diff --git a/templates/backup-standalone.j2 b/templates/backup-standalone.j2
index fd1360e8f9806e82d22e499f5530cf96c706169f..20d1f438d62609d6b131572057caaf64eb511c27 100755
--- a/templates/backup-standalone.j2
+++ b/templates/backup-standalone.j2
@@ -8,6 +8,7 @@ test -f "/etc/backup-client/enabled" || { echo "Standalone backup is disabled";
 source /etc/backup-client/restic.env
 
 restic backup \
+	--cleanup-cache {% if not backup_restic_cache %} --no-cache{% endif %} \
 	--verbose \
 	--exclude-caches \
 	--one-file-system \
diff --git a/templates/backup-vm.j2 b/templates/backup-vm.j2
index a4575b52d8469b2160cbbd0351310a1730dd63c0..9c6ed3052bbaf7ed8d3edf08b640747cb5647ae6 100755
--- a/templates/backup-vm.j2
+++ b/templates/backup-vm.j2
@@ -122,6 +122,7 @@ set -euo pipefail
 		# restic backend
 		source /etc/backup-client/restic.env
 		restic backup \
+			--cleanup-cache {% if not backup_restic_cache %} --no-cache{% endif %} \
 			--verbose \
 			--host "$DOMAIN" \
 			--exclude-file "/etc/backup-client/vms/$DOMAIN/exclude_files" \