From 8d1313f58885682dab5789fc9805e573d32fc661 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Mon, 8 Jul 2019 17:48:55 +0200
Subject: add script 'upload-backup'

---
 global-config         |  8 +++++-
 global-config.changes |  1 +
 global-functions      |  2 +-
 upload-backup         | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 84 insertions(+), 2 deletions(-)
 create mode 100644 upload-backup

diff --git a/global-config b/global-config
index 751fc9e..b14ff6e 100644
--- a/global-config
+++ b/global-config
@@ -6,7 +6,7 @@
 
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 5;
+:global GlobalConfigVersion 6;
 
 # This is used for DNS and backup file.
 :global Domain "example.com";
@@ -32,6 +32,12 @@
 # These addresses are used to send backup and config export files to.
 :global EmailBackupTo "mail@example.com";
 :global EmailBackupCc "another@example.com";
+# These credentials are used to upload backup and config export files.
+# SFTP authentication is tricky, you may have to limit authentication
+# methods for your SSH server.
+:global BackupUploadUrl "sftp://example.com/backup/";
+:global BackupUploadUser "mikrotik";
+:global BackupUploadPass "v3ry-s3cr3t";
 
 # Specify an address to enable auto update to version assumed safe.
 # The configured channel (bugfix, current, release-candidate) is appended.
diff --git a/global-config.changes b/global-config.changes
index f3c4e2b..656cb7f 100644
--- a/global-config.changes
+++ b/global-config.changes
@@ -8,4 +8,5 @@
   3="variable for certificate renew passphrase became an array to support multiple passphrases";
   4="added option to ignore global-config changes";
   5="split off new script cloud-backup from email-backup";
+  6="introduced script 'upload-backup' with new configuration parameters";
 };
diff --git a/global-functions b/global-functions
index 00eb0c9..b0e4eb3 100644
--- a/global-functions
+++ b/global-functions
@@ -5,7 +5,7 @@
 # global functions
 
 # expected configuration version
-:global ExpectedConfigVersion 5;
+:global ExpectedConfigVersion 6;
 
 # global variables not to be changed by user
 :global SentConfigChangesNotification "-";
diff --git a/upload-backup b/upload-backup
new file mode 100644
index 0000000..da2a5d7
--- /dev/null
+++ b/upload-backup
@@ -0,0 +1,75 @@
+#!rsc
+# RouterOS script: upload-backup
+# Copyright (c) 2013-2019 Christian Hesse <mail@eworm.de>
+#
+# create and upload backup and config file
+
+:global Identity;
+:global Domain;
+:global BackupUploadUrl;
+:global BackupUploadUser;
+:global BackupUploadPass;
+:global BackupSendBinary;
+:global BackupSendExport;
+:global BackupPassword;
+
+:global CharacterReplace;
+:global SendNotification;
+
+:if ($BackupSendBinary != true && \
+     $BackupSendExport != true) do={
+  :log error ("Configured to send neither backup nor config export.");
+  :error "Error: See log for details.";
+}
+
+# filename based on identity
+:local FileName [ $CharacterReplace ($Identity . "." . $Domain) "." "_" ];
+:local BackupFile "none";
+:local ConfigFile "none";
+
+# get some system information
+:local BoardName [ / system resource get board-name ];
+:local Model [ / system routerboard get model ];
+:local SerialNumber [ / system routerboard get serial-number ];
+:local Channel [ / system package update get channel ];
+:local InstalledVersion [ / system package update get installed-version ];
+
+# binary backup
+:if ($BackupSendBinary = true) do={
+  / system backup save encryption=aes-sha256 name=$FileName password=$BackupPassword;
+
+  :do {
+    / tool fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".backup") \
+        user=$BackupUploadUser password=$BackupUploadPass src-path=($FileName . ".backup");
+    :set BackupFile ($FileName . ".backup");
+  } on-error={
+    :log error ("Uploading backup file failed!");
+    :set BackupFile "failed";
+  }
+}
+
+# create configuration export
+:if ($BackupSendExport = true) do={
+  / export terse file=$FileName;
+
+  :do {
+    / tool fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".rsc") \
+        user=$BackupUploadUser password=$BackupUploadPass src-path=($FileName . ".rsc");
+    :set ConfigFile ($FileName . ".rsc");
+  } on-error={
+    :log error ("Uploading configuration export failed!");
+    :set ConfigFile "failed";
+  }
+}
+
+$SendNotification "Backup & Config Upload" \
+  ("Backup and config export for " . $Identity . ".\n\n" . \
+    "Board name:      " . $BoardName . "\n" . \
+    "Model:           " . $Model . "\n" . \
+    "Serial number:   " . $SerialNumber . "\n" . \
+    "Hostname:        " . $Identity . "\n" . \
+    "Channel:         " . $Channel . "\n" . \
+    "RouterOS:        " . $InstalledVersion . "\n\n" . \
+    "Backup uploaded: " . $BackupFile . "\n" . \
+    "Config uploaded: " . $ConfigFile);
+}
-- 
cgit v1.2.3-54-g00ecf