- name: Backup MikroTik config (text export only)
  hosts: mikrotik_routers
  gather_facts: no

  vars:
    backup_dir: /opt/mikrotik_backups/

  tasks:

    # ----------------------------
    # Ensure local backup directory
    # ----------------------------
    - name: Ensure local backup directory exists
      ansible.builtin.file:
        path: "{{ backup_dir }}"
        state: directory
        mode: "0755"
      delegate_to: localhost

    # ----------------------------
    # Get router identity
    # ----------------------------
    - name: Get router identity
      community.routeros.command:
        commands: /system identity print
      register: identity_raw
      tags: always

    - name: Parse router name
      set_fact:
        router_name: "{{ identity_raw.stdout[0].split(': ')[1] | trim }}"
      tags: always

    # ----------------------------
    # Timestamp
    # ----------------------------
    - name: Get timestamp
      ansible.builtin.command: date +%Y-%m-%d_%H-%M-%S
      register: date_out
      delegate_to: localhost

    - name: Set timestamp fact
      set_fact:
        ts: "{{ date_out.stdout }}"

    # ----------------------------
    # Export config (stable for diff)
    # ----------------------------
    - name: Export router config
      community.routeros.command:
        commands: /export terse show-sensitive
      register: export_cfg

    # ----------------------------
    # Save export locally
    # ----------------------------
    - name: Save export locally
      ansible.builtin.copy:
        content: "{{ export_cfg.stdout[0] }}"
        dest: "{{ backup_dir }}/{{ router_name }}-{{ ts }}.rsc"
      delegate_to: localhost

    # ----------------------------
    # Upgrade router (tag: upgraded)
    # ----------------------------
    - name: Check current and latest available package versions
      community.routeros.command:
        commands: /system package update check-for-updates
      register: update_check
      tags: upgraded

    - name: Parse installed and latest versions
      set_fact:
        installed_version: "{{ update_check.stdout[0] | regex_search('installed-version: ([\\d.]+)', '\\1') | first }}"
        latest_version: "{{ update_check.stdout[0] | regex_search('latest-version: ([\\d.]+)', '\\1') | first }}"
      tags: upgraded

    - name: Skip upgrade if already on latest
      ansible.builtin.debug:
        msg: "Router {{ router_name }} is already on latest version {{ installed_version }}. Skipping upgrade."
      when: installed_version == latest_version
      tags: upgraded

    - name: Trigger package download and install
      community.routeros.command:
        commands: /system package update install
      register: upgrade_result
      when: installed_version != latest_version
      tags: upgraded

    - name: Wait for router to come back online after reboot
      ansible.builtin.wait_for_connection:
        delay: 30
        timeout: 180
      when:
        - installed_version != latest_version
        - upgrade_result is not failed
      tags: upgraded

    - name: Confirm upgraded version
      community.routeros.command:
        commands: /system resource print
      register: post_upgrade_info
      when: installed_version != latest_version
      tags: upgraded

    - name: Show post-upgrade RouterOS version
      ansible.builtin.debug:
        msg: "{{ post_upgrade_info.stdout[0] | regex_search('version: .+') }}"
      when: installed_version != latest_version
      tags: upgraded