- hosts: mikrotiks
  gather_facts: no
  tasks:
    - name: Set SSH port (default to 22)
      set_fact:
        ansible_port: "{{ ansible_port | default(22) }}"

    - name: Ensure output directory exists
      ansible.builtin.file:
        path: /opt/mikrotik_backups
        state: directory
        mode: '0755'
      delegate_to: localhost

    - name: Get router identity
      shell: timeout 15 ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} -p {{ ansible_port }} "/system identity print"
      register: system_identity
      delegate_to: localhost
      failed_when: system_identity.rc != 0 and system_identity.rc != 124  # 124 = timeout

    - name: Set router name
      set_fact:
        router_name: "{{ system_identity.stdout.split(': ')[1] | trim }}"
      when: system_identity.rc == 0

    - name: Generate current date
      ansible.builtin.shell: date +%Y-%m-%d
      register: date_output
      delegate_to: localhost

    - name: Set current date
      set_fact:
        current_date: "{{ date_output.stdout }}"

    - name: Export router config
      shell: timeout 15 ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} -p {{ ansible_port }} "/export"
      register: export_output
      delegate_to: localhost
      when: system_identity.rc == 0
      failed_when: export_output.rc != 0 and export_output.rc != 124

    - name: Save export to local file
      ansible.builtin.copy:
        content: "{{ export_output.stdout }}"
        dest: "/opt/mikrotik_backups/{{ router_name }}-{{ current_date }}.config"
      delegate_to: localhost
      when: export_output.rc == 0

    - name: Create binary backup on router
      shell: timeout 15 ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} -p {{ ansible_port }} "/system backup save name={{ router_name }}-{{ current_date }}-backup"
      delegate_to: localhost
      when: system_identity.rc == 0

    - name: Download binary backup
      shell: timeout 15 scp -o StrictHostKeyChecking=no -P {{ ansible_port }} {{ ansible_user }}@{{ ansible_host }}:{{ router_name }}-{{ current_date }}-backup.backup /opt/mikrotik_backups/
      delegate_to: localhost
      when: system_identity.rc == 0

    - name: Remove backup file from router
      shell: timeout 15 ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} -p {{ ansible_port }} "/file remove {{ router_name }}-{{ current_date }}-backup.backup"
      delegate_to: localhost
      when: system_identity.rc == 0