add script 'upload-backup'

global-config

@@ -6,7 +6,7 @@
 
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 5;
+:global GlobalConfigVersion 6;
 
 # This is used for DNS and backup file.
 :global Domain "example.com";
@@ -32,6 +32,12 @@
 # These addresses are used to send backup and config export files to.
 :global EmailBackupTo "mail@example.com";
 :global EmailBackupCc "another@example.com";
+# These credentials are used to upload backup and config export files.
+# SFTP authentication is tricky, you may have to limit authentication
+# methods for your SSH server.
+:global BackupUploadUrl "sftp://example.com/backup/";
+:global BackupUploadUser "mikrotik";
+:global BackupUploadPass "v3ry-s3cr3t";
 
 # Specify an address to enable auto update to version assumed safe.
 # The configured channel (bugfix, current, release-candidate) is appended.

global-config.changes

@@ -8,4 +8,5 @@
   3="variable for certificate renew passphrase became an array to support multiple passphrases";
   4="added option to ignore global-config changes";
   5="split off new script cloud-backup from email-backup";
+  6="introduced script 'upload-backup' with new configuration parameters";
 };

global-functions

@@ -5,7 +5,7 @@
 # global functions
 
 # expected configuration version
-:global ExpectedConfigVersion 5;
+:global ExpectedConfigVersion 6;
 
 # global variables not to be changed by user
 :global SentConfigChangesNotification "-";

upload-backup

@@ -0,0 +1,75 @@
+#!rsc
+# RouterOS script: upload-backup
+# Copyright (c) 2013-2019 Christian Hesse <mail@eworm.de>
+#
+# create and upload backup and config file
+
+:global Identity;
+:global Domain;
+:global BackupUploadUrl;
+:global BackupUploadUser;
+:global BackupUploadPass;
+:global BackupSendBinary;
+:global BackupSendExport;
+:global BackupPassword;
+
+:global CharacterReplace;
+:global SendNotification;
+
+:if ($BackupSendBinary != true && \
+     $BackupSendExport != true) do={
+  :log error ("Configured to send neither backup nor config export.");
+  :error "Error: See log for details.";
+}
+
+# filename based on identity
+:local FileName [ $CharacterReplace ($Identity . "." . $Domain) "." "_" ];
+:local BackupFile "none";
+:local ConfigFile "none";
+
+# get some system information
+:local BoardName [ / system resource get board-name ];
+:local Model [ / system routerboard get model ];
+:local SerialNumber [ / system routerboard get serial-number ];
+:local Channel [ / system package update get channel ];
+:local InstalledVersion [ / system package update get installed-version ];
+
+# binary backup
+:if ($BackupSendBinary = true) do={
+  / system backup save encryption=aes-sha256 name=$FileName password=$BackupPassword;
+
+  :do {
+    / tool fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".backup") \
+        user=$BackupUploadUser password=$BackupUploadPass src-path=($FileName . ".backup");
+    :set BackupFile ($FileName . ".backup");
+  } on-error={
+    :log error ("Uploading backup file failed!");
+    :set BackupFile "failed";
+  }
+}
+
+# create configuration export
+:if ($BackupSendExport = true) do={
+  / export terse file=$FileName;
+
+  :do {
+    / tool fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".rsc") \
+        user=$BackupUploadUser password=$BackupUploadPass src-path=($FileName . ".rsc");
+    :set ConfigFile ($FileName . ".rsc");
+  } on-error={
+    :log error ("Uploading configuration export failed!");
+    :set ConfigFile "failed";
+  }
+}
+
+$SendNotification "Backup & Config Upload" \
+  ("Backup and config export for " . $Identity . ".\n\n" . \
+    "Board name:      " . $BoardName . "\n" . \
+    "Model:           " . $Model . "\n" . \
+    "Serial number:   " . $SerialNumber . "\n" . \
+    "Hostname:        " . $Identity . "\n" . \
+    "Channel:         " . $Channel . "\n" . \
+    "RouterOS:        " . $InstalledVersion . "\n\n" . \
+    "Backup uploaded: " . $BackupFile . "\n" . \
+    "Config uploaded: " . $ConfigFile);
+}