groove/routeros-scripts-main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2026-01-17 22:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
3355 commits 4 branches 247 tags 10 MiB
Commit graph

3355 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christian Hesse
c0c1c5521e doc/netwatch-dns: include examples for dns.quad9.net & dns.google 2026-01-16 14:48:02 +01:00
Christian Hesse
0fffb5198e netwatch-dns: support multiple certificates 
Some services use certificates issued by differnt CA certificates,
depending on geolocation. One example is dns.google, which may require
either of 'GTS Root R1' or 'GTS Root R4'.

    /tool/netwatch/add comment="doh, dns, name=google-dns-ipv4, doh-cert=GTS Root R1:GTS Root R4" host=8.8.8.8 type=simple;
 2026-01-16 13:52:18 +01:00
Christian Hesse
330a616406 check-certificates: abort renew if "new" certificate is older... 
... and drop the condition on $CertRenewTime.
 2026-01-16 13:41:10 +01:00
Christian Hesse
0fee5cea3c check-certificates: move the warning below check for key 2026-01-16 13:41:10 +01:00
Christian Hesse
d673f0956c global-functions: $CertificateAvailable: get missing certificate... 
... not the issued and available one.
 2026-01-16 00:32:49 +01:00
Christian Hesse
ad455c8f1d doc/netwatch-dns: cloudflare uses a new CA for certificates 2026-01-15 23:14:37 +01:00
Christian Hesse
b72a79824e certs: add 'SSL.com Root Certification Authority ECC'... 
... to use with Cloudflare DNS.

curl -d '["SSL.com Root Certification Authority ECC"]' https://mkcert.org/generate/ | grep -v '^$' > certs/SSL-com-Root-Certification-Authority-ECC.pem
 2026-01-15 23:14:37 +01:00
Christian Hesse
156b0e4aaf fw-addr-lists: www.dshield.org requires 'GTS Root R4' 2026-01-15 23:14:37 +01:00
Christian Hesse
302fc0bb82 fw-addr-lists: lists.blocklist.de requires 'GTS Root R4' 2026-01-15 23:14:33 +01:00
Christian Hesse
df8d0370c5 doc/mod/ssh-keys-import: reverse old and new 2026-01-14 15:30:21 +01:00
Christian Hesse
cc56680206 log-forward: try to mitigate a race condition 
The old code looped over all new messages, then updated the variable
to the newest message - at that time! Messages in between were lost.
 2026-01-14 15:19:12 +01:00
Christian Hesse
6fd28bf8f7 netwatch-dns: check the certificate is available for fetch 
That trust is not needed for DNS functionality (that was checked before),
but for our hacky check with fetch.
 2026-01-14 15:05:07 +01:00
Christian Hesse
2b8dfec2f7 bump required RouterOS version for all scripts 2026-01-12 10:00:30 +01:00
Christian Hesse
45bcb80125 global-functions: bump required version to 7.17... 
... as we use `:convert from=num ...` which was introduced back then.

Actually the requirment did exist since commit
6ad6f9aa08.
 2026-01-12 10:00:30 +01:00
Christian Hesse
e7a16ad279 check-certificates: give hint on possibly incomplete cert chain 2026-01-12 10:00:30 +01:00
Christian Hesse
5481787869 check-certificates: handle builtin certificate in chain 
This includes an ugly workaround to keep it compatible with old RouterOS
versions... For now.
 2026-01-12 10:00:30 +01:00
Christian Hesse
54af7fd024 check-certificates: drop workaround 
This revert commit 8de6995c4b.

The exact example given in the commit message of that commit works
as expected now:

[eworm@kalyke] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get ISRG-Root-X2 issuer ] ];
-type-> array
  -key-> C
    -type-> str
    -len-> 2
    -value-> US
  -key-> CN
    -type-> str
    -len-> 12
    -value-> ISRG Root X2
  -key-> O
    -type-> str
    -len-> 32
    -value-> Internet Security Research Group
 2026-01-12 08:31:53 +01:00
Christian Hesse
927edc639c README: hint on the badge regarding required RouterOS version 2026-01-11 21:54:12 +01:00
Christian Hesse
377e196cb0 README: long-term channel is back! 🎉 2026-01-11 21:54:12 +01:00
Christian Hesse
3c62536f87 README: make prerequisite configuration a sub-section 2026-01-11 21:22:59 +01:00
Christian Hesse
0d71cd5b3b doc/mod/inspectvar: update screenshot... 
... with fix from $CharacterMultiply and doubled indention.
 2026-01-06 14:10:08 +01:00
Christian Hesse
33061fea21 mod/inspectvar: indent by two characters 2026-01-06 14:10:08 +01:00
Christian Hesse
0ceedab5db global-functions: $CharacterMultiply: return early on length zero... 
... as :for loop counts backwards and would return two
character otherwise.
 2026-01-06 14:10:08 +01:00
Christian Hesse
6990084d98 global-functions: $CharacterMultiply: use local variables for parameters 2026-01-06 14:10:08 +01:00
Christian Hesse
7dc230cceb contrib/telegram: add Oxford Comma in greeting 2026-01-06 00:48:49 +01:00
Christian Hesse
8878449b0b global-functions: support modules (or snippets) in global-functions.d/ 2026-01-05 11:37:58 +01:00
Christian Hesse
8fa17d4b3b check-health: fix regex to load plugins 2026-01-05 11:11:52 +01:00
Christian Hesse
8528ca376c global-config: support loading custom config snippets 
This may be interesting for custom scripts which can drop their own
default global configuration.
 2026-01-05 11:11:52 +01:00
Christian Hesse
4af18ced9e global-config: fix regex to load overlay snippets 2026-01-05 11:11:52 +01:00
Christian Hesse
623f96d94a update copyright for 2026 2026-01-01 13:50:07 +01:00
Christian Hesse
aa0b5a9ca2 README: add a brief description 2025-12-29 19:21:29 +01:00
Christian Hesse
ee9618014c introduce contrib/telegram... 
... with all the content for Miss Rose.

https://t.me/MissRose_bot
 2025-12-25 23:56:00 +01:00
Christian Hesse
0745f09a8a global-functions: $FetchHuge: handle missing file 
This should not happen, as download was supposed to be
successful - it does. 🤪
 2025-12-25 23:56:00 +01:00
Christian Hesse
222404535b netwatch-dns: drop declaration of unused function 2025-12-10 16:29:20 +01:00
Christian Hesse
c697c321e6 netwatch-dns: drop early check... 
... as the later check should handle that just fine.
 2025-12-09 21:48:16 +01:00
Christian Hesse
96896c37e5 netwatch-dns: update wording to reflect the extra check 2025-12-08 09:36:03 +01:00
Christian Hesse
6e37bab481 netwatch-dns: add active check to keep DoH server 2025-12-08 09:33:07 +01:00
Christian Hesse
28b00e23a1 check-routeros-update: $DoUpdate: drop message... 
... as it's either not shown anyway (when rebooting already),
`packages-update` gives reasonable output, or it is simply wrong (when
`packages-update` failed).
 2025-12-05 12:02:29 +01:00
Christian Hesse
830693df79 global-functions: $SymbolByUnicodeName: extend special 2025-12-03 17:53:31 +01:00
Christian Hesse
240decf419 check-perpetual-license: cross-mark on already expired license 2025-12-03 15:43:58 +01:00
Christian Hesse
c0678f0501 INITIAL-COMMANDS: add missing space 2025-12-01 11:25:28 +01:00
Christian Hesse
73350ff3f4 README: add missing space 2025-12-01 11:25:00 +01:00
Christian Hesse
7caaa62321 check-perpetual-license: add scroll symbol in notification 
doc/check-perpetual-license.d/notification-01-warn.avif
----- >8 -----
[rsc] 📜⚠️ License about to expire!

Your license failed to renew and is about to expire on 2025-09-13 12:12:23 on rsc...
----- >8 -----

doc/check-perpetual-license.d/notification-02-renew.avif
----- >8 -----
[rsc] 📜️ License renewed

Your license was successfully renewed on rsc. It is now valid until 2025-10-25 08:42:46.
----- >8 -----
 2025-11-27 11:26:04 +01:00
Christian Hesse
1f11f72d18 global-functions: $SymbolByUnicodeName: add special with magic 2025-11-27 08:49:56 +01:00
Christian Hesse
daeb173dbc doc/check-routeros-update: add screenshot from terminal 2025-11-25 18:44:52 +01:00
Christian Hesse
4acbd6449e Merge branch 'notifications' into next 2025-11-25 17:37:00 +01:00
Christian Hesse
9db7f4494c doc/sms-forward: update notifications 
doc/sms-forward.d/notification.avif
----- >8 -----
[rsc] 📨️ SMS Forwarding from 7277

Received this message by rsc from 7277:

📨️ On 2025-08-20 01:01:15+02:00 type class-0:
Welcome to our network!
----- >8 -----
 2025-11-25 17:37:00 +01:00
Christian Hesse
2d0c79160d doc/netwatch-notify: update notifications 
doc/netwatch-notify.d/notification-01-down.avif
----- >8 -----
[rsc] ️ Netwatch Notify: ipv6.eworm.de down

The host 'ipv6.eworm.de' (2a01:4f8:222:1e83::80, ipv6.eworm.de) is down since 2025-11-18 11:33:18.
----- >8 -----

doc/netwatch-notify.d/notification-02-up.avif
----- >8 -----
[rsc] ️ Netwatch Notify: ipv6.eworm.de up

The host 'ipv6.eworm.de' (2a01:4f8:222:1e83::80, ipv6.eworm.de) is up since 2025-11-18 11:43:15.
It was down for 10 checks since 2025-11-18 11:33:18.
----- >8 -----
 2025-11-25 17:37:00 +01:00
Christian Hesse
b6e72f9a9f doc/log-forward: update notifications 
doc/log-forward.d/notification-01-info.avif
----- >8 -----
[rsc] 📝️ Log Forwarding

The log on rsc contains these 2 messages after 00:01:19 uptime.

ℹ️ 2025-11-20 16:40:25 system;info router rebooted by ssh:eworm@10.10.0.37
ℹ️ 2025-11-20 16:40:27 script;info global-functions: Loaded on hAP ax^2 with RouterOS 7.20.4 (stable).
----- >8 -----

doc/log-forward.d/notification-02-warn.avif
----- >8 -----
[rsc] 📝⚠️ Log Forwarding

The log on rsc contains these 3 messages after 01:23:19 uptime.

🟠️ 2025-11-20 17:35:48 dhcp;warning dhcp offering lease 192.168.2.254 for 02:00:BA:DC:AB:1E without success
🔴️ 2025-11-20 17:35:57 dhcp;error pool6 refused acquire: bad preferred prefix! (1)
ℹ️ 2025-11-20 17:36:25 system;info;account user eworm logged in from 10.10.0.37 via ssh
----- >8 -----
 2025-11-25 17:37:00 +01:00
Christian Hesse
1b53b52ac6 doc/daily-psk: update notifications 
doc/daily-psk.d/notification.avif
----- >8 -----
[rsc] 📅️ daily PSK Guest-Wifi

This is the daily PSK on rsc:

SSID:   Guest-Wifi
PSK:    53cr3t5tr1ng
Date:   2025-11-24

A client device specific rule must not exist!

🔗https://www.eworm.de/cgi-bin/cqrlogo-wifi.cgi?scale=8&ssid=Guest-Wifi&pass=53cr3t5tr1ng
----- >8 -----
 2025-11-25 17:37:00 +01:00