diff --git a/.gitignore b/.gitignore
index 8abdc284..f29d4e84 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,16 +1,3 @@
-# backup and temporary files
*~
-
-# patches and related files
-*.orig
*.patch
-*.rej
-
-# html files (as generated from markdown)
*.html
-
-# checksums file as used by $ScriptInstallUpdate
-checksums.json
-
-# Mac OS X folder settings file
-.DS_Store
diff --git a/BRANCHES.md b/BRANCHES.md
deleted file mode 100644
index df7eb0d5..00000000
--- a/BRANCHES.md
+++ /dev/null
@@ -1,50 +0,0 @@
-Installing from branches
-========================
-
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-[⬅️ Go back to main README](README.md)
-
-> ⚠️ **Warning**: Living on the edge? Great, read on!
-> If not: Please use the `main` branch and leave this page!
-
-These scripts are developed in a [git ↗️](https://git-scm.com/) repository.
-Development and experimental branches are used to provide early access
-for specific changes. You can install scripts from these branches
-for testing.
-
-## Install single script
-
-To install a single script from `next` branch:
-
- $ScriptInstallUpdate script-name "base-url=https://rsc.eworm.de/next/";
-
-## Switch existing script
-
-Alternatively switch an existing script to update from `next` branch:
-
- /system/script/set comment="base-url=https://rsc.eworm.de/next/" script-name;
- $ScriptInstallUpdate;
-
-## Switch installation
-
-Last but not least - to switch the complete installation to the `next`
-branch edit `global-config-overlay` and add:
-
- :global ScriptUpdatesBaseUrl "https://rsc.eworm.de/next/";
-
-... then reload the configuration and update:
-
- /system/script/run global-config;
- $ScriptInstallUpdate;
-
-> ℹ️ **Info**: Replace `next` with *whatever* to use another specific branch.
-
----
-[⬅️ Go back to main README](README.md)
-[⬆️ Go back to top](#top)
diff --git a/CERTIFICATES.d/01-dialog-A.avif b/CERTIFICATES.d/01-dialog-A.avif
deleted file mode 100644
index 2fc3c9bd..00000000
Binary files a/CERTIFICATES.d/01-dialog-A.avif and /dev/null differ
diff --git a/CERTIFICATES.d/02-dialog-B.avif b/CERTIFICATES.d/02-dialog-B.avif
deleted file mode 100644
index 5e408abe..00000000
Binary files a/CERTIFICATES.d/02-dialog-B.avif and /dev/null differ
diff --git a/CERTIFICATES.d/03-window.avif b/CERTIFICATES.d/03-window.avif
deleted file mode 100644
index 96039a3b..00000000
Binary files a/CERTIFICATES.d/03-window.avif and /dev/null differ
diff --git a/CERTIFICATES.d/04-certificate.avif b/CERTIFICATES.d/04-certificate.avif
deleted file mode 100644
index e6663146..00000000
Binary files a/CERTIFICATES.d/04-certificate.avif and /dev/null differ
diff --git a/CERTIFICATES.md b/CERTIFICATES.md
deleted file mode 100644
index 3eae6c5c..00000000
--- a/CERTIFICATES.md
+++ /dev/null
@@ -1,83 +0,0 @@
-Certificate name from browser
-=============================
-
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-[⬅️ Go back to main README](README.md)
-
-All well known desktop, mobile and server operating systems come with a
-certificate store that is populated with a set of well known and trusted
-certificates, acting as *trust anchors*.
-
-However RouterOS does not, still sometimes a specific certificate is
-required to properly verify a chain of trust. One example is downloading
-the scripts from this repository with `fetch` command, thus the very
-first step of [installation](README.md#the-long-way-in-detail) is importing
-the certificate.
-
-The scripts can install additional certificates when required. This happens
-from this repository if available, or from [mkcert.org ↗️](https://mkcert.org)
-as a fallback.
-
-Get the certificate's CommonName
---------------------------------
-
-But how to determine what certificate may be required? Often easiest way
-is to use a desktop browser to get that information. This demonstration uses
-[Mozilla Firefox ↗️](https://www.mozilla.org/firefox/).
-
-Let's assume we want to make sure the certificate for
-[git.eworm.de](https://git.eworm.de/) is available. Open that page in the
-browser, then click the *lock* icon in addressbar, followed by "*Connection
-secure*".
-
-
-
-The dialog will change, click "*More information*".
-
-
-
-A new window opens, click the button "*View Certificate*". (That window
-can be closed now.)
-
-
-
-A new tab opens, showing information on the server certificate and its
-chain of trust. The leftmost certificate is what we are interested in.
-
-
-
-Now we know that "`ISRG Root X2`" is required, some scripts need just
-that information.
-
-Import a certificate by CommonName
-----------------------------------
-
-Running the function `$CertificateAvailable` with that name as parameter
-makes sure the certificate is available in the device's store:
-
- $CertificateAvailable "ISRG Root X2" "fetch";
-
-If the certificate is actually available already nothing happens, and there
-is no output. Otherwise the certificate is downloaded and imported.
-
-If importing a certificate with that exact name fails a warning is given
-and nothing is actually imported.
-
-See also
---------
-
-* [Download, import and update firewall address-lists](doc/fw-addr-lists.md)
-* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md)
-* [Send notifications via Gotify](doc/mod/notification-gotify.md)
-* [Send notifications via Matrix](doc/mod/notification-matrix.md)
-* [Send notifications via Ntfy](doc/mod/notification-ntfy.md)
-
----
-[⬅️ Go back to main README](README.md)
-[⬆️ Go back to top](#top)
diff --git a/CONTRIBUTIONS.md b/CONTRIBUTIONS.md
deleted file mode 100644
index c7e05b21..00000000
--- a/CONTRIBUTIONS.md
+++ /dev/null
@@ -1,66 +0,0 @@
-Past Contributions
-==================
-
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-[⬅️ Go back to main README](README.md)
-
-Thanks a lot for your contributions! ❤️
-
-## Patches
-
-These persons contributed code or documentation. See the git history
-for details!
-
-* [Anatoly Bubenkov](mailto:bubenkoff@gmail.com) (@bubenkoff)
-* [Ben Harris](mailto:mail@bharr.is) (@bharrisau)
-* [Daniel Ziegenberg](mailto:daniel@ziegenberg.at) (@ziegenberg)
-* [Ignacio Serrano](mailto:ignic@ignic.com) (@ignic)
-* [Ilya Kulakov](mailto:kulakov.ilya@gmail.com) (@Kentzo)
-* [Leonardo David Monteiro](mailto:leo@cub3.xyz) (@leosfsm)
-* [Michael Gisbers](mailto:michael@gisbers.de) (@mgisbers)
-* [Miquel Bonastre](mailto:mbonastre@yahoo.com) (@mbonastre)
-* @netravnen
-* [netztrip](mailto:dave-tvg@netztrip.de) (@netztrip)
-* [Stefan Müller](mailto:stefan.mueller.83@gmail.com) (@PackElend)
-
-## Donations
-
-Add yourself to the list,
-[donate with PayPal ↗️](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)!
-
-* Abdul Mannan Abbasi
-* Alex Maier
-* Andrea Ruffini Perico
-* Andrew Cox
-* Christoph Boss (@Kampfwurst)
-* Daniel Ziegenberg (@ziegenberg)
-* Devin Dean (@dd2594gh)
-* Evaldo Gardenal
-* Florian Estraviz
-* Giorgio Bikos
-* Harold Schoemaker
-* Hugo BV
-* Klaus Michael Rübsam
-* Leonardo Valeri Manera
-* Linux-Schmie.de Michael Gisbers
-* Manuel Kuhn
-* Marek Čábák
-* Oleksandr Yukhymchuk
-* Peter Holtkamp
-* Peter Ponzel
-* Reiner Vehrenkamp
-* Richard Österreicher
-* Simon Hitzemann
-* Sunny Chu (@sunnychuchu)
-* Ulrich Wessendorf
-* Zac Kornilakis
-
----
-[⬅️ Go back to main README](README.md)
-[⬆️ Go back to top](#top)
diff --git a/COPYING.md b/COPYING.md
deleted file mode 100644
index 2fb2e74d..00000000
--- a/COPYING.md
+++ /dev/null
@@ -1,675 +0,0 @@
-### GNU GENERAL PUBLIC LICENSE
-
-Version 3, 29 June 2007
-
-Copyright (C) 2007 Free Software Foundation, Inc.
-
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-### Preamble
-
-The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom
-to share and change all versions of a program--to make sure it remains
-free software for all its users. We, the Free Software Foundation, use
-the GNU General Public License for most of our software; it applies
-also to any other work released this way by its authors. You can apply
-it to your programs, too.
-
-When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you
-have certain responsibilities if you distribute copies of the
-software, or if you modify it: responsibilities to respect the freedom
-of others.
-
-For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.
-
-Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the
-manufacturer can do so. This is fundamentally incompatible with the
-aim of protecting users' freedom to change the software. The
-systematic pattern of such abuse occurs in the area of products for
-individuals to use, which is precisely where it is most unacceptable.
-Therefore, we have designed this version of the GPL to prohibit the
-practice for those products. If such problems arise substantially in
-other domains, we stand ready to extend this provision to those
-domains in future versions of the GPL, as needed to protect the
-freedom of users.
-
-Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish
-to avoid the special danger that patents applied to a free program
-could make it effectively proprietary. To prevent this, the GPL
-assures that patents cannot be used to render the program non-free.
-
-The precise terms and conditions for copying, distribution and
-modification follow.
-
-### TERMS AND CONDITIONS
-
-#### 0. Definitions.
-
-"This License" refers to version 3 of the GNU General Public License.
-
-"Copyright" also means copyright-like laws that apply to other kinds
-of works, such as semiconductor masks.
-
-"The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
-To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of
-an exact copy. The resulting work is called a "modified version" of
-the earlier work or a work "based on" the earlier work.
-
-A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user
-through a computer network, with no transfer of a copy, is not
-conveying.
-
-An interactive user interface displays "Appropriate Legal Notices" to
-the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-#### 1. Source Code.
-
-The "source code" for a work means the preferred form of the work for
-making modifications to it. "Object code" means any non-source form of
-a work.
-
-A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-The Corresponding Source need not include anything that users can
-regenerate automatically from other parts of the Corresponding Source.
-
-The Corresponding Source for a work in source code form is that same
-work.
-
-#### 2. Basic Permissions.
-
-All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-You may make, run and propagate covered works that you do not convey,
-without conditions so long as your license otherwise remains in force.
-You may convey covered works to others for the sole purpose of having
-them make modifications exclusively for you, or provide you with
-facilities for running those works, provided that you comply with the
-terms of this License in conveying all material for which you do not
-control copyright. Those thus making or running the covered works for
-you must do so exclusively on your behalf, under your direction and
-control, on terms that prohibit them from making any copies of your
-copyrighted material outside their relationship with you.
-
-Conveying under any other circumstances is permitted solely under the
-conditions stated below. Sublicensing is not allowed; section 10 makes
-it unnecessary.
-
-#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such
-circumvention is effected by exercising rights under this License with
-respect to the covered work, and you disclaim any intention to limit
-operation or modification of the work as a means of enforcing, against
-the work's users, your or third parties' legal rights to forbid
-circumvention of technological measures.
-
-#### 4. Conveying Verbatim Copies.
-
-You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-#### 5. Conveying Modified Source Versions.
-
-You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these
-conditions:
-
-- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under
- section 7. This requirement modifies the requirement in section 4
- to "keep intact all notices".
-- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
-A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-#### 6. Conveying Non-Source Forms.
-
-You may convey a covered work in object code form under the terms of
-sections 4 and 5, provided that you also convey the machine-readable
-Corresponding Source under the terms of this License, in one of these
-ways:
-
-- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the Corresponding
- Source from a network server at no charge.
-- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-- e) Convey the object code using peer-to-peer transmission,
- provided you inform other peers where the object code and
- Corresponding Source of the work are being offered to the general
- public at no charge under subsection 6d.
-
-A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal,
-family, or household purposes, or (2) anything designed or sold for
-incorporation into a dwelling. In determining whether a product is a
-consumer product, doubtful cases shall be resolved in favor of
-coverage. For a particular product received by a particular user,
-"normally used" refers to a typical or common use of that class of
-product, regardless of the status of the particular user or of the way
-in which the particular user actually uses, or expects or is expected
-to use, the product. A product is a consumer product regardless of
-whether the product has substantial commercial, industrial or
-non-consumer uses, unless such uses represent the only significant
-mode of use of the product.
-
-"Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to
-install and execute modified versions of a covered work in that User
-Product from a modified version of its Corresponding Source. The
-information must suffice to ensure that the continued functioning of
-the modified object code is in no case prevented or interfered with
-solely because modification has been made.
-
-If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or
-updates for a work that has been modified or installed by the
-recipient, or for the User Product in which it has been modified or
-installed. Access to a network may be denied when the modification
-itself materially and adversely affects the operation of the network
-or violates the rules and protocols for communication across the
-network.
-
-Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-#### 7. Additional Terms.
-
-"Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders
-of that material) supplement the terms of this License with terms:
-
-- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-- c) Prohibiting misrepresentation of the origin of that material,
- or requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-- d) Limiting the use for publicity purposes of names of licensors
- or authors of the material; or
-- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions
- of it) with contractual assumptions of liability to the recipient,
- for any liability that these contractual assumptions directly
- impose on those licensors and authors.
-
-All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions; the
-above requirements apply either way.
-
-#### 8. Termination.
-
-You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-However, if you cease all violation of this License, then your license
-from a particular copyright holder is reinstated (a) provisionally,
-unless and until the copyright holder explicitly and finally
-terminates your license, and (b) permanently, if the copyright holder
-fails to notify you of the violation by some reasonable means prior to
-60 days after the cessation.
-
-Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-#### 9. Acceptance Not Required for Having Copies.
-
-You are not required to accept this License in order to receive or run
-a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-#### 10. Automatic Licensing of Downstream Recipients.
-
-Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
-An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-#### 11. Patents.
-
-A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
-A contributor's "essential patent claims" are all patent claims owned
-or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-A patent license is "discriminatory" if it does not include within the
-scope of its coverage, prohibits the exercise of, or is conditioned on
-the non-exercise of one or more of the rights that are specifically
-granted under this License. You may not convey a covered work if you
-are a party to an arrangement with a third party that is in the
-business of distributing software, under which you make payment to the
-third party based on the extent of your activity of conveying the
-work, and under which the third party grants, to any of the parties
-who would receive the covered work from you, a discriminatory patent
-license (a) in connection with copies of the covered work conveyed by
-you (or copies made from those copies), or (b) primarily for and in
-connection with specific products or compilations that contain the
-covered work, unless you entered into that arrangement, or that patent
-license was granted, prior to 28 March 2007.
-
-Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-#### 12. No Surrender of Others' Freedom.
-
-If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under
-this License and any other pertinent obligations, then as a
-consequence you may not convey it at all. For example, if you agree to
-terms that obligate you to collect a royalty for further conveying
-from those to whom you convey the Program, the only way you could
-satisfy both those terms and this License would be to refrain entirely
-from conveying the Program.
-
-#### 13. Use with the GNU Affero General Public License.
-
-Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-#### 14. Revised Versions of this License.
-
-The Free Software Foundation may publish revised and/or new versions
-of the GNU General Public License from time to time. Such new versions
-will be similar in spirit to the present version, but may differ in
-detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies that a certain numbered version of the GNU General Public
-License "or any later version" applies to it, you have the option of
-following the terms and conditions either of that numbered version or
-of any later version published by the Free Software Foundation. If the
-Program does not specify a version number of the GNU General Public
-License, you may choose any version ever published by the Free
-Software Foundation.
-
-If the Program specifies that a proxy can decide which future versions
-of the GNU General Public License can be used, that proxy's public
-statement of acceptance of a version permanently authorizes you to
-choose that version for the Program.
-
-Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-#### 15. Disclaimer of Warranty.
-
-THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
-WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
-PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
-DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
-CORRECTION.
-
-#### 16. Limitation of Liability.
-
-IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
-CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
-ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
-NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
-LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
-TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
-PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-#### 17. Interpretation of Sections 15 and 16.
-
-If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-END OF TERMS AND CONDITIONS
-
-### How to Apply These Terms to Your New Programs
-
-If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these
-terms.
-
-To do so, attach the following notices to the program. It is safest to
-attach them to the start of each source file to most effectively state
-the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
-
-
- Copyright (C)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see .
-
-Also add information on how to contact you by electronic and paper
-mail.
-
-If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
- Copyright (C)
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands \`show w' and \`show c' should show the
-appropriate parts of the General Public License. Of course, your
-program's commands might be different; for a GUI interface, you would
-use an "about box".
-
-You should also get your employer (if you work as a programmer) or
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. For more information on this, and how to apply and follow
-the GNU GPL, see .
-
-The GNU General Public License does not permit incorporating your
-program into proprietary programs. If your program is a subroutine
-library, you may consider it more useful to permit linking proprietary
-applications with the library. If this is what you want to do, use the
-GNU Lesser General Public License instead of this License. But first,
-please read .
diff --git a/DEBUG.md b/DEBUG.md
deleted file mode 100644
index 69c1eaa3..00000000
--- a/DEBUG.md
+++ /dev/null
@@ -1,63 +0,0 @@
-Debug output and logs
-=====================
-
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-[⬅️ Go back to main README](README.md)
-
-Sometimes scripts do not behave as expected. In these cases debug output
-or logs can help.
-
-## Debug output
-
-Run this command in a terminal:
-
- :set PrintDebug true;
-
-You will then see debug output when running the script from terminal.
-
-To revert to default output run:
-
- :set PrintDebug false;
-
-### Debug output for specific script
-
-Even having debug output for a specific script or function only (or a
-set of) is possible. To enable debug output for `telegram-chat` run:
-
- :set ($PrintDebugOverride->"telegram-chat") true;
-
-## Debug logs
-
-The debug info can go to system log. To make it show up in `memory` run:
-
- /system/logging/add topics=script,debug action=memory;
-
-Other actions (`disk`, `email`, `remote` or `support`) can be used as
-well. I do not recommend using `echo` - use [debug output](#debug-output)
-instead.
-
-Disable or remove that setting to restore regular logging.
-
-## Verbose output
-
-Specific scripts can generate huge amount of output. These do use a function
-`$LogPrintVerbose`, which is declared, but has no code, intentionally.
-
-If you *really* want that output set the function to be the same as
-`$LogPrint`:
-
- :set LogPrintVerbose $LogPrint;
-
-To revert that change just run:
-
- :set LogPrintVerbose;
-
----
-[⬅️ Go back to main README](README.md)
-[⬆️ Go back to top](#top)
diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
deleted file mode 100644
index eb06ad29..00000000
--- a/INITIAL-COMMANDS.md
+++ /dev/null
@@ -1,69 +0,0 @@
-Initial commands
-================
-
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-[⬅️ Go back to main README](README.md)
-
-> ⚠️ **Warning**: These commands are intended for initial setup. If you are
-> not aware of the procedure please follow
-> [the long way in detail](README.md#the-long-way-in-detail).
-
-Run the complete base installation:
-
- {
- :local BaseUrl "https://rsc.eworm.de/main/";
- :local CertCommonName "ISRG Root X2";
- :local CertFileName "ISRG-Root-X2.pem";
- :local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
-
- :local CertSettings [ /certificate/settings/get ];
- :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \
- ($CertSettings->"builtin-trust-store") ~ "fetch" || \
- ($CertSettings->"builtin-trust-store") = "all") && \
- [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
- :put "Importing certificate...";
- /tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value;
- :delay 1s;
- /certificate/import file-name=$CertFileName passphrase="";
- :if ([ :len [ /certificate/find where fingerprint=$CertFingerprint ] ] != 1) do={
- :error "Something is wrong with your certificates!";
- };
- :delay 1s;
- };
- :put "Renaming global-config-overlay, if exists...";
- /system/script/set name=("global-config-overlay-" . [ /system/clock/get date ] . "-" . [ /system/clock/get time ]) [ find where name="global-config-overlay" ];
- :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
- :put "Installing $Script...";
- /system/script/remove [ find where name=$Script ];
- /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ($BaseUrl . $Script . ".rsc") output=user as-value ]->"data");
- };
- :put "Loading configuration and functions...";
- /system/script { run global-config; run global-functions; };
- :if ([ :len [ /certificate/find where fingerprint=$CertFingerprint ] ] > 0) do={
- :put "Renaming certificate by its common-name...";
- :global CertificateNameByCN;
- $CertificateNameByCN $CertFingerprint;
- };
- };
-
-Then continue setup with
-[scheduled automatic updates](README.md#scheduled-automatic-updates) or
-[editing configuration](README.md#editing-configuration).
-
-## Fix existing installation
-
-The [initial commands](#initial-commands) above allow to fix an existing
-installation in case it ever breaks. If `global-config-overlay` did exist
-before it is renamed with a date and time suffix (like
-`global-config-overlay-2024-01-25-09:33:12`). Make sure to restore the
-configuration overlay if required.
-
----
-[⬅️ Go back to main README](README.md)
-[⬆️ Go back to top](#top)
diff --git a/Makefile b/Makefile
index 5db0a303..f96e73e8 100644
--- a/Makefile
+++ b/Makefile
@@ -2,45 +2,24 @@
# template scripts -> final scripts
# markdown files -> html files
-ALL_RSC := $(wildcard *.rsc */*.rsc)
-GEN_RSC := $(wildcard *.capsman.rsc *.local.rsc *.wifi.rsc)
+TEMPLATE = $(wildcard *.template)
+CAPSMAN = $(TEMPLATE:.template=.capsman)
+LOCAL = $(TEMPLATE:.template=.local)
-MARKDOWN := $(wildcard *.md doc/*.md doc/mod/*.md)
-HTML := $(MARKDOWN:.md=.html)
+MARKDOWN = $(wildcard *.md)
+HTML = $(MARKDOWN:.md=.html)
-DATE ?= $(shell date --rfc-email)
-VERSION ?= $(shell git symbolic-ref --short HEAD 2>/dev/null)/$(shell git rev-list --count HEAD 2>/dev/null)/$(shell git rev-parse --short=8 HEAD 2>/dev/null)
-export DATE VERSION
+all: $(CAPSMAN) $(LOCAL) $(HTML)
-.PHONY: all checksums commitinfo docs rsc clean
+%.html: %.md Makefile
+ markdown $< | sed 's/href="\([-[:alnum:]]*\)\.md"/href="\1.html"/g' > $@
-all: checksums docs rsc
+%.local: %.template Makefile
+ sed -e '/\/ caps-man/d' -e 's|%PATH%|interface wireless|' -e 's|%TEMPL%|$(suffix $@)|' \
+ -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+ < $< > $@
-checksums: checksums.json
-
-checksums.json: contrib/checksums.sh $(ALL_RSC)
- contrib/checksums.sh > $@
-
-commitinfo: global-functions.rsc
- contrib/commitinfo.sh $< > $<~
- mv $<~ $<
-
-docs: $(HTML)
-
-%.html: %.md general/style.css contrib/html.sh contrib/html.sh.d/head.html contrib/html.sh.d/foot.html
- contrib/html.sh $< > $@
-
-rsc: $(GEN_RSC)
-
-%.capsman.rsc: %.template.rsc contrib/template-capsman.sh
- contrib/template-capsman.sh $< > $@
-
-%.local.rsc: %.template.rsc contrib/template-local.sh
- contrib/template-local.sh $< > $@
-
-%.wifi.rsc: %.template.rsc contrib/template-wifi.sh
- contrib/template-wifi.sh $< > $@
-
-clean:
- rm -f $(HTML) checksums.json
- make -C contrib/ clean
+%.capsman: %.template Makefile
+ sed -e '/\/ interface wireless/d' -e 's/%PATH%/caps-man/' -e 's/%TEMPL%/$(suffix $@)/' \
+ -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+ < $< > $@
diff --git a/README.d/01-download-certs.avif b/README.d/01-download-certs.avif
deleted file mode 100644
index f2afeb54..00000000
Binary files a/README.d/01-download-certs.avif and /dev/null differ
diff --git a/README.d/02-import-certs.avif b/README.d/02-import-certs.avif
deleted file mode 100644
index b31343cd..00000000
Binary files a/README.d/02-import-certs.avif and /dev/null differ
diff --git a/README.d/03-check-certs.avif b/README.d/03-check-certs.avif
deleted file mode 100644
index 1f03ad2c..00000000
Binary files a/README.d/03-check-certs.avif and /dev/null differ
diff --git a/README.d/04-import-scripts.avif b/README.d/04-import-scripts.avif
deleted file mode 100644
index c09949ab..00000000
Binary files a/README.d/04-import-scripts.avif and /dev/null differ
diff --git a/README.d/05-run-scripts.avif b/README.d/05-run-scripts.avif
deleted file mode 100644
index 12d812c0..00000000
Binary files a/README.d/05-run-scripts.avif and /dev/null differ
diff --git a/README.d/06-schedule-update.avif b/README.d/06-schedule-update.avif
deleted file mode 100644
index 158e13f5..00000000
Binary files a/README.d/06-schedule-update.avif and /dev/null differ
diff --git a/README.d/07-edit-global-config-overlay.avif b/README.d/07-edit-global-config-overlay.avif
deleted file mode 100644
index 9a5b9037..00000000
Binary files a/README.d/07-edit-global-config-overlay.avif and /dev/null differ
diff --git a/README.d/08-apply-configuration.avif b/README.d/08-apply-configuration.avif
deleted file mode 100644
index ab22cae3..00000000
Binary files a/README.d/08-apply-configuration.avif and /dev/null differ
diff --git a/README.d/09-update-scripts.avif b/README.d/09-update-scripts.avif
deleted file mode 100644
index e713ac2c..00000000
Binary files a/README.d/09-update-scripts.avif and /dev/null differ
diff --git a/README.d/10-install-scripts.avif b/README.d/10-install-scripts.avif
deleted file mode 100644
index cf26b168..00000000
Binary files a/README.d/10-install-scripts.avif and /dev/null differ
diff --git a/README.d/11-schedule-script.avif b/README.d/11-schedule-script.avif
deleted file mode 100644
index 558614f8..00000000
Binary files a/README.d/11-schedule-script.avif and /dev/null differ
diff --git a/README.d/12-setup-lease-script.avif b/README.d/12-setup-lease-script.avif
deleted file mode 100644
index 2a8bcb24..00000000
Binary files a/README.d/12-setup-lease-script.avif and /dev/null differ
diff --git a/README.d/13-install-custom-script.avif b/README.d/13-install-custom-script.avif
deleted file mode 100644
index 221b84e2..00000000
Binary files a/README.d/13-install-custom-script.avif and /dev/null differ
diff --git a/README.d/14-remove-script.avif b/README.d/14-remove-script.avif
deleted file mode 100644
index 3e4c105a..00000000
Binary files a/README.d/14-remove-script.avif and /dev/null differ
diff --git a/README.d/hello-world.rsc b/README.d/hello-world.rsc
deleted file mode 100644
index 64047818..00000000
--- a/README.d/hello-world.rsc
+++ /dev/null
@@ -1,3 +0,0 @@
-#!rsc by RouterOS
-
-:put ("Hello World from " . [ /system/identity/get name ] . "!");
diff --git a/README.d/notification-news-and-changes.avif b/README.d/notification-news-and-changes.avif
deleted file mode 100644
index d2e8aa7f..00000000
Binary files a/README.d/notification-news-and-changes.avif and /dev/null differ
diff --git a/README.d/telegram-group.avif b/README.d/telegram-group.avif
deleted file mode 100644
index eb75d13a..00000000
Binary files a/README.d/telegram-group.avif and /dev/null differ
diff --git a/README.md b/README.md
index f9149217..a739dae0 100644
--- a/README.md
+++ b/README.md
@@ -1,75 +1,23 @@
RouterOS Scripts
================
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-**a collection of scripts for MikroTik RouterOS**
-
-
-
-[RouterOS ↗️](https://mikrotik.com/software) is the operating system developed
-by [MikroTik ↗️](https://mikrotik.com/aboutus) for networking tasks. This
-repository holds a number of [scripts ↗️](https://wiki.mikrotik.com/wiki/Manual:Scripting)
+[RouterOS](https://mikrotik.com/software) is the operating system developed
+by [MikroTik](https://mikrotik.com/aboutus) for networking tasks. This
+repository holds a number of [scripts](https://wiki.mikrotik.com/wiki/Manual:Scripting)
to manage RouterOS devices or extend their functionality.
-*Use at your own risk*, pay attention to
-[license and warranty](#license-and-warranty), and
-[disclaimer on external links](#disclaimer-on-external-links)!
+*Use at your own risk!*
Requirements
------------
-### Software (RouterOS)
+Latest version of the scripts require at least **RouterOS 6.43** to function
+properly. The changelog lists the corresponding change as follows:
-Latest version of the scripts require recent RouterOS to function properly.
-Make sure to install latest updates before you begin. This is supposed to
-work flawlessly with these channels:
+> *) fetch - added "as-value" output format;
-* `stable` - the latest version considered stable for daily use, including
- new features
-* `long-term` - a version considered rock-solid, usually one minor version
- behind `stable` (`7.(n-1)`)
-
-New functionality or breaking changes in RouterOS are adopted fairly quick.
-These changes are pushed for general availability once a version of
-RouterOS supporting this had been released to the `long-term` channel a
-reasonable time ago.
-
-At any time you should have at least two minor versions and their bugfix
-releases to choose from. Often way older versions of RouterOS work just
-fine.
-
-On the other hand in seldom cases and for good reasons *specific* scripts
-may require an even newer RouterOS version, so only `stable` is supported
-temporarily.
-
-> 💡️ **Hint**: If in doubt have a look at the badge at the top of each
-> page showing the minimum version required:
-> 
-
-> ℹ️ **Info**: The `main` branch is now RouterOS v7 only. If you are still
-> running RouterOS v6 switch to `routeros-v6` branch!
-
-#### Prerequisite configuration
-
-Starting with RouterOS 7.17 the
-[device-mode ↗️](https://help.mikrotik.com/docs/spaces/ROS/pages/93749258/Device-mode)
-has been extended to give more fine-grained control over what features are
-available. You need to enable `scheduler` and `fetch` at least, specific
-scripts may require additional features.
-
-### Hardware
-
-RouterOS packages increase in size with each release. This becomes a
-problem for devices with 16MB storage and below, those with an ARM CPU
-are specifically affected.
-
-Huge configuration and lots of scripts give an extra risk. **Take care!**
+Specific scripts may require even newer RouterOS version, for example cloud
+backup was added in 6.44.
Initial setup
-------------
@@ -77,367 +25,125 @@ Initial setup
### Get me ready!
If you know how things work just copy and paste the
-[initial commands](INITIAL-COMMANDS.md). These also support fixing an
-existing but broken installation. Remember to edit and rerun
-`global-config-overlay`!
-
-> 💡️ **Hint**: First time users should take
-> [the long way in detail](#the-long-way-in-detail) below.
+[initial commands](initial-commands). Remember to edit and rerun
+`global-config`!
+First time useres should take the long way below.
### Live presentation
Want to see it in action? I've had a presentation [Repository based
-RouterOS script distribution ↗️](https://www.youtube.com/watch?v=B9neG3oAhcY)
-including demonstration recorded live at [MUM Europe
-2019 ↗️](https://mum.mikrotik.com/2019/EU/) in Vienna.
-
-> ⚠️ **Warning**: Some details changed. So see the presentation, then follow
-> the steps below for up-to-date commands.
+RouterOS script distribution](https://www.youtube.com/watch?v=B9neG3oAhcY)
+including demonstation recorded live at [MUM Europe
+2019](https://mum.mikrotik.com/2019/EU/) in Vienna.
### The long way in detail
The update script does server certificate verification, so first step is to
-download the certificates.
-
-> 💡️ **Hint**: RouterOS 7.19 comes with a builtin certificate store. You
-> can skip the steps regarding certificate download and import and jump
-> to [installation of scripts](#installation-of-scripts) if you set the
-> trust for these builtin trust anchors:
-> `/certificate/settings/set builtin-trust-anchors=trusted;`
-> With RouterOS 7.21 the functionality was changed. Set this at minimum,
-> but make sure not to drop other targets:
-> `/certificate/settings/set builtin-trust-store=fetch;`
-
-If you intend to download the scripts from a
+download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
- /tool/fetch "https://rsc.eworm.de/main/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem";
-
-
+ [admin@MikroTik] > / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt.pem"
+ status: finished
+ downloaded: 3KiBC-z pause]
+ total: 3KiB
+ duration: 1s
Note that the commands above do *not* verify server certificate, so if you
want to be safe download with your workstations's browser and transfer the
-file to your MikroTik device.
+files to your MikroTik device.
-* [ISRG Root X2 ↗️](https://letsencrypt.org/certs/isrg-root-x2.pem)
+* [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem.txt)
+* [Let's Encrypt Authority X3](https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt)
-Then we import the certificate.
+Then we import the certificates.
- /certificate/import file-name="isrg-root-x2.pem" passphrase="";
+ [admin@MikroTik] > / certificate import file-name=letsencrypt.pem passphrase=""
+ certificates-imported: 3
+ private-keys-imported: 0
+ files-imported: 1
+ decryption-failures: 0
+ keys-with-no-certificate: 0
-Do not worry that the command is not shown - that happens because it contains
-a sensitive property, the passphrase.
+For basic verification we rename the certifiactes and print their count. Make
+sure the certificate count is **three**.
-
-
-For basic verification we rename the certificate and print it by
-fingerprint. Make sure exactly this one certificate ("*ISRG-Root-X2*")
-is shown.
-
- /certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
- /certificate/print proplist=name,fingerprint where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
-
-
+ [admin@MikroTik] > / certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ]
+ [admin@MikroTik] > / certificate set name="Let-s-Encrypt-Authority-X3" [ find where fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" ]
+ [admin@MikroTik] > / certificate set name="DST-Root-CA-X3" [ find where fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ]
+ [admin@MikroTik] > / certificate print count-only where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739"
+ 3
Always make sure there are no certificates installed you do not know or want!
-#### Installation of scripts
-
-All following commands will verify the server certificate. For validity the
-certificate's lifetime is checked with local time, so make sure the device's
-date and time is set correctly!
+Actually we do not require the certificate named `DST Root CA X3`, but as it
+is used by `Let's Encrypt` to cross-sign we install it anyway - this makes
+sure things do not go wrong if the intermediate certificate is replaced.
+The IdenTrust certificate *should* be available from their
+[download page](https://www.identrust.com/support/downloads). The site is
+crap and a good example how to *not* do it.
Now let's download the main scripts and add them in configuration on the fly.
- :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://rsc.eworm.de/main/" . $Script . ".rsc") output=user as-value ]->"data"); };
+ [admin@MikroTik] > :foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={ / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); }
-
+The configuration needs to be tweaked for your needs. Make sure not to send
+your mails to `mail@example.com`!
-And finally run configuration and functions. This will also add the
-scheduler for loading at system startup automatically.
+ [admin@MikroTik] > / system script edit global-config source
- /system/script { run global-config; run global-functions; };
+And finally load configuration and functions and add the schedulers.
-
-
-> 💡️ **Hint**: You see complaints regarding syntax errors? Most likely the
-> RouterOS on your device is too old. Check for updates!
-
-### Scheduled automatic updates
-
-The last step is optional: Add this scheduler **only** if you want the
-scripts to be updated automatically!
-
- /system/scheduler/add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
-
-
-
-Editing configuration
----------------------
-
-The configuration needs to be tweaked for your needs. Edit
-`global-config-overlay`, copy relevant configuration from
-[`global-config`](global-config.rsc) (the one without `-overlay`).
-Save changes and exit with `Ctrl-o`.
-
- /system/script/edit global-config-overlay source;
-
-
-
-Additionally creating configuration snippets is supported. The script name
-of these snippets has to start with `global-config-overlay.d/` to make them
-being loaded automatically. This allows to split off parts of the
-configuration.
-
-To apply your changes run `global-config`, which will automatically load
-the overlay as well:
-
- /system/script/run global-config;
-
-
-
-This last step is required when ever you make changes to your configuration.
-
-> ℹ️ **Info**: It is recommended to edit the configuration using the command
-> line interface. If using Winbox on Windows OS, the line endings may be
-> missing. To fix this run:
-> `/system/script/set source=[ :tocrlf [ get global-config-overlay source ] ] global-config-overlay;`
+ [admin@MikroTik] > / system script run global-config
+ [admin@MikroTik] > / system script run global-functions
+ [admin@MikroTik] > / system scheduler add name=global-config start-time=startup on-event=global-config
+ [admin@MikroTik] > / system scheduler add name=global-functions start-time=startup on-event=global-functions
Updating scripts
----------------
-To update existing scripts just run function `$ScriptInstallUpdate`. If
-everything is up-to-date it will not produce any output.
+To update existing scripts just run `script-updates`.
- $ScriptInstallUpdate;
-
-
-
-If the update includes news or requires configuration changes a notification
-is sent - in addition to terminal output and log messages.
-
-
+ [admin@MikroTik] > / system script run script-updates
Adding a script
---------------
-To add a script from the repository run function `$ScriptInstallUpdate` with
-a comma separated list of script names.
+To add a script from the repository create a configuration item first, then
+update scripts to fetch the source.
- $ScriptInstallUpdate check-certificates,check-routeros-update;
-
-
+ [admin@MikroTik] > / system script add name=check-routeros-update
+ [admin@MikroTik] > / system script run script-updates
Scheduler and events
--------------------
Most scripts are designed to run regularly from
-[scheduler ↗️](https://wiki.mikrotik.com/wiki/Manual:System/Scheduler). We just
-added `check-routeros-update`, so let's run it daily to make sure not to
+[scheduler](https://wiki.mikrotik.com/wiki/Manual:System/Scheduler). We just
+added `check-routeros-update`, so let's run it every hour to make sure not to
miss an update.
- /system/scheduler/add name="check-routeros-update" interval=1d start-time=startup on-event="/system/script/run check-routeros-update;";
-
-
+ [admin@MikroTik] > / system scheduler add name=check-routeros-update interval=1h on-event=check-routeros-update
Some events can run a script. If you want your DHCP hostnames to be available
in DNS use `dhcp-to-dns` with the events from dhcp server. For a regular
cleanup add a scheduler entry.
- $ScriptInstallUpdate dhcp-to-dns,lease-script;
- /ip/dhcp-server/set lease-script=lease-script [ find ];
- /system/scheduler/add name="dhcp-to-dns" interval=5m start-time=startup on-event="/system/script/run dhcp-to-dns;";
-
-
+ [admin@MikroTik] > / system script add name=dhcp-to-dns
+ [admin@MikroTik] > / system script run script-updates
+ [admin@MikroTik] > / ip dhcp-server set lease-script=dhcp-to-dns [ find ]
+ [admin@MikroTik] > / system scheduler add name=dhcp-to-dns interval=5m on-event=dhcp-to-dns
There's much more to explore... Have fun!
-Available scripts
------------------
+### Upstream
-* [Find and remove access list duplicates](doc/accesslist-duplicates.md) (`accesslist-duplicates`)
-* [Upload backup to Mikrotik cloud](doc/backup-cloud.md) (`backup-cloud`)
-* [Send backup via e-mail](doc/backup-email.md) (`backup-email`)
-* [Save configuration to fallback partition](doc/backup-partition.md) (`backup-partition`)
-* [Upload backup to server](doc/backup-upload.md) (`backup-upload`)
-* [Download packages for CAP upgrade from CAPsMAN](doc/capsman-download-packages.md) (`capsman-download-packages`)
-* [Run rolling CAP upgrades from CAPsMAN](doc/capsman-rolling-upgrade.md) (`capsman-rolling-upgrade`)
-* [Renew locally issued certificates](doc/certificate-renew-issued.md) (`certificate-renew-issued`)
-* [Renew certificates and notify on expiration](doc/check-certificates.md) (`check-certificates`)
-* [Notify about health state](doc/check-health.md) (`check-health`)
-* [Notify on LTE firmware upgrade](doc/check-lte-firmware-upgrade.md) (`check-lte-firmware-upgrade`)
-* [Check perpetual license on CHR](doc/check-perpetual-license.md) (`check-perpetual-license`)
-* [Notify on RouterOS update](doc/check-routeros-update.md) (`check-routeros-update`)
-* [Collect MAC addresses in wireless access list](doc/collect-wireless-mac.md) (`collect-wireless-mac`)
-* [Use wireless network with daily psk](doc/daily-psk.md) (`daily-psk`)
-* [Comment DHCP leases with info from access list](doc/dhcp-lease-comment.md) (`dhcp-lease-comment`)
-* [Create DNS records for DHCP leases](doc/dhcp-to-dns.md) (`dhcp-to-dns`)
-* [Automatically upgrade firmware and reboot](doc/firmware-upgrade-reboot.md) (`firmware-upgrade-reboot`)
-* [Download, import and update firewall address-lists](doc/fw-addr-lists.md) (`fw-addr-lists`)
-* [Wait for global functions und modules](doc/global-wait.md) (`global-wait`)
-* [Send GPS position to server](doc/gps-track.md) (`gps-track`)
-* [Use WPA network with hotspot credentials](doc/hotspot-to-wpa.md) (`hotspot-to-wpa` & `hotspot-to-wpa-cleanup`)
-* [Create DNS records for IPSec peers](doc/ipsec-to-dns.md) (`ipsec-to-dns`)
-* [Update configuration on IPv6 prefix change](doc/ipv6-update.md) (`ipv6-update`)
-* [Manage IP addresses with bridge status](doc/ip-addr-bridge.md) (`ip-addr-bridge`)
-* [Run other scripts on DHCP lease](doc/lease-script.md) (`lease-script`)
-* [Manage LEDs dark mode](doc/leds-mode.md) (`leds-day-mode`, `leds-night-mode` & `leds-toggle-mode`)
-* [Forward log messages via notification](doc/log-forward.md) (`log-forward`)
-* [Mode button with multiple presses](doc/mode-button.md) (`mode-button`)
-* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md) (`netwatch-dns`)
-* [Notify on host up and down](doc/netwatch-notify.md) (`netwatch-notify`)
-* [Visualize OSPF state via LEDs](doc/ospf-to-leds.md) (`ospf-to-leds`)
-* [Manage system update](doc/packages-update.md) (`packages-update`)
-* [Run scripts on ppp connection](doc/ppp-on-up.md) (`ppp-on-up`)
-* [Act on received SMS](doc/sms-action.md) (`sms-action`)
-* [Forward received SMS](doc/sms-forward.md) (`sms-forward`)
-* [Play Super Mario theme](doc/super-mario-theme.md) (`super-mario-theme`)
-* [Chat with your router and send commands via Telegram bot](doc/telegram-chat.md) (`telegram-chat`)
-* [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md) (`unattended-lte-firmware-upgrade`)
-* [Update GRE configuration with dynamic addresses](doc/update-gre-address.md) (`update-gre-address`)
-* [Update tunnelbroker configuration](doc/update-tunnelbroker.md) (`update-tunnelbroker`)
+URL:
+[GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts)
-Available modules
------------------
-
-* [Manage ports in bridge](doc/mod/bridge-port-to.md) (`mod/bridge-port-to`)
-* [Manage VLANs on bridge ports](doc/mod/bridge-port-vlan.md) (`mod/bridge-port-vlan`)
-* [Inspect variables](doc/mod/inspectvar.md) (`mod/inspectvar`)
-* [IP address calculation](doc/mod/ipcalc.md) (`mod/ipcalc`)
-* [Send notifications via e-mail](doc/mod/notification-email.md) (`mod/notification-email`)
-* [Send notifications via Gotify](doc/mod/notification-gotify.md) (`mod/notification-gotify`)
-* [Send notifications via Matrix](doc/mod/notification-matrix.md) (`mod/notification-matrix`)
-* [Send notifications via Ntfy](doc/mod/notification-ntfy.md) (`mod/notification-ntfy`)
-* [Send notifications via Telegram](doc/mod/notification-telegram.md) (`mod/notification-telegram`)
-* [Download script and run it once](doc/mod/scriptrunonce.md) (`mod/scriptrunonce`)
-* [Import ssh keys for public key authentication](doc/mod/ssh-keys-import.md) (`mod/ssh-keys-import`)
-
-Installing custom scripts & modules
------------------------------------
-
-My scripts cover a lot of use cases, but you may have your own ones. You can
-still use my scripts to manage and deploy yours, by specifying `base-url`
-(and `url-suffix`) for each script.
-
-This will fetch and install a script `hello-world.rsc` from the given url:
-
- $ScriptInstallUpdate hello-world "base-url=https://git.eworm.de/cgit/routeros-scripts-custom/plain/";
-
-
-
-For a script to be considered valid it has to begin with a *magic token*.
-Have a look at [any script](README.d/hello-world.rsc) and copy the first line
-without modification.
-
-Starting a script's name with `mod/` makes it a module and it is run
-automatically by `global-functions`.
-
-### Linked custom scripts & modules
-
-> ⚠️ **Warning**: These links are being provided for your convenience only;
-> they do not constitute an endorsement or an approval by me. I bear no
-> responsibility for the accuracy, legality or content of the external site
-> or for that of subsequent links. Contact the external site for answers to
-> questions regarding its content.
-
-* [Hello World](https://git.eworm.de/cgit/routeros-scripts-custom/about/doc/hello-world.md)
- (This is a demo script to show how the linking to external documentation
- will be done.)
-
-> ℹ️ **Info**: You have your own set of scripts and/or modules and want these
-> to be listed here? There should be a general info page that links here,
-> and documentation for each script. You can start by cloning my
-> [Custom RouterOS-Scripts](https://git.eworm.de/cgit/routeros-scripts-custom/)
-> (or fork on [GitHub](https://github.com/eworm-de/routeros-scripts-custom)
-> or [GitLab](https://gitlab.com/eworm-de/routeros-scripts-custom)) and make
-> your changes. Then please [get in contact](#patches-issues-and-whishlist)...
-
-Removing a script
------------------
-
-There is no specific function for script removal. Just remove it from
-configuration...
-
- /system/script/remove to-be-removed;
-
-
-
-Possibly a scheduler and other configuration has to be removed as well.
-
-Contact
--------
-
-We have a Telegram Group [RouterOS-Scripts ↗️](https://t.me/routeros_scripts)!
-
-[](https://t.me/routeros_scripts)
-
-Get help, give feedback or just chat - but do not expect free professional
-support!
-
-Contribute
-----------
-
-Thanks a lot for [past contributions](CONTRIBUTIONS.md)! ❤️
-
-### Patches, issues and whishlist
-
-Feel free to contact me via e-mail or open an
-[issue](https://github.com/eworm-de/routeros-scripts/issues) or
-[pull request](https://github.com/eworm-de/routeros-scripts/pulls)
-at github.
-
-### Donate
-
-This project is developed in private spare time and usage is free of charge
-for you. If you like the scripts and think this is of value for you or your
-business please consider to
-[donate with PayPal ↗️](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J).
-
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
-
-Thanks a lot for your support!
-
-License and warranty
---------------------
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-[GNU General Public License](COPYING.md) for more details.
-
-Disclaimer on external links
-----------------------------
-
-Our website contains links to the websites of third parties ("external
-links"). As the content of these websites is not under our control, we
-cannot assume any liability for such external content. In all cases, the
-provider of information of the linked websites is liable for the content
-and accuracy of the information provided. At the point in time when the
-links were placed, no infringements of the law were recognisable to us.
-As soon as an infringement of the law becomes known to us, we will
-immediately remove the link in question.
-
-> 💡️ **Hint**: All external links are marked with an arrow pointing
-> diagonally in an up-right (or north-east) direction (↗️).
-
-Upstream
---------
-
-[rsc.eworm.de](https://rsc.eworm.de/)
-
-[](https://rsc.eworm.de/)
-
-### Code hosting
-
-* [git.eworm.de](https://git.eworm.de/cgit/routeros-scripts/about/)
-* [GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts)
-* [GitLab.com](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts)
+Mirror:
+[eworm.de](https://git.eworm.de/cgit.cgi/routeros-scripts/about/)
+[GitLab.com](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts)
---
-[⬆️ Go back to top](#top)
+[▲ Go back to top](#top)
diff --git a/accesslist-duplicates.capsman b/accesslist-duplicates.capsman
new file mode 100644
index 00000000..a7ae0993
--- /dev/null
+++ b/accesslist-duplicates.capsman
@@ -0,0 +1,34 @@
+#!rsc
+# RouterOS script: accesslist-duplicates.capsman
+# Copyright (c) 2018-2019 Christian Hesse
+#
+# print duplicate antries in wireless access list
+#
+# !! Do not edit this file, it is generated from template!
+
+:local Seen [ :toarray "" ];
+:local Shown [ :toarray "" ];
+
+:foreach AccList in=[ / caps-man access-list find where mac-address!="00:00:00:00:00:00" ] do={
+ :local Mac [ / caps-man access-list get $AccList mac-address ];
+ :foreach SeenMac in=$Seen do={
+ :if ($SeenMac = $Mac) do={
+ :local Skip 0;
+ :foreach ShownMac in=$Shown do={
+ :if ($ShownMac = $Mac) do={ :set Skip 1; }
+ }
+ :if ($Skip = 0) do={
+ / caps-man access-list print where mac-address=$Mac;
+ :set Shown ($Shown, $Mac);
+
+ :put "\nNumeric id to remove, any key to skip!";
+ :local Remove ([ :terminal inkey ] - 48);
+ :if ($Remove >= 0 && $Remove <= 9) do={
+ :put ("Removing numeric id " . $Remove . "...\n");
+ / caps-man access-list remove $Remove;
+ }
+ }
+ }
+ }
+ :set Seen ($Seen, $Mac);
+}
diff --git a/accesslist-duplicates.capsman.rsc b/accesslist-duplicates.capsman.rsc
deleted file mode 100644
index c7784f3b..00000000
--- a/accesslist-duplicates.capsman.rsc
+++ /dev/null
@@ -1,37 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: accesslist-duplicates.capsman
-# Copyright (c) 2018-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# print duplicate antries in wireless access list
-# https://rsc.eworm.de/doc/accesslist-duplicates.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :local Seen ({});
-
- :foreach AccList in=[ /caps-man/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
- :local Mac [ /caps-man/access-list/get $AccList mac-address ];
- :if ($Seen->$Mac = 1) do={
- /caps-man/access-list/print without-paging where mac-address=$Mac;
- :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
-
- :if ([ :typeof $Remove ] = "num") do={
- :put ("Removing numeric id " . $Remove . "...\n");
- /caps-man/access-list/remove $Remove;
- }
- }
- :set ($Seen->$Mac) 1;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/accesslist-duplicates.local b/accesslist-duplicates.local
new file mode 100644
index 00000000..94b6b18f
--- /dev/null
+++ b/accesslist-duplicates.local
@@ -0,0 +1,34 @@
+#!rsc
+# RouterOS script: accesslist-duplicates.local
+# Copyright (c) 2018-2019 Christian Hesse
+#
+# print duplicate antries in wireless access list
+#
+# !! Do not edit this file, it is generated from template!
+
+:local Seen [ :toarray "" ];
+:local Shown [ :toarray "" ];
+
+:foreach AccList in=[ / interface wireless access-list find where mac-address!="00:00:00:00:00:00" ] do={
+ :local Mac [ / interface wireless access-list get $AccList mac-address ];
+ :foreach SeenMac in=$Seen do={
+ :if ($SeenMac = $Mac) do={
+ :local Skip 0;
+ :foreach ShownMac in=$Shown do={
+ :if ($ShownMac = $Mac) do={ :set Skip 1; }
+ }
+ :if ($Skip = 0) do={
+ / interface wireless access-list print where mac-address=$Mac;
+ :set Shown ($Shown, $Mac);
+
+ :put "\nNumeric id to remove, any key to skip!";
+ :local Remove ([ :terminal inkey ] - 48);
+ :if ($Remove >= 0 && $Remove <= 9) do={
+ :put ("Removing numeric id " . $Remove . "...\n");
+ / interface wireless access-list remove $Remove;
+ }
+ }
+ }
+ }
+ :set Seen ($Seen, $Mac);
+}
diff --git a/accesslist-duplicates.local.rsc b/accesslist-duplicates.local.rsc
deleted file mode 100644
index 0eee485b..00000000
--- a/accesslist-duplicates.local.rsc
+++ /dev/null
@@ -1,37 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: accesslist-duplicates.local
-# Copyright (c) 2018-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# print duplicate antries in wireless access list
-# https://rsc.eworm.de/doc/accesslist-duplicates.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :local Seen ({});
-
- :foreach AccList in=[ /interface/wireless/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
- :local Mac [ /interface/wireless/access-list/get $AccList mac-address ];
- :if ($Seen->$Mac = 1) do={
- /interface/wireless/access-list/print without-paging where mac-address=$Mac;
- :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
-
- :if ([ :typeof $Remove ] = "num") do={
- :put ("Removing numeric id " . $Remove . "...\n");
- /interface/wireless/access-list/remove $Remove;
- }
- }
- :set ($Seen->$Mac) 1;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/accesslist-duplicates.template b/accesslist-duplicates.template
new file mode 100644
index 00000000..7345ad5d
--- /dev/null
+++ b/accesslist-duplicates.template
@@ -0,0 +1,35 @@
+#!rsc
+# RouterOS script: accesslist-duplicates%TEMPL%
+# Copyright (c) 2018-2019 Christian Hesse
+#
+# print duplicate antries in wireless access list
+#
+# !! This is just a template! Replace '%PATH%' with 'caps-man'
+# !! or 'interface wireless'!
+
+:local Seen [ :toarray "" ];
+:local Shown [ :toarray "" ];
+
+:foreach AccList in=[ / %PATH% access-list find where mac-address!="00:00:00:00:00:00" ] do={
+ :local Mac [ / %PATH% access-list get $AccList mac-address ];
+ :foreach SeenMac in=$Seen do={
+ :if ($SeenMac = $Mac) do={
+ :local Skip 0;
+ :foreach ShownMac in=$Shown do={
+ :if ($ShownMac = $Mac) do={ :set Skip 1; }
+ }
+ :if ($Skip = 0) do={
+ / %PATH% access-list print where mac-address=$Mac;
+ :set Shown ($Shown, $Mac);
+
+ :put "\nNumeric id to remove, any key to skip!";
+ :local Remove ([ :terminal inkey ] - 48);
+ :if ($Remove >= 0 && $Remove <= 9) do={
+ :put ("Removing numeric id " . $Remove . "...\n");
+ / %PATH% access-list remove $Remove;
+ }
+ }
+ }
+ }
+ :set Seen ($Seen, $Mac);
+}
diff --git a/accesslist-duplicates.template.rsc b/accesslist-duplicates.template.rsc
deleted file mode 100644
index e780a475..00000000
--- a/accesslist-duplicates.template.rsc
+++ /dev/null
@@ -1,46 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: accesslist-duplicates%TEMPL%
-# Copyright (c) 2018-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# print duplicate antries in wireless access list
-# https://rsc.eworm.de/doc/accesslist-duplicates.md
-#
-# !! This is just a template to generate the real script!
-# !! Pattern '%TEMPL%' is replaced, paths are filtered.
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :local Seen ({});
-
- :foreach AccList in=[ /caps-man/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
- :foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
- :foreach AccList in=[ /interface/wireless/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
- :local Mac [ /caps-man/access-list/get $AccList mac-address ];
- :local Mac [ /interface/wifi/access-list/get $AccList mac-address ];
- :local Mac [ /interface/wireless/access-list/get $AccList mac-address ];
- :if ($Seen->$Mac = 1) do={
- /caps-man/access-list/print without-paging where mac-address=$Mac;
- /interface/wifi/access-list/print without-paging where mac-address=$Mac;
- /interface/wireless/access-list/print without-paging where mac-address=$Mac;
- :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
-
- :if ([ :typeof $Remove ] = "num") do={
- :put ("Removing numeric id " . $Remove . "...\n");
- /caps-man/access-list/remove $Remove;
- /interface/wifi/access-list/remove $Remove;
- /interface/wireless/access-list/remove $Remove;
- }
- }
- :set ($Seen->$Mac) 1;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/accesslist-duplicates.wifi.rsc b/accesslist-duplicates.wifi.rsc
deleted file mode 100644
index c0a8b4f9..00000000
--- a/accesslist-duplicates.wifi.rsc
+++ /dev/null
@@ -1,37 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: accesslist-duplicates.wifi
-# Copyright (c) 2018-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# print duplicate antries in wireless access list
-# https://rsc.eworm.de/doc/accesslist-duplicates.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :local Seen ({});
-
- :foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
- :local Mac [ /interface/wifi/access-list/get $AccList mac-address ];
- :if ($Seen->$Mac = 1) do={
- /interface/wifi/access-list/print without-paging where mac-address=$Mac;
- :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
-
- :if ([ :typeof $Remove ] = "num") do={
- :put ("Removing numeric id " . $Remove . "...\n");
- /interface/wifi/access-list/remove $Remove;
- }
- }
- :set ($Seen->$Mac) 1;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/backup-cloud.rsc b/backup-cloud.rsc
deleted file mode 100644
index e5f25d34..00000000
--- a/backup-cloud.rsc
+++ /dev/null
@@ -1,104 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: backup-cloud
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: backup-script, order=40
-# requires RouterOS, version=7.17
-#
-# upload backup to MikroTik cloud
-# https://rsc.eworm.de/doc/backup-cloud.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global BackupRandomDelay;
- :global Identity;
- :global PackagesUpdateBackupFailure;
-
- :global DeviceInfo;
- :global FormatLine;
- :global HumanReadableNum;
- :global LogPrint;
- :global MkDir;
- :global RandomDelay;
- :global RmDir;
- :global ScriptFromTerminal;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
- :global WaitForFile;
- :global WaitFullyConnected;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={
- $LogPrint warning $ScriptName ("Running from backup partition, refusing to act.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- $WaitFullyConnected;
-
- :if ([ $ScriptFromTerminal $ScriptName ] = false && $BackupRandomDelay > 0) do={
- $RandomDelay $BackupRandomDelay;
- }
-
- :if ([ $MkDir ("tmpfs/backup-cloud") ] = false) do={
- $LogPrint error $ScriptName ("Failed creating directory!");
- :set ExitOK true;
- :error false;
- }
-
- :local I 5;
- :do {
- :execute {
- :global BackupPassword;
-
- :local Backup ([ /system/backup/cloud/find ]->0);
- :if ([ :typeof $Backup ] = "id") do={
- /system/backup/cloud/upload-file action=create-and-upload \
- password=$BackupPassword replace=$Backup;
- } else={
- /system/backup/cloud/upload-file action=create-and-upload \
- password=$BackupPassword;
- }
- /file/add name="tmpfs/backup-cloud/done";
- } as-string;
- :set I ($I - 1);
- } while=([ $WaitForFile "tmpfs/backup-cloud/done" 200ms ] = false && $I > 0);
-
- :if ([ $WaitForFile "tmpfs/backup-cloud/done" ] = true) do={
- :if ($I < 4) do={
- :log warning ($ScriptName . ": Retry successful, please discard previous connection errors.");
- }
-
- :local Cloud [ /system/backup/cloud/get ([ find ]->0) ];
-
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "floppy-disk,cloud" ] . "Cloud backup"); \
- message=("Uploaded backup for " . $Identity . " to cloud.\n\n" . \
- [ $DeviceInfo ] . "\n\n" . \
- [ $FormatLine "Name" ($Cloud->"name") ] . "\n" . \
- [ $FormatLine "Size" ([ $HumanReadableNum ($Cloud->"size") 1024 ] . "B") ] . "\n" . \
- [ $FormatLine "Download key" ($Cloud->"secret-download-key") ]); silent=true });
- } else={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "floppy-disk,warning-sign" ] . "Cloud backup failed"); \
- message=("Failed uploading backup for " . $Identity . " to cloud!\n\n" . [ $DeviceInfo ]) });
- $LogPrint error $ScriptName ("Failed uploading backup for " . $Identity . " to cloud!");
- :set PackagesUpdateBackupFailure true;
- }
- $RmDir "tmpfs/backup-cloud";
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/backup-email.rsc b/backup-email.rsc
deleted file mode 100644
index c12942a2..00000000
--- a/backup-email.rsc
+++ /dev/null
@@ -1,143 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: backup-email
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: backup-script, order=20
-# requires RouterOS, version=7.17
-#
-# create and email backup and config file
-# https://rsc.eworm.de/doc/backup-email.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global BackupPassword;
- :global BackupRandomDelay;
- :global BackupSendBinary;
- :global BackupSendExport;
- :global BackupSendGlobalConfig;
- :global Domain;
- :global Identity;
- :global PackagesUpdateBackupFailure;
-
- :global CleanName;
- :global DeviceInfo;
- :global FileExists;
- :global FormatLine;
- :global LogPrint;
- :global MkDir;
- :global RandomDelay;
- :global ScriptFromTerminal;
- :global ScriptLock;
- :global SendEMail2;
- :global SymbolForNotification;
- :global WaitForFile;
- :global WaitFullyConnected;
-
- :if ([ :typeof $SendEMail2 ] = "nothing") do={
- $LogPrint error $ScriptName ("The module for sending notifications via e-mail is not installed.");
- :set ExitOK true;
- :error false;
- }
-
- :if ($BackupSendBinary != true && \
- $BackupSendExport != true) do={
- $LogPrint error $ScriptName ("Configured to send neither backup nor config export.");
- :set ExitOK true;
- :error false;
- }
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={
- $LogPrint warning $ScriptName ("Running from backup partition, refusing to act.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- $WaitFullyConnected;
-
- :if ([ $ScriptFromTerminal $ScriptName ] = false && $BackupRandomDelay > 0) do={
- $RandomDelay $BackupRandomDelay;
- }
-
- # filename based on identity
- :local DirName ("tmpfs/" . $ScriptName);
- :local FileName [ $CleanName ($Identity . "." . $Domain) ];
- :local FilePath ($DirName . "/" . $FileName);
- :local BackupFile "none";
- :local ExportFile "none";
- :local ConfigFile "none";
- :local Attach ({});
-
- :if ([ $MkDir $DirName ] = false) do={
- $LogPrint error $ScriptName ("Failed creating directory!");
- :set ExitOK true;
- :error false;
- }
-
- # binary backup
- :if ($BackupSendBinary = true) do={
- /system/backup/save encryption=aes-sha256 name=$FilePath password=$BackupPassword;
- $WaitForFile ($FilePath . ".backup");
- :set BackupFile ($FileName . ".backup");
- :set Attach ($Attach, ($FilePath . ".backup"));
- }
-
- # create configuration export
- :if ($BackupSendExport = true) do={
- /export terse show-sensitive file=$FilePath;
- $WaitForFile ($FilePath . ".rsc");
- :set ExportFile ($FileName . ".rsc");
- :set Attach ($Attach, ($FilePath . ".rsc"));
- }
-
- # global-config-overlay
- :if ($BackupSendGlobalConfig = true) do={
- # Do *NOT* use '/file/add ...' here, as it is limited to 4095 bytes!
- :execute script={ :put [ /system/script/get global-config-overlay source ]; } \
- file=($FilePath . ".conf\00");
- $WaitForFile ($FilePath . ".conf");
- :set ConfigFile ($FileName . ".conf");
- :set Attach ($Attach, ($FilePath . ".conf"));
- }
-
- # send email with status and files
- $SendEMail2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "floppy-disk,incoming-envelope" ] . \
- "Backup & Config"); \
- message=("See attached files for backup and config export for " . \
- $Identity . ".\n\n" . \
- [ $DeviceInfo ] . "\n\n" . \
- [ $FormatLine "Backup file" $BackupFile ] . "\n" . \
- [ $FormatLine "Export file" $ExportFile ] . "\n" . \
- [ $FormatLine "Config file" $ConfigFile ]); \
- attach=$Attach; remove-attach=true });
-
- # wait for the mail to be sent
- :do {
- :retry {
- :if ([ $FileExists ($FilePath . ".conf") ".conf file" ] = true || \
- [ $FileExists ($FilePath . ".backup") "backup" ] = true || \
- [ $FileExists ($FilePath . ".rsc") "script" ] = true) do={
- :error "Files are still available.";
- }
- } delay=1s max=120;
- } on-error={
- $LogPrint warning $ScriptName ("Files are still available, sending e-mail failed.");
- :set PackagesUpdateBackupFailure true;
- }
- # do not remove the files here, as the mail is still queued!
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/backup-partition.rsc b/backup-partition.rsc
deleted file mode 100644
index a9f11a59..00000000
--- a/backup-partition.rsc
+++ /dev/null
@@ -1,128 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: backup-partition
-# Copyright (c) 2022-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: backup-script, order=70
-# requires RouterOS, version=7.17
-# requires device-mode, scheduler
-#
-# save configuration to fallback partition
-# https://rsc.eworm.de/doc/backup-partition.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global BackupPartitionCopyBeforeFeatureUpdate;
- :global PackagesUpdateBackupFailure;
-
- :global LogPrint;
- :global ScriptFromTerminal;
- :global ScriptLock;
- :global VersionToNum;
-
- :local CopyTo do={
- :local ScriptName [ :tostr $1 ];
- :local FallbackTo [ :toid $2 ];
- :local FallbackToName [ :tostr $3 ];
-
- :global LogPrint;
-
- :onerror Err {
- /partitions/copy-to $FallbackTo;
- $LogPrint info $ScriptName ("Copied RouterOS to partition '" . $FallbackToName . "'.");
- } do={
- $LogPrint error $ScriptName ("Failed copying RouterOS to partition '" . \
- $FallbackToName . "': " . $Err);
- :return false;
- }
- :return true;
- }
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={
- $LogPrint warning $ScriptName ("Running from backup partition, refusing to act.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /partitions/find ] ] < 2) do={
- $LogPrint error $ScriptName ("Device does not have a fallback partition.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :local ActiveRunning [ /partitions/find where active running ];
-
- :if ([ :len $ActiveRunning ] < 1) do={
- $LogPrint error $ScriptName ("Device is not running from active partition.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :local FallbackToName [ /partitions/get $ActiveRunning fallback-to ];
- :local FallbackTo [ /partition/find where name=$FallbackToName !active ];
-
- :if ([ :len $FallbackTo ] < 1) do={
- $LogPrint error $ScriptName ("There is no inactive partition named '" . $FallbackToName . "'.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :if ([ /partitions/get $ActiveRunning version ] != [ /partitions/get $FallbackTo version]) do={
- :if ([ $ScriptFromTerminal $ScriptName ] = true) do={
- :put ("The partitions have different RouterOS versions. Copy over to '" . $FallbackToName . "'? [y/N]");
- :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={
- :if ([ $CopyTo $ScriptName $FallbackTo $FallbackToName ] = false) do={
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
- }
- } else={
- :local Update [ /system/package/update/get ];
- :local NumInstalled [ $VersionToNum ($Update->"installed-version") ];
- :local NumLatest [ $VersionToNum ($Update->"latest-version") ];
- :local BitMask [ $VersionToNum "255.255zero0" ];
- :if ($BackupPartitionCopyBeforeFeatureUpdate = true && $NumLatest > 0 && \
- ($NumInstalled & $BitMask) != ($NumLatest & $BitMask)) do={
- :if ([ $CopyTo $ScriptName $FallbackTo $FallbackToName ] = false) do={
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
- }
- }
- }
-
- :onerror Err {
- /system/scheduler/add start-time=startup name="running-from-backup-partition" \
- on-event=(":log warning (\"Running from partition '\" . " . \
- "[ /partitions/get [ find where running ] name ] . \"'!\")");
- /partitions/save-config-to $FallbackTo;
- /system/scheduler/remove "running-from-backup-partition";
- $LogPrint info $ScriptName ("Saved configuration to partition '" . $FallbackToName . "'.");
- } do={
- /system/scheduler/remove [ find where name="running-from-backup-partition" ];
- $LogPrint error $ScriptName ("Failed saving configuration to partition '" . \
- $FallbackToName . "': " . $Err);
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/backup-upload.rsc b/backup-upload.rsc
deleted file mode 100644
index cae67bfa..00000000
--- a/backup-upload.rsc
+++ /dev/null
@@ -1,178 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: backup-upload
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: backup-script, order=50
-# requires RouterOS, version=7.17
-# requires device-mode, fetch
-#
-# create and upload backup and config file
-# https://rsc.eworm.de/doc/backup-upload.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global BackupPassword;
- :global BackupRandomDelay;
- :global BackupSendBinary;
- :global BackupSendExport;
- :global BackupSendGlobalConfig;
- :global BackupUploadPass;
- :global BackupUploadUrl;
- :global BackupUploadUser;
- :global Domain;
- :global Identity;
- :global PackagesUpdateBackupFailure;
-
- :global CleanName;
- :global DeviceInfo;
- :global IfThenElse;
- :global LogPrint;
- :global MkDir;
- :global RandomDelay;
- :global RmDir;
- :global RmFile;
- :global ScriptFromTerminal;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
- :global WaitForFile;
- :global WaitFullyConnected;
-
- :if ($BackupSendBinary != true && \
- $BackupSendExport != true) do={
- $LogPrint error $ScriptName ("Configured to send neither backup nor config export.");
- :set ExitOK true;
- :error false;
- }
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={
- $LogPrint warning $ScriptName ("Running from backup partition, refusing to act.");
- :set PackagesUpdateBackupFailure true;
- :set ExitOK true;
- :error false;
- }
-
- $WaitFullyConnected;
-
- :if ([ $ScriptFromTerminal $ScriptName ] = false && $BackupRandomDelay > 0) do={
- $RandomDelay $BackupRandomDelay;
- }
-
- # filename based on identity
- :local DirName ("tmpfs/" . $ScriptName);
- :local FileName [ $CleanName ($Identity . "." . $Domain) ];
- :local FilePath ($DirName . "/" . $FileName);
- :local BackupFile "none";
- :local ExportFile "none";
- :local ConfigFile "none";
- :local Failed 0;
-
- :if ([ $MkDir $DirName ] = false) do={
- $LogPrint error $ScriptName ("Failed creating directory!");
- :set ExitOK true;
- :error false;
- }
-
- # binary backup
- :if ($BackupSendBinary = true) do={
- /system/backup/save encryption=aes-sha256 name=$FilePath password=$BackupPassword;
- $WaitForFile ($FilePath . ".backup");
-
- :onerror Err {
- /tool/fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".backup") \
- user=$BackupUploadUser password=$BackupUploadPass src-path=($FilePath . ".backup");
- :set BackupFile [ /file/get ($FilePath . ".backup") ];
- :set ($BackupFile->"name") ($FileName . ".backup");
- } do={
- $LogPrint error $ScriptName ("Uploading backup file failed: " . $Err);
- :set BackupFile "failed";
- :set Failed 1;
- }
-
- $RmFile ($FilePath . ".backup");
- }
-
- # create configuration export
- :if ($BackupSendExport = true) do={
- /export terse show-sensitive file=$FilePath;
- $WaitForFile ($FilePath . ".rsc");
-
- :onerror Err {
- /tool/fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".rsc") \
- user=$BackupUploadUser password=$BackupUploadPass src-path=($FilePath . ".rsc");
- :set ExportFile [ /file/get ($FilePath . ".rsc") ];
- :set ($ExportFile->"name") ($FileName . ".rsc");
- } do={
- $LogPrint error $ScriptName ("Uploading configuration export failed: " . $Err);
- :set ExportFile "failed";
- :set Failed 1;
- }
-
- $RmFile ($FilePath . ".rsc");
- }
-
- # global-config-overlay
- :if ($BackupSendGlobalConfig = true) do={
- # Do *NOT* use '/file/add ...' here, as it is limited to 4095 bytes!
- :execute script={ :put [ /system/script/get global-config-overlay source ]; } \
- file=($FilePath . ".conf\00");
- $WaitForFile ($FilePath . ".conf");
-
- :onerror Err {
- /tool/fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".conf") \
- user=$BackupUploadUser password=$BackupUploadPass src-path=($FilePath . ".conf");
- :set ConfigFile [ /file/get ($FilePath . ".conf") ];
- :set ($ConfigFile->"name") ($FileName . ".conf");
- } do={
- $LogPrint error $ScriptName ("Uploading global-config-overlay failed: " . $Err);
- :set ConfigFile "failed";
- :set Failed 1;
- }
-
- $RmFile ($FilePath . ".conf");
- }
-
- :local FileInfo do={
- :local Name $1;
- :local File $2;
-
- :global FormatLine;
- :global HumanReadableNum;
- :global IfThenElse;
-
- :return \
- [ $IfThenElse ([ :typeof $File ] = "array") \
- ($Name . ":\n" . [ $FormatLine " name" ($File->"name") ] . "\n" . \
- [ $FormatLine " size" ([ $HumanReadableNum ($File->"size") 1024 ] . "B") ]) \
- [ $FormatLine $Name $File ] ];
- }
-
- $SendNotification2 ({ origin=$ScriptName; \
- subject=[ $IfThenElse ($Failed > 0) \
- ([ $SymbolForNotification "floppy-disk,warning-sign" ] . "Backup & Config upload with failure") \
- ([ $SymbolForNotification "floppy-disk,arrow-up" ] . "Backup & Config upload") ]; \
- message=("Backup and config export upload for " . $Identity . ".\n\n" . \
- [ $DeviceInfo ] . "\n\n" . \
- [ $FileInfo "Backup file" $BackupFile ] . "\n" . \
- [ $FileInfo "Export file" $ExportFile ] . "\n" . \
- [ $FileInfo "Config file" $ConfigFile ]); silent=true });
-
- :if ($Failed = 1) do={
- :set PackagesUpdateBackupFailure true;
- }
- $RmDir $DirName;
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/bridge-port-to-default b/bridge-port-to-default
new file mode 100644
index 00000000..e646b333
--- /dev/null
+++ b/bridge-port-to-default
@@ -0,0 +1,42 @@
+#!rsc
+# RouterOS script: bridge-port-to-default
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# reset bridge ports to default bridge
+
+:global BridgePortTo;
+
+:local Len ([ :len $BridgePortTo ] + 1);
+
+:if ($Len = 1) do={
+ :delay 1s;
+ :set Len ([ :len $BridgePortTo ] + 1);
+}
+
+:foreach BridgePort in=[ / interface bridge port find where comment!="" ] do={
+ :local BridgePortVal [ / interface bridge port get $BridgePort ];
+ :foreach Comment in=[ :toarray ($BridgePortVal->"comment") ] do={
+ :if ([ :pick $Comment 0 $Len ] = ($BridgePortTo . ":")) do={
+ :local BridgeDefault [ :pick $Comment $Len [ :len $Comment ] ];
+ :if ($BridgeDefault = "dhcp-client") do={
+ :if ($BridgePortVal->"disabled" = false) do={
+ :log info ("Disabling bridge port for interface " . $BridgePortVal->"interface" . ", enabling dhcp client.");
+ / interface bridge port disable $BridgePort;
+ / ip dhcp-client enable [ find where interface=$BridgePortVal->"interface" comment="toggle with bridge port" disabled=yes ];
+ }
+ } else={
+ :if ($BridgePortVal->"disabled" = true) do={
+ :log info ("Enabling bridge port for interface " . $BridgePortVal->"interface" . ", disabling dhcp client.");
+ / ip dhcp-client disable [ find where interface=$BridgePortVal->"interface" comment="toggle with bridge port" disabled=no ];
+ / interface bridge port enable $BridgePort;
+ }
+ :if ($BridgeDefault != $BridgePortVal->"bridge") do={
+ :log info ("Changing interface " . $BridgePortVal->"interface" . " to " . $BridgePortTo . " bridge " . $BridgeDefault);
+ / interface bridge port set bridge=$BridgeDefault $BridgePort;
+ } else={
+ :log debug ("Interface " . $BridgePortVal->"interface" . " already connected to " . $BridgePortTo . " bridge " . $BridgeDefault);
+ }
+ }
+ }
+ }
+}
diff --git a/bridge-port-toggle b/bridge-port-toggle
new file mode 100644
index 00000000..fc122f6d
--- /dev/null
+++ b/bridge-port-toggle
@@ -0,0 +1,15 @@
+#!rsc
+# RouterOS script: bridge-port-toggle
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# toggle bridge ports between default and alt bridge
+
+:global BridgePortTo;
+
+:if ($BridgePortTo != "default") do={
+ :set BridgePortTo "default";
+} else={
+ :set BridgePortTo "alt";
+}
+
+/ system script run bridge-port-to-default;
diff --git a/capsman-download-packages b/capsman-download-packages
new file mode 100644
index 00000000..74626996
--- /dev/null
+++ b/capsman-download-packages
@@ -0,0 +1,39 @@
+#!rsc
+# RouterOS script: capsman-download-packages
+# Copyright (c) 2018-2019 Christian Hesse
+# Michael Gisbers
+#
+# requires: dont-require-permissions=yes
+#
+# download and cleanup packages for CAP installation from CAPsMAN
+
+:global DownloadPackage;
+:global CleanFilePath;
+
+:local PackagePath [ $CleanFilePath [ / caps-man manager get package-path ] ];
+:local InstalledVersion [ / system package update get installed-version ];
+:local Updated false;
+
+:foreach Package in=[ / file find where type=package \
+ package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
+ :local PackageName [ / file get $Package package-name ];
+ :local PackageArchitecture [ / file get $Package package-architecture ];
+ :if ($PackageArchitecture = "mips") do={
+ :set PackageArchitecture "mipsbe";
+ }
+ :if ($PackageName = "wireless@") do={
+ :set PackageName "wireless";
+ }
+ :if ([ $DownloadPackage $PackageName $InstalledVersion $PackageArchitecture $PackagePath ] = true) do={
+ :set Updated true;
+ / file remove $Package;
+ }
+}
+
+:if ($Updated = true) do={
+ :if ([ / system script print count-only where name="capsman-rolling-upgrade" ] > 0) do={
+ / system script run capsman-rolling-upgrade;
+ } else={
+ / caps-man remote-cap upgrade [ find where version!=$InstalledVersion ];
+ }
+}
diff --git a/capsman-download-packages.capsman.rsc b/capsman-download-packages.capsman.rsc
deleted file mode 100644
index 838f41b9..00000000
--- a/capsman-download-packages.capsman.rsc
+++ /dev/null
@@ -1,93 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: capsman-download-packages.capsman
-# Copyright (c) 2018-2026 Christian Hesse
-# Michael Gisbers
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# download and cleanup packages for CAP installation from CAPsMAN
-# https://rsc.eworm.de/doc/capsman-download-packages.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global CleanFilePath;
- :global DownloadPackage;
- :global FileGet;
- :global LogPrint;
- :global MkDir;
- :global RmFile;
- :global ScriptLock;
- :global WaitFullyConnected;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
- $WaitFullyConnected;
-
- :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
- :local InstalledVersion [ /system/package/update/get installed-version ];
- :local Updated false;
-
- :if ([ :len $PackagePath ] = 0) do={
- $LogPrint warning $ScriptName ("The CAPsMAN package path is not defined, can not download packages.");
- :set ExitOK true;
- :error false;
- }
-
- :if ([ $FileGet $PackagePath ] = false) do={
- :if ([ $MkDir $PackagePath ] = false) do={
- $LogPrint warning $ScriptName ("Creating directory at CAPsMAN package path (" . \
- $PackagePath . ") failed!");
- :set ExitOK true;
- :error false;
- }
- $LogPrint info $ScriptName ("Created directory at CAPsMAN package path (" . $PackagePath . \
- "). Please place your packages!");
- }
-
- :foreach Package in=[ /file/find where type="package" \
- package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
- :local File [ /file/get $Package ];
- :if ($File->"package-architecture" = "mips") do={
- :set ($File->"package-architecture") "mipsbe";
- }
- :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
- ($File->"package-architecture") $PackagePath ] = true) do={
- :set Updated true;
- $RmFile ($File->"name");
- }
- }
-
- :if ([ :len [ /file/find where type="package" name~("^" . $PackagePath) ] ] = 0) do={
- $LogPrint info $ScriptName ("No packages available, downloading default set.");
- :foreach Arch in={ "arm"; "mipsbe" } do={
- :foreach Package in={ "routeros"; "wireless" } do={
- :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
- :set Updated true;
- }
- }
- }
- }
-
- :if ($Updated = true) do={
- :local Scripts [ /system/script/find where source~"\n# provides: capsman-rolling-upgrade.capsman\r?\n" ];
- :if ([ :len $Scripts ] > 0) do={
- :foreach Script in=$Scripts do={
- /system/script/run $Script;
- }
- } else={
- /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc
deleted file mode 100644
index 1d31eb5a..00000000
--- a/capsman-download-packages.template.rsc
+++ /dev/null
@@ -1,104 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: capsman-download-packages%TEMPL%
-# Copyright (c) 2018-2026 Christian Hesse
-# Michael Gisbers
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# download and cleanup packages for CAP installation from CAPsMAN
-# https://rsc.eworm.de/doc/capsman-download-packages.md
-#
-# !! This is just a template to generate the real script!
-# !! Pattern '%TEMPL%' is replaced, paths are filtered.
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global CleanFilePath;
- :global DownloadPackage;
- :global FileGet;
- :global LogPrint;
- :global MkDir;
- :global RmFile;
- :global ScriptLock;
- :global WaitFullyConnected;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
- $WaitFullyConnected;
-
- :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
- :local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ];
- :local InstalledVersion [ /system/package/update/get installed-version ];
- :local Updated false;
-
- :if ([ :len $PackagePath ] = 0) do={
- $LogPrint warning $ScriptName ("The CAPsMAN package path is not defined, can not download packages.");
- :set ExitOK true;
- :error false;
- }
-
- :if ([ $FileGet $PackagePath ] = false) do={
- :if ([ $MkDir $PackagePath ] = false) do={
- $LogPrint warning $ScriptName ("Creating directory at CAPsMAN package path (" . \
- $PackagePath . ") failed!");
- :set ExitOK true;
- :error false;
- }
- $LogPrint info $ScriptName ("Created directory at CAPsMAN package path (" . $PackagePath . \
- "). Please place your packages!");
- }
-
- :foreach Package in=[ /file/find where type="package" \
- package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
- :local File [ /file/get $Package ];
- :if ($File->"package-architecture" = "mips") do={
- :set ($File->"package-architecture") "mipsbe";
- }
- :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
- ($File->"package-architecture") $PackagePath ] = true) do={
- :set Updated true;
- $RmFile ($File->"name");
- }
- }
-
- :if ([ :len [ /file/find where type="package" name~("^" . $PackagePath) ] ] = 0) do={
- $LogPrint info $ScriptName ("No packages available, downloading default set.");
-# NOT /interface/wifi/ #
- :foreach Arch in={ "arm"; "mipsbe" } do={
- :foreach Package in={ "routeros"; "wireless" } do={
-# NOT /interface/wifi/ #
-# NOT /caps-man/ #
- :foreach Arch in={ "arm"; "arm64" } do={
- :local Packages { "arm"={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" };
- "arm64"={ "routeros"; "wifi-qcom" } };
- :foreach Package in=($Packages->$Arch) do={
-# NOT /caps-man/ #
- :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
- :set Updated true;
- }
- }
- }
- }
-
- :if ($Updated = true) do={
- :local Scripts [ /system/script/find where source~"\n# provides: capsman-rolling-upgrade%TEMPL%\r?\n" ];
- :if ([ :len $Scripts ] > 0) do={
- :foreach Script in=$Scripts do={
- /system/script/run $Script;
- }
- } else={
- /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
- /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc
deleted file mode 100644
index 242bb0c8..00000000
--- a/capsman-download-packages.wifi.rsc
+++ /dev/null
@@ -1,95 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: capsman-download-packages.wifi
-# Copyright (c) 2018-2026 Christian Hesse
-# Michael Gisbers
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# download and cleanup packages for CAP installation from CAPsMAN
-# https://rsc.eworm.de/doc/capsman-download-packages.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global CleanFilePath;
- :global DownloadPackage;
- :global FileGet;
- :global LogPrint;
- :global MkDir;
- :global RmFile;
- :global ScriptLock;
- :global WaitFullyConnected;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
- $WaitFullyConnected;
-
- :local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ];
- :local InstalledVersion [ /system/package/update/get installed-version ];
- :local Updated false;
-
- :if ([ :len $PackagePath ] = 0) do={
- $LogPrint warning $ScriptName ("The CAPsMAN package path is not defined, can not download packages.");
- :set ExitOK true;
- :error false;
- }
-
- :if ([ $FileGet $PackagePath ] = false) do={
- :if ([ $MkDir $PackagePath ] = false) do={
- $LogPrint warning $ScriptName ("Creating directory at CAPsMAN package path (" . \
- $PackagePath . ") failed!");
- :set ExitOK true;
- :error false;
- }
- $LogPrint info $ScriptName ("Created directory at CAPsMAN package path (" . $PackagePath . \
- "). Please place your packages!");
- }
-
- :foreach Package in=[ /file/find where type="package" \
- package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
- :local File [ /file/get $Package ];
- :if ($File->"package-architecture" = "mips") do={
- :set ($File->"package-architecture") "mipsbe";
- }
- :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
- ($File->"package-architecture") $PackagePath ] = true) do={
- :set Updated true;
- $RmFile ($File->"name");
- }
- }
-
- :if ([ :len [ /file/find where type="package" name~("^" . $PackagePath) ] ] = 0) do={
- $LogPrint info $ScriptName ("No packages available, downloading default set.");
- :foreach Arch in={ "arm"; "arm64" } do={
- :local Packages { "arm"={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" };
- "arm64"={ "routeros"; "wifi-qcom" } };
- :foreach Package in=($Packages->$Arch) do={
- :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
- :set Updated true;
- }
- }
- }
- }
-
- :if ($Updated = true) do={
- :local Scripts [ /system/script/find where source~"\n# provides: capsman-rolling-upgrade.wifi\r?\n" ];
- :if ([ :len $Scripts ] > 0) do={
- :foreach Script in=$Scripts do={
- /system/script/run $Script;
- }
- } else={
- /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/capsman-rolling-upgrade b/capsman-rolling-upgrade
new file mode 100644
index 00000000..431ac02e
--- /dev/null
+++ b/capsman-rolling-upgrade
@@ -0,0 +1,20 @@
+#!rsc
+# RouterOS script: capsman-rolling-upgrade
+# Copyright (c) 2018-2019 Christian Hesse
+# Michael Gisbers
+#
+# upgrade CAPs one after another
+
+:local InstalledVersion [ / system package update get installed-version ];
+
+:local RemoteCapCount [ /caps-man remote-cap print count-only ];
+:if ($RemoteCapCount > 0) do={
+ :local Delay (600 / $RemoteCapCount);
+ :if ($Delay > 120) do={ :set Delay 120; }
+ :foreach RemoteCap in=[ / caps-man remote-cap find where version!=$InstalledVersion ] do={
+ :local RemoteCapName [ / caps-man remote-cap get $RemoteCap name ];
+ :log debug ("Starting upgrade for CAP " . $RemoteCapName . "...");
+ / caps-man remote-cap upgrade $RemoteCap;
+ :delay ($Delay . "s");
+ }
+}
diff --git a/capsman-rolling-upgrade.capsman.rsc b/capsman-rolling-upgrade.capsman.rsc
deleted file mode 100644
index bb1b17b1..00000000
--- a/capsman-rolling-upgrade.capsman.rsc
+++ /dev/null
@@ -1,50 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: capsman-rolling-upgrade.capsman
-# Copyright (c) 2018-2026 Christian Hesse
-# Michael Gisbers
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: capsman-rolling-upgrade.capsman
-# requires RouterOS, version=7.17
-#
-# upgrade CAPs one after another
-# https://rsc.eworm.de/doc/capsman-rolling-upgrade.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global LogPrint;
- :global ScriptLock;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :local InstalledVersion [ /system/package/update/get installed-version ];
-
- :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
- :if ($RemoteCapCount > 0) do={
- :local Delay (600 / $RemoteCapCount);
- :if ($Delay > 120) do={ :set Delay 120; }
- :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
- :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
- :if ([ :len $RemoteCapVal ] > 1) do={
- $LogPrint info $ScriptName ("Starting upgrade for " . $RemoteCapVal->"name" . \
- " (" . $RemoteCapVal->"identity" . ")...");
- /caps-man/remote-cap/upgrade $RemoteCap;
- } else={
- $LogPrint warning $ScriptName ("Remote CAP vanished, skipping upgrade.");
- }
- :delay ($Delay . "s");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/capsman-rolling-upgrade.template.rsc b/capsman-rolling-upgrade.template.rsc
deleted file mode 100644
index 919765a0..00000000
--- a/capsman-rolling-upgrade.template.rsc
+++ /dev/null
@@ -1,58 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: capsman-rolling-upgrade%TEMPL%
-# Copyright (c) 2018-2026 Christian Hesse
-# Michael Gisbers
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: capsman-rolling-upgrade%TEMPL%
-# requires RouterOS, version=7.17
-#
-# upgrade CAPs one after another
-# https://rsc.eworm.de/doc/capsman-rolling-upgrade.md
-#
-# !! This is just a template to generate the real script!
-# !! Pattern '%TEMPL%' is replaced, paths are filtered.
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global LogPrint;
- :global ScriptLock;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :local InstalledVersion [ /system/package/update/get installed-version ];
-
- :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
- :local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ];
- :if ($RemoteCapCount > 0) do={
- :local Delay (600 / $RemoteCapCount);
- :if ($Delay > 120) do={ :set Delay 120; }
- :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
- :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={
- :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
- :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ];
- :if ([ :len $RemoteCapVal ] > 1) do={
-# NOT /caps-man/ #
- :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
-# NOT /caps-man/ #
- $LogPrint info $ScriptName ("Starting upgrade for " . $RemoteCapVal->"name" . \
- " (" . $RemoteCapVal->"identity" . ")...");
- /caps-man/remote-cap/upgrade $RemoteCap;
- /interface/wifi/capsman/remote-cap/upgrade $RemoteCap;
- } else={
- $LogPrint warning $ScriptName ("Remote CAP vanished, skipping upgrade.");
- }
- :delay ($Delay . "s");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/capsman-rolling-upgrade.wifi.rsc b/capsman-rolling-upgrade.wifi.rsc
deleted file mode 100644
index b0c9d034..00000000
--- a/capsman-rolling-upgrade.wifi.rsc
+++ /dev/null
@@ -1,51 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: capsman-rolling-upgrade.wifi
-# Copyright (c) 2018-2026 Christian Hesse
-# Michael Gisbers
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: capsman-rolling-upgrade.wifi
-# requires RouterOS, version=7.17
-#
-# upgrade CAPs one after another
-# https://rsc.eworm.de/doc/capsman-rolling-upgrade.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global LogPrint;
- :global ScriptLock;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :local InstalledVersion [ /system/package/update/get installed-version ];
-
- :local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ];
- :if ($RemoteCapCount > 0) do={
- :local Delay (600 / $RemoteCapCount);
- :if ($Delay > 120) do={ :set Delay 120; }
- :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={
- :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ];
- :if ([ :len $RemoteCapVal ] > 1) do={
- :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
- $LogPrint info $ScriptName ("Starting upgrade for " . $RemoteCapVal->"name" . \
- " (" . $RemoteCapVal->"identity" . ")...");
- /interface/wifi/capsman/remote-cap/upgrade $RemoteCap;
- } else={
- $LogPrint warning $ScriptName ("Remote CAP vanished, skipping upgrade.");
- }
- :delay ($Delay . "s");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/certificate-renew-issued b/certificate-renew-issued
new file mode 100644
index 00000000..e7241f27
--- /dev/null
+++ b/certificate-renew-issued
@@ -0,0 +1,14 @@
+#!rsc
+# RouterOS script: certificate-renew-issued
+# Copyright (c) 2019 Christian Hesse
+#
+# renew locally issued certificates
+
+:foreach Cert in=[ / certificate find where issued expires-after<3w ] do={
+ :local CertVal [ / certificate get $Cert ];
+ / certificate issued-revoke $Cert;
+ / certificate set name=($CertVal->"name" . "-revoked-" . [ / system clock get date ]) $Cert;
+ / certificate add name=($CertVal->"name") common-name=($CertVal->"common-name") \
+ key-usage=($CertVal->"key-usage") subject-alt-name=($CertVal->"subject-alt-name");
+ / certificate sign ($CertVal->"name") ca=($CertVal->"ca");
+}
diff --git a/certificate-renew-issued.rsc b/certificate-renew-issued.rsc
deleted file mode 100644
index fc8bff32..00000000
--- a/certificate-renew-issued.rsc
+++ /dev/null
@@ -1,52 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: certificate-renew-issued
-# Copyright (c) 2019-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# renew locally issued certificates
-# https://rsc.eworm.de/doc/certificate-renew-issued.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global CertIssuedExportPass;
-
- :global LogPrint;
- :global MkDir;
- :global ScriptLock;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :foreach Cert in=[ /certificate/find where issued expires-after<3w ] do={
- :local CertVal [ /certificate/get $Cert ];
- /certificate/issued-revoke $Cert;
- /certificate/set name=($CertVal->"name" . "-revoked-" . [ /system/clock/get date ]) $Cert;
- /certificate/add name=($CertVal->"name") common-name=($CertVal->"common-name") \
- key-usage=($CertVal->"key-usage") subject-alt-name=($CertVal->"subject-alt-name");
- /certificate/sign ($CertVal->"name") ca=($CertVal->"ca");
- :if ([ :typeof ($CertIssuedExportPass->($CertVal->"common-name")) ] = "str") do={
- :if ([ $MkDir "cert-issued" ] = true) do={
- /certificate/export-certificate ($CertVal->"name") type=pkcs12 \
- file-name=("cert-issued/" . $CertVal->"common-name") \
- export-passphrase=($CertIssuedExportPass->($CertVal->"common-name"));
- $LogPrint info $ScriptName ("Issued a new certificate for '" . $CertVal->"common-name" . \
- "', exported to 'cert-issued/" . $CertVal->"common-name" . ".p12'.");
- } else={
- $LogPrint warning $ScriptName ("Failed creating directory, not exporting certificate.");
- }
- } else={
- $LogPrint info $ScriptName ("Issued a new certificate for '" . $CertVal->"common-name" . "'.");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/certs/Certum-Trusted-Network-CA.pem b/certs/Certum-Trusted-Network-CA.pem
deleted file mode 100644
index a48e7063..00000000
--- a/certs/Certum-Trusted-Network-CA.pem
+++ /dev/null
@@ -1,29 +0,0 @@
-# Issuer: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority
-# Subject: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority
-# Label: "Certum Trusted Network CA"
-# Serial: 279744
-# MD5 Fingerprint: d5:e9:81:40:c5:18:69:fc:46:2c:89:75:62:0f:aa:78
-# SHA1 Fingerprint: 07:e0:32:e0:20:b7:2c:3f:19:2f:06:28:a2:59:3a:19:a7:0f:06:9e
-# SHA256 Fingerprint: 5c:58:46:8d:55:f5:8e:49:7e:74:39:82:d2:b5:00:10:b6:d1:65:37:4a:cf:83:a7:d4:a3:2d:b7:68:c4:40:8e
------BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
-MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
-ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
-cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
-WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
-Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
-IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
-UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
-TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
-BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
-kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
-AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
-HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
-sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
-I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
-J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
-VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
-03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
------END CERTIFICATE-----
diff --git a/certs/DigiCert-Global-Root-G2.pem b/certs/DigiCert-Global-Root-G2.pem
deleted file mode 100644
index 8af6c7aa..00000000
--- a/certs/DigiCert-Global-Root-G2.pem
+++ /dev/null
@@ -1,29 +0,0 @@
-# Issuer: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com
-# Subject: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com
-# Label: "DigiCert Global Root G2"
-# Serial: 4293743540046975378534879503202253541
-# MD5 Fingerprint: e4:a6:8a:c8:54:ac:52:42:46:0a:fd:72:48:1b:2a:44
-# SHA1 Fingerprint: df:3c:24:f9:bf:d6:66:76:1b:26:80:73:fe:06:d1:cc:8d:4f:82:a4
-# SHA256 Fingerprint: cb:3c:cb:b7:60:31:e5:e0:13:8f:8d:d3:9a:23:f9:de:47:ff:c3:5e:43:c1:14:4c:ea:27:d4:6a:5a:b1:cb:5f
------BEGIN CERTIFICATE-----
-MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
-MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
-b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
-2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
-1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
-q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
-tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
-vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
-5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
-1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
-NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
-Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
-8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
-pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
-MrY=
------END CERTIFICATE-----
diff --git a/certs/DigiCert-Global-Root-G3.pem b/certs/DigiCert-Global-Root-G3.pem
deleted file mode 100644
index 12324dcc..00000000
--- a/certs/DigiCert-Global-Root-G3.pem
+++ /dev/null
@@ -1,22 +0,0 @@
-# Issuer: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com
-# Subject: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com
-# Label: "DigiCert Global Root G3"
-# Serial: 7089244469030293291760083333884364146
-# MD5 Fingerprint: f5:5d:a4:50:a5:fb:28:7e:1e:0f:0d:cc:96:57:56:ca
-# SHA1 Fingerprint: 7e:04:de:89:6a:3e:66:6d:00:e6:87:d3:3f:fa:d9:3b:e8:3d:34:9e
-# SHA256 Fingerprint: 31:ad:66:48:f8:10:41:38:c7:38:f3:9e:a4:32:01:33:39:3e:3a:18:cc:02:29:6e:f9:7c:2a:c9:ef:67:31:d0
------BEGIN CERTIFICATE-----
-MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw
-CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
-ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
-Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw
-EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
-IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
-K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG
-fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO
-Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
-BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx
-AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/
-oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
-sycX
------END CERTIFICATE-----
diff --git a/certs/GTS-Root-R1.pem b/certs/GTS-Root-R1.pem
deleted file mode 100644
index a6095d2b..00000000
--- a/certs/GTS-Root-R1.pem
+++ /dev/null
@@ -1,38 +0,0 @@
-# Issuer: CN=GTS Root R1 O=Google Trust Services LLC
-# Subject: CN=GTS Root R1 O=Google Trust Services LLC
-# Label: "GTS Root R1"
-# Serial: 159662320309726417404178440727
-# MD5 Fingerprint: 05:fe:d0:bf:71:a8:a3:76:63:da:01:e0:d8:52:dc:40
-# SHA1 Fingerprint: e5:8c:1c:c4:91:3b:38:63:4b:e9:10:6e:e3:ad:8e:6b:9d:d9:81:4a
-# SHA256 Fingerprint: d9:47:43:2a:bd:e7:b7:fa:90:fc:2e:6b:59:10:1b:12:80:e0:e1:c7:e4:e4:0f:a3:c6:88:7f:ff:57:a7:f4:cf
------BEGIN CERTIFICATE-----
-MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw
-CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
-MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
-MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
-Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo
-27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w
-Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw
-TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl
-qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH
-szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8
-Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk
-MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
-wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p
-aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN
-VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID
-AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb
-C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
-QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy
-h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4
-7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J
-ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef
-MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/
-Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT
-6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ
-0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm
-2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb
-bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c
------END CERTIFICATE-----
diff --git a/certs/GTS-Root-R4.pem b/certs/GTS-Root-R4.pem
deleted file mode 100644
index 16a1c368..00000000
--- a/certs/GTS-Root-R4.pem
+++ /dev/null
@@ -1,20 +0,0 @@
-# Issuer: CN=GTS Root R4 O=Google Trust Services LLC
-# Subject: CN=GTS Root R4 O=Google Trust Services LLC
-# Label: "GTS Root R4"
-# Serial: 159662532700760215368942768210
-# MD5 Fingerprint: 43:96:83:77:19:4d:76:b3:9d:65:52:e4:1d:22:a5:e8
-# SHA1 Fingerprint: 77:d3:03:67:b5:e0:0c:15:f6:0c:38:61:df:7c:e1:3b:92:46:4d:47
-# SHA256 Fingerprint: 34:9d:fa:40:58:c5:e2:63:12:3b:39:8a:e7:95:57:3c:4e:13:13:c8:3f:e6:8f:93:55:6c:d5:e8:03:1b:3c:7d
------BEGIN CERTIFICATE-----
-MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD
-VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG
-A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw
-WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz
-IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
-AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi
-QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR
-HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
-BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D
-9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8
-p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD
------END CERTIFICATE-----
diff --git a/certs/Go Daddy Secure Certificate Authority - G2.pem b/certs/Go Daddy Secure Certificate Authority - G2.pem
new file mode 100644
index 00000000..72e5054d
--- /dev/null
+++ b/certs/Go Daddy Secure Certificate Authority - G2.pem
@@ -0,0 +1,51 @@
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
+E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
+/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
+DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
+GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
+tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
+WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
+9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
+gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
+2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
+4uJEvlz36hz1
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3
+MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE
+CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD
+EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD
+BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv
+K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e
+cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY
+pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n
+eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB
+AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv
+9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n
+b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
+CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
+MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz
+91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2
+RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi
+DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11
+GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
+LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
+-----END CERTIFICATE-----
diff --git a/certs/Go-Daddy-Root-Certificate-Authority-G2.pem b/certs/Go-Daddy-Root-Certificate-Authority-G2.pem
deleted file mode 100644
index c61f300e..00000000
--- a/certs/Go-Daddy-Root-Certificate-Authority-G2.pem
+++ /dev/null
@@ -1,30 +0,0 @@
-# Issuer: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc.
-# Subject: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc.
-# Label: "Go Daddy Root Certificate Authority - G2"
-# Serial: 0
-# MD5 Fingerprint: 80:3a:bc:22:c1:e6:fb:8d:9b:3b:27:4a:32:1b:9a:01
-# SHA1 Fingerprint: 47:be:ab:c9:22:ea:e8:0e:78:78:34:62:a7:9f:45:c2:54:fd:e6:8b
-# SHA256 Fingerprint: 45:14:0b:32:47:eb:9c:c8:c5:b4:f0:d7:b5:30:91:f7:32:92:08:9e:6e:5a:63:e2:74:9d:d3:ac:a9:19:8e:da
------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
-EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
-ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
-NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
-EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
-AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
-E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
-/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
-DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
-GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
-tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
-FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
-WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
-9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
-gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
-2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
-LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
-4uJEvlz36hz1
------END CERTIFICATE-----
diff --git a/certs/ISRG-Root-X1.pem b/certs/ISRG-Root-X1.pem
deleted file mode 100644
index 995c95d5..00000000
--- a/certs/ISRG-Root-X1.pem
+++ /dev/null
@@ -1,38 +0,0 @@
-# Issuer: CN=ISRG Root X1 O=Internet Security Research Group
-# Subject: CN=ISRG Root X1 O=Internet Security Research Group
-# Label: "ISRG Root X1"
-# Serial: 172886928669790476064670243504169061120
-# MD5 Fingerprint: 0c:d2:f9:e0:da:17:73:e9:ed:86:4d:a5:e3:70:e7:4e
-# SHA1 Fingerprint: ca:bd:2a:79:a1:07:6a:31:f2:1d:25:36:35:cb:03:9d:43:29:a5:e8
-# SHA256 Fingerprint: 96:bc:ec:06:26:49:76:f3:74:60:77:9a:cf:28:c5:a7:cf:e8:a3:c0:aa:e1:1a:8f:fc:ee:05:c0:bd:df:08:c6
------BEGIN CERTIFICATE-----
-MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
-TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
-cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
-WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
-ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
-MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
-h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
-0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
-A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
-T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
-B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
-B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
-KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
-OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
-jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
-qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
-rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
-HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
-hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
-ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
-3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
-NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
-ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
-TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
-jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
-oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
-4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
-mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
-emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
------END CERTIFICATE-----
diff --git a/certs/ISRG-Root-X2.pem b/certs/ISRG-Root-X2.pem
deleted file mode 100644
index 9cca880a..00000000
--- a/certs/ISRG-Root-X2.pem
+++ /dev/null
@@ -1,21 +0,0 @@
-# Issuer: CN=ISRG Root X2 O=Internet Security Research Group
-# Subject: CN=ISRG Root X2 O=Internet Security Research Group
-# Label: "ISRG Root X2"
-# Serial: 87493402998870891108772069816698636114
-# MD5 Fingerprint: d3:9e:c4:1e:23:3c:a6:df:cf:a3:7e:6d:e0:14:e6:e5
-# SHA1 Fingerprint: bd:b1:b9:3c:d5:97:8d:45:c6:26:14:55:f8:db:95:c7:5a:d1:53:af
-# SHA256 Fingerprint: 69:72:9b:8e:15:a8:6e:fc:17:7a:57:af:b7:17:1d:fc:64:ad:d2:8c:2f:ca:8c:f1:50:7e:34:45:3c:cb:14:70
------BEGIN CERTIFICATE-----
-MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
-CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
-R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
-MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
-ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
-EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
-+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
-ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
-zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
-tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
-/q4AaOeMSQ+2b1tbFfLn
------END CERTIFICATE-----
diff --git a/certs/Let's Encrypt Authority X3.pem b/certs/Let's Encrypt Authority X3.pem
new file mode 100644
index 00000000..7df773fe
--- /dev/null
+++ b/certs/Let's Encrypt Authority X3.pem
@@ -0,0 +1,83 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1
+WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX
+NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf
+89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl
+Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc
+Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz
+uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB
+AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU
+BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB
+FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo
+SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js
+LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF
+BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG
+AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD
+VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB
+ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx
+A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM
+UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2
+DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1
+eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu
+OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw
+p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY
+2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0
+ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR
+PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b
+rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/certs/Makefile b/certs/Makefile
deleted file mode 100644
index 3ccad6e2..00000000
--- a/certs/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-# Makefile to check certificates
-
-CURL = curl \
- --capath /dev/null \
- --connect-timeout 5 \
- --output /dev/null \
- --silent
-
-DOMAINS_DUAL = \
- api.macvendors.com/GTS-Root-R4 \
- api.telegram.org/Go-Daddy-Root-Certificate-Authority-G2 \
- cloudflare-dns.com/DigiCert-Global-Root-G2 \
- dns.google/GTS-Root-R4 \
- dns.quad9.net/DigiCert-Global-Root-G3 \
- git.eworm.de/ISRG-Root-X2 \
- lists.blocklist.de/Certum-Trusted-Network-CA \
- matrix.org/GTS-Root-R4 \
- raw.githubusercontent.com/USERTrust-RSA-Certification-Authority \
- rsc.eworm.de/ISRG-Root-X2 \
- upgrade.mikrotik.com/ISRG-Root-X1
-DOMAINS_IPV4 = \
- 1.1.1.1/DigiCert-Global-Root-G2 \
- 8.8.8.8/GTS-Root-R1 \
- 9.9.9.9/DigiCert-Global-Root-G3 \
- api.mullvad.net/ISRG-Root-X1 \
- ipv4.showipv6.de/ISRG-Root-X1 \
- ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \
- mkcert.org/ISRG-Root-X1 \
- ntfy.sh/ISRG-Root-X1 \
- www.dshield.org/ISRG-Root-X1 \
- www.spamhaus.org/GTS-Root-R4
-DOMAINS_IPV6 = \
- [2606\:4700\:4700\:\:1111]/DigiCert-Global-Root-G2 \
- [2001\:4860\:4860\:\:8888]/GTS-Root-R1 \
- [2620\:fe\:\:9]/DigiCert-Global-Root-G3 \
- ipv6.showipv6.de/ISRG-Root-X1
-
-.PHONY: $(DOMAINS_DUAL) $(DOMAINS_IPV4) $(DOMAINS_IPV6)
-
-all: $(DOMAINS_DUAL) $(DOMAINS_IPV4) $(DOMAINS_IPV6)
-
-$(DOMAINS_DUAL):
-ifndef NOIPV4
- $(CURL) -4 --cacert $(notdir $@).pem https://$(dir $@)
-endif
-ifndef NOIPV6
- $(CURL) -6 --cacert $(notdir $@).pem https://$(dir $@)
-endif
-
-$(DOMAINS_IPV4):
-ifndef NOIPV4
- $(CURL) -4 --cacert $(notdir $@).pem https://$(dir $@)
-endif
-
-$(DOMAINS_IPV6):
-ifndef NOIPV6
- $(CURL) -6 --cacert $(notdir $@).pem https://$(dir $@)
-endif
diff --git a/certs/Starfield Secure Certificate Authority - G2.pem b/certs/Starfield Secure Certificate Authority - G2.pem
new file mode 100644
index 00000000..9c17e74e
--- /dev/null
+++ b/certs/Starfield Secure Certificate Authority - G2.pem
@@ -0,0 +1,52 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
+MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
+nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
+HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
+Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
+HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
+CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
+sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
+4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
+8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
+mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFADCCA+igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAw
+MFoXDTMxMDUwMzA3MDAwMFowgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxk
+dGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUg
+Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDlkGZL7PlGcakgg77pbL9KyUhpgXVObST2yxcT+LBxWYR6ayuF
+pDS1FuXLzOlBcCykLtb6Mn3hqN6UEKwxwcDYav9ZJ6t21vwLdGu4p64/xFT0tDFE
+3ZNWjKRMXpuJyySDm+JXfbfYEh/JhW300YDxUJuHrtQLEAX7J7oobRfpDtZNuTlV
+Bv8KJAV+L8YdcmzUiymMV33a2etmGtNPp99/UsQwxaXJDgLFU793OGgGJMNmyDd+
+MB5FcSM1/5DYKp2N57CSTTx/KgqT3M0WRmX3YISLdkuRJ3MUkuDq7o8W6o0OPnYX
+v32JgIBEQ+ct4EMJddo26K3biTr1XRKOIwSDAgMBAAGjggEsMIIBKDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJUWBaFAmOD07LSy+
+zWrZtj2zZmMwHwYDVR0jBBgwFoAUfAwyH6fZMH/EfWijYqihzqsHWycwOgYIKwYB
+BQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNo
+LmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0ZWNo
+LmNvbS9zZnJvb3QtZzIuY3JsMEwGA1UdIARFMEMwQQYEVR0gADA5MDcGCCsGAQUF
+BwIBFitodHRwczovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv
+MA0GCSqGSIb3DQEBCwUAA4IBAQBWZcr+8z8KqJOLGMfeQ2kTNCC+Tl94qGuc22pN
+QdvBE+zcMQAiXvcAngzgNGU0+bE6TkjIEoGIXFs+CFN69xpk37hQYcxTUUApS8L0
+rjpf5MqtJsxOYUPl/VemN3DOQyuwlMOS6eFfqhBJt2nk4NAfZKQrzR9voPiEJBjO
+eT2pkb9UGBOJmVQRDVXFJgt5T1ocbvlj2xSApAer+rKluYjdkf5lO6Sjeb6JTeHQ
+sPTIFwwKlhR8Cbds4cLYVdQYoKpBaXAko7nv6VrcPuuUSvC33l8Odvr7+2kDRUBQ
+7nIMpBKGgc0T0U7EPMpODdIm8QC3tKai4W56gf0wrHofx1l7
+-----END CERTIFICATE-----
diff --git a/certs/Starfield-Root-Certificate-Authority-G2.pem b/certs/Starfield-Root-Certificate-Authority-G2.pem
deleted file mode 100644
index 4e6774d2..00000000
--- a/certs/Starfield-Root-Certificate-Authority-G2.pem
+++ /dev/null
@@ -1,30 +0,0 @@
-# Issuer: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc.
-# Subject: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc.
-# Label: "Starfield Root Certificate Authority - G2"
-# Serial: 0
-# MD5 Fingerprint: d6:39:81:c6:52:7e:96:69:fc:fc:ca:66:ed:05:f2:96
-# SHA1 Fingerprint: b5:1c:06:7c:ee:2b:0c:3d:f8:55:ab:2d:92:f4:fe:39:d4:e7:0f:0e
-# SHA256 Fingerprint: 2c:e1:cb:0b:f9:d2:f9:e1:02:99:3f:be:21:51:52:c3:b2:dd:0c:ab:de:1c:68:e5:31:9b:83:91:54:db:b7:f5
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
-HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
-ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
-MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
-b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
-aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
-nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
-HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
-Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
-dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
-HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
-CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
-sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
-4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
-8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
-pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
-mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
------END CERTIFICATE-----
diff --git a/certs/USERTrust-RSA-Certification-Authority.pem b/certs/USERTrust-RSA-Certification-Authority.pem
deleted file mode 100644
index 0fbeef63..00000000
--- a/certs/USERTrust-RSA-Certification-Authority.pem
+++ /dev/null
@@ -1,41 +0,0 @@
-# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network
-# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network
-# Label: "USERTrust RSA Certification Authority"
-# Serial: 2645093764781058787591871645665788717
-# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5
-# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e
-# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2
------BEGIN CERTIFICATE-----
-MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
-iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
-cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
-BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
-MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
-aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
-3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
-tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
-Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
-VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
-79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
-c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
-Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
-c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
-UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
-Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
-BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
-Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
-VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
-ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
-8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
-iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
-Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
-XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
-qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
-VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
-L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
-jjxDah2nGN59PRbxYvnKkKj9
------END CERTIFICATE-----
diff --git a/check-certificates b/check-certificates
new file mode 100644
index 00000000..ca5ffe39
--- /dev/null
+++ b/check-certificates
@@ -0,0 +1,108 @@
+#!rsc
+# RouterOS script: check-certificates
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# check for certificate validity
+
+:global Identity;
+:global CertRenewUrl;
+:global CertRenewPass;
+
+:global SendNotification;
+:global UrlEncode;
+:global WaitForFile;
+
+:local GetIssuerCN do={
+ :foreach IssuerI in=$1 do={
+ :if ([ :pick $IssuerI 0 3 ] = "CN=") do={
+ :return [ :pick $IssuerI 3 99 ];
+ }
+ }
+ :return "";
+}
+
+:local FormatExpire do={
+ :global CharacterReplace;
+ :return [ $CharacterReplace [ $CharacterReplace [ :tostr $1 ] "w" "w " ] "d" "d " ];
+}
+
+:foreach Cert in=[ / certificate find where !revoked !ca expires-after<3w ] do={
+ :local CertVal [ / certificate get $Cert ];
+
+ :do {
+ :if ([ :len $CertRenewUrl ] = 0) do={
+ :log info "No CertRenewUrl given.";
+ :error "No CertRenewUrl given.";
+ }
+
+ :foreach Type in={ ".pem"; ".p12" } do={
+ :local CertFileName ([ $UrlEncode ($CertVal->"common-name") ] . $Type);
+ :do {
+ / tool fetch check-certificate=yes-without-crl \
+ ($CertRenewUrl . $CertFileName) dst-path=$CertFileName;
+ $WaitForFile $CertFileName;
+ :foreach PassPhrase in=$CertRenewPass do={
+ / certificate import file-name=$CertFileName passphrase=$PassPhrase;
+ }
+ / file remove [ find where name=$CertFileName ];
+ } on-error={
+ :log debug ("Could not download certificate file " . $CertFileName);
+ }
+ }
+
+ :local CertNew [ / certificate find where common-name=($CertVal->"common-name") fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>3w ];
+ :local CertNewVal [ / certificate get $CertNew ];
+
+ / ip service set certificate=($CertNewVal->"name") [ find where certificate=($CertVal->"name") ];
+
+ :do {
+ / ip ipsec identity set certificate=($CertNewVal->"name") [ / ip ipsec identity find where certificate=($CertVal->"name") ];
+ / ip ipsec identity set remote-certificate=($CertNewVal->"name") [ / ip ipsec identity find where remote-certificate=($CertVal->"name") ];
+ } on-error={
+ :log debug ("Setting IPSEC certificates failed. Package 'security' not installed?");
+ }
+
+ :do {
+ / ip hotspot profile set ssl-certificate=($CertNewVal->"name") [ / ip hotspot profile find where ssl-certificate=($CertVal->"name") ];
+ } on-error={
+ :log debug ("Setting hotspot certificates failed. Package 'hotspot' not installed?");
+ }
+
+ / certificate remove $Cert;
+ / certificate set $CertNew name=($CertVal->"name")
+
+ $SendNotification ("Certificate renewed") \
+ ("A certificate on " . $Identity . " has been renewed.\n\n" . \
+ "Name: " . ($CertVal->"name") . "\n" . \
+ "CommonName: " . ($CertNewVal->"common-name") . "\n" . \
+ "Fingerprint: " . ($CertNewVal->"fingerprint") . "\n" . \
+ "Issuer: " . [ $GetIssuerCN ($CertNewVal->"issuer") ] . "\n" . \
+ "Validity: " . ($CertNewVal->"invalid-before") . " to " . ($CertNewVal->"invalid-after") . "\n" . \
+ "Expires in: " . [ $FormatExpire ($CertNewVal->"expires-after") ]);
+ :log info ("The certificate " . ($CertVal->"name") . " has been renewed.");
+ } on-error={
+ :log debug ("Could not renew certificate " . ($CertVal->"name") . ".");
+ }
+}
+
+:foreach Cert in=[ / certificate find where !revoked expires-after<2w fingerprint~"."] do={
+ :local CertVal [ / certificate get $Cert ];
+
+ :local ExpiresAfter [ $FormatExpire ($CertVal->"expires-after") ];
+ :local State "is about to expire";
+ :if (($CertVal->"expired") = true) do={
+ :set ExpiresAfter "expired";
+ :set State "expired";
+ }
+
+ $SendNotification ("Certificate warning!") \
+ ("A certificate on " . $Identity . " " . $State . ".\n\n" . \
+ "Name: " . ($CertVal->"name") . "\n" . \
+ "CommonName: " . ($CertVal->"common-name") . "\n" . \
+ "Fingerprint: " . ($CertVal->"fingerprint") . "\n" . \
+ "Issuer: " . ($CertVal->"ca") . [ $GetIssuerCN ($CertVal->"issuer") ] . "\n" . \
+ "Validity: " . ($CertVal->"invalid-before") . " to " . ($CertVal->"invalid-after") . "\n" . \
+ "Expires in: " . $ExpiresAfter);
+ :log warning ("The certificate " . ($CertVal->"name") . " " . $State . \
+ ", it is invalid after " . ($CertVal->"invalid-after") . ".");
+}
diff --git a/check-certificates.rsc b/check-certificates.rsc
deleted file mode 100644
index 1dd61299..00000000
--- a/check-certificates.rsc
+++ /dev/null
@@ -1,250 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-certificates
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-# requires device-mode, fetch
-#
-# check for certificate validity
-# https://rsc.eworm.de/doc/check-certificates.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global CertRenewTime;
- :global CertRenewUrl;
- :global CertWarnTime;
- :global Identity;
-
- :global CertificateAvailable;
- :global EscapeForRegEx;
- :global IfThenElse;
- :global LogPrint;
- :global ParseKeyValueStore;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
- :global UrlEncode;
- :global WaitFullyConnected;
-
- :local CheckCertificatesDownloadImport do={
- :local ScriptName [ :tostr $1 ];
- :local CertName [ :tostr $2 ];
- :local FetchName [ :tostr $3 ];
-
- :global CertRenewUrl;
- :global CertRenewPass;
-
- :global CertificateNameByCN;
- :global EscapeForRegEx;
- :global FetchUserAgentStr;
- :global LogPrint;
- :global RmFile;
- :global UrlEncode;
- :global WaitForFile;
-
- :foreach Type in={ "p12"; "pem" } do={
- :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type);
- $LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \
- "' (file '" . $CertFileName . "')...");
-
- :do {
- /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
- ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
- $WaitForFile $CertFileName;
-
- :local DecryptionFailed true;
- :foreach I,PassPhrase in=$CertRenewPass do={
- :do {
- $LogPrint debug $ScriptName ("Trying " . $I . ". passphrase... ");
- :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
- :if ($Result->"decryption-failures" = 0) do={
- $LogPrint debug $ScriptName ("Success!");
- :set DecryptionFailed false;
- }
- } on-error={ }
- }
- $RmFile $CertFileName;
-
- :if ($DecryptionFailed = true) do={
- $LogPrint warning $ScriptName ("Decryption failed for certificate file '" . $CertFileName . "'.");
- }
-
- :foreach CertInChain in=[ /certificate/find where common-name!=$CertName !private-key \
- name~("^" . [ $EscapeForRegEx $CertFileName ] . "_[0-9]+\$") \
- !(subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $CertName ] . "(\\W|\$)")) \
- !(common-name=[]) ] do={
- $CertificateNameByCN [ /certificate/get $CertInChain common-name ];
- }
-
- :return true;
- } on-error={
- $LogPrint debug $ScriptName ("Could not download certificate file '" . $CertFileName . "'.");
- }
- }
-
- :return false;
- }
-
- :local FormatInfo do={
- :local Cert $1;
-
- :global FormatLine;
- :global FormatMultiLines;
- :global IfThenElse;
-
- :local FormatExpire do={
- :global CharacterReplace;
- :return [ $CharacterReplace [ $CharacterReplace [ :tostr $1 ] "w" "w " ] "d" "d " ];
- }
-
- :local FormatCertChain do={
- :local Cert $1;
-
- :global ParseKeyValueStore;
-
- :local CertVal [ /certificate/get $Cert ];
-
- :if ([ :typeof ($CertVal->"issuer") ] = "nothing") do={
- :return "self-signed";
- }
-
- :local Return "";
- :for I from=0 to=5 do={
- :set Return ($Return . [ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
- :local CertSettings [ /certificate/settings/get ];
- :if (([ :len ($CertSettings->"builtin-trust-anchors") ] > 0 || \
- [ :len ($CertSettings->"builtin-trust-store") ] > 0) && \
- [[ :parse (":return [ :len [ /certificate/builtin/find where skid=\"" . ($CertVal->"akid") . "\" ] ]") ]] > 0) do={
- :return $Return;
- }
- :do {
- :set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ];
- } on-error={
- :return ($Return . " (possibly incomplete!)");
- }
- :if (($CertVal->"akid") = "" || ($CertVal->"akid") = ($CertVal->"skid")) do={
- :return $Return;
- }
- :set Return ($Return . " -> ");
- }
- :return ($Return . "...");
- }
-
- :local CertVal [ /certificate/get $Cert ];
-
- :return ( \
- [ $FormatLine "Name" ($CertVal->"name") ] . "\n" . \
- [ $IfThenElse ([ :len ($CertVal->"common-name") ] > 0) ([ $FormatLine "CommonName" ($CertVal->"common-name") ] . "\n") ] . \
- [ $IfThenElse ([ :len ($CertVal->"subject-alt-name") ] > 0) ([ $FormatMultiLines "SubjectAltNames" ($CertVal->"subject-alt-name") ] . "\n") ] . \
- [ $FormatLine "Private key" [ $IfThenElse (($CertVal->"private-key") = true) "available" "missing" ] ] . "\n" . \
- [ $FormatLine "Fingerprint" ($CertVal->"fingerprint") ] . "\n" . \
- [ $IfThenElse ([ :len ($CertVal->"ca") ] > 0) [ $FormatLine "Issuer" ($CertVal->"ca") ] [ $FormatLine "Issuer chain" [ $FormatCertChain $Cert ] ] ] . "\n" . \
- "Validity:\n" . \
- [ $FormatLine " from" ($CertVal->"invalid-before") ] . "\n" . \
- [ $FormatLine " to" ($CertVal->"invalid-after") ] . "\n" . \
- [ $FormatLine "Expires in" [ $IfThenElse (($CertVal->"expired") = true) "expired" [ $FormatExpire ($CertVal->"expires-after") ] ] ]);
- }
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
- $WaitFullyConnected;
-
- :foreach Cert in=[ /certificate/find where !revoked !ca !scep-url expires-after<$CertRenewTime ] do={
- :local CertVal [ /certificate/get $Cert ];
- :local LastName;
- :local FetchName;
-
- :do {
- :if ([ :len $CertRenewUrl ] = 0) do={
- $LogPrint info $ScriptName ("No CertRenewUrl given.");
- :error false;
- }
- $LogPrint info $ScriptName ("Attempting to renew certificate '" . ($CertVal->"name") . "'.");
-
- :local ImportSuccess false;
- :set LastName ($CertVal->"common-name");
- :set FetchName $LastName;
- :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ];
- :foreach SAN in=($CertVal->"subject-alt-name") do={
- :if ($ImportSuccess = false) do={
- :set LastName [ :pick $SAN ([ :find $SAN ":" ] + 1) [ :len $SAN ] ];
- :set FetchName $LastName;
- :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ];
- :if ($ImportSuccess = false && [ :pick $LastName 0 2 ] = "*.") do={
- :set FetchName ("star." . [ :pick $LastName 2 [ :len $LastName ] ]);
- :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ];
- }
- }
- }
- :if ($ImportSuccess = false) do={ :error false; }
-
- :if ([ :len ($CertVal->"fingerprint") ] > 0 && $CertVal->"fingerprint" != [ /certificate/get $Cert fingerprint ]) do={
- $LogPrint debug $ScriptName ("Certificate '" . $CertVal->"name" . "' was updated in place.");
- :set CertVal [ /certificate/get $Cert ];
- } else={
- $LogPrint debug $ScriptName ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.");
-
- :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $FetchName ] ] . "\\.(p12|pem)_[0-9]+\$") \
- (common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \
- fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
- :local CertNewVal [ /certificate/get $CertNew ];
-
- :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") "fetch" ] = false) do={
- $LogPrint warning $ScriptName ("The certificate chain is not available!");
- }
-
- :if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
- /certificate/remove $CertNew;
- $LogPrint warning $ScriptName ("Old certificate '" . ($CertVal->"name") . "' has a private key, new certificate does not. Aborting renew.");
- :error false;
- }
-
- /ip/service/set certificate=($CertNewVal->"name") [ find where certificate=($CertVal->"name") ];
-
- /ip/ipsec/identity/set certificate=($CertNewVal->"name") [ find where certificate=($CertVal->"name") ];
- /ip/ipsec/identity/set remote-certificate=($CertNewVal->"name") [ find where remote-certificate=($CertVal->"name") ];
-
- /ip/hotspot/profile/set ssl-certificate=($CertNewVal->"name") [ find where ssl-certificate=($CertVal->"name") ];
-
- /certificate/remove $Cert;
- /certificate/set $CertNew name=($CertVal->"name");
- :set Cert $CertNew;
- :set CertVal [ /certificate/get $CertNew ];
- }
-
- $SendNotification2 ({ origin=$ScriptName; silent=true; \
- subject=([ $SymbolForNotification "lock-with-ink-pen" ] . "Certificate renewed: " . ($CertVal->"name")); \
- message=("A certificate on " . $Identity . " has been renewed.\n\n" . [ $FormatInfo $Cert ]) });
- $LogPrint info $ScriptName ("The certificate '" . ($CertVal->"name") . "' has been renewed.");
- } on-error={
- $LogPrint debug $ScriptName ("Could not renew certificate '" . ($CertVal->"name") . "'.");
- }
- }
-
- :foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) \
- expires-after<$CertWarnTime !(fingerprint=[]) ] do={
- :local CertVal [ /certificate/get $Cert ];
-
- :if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={
- $LogPrint debug $ScriptName ("Certificate '" . ($CertVal->"name") . "' is handled by SCEP, skipping.");
- } else={
- :local State [ $IfThenElse (($CertVal->"expired") = true) "expired" "is about to expire" ];
-
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "lock-with-ink-pen,warning-sign" ] . "Certificate warning: " . ($CertVal->"name")); \
- message=("A certificate on " . $Identity . " " . $State . ".\n\n" . [ $FormatInfo $Cert ]) });
- $LogPrint info $ScriptName ("The certificate '" . ($CertVal->"name") . "' " . $State . \
- ", it is invalid after " . ($CertVal->"invalid-after") . ".");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/check-health.d/state.rsc b/check-health.d/state.rsc
deleted file mode 100644
index bbba31e0..00000000
--- a/check-health.d/state.rsc
+++ /dev/null
@@ -1,49 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-health.d/state
-# Copyright (c) 2019-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# check for RouterOS health state - state plugin
-# https://rsc.eworm.de/doc/check-health.md
-
-:global CheckHealthPlugins;
-
-:set ($CheckHealthPlugins->[ :jobname ]) do={
- :local FuncName [ :tostr $0 ];
- :local ScriptName [ :tostr $1 ];
-
- :global CheckHealthLast;
- :global Identity;
-
- :global LogPrint;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ :len [ /system/health/find where type="" name~"-state\$"] ] = 0) do={
- $LogPrint debug $FuncName ("Your device does not provide any state health values.");
- :return false;
- }
-
- :foreach State in=[ /system/health/find where type="" name~"-state\$" ] do={
- :local Name [ /system/health/get $State name ];
- :local Value [ /system/health/get $State value ];
-
- :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={
- :if ($CheckHealthLast->$Name = "ok" && \
- $Value != "ok") do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "cross-mark" ] . "Health warning: " . $Name); \
- message=("The device '" . $Name . "' on " . $Identity . " failed!") });
- }
- :if ($CheckHealthLast->$Name != "ok" && \
- $Value = "ok") do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "Health recovery: " . $Name); \
- message=("The device '" . $Name . "' on " . $Identity . " recovered!") });
- }
- }
- :set ($CheckHealthLast->$Name) $Value;
- }
-}
diff --git a/check-health.d/temperature.rsc b/check-health.d/temperature.rsc
deleted file mode 100644
index 64fc6bf3..00000000
--- a/check-health.d/temperature.rsc
+++ /dev/null
@@ -1,75 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-health.d/temperature
-# Copyright (c) 2019-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# check for RouterOS health state - temperature plugin
-# https://rsc.eworm.de/doc/check-health.md
-
-:global CheckHealthPlugins;
-
-:set ($CheckHealthPlugins->[ :jobname ]) do={
- :local FuncName [ :tostr $0 ];
- :local ScriptName [ :tostr $1 ];
-
- :global CheckHealthLast;
- :global CheckHealthTemperature;
- :global CheckHealthTemperatureDeviation;
- :global CheckHealthTemperatureNotified;
- :global Identity;
-
- :global LogPrint;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ :len [ /system/health/find where type="C" ] ] = 0) do={
- $LogPrint debug $FuncName ("Your device does not provide any voltage health values.");
- :return false;
- }
-
- :local TempToNum do={
- :global CharacterReplace;
- :local T [ :toarray [ $CharacterReplace $1 "." "," ] ];
- :return ($T->0 * 10 + $T->1);
- }
-
- :if ([ :typeof $CheckHealthTemperatureNotified ] != "array") do={
- :set CheckHealthTemperatureNotified ({});
- }
-
- :foreach Temperature in=[ /system/health/find where type="C" ] do={
- :local Name [ /system/health/get $Temperature name ];
- :local Value [ /system/health/get $Temperature value ];
-
- :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={
- :if ([ :typeof ($CheckHealthTemperature->$Name) ] != "num" ) do={
- $LogPrint info $FuncName ("No threshold given for " . $Name . ", assuming 50C.");
- :set ($CheckHealthTemperature->$Name) 50;
- }
- :local Validate [ /system/health/get [ find where name=$Name ] value ];
- :while ($Value != $Validate) do={
- :set Value $Validate;
- :set Validate [ /system/health/get [ find where name=$Name ] value ];
- }
- :if ($Value > $CheckHealthTemperature->$Name && \
- $CheckHealthTemperatureNotified->$Name != true) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "fire" ] . "Health warning: " . $Name); \
- message=("The " . $Name . " on " . $Identity . " is above threshold: " . \
- $Value . "\C2\B0" . "C") });
- :set ($CheckHealthTemperatureNotified->$Name) true;
- }
- :if ($Value <= ($CheckHealthTemperature->$Name - $CheckHealthTemperatureDeviation) && \
- $CheckHealthTemperatureNotified->$Name = true) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "Health recovery: " . $Name); \
- message=("The " . $Name . " on " . $Identity . " dropped below threshold: " . \
- $Value . "\C2\B0" . "C") });
- :set ($CheckHealthTemperatureNotified->$Name) false;
- }
- }
- :set ($CheckHealthLast->$Name) $Value;
- }
-}
diff --git a/check-health.d/voltage.rsc b/check-health.d/voltage.rsc
deleted file mode 100644
index 1121c23c..00000000
--- a/check-health.d/voltage.rsc
+++ /dev/null
@@ -1,64 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-health.d/voltage
-# Copyright (c) 2019-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# check for RouterOS health state - voltage plugin
-# https://rsc.eworm.de/doc/check-health.md
-
-:global CheckHealthPlugins;
-
-:set ($CheckHealthPlugins->[ :jobname ]) do={
- :local FuncName [ :tostr $0 ];
- :local ScriptName [ :tostr $1 ];
-
- :global CheckHealthLast;
- :global CheckHealthVoltageLow;
- :global CheckHealthVoltagePercent;
- :global Identity;
-
- :global FormatLine;
- :global IfThenElse;
- :global LogPrint;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ :len [ /system/health/find where type="V" ] ] = 0) do={
- $LogPrint debug $FuncName ("Your device does not provide any voltage health values.");
- :return false;
- }
-
- :foreach Voltage in=[ /system/health/find where type="V" ] do={
- :local Name [ /system/health/get $Voltage name ];
- :local Value [ /system/health/get $Voltage value ];
-
- :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={
- :local NumCurr [ $TempToNum $Value ];
- :local NumLast [ $TempToNum ($CheckHealthLast->$Name) ];
-
- :if ($NumLast * (100 + $CheckHealthVoltagePercent) < $NumCurr * 100 || \
- $NumLast * 100 > $NumCurr * (100 + $CheckHealthVoltagePercent)) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification ("high-voltage-sign,chart-" . [ $IfThenElse ($NumLast < \
- $NumCurr) "in" "de" ] . "creasing") ] . "Health warning: " . $Name); \
- message=("The " . $Name . " on " . $Identity . " jumped more than " . $CheckHealthVoltagePercent . "%.\n\n" . \
- [ $FormatLine "old value" ($CheckHealthLast->$Name . " V") 12 ] . "\n" . \
- [ $FormatLine "new value" ($Value . " V") 12 ]) });
- } else={
- :if ($NumCurr <= $CheckHealthVoltageLow && $NumLast > $CheckHealthVoltageLow) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "high-voltage-sign,chart-decreasing" ] . "Health warning: Low " . $Name); \
- message=("The " . $Name . " on " . $Identity . " dropped to " . $Value . " V below hard limit.") });
- }
- :if ($NumCurr > $CheckHealthVoltageLow && $NumLast <= $CheckHealthVoltageLow) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "high-voltage-sign,chart-increasing" ] . "Health recovery: Low " . $Name); \
- message=("The " . $Name . " on " . $Identity . " recovered to " . $Value . " V above hard limit.") });
- }
- }
- }
- :set ($CheckHealthLast->$Name) $Value;
- }
-}
diff --git a/check-health.rsc b/check-health.rsc
deleted file mode 100644
index eea31701..00000000
--- a/check-health.rsc
+++ /dev/null
@@ -1,110 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-health
-# Copyright (c) 2019-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# check for RouterOS health state
-# https://rsc.eworm.de/doc/check-health.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global CheckHealthCPUUtilization;
- :global CheckHealthCPUUtilizationNotified;
- :global CheckHealthLast;
- :global CheckHealthRAMUtilizationNotified;
- :global Identity;
-
- :global FormatLine;
- :global HumanReadableNum;
- :global IfThenElse;
- :global LogPrint;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
- :global ValidateSyntax;
-
- :local TempToNum do={
- :global CharacterReplace;
- :local T [ :toarray [ $CharacterReplace $1 "." "," ] ];
- :return ($T->0 * 10 + $T->1);
- }
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :local Resource [ /system/resource/get ];
-
- :set CheckHealthCPUUtilization (($CheckHealthCPUUtilization * 4 + ($Resource->"cpu-load") * 10) / 5);
- :if ($CheckHealthCPUUtilization > 750 && $CheckHealthCPUUtilizationNotified != true) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "abacus,chart-increasing" ] . "Health warning: CPU utilization"); \
- message=("The average CPU utilization on " . $Identity . " is at " . ($CheckHealthCPUUtilization / 10) . "%!") });
- :set CheckHealthCPUUtilizationNotified true;
- }
- :if ($CheckHealthCPUUtilization < 650 && $CheckHealthCPUUtilizationNotified = true) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "abacus,chart-decreasing" ] . "Health recovery: CPU utilization"); \
- message=("The average CPU utilization on " . $Identity . " decreased to " . ($CheckHealthCPUUtilization / 10) . "%.") });
- :set CheckHealthCPUUtilizationNotified false;
- }
-
- :local CheckHealthRAMUtilization (($Resource->"total-memory" - $Resource->"free-memory") * 100 / $Resource->"total-memory");
- :if ($CheckHealthRAMUtilization >=80 && $CheckHealthRAMUtilizationNotified != true) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "card-file-box,chart-increasing" ] . "Health warning: RAM utilization"); \
- message=("The RAM utilization on " . $Identity . " is at " . $CheckHealthRAMUtilization . "%!\n\n" . \
- [ $FormatLine "total" ([ $HumanReadableNum ($Resource->"total-memory") 1024 ] . "B") 8 ] . "\n" . \
- [ $FormatLine "used" ([ $HumanReadableNum ($Resource->"total-memory" - $Resource->"free-memory") 1024 ] . "B") 8 ] . "\n" . \
- [ $FormatLine "free" ([ $HumanReadableNum ($Resource->"free-memory") 1024 ] . "B") 8 ]) });
- :set CheckHealthRAMUtilizationNotified true;
- }
- :if ($CheckHealthRAMUtilization < 70 && $CheckHealthRAMUtilizationNotified = true) do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "card-file-box,chart-decreasing" ] . "Health recovery: RAM utilization"); \
- message=("The RAM utilization on " . $Identity . " decreased to " . $CheckHealthRAMUtilization . "%.") });
- :set CheckHealthRAMUtilizationNotified false;
- }
-
- :local Plugins [ /system/script/find where name~"^check-health\\.d/." ];
- :if ([ :len $Plugins ] = 0) do={
- $LogPrint debug $ScriptName ("No plugins installed.");
- :set ExitOK true;
- :error true;
- }
-
- :global CheckHealthPlugins ({});
- :if ([ :typeof $CheckHealthLast ] != "array") do={
- :set CheckHealthLast ({});
- }
-
- :foreach Plugin in=$Plugins do={
- :local PluginVal [ /system/script/get $Plugin ];
- :if ([ $ValidateSyntax ($PluginVal->"source") ] = true) do={
- :onerror Err {
- /system/script/run $Plugin;
- } do={
- $LogPrint error $ScriptName ("Plugin '" . $PluginVal->"name" . "' failed to run: " . $Err);
- }
- } else={
- $LogPrint error $ScriptName ("Plugin '" . $PluginVal->"name" . "' failed syntax validation, skipping.");
- }
- }
-
- :foreach PluginName,Discard in=$CheckHealthPlugins do={
- ($CheckHealthPlugins->$PluginName) \
- ("\$CheckHealthPlugins->\"" . $PluginName . "\"") $ScriptName;
- }
-
- :set CheckHealthPlugins;
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/check-lte-firmware-upgrade b/check-lte-firmware-upgrade
new file mode 100644
index 00000000..045d8932
--- /dev/null
+++ b/check-lte-firmware-upgrade
@@ -0,0 +1,32 @@
+#!rsc
+# RouterOS script: check-lte-firmware-upgrade
+# Copyright (c) 2018-2019 Christian Hesse
+#
+# check for LTE firmware upgrade, send notification
+
+:global Identity;
+:global SentLteFirmwareUpgradeNotification;
+
+:global SendNotification;
+
+:foreach Interface in=[ / interface lte find ] do={
+ :local IntName [ / interface lte get $Interface name ];
+ :do {
+ :local Firmware [ / interface lte firmware-upgrade $Interface once as-value ];
+
+ :if ($SentLteFirmwareUpgradeNotification = ($Firmware->"latest")) do={
+ :log debug ("Already sent the LTE firmware upgrade notification for version " . \
+ ($Firmware->"latest") . ".");
+ } else={
+ :if (($Firmware->"installed") != ($Firmware->"latest")) do={
+ $SendNotification ("LTE firmware upgrade") \
+ ("A new firmware version " . ($Firmware->"latest") . " is available for " . \
+ "LTE interface " . $IntName . " on " . $Identity . ".");
+ :set SentLteFirmwareUpgradeNotification ($Firmware->"latest");
+ }
+ }
+ } on-error={
+ :log debug ("Could not get latest LTE firmware version for interface " . \
+ $IntName . ".");
+ }
+}
diff --git a/check-lte-firmware-upgrade.rsc b/check-lte-firmware-upgrade.rsc
deleted file mode 100644
index da268e4c..00000000
--- a/check-lte-firmware-upgrade.rsc
+++ /dev/null
@@ -1,107 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-lte-firmware-upgrade
-# Copyright (c) 2018-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# check for LTE firmware upgrade, send notification
-# https://rsc.eworm.de/doc/check-lte-firmware-upgrade.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global SentLteFirmwareUpgradeNotification;
-
- :global ScriptLock;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :typeof $SentLteFirmwareUpgradeNotification ] != "array") do={
- :global SentLteFirmwareUpgradeNotification ({});
- }
-
- :local CheckInterface do={
- :local ScriptName $1;
- :local Interface $2;
-
- :global Identity;
- :global SentLteFirmwareUpgradeNotification;
-
- :global FormatLine;
- :global IfThenElse;
- :global LogPrint;
- :global ScriptFromTerminal;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :local IntName [ /interface/lte/get $Interface name ];
- :local Firmware;
- :local Info;
- :onerror Err {
- :set Firmware [ /interface/lte/firmware-upgrade $Interface as-value ];
- :set Info [ /interface/lte/monitor $Interface once as-value ];
- } do={
- $LogPrint debug $ScriptName ("Could not get latest LTE firmware version for interface " . \
- $IntName . ": " . $Err);
- :return false;
- }
-
- :if ([ :len ($Firmware->"latest") ] = 0) do={
- $LogPrint info $ScriptName ("An empty string is not a valid version.");
- :return false;
- }
-
- :if (($Firmware->"installed") = ($Firmware->"latest")) do={
- :if ([ $ScriptFromTerminal $ScriptName ] = true) do={
- $LogPrint info $ScriptName ("No firmware upgrade available for LTE interface " . $IntName . ".");
- }
- :return true;
- }
-
- :if ([ $ScriptFromTerminal $ScriptName ] = true && \
- [ :len [ /system/script/find where name="unattended-lte-firmware-upgrade" ] ] > 0) do={
- :put ("Do you want to start unattended lte firmware upgrade for interface " . $IntName . "? [y/N]");
- :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={
- /system/script/run unattended-lte-firmware-upgrade;
- $LogPrint info $ScriptName ("Scheduled lte firmware upgrade for interface " . $IntName . "...");
- :return true;
- } else={
- :put "Canceled...";
- }
- }
-
- :if (($SentLteFirmwareUpgradeNotification->$IntName) = ($Firmware->"latest")) do={
- $LogPrint debug $ScriptName ("Already sent the LTE firmware upgrade notification for version " . \
- ($Firmware->"latest") . ".");
- :return false;
- }
-
- $LogPrint info $ScriptName ("A new firmware version " . ($Firmware->"latest") . " is available for " . \
- "LTE interface " . $IntName . ".");
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "sparkles" ] . "LTE firmware upgrade"); \
- message=("A new firmware version " . ($Firmware->"latest") . " is available for " . \
- "LTE interface " . $IntName . " on " . $Identity . ".\n\n" . \
- [ $IfThenElse ([ :len ($Info->"manufacturer") ] > 0) ([ $FormatLine "Manufacturer" ($Info->"manufacturer") ] . "\n") ] . \
- [ $IfThenElse ([ :len ($Info->"model") ] > 0) ([ $FormatLine "Model" ($Info->"model") ] . "\n") ] . \
- [ $IfThenElse ([ :len ($Info->"revision") ] > 0) ([ $FormatLine "Revision" ($Info->"revision") ] . "\n") ] . \
- "Firmware version:\n" . \
- [ $FormatLine " Installed" ($Firmware->"installed") ] . "\n" . \
- [ $FormatLine " Available" ($Firmware->"latest") ]); silent=true });
- :set ($SentLteFirmwareUpgradeNotification->$IntName) ($Firmware->"latest");
- }
-
- :foreach Interface in=[ /interface/lte/find ] do={
- $CheckInterface $ScriptName $Interface;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/check-perpetual-license.rsc b/check-perpetual-license.rsc
deleted file mode 100644
index 4326a2f5..00000000
--- a/check-perpetual-license.rsc
+++ /dev/null
@@ -1,78 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-perpetual-license
-# Copyright (c) 2025-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-#
-# check perpetual license on CHR
-# https://rsc.eworm.de/doc/check-perpetual-license.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global Identity;
- :global SentCertificateNotification;
-
- :global LogPrint;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
- :global WaitFullyConnected;
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- $WaitFullyConnected;
-
- :local License [ /system/license/get ];
- :if ([ :typeof ($License->"deadline-at") ] != "str") do={
- $LogPrint info $ScriptName ("This device does not have a perpetual license.");
- :set ExitOK true;
- :error true;
- }
-
- :if ([ :len ($License->"next-renewal-at") ] = 0 && ($License->"limited-upgrades") = true) do={
- $LogPrint warning $ScriptName ("Your license expired on " . ($License->"deadline-at") . "!");
- :if ($SentCertificateNotification != "expired") do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "scroll,cross-mark" ] . "License expired!"); \
- message=("Your license expired on " . ($License->"deadline-at") . \
- ", can no longer update RouterOS on " . $Identity . "...") });
- :set SentCertificateNotification "expired";
- }
- :set ExitOK true;
- :error true;
- }
-
- :if ([ :totime ($License->"deadline-at") ] - 3w < [ :timestamp ]) do={
- $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!");
- :if ($SentCertificateNotification != "warning") do={
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "scroll,warning-sign" ] . "License about to expire!"); \
- message=("Your license failed to renew and is about to expire on " . \
- ($License->"deadline-at") . " on " . $Identity . "...") });
- :set SentCertificateNotification "warning";
- }
- :set ExitOK true;
- :error true;
- }
-
- :if ([ :typeof $SentCertificateNotification ] = "str" && \
- [ :totime ($License->"deadline-at") ] - 4w > [ :timestamp ]) do={
- $LogPrint info $ScriptName ("Your license was successfully renewed.");
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "scroll,white-heavy-check-mark" ] . "License renewed"); \
- message=("Your license was successfully renewed on " . $Identity . \
- ". It is now valid until " . ($License->"deadline-at") . ".") });
- :set SentCertificateNotification;
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/check-routeros-update b/check-routeros-update
new file mode 100644
index 00000000..104567e8
--- /dev/null
+++ b/check-routeros-update
@@ -0,0 +1,84 @@
+#!rsc
+# RouterOS script: check-routeros-update
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# check for RouterOS update, send notification and/or install
+
+:global Identity;
+:global SafeUpdateUrl;
+:global SentRouterosUpdateNotification;
+
+:global SendNotification;
+
+:local Update do={
+ :if ([ / system script print count-only where name="packages-update" ] > 0) do={
+ / system script run packages-update;
+ } else={
+ / system package update install without-paging;
+ }
+ :error "Waiting for system to reboot.";
+}
+
+:if ([ / system package print count-only where name="wireless" disabled=no ] > 0) do={
+ :if ([ / interface wireless cap get enabled ] = true && \
+ [ / caps-man manager get enabled ] = false) do={
+ :log warning "System is managed by CAPsMAN, not checking.";
+ :error "Warning: See log for details.";
+ }
+}
+
+/ system package update check-for-updates without-paging;
+:local InstalledVersion [ / system package update get installed-version ];
+:local LatestVersion [ / system package update get latest-version ];
+
+:if ($InstalledVersion != $LatestVersion) do={
+ :local Channel [ / system package update get channel ];
+ :local BoardName [ / system resource get board-name ];
+ :local Model [ / system routerboard get model ];
+ :local SerialNumber [ / system routerboard get serial-number ];
+
+ :if ([ :len $SafeUpdateUrl ] > 0) do={
+ :local Result;
+ :do {
+ :set Result [ / tool fetch check-certificate=yes-without-crl \
+ ($SafeUpdateUrl . $Channel . "?installed=" . $InstalledVersion . \
+ "&latest=" . $LatestVersion) output=user as-value ];
+ } on-error={
+ :log warning ("Failed receiving safe version for " . $Channel . ".");
+ }
+ :if ($Result->"status" = "finished" && $Result->"data" = $LatestVersion) do={
+ :log info ("Version " . $LatestVersion . " is considered safe, updating...");
+ $SendNotification ("RouterOS update") \
+ ("Version " . $LatestVersion . " is considered safe for " . $Channel . \
+ ", updating on " . $Identity . "...");
+ $Update;
+ }
+ }
+
+ :if ([ / system script job print count-only where script="check-routeros-update" parent~"." ] > 0) do={
+ :put ("Do you want to install RouterOS version " . $LatestVersion . "? [y/N]");
+ :if ([ :terminal inkey timeout=60 ] = 121) do={
+ $Update;
+ } else={
+ :put "Canceled...";
+ }
+ }
+
+ :if ($SentRouterosUpdateNotification = $LatestVersion) do={
+ :log info ("Already sent the RouterOS update notification for version " . \
+ $LatestVersion . ".");
+ :error "Already sent notification.";
+ }
+
+ $SendNotification ("RouterOS update") \
+ ("There is a RouterOS update available.\n\n" . \
+ "Board name: " . $BoardName . "\n" . \
+ "Model: " . $Model . "\n" . \
+ "Serial number: " . $SerialNumber . "\n" . \
+ "Hostname: " . $Identity . "\n" . \
+ "Channel: " . $Channel . "\n" . \
+ "Installed: " . $InstalledVersion . "\n" . \
+ "Available: " . $LatestVersion . "\n\n" .\
+ "https://mikrotik.com/download/changelogs/" . $Channel . "-release-tree");
+ :set SentRouterosUpdateNotification $LatestVersion;
+}
diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc
deleted file mode 100644
index 98edb366..00000000
--- a/check-routeros-update.rsc
+++ /dev/null
@@ -1,222 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: check-routeros-update
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# requires RouterOS, version=7.17
-# requires device-mode, fetch, scheduler
-#
-# check for RouterOS update, send notification and/or install
-# https://rsc.eworm.de/doc/check-routeros-update.md
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global Identity;
- :global SafeUpdateAll;
- :global SafeUpdateNeighbor;
- :global SafeUpdateNeighborIdentity;
- :global SafeUpdatePatch;
- :global SafeUpdateUrl;
- :global SentRouterosUpdateNotification;
-
- :global DeviceInfo;
- :global EscapeForRegEx;
- :global FetchUserAgentStr;
- :global LogPrint;
- :global RebootForUpdate;
- :global ScriptFromTerminal;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
- :global VersionToNum;
- :global WaitFullyConnected;
-
- :local DoUpdate do={
- :local ScriptName [ :tostr $1 ];
-
- :if ([ :len [ /system/script/find where name="packages-update" ] ] > 0) do={
- /system/script/run packages-update;
- } else={
- /system/package/update/install without-paging;
- }
- }
-
- :if ([ $ScriptLock $ScriptName ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={
- $LogPrint warning $ScriptName ("Running from backup partition, refusing to act.");
- :set ExitOK true;
- :error false;
- }
-
- $WaitFullyConnected;
-
- :if ([ :len [ /system/scheduler/find where name="_RebootForUpdate" ] ] > 0) do={
- :if ([ :typeof $RebootForUpdate ] = "nothing") do={
- $LogPrint info $ScriptName ("Found a stale scheduler for reboot, removing.");
- /system/scheduler/remove "_RebootForUpdate";
- } else={
- $LogPrint info $ScriptName ("A reboot for update is already scheduled.");
- :set ExitOK true;
- :error false;
- }
- }
-
- $LogPrint debug $ScriptName ("Checking for updates...");
- /system/package/update/check-for-updates without-paging as-value;
- :local Update [ /system/package/update/get ];
-
- :if (($Update->"installed-version") = ($Update->"latest-version")) do={
- :if ([ $ScriptFromTerminal $ScriptName ] = true) do={
- $LogPrint info $ScriptName ("System is already up to date.");
- }
- :set ExitOK true;
- :error true;
- }
-
- :if ([ :len ($Update->"latest-version") ] = 0) do={
- $LogPrint info $ScriptName ("Received an empty version string from server.");
- :set ExitOK true;
- :error false;
- }
-
- :local NumInstalled [ $VersionToNum ($Update->"installed-version") ];
- :local NumLatest [ $VersionToNum ($Update->"latest-version") ];
- :local BitMask [ $VersionToNum "255.255zero0" ];
- :local NumInstalledFeature ($NumInstalled & $BitMask);
- :local NumLatestFeature ($NumLatest & $BitMask);
- :local Link ("https://mikrotik.com/download/changelogs/" . $Update->"channel" . "-release-tree");
-
- :if ($NumLatest < [ $VersionToNum "7.0" ]) do={
- $LogPrint warning $ScriptName ("The version '" . ($Update->"latest-version") . "' is not a valid version.");
- :set ExitOK true;
- :error false;
- }
-
- :if ($NumInstalled < $NumLatest) do={
- :if ($SafeUpdateAll ~ "^YES,? ?PLEASE!?\$") do={
- $LogPrint info $ScriptName ("Installing ALL versions automatically, including " . \
- $Update->"latest-version" . "...");
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \
- message=("Installing ALL versions automatically, including " . $Update->"latest-version" . \
- "... Updating on " . $Identity . "..."); link=$Link; silent=true });
- $DoUpdate $ScriptName;
- :set ExitOK true;
- :error true;
- }
-
- :if ($SafeUpdatePatch = true && $NumInstalledFeature = $NumLatestFeature) do={
- $LogPrint info $ScriptName ("Version " . $Update->"latest-version" . " is a patch release, updating...");
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \
- message=("Version " . $Update->"latest-version" . " is a patch update for " . $Update->"channel" . \
- ", updating on " . $Identity . "..."); link=$Link; silent=true });
- $DoUpdate $ScriptName;
- :set ExitOK true;
- :error true;
- }
-
- :if ($SafeUpdateNeighbor = true) do={
- :local Neighbors [ /ip/neighbor/find where platform="MikroTik" identity~$SafeUpdateNeighborIdentity \
- version~("^" . [ $EscapeForRegEx ($Update->"latest-version") ] . "\\b") ];
- :if ([ :len $Neighbors ] > 0) do={
- :local Neighbor [ /ip/neighbor/get ($Neighbors->0) identity ];
- $LogPrint info $ScriptName ("Seen a neighbor (" . $Neighbor . ") running version " . \
- $Update->"latest-version" . " from " . $Update->"channel" . ", updating...");
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \
- message=("Seen a neighbor (" . $Neighbor . ") running version " . $Update->"latest-version" . \
- " from " . $Update->"channel" . ", updating on " . $Identity . "..."); link=$Link; silent=true });
- $DoUpdate $ScriptName;
- :set ExitOK true;
- :error true;
- }
- }
-
- :if ([ :len $SafeUpdateUrl ] > 0) do={
- :local Result;
- :onerror Err {
- :set Result [ /tool/fetch check-certificate=yes-without-crl \
- ($SafeUpdateUrl . $Update->"channel" . "?installed=" . $Update->"installed-version" . \
- "&latest=" . $Update->"latest-version") http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
- output=user as-value ];
- } do={
- $LogPrint warning $ScriptName ("Failed receiving safe version for " . $Update->"channel" . ": " . $Err);
- }
- :if ($Result->"status" = "finished" && $Result->"data" = $Update->"latest-version") do={
- $LogPrint info $ScriptName ("Version " . $Update->"latest-version" . " is considered safe, updating...");
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \
- message=("Version " . $Update->"latest-version" . " is considered safe for " . $Update->"channel" . \
- ", updating on " . $Identity . "..."); link=$Link; silent=true });
- $DoUpdate $ScriptName;
- :set ExitOK true;
- :error true;
- }
- }
-
- :if ([ $ScriptFromTerminal $ScriptName ] = true) do={
- :if (($Update->"channel") = "testing" && $NumInstalledFeature < $NumLatestFeature) do={
- :put ("This is a feature update in testing channel. Switch to channel 'stable'? [y/N]");
- :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={
- /system/package/update/set channel=stable;
- $LogPrint info $ScriptName ("Switched to channel 'stable', please re-run!");
- :set ExitOK true;
- :error true;
- }
- }
-
- :put ("Do you want to install RouterOS version " . $Update->"latest-version" . "? [y/N]");
- :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={
- $DoUpdate $ScriptName;
- :set ExitOK true;
- :error true;
- } else={
- :put "Canceled...";
- }
- }
-
- :if ($SentRouterosUpdateNotification = $Update->"latest-version") do={
- $LogPrint info $ScriptName ("Already sent the RouterOS update notification for version " . \
- $Update->"latest-version" . ".");
- :set ExitOK true;
- :error true;
- }
-
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \
- message=("A new RouterOS version " . ($Update->"latest-version") . \
- " is available for " . $Identity . ".\n\n" . \
- [ $DeviceInfo ]); link=$Link; silent=true });
- :set SentRouterosUpdateNotification ($Update->"latest-version");
- }
-
- :if ($NumInstalled > $NumLatest) do={
- :if ($SentRouterosUpdateNotification = $Update->"latest-version") do={
- $LogPrint info $ScriptName ("Already sent the RouterOS downgrade notification for version " . \
- $Update->"latest-version" . ".");
- :set ExitOK true;
- :error true;
- }
-
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "warning-sign" ] . "RouterOS version: " . $Update->"latest-version"); \
- message=("A different RouterOS version " . ($Update->"latest-version") . \
- " is available for " . $Identity . ", but it is a downgrade.\n\n" . \
- [ $DeviceInfo ]); link=$Link; silent=true });
- $LogPrint info $ScriptName ("A different RouterOS version " . ($Update->"latest-version") . \
- " is available for downgrade.");
- :set SentRouterosUpdateNotification ($Update->"latest-version");
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/cloud-backup b/cloud-backup
new file mode 100644
index 00000000..f9e7747c
--- /dev/null
+++ b/cloud-backup
@@ -0,0 +1,42 @@
+#!rsc
+# RouterOS script: cloud-backup
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# upload backup to MikroTik cloud
+
+:global Identity;
+:global BackupPassword;
+
+:global SendNotification;
+
+# get some system information
+:local BoardName [ / system resource get board-name ];
+:local Model [ / system routerboard get model ];
+:local SerialNumber [ / system routerboard get serial-number ];
+:local Channel [ / system package update get channel ];
+:local InstalledVersion [ / system package update get installed-version ];
+
+:do {
+ # we are not interested in output, but print without count-only is
+ # required to fetch information from cloud
+ / system backup cloud print as-value;
+ :if ([ / system backup cloud print count-only ] > 0) do={
+ / system backup cloud remove-file ([ find ]->0);
+ }
+ / system backup cloud upload-file action=create-and-upload password=$BackupPassword;
+ :local Cloud [ / system backup cloud get ([ find ]->0) ];
+
+ $SendNotification "Cloud backup" \
+ ("Uploaded backup for " . $Identity . " to cloud.\n\n" . \
+ "Board name: " . $BoardName . "\n" . \
+ "Model: " . $Model . "\n" . \
+ "Serial number: " . $SerialNumber . "\n" . \
+ "Hostname: " . $Identity . "\n" . \
+ "Channel: " . $Channel . "\n" . \
+ "RouterOS: " . $InstalledVersion . "\n\n" . \
+ "Name: " . $Cloud->"name" . "\n" . \
+ "Size: " . $Cloud->"size" . "\n" . \
+ "Download key: " . $Cloud->"secret-download-key");
+} on-error={
+ :log error ("Failed uploading backup for " . $Identity . " to cloud.");
+}
diff --git a/collect-wireless-mac.capsman b/collect-wireless-mac.capsman
new file mode 100644
index 00000000..dd27ba62
--- /dev/null
+++ b/collect-wireless-mac.capsman
@@ -0,0 +1,63 @@
+#!rsc
+# RouterOS script: collect-wireless-mac.capsman
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# collect wireless mac adresses in access list
+#
+# !! Do not edit this file, it is generated from template!
+
+:global Identity;
+
+:global GetMacVendor;
+:global SendNotification;
+:global ScriptLock;
+
+$ScriptLock "collect-wireless-mac.capsman";
+
+:local PlaceBefore [ / caps-man access-list find where comment="--- collected above ---" disabled ];
+:if ([ :len $PlaceBefore ] = 0) do={
+ :log error "Missing disabled access-list entry with comment '--- collected above ---'";
+ :error "Error: See log for details.";
+}
+
+:foreach RegTbl in=[ / caps-man registration-table find ] do={
+ :local Mac [ / caps-man registration-table get $RegTbl mac-address ];
+ :local AccessList ([ / caps-man access-list find where mac-address=$Mac ]->0);
+ :if ([ :len $AccessList ] = 0) do={
+ :local HostName "no dhcp lease";
+ :local Address "no dhcp lease";
+ :local Lease [ / ip dhcp-server lease find where mac-address=$Mac ];
+ :if ([ :len $Lease ] > 0) do={
+ :set HostName [ / ip dhcp-server lease get $Lease host-name ];
+ :set Address [ / ip dhcp-server lease get $Lease address ];
+ }
+ :if ([ :len $HostName ] = 0) do={
+ :set HostName "no hostname";
+ }
+ :if ([ :len $Address ] = 0) do={
+ :set Address "no address";
+ }
+ :local RegEntry [ / caps-man registration-table find where mac-address=$Mac ];
+ :local Interface [ / caps-man registration-table get $RegEntry interface ];
+ :local Ssid [ / caps-man registration-table get $RegEntry ssid ];
+ :local DateTime ([ / system clock get date ] . " " . [ / system clock get time ]);
+ :local Vendor [ $GetMacVendor $Mac ];
+ :local Message ("unknown MAC address " . $Mac . " (" . $Vendor . ", " . $HostName . ") " . \
+ "first seen on " . $DateTime . " connected to SSID " . $Ssid . ", interface " . $Interface);
+ / log info $Message;
+ / caps-man access-list add place-before=$PlaceBefore comment=$Message mac-address=$Mac disabled=yes;
+ $SendNotification ($Mac . " connected to " . $Ssid) \
+ ("A device with unknown MAC address connected to " . $Ssid . " on " . $Identity . ".\n\n" . \
+ "Controller: " . $Identity . "\n" . \
+ "Interface: " . $Interface . "\n" . \
+ "SSID: " . $Ssid . "\n" . \
+ "MAC: " . $Mac . "\n" . \
+ "Vendor: " . $Vendor . "\n" . \
+ "Hostname: " . $HostName . "\n" . \
+ "Address: " . $Address . "\n" . \
+ "Date: " . $DateTime);
+ } else={
+ :local Comment [ / caps-man access-list get $AccessList comment ];
+ :log debug ("MAC address " . $Mac . " already known: " . $Comment);
+ }
+}
diff --git a/collect-wireless-mac.capsman.rsc b/collect-wireless-mac.capsman.rsc
deleted file mode 100644
index 0ef08b0d..00000000
--- a/collect-wireless-mac.capsman.rsc
+++ /dev/null
@@ -1,100 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: collect-wireless-mac.capsman
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: lease-script, order=40
-# requires RouterOS, version=7.17
-#
-# collect wireless mac adresses in access list
-# https://rsc.eworm.de/doc/collect-wireless-mac.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global Identity;
-
- :global EitherOr;
- :global FormatLine;
- :global FormatMultiLines;
- :global GetMacVendor;
- :global LogPrint;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ $ScriptLock $ScriptName 10 ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /caps-man/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
- /caps-man/access-list/add comment="--- collected above ---" disabled=yes;
- $LogPrint warning $ScriptName ("Added disabled access-list entry with comment '--- collected above ---'.");
- }
- :local PlaceBefore ([ /caps-man/access-list/find where comment="--- collected above ---" disabled ]->0);
-
- :foreach Reg in=[ /caps-man/registration-table/find ] do={
- :local RegVal;
- :do {
- :set RegVal [ /caps-man/registration-table/get $Reg ];
- } on-error={
- $LogPrint debug $ScriptName ("Device already gone... Ignoring.");
- }
-
- :if ([ :len ($RegVal->"mac-address") ] > 0) do={
- :local AccessList ([ /caps-man/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
- :if ([ :len $AccessList ] > 0) do={
- $LogPrint debug $ScriptName ("MAC address " . $RegVal->"mac-address" . " already known: " . \
- [ /caps-man/access-list/get $AccessList comment ]);
- }
-
- :if ([ :len $AccessList ] = 0) do={
- :local Address "no dhcp lease";
- :local DnsName "no dhcp lease";
- :local HostName "no dhcp lease";
- :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
- :if ([ :len $Lease ] > 0) do={
- :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
- :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
- :set DnsName "no dns name";
- :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
- :if ([ :len $DnsRec ] > 0) do={
- :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] });
- :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={
- :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]);
- }
- }
- }
- :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
- :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
- :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
- "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
- $LogPrint info $ScriptName $Message;
- /caps-man/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
- message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
- [ $FormatLine "Controller" $Identity ] . "\n" . \
- [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
- [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
- [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
- [ $FormatLine "Vendor" $Vendor ] . "\n" . \
- [ $FormatLine "Hostname" $HostName ] . "\n" . \
- [ $FormatLine "Address" $Address ] . "\n" . \
- [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \
- [ $FormatLine "Date" $DateTime ]) });
- }
- } else={
- $LogPrint debug $ScriptName ("No mac address available... Ignoring.");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/collect-wireless-mac.local b/collect-wireless-mac.local
new file mode 100644
index 00000000..a28e2ee7
--- /dev/null
+++ b/collect-wireless-mac.local
@@ -0,0 +1,63 @@
+#!rsc
+# RouterOS script: collect-wireless-mac.local
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# collect wireless mac adresses in access list
+#
+# !! Do not edit this file, it is generated from template!
+
+:global Identity;
+
+:global GetMacVendor;
+:global SendNotification;
+:global ScriptLock;
+
+$ScriptLock "collect-wireless-mac.local";
+
+:local PlaceBefore [ / interface wireless access-list find where comment="--- collected above ---" disabled ];
+:if ([ :len $PlaceBefore ] = 0) do={
+ :log error "Missing disabled access-list entry with comment '--- collected above ---'";
+ :error "Error: See log for details.";
+}
+
+:foreach RegTbl in=[ / interface wireless registration-table find ] do={
+ :local Mac [ / interface wireless registration-table get $RegTbl mac-address ];
+ :local AccessList ([ / interface wireless access-list find where mac-address=$Mac ]->0);
+ :if ([ :len $AccessList ] = 0) do={
+ :local HostName "no dhcp lease";
+ :local Address "no dhcp lease";
+ :local Lease [ / ip dhcp-server lease find where mac-address=$Mac ];
+ :if ([ :len $Lease ] > 0) do={
+ :set HostName [ / ip dhcp-server lease get $Lease host-name ];
+ :set Address [ / ip dhcp-server lease get $Lease address ];
+ }
+ :if ([ :len $HostName ] = 0) do={
+ :set HostName "no hostname";
+ }
+ :if ([ :len $Address ] = 0) do={
+ :set Address "no address";
+ }
+ :local RegEntry [ / interface wireless registration-table find where mac-address=$Mac ];
+ :local Interface [ / interface wireless registration-table get $RegEntry interface ];
+ :local Ssid [ / interface wireless get [ find where name=$Interface ] ssid ];
+ :local DateTime ([ / system clock get date ] . " " . [ / system clock get time ]);
+ :local Vendor [ $GetMacVendor $Mac ];
+ :local Message ("unknown MAC address " . $Mac . " (" . $Vendor . ", " . $HostName . ") " . \
+ "first seen on " . $DateTime . " connected to SSID " . $Ssid . ", interface " . $Interface);
+ / log info $Message;
+ / interface wireless access-list add place-before=$PlaceBefore comment=$Message mac-address=$Mac disabled=yes;
+ $SendNotification ($Mac . " connected to " . $Ssid) \
+ ("A device with unknown MAC address connected to " . $Ssid . " on " . $Identity . ".\n\n" . \
+ "Controller: " . $Identity . "\n" . \
+ "Interface: " . $Interface . "\n" . \
+ "SSID: " . $Ssid . "\n" . \
+ "MAC: " . $Mac . "\n" . \
+ "Vendor: " . $Vendor . "\n" . \
+ "Hostname: " . $HostName . "\n" . \
+ "Address: " . $Address . "\n" . \
+ "Date: " . $DateTime);
+ } else={
+ :local Comment [ / interface wireless access-list get $AccessList comment ];
+ :log debug ("MAC address " . $Mac . " already known: " . $Comment);
+ }
+}
diff --git a/collect-wireless-mac.local.rsc b/collect-wireless-mac.local.rsc
deleted file mode 100644
index 263ef164..00000000
--- a/collect-wireless-mac.local.rsc
+++ /dev/null
@@ -1,101 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: collect-wireless-mac.local
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: lease-script, order=40
-# requires RouterOS, version=7.17
-#
-# collect wireless mac adresses in access list
-# https://rsc.eworm.de/doc/collect-wireless-mac.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global Identity;
-
- :global EitherOr;
- :global FormatLine;
- :global FormatMultiLines;
- :global GetMacVendor;
- :global LogPrint;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ $ScriptLock $ScriptName 10 ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
- /interface/wireless/access-list/add comment="--- collected above ---" disabled=yes;
- $LogPrint warning $ScriptName ("Added disabled access-list entry with comment '--- collected above ---'.");
- }
- :local PlaceBefore ([ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ]->0);
-
- :foreach Reg in=[ /interface/wireless/registration-table/find where ap=no ] do={
- :local RegVal;
- :do {
- :set RegVal [ /interface/wireless/registration-table/get $Reg ];
- } on-error={
- $LogPrint debug $ScriptName ("Device already gone... Ignoring.");
- }
-
- :if ([ :len ($RegVal->"mac-address") ] > 0) do={
- :local AccessList ([ /interface/wireless/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
- :if ([ :len $AccessList ] > 0) do={
- $LogPrint debug $ScriptName ("MAC address " . $RegVal->"mac-address" . " already known: " . \
- [ /interface/wireless/access-list/get $AccessList comment ]);
- }
-
- :if ([ :len $AccessList ] = 0) do={
- :local Address "no dhcp lease";
- :local DnsName "no dhcp lease";
- :local HostName "no dhcp lease";
- :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
- :if ([ :len $Lease ] > 0) do={
- :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
- :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
- :set DnsName "no dns name";
- :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
- :if ([ :len $DnsRec ] > 0) do={
- :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] });
- :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={
- :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]);
- }
- }
- }
- :set ($RegVal->"ssid") [ /interface/wireless/get [ find where name=($RegVal->"interface") ] ssid ];
- :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
- :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
- :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
- "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
- $LogPrint info $ScriptName $Message;
- /interface/wireless/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
- message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
- [ $FormatLine "Controller" $Identity ] . "\n" . \
- [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
- [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
- [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
- [ $FormatLine "Vendor" $Vendor ] . "\n" . \
- [ $FormatLine "Hostname" $HostName ] . "\n" . \
- [ $FormatLine "Address" $Address ] . "\n" . \
- [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \
- [ $FormatLine "Date" $DateTime ]) });
- }
- } else={
- $LogPrint debug $ScriptName ("No mac address available... Ignoring.");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/collect-wireless-mac.template b/collect-wireless-mac.template
new file mode 100644
index 00000000..9e06a886
--- /dev/null
+++ b/collect-wireless-mac.template
@@ -0,0 +1,65 @@
+#!rsc
+# RouterOS script: collect-wireless-mac%TEMPL%
+# Copyright (c) 2013-2019 Christian Hesse
+#
+# collect wireless mac adresses in access list
+#
+# !! This is just a template! Replace '%PATH%' with 'caps-man'
+# !! or 'interface wireless'!
+
+:global Identity;
+
+:global GetMacVendor;
+:global SendNotification;
+:global ScriptLock;
+
+$ScriptLock "collect-wireless-mac%TEMPL%";
+
+:local PlaceBefore [ / %PATH% access-list find where comment="--- collected above ---" disabled ];
+:if ([ :len $PlaceBefore ] = 0) do={
+ :log error "Missing disabled access-list entry with comment '--- collected above ---'";
+ :error "Error: See log for details.";
+}
+
+:foreach RegTbl in=[ / %PATH% registration-table find ] do={
+ :local Mac [ / %PATH% registration-table get $RegTbl mac-address ];
+ :local AccessList ([ / %PATH% access-list find where mac-address=$Mac ]->0);
+ :if ([ :len $AccessList ] = 0) do={
+ :local HostName "no dhcp lease";
+ :local Address "no dhcp lease";
+ :local Lease [ / ip dhcp-server lease find where mac-address=$Mac ];
+ :if ([ :len $Lease ] > 0) do={
+ :set HostName [ / ip dhcp-server lease get $Lease host-name ];
+ :set Address [ / ip dhcp-server lease get $Lease address ];
+ }
+ :if ([ :len $HostName ] = 0) do={
+ :set HostName "no hostname";
+ }
+ :if ([ :len $Address ] = 0) do={
+ :set Address "no address";
+ }
+ :local RegEntry [ / %PATH% registration-table find where mac-address=$Mac ];
+ :local Interface [ / %PATH% registration-table get $RegEntry interface ];
+ :local Ssid [ / caps-man registration-table get $RegEntry ssid ];
+ :local Ssid [ / interface wireless get [ find where name=$Interface ] ssid ];
+ :local DateTime ([ / system clock get date ] . " " . [ / system clock get time ]);
+ :local Vendor [ $GetMacVendor $Mac ];
+ :local Message ("unknown MAC address " . $Mac . " (" . $Vendor . ", " . $HostName . ") " . \
+ "first seen on " . $DateTime . " connected to SSID " . $Ssid . ", interface " . $Interface);
+ / log info $Message;
+ / %PATH% access-list add place-before=$PlaceBefore comment=$Message mac-address=$Mac disabled=yes;
+ $SendNotification ($Mac . " connected to " . $Ssid) \
+ ("A device with unknown MAC address connected to " . $Ssid . " on " . $Identity . ".\n\n" . \
+ "Controller: " . $Identity . "\n" . \
+ "Interface: " . $Interface . "\n" . \
+ "SSID: " . $Ssid . "\n" . \
+ "MAC: " . $Mac . "\n" . \
+ "Vendor: " . $Vendor . "\n" . \
+ "Hostname: " . $HostName . "\n" . \
+ "Address: " . $Address . "\n" . \
+ "Date: " . $DateTime);
+ } else={
+ :local Comment [ / %PATH% access-list get $AccessList comment ];
+ :log debug ("MAC address " . $Mac . " already known: " . $Comment);
+ }
+}
diff --git a/collect-wireless-mac.template.rsc b/collect-wireless-mac.template.rsc
deleted file mode 100644
index 37933250..00000000
--- a/collect-wireless-mac.template.rsc
+++ /dev/null
@@ -1,118 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: collect-wireless-mac%TEMPL%
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: lease-script, order=40
-# requires RouterOS, version=7.17
-#
-# collect wireless mac adresses in access list
-# https://rsc.eworm.de/doc/collect-wireless-mac.md
-#
-# !! This is just a template to generate the real script!
-# !! Pattern '%TEMPL%' is replaced, paths are filtered.
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global Identity;
-
- :global EitherOr;
- :global FormatLine;
- :global FormatMultiLines;
- :global GetMacVendor;
- :global LogPrint;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ $ScriptLock $ScriptName 10 ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /caps-man/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
- :if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
- :if ([ :len [ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
- /caps-man/access-list/add comment="--- collected above ---" disabled=yes;
- /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes;
- /interface/wireless/access-list/add comment="--- collected above ---" disabled=yes;
- $LogPrint warning $ScriptName ("Added disabled access-list entry with comment '--- collected above ---'.");
- }
- :local PlaceBefore ([ /caps-man/access-list/find where comment="--- collected above ---" disabled ]->0);
- :local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0);
- :local PlaceBefore ([ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ]->0);
-
- :foreach Reg in=[ /caps-man/registration-table/find ] do={
- :foreach Reg in=[ /interface/wifi/registration-table/find ] do={
- :foreach Reg in=[ /interface/wireless/registration-table/find where ap=no ] do={
- :local RegVal;
- :do {
- :set RegVal [ /caps-man/registration-table/get $Reg ];
- :set RegVal [ /interface/wifi/registration-table/get $Reg ];
- :set RegVal [ /interface/wireless/registration-table/get $Reg ];
- } on-error={
- $LogPrint debug $ScriptName ("Device already gone... Ignoring.");
- }
-
- :if ([ :len ($RegVal->"mac-address") ] > 0) do={
- :local AccessList ([ /caps-man/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
- :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
- :local AccessList ([ /interface/wireless/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
- :if ([ :len $AccessList ] > 0) do={
- $LogPrint debug $ScriptName ("MAC address " . $RegVal->"mac-address" . " already known: " . \
- [ /caps-man/access-list/get $AccessList comment ]);
- [ /interface/wifi/access-list/get $AccessList comment ]);
- [ /interface/wireless/access-list/get $AccessList comment ]);
- }
-
- :if ([ :len $AccessList ] = 0) do={
- :local Address "no dhcp lease";
- :local DnsName "no dhcp lease";
- :local HostName "no dhcp lease";
- :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
- :if ([ :len $Lease ] > 0) do={
- :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
- :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
- :set DnsName "no dns name";
- :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
- :if ([ :len $DnsRec ] > 0) do={
- :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] });
- :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={
- :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]);
- }
- }
- }
- :set ($RegVal->"ssid") [ /interface/wireless/get [ find where name=($RegVal->"interface") ] ssid ];
- :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
- :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
- :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
- "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
- $LogPrint info $ScriptName $Message;
- /caps-man/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
- /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
- /interface/wireless/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
- message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
- [ $FormatLine "Controller" $Identity ] . "\n" . \
- [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
- [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
- [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
- [ $FormatLine "Vendor" $Vendor ] . "\n" . \
- [ $FormatLine "Hostname" $HostName ] . "\n" . \
- [ $FormatLine "Address" $Address ] . "\n" . \
- [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \
- [ $FormatLine "Date" $DateTime ]) });
- }
- } else={
- $LogPrint debug $ScriptName ("No mac address available... Ignoring.");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/collect-wireless-mac.wifi.rsc b/collect-wireless-mac.wifi.rsc
deleted file mode 100644
index 342351b1..00000000
--- a/collect-wireless-mac.wifi.rsc
+++ /dev/null
@@ -1,100 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: collect-wireless-mac.wifi
-# Copyright (c) 2013-2026 Christian Hesse
-# https://rsc.eworm.de/COPYING.md
-#
-# provides: lease-script, order=40
-# requires RouterOS, version=7.17
-#
-# collect wireless mac adresses in access list
-# https://rsc.eworm.de/doc/collect-wireless-mac.md
-#
-# !! Do not edit this file, it is generated from template!
-
-:local ExitOK false;
-:onerror Err {
- :global GlobalConfigReady; :global GlobalFunctionsReady;
- :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
- do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50;
- :local ScriptName [ :jobname ];
-
- :global Identity;
-
- :global EitherOr;
- :global FormatLine;
- :global FormatMultiLines;
- :global GetMacVendor;
- :global LogPrint;
- :global ScriptLock;
- :global SendNotification2;
- :global SymbolForNotification;
-
- :if ([ $ScriptLock $ScriptName 10 ] = false) do={
- :set ExitOK true;
- :error false;
- }
-
- :if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
- /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes;
- $LogPrint warning $ScriptName ("Added disabled access-list entry with comment '--- collected above ---'.");
- }
- :local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0);
-
- :foreach Reg in=[ /interface/wifi/registration-table/find ] do={
- :local RegVal;
- :do {
- :set RegVal [ /interface/wifi/registration-table/get $Reg ];
- } on-error={
- $LogPrint debug $ScriptName ("Device already gone... Ignoring.");
- }
-
- :if ([ :len ($RegVal->"mac-address") ] > 0) do={
- :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
- :if ([ :len $AccessList ] > 0) do={
- $LogPrint debug $ScriptName ("MAC address " . $RegVal->"mac-address" . " already known: " . \
- [ /interface/wifi/access-list/get $AccessList comment ]);
- }
-
- :if ([ :len $AccessList ] = 0) do={
- :local Address "no dhcp lease";
- :local DnsName "no dhcp lease";
- :local HostName "no dhcp lease";
- :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
- :if ([ :len $Lease ] > 0) do={
- :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
- :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
- :set DnsName "no dns name";
- :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
- :if ([ :len $DnsRec ] > 0) do={
- :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] });
- :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={
- :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]);
- }
- }
- }
- :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
- :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
- :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
- "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
- $LogPrint info $ScriptName $Message;
- /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
- $SendNotification2 ({ origin=$ScriptName; \
- subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
- message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
- [ $FormatLine "Controller" $Identity ] . "\n" . \
- [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
- [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
- [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
- [ $FormatLine "Vendor" $Vendor ] . "\n" . \
- [ $FormatLine "Hostname" $HostName ] . "\n" . \
- [ $FormatLine "Address" $Address ] . "\n" . \
- [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \
- [ $FormatLine "Date" $DateTime ]) });
- }
- } else={
- $LogPrint debug $ScriptName ("No mac address available... Ignoring.");
- }
- }
-} do={
- :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
-}
diff --git a/contrib/Makefile b/contrib/Makefile
deleted file mode 100644
index e755a1d5..00000000
--- a/contrib/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
-# Makefile
-
-HTML := $(shell grep -xl '' *.html)
-
-.PHONY: all docs clean
-
-all: docs
-
-badges.html: badges.md
- markdown $< > $@
-
-docs: static-html.sh $(HTML) badges.html
- ./static-html.sh $(HTML)
-
-clean:
- rm -f badges.html
- git checkout HEAD -- $(HTML)
diff --git a/contrib/badges.md b/contrib/badges.md
deleted file mode 100644
index a23090b5..00000000
--- a/contrib/badges.md
+++ /dev/null
@@ -1,6 +0,0 @@
-[](https://github.com/eworm-de/routeros-scripts/stargazers)
-[](https://github.com/eworm-de/routeros-scripts/network)
-[](https://github.com/eworm-de/routeros-scripts/watchers)
-[](https://mikrotik.com/download/changelogs/)
-[](https://t.me/routeros_scripts)
-[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
diff --git a/contrib/checksums.sh b/contrib/checksums.sh
deleted file mode 100755
index ab4e9738..00000000
--- a/contrib/checksums.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-# generate a checksums file as used by $ScriptInstallUpdate
-
-set -e
-
-md5sum $(find -name '*.rsc' | sort) | \
- sed -e "s| \./||" -e 's|.rsc$||' | \
- jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add'
diff --git a/contrib/commitinfo.sh b/contrib/commitinfo.sh
deleted file mode 100755
index 21faf9fc..00000000
--- a/contrib/commitinfo.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-sed \
- -e "/^:global CommitId/c :global CommitId \"${COMMITID:-unknown}\";" \
- -e "/^:global CommitInfo/c :global CommitInfo \"${COMMITINFO:-unknown}\";" \
- < "${1}"
diff --git a/contrib/html.sh b/contrib/html.sh
deleted file mode 100755
index 03eba23d..00000000
--- a/contrib/html.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -e
-
-RELTO="$(dirname "${1}")"
-
-sed \
- -e "s|__TITLE__|$(head -n1 "${1}")|" \
- -e "s|__GENERAL__|$(realpath --relative-to="${RELTO}" general/)|" \
- -e "s|__ROOT__|$(realpath --relative-to="${RELTO}" ./)|" \
- < "${0}.d/head.html"
-
-markdown -f toc,idanchor "${1}" | sed \
- -e 's/href="\([-_\./[:alnum:]]*\)\.md\(#[-[:alnum:]]*\)\?"/href="\1.html\2"/g' \
- -e '/| id="\L\1">|' \
- -e '//s|pre|pre class="code" onclick="CopyToClipboard(this)"|g' \
- -e '/The above link may be broken on code hosting sites/s|blockquote|blockquote style="display: none;"|'
-
-sed \
- -e "s|__DATE__|${DATE:-$(date --rfc-email)}|" \
- -e "s|__VERSION__|${VERSION:-unknown}|" \
- < "${0}.d/foot.html"
diff --git a/contrib/html.sh.d/foot.html b/contrib/html.sh.d/foot.html
deleted file mode 100644
index 9e28e115..00000000
--- a/contrib/html.sh.d/foot.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-
-