diff --git a/CERTIFICATES.md b/CERTIFICATES.md index 69d6c18..0e0a867 100644 --- a/CERTIFICATES.md +++ b/CERTIFICATES.md @@ -61,7 +61,7 @@ Import a certificate by CommonName Running the function `$CertificateAvailable` with that name as parameter makes sure the certificate is available in the device's store: - $CertificateAvailable "ISRG Root X2"; + $CertificateAvailable "ISRG Root X2" "fetch"; If the certificate is actually available already nothing happens, and there is no output. Otherwise the certificate is downloaded and imported. diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index 40f609b..374f716 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -17,13 +17,16 @@ Initial commands Run the complete base installation: { - :local BaseUrl "https://git.eworm.de/cgit/routeros-scripts/plain/"; + :local BaseUrl "https://rsc.eworm.de/main/"; :local CertCommonName "ISRG Root X2"; :local CertFileName "ISRG-Root-X2.pem"; :local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; - :if (!(([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \ - [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={ + :local CertSettings [ /certificate/settings/get ]; + :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \ + ($CertSettings->"builtin-trust-store") ~ "fetch" || \ + ($CertSettings->"builtin-trust-store") = "all") && \ + [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={ :put "Importing certificate..."; /tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value; :delay 1s; @@ -42,9 +45,6 @@ Run the complete base installation: }; :put "Loading configuration and functions..."; /system/script { run global-config; run global-functions; }; - :put "Scheduling to load configuration and functions..."; - /system/scheduler/remove [ find where name="global-scripts" ]; - /system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }"; :if ([ :len [ /certificate/find where fingerprint=$CertFingerprint ] ] > 0) do={ :put "Renaming certificate by its common-name..."; :global CertificateNameByCN; diff --git a/Makefile b/Makefile index 0265a51..3f46f27 100644 --- a/Makefile +++ b/Makefile @@ -2,38 +2,45 @@ # template scripts -> final scripts # markdown files -> html files -CAPSMAN = $(wildcard *.capsman.rsc) -LOCAL = $(wildcard *.local.rsc) -WIFI = $(wildcard *.wifi.rsc) +ALL_RSC := $(wildcard *.rsc */*.rsc) +GEN_RSC := $(wildcard *.capsman.rsc *.local.rsc *.wifi.rsc) -MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md) -HTML = $(MARKDOWN:.md=.html) +MARKDOWN := $(wildcard *.md doc/*.md doc/mod/*.md) +HTML := $(MARKDOWN:.md=.html) -all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json +DATE ?= $(shell date --rfc-email) +VERSION ?= $(shell git symbolic-ref --short HEAD 2>/dev/null)/$(shell git rev-list --count HEAD 2>/dev/null)/$(shell git rev-parse --short=8 HEAD 2>/dev/null) +export DATE VERSION -%.html: %.md contrib/html.sh contrib/html.sh.d/head.html +.PHONY: all checksums commitinfo docs rsc clean + +all: checksums docs rsc + +checksums: checksums.json + +checksums.json: contrib/checksums.sh $(ALL_RSC) + contrib/checksums.sh > $@ + +commitinfo: global-functions.rsc + contrib/commitinfo.sh $< > $<~ + mv $<~ $< + +docs: $(HTML) + +%.html: %.md general/style.css contrib/html.sh contrib/html.sh.d/head.html contrib/html.sh.d/foot.html contrib/html.sh $< > $@ -%.capsman.rsc: %.template.rsc Makefile - sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \ - -e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \ - -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ - < $< > $@ +rsc: $(GEN_RSC) -%.local.rsc: %.template.rsc Makefile - sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e 's|%TEMPL%|.local|' \ - -e '/^# NOT \/interface\/wireless\/ #$$/,/^# NOT \/interface\/wireless\/ #$$/d' \ - -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ - < $< > $@ +%.capsman.rsc: %.template.rsc contrib/template-capsman.sh + contrib/template-capsman.sh $< > $@ -%.wifi.rsc: %.template.rsc Makefile - sed -e '/\/caps-man\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifi|' \ - -e '/^# NOT \/interface\/wifi\/ #$$/,/^# NOT \/interface\/wifi\/ #$$/d' \ - -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ - < $< > $@ +%.local.rsc: %.template.rsc contrib/template-local.sh + contrib/template-local.sh $< > $@ -checksums.json: contrib/checksums.sh *.rsc */*.rsc - contrib/checksums.sh +%.wifi.rsc: %.template.rsc contrib/template-wifi.sh + contrib/template-wifi.sh $< > $@ clean: rm -f $(HTML) checksums.json + make -C contrib clean diff --git a/README.d/04-import-scripts.avif b/README.d/04-import-scripts.avif index 53439e4..a5cfa7b 100644 Binary files a/README.d/04-import-scripts.avif and b/README.d/04-import-scripts.avif differ diff --git a/README.d/05-run-and-schedule-scripts.avif b/README.d/05-run-and-schedule-scripts.avif deleted file mode 100644 index 37e1173..0000000 Binary files a/README.d/05-run-and-schedule-scripts.avif and /dev/null differ diff --git a/README.d/05-run-scripts.avif b/README.d/05-run-scripts.avif new file mode 100644 index 0000000..e3b8b8b Binary files /dev/null and b/README.d/05-run-scripts.avif differ diff --git a/README.md b/README.md index 529bb4c..d8047d0 100644 --- a/README.md +++ b/README.md @@ -78,13 +78,16 @@ download the certificates. > can skip the steps regarding certificate download and import and jump > to [installation of scripts](#installation-of-scripts) if you set the > trust for these builtin trust anchors: -> `/certificate/settings/set builtin-trust-anchors=trusted;` +> `/certificate/settings/set builtin-trust-anchors=trusted;` +> With RouterOS 7.21 the functionality was changed. Set this at minimum, +> but make sure not to drop other targets: +> `/certificate/settings/set builtin-trust-store=fetch;` If you intend to download the scripts from a different location (for example from github.com) install the corresponding certificate chain. - /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem"; + /tool/fetch "https://rsc.eworm.de/main/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem"; ![screenshot: download certs](README.d/01-download-certs.avif) @@ -122,16 +125,16 @@ date and time is set correctly! Now let's download the main scripts and add them in configuration on the fly. - :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data"); }; + :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://rsc.eworm.de/main/" . $Script . ".rsc") output=user as-value]->"data"); }; ![screenshot: import scripts](README.d/04-import-scripts.avif) -And finally load configuration and functions and add the scheduler. +And finally run configuration and functions. This will also add the +scheduler for loading at system startup automatically. /system/script { run global-config; run global-functions; }; - /system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }"; -![screenshot: run and schedule scripts](README.d/05-run-and-schedule-scripts.avif) +![screenshot: run scripts](README.d/05-run-scripts.avif) > 💡️ **Hint**: You see complaints regarding syntax errors? Most likely the > RouterOS on your device is too old. Check for updates! @@ -401,14 +404,15 @@ immediately remove the link in question. Upstream -------- -[![upstream](README.d/upstream.png)](https://rsc.eworm.de/) +[rsc.eworm.de](https://rsc.eworm.de/) -URL: -[GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts) +[![upstream](general/qr-code.png)](https://rsc.eworm.de/) -Mirror: -[eworm.de](https://git.eworm.de/cgit/routeros-scripts/about/) -[GitLab.com](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts) +### Code hosting + +* [eworm.de](https://git.eworm.de/cgit/routeros-scripts/about/) +* [GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts) +* [GitLab.com](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts) --- [⬆️ Go back to top](#top) diff --git a/check-certificates.rsc b/check-certificates.rsc index c10e33b..3300bee 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -21,7 +21,7 @@ :global CertWarnTime; :global Identity; - :global CertificateAvailable + :global CertificateAvailable; :global EscapeForRegEx; :global IfThenElse; :global LogPrint; @@ -189,7 +189,7 @@ fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ]; :local CertNewVal [ /certificate/get $CertNew ]; - :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") ] = false) do={ + :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") "fetch" ] = false) do={ $LogPrint warning $ScriptName ("The certificate chain is not available!"); } diff --git a/contrib/Makefile b/contrib/Makefile new file mode 100644 index 0000000..e755a1d --- /dev/null +++ b/contrib/Makefile @@ -0,0 +1,17 @@ +# Makefile + +HTML := $(shell grep -xl '' *.html) + +.PHONY: all docs clean + +all: docs + +badges.html: badges.md + markdown $< > $@ + +docs: static-html.sh $(HTML) badges.html + ./static-html.sh $(HTML) + +clean: + rm -f badges.html + git checkout HEAD -- $(HTML) diff --git a/contrib/badges.md b/contrib/badges.md new file mode 100644 index 0000000..24bd205 --- /dev/null +++ b/contrib/badges.md @@ -0,0 +1,6 @@ +[![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) +[![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) +[![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.15-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) +[![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/contrib/checksums.sh b/contrib/checksums.sh index b472b49..ab4e973 100755 --- a/contrib/checksums.sh +++ b/contrib/checksums.sh @@ -6,4 +6,4 @@ set -e md5sum $(find -name '*.rsc' | sort) | \ sed -e "s| \./||" -e 's|.rsc$||' | \ - jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' > 'checksums.json' + jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' diff --git a/contrib/commitinfo.sh b/contrib/commitinfo.sh new file mode 100755 index 0000000..21faf9f --- /dev/null +++ b/contrib/commitinfo.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +sed \ + -e "/^:global CommitId/c :global CommitId \"${COMMITID:-unknown}\";" \ + -e "/^:global CommitInfo/c :global CommitInfo \"${COMMITINFO:-unknown}\";" \ + < "${1}" diff --git a/contrib/html.sh b/contrib/html.sh index bbd8ba8..5fbba45 100755 --- a/contrib/html.sh +++ b/contrib/html.sh @@ -2,8 +2,22 @@ set -e -sed "s|__TITLE__|$(head -n1 "${1}")|" < "${0}.d/head.html" +RELTO="$(dirname "${1}")" + +sed \ + -e "s|__TITLE__|$(head -n1 "${1}")|" \ + -e "s|__GENERAL__|$(realpath --relative-to="${RELTO}" general/)|" \ + -e "s|__ROOT__|$(realpath --relative-to="${RELTO}" ./)|" \ + < "${0}.d/head.html" + markdown -f toc,idanchor "${1}" | sed \ - -e 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' \ - -e '/| id="\L\1">|' -printf '' + -e 's/href="\([-_\./[:alnum:]]*\)\.md\(#[-[:alnum:]]*\)\?"/href="\1.html\2"/g' \ + -e '/| id="\L\1">|' \ + -e '//s|pre|pre onclick="CopyToClipboard(this)"|g' \ + -e '/The above link may be broken on code hosting sites/s|blockquote|blockquote style="display: none;"|' + +sed \ + -e "s|__DATE__|${DATE:-$(date --rfc-email)}|" \ + -e "s|__VERSION__|${VERSION:-unknown}|" \ + < "${0}.d/foot.html" diff --git a/contrib/html.sh.d/foot.html b/contrib/html.sh.d/foot.html new file mode 100644 index 0000000..106c2bd --- /dev/null +++ b/contrib/html.sh.d/foot.html @@ -0,0 +1,4 @@ + +

RouterOS Scripts documentation generated on __DATE__ for __VERSION__

+ + diff --git a/contrib/html.sh.d/head.html b/contrib/html.sh.d/head.html index 1b1dd03..656a63c 100644 --- a/contrib/html.sh.d/head.html +++ b/contrib/html.sh.d/head.html @@ -1,15 +1,16 @@ -RouterOS Scripts :: __TITLE__ - - - + +RouterOS Scripts :: __TITLE__ + + + + + + + + +
eworm on meadowQR code: rsc.eworm.deRouterOS Scripts
+ a collection of scripts for MikroTik RouterOS
+
+ diff --git a/contrib/logo-color.d/style.css b/contrib/logo-color.d/style.css deleted file mode 100644 index eb2ec6a..0000000 --- a/contrib/logo-color.d/style.css +++ /dev/null @@ -1,5 +0,0 @@ -body { - font-family: fira-sans, sans-serif; - font-size: 10pt; - background-color: transparent; -} diff --git a/contrib/logo-color.html b/contrib/logo-color.html index 17942ce..84365a6 100644 --- a/contrib/logo-color.html +++ b/contrib/logo-color.html @@ -1,14 +1,30 @@ - - - - -RouterOS-Scripts Logo Color Changer - + + + +RouterOS Scripts :: Logo Color Changer + + - - + -

RouterOS-Scripts Logo Color Changer

+ + + + +
eworm on meadowQR code: rsc.eworm.deRouterOS Scripts
+ a collection of scripts for MikroTik RouterOS
+
+ +

Logo Color Changer

+ + + +

⬅️ Go back to main README

+ +

💡️ Hint: This site or links +on it may be broken on code hosting sites. Use +Logo Color Changer +instead.

You want the logo for your own notifications? But you joined the Telegram Group and want @@ -24,17 +40,20 @@ something that differentiates? Color it!

Then right-click, click "Take Screenshot" and finally select the logo and download it.

-

Screenshot Browser 01 -Screenshot Browser 02 -Screenshot Browser 03

+

Screenshot Browser 01

+

Screenshot Browser 02

+

Screenshot Browser 03

(This example is with Firefox. The workflow for other browsers may differ.)

See how to -Set +Set a profile photo for your Telegram bot.

- - +
+ +

⬅️ Go back to main README
+⬆️ Go back to top

+ diff --git a/contrib/notification.d/style.css b/contrib/notification.d/style.css deleted file mode 100644 index 648ea23..0000000 --- a/contrib/notification.d/style.css +++ /dev/null @@ -1,36 +0,0 @@ -body { - font-family: fira-sans, sans-serif; - font-size: 10pt; - background-color: transparent; -} -div.notification { - position: relative; - float: right; - width: 600px; - border: 3px outset #6c5d53; - /* border-radius: 5px; */ - padding: 10px; - background-color: #e6e6e6; -} -div.content { - padding-left: 60px; -} -img.logo { - float: left; - border-radius: 50%; -} -p.heading { - margin: 0px; - font-weight: bold; - text-decoration: underline; -} -p.hint { - display: none; -} -pre { - font-family: fira-mono, monospace; - white-space: pre-wrap; -} -span.link { - color: #863600; -} diff --git a/contrib/notification.html b/contrib/notification.html index 7875036..a0580bd 100644 --- a/contrib/notification.html +++ b/contrib/notification.html @@ -1,14 +1,30 @@ - - - - -RouterOS-Scripts Notification Generator - - - - + + + +RouterOS Scripts :: Notification Generator + + + + -

RouterOS-Scripts Notification Generator

+ + + + +
eworm on meadowQR code: rsc.eworm.deRouterOS Scripts
+ a collection of scripts for MikroTik RouterOS
+
+ +

Notification Generator

+ + + +

⬅️ Go back to main README

+ +

💡️ Hint: This site or links +on it may be broken on code hosting sites. Use +Notification Generator +instead.

@@ -16,8 +32,8 @@

[MikroTik] ℹ️ Subject

Message
-

⏰ This message was queued since oct/18/2022 18:30:48 and may be obsolete.

-

✂️ The message was too long and has been truncated, cut off 13%!

+

⏰ This message was queued since 2025-10-29 16:06:18 and may be obsolete.

+

✂️ The message was too long and has been truncated, cut off 13%!

@@ -25,11 +41,14 @@

Subject:

Message:

Show link:

-

Queued since

+

Queued since

Cut-off with percent

Then right-click, click "Take Screenshot" and finally select the notification and download it.

- - +
+ +

⬅️ Go back to main README
+⬆️ Go back to top

+ diff --git a/contrib/static-html.sh b/contrib/static-html.sh new file mode 100755 index 0000000..7acf104 --- /dev/null +++ b/contrib/static-html.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +sed -i \ + -e '/href=/s|\.md|\.html|' \ + -e '/blockquote/s|/\* display \*/|display: none;|' \ + -e '//r badges.html' \ + -e '//d' \ + "${@}" diff --git a/contrib/template-capsman.sh b/contrib/template-capsman.sh new file mode 100755 index 0000000..5771b53 --- /dev/null +++ b/contrib/template-capsman.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +sed \ + -e '/\/interface\/wifi\//d' \ + -e '/\/interface\/wireless\//d' \ + -e 's|%TEMPL%|.capsman|' \ + -e '/^# NOT \/caps-man\/ #$/,/^# NOT \/caps-man\/ #$/d' \ + -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ + < "${1}" diff --git a/contrib/template-local.sh b/contrib/template-local.sh new file mode 100755 index 0000000..bc5b327 --- /dev/null +++ b/contrib/template-local.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +sed \ + -e '/\/caps-man\//d' \ + -e '/\/interface\/wifi\//d' \ + -e 's|%TEMPL%|.local|' \ + -e '/^# NOT \/interface\/wireless\/ #$/,/^# NOT \/interface\/wireless\/ #$/d' \ + -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ + < "${1}" diff --git a/contrib/template-wifi.sh b/contrib/template-wifi.sh new file mode 100755 index 0000000..5e297d9 --- /dev/null +++ b/contrib/template-wifi.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +sed \ + -e '/\/caps-man\//d' \ + -e '/\/interface\/wireless\//d' \ + -e 's|%TEMPL%|.wifi|' \ + -e '/^# NOT \/interface\/wifi\/ #$/,/^# NOT \/interface\/wifi\/ #$/d' \ + -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ + < "${1}" diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md index da6d6de..ad4cf4f 100644 --- a/doc/mod/notification-matrix.md +++ b/doc/mod/notification-matrix.md @@ -49,7 +49,7 @@ your server in device's certificate store. The example below is for `matrix.org`, which uses a trust chain from *Google Trust Services*. Run this to import the required certificate: - $CertificateAvailable "GTS Root R4"; + $CertificateAvailable "GTS Root R4" "fetch"; Replace the CA certificate name with what ever is needed for your server. You may want to find the diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md index 804104f..f464ff0 100644 --- a/doc/mod/notification-telegram.md +++ b/doc/mod/notification-telegram.md @@ -106,10 +106,13 @@ chat with [BotFather ↗️](https://t.me/BotFather) and set it there. ![set profile photo](notification-telegram.d/setuserpic.avif) -Have a look at my -[RouterOS-Scripts Logo Color Changer](https://git.eworm.de/cgit/routeros-scripts/plain/contrib/logo-color.html) +Have a look at my [Logo Color Changer](../../contrib/logo-color.html) to create a colored version of this scripts' logo. +> 💡️ **Hint**: The above link may be broken on code hosting sites. +> Use [Logo Color Changer](https://rsc.eworm.de/main/contrib/logo-color.html) +> instead. + See also -------- diff --git a/doc/mod/scriptrunonce.md b/doc/mod/scriptrunonce.md index 955d12e..1fbb697 100644 --- a/doc/mod/scriptrunonce.md +++ b/doc/mod/scriptrunonce.md @@ -48,7 +48,7 @@ Usage and invocation The function `$ScriptRunOnce` expects an URL (or name if `ScriptRunOnceBaseUrl` is given) pointing to a script as parameter. - $ScriptRunOnce https://git.eworm.de/cgit/routeros-scripts/plain/doc/mod/scriptrunonce.d/hello-world.rsc; + $ScriptRunOnce https://rsc.eworm.de/main/doc/mod/scriptrunonce.d/hello-world.rsc; ![ScriptRunOnce](scriptrunonce.d/scriptrunonce.avif) diff --git a/doc/mod/ssh-keys-import.md b/doc/mod/ssh-keys-import.md index 49276d0..abf4d39 100644 --- a/doc/mod/ssh-keys-import.md +++ b/doc/mod/ssh-keys-import.md @@ -51,12 +51,10 @@ The functions `$SSHKeysImportFile` can read an `authorized_keys`-style file and import all the keys. The user given to the function can be overwritting from comments in the file. Create a file `keys.pub` with this content: -``` -ssh-ed25519 AAAAC3Nza...3OcN8A user@client -ssh-rsa AAAAB3Nza...ozyts= worker@station -# user=example -ssh-rsa AAAAB3Nza...GXQVk= person@host -``` + ssh-ed25519 AAAAC3Nza...3OcN8A user@client + ssh-rsa AAAAB3Nza...ozyts= worker@station + # user=example + ssh-rsa AAAAB3Nza...GXQVk= person@host Then import it with: diff --git a/doc/mode-button.md b/doc/mode-button.md index be15bc9..af95ddb 100644 --- a/doc/mode-button.md +++ b/doc/mode-button.md @@ -26,17 +26,15 @@ can configure the reset button to act the same, see Copy this code to terminal to check: -``` -:if ([ :len [ /system/routerboard/mode-button/print as-value ] ] > 0) do={ - :put "Mode button is supported."; -} else={ - :if ([ :len [ /system/routerboard/reset-button/print as-value ] ] > 0) do={ - :put "Mode button is not supported, but reset button is."; - } else={ - :put "Neither mode button nor reset button is supported."; - } -} -``` + :if ([ :len [ /system/routerboard/mode-button/print as-value ] ] > 0) do={ + :put "Mode button is supported."; + } else={ + :if ([ :len [ /system/routerboard/reset-button/print as-value ] ] > 0) do={ + :put "Mode button is not supported, but reset button is."; + } else={ + :put "Neither mode button nor reset button is supported."; + } + } Requirements and installation ----------------------------- diff --git a/fw-addr-lists.d/allow b/fw-addr-lists.d/allow index 8b59ed7..8c4ca3c 100644 --- a/fw-addr-lists.d/allow +++ b/fw-addr-lists.d/allow @@ -1,3 +1,3 @@ # an ip address list for use with fw-addr-lists script -# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md -git.eworm.de +# https://rsc.eworm.de/doc/fw-addr-lists.md +rsc.eworm.de diff --git a/fw-addr-lists.d/block b/fw-addr-lists.d/block index 5e9fef2..86a6c62 100644 --- a/fw-addr-lists.d/block +++ b/fw-addr-lists.d/block @@ -1,5 +1,5 @@ # an ip address list for use with fw-addr-lists script -# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md +# https://rsc.eworm.de/doc/fw-addr-lists.md # example.net 93.184.216.34 diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index c85cc8b..e5a71aa 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -74,7 +74,7 @@ :if ([ :len ($List->"cert") ] > 0) do={ :set CheckCertificate true; - :if ([ $CertificateAvailable ($List->"cert") ] = false) do={ + :if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={ $LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \ " / " . $List->"url" . ") failed, trying anyway."); } diff --git a/general/clipboard.js b/general/clipboard.js new file mode 100644 index 0000000..9324be8 --- /dev/null +++ b/general/clipboard.js @@ -0,0 +1,8 @@ +/* copy code to clipboard */ +function CopyToClipboard(pre) { + pre.style.filter = 'invert(1)'; + navigator.clipboard.writeText(pre.firstElementChild.innerHTML); + setTimeout(function() { + pre.style.filter = 'invert(0)'; + }, 100); +} diff --git a/general/eworm-meadow.avif b/general/eworm-meadow.avif new file mode 100644 index 0000000..f592d59 Binary files /dev/null and b/general/eworm-meadow.avif differ diff --git a/README.d/upstream.png b/general/qr-code.png similarity index 100% rename from README.d/upstream.png rename to general/qr-code.png diff --git a/general/style.css b/general/style.css new file mode 100644 index 0000000..191c0f6 --- /dev/null +++ b/general/style.css @@ -0,0 +1,101 @@ +/* stylesheet for RouterOS Scripts */ +body { + background-color: transparent; + font-family: fira-sans, sans-serif; + font-size: 10pt; + line-height: 1.6; +} +h2 { + border-bottom: 1px solid #ccc; + color: #000; +} +a { + text-decoration: none; +} +a:hover { + text-decoration: underline; +} +blockquote { + border-left: 4px solid #ccc; + padding: 0 10px; + color: #555; +} +code { + margin: 0 2px; + padding: 2px 5px; + border: 1px solid #ccc; + background-color: #f8f8f8; + border-radius: 3px; +} +div.notification { + position: relative; + float: none; + width: 600px; + border: 3px outset #6c5d53; + /* border-radius: 5px; */ + padding: 10px; + background-color: #e6e6e6; +} +div.content { + padding-left: 60px; +} +img.logo { + float: left; + border-radius: 50%; +} +p.foot { + color: #777; + text-align: center; +} +p.heading { + margin: 0px; + font-weight: bold; + text-decoration: underline; +} +p.hint { + display: none; +} +pre { + font-family: fira-mono, monospace; + white-space: pre-wrap; + background-color: #f8f8f8; + border: 1px solid #ccc; + overflow: auto; + padding: 6px 10px; + border-radius: 3px; +} +pre code { + margin: 0; + padding: 0; + border: 0; +} +pre::before { + content: "📋 Copy!"; + float: right; + border: 1px solid #ccc; + border-radius: 3px; +} +span.link { + color: #863600; +} +td.head { + line-height: 1.2; + padding: 0 2em; +} +td.head .top { + font-size: 250%; + font-weight: bold; +} +td.head .bottom { + font-size: 125%; + color: #555; +} +@media only screen and (orientation: landscape) { + body { + margin-left: 10vw; + margin-right: 10vw; + } + div.notification { + float: right; + } +} diff --git a/global-functions.rsc b/global-functions.rsc index 5ede654..db9eac6 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -106,11 +106,15 @@ # check and download required certificate :set CertificateAvailable do={ :local CommonName [ :tostr $1 ]; + :local UseFor [ :tostr $2 ]; :global CertificateDownload; + :global EitherOr; :global LogPrint; :global ParseKeyValueStore; + :set UseFor [ $EitherOr $UseFor "undefined" ]; + :if ([ /system/resource/get free-hdd-space ] < 8388608 && \ [ /certificate/settings/get crl-download ] = true && \ [ /certificate/settings/get crl-store ] = "system") do={ @@ -123,7 +127,10 @@ :return false; } - :if (([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \ + :local CertSettings [ /certificate/settings/get ]; + :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \ + ($CertSettings->"builtin-trust-store") ~ $UseFor || \ + ($CertSettings->"builtin-trust-store") = "all") && \ [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={ :return true; } @@ -161,7 +168,6 @@ :global ScriptUpdatesBaseUrl; :global ScriptUpdatesUrlSuffix; - :global CertificateAvailable; :global CertificateNameByCN; :global CleanName; :global FetchUserAgentStr; @@ -398,7 +404,7 @@ :return true; } - :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ + :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={ $LogPrint error $0 ("Downloading required certificate failed."); :return false; } @@ -533,10 +539,16 @@ :set FetchUserAgentStr do={ :local Caller [ :tostr $1 ]; + :global CommitId; + :global CommitInfo; + + :global IfThenElse; + :local Resource [ /system/resource/get ]; - :return ("User-Agent: Mikrotik/" . $Resource->"version" . " " . \ - $Resource->"architecture-name" . " " . $Caller . "/Fetch (https://rsc.eworm.de/)"); + :return ("User-Agent: Mikrotik/" . $Resource->"version" . " " . $Resource->"architecture-name" . \ + " " . $Caller . "/Fetch (https://rsc.eworm.de/" . [ $IfThenElse ($CommitId != "unknown") \ + ("; " . $CommitInfo . "/" . [ :pick $CommitId 0 8 ]) ] . ")"); } # check for existence of file, optionally with type @@ -634,7 +646,7 @@ } :do { - :if ([ $CertificateAvailable "GTS Root R4" ] = false) do={ + :if ([ $CertificateAvailable "GTS Root R4" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } @@ -1242,7 +1254,7 @@ :global SymbolForNotification; :global ValidateSyntax; - :if ([ $CertificateAvailable "ISRG Root X2" ] = false) do={ + :if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading certificate failed, trying without."); } @@ -1293,7 +1305,7 @@ } :if ([ :len ($ScriptInfo->"certificate") ] > 0) do={ - :if ([ $CertificateAvailable ($ScriptInfo->"certificate") ] = false) do={ + :if ([ $CertificateAvailable ($ScriptInfo->"certificate") "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading certificate failed, trying without."); } } @@ -1310,9 +1322,19 @@ } } do={ $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "': " . $Err); + :if ($Err != "Fetch failed with status 404") do={ + :error false; + } + :if ($ScriptVal->"source" = "#!rsc by RouterOS\n") do={ $LogPrint warning $0 ("Removing dummy. Typo on installation?"); /system/script/remove $Script; + :error false; + } + :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \ + [ :len $CheckSum ] = 0) do={ + $LogPrintOnce warning $0 \ + ("Added the script manually? Skip updates with 'ignore=true' in comment."); } :error false; } @@ -1878,6 +1900,15 @@ } } +# add (and fix) global scripts scheduler +:local OnEvent "/system/script { run global-config; run global-functions; }"; +:if ([ :len [ /system/scheduler/find where name="global-scripts" ] ] = 0) do={ + /system/scheduler/add name="global-scripts" start-time=startup; +} +:if ([ /system/scheduler/get "global-scripts" on-event ] != $OnEvent) do={ + /system/scheduler/set "global-scripts" on-event=$OnEvent; +} + # Log success :local Resource [ /system/resource/get ]; $LogPrintOnce info $ScriptName ("Loaded on " . $Resource->"board-name" . \ diff --git a/mod/notification-email.rsc b/mod/notification-email.rsc index 7c3a6ff..668daba 100644 --- a/mod/notification-email.rsc +++ b/mod/notification-email.rsc @@ -132,7 +132,7 @@ } :if ($AllDone = true && $QueueLen = [ :len $EmailQueue ]) do={ - /system/scheduler/remove $Scheduler; + /system/scheduler/remove [ find where name="_FlushEmailQueue" ]; :set EmailQueue; :return true; } diff --git a/mod/notification-ntfy.rsc b/mod/notification-ntfy.rsc index 7114020..dd10812 100644 --- a/mod/notification-ntfy.rsc +++ b/mod/notification-ntfy.rsc @@ -109,7 +109,7 @@ :onerror Err { :if ($Server = "ntfy.sh") do={ - :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ + :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index ff9b4da..b1996a3 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -30,7 +30,7 @@ :return false; } - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :return false; } @@ -72,7 +72,7 @@ :global CertificateAvailable; :global LogPrint; - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :return false; } @@ -197,7 +197,7 @@ "&reply_to_message_id=" . ($Notification->"replyto") . "&message_thread_id=" . $ThreadId . \ "&disable_web_page_preview=true&parse_mode=MarkdownV2"); :onerror Err { - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index 9e2f9bc..eee5f85 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -112,7 +112,7 @@ :foreach DohServer in=$DohServers do={ :if ([ :len ($DohServer->"doh-cert") ] > 0) do={ - :if ([ $CertificateAvailable ($DohServer->"doh-cert") ] = false) do={ + :if ([ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={ $LogPrint warning $ScriptName ("Downloading certificate failed, trying without."); } } diff --git a/telegram-chat.rsc b/telegram-chat.rsc index 7f7b7a7..54872fb 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -61,7 +61,7 @@ :set TelegramRandomDelay 0; } - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $ScriptName ("Downloading required certificate failed."); :set ExitOK true; :error false; diff --git a/update-tunnelbroker.rsc b/update-tunnelbroker.rsc index 9057e1e..5372f4c 100644 --- a/update-tunnelbroker.rsc +++ b/update-tunnelbroker.rsc @@ -28,7 +28,7 @@ :error false; } - :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint error $ScriptName ("Downloading required certificate failed."); :set ExitOK true; :error false;