diff options
41 files changed, 775 insertions, 782 deletions
@@ -78,7 +78,7 @@ crap and a good example how to *not* do it. Now let's download the main scripts and add them in configuration on the fly. - [admin@MikroTik] > :foreach script in={ "global-config"; "global-functions"; "script-updates" } do={ / system script add name=$script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $script) output=user as-value]->"data"); } + [admin@MikroTik] > :foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={ / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); } The configuration needs to be tweaked for your needs. Make sure not to send your mails to `mail@example.com`! diff --git a/accesslist-duplicates.capsman b/accesslist-duplicates.capsman index 58d8d2c..b0df339 100644 --- a/accesslist-duplicates.capsman +++ b/accesslist-duplicates.capsman @@ -6,31 +6,31 @@ # # !! Do not edit this file, it is generated from template! -:local seen [ :toarray "" ]; -:local shown [ :toarray "" ]; - :global Read; -:foreach acclist in=[ / caps-man access-list find where mac-address!="00:00:00:00:00:00" ] do={ - :local mac [ / caps-man access-list get $acclist mac-address ]; - :foreach "seen-mac" in=$seen do={ - :if ($"seen-mac" = $mac) do={ - :local skip 0; - :foreach "shown-mac" in=$shown do={ - :if ($"shown-mac" = $mac) do={ :set skip 1; } +:local Seen [ :toarray "" ]; +:local Shown [ :toarray "" ]; + +:foreach AccList in=[ / caps-man access-list find where mac-address!="00:00:00:00:00:00" ] do={ + :local Mac [ / caps-man access-list get $AccList mac-address ]; + :foreach SeenMac in=$Seen do={ + :if ($SeenMac = $Mac) do={ + :local Skip 0; + :foreach ShownMac in=$Shown do={ + :if ($ShownMac = $Mac) do={ :set Skip 1; } } - :if ($skip = 0) do={ - / caps-man access-list print where mac-address=$mac; - :set shown ( $shown , $mac ); + :if ($Skip = 0) do={ + / caps-man access-list print where mac-address=$Mac; + :set Shown ($Shown, $Mac); :put "\nEnter to skip, numeric id to remove!"; - :local remove [ $Read ]; - :if ($remove != "") do={ - :put ("Removing numeric id " . $remove . "...\n"); - / caps-man access-list remove $remove; + :local Remove [ $Read ]; + :if ($Remove != "") do={ + :put ("Removing numeric id " . $Remove . "...\n"); + / caps-man access-list remove $Remove; } } } } - :set seen ( $seen , $mac ); + :set Seen ($Seen, $Mac); } diff --git a/accesslist-duplicates.local b/accesslist-duplicates.local index 98b41f8..552a04a 100644 --- a/accesslist-duplicates.local +++ b/accesslist-duplicates.local @@ -6,31 +6,31 @@ # # !! Do not edit this file, it is generated from template! -:local seen [ :toarray "" ]; -:local shown [ :toarray "" ]; - :global Read; -:foreach acclist in=[ / interface wireless access-list find where mac-address!="00:00:00:00:00:00" ] do={ - :local mac [ / interface wireless access-list get $acclist mac-address ]; - :foreach "seen-mac" in=$seen do={ - :if ($"seen-mac" = $mac) do={ - :local skip 0; - :foreach "shown-mac" in=$shown do={ - :if ($"shown-mac" = $mac) do={ :set skip 1; } +:local Seen [ :toarray "" ]; +:local Shown [ :toarray "" ]; + +:foreach AccList in=[ / interface wireless access-list find where mac-address!="00:00:00:00:00:00" ] do={ + :local Mac [ / interface wireless access-list get $AccList mac-address ]; + :foreach SeenMac in=$Seen do={ + :if ($SeenMac = $Mac) do={ + :local Skip 0; + :foreach ShownMac in=$Shown do={ + :if ($ShownMac = $Mac) do={ :set Skip 1; } } - :if ($skip = 0) do={ - / interface wireless access-list print where mac-address=$mac; - :set shown ( $shown , $mac ); + :if ($Skip = 0) do={ + / interface wireless access-list print where mac-address=$Mac; + :set Shown ($Shown, $Mac); :put "\nEnter to skip, numeric id to remove!"; - :local remove [ $Read ]; - :if ($remove != "") do={ - :put ("Removing numeric id " . $remove . "...\n"); - / interface wireless access-list remove $remove; + :local Remove [ $Read ]; + :if ($Remove != "") do={ + :put ("Removing numeric id " . $Remove . "...\n"); + / interface wireless access-list remove $Remove; } } } } - :set seen ( $seen , $mac ); + :set Seen ($Seen, $Mac); } diff --git a/accesslist-duplicates.template b/accesslist-duplicates.template index 3b6a22a..18225a6 100644 --- a/accesslist-duplicates.template +++ b/accesslist-duplicates.template @@ -7,31 +7,31 @@ # !! This is just a template! Replace '%PATH%' with 'caps-man' # !! or 'interface wireless'! -:local seen [ :toarray "" ]; -:local shown [ :toarray "" ]; - :global Read; -:foreach acclist in=[ / %PATH% access-list find where mac-address!="00:00:00:00:00:00" ] do={ - :local mac [ / %PATH% access-list get $acclist mac-address ]; - :foreach "seen-mac" in=$seen do={ - :if ($"seen-mac" = $mac) do={ - :local skip 0; - :foreach "shown-mac" in=$shown do={ - :if ($"shown-mac" = $mac) do={ :set skip 1; } +:local Seen [ :toarray "" ]; +:local Shown [ :toarray "" ]; + +:foreach AccList in=[ / %PATH% access-list find where mac-address!="00:00:00:00:00:00" ] do={ + :local Mac [ / %PATH% access-list get $AccList mac-address ]; + :foreach SeenMac in=$Seen do={ + :if ($SeenMac = $Mac) do={ + :local Skip 0; + :foreach ShownMac in=$Shown do={ + :if ($ShownMac = $Mac) do={ :set Skip 1; } } - :if ($skip = 0) do={ - / %PATH% access-list print where mac-address=$mac; - :set shown ( $shown , $mac ); + :if ($Skip = 0) do={ + / %PATH% access-list print where mac-address=$Mac; + :set Shown ($Shown, $Mac); :put "\nEnter to skip, numeric id to remove!"; - :local remove [ $Read ]; - :if ($remove != "") do={ - :put ("Removing numeric id " . $remove . "...\n"); - / %PATH% access-list remove $remove; + :local Remove [ $Read ]; + :if ($Remove != "") do={ + :put ("Removing numeric id " . $Remove . "...\n"); + / %PATH% access-list remove $Remove; } } } } - :set seen ( $seen , $mac ); + :set Seen ($Seen, $Mac); } diff --git a/bridge-port-to-default b/bridge-port-to-default index 54f1e98..1117c1d 100644 --- a/bridge-port-to-default +++ b/bridge-port-to-default @@ -4,27 +4,27 @@ # # reset bridge ports to default bridge -:global "bridge-port-to"; +:global BridgePortTo; -:local "len" ([ :len $"bridge-port-to" ] + 1); +:local Len ([ :len $BridgePortTo ] + 1); -:if ($"len" = 1) do={ +:if ($Len = 1) do={ :delay 1s; - :set "len" ([ :len $"bridge-port-to" ] + 1); + :set Len ([ :len $BridgePortTo ] + 1); } -:foreach interface in=[ / interface bridge port find where comment!="" ] do={ - :foreach comment in=[ :toarray [ / interface bridge port get $interface comment ] ] do={ - :if ([ :pick $comment 0 $len ] = ($"bridge-port-to" . ":")) do={ - :local "interface-name" [ / interface bridge port get $interface interface ]; - :local "bridge-default" [ :pick $comment $len [ :len $comment ] ]; - :local "bridge-current" [ / interface bridge port get $interface bridge ]; - :if ($"bridge-default" != $"bridge-current") do={ - :log info ("Changing interface " . $"interface-name" . " to " . $"bridge-port-to" . " bridge " . $"bridge-default"); - / interface bridge port set bridge=$"bridge-default" $interface; - / ip dhcp-client renew [ find where interface=$"bridge-default" ]; +:foreach Interface in=[ / interface bridge port find where comment!="" ] do={ + :foreach Comment in=[ :toarray [ / interface bridge port get $Interface comment ] ] do={ + :if ([ :pick $Comment 0 $Len ] = ($BridgePortTo . ":")) do={ + :local InterfaceName [ / interface bridge port get $Interface interface ]; + :local BridgeDefault [ :pick $Comment $Len [ :len $Comment ] ]; + :local BridgeCurrent [ / interface bridge port get $Interface bridge ]; + :if ($BridgeDefault != $BridgeCurrent) do={ + :log info ("Changing interface " . $InterfaceName . " to " . $BridgePortTo . " bridge " . $BridgeDefault); + / interface bridge port set bridge=$BridgeDefault $Interface; + / ip dhcp-client renew [ find where interface=$BridgeDefault ]; } else={ - :log debug ("Interface " . $"interface-name" . " already connected to " . $"bridge-port-to" . " bridge " . $"bridge-default"); + :log debug ("Interface " . $InterfaceName . " already connected to " . $BridgePortTo . " bridge " . $BridgeDefault); } } } diff --git a/bridge-port-toggle b/bridge-port-toggle index c80f5e2..fc122f6 100644 --- a/bridge-port-toggle +++ b/bridge-port-toggle @@ -4,12 +4,12 @@ # # toggle bridge ports between default and alt bridge -:global "bridge-port-to"; +:global BridgePortTo; -:if ($"bridge-port-to" != "default") do={ - :set "bridge-port-to" "default"; +:if ($BridgePortTo != "default") do={ + :set BridgePortTo "default"; } else={ - :set "bridge-port-to" "alt"; + :set BridgePortTo "alt"; } / system script run bridge-port-to-default; diff --git a/capsman-download-packages b/capsman-download-packages index 08e9535..babea59 100644 --- a/capsman-download-packages +++ b/capsman-download-packages @@ -9,29 +9,29 @@ :global DownloadPackage; -:local "package-path" [ / caps-man manager get package-path ]; -:if ([ :pick $"package-path" 0 ] = "/") do={ - :set "package-path" [ :pick $"package-path" 1 [ :len $"package-path" ] ]; +:local PackagePath [ / caps-man manager get package-path ]; +:if ([ :pick $PackagePath 0 ] = "/") do={ + :set PackagePath [ :pick $PackagePath 1 [ :len $PackagePath ] ]; } -:local "installed-version" [ / system package update get installed-version ]; -:local updated false; +:local InstalledVersion [ / system package update get installed-version ]; +:local Updated false; -:foreach package in=[ / file find where type=package \ - package-version!=$"installed-version" name~("^" . $"package-path") ] do={ - :local "package-name" [ / file get $package package-name ]; - :local "package-architecture" [ / file get $package package-architecture ]; - :if ($"package-architecture" = "mips") do={ - :set "package-architecture" "mipsbe"; +:foreach Package in=[ / file find where type=package \ + package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={ + :local PackageName [ / file get $Package package-name ]; + :local PackageArchitecture [ / file get $Package package-architecture ]; + :if ($PackageArchitecture = "mips") do={ + :set PackageArchitecture "mipsbe"; } - :if ($"package-name" = "wireless@") do={ - :set "package-name" "wireless"; + :if ($PackageName = "wireless@") do={ + :set PackageName "wireless"; } - :if ([ $DownloadPackage $"package-name" $"installed-version" $"package-architecture" $"package-path" ] = true) do={ - :set updated true; - / file remove $package; + :if ([ $DownloadPackage $PackageName $InstalledVersion $PackageArchitecture $PackagePath ] = true) do={ + :set Updated true; + / file remove $Package; } } -:if ($updated = true) do={ - / caps-man remote-cap upgrade [ find where version!=$"installed-version" ]; +:if ($Updated = true) do={ + / caps-man remote-cap upgrade [ find where version!=$InstalledVersion ]; } diff --git a/check-certificates b/check-certificates index ff79ce4..7347ed8 100644 --- a/check-certificates +++ b/check-certificates @@ -4,83 +4,82 @@ # # check for certificate validity -:global "identity"; -:global "cert-renew-url"; -:global "cert-renew-pass"; +:global Identity; +:global CertRenewUrl; +:global CertRenewPass; :global SendNotification; -:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec"); +:local Months { "jan"; "feb"; "mar"; "apr"; "may"; "jun"; + "jul"; "aug"; "sep"; "oct"; "nov"; "dec" }; -:local currentdate [ / system clock get date ]; +:local CurrentDate [ / system clock get date ]; -:local currentmonthstr [ :pick $currentdate 0 3 ]; -:local currentday [ :pick $currentdate 4 6 ]; -:local currentyear [ :pick $currentdate 7 11 ]; -:local currentmonth ([ :find $months $currentmonthstr -1 ] + 1); -:local currentstamp ($currentyear * 365 + $currentmonth * 30 + $currentday); +:local CurrentDay [ :pick $CurrentDate 4 6 ]; +:local CurrentYear [ :pick $CurrentDate 7 11 ]; +:local CurrentMonth ([ :find $Months [ :pick $CurrentDate 0 3 ] ] + 1); +:local CurrentStamp ($CurrentYear * 365 + $CurrentMonth * 30 + $CurrentDay); -:foreach cert in=[ / certificate find where !revoked ] do={ - :local certname [ / certificate get $cert name ]; - :local invaliddate [ / certificate get $cert invalid-after ]; +:foreach Cert in=[ / certificate find where !revoked ] do={ + :local CertName [ / certificate get $Cert name ]; + :local InvalidDate [ / certificate get $Cert invalid-after ]; - :if ([ :len $invaliddate ] > 0) do={ - :local invalidmonthstr [ :pick $invaliddate 0 3 ]; - :local invalidday [ :pick $invaliddate 4 6 ]; - :local invalidyear [ :pick $invaliddate 7 11 ]; - :local invalidmonth ([ :find $months $invalidmonthstr -1 ] + 1); - :local invalidstamp ($invalidyear * 365 + invalidmonth * 30 + invalidday); + :if ([ :len $InvalidDate ] > 0) do={ + :local InvalidDay [ :pick $InvalidDate 4 6 ]; + :local InvalidYear [ :pick $InvalidDate 7 11 ]; + :local InvalidMonth ([ :find $Months [ :pick $InvalidDate 0 3 ] ] + 1); + :local InvalidStamp ($InvalidYear * 365 + $InvalidMonth * 30 + $InvalidDay); - :local remaining ($invalidstamp - $currentstamp); + :local Remaining ($InvalidStamp - $CurrentStamp); - :if ($remaining < 15) do={ - :local commonname [ / certificate get $cert common-name ]; - :local fprint [ / certificate get $cert fingerprint ]; + :if ($Remaining < 15) do={ + :local CommonName [ / certificate get $Cert common-name ]; + :local FingerPrint [ / certificate get $Cert fingerprint ]; :do { - :if ([ :len $"cert-renew-url" ] = 0) do={ - :error "No renew-url given."; + :if ([ :len $CertRenewUrl ] = 0) do={ + :error "No CertRenewUrl given."; } - / tool fetch mode=https check-certificate=yes-without-crl url=($"cert-renew-url" . $commonname . ".pem"); - / certificate import file-name=($commonname . ".pem") passphrase=$"cert-renew-pass"; - / file remove [ find where name=($commonname . ".pem") ]; + / tool fetch mode=https check-certificate=yes-without-crl url=($CertRenewUrl . $CommonName . ".pem"); + / certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass; + / file remove [ find where name=($CommonName . ".pem") ]; - :local certnew [ / certificate find where common-name=$commonname fingerprint!=$fprint ]; - :local certnamenew [ / certificate get $certnew name ]; + :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint ]; + :local CertNameNew [ / certificate get $CertNew name ]; - :foreach ipservice in=[ / ip service find where certificate=$certname ] do={ - / ip service set $ipservice certificate=$certnamenew; + :foreach IpService in=[ / ip service find where certificate=$CertName ] do={ + / ip service set $IpService certificate=$CertNameNew; } :do { - :foreach hotspot in=[ / ip hotspot profile find where ssl-certificate=$certname ] do={ - / ip hotspot profile set $hotspot ssl-certificate=$certnamenew; + :foreach Hotspot in=[ / ip hotspot profile find where ssl-certificate=$CertName ] do={ + / ip hotspot profile set $Hotspot ssl-certificate=$CertNameNew; } } on-error={ :log debug ("Setting hotspot certificates failed. Hotspot package not installed?"); } - / certificate remove $cert; - / certificate set $certnew name=$certname; + / certificate remove $Cert; + / certificate set $CertNew name=$CertName; } on-error={ - :log warning ("Failed to auto-update certificate " . $certname); + :log warning ("Failed to auto-update certificate " . $CertName); - :local invalidbefore [ / certificate get $cert invalid-before ]; - :local invalidafter [ / certificate get $cert invalid-after ]; + :local InvalidBefore [ / certificate get $Cert invalid-before ]; + :local InvalidAfter [ / certificate get $Cert invalid-after ]; $SendNotification ("Certificate warning!") \ - ("A certificate on " . $identity . " is about to expire.\n\n" . \ - "Certificate Name: " . $certname . "\n" . \ - "Common Name: " . $commonname . "\n" . \ - "Fingerprint: " . $fprint . "\n" . \ - "Validity: " . $invalidbefore . " to " . $invalidafter); - :log warning ("A certificate is about to expire within " . $remaining . " days: " . $certname); + ("A certificate on " . $Identity . " is about to expire.\n\n" . \ + "Certificate Name: " . $CertName . "\n" . \ + "Common Name: " . $CommonName . "\n" . \ + "Fingerprint: " . $FingerPrint . "\n" . \ + "Validity: " . $InvalidBefore . " to " . $InvalidAfter); + :log warning ("A certificate is about to expire within " . $Remaining . " days: " . $CertName); } } else={ - :log debug ("The certificate " . $certname . " expires in " . $remaining . " days."); + :log debug ("The certificate " . $CertName . " expires in " . $Remaining . " days."); } } else={ - :log debug ("The certificate " . $certname . " is just a template."); + :log debug ("The certificate " . $CertName . " is just a template."); } } diff --git a/check-lte-firmware-upgrade b/check-lte-firmware-upgrade index c99f5d7..6358a82 100644 --- a/check-lte-firmware-upgrade +++ b/check-lte-firmware-upgrade @@ -4,31 +4,31 @@ # # check for LTE firmware upgrade, send notification e-mails -:global "identity"; -:global "sent-lte-firmware-upgrade-notification"; +:global Identity; +:global SentLteFirmwareUpgradeNotification; :global SendNotification; -:foreach interface in=[ / interface lte find ] do={ - :local intname [ / interface lte get $interface name ]; +:foreach Interface in=[ / interface lte find ] do={ + :local IntName [ / interface lte get $Interface name ]; :do { - :local firmware [ / interface lte firmware-upgrade $interface once as-value ]; + :local Firmware [ / interface lte firmware-upgrade $Interface once as-value ]; # strip the extra line break (TODO: remove when fixed upstream) - :set ($firmware->"latest") [ :pick ($firmware->"latest") 0 [ :find ($firmware->"latest") "\n" ] ]; + :set ($Firmware->"latest") [ :pick ($Firmware->"latest") 0 [ :find ($Firmware->"latest") "\n" ] ]; - :if ($"sent-lte-firmware-upgrade-notification" = ($firmware->"latest")) do={ + :if ($SentLteFirmwareUpgradeNotification = ($Firmware->"latest")) do={ :log debug ("Already sent the LTE firmware upgrade notification for version " . \ - ($firmware->"latest") . "."); + ($Firmware->"latest") . "."); } else={ - :if (($firmware->"installed") != ($firmware->"latest")) do={ + :if (($Firmware->"installed") != ($Firmware->"latest")) do={ $SendNotification ("LTE firmware upgrade notification") \ - ("A new firmware version " . ($firmware->"latest") . " is available for " . \ - "LTE interface " . $intname . " on " . $identity . "."); - :set "sent-lte-firmware-upgrade-notification" ($firmware->"latest"); + ("A new firmware version " . ($Firmware->"latest") . " is available for " . \ + "LTE interface " . $IntName . " on " . $Identity . "."); + :set SentLteFirmwareUpgradeNotification ($Firmware->"latest"); } } } on-error={ :log debug ("Could not get latest LTE firmware version for interface " . \ - $intname . "."); + $IntName . "."); } } diff --git a/check-routeros-update b/check-routeros-update index 2a4e0b3..3564a09 100644 --- a/check-routeros-update +++ b/check-routeros-update @@ -4,9 +4,9 @@ # # check for RouterOS update, send notification e-mails -:global "identity"; -:global "safe-update-url"; -:global "sent-routeros-update-notification"; +:global Identity; +:global SafeUpdateUrl; +:global SentRouterosUpdateNotification; :global SendNotification; @@ -18,45 +18,45 @@ } / system package update check-for-updates without-paging; -:local installedversion [ / system package update get installed-version ]; -:local latestversion [ / system package update get latest-version ]; +:local InstalledVersion [ / system package update get installed-version ]; +:local LatestVersion [ / system package update get latest-version ]; -:if ($installedversion != $latestversion) do={ - :local channel [ / system package update get channel ]; - :local model [ / system routerboard get model ]; - :local serialnumber [ / system routerboard get serial-number ]; +:if ($InstalledVersion != $LatestVersion) do={ + :local Channel [ / system package update get channel ]; + :local Model [ / system routerboard get model ]; + :local SerialNumber [ / system routerboard get serial-number ]; - :if ([ :len $"safe-update-url" ] > 0) do={ - :local result; + :if ([ :len $SafeUpdateUrl ] > 0) do={ + :local Result; :do { - :set result [ / tool fetch check-certificate=yes-without-crl \ - ($"safe-update-url" . $channel . "?installed=" . $installedversion . \ - "&latest=" . $latestversion) output=user as-value ]; + :set Result [ / tool fetch check-certificate=yes-without-crl \ + ($SafeUpdateUrl . $Channel . "?installed=" . $InstalledVersion . \ + "&latest=" . $LatestVersion) output=user as-value ]; } on-error={ - :log warning ("Failed receiving safe version for " . $channel . "."); + :log warning ("Failed receiving safe version for " . $Channel . "."); } - :if ($result->"status" = "finished" && $result->"data" = $latestversion) do={ - :log info ("Version " . $latestversion . " is assumed safe, updating..."); + :if ($Result->"status" = "finished" && $Result->"data" = $LatestVersion) do={ + :log info ("Version " . $LatestVersion . " is considered safe, updating..."); $SendNotification ("RouterOS update notification") \ - ("Version " . $latestversion . " is assumed safe for " . $channel . \ - ", updating on " . $identity . "..."); + ("Version " . $LatestVersion . " is considered safe for " . $Channel . \ + ", updating on " . $Identity . "..."); / system package update install; :error "Waiting for system to reboot."; } } - :if ($"sent-routeros-update-notification" = $latestversion) do={ + :if ($SentRouterosUpdateNotification = $LatestVersion) do={ :error ("Already sent the RouterOS update notification for version " . \ - $latestversion . "."); + $LatestVersion . "."); } $SendNotification ("RouterOS update notification") \ ("There is a RouterOS update available\n\n" . \ - "Routerboard: " . $model . "\n" . \ - "Serial number: " . $serialnumber . "\n" . \ - "Hostname: " . $identity . "\n" . \ - "Channel: " . $channel . "\n" . \ - "Installed: " . $installedversion . "\n" . \ - "Available: " . $latestversion); - :set "sent-routeros-update-notification" $latestversion; + "Routerboard: " . $Model . "\n" . \ + "Serial number: " . $SerialNumber . "\n" . \ + "Hostname: " . $Identity . "\n" . \ + "Channel: " . $Channel . "\n" . \ + "Installed: " . $InstalledVersion . "\n" . \ + "Available: " . $LatestVersion); + :set SentRouterosUpdateNotification $LatestVersion; } diff --git a/collect-wireless-mac.capsman b/collect-wireless-mac.capsman index 08c0bdb..cca29e8 100644 --- a/collect-wireless-mac.capsman +++ b/collect-wireless-mac.capsman @@ -6,54 +6,54 @@ # # !! Do not edit this file, it is generated from template! -:global "identity"; +:global Identity; :global GetMacVendor; :global SendNotification; -:local "place-before" [ / caps-man access-list find where comment="--- collected above ---" disabled ]; -:if ([ :len $"place-before" ] = 0) do={ +:local PlaceBefore [ / caps-man access-list find where comment="--- collected above ---" disabled ]; +:if ([ :len $PlaceBefore ] = 0) do={ :error "Missing disabled access-list entry with comment '--- collected above ---'"; } -:foreach regtbl in=[ / caps-man registration-table find ] do={ - :local mac [ / caps-man registration-table get $regtbl mac-address ]; - :local acclst [ :pick [ / caps-man access-list find where mac-address=$mac ] 0 ]; - :if ( [ :len $acclst ] = 0 ) do={ - :local hostname "no dhcp lease"; - :local address "no dhcp lease"; - :local lease [ / ip dhcp-server lease find where mac-address=$mac ]; - :if ( [ :len $lease ] > 0 ) do={ - :set hostname [ / ip dhcp-server lease get $lease host-name ]; - :set address [ / ip dhcp-server lease get $lease address ]; +:foreach RegTbl in=[ / caps-man registration-table find ] do={ + :local Mac [ / caps-man registration-table get $RegTbl mac-address ]; + :local AccessList [ :pick [ / caps-man access-list find where mac-address=$Mac ] 0 ]; + :if ([ :len $AccessList ] = 0) do={ + :local HostName "no dhcp lease"; + :local Address "no dhcp lease"; + :local Lease [ / ip dhcp-server lease find where mac-address=$Mac ]; + :if ([ :len $Lease ] > 0) do={ + :set HostName [ / ip dhcp-server lease get $Lease host-name ]; + :set Address [ / ip dhcp-server lease get $Lease address ]; } - :if ( [ :len $hostname ] = 0 ) do={ - :set hostname "no hostname"; + :if ([ :len $HostName ] = 0) do={ + :set HostName "no hostname"; } - :if ( [ :len $address ] = 0 ) do={ - :set address "no address"; + :if ([ :len $Address ] = 0) do={ + :set Address "no address"; } - :local regentry [ / caps-man registration-table find where mac-address=$mac ]; - :local interface [ / caps-man registration-table get $regentry interface ]; - :local ssid [ / caps-man registration-table get $regentry ssid ]; - :local datetime ([ / system clock get date ] . " " . [ / system clock get time ]); - :local vendor [ $GetMacVendor $mac ]; - :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \ - "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface); - / log info $message; - / caps-man access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes; - $SendNotification ($mac . " connected to " . $ssid) \ - ("A device with unknown MAC address connected to " . $ssid . " on " . $identity . ".\n\n" . \ - "Controller: " . $identity . "\n" . \ - "Interface: " . $interface . "\n" . \ - "SSID: " . $ssid . "\n" . \ - "MAC: " . $mac . "\n" . \ - "Vendor: " . $vendor . "\n" . \ - "Hostname: " . $hostname . "\n" . \ - "Address: " . $address . "\n" . \ - "Date: " . $datetime); + :local RegEntry [ / caps-man registration-table find where mac-address=$Mac ]; + :local Interface [ / caps-man registration-table get $RegEntry interface ]; + :local Ssid [ / caps-man registration-table get $RegEntry ssid ]; + :local DateTime ([ / system clock get date ] . " " . [ / system clock get time ]); + :local Vendor [ $GetMacVendor $Mac ]; + :local Message ("unknown MAC address " . $Mac . " (" . $Vendor . ", " . $HostName . ") " . \ + "first seen on " . $DateTime . " connected to SSID " . $Ssid . ", interface " . $Interface); + / log info $Message; + / caps-man access-list add place-before=$PlaceBefore comment=$Message mac-address=$Mac disabled=yes; + $SendNotification ($Mac . " connected to " . $Ssid) \ + ("A device with unknown MAC address connected to " . $Ssid . " on " . $Identity . ".\n\n" . \ + "Controller: " . $Identity . "\n" . \ + "Interface: " . $Interface . "\n" . \ + "SSID: " . $Ssid . "\n" . \ + "MAC: " . $Mac . "\n" . \ + "Vendor: " . $Vendor . "\n" . \ + "Hostname: " . $HostName . "\n" . \ + "Address: " . $Address . "\n" . \ + "Date: " . $DateTime); } else={ - :local comment [ / caps-man access-list get $acclst comment ]; - :log debug ("MAC address " . $mac . " already known: " . $comment); + :local Comment [ / caps-man access-list get $AccessList comment ]; + :log debug ("MAC address " . $Mac . " already known: " . $Comment); } } diff --git a/collect-wireless-mac.local b/collect-wireless-mac.local index 7569ba0..49f3128 100644 --- a/collect-wireless-mac.local +++ b/collect-wireless-mac.local @@ -6,54 +6,54 @@ # # !! Do not edit this file, it is generated from template! -:global "identity"; +:global Identity; :global GetMacVendor; :global SendNotification; -:local "place-before" [ / interface wireless access-list find where comment="--- collected above ---" disabled ]; -:if ([ :len $"place-before" ] = 0) do={ +:local PlaceBefore [ / interface wireless access-list find where comment="--- collected above ---" disabled ]; +:if ([ :len $PlaceBefore ] = 0) do={ :error "Missing disabled access-list entry with comment '--- collected above ---'"; } -:foreach regtbl in=[ / interface wireless registration-table find ] do={ - :local mac [ / interface wireless registration-table get $regtbl mac-address ]; - :local acclst [ :pick [ / interface wireless access-list find where mac-address=$mac ] 0 ]; - :if ( [ :len $acclst ] = 0 ) do={ - :local hostname "no dhcp lease"; - :local address "no dhcp lease"; - :local lease [ / ip dhcp-server lease find where mac-address=$mac ]; - :if ( [ :len $lease ] > 0 ) do={ - :set hostname [ / ip dhcp-server lease get $lease host-name ]; - :set address [ / ip dhcp-server lease get $lease address ]; +:foreach RegTbl in=[ / interface wireless registration-table find ] do={ + :local Mac [ / interface wireless registration-table get $RegTbl mac-address ]; + :local AccessList [ :pick [ / interface wireless access-list find where mac-address=$Mac ] 0 ]; + :if ([ :len $AccessList ] = 0) do={ + :local HostName "no dhcp lease"; + :local Address "no dhcp lease"; + :local Lease [ / ip dhcp-server lease find where mac-address=$Mac ]; + :if ([ :len $Lease ] > 0) do={ + :set HostName [ / ip dhcp-server lease get $Lease host-name ]; + :set Address [ / ip dhcp-server lease get $Lease address ]; } - :if ( [ :len $hostname ] = 0 ) do={ - :set hostname "no hostname"; + :if ([ :len $HostName ] = 0) do={ + :set HostName "no hostname"; } - :if ( [ :len $address ] = 0 ) do={ - :set address "no address"; + :if ([ :len $Address ] = 0) do={ + :set Address "no address"; } - :local regentry [ / interface wireless registration-table find where mac-address=$mac ]; - :local interface [ / interface wireless registration-table get $regentry interface ]; - :local ssid [ / interface wireless get [ find where name=$interface ] ssid ]; - :local datetime ([ / system clock get date ] . " " . [ / system clock get time ]); - :local vendor [ $GetMacVendor $mac ]; - :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \ - "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface); - / log info $message; - / interface wireless access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes; - $SendNotification ($mac . " connected to " . $ssid) \ - ("A device with unknown MAC address connected to " . $ssid . " on " . $identity . ".\n\n" . \ - "Controller: " . $identity . "\n" . \ - "Interface: " . $interface . "\n" . \ - "SSID: " . $ssid . "\n" . \ - "MAC: " . $mac . "\n" . \ - "Vendor: " . $vendor . "\n" . \ - "Hostname: " . $hostname . "\n" . \ - "Address: " . $address . "\n" . \ - "Date: " . $datetime); + :local RegEntry [ / interface wireless registration-table find where mac-address=$Mac ]; + :local Interface [ / interface wireless registration-table get $RegEntry interface ]; + :local Ssid [ / interface wireless get [ find where name=$Interface ] ssid ]; + :local DateTime ([ / system clock get date ] . " " . [ / system clock get time ]); + :local Vendor [ $GetMacVendor $Mac ]; + :local Message ("unknown MAC address " . $Mac . " (" . $Vendor . ", " . $HostName . ") " . \ + "first seen on " . $DateTime . " connected to SSID " . $Ssid . ", interface " . $Interface); + / log info $Message; + / interface wireless access-list add place-before=$PlaceBefore comment=$Message mac-address=$Mac disabled=yes; + $SendNotification ($Mac . " connected to " . $Ssid) \ + ("A device with unknown MAC address connected to " . $Ssid . " on " . $Identity . ".\n\n" . \ + "Controller: " . $Identity . "\n" . \ + "Interface: " . $Interface . "\n" . \ + "SSID: " . $Ssid . "\n" . \ + "MAC: " . $Mac . "\n" . \ + "Vendor: " . $Vendor . "\n" . \ + "Hostname: " . $HostName . "\n" . \ + "Address: " . $Address . "\n" . \ + "Date: " . $DateTime); } else={ - :local comment [ / interface wireless access-list get $acclst comment ]; - :log debug ("MAC address " . $mac . " already known: " . $comment); + :local Comment [ / interface wireless access-list get $AccessList comment ]; + :log debug ("MAC address " . $Mac . " already known: " . $Comment); } } diff --git a/collect-wireless-mac.template b/collect-wireless-mac.template index 71c6384..bfd0438 100644 --- a/collect-wireless-mac.template +++ b/collect-wireless-mac.template @@ -7,55 +7,55 @@ # !! This is just a template! Replace '%PATH%' with 'caps-man' # !! or 'interface wireless'! -:global "identity"; +:global Identity; :global GetMacVendor; :global SendNotification; -:local "place-before" [ / %PATH% access-list find where comment="--- collected above ---" disabled ]; -:if ([ :len $"place-before" ] = 0) do={ +:local PlaceBefore [ / %PATH% access-list find where comment="--- collected above ---" disabled ]; +:if ([ :len $PlaceBefore ] = 0) do={ :error "Missing disabled access-list entry with comment '--- collected above ---'"; } -:foreach regtbl in=[ / %PATH% registration-table find ] do={ - :local mac [ / %PATH% registration-table get $regtbl mac-address ]; - :local acclst [ :pick [ / %PATH% access-list find where mac-address=$mac ] 0 ]; - :if ( [ :len $acclst ] = 0 ) do={ - :local hostname "no dhcp lease"; - :local address "no dhcp lease"; - :local lease [ / ip dhcp-server lease find where mac-address=$mac ]; - :if ( [ :len $lease ] > 0 ) do={ - :set hostname [ / ip dhcp-server lease get $lease host-name ]; - :set address [ / ip dhcp-server lease get $lease address ]; +:foreach RegTbl in=[ / %PATH% registration-table find ] do={ + :local Mac [ / %PATH% registration-table get $RegTbl mac-address ]; + :local AccessList [ :pick [ / %PATH% access-list find where mac-address=$Mac ] 0 ]; + :if ([ :len $AccessList ] = 0) do={ + :local HostName "no dhcp lease"; + :local Address "no dhcp lease"; + :local Lease [ / ip dhcp-server lease find where mac-address=$Mac ]; + :if ([ :len $Lease ] > 0) do={ + :set HostName [ / ip dhcp-server lease get $Lease host-name ]; + :set Address [ / ip dhcp-server lease get $Lease address ]; } - :if ( [ :len $hostname ] = 0 ) do={ - :set hostname "no hostname"; + :if ([ :len $HostName ] = 0) do={ + :set HostName "no hostname"; } - :if ( [ :len $address ] = 0 ) do={ - :set address "no address"; + :if ([ :len $Address ] = 0) do={ + :set Address "no address"; } - :local regentry [ / %PATH% registration-table find where mac-address=$mac ]; - :local interface [ / %PATH% registration-table get $regentry interface ]; - :local ssid [ / caps-man registration-table get $regentry ssid ]; - :local ssid [ / interface wireless get [ find where name=$interface ] ssid ]; - :local datetime ([ / system clock get date ] . " " . [ / system clock get time ]); - :local vendor [ $GetMacVendor $mac ]; - :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \ - "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface); - / log info $message; - / %PATH% access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes; - $SendNotification ($mac . " connected to " . $ssid) \ - ("A device with unknown MAC address connected to " . $ssid . " on " . $identity . ".\n\n" . \ - "Controller: " . $identity . "\n" . \ - "Interface: " . $interface . "\n" . \ - "SSID: " . $ssid . "\n" . \ - "MAC: " . $mac . "\n" . \ - "Vendor: " . $vendor . "\n" . \ - "Hostname: " . $hostname . "\n" . \ - "Address: " . $address . "\n" . \ - "Date: " . $datetime); + :local RegEntry [ / %PATH% registration-table find where mac-address=$Mac ]; + :local Interface [ / %PATH% registration-table get $RegEntry interface ]; + :local Ssid [ / caps-man registration-table get $RegEntry ssid ]; + :local Ssid [ / interface wireless get [ find where name=$Interface ] ssid ]; + :local DateTime ([ / system clock get date ] . " " . [ / system clock get time ]); + :local Vendor [ $GetMacVendor $Mac ]; + :local Message ("unknown MAC address " . $Mac . " (" . $Vendor . ", " . $HostName . ") " . \ + "first seen on " . $DateTime . " connected to SSID " . $Ssid . ", interface " . $Interface); + / log info $Message; + / %PATH% access-list add place-before=$PlaceBefore comment=$Message mac-address=$Mac disabled=yes; + $SendNotification ($Mac . " connected to " . $Ssid) \ + ("A device with unknown MAC address connected to " . $Ssid . " on " . $Identity . ".\n\n" . \ + "Controller: " . $Identity . "\n" . \ + "Interface: " . $Interface . "\n" . \ + "SSID: " . $Ssid . "\n" . \ + "MAC: " . $Mac . "\n" . \ + "Vendor: " . $Vendor . "\n" . \ + "Hostname: " . $HostName . "\n" . \ + "Address: " . $Address . "\n" . \ + "Date: " . $DateTime); } else={ - :local comment [ / %PATH% access-list get $acclst comment ]; - :log debug ("MAC address " . $mac . " already known: " . $comment); + :local Comment [ / %PATH% access-list get $AccessList comment ]; + :log debug ("MAC address " . $Mac . " already known: " . $Comment); } } @@ -4,105 +4,96 @@ # # update daily PSK (pre shared key) -:global "identity"; -:global "daily-psk-match-comment"; +:global Identity; +:global DailyPskMatchComment; :global SendNotification; -:local seen [ :toarray "" ]; +:local Seen [ :toarray "" ]; # return pseudo-random string for PSK :local GeneratePSK do={ - :local date [ :tostr $1 ]; + :local Date [ :tostr $1 ]; - :global "daily-psk-secrets"; + :global DailyPskSecrets; - :local months { - "jan"; "feb"; "mar"; "apr"; "may"; "jun"; - "jul"; "aug"; "sep"; "oct"; "nov"; "dec" - } - :local monthtbl { - 0; 3; 3; 6; 1; 4; 6; 2; 5; 0; 3; 5 - } + :local Months { "jan"; "feb"; "mar"; "apr"; "may"; "jun"; + "jul"; "aug"; "sep"; "oct"; "nov"; "dec" }; + :local MonthTbl { 0; 3; 3; 6; 1; 4; 6; 2; 5; 0; 3; 5 }; - :local monthstr [ :pick $date 0 3 ]; - :local month; - :local day [ :pick $date 4 6 ]; - :local century [ :pick $date 7 9 ]; - :local year [ :pick $date 9 11 ]; + :local MonthStr [ :pick $Date 0 3 ]; + :local Month; + :local Day [ :pick $Date 4 6 ]; + :local Century [ :pick $Date 7 9 ]; + :local Year [ :pick $Date 9 11 ]; # get numeric value for month - :for mindex from=0 to=[ :len $months ] do={ - :if ([ :pick $months $mindex ] = $monthstr) do={ - :set month $mindex; + :for MIndex from=0 to=[ :len $Months ] do={ + :if ([ :pick $Months $MIndex ] = $MonthStr) do={ + :set Month $MIndex; } } # calculate day of week - :local sum 0; - :set sum ($sum + (2 * (3 - ($century - (($century / 4) * 4))))); - :set sum ($sum + ($year / 4)); - :set sum ($sum + $year + $day); - :set sum ($sum + $month); - :set sum ($sum - (($sum / 7) * 7)); - - :local return ([ :pick [ :pick $"daily-psk-secrets" 0 ] ($day - 1) ] . \ - [ :pick [ :pick $"daily-psk-secrets" 1 ] $month ] . \ - [ :pick [ :pick $"daily-psk-secrets" 2 ] $sum ]); - - :return $return; + :local Sum 0; + :set Sum ($Sum + (2 * (3 - ($Century - (($Century / 4) * 4))))); + :set Sum ($Sum + ($Year / 4)); + :set Sum ($Sum + $Year + $Day); + :set Sum ($Sum + $Month); + :set Sum ($Sum - (($Sum / 7) * 7)); + + :local Return ([ :pick [ :pick $DailyPskSecrets 0 ] ($Day - 1) ] . \ + [ :pick [ :pick $DailyPskSecrets 1 ] $Month ] . \ + [ :pick [ :pick $DailyPskSecrets 2 ] $Sum ]); + + :return $Return; } -:local date [ / system clock get date ]; -:local newpsk [ $GeneratePSK $date ]; - -:foreach acclist in=[ / interface wireless access-list find where comment~$"daily-psk-match-comment" ] do={ - :local intname [ / interface wireless access-list get $acclist interface ]; - :local interface [ / interface wireless find where name=$intname disabled=no ]; - :local ssid [ / interface wireless get $intname ssid ]; - :local oldpsk [ / interface wireless access-list get $acclist private-pre-shared-key ]; - :local skip 0; - - :if ($newpsk != $oldpsk) do={ - :log info ("Updating daily PSK for " . $intname . " to " . $newpsk . " (was " . $oldpsk . ")"); - / interface wireless access-list set $acclist private-pre-shared-key=$newpsk; - - :if ([ :len $interface ] = 1) do={ - :foreach "seen-ssid" in=$seen do={ - :if ($"seen-ssid" = $ssid) do={ - :log debug ("Already sent a mail for SSID " . $ssid . ", skipping."); - :set skip 1; +:local Date [ / system clock get date ]; +:local NewPsk [ $GeneratePSK $Date ]; + +:foreach AccList in=[ / interface wireless access-list find where comment~$DailyPskMatchComment ] do={ + :local IntName [ / interface wireless access-list get $AccList interface ]; + :local Interface [ / interface wireless find where name=$IntName disabled=no ]; + :local Ssid [ / interface wireless get $IntName ssid ]; + :local OldPsk [ / interface wireless access-list get $AccList private-pre-shared-key ]; + :local Skip 0; + + :if ($NewPsk != $OldPsk) do={ + :log info ("Updating daily PSK for " . $IntName . " to " . $NewPsk . " (was " . $OldPsk . ")"); + / interface wireless access-list set $AccList private-pre-shared-key=$NewPsk; + + :if ([ :len $Interface ] = 1) do={ + :foreach SeenSsid in=$Seen do={ + :if ($SeenSsid = $Ssid) do={ + :log debug ("Already sent a mail for SSID " . $Ssid . ", skipping."); + :set Skip 1; } } - :if ($skip = 0) do={ - :set seen ( $seen, $ssid ); + :if ($Skip = 0) do={ + :set Seen ($Seen, $Ssid); - :local host "www.eworm.de" - :local srcpath ("/cgi-bin/cqrlogo-wifi.cgi" . \ - "?scale=8" . \ - "&level=1" . \ - "&ssid=" . $ssid . \ - "&pass=" . $newpsk); - :local attach "qrcode-daily.png"; + :local Url ("https://www.eworm.de/cgi-bin/cqrlogo-wifi.cgi" . \ + "?scale=8&level=1&ssid=" . $Ssid . "&pass=" . $NewPsk); + :local Attach "qrcode-daily.png"; :do { - / tool fetch mode=https check-certificate=yes-without-crl address=$host \ - host=$host src-path=$srcpath dst-path=$attach; + / tool fetch mode=https check-certificate=yes-without-crl \ + $Url dst-path=$Attach; } on-error={ - :set attach ""; + :set Attach ""; } - $SendNotification ("daily PSK " . $ssid) \ - ("This is the daily PSK on " . $identity . ":\n\n" . \ - "SSID: " . $ssid . "\n" . \ - "PSK: " . $newpsk . "\n" . \ - "Date: " . [ / system clock get date ] . "\n\n" . \ - "https://" . $host . $srcpath) \ - $attach; + $SendNotification ("daily PSK " . $Ssid) \ + ("This is the daily PSK on " . $Identity . ":\n\n" . \ + "SSID: " . $Ssid . "\n" . \ + "PSK: " . $NewPsk . "\n" . \ + "Date: " . $Date . "\n\n" . \ + $Url) $Attach; } } else={ - :log debug ("Missing active interface " . $intname . " for access list entry."); + :log debug ("Missing active interface " . $IntName . " for access list entry."); } } } diff --git a/daily-psk-schedule b/daily-psk-schedule index 853ae96..e5eb6f8 100644 --- a/daily-psk-schedule +++ b/daily-psk-schedule @@ -4,12 +4,12 @@ # # schedule daily-psk on startup -:local scheduler [ / system scheduler find where name=daily-psk-schedule ]; +:local Scheduler [ / system scheduler find where name="daily-psk-schedule" ]; -:if ([ / system scheduler get $scheduler interval ] = 0s) do={ - / system scheduler set interval=15s $scheduler; +:if ([ / system scheduler get $Scheduler interval ] = 0s) do={ + / system scheduler set interval=15s $Scheduler; } else={ - :if ([ / tool netwatch get [ find where comment=[ / tool e-mail get address ] ] status ] != "up" ) do={ + :if ([ / tool netwatch get [ find where comment=[ / tool e-mail get address ] ] status ] != "up") do={ :error "Mail server is not up."; } @@ -19,5 +19,5 @@ / system script run daily-psk; - / system scheduler set interval=0s $scheduler; + / system scheduler set interval=0s $Scheduler; } diff --git a/dhcp-lease-comment.capsman b/dhcp-lease-comment.capsman index 50e86b7..5e6e325 100644 --- a/dhcp-lease-comment.capsman +++ b/dhcp-lease-comment.capsman @@ -6,16 +6,16 @@ # # !! Do not edit this file, it is generated from template! -:foreach lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ - :local macaddress [ / ip dhcp-server lease get $lease mac-address ]; - :local oldcomment [ / ip dhcp-server lease get $lease comment ]; - :local newcomment; - :local accesslst [ :pick [ / caps-man access-list find where mac-address=$macaddress ] 0 ]; - :if ( [ :len $accesslst ] > 0 ) do={ - :set newcomment [ / caps-man access-list get $accesslst comment ]; +:foreach Lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ + :local MacAddress [ / ip dhcp-server lease get $Lease mac-address ]; + :local OldComment [ / ip dhcp-server lease get $Lease comment ]; + :local NewComment; + :local AccessList [ :pick [ / caps-man access-list find where mac-address=$MacAddress ] 0 ]; + :if ([ :len $AccessList ] > 0) do={ + :set NewComment [ / caps-man access-list get $AccessList comment ]; } - :if ([ :len $newcomment ] != 0 && $oldcomment != $newcomment) do={ - :log info ("Updating comment for DHCP lease " . $macaddress . ": " . $newcomment); - / ip dhcp-server lease set comment=$newcomment $lease; + :if ([ :len $NewComment ] != 0 && $OldComment != $NewComment) do={ + :log info ("Updating comment for DHCP lease " . $MacAddress . ": " . $NewComment); + / ip dhcp-server lease set comment=$NewComment $Lease; } } diff --git a/dhcp-lease-comment.local b/dhcp-lease-comment.local index 82cc9a9..98c11cc 100644 --- a/dhcp-lease-comment.local +++ b/dhcp-lease-comment.local @@ -6,16 +6,16 @@ # # !! Do not edit this file, it is generated from template! -:foreach lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ - :local macaddress [ / ip dhcp-server lease get $lease mac-address ]; - :local oldcomment [ / ip dhcp-server lease get $lease comment ]; - :local newcomment; - :local accesslst [ :pick [ / interface wireless access-list find where mac-address=$macaddress ] 0 ]; - :if ( [ :len $accesslst ] > 0 ) do={ - :set newcomment [ / interface wireless access-list get $accesslst comment ]; +:foreach Lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ + :local MacAddress [ / ip dhcp-server lease get $Lease mac-address ]; + :local OldComment [ / ip dhcp-server lease get $Lease comment ]; + :local NewComment; + :local AccessList [ :pick [ / interface wireless access-list find where mac-address=$MacAddress ] 0 ]; + :if ([ :len $AccessList ] > 0) do={ + :set NewComment [ / interface wireless access-list get $AccessList comment ]; } - :if ([ :len $newcomment ] != 0 && $oldcomment != $newcomment) do={ - :log info ("Updating comment for DHCP lease " . $macaddress . ": " . $newcomment); - / ip dhcp-server lease set comment=$newcomment $lease; + :if ([ :len $NewComment ] != 0 && $OldComment != $NewComment) do={ + :log info ("Updating comment for DHCP lease " . $MacAddress . ": " . $NewComment); + / ip dhcp-server lease set comment=$NewComment $Lease; } } diff --git a/dhcp-lease-comment.template b/dhcp-lease-comment.template index 211d338..b119596 100644 --- a/dhcp-lease-comment.template +++ b/dhcp-lease-comment.template @@ -7,16 +7,16 @@ # !! This is just a template! Replace '%PATH%' with 'caps-man' # !! or 'interface wireless'! -:foreach lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ - :local macaddress [ / ip dhcp-server lease get $lease mac-address ]; - :local oldcomment [ / ip dhcp-server lease get $lease comment ]; - :local newcomment; - :local accesslst [ :pick [ / %PATH% access-list find where mac-address=$macaddress ] 0 ]; - :if ( [ :len $accesslst ] > 0 ) do={ - :set newcomment [ / %PATH% access-list get $accesslst comment ]; +:foreach Lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ + :local MacAddress [ / ip dhcp-server lease get $Lease mac-address ]; + :local OldComment [ / ip dhcp-server lease get $Lease comment ]; + :local NewComment; + :local AccessList [ :pick [ / %PATH% access-list find where mac-address=$MacAddress ] 0 ]; + :if ([ :len $AccessList ] > 0) do={ + :set NewComment [ / %PATH% access-list get $AccessList comment ]; } - :if ([ :len $newcomment ] != 0 && $oldcomment != $newcomment) do={ - :log info ("Updating comment for DHCP lease " . $macaddress . ": " . $newcomment); - / ip dhcp-server lease set comment=$newcomment $lease; + :if ([ :len $NewComment ] != 0 && $OldComment != $NewComment) do={ + :log info ("Updating comment for DHCP lease " . $MacAddress . ": " . $NewComment); + / ip dhcp-server lease set comment=$NewComment $Lease; } } diff --git a/dhcp-to-dns b/dhcp-to-dns index c65745e..3ee7155 100644 --- a/dhcp-to-dns +++ b/dhcp-to-dns @@ -4,73 +4,73 @@ # # check DHCP leases and add/remove/update DNS entries -:global "identity"; -:global "domain"; -:global "hostname-in-zone"; +:global Identity; +:global Domain; +:global HostNameInZone; -:local zone; -:if ($"hostname-in-zone" = true) do={ - :set zone ("dhcp." . $identity . "." . $domain); +:local Zone; +:if ($HostNameInZone = true) do={ + :set Zone ("dhcp." . $Identity . "." . $Domain); } else={ - :set zone ("dhcp." . $domain); + :set Zone ("dhcp." . $Domain); } -:local ttl 5m; -:local hostname; -:local fqdn; -:local dnsip; -:local dhcpip; -:local dnsnode; -:local dhcpnode; +:local Ttl 5m; +:local HostName; +:local Fqdn; +:local DnsIp; +:local DhcpIp; +:local DnsNode; +:local DhcpNode; -:foreach static in=[ / ip dns static find where name ~ (".*\\." . $zone) ] do={ - :set fqdn [ / ip dns static get $static name ]; - :set hostname [ :pick $fqdn 0 ( [ :len $fqdn ] - ( [ :len $zone ] + 1 ) ) ]; - :set dhcpnode [ / ip dhcp-server lease find where host-name=$hostname dynamic=yes ]; - :if ( [ :len $dhcpnode ] > 0) do={ - :log debug ("Lease for " . $hostname . " still exists. Not deleting."); +:foreach Static in=[ / ip dns static find where name ~ (".*\\." . $Zone) ] do={ + :set Fqdn [ / ip dns static get $Static name ]; + :set HostName [ :pick $Fqdn 0 ([ :len $Fqdn ] - ([ :len $Zone ] + 1)) ]; + :set DhcpNode [ / ip dhcp-server lease find where host-name=$HostName dynamic=yes ]; + :if ([ :len $DhcpNode ] > 0) do={ + :log debug ("Lease for " . $HostName . " still exists. Not deleting."); } else={ - :local found false; - :log info ("Lease expired for " . $hostname . ", deleting DNS entry."); - / ip dns static remove $static; + :local Found false; + :log info ("Lease expired for " . $HostName . ", deleting DNS entry."); + / ip dns static remove $Static; } } -:foreach lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ - :local mac [ / ip dhcp-server lease get $lease mac-address ]; - :set dhcpip [ / ip dhcp-server lease get $lease address ]; - :local comment ("managed by dhcp-to-dns for " . $mac); - :set hostname [ / ip dhcp-server lease get $lease host-name ]; +:foreach Lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={ + :local Mac [ / ip dhcp-server lease get $Lease mac-address ]; + :set DhcpIp [ / ip dhcp-server lease get $Lease address ]; + :local Comment ("managed by dhcp-to-dns for " . $Mac); + :set HostName [ / ip dhcp-server lease get $Lease host-name ]; - :while ($hostname ~ " ") do={ - :local pos [ :find $hostname " " ]; - :set hostname ( [ :pick $hostname 0 $pos ] . [ :pick $hostname ($pos + 1) 999 ] ); + :while ($HostName ~ " ") do={ + :local Pos [ :find $HostName " " ]; + :set HostName ([ :pick $HostName 0 $Pos ] . [ :pick $HostName ($Pos + 1) 999 ]); }; - :if ( [ :len $hostname ] > 0) do={ - :set fqdn ( $hostname . "." . $zone ); - :set dnsnode [ / ip dns static find where name=$fqdn ]; - :if ( [ :len $dnsnode ] > 0 ) do={ - :set dnsip [ / ip dns static get $dnsnode address ]; + :if ([ :len $HostName ] > 0) do={ + :set Fqdn ($HostName . "." . $Zone); + :set DnsNode [ / ip dns static find where name=$Fqdn ]; + :if ([ :len $DnsNode ] > 0) do={ + :set DnsIp [ / ip dns static get $DnsNode address ]; - :local leases [ / ip dhcp-server lease find where host-name=$hostname dynamic=yes ]; - :local hostnamecount [ / ip dhcp-server lease print count-only where host-name=$hostname dynamic=yes ]; - :if ( $hostnamecount > 1) do={ - :foreach j,lease in=$leases do={ - :if ($j + 1 = $hostnamecount) do={ - :set dhcpip [ / ip dhcp-server lease get $lease address ]; + :local Leases [ / ip dhcp-server lease find where host-name=$HostName dynamic=yes ]; + :local HostNameCount [ / ip dhcp-server lease print count-only where host-name=$HostName dynamic=yes ]; + :if ($HostNameCount > 1) do={ + :foreach J,Lease in=$Leases do={ + :if ($J + 1 = $HostNameCount) do={ + :set DhcpIp [ / ip dhcp-server lease get $Lease address ]; } } } - :if ( $dnsip = $dhcpip ) do={ - :log debug ("DNS entry for " . $fqdn . " does not need updating."); + :if ($DnsIp = $DhcpIp) do={ + :log debug ("DNS entry for " . $Fqdn . " does not need updating."); } else={ - :log info ("Replacing DNS entry for " . $fqdn . ", new address is " . $dhcpip . "."); - / ip dns static set name=$fqdn address=$dhcpip ttl=$ttl comment=$comment $dnsnode; + :log info ("Replacing DNS entry for " . $Fqdn . ", new address is " . $DhcpIp . "."); + / ip dns static set name=$Fqdn address=$DhcpIp ttl=$Ttl comment=$Comment $DnsNode; } } else={ - :log info ("Adding new DNS entry for " . $fqdn . ", address is " . $dhcpip . "."); - / ip dns static add name=$fqdn address=$dhcpip ttl=$ttl comment=$comment; + :log info ("Adding new DNS entry for " . $Fqdn . ", address is " . $DhcpIp . "."); + / ip dns static add name=$Fqdn address=$DhcpIp ttl=$Ttl comment=$Comment; } } } diff --git a/email-backup b/email-backup index a13a2ed..a15f766 100644 --- a/email-backup +++ b/email-backup @@ -4,72 +4,72 @@ # # create and email backup and config file -:global "identity"; -:global "domain"; -:global "email-backup-to"; -:global "email-backup-cc"; -:global "backup-send-binary"; -:global "backup-send-export"; -:global "backup-cloud"; -:global "backup-password"; +:global Identity; +:global Domain; +:global EmailBackupTo; +:global EmailBackupCc; +:global BackupSendBinary; +:global BackupSendExport; +:global BackupCloud; +:global BackupPassword; -:if ($"backup-send-binary" != true && \ - $"backup-send-export" != true && \ - $"backup-cloud" != true) do={ +:if ($BackupSendBinary != true && \ + $BackupSendExport != true && \ + $BackupCloud != true) do={ :error ("Configured to send neither backup nor config export."); } # filename based on identity -:local filename ($identity . "." . $domain); -:local cloudstatus $"backup-cloud"; -:local attach [ :toarray "" ]; +:local FileName ($Identity . "." . $Domain); +:local CloudStatus $BackupCloud; +:local Attach [ :toarray "" ]; # get some system information -:local model [ / system routerboard get model ]; -:local serialnumber [ / system routerboard get serial-number ]; -:local channel [ / system package update get channel ]; -:local installedversion [ / system package update get installed-version ]; +:local Model [ / system routerboard get model ]; +:local SerialNumber [ / system routerboard get serial-number ]; +:local Channel [ / system package update get channel ]; +:local InstalledVersion [ / system package update get installed-version ]; # binary backup -:if ($"backup-send-binary" = true || \ - $"backup-cloud" = true) do={ - / system backup save encryption=aes-sha256 name=$filename password=$"backup-password"; +:if ($BackupSendBinary = true || \ + $BackupCloud = true) do={ + / system backup save encryption=aes-sha256 name=$FileName password=$BackupPassword; # attach to mail - :if ($"backup-send-binary" = true) do={ - :set attach ( $attach, ($filename . ".backup") ); + :if ($BackupSendBinary = true) do={ + :set Attach ($Attach, ($FileName . ".backup")); } # upload to cloud - :if ($"backup-cloud" = true) do={ + :if ($BackupCloud = true) do={ :do { :if ([ / system backup cloud print count-only ] > 0) do={ / system backup cloud remove-file [ find ]; } - / system backup cloud upload-file action=upload src-file=($filename . ".backup"); + / system backup cloud upload-file action=upload src-file=($FileName . ".backup"); } on-error={ - :set cloudstatus "failed"; + :set CloudStatus "failed"; } } } # create configuration export -:if ($"backup-send-export" = true) do={ - / export terse file=$filename; - :set attach ( $attach, ($filename . ".rsc") ); +:if ($BackupSendExport = true) do={ + / export terse file=$FileName; + :set Attach ($Attach, ($FileName . ".rsc")); } # send email with status and files -/ tool e-mail send to=$"email-backup-to" cc=$"email-backup-cc" \ - subject=("[" . $identity . "] Backup & Config") \ - body=("Backup and config export for " . $identity . ".\n\n" . \ - "Routerboard: " . $model . "\n" . \ - "Serial number: " . $serialnumber . "\n" . \ - "Hostname: " . $identity . "\n" . \ - "Channel: " . $channel . "\n" . \ - "RouterOS: " . $installedversion . "\n\n" . \ - "Backup attached: " . $"backup-send-binary" . "\n" . \ - "Config attached: " . $"backup-send-export" . "\n" . \ - "Cloud backup: " . $cloudstatus) \ - file=$attach; +/ tool e-mail send to=$EmailBackupTo cc=$EmailBackupCc \ + subject=("[" . $Identity . "] Backup & Config") \ + body=("Backup and config export for " . $Identity . ".\n\n" . \ + "Routerboard: " . $Model . "\n" . \ + "Serial number: " . $SerialNumber . "\n" . \ + "Hostname: " . $Identity . "\n" . \ + "Channel: " . $Channel . "\n" . \ + "RouterOS: " . $InstalledVersion . "\n\n" . \ + "Backup attached: " . $BackupSendBinary . "\n" . \ + "Config attached: " . $BackupSendExport . "\n" . \ + "Cloud backup: " . $CloudStatus) \ + file=$Attach; } diff --git a/global-config b/global-config index 448fbea..85fc54b 100644 --- a/global-config +++ b/global-config @@ -6,45 +6,45 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! -:global GlobalConfigVersion 1; +:global GlobalConfigVersion 2; # This is used for DNS and backup file. -:global "domain" "example.com"; -:global "hostname-in-zone" true; +:global Domain "example.com"; +:global HostNameInZone true; # These addresses are used to send e-mails to. The to-addresses need # to be filled, cc-addresses can be empty, one address or a comma # separated list of addresses. -:global "email-general-to" "mail@example.com"; -:global "email-general-cc" "another@example.com"; -:global "email-backup-to" "mail@example.com"; -:global "email-backup-cc" ""; +:global EmailGeneralTo "mail@example.com"; +:global EmailGeneralCc "another@example.com"; +:global EmailBackupTo "mail@example.com"; +:global EmailBackupCc ""; # You can send Telegram notifications. Register a bot # and add the token and chat ids here. -:global "telegram-tokenid" ""; -:global "telegram-chatid" ""; -#:global "telegram-tokenid" "123456:ABCDEF-GHI"; -#:global "telegram-chatid" "12345678"; +:global TelegramTokenId ""; +:global TelegramChatId ""; +#:global TelegramTokenId "123456:ABCDEF-GHI"; +#:global TelegramChatId "12345678"; # This defines what backups to generate and what password to use. -:global "backup-send-binary" false; -:global "backup-send-export" true; -:global "backup-cloud" false; -:global "backup-password" "v3ry-s3cr3t"; +:global BackupSendBinary false; +:global BackupSendExport true; +:global BackupCloud false; +:global BackupPassword "v3ry-s3cr3t"; # Specify an address to enable auto update to version assumed safe. # The configured channel (bugfix, current, release-candidate) is appended. -:global "safe-update-url" ""; -#:global "safe-update-url" "https://example.com/ros/safe-update/"; +:global SafeUpdateUrl ""; +#:global SafeUpdateUrl "https://example.com/ros/safe-update/"; # This controls what configuration is activated by bridge-port-to-default. -:global "bridge-port-to" "default"; +:global BridgePortTo "default"; # Access-list entries matching this comment are updated # with daily pseudo-random PSK. -:global "daily-psk-match-comment" "Daily PSK"; -:global "daily-psk-secrets" { +:global DailyPskMatchComment "Daily PSK"; +:global DailyPskSecrets { { "Abusive"; "Aggressive"; "Bored"; "Chemical"; "Cold"; "Cruel"; "Curved"; "Delightful"; "Discreet"; "Elite"; "Evasive"; "Faded"; "Flat"; "Future"; "Grandiose"; @@ -60,9 +60,9 @@ } # Run different commands with multiple mode-button presses. -:global "mode-button" { +:global ModeButton { 1="/ system script run leds-toggle-mode;"; - 2=":global SendNotification; :global identity; \$SendNotification (\"Hello...\") (\"Hello world, \" . \$identity . \" calling!\");"; + 2=":global SendNotification; :global Identity; \$SendNotification (\"Hello...\") (\"Hello world, \" . \$Identity . \" calling!\");"; 3="/ system shutdown;"; 4="/ system reboot;"; 5="/ system script run bridge-port-toggle;"; @@ -70,7 +70,7 @@ }; # Run commands on SMS action. -:global "sms-action" { +:global SmsAction { bridge-port-toggle="/ system script run bridge-port-toggle;"; reboot="/ system reboot;"; shutdown="/ system shutdown;"; @@ -79,29 +79,29 @@ # This address should resolve ntp servers and is used to update # ntp settings. A pool can rotate servers. -:global "ntp-pool" "pool.ntp.org"; +:global NtpPool "pool.ntp.org"; # This is the address used to send gps data to. -:global "gps-track-url" "https://example.com/index.php"; +:global GpsTrackUrl "https://example.com/index.php"; # Enable this to fetch scripts from given url. -:global "script-updates-fetch" true; -:global "script-updates-baseurl" "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/"; -#:global "script-updates-baseurl" "https://raw.githubusercontent.com/eworm-de/routeros-scripts/master/"; -#:global "script-updates-baseurl" "https://gitlab.com/eworm-de/routeros-scripts/raw/master/"; -:global "script-updates-urlsuffix" ""; -:global "script-updates-ignore" { +:global ScriptUpdatesFetch true; +:global ScriptUpdatesBaseUrl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/"; +#:global ScriptUpdatesBaseUrl "https://raw.githubusercontent.com/eworm-de/routeros-scripts/master/"; +#:global ScriptUpdatesBaseUrl "https://gitlab.com/eworm-de/routeros-scripts/raw/master/"; +:global ScriptUpdatesUrlSuffix ""; +:global ScriptUpdatesIgnore { "global-config" } # Use this for certificate auto-renew -:global "cert-renew-url" ""; -#:global "cert-renew-url" "https://example.com/certificates/"; -:global "cert-renew-pass" "v3ry-s3cr3t"; +:global CertRenewUrl ""; +#:global CertRenewUrl "https://example.com/certificates/"; +:global CertRenewPass "v3ry-s3cr3t"; # Configuration for update-tunnelbroker -#:global tunnelurl "ipv4.tunnelbroker.net"; -#:global tunneluser "user"; -#:global tunnelpass "v3ry-s3cr3t"; -#:global tunnelid "user-XXX.tunnel.tserv6.fra1.ipv6.he.net"; -#:global tunnelint "tunnelbroker"; +#:global TunnelUrl "ipv4.tunnelbroker.net"; +#:global TunnelUser "user"; +#:global TunnelPass "v3ry-s3cr3t"; +#:global TunnelId "user-XXX.tunnel.tserv6.fra1.ipv6.he.net"; +#:global TunnelInt "tunnelbroker"; diff --git a/global-functions b/global-functions index 8b98507..8b7c5b3 100644 --- a/global-functions +++ b/global-functions @@ -5,12 +5,12 @@ # global functions # expected configuration version -:global ExpectedConfigVersion 1; +:global ExpectedConfigVersion 2; # global variables not to be changed by user -:global "sent-routeros-update-notification" "-"; -:global "sent-lte-firmware-upgrade-notification" "-"; -:global "identity" [ / system identity get name ]; +:global SentRouterosUpdateNotification "-"; +:global SentLteFirmwareUpgradeNotification "-"; +:global Identity [ / system identity get name ]; # read input from user :global Read do={ @@ -19,44 +19,44 @@ # url encoding :global UrlEncode do={ - :local input [ :tostr $1 ]; - :local return ""; + :local Input [ :tostr $1 ]; + :local Return ""; - :if ([ :len $input ] > 0) do={ - :local chars " %&"; - :local subs { "%20"; "%25"; "%26" }; + :if ([ :len $Input ] > 0) do={ + :local Chars " %&"; + :local Subs { "%20"; "%25"; "%26" }; - :for i from=0 to=([ :len $input ] - 1) do={ - :local char [ :pick $input $i ]; - :local replace [ :find $chars $char ]; + :for I from=0 to=([ :len $Input ] - 1) do={ + :local Char [ :pick $Input $I ]; + :local Replace [ :find $Chars $Char ]; - :if ([ :len $replace ] > 0) do={ - :set char ($subs->$replace); + :if ([ :len $Replace ] > 0) do={ + :set Char ($Subs->$Replace); } - :set return ($return . $char); + :set Return ($Return . $Char); } } - :return $return; + :return $Return; } # check and import required certificates :global CertificateAvailable do={ - :local commonname [ :tostr $1 ]; - :local filename ([ :tostr $2 ] . ".pem"); + :local CommonName [ :tostr $1 ]; + :local FileName ([ :tostr $2 ] . ".pem"); - :global "script-updates-baseurl"; - :global "script-updates-urlsuffix"; + :global ScriptUpdatesBaseUrl; + :global ScriptUpdatesUrlSuffix; - :if ([ / certificate print count-only where common-name=$commonname ] = 0) do={ - :log info ("Certificate with CommonName " . $commonname . \ + :if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={ + :log info ("Certificate with CommonName " . $CommonName . \ " not available, downloading and importing."); :do { / tool fetch check-certificate=yes-without-crl \ - ($"script-updates-baseurl" . "certs/" . \ - $filename . $"script-updates-urlsuffix") \ - dst-path=$filename; - / certificate import file-name=$filename passphrase=""; + ($ScriptUpdatesBaseUrl . "certs/" . \ + $FileName . $ScriptUpdatesUrlSuffix) \ + dst-path=$FileName; + / certificate import file-name=$FileName passphrase=""; } on-error={ :log warning "Failed imprting certificate!"; } @@ -66,35 +66,35 @@ # send notification via e-mail and telegram # Note that attachment is ignored for telegram! :global SendNotification do={ - :local subject [ :tostr $1 ]; - :local message [ :tostr $2 ]; - :local attach [ :tostr $3 ]; + :local Subject [ :tostr $1 ]; + :local Message [ :tostr $2 ]; + :local Attach [ :tostr $3 ]; - :global "identity"; - :global "email-general-to"; - :global "email-general-cc"; - :global "telegram-tokenid"; - :global "telegram-chatid"; + :global Identity; + :global EmailGeneralTo; + :global EmailGeneralCc; + :global TelegramTokenId; + :global TelegramChatId; :global UrlEncode; :global CertificateAvailable; - :if ([ :len $"email-general-to" ] > 0) do={ + :if ([ :len $EmailGeneralTo ] > 0) do={ :do { - / tool e-mail send to=$"email-general-to" cc=$"email-general-cc" \ - subject=("[" . $"identity" . "] " . $subject) body=$message file=$attach; + / tool e-mail send to=$EmailGeneralTo cc=$EmailGeneralCc \ + subject=("[" . $Identity . "] " . $Subject) body=$Message file=$Attach; } on-error={ :log warning "Failed sending notification mail!"; } } - :if ([ :len $"telegram-tokenid" ] > 0 && [ :len $"telegram-chatid" ] > 0) do={ + :if ([ :len $TelegramTokenId ] > 0 && [ :len $TelegramChatId ] > 0) do={ $CertificateAvailable "Go Daddy Secure Certificate Authority - G2" "godaddy"; :do { / tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \ - ("https://api.telegram.org/bot" . $"telegram-tokenid" . "/sendMessage") \ - http-data=("chat_id=" . $"telegram-chatid" . "&text=" . \ - [ $UrlEncode ("[" . $"identity" . "] " . $subject . "\n\n" . $message) ]); + ("https://api.telegram.org/bot" . $TelegramTokenId . "/sendMessage") \ + http-data=("chat_id=" . $TelegramChatId . "&text=" . \ + [ $UrlEncode ("[" . $Identity . "] " . $Subject . "\n\n" . $Message) ]); } on-error={ :log warning "Failed sending telegram notification!"; } @@ -103,16 +103,16 @@ # get MAC vendor :global GetMacVendor do={ - :local mac [ :tostr $1 ]; + :local Mac [ :tostr $1 ]; :global CertificateAvailable; :do { - :local vendor; + :local Vendor; $CertificateAvailable "Let's Encrypt Authority X3" "letsencrypt"; - :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \ - url=("https://api.macvendors.com/" . [ :pick $mac 0 8 ]) output=user as-value ]->"data"); - :return $vendor; + :set Vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \ + ("https://api.macvendors.com/" . [ :pick $Mac 0 8 ]) output=user as-value ]->"data"); + :return $Vendor; } on-error={ :return "unknown vendor"; } @@ -120,25 +120,25 @@ # download package from upgrade server :global DownloadPackage do={ - :local pkgname [ :tostr $1 ]; - :local pkgver [ :tostr $2 ]; - :local pkgarch [ :tostr $3 ]; - :local pkgdest [ :tostr $4 ]; + :local PkgName [ :tostr $1 ]; + :local PkgVer [ :tostr $2 ]; + :local PkgArch [ :tostr $3 ]; + :local PkgDest [ :tostr $4 ]; :global CertificateAvailable; - :if ([ :len $pkgname ] = 0) do={ return false; } - :if ([ :len $pkgver ] = 0) do={ :set pkgver [ / system package update get installed-version ]; } - :if ([ :len $pkgarch ] = 0) do={ :set pkgarch [ / system resource get architecture-name ]; } + :if ([ :len $PkgName ] = 0) do={ return false; } + :if ([ :len $PkgVer ] = 0) do={ :set PkgVer [ / system package update get installed-version ]; } + :if ([ :len $PkgArch ] = 0) do={ :set PkgArch [ / system resource get architecture-name ]; } $CertificateAvailable "Let's Encrypt Authority X3" "letsencrypt"; do { - :local pkgfile ($pkgname . "-" . $pkgver . "-" . $pkgarch . ".npk"); + :local PkgFile ($PkgName . "-" . $PkgVer . "-" . $PkgArch . ".npk"); / tool fetch mode=https check-certificate=yes-without-crl \ - ("https://upgrade.mikrotik.com/routeros/" . $pkgver . "/" . $pkgfile) \ - dst-path=($pkgdest . "/" . $pkgfile); - return true; + ("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile) \ + dst-path=($PkgDest . "/" . $PkgFile); + :return true; } on-error={ - return false; + :return false; } } @@ -4,26 +4,23 @@ # # track gps data by sending json data to http server -:global "identity"; -:global "gps-track-url"; +:global Identity; +:global GpsTrackUrl; -:local gps [ / system gps monitor once as-value ]; +:local Gps [ / system gps monitor once as-value ]; -if ($gps->"valid" = true) do={ - :tool fetch mode=http \ - url=$"gps-track-url" \ - check-certificate=yes-without-crl \ - keep-result=no \ - http-method=post \ - http-content-type="application/json" \ +if ($Gps->"valid" = true) do={ + :tool fetch mode=https check-certificate=yes-without-crl \ + $GpsTrackUrl keep-result=no \ + http-method=post http-content-type="application/json" \ http-data=("{" . \ - "\"lat\":\"" . ($gps->"latitude") . "\"," . \ - "\"lon\":\"" . ($gps->"longitude") . "\"," . \ - "\"identity\":\"" . $identity . "\"" . \ + "\"lat\":\"" . ($Gps->"latitude") . "\"," . \ + "\"lon\":\"" . ($Gps->"longitude") . "\"," . \ + "\"identity\":\"" . $Identity . "\"" . \ "}"); :log debug ("Sending GPS data for tracking: " . \ - "lat: " . ($gps->"latitude") . " " . \ - "lon: " . ($gps->"longitude")); + "lat: " . ($Gps->"latitude") . " " . \ + "lon: " . ($Gps->"longitude")); } else={ :log debug ("GPS data not valid."); } diff --git a/initial-commands b/initial-commands index ad44ebb..86f46ba 100644 --- a/initial-commands +++ b/initial-commands @@ -12,8 +12,8 @@ :if ([ / certificate print count-only where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ] != 3) do={ :error "Anything is wrong with your certificates!"; } - :foreach script in={ "global-config"; "global-functions"; "script-updates" } do={ - / system script add name=$script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $script) output=user as-value]->"data"); + :foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={ + / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); } / system script run global-config; / system script run global-functions; diff --git a/ip-addr-bridge b/ip-addr-bridge index 40bc017..f503310 100644 --- a/ip-addr-bridge +++ b/ip-addr-bridge @@ -4,13 +4,13 @@ # # enable or disable ip addresses based on bridge port state -:foreach bridge in=[ / interface bridge find ] do={ - :local brname [ / interface bridge get $bridge name ]; - :if ([ / interface bridge port print count-only where bridge=$brname ] > 0) do={ - :if ([ / interface bridge port print count-only where bridge=$brname and inactive=no ] = 0) do={ - / ip address disable [ find where !dynamic interface=$brname ]; +:foreach Bridge in=[ / interface bridge find ] do={ + :local BrName [ / interface bridge get $Bridge name ]; + :if ([ / interface bridge port print count-only where bridge=$BrName ] > 0) do={ + :if ([ / interface bridge port print count-only where bridge=$BrName and inactive=no ] = 0) do={ + / ip address disable [ find where !dynamic interface=$BrName ]; } else={ - / ip address enable [ find where !dynamic interface=$brname ]; + / ip address enable [ find where !dynamic interface=$BrName ]; } } } diff --git a/ipv6-update b/ipv6-update index 12b9856..73336c1 100644 --- a/ipv6-update +++ b/ipv6-update @@ -4,31 +4,33 @@ # # update firewall and dns settings on IPv6 prefix change -:local pool [ / ipv6 pool get [ find where prefix=$"pd-prefix" ] name ]; -:local addrlist [ / ipv6 firewall address-list find where comment=("ipv6-pool-" . $pool) ]; -:local oldprefix [ / ipv6 firewall address-list get $addrlist address ]; +:local PdPrefix $"pd-prefix"; + +:local Pool [ / ipv6 pool get [ find where prefix=$PdPrefix ] name ]; +:local AddrList [ / ipv6 firewall address-list find where comment=("ipv6-pool-" . $Pool) ]; +:local OldPrefix [ / ipv6 firewall address-list get $AddrList address ]; # give the interfaces a moment to receive their addresses :delay 2s; -if ($oldprefix != $"pd-prefix") do={ - :log info ("Updating IPv6 address list with new IPv6 prefix " . $"pd-prefix"); - / ipv6 firewall address-list set address=$"pd-prefix" $addrlist; +if ($OldPrefix != $PdPrefix) do={ + :log info ("Updating IPv6 address list with new IPv6 prefix " . $PdPrefix); + / ipv6 firewall address-list set address=$PdPrefix $AddrList; - :foreach record in=[ / ip dns static find where comment~("ipv6-pool-" . $pool) ] do={ - :local comment [ :toarray [ / ip dns static get $record comment ] ]; - :local intname [ :pick [ :pick $comment 1 ] 10 99 ]; - :local suffix [ :pick [ :pick $comment 2 ] 7 99 ]; + :foreach Record in=[ / ip dns static find where comment~("ipv6-pool-" . $Pool) ] do={ + :local Comment [ :toarray [ / ip dns static get $Record comment ] ]; + :local IntName [ :pick [ :pick $Comment 1 ] 10 99 ]; + :local Suffix [ :pick [ :pick $Comment 2 ] 7 99 ]; - :local prefix [ / ipv6 address get [ find where interface=$intname from-pool=$pool global ] address ]; - :local prefix64 [ :pick $prefix 0 [ :find $prefix "::/64" ] ]; + :local Prefix [ / ipv6 address get [ find where interface=$IntName from-pool=$Pool global ] address ]; + :local Prefix64 [ :pick $Prefix 0 [ :find $Prefix "::/64" ] ]; - :local name [ / ip dns static get $record name ]; - :if ([ :len $name ] = 0) do={ - :set name [ / ip dns static get $record regex ]; + :local Name [ / ip dns static get $Record name ]; + :if ([ :len $Name ] = 0) do={ + :set Name [ / ip dns static get $Record regex ]; } - :log info ("Updating DNS record for " . $name . " to " . $prefix64 . ":" . $suffix); - / ip dns static set address=($prefix64 . ":" . $suffix) $record; + :log info ("Updating DNS record for " . $Name . " to " . $Prefix64 . ":" . $Suffix); + / ip dns static set address=($Prefix64 . ":" . $Suffix) $Record; } } diff --git a/lease-script b/lease-script index 78b51c6..c110201 100644 --- a/lease-script +++ b/lease-script @@ -5,7 +5,7 @@ # run scripts on DHCP lease # ( / ip dhcp-server set lease-script=lease-script [ find ] ) -:local scripts { +:local Scripts { "dhcp-to-dns"; "collect-wireless-mac.local"; "dhcp-lease-comment.local"; @@ -16,9 +16,9 @@ # delay a second to give time to update the lease table :delay 1s; -:foreach script in=$scripts do={ - :if ([ / system script print count-only where name=$script ] > 0) do={ - :log debug ("Running script from lease-script: " . $script); - / system script run $script; +:foreach Script in=$Scripts do={ + :if ([ / system script print count-only where name=$Script ] > 0) do={ + :log debug ("Running script from lease-script: " . $Script); + / system script run $Script; } } diff --git a/manage-umts b/manage-umts index b13049a..e416ee2 100644 --- a/manage-umts +++ b/manage-umts @@ -4,24 +4,25 @@ # # manage UMTS interface based on ethernet and wireless status -:local etherint "en1"; -:local wlanint "wl-station"; -:local umtsint "t-mobile"; +:local EtherInt "en1"; +:local WlanInt "wl-station"; +:local UmtsInt "t-mobile"; -:local etherstatus [ / interface ethernet get $etherint running ]; -:local wlanstatus [ / interface wireless get $wlanint running ]; +:local EtherStatus [ / interface ethernet get $EtherInt running ]; +:local WlanStatus [ / interface wireless get $WlanInt running ]; -:if ( $etherstatus = true || wlanstatus = true ) do={ - :if ( [ / interface get $umtsint disabled ] = false ) do={ - :log info ("Ethernet (" . $etherint . " / " . $etherstatus . ") or " . \ - "wireless (" . $wlanint . " / " . $wlanstatus . ") is running, " . \ - "UMTS interface " . $umtsint . " is enabled. Disabling..."); - / interface set disabled=yes $umtsint; - }; +:if ($EtherStatus = true || $WlanStatus = true) do={ + :if ([ / interface get $UmtsInt disabled ] = false) do={ + :log info ("Ethernet (" . $EtherInt . " / " . $EtherStatus . ") or " . \ + "wireless (" . $WlanInt . " / " . $WlanStatus . ") is running, " . \ + "UMTS interface " . $UmtsInt . " is enabled. Disabling..."); + / interface set disabled=yes $UmtsInt; + } } else={ - :if ( [ / interface get $umtsint disabled ] = true ) do={ - :log info ("Neither ethernet (" . $etherint . ") nor wireless (" . $wlanint . ") interface is running, " . \ - "UMTS interface " . $umtsint . " is disabled. Enabling..."); - / interface set disabled=no $umtsint; - }; -}; + :if ([ / interface get $UmtsInt disabled ] = true) do={ + :log info ("Neither ethernet (" . $EtherInt . ") nor wireless (" . \ + $WlanInt . ") interface is running, UMTS interface " . $UmtsInt . \ + " is disabled. Enabling..."); + / interface set disabled=no $UmtsInt; + } +} diff --git a/mode-button-event b/mode-button-event index 8428945..82c1f4b 100644 --- a/mode-button-event +++ b/mode-button-event @@ -4,16 +4,16 @@ # # run on mode-button event and count button presses -:global "mode-button"; +:global ModeButton; -:set ($"mode-button"->"count") ($"mode-button"->"count" + 1); +:set ($ModeButton->"count") ($ModeButton->"count" + 1); -:local scheduler [ / system scheduler find where name="mode-button-scheduler" ]; +:local Scheduler [ / system scheduler find where name="mode-button-scheduler" ]; -:if ([ :len $scheduler ] = 0) do={ +:if ([ :len $Scheduler ] = 0) do={ :log info "Creating mode-button scheduler, counting presses..."; / system scheduler add name=mode-button-scheduler on-event=mode-button-scheduler interval=3s; } else={ :log debug "Updating mode-button-scheduler..."; - / system scheduler set $scheduler start-time=[ /system clock get time ]; + / system scheduler set $Scheduler start-time=[ /system clock get time ]; } diff --git a/mode-button-scheduler b/mode-button-scheduler index 4d3facf..bce6089 100644 --- a/mode-button-scheduler +++ b/mode-button-scheduler @@ -4,15 +4,15 @@ # # act on multiple mode-botton presses from scheduler -:global "mode-button"; +:global ModeButton; -:local count ($"mode-button"->"count"); -:local code ($"mode-button"->[ :tostr $count ]); -:local parsed [ :parse $code ]; +:local Count ($ModeButton->"count"); +:local Code ($ModeButton->[ :tostr $Count ]); +:local Parsed [ :parse $Code ]; -:set ($"mode-button"->"count") 0; +:set ($ModeButton->"count") 0; / system scheduler remove mode-button-scheduler; -:log info ("Acting on " . $count . " mode-button presses: " . $code); +:log info ("Acting on " . $Count . " mode-button presses: " . $Code); :delay 1s; -$parsed; +$Parsed; diff --git a/netwatch-syslog b/netwatch-syslog index 71d75d1..87e9709 100644 --- a/netwatch-syslog +++ b/netwatch-syslog @@ -6,9 +6,9 @@ # # manage remote logging facilities -:local remote [ /system logging action get [ :pick [ find where target=remote ] 0 ] remote ]; +:local Remote [ /system logging action get [ :pick [ find where target=remote ] 0 ] remote ]; -if ([ / tool netwatch get [ find where host=$remote ] status ] = "up") do={ +if ([ / tool netwatch get [ find where host=$Remote ] status ] = "up") do={ / system logging set disabled=no [ find where action=remote disabled=yes ]; } else={ / system logging set disabled=yes [ find where action=remote disabled=no ]; @@ -5,10 +5,11 @@ # run scripts on ppp up # variable $interface is available in ppp on-up script -:local dhcpclient [ / ipv6 dhcp-client find where interface=$interface ]; +:local Interface $interface; +:local DhcpClient [ / ipv6 dhcp-client find where interface=$Interface ]; -:if ( [ :len $dhcpclient ] > 0) do={ - / ipv6 dhcp-client disable $dhcpclient; +:if ([ :len $DhcpClient ] > 0) do={ + / ipv6 dhcp-client disable $DhcpClient; :delay 1s; - / ipv6 dhcp-client enable $dhcpclient; + / ipv6 dhcp-client enable $DhcpClient; } @@ -4,14 +4,14 @@ # # rotate the ntp servers -:global "ntp-pool"; +:global NtpPool; -:local ntp1 [ :resolve ("0." . $"ntp-pool") ]; -:local ntp2 [ :resolve ("1." . $"ntp-pool") ]; +:local Ntp1 [ :resolve ("0." . $NtpPool) ]; +:local Ntp2 [ :resolve ("1." . $NtpPool) ]; :if ([ / system ntp client get enabled ] != true) do={ :log warning "NTP client is not enabled!"; } -:log info ("Updating NTP servers to " . $ntp1 . " and " . $ntp2); -/ system ntp client set primary-ntp=$ntp1 secondary-ntp=$ntp2; +:log info ("Updating NTP servers to " . $Ntp1 . " and " . $Ntp2); +/ system ntp client set primary-ntp=$Ntp1 secondary-ntp=$Ntp2; diff --git a/script-updates b/script-updates index 5ed0f5b..971f2e4 100644 --- a/script-updates +++ b/script-updates @@ -6,80 +6,80 @@ :global GlobalConfigVersion; :global ExpectedConfigVersion; -:global "identity"; -:global "script-updates-fetch"; -:global "script-updates-baseurl"; -:global "script-updates-urlsuffix"; -:global "script-updates-ignore"; +:global Identity; +:global ScriptUpdatesFetch; +:global ScriptUpdatesBaseUrl; +:global ScriptUpdatesUrlSuffix; +:global ScriptUpdatesIgnore; :global SendNotification; -:foreach script in=[ / system script find ] do={ - :local ignore 0; - :local scriptname [ / system script get $script name ]; - :local scriptpolicy [ / system script get $script policy ]; - :local scriptfile [ / file find where name=("script-updates/" . $scriptname) ]; - :local sourcenew; - :if ([ :len $scriptfile ] > 0) do={ - :set sourcenew [ / file get $scriptfile content ]; - / file remove $scriptfile; +:foreach Script in=[ / system script find ] do={ + :local Ignore 0; + :local ScriptName [ / system script get $Script name ]; + :local ScriptPolicy [ / system script get $Script policy ]; + :local ScriptFile [ / file find where name=("script-updates/" . $ScriptName) ]; + :local SourceNew; + :if ([ :len $ScriptFile ] > 0) do={ + :set SourceNew [ / file get $ScriptFile content ]; + / file remove $ScriptFile; } - :foreach scheduler in=[ / system scheduler find where on-event=$scriptname ] do={ - :local schedulername [ / system scheduler get $scheduler name ]; - :local schedulerpolicy [ / system scheduler get $scheduler policy ]; - :if ($scriptpolicy != schedulerpolicy) do={ - :log warning ("Policies differ for script " . $scriptname . \ - " and its scheduler " . $schedulername . "!"); + :foreach Scheduler in=[ / system scheduler find where on-event=$ScriptName ] do={ + :local SchedulerName [ / system scheduler get $Scheduler name ]; + :local SchedulerPolicy [ / system scheduler get $Scheduler policy ]; + :if ($ScriptPolicy != $SchedulerPolicy) do={ + :log warning ("Policies differ for script " . $ScriptName . \ + " and its scheduler " . $SchedulerName . "!"); } } - :if ([ :len $sourcenew ] = 0 && $"script-updates-fetch" = true) do={ - :foreach "ignore-loop" in=$"script-updates-ignore" do={ - :if ($"ignore-loop" = $scriptname) do={ :set ignore 1; } + :if ([ :len $SourceNew ] = 0 && $ScriptUpdatesFetch = true) do={ + :foreach IgnoreLoop in=$ScriptUpdatesIgnore do={ + :if ($IgnoreLoop = $ScriptName) do={ :set Ignore 1; } } - :if ($ignore = 0) do={ - :log debug ("Fetching script from url: " . $scriptname); + :if ($Ignore = 0) do={ + :log debug ("Fetching script from url: " . $ScriptName); :do { - :local result [ / tool fetch check-certificate=yes-without-crl \ - ($"script-updates-baseurl" . $scriptname . $"script-updates-urlsuffix") \ + :local Result [ / tool fetch check-certificate=yes-without-crl \ + ($ScriptUpdatesBaseUrl . $ScriptName . $ScriptUpdatesUrlSuffix) \ output=user as-value ]; - :if ($result->"status" = "finished") do={ - :set sourcenew ($result->"data"); + :if ($Result->"status" = "finished") do={ + :set SourceNew ($Result->"data"); } } on-error={ - :log info ("Failed fetching " . $scriptname); + :log info ("Failed fetching " . $ScriptName); } } } - :if ([ :len $sourcenew ] > 0) do={ - :if ([ :pick $sourcenew 0 5 ] = "#!rsc") do={ - :local sourcecurrent [ / system script get $script source ]; - :if ($sourcenew != $sourcecurrent) do={ - :local "dont-require-permissions" \ - ($sourcenew~"\n# requires: dont-require-permissions=yes\n"); - :log info ("Updating script: " . $scriptname); - / system script set owner=$scriptname source=$sourcenew \ - dont-require-permissions=$"dont-require-permissions" $script; - :if ($scriptname = "global-functions") do={ + :if ([ :len $SourceNew ] > 0) do={ + :if ([ :pick $SourceNew 0 5 ] = "#!rsc") do={ + :local SourceCurrent [ / system script get $Script source ]; + :if ($SourceNew != $SourceCurrent) do={ + :local DontRequirePermissions \ + ($SourceNew~"\n# requires: dont-require-permissions=yes\n"); + :log info ("Updating script: " . $ScriptName); + / system script set owner=$ScriptName source=$SourceNew \ + dont-require-permissions=$DontRequirePermissions $Script; + :if ($ScriptName = "global-functions") do={ / system script run global-functions; } } else={ - :log debug ("Script " . $scriptname . " did not change"); + :log debug ("Script " . $ScriptName . " did not change."); } } else={ - :log warning ("Looks like new script " . $scriptname . " is not valid. Ignoring!"); + :log warning ("Looks like new script " . $ScriptName . " is not valid. Ignoring!"); } } else={ - :log debug ("No update for script " . $scriptname); + :log debug ("No update for script " . $ScriptName . "."); } } :if ($GlobalConfigVersion < $ExpectedConfigVersion) do={ $SendNotification "Configuration warning!" \ - ("Current configuration on " . $identity . " is out of date. " . \ + ("Current configuration on " . $Identity . " is out of date. " . \ "Please update global-config, then increase variable " . \ "GlobalConfigVersion (currently " . $GlobalConfigVersion . \ ") to " . $ExpectedConfigVersion . " and re-run global-config."); @@ -4,11 +4,13 @@ # # run action on received SMS -:global "sms-action"; +:global SmsAction; -:local code ($"sms-action"->$action); -:local parsed [ :parse $code ]; +:local Action $action; -:log info ("Acting on SMS action '" . $action . "': " . $code); +:local Code ($SmsAction->$Action); +:local Parsed [ :parse $Code ]; + +:log info ("Acting on SMS action '" . $Action . "': " . $Code); :delay 1s; -$parsed; +$Parsed; diff --git a/sms-forward b/sms-forward index d94f0c3..f22949f 100644 --- a/sms-forward +++ b/sms-forward @@ -4,7 +4,7 @@ # # forward SMS to e-mail -:global "identity"; +:global Identity; :global SendNotification; @@ -13,25 +13,25 @@ :error "Mail server is not up."; } -:local allowed [ / tool sms get allowed-number ]; -:local secret [ / tool sms get secret ]; +:local Allowed [ / tool sms get allowed-number ]; +:local Secret [ / tool sms get secret ]; # forward SMS in a loop -:foreach sms in=[ / tool sms inbox find ] do={ - :local message [ / tool sms inbox get $sms message ]; - :local phone [ / tool sms inbox get $sms phone ]; - :local timestamp [ / tool sms inbox get $sms timestamp ]; - :local type [ / tool sms inbox get $sms type ]; +:foreach Sms in=[ / tool sms inbox find ] do={ + :local Message [ / tool sms inbox get $Sms message ]; + :local Phone [ / tool sms inbox get $Sms phone ]; + :local TimeStamp [ / tool sms inbox get $Sms timestamp ]; + :local Type [ / tool sms inbox get $Sms type ]; - :if ($phone = $allowed && message~("^:cmd " . $secret . " script ")) do={ + :if ($Phone = $Allowed && $Message~("^:cmd " . $Secret . " script ")) do={ :log debug "Ignoring SMS, which starts a script."; } else={ $SendNotification ("SMS Forwarding") \ - ("A message was received by " . $identity . ":\n\n" . \ - "Phone: " . $phone . "\n" . \ - "Timestamp: " . $timestamp . "\n" . \ - "Type: " . $type . "\n\n" . \ - "Message:\n" . $message); - / tool sms inbox remove $sms; + ("A message was received by " . $Identity . ":\n\n" . \ + "Phone: " . $Phone . "\n" . \ + "Timestamp: " . $TimeStamp . "\n" . \ + "Type: " . $Type . "\n\n" . \ + "Message:\n" . $Message); + / tool sms inbox remove $Sms; } } diff --git a/ssh-keys-import b/ssh-keys-import index b7fc876..0f7fb5b 100644 --- a/ssh-keys-import +++ b/ssh-keys-import @@ -8,4 +8,4 @@ # while read type key name; do echo $type $key $name > $name.pub; done < keys.pub # ... then transfer with scp/sftp. -:foreach key in=[ / file find where type="ssh key" ] do={ / user ssh-key import user=admin public-key-file=[ / file get $key name ]; } +:foreach Key in=[ / file find where type="ssh key" ] do={ / user ssh-key import user=admin public-key-file=[ / file get $Key name ]; } diff --git a/super-mario-theme b/super-mario-theme index 5a03cc9..1e59c6a 100644 --- a/super-mario-theme +++ b/super-mario-theme @@ -4,7 +4,7 @@ # # play Super Mario theme -:local beeps { +:local Beeps { { 660; 100 }; 150; { 660; 100 }; 300; { 660; 100 }; 300; { 510; 100 }; 100; { 660; 100 }; 300; { 770; 100 }; 550; { 380; 100 }; 575; { 510; 100 }; 450; { 380; 100 }; 400; @@ -58,10 +58,10 @@ { 660; 100 }; 300; { 660; 100 }; 300; { 510; 100 }; 100; { 660; 100 }; 300; { 770; 100 }; 550; { 380; 100 }; 575 }; -:foreach beep in=$beeps do={ - :if ([ :len $beep ] = 2) do={ - :beep frequency=[ :pick $beep 0 ] length=([ :pick $beep 1 ] . "ms"); +:foreach Beep in=$Beeps do={ + :if ([ :len $Beep ] = 2) do={ + :beep frequency=[ :pick $Beep 0 ] length=([ :pick $Beep 1 ] . "ms"); } else={ - :delay ($beep . "ms"); + :delay ($Beep . "ms"); } } diff --git a/unattended-lte-firmware-upgrade b/unattended-lte-firmware-upgrade index 3570c57..9a717e3 100644 --- a/unattended-lte-firmware-upgrade +++ b/unattended-lte-firmware-upgrade @@ -4,26 +4,26 @@ # # schedule unattended lte firmware upgrade -:foreach interface in=[ / interface lte find ] do={ - :local firmware; - :local intname [ / interface lte get $interface name ]; +:foreach Interface in=[ / interface lte find ] do={ + :local Firmware; + :local IntName [ / interface lte get $Interface name ]; do { - :set firmware [ / interface lte firmware-upgrade $interface once as-value ]; + :set Firmware [ / interface lte firmware-upgrade $Interface once as-value ]; # strip the extra line break (TODO: remove when fixed upstream) - :set ($firmware->"latest") [ :pick ($firmware->"latest") 0 [ :find ($firmware->"latest") "\n" ] ]; + :set ($Firmware->"latest") [ :pick ($Firmware->"latest") 0 [ :find ($Firmware->"latest") "\n" ] ]; } on-error={ - :log debug ("Could not get latest LTE firmware version for interface " . $intname . "."); + :log debug ("Could not get latest LTE firmware version for interface " . $IntName . "."); } - :if (($firmware->"installed") != ($firmware->"latest")) do={ - :log info ("Scheduling LTE firmware upgrade for interface " . $intname . "."); - / system script add name=($intname . "-firmware-upgrade") source=("# unattended-lte-firmware-upgrade\n" . \ - "/ system scheduler remove " . $intname . "-firmware-upgrade;\n" . \ - "/ system script remove " . $intname . "-firmware-upgrade;\n" . \ - "/ interface lte firmware-upgrade " . $intname . " upgrade=yes;\n" . \ + :if (($Firmware->"installed") != ($Firmware->"latest")) do={ + :log info ("Scheduling LTE firmware upgrade for interface " . $IntName . "."); + / system script add name=($IntName . "-firmware-upgrade") source=("# unattended-lte-firmware-upgrade\n" . \ + "/ system scheduler remove " . $IntName . "-firmware-upgrade;\n" . \ + "/ system script remove " . $IntName . "-firmware-upgrade;\n" . \ + "/ interface lte firmware-upgrade " . $IntName . " upgrade=yes;\n" . \ ":log info (\"LTE firmware upgrade finished, waiting for installation before reset.\");\n" . \ ":delay 150s;\n" . \ - "/ interface lte at-chat " . $intname . " input=\"AT+RESET\";"); - / system scheduler add name=($intname . "-firmware-upgrade") on-event=($intname . "-firmware-upgrade") interval=1m; + "/ interface lte at-chat " . $IntName . " input=\"AT+RESET\";"); + / system scheduler add name=($IntName . "-firmware-upgrade") on-event=($IntName . "-firmware-upgrade") interval=1m; } } diff --git a/update-gre-address b/update-gre-address index 698f30c..2964d46 100644 --- a/update-gre-address +++ b/update-gre-address @@ -7,18 +7,18 @@ / interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ]; -:foreach peer in=[ / ip ipsec remote-peers find ] do={ - :local id [ / ip ipsec remote-peers get $peer id ]; - :local greint [ / interface gre find where comment=$id ]; - :if ([ :len $greint ] > 0) do={ - :local grename [ / interface gre get $greint name ]; - :local addrold [ / interface gre get $greint remote-address ]; - :local disabled [ / interface gre get $greint disabled ]; - :local addrnew [ / ip ipsec remote-peers get $peer dynamic-address ]; - :if ($addrnew != $addrold || $disabled = true) do={ - :log info ("Update remote address for interface " . $grename . " to " . $addrnew); - / interface gre set remote-address=0.0.0.0 disabled=yes [ find where remote-address=$addrnew name!=$grename ]; - / interface gre set $greint remote-address=$addrnew disabled=no; +:foreach Peer in=[ / ip ipsec remote-peers find ] do={ + :local Id [ / ip ipsec remote-peers get $Peer id ]; + :local GreInt [ / interface gre find where comment=$Id ]; + :if ([ :len $GreInt ] > 0) do={ + :local GreName [ / interface gre get $GreInt name ]; + :local AddrOld [ / interface gre get $GreInt remote-address ]; + :local Disabled [ / interface gre get $GreInt disabled ]; + :local AddrNew [ / ip ipsec remote-peers get $Peer dynamic-address ]; + :if ($AddrNew != $AddrOld || $Disabled = true) do={ + :log info ("Update remote address for interface " . $GreName . " to " . $AddrNew); + / interface gre set remote-address=0.0.0.0 disabled=yes [ find where remote-address=$AddrNew name!=$GreName ]; + / interface gre set $GreInt remote-address=$AddrNew disabled=no; } } } diff --git a/update-tunnelbroker b/update-tunnelbroker index fccd41c..cf8af45 100644 --- a/update-tunnelbroker +++ b/update-tunnelbroker @@ -3,11 +3,11 @@ # Copyright (c) 2013-2019 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -:global tunnelurl; -:global tunneluser; -:global tunnelpass; -:global tunnelid; -:global tunnelint; +:global TunnelUrl; +:global TunnelUser; +:global TunnelPass; +:global TunnelId; +:global TunnelInt; :global CertificateAvailable; @@ -16,22 +16,22 @@ } # get the last ip address from tunnel interface -:local tunnellastip [ / interface 6to4 get [ / interface 6to4 find where name=$tunnelint ] local-address ]; +:local TunnelLastIp [ / interface 6to4 get [ / interface 6to4 find where name=$TunnelInt ] local-address ]; # Get the current ip address from cloud / ip cloud force-update; -while ([ / ip cloud get status ] != "updated" ) do={ +:while ([ / ip cloud get status ] != "updated") do={ :delay 1s; } -:local tunnelip [ / ip cloud get public-address ]; +:local TunnelIp [ / ip cloud get public-address ]; -:if ($tunnelip != $tunnellastip) do={ +:if ($TunnelIp != $TunnelLastIp) do={ $CertificateAvailable "Starfield Secure Certificate Authority - G2" "starfield"; - :log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $tunnelip); + :log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $TunnelIp); / tool fetch mode=https check-certificate=yes-without-crl \ - ("https://" . $tunnelurl . "/nic/update\?hostname=" . $tunnelid) \ - user=$tunneluser password=$tunnelpass keep-result=no; - / interface 6to4 set [ / interface 6to4 find where name=$tunnelint ] local-address=$tunnelip; + ("https://" . $TunnelUrl . "/nic/update\?hostname=" . $TunnelId) \ + user=$TunnelUser password=$TunnelPass keep-result=no; + / interface 6to4 set [ / interface 6to4 find where name=$TunnelInt ] local-address=$TunnelIp; } else={ :log debug "All tunnelbroker configuration is up to date."; } |