aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Expand)AuthorFilesLines
2024-07-04global-functions: $MkDir: enable tmpfs if disabledGravatar Christian Hesse1-1/+6
2024-07-02global-functions: $GetMacVendor: cert 'GTS Root R4'Gravatar Christian Hesse2-1/+21
2024-06-25check-certificates: limit scope for $CertNew...•••... into block where certificate is replaced. This should unbreak renewing with a certificate updated in place. Gravatar Christian Hesse1-4/+3
2024-06-21global-functions: $CertificateDownload: try fallback to mkcert.org•••There's a nice API that allows to download certificate by exact common name. Let's use that, as a fallback at least. https://mkcert.org/ change-131Gravatar Christian Hesse2-11/+31
2024-06-21Merge branch 'root-certificates' into nextGravatar Christian Hesse36-2456/+334
2024-06-21notify on changes regarding certificateschange-130Gravatar Christian Hesse2-1/+2
2024-06-21certs: DigiCert TLS Hybrid ECC SHA384 2020 CA1 -> DigiCert Global Root CA•••This is used by Cloudflare DNS Quard9 (9.9.9.9). $CertificateAvailable "DigiCert Global Root CA"; /ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes; Gravatar Christian Hesse3-175/+30
2024-06-21certs: DigiCert Global G2 TLS RSA SHA256 2020 CA1 -> DigiCert Global Root G2•••This is used by Cloudflare DNS (1.1.1.1). $CertificateAvailable "DigiCert Global Root G2"; /ip/dns/set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes; Gravatar Christian Hesse3-183/+30
2024-06-21certs: Go Daddy Secure Certificate Authority - G2 -> Go Daddy Root Certificat...Gravatar Christian Hesse4-180/+32
2024-06-21certs: GTS CA 1C3 / GTS CA 1P5 -> GTS Root R1Gravatar Christian Hesse5-482/+40
2024-06-21certs: Starfield Secure Certificate Authority - G2 -> Starfield Root Certific...Gravatar Christian Hesse3-180/+31
2024-06-21certs: Cloudflare Inc ECC CA-3 -> Baltimore CyberTrust RootGravatar Christian Hesse3-165/+30
2024-06-21certs: Certum Domain Validation CA SHA2 -> Certum Trusted Network CAGravatar Christian Hesse3-177/+30
2024-06-21certs: GlobalSign Atlas R3 DV TLS CA 2022 Q3 -> GlobalSignGravatar Christian Hesse3-179/+30
2024-06-21certs: R3 / R10 -> ISRG Root X1Gravatar Christian Hesse6-471/+41
2024-06-21certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. 🤪 This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem Gravatar Christian Hesse10-263/+38
2024-06-20doc/mod/notification-matrix: drop certificate hint...•••... as matrix.org switched to Let's Encrypt with ISRG Root X2. Gravatar Christian Hesse1-3/+0
2024-06-19Let's Encrypt changed their intermediate certificates•••https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate. Gravatar Christian Hesse8-16/+366
2024-06-11unattended-lte-firmware-upgrade: check on valid version firstGravatar Christian Hesse1-1/+2
2024-06-11unattended-lte-firmware-upgrade: drop the AT reset•••The AT command to reset is specific to modem. So this worked for some only... Let's just drop it, and update the log message. Gravatar Christian Hesse1-2/+1
2024-06-11unattended-lte-firmware-upgrade: omit just another onceGravatar Christian Hesse1-1/+1
2024-06-10backup-cloud: remove trailing spaces•••How did I produce these!? 😳 Gravatar Christian Hesse1-1/+1
2024-06-10unattended-lte-firmware-upgrade: omit once•••Omit `once` from the `/interface/lte/firmware-upgrade` command to make sure it does acutally return a valid result. Fixes #69 Gravatar netravnen1-1/+1
2024-06-10check-lte-firmware-upgrade: omit once•••Omit `once` from the `/interface/lte/firmware-upgrade` command to make sure it does acutally return a valid result. Gravatar netravnen1-1/+1
2024-06-05backup-cloud: log note on previous connection errorsGravatar Christian Hesse1-0/+4
2024-06-01global-functions: $CleanName: no exception for dash...•••... as we still want to deduplicate it when it is inside the input string. This also unbreak certificate import for "Go Daddy Secure Certificate Authority - G2" (and more)... Gravatar Christian Hesse1-1/+1
2024-05-25telegram-chat: drop extra parenthesisGravatar Christian Hesse1-3/+3
2024-05-24telegram-chat: convert the message (command) to string•••RouterOS 7.15beta4 fixed a bug in JSON parser: *) console - do not convert string to array in ":deserialize" command; Before that change commands with a comma caused very crazy issues. Let's convert the message to a string. This does not give exactly the expected result, but mitigates telegram-chat to explode. A command like... /ip/address/print proplist=address,network; ... is converted to... /ip/address/print proplist=address;network; ... and results in: Columns: ADDRESS # ADDRESS 0 10.0.0.1/24 1 127.0.0.1/8 bad command name network (line 1 column 36) Gravatar Christian Hesse1-10/+11
2024-05-23Merge branch 'backup-partition' into nextGravatar Christian Hesse5-4/+66
2024-05-23backup-partition: news on support for copy-overchange-129Gravatar Christian Hesse2-1/+2
2024-05-23doc/backup-upload: fix link for backup-partitionGravatar Christian Hesse1-1/+1
2024-05-23backup-partition: support copy before feature updateGravatar Christian Hesse3-3/+30
2024-05-23doc/backup-email: fix link for backup-partitionGravatar Christian Hesse1-1/+1
2024-05-23backup-partition: move code to a local functionGravatar Christian Hesse1-5/+17
2024-05-23doc/backup-cloud: fix link for backup-partitionGravatar Christian Hesse1-1/+1
2024-05-23backup-partition: support RouterOS copy-over...•••... when run interactively from CLI. Gravatar Christian Hesse2-3/+25
2024-05-15daily-psk: quote ssid and passphraseGravatar Christian Hesse4-4/+4
2024-05-15daily-psk: decrease indention in notificationGravatar Christian Hesse4-12/+12
2024-05-15daily-psk: adopt syntax changes•••RouterOS 7.15beta8 came with this change: *) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values; While the old code is bad syntax with RouterOS 7.15, the new code is valid for older RouterOS, but produces different (and more or less unexpected) results. 🥴 Let's use the new code, and add a check on the RouterOS version. With old RouterOS this now sends the notification even if the interface is disabled. routeros-7.15beta8-1Gravatar Christian Hesse4-2/+6
2024-05-15global-functions: $IsTimeSync: initialize with uptime...•••... to make sure the warning is not issued too early. Gravatar Christian Hesse1-2/+2
2024-05-14fw-addr-lists: add 'strongips' list from blocklist.dechange-128Gravatar Christian Hesse5-3/+182
2024-05-08global-functions: $IsTimeSync: add (one time) warning on failed ntp syncGravatar Christian Hesse1-0/+1
2024-05-08global-functions: $IsTimeSync: log just onceGravatar Christian Hesse1-3/+3
2024-04-29global-functions: $WaitForFile: drop extra conversionGravatar Christian Hesse1-1/+1
2024-04-29global-functions: $WaitForFile: respect minimum delayGravatar Christian Hesse1-1/+2
2024-04-29global-functions: $WaitForFile: use fewer stepsGravatar Christian Hesse1-2/+2
2024-04-29telegram-chat: shorten the messageGravatar Christian Hesse1-1/+1
2024-04-29mod/notification-telegram: format percentage italicGravatar Christian Hesse1-2/+2
2024-04-29mod/notification-telegram: format date & time italicGravatar Christian Hesse1-2/+2
2024-04-29mod/notification-telegram: support excluding characters from escaping...•••... to support formatting in plain text. Handle with care, this can break the request if done wrong! Gravatar Christian Hesse1-1/+4
2024-04-29mod/notification-telegram: use proper variable naming...•••... in local escaping function. Gravatar Christian Hesse1-7/+9
2024-04-29mod/notification-telegram: capitalize Telegram in messageGravatar Christian Hesse1-1/+1
2024-04-29mod/notification-matrix: format date & time italicGravatar Christian Hesse1-5/+6
2024-04-29global-functions: $CleanName: do not start with a dashGravatar Christian Hesse1-4/+12
2024-04-29mod/ssh-keys-import: remove temporary directoryGravatar Christian Hesse1-0/+2
2024-04-29mod/ssh-keys-import: create directory laterGravatar Christian Hesse1-5/+5
2024-04-29global-functions: $FetchHuge: remove temporary directoryGravatar Christian Hesse1-4/+5
2024-04-29backup-cloud: retry on error...•••Let's see if brute force helps. 🤪 Gravatar Christian Hesse1-12/+16
2024-04-29backup-cloud: clean up and simplify codeGravatar Christian Hesse1-6/+4
2024-04-29backup-cloud: no early exit...•••... as we want to make sure the directory (and its content) is removed. Gravatar Christian Hesse1-1/+0
2024-04-29backup-upload: no early exit...Gravatar Christian Hesse1-1/+0
2024-04-23backup-upload: remove temporary directoryGravatar Christian Hesse1-0/+1
2024-04-23netwatch-notify: log to debug...•••... instead of discarding the message completely. Gravatar Christian Hesse1-2/+3
2024-04-19README: show fingerprints in output•••This is not scrictly necessary, as we filter by fingerprint already... But it gives better overview and feeling. Gravatar Christian Hesse2-1/+1
2024-04-19README: remove left over certificate file•••But use find as RouterOS 7.15rc1 removes it automatically. Gravatar Christian Hesse1-1/+2
2024-04-19INITIAL-COMMANDS: remove the certificate file with find•••Required as RouterOS 7.15rc1 removes it automatically. routeros-7.15rc1-2Gravatar Christian Hesse1-1/+1
2024-04-19global-functions: $CertificateDownload: remove with find...•••... to make sure this does not break when the file does no longer exist. Starting with RouterOS 7.15rc1 the file is automatically removed on import. routeros-7.15rc1-1Gravatar Christian Hesse1-1/+1
2024-04-19netwatch-notify: allow to suppress resolve failureGravatar Christian Hesse2-1/+10
2024-04-19mod/notification-telegram: string protocol for displayGravatar Christian Hesse1-2/+5
2024-04-19mod/notification-matrix: string protocol for displayGravatar Christian Hesse1-2/+4
2024-04-19global-functions: introduce $ProtocolStripGravatar Christian Hesse1-0/+12
2024-04-18mod/notification-matrix: ... and more double escapingGravatar Christian Hesse1-2/+2
2024-04-18mod/notification-matrix: fix double escaping•••That was introduced with 2a232ad2f5eef4b60c97306ef731bc5883bf5cfb when switching to :serialize... Gravatar Christian Hesse1-17/+11
2024-04-15certificate-renew-issued: use single quotesGravatar Christian Hesse1-3/+3
2024-04-15global-functions: $CertificateDownload: use single quotesGravatar Christian Hesse1-2/+2
2024-04-15global-functions: $CertificateAvailable: use single quotesGravatar Christian Hesse1-3/+3
2024-04-15gps-track: use custom user agent stringGravatar Christian Hesse1-3/+4
2024-04-15gps-track: generate JSON with :serializerouteros-7.13-8Gravatar Christian Hesse1-5/+2
2024-04-15mod/notification-matrix: generate JSON with :serializerouteros-7.13-7Gravatar Christian Hesse1-13/+11
2024-04-15mod/notification-matrix: use custom user agent stringGravatar Christian Hesse1-7/+15
2024-04-15mod/notification-ntfy: use custom user agent stringGravatar Christian Hesse1-1/+3
2024-04-15mod/notification-ntfy: support basic auth•••Closes #59 change-127Gravatar Christian Hesse5-4/+20
2024-04-11global-functions: $ScriptFromTerminal: check multiple invocations...•••... and return false. We can not tell which job is us... So better safe than sorry. Gravatar Christian Hesse1-1/+6
2024-04-11global-functions: $ScriptLock: break long linesGravatar Christian Hesse1-2/+5
2024-04-11global-functions: $ScriptLock: degrade message to debugGravatar Christian Hesse1-2/+2
2024-04-10mod/notification-telegram: $SendTelegram: set originGravatar Christian Hesse1-1/+1
2024-04-10mod/notification-ntfy: $SendNtfy: set originGravatar Christian Hesse1-1/+1
2024-04-10mod/notification-matrix: $SendMatrix: set originGravatar Christian Hesse1-1/+1
2024-04-10mod/notification-email: $SendEMail: set originGravatar Christian Hesse1-1/+1
2024-04-10global-functions: $SendNotification: set originGravatar Christian Hesse1-1/+1
2024-04-07global-functions: $HumanReadableNum: indicate binary base...•••... and update scripts to match the change. Gravatar Christian Hesse4-7/+11
2024-04-07global-functions: drop $LogPrintExit2Gravatar Christian Hesse1-22/+0
2024-04-07bump RouterOS requirement for all scripts and modules...•••... now that global-functions requires RouterOS 7.13 anyway. routeros-7.13-6Gravatar Christian Hesse110-104/+116
2024-04-07Merge branch 'fw-addr-lists' into nextGravatar Christian Hesse2-37/+65
2024-04-07fw-addr-lists: break long linesGravatar Christian Hesse1-4/+8
2024-04-07fw-addr-lists: show count of active addressesGravatar Christian Hesse1-0/+1
2024-04-07fw-addr-lists: human readable numbers for countsGravatar Christian Hesse1-2/+4
2024-04-07fw-addr-lists: rework log messages, always include list nameGravatar Christian Hesse1-13/+26
2024-04-07fw-addr-lists: add debug message on successful downloadGravatar Christian Hesse1-0/+3
2024-04-07fw-addr-lists: try with less regexp matchesGravatar Christian Hesse1-8/+15