aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2024-11-27mod/ssh-keys-import: require RouterOS 7.16routeros-7.16-5Gravatar Christian Hesse2-2/+2
Actually the requirement bumped with the change in commits: * 9c945b1a3283bb352707c69630c579cf82484dcb mod/ssh-keys-import: $SSHKeysImportFile: simplify looping lines * 1f526b356121749991fee69cee5a6c728855c8f2 mod/ssh-keys-import: $SSHKeysImport: split with `:deserialize`
2024-11-27fw-addr-lists: require RouterOS 7.16routeros-7.16-4Gravatar Christian Hesse2-2/+2
Actually the requirement bumped with the change in commit: * 084c246ef0cab329fe981732089277fa8398800b fw-addr-lists: simplify looping lines
2024-11-22fw-addr-lists: spamhaus.org returned to 'GTS Root R4'Gravatar Christian Hesse2-3/+3
2024-11-15mode-button: do not act on disabled LEDGravatar Christian Hesse1-1/+2
2024-11-15mode-button: catch runtime errors in executed codeGravatar Christian Hesse1-1/+5
2024-11-15mode-button: fix the caller parameter to $LogPrintGravatar Christian Hesse1-3/+3
This is inside a function, so use just $0 here.
2024-11-14packages-update: drop check for device-mode downgrade...routeros-7.17beta5-1Gravatar Christian Hesse1-6/+0
... as things have been revised and this specific setting was removed.
2024-11-13hotspot-to-wpa-cleanup: revert display of timeout value...Gravatar Christian Hesse3-3/+3
... as the timeout is a time value, and showing "4w00:00:00" (with lots of zeros) is not any better. 😜 This reverts commit f1533b8962bc67d17e9f6b5666ae51ee4d1e1ff4.
2024-11-13hotspot-to-wpa-cleanup: prepare real timeout value in variable...Gravatar Christian Hesse3-6/+6
... to make sure it is not re-calculated for every single lease.
2024-11-12hotspot-to-wpa-cleanup: clean up daily onlyGravatar Christian Hesse3-3/+6
2024-11-12hotspot-to-wpa-cleanup: use the timeout in message...Gravatar Christian Hesse3-3/+3
... not the actual value.
2024-11-12check-routeros-update: always exit early if up to date...Gravatar Christian Hesse1-2/+4
... and just make the output and log dependent on terminal.
2024-11-12check-routeros-update: make invalid version string a warningGravatar Christian Hesse1-1/+1
2024-11-12check-routeros-update: add specific message for empty version stringGravatar Christian Hesse1-0/+5
2024-11-12check-routeros-update: replace hard-coded versionGravatar Christian Hesse1-1/+1
2024-11-08mod/ssh-keys-import: $SSHKeysImport: split with `:deserialize`routeros-7.16-3Gravatar Christian Hesse1-2/+1
2024-11-08mod/ssh-keys-import: $SSHKeysImportFile: let `:deserialize` split the fieldsGravatar Christian Hesse1-6/+3
2024-11-08mod/ssh-keys-import: $SSHKeysImportFile: simplify looping linesrouteros-7.16-2Gravatar Christian Hesse1-5/+4
2024-11-06fw-addr-lists: simplify looping linesrouteros-7.16-1Gravatar Christian Hesse1-4/+3
With `:deserialize` the **record** separator is always a new line. The property `delimiter=` is a **field** reparator, so you can parse a lines into an array. We do not want (or need) that, so use new line as field separator. This will result in an array with just one element, and we use that. Also convert the data to line feed explicitly, just to be sure.
2024-11-02doc/netwatch-dns: link to 'certificate name from browser'Gravatar Christian Hesse2-2/+4
2024-11-02doc/fw-addr-lists: link to 'certificate name from browser'Gravatar Christian Hesse2-3/+8
2024-11-02doc/mod/notification-ntfy: link to 'certificate name from browser'Gravatar Christian Hesse2-0/+6
2024-11-02doc/mod/notification-matrix: link to 'certificate name from browser'Gravatar Christian Hesse2-0/+8
2024-11-02introduce CERTIFICATES, guide to find root certificateGravatar Christian Hesse5-0/+74
2024-10-30global-functions: $CertificateAvailable: fail without CommonNameGravatar Christian Hesse1-0/+5
2024-10-29certs: check cert for matrix.orgGravatar Christian Hesse1-0/+1
2024-10-29doc/mod/notification-matrix: better document certificate importGravatar Christian Hesse1-0/+7
2024-10-25ipv6-update: create a dynamic address-list entry onlyGravatar Christian Hesse2-6/+10
This should make sure that the script runs once after reboot, even if the prefix does not change. An existing static entry needs to be removed to make this work! https://github.com/eworm-de/routeros-scripts/issues/85
2024-10-23ipv6-update: ignore if address was acquiredGravatar Christian Hesse1-0/+6
https://github.com/eworm-de/routeros-scripts/issues/85
2024-10-23fw-addr-lists: spamhaus.org requires 'ISRG Root X1' nowGravatar Christian Hesse2-3/+3
2024-10-23packages-update: check for explicit state...routeros-7.17beta4-2Gravatar Christian Hesse1-3/+1
... as all device-mode properties are given since RouterOS 7.14beta4. Let's assume we do not have to care about RouterOS 7.14beta2 any more... As older versions will not match the check we can now merge right away.
2024-10-22backup-partition: drop warning on lock in device-moderouteros-7.17beta4-1Gravatar Christian Hesse1-8/+0
... as switching partitions is possible again in RouterOS 7.17beta4.
2024-10-10doc/netwatch-notify: fix typo(s)Gravatar Christian Hesse1-3/+3
2024-10-10doc/netwatch-notify: give an extra example for resolving AAAA recordsGravatar Christian Hesse1-1/+6
2024-10-10doc/netwatch-notify: always give a host...Gravatar Christian Hesse1-2/+2
... as that is a required property. Any ip address is fine, it is changed anyway.
2024-10-09backup-partition: log the warning just onceGravatar Christian Hesse1-1/+2
2024-10-02update list of contributorsGravatar Christian Hesse1-0/+1
2024-10-01update list of contributorsGravatar Christian Hesse1-0/+1
2024-10-01mod/notification-ntfy: fix ntfy overridesGravatar Ignacio Serrano1-2/+2
2024-09-30log-forward: get last message from log...Gravatar Christian Hesse1-2/+3
... not only from matched massages.
2024-09-30packages-update: give warning on lock in device-moderouteros-7.17beta2-2Gravatar Christian Hesse1-0/+8
RouterOS 7.17beta2 introduced some extra security measures, including some to prevent downgrade attacks for the installation. Detect early and exit with message and error. https://help.mikrotik.com/docs/display/ROS/Device-mode
2024-09-30backup-partition: give warning on lock in device-moderouteros-7.17beta2-1Gravatar Christian Hesse1-0/+7
RouterOS 7.17beta2 introduced some extra security measures, including some to prevent downgrade attacks for the installation. Thus switching partitions (which can hold quite old installations) is denied by device-mode now by default. Warn about that... https://help.mikrotik.com/docs/display/ROS/Device-mode
2024-09-26global-functions: $CertificateDownload: add another check...Gravatar Christian Hesse1-0/+6
... that the certificate is really available. Turns out that mkcert.org ships certificates where OU or whatever matches - that's not what we want.
2024-09-25hotspot-to-wpa-cleanup: only match access-list with mac-addressGravatar Christian Hesse3-3/+3
2024-09-16check-routeros-update: use $VersionToNum to calculate bitmaskGravatar Christian Hesse1-2/+5
2024-09-13backup-partition: use $VersionToNum to calculate bitmaskGravatar Christian Hesse1-1/+2
2024-09-13global-functions: $VersionToNum: support "zero"...Gravatar Christian Hesse1-1/+2
... to have a clean way to generate bitmasks. [admin@mikrotik] > :put [ $VersionToNum 0.255zero0 ] 16711680 [admin@mikrotik] > :put 0x00ff0000 16711680 Once implemented everywhere the internal calculation could be changed easily.
2024-09-11fw-addr-lists: use lists in JSON format for spamhaus.orgGravatar Christian Hesse1-1/+3
2024-09-11fw-addr-lists: handle JSON format from spamhaus.orgGravatar Christian Hesse1-1/+6
Closes: https://github.com/eworm-de/routeros-scripts/issues/79
2024-09-05netwatch-dns: give warning on CRL useGravatar Christian Hesse1-0/+4
2024-09-04certs: add poor man's check 😜Gravatar Christian Hesse1-0/+31
2024-08-28certs: drop 'Baltimore CyberTrust Root'Gravatar Christian Hesse1-28/+0
2024-08-28fw-addr-lists: drop edrop.txt, which does no longer existGravatar Christian Hesse1-2/+0
2024-08-28fw-addr-lists: spamhaus.org requires 'GTS Root R4' nowGravatar Christian Hesse1-2/+2
Fixes: https://github.com/eworm-de/routeros-scripts/issues/78
2024-08-27certs: drop 'DigiCert Global Root CA'Gravatar Christian Hesse1-29/+0
2024-08-27doc/netwatch-dns: 'DigiCert Global Root G3' for Quad9Gravatar Christian Hesse1-1/+1
2024-08-27certs: add 'DigiCert Global Root G3'...Gravatar Christian Hesse1-0/+22
... for quad9.net which can be used for DoH: $CertificateAvailable "DigiCert Global Root G3"; /ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes;
2024-08-20check-routeros-update: support switching to stable channel...Gravatar Christian Hesse1-0/+9
... with a feature update in testing channel.
2024-08-19netwatch-dns: disable DoH if time not sync...Gravatar Christian Hesse1-0/+8
... as it is possible that time is off, DNS via DoH fails (cert invalid), and finally syncing time fails due to failing DNS.
2024-08-19INITIAL-COMMANDS: match the certificate file name from Let's Encrypt website...Gravatar Christian Hesse1-2/+2
... and our README. 😜
2024-08-19README: match the certificate file name from Let's Encrypt website...Gravatar Christian Hesse2-2/+2
... so import from manually downloaded and transferred file works out of the box as well.
2024-08-19README: make the QR code a linkGravatar Christian Hesse1-1/+1
2024-07-25telegram-chat: drop extra conversionrouteros-7.15-3Gravatar Christian Hesse2-3/+3
The JSON parser was actually fixed in RouterOS 7.15beta4, but let's bump the required version to next stable release instead.
2024-07-25daily-psk: drop workaround for old RouterOSrouteros-7.15-2Gravatar Christian Hesse5-11/+7
2024-07-25netwatch-notify: do not switch type when resolvingrouteros-7.15-1Gravatar Christian Hesse2-3/+4
This requires RouterOS 7.15beta4, but let's bump the required version to next stable release instead.
2024-07-25INITIAL-COMMANDS: drop command to remove certificate file...Gravatar Christian Hesse1-1/+0
... as this is done automatically with RouterOS 7.15rc1 and later.
2024-07-25README: drop command to remove certificate file...Gravatar Christian Hesse2-2/+1
... as this is done automatically with RouterOS 7.15rc1 and later. Not bumping the required RouterOS version (badge) here... Worst thing that can happen is a stale certificate file left on storage.
2024-07-22global-functions: $EitherOr: revert...Gravatar Christian Hesse1-3/+1
... but leave a comment.
2024-07-22global-functions: $EitherOr: pass boolean valueGravatar Christian Hesse1-0/+3
Note that literal "true" or "false" (even without quotes) is converted to string. So you may have to enclose it in parentheses for a boolean value: > :put [ :typeof [ $EitherOr true false ] ]; str > :put [ :typeof [ $EitherOr (true) (false) ] ]; bool
2024-07-16Merge branch 'line-breaks' into nextrouteros-7.14-1Gravatar Christian Hesse123-152/+140
2024-07-16bump RouterOS requirement for all scripts and modules...Gravatar Christian Hesse116-116/+116
... now that global-functions requires RouterOS 7.14 anyway.
2024-07-16mod/ipcalc: use :tocrlfGravatar Christian Hesse2-5/+4
2024-07-16mod/inspectvar: use :tocrlfGravatar Christian Hesse2-4/+3
2024-07-16global-functions: $Unix2Dos: use :tocrlfGravatar Christian Hesse1-6/+1
2024-07-16global-functions: $PrettyPrint: use :tocrlfGravatar Christian Hesse1-5/+1
2024-07-16global-functions: $Dos2Unix: use :tolfGravatar Christian Hesse1-5/+1
2024-07-16global-functions: $ScriptInstallUpdate: support storing with CRLFGravatar Christian Hesse1-1/+3
Adding this in `global-config-overlay` make the scripts being stored with CRLF line breaks: :global ScriptUpdatesCRLF true; Handle with care, I do not recommend it. Thus it's just a hidden setting.
2024-07-16ppp-on-up: support scripts with CRLF line breaksGravatar Christian Hesse1-1/+1
2024-07-16news-and-changes: support scripts with CRLF line breaksGravatar Christian Hesse1-1/+1
2024-07-16capsman-download-packages: support scripts with CRLF line breaksGravatar Christian Hesse3-3/+3
2024-07-16global-functions: $ScriptInstallUpdate: allow CRLF on deviceGravatar Christian Hesse1-1/+2
2024-07-16global-functions: $ScriptInstallUpdate: forcibly convert to LF...Gravatar Christian Hesse1-2/+2
... to make sure we do not have unintended CRLF line breaks.
2024-07-16README: use :tocrlf to convert global-config-overlayGravatar Christian Hesse1-2/+2
2024-07-16doc/mod/ssh-keys-import: drop hint on older RouterOSGravatar Christian Hesse1-5/+1
2024-07-11capsman-download-packages: support running several scripts...Gravatar Christian Hesse3-9/+15
... as it is possible to have more than just one providing the functionality.
2024-07-11capsman-{download-packages,rolling-upgrade}: run matching scriptGravatar Christian Hesse6-6/+6
It is possible to run old and new CAPsMAN on one system simultaneously (... since RouterOS 7.13?). Thus it may make sense to have both variants of these scripts installed, and we have to make sure to run the correct one.
2024-07-10update list of contributorsGravatar Christian Hesse1-0/+1
2024-07-08backup-partition: check that target is inactiveGravatar Christian Hesse1-2/+2
2024-07-08backup-partition: check the fallback partition actually exists...Gravatar Christian Hesse1-8/+16
... and use its id for actions.
2024-07-05backup-partition: rename variableGravatar Christian Hesse1-8/+8
2024-07-04packages-update: run backups before package downloadGravatar Christian Hesse1-26/+26
This reduces memory pressure, especially on device with very limited RAM like mAP with its 64 MB.
2024-07-04global-functions: $MkDir: enable tmpfs if disabledGravatar Christian Hesse1-1/+6
2024-07-02global-functions: $GetMacVendor: cert 'GTS Root R4'Gravatar Christian Hesse2-1/+21
2024-06-25check-certificates: limit scope for $CertNew...Gravatar Christian Hesse1-4/+3
... into block where certificate is replaced. This should unbreak renewing with a certificate updated in place.
2024-06-21global-functions: $CertificateDownload: try fallback to mkcert.orgchange-131Gravatar Christian Hesse2-11/+31
There's a nice API that allows to download certificate by exact common name. Let's use that, as a fallback at least. https://mkcert.org/
2024-06-21Merge branch 'root-certificates' into nextGravatar Christian Hesse36-2456/+334
2024-06-21notify on changes regarding certificateschange-130Gravatar Christian Hesse2-1/+2
2024-06-21certs: DigiCert TLS Hybrid ECC SHA384 2020 CA1 -> DigiCert Global Root CAGravatar Christian Hesse3-175/+30
This is used by Cloudflare DNS Quard9 (9.9.9.9). $CertificateAvailable "DigiCert Global Root CA"; /ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes;
2024-06-21certs: DigiCert Global G2 TLS RSA SHA256 2020 CA1 -> DigiCert Global Root G2Gravatar Christian Hesse3-183/+30
This is used by Cloudflare DNS (1.1.1.1). $CertificateAvailable "DigiCert Global Root G2"; /ip/dns/set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes;
2024-06-21certs: Go Daddy Secure Certificate Authority - G2 -> Go Daddy Root ↵Gravatar Christian Hesse4-180/+32
Certificate Authority - G2
generated by cgit v1.2.3-70-g09d2 (git 2.49.0) at 2025-04-17 10:51:12 +0000