diff options
152 files changed, 3024 insertions, 1398 deletions
@@ -9,5 +9,8 @@ # html files (as generated from markdown) *.html +# checksums file as used by $ScriptInstallUpdate +checksums.json + # Mac OS X folder settings file .DS_Store diff --git a/BRANCHES.md b/BRANCHES.md index 2bacf8e..dc4f4ac 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -4,7 +4,7 @@ Installing from branches [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -13,7 +13,7 @@ Installing from branches > ⚠️ **Warning**: Living on the edge? Great, read on! > If not: Please use the `main` branch and leave this page! -These scripts are developed in a [git](https://git-scm.com/) repository. +These scripts are developed in a [git ↗️](https://git-scm.com/) repository. Development and experimental branches are used to provide early access for specific changes. You can install scripts from these branches for testing. @@ -22,13 +22,13 @@ for testing. To install a single script from `next` branch: - $ScriptInstallUpdate script-name "url-suffix=?h=next"; + $ScriptInstallUpdate script-name "base-url=https://rsc.eworm.de/next/"; ## Switch existing script Alternatively switch an existing script to update from `next` branch: - /system/script/set comment="url-suffix=?h=next" script-name; + /system/script/set comment="base-url=https://rsc.eworm.de/next/" script-name; $ScriptInstallUpdate; ## Switch installation @@ -36,7 +36,7 @@ Alternatively switch an existing script to update from `next` branch: Last but not least - to switch the complete installation to the `next` branch edit `global-config-overlay` and add: - :global ScriptUpdatesUrlSuffix "?h=next"; + :global ScriptUpdatesBaseUrl "https://rsc.eworm.de/next/"; ... then reload the configuration and update: diff --git a/CERTIFICATES.md b/CERTIFICATES.md index 589d480..69d6c18 100644 --- a/CERTIFICATES.md +++ b/CERTIFICATES.md @@ -4,7 +4,7 @@ Certificate name from browser [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -21,7 +21,7 @@ first step of [installation](README.md#the-long-way-in-detail) is importing the certificate. The scripts can install additional certificates when required. This happens -from this repository if available, or from [mkcert.org](https://mkcert.org) +from this repository if available, or from [mkcert.org ↗️](https://mkcert.org) as a fallback. Get the certificate's CommonName @@ -29,7 +29,7 @@ Get the certificate's CommonName But how to determine what certificate may be required? Often easiest way is to use a desktop browser to get that information. This demonstration uses -[Mozilla Firefox](https://www.mozilla.org/firefox/). +[Mozilla Firefox ↗️](https://www.mozilla.org/firefox/). Let's assume we want to make sure the certificate for [git.eworm.de](https://git.eworm.de/) is available. Open that page in the @@ -74,6 +74,7 @@ See also * [Download, import and update firewall address-lists](doc/fw-addr-lists.md) * [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md) +* [Send notifications via Gotify](doc/mod/notification-gotify.md) * [Send notifications via Matrix](doc/mod/notification-matrix.md) * [Send notifications via Ntfy](doc/mod/notification-ntfy.md) diff --git a/CONTRIBUTIONS.md b/CONTRIBUTIONS.md index ed1d6fa..00861c1 100644 --- a/CONTRIBUTIONS.md +++ b/CONTRIBUTIONS.md @@ -4,7 +4,7 @@ Past Contributions [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -21,7 +21,10 @@ for details! * [Ben Harris](mailto:mail@bharr.is) (@bharrisau) * [Daniel Ziegenberg](mailto:daniel@ziegenberg.at) (@ziegenberg) * [Ignacio Serrano](mailto:ignic@ignic.com) (@ignic) +* [Ilya Kulakov](mailto:kulakov.ilya@gmail.com) (@Kentzo) +* [Leonardo David Monteiro](mailto:leo@cub3.xyz) (@leosfsm) * [Michael Gisbers](mailto:michael@gisbers.de) (@mgisbers) +* [Miquel Bonastre](mailto:mbonastre@yahoo.com) (@mbonastre) * @netravnen * [netztrip](mailto:dave-tvg@netztrip.de) (@netztrip) * [Stefan Müller](mailto:stefan.mueller.83@gmail.com) (@PackElend) @@ -29,9 +32,10 @@ for details! ## Donations Add yourself to the list, -[donate with PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)! +[donate with PayPal ↗️](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)! * Abdul Mannan Abbasi +* Alex Maier * Andrea Ruffini Perico * Andrew Cox * Christoph Boss (@Kampfwurst) diff --git a/DEBUG.md b/DEBUG.md new file mode 100644 index 0000000..66bf728 --- /dev/null +++ b/DEBUG.md @@ -0,0 +1,63 @@ +Debug output and logs +===================== + +[](https://github.com/eworm-de/routeros-scripts/stargazers) +[](https://github.com/eworm-de/routeros-scripts/network) +[](https://github.com/eworm-de/routeros-scripts/watchers) +[](https://mikrotik.com/download/changelogs/) +[](https://t.me/routeros_scripts) +[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) + +[⬅️ Go back to main README](README.md) + +Sometimes scripts do not behave as expected. In these cases debug output +or logs can help. + +## Debug output + +Run this command in a terminal: + + :set PrintDebug true; + +You will then see debug output when running the script from terminal. + +To revert to default output run: + + :set PrintDebug false; + +### Debug output for specific script + +Even having debug output for a specific script or function only (or a +set of) is possible. To enable debug output for `telegram-chat` run: + + :set ($PrintDebugOverride->"telegram-chat") true; + +## Debug logs + +The debug info can go to system log. To make it show up in `memory` run: + + /system/logging/add topics=script,debug action=memory; + +Other actions (`disk`, `email`, `remote` or `support`) can be used as +well. I do not recommend using `echo` - use [debug output](#debug-output) +instead. + +Disable or remove that setting to restore regular logging. + +## Verbose output + +Specific scripts can generate huge amount of output. These do use a function +`$LogPrintVerbose`, which is declared, but has no code, intentionally. + +If you *really* want that output set the function to be the same as +`$LogPrint`: + + :set LogPrintVerbose $LogPrint; + +To revert that change just run: + + :set LogPrintVerbose; + +--- +[⬅️ Go back to main README](README.md) +[⬆️ Go back to top](#top) diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index 84a88fe..40f609b 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -4,36 +4,52 @@ Initial commands [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) [⬅️ Go back to main README](README.md) -> ⚠️ **Warning**: These command are inteneded for initial setup. If you are +> ⚠️ **Warning**: These commands are intended for initial setup. If you are > not aware of the procedure please follow > [the long way in detail](README.md#the-long-way-in-detail). Run the complete base installation: { - /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem" as-value; - :delay 1s; - /certificate/import file-name=isrg-root-x2.pem passphrase=""; - :if ([ :len [ /certificate/find where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 1) do={ - :error "Something is wrong with your certificates!"; + :local BaseUrl "https://git.eworm.de/cgit/routeros-scripts/plain/"; + :local CertCommonName "ISRG Root X2"; + :local CertFileName "ISRG-Root-X2.pem"; + :local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; + + :if (!(([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \ + [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={ + :put "Importing certificate..."; + /tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value; + :delay 1s; + /certificate/import file-name=$CertFileName passphrase=""; + :if ([ :len [ /certificate/find where fingerprint=$CertFingerprint ] ] != 1) do={ + :error "Something is wrong with your certificates!"; + }; + :delay 1s; }; - :delay 1s; + :put "Renaming global-config-overlay, if exists..."; /system/script/set name=("global-config-overlay-" . [ /system/clock/get date ] . "-" . [ /system/clock/get time ]) [ find where name="global-config-overlay" ]; :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ + :put "Installing $Script..."; /system/script/remove [ find where name=$Script ]; - /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data"); + /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ($BaseUrl . $Script . ".rsc") output=user as-value]->"data"); }; + :put "Loading configuration and functions..."; /system/script { run global-config; run global-functions; }; + :put "Scheduling to load configuration and functions..."; /system/scheduler/remove [ find where name="global-scripts" ]; /system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }"; - :global CertificateNameByCN; - $CertificateNameByCN "ISRG Root X2"; + :if ([ :len [ /certificate/find where fingerprint=$CertFingerprint ] ] > 0) do={ + :put "Renaming certificate by its common-name..."; + :global CertificateNameByCN; + $CertificateNameByCN $CertFingerprint; + }; }; Then continue setup with @@ -9,7 +9,7 @@ WIFI = $(wildcard *.wifi.rsc) MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md) HTML = $(MARKDOWN:.md=.html) -all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) +all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json %.html: %.md Makefile markdown $< | sed 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' > $@ @@ -32,5 +32,8 @@ all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ < $< > $@ +checksums.json: contrib/checksums.sh *.rsc */*.rsc + contrib/checksums.sh + clean: - rm -f $(HTML) + rm -f $(HTML) checksums.json @@ -4,19 +4,20 @@ RouterOS Scripts [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)  -[RouterOS](https://mikrotik.com/software) is the operating system developed -by [MikroTik](https://mikrotik.com/aboutus) for networking tasks. This -repository holds a number of [scripts](https://wiki.mikrotik.com/wiki/Manual:Scripting) +[RouterOS ↗️](https://mikrotik.com/software) is the operating system developed +by [MikroTik ↗️](https://mikrotik.com/aboutus) for networking tasks. This +repository holds a number of [scripts ↗️](https://wiki.mikrotik.com/wiki/Manual:Scripting) to manage RouterOS devices or extend their functionality. *Use at your own risk*, pay attention to -[license and warranty](#license-and-warranty)! +[license and warranty](#license-and-warranty), and +[disclaimer on external links](#disclaimer-on-external-links)! Requirements ------------ @@ -34,6 +35,12 @@ Specific scripts may require even newer RouterOS version. > ℹ️ **Info**: The `main` branch is now RouterOS v7 only. If you are still > running RouterOS v6 switch to `routeros-v6` branch! +Starting with RouterOS 7.17 the +[device-mode ↗️](https://help.mikrotik.com/docs/spaces/ROS/pages/93749258/Device-mode) +has been extended to give more fine-grained control over what features are +available. You need to enable `scheduler` and `fetch` at least, specific +scripts may require additional features. + ### Hardware RouterOS packages increase in size with each release. This becomes a @@ -55,9 +62,9 @@ First time users should take the long way below. ### Live presentation Want to see it in action? I've had a presentation [Repository based -RouterOS script distribution](https://www.youtube.com/watch?v=B9neG3oAhcY) +RouterOS script distribution ↗️](https://www.youtube.com/watch?v=B9neG3oAhcY) including demonstation recorded live at [MUM Europe -2019](https://mum.mikrotik.com/2019/EU/) in Vienna. +2019 ↗️](https://mum.mikrotik.com/2019/EU/) in Vienna. > ⚠️ **Warning**: Some details changed. So see the presentation, then follow > the steps below for up-to-date commands. @@ -65,7 +72,15 @@ including demonstation recorded live at [MUM Europe ### The long way in detail The update script does server certificate verification, so first step is to -download the certificates. If you intend to download the scripts from a +download the certificates. + +> 💡️ **Hint**: RouterOS 7.19 comes with a builtin certificate store. You +> can skip the steps regarding certificate download and import and jump +> to [installation of scripts](#installation-of-scripts) if you set the +> trust for these builtin trust anchors: +> `/certificate/settings/set builtin-trust-anchors=trusted;` + +If you intend to download the scripts from a different location (for example from github.com) install the corresponding certificate chain. @@ -77,11 +92,11 @@ Note that the commands above do *not* verify server certificate, so if you want to be safe download with your workstations's browser and transfer the file to your MikroTik device. -* [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem) +* [ISRG Root X2 ↗️](https://letsencrypt.org/certs/isrg-root-x2.pem) Then we import the certificate. - /certificate/import file-name=isrg-root-x2.pem passphrase=""; + /certificate/import file-name="isrg-root-x2.pem" passphrase=""; Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase. @@ -99,6 +114,8 @@ is shown. Always make sure there are no certificates installed you do not know or want! +#### Installation of scripts + All following commands will verify the server certificate. For validity the certificate's lifetime is checked with local time, so make sure the device's date and time is set correctly! @@ -116,6 +133,9 @@ And finally load configuration and functions and add the scheduler.  +> 💡️ **Hint**: You see complaints regarding syntax errors? Most likely the +> RouterOS on your device is too old. Check for updates! + ### Scheduled automatic updates The last step is optional: Add this scheduler **only** if you want the @@ -185,7 +205,7 @@ Scheduler and events -------------------- Most scripts are designed to run regularly from -[scheduler](https://wiki.mikrotik.com/wiki/Manual:System/Scheduler). We just +[scheduler ↗️](https://wiki.mikrotik.com/wiki/Manual:System/Scheduler). We just added `check-routeros-update`, so let's run it daily to make sure not to miss an update. @@ -208,60 +228,62 @@ There's much more to explore... Have fun! Available scripts ----------------- -* [Find and remove access list duplicates](doc/accesslist-duplicates.md) -* [Upload backup to Mikrotik cloud](doc/backup-cloud.md) -* [Send backup via e-mail](doc/backup-email.md) -* [Save configuration to fallback partition](doc/backup-partition.md) -* [Upload backup to server](doc/backup-upload.md) -* [Download packages for CAP upgrade from CAPsMAN](doc/capsman-download-packages.md) -* [Run rolling CAP upgrades from CAPsMAN](doc/capsman-rolling-upgrade.md) -* [Renew locally issued certificates](doc/certificate-renew-issued.md) -* [Renew certificates and notify on expiration](doc/check-certificates.md) -* [Notify about health state](doc/check-health.md) -* [Notify on LTE firmware upgrade](doc/check-lte-firmware-upgrade.md) -* [Notify on RouterOS update](doc/check-routeros-update.md) -* [Collect MAC addresses in wireless access list](doc/collect-wireless-mac.md) -* [Use wireless network with daily psk](doc/daily-psk.md) -* [Comment DHCP leases with info from access list](doc/dhcp-lease-comment.md) -* [Create DNS records for DHCP leases](doc/dhcp-to-dns.md) -* [Automatically upgrade firmware and reboot](doc/firmware-upgrade-reboot.md) -* [Download, import and update firewall address-lists](doc/fw-addr-lists.md) -* [Wait for global functions und modules](doc/global-wait.md) -* [Send GPS position to server](doc/gps-track.md) -* [Use WPA network with hotspot credentials](doc/hotspot-to-wpa.md) -* [Create DNS records for IPSec peers](doc/ipsec-to-dns.md) -* [Update configuration on IPv6 prefix change](doc/ipv6-update.md) -* [Manage IP addresses with bridge status](doc/ip-addr-bridge.md) -* [Run other scripts on DHCP lease](doc/lease-script.md) -* [Manage LEDs dark mode](doc/leds-mode.md) -* [Forward log messages via notification](doc/log-forward.md) -* [Mode button with multiple presses](doc/mode-button.md) -* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md) -* [Notify on host up and down](doc/netwatch-notify.md) -* [Visualize OSPF state via LEDs](doc/ospf-to-leds.md) -* [Manage system update](doc/packages-update.md) -* [Run scripts on ppp connection](doc/ppp-on-up.md) -* [Act on received SMS](doc/sms-action.md) -* [Forward received SMS](doc/sms-forward.md) -* [Play Super Mario theme](doc/super-mario-theme.md) -* [Chat with your router and send commands via Telegram bot](doc/telegram-chat.md) -* [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md) -* [Update GRE configuration with dynamic addresses](doc/update-gre-address.md) -* [Update tunnelbroker configuration](doc/update-tunnelbroker.md) +* [Find and remove access list duplicates](doc/accesslist-duplicates.md) (`accesslist-duplicates`) +* [Upload backup to Mikrotik cloud](doc/backup-cloud.md) (`backup-cloud`) +* [Send backup via e-mail](doc/backup-email.md) (`backup-email`) +* [Save configuration to fallback partition](doc/backup-partition.md) (`backup-partition`) +* [Upload backup to server](doc/backup-upload.md) (`backup-upload`) +* [Download packages for CAP upgrade from CAPsMAN](doc/capsman-download-packages.md) (`capsman-download-packages`) +* [Run rolling CAP upgrades from CAPsMAN](doc/capsman-rolling-upgrade.md) (`capsman-rolling-upgrade`) +* [Renew locally issued certificates](doc/certificate-renew-issued.md) (`certificate-renew-issued`) +* [Renew certificates and notify on expiration](doc/check-certificates.md) (`check-certificates`) +* [Notify about health state](doc/check-health.md) (`check-health`) +* [Notify on LTE firmware upgrade](doc/check-lte-firmware-upgrade.md) (`check-lte-firmware-upgrade`) +* [Check perpetual license on CHR](doc/check-perpetual-license.md) (`check-perpetual-license`) +* [Notify on RouterOS update](doc/check-routeros-update.md) (`check-routeros-update`) +* [Collect MAC addresses in wireless access list](doc/collect-wireless-mac.md) (`collect-wireless-mac`) +* [Use wireless network with daily psk](doc/daily-psk.md) (`daily-psk`) +* [Comment DHCP leases with info from access list](doc/dhcp-lease-comment.md) (`dhcp-lease-comment`) +* [Create DNS records for DHCP leases](doc/dhcp-to-dns.md) (`dhcp-to-dns`) +* [Automatically upgrade firmware and reboot](doc/firmware-upgrade-reboot.md) (`firmware-upgrade-reboot`) +* [Download, import and update firewall address-lists](doc/fw-addr-lists.md) (`fw-addr-lists`) +* [Wait for global functions und modules](doc/global-wait.md) (`global-wait`) +* [Send GPS position to server](doc/gps-track.md) (`gps-track`) +* [Use WPA network with hotspot credentials](doc/hotspot-to-wpa.md) (`hotspot-to-wpa` & `hotspot-to-wpa-cleanup`) +* [Create DNS records for IPSec peers](doc/ipsec-to-dns.md) (`ipsec-to-dns`) +* [Update configuration on IPv6 prefix change](doc/ipv6-update.md) (`ipv6-update`) +* [Manage IP addresses with bridge status](doc/ip-addr-bridge.md) (`ip-addr-bridge`) +* [Run other scripts on DHCP lease](doc/lease-script.md) (`lease-script`) +* [Manage LEDs dark mode](doc/leds-mode.md) (`leds-day-mode`, `leds-night-mode` & `leds-toggle-mode`) +* [Forward log messages via notification](doc/log-forward.md) (`log-forward`) +* [Mode button with multiple presses](doc/mode-button.md) (`mode-button`) +* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md) (`netwatch-dns`) +* [Notify on host up and down](doc/netwatch-notify.md) (`netwatch-notify`) +* [Visualize OSPF state via LEDs](doc/ospf-to-leds.md) (`ospf-to-leds`) +* [Manage system update](doc/packages-update.md) (`packages-update`) +* [Run scripts on ppp connection](doc/ppp-on-up.md) (`ppp-on-up`) +* [Act on received SMS](doc/sms-action.md) (`sms-action`) +* [Forward received SMS](doc/sms-forward.md) (`sms-forward`) +* [Play Super Mario theme](doc/super-mario-theme.md) (`super-mario-theme`) +* [Chat with your router and send commands via Telegram bot](doc/telegram-chat.md) (`telegram-chat`) +* [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md) (`unattended-lte-firmware-upgrade`) +* [Update GRE configuration with dynamic addresses](doc/update-gre-address.md) (`update-gre-address`) +* [Update tunnelbroker configuration](doc/update-tunnelbroker.md) (`update-tunnelbroker`) Available modules ----------------- -* [Manage ports in bridge](doc/mod/bridge-port-to.md) -* [Manage VLANs on bridge ports](doc/mod/bridge-port-vlan.md) -* [Inspect variables](doc/mod/inspectvar.md) -* [IP address calculation](doc/mod/ipcalc.md) -* [Send notifications via e-mail](doc/mod/notification-email.md) -* [Send notifications via Matrix](doc/mod/notification-matrix.md) -* [Send notifications via Ntfy](doc/mod/notification-ntfy.md) -* [Send notifications via Telegram](doc/mod/notification-telegram.md) -* [Download script and run it once](doc/mod/scriptrunonce.md) -* [Import ssh keys for public key authentication](doc/mod/ssh-keys-import.md) +* [Manage ports in bridge](doc/mod/bridge-port-to.md) (`mod/bridge-port-to`) +* [Manage VLANs on bridge ports](doc/mod/bridge-port-vlan.md) (`mod/bridge-port-vlan`) +* [Inspect variables](doc/mod/inspectvar.md) (`mod/inspectvar`) +* [IP address calculation](doc/mod/ipcalc.md) (`mod/ipcalc`) +* [Send notifications via e-mail](doc/mod/notification-email.md) (`mod/notification-email`) +* [Send notifications via Gotify](doc/mod/notification-gotify.md) (`mod/notification-gotify`) +* [Send notifications via Matrix](doc/mod/notification-matrix.md) (`mod/notification-matrix`) +* [Send notifications via Ntfy](doc/mod/notification-ntfy.md) (`mod/notification-ntfy`) +* [Send notifications via Telegram](doc/mod/notification-telegram.md) (`mod/notification-telegram`) +* [Download script and run it once](doc/mod/scriptrunonce.md) (`mod/scriptrunonce`) +* [Import ssh keys for public key authentication](doc/mod/ssh-keys-import.md) (`mod/ssh-keys-import`) Installing custom scripts & modules ----------------------------------- @@ -318,7 +340,7 @@ Possibly a scheduler and other configuration has to be removed as well. Contact ------- -We have a Telegram Group [RouterOS-Scripts](https://t.me/routeros_scripts)! +We have a Telegram Group [RouterOS-Scripts ↗️](https://t.me/routeros_scripts)! [](https://t.me/routeros_scripts) @@ -342,7 +364,7 @@ at github. This project is developed in private spare time and usage is free of charge for you. If you like the scripts and think this is of value for you or your business please consider to -[donate with PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J). +[donate with PayPal ↗️](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J). [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -361,6 +383,21 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the [GNU General Public License](COPYING.md) for more details. +Disclaimer on external links +---------------------------- + +Our website contains links to the websites of third parties ("external +links"). As the content of these websites is not under our control, we +cannot assume any liability for such external content. In all cases, the +provider of information of the linked websites is liable for the content +and accuracy of the information provided. At the point in time when the +links were placed, no infringements of the law were recognisable to us. +As soon as an infringement of the law becomes known to us, we will +immediately remove the link in question. + +> 💡️ **Hint**: All external links are marked with an arrow pointing +> diagonally in an up-right (or north-east) direction (↗️). + Upstream -------- diff --git a/accesslist-duplicates.capsman.rsc b/accesslist-duplicates.capsman.rsc index d6e2928..5e6cf0a 100644 --- a/accesslist-duplicates.capsman.rsc +++ b/accesslist-duplicates.capsman.rsc @@ -1,19 +1,20 @@ #!rsc by RouterOS # RouterOS script: accesslist-duplicates.capsman -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # print duplicate antries in wireless access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md +# https://rsc.eworm.de/doc/accesslist-duplicates.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :local Seen ({}); @@ -31,4 +32,6 @@ } :set ($Seen->$Mac) 1; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/accesslist-duplicates.local.rsc b/accesslist-duplicates.local.rsc index e90842d..a6b4f41 100644 --- a/accesslist-duplicates.local.rsc +++ b/accesslist-duplicates.local.rsc @@ -1,19 +1,20 @@ #!rsc by RouterOS # RouterOS script: accesslist-duplicates.local -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # print duplicate antries in wireless access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md +# https://rsc.eworm.de/doc/accesslist-duplicates.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :local Seen ({}); @@ -31,4 +32,6 @@ } :set ($Seen->$Mac) 1; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/accesslist-duplicates.template.rsc b/accesslist-duplicates.template.rsc index d275340..e51198d 100644 --- a/accesslist-duplicates.template.rsc +++ b/accesslist-duplicates.template.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: accesslist-duplicates%TEMPL% -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # print duplicate antries in wireless access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md +# https://rsc.eworm.de/doc/accesslist-duplicates.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :local Seen ({}); @@ -40,4 +41,6 @@ } :set ($Seen->$Mac) 1; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/accesslist-duplicates.wifi.rsc b/accesslist-duplicates.wifi.rsc index f4dae4b..cadacb6 100644 --- a/accesslist-duplicates.wifi.rsc +++ b/accesslist-duplicates.wifi.rsc @@ -1,19 +1,20 @@ #!rsc by RouterOS # RouterOS script: accesslist-duplicates.wifi -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # print duplicate antries in wireless access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md +# https://rsc.eworm.de/doc/accesslist-duplicates.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :local Seen ({}); @@ -31,4 +32,6 @@ } :set ($Seen->$Mac) 1; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/backup-cloud.rsc b/backup-cloud.rsc index f70752e..e41db27 100644 --- a/backup-cloud.rsc +++ b/backup-cloud.rsc @@ -1,18 +1,19 @@ #!rsc by RouterOS # RouterOS script: backup-cloud -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: backup-script, order=40 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # upload backup to MikroTik cloud -# https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-cloud.md +# https://rsc.eworm.de/doc/backup-cloud.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global BackupRandomDelay; @@ -25,6 +26,7 @@ :global LogPrint; :global MkDir; :global RandomDelay; + :global RmDir; :global ScriptFromTerminal; :global ScriptLock; :global SendNotification2; @@ -34,8 +36,17 @@ :if ([ $ScriptLock $ScriptName ] = false) do={ :set PackagesUpdateBackupFailure true; + :set ExitOK true; + :error false; + } + + :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Running from backup partition, refusing to act."); + :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } + $WaitFullyConnected; :if ([ $ScriptFromTerminal $ScriptName ] = false && $BackupRandomDelay > 0) do={ @@ -44,6 +55,7 @@ :if ([ $MkDir ("tmpfs/backup-cloud") ] = false) do={ $LogPrint error $ScriptName ("Failed creating directory!"); + :set ExitOK true; :error false; } @@ -86,5 +98,7 @@ $LogPrint error $ScriptName ("Failed uploading backup for " . $Identity . " to cloud!"); :set PackagesUpdateBackupFailure true; } - /file/remove "tmpfs/backup-cloud"; -} on-error={ } + $RmDir "tmpfs/backup-cloud"; +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/backup-email.rsc b/backup-email.rsc index e507c6e..8015bea 100644 --- a/backup-email.rsc +++ b/backup-email.rsc @@ -1,18 +1,19 @@ #!rsc by RouterOS # RouterOS script: backup-email -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: backup-script, order=20 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # create and email backup and config file -# https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-email.md +# https://rsc.eworm.de/doc/backup-email.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global BackupPassword; @@ -26,6 +27,7 @@ :global CleanName; :global DeviceInfo; + :global FileExists; :global FormatLine; :global LogPrint; :global MkDir; @@ -39,19 +41,30 @@ :if ([ :typeof $SendEMail2 ] = "nothing") do={ $LogPrint error $ScriptName ("The module for sending notifications via e-mail is not installed."); + :set ExitOK true; :error false; } :if ($BackupSendBinary != true && \ $BackupSendExport != true) do={ $LogPrint error $ScriptName ("Configured to send neither backup nor config export."); + :set ExitOK true; :error false; } :if ([ $ScriptLock $ScriptName ] = false) do={ :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } + + :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Running from backup partition, refusing to act."); + :set PackagesUpdateBackupFailure true; + :set ExitOK true; + :error false; + } + $WaitFullyConnected; :if ([ $ScriptFromTerminal $ScriptName ] = false && $BackupRandomDelay > 0) do={ @@ -69,6 +82,7 @@ :if ([ $MkDir $DirName ] = false) do={ $LogPrint error $ScriptName ("Failed creating directory!"); + :set ExitOK true; :error false; } @@ -111,14 +125,19 @@ attach=$Attach; remove-attach=true }); # wait for the mail to be sent - :local I 0; - :while ([ :len [ /file/find where name ~ ($FilePath . "\\.(backup|rsc)\$") ] ] > 0) do={ - :if ($I >= 120) do={ - $LogPrint warning $ScriptName ("Files are still available, sending e-mail failed."); - :set PackagesUpdateBackupFailure true; - :error false; - } - :delay 1s; - :set I ($I + 1); + :do { + :retry { + :if ([ $FileExists ($FilePath . ".conf") ".conf file" ] = true || \ + [ $FileExists ($FilePath . ".backup") "backup" ] = true || \ + [ $FileExists ($FilePath . ".rsc") "script" ] = true) do={ + :error "Files are still available."; + } + } delay=1s max=120; + } on-error={ + $LogPrint warning $ScriptName ("Files are still available, sending e-mail failed."); + :set PackagesUpdateBackupFailure true; } -} on-error={ } + # do not remove the files here, as the mail is still queued! +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/backup-partition.rsc b/backup-partition.rsc index 51df454..ae7ad03 100644 --- a/backup-partition.rsc +++ b/backup-partition.rsc @@ -1,18 +1,20 @@ #!rsc by RouterOS # RouterOS script: backup-partition -# Copyright (c) 2022-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2022-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: backup-script, order=70 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, scheduler # # save configuration to fallback partition -# https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-partition.md +# https://rsc.eworm.de/doc/backup-partition.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global BackupPartitionCopyBeforeFeatureUpdate; @@ -30,24 +32,34 @@ :global LogPrint; - :do { + :onerror Err { /partitions/copy-to $FallbackTo; $LogPrint info $ScriptName ("Copied RouterOS to partition '" . $FallbackToName . "'."); - :return true; - } on-error={ - $LogPrint error $ScriptName ("Failed copying RouterOS to partition '" . $FallbackToName . "'!"); + } do={ + $LogPrint error $ScriptName ("Failed copying RouterOS to partition '" . \ + $FallbackToName . "': " . $Err); :return false; } + :return true; } :if ([ $ScriptLock $ScriptName ] = false) do={ :set PackagesUpdateBackupFailure true; + :set ExitOK true; + :error false; + } + + :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Running from backup partition, refusing to act."); + :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } :if ([ :len [ /partitions/find ] ] < 2) do={ $LogPrint error $ScriptName ("Device does not have a fallback partition."); :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } @@ -56,6 +68,7 @@ :if ([ :len $ActiveRunning ] < 1) do={ $LogPrint error $ScriptName ("Device is not running from active partition."); :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } @@ -65,6 +78,7 @@ :if ([ :len $FallbackTo ] < 1) do={ $LogPrint error $ScriptName ("There is no inactive partition named '" . $FallbackToName . "'."); :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } @@ -74,6 +88,7 @@ :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={ :if ([ $CopyTo $ScriptName $FallbackTo $FallbackToName ] = false) do={ :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } } @@ -86,23 +101,28 @@ ($NumInstalled & $BitMask) != ($NumLatest & $BitMask)) do={ :if ([ $CopyTo $ScriptName $FallbackTo $FallbackToName ] = false) do={ :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } } } } - :do { + :onerror Err { /system/scheduler/add start-time=startup name="running-from-backup-partition" \ on-event=(":log warning (\"Running from partition '\" . " . \ "[ /partitions/get [ find where running ] name ] . \"'!\")"); /partitions/save-config-to $FallbackTo; /system/scheduler/remove "running-from-backup-partition"; $LogPrint info $ScriptName ("Saved configuration to partition '" . $FallbackToName . "'."); - } on-error={ + } do={ /system/scheduler/remove [ find where name="running-from-backup-partition" ]; - $LogPrint error $ScriptName ("Failed saving configuration to partition '" . $FallbackToName . "'!"); + $LogPrint error $ScriptName ("Failed saving configuration to partition '" . \ + $FallbackToName . "': " . $Err); :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/backup-upload.rsc b/backup-upload.rsc index 8d96eba..e6b9f92 100644 --- a/backup-upload.rsc +++ b/backup-upload.rsc @@ -1,18 +1,20 @@ #!rsc by RouterOS # RouterOS script: backup-upload -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: backup-script, order=50 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch # # create and upload backup and config file -# https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-upload.md +# https://rsc.eworm.de/doc/backup-upload.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global BackupPassword; @@ -33,6 +35,8 @@ :global LogPrint; :global MkDir; :global RandomDelay; + :global RmDir; + :global RmFile; :global ScriptFromTerminal; :global ScriptLock; :global SendNotification2; @@ -43,13 +47,23 @@ :if ($BackupSendBinary != true && \ $BackupSendExport != true) do={ $LogPrint error $ScriptName ("Configured to send neither backup nor config export."); + :set ExitOK true; :error false; } :if ([ $ScriptLock $ScriptName ] = false) do={ :set PackagesUpdateBackupFailure true; + :set ExitOK true; + :error false; + } + + :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Running from backup partition, refusing to act."); + :set PackagesUpdateBackupFailure true; + :set ExitOK true; :error false; } + $WaitFullyConnected; :if ([ $ScriptFromTerminal $ScriptName ] = false && $BackupRandomDelay > 0) do={ @@ -67,6 +81,7 @@ :if ([ $MkDir $DirName ] = false) do={ $LogPrint error $ScriptName ("Failed creating directory!"); + :set ExitOK true; :error false; } @@ -75,18 +90,18 @@ /system/backup/save encryption=aes-sha256 name=$FilePath password=$BackupPassword; $WaitForFile ($FilePath . ".backup"); - :do { + :onerror Err { /tool/fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".backup") \ user=$BackupUploadUser password=$BackupUploadPass src-path=($FilePath . ".backup"); :set BackupFile [ /file/get ($FilePath . ".backup") ]; :set ($BackupFile->"name") ($FileName . ".backup"); - } on-error={ - $LogPrint error $ScriptName ("Uploading backup file failed!"); + } do={ + $LogPrint error $ScriptName ("Uploading backup file failed: " . $Err); :set BackupFile "failed"; :set Failed 1; } - /file/remove ($FilePath . ".backup"); + $RmFile ($FilePath . ".backup"); } # create configuration export @@ -94,18 +109,18 @@ /export terse show-sensitive file=$FilePath; $WaitForFile ($FilePath . ".rsc"); - :do { + :onerror Err { /tool/fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".rsc") \ user=$BackupUploadUser password=$BackupUploadPass src-path=($FilePath . ".rsc"); :set ExportFile [ /file/get ($FilePath . ".rsc") ]; :set ($ExportFile->"name") ($FileName . ".rsc"); - } on-error={ - $LogPrint error $ScriptName ("Uploading configuration export failed!"); + } do={ + $LogPrint error $ScriptName ("Uploading configuration export failed: " . $Err); :set ExportFile "failed"; :set Failed 1; } - /file/remove ($FilePath . ".rsc"); + $RmFile ($FilePath . ".rsc"); } # global-config-overlay @@ -115,18 +130,18 @@ file=($FilePath . ".conf\00"); $WaitForFile ($FilePath . ".conf"); - :do { + :onerror Err { /tool/fetch upload=yes url=($BackupUploadUrl . "/" . $FileName . ".conf") \ user=$BackupUploadUser password=$BackupUploadPass src-path=($FilePath . ".conf"); :set ConfigFile [ /file/get ($FilePath . ".conf") ]; :set ($ConfigFile->"name") ($FileName . ".conf"); - } on-error={ - $LogPrint error $ScriptName ("Uploading global-config-overlay failed!"); + } do={ + $LogPrint error $ScriptName ("Uploading global-config-overlay failed: " . $Err); :set ConfigFile "failed"; :set Failed 1; } - /file/remove ($FilePath . ".conf"); + $RmFile ($FilePath . ".conf"); } :local FileInfo do={ @@ -157,5 +172,7 @@ :if ($Failed = 1) do={ :set PackagesUpdateBackupFailure true; } - /file/remove $DirName; -} on-error={ } + $RmDir $DirName; +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/capsman-download-packages.capsman.rsc b/capsman-download-packages.capsman.rsc index f2ff024..2ea1667 100644 --- a/capsman-download-packages.capsman.rsc +++ b/capsman-download-packages.capsman.rsc @@ -1,30 +1,34 @@ #!rsc by RouterOS # RouterOS script: capsman-download-packages.capsman -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # download and cleanup packages for CAP installation from CAPsMAN -# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md +# https://rsc.eworm.de/doc/capsman-download-packages.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CleanFilePath; :global DownloadPackage; + :global FileGet; :global LogPrint; :global MkDir; + :global RmFile; :global ScriptLock; :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -35,20 +39,22 @@ :if ([ :len $PackagePath ] = 0) do={ $LogPrint warning $ScriptName ("The CAPsMAN package path is not defined, can not download packages."); + :set ExitOK true; :error false; } - :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={ + :if ([ $FileGet $PackagePath ] = false) do={ :if ([ $MkDir $PackagePath ] = false) do={ $LogPrint warning $ScriptName ("Creating directory at CAPsMAN package path (" . \ $PackagePath . ") failed!"); + :set ExitOK true; :error false; } $LogPrint info $ScriptName ("Created directory at CAPsMAN package path (" . $PackagePath . \ "). Please place your packages!"); } - :foreach Package in=[ /file/find where type=package \ + :foreach Package in=[ /file/find where type="package" \ package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={ :local File [ /file/get $Package ]; :if ($File->"package-architecture" = "mips") do={ @@ -57,11 +63,11 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - /file/remove $Package; + $RmFile ($File->"name"); } } - :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={ + :if ([ :len [ /file/find where type="package" name~("^" . $PackagePath) ] ] = 0) do={ $LogPrint info $ScriptName ("No packages available, downloading default set."); :foreach Arch in={ "arm"; "mipsbe" } do={ :foreach Package in={ "routeros"; "wireless" } do={ @@ -82,4 +88,6 @@ /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ]; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc index ad9b926..f95212a 100644 --- a/capsman-download-packages.template.rsc +++ b/capsman-download-packages.template.rsc @@ -1,31 +1,35 @@ #!rsc by RouterOS # RouterOS script: capsman-download-packages%TEMPL% -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # download and cleanup packages for CAP installation from CAPsMAN -# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md +# https://rsc.eworm.de/doc/capsman-download-packages.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CleanFilePath; :global DownloadPackage; + :global FileGet; :global LogPrint; :global MkDir; + :global RmFile; :global ScriptLock; :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -37,20 +41,22 @@ :if ([ :len $PackagePath ] = 0) do={ $LogPrint warning $ScriptName ("The CAPsMAN package path is not defined, can not download packages."); + :set ExitOK true; :error false; } - :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={ + :if ([ $FileGet $PackagePath ] = false) do={ :if ([ $MkDir $PackagePath ] = false) do={ $LogPrint warning $ScriptName ("Creating directory at CAPsMAN package path (" . \ $PackagePath . ") failed!"); + :set ExitOK true; :error false; } $LogPrint info $ScriptName ("Created directory at CAPsMAN package path (" . $PackagePath . \ "). Please place your packages!"); } - :foreach Package in=[ /file/find where type=package \ + :foreach Package in=[ /file/find where type="package" \ package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={ :local File [ /file/get $Package ]; :if ($File->"package-architecture" = "mips") do={ @@ -59,11 +65,11 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - /file/remove $Package; + $RmFile ($File->"name"); } } - :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={ + :if ([ :len [ /file/find where type="package" name~("^" . $PackagePath) ] ] = 0) do={ $LogPrint info $ScriptName ("No packages available, downloading default set."); # NOT /interface/wifi/ # :foreach Arch in={ "arm"; "mipsbe" } do={ @@ -93,4 +99,6 @@ /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ]; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc index 056136f..03fd9e7 100644 --- a/capsman-download-packages.wifi.rsc +++ b/capsman-download-packages.wifi.rsc @@ -1,30 +1,34 @@ #!rsc by RouterOS # RouterOS script: capsman-download-packages.wifi -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # download and cleanup packages for CAP installation from CAPsMAN -# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md +# https://rsc.eworm.de/doc/capsman-download-packages.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CleanFilePath; :global DownloadPackage; + :global FileGet; :global LogPrint; :global MkDir; + :global RmFile; :global ScriptLock; :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -35,20 +39,22 @@ :if ([ :len $PackagePath ] = 0) do={ $LogPrint warning $ScriptName ("The CAPsMAN package path is not defined, can not download packages."); + :set ExitOK true; :error false; } - :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={ + :if ([ $FileGet $PackagePath ] = false) do={ :if ([ $MkDir $PackagePath ] = false) do={ $LogPrint warning $ScriptName ("Creating directory at CAPsMAN package path (" . \ $PackagePath . ") failed!"); + :set ExitOK true; :error false; } $LogPrint info $ScriptName ("Created directory at CAPsMAN package path (" . $PackagePath . \ "). Please place your packages!"); } - :foreach Package in=[ /file/find where type=package \ + :foreach Package in=[ /file/find where type="package" \ package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={ :local File [ /file/get $Package ]; :if ($File->"package-architecture" = "mips") do={ @@ -57,11 +63,11 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - /file/remove $Package; + $RmFile ($File->"name"); } } - :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={ + :if ([ :len [ /file/find where type="package" name~("^" . $PackagePath) ] ] = 0) do={ $LogPrint info $ScriptName ("No packages available, downloading default set."); :foreach Arch in={ "arm"; "arm64" } do={ :local Packages { "arm"={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" }; @@ -84,4 +90,6 @@ /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ]; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/capsman-rolling-upgrade.capsman.rsc b/capsman-rolling-upgrade.capsman.rsc index f287ea3..0d4114a 100644 --- a/capsman-rolling-upgrade.capsman.rsc +++ b/capsman-rolling-upgrade.capsman.rsc @@ -1,27 +1,29 @@ #!rsc by RouterOS # RouterOS script: capsman-rolling-upgrade.capsman -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # provides: capsman-rolling-upgrade.capsman -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # upgrade CAPs one after another -# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md +# https://rsc.eworm.de/doc/capsman-rolling-upgrade.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -43,4 +45,6 @@ :delay ($Delay . "s"); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/capsman-rolling-upgrade.template.rsc b/capsman-rolling-upgrade.template.rsc index 3d98747..690d73d 100644 --- a/capsman-rolling-upgrade.template.rsc +++ b/capsman-rolling-upgrade.template.rsc @@ -1,28 +1,30 @@ #!rsc by RouterOS # RouterOS script: capsman-rolling-upgrade%TEMPL% -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # provides: capsman-rolling-upgrade%TEMPL% -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # upgrade CAPs one after another -# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md +# https://rsc.eworm.de/doc/capsman-rolling-upgrade.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -51,4 +53,6 @@ :delay ($Delay . "s"); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/capsman-rolling-upgrade.wifi.rsc b/capsman-rolling-upgrade.wifi.rsc index 369dccc..8e32ab2 100644 --- a/capsman-rolling-upgrade.wifi.rsc +++ b/capsman-rolling-upgrade.wifi.rsc @@ -1,27 +1,29 @@ #!rsc by RouterOS # RouterOS script: capsman-rolling-upgrade.wifi -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # provides: capsman-rolling-upgrade.wifi -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # upgrade CAPs one after another -# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md +# https://rsc.eworm.de/doc/capsman-rolling-upgrade.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -44,4 +46,6 @@ :delay ($Delay . "s"); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/certificate-renew-issued.rsc b/certificate-renew-issued.rsc index f2c1dfe..14917e4 100644 --- a/certificate-renew-issued.rsc +++ b/certificate-renew-issued.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: certificate-renew-issued -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # renew locally issued certificates -# https://git.eworm.de/cgit/routeros-scripts/about/doc/certificate-renew-issued.md +# https://rsc.eworm.de/doc/certificate-renew-issued.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CertIssuedExportPass; @@ -21,6 +22,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -45,4 +47,6 @@ $LogPrint info $ScriptName ("Issued a new certificate for '" . $CertVal->"common-name" . "'."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/certs/GlobalSign.pem b/certs/GlobalSign.pem deleted file mode 100644 index 47035e4..0000000 --- a/certs/GlobalSign.pem +++ /dev/null @@ -1,28 +0,0 @@ -# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 -# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 -# Label: "GlobalSign Root CA - R3" -# Serial: 4835703278459759426209954 -# MD5 Fingerprint: c5:df:b8:49:ca:05:13:55:ee:2d:ba:1a:c3:3e:b0:28 -# SHA1 Fingerprint: d6:9b:56:11:48:f0:1c:77:c5:45:78:c1:09:26:df:5b:85:69:76:ad -# SHA256 Fingerprint: cb:b5:22:d7:b7:f1:27:ad:6a:01:13:86:5b:df:1c:d4:10:2e:7d:07:59:af:63:5a:7c:f4:72:0d:c9:63:c5:3b ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 -MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 -RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT -gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm -KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd -QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ -XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o -LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU -RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp -jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK -6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX -mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs -Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH -WD9f ------END CERTIFICATE----- diff --git a/certs/Makefile b/certs/Makefile index 9ce8dd4..3ccad6e 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -1,32 +1,58 @@ # Makefile to check certificates -DOMAINS = \ - 1.1.1.1/DigiCert-Global-Root-G2 \ - 8.8.8.8/GTS-Root-R1 \ - 9.9.9.9/DigiCert-Global-Root-G3 \ +CURL = curl \ + --capath /dev/null \ + --connect-timeout 5 \ + --output /dev/null \ + --silent + +DOMAINS_DUAL = \ api.macvendors.com/GTS-Root-R4 \ - api.mullvad.net/ISRG-Root-X1 \ api.telegram.org/Go-Daddy-Root-Certificate-Authority-G2 \ cloudflare-dns.com/DigiCert-Global-Root-G2 \ - dns.google/GTS-Root-R1 \ + dns.google/GTS-Root-R4 \ dns.quad9.net/DigiCert-Global-Root-G3 \ - feodotracker.abuse.ch/GlobalSign \ git.eworm.de/ISRG-Root-X2 \ - ipv4.showipv6.de/ISRG-Root-X1 \ - ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \ - ipv6.showipv6.de/ISRG-Root-X1 \ lists.blocklist.de/Certum-Trusted-Network-CA \ matrix.org/GTS-Root-R4 \ + raw.githubusercontent.com/USERTrust-RSA-Certification-Authority \ + rsc.eworm.de/ISRG-Root-X2 \ + upgrade.mikrotik.com/ISRG-Root-X1 +DOMAINS_IPV4 = \ + 1.1.1.1/DigiCert-Global-Root-G2 \ + 8.8.8.8/GTS-Root-R1 \ + 9.9.9.9/DigiCert-Global-Root-G3 \ + api.mullvad.net/ISRG-Root-X1 \ + ipv4.showipv6.de/ISRG-Root-X1 \ + ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \ mkcert.org/ISRG-Root-X1 \ ntfy.sh/ISRG-Root-X1 \ - sslbl.abuse.ch/GlobalSign \ - upgrade.mikrotik.com/ISRG-Root-X1 \ www.dshield.org/ISRG-Root-X1 \ - www.spamhaus.org/ISRG-Root-X1 + www.spamhaus.org/GTS-Root-R4 +DOMAINS_IPV6 = \ + [2606\:4700\:4700\:\:1111]/DigiCert-Global-Root-G2 \ + [2001\:4860\:4860\:\:8888]/GTS-Root-R1 \ + [2620\:fe\:\:9]/DigiCert-Global-Root-G3 \ + ipv6.showipv6.de/ISRG-Root-X1 + +.PHONY: $(DOMAINS_DUAL) $(DOMAINS_IPV4) $(DOMAINS_IPV6) + +all: $(DOMAINS_DUAL) $(DOMAINS_IPV4) $(DOMAINS_IPV6) -.PHONY: $(DOMAINS) +$(DOMAINS_DUAL): +ifndef NOIPV4 + $(CURL) -4 --cacert $(notdir $@).pem https://$(dir $@) +endif +ifndef NOIPV6 + $(CURL) -6 --cacert $(notdir $@).pem https://$(dir $@) +endif -all: $(DOMAINS) +$(DOMAINS_IPV4): +ifndef NOIPV4 + $(CURL) -4 --cacert $(notdir $@).pem https://$(dir $@) +endif -$(DOMAINS): - curl --output /dev/null --silent --connect-timeout 5 --cacert $(notdir $@).pem https://$(dir $@) +$(DOMAINS_IPV6): +ifndef NOIPV6 + $(CURL) -6 --cacert $(notdir $@).pem https://$(dir $@) +endif diff --git a/certs/USERTrust-RSA-Certification-Authority.pem b/certs/USERTrust-RSA-Certification-Authority.pem new file mode 100644 index 0000000..0fbeef6 --- /dev/null +++ b/certs/USERTrust-RSA-Certification-Authority.pem @@ -0,0 +1,41 @@ +# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network +# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network +# Label: "USERTrust RSA Certification Authority" +# Serial: 2645093764781058787591871645665788717 +# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5 +# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e +# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2 +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- diff --git a/check-certificates.rsc b/check-certificates.rsc index 7aaac84..c10e33b 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: check-certificates -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch # # check for certificate validity -# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-certificates.md +# https://rsc.eworm.de/doc/check-certificates.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CertRenewTime; @@ -32,7 +34,8 @@ :local CheckCertificatesDownloadImport do={ :local ScriptName [ :tostr $1 ]; - :local Name [ :tostr $2 ]; + :local CertName [ :tostr $2 ]; + :local FetchName [ :tostr $3 ]; :global CertRenewUrl; :global CertRenewPass; @@ -41,43 +44,51 @@ :global EscapeForRegEx; :global FetchUserAgentStr; :global LogPrint; + :global RmFile; :global UrlEncode; :global WaitForFile; - :local Return false; + :foreach Type in={ "p12"; "pem" } do={ + :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type); + $LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \ + "' (file '" . $CertFileName . "')..."); - :foreach Type in={ ".pem"; ".p12" } do={ - :local CertFileName ([ $UrlEncode $Name ] . $Type); :do { /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \ ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value; $WaitForFile $CertFileName; :local DecryptionFailed true; - :foreach PassPhrase in=$CertRenewPass do={ - :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; - :if ($Result->"decryption-failures" = 0) do={ - :set DecryptionFailed false; - } + :foreach I,PassPhrase in=$CertRenewPass do={ + :do { + $LogPrint debug $ScriptName ("Trying " . $I . ". passphrase... "); + :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; + :if ($Result->"decryption-failures" = 0) do={ + $LogPrint debug $ScriptName ("Success!"); + :set DecryptionFailed false; + } + } on-error={ } } - /file/remove [ find where name=$CertFileName ]; + $RmFile $CertFileName; :if ($DecryptionFailed = true) do={ $LogPrint warning $ScriptName ("Decryption failed for certificate file '" . $CertFileName . "'."); } - :foreach CertInChain in=[ /certificate/find where name~("^" . [ $EscapeForRegEx $CertFileName ] . "_[0-9]+\$") \ - common-name!=$Name !(subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $Name ] . "(\\W|\$)")) !(common-name=[]) ] do={ + :foreach CertInChain in=[ /certificate/find where common-name!=$CertName !private-key \ + name~("^" . [ $EscapeForRegEx $CertFileName ] . "_[0-9]+\$") \ + !(subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $CertName ] . "(\\W|\$)")) \ + !(common-name=[]) ] do={ $CertificateNameByCN [ /certificate/get $CertInChain common-name ]; } - :set Return true; + :return true; } on-error={ $LogPrint debug $ScriptName ("Could not download certificate file '" . $CertFileName . "'."); } } - :return $Return; + :return false; } :local FormatInfo do={ @@ -133,6 +144,7 @@ } :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -140,6 +152,7 @@ :foreach Cert in=[ /certificate/find where !revoked !ca !scep-url expires-after<$CertRenewTime ] do={ :local CertVal [ /certificate/get $Cert ]; :local LastName; + :local FetchName; :do { :if ([ :len $CertRenewUrl ] = 0) do={ @@ -150,11 +163,17 @@ :local ImportSuccess false; :set LastName ($CertVal->"common-name"); - :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName ]; + :set FetchName $LastName; + :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ]; :foreach SAN in=($CertVal->"subject-alt-name") do={ :if ($ImportSuccess = false) do={ :set LastName [ :pick $SAN ([ :find $SAN ":" ] + 1) [ :len $SAN ] ]; - :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName ]; + :set FetchName $LastName; + :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ]; + :if ($ImportSuccess = false && [ :pick $LastName 0 2 ] = "*.") do={ + :set FetchName ("star." . [ :pick $LastName 2 [ :len $LastName ] ]); + :set ImportSuccess [ $CheckCertificatesDownloadImport $ScriptName $LastName $FetchName ]; + } } } :if ($ImportSuccess = false) do={ :error false; } @@ -165,7 +184,7 @@ } else={ $LogPrint debug $ScriptName ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced."); - :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $LastName ] ] . "\\.(p12|pem)_[0-9]+\$") \ + :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $FetchName ] ] . "\\.(p12|pem)_[0-9]+\$") \ (common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \ fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ]; :local CertNewVal [ /certificate/get $CertNew ]; @@ -218,4 +237,6 @@ ", it is invalid after " . ($CertVal->"invalid-after") . "."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/check-health.d/state.rsc b/check-health.d/state.rsc new file mode 100644 index 0000000..2991935 --- /dev/null +++ b/check-health.d/state.rsc @@ -0,0 +1,48 @@ +#!rsc by RouterOS +# RouterOS script: check-health.d/state +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md +# +# requires RouterOS, version=7.15 +# +# check for RouterOS health state - state plugin +# https://rsc.eworm.de/doc/check-health.md + +:global CheckHealthPlugins; + +:set ($CheckHealthPlugins->[ :jobname ]) do={ + :local FuncName [ :tostr $0 ]; + + :global CheckHealthLast; + :global Identity; + + :global LogPrint; + :global SendNotification2; + :global SymbolForNotification; + + :if ([ :len [ /system/health/find where type="" name~"-state\$"] ] = 0) do={ + $LogPrint debug $FuncName ("Your device does not provide any state health values."); + :return false; + } + + :foreach State in=[ /system/health/find where type="" name~"-state\$" ] do={ + :local Name [ /system/health/get $State name ]; + :local Value [ /system/health/get $State value ]; + + :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={ + :if ($CheckHealthLast->$Name = "ok" && \ + $Value != "ok") do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification "cross-mark" ] . "Health warning: " . $Name); \ + message=("The device '" . $Name . "' on " . $Identity . " failed!") }); + } + :if ($CheckHealthLast->$Name != "ok" && \ + $Value = "ok") do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "Health recovery: " . $Name); \ + message=("The device '" . $Name . "' on " . $Identity . " recovered!") }); + } + } + :set ($CheckHealthLast->$Name) $Value; + } +} diff --git a/check-health.d/temperature.rsc b/check-health.d/temperature.rsc new file mode 100644 index 0000000..a2f632d --- /dev/null +++ b/check-health.d/temperature.rsc @@ -0,0 +1,74 @@ +#!rsc by RouterOS +# RouterOS script: check-health.d/temperature +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md +# +# requires RouterOS, version=7.15 +# +# check for RouterOS health state - temperature plugin +# https://rsc.eworm.de/doc/check-health.md + +:global CheckHealthPlugins; + +:set ($CheckHealthPlugins->[ :jobname ]) do={ + :local FuncName [ :tostr $0 ]; + + :global CheckHealthLast; + :global CheckHealthTemperature; + :global CheckHealthTemperatureDeviation; + :global CheckHealthTemperatureNotified; + :global Identity; + + :global LogPrint; + :global SendNotification2; + :global SymbolForNotification; + + :if ([ :len [ /system/health/find where type="C" ] ] = 0) do={ + $LogPrint debug $FuncName ("Your device does not provide any voltage health values."); + :return false; + } + + :local TempToNum do={ + :global CharacterReplace; + :local T [ :toarray [ $CharacterReplace $1 "." "," ] ]; + :return ($T->0 * 10 + $T->1); + } + + :if ([ :typeof $CheckHealthTemperatureNotified ] != "array") do={ + :set CheckHealthTemperatureNotified ({}); + } + + :foreach Temperature in=[ /system/health/find where type="C" ] do={ + :local Name [ /system/health/get $Temperature name ]; + :local Value [ /system/health/get $Temperature value ]; + + :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={ + :if ([ :typeof ($CheckHealthTemperature->$Name) ] != "num" ) do={ + $LogPrint info $FuncName ("No threshold given for " . $Name . ", assuming 50C."); + :set ($CheckHealthTemperature->$Name) 50; + } + :local Validate [ /system/health/get [ find where name=$Name ] value ]; + :while ($Value != $Validate) do={ + :set Value $Validate; + :set Validate [ /system/health/get [ find where name=$Name ] value ]; + } + :if ($Value > $CheckHealthTemperature->$Name && \ + $CheckHealthTemperatureNotified->$Name != true) do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification "fire" ] . "Health warning: " . $Name); \ + message=("The " . $Name . " on " . $Identity . " is above threshold: " . \ + $Value . "\C2\B0" . "C") }); + :set ($CheckHealthTemperatureNotified->$Name) true; + } + :if ($Value <= ($CheckHealthTemperature->$Name - $CheckHealthTemperatureDeviation) && \ + $CheckHealthTemperatureNotified->$Name = true) do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "Health recovery: " . $Name); \ + message=("The " . $Name . " on " . $Identity . " dropped below threshold: " . \ + $Value . "\C2\B0" . "C") }); + :set ($CheckHealthTemperatureNotified->$Name) false; + } + } + :set ($CheckHealthLast->$Name) $Value; + } +} diff --git a/check-health.d/voltage.rsc b/check-health.d/voltage.rsc new file mode 100644 index 0000000..9071c88 --- /dev/null +++ b/check-health.d/voltage.rsc @@ -0,0 +1,63 @@ +#!rsc by RouterOS +# RouterOS script: check-health.d/voltage +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md +# +# requires RouterOS, version=7.15 +# +# check for RouterOS health state - voltage plugin +# https://rsc.eworm.de/doc/check-health.md + +:global CheckHealthPlugins; + +:set ($CheckHealthPlugins->[ :jobname ]) do={ + :local FuncName [ :tostr $0 ]; + + :global CheckHealthLast; + :global CheckHealthVoltageLow; + :global CheckHealthVoltagePercent; + :global Identity; + + :global FormatLine; + :global IfThenElse; + :global LogPrint; + :global SendNotification2; + :global SymbolForNotification; + + :if ([ :len [ /system/health/find where type="V" ] ] = 0) do={ + $LogPrint debug $FuncName ("Your device does not provide any voltage health values."); + :return false; + } + + :foreach Voltage in=[ /system/health/find where type="V" ] do={ + :local Name [ /system/health/get $Voltage name ]; + :local Value [ /system/health/get $Voltage value ]; + + :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={ + :local NumCurr [ $TempToNum $Value ]; + :local NumLast [ $TempToNum ($CheckHealthLast->$Name) ]; + + :if ($NumLast * (100 + $CheckHealthVoltagePercent) < $NumCurr * 100 || \ + $NumLast * 100 > $NumCurr * (100 + $CheckHealthVoltagePercent)) do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification ("high-voltage-sign,chart-" . [ $IfThenElse ($NumLast < \ + $NumCurr) "in" "de" ] . "creasing") ] . "Health warning: " . $Name); \ + message=("The " . $Name . " on " . $Identity . " jumped more than " . $CheckHealthVoltagePercent . "%.\n\n" . \ + [ $FormatLine "old value" ($CheckHealthLast->$Name . " V") 12 ] . "\n" . \ + [ $FormatLine "new value" ($Value . " V") 12 ]) }); + } else={ + :if ($NumCurr <= $CheckHealthVoltageLow && $NumLast > $CheckHealthVoltageLow) do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification "high-voltage-sign,chart-decreasing" ] . "Health warning: Low " . $Name); \ + message=("The " . $Name . " on " . $Identity . " dropped to " . $Value . " V below hard limit.") }); + } + :if ($NumCurr > $CheckHealthVoltageLow && $NumLast <= $CheckHealthVoltageLow) do={ + $SendNotification2 ({ origin=$FuncName; \ + subject=([ $SymbolForNotification "high-voltage-sign,chart-increasing" ] . "Health recovery: Low " . $Name); \ + message=("The " . $Name . " on " . $Identity . " recovered to " . $Value . " V above hard limit.") }); + } + } + } + :set ($CheckHealthLast->$Name) $Value; + } +} diff --git a/check-health.rsc b/check-health.rsc index 540336d..4cb9940 100644 --- a/check-health.rsc +++ b/check-health.rsc @@ -1,28 +1,24 @@ #!rsc by RouterOS # RouterOS script: check-health -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # check for RouterOS health state -# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-health.md +# https://rsc.eworm.de/doc/check-health.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CheckHealthCPUUtilization; :global CheckHealthCPUUtilizationNotified; :global CheckHealthLast; :global CheckHealthRAMUtilizationNotified; - :global CheckHealthTemperature; - :global CheckHealthTemperatureDeviation; - :global CheckHealthTemperatureNotified; - :global CheckHealthVoltageLow; - :global CheckHealthVoltagePercent; :global Identity; :global FormatLine; @@ -32,6 +28,7 @@ :global ScriptLock; :global SendNotification2; :global SymbolForNotification; + :global ValidateSyntax; :local TempToNum do={ :global CharacterReplace; @@ -40,6 +37,7 @@ } :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -76,103 +74,37 @@ :set CheckHealthRAMUtilizationNotified false; } - :if ([ :len [ /system/health/find ] ] = 0) do={ - $LogPrint debug $ScriptName ("Your device does not provide any health values."); + :local Plugins [ /system/script/find where name~"^check-health.d/." ]; + :if ([ :len $Plugins ] = 0) do={ + $LogPrint debug $ScriptName ("No plugins installed."); + :set ExitOK true; :error true; } + :global CheckHealthPlugins ({}); :if ([ :typeof $CheckHealthLast ] != "array") do={ :set CheckHealthLast ({}); } - :if ([ :typeof $CheckHealthTemperatureNotified ] != "array") do={ - :set CheckHealthTemperatureNotified ({}); - } - - - :foreach Voltage in=[ /system/health/find where type="V" ] do={ - :local Name [ /system/health/get $Voltage name ]; - :local Value [ /system/health/get $Voltage value ]; - :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={ - :local NumCurr [ $TempToNum $Value ]; - :local NumLast [ $TempToNum ($CheckHealthLast->$Name) ]; - - :if ($NumLast * (100 + $CheckHealthVoltagePercent) < $NumCurr * 100 || \ - $NumLast * 100 > $NumCurr * (100 + $CheckHealthVoltagePercent)) do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification ("high-voltage-sign,chart-" . [ $IfThenElse ($NumLast < \ - $NumCurr) "in" "de" ] . "creasing") ] . "Health warning: " . $Name); \ - message=("The " . $Name . " on " . $Identity . " jumped more than " . $CheckHealthVoltagePercent . "%.\n\n" . \ - [ $FormatLine "old value" ($CheckHealthLast->$Name . " V") 12 ] . "\n" . \ - [ $FormatLine "new value" ($Value . " V") 12 ]) }); - } else={ - :if ($NumCurr <= $CheckHealthVoltageLow && $NumLast > $CheckHealthVoltageLow) do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "high-voltage-sign,chart-decreasing" ] . "Health warning: Low " . $Name); \ - message=("The " . $Name . " on " . $Identity . " dropped to " . $Value . " V below hard limit.") }); - } - :if ($NumCurr > $CheckHealthVoltageLow && $NumLast <= $CheckHealthVoltageLow) do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "high-voltage-sign,chart-increasing" ] . "Health recovery: Low " . $Name); \ - message=("The " . $Name . " on " . $Identity . " recovered to " . $Value . " V above hard limit.") }); - } + :foreach Plugin in=$Plugins do={ + :local PluginVal [ /system/script/get $Plugin ]; + :if ([ $ValidateSyntax ($PluginVal->"source") ] = true) do={ + :onerror Err { + /system/script/run $Plugin; + } do={ + $LogPrint error $ScriptName ("Plugin '" . $ScriptVal->"name" . "' failed to run: " . $Err); } + } else={ + $LogPrint error $ScriptName ("Plugin '" . $ScriptVal->"name" . "' failed syntax validation, skipping."); } - :set ($CheckHealthLast->$Name) $Value; } - :foreach PSU in=[ /system/health/find where name~"^psu.*-state\$" ] do={ - :local Name [ /system/health/get $PSU name ]; - :local Value [ /system/health/get $PSU value ]; - - :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={ - :if ($CheckHealthLast->$Name = "ok" && \ - $Value != "ok") do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "cross-mark" ] . "Health warning: " . $Name); \ - message=("The power supply unit '" . $Name . "' on " . $Identity . " failed!") }); - } - :if ($CheckHealthLast->$Name != "ok" && \ - $Value = "ok") do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "Health recovery: " . $Name); \ - message=("The power supply unit '" . $Name . "' on " . $Identity . " recovered!") }); - } - } - :set ($CheckHealthLast->$Name) $Value; + :foreach PluginName,Discard in=$CheckHealthPlugins do={ + ($CheckHealthPlugins->$PluginName) \ + ("\$CheckHealthPlugins->\"" . $PluginName . "\""); } - :foreach Temperature in=[ /system/health/find where type="C" ] do={ - :local Name [ /system/health/get $Temperature name ]; - :local Value [ /system/health/get $Temperature value ]; - - :if ([ :typeof ($CheckHealthLast->$Name) ] != "nothing") do={ - :if ([ :typeof ($CheckHealthTemperature->$Name) ] != "num" ) do={ - $LogPrint info $ScriptName ("No threshold given for " . $Name . ", assuming 50C."); - :set ($CheckHealthTemperature->$Name) 50; - } - :local Validate [ /system/health/get [ find where name=$Name ] value ]; - :while ($Value != $Validate) do={ - :set Value $Validate; - :set Validate [ /system/health/get [ find where name=$Name ] value ]; - } - :if ($Value > $CheckHealthTemperature->$Name && \ - $CheckHealthTemperatureNotified->$Name != true) do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "fire" ] . "Health warning: " . $Name); \ - message=("The " . $Name . " on " . $Identity . " is above threshold: " . \ - $Value . "\C2\B0" . "C") }); - :set ($CheckHealthTemperatureNotified->$Name) true; - } - :if ($Value <= ($CheckHealthTemperature->$Name - $CheckHealthTemperatureDeviation) && \ - $CheckHealthTemperatureNotified->$Name = true) do={ - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "Health recovery: " . $Name); \ - message=("The " . $Name . " on " . $Identity . " dropped below threshold: " . \ - $Value . "\C2\B0" . "C") }); - :set ($CheckHealthTemperatureNotified->$Name) false; - } - } - :set ($CheckHealthLast->$Name) $Value; - } -} on-error={ } + :set CheckHealthPlugins; +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/check-lte-firmware-upgrade.rsc b/check-lte-firmware-upgrade.rsc index 2e52c2a..9f4b656 100644 --- a/check-lte-firmware-upgrade.rsc +++ b/check-lte-firmware-upgrade.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: check-lte-firmware-upgrade -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # check for LTE firmware upgrade, send notification -# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-lte-firmware-upgrade.md +# https://rsc.eworm.de/doc/check-lte-firmware-upgrade.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global SentLteFirmwareUpgradeNotification; @@ -19,6 +20,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -43,12 +45,12 @@ :local IntName [ /interface/lte/get $Interface name ]; :local Firmware; :local Info; - :do { + :onerror Err { :set Firmware [ /interface/lte/firmware-upgrade $Interface as-value ]; :set Info [ /interface/lte/monitor $Interface once as-value ]; - } on-error={ + } do={ $LogPrint debug $ScriptName ("Could not get latest LTE firmware version for interface " . \ - $IntName . "."); + $IntName . ": " . $Err); :return false; } @@ -100,4 +102,6 @@ :foreach Interface in=[ /interface/lte/find ] do={ $CheckInterface $ScriptName $Interface; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/check-perpetual-license.rsc b/check-perpetual-license.rsc new file mode 100644 index 0000000..c2f0dff --- /dev/null +++ b/check-perpetual-license.rsc @@ -0,0 +1,78 @@ +#!rsc by RouterOS +# RouterOS script: check-perpetual-license +# Copyright (c) 2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md +# +# requires RouterOS, version=7.15 +# +# check perpetual license on CHR +# https://rsc.eworm.de/doc/check-perpetual-license.md + +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; + :local ScriptName [ :jobname ]; + + :global Identity; + :global SentCertificateNotification; + + :global LogPrint; + :global ScriptLock; + :global SendNotification2; + :global SymbolForNotification; + :global WaitFullyConnected; + + :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; + :error false; + } + + $WaitFullyConnected; + + :local License [ /system/license/get ]; + :if ([ :typeof ($License->"deadline-at") ] != "str") do={ + $LogPrint info $ScriptName ("This device does not have a perpetual license."); + :set ExitOK true; + :error true; + } + + :if ([ :len ($License->"next-renewal-at") ] = 0 && ($License->"limited-upgrades") = true) do={ + $LogPrint warning $ScriptName ("Your license expired on " . ($License->"deadline-at") . "!"); + :if ($SentCertificateNotification != "expired") do={ + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "warning-sign" ] . "License expired!"); \ + message=("Your license expired on " . ($License->"deadline-at") . \ + ", can no longer update RouterOS on " . $Identity . "...") }); + :set SentCertificateNotification "expired"; + } + :set ExitOK true; + :error true; + } + + :if ([ :totime ($License->"deadline-at") ] - 3w < [ :timestamp ]) do={ + $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!"); + :if ($SentCertificateNotification != "warning") do={ + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \ + message=("Your license failed to renew and is about to expire on " . \ + ($License->"deadline-at") . " on " . $Identity . "...") }); + :set SentCertificateNotification "warning"; + } + :set ExitOK true; + :error true; + } + + :if ([ :typeof $SentCertificateNotification ] = "str" && \ + [ :totime ($License->"deadline-at") ] - 4w > [ :timestamp ]) do={ + $LogPrint info $ScriptName ("Your license was successfully renewed."); + $SendNotification2 ({ origin=$ScriptName; \ + subject=([ $SymbolForNotification "white-heavy-check-mark" ] . "License renewed"); \ + message=("Your license was successfully renewed on " . $Identity . \ + ". It is now valid until " . ($License->"deadline-at") . ".") }); + :set SentCertificateNotification; + } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 0624808..8b80dde 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: check-routeros-update -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch, scheduler # # check for RouterOS update, send notification and/or install -# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-routeros-update.md +# https://rsc.eworm.de/doc/check-routeros-update.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -26,6 +28,7 @@ :global EscapeForRegEx; :global FetchUserAgentStr; :global LogPrint; + :global RebootForUpdate; :global ScriptFromTerminal; :global ScriptLock; :global SendNotification2; @@ -34,21 +37,40 @@ :global WaitFullyConnected; :local DoUpdate do={ + :local ScriptName [ :tostr $1 ]; + + :global LogPrint; + :if ([ :len [ /system/script/find where name="packages-update" ] ] > 0) do={ /system/script/run packages-update; } else={ /system/package/update/install without-paging; } - :error "Waiting for system to reboot."; + $LogPrint info $ScriptName ("Waiting for system to reboot."); } :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; + :error false; + } + + :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Running from backup partition, refusing to act."); + :set ExitOK true; :error false; } + $WaitFullyConnected; :if ([ :len [ /system/scheduler/find where name="_RebootForUpdate" ] ] > 0) do={ - :error "A reboot for update is already scheduled."; + :if ([ :typeof $RebootForUpdate ] = "nothing") do={ + $LogPrint info $ScriptName ("Found a stale scheduler for reboot, removing."); + /system/scheduler/remove "_RebootForUpdate"; + } else={ + $LogPrint info $ScriptName ("A reboot for update is already scheduled."); + :set ExitOK true; + :error false; + } } $LogPrint debug $ScriptName ("Checking for updates..."); @@ -59,11 +81,13 @@ :if ([ $ScriptFromTerminal $ScriptName ] = true) do={ $LogPrint info $ScriptName ("System is already up to date."); } + :set ExitOK true; :error true; } :if ([ :len ($Update->"latest-version") ] = 0) do={ $LogPrint info $ScriptName ("Received an empty version string from server."); + :set ExitOK true; :error false; } @@ -76,6 +100,7 @@ :if ($NumLatest < [ $VersionToNum "7.0" ]) do={ $LogPrint warning $ScriptName ("The version '" . ($Update->"latest-version") . "' is not a valid version."); + :set ExitOK true; :error false; } @@ -87,7 +112,9 @@ subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \ message=("Installing ALL versions automatically, including " . $Update->"latest-version" . \ "... Updating on " . $Identity . "..."); link=$Link; silent=true }); - $DoUpdate; + $DoUpdate $ScriptName; + :set ExitOK true; + :error true; } :if ($SafeUpdatePatch = true && $NumInstalledFeature = $NumLatestFeature) do={ @@ -96,7 +123,9 @@ subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \ message=("Version " . $Update->"latest-version" . " is a patch update for " . $Update->"channel" . \ ", updating on " . $Identity . "..."); link=$Link; silent=true }); - $DoUpdate; + $DoUpdate $ScriptName; + :set ExitOK true; + :error true; } :if ($SafeUpdateNeighbor = true) do={ @@ -110,19 +139,21 @@ subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \ message=("Seen a neighbor (" . $Neighbor . ") running version " . $Update->"latest-version" . \ " from " . $Update->"channel" . ", updating on " . $Identity . "..."); link=$Link; silent=true }); - $DoUpdate; + $DoUpdate $ScriptName; + :set ExitOK true; + :error true; } } :if ([ :len $SafeUpdateUrl ] > 0) do={ :local Result; - :do { + :onerror Err { :set Result [ /tool/fetch check-certificate=yes-without-crl \ ($SafeUpdateUrl . $Update->"channel" . "?installed=" . $Update->"installed-version" . \ "&latest=" . $Update->"latest-version") http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \ output=user as-value ]; - } on-error={ - $LogPrint warning $ScriptName ("Failed receiving safe version for " . $Update->"channel" . "."); + } do={ + $LogPrint warning $ScriptName ("Failed receiving safe version for " . $Update->"channel" . ": " . $Err); } :if ($Result->"status" = "finished" && $Result->"data" = $Update->"latest-version") do={ $LogPrint info $ScriptName ("Version " . $Update->"latest-version" . " is considered safe, updating..."); @@ -130,7 +161,9 @@ subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \ message=("Version " . $Update->"latest-version" . " is considered safe for " . $Update->"channel" . \ ", updating on " . $Identity . "..."); link=$Link; silent=true }); - $DoUpdate; + $DoUpdate $ScriptName; + :set ExitOK true; + :error true; } } @@ -140,13 +173,16 @@ :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={ /system/package/update/set channel=stable; $LogPrint info $ScriptName ("Switched to channel 'stable', please re-run!"); + :set ExitOK true; :error true; } } :put ("Do you want to install RouterOS version " . $Update->"latest-version" . "? [y/N]"); :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={ - $DoUpdate; + $DoUpdate $ScriptName; + :set ExitOK true; + :error true; } else={ :put "Canceled..."; } @@ -155,6 +191,7 @@ :if ($SentRouterosUpdateNotification = $Update->"latest-version") do={ $LogPrint info $ScriptName ("Already sent the RouterOS update notification for version " . \ $Update->"latest-version" . "."); + :set ExitOK true; :error true; } @@ -170,6 +207,7 @@ :if ($SentRouterosUpdateNotification = $Update->"latest-version") do={ $LogPrint info $ScriptName ("Already sent the RouterOS downgrade notification for version " . \ $Update->"latest-version" . "."); + :set ExitOK true; :error true; } @@ -182,4 +220,6 @@ " is available for downgrade."); :set SentRouterosUpdateNotification ($Update->"latest-version"); } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/collect-wireless-mac.capsman.rsc b/collect-wireless-mac.capsman.rsc index 9efa9ef..06b8d84 100644 --- a/collect-wireless-mac.capsman.rsc +++ b/collect-wireless-mac.capsman.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: collect-wireless-mac.capsman -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=40 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # collect wireless mac adresses in access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md +# https://rsc.eworm.de/doc/collect-wireless-mac.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -29,6 +30,7 @@ :global SymbolForNotification; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -93,4 +95,6 @@ $LogPrint debug $ScriptName ("No mac address available... Ignoring."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/collect-wireless-mac.local.rsc b/collect-wireless-mac.local.rsc index 27c9d1c..6716582 100644 --- a/collect-wireless-mac.local.rsc +++ b/collect-wireless-mac.local.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: collect-wireless-mac.local -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=40 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # collect wireless mac adresses in access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md +# https://rsc.eworm.de/doc/collect-wireless-mac.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -29,6 +30,7 @@ :global SymbolForNotification; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -94,4 +96,6 @@ $LogPrint debug $ScriptName ("No mac address available... Ignoring."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/collect-wireless-mac.template.rsc b/collect-wireless-mac.template.rsc index d41c17d..53e6b0a 100644 --- a/collect-wireless-mac.template.rsc +++ b/collect-wireless-mac.template.rsc @@ -1,21 +1,22 @@ #!rsc by RouterOS # RouterOS script: collect-wireless-mac%TEMPL% -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=40 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # collect wireless mac adresses in access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md +# https://rsc.eworm.de/doc/collect-wireless-mac.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -30,6 +31,7 @@ :global SymbolForNotification; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -111,4 +113,6 @@ $LogPrint debug $ScriptName ("No mac address available... Ignoring."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/collect-wireless-mac.wifi.rsc b/collect-wireless-mac.wifi.rsc index 0075320..43ac851 100644 --- a/collect-wireless-mac.wifi.rsc +++ b/collect-wireless-mac.wifi.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: collect-wireless-mac.wifi -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=40 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # collect wireless mac adresses in access list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md +# https://rsc.eworm.de/doc/collect-wireless-mac.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -29,6 +30,7 @@ :global SymbolForNotification; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -93,4 +95,6 @@ $LogPrint debug $ScriptName ("No mac address available... Ignoring."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/contrib/checksums.sh b/contrib/checksums.sh new file mode 100755 index 0000000..b472b49 --- /dev/null +++ b/contrib/checksums.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# generate a checksums file as used by $ScriptInstallUpdate + +set -e + +md5sum $(find -name '*.rsc' | sort) | \ + sed -e "s| \./||" -e 's|.rsc$||' | \ + jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' > 'checksums.json' diff --git a/daily-psk.capsman.rsc b/daily-psk.capsman.rsc index 0562e39..3ecd6b6 100644 --- a/daily-psk.capsman.rsc +++ b/daily-psk.capsman.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: daily-psk.capsman -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # requires RouterOS, version=7.15 # # update daily PSK (pre shared key) -# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md +# https://rsc.eworm.de/doc/daily-psk.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global DailyPskMatchComment; @@ -31,6 +32,7 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -89,4 +91,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/daily-psk.local.rsc b/daily-psk.local.rsc index 0bef0e9..d496350 100644 --- a/daily-psk.local.rsc +++ b/daily-psk.local.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: daily-psk.local -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # requires RouterOS, version=7.15 # # update daily PSK (pre shared key) -# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md +# https://rsc.eworm.de/doc/daily-psk.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global DailyPskMatchComment; @@ -31,6 +32,7 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -88,4 +90,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/daily-psk.template.rsc b/daily-psk.template.rsc index 9d71958..5a1df2f 100644 --- a/daily-psk.template.rsc +++ b/daily-psk.template.rsc @@ -1,21 +1,22 @@ #!rsc by RouterOS # RouterOS script: daily-psk%TEMPL% -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # requires RouterOS, version=7.15 # # update daily PSK (pre shared key) -# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md +# https://rsc.eworm.de/doc/daily-psk.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global DailyPskMatchComment; @@ -32,6 +33,7 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -104,4 +106,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/daily-psk.wifi.rsc b/daily-psk.wifi.rsc index 83a896c..c441e58 100644 --- a/daily-psk.wifi.rsc +++ b/daily-psk.wifi.rsc @@ -1,20 +1,21 @@ #!rsc by RouterOS # RouterOS script: daily-psk.wifi -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # requires RouterOS, version=7.15 # # update daily PSK (pre shared key) -# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md +# https://rsc.eworm.de/doc/daily-psk.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global DailyPskMatchComment; @@ -31,6 +32,7 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -89,4 +91,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/dhcp-lease-comment.capsman.rsc b/dhcp-lease-comment.capsman.rsc index c435ec3..3615bb9 100644 --- a/dhcp-lease-comment.capsman.rsc +++ b/dhcp-lease-comment.capsman.rsc @@ -1,26 +1,28 @@ #!rsc by RouterOS # RouterOS script: dhcp-lease-comment.capsman -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=60 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update dhcp-server lease comment with infos from access-list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md +# https://rsc.eworm.de/doc/dhcp-lease-comment.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -36,4 +38,6 @@ /ip/dhcp-server/lease/set comment=$NewComment $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/dhcp-lease-comment.local.rsc b/dhcp-lease-comment.local.rsc index 27e6605..9da5333 100644 --- a/dhcp-lease-comment.local.rsc +++ b/dhcp-lease-comment.local.rsc @@ -1,26 +1,28 @@ #!rsc by RouterOS # RouterOS script: dhcp-lease-comment.local -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=60 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update dhcp-server lease comment with infos from access-list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md +# https://rsc.eworm.de/doc/dhcp-lease-comment.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -36,4 +38,6 @@ /ip/dhcp-server/lease/set comment=$NewComment $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/dhcp-lease-comment.template.rsc b/dhcp-lease-comment.template.rsc index c562ca2..62cace1 100644 --- a/dhcp-lease-comment.template.rsc +++ b/dhcp-lease-comment.template.rsc @@ -1,27 +1,29 @@ #!rsc by RouterOS # RouterOS script: dhcp-lease-comment%TEMPL% -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=60 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update dhcp-server lease comment with infos from access-list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md +# https://rsc.eworm.de/doc/dhcp-lease-comment.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -41,4 +43,6 @@ /ip/dhcp-server/lease/set comment=$NewComment $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/dhcp-lease-comment.wifi.rsc b/dhcp-lease-comment.wifi.rsc index ba617d7..667708c 100644 --- a/dhcp-lease-comment.wifi.rsc +++ b/dhcp-lease-comment.wifi.rsc @@ -1,26 +1,28 @@ #!rsc by RouterOS # RouterOS script: dhcp-lease-comment.wifi -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=60 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update dhcp-server lease comment with infos from access-list -# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md +# https://rsc.eworm.de/doc/dhcp-lease-comment.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -36,4 +38,6 @@ /ip/dhcp-server/lease/set comment=$NewComment $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/dhcp-to-dns.rsc b/dhcp-to-dns.rsc index 0ab5e2a..a9c91e1 100644 --- a/dhcp-to-dns.rsc +++ b/dhcp-to-dns.rsc @@ -1,18 +1,19 @@ #!rsc by RouterOS # RouterOS script: dhcp-to-dns -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=20 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.16 # # check DHCP leases and add/remove/update DNS entries -# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-to-dns.md +# https://rsc.eworm.de/doc/dhcp-to-dns.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Domain; @@ -27,6 +28,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -40,7 +42,7 @@ } :local PlaceBefore ([ /ip/dns/static/find where (name=$CommentString or (comment=$CommentString and name=-)) type=NXDOMAIN disabled ]->0); - :foreach DnsRecord in=[ /ip/dns/static/find where comment~("^" . $CommentPrefix . "\\b") (!type or type=A) ] do={ + :foreach DnsRecord in=[ /ip/dns/static/find where comment~("^" . $CommentPrefix . "\\b") type=A ] do={ :local DnsRecordVal [ /ip/dns/static/get $DnsRecord ]; :local DnsRecordInfo [ $ParseKeyValueStore ($DnsRecordVal->"comment") ]; :local MacInServer ($DnsRecordInfo->"macaddress" . " in " . $DnsRecordInfo->"server"); @@ -83,7 +85,7 @@ :local FullCN ($HostName . "." . $NetDomain); :local MacInServer ($LeaseVal->"active-mac-address" . " in " . $LeaseVal->"server"); - :local DnsRecord [ /ip/dns/static/find where comment=$Comment (!type or type=A) ]; + :local DnsRecord [ /ip/dns/static/find where comment=$Comment type=A ]; :if ([ :len $DnsRecord ] > 0) do={ :local DnsRecordVal [ /ip/dns/static/get $DnsRecord ]; @@ -116,11 +118,13 @@ } } - :if ([ :len [ /ip/dns/static/find where name=$FullA (!type or type=A) ] ] > 1) do={ + :if ([ :len [ /ip/dns/static/find where name=$FullA type=A ] ] > 1) do={ $LogPrintOnce warning $ScriptName ("The name '" . $FullA . "' appeared in more than one A record!"); } } else={ $LogPrint debug $ScriptName ("No address available... Ignoring."); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/doc/accesslist-duplicates.md b/doc/accesslist-duplicates.md index a6302f5..e4d0c7f 100644 --- a/doc/accesslist-duplicates.md +++ b/doc/accesslist-duplicates.md @@ -4,7 +4,7 @@ Find and remove access list duplicates [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/backup-cloud.md b/doc/backup-cloud.md index d658760..7d55d74 100644 --- a/doc/backup-cloud.md +++ b/doc/backup-cloud.md @@ -4,7 +4,7 @@ Upload backup to Mikrotik cloud [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -17,7 +17,7 @@ Description ----------- This script uploads -[binary backup to Mikrotik cloud](https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Backup). +[binary backup to Mikrotik cloud ↗️](https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Backup). > ⚠️ **Warning**: The used command can hit errors that a script can with > workaround only. A notification *should* be sent anyway. But it can result @@ -49,6 +49,7 @@ The configuration goes to `global-config-overlay`, these are the parameters: Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/backup-email.md b/doc/backup-email.md index aedae4d..7b8bcfe 100644 --- a/doc/backup-email.md +++ b/doc/backup-email.md @@ -4,7 +4,7 @@ Send backup via e-mail [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/backup-partition.md b/doc/backup-partition.md index 9f62967..50b8a09 100644 --- a/doc/backup-partition.md +++ b/doc/backup-partition.md @@ -4,7 +4,7 @@ Save configuration to fallback partition [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -17,7 +17,7 @@ Description ----------- This script saves the current configuration to fallback -[partition](https://wiki.mikrotik.com/wiki/Manual:Partitions). +[partition ↗️](https://wiki.mikrotik.com/wiki/Manual:Partitions). It can also copy-over the RouterOS installation when run interactively or just before a feature update. diff --git a/doc/backup-upload.md b/doc/backup-upload.md index f2858b2..b4012c8 100644 --- a/doc/backup-upload.md +++ b/doc/backup-upload.md @@ -4,7 +4,7 @@ Upload backup to server [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -55,6 +55,7 @@ The configuration goes to `global-config-overlay`, these are the parameters: Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/capsman-download-packages.md b/doc/capsman-download-packages.md index d719934..5722227 100644 --- a/doc/capsman-download-packages.md +++ b/doc/capsman-download-packages.md @@ -4,7 +4,7 @@ Download packages for CAP upgrade from CAPsMAN [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/capsman-rolling-upgrade.md b/doc/capsman-rolling-upgrade.md index f366d40..d277db6 100644 --- a/doc/capsman-rolling-upgrade.md +++ b/doc/capsman-rolling-upgrade.md @@ -4,7 +4,7 @@ Run rolling CAP upgrades from CAPsMAN [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/certificate-renew-issued.md b/doc/certificate-renew-issued.md index 096e07b..c4615b5 100644 --- a/doc/certificate-renew-issued.md +++ b/doc/certificate-renew-issued.md @@ -4,7 +4,7 @@ Renew locally issued certificates [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/check-certificates.md b/doc/check-certificates.md index 4188815..a9426db 100644 --- a/doc/check-certificates.md +++ b/doc/check-certificates.md @@ -4,7 +4,7 @@ Renew certificates and notify on expiration [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -51,6 +51,7 @@ subject alternative name (aka *Subject Alt Name* or *SAN*) can be used. Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/check-health.d/notification-08-psu-fail.avif b/doc/check-health.d/notification-08-state-fail.avif Binary files differindex ad049ac..ad049ac 100644 --- a/doc/check-health.d/notification-08-psu-fail.avif +++ b/doc/check-health.d/notification-08-state-fail.avif diff --git a/doc/check-health.d/notification-09-psu-ok.avif b/doc/check-health.d/notification-09-state-ok.avif Binary files differindex 26f5a74..26f5a74 100644 --- a/doc/check-health.d/notification-09-psu-ok.avif +++ b/doc/check-health.d/notification-09-state-ok.avif diff --git a/doc/check-health.md b/doc/check-health.md index 578ea43..33847e3 100644 --- a/doc/check-health.md +++ b/doc/check-health.md @@ -4,7 +4,7 @@ Notify about health state [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -17,22 +17,24 @@ Description ----------- This script is run from scheduler periodically, sending notification on -health related events: +health related events. Monitoring CPU and RAM utilization (available +processing and memory resources) works on all devices: * high CPU utilization * high RAM utilization (low available RAM) + +With additional plugins functionality can be extended, depending on +sensors available in hardware: + * voltage jumps up or down more than configured threshold * voltage drops below hard lower limit +* fan failed or recovered * power supply failed or recovered * temperature is above or below threshold -Note that bad initial state will not trigger an event. - -Monitoring CPU and RAM utilization (available processing and memory -resources) works on all devices. Other than that only sensors available -in hardware can be checked. See what your hardware supports: - - /system/health/print; +> ⚠️ **Warning**: Note that bad initial state will not trigger an event! For +> example rebooting a device that is already too hot will not trigger an +> alert on high temperature. ### Sample notifications @@ -57,8 +59,8 @@ in hardware can be checked. See what your hardware supports: #### PSU state - - + + Requirements and installation ----------------------------- @@ -72,6 +74,30 @@ Just install the script and create a scheduler: > precision of cpu utilization, escpecially on devices with limited > resources. Thus an unusual interval is used here. +### Plugins + +Additional plugins are available for sensors available in hardware. First +check what your hardware supports: + + /system/health/print; + +Then install the plugin for *fan* and *power supply unit* *state*: + + $ScriptInstallUpdate check-health,check-health.d/state; + +... or *temperature*: + + $ScriptInstallUpdate check-health,check-health.d/temperature; + +... or *voltage*: + + $ScriptInstallUpdate check-health,check-health.d/voltage; + +You can also combine the commands and install all or a subset of plugins +in one go: + + $ScriptInstallUpdate check-health,check-health.d/state,check-health.d/temperature,check-health.d/voltage; + Configuration ------------- @@ -87,6 +113,7 @@ The configuration goes to `global-config-overlay`, these are the parameters: Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/check-lte-firmware-upgrade.md b/doc/check-lte-firmware-upgrade.md index 66b2cf5..a0c441e 100644 --- a/doc/check-lte-firmware-upgrade.md +++ b/doc/check-lte-firmware-upgrade.md @@ -4,7 +4,7 @@ Notify on LTE firmware upgrade [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -44,7 +44,9 @@ Configuration Also notification settings are required for [e-mail](mod/notification-email.md), -[matrix](mod/notification-matrix.md) and/or +[gotify](mod/notification-gotify.md), +[matrix](mod/notification-matrix.md), +[ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). See also diff --git a/doc/check-perpetual-license.d/notification.avif b/doc/check-perpetual-license.d/notification.avif Binary files differnew file mode 100644 index 0000000..70ca603 --- /dev/null +++ b/doc/check-perpetual-license.d/notification.avif diff --git a/doc/check-perpetual-license.md b/doc/check-perpetual-license.md new file mode 100644 index 0000000..0335fb5 --- /dev/null +++ b/doc/check-perpetual-license.md @@ -0,0 +1,71 @@ +Check perpetual license on CHR +============================== + +[](https://github.com/eworm-de/routeros-scripts/stargazers) +[](https://github.com/eworm-de/routeros-scripts/network) +[](https://github.com/eworm-de/routeros-scripts/watchers) +[](https://mikrotik.com/download/changelogs/) +[](https://t.me/routeros_scripts) +[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) + +[⬅️ Go back to main README](../README.md) + +> ℹ️ **Info**: This script can not be used on its own but requires the base +> installation. See [main README](../README.md) for details. + +Description +----------- + +On *Cloud Hosted Router* (*CHR*) the licensing is perpetual: Buy once, use +forever - but it needs regular renewal. This script checks licensing state +and sends a notification to warn before expiration. + +### Sample notification + + + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate check-perpetual-license; + +And add a scheduler for automatic update notification: + + /system/scheduler/add interval=1d name=check-perpetual-license on-event="/system/script/run check-perpetual-license;" start-time=startup; + +Configuration +------------- + +No extra configuration is required for this script, but notification +settings are required for +[e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), +[matrix](mod/notification-matrix.md), +[ntfy](mod/notification-ntfy.md) and/or +[telegram](mod/notification-telegram.md). + +Usage and invocation +-------------------- + +Be notified when run from scheduler or run it manually: + + /system/script/run check-perpetual-license; + +Tips & Tricks +------------- + +The script checks for full connectivity before acting, so scheduling at +startup is perfectly valid: + + /system/scheduler/add name=check-perpetual-license@startup on-event="/system/script/run check-perpetual-license;" start-time=startup; + +See also +-------- + +* [Notify on RouterOS update](check-routeros-update.md) + +--- +[⬅️ Go back to main README](../README.md) +[⬆️ Go back to top](#top) diff --git a/doc/check-routeros-update.md b/doc/check-routeros-update.md index 2e9b8aa..a45e075 100644 --- a/doc/check-routeros-update.md +++ b/doc/check-routeros-update.md @@ -4,7 +4,7 @@ Notify on RouterOS update [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -30,8 +30,8 @@ automatically is supported. > ⚠️ **Warning**: Installing updates is important from a security point > of view. At the same time it can be source of serve breakage. So test > versions in lab and read -> [changelog](https://mikrotik.com/download/changelogs/) and -> [forum](https://forum.mikrotik.com/viewforum.php?f=21) before deploying +> [changelog ↗️](https://mikrotik.com/download/changelogs/) and +> [forum ↗️](https://forum.mikrotik.com/viewforum.php?f=21) before deploying > to your production environment! Automatic updates should be handled > with care! @@ -73,6 +73,7 @@ The configuration goes to `global-config-overlay`, these are the parameters: Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). @@ -99,6 +100,7 @@ startup is perfectly valid: See also -------- +* [Check perpetual license on CHR](check-perpetual-license.md) * [Automatically upgrade firmware and reboot](firmware-upgrade-reboot.md) * [Manage system update](packages-update.md) diff --git a/doc/collect-wireless-mac.md b/doc/collect-wireless-mac.md index 84c111d..2378fed 100644 --- a/doc/collect-wireless-mac.md +++ b/doc/collect-wireless-mac.md @@ -4,7 +4,7 @@ Collect MAC addresses in wireless access list [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -54,6 +54,7 @@ entries are to be added. Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/daily-psk.md b/doc/daily-psk.md index 4a3de64..118d768 100644 --- a/doc/daily-psk.md +++ b/doc/daily-psk.md @@ -79,6 +79,7 @@ For legacy local interface: Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [trix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/dhcp-lease-comment.md b/doc/dhcp-lease-comment.md index 6a4c930..b02f199 100644 --- a/doc/dhcp-lease-comment.md +++ b/doc/dhcp-lease-comment.md @@ -4,7 +4,7 @@ Comment DHCP leases with info from access list [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/dhcp-to-dns.md b/doc/dhcp-to-dns.md index 572011f..4211d85 100644 --- a/doc/dhcp-to-dns.md +++ b/doc/dhcp-to-dns.md @@ -4,7 +4,7 @@ Create DNS records for DHCP leases [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/firmware-upgrade-reboot.md b/doc/firmware-upgrade-reboot.md index 7ab6ac5..54f1da0 100644 --- a/doc/firmware-upgrade-reboot.md +++ b/doc/firmware-upgrade-reboot.md @@ -4,7 +4,7 @@ Automatically upgrade firmware and reboot [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index 3d9e771..46b80c2 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -4,7 +4,7 @@ Download, import and update firewall address-lists [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -18,10 +18,11 @@ Description This script downloads, imports and updates firewall address-lists. Its main purpose is to block attacking ip addresses, spam hosts, command-and-control -servers and similar malicious entities. The default configuration contains -lists from [abuse.ch](https://abuse.ch/), [dshield.org](https://dshield.org/) -and [blocklist.de](https://www.blocklist.de/), and -lists from [spamhaus.org](https://spamhaus.org/) are prepared. +servers and similar malicious entities. The default configuration contains a +[collective list by GitHub user @stamparm ↗️](https://github.com/stamparm/ipsum), +lists from [dshield.org ↗️](https://dshield.org/) and +[blocklist.de ↗️](https://www.blocklist.de/), and lists from +[spamhaus.org ↗️](https://spamhaus.org/) are prepared. The address-lists are updated in place, so after initial import you will not see situation when the lists are not populated. @@ -31,7 +32,10 @@ certificate is checked. > ⚠️ **Warning**: The script does not limit the size of a list, but keep in > mind that huge lists can exhaust your device's resources (RAM and CPU), -> and may take a long time to process. +> and may take a long time to process. +> Even crashes for the complete scripting (and CLI) subsystem are possible. +> This should be logged accordingly with warnings when global functions are +> reloaded from scheduler. Requirements and installation ----------------------------- diff --git a/doc/global-wait.md b/doc/global-wait.md index 6787d20..799cae7 100644 --- a/doc/global-wait.md +++ b/doc/global-wait.md @@ -4,7 +4,7 @@ Wait for global functions and modules [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/gps-track.md b/doc/gps-track.md index 9685899..5e4878f 100644 --- a/doc/gps-track.md +++ b/doc/gps-track.md @@ -4,7 +4,7 @@ Send GPS position to server [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/hotspot-to-wpa.md b/doc/hotspot-to-wpa.md index 07d07dc..a2e9748 100644 --- a/doc/hotspot-to-wpa.md +++ b/doc/hotspot-to-wpa.md @@ -4,7 +4,7 @@ Use WPA network with hotspot credentials [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/ip-addr-bridge.md b/doc/ip-addr-bridge.md index ddbcc0a..f9f98e3 100644 --- a/doc/ip-addr-bridge.md +++ b/doc/ip-addr-bridge.md @@ -4,7 +4,7 @@ Manage IP addresses with bridge status [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/ipsec-to-dns.md b/doc/ipsec-to-dns.md index a688e80..123656c 100644 --- a/doc/ipsec-to-dns.md +++ b/doc/ipsec-to-dns.md @@ -4,7 +4,7 @@ Create DNS records for IPSec peers [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md index 42f0fe4..1f009b1 100644 --- a/doc/ipv6-update.md +++ b/doc/ipv6-update.md @@ -4,7 +4,7 @@ Update configuration on IPv6 prefix change [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/lease-script.md b/doc/lease-script.md index 1b59ff7..f83c383 100644 --- a/doc/lease-script.md +++ b/doc/lease-script.md @@ -4,7 +4,7 @@ Run other scripts on DHCP lease [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/leds-mode.md b/doc/leds-mode.md index c01472e..a194396 100644 --- a/doc/leds-mode.md +++ b/doc/leds-mode.md @@ -4,7 +4,7 @@ Manage LEDs dark mode [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/log-forward.md b/doc/log-forward.md index 55b1540..f6086c8 100644 --- a/doc/log-forward.md +++ b/doc/log-forward.md @@ -4,7 +4,7 @@ Forward log messages via notification [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -22,15 +22,15 @@ server (see `/system/logging`). This has some limitation, however: * does not work early after boot if network connectivity is not yet established, or breaks intermittently * lots of messages generate a flood of mails -* Matrix and Telegram are not supported +* Gotify, Matrix, Ntfy and Telegram are not supported The script works around the limitations, for example it does: * read from `/log`, including messages from early boot * skip multi-repeated messages * rate-limit itself to mitigate flooding -* forward via notification (which includes *e-mail*, *Matrix* and *Telegram* - when installed and configured, see below) +* forward via notification (which includes *e-mail*, *Gotify*, *Matrix*, + *Ntfy* and *Telegram* when installed and configured, see below) It is intended to be run periodically from scheduler, then collects new log messages and forwards them via notification. @@ -53,6 +53,12 @@ Just install the script: Configuration ------------- +The default configuration should provide reasonable presets, filtering +*info*, and effectively forwarding *warning* and *error*. + +> 💡️ **Hint**: Please try with defaults first, especially if you are not +> familiar with regular expressions! + The configuration goes to `global-config-overlay`, these are the parameters: * `LogForwardFilter`: define topics *not* to be forwarded @@ -66,7 +72,7 @@ The configuration goes to `global-config-overlay`, these are the parameters: > your local `global-config-overlay` and modify it to your specific needs. These patterns are matched as -[regular expressions](https://wiki.mikrotik.com/wiki/Manual:Regular_Expressions). +[regular expressions ↗️](https://wiki.mikrotik.com/wiki/Manual:Regular_Expressions). To forward **all** (ignoring severity) log messages with topics `account` (which includes user logins) and `dhcp` you need something like: @@ -74,6 +80,7 @@ To forward **all** (ignoring severity) log messages with topics `account` Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/mod/bridge-port-to.md b/doc/mod/bridge-port-to.md index 2ed9dc7..629c526 100644 --- a/doc/mod/bridge-port-to.md +++ b/doc/mod/bridge-port-to.md @@ -4,7 +4,7 @@ Manage ports in bridge [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/mod/bridge-port-vlan.md b/doc/mod/bridge-port-vlan.md index ded2603..cf29199 100644 --- a/doc/mod/bridge-port-vlan.md +++ b/doc/mod/bridge-port-vlan.md @@ -4,7 +4,7 @@ Manage VLANs on bridge ports [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/mod/inspectvar.md b/doc/mod/inspectvar.md index 4e2f4c1..7daba15 100644 --- a/doc/mod/inspectvar.md +++ b/doc/mod/inspectvar.md @@ -4,7 +4,7 @@ Inspect variables [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/mod/ipcalc.md b/doc/mod/ipcalc.md index 9f39429..c07853e 100644 --- a/doc/mod/ipcalc.md +++ b/doc/mod/ipcalc.md @@ -4,7 +4,7 @@ IP address calculation [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/mod/notification-email.md b/doc/mod/notification-email.md index 0bef455..127bf96 100644 --- a/doc/mod/notification-email.md +++ b/doc/mod/notification-email.md @@ -4,7 +4,7 @@ Send notifications via e-mail [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -32,7 +32,7 @@ Configuration ------------- Set up your device's -[e-mail settings](https://wiki.mikrotik.com/wiki/Manual:Tools/email). +[e-mail settings ↗️](https://wiki.mikrotik.com/wiki/Manual:Tools/email). Also make sure the device has correct time configured, best is to set up the ntp client. @@ -79,6 +79,7 @@ function available: See also -------- +* [Send notifications via Gotify](notification-gotify.md) * [Send notifications via Matrix](notification-matrix.md) * [Send notifications via Ntfy](notification-ntfy.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/mod/notification-gotify.d/appsetup.avif b/doc/mod/notification-gotify.d/appsetup.avif Binary files differnew file mode 100644 index 0000000..58f57a8 --- /dev/null +++ b/doc/mod/notification-gotify.d/appsetup.avif diff --git a/doc/mod/notification-gotify.md b/doc/mod/notification-gotify.md new file mode 100644 index 0000000..6fce629 --- /dev/null +++ b/doc/mod/notification-gotify.md @@ -0,0 +1,97 @@ +Send notifications via Gotify +=========================== + +[](https://github.com/eworm-de/routeros-scripts/stargazers) +[](https://github.com/eworm-de/routeros-scripts/network) +[](https://github.com/eworm-de/routeros-scripts/watchers) +[](https://mikrotik.com/download/changelogs/) +[](https://t.me/routeros_scripts) +[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) + +[⬅️ Go back to main README](../../README.md) + +> ℹ️️ **Info**: This module can not be used on its own but requires the base +> installation. See [main README](../../README.md) for details. + +Description +----------- + +This module adds support for sending notifications via +[Gotify ↗️](https://gotify.net/). A queue is used to make sure +notifications are not lost on failure but sent later. + +Requirements and installation +----------------------------- + +Just install the module: + + $ScriptInstallUpdate mod/notification-gotify; + +Also deploy the [Gotify server ↗️](https://github.com/gotify/server) and +optionally install a Gotify client on your mobile device. + +Configuration +------------- + +Follow the [Installation ↗️](https://gotify.net/docs/install) instructions +and the [First Login ↗️](https://gotify.net/docs/first-login) setup. Once +you have a user and account you can start creating apps. Each app is an +independent notification feed for a device or application. + + + +On creation apps are assigned a *Token* for authentification, you will need +that in configuration. + +Edit `global-config-overlay`, add `GotifyServer` with your server address +(just the address, no protocol - `https://` is assumed) and `GotifyToken` +with the *Token* from your configured app on the Gotify server. Then reload +the configuration. + +> ℹ️ **Info**: Copy relevant configuration from +> [`global-config`](../../global-config.rsc) (the one without `-overlay`) to +> your local `global-config-overlay` and modify it to your specific needs. + +For a custom service installing an additional certificate may be required. +You may want to install that certificate manually, after finding the +[certificate name from browser](../../CERTIFICATES.md). + +Usage and invocation +-------------------- + +There's nothing special to do. Every script or function sending a notification +will now send it to your Gotify application feed. + +But of course you can use the function to send notifications directly. Give +it a try: + + $SendGotify "Subject..." "Body..."; + +Alternatively this sends a notification with all available and configured +methods: + + $SendNotification "Subject..." "Body..."; + +To use the functions in your own scripts you have to declare them first. +Place this before you call them: + + :global SendGotify; + :global SendNotification; + +In case there is a situation when the queue needs to be purged there is a +function available: + + $PurgeGotifyQueue; + +See also +-------- + +* [Certificate name from browser](../../CERTIFICATES.md) +* [Send notifications via e-mail](notification-email.md) +* [Send notifications via Matrix](notification-matrix.md) +* [Send notifications via Ntfy](notification-ntfy.md) +* [Send notifications via Telegram](notification-telegram.md) + +--- +[⬅️ Go back to main README](../../README.md) +[⬆️ Go back to top](#top) diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md index fbc9b91..da6d6de 100644 --- a/doc/mod/notification-matrix.md +++ b/doc/mod/notification-matrix.md @@ -4,7 +4,7 @@ Send notifications via Matrix [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -17,7 +17,7 @@ Description ----------- This module adds support for sending notifications via -[Matrix](https://matrix.org/) via client server api. A queue is used to +[Matrix ↗️](https://matrix.org/) via client server api. A queue is used to make sure notifications are not lost on failure but sent later. Requirements and installation @@ -131,6 +131,7 @@ See also * [Certificate name from browser](../../CERTIFICATES.md) * [Send notifications via e-mail](notification-email.md) +* [Send notifications via Gotify](notification-gotify.md) * [Send notifications via Ntfy](notification-ntfy.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/mod/notification-ntfy.md b/doc/mod/notification-ntfy.md index 5393d44..993501d 100644 --- a/doc/mod/notification-ntfy.md +++ b/doc/mod/notification-ntfy.md @@ -4,7 +4,7 @@ Send notifications via Ntfy [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -17,7 +17,7 @@ Description ----------- This module adds support for sending notifications via -[Ntfy](https://ntfy.sh/). A queue is used to make sure +[Ntfy ↗️](https://ntfy.sh/). A queue is used to make sure notifications are not lost on failure but sent later. Requirements and installation @@ -28,7 +28,7 @@ Just install the module: $ScriptInstallUpdate mod/notification-ntfy; Also install the Ntfy app on your mobile device or use the -[web app](https://ntfy.sh/app) in a browser of your choice. +[web app ↗️](https://ntfy.sh/app) in a browser of your choice. Configuration ------------- @@ -52,6 +52,8 @@ basic authentication. Configure `NtfyServerUser` and `NtfyServerPass` for this. Even authentication via access token is possible, adding it as password with a blank username. +Also available is `NtfyServerToken` to add a bearer token for authentication. + For a custom service installing an additional certificate may be required. You may want to install that certificate manually, after finding the [certificate name from browser](../../CERTIFICATES.md). @@ -88,6 +90,7 @@ See also * [Certificate name from browser](../../CERTIFICATES.md) * [Send notifications via e-mail](notification-email.md) +* [Send notifications via Gotify](notification-gotify.md) * [Send notifications via Matrix](notification-matrix.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/mod/notification-telegram.d/getchatid.avif b/doc/mod/notification-telegram.d/getchatid.avif Binary files differnew file mode 100644 index 0000000..7792969 --- /dev/null +++ b/doc/mod/notification-telegram.d/getchatid.avif diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md index f55f936..804104f 100644 --- a/doc/mod/notification-telegram.md +++ b/doc/mod/notification-telegram.md @@ -4,7 +4,7 @@ Send notifications via Telegram [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -17,7 +17,7 @@ Description ----------- This module adds support for sending notifications via -[Telegram](https://telegram.org/) via bot api. A queue is used to make sure +[Telegram ↗️](https://telegram.org/) via bot api. A queue is used to make sure notifications are not lost on failure but sent later. Requirements and installation @@ -33,19 +33,26 @@ and create an account. Configuration ------------- -Open Telegram, then start a chat with [BotFather](https://t.me/BotFather) and +Open Telegram, then start a chat with [BotFather ↗️](https://t.me/BotFather) and create your own bot:  -Now open a chat with your bot and start it by clicking the `START` button. +Set that token from *BotFather* (use your own!) to `TelegramTokenId`, for +now just temporarily: -Open just another chat with [GetIDs Bot](https://t.me/getidsbot), again start -with the `START` button. It will send you some information, including the -`id`, just below `You`. + :set TelegramTokenId "5214364459:AAHLwf1o7ybbKDo6pY24Kd2bZ5rjCakDXTc"; + +Now open a chat with your bot and start it by clicking the `START` button, +then send your first message. Any text will do. On your device run +`$GetTelegramChatId` to retrieve the chat id: + + $GetTelegramChatId; + + Finally edit `global-config-overlay`, add `TelegramTokenId` with the token -from *BotFather* and `TelegramChatId` with your id from *GetIDs Bot*. Then +from *BotFather* and `TelegramChatId` with your retrieved chat id. Then reload the configuration. > ℹ️ **Info**: Copy relevant configuration from @@ -54,9 +61,13 @@ reload the configuration. ### Notifications to a group -Sending notifications to a group is possible as well. Add your bot and the -*GetIDs Bot* to a group, then use the group's id (which starts with a dash) -for `TelegramChatId`. Then remove *GetIDs Bot* from group. +Sending notifications to a group is possible as well. Add your bot to a group +and make it an admin (required for read access!) and send a message and run +`$GetTelegramChatId` again. Then use that chat id (which starts with a dash) +for `TelegramChatId`. + +Groups can enable the `Topics` feature. Use `TelegramThreadId` to send to a +specific topic in a group. Usage and invocation -------------------- @@ -91,7 +102,7 @@ Tips & Tricks ### Set a profile photo You can use a profile photo for your bot to make it recognizable. Open the -chat with [BotFather](https://t.me/BotFather) and set it there. +chat with [BotFather ↗️](https://t.me/BotFather) and set it there.  @@ -104,6 +115,7 @@ See also * [Chat with your router and send commands via Telegram bot](../telegram-chat.md) * [Send notifications via e-mail](notification-email.md) +* [Send notifications via Gotify](notification-gotify.md) * [Send notifications via Matrix](notification-matrix.md) * [Send notifications via Ntfy](notification-ntfy.md) diff --git a/doc/mod/scriptrunonce.md b/doc/mod/scriptrunonce.md index 0127c6d..955d12e 100644 --- a/doc/mod/scriptrunonce.md +++ b/doc/mod/scriptrunonce.md @@ -4,7 +4,7 @@ Download script and run it once [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/mod/ssh-keys-import.md b/doc/mod/ssh-keys-import.md index dcfd95b..344f4bc 100644 --- a/doc/mod/ssh-keys-import.md +++ b/doc/mod/ssh-keys-import.md @@ -4,7 +4,7 @@ Import ssh keys for public key authentication [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/mode-button.md b/doc/mode-button.md index 7feb19f..be15bc9 100644 --- a/doc/mode-button.md +++ b/doc/mode-button.md @@ -4,7 +4,7 @@ Mode button with multiple presses [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index cdfbd97..0d94918 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -4,7 +4,7 @@ Manage DNS and DoH servers from netwatch [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -53,8 +53,8 @@ Note that using a name in DoH url may introduce a chicken-and-egg issue! Adding a static DNS record has the same result for the url, but always resolves to the same address. - /ip/dns/static/add name="dns.nextdns.io" address=199.247.16.158; - /tool/netwatch/add comment="doh" host=199.247.16.158; + /ip/dns/static/add name="cloudflare-dns.com" address=1.1.1.1; + /tool/netwatch/add comment="doh" host=1.1.1.1; Be aware that you have to keep the ip address in sync with real world manually! @@ -66,6 +66,10 @@ Importing a certificate automatically is possible. You may want to find the /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9; /tool/netwatch/add comment="doh, doh-cert=GTS Root R1" host=8.8.8.8; +> ⚠️ **Warning**: Combining these techniques can cause some confusion and +> troubles! Chances are that a service uses different certificates based +> on indicated server name. + Sometimes using just one specific (possibly internal) DNS server may be desired, with fallback in case it fails. This is possible as well: diff --git a/doc/netwatch-notify.md b/doc/netwatch-notify.md index 81adfe9..91c568f 100644 --- a/doc/netwatch-notify.md +++ b/doc/netwatch-notify.md @@ -47,6 +47,7 @@ The hosts to be checked have to be added to netwatch with specific comment: Also notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/ospf-to-leds.md b/doc/ospf-to-leds.md index 23248b5..3694d35 100644 --- a/doc/ospf-to-leds.md +++ b/doc/ospf-to-leds.md @@ -4,7 +4,7 @@ Visualize OSPF state via LEDs [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/packages-update.md b/doc/packages-update.md index 8b0d4a3..a0a1795 100644 --- a/doc/packages-update.md +++ b/doc/packages-update.md @@ -4,7 +4,7 @@ Manage system update [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -46,8 +46,8 @@ Configuration The configuration goes to `global-config-overlay`, this is the only parameter: -* `PackagesUpdateDeferReboot`: defer the reboot for night (between 3 AM - and 5 AM) +* `PackagesUpdateDeferReboot`: defer the reboot for night (between 3 AM and + 5 AM), use a numerical value in days suffixed with a `d` to defer further By modifying the scheduler's `start-time` you can force the reboot at different time. diff --git a/doc/ppp-on-up.md b/doc/ppp-on-up.md index 7902f3b..305afc1 100644 --- a/doc/ppp-on-up.md +++ b/doc/ppp-on-up.md @@ -4,7 +4,7 @@ Run scripts on ppp connection [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/sms-action.md b/doc/sms-action.md index 5de7f0d..b696c85 100644 --- a/doc/sms-action.md +++ b/doc/sms-action.md @@ -4,7 +4,7 @@ Act on received SMS [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/sms-forward.md b/doc/sms-forward.md index 8e7417b..0c1317d 100644 --- a/doc/sms-forward.md +++ b/doc/sms-forward.md @@ -4,7 +4,7 @@ Forward received SMS [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) @@ -56,6 +56,7 @@ The configuration goes to `global-config-overlay`, this is the only parameter: Notification settings are required for [e-mail](mod/notification-email.md), +[gotify](mod/notification-gotify.md), [matrix](mod/notification-matrix.md), [ntfy](mod/notification-ntfy.md) and/or [telegram](mod/notification-telegram.md). diff --git a/doc/super-mario-theme.md b/doc/super-mario-theme.md index 2ffb25b..c72f220 100644 --- a/doc/super-mario-theme.md +++ b/doc/super-mario-theme.md @@ -4,7 +4,7 @@ Play Super Mario theme [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/unattended-lte-firmware-upgrade.md b/doc/unattended-lte-firmware-upgrade.md index e9a888c..cb96aa1 100644 --- a/doc/unattended-lte-firmware-upgrade.md +++ b/doc/unattended-lte-firmware-upgrade.md @@ -4,7 +4,7 @@ Install LTE firmware upgrade [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/update-gre-address.md b/doc/update-gre-address.md index 7e101c4..de9f622 100644 --- a/doc/update-gre-address.md +++ b/doc/update-gre-address.md @@ -4,7 +4,7 @@ Update GRE configuration with dynamic addresses [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/update-tunnelbroker.md b/doc/update-tunnelbroker.md index 126d470..ee0fe98 100644 --- a/doc/update-tunnelbroker.md +++ b/doc/update-tunnelbroker.md @@ -4,7 +4,7 @@ Update tunnelbroker configuration [](https://github.com/eworm-de/routeros-scripts/stargazers) [](https://github.com/eworm-de/routeros-scripts/network) [](https://github.com/eworm-de/routeros-scripts/watchers) -[](https://mikrotik.com/download/changelogs/) +[](https://mikrotik.com/download/changelogs/) [](https://t.me/routeros_scripts) [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/firmware-upgrade-reboot.rsc b/firmware-upgrade-reboot.rsc index 74847ac..e3ca55b 100644 --- a/firmware-upgrade-reboot.rsc +++ b/firmware-upgrade-reboot.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: firmware-upgrade-reboot -# Copyright (c) 2022-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2022-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # install firmware upgrade, and reboot -# https://git.eworm.de/cgit/routeros-scripts/about/doc/firmware-upgrade-reboot.md +# https://rsc.eworm.de/doc/firmware-upgrade-reboot.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; @@ -19,6 +20,7 @@ :global VersionToNum; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -26,10 +28,12 @@ :if ($RouterBoard->"current-firmware" = $RouterBoard->"upgrade-firmware") do={ $LogPrint info $ScriptName ("Current and upgrade firmware match with version " . \ $RouterBoard->"current-firmware" . "."); + :set ExitOK true; :error true; } :if ([ $VersionToNum ($RouterBoard->"current-firmware") ] > [ $VersionToNum ($RouterBoard->"upgrade-firmware") ]) do={ $LogPrint info $ScriptName ("Different firmware version is available, but it is a downgrade. Ignoring."); + :set ExitOK true; :error true; } @@ -51,4 +55,6 @@ $LogPrint info $ScriptName ("Firmware upgrade successful, rebooting."); /system/reboot; -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index a9513d8..0c45f7e 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: fw-addr-lists -# Copyright (c) 2023-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2023-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.16 # # download, import and update firewall address-lists -# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md +# https://rsc.eworm.de/doc/fw-addr-lists.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global FwAddrLists; @@ -23,6 +24,7 @@ :global HumanReadableNum; :global LogPrint; :global LogPrintOnce; + :global LogPrintVerbose; :global ScriptLock; :global WaitFullyConnected; @@ -35,11 +37,23 @@ } } + :local GetBranch do={ + :global EitherOr; + :return [ :pick [ :convert transform=md5 to=hex [ :pick $1 0 [ $EitherOr [ :find $1 "/" ] [ :len $1 ] ] ] ] 0 2 ]; + } + :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; + :if ([ :len [ /log/find where topics=({"script"; "warning"}) \ + message=("\$LogPrintOnce: The message is already in log, scripting subsystem may have crashed before!") ] ] > 0) do={ + $LogPrintOnce warning $ScriptName ("Scripting subsystem may have crashed, possibly caused by us. Delaying!"); + :delay 5m; + } + :local ListComment ("managed by " . $ScriptName); :foreach FwListName,FwList in=$FwAddrLists do={ @@ -90,22 +104,31 @@ :set Line ($Line->0); :local Address; :if ([ :pick $Line 0 1 ] = "{") do={ - :set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ]; + :do { + :set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ]; + } on-error={ } } else={ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { + :local Branch [ $GetBranch $Address ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ - :set ($IPv4Addresses->$Address) $TimeOut; + :if ($Address ~ "/32\$") do={ + :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; + } + :set ($IPv4Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ - :set ($IPv6Addresses->$Address) $TimeOut; + :if ([ :typeof [ :find $Address "/" ] ] = "nil") do={ + :set Address ($Address . "/128"); + } + :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={ - :set ($IPv4Addresses->$Address) $TimeOut; - :set ($IPv6Addresses->$Address) $TimeOut; + :set ($IPv4Addresses->$Branch->$Address) $TimeOut; + :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } } on-error={ } @@ -115,16 +138,18 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={ - $LogPrint debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ - "' with " . ($IPv4Addresses->$Address) . ": " . $Address); - /ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address); - :set ($IPv4Addresses->$Address); + :local Branch [ $GetBranch $Address ]; + :local TimeOut ($IPv4Addresses->$Branch->$Address); + :if ([ :typeof $TimeOut ] = "time") do={ + $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address " . $Address . \ + " in list '" . $FwListName . "' with " . $TimeOut . "."); + /ip/firewall/address-list/set $Entry timeout=$TimeOut; + :set ($IPv4Addresses->$Branch->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrint debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ - "': " . $Address); + $LogPrintVerbose debug $ScriptName ("Removing IPv4 address " . $Address . \ + " from list '" . $FwListName . "."); /ip/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); } @@ -134,47 +159,53 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={ - $LogPrint debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ - "' with " . ($IPv6Addresses->$Address) . ": " . $Address); - /ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address); - :set ($IPv6Addresses->$Address); + :local Branch [ $GetBranch $Address ]; + :local TimeOut ($IPv6Addresses->$Branch->$Address); + :if ([ :typeof $TimeOut ] = "time") do={ + $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address " . $Address . \ + " in list '" . $FwListName . "' with " . $TimeOut . "."); + /ipv6/firewall/address-list/set $Entry timeout=$TimeOut; + :set ($IPv6Addresses->$Branch->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrint debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ - "': " . $Address); + $LogPrintVerbose debug $ScriptName ("Removing IPv6 address " . $Address . \ + " from list '" . $FwListName ."."); /ipv6/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); } } } - :foreach Address,Timeout in=$IPv4Addresses do={ - $LogPrint debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set ($IPv4Addresses->$Address); - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ - "': " . $Address); + :foreach BranchName,Branch in=$IPv4Addresses do={ + $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); + :foreach Address,Timeout in=$Branch do={ + $LogPrintVerbose debug $ScriptName ("Adding IPv4 address " . $Address . \ + " to list '" . $FwListName . "' with " . $Timeout . "."); + :onerror Err { + /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set CntAdd ($CntAdd + 1); + } do={ + $LogPrint warning $ScriptName ("Failed to add IPv4 address " . $Address . \ + " to list '" . $FwListName . "': " . $Err); + } } } - :foreach Address,Timeout in=$IPv6Addresses do={ - $LogPrint debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set ($IPv6Addresses->$Address); - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ - "': " . $Address); + :foreach BranchName,Branch in=$IPv6Addresses do={ + $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); + :foreach Address,Timeout in=$Branch do={ + $LogPrintVerbose debug $ScriptName ("Adding IPv6 address " . $Address . \ + " to list '" . $FwListName . "' with " . $Timeout . "."); + :onerror Err { + /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set CntAdd ($CntAdd + 1); + } do={ + $LogPrint warning $ScriptName ("Failed to add IPv6 address " . $Address . \ + " to list '" . $FwListName . "': " . $Err); + } } } @@ -184,4 +215,6 @@ " - renewed: " . [ $HumanReadableNum $CntRenew 1000 ] . \ " - removed: " . [ $HumanReadableNum $CntRemove 1000 ]); } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/global-config-overlay.rsc b/global-config-overlay.rsc index 9ffd90c..9afaceb 100644 --- a/global-config-overlay.rsc +++ b/global-config-overlay.rsc @@ -1,12 +1,12 @@ # Overlay for global configuration by RouterOS Scripts -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # global configuration, custom overlay -# https://git.eworm.de/cgit/routeros-scripts/about/#editing-configuration +# https://rsc.eworm.de/#editing-configuration # Copy relevant configuration from global-config, paste and modify it here. -# https://git.eworm.de/cgit/routeros-scripts/about/global-config.rsc +# https://rsc.eworm.de/global-config.rsc # End of global-config-overlay diff --git a/global-config.rsc b/global-config.rsc index c4e04b5..86d528a 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -1,10 +1,16 @@ #!rsc by RouterOS # RouterOS script: global-config -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # global configuration -# https://git.eworm.de/cgit/routeros-scripts/about/ +# https://rsc.eworm.de/ + +# Warning: Do *NOT* copy this line to overlay! +:global GlobalConfigReady false; +# || ... but +# \||/ start +# \/ here! # Set this to 'true' to disable news and change notifications. :global NoNewsAndChangesNotification false; @@ -33,6 +39,8 @@ :global TelegramChatId ""; #:global TelegramTokenId "123456:ABCDEF-GHI"; #:global TelegramChatId "12345678"; +# Use this to send notifications to a specific topic in group. +:global TelegramThreadId ""; # Using telegram-chat you have to define trusted chat ids (not group ids!) # or user names. Groups allow to chat with devices simultaneously. #:global TelegramChatIdsTrusted { @@ -56,10 +64,17 @@ # install the module: # $ScriptInstallUpdate mod/notification-ntfy :global NtfyServer "ntfy.sh"; -:global NtfyServerUser []; -:global NtfyServerPass []; +:global NtfyServerUser ""; +:global NtfyServerPass ""; +:global NtfyServerToken ""; :global NtfyTopic ""; +# You can send Gotify notifications. Configure these settings and +# install the module: +# $ScriptInstallUpdate mod/notification-gotify +:global GotifyServer ""; +:global GotifyToken ""; + # It is possible to override e-mail, Telegram, Matrix and Ntfy setting # for every script. This is done in arrays, where 'Override' is appended # to the variable name, like this: @@ -89,46 +104,46 @@ :global BackupPartitionCopyBeforeFeatureUpdate false; # This defines the settings for firewall address-lists (fw-addr-lists). +# Warning: Mind your device's resources - memory and processing! :global FwAddrLists { # "allow"={ -# { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/allow"; +# { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow"; # cert="ISRG Root X2"; timeout=1w }; # }; "block"={ -# { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/block"; +# { url="https://rsc.eworm.de/main/fw-addr-lists.d/block"; # cert="ISRG Root X2" }; - { url="https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt"; - cert="GlobalSign" }; - { url="https://sslbl.abuse.ch/blacklist/sslipblacklist.txt"; - cert="GlobalSign" }; + { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt"; +# # higher level (decrease the numerical value) for more addresses, and vice versa + cert="USERTrust RSA Certification Authority" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="ISRG Root X1" }; { url="https://lists.blocklist.de/lists/strongips.txt"; cert="Certum Trusted Network CA" }; # { url="https://www.spamhaus.org/drop/drop_v4.json"; -# cert="ISRG Root X1" }; +# cert="GTS Root R4" }; # { url="https://www.spamhaus.org/drop/drop_v6.json"; -# cert="ISRG Root X1" }; +# cert="GTS Root R4" }; }; # "mikrotik"={ -# { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/mikrotik"; +# { url="https://rsc.eworm.de/main/fw-addr-lists.d/mikrotik"; # cert="ISRG Root X2"; timeout=1w }; # }; }; :global FwAddrListTimeOut 1d; # This defines what log messages to filter or include by topic or message -# text. Regular expressions are supported. Do *NOT* set an empty string, -# that will filter or include everything! +# text. Regular expressions are supported. An empty string has a special +# meaning not to filter or include anything. # These are filters, so excluding messages from forwarding. :global LogForwardFilter "(debug|info|packet|raw)"; -:global LogForwardFilterMessage []; +:global LogForwardFilterMessage ""; #:global LogForwardFilterMessage "message text"; #:global LogForwardFilterMessage "(message text|another text|...)"; # ... and another setting with reverse logic. This includes messages even # if filtered above. -:global LogForwardInclude []; -:global LogForwardIncludeMessage []; +:global LogForwardInclude ""; +:global LogForwardIncludeMessage ""; #:global LogForwardInclude "account"; #:global LogForwardIncludeMessage "message text"; @@ -186,7 +201,7 @@ # Run different commands with multiple mode-button presses. :global ModeButton { - 1="/system/script/run leds-toggle-mode;"; + 1="/system/leds/settings/set all-leds-off=(({ \"never\"=\"immediate\"; \"immediate\"=\"never\" })->[ get all-leds-off ]);"; 2=":global Identity; :global SendNotification; :global SymbolForNotification; \$SendNotification ([ \$SymbolForNotification \"earth\" ] . \"Hello...\") (\"Hello world, \" . \$Identity . \" calling!\");"; 3="/system/shutdown;"; 4="/system/reboot;"; @@ -216,14 +231,16 @@ :global GpsTrackUrl "https://example.com/index.php"; # This is the base url to fetch scripts from. -:global ScriptUpdatesBaseUrl "https://git.eworm.de/cgit/routeros-scripts/plain/"; +:global ScriptUpdatesBaseUrl "https://rsc.eworm.de/main/"; # alternative urls - main: stable code - next: currently in development +#:global ScriptUpdatesBaseUrl "https://rsc.eworm.de/next/"; +#:global ScriptUpdatesBaseUrl "https://git.eworm.de/cgit/routeros-scripts/plain/"; #:global ScriptUpdatesBaseUrl "https://raw.githubusercontent.com/eworm-de/routeros-scripts/main/"; #:global ScriptUpdatesBaseUrl "https://raw.githubusercontent.com/eworm-de/routeros-scripts/next/"; #:global ScriptUpdatesBaseUrl "https://gitlab.com/eworm-de/routeros-scripts/raw/main/"; #:global ScriptUpdatesBaseUrl "https://gitlab.com/eworm-de/routeros-scripts/raw/next/"; :global ScriptUpdatesUrlSuffix ""; -# use next branch with default url (git.eworm.de) +# use next branch with my git url (git.eworm.de) #:global ScriptUpdatesUrlSuffix "?h=next"; # Use this for defaults with $ScriptRunOnce @@ -235,7 +252,7 @@ # This project is developed in private spare time and usage is free of charge # for you. If you like the scripts and think this is of value for you or your # business please consider a donation: -# https://git.eworm.de/cgit/routeros-scripts/about/#donate +# https://rsc.eworm.de/#donate # Enable this to silence donation hint. :global IDonate false; @@ -253,14 +270,20 @@ "cert2-cn"="4n0th3r-s3cr3t"; }; +# /\ Warning: Do *NOT* copy +# /\7\ the code below to overlay! +# /_()_\ Things *will* break! +# # load custom settings from overlay and snippets -# Warning: Do *NOT* copy this code to overlay! :foreach Script in=([ /system/script/find where name="global-config-overlay" ], \ [ /system/script/find where name~"^global-config-overlay.d/" ]) do={ - :do { + :onerror Err { /system/script/run $Script; - } on-error={ + } do={ :log error ("Loading configuration from overlay or snippet " . \ - [ /system/script/get $Script name ] . " failed!"); + [ /system/script/get $Script name ] . " failed: " . $Err); } } + +# signal we are ready +:set GlobalConfigReady true; diff --git a/global-functions.rsc b/global-functions.rsc index 47a69c4..829cbf2 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1,18 +1,21 @@ #!rsc by RouterOS # RouterOS script: global-functions -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch, scheduler # # global functions -# https://git.eworm.de/cgit/routeros-scripts/about/ +# https://rsc.eworm.de/ :local ScriptName [ :jobname ]; -# expected configuration version -:global ExpectedConfigVersion 131; +# Git commit id & info, expected configuration version +:global CommitId "unknown"; +:global CommitInfo "unknown"; +:global ExpectedConfigVersion 138; # global variables not to be changed by user :global GlobalFunctionsReady false; @@ -32,8 +35,11 @@ :global DownloadPackage; :global EitherOr; :global EscapeForRegEx; +:global ExitError; :global FetchHuge; :global FetchUserAgentStr; +:global FileExists; +:global FileGet; :global FormatLine; :global FormatMultiLines; :global GetMacVendor; @@ -51,6 +57,7 @@ :global IsTimeSync; :global LogPrint; :global LogPrintOnce; +:global LogPrintVerbose; :global MAX; :global MIN; :global MkDir; @@ -61,6 +68,8 @@ :global ProtocolStrip; :global RandomDelay; :global RequiredRouterOS; +:global RmDir; +:global RmFile; :global ScriptFromTerminal; :global ScriptInstallUpdate; :global ScriptLock; @@ -112,6 +121,11 @@ :return false; } + :if (([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \ + [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={ + :return true; + } + :if ([ :len [ /certificate/find where common-name=$CommonName ] ] = 0) do={ $LogPrint info $0 ("Certificate with CommonName '" . $CommonName . "' not available."); :if ([ $CertificateDownload $CommonName ] = false) do={ @@ -145,6 +159,7 @@ :global CleanName; :global FetchUserAgentStr; :global LogPrint; + :global RmFile; :global WaitForFile; $LogPrint info $0 ("Downloading and importing certificate with " . \ @@ -159,8 +174,8 @@ $LogPrint warning $0 ("Failed downloading certificate with CommonName '" . $CommonName . \ "' from repository! Trying fallback to mkcert.org..."); :do { - :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ - $LogPrint error $0 ("Downloading required certificate failed."); + :if ([ :len [ /certificate/find where common-name="ISRG Root X1" ] ] = 0) do={ + $LogPrint error $0 ("Required certificate is not available."); :return false; } /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $0 ] }) \ @@ -168,7 +183,7 @@ dst-path=$FileName as-value; $WaitForFile $FileName; :if ([ /file/get $FileName size ] = 0) do={ - /file/remove $FileName; + $RmFile $FileName; :error false; } } on-error={ @@ -179,7 +194,7 @@ /certificate/import file-name=$FileName passphrase="" as-value; :delay 1s; - /file/remove [ find where name=$FileName ]; + $RmFile $FileName; :if ([ :len [ /certificate/find where common-name=$CommonName ] ] = 0) do={ /certificate/remove [ find where name~("^" . $FileName . "_[0-9]+\$") ]; @@ -195,12 +210,19 @@ # name a certificate by its common-name :set CertificateNameByCN do={ - :local CommonName [ :tostr $1 ]; + :local Match [ :tostr $1 ]; :global CleanName; + :global LogPrint; - :local Cert [ /certificate/find where common-name=$CommonName ]; + :local Cert ([ /certificate/find where (common-name=$Match or fingerprint=$Match or name=$Match) ]->0); + :if ([ :len $Cert ] = 0) do={ + $LogPrint warning $0 ("No matching certificate found."); + :return false; + } + :local CommonName [ /certificate/get $Cert common-name ]; /certificate/set $Cert name=[ $CleanName $CommonName ]; + :return true; } # multiply given character(s) @@ -279,6 +301,8 @@ # get readable device info :set DeviceInfo do={ + :global CommitId; + :global CommitInfo; :global ExpectedConfigVersion; :global Identity; @@ -300,16 +324,19 @@ ([ $FormatLine "Location" ($Snmp->"location") ] . "\n") ] . \ [ $IfThenElse ([ :len ($Snmp->"contact") ] > 0) \ ([ $FormatLine "Contact" ($Snmp->"contact") ] . "\n") ] . \ - [ $FormatLine "Board name" ($Resource->"board-name") ] . "\n" . \ - [ $FormatLine "Architecture" ($Resource->"architecture-name") ] . "\n" . \ + "Hardware:\n" . \ + [ $FormatLine " Board" ($Resource->"board-name") ] . "\n" . \ + [ $FormatLine " Arch" ($Resource->"architecture-name") ] . "\n" . \ [ $IfThenElse ($RouterBoard->"routerboard" = true) \ - ([ $FormatLine "Model" ($RouterBoard->"model") ] . \ + ([ $FormatLine " Model" ($RouterBoard->"model") ] . \ [ $IfThenElse ([ :len ($RouterBoard->"revision") ] > 0) \ (" " . $RouterBoard->"revision") ] . "\n" . \ - [ $FormatLine "Serial number" ($RouterBoard->"serial-number") ] . "\n") ] . \ - [ $IfThenElse ([ :len ($License->"level") ] > 0) \ - ([ $FormatLine "License" ($License->"level") ] . "\n") ] . \ + [ $FormatLine " Serial" ($RouterBoard->"serial-number") ] . "\n") ] . \ + [ $IfThenElse ([ :len ($License->"nlevel") ] > 0) \ + ([ $FormatLine " License" ("level " . ($License->"nlevel")) ] . "\n") ] . \ "RouterOS:\n" . \ + [ $IfThenElse ([ :len ($License->"level") ] > 0) \ + ([ $FormatLine " License" ("level " . ($License->"level")) ] . "\n") ] . \ [ $FormatLine " Channel" ($Update->"channel") ] . "\n" . \ [ $FormatLine " Installed" ($Update->"installed-version") ] . "\n" . \ [ $IfThenElse ([ :typeof ($Update->"latest-version") ] != "nothing" && \ @@ -319,6 +346,8 @@ $RouterBoard->"current-firmware" != $RouterBoard->"upgrade-firmware") \ ([ $FormatLine " Firmware" ($RouterBoard->"current-firmware") ] . "\n") ] . \ "RouterOS-Scripts:\n" . \ + [ $IfThenElse ($CommitId != "unknown") \ + ([ $FormatLine " Commit" ($CommitInfo . "/" . [ :pick $CommitId 0 8 ]) ] . "\n") ] . \ [ $FormatLine " Version" $ExpectedConfigVersion ]); } @@ -336,8 +365,10 @@ :global CertificateAvailable; :global CleanFilePath; + :global FileExists; :global LogPrint; :global MkDir; + :global RmFile; :global WaitForFile; :if ([ :len $PkgName ] = 0) do={ :return false; } @@ -355,7 +386,7 @@ :return false; } - :if ([ :len [ /file/find where name=$PkgDest type="package" ] ] > 0) do={ + :if ([ $FileExists $PkgDest "package" ] = true) do={ $LogPrint info $0 ("Package file " . $PkgName . " already exists."); :return true; } @@ -368,25 +399,22 @@ :local Url ("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile); $LogPrint info $0 ("Downloading package file '" . $PkgName . "'..."); $LogPrint debug $0 ("... from url: " . $Url); - :local Retry 3; - :while ($Retry > 0) do={ - :do { - /tool/fetch check-certificate=yes-without-crl $Url dst-path=$PkgDest; - $WaitForFile $PkgDest; - :if ([ /file/get [ find where name=$PkgDest ] type ] = "package") do={ - :return true; - } - } on-error={ - $LogPrint debug $0 ("Downloading package file failed."); - } + :onerror Err { + /tool/fetch check-certificate=yes-without-crl $Url dst-path=$PkgDest; + $WaitForFile $PkgDest; + } do={ + $LogPrint warning $0 ("Downloading package file '" . $PkgName . "' failed: " . $Err); + :return false; + } - /file/remove [ find where name=$PkgDest ]; - :set Retry ($Retry - 1); + :if ([ $FileExists $PkgDest "package" ] = false) do={ + $LogPrint warning $0 ("Downloaded file is not a package, removing."); + $RmFile $PkgDest; + :return false; } - $LogPrint warning $0 ("Downloading package file '" . $PkgName . "' failed."); - :return false; + :return true; } # return either first (if "true") or second @@ -425,11 +453,27 @@ :return $Return; } +# simple macro to print error message on unintentional error +:set ExitError do={ + :local ExitOK [ :tostr $1 ]; + :local Name [ :tostr $2 ]; + :local Error [ :tostr $3 ]; + + :global IfThenElse; + :global LogPrint; + + :if ($ExitOK = "false") do={ + $LogPrint error $Name ([ $IfThenElse ([ :pick $Name 0 1 ] = "\$") \ + "Function" "Script" ] . " '" . $Name . "' exited with error" . \ + [ $IfThenElse (!($Error ~ "^(|true|false)\$")) (": " . $Error) "." ]); + } +} + # fetch huge data to file, read in chunks :set FetchHuge do={ - :local ScriptName [ :tostr $1 ]; - :local Url [ :tostr $2 ]; - :local CheckCert [ :tobool $3 ]; + :local ScriptName [ :tostr $1 ]; + :local Url [ :tostr $2 ]; + :local CheckCert [ :tostr $3 ]; :global CleanName; :global FetchUserAgentStr; @@ -437,9 +481,11 @@ :global IfThenElse; :global LogPrint; :global MkDir; + :global RmDir; + :global RmFile; :global WaitForFile; - :set CheckCert [ $IfThenElse ($CheckCert = false) "no" "yes-without-crl" ]; + :set CheckCert [ $IfThenElse ($CheckCert = "false") "no" "yes-without-crl" ]; :local DirName ("tmpfs/" . [ $CleanName $ScriptName ]); :if ([ $MkDir $DirName ] = false) do={ @@ -448,15 +494,15 @@ } :local FileName ($DirName . "/" . [ $CleanName $0 ] . "-" . [ $GetRandom20CharAlNum ]); - :do { + :onerror Err { /tool/fetch check-certificate=$CheckCert $Url dst-path=$FileName \ http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) as-value; - } on-error={ + } do={ :if ([ $WaitForFile $FileName 500ms ] = true) do={ - /file/remove $FileName; + $RmFile $FileName; } - $LogPrint debug $0 ("Failed downloading from: " . $Url); - /file/remove $DirName; + $LogPrint debug $0 ("Failed downloading from " . $Url . " - " . $Err); + $RmDir $DirName; :return false; } $WaitForFile $FileName; @@ -464,11 +510,15 @@ :local FileSize [ /file/get $FileName size ]; :local Return ""; :local VarSize 0; - :while ($VarSize < $FileSize) do={ + :while ($VarSize != $FileSize) do={ :set Return ($Return . ([ /file/read offset=$VarSize chunk-size=32768 file=$FileName as-value ]->"data")); + :set FileSize [ /file/get $FileName size ]; :set VarSize [ :len $Return ]; + :if ($VarSize > $FileSize) do={ + :delay 100ms; + } } - /file/remove $DirName; + $RmDir $DirName; :return $Return; } @@ -482,6 +532,47 @@ $Resource->"architecture-name" . " " . $Caller . "/Fetch (https://rsc.eworm.de/)"); } +# check for existence of file, optionally with type +:set FileExists do={ + :local FileName [ :tostr $1 ]; + :local Type [ :tostr $2 ]; + + :global FileGet; + + :local FileVal [ $FileGet $FileName ]; + :if ($FileVal = false) do={ + :return false; + } + + :if ([ :len ($FileVal->"size") ] = 0) do={ + :return false; + } + + :if ([ :len $Type ] = 0 || $FileVal->"type" = $Type) do={ + :return true; + } + + :return false; +} + +# get file properties in array, or false on error +:set FileGet do={ + :local FileName [ :tostr $1 ]; + + :global WaitForFile; + + :if ([ $WaitForFile $FileName 0s ] = false) do={ + :return false; + } + + :local FileVal false; + :do { + :set FileVal [ /file/get $FileName ]; + } on-error={ } + + :return $FileVal; +} + # format a line for output :set FormatLine do={ :local Key [ :tostr $1 ]; @@ -544,12 +635,12 @@ ("https://api.macvendors.com/" . [ :pick $Mac 0 8 ]) output=user as-value ]->"data"); :return $Vendor; } on-error={ - :do { + :onerror Err { /tool/fetch check-certificate=yes-without-crl ("https://api.macvendors.com/") \ output=none as-value; $LogPrint debug $0 ("The mac vendor is not known in database."); - } on-error={ - $LogPrint warning $0 ("Failed getting mac vendor."); + } do={ + $LogPrint warning $0 ("Failed getting mac vendor: " . $Err); } :return "unknown vendor"; } @@ -813,6 +904,9 @@ :return true; } +# The function $LogPrintVerbose is declared, but has no code, intentionally. +# https://rsc.eworm.de/DEBUG.md#verbose-output + # get max value :set MAX do={ :if ($1 > $2) do={ :return $1; } @@ -830,7 +924,9 @@ :local Path [ :tostr $1 ]; :global CleanFilePath; + :global FileGet; :global LogPrint; + :global RmDir; :global WaitForFile; :local MkTmpfs do={ @@ -847,12 +943,12 @@ } $LogPrint info $0 ("Creating disk of type tmpfs."); - /file/remove [ find where name="tmpfs" type="directory" ]; - :do { + $RmDir "tmpfs"; + :onerror Err { /disk/add slot=tmpfs type=tmpfs tmpfs-max-size=([ /system/resource/get total-memory ] / 3); $WaitForFile "tmpfs"; - } on-error={ - $LogPrint warning $0 ("Creating disk of type tmpfs failed!"); + } do={ + $LogPrint warning $0 ("Creating disk of type tmpfs failed: " . $Err); :return false; } :return true; @@ -864,7 +960,11 @@ :return true; } - :if ([ :len [ /file/find where name=$Path type="directory" ] ] = 1) do={ + $LogPrint debug $0 ("Making directory: " . $Path); + + :local PathVal [ $FileGet $Path ]; + :if ($PathVal->"type" = "directory") do={ + $LogPrint debug $0 ("... which already exists."); :return true; } @@ -874,13 +974,11 @@ } } - :do { - :local File ($Path . "/file"); - /file/add name=$File; - $WaitForFile $File; - /file/remove $File; - } on-error={ - $LogPrint warning $0 ("Making directory '" . $Path . "' failed!"); + :onerror Err { + /file/add type="directory" name=$Path; + $WaitForFile $Path; + } do={ + $LogPrint warning $0 ("Making directory '" . $Path . "' failed: " . $Err); :return false; } @@ -904,14 +1002,24 @@ # parse key value store :set ParseKeyValueStore do={ :local Source $1; + + :if ([ :pick $Source 0 1 ] = "{") do={ + :do { + :return [ :deserialize from=json $Source ]; + } on-error={ } + } + :if ([ :typeof $Source ] != "array") do={ :set Source [ :tostr $1 ]; } :local Result ({}); :foreach KeyValue in=[ :toarray $Source ] do={ :if ([ :find $KeyValue "=" ]) do={ - :set ($Result->[ :pick $KeyValue 0 [ :find $KeyValue "=" ] ]) \ - [ :pick $KeyValue ([ :find $KeyValue "=" ] + 1) [ :len $KeyValue ] ]; + :local Key [ :pick $KeyValue 0 [ :find $KeyValue "=" ] ]; + :local Value [ :pick $KeyValue ([ :find $KeyValue "=" ] + 1) [ :len $KeyValue ] ]; + :if ($Value="true") do={ :set Value true; } + :if ($Value="false") do={ :set Value false; } + :set ($Result->$Key) $Value; } else={ :set ($Result->$KeyValue) true; } @@ -976,6 +1084,64 @@ :return true; } +# remove directory +:set RmDir do={ + :local DirName [ :tostr $1 ]; + + :global FileGet; + :global LogPrint; + + $LogPrint debug $0 ("Removing directory: ". $DirName); + + :local DirVal [ $FileGet $DirName ]; + :if ($DirVal = false) do={ + $LogPrint debug $0 ("... which does not exist."); + :return true; + } + + :if ($DirVal->"type" != "directory") do={ + $LogPrint error $0 ("Directory '" . $DirName . "' is not a directory."); + :return false; + } + + :onerror Err { + /file/remove $DirName; + } do={ + $LogPrint error $0 ("Removing directory '" . $DirName . "' failed: " . $Err); + :return false; + } + :return true; +} + +# remove file +:set RmFile do={ + :local FileName [ :tostr $1 ]; + + :global FileGet; + :global LogPrint; + + $LogPrint debug $0 ("Removing file: ". $FileName); + + :local FileVal [ $FileGet $FileName ]; + :if ($FileVal = false) do={ + $LogPrint debug $0 ("... which does not exist."); + :return true; + } + + :if ($FileVal->"type" = "directory" || $FileVal->"type" = "disk") do={ + $LogPrint error $0 ("File '" . $FileName . "' is not a file."); + :return false; + } + + :onerror Err { + /file/remove $FileName; + } do={ + $LogPrint error $0 ("Removing file '" . $FileName . "' failed: " . $Err); + :return false; + } + :return true; +} + # check if script is run from terminal :set ScriptFromTerminal do={ :local Script [ :tostr $1 ]; @@ -1003,11 +1169,15 @@ } # install new scripts, update existing scripts -:set ScriptInstallUpdate do={ +:set ScriptInstallUpdate do={ :onerror Err { :local Scripts [ :toarray $1 ]; :local NewComment [ :tostr $2 ]; + :global CommitId; + :global CommitInfo; :global ExpectedConfigVersion; + :global GlobalConfigReady; + :global GlobalFunctionsReady; :global Identity; :global IDonate; :global NoNewsAndChangesNotification; @@ -1039,9 +1209,18 @@ } } + :local CommitIdBefore $CommitId; :local ExpectedConfigVersionBefore $ExpectedConfigVersion; - :local ReloadGlobalFunctions false; - :local ReloadGlobalConfig false; + :local ReloadGlobal false; + :local DeviceMode [ /system/device-mode/get ]; + + :local CheckSums ({}); + :do { + :local Url ($ScriptUpdatesBaseUrl . "checksums.json" . $ScriptUpdatesUrlSuffix); + $LogPrint debug $0 ("Fetching checksums from url: " . $Url); + :set CheckSums [ :deserialize from=json ([ /tool/fetch check-certificate=yes-without-crl \ + http-header-field=({ [ $FetchUserAgentStr $0 ] }) $Url output=user as-value ]->"data") ]; + } on-error={ } :foreach Script in=[ /system/script/find where source~"^#!rsc by RouterOS\r?\n" ] do={ :local ScriptVal [ /system/script/get $Script ]; @@ -1056,8 +1235,26 @@ } } - :if (!($ScriptInfo->"ignore" = true)) do={ - :do { + :do { + :if ($ScriptInfo->"ignore" = true) do={ + $LogPrint debug $0 ("Ignoring script '" . $ScriptVal->"name" . "', as requested."); + :error true; + } + + :local CheckSum ($CheckSums->($ScriptVal->"name")); + :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \ + [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ + $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); + :error true; + } + + :if ([ :len ($ScriptInfo->"certificate") ] > 0) do={ + :if ([ $CertificateAvailable ($ScriptInfo->"certificate") ] = false) do={ + $LogPrint warning $0 ("Downloading certificate failed, trying without."); + } + } + + :onerror Err { :local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ]; :local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ]; :local Url ($BaseUrl . $ScriptVal->"name" . ".rsc" . $UrlSuffix); @@ -1067,70 +1264,84 @@ :if ($Result->"status" = "finished") do={ :set SourceNew [ :tolf ($Result->"data") ]; } - } on-error={ + } do={ + $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "': " . $Err); :if ($ScriptVal->"source" = "#!rsc by RouterOS\n") do={ - $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . \ - "', removing dummy. Typo on installation?"); + $LogPrint warning $0 ("Removing dummy. Typo on installation?"); /system/script/remove $Script; - } else={ - $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "'!"); } + :error false; + } + + :if ([ :len $SourceNew ] = 0) do={ + $LogPrint debug $0 ("No update for script '" . $ScriptVal->"name" . "'."); + :error false; } - } - :if ([ :len $SourceNew ] > 0) do={ :local SourceCRLF [ :tocrlf $SourceNew ]; - :if ($SourceNew != $ScriptVal->"source" && $SourceCRLF != $ScriptVal->"source") do={ - :if ([ :pick $SourceNew 0 18 ] = "#!rsc by RouterOS\n") do={ - :local Required ([ $ParseKeyValueStore [ $Grep $SourceNew ("\23 requires RouterOS, ") ] ]->"version"); - :if ([ $RequiredRouterOS $0 [ $EitherOr $Required "0.0" ] false ] = true) do={ - :if ([ $ValidateSyntax $SourceNew ] = true) do={ - $LogPrint info $0 ("Updating script: " . $ScriptVal->"name"); - /system/script/set owner=($ScriptVal->"name") \ - source=[ $IfThenElse ($ScriptUpdatesCRLF = true) $SourceCRLF $SourceNew ] $Script; - :if ($ScriptVal->"name" = "global-config") do={ - :set ReloadGlobalConfig true; - } - :if ($ScriptVal->"name" = "global-functions" || $ScriptVal->"name" ~ ("^mod/.")) do={ - :set ReloadGlobalFunctions true; - } - } else={ - $LogPrint warning $0 ("Syntax validation for script '" . $ScriptVal->"name" . \ - "' failed! Ignoring!"); - } - } else={ - $LogPrintOnce warning $0 ("The script '" . $ScriptVal->"name" . "' requires RouterOS " . \ - $Required . ", which is not met by your installation. Ignoring!"); - } - } else={ - $LogPrint warning $0 ("Looks like new script '" . $ScriptVal->"name" . \ + :if ($SourceNew = $ScriptVal->"source" || $SourceCRLF = $ScriptVal->"source") do={ + $LogPrint debug $0 ("Script '" . $ScriptVal->"name" . "' did not change."); + :error false; + } + + :if ([ :pick $SourceNew 0 18 ] != "#!rsc by RouterOS\n") do={ + $LogPrint warning $0 ("Looks like new script '" . $ScriptVal->"name" . \ "' is not valid (missing shebang). Ignoring!"); + :error false; + } + + :local RequiredROS ([ $ParseKeyValueStore [ $Grep $SourceNew ("\23 requires RouterOS, ") ] ]->"version"); + :if ([ $RequiredRouterOS $0 [ $EitherOr $RequiredROS "0.0" ] false ] = false) do={ + $LogPrintOnce warning $0 ("The script '" . $ScriptVal->"name" . "' requires RouterOS " . \ + $RequiredROS . ", which is not met by your installation. Ignoring!"); + :error false; + } + + :local RequiredDM [ $ParseKeyValueStore [ $Grep $SourceNew ("\23 requires device-mode, ") ] ]; + :local MissingDM ({}); + :foreach Feature,Value in=$RequiredDM do={ + :if ([ :typeof ($DeviceMode->$Feature) ] = "bool" && ($DeviceMode->$Feature) = false) do={ + :set MissingDM ($MissingDM, $Feature); } - } else={ - $LogPrint debug $0 ("Script '" . $ScriptVal->"name" . "' did not change."); } - } else={ - $LogPrint debug $0 ("No update for script '" . $ScriptVal->"name" . "'."); - } + :if ([ :len $MissingDM ] > 0) do={ + $LogPrintOnce warning $0 ("The script '" . $ScriptVal->"name" . "' requires disabled " . \ + "device-mode features (" . [ :tostr $MissingDM ] . "). Ignoring!"); + :error false; + } + + :if ([ $ValidateSyntax $SourceNew ] = false) do={ + $LogPrint warning $0 ("Syntax validation for script '" . $ScriptVal->"name" . "' failed! Ignoring!"); + :error false; + } + + $LogPrint info $0 ("Updating script: " . $ScriptVal->"name"); + /system/script/set owner=($ScriptVal->"name") \ + source=[ $IfThenElse ($ScriptUpdatesCRLF = true) $SourceCRLF $SourceNew ] $Script; + :if ($ScriptVal->"name" = "global-config" || \ + $ScriptVal->"name" = "global-functions" || \ + $ScriptVal->"name" ~ ("^mod/.")) do={ + :set ReloadGlobal true; + } + } on-error={ } } - :if ($ReloadGlobalFunctions = true) do={ - $LogPrint info $0 ("Reloading global functions."); - :do { + :if ($ReloadGlobal = true) do={ + $LogPrint info $0 ("Reloading global configuration and functions."); + :set GlobalConfigReady false; + :set GlobalFunctionsReady false; + :delay 1s; + + :onerror Err { + /system/script/run global-config; /system/script/run global-functions; - } on-error={ - $LogPrint error $0 ("Reloading global functions failed!"); + } do={ + $LogPrint error $0 ("Reloading global configuration and functions failed! " . $Err); } } - :if ($ReloadGlobalConfig = true) do={ - $LogPrint info $0 ("Reloading global configuration."); - :do { - /system/script/run global-config; - } on-error={ - $LogPrint error $0 ("Reloading global configuration failed!" . \ - " Syntax error or missing overlay?"); - } + :if ($CommitId != "unknown" && $CommitIdBefore != $CommitId) do={ + $LogPrint info $0 ("Updated to commit: " . $CommitInfo . "/" . [ :pick $CommitId 0 8 ]); } :if ($ExpectedConfigVersionBefore > $ExpectedConfigVersion) do={ @@ -1144,7 +1355,7 @@ :global GlobalConfigMigration; :local ChangeLogCode; - :do { + :onerror Err { :local Url ($ScriptUpdatesBaseUrl . "news-and-changes.rsc" . $ScriptUpdatesUrlSuffix); $LogPrint debug $0 ("Fetching news, changes and migration: " . $Url); :local Result [ /tool/fetch check-certificate=yes-without-crl \ @@ -1152,16 +1363,16 @@ :if ($Result->"status" = "finished") do={ :set ChangeLogCode ($Result->"data"); } - } on-error={ - $LogPrint warning $0 ("Failed fetching news, changes and migration!"); + } do={ + $LogPrint warning $0 ("Failed fetching news, changes and migration: " . $Err); } :if ([ :len $ChangeLogCode ] > 0) do={ :if ([ $ValidateSyntax $ChangeLogCode ] = true) do={ - :do { + :onerror Err { [ :parse $ChangeLogCode ]; - } on-error={ - $LogPrint warning $0 ("The changelog failed to run!"); + } do={ + $LogPrint warning $0 ("The changelog failed to run: " . $Err); } } else={ $LogPrint warning $0 ("The changelog failed syntax validation!"); @@ -1171,18 +1382,24 @@ :if ([ :len $GlobalConfigMigration ] > 0) do={ :for I from=($ExpectedConfigVersionBefore + 1) to=$ExpectedConfigVersion do={ :local Migration ($GlobalConfigMigration->[ :tostr $I ]); - :if ([ :typeof $Migration ] = "str") do={ - :if ([ $ValidateSyntax $Migration ] = true) do={ - $LogPrint info $0 ("Applying migration for change " . $I . ": " . $Migration); - :do { - [ :parse $Migration ]; - } on-error={ - $LogPrint warning $0 ("Migration code for change " . $I . " failed to run!"); - } - } else={ + :do { + :if ([ :typeof $Migration ] != "str") do={ + $LogPrint debug $0 ("Migration code for change " . $I . " is not available."); + :error false; + } + + :if ([ $ValidateSyntax $Migration ] = false) do={ $LogPrint warning $0 ("Migration code for change " . $I . " failed syntax validation!"); + :error false; } - } + + $LogPrint info $0 ("Applying migration for change " . $I . ": " . $Migration); + :onerror Err { + [ :parse $Migration ]; + } do={ + $LogPrint warning $0 ("Migration code for change " . $I . " failed to run: " . $Err); + } + } on-error={ } } } @@ -1222,12 +1439,14 @@ :set GlobalConfigChanges; :set GlobalConfigMigration; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # lock script against multiple invocation :set ScriptLock do={ - :local Script [ :tostr $1 ]; - :local WaitMax ([ :tonum $3 ] * 10); + :local Script [ :tostr $1 ]; + :local WaitMax [ :totime $2 ]; :global GetRandom20CharAlNum; :global IfThenElse; @@ -1316,6 +1535,10 @@ :set ($ScriptLockOrder->$Script) ({}); } + :if ([ :typeof $WaitMax ] = "nil" ) do={ + :set WaitMax 0s; + } + :if ([ :len [ /system/script/find where name=$Script ] ] = 0) do={ $LogPrint error $0 ("A script named '" . $Script . "' does not exist!"); :error false; @@ -1335,12 +1558,13 @@ :local MyTicket [ $GetRandom20CharAlNum 6 ]; $AddTicket $Script $MyTicket; - :local WaitCount 0; - :while ($WaitMax > $WaitCount && \ + :local WaitInterval ($WaitMax / 20); + :local WaitTime $WaitMax; + :while ($WaitTime > 0 && \ ([ $IsFirstTicket $Script $MyTicket ] = false || \ [ $TicketCount $Script ] < [ $JobCount $Script ])) do={ - :set WaitCount ($WaitCount + 1); - :delay 100ms; + :set WaitTime ($WaitTime - $WaitInterval); + :delay $WaitInterval; } :if ([ $IsFirstTicket $Script $MyTicket ] = true && \ @@ -1352,16 +1576,18 @@ $RemoveTicket $Script $MyTicket; $LogPrint debug $0 ("Script '" . $Script . "' started more than once" . \ - [ $IfThenElse ($WaitCount > 0) " and timed out waiting for lock" "" ] . "..."); + [ $IfThenElse ($WaitTime < $WaitMax) " and timed out waiting for lock" "" ] . "..."); :return false; } # send notification via NotificationFunctions - expects at least two string arguments -:set SendNotification do={ +:set SendNotification do={ :onerror Err { :global SendNotification2; $SendNotification2 ({ origin=$0; subject=$1; message=$2; link=$3; silent=$4 }); -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via NotificationFunctions - expects one array argument :set SendNotification2 do={ @@ -1479,9 +1705,12 @@ :set ValidateSyntax do={ :local Code [ :tostr $1 ]; - :do { + :global LogPrint; + + :onerror Err { [ :parse (":local Validate do={\n" . $Code . "\n}") ]; - } on-error={ + } do={ + $LogPrint debug $0 ("Valdation failed: " . $Err); :return false; } :return true; @@ -1548,17 +1777,28 @@ :global MAX; :set FileName [ $CleanFilePath $FileName ]; - :local I 1; - :local Delay ([ $MAX [ $EitherOr $WaitTime 2s ] 100ms ] / 10); + :local Delay ([ $MAX [ $EitherOr $WaitTime 2s ] 100ms ] / 9); - :while ([ :len [ /file/find where name=$FileName ] ] = 0) do={ - :if ($I >= 10) do={ - :return false; - } + :do { + :retry { + :if ([ :len [ /file/find where name=$FileName ] ] = 0) do={ + :error false; + } + } delay=$Delay max=10; + } on-error={ + :return false; + } + + :while ([ :len [ /file/find where name=$FileName ] ] > 0) do={ + :do { + /file/get $FileName; + :return true; + } on-error={ } :delay $Delay; - :set I ($I + 1); + :set Delay ($Delay * 3 / 2); } - :return true; + + :return false; } # wait to be fully connected (default route is reachable, time is sync, DNS resolves) @@ -1585,10 +1825,10 @@ :foreach Script in=[ /system/script/find where name ~ "^mod/." ] do={ :local ScriptVal [ /system/script/get $Script ]; :if ([ $ValidateSyntax ($ScriptVal->"source") ] = true) do={ - :do { + :onerror Err { /system/script/run $Script; - } on-error={ - $LogPrint error $0 ("Module '" . $ScriptVal->"name" . "' failed to run."); + } do={ + $LogPrint error $0 ("Module '" . $ScriptVal->"name" . "' failed to run: " . $Err); } } else={ $LogPrint error $0 ("Module '" . $ScriptVal->"name" . "' failed syntax validation, skipping."); diff --git a/global-wait.rsc b/global-wait.rsc index f0631e2..23b5629 100644 --- a/global-wait.rsc +++ b/global-wait.rsc @@ -1,12 +1,13 @@ #!rsc by RouterOS # RouterOS script: global-wait -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # wait for global-functions to finish -# https://git.eworm.de/cgit/routeros-scripts/about/doc/global-wait.md +# https://rsc.eworm.de/doc/global-wait.md +:global GlobalConfigReady; :global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } +:while ($GlobalConfigReady != true || $GlobalFunctionsReady != true) do={ :delay 500ms; } diff --git a/gps-track.rsc b/gps-track.rsc index a2ea9ff..6a090bf 100644 --- a/gps-track.rsc +++ b/gps-track.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: gps-track -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch # # track gps data by sending json data to http server -# https://git.eworm.de/cgit/routeros-scripts/about/doc/gps-track.md +# https://rsc.eworm.de/doc/gps-track.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global GpsTrackUrl; @@ -23,6 +25,7 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } $WaitFullyConnected; @@ -31,7 +34,7 @@ :local Gps [ /system/gps/monitor once as-value ]; :if ($Gps->"valid" = true) do={ - :do { + :onerror Err { /tool/fetch check-certificate=yes-without-crl output=none http-method=post \ http-header-field=({ [ $FetchUserAgentStr $ScriptName ]; "Content-Type: application/json" }) \ http-data=[ :serialize to=json { "identity"=$Identity; \ @@ -39,10 +42,12 @@ $LogPrint debug $ScriptName ("Sending GPS data in " . $CoordinateFormat . " format: " . \ "lat: " . ($Gps->"latitude") . " " . \ "lon: " . ($Gps->"longitude")); - } on-error={ - $LogPrint warning $ScriptName ("Failed sending GPS data!"); + } do={ + $LogPrint warning $ScriptName ("Failed sending GPS data: " . $Err); } } else={ $LogPrint debug $ScriptName ("GPS data not valid."); } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/hotspot-to-wpa-cleanup.capsman.rsc b/hotspot-to-wpa-cleanup.capsman.rsc index e935850..e4ac967 100644 --- a/hotspot-to-wpa-cleanup.capsman.rsc +++ b/hotspot-to-wpa-cleanup.capsman.rsc @@ -1,20 +1,22 @@ #!rsc by RouterOS # RouterOS script: hotspot-to-wpa-cleanup.capsman -# Copyright (c) 2021-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2021-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=80 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, hotspot # # manage and clean up private WPA passphrase after hotspot login -# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# https://rsc.eworm.de/doc/hotspot-to-wpa.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global EitherOr; @@ -23,6 +25,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -72,4 +75,6 @@ /ip/dhcp-server/lease/remove $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/hotspot-to-wpa-cleanup.template.rsc b/hotspot-to-wpa-cleanup.template.rsc index fa99b5d..d51e1d0 100644 --- a/hotspot-to-wpa-cleanup.template.rsc +++ b/hotspot-to-wpa-cleanup.template.rsc @@ -1,21 +1,23 @@ #!rsc by RouterOS # RouterOS script: hotspot-to-wpa-cleanup%TEMPL% -# Copyright (c) 2021-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2021-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=80 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, hotspot # # manage and clean up private WPA passphrase after hotspot login -# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# https://rsc.eworm.de/doc/hotspot-to-wpa.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global EitherOr; @@ -24,6 +26,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -79,4 +82,6 @@ /ip/dhcp-server/lease/remove $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/hotspot-to-wpa-cleanup.wifi.rsc b/hotspot-to-wpa-cleanup.wifi.rsc index d3f859e..8bb2631 100644 --- a/hotspot-to-wpa-cleanup.wifi.rsc +++ b/hotspot-to-wpa-cleanup.wifi.rsc @@ -1,20 +1,22 @@ #!rsc by RouterOS # RouterOS script: hotspot-to-wpa-cleanup.wifi -# Copyright (c) 2021-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2021-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # provides: lease-script, order=80 -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, hotspot # # manage and clean up private WPA passphrase after hotspot login -# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# https://rsc.eworm.de/doc/hotspot-to-wpa.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global EitherOr; @@ -23,6 +25,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } @@ -72,4 +75,6 @@ /ip/dhcp-server/lease/remove $Lease; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/hotspot-to-wpa.capsman.rsc b/hotspot-to-wpa.capsman.rsc index b85c591..8977cee 100644 --- a/hotspot-to-wpa.capsman.rsc +++ b/hotspot-to-wpa.capsman.rsc @@ -1,19 +1,21 @@ #!rsc by RouterOS # RouterOS script: hotspot-to-wpa.capsman -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, hotspot # # add private WPA passphrase after hotspot login -# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# https://rsc.eworm.de/doc/hotspot-to-wpa.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global EitherOr; @@ -25,11 +27,13 @@ :local UserName $username; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from hotspot on login."); + :set ExitOK true; :error false; } @@ -57,6 +61,7 @@ :if ($Template->"action" = "reject") do={ $LogPrint info $ScriptName ("Ignoring login for hotspot '" . $Hotspot . "'."); + :set ExitOK true; :error true; } @@ -95,4 +100,6 @@ :delay 2s; /caps-man/access-list/set $Entry action=accept; -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/hotspot-to-wpa.template.rsc b/hotspot-to-wpa.template.rsc index 44607cc..c5d977d 100644 --- a/hotspot-to-wpa.template.rsc +++ b/hotspot-to-wpa.template.rsc @@ -1,20 +1,22 @@ #!rsc by RouterOS # RouterOS script: hotspot-to-wpa%TEMPL% -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, hotspot # # add private WPA passphrase after hotspot login -# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# https://rsc.eworm.de/doc/hotspot-to-wpa.md # # !! This is just a template to generate the real script! # !! Pattern '%TEMPL%' is replaced, paths are filtered. -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global EitherOr; @@ -26,11 +28,13 @@ :local UserName $username; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from hotspot on login."); + :set ExitOK true; :error false; } @@ -64,6 +68,7 @@ :if ($Template->"action" = "reject") do={ $LogPrint info $ScriptName ("Ignoring login for hotspot '" . $Hotspot . "'."); + :set ExitOK true; :error true; } @@ -115,4 +120,6 @@ :delay 2s; /caps-man/access-list/set $Entry action=accept; /interface/wifi/access-list/set $Entry action=accept; -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/hotspot-to-wpa.wifi.rsc b/hotspot-to-wpa.wifi.rsc index 25933c6..6a97e46 100644 --- a/hotspot-to-wpa.wifi.rsc +++ b/hotspot-to-wpa.wifi.rsc @@ -1,19 +1,21 @@ #!rsc by RouterOS # RouterOS script: hotspot-to-wpa.wifi -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, hotspot # # add private WPA passphrase after hotspot login -# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# https://rsc.eworm.de/doc/hotspot-to-wpa.md # # !! Do not edit this file, it is generated from template! -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global EitherOr; @@ -25,11 +27,13 @@ :local UserName $username; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from hotspot on login."); + :set ExitOK true; :error false; } @@ -57,6 +61,7 @@ :if ($Template->"action" = "reject") do={ $LogPrint info $ScriptName ("Ignoring login for hotspot '" . $Hotspot . "'."); + :set ExitOK true; :error true; } @@ -92,4 +97,6 @@ :delay 2s; /interface/wifi/access-list/set $Entry action=accept; -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/ip-addr-bridge.rsc b/ip-addr-bridge.rsc index 758cd46..68ff4a4 100644 --- a/ip-addr-bridge.rsc +++ b/ip-addr-bridge.rsc @@ -1,10 +1,10 @@ #!rsc by RouterOS # RouterOS script: ip-addr-bridge -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # enable or disable ip addresses based on bridge port state -# https://git.eworm.de/cgit/routeros-scripts/about/doc/ip-addr-bridge.md +# https://rsc.eworm.de/doc/ip-addr-bridge.md :foreach Bridge in=[ /interface/bridge/find ] do={ :local BrName [ /interface/bridge/get $Bridge name ]; diff --git a/ipsec-to-dns.rsc b/ipsec-to-dns.rsc index bd74a8f..1b5ed13 100644 --- a/ipsec-to-dns.rsc +++ b/ipsec-to-dns.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: ipsec-to-dns -# Copyright (c) 2021-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2021-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, ipsec # # and add/remove/update DNS entries from IPSec mode-config -# https://git.eworm.de/cgit/routeros-scripts/about/doc/ipsec-to-dns.md +# https://rsc.eworm.de/doc/ipsec-to-dns.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Domain; @@ -26,6 +28,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -76,4 +79,6 @@ /ip/dns/static/add name=$Fqdn address=($PeerVal->"dynamic-address") ttl=$Ttl comment=$Comment place-before=$PlaceBefore; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/ipv6-update.rsc b/ipv6-update.rsc index ccc0eb9..580a426 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: ipv6-update -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update firewall and dns settings on IPv6 prefix change -# https://git.eworm.de/cgit/routeros-scripts/about/doc/ipv6-update.md +# https://rsc.eworm.de/doc/ipv6-update.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; @@ -19,19 +20,30 @@ :global ScriptLock; :local NaAddress $"na-address"; + :local NaValid $"na-valid"; :local PdPrefix $"pd-prefix"; + :local PdValid $"pd-valid"; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :if ([ :typeof $NaAddress ] = "str") do={ $LogPrint info $ScriptName ("An address (" . $NaAddress . ") was acquired, not a prefix. Ignoring."); + :set ExitOK true; :error false; } - :if ([ :typeof $PdPrefix ] = "nothing") do={ + :if ([ :typeof $PdPrefix ] = "nothing" || [ :typeof $PdValid ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ipv6 dhcp-client."); + :set ExitOK true; + :error false; + } + + :if ($PdValid != 1) do={ + $LogPrint info $ScriptName ("The prefix " . $PdPrefix . " is no longer valid. Ignoring."); + :set ExitOK true; :error false; } @@ -90,4 +102,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/lease-script.rsc b/lease-script.rsc index f484414..ab44956 100644 --- a/lease-script.rsc +++ b/lease-script.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: lease-script -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # run scripts on DHCP lease -# https://git.eworm.de/cgit/routeros-scripts/about/doc/lease-script.md +# https://rsc.eworm.de/doc/lease-script.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Grep; @@ -25,6 +26,7 @@ [ :typeof $leaseServerName ] = "nothing" || \ [ :typeof $leaseBound ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ip dhcp-server."); + :set ExitOK true; :error false; } @@ -32,11 +34,13 @@ "de" "" ] . "assigned lease " . $leaseActIP . " to " . $leaseActMAC); :if ([ $ScriptLock $ScriptName 10 ] = false) do={ + :set ExitOK true; :error false; } :if ([ :len [ /system/script/job/find where script=$ScriptName ] ] > 1) do={ $LogPrint debug $ScriptName ("More invocations are waiting, exiting early."); + :set ExitOK true; :error true; } @@ -49,11 +53,13 @@ } :foreach Order,Script in=$RunOrder do={ - :do { + :onerror Err { $LogPrint debug $ScriptName ("Running script with order " . $Order . ": " . $Script); /system/script/run $Script; - } on-error={ - $LogPrint warning $ScriptName ("Running script '" . $Script . "' failed!"); + } do={ + $LogPrint warning $ScriptName ("Running script '" . $Script . "' failed: " . $Err); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/leds-day-mode.rsc b/leds-day-mode.rsc index b7c6b5b..7344fde 100644 --- a/leds-day-mode.rsc +++ b/leds-day-mode.rsc @@ -1,9 +1,9 @@ #!rsc by RouterOS # RouterOS script: leds-day-mode -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # enable LEDs -# https://git.eworm.de/cgit/routeros-scripts/about/doc/leds-mode.md +# https://rsc.eworm.de/doc/leds-mode.md /system/leds/settings/set all-leds-off=never; diff --git a/leds-night-mode.rsc b/leds-night-mode.rsc index fb7c7a2..8bd028e 100644 --- a/leds-night-mode.rsc +++ b/leds-night-mode.rsc @@ -1,9 +1,9 @@ #!rsc by RouterOS # RouterOS script: leds-night-mode -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # disable LEDs -# https://git.eworm.de/cgit/routeros-scripts/about/doc/leds-mode.md +# https://rsc.eworm.de/doc/leds-mode.md /system/leds/settings/set all-leds-off=immediate; diff --git a/leds-toggle-mode.rsc b/leds-toggle-mode.rsc index 136c9d1..b55e351 100644 --- a/leds-toggle-mode.rsc +++ b/leds-toggle-mode.rsc @@ -1,13 +1,9 @@ #!rsc by RouterOS # RouterOS script: leds-toggle-mode -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # toggle LEDs mode -# https://git.eworm.de/cgit/routeros-scripts/about/doc/leds-mode.md +# https://rsc.eworm.de/doc/leds-mode.md -:if ([ /system/leds/settings/get all-leds-off ] = "never") do={ - /system/leds/settings/set all-leds-off=immediate; -} else={ - /system/leds/settings/set all-leds-off=never; -} +/system/leds/settings/set all-leds-off=(({ "never"="immediate"; "immediate"="never" })->[ get all-leds-off ]); diff --git a/log-forward.rsc b/log-forward.rsc index e0d8f35..be7eff7 100644 --- a/log-forward.rsc +++ b/log-forward.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: log-forward -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # forward log messages via notification -# https://git.eworm.de/cgit/routeros-scripts/about/doc/log-forward.md +# https://rsc.eworm.de/doc/log-forward.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -33,6 +34,7 @@ :global SymbolForNotification; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -43,6 +45,7 @@ :if ($LogForwardRateLimit > 30) do={ :set LogForwardRateLimit ($LogForwardRateLimit - 1); $LogPrint info $ScriptName ("Rate limit in action, not forwarding logs, if any!"); + :set ExitOK true; :error false; } @@ -54,6 +57,11 @@ :local MessageVal; :local MessageDups ({}); + :set LogForwardFilter [ $EitherOr $LogForwardFilter [] ]; + :set LogForwardFilterMessage [ $EitherOr $LogForwardFilterMessage [] ]; + :set LogForwardInclude [ $EitherOr $LogForwardInclude [] ]; + :set LogForwardIncludeMessage [ $EitherOr $LogForwardIncludeMessage [] ]; + :local LogForwardFilterLogForwardingCached [ $EitherOr [ $LogForwardFilterLogForwarding ] ("\$^") ]; :foreach Message in=[ /log/find where (!(message="") and \ !(message~$LogForwardFilterLogForwardingCached) and \ @@ -100,4 +108,6 @@ :local LogAll [ /log/find ]; :set LogForwardLast ($LogAll->([ :len $LogAll ] - 1) ); -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} Binary files differBinary files differdiff --git a/mod/bridge-port-to.rsc b/mod/bridge-port-to.rsc index 7dae679..93eedce 100644 --- a/mod/bridge-port-to.rsc +++ b/mod/bridge-port-to.rsc @@ -1,16 +1,16 @@ #!rsc by RouterOS # RouterOS script: mod/bridge-port-to -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # reset bridge ports to default bridge -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/bridge-port-to.md +# https://rsc.eworm.de/doc/mod/bridge-port-to.md :global BridgePortTo; -:set BridgePortTo do={ +:set BridgePortTo do={ :onerror Err { :local BridgePortTo [ :tostr $1 ]; :global IfThenElse; @@ -65,4 +65,6 @@ $LogPrint info $0 ("Re-enabling interfaces..."); /interface/ethernet/enable $InterfaceReEnable; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } diff --git a/mod/bridge-port-vlan.rsc b/mod/bridge-port-vlan.rsc index c9f55ae..6deee99 100644 --- a/mod/bridge-port-vlan.rsc +++ b/mod/bridge-port-vlan.rsc @@ -1,16 +1,16 @@ #!rsc by RouterOS # RouterOS script: mod/bridge-port-vlan -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # manage VLANs on bridge ports -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/bridge-port-vlan.md +# https://rsc.eworm.de/doc/mod/bridge-port-vlan.md :global BridgePortVlan; -:global BridgePortVlan do={ +:global BridgePortVlan do={ :onerror Err { :local ConfigTo [ :tostr $1 ]; :global IfThenElse; @@ -74,4 +74,6 @@ $LogPrint info $0 ("Re-enabling interfaces..."); /interface/ethernet/enable $InterfaceReEnable; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } diff --git a/mod/inspectvar.rsc b/mod/inspectvar.rsc index 73205b2..fc1b366 100644 --- a/mod/inspectvar.rsc +++ b/mod/inspectvar.rsc @@ -1,28 +1,31 @@ #!rsc by RouterOS # RouterOS script: mod/inspectvar -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # inspect variables -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/inspectvar.md +# https://rsc.eworm.de/doc/mod/inspectvar.md :global InspectVar; :global InspectVarReturn; # inspect variable and print on terminal -:set InspectVar do={ +:set InspectVar do={ :onerror Err { :global InspectVarReturn; :put [ :tocrlf [ $InspectVarReturn $1 ] ]; -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # inspect variable and return formatted string :set InspectVarReturn do={ :local Input $1; :local Level (0 + [ :tonum $2 ]); + :global CharacterReplace; :global IfThenElse; :global InspectVarReturn; @@ -31,14 +34,13 @@ :local Value [ :tostr $2 ]; :local Level [ :tonum $3 ]; - :local Indent ""; - :for I from=1 to=$Level step=1 do={ - :set Indent ($Indent . " "); - } - :return ($Indent . "-" . $Prefix . "-> " . $Value); + :global CharacterMultiply; + + :return ([ $CharacterMultiply " " $Level ] . "-" . $Prefix . "-> " . $Value); } :local TypeOf [ :typeof $Input ]; + :local Len [ :len $Input ]; :local Return [ $IndentReturn "type" $TypeOf $Level ]; :if ($TypeOf = "array") do={ @@ -48,6 +50,16 @@ [ $InspectVarReturn $Value ($Level + 2) ]); } } else={ + :if ($TypeOf = "str") do={ + :set $Return ($Return . "\n" . \ + [ $IndentReturn "len" $Len $Level ]); + :if ([ :typeof [ :find $Input ("\r") ] ] = "num") do={ + :set Input [ $CharacterReplace $Input ("\r") "" ]; + } + :if ([ :typeof [ :find $Input ("\n") ] ] = "num") do={ + :set Input [ $CharacterReplace $Input ("\n") " " ]; + } + } :if ($TypeOf != "nothing") do={ :set $Return ($Return . "\n" . \ [ $IndentReturn "value" [ $IfThenElse ([ :len $Input ] > 80) \ diff --git a/mod/ipcalc.rsc b/mod/ipcalc.rsc index 003bdc3..eacff6d 100644 --- a/mod/ipcalc.rsc +++ b/mod/ipcalc.rsc @@ -1,18 +1,18 @@ #!rsc by RouterOS # RouterOS script: mod/ipcalc -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # ip address calculation -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ipcalc.md +# https://rsc.eworm.de/doc/mod/ipcalc.md :global IPCalc; :global IPCalcReturn; # print netmask, network, min host, max host and broadcast -:set IPCalc do={ +:set IPCalc do={ :onerror Err { :local Input [ :tostr $1 ]; :global FormatLine; @@ -27,7 +27,9 @@ [ $FormatLine "HostMin" ($Values->"hostmin") ] . "\n" . \ [ $FormatLine "HostMax" ($Values->"hostmax") ] . "\n" . \ [ $FormatLine "Broadcast" ($Values->"broadcast") ]) ]; -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # calculate and return netmask, network, min host, max host and broadcast :set IPCalcReturn do={ diff --git a/mod/notification-email.rsc b/mod/notification-email.rsc index 3d62ddf..ad9762a 100644 --- a/mod/notification-email.rsc +++ b/mod/notification-email.rsc @@ -1,12 +1,13 @@ #!rsc by RouterOS # RouterOS script: mod/notification-email -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, email, scheduler # # send notifications via e-mail -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/notification-email.md +# https://rsc.eworm.de/doc/mod/notification-email.md :global EMailGenerateFrom; :global FlushEmailQueue; @@ -34,20 +35,39 @@ } # flush e-mail queue -:set FlushEmailQueue do={ +:set FlushEmailQueue do={ :onerror Err { :global EmailQueue; :global EitherOr; :global EMailGenerateFrom; + :global FileExists; :global IsDNSResolving; :global IsTimeSync; :global LogPrint; + :global RmFile; :local AllDone true; :local QueueLen [ :len $EmailQueue ]; :local Scheduler [ /system/scheduler/find where name="_FlushEmailQueue" ]; - :if ([ :len $Scheduler ] > 0 && [ /system/scheduler/get $Scheduler interval ] < 1m) do={ + :if ([ :len $Scheduler ] > 0 && $QueueLen = 0) do={ + $LogPrint warning $0 ("Flushing E-Mail messages from scheduler, but queue is empty."); + /system/scheduler/remove $Scheduler; + :return false; + } + + :if ($QueueLen = 0) do={ + :return true; + } + + :if ([ :len $Scheduler ] < 0) do={ + /system/scheduler/add name="_FlushEmailQueue" interval=1m start-time=startup \ + comment="Doing initial checks..." on-event=(":global FlushEmailQueue; \$FlushEmailQueue;"); + :set Scheduler [ /system/scheduler/find where name="_FlushEmailQueue" ]; + } + + :local SchedVal [ /system/scheduler/get $Scheduler ]; + :if (($SchedVal->"interval") < 1m) do={ /system/scheduler/set interval=1m comment="Doing initial checks..." $Scheduler; } @@ -67,53 +87,64 @@ :return false; } - :if ([ :len $Scheduler ] > 0 && $QueueLen = 0) do={ - $LogPrint warning $0 ("Flushing E-Mail messages from scheduler, but queue is empty."); - } - - /system/scheduler/set interval=([ $EitherOr $QueueLen 1 ] . "m") comment="Sending..." $Scheduler; + /system/scheduler/set interval=($QueueLen . "m") comment="Sending..." $Scheduler; :foreach Id,Message in=$EmailQueue do={ :if ([ :typeof $Message ] = "array" ) do={ - :local Attach ({}); :while ([ /tool/e-mail/get last-status ] = "in-progress") do={ :delay 1s; } - :foreach File in=[ :toarray [ $EitherOr ($Message->"attach") "" ] ] do={ - :if ([ :len [ /file/find where name=$File ] ] = 1) do={ - :set Attach ($Attach, $File); - } else={ - $LogPrint warning $0 ("File '" . $File . "' does not exist, can not attach."); + :onerror Err { + :local Attach ({}); + :foreach File in=[ :toarray [ $EitherOr ($Message->"attach") "" ] ] do={ + :if ([ $FileExists $File ] = true) do={ + :set Attach ($Attach, $File); + } else={ + $LogPrint warning $0 ("File '" . $File . "' does not exist, can not attach."); + } } - } - /tool/e-mail/send from=[ $EMailGenerateFrom ] to=($Message->"to") cc=($Message->"cc") \ - subject=($Message->"subject") body=($Message->"body") file=$Attach; - :local Wait true; - :do { - :delay 1s; - :local Status [ /tool/e-mail/get last-status ]; - :if ($Status = "succeeded") do={ - :set ($EmailQueue->$Id); - :set Wait false; - :if (($Message->"remove-attach") = true) do={ - :foreach File in=$Attach do={ - /file/remove $File; + /tool/e-mail/send from=[ $EMailGenerateFrom ] to=($Message->"to") cc=($Message->"cc") \ + subject=($Message->"subject") body=($Message->"body") file=$Attach; + :local Wait true; + :do { + :delay 1s; + :local Status [ /tool/e-mail/get last-status ]; + :if ($Status = "succeeded") do={ + :set ($EmailQueue->$Id); + :set Wait false; + :if (($Message->"remove-attach") = true) do={ + :foreach File in=$Attach do={ + $RmFile $File; + } } } - } - :if ($Status = "failed") do={ - :set AllDone false; - :set Wait false; - } - } while=($Wait = true); + :if ($Status = "failed") do={ + :set AllDone false; + :set Wait false; + } + } while=($Wait = true); + } do={ + $LogPrint warning $0 ("Sending queued mail failed: " . $Err); + :set AllDone false; + } } } :if ($AllDone = true && $QueueLen = [ :len $EmailQueue ]) do={ /system/scheduler/remove $Scheduler; :set EmailQueue; - } else={ - /system/scheduler/set interval=1m comment="Waiting for retry..." $Scheduler; + :return true; } -} + + :if ([ :len [ /system/scheduler/find where name="_FlushEmailQueue" ] ] = 0 && \ + [ :typeof $EmailQueue ] = "nothing") do={ + $LogPrint info $0 ("Queue was purged? Exiting."); + :return false; + } + + /system/scheduler/set interval=(($SchedVal->"run-count") . "m") \ + comment="Waiting for retry..." $Scheduler; +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # generate filter for log-forward :set LogForwardFilterLogForwarding do={ @@ -152,6 +183,7 @@ :global IfThenElse; :global NotificationEMailSignature; :global NotificationEMailSubject; + :global SymbolForNotification; :local To [ $EitherOr ($EmailGeneralToOverride->($Notification->"origin")) $EmailGeneralTo ]; :local Cc [ $EitherOr ($EmailGeneralCcOverride->($Notification->"origin")) $EmailGeneralCc ]; @@ -164,13 +196,23 @@ :if ([ :typeof $EmailQueue ] = "nothing") do={ :set EmailQueue ({}); } + :local Truncated false; + :local Body ($Notification->"message"); + :if ([ :len $Body ] > 62000) do={ + :set Body ([ :pick $Body 0 62000 ] . "..."); + :set Truncated true; + } :local Signature [ $EitherOr [ $NotificationEMailSignature ] [ /system/note/get note ] ]; + :set Body ($Body . "\n" . \ + [ $IfThenElse ([ :len ($Notification->"link") ] > 0) \ + ("\n" . [ $SymbolForNotification "link" ] . ($Notification->"link")) ] . \ + [ $IfThenElse ($Truncated = true) ("\n" . [ $SymbolForNotification "scissors" ] . \ + "The message was too long and has been truncated!") ] . \ + [ $IfThenElse ([ :len $Signature ] > 0) ("\n-- \n" . $Signature) "" ]); :set ($EmailQueue->[ :len $EmailQueue ]) { to=$To; cc=$Cc; subject=[ $NotificationEMailSubject ($Notification->"subject") ]; - body=(($Notification->"message") . \ - [ $IfThenElse ([ :len ($Notification->"link") ] > 0) ("\n\n" . ($Notification->"link")) "" ] . \ - [ $IfThenElse ([ :len $Signature ] > 0) ("\n-- \n" . $Signature) "" ]); \ + body=$Body; \ attach=($Notification->"attach"); remove-attach=($Notification->"remove-attach") }; :if ([ :len [ /system/scheduler/find where name="_FlushEmailQueue" ] ] = 0) do={ /system/scheduler/add name="_FlushEmailQueue" interval=1s start-time=startup \ @@ -224,11 +266,13 @@ } # send notification via e-mail - expects at least two string arguments -:set SendEMail do={ +:set SendEMail do={ :onerror Err { :global SendEMail2; $SendEMail2 ({ origin=$0; subject=$1; message=$2; link=$3 }); -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via e-mail - expects one array argument :set SendEMail2 do={ diff --git a/mod/notification-gotify.rsc b/mod/notification-gotify.rsc new file mode 100644 index 0000000..d8eafbe --- /dev/null +++ b/mod/notification-gotify.rsc @@ -0,0 +1,139 @@ +#!rsc by RouterOS +# RouterOS script: mod/notification-gotify +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# Leonardo David Monteiro <leo@cub3.xyz> +# https://rsc.eworm.de/COPYING.md +# +# requires RouterOS, version=7.15 +# requires device-mode, fetch, scheduler +# +# send notifications via Gotify (gotify.net) +# https://rsc.eworm.de/doc/mod/notification-gotify.md + +:global FlushGotifyQueue; +:global NotificationFunctions; +:global PurgeGotifyQueue; +:global SendGotify; +:global SendGotify2; + +# flush Gotify queue +:set FlushGotifyQueue do={ :onerror Err { + :global GotifyQueue; + + :global IsFullyConnected; + :global LogPrint; + + :if ([ $IsFullyConnected ] = false) do={ + $LogPrint debug $0 ("System is not fully connected, not flushing."); + :return false; + } + + :local AllDone true; + :local QueueLen [ :len $GotifyQueue ]; + + :if ([ :len [ /system/scheduler/find where name="_FlushGotifyQueue" ] ] > 0 && $QueueLen = 0) do={ + $LogPrint warning $0 ("Flushing Gotify messages from scheduler, but queue is empty."); + } + + :foreach Id,Message in=$GotifyQueue do={ + :if ([ :typeof $Message ] = "array" ) do={ + :onerror Err { + /tool/fetch check-certificate=yes-without-crl output=none http-method=post \ + http-header-field=($Message->"headers") http-data=[ :serialize to=json ($Message->"message") ] \ + ($Message->"url") as-value; + :set ($GotifyQueue->$Id); + } do={ + $LogPrint debug $0 ("Sending queued Gotify message failed: " . $Err); + :set AllDone false; + } + } + } + + :if ($AllDone = true && $QueueLen = [ :len $GotifyQueue ]) do={ + /system/scheduler/remove [ find where name="_FlushGotifyQueue" ]; + :set GotifyQueue; + } +} do={ + :global ExitError; $ExitError false $0 $Err; +} } + +# send notification via Gotify - expects one array argument +:set ($NotificationFunctions->"gotify") do={ + :local Notification $1; + + :global Identity; + :global IdentityExtra; + :global GotifyQueue; + :global GotifyServer; + :global GotifyServerOverride; + :global GotifyToken; + :global GotifyTokenOverride; + + :global EitherOr; + :global FetchUserAgentStr; + :global IfThenElse; + :global LogPrint; + :global SymbolForNotification; + + :local Server [ $EitherOr ($GotifyServerOverride->($Notification->"origin")) $GotifyServer ]; + :local Token [ $EitherOr ($GotifyTokenOverride->($Notification->"origin")) $GotifyToken ]; + + :if ([ :len $Token ] = 0) do={ + :return false; + } + + :local Url ("https://" . $Server . "/message"); + :local Headers ({ [ $FetchUserAgentStr ($Notification->"origin") ]; \ + ("X-Gotify-Key: " . $Token); "Content-Type: application/json" }); + :local Message ({ + "title"=("[" . $IdentityExtra . $Identity . "] " . ($Notification->"subject")); \ + "message"=(($Notification->"message") . "\n" . [ $IfThenElse ([ :len ($Notification->"link") ] > 0) \ + ("\n" . [ $SymbolForNotification "link" ] . ($Notification->"link")) ]); \ + "priority"=[ :tonum [ $IfThenElse ($Notification->"silent") 2 5 ] ] }); + + :onerror Err { + /tool/fetch check-certificate=yes-without-crl output=none http-method=post \ + http-header-field=$Headers http-data=[ :serialize to=json $Message ] $Url as-value; + } do={ + $LogPrint info $0 ("Failed sending Gotify notification: " . $Err . " - Queuing..."); + + :if ([ :typeof $GotifyQueue ] = "nothing") do={ + :set GotifyQueue ({}); + } + :set ($Message->"message") (($Notification->"message") . "\n" . \ + [ $SymbolForNotification "alarm-clock" ] . "This message was queued since " . \ + [ /system/clock/get date ] . " " . [ /system/clock/get time ] . " and may be obsolete."); + :set ($GotifyQueue->[ :len $GotifyQueue ]) \ + { url=$Url; headers=$Headers; message=$Message }; + :if ([ :len [ /system/scheduler/find where name="_FlushGotifyQueue" ] ] = 0) do={ + /system/scheduler/add name="_FlushGotifyQueue" interval=1m start-time=startup \ + on-event=(":global FlushGotifyQueue; \$FlushGotifyQueue;"); + } + } +} + +# purge the Gotify queue +:set PurgeGotifyQueue do={ + :global GotifyQueue; + + /system/scheduler/remove [ find where name="_FlushGotifyQueue" ]; + :set GotifyQueue; +} + +# send notification via Gotify - expects at least two string arguments +:set SendGotify do={ :onerror Err { + :global SendGotify2; + + $SendGotify2 ({ origin=$0; subject=$1; message=$2; link=$3; silent=$4 }); +} do={ + :global ExitError; $ExitError false $0 $Err; +} } + +# send notification via Gotify - expects one array argument +:set SendGotify2 do={ + :local Notification $1; + + :global NotificationFunctions; + + ($NotificationFunctions->"gotify") ("\$NotificationFunctions->\"gotify\"") $Notification; +} diff --git a/mod/notification-matrix.rsc b/mod/notification-matrix.rsc index 3adc1df..e9b42a0 100644 --- a/mod/notification-matrix.rsc +++ b/mod/notification-matrix.rsc @@ -1,13 +1,14 @@ #!rsc by RouterOS # RouterOS script: mod/notification-matrix -# Copyright (c) 2013-2024 Michael Gisbers <michael@gisbers.de> +# Copyright (c) 2013-2025 Michael Gisbers <michael@gisbers.de> # Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch, scheduler # # send notifications via Matrix -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/notification-matrix.md +# https://rsc.eworm.de/doc/mod/notification-matrix.md :global FlushMatrixQueue; :global NotificationFunctions; @@ -18,7 +19,7 @@ :global SetupMatrixJoinRoom; # flush Matrix queue -:set FlushMatrixQueue do={ +:set FlushMatrixQueue do={ :onerror Err { :global MatrixQueue; :global IsFullyConnected; @@ -38,7 +39,7 @@ :foreach Id,Message in=$MatrixQueue do={ :if ([ :typeof $Message ] = "array" ) do={ - :do { + :onerror Err { /tool/fetch check-certificate=yes-without-crl output=none \ http-header-field=($Message->"headers") http-method=post \ http-data=[ :serialize to=json { "msgtype"="m.text"; "body"=($Message->"plain"); @@ -46,8 +47,8 @@ ("https://" . $Message->"homeserver" . "/_matrix/client/r0/rooms/" . $Message->"room" . \ "/send/m.room.message?access_token=" . $Message->"accesstoken") as-value; :set ($MatrixQueue->$Id); - } on-error={ - $LogPrint debug $0 ("Sending queued Matrix message failed."); + } do={ + $LogPrint debug $0 ("Sending queued Matrix message failed: " . $Err); :set AllDone false; } } @@ -57,7 +58,9 @@ /system/scheduler/remove [ find where name="_FlushMatrixQueue" ]; :set MatrixQueue; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via Matrix - expects one array argument :set ($NotificationFunctions->"matrix") do={ @@ -126,15 +129,15 @@ [ $PrepareText $Label ] . "</a>"); } - :do { + :onerror Err { /tool/fetch check-certificate=yes-without-crl output=none \ http-header-field=$Headers http-method=post \ http-data=[ :serialize to=json { "msgtype"="m.text"; "body"=$Plain; "format"="org.matrix.custom.html"; "formatted_body"=$Formatted } ] \ ("https://" . $HomeServer . "/_matrix/client/r0/rooms/" . $Room . \ "/send/m.room.message?access_token=" . $AccessToken) as-value; - } on-error={ - $LogPrint info $0 ("Failed sending Matrix notification! Queuing..."); + } do={ + $LogPrint info $0 ("Failed sending Matrix notification: " . $Err . " - Queuing..."); :if ([ :typeof $MatrixQueue ] = "nothing") do={ :set MatrixQueue ({}); @@ -164,11 +167,13 @@ } # send notification via Matrix - expects at least two string arguments -:set SendMatrix do={ +:set SendMatrix do={ :onerror Err { :global SendMatrix2; $SendMatrix2 ({ origin=$0; subject=$1; message=$2; link=$3 }); -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via Matrix - expects one array argument :set SendMatrix2 do={ @@ -191,14 +196,14 @@ :global MatrixHomeServer; :local Domain [ :pick $User ([ :find $User ":" ] + 1) [ :len $User] ]; - :do { + :onerror Err { :local Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ http-header-field=({ [ $FetchUserAgentStr $0 ] }) \ ("https://" . $Domain . "/.well-known/matrix/client") as-value ]->"data"); :set MatrixHomeServer ([ :deserialize from=json value=$Data ]->"m.homeserver"->"base_url"); $LogPrint debug $0 ("Home server is: " . $MatrixHomeServer); - } on-error={ - $LogPrint error $0 ("Failed getting home server!"); + } do={ + $LogPrint error $0 ("Failed getting home server: " . $Err); :return false; } @@ -206,27 +211,27 @@ :set MatrixHomeServer [ :pick $MatrixHomeServer 8 [ :len $MatrixHomeServer ] ]; } - :do { + :onerror Err { :local Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ http-header-field=({ [ $FetchUserAgentStr $0 ] }) http-method=post \ http-data=[ :serialize to=json { "type"="m.login.password"; "user"=$User; "password"=$Pass } ] \ ("https://" . $MatrixHomeServer . "/_matrix/client/r0/login") as-value ]->"data"); :set MatrixAccessToken ([ :deserialize from=json value=$Data ]->"access_token"); $LogPrint debug $0 ("Access token is: " . $MatrixAccessToken); - } on-error={ - $LogPrint error $0 ("Failed logging in (and getting access token)!"); + } do={ + $LogPrint error $0 ("Failed logging in (and getting access token): " . $Err); :return false; } - :do { + :onerror Err { /system/script/remove [ find where name="global-config-overlay.d/mod/notification-matrix" ]; /system/script/add name="global-config-overlay.d/mod/notification-matrix" source=( \ "# configuration snippet: mod/notification-matrix\n\n" . \ ":global MatrixHomeServer \"" . $MatrixHomeServer . "\";\n" . \ ":global MatrixAccessToken \"" . $MatrixAccessToken . "\";\n"); $LogPrint info $0 ("Added configuration snippet. Now create and join a room, please!"); - } on-error={ - $LogPrint error $0 ("Failed adding configuration snippet!"); + } do={ + $LogPrint error $0 ("Failed adding configuration snippet: " . $Err); :return false; } } @@ -243,24 +248,24 @@ :global MatrixHomeServer; :global MatrixRoom; - :do { + :onerror Err { /tool/fetch check-certificate=yes-without-crl output=none \ http-header-field=({ [ $FetchUserAgentStr $0 ] }) http-method=post http-data="" \ ("https://" . $MatrixHomeServer . "/_matrix/client/r0/rooms/" . [ $UrlEncode $MatrixRoom ] . \ "/join?access_token=" . [ $UrlEncode $MatrixAccessToken ]) as-value; $LogPrint debug $0 ("Joined the room."); - } on-error={ - $LogPrint error $0 ("Failed joining the room!"); + } do={ + $LogPrint error $0 ("Failed joining the room: " . $Err); :return false; } - :do { + :onerror Err { :local Snippet [ /system/script/find where name="global-config-overlay.d/mod/notification-matrix" ]; /system/script/set $Snippet source=([ get $Snippet source ] . \ ":global MatrixRoom \"" . $MatrixRoom . "\";\n"); $LogPrint info $0 ("Appended configuration to configuration snippet. Please review!"); - } on-error={ - $LogPrint error $0 ("Failed appending configuration to snippet!"); + } do={ + $LogPrint error $0 ("Failed appending configuration to snippet: " . $Err); :return false; } } diff --git a/mod/notification-ntfy.rsc b/mod/notification-ntfy.rsc index b2bb280..7114020 100644 --- a/mod/notification-ntfy.rsc +++ b/mod/notification-ntfy.rsc @@ -1,12 +1,13 @@ #!rsc by RouterOS # RouterOS script: mod/notification-ntfy -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch, scheduler # # send notifications via Ntfy (ntfy.sh) -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/notification-ntfy.md +# https://rsc.eworm.de/doc/mod/notification-ntfy.md :global FlushNtfyQueue; :global NotificationFunctions; @@ -15,9 +16,8 @@ :global SendNtfy2; # flush ntfy queue -:set FlushNtfyQueue do={ +:set FlushNtfyQueue do={ :onerror Err { :global NtfyQueue; - :global NtfyMessageIDs; :global IsFullyConnected; :global LogPrint; @@ -36,13 +36,13 @@ :foreach Id,Message in=$NtfyQueue do={ :if ([ :typeof $Message ] = "array" ) do={ - :do { + :onerror Err { /tool/fetch check-certificate=yes-without-crl output=none http-method=post \ http-header-field=($Message->"headers") http-data=($Message->"text") \ - ($Message->"url") user=($Message->"user") password=($Message->"pass") as-value; + ($Message->"url") as-value; :set ($NtfyQueue->$Id); - } on-error={ - $LogPrint debug $0 ("Sending queued Ntfy message failed."); + } do={ + $LogPrint debug $0 ("Sending queued Ntfy message failed: " . $Err); :set AllDone false; } } @@ -52,7 +52,9 @@ /system/scheduler/remove [ find where name="_FlushNtfyQueue" ]; :set NtfyQueue; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via ntfy - expects one array argument :set ($NotificationFunctions->"ntfy") do={ @@ -65,6 +67,8 @@ :global NtfyServerOverride; :global NtfyServerPass; :global NtfyServerPassOverride; + :global NtfyServerToken; + :global NtfyServerTokenOverride; :global NtfyServerUser; :global NtfyServerUserOverride; :global NtfyTopic; @@ -81,6 +85,7 @@ :local Server [ $EitherOr ($NtfyServerOverride->($Notification->"origin")) $NtfyServer ]; :local User [ $EitherOr ($NtfyServerUserOverride->($Notification->"origin")) $NtfyServerUser ]; :local Pass [ $EitherOr ($NtfyServerPassOverride->($Notification->"origin")) $NtfyServerPass ]; + :local Token [ $EitherOr ($NtfyServerTokenOverride->($Notification->"origin")) $NtfyServerToken ]; :local Topic [ $EitherOr ($NtfyTopicOverride->($Notification->"origin")) $NtfyTopic ]; :if ([ :len $Topic ] = 0) do={ @@ -91,12 +96,18 @@ :local Headers ({ [ $FetchUserAgentStr ($Notification->"origin") ]; \ ("Priority: " . [ $IfThenElse ($Notification->"silent") "low" "default" ]); \ ("Title: " . "[" . $IdentityExtra . $Identity . "] " . ($Notification->"subject")) }); + :if ([ :len $User ] > 0 || [ :len $Pass ] > 0) do={ + :set Headers ($Headers, ("Authorization: Basic " . [ :convert to=base64 ($User . ":" . $Pass) ])); + } + :if ([ :len $Token ] > 0) do={ + :set Headers ($Headers, ("Authorization: Bearer " . $Token)); + } :local Text (($Notification->"message") . "\n"); :if ([ :len ($Notification->"link") ] > 0) do={ :set Text ($Text . "\n" . [ $SymbolForNotification "link" ] . ($Notification->"link")); } - :do { + :onerror Err { :if ($Server = "ntfy.sh") do={ :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); @@ -104,9 +115,9 @@ } } /tool/fetch check-certificate=yes-without-crl output=none http-method=post \ - http-header-field=$Headers http-data=$Text $Url user=$User password=$Pass as-value; - } on-error={ - $LogPrint info $0 ("Failed sending ntfy notification! Queuing..."); + http-header-field=$Headers http-data=$Text $Url as-value; + } do={ + $LogPrint info $0 ("Failed sending ntfy notification: " . $Err . " - Queuing..."); :if ([ :typeof $NtfyQueue ] = "nothing") do={ :set NtfyQueue ({}); @@ -115,7 +126,7 @@ "This message was queued since " . [ /system/clock/get date ] . " " . \ [ /system/clock/get time ] . " and may be obsolete."); :set ($NtfyQueue->[ :len $NtfyQueue ]) \ - { url=$Url; user=$User; pass=$Pass; headers=$Headers; text=$Text }; + { url=$Url; headers=$Headers; text=$Text }; :if ([ :len [ /system/scheduler/find where name="_FlushNtfyQueue" ] ] = 0) do={ /system/scheduler/add name="_FlushNtfyQueue" interval=1m start-time=startup \ on-event=(":global FlushNtfyQueue; \$FlushNtfyQueue;"); @@ -132,11 +143,13 @@ } # send notification via ntfy - expects at least two string arguments -:set SendNtfy do={ +:set SendNtfy do={ :onerror Err { :global SendNtfy2; $SendNtfy2 ({ origin=$0; subject=$1; message=$2; link=$3; silent=$4 }); -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via ntfy - expects one array argument :set SendNtfy2 do={ diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index 671bd1c..2eb90e1 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -1,27 +1,28 @@ #!rsc by RouterOS # RouterOS script: mod/notification-telegram -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch, scheduler # # send notifications via Telegram -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/notification-telegram.md +# https://rsc.eworm.de/doc/mod/notification-telegram.md :global FlushTelegramQueue; +:global GetTelegramChatId; :global NotificationFunctions; :global PurgeTelegramQueue; :global SendTelegram; :global SendTelegram2; # flush telegram queue -:set FlushTelegramQueue do={ +:set FlushTelegramQueue do={ :onerror Err { :global TelegramQueue; :global TelegramMessageIDs; :global IsFullyConnected; :global LogPrint; - :global UrlEncode; :if ([ $IsFullyConnected ] = false) do={ $LogPrint debug $0 ("System is not fully connected, not flushing."); @@ -37,16 +38,14 @@ :foreach Id,Message in=$TelegramQueue do={ :if ([ :typeof $Message ] = "array" ) do={ - :do { + :onerror Err { :local Data ([ /tool/fetch check-certificate=yes-without-crl output=user http-method=post \ ("https://api.telegram.org/bot" . ($Message->"tokenid") . "/sendMessage") \ - http-data=("chat_id=" . ($Message->"chatid") . "&disable_notification=" . ($Message->"silent") . \ - "&reply_to_message_id=" . ($Message->"replyto") . "&disable_web_page_preview=true" . \ - "&parse_mode=MarkdownV2&text=" . [ $UrlEncode ($Message->"text") ]) as-value ]->"data"); + http-data=($Message->"http-data") as-value ]->"data"); :set ($TelegramQueue->$Id); :set ($TelegramMessageIDs->[ :tostr ([ :deserialize from=json value=$Data ]->"result"->"message_id") ]) 1; - } on-error={ - $LogPrint debug $0 ("Sending queued Telegram message failed."); + } do={ + $LogPrint debug $0 ("Sending queued Telegram message failed: " . $Err); :set AllDone false; } } @@ -56,7 +55,48 @@ /system/scheduler/remove [ find where name="_FlushTelegramQueue" ]; :set TelegramQueue; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } + +# get the chat id +:set GetTelegramChatId do={ :onerror Err { + :global TelegramTokenId; + + :global CertificateAvailable; + :global LogPrint; + + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + $LogPrint warning $0 ("Downloading required certificate failed."); + :return false; + } + + :local Data; + :onerror Err { + :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ + ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=0" . \ + "&allowed_updates=%5B%22message%22%5D") as-value ]->"data"); + } do={ + $LogPrint warning $0 ("Fetching data failed: " . $Err); + :return false; + } + + :local JSON [ :deserialize from=json value=$Data ]; + :local Count [ :len ($JSON->"result") ]; + + :if ($Count = 0) do={ + $LogPrint info $0 ("No message received."); + :return false; + } + + :local Message ($JSON->"result"->($Count - 1)->"message"); + $LogPrint info $0 ("The chat id is: " . ($Message->"chat"->"id")); + :if (($Message->"is_topic_message") = true) do={ + $LogPrint info $0 ("The thread id is: " . ($Message->"message_thread_id")); + } +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via telegram - expects one array argument :set ($NotificationFunctions->"telegram") do={ @@ -68,6 +108,8 @@ :global TelegramChatIdOverride; :global TelegramMessageIDs; :global TelegramQueue; + :global TelegramThreadId; + :global TelegramThreadIdOverride; :global TelegramTokenId; :global TelegramTokenIdOverride; @@ -108,6 +150,9 @@ :local ChatId [ $EitherOr ($Notification->"chatid") \ [ $EitherOr ($TelegramChatIdOverride->($Notification->"origin")) $TelegramChatId ] ]; + :local ThreadId [ $EitherOr ($Notification->"threadid") \ + [ $EitherOr ($TelegramThreadIdOverride->($Notification->"origin")) \ + [ $IfThenElse ([ :len ($TelegramChatIdOverride->($Notification->"origin")) ] = 0) $TelegramThreadId ] ] ]; :local TokenId [ $EitherOr ($TelegramTokenIdOverride->($Notification->"origin")) $TelegramTokenId ]; :if ([ :len $TokenId ] = 0 || [ :len $ChatId ] = 0) do={ @@ -142,19 +187,20 @@ (($LenSum - [ :len $Text ]) * 100 / $LenSum) . "%_!") "plain" "_" ]); } - :do { + :local HTTPData ("chat_id=" . $ChatId . "&disable_notification=" . ($Notification->"silent") . \ + "&reply_to_message_id=" . ($Notification->"replyto") . "&message_thread_id=" . $ThreadId . \ + "&disable_web_page_preview=true&parse_mode=MarkdownV2"); + :onerror Err { :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } :local Data ([ /tool/fetch check-certificate=yes-without-crl output=user http-method=post \ ("https://api.telegram.org/bot" . $TokenId . "/sendMessage") \ - http-data=("chat_id=" . $ChatId . "&disable_notification=" . ($Notification->"silent") . \ - "&reply_to_message_id=" . ($Notification->"replyto") . "&disable_web_page_preview=true" . \ - "&parse_mode=MarkdownV2&text=" . [ $UrlEncode $Text ]) as-value ]->"data"); + http-data=($HTTPData . "&text=" . [ $UrlEncode $Text ]) as-value ]->"data"); :set ($TelegramMessageIDs->[ :tostr ([ :deserialize from=json value=$Data ]->"result"->"message_id") ]) 1; - } on-error={ - $LogPrint info $0 ("Failed sending Telegram notification! Queuing..."); + } do={ + $LogPrint info $0 ("Failed sending Telegram notification: " . $Err . " - Queuing..."); :if ([ :typeof $TelegramQueue ] = "nothing") do={ :set TelegramQueue ({}); @@ -162,8 +208,8 @@ :set Text ($Text . "\n" . [ $SymbolForNotification "alarm-clock" ] . \ [ $EscapeMD ("This message was queued since _" . [ /system/clock/get date ] . \ " " . [ /system/clock/get time ] . "_ and may be obsolete.") "plain" "_" ]); - :set ($TelegramQueue->[ :len $TelegramQueue ]) { chatid=$ChatId; tokenid=$TokenId; - text=$Text; silent=($Notification->"silent"); replyto=($Notification->"replyto") }; + :set ($TelegramQueue->[ :len $TelegramQueue ]) { tokenid=$TokenId; + http-data=($HTTPData . "&text=" . [ $UrlEncode $Text ]) }; :if ([ :len [ /system/scheduler/find where name="_FlushTelegramQueue" ] ] = 0) do={ /system/scheduler/add name="_FlushTelegramQueue" interval=1m start-time=startup \ on-event=(":global FlushTelegramQueue; \$FlushTelegramQueue;"); @@ -180,11 +226,13 @@ } # send notification via telegram - expects at least two string arguments -:set SendTelegram do={ +:set SendTelegram do={ :onerror Err { :global SendTelegram2; $SendTelegram2 ({ origin=$0; subject=$1; message=$2; link=$3; silent=$4 }); -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # send notification via telegram - expects one array argument :set SendTelegram2 do={ diff --git a/mod/scriptrunonce.rsc b/mod/scriptrunonce.rsc index 3d5dce9..1d6aaf1 100644 --- a/mod/scriptrunonce.rsc +++ b/mod/scriptrunonce.rsc @@ -1,22 +1,23 @@ #!rsc by RouterOS # RouterOS script: mod/scriptrunonece -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # download script and run it once -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/scriptrunonce.md +# https://rsc.eworm.de/doc/mod/scriptrunonce.md :global ScriptRunOnce; # fetch and run script(s) once -:set ScriptRunOnce do={ +:set ScriptRunOnce do={ :onerror Err { :local Scripts [ :toarray $1 ]; :global ScriptRunOnceBaseUrl; :global ScriptRunOnceUrlSuffix; + :global FetchHuge; :global LogPrint; :global ValidateSyntax; @@ -29,24 +30,27 @@ :set Script ($ScriptRunOnceBaseUrl . $Script . ".rsc" . $ScriptRunOnceUrlSuffix); } - :local Source; - :do { - :set Source ([ /tool/fetch check-certificate=yes-without-crl $Script output=user as-value ]->"data"); - } on-error={ + :local Source [ $FetchHuge $0 $Script true ]; + :if ($Source = false) do={ $LogPrint warning $0 ("Failed fetching script '" . $Script . "'!"); + :return false; } - :if ([ :len $Source ] > 0) do={ - :if ([ $ValidateSyntax $Source ] = true) do={ - :do { - $LogPrint info $0 ("Running script '" . $Script . "' now."); - [ :parse $Source ]; - } on-error={ - $LogPrint warning $0 ("The script '" . $Script . "' failed to run!"); - } - } else={ - $LogPrint warning $0 ("The script '" . $Script . "' failed syntax validation!"); - } + :if ([ $ValidateSyntax $Source ] = false) do={ + $LogPrint warning $0 ("The script '" . $Script . "' failed syntax validation!"); + :return false; + } + + :onerror Err { + $LogPrint info $0 ("Running script '" . $Script . "' now."); + [ :parse $Source ]; + } do={ + $LogPrint warning $0 ("The script '" . $Script . "' failed to run: " . $Err); + :return false; } + + :return true; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } diff --git a/mod/ssh-keys-import.rsc b/mod/ssh-keys-import.rsc index d6b3b3f..7bdc95d 100644 --- a/mod/ssh-keys-import.rsc +++ b/mod/ssh-keys-import.rsc @@ -1,24 +1,25 @@ #!rsc by RouterOS # RouterOS script: mod/ssh-keys-import -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.16 # # import ssh keys for public key authentication -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md +# https://rsc.eworm.de/doc/mod/ssh-keys-import.md :global SSHKeysImport; :global SSHKeysImportFile; # import single key passed as string -:set SSHKeysImport do={ +:set SSHKeysImport do={ :onerror Err { :local Key [ :tostr $1 ]; :local User [ :tostr $2 ]; :global GetRandom20CharAlNum; :global LogPrint; :global MkDir; + :global RmDir; :global WaitForFile; :if ([ :len $Key ] = 0 || [ :len $User ] = 0) do={ @@ -54,24 +55,27 @@ /file/add name=$FileName contents=($Key . ", md5=" . $FingerPrintMD5); $WaitForFile $FileName; - :do { + :onerror Err { /user/ssh-keys/import public-key-file=$FileName user=$User; $LogPrint info $0 ("Imported ssh public key (" . $KeyVal->2 . ", " . $KeyVal->0 . ", " . \ "MD5:" . $FingerPrintMD5 . ") for user '" . $User . "'."); - /file/remove "tmpfs/ssh-keys-import"; - } on-error={ - $LogPrint warning $0 ("Failed importing key."); - /file/remove "tmpfs/ssh-keys-import"; + $RmDir "tmpfs/ssh-keys-import"; + } do={ + $LogPrint warning $0 ("Failed importing key: " . $Err); + $RmDir "tmpfs/ssh-keys-import"; :return false; } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } # import keys from a file -:set SSHKeysImportFile do={ +:set SSHKeysImportFile do={ :onerror Err { :local FileName [ :tostr $1 ]; :local User [ :tostr $2 ]; :global EitherOr; + :global FileExists; :global LogPrint; :global ParseKeyValueStore; :global SSHKeysImport; @@ -81,8 +85,7 @@ :return false; } - :local File [ /file/find where name=$FileName ]; - :if ([ :len $File ] = 0) do={ + :if ([ $FileExists $FileName ] = true) do={ $LogPrint warning $0 ("File '" . $FileName . "' does not exist."); :return false; } @@ -91,9 +94,7 @@ :foreach KeyVal in=[ :deserialize $Keys delimiter=" " from=dsv options=dsv.plain ] do={ :local Continue false; :if ($KeyVal->0 = "ssh-ed25519" || $KeyVal->0 = "ssh-rsa") do={ - :do { - $SSHKeysImport ($KeyVal->0 . " " . $KeyVal->1 . " " . $KeyVal->2) $User; - } on-error={ + :if ([ $SSHKeysImport ($KeyVal->0 . " " . $KeyVal->1 . " " . $KeyVal->2) $User ] = false) do={ $LogPrint warning $0 ("Failed importing key for user '" . $User . "'."); } :set Continue true; @@ -106,4 +107,6 @@ $LogPrint warning $0 ("SSH key of type '" . $KeyVal->0 . "' is not supported."); } } -} +} do={ + :global ExitError; $ExitError false $0 $Err; +} } diff --git a/mode-button.rsc b/mode-button.rsc index 3bd922b..d82f899 100644 --- a/mode-button.rsc +++ b/mode-button.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: mode-button -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, scheduler # # act on multiple mode and reset button presses -# https://git.eworm.de/cgit/routeros-scripts/about/doc/mode-button.md +# https://rsc.eworm.de/doc/mode-button.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global ModeButton; @@ -24,7 +26,9 @@ :if ([ :len $Scheduler ] = 0) do={ $LogPrint info $ScriptName ("Creating scheduler _ModeButtonScheduler, counting presses..."); - :global ModeButtonScheduler do={ + :global ModeButtonScheduler do={ :onerror Err { + :local FuncName $0; + :global ModeButton; :global LogPrint; @@ -53,7 +57,7 @@ :if ([ :len $Code ] > 0) do={ :if ([ $ValidateSyntax $Code ] = true) do={ - $LogPrint info $0 ("Acting on " . $Count . " mode-button presses: " . $Code); + $LogPrint info $FuncName ("Acting on " . $Count . " mode-button presses: " . $Code); :for I from=1 to=$Count do={ $LEDInvert; @@ -65,22 +69,28 @@ :delay 200ms; } - :do { + :onerror Err { [ :parse $Code ]; - } on-error={ - $LogPrint warning $0 ("The code for " . $Count . " mode-button presses failed with runtime error!"); + } do={ + $LogPrint warning $FuncName \ + ("The code for " . $Count . " mode-button presses failed with runtime error: " . $Err); } } else={ - $LogPrint warning $0 ("The code for " . $Count . " mode-button presses failed syntax validation!"); + $LogPrint warning $FuncName \ + ("The code for " . $Count . " mode-button presses failed syntax validation!"); } } else={ - $LogPrint info $0 ("No action defined for " . $Count . " mode-button presses."); + $LogPrint info $FuncName ("No action defined for " . $Count . " mode-button presses."); } - } + } do={ + :global ExitError; $ExitError false $0 $Err; + } } /system/scheduler/add name="_ModeButtonScheduler" \ on-event=":global ModeButtonScheduler; \$ModeButtonScheduler;" interval=3s; } else={ $LogPrint debug $ScriptName ("Updating scheduler _ModeButtonScheduler..."); /system/scheduler/set $Scheduler start-time=[ /system/clock/get time ]; } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index 09d471d..9e2f9bc 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: netwatch-dns -# Copyright (c) 2022-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2022-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.16 +# requires device-mode, fetch # # monitor and manage dns/doh with netwatch -# https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-dns.md +# https://rsc.eworm.de/doc/netwatch-dns.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CertificateAvailable; @@ -24,12 +26,14 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :local SettleTime (5m30s - [ /system/resource/get uptime ]); :if ($SettleTime > 0s) do={ $LogPrint info $ScriptName ("System just booted, giving netwatch " . $SettleTime . " to settle."); + :set ExitOK true; :error true; } @@ -80,7 +84,7 @@ :local HostVal [ /tool/netwatch/get $Host ]; :local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ]; :local HostName [ /ip/dns/static/find where name address=($HostVal->"host") \ - (!type or type="A" or type="AAAA") !disabled !dynamic ]; + (type="A" or type="AAAA") !disabled !dynamic ]; :if ([ :len $HostName ] > 0) do={ :set HostName [ /ip/dns/static/get ($HostName->0) name ]; } @@ -92,6 +96,7 @@ :if ($DohCurrent = $HostInfo->"doh-url") do={ $LogPrint debug $ScriptName ("Current DoH server is still up: " . $DohCurrent); + :set ExitOK true; :error true; } @@ -113,15 +118,17 @@ } :local Data false; - :do { - :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ - http-header-field=({ "accept: application/dns-message" }) \ - url=(($DohServer->"doh-url") . "?dns=" . [ :convert to=base64 ([ :rndstr length=2 ] . \ - "\01\00" . "\00\01" . "\00\00" . "\00\00" . "\00\00" . "\09doh-check\05eworm\02de\00" . \ - "\00\10" . "\00\01") ]) as-value ]->"data"); - } on-error={ - $LogPrint warning $ScriptName ("Request to DoH server failed (network or certificate issue): " . \ - ($DohServer->"doh-url")); + :onerror Err { + :retry { + :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ + http-header-field=({ "accept: application/dns-message" }) \ + url=(($DohServer->"doh-url") . "?dns=" . [ :convert to=base64 ([ :rndstr length=2 ] . \ + "\01\00" . "\00\01" . "\00\00" . "\00\00" . "\00\00" . "\09doh-check\05eworm\02de\00" . \ + "\00\10" . "\00\01") ]) as-value ]->"data"); + } delay=1s max=3; + } do={ + $LogPrint warning $ScriptName ("Request to DoH server " . ($DohServer->"doh-url") . \ + " failed: " . $Err); } :if ($Data != false) do={ @@ -132,6 +139,7 @@ } /ip/dns/cache/flush; $LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url")); + :set ExitOK true; :error true; } else={ $LogPrint warning $ScriptName ("Received unexpected response from DoH server: " . \ @@ -139,4 +147,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index a49d0cd..00f03cd 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: netwatch-notify -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # requires RouterOS, version=7.15 # # monitor netwatch and send notifications -# https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-notify.md +# https://rsc.eworm.de/doc/netwatch-notify.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global NetwatchNotify; @@ -37,10 +38,10 @@ :global ValidateSyntax; :if ([ $ValidateSyntax $Hook ] = true) do={ - :do { + onerror Err { [ :parse $Hook ]; - } on-error={ - $LogPrint warning $ScriptName ("The " . $State . "-hook for " . $Type . " '" . $Name . "' failed to run."); + } do={ + $LogPrint warning $ScriptName ("The " . $State . "-hook for " . $Type . " '" . $Name . "' failed to run: " . $Err); :return ("The hook failed to run."); } } else={ @@ -60,21 +61,26 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; - :delay 20ms; - :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; + :if ([ :typeof [ :toip $Expected ] ] = "ip") do={ + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; + :delay 20ms; + :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; + } } - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; - :delay 20ms; - :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; + :if ([ :typeof [ :toip6 $Expected ] ] = "ip6") do={ + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; + :delay 20ms; + :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; + } } :return false; } :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -101,7 +107,7 @@ :if ([ :typeof ($HostInfo->"resolve") ] = "str") do={ :if ([ $IsDNSResolving ] = true) do={ - :do { + :onerror Err { :local Resolve [ :resolve type=[ $IfThenElse ([ :typeof ($HostVal->"host") ] = "ip") \ "ipv4" "ipv6" ] ($HostInfo->"resolve") ]; :if ($Resolve != $HostVal->"host") do={ @@ -115,13 +121,13 @@ :set ($HostVal->"status") "unknown"; } } - } on-error={ + } do={ :set ($Metric->"resolve-failcnt") ($Metric->"resolve-failcnt" + 1); :if ($Metric->"resolve-failcnt" = 3) do={ $LogPrint [ $IfThenElse ($HostInfo->"no-resolve-fail" != true) warning debug ] \ $ScriptName ("Resolving name '" . $HostInfo->"resolve" . [ $IfThenElse \ ($HostInfo->"resolve" != $HostInfo->"name") ("' for " . $Type . " '" . \ - $HostInfo->"name") "" ] . "' failed."); + $HostInfo->"name") "" ] . "' failed: " . $Err); } } } @@ -218,4 +224,6 @@ "since"=($Metric->"since") }; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 9ab811d..dbfb1b9 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -1,6 +1,6 @@ # News, changes and migration by RouterOS Scripts -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md :global IDonate; @@ -56,6 +56,13 @@ 129="Extended 'backup-partition' to support RouterOS copy-over - interactively or before feature update."; 130="Dropped intermediate certificates, depending on just root certificates now."; 131="Enhanced certificate download to fallback to mkcert.org, so all (commonly trusted) root certificates are available now."; + 132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically."; + 133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added."; + 134="Enhanced 'mod/notification-telegram' and 'telegram-chat' to support topics in groups."; + 135="Introduced helper function '\$GetTelegramChatId' for 'mod/notification-telegram' which helps retrieve information."; + 136="Introduced script 'check-perpetual-license' to check for license state on CHR."; + 137="Added support to send notifications via Gotify (gotify.net)."; + 138="RouterOS 7.19 is suffering an issue with certificate store. Fixing trust state for all certificates..."; }; # Migration steps to be applied on script updates @@ -64,4 +71,6 @@ 100=":global ScriptInstallUpdate; :if ([ :len [ /system/script/find where name=\"ssh-keys-import\" source~\"^#!rsc by RouterOS\\r?\\n\" ] ] > 0) do={ /system/script/set name=\"mod/ssh-keys-import\" ssh-keys-import; \$ScriptInstallUpdate; }"; 104=":global CharacterReplace; :global ScriptInstallUpdate; :foreach Script in={ \"capsman-download-packages\"; \"capsman-rolling-upgrade\"; \"hotspot-to-wpa\"; \"hotspot-to-wpa-cleanup\" } do={ /system/script/set name=(\$Script . \".capsman\") [ find where name=\$Script ]; :foreach Scheduler in=[ /system/scheduler/find where on-event~(\$Script . \"([^-.]|\\\$)\") ] do={ /system/scheduler/set \$Scheduler on-event=[ \$CharacterReplace [ get \$Scheduler on-event ] \$Script (\$Script . \".capsman\") ]; }; }; /ip/hotspot/user/profile/set on-login=\"hotspot-to-wpa.capsman\" [ find where on-login=\"hotspot-to-wpa\" ]; \$ScriptInstallUpdate;"; 111=":local Rec [ /ip/dns/static/find where comment~\"^managed by dhcp-to-dns for \" ]; :if ([ :len \$Rec ] > 0) do={ /ip/dns/static/remove \$Rec; /system/script/run dhcp-to-dns; }"; + 132=":if ([ :len [ /system/script/find where name=\"check-health\" ] ] > 0) do={ :local Code \":local Install \\\"check-health\\\"; :if ([ :len [ /system/health/find where type=\\\"\\\" name~\\\"-state\\\\\\\$\\\" ] ] > 0) do={ :set Install (\\\$Install . \\\",check-health.d/state\\\"); }; :if ([ :len [ /system/health/find where type=\\\"C\\\" ] ] > 0) do={ :set Install (\\\$Install . \\\",check-health.d/temperature\\\"); }; :if ([ :len [ /system/health/find where type=\\\"V\\\" ] ] > 0) do={ :set Install (\\\$Install . \\\",check-health.d/voltage\\\"); }; :global ScriptInstallUpdate; \\\$ScriptInstallUpdate \\\$Install;\"; :global ValidateSyntax; :if ([ \$ValidateSyntax \$Code ] = true) do={ :do { [ :parse \$Code ]; } on-error={ }; }; }"; + 138="/certificate/set trusted=yes [ find where trusted=yes ];"; }; diff --git a/ospf-to-leds.rsc b/ospf-to-leds.rsc index b78faa4..26f8aa3 100644 --- a/ospf-to-leds.rsc +++ b/ospf-to-leds.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: ospf-to-leds -# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2020-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # visualize ospf instance state via leds -# https://git.eworm.de/cgit/routeros-scripts/about/doc/ospf-to-leds.md +# https://rsc.eworm.de/doc/ospf-to-leds.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; @@ -19,6 +20,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -42,4 +44,6 @@ /system/leds/set type=off [ find where leds=$LED ]; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/packages-update.rsc b/packages-update.rsc index b08a48d..d3140f2 100644 --- a/packages-update.rsc +++ b/packages-update.rsc @@ -1,19 +1,25 @@ #!rsc by RouterOS # RouterOS script: packages-update -# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, scheduler # # download packages and reboot for installation -# https://git.eworm.de/cgit/routeros-scripts/about/doc/packages-update.md +# https://rsc.eworm.de/doc/packages-update.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; + :global BackupRandomDelay; + :global PackagesUpdateDeferReboot; + :global PackagesUpdateBackupFailure; + :global DownloadPackage; :global Grep; :global LogPrint; @@ -22,29 +28,39 @@ :global ScriptLock; :global VersionToNum; - :global PackagesUpdateDeferReboot; - :global PackagesUpdateBackupFailure; - :local Schedule do={ :local ScriptName [ :tostr $1 ]; + :global PackagesUpdateDeferReboot; + :global GetRandomNumber; + :global IfThenElse; :global LogPrint; :global RebootForUpdate do={ /system/reboot; } + :local Interval [ $IfThenElse ([ :totime $PackagesUpdateDeferReboot ] >= 1d) \ + $PackagesUpdateDeferReboot 1d ]; :local StartTime [ :tostr [ :totime (10800 + [ $GetRandomNumber 7200 ]) ] ]; - /system/scheduler/add name="_RebootForUpdate" start-time=$StartTime interval=1d \ + /system/scheduler/add name="_RebootForUpdate" start-time=$StartTime interval=$Interval \ on-event=("/system/scheduler/remove \"_RebootForUpdate\"; " . \ ":global RebootForUpdate; \$RebootForUpdate;"); $LogPrint info $ScriptName ("Scheduled reboot for update at " . $StartTime . \ - " local time (" . [ /system/clock/get time-zone-name ] . ")."); + " local time (" . [ /system/clock/get time-zone-name ] . ")" . \ + [ $IfThenElse ($Interval > 1d) (" deferred by " . $Interval) ] . "."); :return true; } :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; + :error false; + } + + :if ([ :len [ /system/scheduler/find where name="running-from-backup-partition" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Running from backup partition, refusing to act."); + :set ExitOK true; :error false; } @@ -52,11 +68,13 @@ :if ([ :typeof ($Update->"latest-version") ] = "nothing") do={ $LogPrint warning $ScriptName ("Latest version is not known."); + :set ExitOK true; :error false; } :if ($Update->"installed-version" = $Update->"latest-version") do={ $LogPrint info $ScriptName ("Version " . $Update->"latest-version" . " is already installed."); + :set ExitOK true; :error true; } @@ -68,7 +86,9 @@ :set ($RunOrder->($Store->"order" . "-" . $ScriptVal->"name")) ($ScriptVal->"name"); } + :local BackupRandomDelayBefore $BackupRandomDelay; :foreach Order,Script in=$RunOrder do={ + :set BackupRandomDelay 0; :set PackagesUpdateBackupFailure false; :do { $LogPrint info $ScriptName ("Running backup script " . $Script . " before update."); @@ -76,6 +96,7 @@ } on-error={ :set PackagesUpdateBackupFailure true; } + :set BackupRandomDelay $BackupRandomDelayBefore; :if ($PackagesUpdateBackupFailure = true) do={ $LogPrint warning $ScriptName ("Running backup script " . $Script . " before update failed!"); @@ -85,10 +106,12 @@ $LogPrint info $ScriptName ("User requested to continue anyway."); } else={ $LogPrint info $ScriptName ("Canceled update..."); + :set ExitOK true; :error false; } } else={ $LogPrint warning $ScriptName ("Canceled non-interactive update."); + :set ExitOK true; :error false; } } @@ -108,14 +131,16 @@ } } else={ $LogPrint warning $ScriptName ("Not installing downgrade automatically."); + :set ExitOK true; :error false; } } - :foreach Package in=[ /system/package/find where !bundle ] do={ + :foreach Package in=[ /system/package/find where !bundle !available ] do={ :local PkgName [ /system/package/get $Package name ]; :if ([ $DownloadPackage $PkgName ($Update->"latest-version") ] = false) do={ $LogPrint error $ScriptName ("Download for package " . $PkgName . " failed, update aborted."); + :set ExitOK true; :error false; } } @@ -130,11 +155,13 @@ :put "Do you want to (s)chedule reboot or (r)eboot now? [s/R]"; :if (([ /terminal/inkey timeout=60 ] % 32) = 19) do={ $Schedule $ScriptName; + :set ExitOK true; :error true; } } else={ - :if ($PackagesUpdateDeferReboot = true) do={ + :if ($PackagesUpdateDeferReboot = true || [ :totime $PackagesUpdateDeferReboot ] >= 1d) do={ $Schedule $ScriptName; + :set ExitOK true; :error true; } } @@ -142,4 +169,6 @@ $LogPrint info $ScriptName ("Rebooting for update."); :delay 1s; /system/reboot; -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/ppp-on-up.rsc b/ppp-on-up.rsc index 337b32d..f16d73f 100644 --- a/ppp-on-up.rsc +++ b/ppp-on-up.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: ppp-on-up -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # run scripts on ppp up -# https://git.eworm.de/cgit/routeros-scripts/about/doc/ppp-on-up.md +# https://rsc.eworm.de/doc/ppp-on-up.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global LogPrint; @@ -20,13 +21,14 @@ :if ([ :typeof $Interface ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ppp on-up script hook."); + :set ExitOK true; :error false; } :local IntName [ /interface/get $Interface name ]; $LogPrint info $ScriptName ("PPP interface " . $IntName . " is up."); - /ipv6/dhcp-client/release [ find where interface=$IntName !disabled ]; + /ipv6/dhcp-client/release [ find where interface=$IntName !disabled bound ]; :foreach Script in=[ /system/script/find where source~("\n# provides: ppp-on-up\r?\n") ] do={ :local ScriptName [ /system/script/get $Script name ]; @@ -37,4 +39,6 @@ $LogPrint warning $ScriptName ("Running script '" . $ScriptName . "' failed!"); } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/sms-action.rsc b/sms-action.rsc index c896659..47e1922 100644 --- a/sms-action.rsc +++ b/sms-action.rsc @@ -1,17 +1,18 @@ #!rsc by RouterOS # RouterOS script: sms-action -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # run action on received SMS -# https://git.eworm.de/cgit/routeros-scripts/about/doc/sms-action.md +# https://rsc.eworm.de/doc/sms-action.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global SmsAction; @@ -23,6 +24,7 @@ :if ([ :typeof $Action ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from SMS hook with action=..."); + :set ExitOK true; :error false; } @@ -34,4 +36,6 @@ } else={ $LogPrint warning $ScriptName ("The code for action '" . $Action . "' failed syntax validation!"); } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/sms-forward.rsc b/sms-forward.rsc index 0d493b6..feb640e 100644 --- a/sms-forward.rsc +++ b/sms-forward.rsc @@ -1,18 +1,19 @@ #!rsc by RouterOS # RouterOS script: sms-forward -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Anatoly Bubenkov <bubenkoff@gmail.com> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # forward SMS to e-mail -# https://git.eworm.de/cgit/routeros-scripts/about/doc/sms-forward.md +# https://rsc.eworm.de/doc/sms-forward.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -28,11 +29,13 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :if ([ /tool/sms/get receive-enabled ] = false) do={ $LogPrintOnce warning $ScriptName ("Receiving of SMS is not enabled."); + :set ExitOK true; :error false; } @@ -42,6 +45,7 @@ :if ([ /interface/lte/get ($Settings->"port") running ] != true) do={ $LogPrint info $ScriptName ("The LTE interface is not in running state, skipping."); + :set ExitOK true; :error true; } @@ -57,7 +61,12 @@ :if ($Phone = $Settings->"allowed-number" && \ ($SmsVal->"message")~("^:cmd " . $Settings->"secret" . " script ")) do={ $LogPrint debug $ScriptName ("Removing SMS, which started a script."); - /tool/sms/inbox/remove $Sms; + :onerror Err { + /tool/sms/inbox/remove $Sms; + :delay 50ms; + } do={ + $LogPrint warning $ScriptName ("Failed to remove message: " . $Err); + } } else={ :set Messages ($Messages . "\n\nOn " . $SmsVal->"timestamp" . \ " type " . $SmsVal->"type" . ":\n" . $SmsVal->"message"); @@ -65,12 +74,12 @@ :if ($Phone~($Hook->"allowed-number") && ($SmsVal->"message")~($Hook->"match")) do={ :if ([ $ValidateSyntax ($Hook->"command") ] = true) do={ $LogPrint info $ScriptName ("Running hook '" . $Hook->"match" . "': " . $Hook->"command"); - :do { + :onerror Err { :local Command [ :parse ($Hook->"command") ]; $Command Phone=$Phone Message=($SmsVal->"message"); :set Messages ($Messages . "\n\nRan hook '" . $Hook->"match" . "':\n" . $Hook->"command"); - } on-error={ - $LogPrint warning $ScriptName ("The code for hook '" . $Hook->"match" . "' failed to run!"); + } do={ + $LogPrint warning $ScriptName ("The code for hook '" . $Hook->"match" . "' failed to run: " . $Err); } } else={ $LogPrint warning $ScriptName ("The code for hook '" . $Hook->"match" . "' failed syntax validation!"); @@ -88,8 +97,15 @@ message=("Received " . [ $IfThenElse ($Count = 1) "this message" ("these " . $Count . " messages") ] . \ " by " . $Identity . " from " . $Phone . ":" . $Messages) }); :foreach Sms in=$Delete do={ - /tool/sms/inbox/remove $Sms; + :onerror Err { + /tool/sms/inbox/remove $Sms; + :delay 50ms; + } do={ + $LogPrint warning $ScriptName ("Failed to remove message: " . $Err); + } } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/super-mario-theme.rsc b/super-mario-theme.rsc index 63308b0..726c526 100644 --- a/super-mario-theme.rsc +++ b/super-mario-theme.rsc @@ -1,10 +1,10 @@ #!rsc by RouterOS # RouterOS script: super-mario-theme -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # play Super Mario theme -# https://git.eworm.de/cgit/routeros-scripts/about/doc/super-mario-theme.md +# https://rsc.eworm.de/doc/super-mario-theme.md :local Beeps { { 660; 100 }; 150; { 660; 100 }; 300; { 660; 100 }; 300; diff --git a/telegram-chat.rsc b/telegram-chat.rsc index f2750f5..7f7b7a7 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -1,17 +1,19 @@ #!rsc by RouterOS # RouterOS script: telegram-chat -# Copyright (c) 2023-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2023-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # # requires RouterOS, version=7.15 +# requires device-mode, fetch # # use Telegram to chat with your Router and send commands -# https://git.eworm.de/cgit/routeros-scripts/about/doc/telegram-chat.md +# https://rsc.eworm.de/doc/telegram-chat.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global Identity; @@ -28,13 +30,16 @@ :global CertificateAvailable; :global EitherOr; :global EscapeForRegEx; + :global FileExists; :global GetRandom20CharAlNum; :global IfThenElse; :global LogPrint; + :global LogPrintVerbose; :global MAX; :global MIN; :global MkDir; :global RandomDelay; + :global RmDir; :global ScriptLock; :global SendTelegram2; :global SymbolForNotification; @@ -43,6 +48,7 @@ :global WaitFullyConnected; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -57,6 +63,7 @@ :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ $LogPrint warning $ScriptName ("Downloading required certificate failed."); + :set ExitOK true; :error false; } @@ -65,14 +72,14 @@ :local Data false; :for I from=1 to=4 do={ :if ($Data = false) do={ - :do { + :onerror Err { :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=" . \ $TelegramChatOffset->0 . "&allowed_updates=%5B%22message%22%5D") as-value ]->"data"); :set TelegramRandomDelay [ $MAX 0 ($TelegramRandomDelay - 1) ]; - } on-error={ + } do={ :if ($I < 4) do={ - $LogPrint debug $ScriptName ("Fetch failed, " . $I . ". try."); + $LogPrint debug $ScriptName ("Fetch failed, " . $I . ". try: " . $Err); :set TelegramRandomDelay [ $MIN 15 ($TelegramRandomDelay + 5) ]; :delay (($I * $I) . "s"); } @@ -82,6 +89,7 @@ :if ($Data = false) do={ $LogPrint warning $ScriptName ("Failed getting updates."); + :set ExitOK true; :error false; } @@ -90,17 +98,22 @@ :local Uptime [ /system/resource/get uptime ]; :foreach Update in=($JSON->"result") do={ :set UpdateID ($Update->"update_id"); + $LogPrintVerbose debug $ScriptName ("Update " . $UpdateID . ": " . [ :serialize to=json $Update ]); + :local Message ($Update->"message"); - :local IsReply [ :len ($Message->"reply_to_message") ]; + :local IsAnyReply ([ :typeof ($Message->"reply_to_message") ] = "array"); :local IsMyReply ($TelegramMessageIDs->[ :tostr ($Message->"reply_to_message"->"message_id") ]); :if (($IsMyReply = 1 || $TelegramChatOffset->0 > 0 || $Uptime > 5m) && $UpdateID >= $TelegramChatOffset->2) do={ :local Trusted false; :local Chat ($Message->"chat"); :local From ($Message->"from"); :local Command ($Message->"text"); + :local ThreadId [ $IfThenElse ($Message->"is_topic_message") ($Message->"message_thread_id") "" ]; :foreach IdsTrusted in=($TelegramChatId, $TelegramChatIdsTrusted) do={ - :if ($From->"id" = $IdsTrusted || $From->"username" = $IdsTrusted) do={ + :if ($From->"id" = $IdsTrusted || \ + $From->"username" = $IdsTrusted || \ + $Chat->"id" = $IdsTrusted) do={ :set Trusted true; } } @@ -109,9 +122,11 @@ :local Done false; :if ($Command = "?") do={ $LogPrint info $ScriptName ("Sending notice for update " . $UpdateID . "."); - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ - message=("Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); + message=([ $IfThenElse ([ :len ($From->"first_name") ] > 0) ("Hello " . ($From->"first_name") . "!\n\n") ] . \ + "Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); :set Done true; } :if ($Done = false && [ :pick $Command 0 1 ] = "!") do={ @@ -124,12 +139,14 @@ " from update " . $UpdateID . "!"); :set Done true; } - :if ($Done = false && ($IsMyReply = 1 || ($IsReply = 0 && $TelegramChatActive = true)) && [ :len $Command ] > 0) do={ + :if ($Done = false && ($IsMyReply = 1 || ($IsAnyReply = false && \ + $TelegramChatActive = true)) && [ :len $Command ] > 0) do={ :if ([ $ValidateSyntax $Command ] = true) do={ :local State ""; :local File ("tmpfs/telegram-chat/" . [ $GetRandom20CharAlNum 6 ]); :if ([ $MkDir "tmpfs/telegram-chat" ] = false) do={ $LogPrint error $ScriptName ("Failed creating directory!"); + :set ExitOK true; :error false; } $LogPrint info $ScriptName ("Running command from update " . $UpdateID . ": " . $Command); @@ -138,20 +155,22 @@ :if ([ $WaitForFile ($File . ".done") [ $EitherOr $TelegramChatRunTime 20s ] ] = false) do={ :set State ([ $SymbolForNotification "warning-sign" ] . "The command did not finish, still running in background.\n\n"); } - :if ([ :len [ /file/find where name=($File . ".failed") ] ] > 0) do={ + :if ([ $FileExists ($File . ".failed") ] = true) do={ :set State ([ $SymbolForNotification "cross-mark" ] . "The command failed with an error!\n\n"); } :local Content ([ /file/read chunk-size=32768 file=$File as-value ]->"data"); - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=([ $SymbolForNotification "gear" ] . "Command:\n" . $Command . "\n\n" . \ $State . [ $IfThenElse ([ :len $Content ] > 0) \ ([ $SymbolForNotification "memo" ] . "Output:\n" . $Content) \ ([ $SymbolForNotification "memo" ] . "No output.") ]) }); - /file/remove "tmpfs/telegram-chat"; + $RmDir "tmpfs/telegram-chat"; } else={ $LogPrint info $ScriptName ("The command from update " . $UpdateID . " failed syntax validation!"); - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=([ $SymbolForNotification "gear" ] . "Command:\n" . $Command . "\n\n" . \ [ $SymbolForNotification "cross-mark" ] . "The command failed syntax validation!") }); @@ -163,7 +182,8 @@ " (ID " . $From->"id" . ") in update " . $UpdateID . "!"); :if ($Command ~ ("^! *" . [ $EscapeForRegEx $Identity ] . "\$")) do={ $LogPrint warning $ScriptName $MessageText; - $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; replyto=($Message->"message_id"); \ + $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=false; \ + replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ message=("You are not trusted.") }); } else={ @@ -176,4 +196,6 @@ } :set TelegramChatOffset ([ :pick $TelegramChatOffset 1 3 ], \ [ $IfThenElse ($UpdateID >= $TelegramChatOffset->2) ($UpdateID + 1) ($TelegramChatOffset->2) ]); -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/unattended-lte-firmware-upgrade.rsc b/unattended-lte-firmware-upgrade.rsc index 7ce4028..237c2d8 100644 --- a/unattended-lte-firmware-upgrade.rsc +++ b/unattended-lte-firmware-upgrade.rsc @@ -1,18 +1,21 @@ #!rsc by RouterOS # RouterOS script: unattended-lte-firmware-upgrade -# Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2018-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md +# +# requires RouterOS, version=7.15 +# requires device-mode, scheduler # # schedule unattended lte firmware upgrade -# https://git.eworm.de/cgit/routeros-scripts/about/doc/unattended-lte-firmware-upgrade.md +# https://rsc.eworm.de/doc/unattended-lte-firmware-upgrade.md :foreach Interface in=[ /interface/lte/find where running ] do={ :local Firmware; :local IntName [ /interface/lte/get $Interface name ]; - :do { + :onerror Err { :set Firmware [ /interface/lte/firmware-upgrade $Interface as-value ]; - } on-error={ - :log debug ("Could not get latest LTE firmware version for interface " . $IntName . "."); + } do={ + :log debug ("Could not get latest LTE firmware version for interface " . $IntName . ": " . $Err); } :if ([ :typeof $Firmware ] = "array") do={ @@ -24,7 +27,7 @@ :set LTEFirmwareUpgrade; /system/scheduler/remove ($1 . "-firmware-upgrade"); - :do { + :onerror Err { /interface/lte/firmware-upgrade $1 upgrade=yes; :log info ("LTE firmware upgrade on '" . $1 . "' finished, waiting for reset."); :delay 240s; @@ -33,8 +36,8 @@ ($Firmware->"installed") != ($Firmware->"latest")) do={ :log warning ("LTE firmware versions still differ. Upgrade failed anyway?"); } - } on-error={ - :log error ("LTE firmware upgrade on '" . $1 . "' failed."); + } do={ + :log error ("LTE firmware upgrade on '" . $1 . "' failed: " . $Err); } } diff --git a/update-gre-address.rsc b/update-gre-address.rsc index 6dd829d..dd7d63e 100644 --- a/update-gre-address.rsc +++ b/update-gre-address.rsc @@ -1,18 +1,19 @@ #!rsc by RouterOS # RouterOS script: update-gre-address -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> +# https://rsc.eworm.de/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update gre interface remote address with dynamic address from # ipsec remote peer -# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-gre-address.md +# https://rsc.eworm.de/doc/update-gre-address.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CharacterReplace; @@ -20,6 +21,7 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } @@ -39,4 +41,6 @@ } } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} diff --git a/update-tunnelbroker.rsc b/update-tunnelbroker.rsc index 67a5d30..9057e1e 100644 --- a/update-tunnelbroker.rsc +++ b/update-tunnelbroker.rsc @@ -1,19 +1,21 @@ #!rsc by RouterOS # RouterOS script: update-tunnelbroker -# Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de> +# Copyright (c) 2013-2025 Christian Hesse <mail@eworm.de> # Michael Gisbers <michael@gisbers.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# https://rsc.eworm.de/COPYING.md # # provides: ppp-on-up -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 +# requires device-mode, fetch # # update local address of tunnelbroker interface -# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-tunnelbroker.md +# https://rsc.eworm.de/doc/update-tunnelbroker.md -:global GlobalFunctionsReady; -:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } - -:do { +:local ExitOK false; +:onerror Err { + :global GlobalConfigReady; :global GlobalFunctionsReady; + :retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \ + do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; :global CertificateAvailable; @@ -22,11 +24,13 @@ :global ScriptLock; :if ([ $ScriptLock $ScriptName ] = false) do={ + :set ExitOK true; :error false; } :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" ] = false) do={ $LogPrint error $ScriptName ("Downloading required certificate failed."); + :set ExitOK true; :error false; } @@ -37,12 +41,12 @@ :for I from=2 to=0 do={ :if ($Data = false) do={ - :do { + :onerror Err { :set Data ([ /tool/fetch check-certificate=yes-without-crl \ ("https://ipv4.tunnelbroker.net/nic/update?hostname=" . $Comment->"id") \ user=($Comment->"user") password=($Comment->"pass") output=user as-value ]->"data"); - } on-error={ - $LogPrint debug $ScriptName ("Failed downloading, " . $I . " retries pending."); + } do={ + $LogPrint debug $ScriptName ("Failed downloading: " . $Err . " - " . $I . " retries pending."); :delay 2s; } } @@ -50,6 +54,7 @@ :if (!($Data ~ "^(good|nochg) ")) do={ $LogPrint error $ScriptName ("Failed sending the local address to tunnelbroker or unexpected response!"); + :set ExitOK true; :error false; } @@ -64,4 +69,6 @@ /interface/6to4/set $Interface local-address=$PublicAddress; } } -} on-error={ } +} do={ + :global ExitError; $ExitError $ExitOK [ :jobname ] $Err; +} |
