aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2024-07-04global-functions: $MkDir: enable tmpfs if disabledGravatar Christian Hesse1-1/+6
2024-07-02global-functions: $GetMacVendor: cert 'GTS Root R4'Gravatar Christian Hesse2-1/+21
2024-06-25check-certificates: limit scope for $CertNew...Gravatar Christian Hesse1-4/+3
... into block where certificate is replaced. This should unbreak renewing with a certificate updated in place.
2024-06-21global-functions: $CertificateDownload: try fallback to mkcert.orgchange-131Gravatar Christian Hesse2-11/+31
There's a nice API that allows to download certificate by exact common name. Let's use that, as a fallback at least. https://mkcert.org/
2024-06-21Merge branch 'root-certificates' into nextGravatar Christian Hesse36-2456/+334
2024-06-21notify on changes regarding certificateschange-130Gravatar Christian Hesse2-1/+2
2024-06-21certs: DigiCert TLS Hybrid ECC SHA384 2020 CA1 -> DigiCert Global Root CAGravatar Christian Hesse3-175/+30
This is used by Cloudflare DNS Quard9 (9.9.9.9). $CertificateAvailable "DigiCert Global Root CA"; /ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes;
2024-06-21certs: DigiCert Global G2 TLS RSA SHA256 2020 CA1 -> DigiCert Global Root G2Gravatar Christian Hesse3-183/+30
This is used by Cloudflare DNS (1.1.1.1). $CertificateAvailable "DigiCert Global Root G2"; /ip/dns/set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes;
2024-06-21certs: Go Daddy Secure Certificate Authority - G2 -> Go Daddy Root ↵Gravatar Christian Hesse4-180/+32
Certificate Authority - G2
2024-06-21certs: GTS CA 1C3 / GTS CA 1P5 -> GTS Root R1Gravatar Christian Hesse5-482/+40
2024-06-21certs: Starfield Secure Certificate Authority - G2 -> Starfield Root ↵Gravatar Christian Hesse3-180/+31
Certificate Authority - G2
2024-06-21certs: Cloudflare Inc ECC CA-3 -> Baltimore CyberTrust RootGravatar Christian Hesse3-165/+30
2024-06-21certs: Certum Domain Validation CA SHA2 -> Certum Trusted Network CAGravatar Christian Hesse3-177/+30
2024-06-21certs: GlobalSign Atlas R3 DV TLS CA 2022 Q3 -> GlobalSignGravatar Christian Hesse3-179/+30
2024-06-21certs: R3 / R10 -> ISRG Root X1Gravatar Christian Hesse6-471/+41
2024-06-21certs: E1 / E5 -> ISRG Root X2Gravatar Christian Hesse10-263/+38
In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. 🤪 This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
2024-06-20doc/mod/notification-matrix: drop certificate hint...Gravatar Christian Hesse1-3/+0
... as matrix.org switched to Let's Encrypt with ISRG Root X2.
2024-06-19Let's Encrypt changed their intermediate certificatesGravatar Christian Hesse8-16/+366
https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate.
2024-06-11unattended-lte-firmware-upgrade: check on valid version firstGravatar Christian Hesse1-1/+2
2024-06-11unattended-lte-firmware-upgrade: drop the AT resetGravatar Christian Hesse1-2/+1
The AT command to reset is specific to modem. So this worked for some only... Let's just drop it, and update the log message.
2024-06-11unattended-lte-firmware-upgrade: omit just another onceGravatar Christian Hesse1-1/+1
2024-06-10backup-cloud: remove trailing spacesGravatar Christian Hesse1-1/+1
How did I produce these!? 😳
2024-06-10unattended-lte-firmware-upgrade: omit onceGravatar netravnen1-1/+1
Omit `once` from the `/interface/lte/firmware-upgrade` command to make sure it does acutally return a valid result. Fixes #69
2024-06-10check-lte-firmware-upgrade: omit onceGravatar netravnen1-1/+1
Omit `once` from the `/interface/lte/firmware-upgrade` command to make sure it does acutally return a valid result.
2024-06-05backup-cloud: log note on previous connection errorsGravatar Christian Hesse1-0/+4
2024-06-01global-functions: $CleanName: no exception for dash...Gravatar Christian Hesse1-1/+1
... as we still want to deduplicate it when it is inside the input string. This also unbreak certificate import for "Go Daddy Secure Certificate Authority - G2" (and more)...
2024-05-25telegram-chat: drop extra parenthesisGravatar Christian Hesse1-3/+3
2024-05-24telegram-chat: convert the message (command) to stringGravatar Christian Hesse1-10/+11
RouterOS 7.15beta4 fixed a bug in JSON parser: *) console - do not convert string to array in ":deserialize" command; Before that change commands with a comma caused very crazy issues. Let's convert the message to a string. This does not give exactly the expected result, but mitigates telegram-chat to explode. A command like... /ip/address/print proplist=address,network; ... is converted to... /ip/address/print proplist=address;network; ... and results in: Columns: ADDRESS # ADDRESS 0 10.0.0.1/24 1 127.0.0.1/8 bad command name network (line 1 column 36)
2024-05-23Merge branch 'backup-partition' into nextGravatar Christian Hesse5-4/+66
2024-05-23backup-partition: news on support for copy-overchange-129Gravatar Christian Hesse2-1/+2
2024-05-23doc/backup-upload: fix link for backup-partitionGravatar Christian Hesse1-1/+1
2024-05-23backup-partition: support copy before feature updateGravatar Christian Hesse3-3/+30
2024-05-23doc/backup-email: fix link for backup-partitionGravatar Christian Hesse1-1/+1
2024-05-23backup-partition: move code to a local functionGravatar Christian Hesse1-5/+17
2024-05-23doc/backup-cloud: fix link for backup-partitionGravatar Christian Hesse1-1/+1
2024-05-23backup-partition: support RouterOS copy-over...Gravatar Christian Hesse2-3/+25
... when run interactively from CLI.
2024-05-15daily-psk: quote ssid and passphraseGravatar Christian Hesse4-4/+4
2024-05-15daily-psk: decrease indention in notificationGravatar Christian Hesse4-12/+12
2024-05-15daily-psk: adopt syntax changesrouteros-7.15beta8-1Gravatar Christian Hesse4-2/+6
RouterOS 7.15beta8 came with this change: *) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values; While the old code is bad syntax with RouterOS 7.15, the new code is valid for older RouterOS, but produces different (and more or less unexpected) results. 🥴 Let's use the new code, and add a check on the RouterOS version. With old RouterOS this now sends the notification even if the interface is disabled.
2024-05-15global-functions: $IsTimeSync: initialize with uptime...Gravatar Christian Hesse1-2/+2
... to make sure the warning is not issued too early.
2024-05-14fw-addr-lists: add 'strongips' list from blocklist.dechange-128Gravatar Christian Hesse5-3/+182
2024-05-08global-functions: $IsTimeSync: add (one time) warning on failed ntp syncGravatar Christian Hesse1-0/+1
2024-05-08global-functions: $IsTimeSync: log just onceGravatar Christian Hesse1-3/+3
2024-04-29global-functions: $WaitForFile: drop extra conversionGravatar Christian Hesse1-1/+1
2024-04-29global-functions: $WaitForFile: respect minimum delayGravatar Christian Hesse1-1/+2
2024-04-29global-functions: $WaitForFile: use fewer stepsGravatar Christian Hesse1-2/+2
2024-04-29telegram-chat: shorten the messageGravatar Christian Hesse1-1/+1
2024-04-29mod/notification-telegram: format percentage italicGravatar Christian Hesse1-2/+2
2024-04-29mod/notification-telegram: format date & time italicGravatar Christian Hesse1-2/+2
2024-04-29mod/notification-telegram: support excluding characters from escaping...Gravatar Christian Hesse1-1/+4
... to support formatting in plain text. Handle with care, this can break the request if done wrong!
2024-04-29mod/notification-telegram: use proper variable naming...Gravatar Christian Hesse1-7/+9
... in local escaping function.
2024-04-29mod/notification-telegram: capitalize Telegram in messageGravatar Christian Hesse1-1/+1
2024-04-29mod/notification-matrix: format date & time italicGravatar Christian Hesse1-5/+6
2024-04-29global-functions: $CleanName: do not start with a dashGravatar Christian Hesse1-4/+12
2024-04-29mod/ssh-keys-import: remove temporary directoryGravatar Christian Hesse1-0/+2
2024-04-29mod/ssh-keys-import: create directory laterGravatar Christian Hesse1-5/+5
2024-04-29global-functions: $FetchHuge: remove temporary directoryGravatar Christian Hesse1-4/+5
2024-04-29backup-cloud: retry on error...Gravatar Christian Hesse1-12/+16
Let's see if brute force helps. 🤪
2024-04-29backup-cloud: clean up and simplify codeGravatar Christian Hesse1-6/+4
2024-04-29backup-cloud: no early exit...Gravatar Christian Hesse1-1/+0
... as we want to make sure the directory (and its content) is removed.
2024-04-29backup-upload: no early exit...Gravatar Christian Hesse1-1/+0
2024-04-23backup-upload: remove temporary directoryGravatar Christian Hesse1-0/+1
2024-04-23netwatch-notify: log to debug...Gravatar Christian Hesse1-2/+3
... instead of discarding the message completely.
2024-04-19README: show fingerprints in outputGravatar Christian Hesse2-1/+1
This is not scrictly necessary, as we filter by fingerprint already... But it gives better overview and feeling.
2024-04-19README: remove left over certificate fileGravatar Christian Hesse1-1/+2
But use find as RouterOS 7.15rc1 removes it automatically.
2024-04-19INITIAL-COMMANDS: remove the certificate file with findrouteros-7.15rc1-2Gravatar Christian Hesse1-1/+1
Required as RouterOS 7.15rc1 removes it automatically.
2024-04-19global-functions: $CertificateDownload: remove with find...routeros-7.15rc1-1Gravatar Christian Hesse1-1/+1
... to make sure this does not break when the file does no longer exist. Starting with RouterOS 7.15rc1 the file is automatically removed on import.
2024-04-19netwatch-notify: allow to suppress resolve failureGravatar Christian Hesse2-1/+10
2024-04-19mod/notification-telegram: string protocol for displayGravatar Christian Hesse1-2/+5
2024-04-19mod/notification-matrix: string protocol for displayGravatar Christian Hesse1-2/+4
2024-04-19global-functions: introduce $ProtocolStripGravatar Christian Hesse1-0/+12
2024-04-18mod/notification-matrix: ... and more double escapingGravatar Christian Hesse1-2/+2
2024-04-18mod/notification-matrix: fix double escapingGravatar Christian Hesse1-17/+11
That was introduced with 2a232ad2f5eef4b60c97306ef731bc5883bf5cfb when switching to :serialize...
2024-04-15certificate-renew-issued: use single quotesGravatar Christian Hesse1-3/+3
2024-04-15global-functions: $CertificateDownload: use single quotesGravatar Christian Hesse1-2/+2
2024-04-15global-functions: $CertificateAvailable: use single quotesGravatar Christian Hesse1-3/+3
2024-04-15gps-track: use custom user agent stringGravatar Christian Hesse1-3/+4
2024-04-15gps-track: generate JSON with :serializerouteros-7.13-8Gravatar Christian Hesse1-5/+2
2024-04-15mod/notification-matrix: generate JSON with :serializerouteros-7.13-7Gravatar Christian Hesse1-13/+11
2024-04-15mod/notification-matrix: use custom user agent stringGravatar Christian Hesse1-7/+15
2024-04-15mod/notification-ntfy: use custom user agent stringGravatar Christian Hesse1-1/+3
2024-04-15mod/notification-ntfy: support basic authchange-127Gravatar Christian Hesse5-4/+20
Closes #59
2024-04-11global-functions: $ScriptFromTerminal: check multiple invocations...Gravatar Christian Hesse1-1/+6
... and return false. We can not tell which job is us... So better safe than sorry.
2024-04-11global-functions: $ScriptLock: break long linesGravatar Christian Hesse1-2/+5
2024-04-11global-functions: $ScriptLock: degrade message to debugGravatar Christian Hesse1-2/+2
2024-04-10mod/notification-telegram: $SendTelegram: set originGravatar Christian Hesse1-1/+1
2024-04-10mod/notification-ntfy: $SendNtfy: set originGravatar Christian Hesse1-1/+1
2024-04-10mod/notification-matrix: $SendMatrix: set originGravatar Christian Hesse1-1/+1
2024-04-10mod/notification-email: $SendEMail: set originGravatar Christian Hesse1-1/+1
2024-04-10global-functions: $SendNotification: set originGravatar Christian Hesse1-1/+1
2024-04-07global-functions: $HumanReadableNum: indicate binary base...Gravatar Christian Hesse4-7/+11
... and update scripts to match the change.
2024-04-07global-functions: drop $LogPrintExit2Gravatar Christian Hesse1-22/+0
2024-04-07bump RouterOS requirement for all scripts and modules...routeros-7.13-6Gravatar Christian Hesse110-104/+116
... now that global-functions requires RouterOS 7.13 anyway.
2024-04-07Merge branch 'fw-addr-lists' into nextGravatar Christian Hesse2-37/+65
2024-04-07fw-addr-lists: break long linesGravatar Christian Hesse1-4/+8
2024-04-07fw-addr-lists: show count of active addressesGravatar Christian Hesse1-0/+1
2024-04-07fw-addr-lists: human readable numbers for countsGravatar Christian Hesse1-2/+4
2024-04-07fw-addr-lists: rework log messages, always include list nameGravatar Christian Hesse1-13/+26
2024-04-07fw-addr-lists: add debug message on successful downloadGravatar Christian Hesse1-0/+3
2024-04-07fw-addr-lists: try with less regexp matchesGravatar Christian Hesse1-8/+15