Commit graph

2043 commits

Author SHA1 Message Date
Christian Hesse
4b8854946d fw-addr-lists: use prepared user-agent string with fetch 2024-01-19 13:25:22 +01:00
Christian Hesse
a2749b2760 check-certificates: use prepared user-agent string with fetch 2024-01-19 13:23:52 +01:00
Christian Hesse
0ad1a79d67 netwatch-dns: be move verbose on time to settle 2024-01-18 21:07:52 +01:00
Christian Hesse
8a0a4c355b global-functions: log successful loading 2024-01-18 12:53:17 +01:00
Christian Hesse
bb0c82adb3 sms-forward: log warning just once 2024-01-18 10:19:22 +01:00
Christian Hesse
a7619a5119 global-functions: $LogPrintOnce: support exit 2024-01-18 10:19:22 +01:00
Christian Hesse
306269f919 doc/hotspot-to-wpa: reference as WPA only...
... as this works with WPA3 as well. 😜
2024-01-18 10:05:29 +01:00
Christian Hesse
abd1edcdc3 doc/hotspot-to-wpa: fix property name 2024-01-17 14:55:42 +01:00
Christian Hesse
29623a46ea global-functions: $HexToNum: use :tonum 2024-01-16 22:24:50 +01:00
Christian Hesse
be4221264c INITIAL-COMMANDS: set script owner on initial creation 2024-01-16 22:01:04 +01:00
Christian Hesse
60bd9d1abc README: set script owner on initial creation 2024-01-16 22:00:13 +01:00
Christian Hesse
5fd8c8a760 netwatch-dns: check DoH server with fetch
This way we do not have to configure possibly non-functional servers to
check. The query is for doh-check.eworm.de of type TXT, the expected
answer is 'doh-check-OK'.

% dig TXT doh-check.eworm.de +https @1.1.1.1

; <<>> DiG 9.18.21 <<>> TXT doh-check.eworm.de +https @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42226
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;doh-check.eworm.de.		IN	TXT

;; ANSWER SECTION:
doh-check.eworm.de.	63791	IN	TXT	"doh-check-OK"

;; Query time: 16 msec
;; SERVER: 1.1.1.1#443(1.1.1.1) (HTTPS)
;; WHEN: Mon Jan 15 13:55:36 CET 2024
;; MSG SIZE  rcvd: 72
2024-01-15 14:07:38 +01:00
Christian Hesse
85aeeadcee netwatch-dns: check DoH server functionality...
... and try all servers one after another.
2024-01-11 15:33:03 +01:00
Christian Hesse
80db12a3e9 netwatch-dns: enable DoH certificate verification...
... if a certificate is named in configuration.
2024-01-11 09:22:32 +01:00
Christian Hesse
44a8195c37 doc/netwatch-dns: use new certificate for Cloudflare 2024-01-09 23:01:22 +01:00
Christian Hesse
d6645e8157 certs: add new DigiCert certificates...
... used by Cloudflare.
2024-01-09 23:00:13 +01:00
Christian Hesse
4249ad61df global-functions: $CertificateDownload: move delay up
We still had cases where fetch misbehaves... But this was permanent.
Perhaps we should not touch the certificate too early...
2024-01-08 00:29:18 +01:00
Christian Hesse
8c458592f5 check-lte-firmware-upgrade: unbreak terminal detectiono
This broke with commit 50d7e1fa41b8f8a6a1379de5521798346fd1ae9f... 🫣
2024-01-07 23:13:54 +01:00
Christian Hesse
0760ea9121 check-lte-firmware-upgrade: fail on empty version string 2024-01-05 17:05:34 +01:00
Christian Hesse
9a73fc526f update copyright for 2024 2024-01-01 15:25:25 +01:00
Christian Hesse
777c388b43 global-functions: $GetMacVendor: get new certificate
The service now uses: GTS CA 1P5 -> GTS Root R1
2023-12-22 14:47:54 +01:00
Christian Hesse
1c26d08267 mod/ssh-keys-import: unbreak import from file
Looks like this broke in c3045f3723 where
a non-existent variable name was used.
2023-12-21 11:34:55 +01:00
Christian Hesse
0377064f65 capsman-download-packages: avaiable packages only...
... as things became more complicated with 'wifi-qcom*'.
2023-12-20 12:29:24 +01:00
Christian Hesse
5aaa24b507 capsman-download-packages: use default set for legacy capsman...
... as well - now that 'wireless' package has been split from 'routeros'
guessing kind of broke. It required several attempts and intermittent
errors in logs to get things right.
2023-12-20 12:11:12 +01:00
Christian Hesse
5fdc8d9e65 doc/mode-button: document required type of led 2023-12-14 08:54:04 +01:00
Christian Hesse
f9528f0ac5 fw-addr-lists: warn on possible truncation
... as fetch truncates data at about 64kB, reported in SUP-132297.
2023-12-13 15:57:28 +01:00
Christian Hesse
db5ff00b5a doc/capsman-download-packages: mention package-path 2023-12-05 11:01:14 +01:00
Christian Hesse
69af869572 mention the donation hint... 2023-12-05 00:11:19 +01:00
Christian Hesse
52b8e67309 celebrating 1.000 stars on Github! 2023-12-05 00:11:19 +01:00
Christian Hesse
d3611cebbd mod/notification-email: $NotificationFunctions->"email": support hook for signature
You can compose your own signature by creating a function:

:global NotificationEMailSignature do={
  :global EitherOr;

  :local RouterBoard [ /system/routerboard/get ];
  :return ( \
    [ $EitherOr ($RouterBoard->"board-name") ($RouterBoard->"model") ] . " s/n " . $RouterBoard->"serial-number" . " | " . \
    "RouterOS " . [ /system/package/update/get installed-version ] . " | " . \
    "IP " . [ /ip/cloud/get public-address ]);
}
2023-12-05 00:11:19 +01:00
Christian Hesse
9fb596135e check-certificates: properly renew from template 2023-12-05 00:11:19 +01:00
Christian Hesse
a12ccba29e check-certificates: improve wording 2023-12-05 00:11:19 +01:00
Christian Hesse
8de6995c4b check-certificates: add workaround for broken certificates...
... where the issuer array is borked. Or is this a RouterOS issue?

[eworm@carpo] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get ISRG-Root-X2 issuer ] ]
-type-> array
  -key-> C
    -type-> str
    -value-> US,O=Internet Security Research Group,CN=ISRG Root X2

A good certificate looks like this:

[eworm@carpo] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get [ find where name~"eworm.net" ] issuer ] ]
-type-> array
  -key-> C
    -type-> str
    -value-> US
  -key-> CN
    -type-> str
    -value-> E1
  -key-> O
    -type-> str
    -value-> Let's Encrypt
2023-12-04 13:05:46 +01:00
Christian Hesse
a08df7bdec check-certificates: prevent infinte loop 2023-12-04 13:05:46 +01:00
Christian Hesse
3df99b0ee0 check-certificates: give full certificate chain 2023-12-04 13:05:46 +01:00
Christian Hesse
94607496ae check-certificates: fix typo and syntax 2023-12-04 12:15:10 +01:00
Christian Hesse
e4b10d4b76 mod/notification-email: $QuotedPrintable: also encode question mark
Following the RFC it is not required, but looks like Thunderbird has an
issue here...

https://datatracker.ietf.org/doc/html/rfc2045#section-6.7
2023-12-04 12:08:47 +01:00
Christian Hesse
84368ec6eb mod/notification-email: $QuotedPrintable: minor rework
We have to encode all characters from 0x00 to 0x1f as well...
Also the equal sign is nothing special here, just adding to list.
2023-12-04 12:08:47 +01:00
Christian Hesse
1bb2871e0b global-functions: $FormatLine: use $CharacterMultiply 2023-12-04 12:08:47 +01:00
Christian Hesse
5e2e65b252 global-functions: $AlignRight: use $CharacterMultiply 2023-12-04 12:08:47 +01:00
Christian Hesse
8f24b4c490 global-functions: introduce $CharacterMultiply 2023-12-04 11:22:36 +01:00
Christian Hesse
15e347303b global-functions: $DeviceInfo: add SNMP location and contact 2023-12-04 09:33:24 +01:00
Christian Hesse
aba4770395 fw-addr-lists: support timeout per list
This works with something like this:

    :global FwAddrLists {
      "allow"={
        { url="https://eworm.de/ros/fw-addr-lists/allow";
          cert="E1"; timeout=1w };
      };
      ...
    }

All urls for one named list should have the same timeout! With different
timeout values and identical addresses the behavior is besically undefined,
depending on order.
2023-11-30 13:51:57 +01:00
Christian Hesse
c6bf722e49 global-functions: introduce $MIN 2023-11-30 13:51:57 +01:00
Christian Hesse
495eff48de global-functions: introduce $MAX 2023-11-30 13:51:57 +01:00
Christian Hesse
080bef89a9 global-functions: $SymbolByUnicodeName: rename up-arrow -> arrow-up
... so arrows are grouped in case we add more.
2023-11-30 13:51:57 +01:00
Christian Hesse
4e1d54d733 global-functions: $SymbolForNotification: properly append space to alt text 2023-11-30 13:51:57 +01:00
Christian Hesse
81a86ee043 netwatch-dns: get doh host name from static dns 2023-11-27 18:21:47 +01:00
Christian Hesse
1cc0e3429b global-functions: introduce $AlignRight 2023-11-23 14:41:46 +01:00
Christian Hesse
cae5f425a6 telegram-chat: get rid of '.txt' file extension 2023-11-22 21:20:44 +01:00