Merge branch 'documentation'

README.md

@@ -133,6 +133,50 @@ cleanup add a scheduler entry.
 
 There's much more to explore... Have fun!
 
+Available Scripts
+-----------------
+
+* [Find and remove access list duplicates](doc/accesslist-duplicates.md)
+* [Manage ports in bridge](doc/bridge-port.md)
+* [Download packages for CAP upgrade from CAPsMAN](doc/capsman-download-packages.md)
+* [Run rolling CAP upgrades from CAPsMAN](doc/capsman-rolling-upgrade.md)
+* [Renew locally issued certificates](doc/certificate-renew-issued.md)
+* [Renew certificates and notify on expiration](doc/check-certificates.md)
+* [Notify about health state](doc/check-health.md)
+* [Notify on LTE firmware upgrade](doc/check-lte-firmware-upgrade.md)
+* [Notify on RouterOS update](doc/check-routeros-update.md)
+* [Upload backup to Mikrotik cloud](doc/cloud-backup.md)
+* [Collect MAC addresses in wireless access list](doc/collect-wireless-mac.md)
+* [Use wireless network with daily psk](doc/daily-psk.md)
+* [Comment DHCP leases with info from access list](doc/dhcp-lease-comment.md)
+* [Create DNS records for DHCP leases](doc/dhcp-to-dns.md)
+* [Send backup via e-mail](doc/email-backup.md)
+* [Wait for configuration und functions](doc/global-wait.md)
+* [Send GPS position to server](doc/gps-track.md)
+* [Use WPA2 network with hotspot credentials](doc/hotspot-to-wpa.md)
+* [Update configuration on IPv6 prefix change](doc/ipv6-update.md)
+* [Manage IP addresses with bridge status](doc/ip-addr-bridge.md)
+* [Run other scripts on DHCP lease](doc/lease-script.md)
+* [Manage LEDs dark mode](doc/leds-mode.md)
+* [Mode botton with multiple presses](doc/mode-button.md)
+* [Notify on host up and down](doc/netwatch-notify.md)
+* [Manage remote logging](doc/netwatch-syslog.md)
+* [Manage system update](doc/packages-update.md)
+* [Run scripts on ppp connection](doc/ppp-on-up.md)
+* [Rotate NTP servers](doc/rotate-ntp.md)
+* [Act on received SMS](doc/sms-action.md)
+* [Forward received SMS](doc/sms-forward.md)
+* [Import SSH keys](doc/ssh-keys-import.md)
+* [Play Super Mario theme](doc/super-mario-theme.md)
+* [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md)
+* [Update GRE configuration with dynamic addresses](doc/update-gre-address.md)
+* [Update tunnelbroker configuration](doc/update-tunnelbroker.md)
+* [Upload backup to server](doc/upload-backup.md)
+
+[comment]: # (TODO: currently undocumented)
+[comment]: # (* learn-mac-based-vlan)
+[comment]: # (* manage-umts)
+
 Contribute
 ----------
 

accesslist-duplicates.capsman

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # print duplicate antries in wireless access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 

accesslist-duplicates.local

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # print duplicate antries in wireless access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 

accesslist-duplicates.template

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # print duplicate antries in wireless access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! This is just a template! Replace '%PATH%' with 'caps-man'
 # !! or 'interface wireless'!

bridge-port-to-default

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # reset bridge ports to default bridge
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/bridge-port.md
 
 :global BridgePortTo;
 

bridge-port-toggle

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # toggle bridge ports between default and alt bridge
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/bridge-port.md
 
 :global BridgePortTo;
 

capsman-download-packages

@@ -4,6 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 #
 # download and cleanup packages for CAP installation from CAPsMAN
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 
 :global CleanFilePath;
 :global DownloadPackage;

capsman-rolling-upgrade

@@ -4,6 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 #
 # upgrade CAPs one after another
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 
 :global ScriptLock;
 

certificate-renew-issued

@@ -3,6 +3,7 @@
 # Copyright (c) 2019-2020 Christian Hesse <mail@eworm.de>
 #
 # renew locally issued certificates
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/certificate-renew-issued.md
 
 :global CertIssuedExportPass;
 

check-certificates

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # check for certificate validity
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-certificates.md
 
 :global CertRenewPass;
 :global CertRenewUrl;

check-health

@@ -3,6 +3,7 @@
 # Copyright (c) 2019-2020 Christian Hesse <mail@eworm.de>
 #
 # check for RouterOS health state
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-health.md
 
 :global CheckHealthLast;
 :global CheckHealthTemperature;

check-lte-firmware-upgrade

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # check for LTE firmware upgrade, send notification
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-lte-firmware-upgrade.md
 
 :global Identity;
 :global SentLteFirmwareUpgradeNotification;
@@ -13,7 +14,7 @@
   :local IntName [ / interface lte get $Interface name ];
   :do {
     :local Firmware [ / interface lte firmware-upgrade $Interface once as-value ];
-    
+
     :if ($SentLteFirmwareUpgradeNotification = ($Firmware->"latest")) do={
       :log debug ("Already sent the LTE firmware upgrade notification for version " . \
         ($Firmware->"latest") . ".");

check-routeros-update

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # check for RouterOS update, send notification and/or install
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/check-routeros-update.md
 
 :global Identity;
 :global SafeUpdateUrl;

cloud-backup

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # upload backup to MikroTik cloud
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/cloud-backup.md
 
 :global BackupPassword;
 :global Identity;

collect-wireless-mac.capsman

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # collect wireless mac adresses in access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 

collect-wireless-mac.local

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # collect wireless mac adresses in access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 

collect-wireless-mac.template

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # collect wireless mac adresses in access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! This is just a template! Replace '%PATH%' with 'caps-man'
 # !! or 'interface wireless'!

daily-psk.capsman

@@ -4,6 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 #
 # update daily PSK (pre shared key)
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 

daily-psk.local

@@ -4,6 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 #
 # update daily PSK (pre shared key)
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 

daily-psk.template

@@ -4,6 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 #
 # update daily PSK (pre shared key)
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! This is just a template! Replace '%PATH%' with 'caps-man'
 # !! or 'interface wireless'!

dhcp-lease-comment.capsman

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # update dhcp-server lease comment with infos from access-list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 

dhcp-lease-comment.local

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # update dhcp-server lease comment with infos from access-list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 

dhcp-lease-comment.template

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # update dhcp-server lease comment with infos from access-list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! This is just a template! Replace '%PATH%' with 'caps-man'
 # !! or 'interface wireless'!

dhcp-to-dns

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # check DHCP leases and add/remove/update DNS entries
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-to-dns.md
 
 :global Domain;
 :global HostNameInZone;

doc/accesslist-duplicates.md

@@ -0,0 +1,49 @@
+Find and remove access list duplicates
+======================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is supposed to run interactively to find and remove duplicate
+entries in wireless access list.
+
+Requirements and installation
+-----------------------------
+
+Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
+interface (`/ interface wireless`) you need to install a different script.
+
+For CAPsMAN:
+
+    $ScriptInstallUpdate accesslist-duplicates.capsman;
+
+For local interface:
+
+    $ScriptInstallUpdate accesslist-duplicates.local;
+
+Usage and invocation
+--------------------
+
+Run this script from a terminal:
+
+    [admin@kalyke] > / system script run accesslist-duplicates.local
+    Flags: X - disabled
+     0   ;;; First entry with identical mac address...
+         mac-address=00:11:22:33:44:55 interface=any signal-range=-120..120 allow-signal-out-of-range=10s authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=none private-key="" private-pre-shared-key=""  management-protection-key="" vlan-mode=default vlan-id=1
+
+     1   ;;; Second entry with identical mac address...
+         mac-address=00:11:22:33:44:55 interface=any signal-range=-120..120 allow-signal-out-of-range=10s authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=none private-key="" private-pre-shared-key="" management-protection-key="" vlan-mode=default vlan-id=1
+
+    Numeric id to remove, any key to skip!
+    Removing numeric id 1...
+
+See also
+--------
+
+* [Collect MAC addresses in wireless access list](collect-wireless-mac.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/bridge-port.md

@@ -0,0 +1,84 @@
+Manage ports in bridge
+======================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+These scripts are supposed to handle interfaces and switching them from
+one bridge to another.
+
+Requirements and installation
+-----------------------------
+
+Just install the scripts:
+
+    $ScriptInstallUpdate bridge-port-to-default,bridge-port-toggle;
+
+Configuration
+-------------
+
+The configuration goes to ports' comments (`/ interface bridge port`).
+
+    / interface bridge port add bridge=br-guest comment="default=dhcp-client, alt=br-guest" disabled=yes interface=en1;
+    / interface bridge port add bridge=br-intern comment="default=br-intern, alt=br-guest" interface=en2;
+    / interface bridge port add bridge=br-guest comment="default=br-guest, extra=br-extra" interface=en3;
+
+Also dhcp client can be handled:
+
+    / ip dhcp-client add comment="toggle with bridge port" disabled=no interface=en1;
+
+There is also global configuration:
+
+* `BridgePortTo`: specify the configuration to be applied by default
+
+Install [global-wait](global-wait.md) and add a scheduler to start with
+default setup on system startup:
+
+    / system scheduler add name=bridge-port-to-default on-event="/ system script { run global-wait; run bridge-port-to-default; }" start-time=startup;
+
+Usage and invocation
+--------------------
+
+The usage examples show what happens with the configuration from above.
+
+Running the script `bridge-port-to-default` applies all configuration given
+with `default=`:
+
+    / system script run bridge-port-to-default;
+
+For the three interfaces we get this configuration:
+
+* The special value `dhcp-client` enables the dhcp client for interface `en1`. The bridge port entry is disabled.
+* Interface `en2` is put in bridge `br-intern`.
+* Interface `en3` is put in bridge `br-guest`.
+
+Running the script `bridge-port-toggle` toggles to configuration given
+with `alt=`:
+
+    / system script run bridge-port-toggle;
+
+* Interface `en1` is put in bridge `br-guest`, dhcp client for the interface is disabled.
+* Interface `en2` is put in bridge `br-guest`.
+* Interface `en3` is unchanged, stays in bridge `br-guest`.
+
+Running the script `bridge-port-toggle` again toggles back to configuration
+given with `default=`.
+
+More configuration can be loaded by setting `BridgePortTo`:
+
+    :set BridgePortTo "extra";
+    / system script run bridge-port-to-default;
+
+* Interfaces `en1` and `en2` are unchanged.
+* Interface `en3` is put in bridge `br-intern`.
+
+See also
+--------
+
+* [Wait for configuration und functions](global-wait.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/capsman-download-packages.md

@@ -0,0 +1,51 @@
+Download packages for CAP upgrade from CAPsMAN
+=============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+CAPsMAN can upgrate CAP devices. If CAPsMAN device and CAP device(s) are
+differnet architecture you need to store packages for CAP device's
+architecture on local storage.
+
+This script automatically downloads these packages.
+
+Requirements and installation
+-----------------------------
+
+Just install the script on CAPsMAN device:
+
+    $ScriptInstallUpdate capsman-download-packages;
+
+Optionally create a scheduler to run after startup, with a delay to ensure
+internet connectivity is given:
+
+    / system scheduler add name=capsman-download-packages on-event=":delay 2m; / system script run capsman-download-packages;" start-time=startup;
+
+Only packages available in older version are downloaded. For initial setup
+place the required packages to CAPsMAN package path (see
+`/ caps-man manager`).
+
+Usage and invocation
+--------------------
+
+Run the script manually:
+
+    / system script run capsman-download-packages;
+
+... or from scheduler.
+
+After package download all out-of-date CAP devices are upgraded automatically.
+For a rolling upgrade install extra script
+[capsman-rolling-upgrade](capsman-rolling-upgrade.md).
+
+See also
+--------
+
+* [Run rolling CAP upgrades from CAPsMAN](capsman-rolling-upgrade.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/capsman-rolling-upgrade.md

@@ -0,0 +1,39 @@
+Run rolling CAP upgrades from CAPsMAN
+=====================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+CAPsMAN can upgrate CAP devices. This script runs a rolling upgrade for
+out-of-date CAP devices. The idea is to have just a fraction of devices
+reboot at a time, having the others to serve wireless connectivity.
+
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate capsman-rolling-upgrade;
+
+Usage and invocation
+--------------------
+
+This script is intended as an add-on to
+[capsman-download-packages](capsman-download-packages.md), being invoked by
+that script when required.
+
+Alternatively run it manually:
+
+    / system script run capsman-rolling-upgrade;
+
+See also
+--------
+
+* [Download packages for CAP upgrade from CAPsMAN](capsman-download-packages.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/certificate-renew-issued.md

@@ -0,0 +1,47 @@
+Renew locally issued certificates
+=================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script renews certificates issued by a local certificate authority (CA).
+Optionally the certificates are exported with individual passphrases for
+easy pick-up.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate certificate-renew-issued;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, there is just one
+parameter:
+
+* `CertRenewPass`: an array holding individual passphrases for certificates
+
+Usage and invocation
+--------------------
+
+Run the script to renew certificates issued from a local CA.
+
+    / system script run certificate-renew-issued;
+
+Only scripts with a remaining lifetime of three weeks or less are renewed.
+The old certificate is revoked automatically. If a passphrase for a specific
+certificate is given in `CertRenewPass` the certificate is exported and
+PKCS#12 file (`cert-issued/CN.p12`) can be found on device's storage.
+
+See also
+--------
+
+* [Renew certificates and notify on expiration](check-certificates.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/check-certificates.md

@@ -0,0 +1,52 @@
+Renew certificates and notify on expiration
+===========================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script tries to download and renew certificates, then notifies about
+certificates that are still about to expire.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate check-certificates;
+
+Configuration
+-------------
+
+The expiry notifications just require notification settings for e-mail and
+telegram.
+
+For automatic download and renewal of certificates you need configuration
+in `global-config-overlay`, these are the parameters:
+
+* `CertRenewPass`: an array of passphrases to try
+* `CertRenewUrl`: the url to download certificates from
+
+Certificates on the web server should be named `CN.pem` (`PEM` format) or
+`CN.p12` (`PKCS#12` format).
+
+Usage and invocation
+--------------------
+
+Just run the script:
+
+    / system script run check-certificates;
+
+... or create a scheduler for periodic execution:
+
+    / system scheduler add interval=1d name=check-certificates on-event="/ system script run check-certificates;" start-time=startup;
+
+See also
+--------
+
+* [Renew locally issued certificates](certificate-renew-issued.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/check-health.md

@@ -0,0 +1,43 @@
+Notify about health state
+=========================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is run from scheduler periodically, sending notification on
+health related events:
+
+* voltage jumps up or down more than configured threshold
+* power supply failed or recovered
+* temperature is above or below threshold
+
+Note that bad initial state will not trigger an event.
+
+Only sensors available in hardware can be checked. See what your
+hardware supports:
+
+    / system health print;
+
+Requirements and installation
+-----------------------------
+
+Just install the script and create a scheduler:
+
+    $ScriptInstallUpdate check-health;
+    / system scheduler add interval=1m name=check-health on-event="/ system script run check-health;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, These are the parameters:
+
+* `CheckHealthTemperature`: an array specifying temperature thresholds for sensors
+* `CheckHealthVoltagePercent`: percentage value to trigger voltage jumps
+
+Also notification settings are required for e-mail and telegram.
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/check-lte-firmware-upgrade.md

@@ -0,0 +1,41 @@
+Notify on LTE firmware upgrade
+==============================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is run from scheduler periodically, checking for LTE firmware
+upgrades. Currently supported LTE hardware:
+
+* R11e-LTE
+* R11e-LTE-US
+* R11e-4G
+* R11e-LTE6
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate check-lte-firmware-upgrade;
+
+... and create a scheduler:
+
+    / system scheduler add interval=1d name=check-lte-firmware-upgrade on-event="/ system script run check-lte-firmware-upgrade;" start-time=startup;
+
+Configuration
+-------------
+
+Notification setting are required for e-mail and telegram.
+
+See also
+--------
+
+* [Notify on RouterOS update](check-routeros-update.md)
+* [Install LTE firmware upgrade](unattended-lte-firmware-upgrade.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/check-routeros-update.md

@@ -0,0 +1,55 @@
+Notify on RouterOS update
+=========================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+The primary use of this script is to notify about RouterOS updates.
+
+Run from a terminal you can start the update process or schedule it.
+
+Centrally managing update process of several devices is possibly by
+specifying versions safe to be updated on a web server.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate check-routeros-update;
+
+And add a scheduler for automatic update notification:
+
+    / system scheduler add interval=1d name=check-routeros-update on-event="/ system script run check-routeros-update;" start-time=startup;
+
+Configuration
+-------------
+
+Configuration is required only if you want to control update process with
+safe versions from a web server. The configuration goes to
+`global-config-overlay`, this is the parameter:
+
+* `SafeUpdateUrl`: url to check for safe update, the channel (`long-term`,
+`stable` or `testing`) is appended
+
+Usage and invocation
+--------------------
+
+Be notified when run from scheduler or run it manually:
+
+    / system script run check-routeros-update;
+
+If an update is found you can install it right away.
+
+Installing script [packages-update](packages-update.md) gives extra options.
+
+See also
+--------
+
+* [Manage system update](packages-update.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/cloud-backup.md

@@ -0,0 +1,46 @@
+Upload backup to Mikrotik cloud
+===============================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script uploads [binary backup to Mikrotik cloud](https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Backup).
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate cloud-backup;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, this is the only parameter:
+
+* `BackupPassword`: password to encrypt the backup with
+
+Also notification settings are required for e-mail and telegram.
+
+Usage and invocation
+--------------------
+
+Just run the script:
+
+    / system script run cloud-backup;
+
+Creating a scheduler may be an option:
+
+    / system scheduler add interval=1w name=cloud-backup on-event="/ system script run cloud-backup;" start-time=09:20:00;
+
+See also
+--------
+
+* [Send backup via e-mail](email-backup.md)
+* [Upload backup to server](upload-backup.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/collect-wireless-mac.md

@@ -0,0 +1,54 @@
+Collect MAC addresses in wireless access list
+=============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script adds unknown MAC addresses of connected wireless devices to
+address list. In addition a notification is sent.
+
+By default the access list entry is disabled, but you can easily enable
+and modify it to your needs.
+
+Requirements and installation
+-----------------------------
+
+Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
+interface (`/ interface wireless`) you need to install a different script.
+
+For CAPsMAN:
+
+    $ScriptInstallUpdate collect-wireless-mac.capsman;
+
+For local interface:
+
+    $ScriptInstallUpdate collect-wireless-mac.local;
+
+Configuration
+-------------
+
+On first run a disabled access list entry acting as marker (with comment
+"`--- collected above ---`") is added. Move this entry to define where new
+entries are to be added.
+
+Also notification settings are required for e-mail and telegram.
+
+Usage and invocation
+--------------------
+
+Run this script from a dhcp server as lease-script to collect the MAC
+address when a new address is leased. You may want to use
+[lease-script](lease-script.md).
+
+See also
+--------
+
+* [Comment DHCP leases with info from access list](dhcp-lease-comment.md)
+* [Create DNS records for DHCP leases](dhcp-to-dns.md)
+* [Run other scripts on DHCP lease](lease-script.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/daily-psk.md

@@ -0,0 +1,56 @@
+Use wireless network with daily psk
+===================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is supposed to provide a wifi network which changes the
+passphrase to a pseudo-random string daily.
+
+Requirements and installation
+-----------------------------
+
+Just install this script and [global-wait](global-wait.md).
+
+Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
+interface (`/ interface wireless`) you need to install a different script.
+
+For CAPsMAN:
+
+    $ScriptInstallUpdate daily-psk.capsman,global-wait;
+
+For local interface:
+
+    $ScriptInstallUpdate daily-psk.local,global-wait;
+
+And add schedulers to run the script:
+
+    / system scheduler add interval=1d name=daily-psk-nightly on-event="/ system script run daily-psk.local;" start-date=may/23/2018 start-time=03:00:00;
+    / system scheduler add name=daily-psk-startup on-event=":global WaitTimeSync; / system script { run global-wait; \$WaitTimeSync; run daily-psk.local; }" start-time=startup;
+
+These will update the passphrase on boot and nightly at 3:00.
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, these are the parameters:
+
+* `DailyPskMatchComment`: pattern to match the wireless access list comment
+* `DailyPskSecrets`: an array with pseudo random strings
+
+Then add an access list entry:
+
+    / interface wireless access-list add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily";
+
+Also notification settings are required for e-mail and telegram.
+
+See also
+--------
+
+* [Wait for configuration und functions](global-wait.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/dhcp-lease-comment.md

@@ -0,0 +1,49 @@
+Comment DHCP leases with info from access list
+==============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script adds comments to dynamic dhcp server leases. Infos are taken
+from wireless access list.
+
+Requirements and installation
+-----------------------------
+
+Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
+interface (`/ interface wireless`) you need to install a different script.
+
+For CAPsMAN:
+
+    $ScriptInstallUpdate dhcp-lease-comment.capsman;
+
+For local interface:
+
+    $ScriptInstallUpdate dhcp-lease-comment.local;
+
+Configuration
+-------------
+
+Infos are taken from wireless access list. Add entries with proper comments
+there. You may want to use [collect-wireless-mac](collect-wireless-mac.md)
+to prepare entries.
+
+Usage and invocation
+--------------------
+
+Run this script from a dhcp server as lease-script to update the comment
+just after a new address is leased. You may want to use
+[lease-script](lease-script.md).
+
+See also
+--------
+
+* [Collect MAC addresses in wireless access list](collect-wireless-mac.md)
+* [Create DNS records for DHCP leases](dhcp-to-dns.md)
+* [Run other scripts on DHCP lease](lease-script.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/dhcp-to-dns.md

@@ -0,0 +1,42 @@
+Create DNS records for DHCP leases
+==================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script adds (and removes) dns records based on dhcp server leases.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate dhcp-to-dns;
+
+Then run it from dhcp server as lease script. You may want to use
+[lease-script](lease-script.md).
+
+A scheduler cares about cleanup:
+
+    / system scheduler add interval=15m name=dhcp-to-dns on-event="/ system script run dhcp-to-dns;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, these are the parameters:
+
+* `Domain`: the domain used for dns records
+* `HostNameInZone`: whether or not to add the dhcp/dns server's hostname
+
+See also
+--------
+
+* [Collect MAC addresses in wireless access list](collect-wireless-mac.md)
+* [Comment DHCP leases with info from access list](dhcp-lease-comment.md)
+* [Run other scripts on DHCP lease](lease-script.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/email-backup.md

@@ -0,0 +1,52 @@
+Send backup via e-mail
+======================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script sends binary backup (`/ system backup save`) and complete
+configuration export (`/ export terse`) via e-mail.
+
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate email-backup;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, These are the parameters:
+
+* `BackupSendBinary`: whether to send binary backup
+* `BackupSendExport`: whether to send configuration export
+* `BackupPassword`: password to encrypt the backup with
+* `EmailBackupTo`: e-mail address to send to
+* `EmailBackupCc`: e-mail address(es) to send in copy
+
+Also valid e-mail settings in `/ tool e-mail` are required to send mails.
+
+Usage and invocation
+--------------------
+
+Just run the script:
+
+    / system script run email-backup;
+
+Creating a scheduler may be an option:
+
+    / system scheduler add interval=1w name=email-backup on-event="/ system script run email-backup;" start-time=09:15:00;
+
+See also
+--------
+
+* [Upload backup to Mikrotik cloud](cloud-backup.md)
+* [Upload backup to server](upload-backup.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/global-wait.md

@@ -0,0 +1,34 @@
+Wait for configuration und functions
+====================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+The global scripts `global-config`, `global-config-overlay` and
+`global-functions` are run by scheduler at system startup. Running another
+script at system startup may result in race condition where configuration
+and/or function are not yet available. This script is supposed to wait
+for everything being prepared.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate global-wait;
+
+... and add it to your scheduler, for example in combination with
+[bridge-port](bridge-port.md):
+
+    / system scheduler add name=bridge-port-to-default on-event="/ system script { run global-wait; run bridge-port-to-default; }" start-time=startup;
+
+See also
+--------
+
+* [Manage ports in bridge](bridge-port.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/gps-track.md

@@ -0,0 +1,34 @@
+Send GPS position to server
+===========================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is supposed to run periodically from scheduler and send GPS
+position data to a server for tracking.
+
+A hardware GPS antenna is required.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate gps-track;
+
+... and create a scheduler:
+
+    / system scheduler add interval=1m name=gps-track on-event="/ system script run gps-track;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, the only parameter is:
+
+* `GpsTrackUrl`: the url to send json data to
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/hotspot-to-wpa.md

@@ -0,0 +1,48 @@
+Use WPA2 network with hotspot credentials
+=========================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+RouterOS supports an unlimited number of MAC address specific passphrases
+for WPA2 encrypted wifi networks via access list. The idea of this script
+is to transfer hotspot credentials to MAC address specific WPA2 passphrase.
+
+Requirements and installation
+-----------------------------
+
+You need a properly configured hotspot on one (open) SSID and a WP2 enabled
+SSID with suffix "`-wpa`".
+
+Then install the script:
+
+    $ScriptInstallUpdate hotspot-to-wpa;
+
+Configure your hotspot to use this script as `on-login` script:
+
+    / ip hotspot user profile set on-login=hotspot-to-wpa [ find ];
+
+Configuration
+-------------
+
+On first run a disabled access list entry acting as marker (with comment
+"`--- hotspot-to-wpa above ---`") is added. Move this entry to define where new
+entries are to be added.
+
+Usage and invocation
+--------------------
+
+Create hotspot login credentials:
+
+    / ip hotspot user add add comment="Test User 1" name=user1 password=v3ry;
+    / ip hotspot user add add comment="Test User 2" name=user2 password=s3cr3t;
+
+Now let the users connect and login to the hotspot. After that the devices
+(identified by MAC address) can connect to the WPA2 network, using the
+passphrase from hotspot credentials.
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/ip-addr-bridge.md

@@ -0,0 +1,32 @@
+Manage IP addresses with bridge status
+======================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+With RouterOS an IP address is always active, even if an interface is down.
+Other venders handle this differently - and sometimes this behavior is
+expected. This script mimics this behavior.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate ip-addr-bridge;
+
+... and make it run from scheduler:
+
+    / system scheduler add name=ip-addr-bridge on-event="/ system script run ip-addr-bridge;" start-time=startup;
+
+This will disable IP addresses on bridges without at lease one running port.
+The IP address is enabled if at least one port is running.
+
+Note that IP addresses on bridges without a single port (acting as loopback
+interface) are ignored.
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/ipv6-update.md

@@ -0,0 +1,56 @@
+Update configuration on IPv6 prefix change
+==========================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+With changing IPv6 prefix from ISP this script handles to update...
+
+* ipv6 firewall address-list
+* dns records
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate ipv6-update;
+
+Your ISP needs to provide an IPv6 prefix, your device receives it via dhcp:
+
+    / ipv6 dhcp-client add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update;
+
+Note this already adds this script as `script`. The pool name (here: "`isp`")
+is important, we need it later.
+
+Also this expects there is an address assigned from pool to an interface:
+
+    / ipv6 address add from-pool=isp interface=br-local;
+
+Sometimes dhcp client is stuck on reconnect and needs to be released.
+Installing [ppp-on-up](ppp-on-up.md) may solve this.
+
+Configuration
+-------------
+
+An address list entry is updated with current prefix and can be used in
+firewall rules, comment has to be "`ipv6-pool-`" and actual pool name:
+
+    / ipv6 firewall address-list add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern;
+
+Static DNS records need a special comment to be updated. Again it has to
+start with "`ipv6-pool-`" and actual pool name, followed by a comma,
+"`interface=`" and the name of interface this address is connected to:
+
+    / ip dns static add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m;
+
+See also
+--------
+
+* [Run scripts on ppp connection](ppp-on-up.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/lease-script.md

@@ -0,0 +1,36 @@
+Run other scripts on DHCP lease
+===============================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is supposed to run from dhcp server as lease script. Currently
+it does:
+
+* run [dhcp-to-dns](dhcp-to-dns.md)
+* run [collect-wireless-mac](collect-wireless-mac.md)
+* run [dhcp-lease-comment](dhcp-lease-comment.md)
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate lease-script;
+
+... and add it as `lease-script` to your dhcp server:
+
+    / ip dhcp-server set lease-script=lease-script [ find ];
+
+See also
+--------
+
+* [Collect MAC addresses in wireless access list](collect-wireless-mac.md)
+* [Comment DHCP leases with info from access list](dhcp-lease-comment.md)
+* [Create DNS records for DHCP leases](dhcp-to-dns.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/leds-mode.md

@@ -0,0 +1,50 @@
+Manage LEDs dark mode
+=====================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+These scripts control LEDs mode and allow to run your device
+completely dark. Hardware support for dark mode is required.
+
+Requirements and installation
+-----------------------------
+
+Just install the scripts:
+
+    $ScriptInstallUpdate leds-day-mode,leds-night-mode,leds-toggle-mode;
+
+Usage and invocation
+--------------------
+
+To switch the device to dark mode:
+
+    / system script run leds-night-mode;
+
+... and back to normal mode:
+
+    / system script run leds-day-mode;
+
+To toggle between the two modes:
+
+    / system script run leds-toggle-mode;
+
+Add these schedulers to switch to dark mode in the evening and back to
+normal mode in the morning:
+
+    / system scheduler add interval=1d name=leds-day-mode on-event="/ system script run leds-day-mode;" start-time=07:00:00;
+    / system scheduler add interval=1d name=leds-night-mode on-event="/ system script run leds-night-mode;" start-time=21:00:00;
+
+The script `leds-toggle-mode` can be used from [mode button](mode-button.md)
+to toggle mode.
+
+See also
+--------
+
+* [Mode botton with multiple presses](mode-button.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/mode-button.md

@@ -0,0 +1,40 @@
+Mode botton with multiple presses
+=================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+These scripts extend the functionality of mode button. Instead of just one
+you can trigger several actions by pressing the mode button several times.
+
+The hardware needs to have a mode button, see
+`/ system routerboard mode-button`.
+
+Requirements and installation
+-----------------------------
+
+Just install the scripts:
+
+    $ScriptInstallUpdate mode-button-event,mode-button-scheduler;
+
+Then configure the mode-button to run `mode-button-event`:
+
+    / system routerboard mode-button set enabled=yes on-event="/ system script run mode-button-event;";
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, the only parameter is:
+
+* `ModeButton`: an array with defined actions
+
+Usage and invocation
+--------------------
+
+Press the mode button. :)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/netwatch-notify.md

@@ -0,0 +1,36 @@
+Notify on host up and down
+==========================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script sends notifications about host UP and DOWN events. In comparison
+to just netwatch (`/ tool netwatch`) and its `up-script` and `down-script`
+this script implements a simple state machine. Host down events are triggered
+only if the host is down for several checks to avoid false alerts.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate netwatch-notify;
+
+Then add a scheduler to run it periodically:
+
+    / system scheduler add interval=1m name=netwatch-notify on-event="/ system script run netwatch-notify;" start-time=startup;
+
+Configuration
+-------------
+
+The hosts to be checked have to be added to netwatch with specific comment:
+
+    / tool netwatch add comment="notify, hostname=example.com" host=[ :resolve "example.com" ] timeout=5s;
+
+Also notification settings are required for e-mail and telegram.
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/netwatch-syslog.md

@@ -0,0 +1,34 @@
+Manage remote logging
+=====================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+RouterOS supports sending log messages via network to a remote syslog server.
+If the server is not available no log messages (with potentially sensitive
+information) should be sent. This script disables remote logging by
+availability.
+
+Requirements and installation
+-----------------------------
+
+Let's assume there is a remote log action and associated logging rule:
+
+    / system logging action set remote=10.0.0.1 [ find where name="remote" ];
+    / system logging add action=remote topics=info;
+
+Just install the script:
+
+    $ScriptInstallUpdate netwatch-syslog;
+
+... and create a netwatch matching the IP address from logging action above:
+
+    / tool netwatch add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog;
+
+All logging rules are disabled when host is down.
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/packages-update.md

@@ -0,0 +1,46 @@
+Manage system update
+====================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+In rare cases RouterOS fails to properly downlaod package on update
+(`/ system package update install`), resulting in borked system with missing
+packages. This script tries to avoid this situation by doing some basic
+verification.
+
+But it provides some extra functionality:
+
+* send backup via e-mail if [email-backup](email-backup.md) is installed
+* upload backup if [upload-backup](upload-backup.md) is installed
+* schedule reboot at night
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate packages-update;
+
+It is automatically run by [check-routeros-update](check-routeros-update.md)
+if available.
+
+Usage and invocation
+--------------------
+
+Alternatively run it manually:
+
+    / system script run packages-update;
+
+See also
+--------
+
+* [Notify on RouterOS update](check-routeros-update.md)
+* [Send backup via e-mail](email-backup.md)
+* [Upload backup to server](upload-backup.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/ppp-on-up.md

@@ -0,0 +1,34 @@
+Run scripts on ppp connection
+=============================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script is supposed to run on established ppp connection. Currently
+it does:
+
+* release IPv6 dhcp leases (and thus force a renew)
+* run [update-tunnelbroker](update-tunnelbroker.md)
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate ppp-on-up;
+
+... and make it the `on-up` script for ppp profile:
+
+    / ppp profile set on-up=ppp-on-up [ find ];
+
+See also
+--------
+
+* [Update configuration on IPv6 prefix change](ipv6-update.md)
+* [Update tunnelbroker configuration](update-tunnelbroker.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/rotate-ntp.md

@@ -0,0 +1,40 @@
+Rotate NTP servers
+==================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+RouterOS requires NTP servers to be configured by IP address. Servers from a
+pool may appear and disappear, leaving broken NTP configuration.
+
+This script allows to rotate IP addresses from a given pool.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate rotate-ntp;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, this is the parameter:
+
+* `NtpPool`: dns name of ntp server pool
+
+Usage and invocation
+--------------------
+
+Just run the script to update the NTP configuration with actual IP
+addresses from pool if required.
+
+Alternatively a scheduler can be created:
+
+    / system scheduler add interval=5d name=rotate-ntp on-event="/ system script run rotate-ntp;" start-time=startup;
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/sms-action.md

@@ -0,0 +1,49 @@
+Act on received SMS
+===================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+RouterOS can act on received SMS. Reboot the device from remote or do
+whatever is required.
+
+A broadband interface with SMS support is required.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate sms-action;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, this is the only parameter:
+
+* `SmsAction`: an array with pre-defined actions
+
+Then enable SMS actions:
+
+    / tool sms set allowed-number=+491234567890 receive-enabled=yes secret=s3cr3t;
+
+Usage and invocation
+--------------------
+
+Send a SMS from allowed number to your device's phone number:
+
+    :cmd s3cr3t script sms-action action=reboot;
+
+The value given by "`action=`" is one of the pre-defined actions from
+`SmsAction`.
+
+See also
+--------
+
+* [Forward received SMS](sms-forward.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/sms-forward.md

@@ -0,0 +1,36 @@
+Forward received SMS
+====================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+RouterOS can receive SMS. This script forwards SMS as notification.
+
+A broadband interface with SMS support is required.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate sms-forward;
+
+... and add a scheduler to run it periodically:
+
+    / system scheduler add interval=2m name=sms-forward on-event="/ system script run sms-forward;" start-time=startup;
+
+Configuration
+-------------
+
+Notification settings are required for e-mail and telegram.
+
+See also
+--------
+
+* [Act on received SMS](sms-action.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/ssh-keys-import.md

@@ -0,0 +1,33 @@
+Import SSH keys
+===============
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script imports public SSH keys (files with extension "`pub`") into
+local store for user authentication.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate ssh-keys-import;
+
+Usage and invocation
+--------------------
+
+Copy files with extension "`pub`" containing public SSH keys for your device.
+Then run the script:
+
+    / system script run ssh-keys-import;
+
+Starting with an `authorized_keys` file you can split it on a shell:
+
+    while read type key name; do echo $type $key $name > $name.pub; done < authorized_keys
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/super-mario-theme.md

@@ -0,0 +1,31 @@
+Play Super Mario theme
+======================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script plays Super Mario theme.
+
+The hardware needs a beeper.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate super-mario-theme;
+
+Usage and invocation
+--------------------
+
+Just run the script to play:
+
+    / system script run super-mario-theme;
+
+For extra fun use it for dhcp lease script. :)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/template.md

@@ -1,46 +0,0 @@
-Script `template`
-=================
-
-[◀ Go back to main README](../README.md)
-
-Description
------------
-
-Short description...
-
-In detail
----------
-
-Get all the details...
-
-Requirements and installation
------------------------------
-
-We need...
-
-... then we install:
-
-    [admin@MikroTik] > / system script add name=template
-    [admin@MikroTik] > / system script run script-updates
-
-Configuration
--------------
-
-The configuration goes to `global-config`, These are the parameters:
-
-* ...
-
-Usage and invocation
---------------------
-
-This is intended...
-
-See also
---------
-
-* [another script](template.md)
-* ...
-
----
-[◀ Go back to main README](../README.md)  
-[▲ Go back to top](#top)

doc/unattended-lte-firmware-upgrade.md

@@ -0,0 +1,42 @@
+Install LTE firmware upgrade
+============================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script upgrades LTE firmware on compatible devices:
+
+* R11e-LTE
+* R11e-LTE-US
+* R11e-4G
+* R11e-LTE6
+
+A temporary scheduler is created to be independent from terminal. Thus
+starting the upgrade process over the broadband connection is supported.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate unattended-lte-firmware-upgrade;
+
+Usage and invocation
+--------------------
+
+Run the script if an upgrade for your LTE hardware is available:
+
+    / system script run unattended-lte-firmware-upgrade;
+
+Then be patient, go for a coffee and wait for the upgrade process to finish.
+
+See also
+--------
+
+* [Notify on LTE firmware upgrade](check-lte-firmware-upgrade.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/update-gre-address.md

@@ -0,0 +1,38 @@
+Update GRE configuration with dynamic addresses
+===============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is
+easy to configure on client, but has an issue on server side: client IP
+addresses are assigned dynamically via mode-config and have to be updated
+for GRE interface.
+
+This script handles the address updates and disables the interface if the
+client is disconnected.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate update-gre-address;
+
+... and add a scheduler to run the script periodically:
+
+    / system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to interface's comment. Add the client's IKEv2
+certificate CN into the comment:
+
+    / interface gre set comment="ikev2-client1" gre-client1;
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/update-tunnelbroker.md

@@ -0,0 +1,41 @@
+Update tunnelbroker configuration
+=================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+Connecting to [tunnelbroker.net](//tunnelbroker.net) from dynamic public
+ip address requires the address to be sent to the remote, and to be set
+locally. This script does both.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate update-tunnelbroker;
+
+Installing [ppp-on-up](ppp-on-up.md) makes this script run when ever a ppp
+connection is established.
+
+Configuration
+-------------
+
+The configuration goes to interface's comment:
+
+    / interface 6to4 set comment="tunnelbroker, user=user, pass=s3cr3t, id=12345" tunnelbroker;
+
+Also enabling dynamic DNS in Mikrotik cloud is required:
+
+    / ip cloud set ddns-enabled=yes;
+
+See also
+--------
+
+* [Run scripts on ppp connection](ppp-on-up.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

doc/upload-backup.md

@@ -0,0 +1,62 @@
+Upload backup to server
+=======================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script uploads binary backup (`/ system backup save`) and complete
+configuration export (`/ export terse`) to external server.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate upload-backup;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, these are the parameters:
+
+* `BackupSendBinary`: whether to send binary backup
+* `BackupSendExport`: whether to send configuration export
+* `BackupPassword`: password to encrypt the backup with
+* `BackupUploadUrl`: url to upload to
+* `BackupUploadUser`: username for server authentication
+* `BackupUploadPass`: password for server authentication
+
+Also notification settings are required for e-mail and telegram.
+
+### Issues with SFTP client
+
+The RouterOS SFTP client is picky if it comes to authentication methods.
+I had to disable all but password authentication on server side. For openssh
+edit `/etc/ssh/sshd_config` and add a directive like this, changed for your
+needs:
+
+    Match User mikrotik
+        AuthenticationMethods password
+
+Usage and invocation
+--------------------
+
+Just run the script:
+
+    / system script run upload-backup;
+
+Creating a scheduler may be an option:
+
+    / system scheduler add interval=1w name=upload-backup on-event="/ system script run upload-backup;" start-time=09:25:00;
+
+See also
+--------
+
+* [Send backup via e-mail](email-backup.md)
+* [Upload backup to Mikrotik cloud](cloud-backup.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)

email-backup

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # create and email backup and config file
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/email-backup.md
 
 :global BackupPassword;
 :global BackupSendBinary;

global-config

@@ -3,10 +3,11 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # global configuration
+# https://git.eworm.de/cgit/routeros-scripts/about/
 
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 14;
+:global GlobalConfigVersion 15;
 
 # This is used for DNS and backup file.
 :global Domain "example.com";

global-config-overlay

@@ -3,11 +3,12 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # global configuration, custom overlay
+# https://git.eworm.de/cgit/routeros-scripts/about/
 
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
 # Comment or remove to disable change notifications.
-:global GlobalConfigVersion 14;
+:global GlobalConfigVersion 15;
 
 # The global-config script is updated by $ScriptInstallUpdate,
 # global-config-overlay becomes an overlay for your changes.

global-config.changes

@@ -17,4 +17,5 @@
   12="Removed '\$ScriptUpdatesConfigChangesIgnore', comment '\$GlobalConfigVersion' in 'global-config-overlay' to disable change notifications";
   13="Configuration for script 'bridge-port-to-default' changed with new syntax in comment";
   14="Dropped script 'script-updates', use '\$ScriptInstallUpdate' exclusively!";
+  15="New documentation is online! https://git.eworm.de/cgit/routeros-scripts/about/#available-scripts";
 };

global-functions

@@ -4,9 +4,10 @@
 #                         Michael Gisbers <michael@gisbers.de>
 #
 # global functions
+# https://git.eworm.de/cgit/routeros-scripts/about/
 
 # expected configuration version
-:global ExpectedConfigVersion 14;
+:global ExpectedConfigVersion 15;
 
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;

global-wait

@@ -3,6 +3,7 @@
 # Copyright (c) 2020 Christian Hesse <mail@eworm.de>
 #
 # wait for global-functions to finish
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/global-wait.md
 
 :global GlobalFunctionsReady;
 

gps-track

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # track gps data by sending json data to http server
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/gps-track.md
 
 :global GpsTrackUrl;
 :global Identity;

hotspot-to-wpa

@@ -3,6 +3,7 @@
 # Copyright (c) 2019-2020 Christian Hesse <mail@eworm.de>
 #
 # add private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 
 :global LogPrintExit;
 

ip-addr-bridge

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # enable or disable ip addresses based on bridge port state
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/ip-addr-bridge.md
 
 :foreach Bridge in=[ / interface bridge find ] do={
   :local BrName [ / interface bridge get $Bridge name ];

ipv6-update

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # update firewall and dns settings on IPv6 prefix change
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/ipv6-update.md
 
 :local PdPrefix $"pd-prefix";
 

lease-script

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # run scripts on DHCP lease
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/lease-script.md
 
 :global LogPrintExit;
 

leds-day-mode

@@ -3,5 +3,6 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # enable LEDs
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/leds-mode.md
 
 / system leds settings set all-leds-off=never;

leds-night-mode

@@ -3,5 +3,6 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # disable LEDs
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/leds-mode.md
 
 / system leds settings set all-leds-off=immediate;

leds-toggle-mode

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # toggle LEDs mode
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/leds-mode.md
 
 :if ([ / system leds settings get all-leds-off ] = "never") do={
   / system leds settings set all-leds-off=immediate;

mode-button-event

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # run on mode-button event and count button presses
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/mode-button.md
 
 :global ModeButton;
 

mode-button-scheduler

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # act on multiple mode-botton presses from scheduler
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/mode-button.md
 
 :global ModeButton;
 

netwatch-notify

@@ -3,6 +3,7 @@
 # Copyright (c) 2020 Christian Hesse <mail@eworm.de>
 #
 # monitor netwatch and send notifications
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-notify.md
 
 :global NetwatchNotify;
 

netwatch-syslog

@@ -5,6 +5,7 @@
 # requires: dont-require-permissions=yes
 #
 # manage remote logging facilities
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-syslog.md
 
 :local Remote [ /system logging action get ([ find where target=remote ]->0) remote ];
 

packages-update

@@ -3,6 +3,7 @@
 # Copyright (c) 2019-2020 Christian Hesse <mail@eworm.de>
 #
 # download packages and reboot for installation
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/packages-update.md
 
 :global DownloadPackage;
 :global LogPrintExit;

ppp-on-up

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # run scripts on ppp up
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/ppp-on-up.md
 
 :global LogPrintExit;
 

rotate-ntp

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # rotate the ntp servers
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/rotate-ntp.md
 
 :global NtpPool;
 

sms-action

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # run action on received SMS
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/sms-action.md
 
 :global SmsAction;
 

sms-forward

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # forward SMS to e-mail
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/sms-forward.md
 
 :global Identity;
 

ssh-keys-import

@@ -3,9 +3,8 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # import ssh keys from file
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/ssh-keys-import.md
 
-# Split files with several keys from a shell...
+:foreach Key in=[ / file find where type="ssh key" ] do={
-# while read type key name; do echo $type $key $name > $name.pub; done < keys.pub
+  / user ssh-key import user=admin public-key-file=[ / file get $Key name ];
-# ... then transfer with scp/sftp.
+}
-
-:foreach Key in=[ / file find where type="ssh key" ] do={ / user ssh-key import user=admin public-key-file=[ / file get $Key name ]; }

super-mario-theme

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # play Super Mario theme
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/super-mario-theme.md
 
 :local Beeps {
   {  660; 100 }; 150; {  660; 100 }; 300; {  660; 100 }; 300;

unattended-lte-firmware-upgrade

@@ -3,6 +3,7 @@
 # Copyright (c) 2018-2020 Christian Hesse <mail@eworm.de>
 #
 # schedule unattended lte firmware upgrade
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/unattended-lte-firmware-upgrade.md
 
 :foreach Interface in=[ / interface lte find ] do={
   :local Firmware;

update-gre-address

@@ -4,6 +4,7 @@
 #
 # update gre interface remote address with dynamic address from
 # ipsec remote peer
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-gre-address.md
 
 / interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ];
 

update-tunnelbroker

@@ -2,6 +2,9 @@
 # RouterOS script: update-tunnelbroker
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
+#
+# update local address of tunnelbroker interface
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-tunnelbroker.md
 
 :global CertificateAvailable;
 :global LogPrintExit;

upload-backup

@@ -3,6 +3,7 @@
 # Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
 #
 # create and upload backup and config file
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/upload-backup.md
 
 :global BackupPassword;
 :global BackupSendBinary;