Split ntp-client script for ROS v6 and v7; add mullvad family DoH script

doh-scripts/mullvad-family.rsc

@@ -0,0 +1,44 @@
+# Mullvad requires HTTP2 that is not supported by MikroTik, yet!
+
+
+
+
+# TODO: Verify the connection if possible
+# Ref: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
+
+# disable doh (temporarily)
+
+/ip dns set verify-doh-cert=no
+
+# Mullvad uses LetsEncrypt certs that in turn uses ISRG Root X1 as of Nov 2024
+:local result [ /tool fetch url=https://letsencrypt.org/certs/isrgrootx1.pem dst-path=mullvad-x1.pem as-value ];
+:do { :delay 2s } while=( $result->"status" != "finished" )
+# Let's prepare for the transition (to ISRG Root X2), though; ref: https://letsencrypt.org/certificates/
+:local result [ /tool fetch url=https://letsencrypt.org/certs/isrg-root-x2.pem dst-path=mullvad-x2.pem as-value ];
+:do { :delay 2s } while=( $result->"status" != "finished" )
+
+/certificate remove [find name~"mullvad-x1.pem"]
+/certificate remove [find name~"mullvad-x2.pem"]
+/certificate import file-name=mullvad-x1.pem passphrase=""
+/certificate import file-name=mullvad-x2.pem passphrase=""
+/file remove mullvad-x1.pem
+/file remove mullvad-x2.pem
+
+/ip dns
+    static remove [find name="family.dns.mullvad.net"]
+    static add name=family.dns.mullvad.net address=194.242.2.6          comment="mullvad IPv4"
+    # static add name=family.dns.mullvad.net address=149.112.112.112  comment="mullvad IPv4 - secondary"
+    static add name=family.dns.mullvad.net address=2a07:e340::6       comment="mullvad IPv6"
+    # static add name=family.dns.mullvad.net address=2620:fe::fe      comment="mullvad IPv6 - secondary"
+
+    set use-doh-server=https://family.dns.mullvad.net/dns-query verify-doh-cert=yes
+
+# optional steps
+/ip dns set servers="2a07:e340::6,194.242.2.6"
+/ip dhcp-client set use-peer-dns=no [find]
+
+# flush existing cache
+/ip dns cache flush
+
+# Post-install step: remove this file manually
+# /file remove mullvad.rsc

scripts/ntp-client-v6.rsc

@@ -0,0 +1,58 @@
+# List of public servers... https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94b0453
+
+# variables
+# timezone
+:local tz
+:set tz "+05:30"
+
+# To be used as the primary NTP server
+:local ipNTP
+:local ipNTPcomment
+# IP based NTP server - when DNS is unavailable.
+:set ipNTP "128.138.140.44"
+:set ipNTPcomment "From https://tf.nist.gov/tf-cgi/servers.cgi"
+
+# To be used as the secondary NTP server
+:local poolNTPorg
+:set poolNTPorg [:resolve pool.ntp.org]
+
+# To be used for DNS based NTP servers
+:local ntp1
+:local ntp2
+:set ntp1 "time.cloudflare.com"
+:set ntp2 "time.google.com"
+
+:put "Primary NTP: $ipNTP ($ipNTPcomment)"
+:put "Secondary NTP: $poolNTPorg (pool.ntp.org)"
+:put "DNS NTP 1: $ntp1"
+:put "DNS NTP 2: $ntp2"
+
+# configure timezone
+# /system clock manual set time-zone=$tz
+:put "Timezone: $tz\n"
+:put "Clock info..."
+
+/system clock print
+
+# Find Router OS version
+
+:local rosVersion
+:set rosVersion [:tonum [:pick [/system resource get version] 0 1]]
+# following works as well.
+# :set rosVersion [:pick [/system/routerboard/get current-firmware] 0 1]
+
+:put "\nRouter OS Version: $rosVersion\n"
+
+
+if ( $rosVersion = 6 ) do={
+    /system ntp client
+        set primary-ntp=128.138.140.44
+        set secondary-ntp=[ :resolve pool.ntp.org ]
+        set server-dns-names=time.cloudflare.com,time.google.com
+}
+
+/system ntp client set enabled=yes
+
+
+:put "NTP client info..."
+/system ntp client print

scripts/ntp-client-v7.rsc

@@ -45,18 +45,11 @@
 
 
 if ( $rosVersion = 7 ) do={
-    :put "Code for ROSv7 executed."
     /system ntp client servers
         add address=128.138.140.44 comment="NIST.gov"
         add address=[ :resolve pool.ntp.org ] comment="pool.ntp.org"
         add address=time.google.com
         add address=time.cloudflare.com
-} else={
-    :put "Code for ROSv6 executed."
-    /system ntp client
-        set primary-ntp=128.138.140.44
-        set secondary-ntp=[ :resolve pool.ntp.org ]
-        set server-dns-names=time.cloudflare.com,time.google.com
 }
 
 /system ntp client set enabled=yes