From aa714707415aa583b9b1866ec696df41d031cd47 Mon Sep 17 00:00:00 2001
From: Dmytro Yamkovyi <bambucs@gmail.com>
Date: Sun, 12 Apr 2026 14:21:25 +0300
Subject: [PATCH] first commit

---
 README.md |   0
 init.rsc  | 212 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 212 insertions(+)
 create mode 100644 README.md
 create mode 100644 init.rsc

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/init.rsc b/init.rsc
new file mode 100644
index 0000000..5cb11ef
--- /dev/null
+++ b/init.rsc
@@ -0,0 +1,212 @@
+# =========================
+# PARAMETRIZED VERSION
+# =========================
+:put "=== START CONFIG ==="
+:local sites {
+  "HD408FN1902"={"TERN_ZLUKY";     1 ;"MPqIO5zLD3WgbLdCH7FtsGt301/2tMxNRvxVtPLMf2Q="};
+  "HD4086DD9S6"={"LANIVTSI";       2 ;"eJd8hF7QjXwCESIPFDCf1wMo994zeMIyjzfcHrv4Ukc="};
+  "HD4081EA7M6"={"TERN_LUCHAK";    3 ;"eE5Lo6A8snNx68GmGQ+kpSH9yD52FFc2Y8YdM2pVclc="};
+  "HD4088NSD8H"={"TERN_ST.BAND";   4 ;"iFcv5EfMBvYGRjxuNn+0kHVH//Z8cl3XGzVNN8/fyEo="};
+  "HD408BVPWSK"={"BEREZOVYTSYA";   5 ;"cJZJUD8pwoOdVfNHV1oM4AsncDbPOkxyA64bjwdP638="};
+  "HD4088VMCQC"={"TEREBOVLYA";     6 ;"6B00zTnQCVhGOhgRNK0WjU+xADhE6dfgNITyEfzBfXI="};
+  "HD408DK2F47"={"ZBORIV";         7 ;"yAUuDey3lGOSgUEqjOB8/zthLRyxrmUO67lOsiSW/UE="};
+  "HCP08E8JF2T"={"BEREGANY";       8 ;"IDUwF4kMMYxnEXMqPwPkju0qlSKQCSLtUcmZPwnC0FA="};
+  "HD4086QX97J"={"BORSCHIV";       9 ;"SJlidu1caJtR7UOoTSo4EVB4gpW/JIodjsrak+A3RXk="};
+  "HD4088NBP0G"={"BUCHACH";        10;"yBqqq11aTvVIAQOzak5OVgwSkoQHsd2ar7OAzzUXAUo="};
+  "HD408212ZPR"={"VOLOCHYSK";      11;"aN8etil7vivX0u8Or7WCWjq9Ch6jOvFIzHFtYfdjqkU="};
+  "HE808Y6XPKZ"={"ZALISTSI";       12;"iDPBzlgoJfaLX4RtxA8KAgo2L1+VYJIZUF8lDSq4c3s="};
+  "HD4081S3G9J"={"ZALISCHYKY";     13;"YGLOgkzRvBtjeymxxh6hFOHCWRftaWnkPNzrjHw5/U0="};
+  "HE808S9M4P9"={"ZBARAG";         14;"sJM4Eb8+fYZS1CPuWXRmEeDqG/aDFyze1tOFB390mG4="};
+  "HCP085HM232"={"KOZOVA";         15;"aHYrA7EnKO4wTkXOvv0Xpe8AnrGbZ3uu5esxdVjEaWA="};
+  "HD308B162BJ"={"KREM_AVTO";      16;"QGgLN35kyIKlOgwCA8Wu0Mu8KvfA/XwBvPEmK0+mjWA="};
+  "HD4084P4YJA"={"KREM_CENTR";     17;"2G/QKvexLiEVnLlaUn0f/pZmmjQGFNe0TicsbNGpJ0o="};
+  "HD4087BDKB9"={"KREM_SUGAR";     18;"YKgsC/hbBDHVotAI7mzucffLpr6/8uVlKmI7i7q6zno="};
+  "HD40810AB4M"={"MLYNIVCI";       19;"OHmheN29m5zeSMEAJ03/nktEH3ns5zfIqHzVoqN3YkI="};
+  "HD4086N2QZ9"={"PIDVOLOCHYSK";   20;"ACOB9BznZk+8EwXhRFzgJDzvu/Et2FGYfgOGFKxvBlI="};
+  "HD408D9Z586"={"TERN_ORION";     21;"MIeVkMqOxabo5b75IMYNRP5r5tvU1UmWRQ8u8nM0Pmw="};
+  "HD408B4K4RG"={"TERN_TEKSTYLNYK";22;"AKysRFyBr1zeFKwM53cRw2eUTKWG2fOs1UveamknRXo="};
+  "HD408A8MGY8"={"CHORTKIV_AVTO";  23;"sDbgef3h/vRxTRpVyUHNRI2vmbYLTbvduab4G/e1u3I="};
+  "HD4082AY9D2"={"CHORTKIV_CENTR"; 24;"mAeRljGQ3jzXHMxyF9zWWcfr8K9i51tWcfd6x7gc/1A="};
+  "HD4083ESK0Q"={"SKALAT";         25;"UIGg7Ltn+LsdB5uSeiwXmvPw9Om5Vb/zxfJHNttR4n4="};
+  "HD408AYF8PN"={"TERN_ZBROUND";   26;"OIXe3SsiPfNB8OEe3i9RSY8OIPCCA8uOfM1fNhIy1VA="}
+}
+
+# ---------- USER VARIABLES ----------
+:local serial [/system/routerboard/get serial-number as-string]
+:local site ($sites->$serial)
+:local baseName ($site->0)
+:local routerNum ($site->1)
+:local wgKey ($site->2)
+
+# ---------- CALCULATED VARIABLES ----------
+:local lanOctet ("192.168." . ($routerNum + 100))
+:local wireOctet ("192.168." . ($routerNum + 50))
+:local identityName ($baseName . "_ice" . $routerNum)
+
+:local lanIp ($lanOctet . ".1/24")
+:local mngIp ("192.168.50." . ($routerNum + 100) . "/24")
+:local wireIp ($wireOctet . ".1/24")
+:local wgIp ("10.30.0." . $routerNum . "/24")
+:local lanNetwork ($lanOctet . ".0")
+:local lanSubnet ($lanOctet . ".0/24")
+:local wireSubnet ($wireOctet . ".0/24")
+:local lanGateway ($lanOctet . ".1")
+:local wireGateway ($wireOctet . ".1")
+:local k 0
+
+:put ("Applying config for: " . $identityName)
+:put ("LAN subnet: " . $lanSubnet)
+
+# --- 1. Interfaces / bridges ---
+/interface bridge
+:if ([:len [find where name="br_wire"]] = 0) do={add name=br_wire}
+
+# --- 3. LTE APN ---
+/interface lte apn
+:if ([:len [find default=yes]] > 0) do={set [find default=yes] apn=KS}
+
+# --- 4. Wireless security profiles ---
+/interface wireless security-profiles
+:if ([:len [find where name="wifi_pass"]] = 0) do={
+    add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys \
+        name=wifi_pass supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=33322333
+}
+:if ([:len [find where name="mgmt_pass"]] = 0) do={
+    add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys \
+        name=mgmt_pass supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=v670649!
+}
+# --- 5. Wireless interfaces ---
+/interface wireless
+set [find default-name=wlan1] \
+    band=2ghz-g/n channel-width=20/40mhz-XX country=ukraine \
+    disabled=no frequency=auto installation=indoor \
+    mode=ap-bridge security-profile=wifi_pass ssid=TMPOLUS \
+    wireless-protocol=802.11
+set [find default-name=wlan2] \
+    band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
+    country=ukraine disabled=no frequency=auto \
+    installation=indoor mode=ap-bridge security-profile=wifi_pass \
+    ssid=TMPOLUS_5Ghz wireless-protocol=802.11
+:if ([:len [find where name="wlan3"]] = 0) do={add disabled=no master-interface=wlan1 name=wlan3 security-profile=mgmt_pass ssid=POLUS_M}
+:if ([:len [find where name="wlan4"]] = 0) do={add disabled=no master-interface=wlan2 name=wlan4 security-profile=mgmt_pass ssid=POLUS_M5G}
+# --- 6. IP pools ---
+/ip pool
+:set k [find where name="default-dhcp"]
+:if ([:len $k] > 0) do={set $k ranges=($lanOctet . ".10-" . $lanOctet . ".254")}
+:if ([:len [find where name="pool_wire"]] = 0) do={add name=pool_wire ranges=($wireOctet . ".2-" . $wireOctet . ".254")}
+# --- 7. DHCP servers ---
+/ip dhcp-server
+#:if ([:len [find where name="defconf"]] > 0) do={set [find where name="defconf"] address-pool=default-dhcp interface=bridge lease-time=10m}
+:if ([:len [find where name="dhcp_wire"]] = 0) do={add address-pool=pool_wire interface=br_wire name=dhcp_wire}
+# --- 8. Bridge ports ---
+/interface bridge port
+:set k [find where interface="ether1"]; :if ([:len $k] > 0) do={set $k disabled=yes}
+:set k [find where interface="ether2"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
+:set k [find where interface="ether3"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
+:set k [find where interface="ether4"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
+:set k [find where interface="ether5"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
+:set k [find where interface="wlan1"]; :if ([:len $k] > 0) do={set $k bridge=bridge}
+:set k [find where interface="wlan2"]; :if ([:len $k] > 0) do={set $k bridge=bridge}
+:if ([:len [find where interface="wlan3"]] = 0) do={add bridge=br_wire interface=wlan3}
+:if ([:len [find where interface="wlan4"]] = 0) do={add bridge=br_wire interface=wlan4}
+
+# --- 9. Firewall / IP settings / IPv6 ---
+/ip settings set allow-fast-path=no
+/ipv6 settings set disable-ipv6=yes
+
+# --- 10. Interface list members ---
+/interface list member
+:if ([:len [find where interface="ether1" and list="WAN"]] = 0) do={add interface=ether1 list=WAN}
+:if ([:len [find where interface="br_wire" and list="LAN"]] = 0) do={add interface=br_wire list=LAN}
+
+# --- 11. WireGuard ---
+/interface wireguard
+:if ([:len [find where name="wireguard1"]] = 0) do={add name=wireguard1 private-key=$wgKey} else={set [find where name="wireguard1"] private-key=$wgKey}
+
+/interface list member
+:if ([:len [find where interface="wireguard1" and list="LAN"]] = 0) do={add interface=wireguard1 list=LAN}
+
+/interface wireguard peers
+:if ([:len [find where name="peer1"]] = 0) do={
+    add allowed-address=10.30.0.100/32,10.30.0.99/32,192.168.50.100/32 \
+        endpoint-address=5.58.56.184 endpoint-port=13232 interface=wireguard1 \
+        name=peer1 persistent-keepalive=25s \
+        public-key="h7dfJOG+mjNms+9TvdENZ4m6vOddTubXj/XaNF1gPDI="
+} else={
+    set [find where name="peer1"] \
+        allowed-address=10.30.0.100/32,10.30.0.99/32,192.168.50.100/32 \
+        endpoint-address=5.58.56.184 endpoint-port=13232 interface=wireguard1 \
+        persistent-keepalive=25s \
+        public-key="h7dfJOG+mjNms+9TvdENZ4m6vOddTubXj/XaNF1gPDI="
+}
+
+# --- 12. IP addresses ---
+/ip address
+
+# міняємо адресу bridge на свою
+:set k [find where interface="bridge" and address="192.168.88.1/24"]
+:if ([:len $k] > 0) do={set $k address=$lanIp
+} else={
+# якщо на bridge досі немає LAN адреси, додаємо
+  :if ([:len [find where interface="bridge" and address=$lanIp]] = 0) do={add address=$lanIp interface=bridge}
+}
+# адреса для управління в мережі 50
+:if ([:len [find where interface="br_wire" and address=$mngIp]] = 0) do={add address=$mngIp interface=br_wire}
+
+# wireguard
+:if ([:len [find where interface="wireguard1" and address=$wgIp]] = 0) do={add address=$wgIp interface=wireguard1}
+
+# br_wire
+:if ([:len [find where interface="br_wire" and address=$wireIp]] = 0) do={add address=$wireIp interface=br_wire}
+
+# --- 13. DHCP client on ether1 ---
+/ip dhcp-client
+:if ([:len [find where interface="ether1"]] = 0) do={add interface=ether1}
+
+# --- 15. DHCP server networks ---
+/ip dhcp-server network
+:foreach i in=[find] do={
+    :local nAddr [get $i address]
+    :if (($nAddr = "192.168.88.0/24") || ($nAddr = $lanSubnet)) do={set $i address=$lanSubnet dns-server=$lanGateway gateway=$lanGateway}
+}
+:if ([:len [find where address=$lanSubnet]] = 0) do={add address=$lanSubnet dns-server=$lanGateway gateway=$lanGateway}
+:if ([:len [find where address=$wireSubnet]] = 0) do={add address=$wireSubnet dns-server=$wireGateway gateway=$wireGateway}
+
+# --- 16. DNS ---
+/ip dns set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,8.8.4.4,1.0.0.1
+
+# --- 17. Firewall filter ---
+/ip firewall filter
+:foreach i in=[find where comment="defconf: fasttrack"] do={set $i disabled=yes}
+
+# --- 19. Routes ---
+/ip route
+:if ([:len [find where gateway="192.168.50.1"]] = 0) do={add disabled=no distance=10 gateway=192.168.50.1}
+:if ([:len [find where dst-address="192.168.50.100/32" and gateway="10.30.0.100"]] = 0) do={add disabled=no distance=1 dst-address=192.168.50.100/32 gateway=10.30.0.100}
+
+# --- 20. Services ---
+/ip service
+set ftp disabled=yes
+set ssh disabled=yes
+set telnet disabled=yes
+set www disabled=yes
+set api disabled=yes
+set api-ssl disabled=yes
+
+# --- 21. SNMP ---
+/snmp set enabled=yes location=$baseName
+
+# --- 22. System identity / NTP / clock ---
+/system identity set name=$identityName
+/system ntp client set enabled=yes
+/system ntp client servers
+:if ([:len [find where address="0.ua.pool.ntp.org"]] = 0) do={add address=0.ua.pool.ntp.org}
+:if ([:len [find where address="1.ua.pool.ntp.org"]] = 0) do={add address=1.ua.pool.ntp.org}
+/system clock set time-zone-name=Europe/Kiev
+
+# --- 24. Routerboard / romon ---
+/system routerboard settings set auto-upgrade=yes
+/tool mac-server set allowed-interface-list=LAN
+/tool mac-server mac-winbox set allowed-interface-list=LAN
+/tool romon set enabled=yes
+:put ("=== DONE: " . $identityName . " / " . $lanIp . " ===")
\ No newline at end of file