first commit
This commit is contained in:
212
init.rsc
Normal file
212
init.rsc
Normal file
@@ -0,0 +1,212 @@
|
|||||||
|
# =========================
|
||||||
|
# PARAMETRIZED VERSION
|
||||||
|
# =========================
|
||||||
|
:put "=== START CONFIG ==="
|
||||||
|
:local sites {
|
||||||
|
"HD408FN1902"={"TERN_ZLUKY"; 1 ;"MPqIO5zLD3WgbLdCH7FtsGt301/2tMxNRvxVtPLMf2Q="};
|
||||||
|
"HD4086DD9S6"={"LANIVTSI"; 2 ;"eJd8hF7QjXwCESIPFDCf1wMo994zeMIyjzfcHrv4Ukc="};
|
||||||
|
"HD4081EA7M6"={"TERN_LUCHAK"; 3 ;"eE5Lo6A8snNx68GmGQ+kpSH9yD52FFc2Y8YdM2pVclc="};
|
||||||
|
"HD4088NSD8H"={"TERN_ST.BAND"; 4 ;"iFcv5EfMBvYGRjxuNn+0kHVH//Z8cl3XGzVNN8/fyEo="};
|
||||||
|
"HD408BVPWSK"={"BEREZOVYTSYA"; 5 ;"cJZJUD8pwoOdVfNHV1oM4AsncDbPOkxyA64bjwdP638="};
|
||||||
|
"HD4088VMCQC"={"TEREBOVLYA"; 6 ;"6B00zTnQCVhGOhgRNK0WjU+xADhE6dfgNITyEfzBfXI="};
|
||||||
|
"HD408DK2F47"={"ZBORIV"; 7 ;"yAUuDey3lGOSgUEqjOB8/zthLRyxrmUO67lOsiSW/UE="};
|
||||||
|
"HCP08E8JF2T"={"BEREGANY"; 8 ;"IDUwF4kMMYxnEXMqPwPkju0qlSKQCSLtUcmZPwnC0FA="};
|
||||||
|
"HD4086QX97J"={"BORSCHIV"; 9 ;"SJlidu1caJtR7UOoTSo4EVB4gpW/JIodjsrak+A3RXk="};
|
||||||
|
"HD4088NBP0G"={"BUCHACH"; 10;"yBqqq11aTvVIAQOzak5OVgwSkoQHsd2ar7OAzzUXAUo="};
|
||||||
|
"HD408212ZPR"={"VOLOCHYSK"; 11;"aN8etil7vivX0u8Or7WCWjq9Ch6jOvFIzHFtYfdjqkU="};
|
||||||
|
"HE808Y6XPKZ"={"ZALISTSI"; 12;"iDPBzlgoJfaLX4RtxA8KAgo2L1+VYJIZUF8lDSq4c3s="};
|
||||||
|
"HD4081S3G9J"={"ZALISCHYKY"; 13;"YGLOgkzRvBtjeymxxh6hFOHCWRftaWnkPNzrjHw5/U0="};
|
||||||
|
"HE808S9M4P9"={"ZBARAG"; 14;"sJM4Eb8+fYZS1CPuWXRmEeDqG/aDFyze1tOFB390mG4="};
|
||||||
|
"HCP085HM232"={"KOZOVA"; 15;"aHYrA7EnKO4wTkXOvv0Xpe8AnrGbZ3uu5esxdVjEaWA="};
|
||||||
|
"HD308B162BJ"={"KREM_AVTO"; 16;"QGgLN35kyIKlOgwCA8Wu0Mu8KvfA/XwBvPEmK0+mjWA="};
|
||||||
|
"HD4084P4YJA"={"KREM_CENTR"; 17;"2G/QKvexLiEVnLlaUn0f/pZmmjQGFNe0TicsbNGpJ0o="};
|
||||||
|
"HD4087BDKB9"={"KREM_SUGAR"; 18;"YKgsC/hbBDHVotAI7mzucffLpr6/8uVlKmI7i7q6zno="};
|
||||||
|
"HD40810AB4M"={"MLYNIVCI"; 19;"OHmheN29m5zeSMEAJ03/nktEH3ns5zfIqHzVoqN3YkI="};
|
||||||
|
"HD4086N2QZ9"={"PIDVOLOCHYSK"; 20;"ACOB9BznZk+8EwXhRFzgJDzvu/Et2FGYfgOGFKxvBlI="};
|
||||||
|
"HD408D9Z586"={"TERN_ORION"; 21;"MIeVkMqOxabo5b75IMYNRP5r5tvU1UmWRQ8u8nM0Pmw="};
|
||||||
|
"HD408B4K4RG"={"TERN_TEKSTYLNYK";22;"AKysRFyBr1zeFKwM53cRw2eUTKWG2fOs1UveamknRXo="};
|
||||||
|
"HD408A8MGY8"={"CHORTKIV_AVTO"; 23;"sDbgef3h/vRxTRpVyUHNRI2vmbYLTbvduab4G/e1u3I="};
|
||||||
|
"HD4082AY9D2"={"CHORTKIV_CENTR"; 24;"mAeRljGQ3jzXHMxyF9zWWcfr8K9i51tWcfd6x7gc/1A="};
|
||||||
|
"HD4083ESK0Q"={"SKALAT"; 25;"UIGg7Ltn+LsdB5uSeiwXmvPw9Om5Vb/zxfJHNttR4n4="};
|
||||||
|
"HD408AYF8PN"={"TERN_ZBROUND"; 26;"OIXe3SsiPfNB8OEe3i9RSY8OIPCCA8uOfM1fNhIy1VA="}
|
||||||
|
}
|
||||||
|
|
||||||
|
# ---------- USER VARIABLES ----------
|
||||||
|
:local serial [/system/routerboard/get serial-number as-string]
|
||||||
|
:local site ($sites->$serial)
|
||||||
|
:local baseName ($site->0)
|
||||||
|
:local routerNum ($site->1)
|
||||||
|
:local wgKey ($site->2)
|
||||||
|
|
||||||
|
# ---------- CALCULATED VARIABLES ----------
|
||||||
|
:local lanOctet ("192.168." . ($routerNum + 100))
|
||||||
|
:local wireOctet ("192.168." . ($routerNum + 50))
|
||||||
|
:local identityName ($baseName . "_ice" . $routerNum)
|
||||||
|
|
||||||
|
:local lanIp ($lanOctet . ".1/24")
|
||||||
|
:local mngIp ("192.168.50." . ($routerNum + 100) . "/24")
|
||||||
|
:local wireIp ($wireOctet . ".1/24")
|
||||||
|
:local wgIp ("10.30.0." . $routerNum . "/24")
|
||||||
|
:local lanNetwork ($lanOctet . ".0")
|
||||||
|
:local lanSubnet ($lanOctet . ".0/24")
|
||||||
|
:local wireSubnet ($wireOctet . ".0/24")
|
||||||
|
:local lanGateway ($lanOctet . ".1")
|
||||||
|
:local wireGateway ($wireOctet . ".1")
|
||||||
|
:local k 0
|
||||||
|
|
||||||
|
:put ("Applying config for: " . $identityName)
|
||||||
|
:put ("LAN subnet: " . $lanSubnet)
|
||||||
|
|
||||||
|
# --- 1. Interfaces / bridges ---
|
||||||
|
/interface bridge
|
||||||
|
:if ([:len [find where name="br_wire"]] = 0) do={add name=br_wire}
|
||||||
|
|
||||||
|
# --- 3. LTE APN ---
|
||||||
|
/interface lte apn
|
||||||
|
:if ([:len [find default=yes]] > 0) do={set [find default=yes] apn=KS}
|
||||||
|
|
||||||
|
# --- 4. Wireless security profiles ---
|
||||||
|
/interface wireless security-profiles
|
||||||
|
:if ([:len [find where name="wifi_pass"]] = 0) do={
|
||||||
|
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys \
|
||||||
|
name=wifi_pass supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=33322333
|
||||||
|
}
|
||||||
|
:if ([:len [find where name="mgmt_pass"]] = 0) do={
|
||||||
|
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys \
|
||||||
|
name=mgmt_pass supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=v670649!
|
||||||
|
}
|
||||||
|
# --- 5. Wireless interfaces ---
|
||||||
|
/interface wireless
|
||||||
|
set [find default-name=wlan1] \
|
||||||
|
band=2ghz-g/n channel-width=20/40mhz-XX country=ukraine \
|
||||||
|
disabled=no frequency=auto installation=indoor \
|
||||||
|
mode=ap-bridge security-profile=wifi_pass ssid=TMPOLUS \
|
||||||
|
wireless-protocol=802.11
|
||||||
|
set [find default-name=wlan2] \
|
||||||
|
band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
|
||||||
|
country=ukraine disabled=no frequency=auto \
|
||||||
|
installation=indoor mode=ap-bridge security-profile=wifi_pass \
|
||||||
|
ssid=TMPOLUS_5Ghz wireless-protocol=802.11
|
||||||
|
:if ([:len [find where name="wlan3"]] = 0) do={add disabled=no master-interface=wlan1 name=wlan3 security-profile=mgmt_pass ssid=POLUS_M}
|
||||||
|
:if ([:len [find where name="wlan4"]] = 0) do={add disabled=no master-interface=wlan2 name=wlan4 security-profile=mgmt_pass ssid=POLUS_M5G}
|
||||||
|
# --- 6. IP pools ---
|
||||||
|
/ip pool
|
||||||
|
:set k [find where name="default-dhcp"]
|
||||||
|
:if ([:len $k] > 0) do={set $k ranges=($lanOctet . ".10-" . $lanOctet . ".254")}
|
||||||
|
:if ([:len [find where name="pool_wire"]] = 0) do={add name=pool_wire ranges=($wireOctet . ".2-" . $wireOctet . ".254")}
|
||||||
|
# --- 7. DHCP servers ---
|
||||||
|
/ip dhcp-server
|
||||||
|
#:if ([:len [find where name="defconf"]] > 0) do={set [find where name="defconf"] address-pool=default-dhcp interface=bridge lease-time=10m}
|
||||||
|
:if ([:len [find where name="dhcp_wire"]] = 0) do={add address-pool=pool_wire interface=br_wire name=dhcp_wire}
|
||||||
|
# --- 8. Bridge ports ---
|
||||||
|
/interface bridge port
|
||||||
|
:set k [find where interface="ether1"]; :if ([:len $k] > 0) do={set $k disabled=yes}
|
||||||
|
:set k [find where interface="ether2"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
|
||||||
|
:set k [find where interface="ether3"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
|
||||||
|
:set k [find where interface="ether4"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
|
||||||
|
:set k [find where interface="ether5"]; :if ([:len $k] > 0) do={set $k bridge=br_wire}
|
||||||
|
:set k [find where interface="wlan1"]; :if ([:len $k] > 0) do={set $k bridge=bridge}
|
||||||
|
:set k [find where interface="wlan2"]; :if ([:len $k] > 0) do={set $k bridge=bridge}
|
||||||
|
:if ([:len [find where interface="wlan3"]] = 0) do={add bridge=br_wire interface=wlan3}
|
||||||
|
:if ([:len [find where interface="wlan4"]] = 0) do={add bridge=br_wire interface=wlan4}
|
||||||
|
|
||||||
|
# --- 9. Firewall / IP settings / IPv6 ---
|
||||||
|
/ip settings set allow-fast-path=no
|
||||||
|
/ipv6 settings set disable-ipv6=yes
|
||||||
|
|
||||||
|
# --- 10. Interface list members ---
|
||||||
|
/interface list member
|
||||||
|
:if ([:len [find where interface="ether1" and list="WAN"]] = 0) do={add interface=ether1 list=WAN}
|
||||||
|
:if ([:len [find where interface="br_wire" and list="LAN"]] = 0) do={add interface=br_wire list=LAN}
|
||||||
|
|
||||||
|
# --- 11. WireGuard ---
|
||||||
|
/interface wireguard
|
||||||
|
:if ([:len [find where name="wireguard1"]] = 0) do={add name=wireguard1 private-key=$wgKey} else={set [find where name="wireguard1"] private-key=$wgKey}
|
||||||
|
|
||||||
|
/interface list member
|
||||||
|
:if ([:len [find where interface="wireguard1" and list="LAN"]] = 0) do={add interface=wireguard1 list=LAN}
|
||||||
|
|
||||||
|
/interface wireguard peers
|
||||||
|
:if ([:len [find where name="peer1"]] = 0) do={
|
||||||
|
add allowed-address=10.30.0.100/32,10.30.0.99/32,192.168.50.100/32 \
|
||||||
|
endpoint-address=5.58.56.184 endpoint-port=13232 interface=wireguard1 \
|
||||||
|
name=peer1 persistent-keepalive=25s \
|
||||||
|
public-key="h7dfJOG+mjNms+9TvdENZ4m6vOddTubXj/XaNF1gPDI="
|
||||||
|
} else={
|
||||||
|
set [find where name="peer1"] \
|
||||||
|
allowed-address=10.30.0.100/32,10.30.0.99/32,192.168.50.100/32 \
|
||||||
|
endpoint-address=5.58.56.184 endpoint-port=13232 interface=wireguard1 \
|
||||||
|
persistent-keepalive=25s \
|
||||||
|
public-key="h7dfJOG+mjNms+9TvdENZ4m6vOddTubXj/XaNF1gPDI="
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- 12. IP addresses ---
|
||||||
|
/ip address
|
||||||
|
|
||||||
|
# міняємо адресу bridge на свою
|
||||||
|
:set k [find where interface="bridge" and address="192.168.88.1/24"]
|
||||||
|
:if ([:len $k] > 0) do={set $k address=$lanIp
|
||||||
|
} else={
|
||||||
|
# якщо на bridge досі немає LAN адреси, додаємо
|
||||||
|
:if ([:len [find where interface="bridge" and address=$lanIp]] = 0) do={add address=$lanIp interface=bridge}
|
||||||
|
}
|
||||||
|
# адреса для управління в мережі 50
|
||||||
|
:if ([:len [find where interface="br_wire" and address=$mngIp]] = 0) do={add address=$mngIp interface=br_wire}
|
||||||
|
|
||||||
|
# wireguard
|
||||||
|
:if ([:len [find where interface="wireguard1" and address=$wgIp]] = 0) do={add address=$wgIp interface=wireguard1}
|
||||||
|
|
||||||
|
# br_wire
|
||||||
|
:if ([:len [find where interface="br_wire" and address=$wireIp]] = 0) do={add address=$wireIp interface=br_wire}
|
||||||
|
|
||||||
|
# --- 13. DHCP client on ether1 ---
|
||||||
|
/ip dhcp-client
|
||||||
|
:if ([:len [find where interface="ether1"]] = 0) do={add interface=ether1}
|
||||||
|
|
||||||
|
# --- 15. DHCP server networks ---
|
||||||
|
/ip dhcp-server network
|
||||||
|
:foreach i in=[find] do={
|
||||||
|
:local nAddr [get $i address]
|
||||||
|
:if (($nAddr = "192.168.88.0/24") || ($nAddr = $lanSubnet)) do={set $i address=$lanSubnet dns-server=$lanGateway gateway=$lanGateway}
|
||||||
|
}
|
||||||
|
:if ([:len [find where address=$lanSubnet]] = 0) do={add address=$lanSubnet dns-server=$lanGateway gateway=$lanGateway}
|
||||||
|
:if ([:len [find where address=$wireSubnet]] = 0) do={add address=$wireSubnet dns-server=$wireGateway gateway=$wireGateway}
|
||||||
|
|
||||||
|
# --- 16. DNS ---
|
||||||
|
/ip dns set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,8.8.4.4,1.0.0.1
|
||||||
|
|
||||||
|
# --- 17. Firewall filter ---
|
||||||
|
/ip firewall filter
|
||||||
|
:foreach i in=[find where comment="defconf: fasttrack"] do={set $i disabled=yes}
|
||||||
|
|
||||||
|
# --- 19. Routes ---
|
||||||
|
/ip route
|
||||||
|
:if ([:len [find where gateway="192.168.50.1"]] = 0) do={add disabled=no distance=10 gateway=192.168.50.1}
|
||||||
|
:if ([:len [find where dst-address="192.168.50.100/32" and gateway="10.30.0.100"]] = 0) do={add disabled=no distance=1 dst-address=192.168.50.100/32 gateway=10.30.0.100}
|
||||||
|
|
||||||
|
# --- 20. Services ---
|
||||||
|
/ip service
|
||||||
|
set ftp disabled=yes
|
||||||
|
set ssh disabled=yes
|
||||||
|
set telnet disabled=yes
|
||||||
|
set www disabled=yes
|
||||||
|
set api disabled=yes
|
||||||
|
set api-ssl disabled=yes
|
||||||
|
|
||||||
|
# --- 21. SNMP ---
|
||||||
|
/snmp set enabled=yes location=$baseName
|
||||||
|
|
||||||
|
# --- 22. System identity / NTP / clock ---
|
||||||
|
/system identity set name=$identityName
|
||||||
|
/system ntp client set enabled=yes
|
||||||
|
/system ntp client servers
|
||||||
|
:if ([:len [find where address="0.ua.pool.ntp.org"]] = 0) do={add address=0.ua.pool.ntp.org}
|
||||||
|
:if ([:len [find where address="1.ua.pool.ntp.org"]] = 0) do={add address=1.ua.pool.ntp.org}
|
||||||
|
/system clock set time-zone-name=Europe/Kiev
|
||||||
|
|
||||||
|
# --- 24. Routerboard / romon ---
|
||||||
|
/system routerboard settings set auto-upgrade=yes
|
||||||
|
/tool mac-server set allowed-interface-list=LAN
|
||||||
|
/tool mac-server mac-winbox set allowed-interface-list=LAN
|
||||||
|
/tool romon set enabled=yes
|
||||||
|
:put ("=== DONE: " . $identityName . " / " . $lanIp . " ===")
|
||||||
Reference in New Issue
Block a user