- New crowdsec-mikrotik-bouncer service: mirrors CrowdSec decisions into a
RouterOS address-list on the AX3 for WAN edge-dropping (covers all ports,
incl. VPN/SSH), complementing the L7 Traefik bouncer.
- Connects over api-ssl/TLS using an OpenBAO-issued cert; trusts the OpenBAO
root+intermediate via SSL_CERT_FILE (crowdsec/famfi-ca-bundle.pem).
- Secrets (MIKROTIK_PASS, LAPI key) kept in root-only .mikrotik.env, git-ignored.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Lutz Finsterle
34d11c0e29