mapik / watcher-nms
Watcher NMS
Maintainers
Requires
- php: >=8.2
- cakedc/users: ^16.0
- cakephp/cakephp: ^5.3
- cakephp/migrations: ^5.1
- cakephp/plugin-installer: ^2.0
- composer/composer: ^2.9
- dereuromark/cakephp-audit-stash: ^2.0.1
- dereuromark/cakephp-geo: ^3.8
- geocoder-php/google-maps-provider: ^4.8
- league/oauth2-google: ^5.0
- mobiledetect/mobiledetectlib: ^4.10
Requires (Dev)
- cakedc/cakephp-phpstan: ^4.2
- cakephp/bake: ^3.6
- cakephp/cakephp-codesniffer: ^5.3
- cakephp/debug_kit: ^5.2
- josegonzalez/dotenv: ^4.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^11.5 || ^12.5 || ^13.1
- psalm/phar: ^6.16
Suggests
- cakephp/repl: Console tools for a REPL interface for CakePHP applications.
- dereuromark/cakephp-ide-helper: After baking your code, this keeps your annotations in sync with the code evolving from there on for maximum IDE and PHPStan/Psalm compatibility.
- markstory/asset_compress: An asset compression plugin which provides file concatenation and a flexible filter system for preprocessing and minification.
- phpstan/phpstan: PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.
- 4.x-dev
- 4.0.0-RC1
- 3.x-dev
- 3.2.1
- 3.2.0
- 3.0.5
- 3.0.4
- 3.0.3
- 3.0.2
- 3.0.1
- 3.0.0
- 3.0.0-RC6
- 3.0.0-RC5
- 3.0.0-RC4
- 3.0.0-RC3
- 3.0.0-RC2
- 3.0.0-RC1
- 2.x-dev
- 2.3.0
- 2.2.0
- 2.0.4
- 2.0.3
- 2.0.2
- 2.0.1
- 2.0.0
- 1.10.4
- 1.10.3
- 1.10.2
- 1.10.1
- 1.10.0
- 1.9.2
- 1.9.1
- 1.9.0
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.1
- 1.8.0
- 1.7.2
- 1.7.1
- 1.7.0
- 1.6.3
- 1.6.2
- 1.6.1
- 1.6.0
- 1.6.0-RC1
- 1.6.0-beta3
- 1.6.0-beta2
- 1.6.0-beta1
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.1
- 1.5.0
- 1.4.2
- 1.4.1
- 1.4.0
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.2
- 1.1.1
- 1.1.0
- 1.0.1
- 1.0.0
This package is auto-updated.
Last update: 2026-06-03 10:38:04 UTC
README
Network Management System for ISPs, built on CakePHP.
Description
- Inventory of access points, network devices, electricity-meter readings, …
- RouterOS device auto-registration via SNMP — devices identify themselves through the Watcher Agent, which reads them over SNMP and pushes the inventory here; the matching device-type profile is then applied automatically.
- Optional checks for radio interference with Czech weather radar stations.
RouterOS device integration
RouterOS device provisioning runs through the Watcher Agent — a small on-site service that can reach customer-edge devices the NMS cannot talk to directly. The agent reads the device over SNMP, pushes the inventory to this NMS, and returns the generated configuration script back to the device.
Configure a scheduler on the RouterOS device to fetch and run the script from the agent. The URL embeds the device-type identifier and the device's serial number; the agent verifies the serial over SNMP and the NMS returns the appropriate script response.
/tool fetch url=( \
"https://agent.watcher.domain/provision/routeros/{device-type-identifier}/" \
. [/system routerboard get serial-number] \
. "/\?token=***" \
) dst-path=watcher-config.rsc
/import watcher-config.rsc
:delay 5
/file remove watcher-config.rsc
The ?token=*** must match the agent's AGENT_ROUTEROS_QUERY_TOKEN, and the
device's source IP must fall within the agent's AGENT_ROUTEROS_ALLOW_CIDRS
allowlist (see the Watcher Agent
configuration).
To also update the admin password (derived from the serial number and the system‑wide salt), enable this option for the device type in the web UI and ensure the script is imported after fetching.
The currently generated password for each device is shown on its detail page.
Otherwise the script only logs the provisioning status and performs no changes.
Requirements
- PHP 8.2 or newer
- PostgreSQL
- Redis
- Watcher Agent — required only for
SNMP reads and RouterOS provisioning. It is a separate service (run it in
Docker, even on the same host; it supports the PROXY protocol behind a load
balancer). The NMS no longer talks SNMP directly, so the PHP
snmpextension is no longer needed.
The Docker Compose stack below provides PostgreSQL and Redis out of the box, so on a fresh host you only need Docker.
Installation
Two install paths are supported. Docker Compose is recommended.
Option A — Docker Compose (recommended)
git clone https://github.com/Mapiiik/Watcher-NMS.git cd Watcher-NMS cp config/.env.example config/.env # edit config/.env — set APP_NAME and any integration URLs / API keys docker compose -f compose.production.yaml up -d
The production image runs composer run-script migrations and rebuilds the
schema cache automatically on container start, so the app is reachable at
http://localhost (and https://localhost with a self-signed cert) once the
container is healthy. Set SERVER_NAME in the compose environment to a real
domain to enable Let's Encrypt issuance via the bundled acme.sh.
Option B — Bare-metal (host nginx + PHP-FPM, FrankenPHP, …)
For hosts already running their own PHP webserver:
git clone https://github.com/Mapiiik/Watcher-NMS.git cd Watcher-NMS composer install --no-dev cp config/.env.example config/.env # edit config/.env — at minimum DATABASE_URL and CACHE_*_URL composer run-script migrations composer run-script schema-cache
Point your webserver's document root at the webroot/ directory. SNMP polling
and RouterOS provisioning are handled by the separate
Watcher Agent, so no PHP snmp
extension is required here.
Configuration
Runtime settings live in config/.env (or are passed in as environment
variables — see the environment: blocks in the compose files for the keys
read at boot). Common groups:
- Database / cache:
DATABASE_URL,CACHE_*_URL - Server:
APP_NAME(used as cache prefix),SERVER_NAME(domain for ACME / TLS in the production image) - Geocoding: the app uses Google Maps via
geocoder-php/google-maps-provider; configure the key inconfig/app_local.php(or your environment file).
Customizing the compose stack
If compose.production.yaml doesn't fit your environment, copy it to
compose.yaml and customize there — compose.yaml is git-ignored, so
git pull won't overwrite your changes.
cp compose.production.yaml compose.yaml
# edit compose.yaml as needed
docker compose up -d
Typical reasons to override: pointing services at infrastructure already running on the host (e.g. an existing PostgreSQL instance, external Redis, reverse proxy), removing bundled containers you don't need, or tweaking volumes / networks.
Development
Two compose files target local development:
compose.dev-frankenphp.yaml— FrankenPHP (HTTP/1.1, HTTP/2, HTTP/3)compose.dev-nginx.yaml— classic nginx + PHP-FPM
Both bind-mount the working tree into the container and place vendor/,
tmp/, logs/, plus the PostgreSQL data directory and Redis data on
tmpfs — fast iteration and disposable state, but everything in those paths
is lost when the stack is torn down.
docker compose -f compose.dev-frankenphp.yaml up
The Postgres and Redis ports are exposed to the host (5432, 6379) so you
can connect with local clients while the stack is running.
License
Watcher NMS is licensed under the GNU Affero General Public License v3.0. Copyright (c) 2026 Martin Patočka.
What this means
You are free to use, modify and run this software. If you modify it and make it available to others (including as a network service), you must also make your modifications available under the same license.