Network Management System for ISPs, built on CakePHP.

• Inventory of access points, network devices, electricity-meter readings, …
• RouterOS device auto-registration via SNMP — devices identify themselves through an HTTP/S request and the matching device-type profile is applied automatically.
• Optional checks for radio interference with Czech weather radar stations.

Configure a scheduler on the RouterOS device to fetch and run a generated configuration script. The script URL embeds the device-type identifier and the device's serial number; the system looks both up and returns the appropriate script response.

/tool fetch url=("https://nms.watcher.domain/routeros-devices/configuration-script/{device-type-identifier}/" . [/system routerboard get serial-number] . "/watcher-config.rsc")
/import watcher-config.rsc
:delay 5
/file remove watcher-config.rsc

To also update the admin password (derived from the serial number and the system‑wide salt), enable this option for the device type in the web UI and ensure the script is imported after fetching.

The currently generated password for each device is shown on its detail page.

Otherwise the script only logs the provisioning status and performs no changes.

• PHP 8.2 or newer
• PostgreSQL
• Redis
• PHP snmp extension (only when polling RouterOS devices over SNMP — already bundled in the production Docker image)

The Docker Compose stack below provides PostgreSQL and Redis out of the box, so on a fresh host you only need Docker.

Two install paths are supported. Docker Compose is recommended.

git clone https://github.com/Mapiiik/Watcher-NMS.git
cd Watcher-NMS
cp config/.env.example config/.env
# edit config/.env — set APP_NAME and any integration URLs / API keys
docker compose -f compose.production.yaml up -d

The production image runs composer run-script migrations and rebuilds the schema cache automatically on container start, so the app is reachable at http://localhost (and https://localhost with a self-signed cert) once the container is healthy. Set SERVER_NAME in the compose environment to a real domain to enable Let's Encrypt issuance via the bundled acme.sh.

For hosts already running their own PHP webserver:

git clone https://github.com/Mapiiik/Watcher-NMS.git
cd Watcher-NMS
composer install --no-dev
cp config/.env.example config/.env
# edit config/.env — at minimum DATABASE_URL and CACHE_*_URL

composer run-script migrations
composer run-script schema-cache

Point your webserver's document root at the webroot/ directory. Install the PHP snmp extension if you intend to poll RouterOS devices over SNMP.

Runtime settings live in config/.env (or are passed in as environment variables — see the environment: blocks in the compose files for the keys read at boot). Common groups:

• Database / cache: DATABASE_URL, CACHE_*_URL
• Server: APP_NAME (used as cache prefix), SERVER_NAME (domain for ACME / TLS in the production image)
• Geocoding: the app uses Google Maps via geocoder-php/google-maps-provider; configure the key in config/app_local.php (or your environment file).

If compose.production.yaml doesn't fit your environment, copy it to compose.yaml and customize there — compose.yaml is git-ignored, so git pull won't overwrite your changes.

cp compose.production.yaml compose.yaml
# edit compose.yaml as needed
docker compose up -d

Typical reasons to override: pointing services at infrastructure already running on the host (e.g. an existing PostgreSQL instance, external Redis, reverse proxy), removing bundled containers you don't need, or tweaking volumes / networks.

Two compose files target local development:

• compose.dev-frankenphp.yaml — FrankenPHP (HTTP/1.1, HTTP/2, HTTP/3)
• compose.dev-nginx.yaml — classic nginx + PHP-FPM

Both bind-mount the working tree into the container and place vendor/, tmp/, logs/, plus the PostgreSQL data directory and Redis data on tmpfs — fast iteration and disposable state, but everything in those paths is lost when the stack is torn down.

docker compose -f compose.dev-frankenphp.yaml up

The Postgres and Redis ports are exposed to the host (5432, 6379) so you can connect with local clients while the stack is running.

Watcher NMS is licensed under the GNU Affero General Public License v3.0. Copyright (c) 2026 Martin Patočka.

You are free to use, modify and run this software. If you modify it and make it available to others (including as a network service), you must also make your modifications available under the same license.