openwrt/turret: use new module and uci for everything

author: seth <[email protected]> 2024-03-09 18:32:41 -0500
committer: seth <[email protected]> 2024-03-09 18:33:10 -0500
commit: cb951dba532fe4518da5dbf876096968afab0c9a (patch)
tree: ad6425aa4956a2add835469e4fcaee1e7423565e /ext
parent: c76dc8f7aeb99be22d2b256c12076a177f659321 (diff)
16 files changed, 33 insertions, 469 deletions
diff --git a/ext/default.nix b/ext/default.nix
index 1001f94..cbb1ecf 100644
--- a/ext/default.nix
+++ b/ext/default.nix
@@ -1,6 +1,6 @@
 {
   imports = [
-    ./openwrt
+    ./openwrt.nix
     ./terranix
   ];
 }
diff --git a/ext/openwrt.nix b/ext/openwrt.nix
new file mode 100644
index 0000000..2d912dc
--- /dev/null
+++ b/ext/openwrt.nix
@@ -0,0 +1,32 @@
+{withSystem, ...}: {
+  openWrtImages = {
+    turret = {
+      release = "23.05.0";
+      profile = "netgear_wac104";
+
+      files = withSystem "x86_64-linux" ({pkgs, ...}:
+        pkgs.runCommand "image-files" {} ''
+          mkdir -p $out/etc/uci-defaults
+
+          cat > $out/etc/uci-defaults/99-custom << EOF
+          uci -q batch << EOI
+          set system.@system[0].hostname="turret"
+          del_list network.@device[0].ports="lan4"
+          set network.wan="interface"
+          set network.wan.device="lan4"
+          set network.wan.proto="dhcp"
+          set wireless.default_radio0.ssid="Box-2.4G"
+          set wireless.default_radio0.encryption="psk2"
+          set wireless.default_radio0.key="CorrectHorseBatteryStaple"
+          set wireless.default_radio1.ssid="Box-5G"
+          set wireless.default_radio1.encryption="psk2"
+          set wireless.default_radio1.key="CorrectHorseBatteryStaple"
+          add_list dhcp.@dnsmasq[0].server="1.1.1.1"
+          add_list dhcp.@dnsmasq[0].server="1.0.0.1"
+          commit
+          EOI
+          EOF
+        '');
+    };
+  };
+}
diff --git a/ext/openwrt/default.nix b/ext/openwrt/default.nix
deleted file mode 100644
index dd163df..0000000
--- a/ext/openwrt/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  withSystem,
-  inputs,
-  ...
-}: {
-  flake.legacyPackages.x86_64-linux = withSystem "x86_64-linux" ({pkgs, ...}: {
-    openWrtImages = {
-      turret = pkgs.callPackage ./turret {
-        inherit (inputs) openwrt-imagebuilder;
-      };
-    };
-  });
-}
diff --git a/ext/openwrt/turret/default.nix b/ext/openwrt/turret/default.nix
deleted file mode 100644
index 90ec750..0000000
--- a/ext/openwrt/turret/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-  pkgs,
-  openwrt-imagebuilder,
-  ...
-}: let
-  wrtProfiles = openwrt-imagebuilder.lib.profiles {
-    inherit pkgs;
-    release = "22.03.3";
-  };
-
-  image =
-    wrtProfiles.identifyProfile "netgear_wac104"
-    // {
-      packages = ["https-dns-proxy"];
-
-      files = pkgs.runCommand "image-files" {} ''
-        mkdir -p $out/etc/uci-defaults
-
-        cat > $out/etc/uci-defaults/99-custom <<EOF
-        uci -q batch << EOI
-        set system.@system[0].hostname='turret'
-        commit
-        EOI
-        EOF
-
-        # copy custom files
-        cp -fr ${./files}/* $out/
-        chmod 0644 $out/etc/{config,dropbear}/*
-      '';
-    };
-in
-  openwrt-imagebuilder.lib.build image
diff --git a/ext/openwrt/turret/files/etc/config/dhcp b/ext/openwrt/turret/files/etc/config/dhcp
deleted file mode 100644
index f1ffd42..0000000
--- a/ext/openwrt/turret/files/etc/config/dhcp
+++ /dev/null
@@ -1,50 +0,0 @@
-
-config dnsmasq
-	option domainneeded '1'
-	option localise_queries '1'
-	option rebind_protection '1'
-	option rebind_localhost '1'
-	option local '/lan/'
-	option domain 'lan'
-	option expandhosts '1'
-	option authoritative '1'
-	option readethers '1'
-	option leasefile '/tmp/dhcp.leases'
-	option localservice '1'
-	option ednspacket_max '1232'
-	option doh_backup_noresolv '-1'
-	option noresolv '1'
-	list doh_backup_server ''
-	list doh_backup_server '/mask.icloud.com/'
-	list doh_backup_server '/mask-h2.icloud.com/'
-	list doh_backup_server '/use-application-dns.net/'
-	list doh_backup_server '127.0.0.1#5054'
-	list doh_backup_server '127.0.0.1#5053'
-	list server '/mask.icloud.com/'
-	list server '/mask-h2.icloud.com/'
-	list server '/use-application-dns.net/'
-	list server '127.0.0.1#5054'
-	list server '127.0.0.1#5053'
-
-config dhcp 'lan'
-	option interface 'lan'
-	option start '100'
-	option limit '150'
-	option leasetime '12h'
-	option dhcpv4 'server'
-	option dhcpv6 'server'
-	option ra 'server'
-	option ra_slaac '1'
-	list ra_flags 'managed-config'
-	list ra_flags 'other-config'
-
-config dhcp 'wan'
-	option interface 'wan'
-	option ignore '1'
-
-config odhcpd 'odhcpd'
-	option maindhcp '0'
-	option leasefile '/tmp/hosts/odhcpd'
-	option leasetrigger '/usr/sbin/odhcpd-update'
-	option loglevel '4'
-
diff --git a/ext/openwrt/turret/files/etc/config/dropbear b/ext/openwrt/turret/files/etc/config/dropbear
deleted file mode 100644
index 95eb1d5..0000000
--- a/ext/openwrt/turret/files/etc/config/dropbear
+++ /dev/null
@@ -1,7 +0,0 @@
-
-config dropbear
-	option Port '22'
-	option Interface 'lan'
-	option PasswordAuth 'off'
-	option RootPasswordAuth 'off'
-
diff --git a/ext/openwrt/turret/files/etc/config/firewall b/ext/openwrt/turret/files/etc/config/firewall
deleted file mode 100644
index d4f7394..0000000
--- a/ext/openwrt/turret/files/etc/config/firewall
+++ /dev/null
@@ -1,131 +0,0 @@
-
-config defaults
-	option syn_flood '1'
-	option input 'ACCEPT'
-	option output 'ACCEPT'
-	option forward 'REJECT'
-
-config zone
-	option name 'lan'
-	list network 'lan'
-	option input 'ACCEPT'
-	option output 'ACCEPT'
-	option forward 'ACCEPT'
-
-config zone
-	option name 'wan'
-	list network 'wan'
-	list network 'wan6'
-	option input 'REJECT'
-	option output 'ACCEPT'
-	option forward 'REJECT'
-	option masq '1'
-	option mtu_fix '1'
-
-config forwarding
-	option src 'lan'
-	option dest 'wan'
-
-config rule
-	option name 'Allow-DHCP-Renew'
-	option src 'wan'
-	option proto 'udp'
-	option dest_port '68'
-	option target 'ACCEPT'
-	option family 'ipv4'
-
-config rule
-	option name 'Allow-Ping'
-	option src 'wan'
-	option proto 'icmp'
-	option icmp_type 'echo-request'
-	option family 'ipv4'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-IGMP'
-	option src 'wan'
-	option proto 'igmp'
-	option family 'ipv4'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-DHCPv6'
-	option src 'wan'
-	option proto 'udp'
-	option dest_port '546'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-MLD'
-	option src 'wan'
-	option proto 'icmp'
-	option src_ip 'fe80::/10'
-	list icmp_type '130/0'
-	list icmp_type '131/0'
-	list icmp_type '132/0'
-	list icmp_type '143/0'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-ICMPv6-Input'
-	option src 'wan'
-	option proto 'icmp'
-	list icmp_type 'echo-request'
-	list icmp_type 'echo-reply'
-	list icmp_type 'destination-unreachable'
-	list icmp_type 'packet-too-big'
-	list icmp_type 'time-exceeded'
-	list icmp_type 'bad-header'
-	list icmp_type 'unknown-header-type'
-	list icmp_type 'router-solicitation'
-	list icmp_type 'neighbour-solicitation'
-	list icmp_type 'router-advertisement'
-	list icmp_type 'neighbour-advertisement'
-	option limit '1000/sec'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-ICMPv6-Forward'
-	option src 'wan'
-	option dest '*'
-	option proto 'icmp'
-	list icmp_type 'echo-request'
-	list icmp_type 'echo-reply'
-	list icmp_type 'destination-unreachable'
-	list icmp_type 'packet-too-big'
-	list icmp_type 'time-exceeded'
-	list icmp_type 'bad-header'
-	list icmp_type 'unknown-header-type'
-	option limit '1000/sec'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-IPSec-ESP'
-	option src 'wan'
-	option dest 'lan'
-	option proto 'esp'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-ISAKMP'
-	option src 'wan'
-	option dest 'lan'
-	option dest_port '500'
-	option proto 'udp'
-	option target 'ACCEPT'
-
-config redirect
-	option dest 'lan'
-	option target 'DNAT'
-	option name 'tf2'
-	option src 'wan'
-	option src_dport '37015'
-	option dest_ip '192.168.1.157'
-	option dest_port '37015'
-	option enabled '0'
-
diff --git a/ext/openwrt/turret/files/etc/config/https-dns-proxy b/ext/openwrt/turret/files/etc/config/https-dns-proxy
deleted file mode 100644
index 76e3c60..0000000
--- a/ext/openwrt/turret/files/etc/config/https-dns-proxy
+++ /dev/null
@@ -1,16 +0,0 @@
-
-config main 'config'
-	option dnsmasq_config_update '*'
-	list force_dns_port '53'
-	list force_dns_port '853'
-	option procd_trigger_wan6 '0'
-	option force_dns '0'
-
-config https-dns-proxy
-	option bootstrap_dns '1.1.1.1,1.0.0.1'
-	option resolver_url 'https://cloudflare-dns.com/dns-query'
-	option listen_addr '127.0.0.1'
-	option listen_port '5054'
-	option user 'nobody'
-	option group 'nogroup'
-
diff --git a/ext/openwrt/turret/files/etc/config/luci b/ext/openwrt/turret/files/etc/config/luci
deleted file mode 100644
index 8eb8a9b..0000000
--- a/ext/openwrt/turret/files/etc/config/luci
+++ /dev/null
@@ -1,41 +0,0 @@
-
-config core 'main'
-	option lang 'auto'
-	option mediaurlbase '/luci-static/bootstrap'
-	option resourcebase '/luci-static/resources'
-	option ubuspath '/ubus/'
-
-config extern 'flash_keep'
-	option uci '/etc/config/'
-	option dropbear '/etc/dropbear/'
-	option openvpn '/etc/openvpn/'
-	option passwd '/etc/passwd'
-	option opkg '/etc/opkg.conf'
-	option firewall '/etc/firewall.user'
-	option uploads '/lib/uci/upload/'
-
-config internal 'languages'
-
-config internal 'sauth'
-	option sessionpath '/tmp/luci-sessions'
-	option sessiontime '3600'
-
-config internal 'ccache'
-	option enable '1'
-
-config internal 'themes'
-	option Bootstrap '/luci-static/bootstrap'
-	option BootstrapDark '/luci-static/bootstrap-dark'
-	option BootstrapLight '/luci-static/bootstrap-light'
-
-config internal 'apply'
-	option rollback '90'
-	option holdoff '4'
-	option timeout '5'
-	option display '1.5'
-
-config internal 'diag'
-	option dns 'openwrt.org'
-	option ping 'openwrt.org'
-	option route 'openwrt.org'
-
diff --git a/ext/openwrt/turret/files/etc/config/network b/ext/openwrt/turret/files/etc/config/network
deleted file mode 100644
index cb24fec..0000000
--- a/ext/openwrt/turret/files/etc/config/network
+++ /dev/null
@@ -1,30 +0,0 @@
-
-config interface 'loopback'
-	option device 'lo'
-	option proto 'static'
-	option ipaddr '127.0.0.1'
-	option netmask '255.0.0.0'
-
-config globals 'globals'
-	option packet_steering '1'
-	option ula_prefix 'fd26:3166:dece::/48'
-
-config device
-	option name 'br-lan'
-	option type 'bridge'
-	list ports 'lan2'
-	list ports 'lan3'
-	list ports 'lan4'
-
-config interface 'lan'
-	option device 'br-lan'
-	option proto 'static'
-	option ipaddr '192.168.1.1'
-	option netmask '255.255.255.0'
-	option ip6assign '60'
-
-config interface 'wan'
-	option device 'lan1'
-	option proto 'dhcp'
-	option type 'bridge'
-
diff --git a/ext/openwrt/turret/files/etc/config/rpcd b/ext/openwrt/turret/files/etc/config/rpcd
deleted file mode 100644
index 176c643..0000000
--- a/ext/openwrt/turret/files/etc/config/rpcd
+++ /dev/null
@@ -1,10 +0,0 @@
-config rpcd
-	option socket /var/run/ubus/ubus.sock
-	option timeout 30
-
-config login
-	option username 'root'
-	option password '$p$root'
-	list read '*'
-	list write '*'
-
diff --git a/ext/openwrt/turret/files/etc/config/system b/ext/openwrt/turret/files/etc/config/system
deleted file mode 100644
index ee3415f..0000000
--- a/ext/openwrt/turret/files/etc/config/system
+++ /dev/null
@@ -1,16 +0,0 @@
-
-config system
-	option hostname 'turret'
-	option timezone 'UTC'
-	option ttylogin '0'
-	option log_size '64'
-	option urandom_seed '0'
-	option compat_version '1.1'
-
-config timeserver 'ntp'
-	option enabled '1'
-	option enable_server '0'
-	list server '0.openwrt.pool.ntp.org'
-	list server '1.openwrt.pool.ntp.org'
-	list server '2.openwrt.pool.ntp.org'
-	list server '3.openwrt.pool.ntp.org'
diff --git a/ext/openwrt/turret/files/etc/config/ucitrack b/ext/openwrt/turret/files/etc/config/ucitrack
deleted file mode 100644
index bb4cdbc..0000000
--- a/ext/openwrt/turret/files/etc/config/ucitrack
+++ /dev/null
@@ -1,56 +0,0 @@
-config network
-	option init network
-	list affects dhcp
-
-config wireless
-	list affects network
-
-config firewall
-	option init firewall
-	list affects luci-splash
-	list affects qos
-	list affects miniupnpd
-
-config olsr
-	option init olsrd
-
-config dhcp
-	option init dnsmasq
-	list affects odhcpd
-
-config odhcpd
-	option init odhcpd
-
-config dropbear
-	option init dropbear
-
-config httpd
-	option init httpd
-
-config fstab
-	option exec '/sbin/block mount'
-
-config qos
-	option init qos
-
-config system
-	option init led
-	option exec '/etc/init.d/log reload'
-	list affects luci_statistics
-	list affects dhcp
-
-config luci_splash
-	option init luci_splash
-
-config upnpd
-	option init miniupnpd
-
-config ntpclient
-	option init ntpclient
-
-config samba
-	option init samba
-
-config tinyproxy
-	option init tinyproxy
-
diff --git a/ext/openwrt/turret/files/etc/config/uhttpd b/ext/openwrt/turret/files/etc/config/uhttpd
deleted file mode 100644
index cb2ff71..0000000
--- a/ext/openwrt/turret/files/etc/config/uhttpd
+++ /dev/null
@@ -1,31 +0,0 @@
-
-config uhttpd 'main'
-	list listen_http '0.0.0.0:80'
-	list listen_http '[::]:80'
-	list listen_https '0.0.0.0:443'
-	list listen_https '[::]:443'
-	option redirect_https '0'
-	option home '/www'
-	option rfc1918_filter '1'
-	option max_requests '3'
-	option max_connections '100'
-	option cert '/etc/uhttpd.crt'
-	option key '/etc/uhttpd.key'
-	option cgi_prefix '/cgi-bin'
-	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
-	option script_timeout '60'
-	option network_timeout '30'
-	option http_keepalive '20'
-	option tcp_keepalive '1'
-	option ubus_prefix '/ubus'
-
-config cert 'defaults'
-	option days '730'
-	option key_type 'ec'
-	option bits '2048'
-	option ec_curve 'P-256'
-	option country 'ZZ'
-	option state 'Somewhere'
-	option location 'Unknown'
-	option commonname 'OpenWrt'
-
diff --git a/ext/openwrt/turret/files/etc/config/wireless b/ext/openwrt/turret/files/etc/config/wireless
deleted file mode 100644
index 115fc2c..0000000
--- a/ext/openwrt/turret/files/etc/config/wireless
+++ /dev/null
@@ -1,34 +0,0 @@
-
-config wifi-device 'radio0'
-	option type 'mac80211'
-	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
-	option band '2g'
-	option disabled '0'
-	option cell_density '0'
-	option htmode 'HT20'
-	option channel 'auto'
-
-config wifi-iface 'default_radio0'
-	option device 'radio0'
-	option mode 'ap'
-	option ssid 'Box-2.4G'
-	option encryption 'psk2'
-	option key 'REPLACEME'
-	option network 'lan wan'
-
-config wifi-device 'radio1'
-	option type 'mac80211'
-	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
-	option band '5g'
-	option disabled '0'
-	option cell_density '0'
-	option htmode 'VHT80'
-	option channel 'auto'
-
-config wifi-iface 'default_radio1'
-	option device 'radio1'
-	option mode 'ap'
-	option ssid 'Box-5G'
-	option key 'REPLACEME'
-	option encryption 'psk2'
-	option network 'lan wan'
diff --git a/ext/openwrt/turret/files/etc/dropbear/authorized_keys b/ext/openwrt/turret/files/etc/dropbear/authorized_keys
deleted file mode 100644
index 495c605..0000000
--- a/ext/openwrt/turret/files/etc/dropbear/authorized_keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERx0I8DKtALZ9VrYnY1iBEpwl2pBlRiS8oJQvZwpl5e seth@glados
author	seth <[email protected]>	2024-03-09 18:32:41 -0500
committer	seth <[email protected]>	2024-03-09 18:33:10 -0500
commit	cb951dba532fe4518da5dbf876096968afab0c9a (patch)
tree	ad6425aa4956a2add835469e4fcaee1e7423565e /ext
parent	c76dc8f7aeb99be22d2b256c12076a177f659321 (diff)