Add ah-ap-121 and bump version

.gitignore

@@ -1 +1,3 @@
-bin/
+generic/ath79/
+generic/x86/
+generic/mediatek/

base-debian/Containerfile

@@ -7,7 +7,7 @@ RUN --mount=type=cache,dst=/var/cache/apt/archives apt-get install --no-install-
 	ca-certificates \
 	git
 
-RUN git clone --depth='1' --branch='v23.05.0-rc4' https://git.openwrt.org/openwrt/openwrt.git /root/OpenWRT
+RUN git clone --depth='1' --branch='v23.05.2' https://git.openwrt.org/openwrt/openwrt.git /root/OpenWRT
 WORKDIR /root/OpenWRT
 
 RUN --mount=type=cache,dst=/var/cache/apt/archives apt-get install --no-install-recommends -y \

generic/Containerfile

@@ -1,4 +1,4 @@
-FROM localhost/openwrt-base:debian AS builder
+FROM localhost/openwrt-base:debian-23.05.2 AS builder
 
 ARG PLATFORM=x86
 ARG SUBTARGET=64
@@ -30,6 +30,7 @@ RUN --mount=type=cache,dst=/root/.ccache make -j$(nproc) \
 	toolchain/compile
 
 ADD config /run/config
+ADD files/ files/
 RUN cat /run/target.config /run/config >> .config
 RUN make defconfig
 

generic/Makefile

@@ -1,6 +1,7 @@
 .DEFAULT_GOAL: all
 
 TARGETS := \
+	ath79/nand/aerohive_hiveap-121 \
 	ath79/generic/ubnt_unifiac-pro \
 	mediatek/filogic/bananapi_bpi-r3 \
 	mediatek/mt7622/ubnt_unifi-6-lr-v1 \
@@ -9,7 +10,7 @@ TARGETS := \
 
 all: $(TARGETS)
 
-$(TARGETS): Containerfile config
+$(TARGETS): files/ Containerfile config
 	buildah build \
 		--layers=true \
 		--network=host \

generic/config

@@ -7,7 +7,7 @@ CONFIG_LUCI_LANG_de=y
 CONFIG_PACKAGE_luci-mod-dashboard=y
 CONFIG_PACKAGE_luci-mod-network=y
 CONFIG_PACKAGE_luci-mod-status=y
-CONFIG_PACKAGE_luci-theme-openwrt-2020=y
+CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # Protocol support
 CONFIG_PACKAGE_luci-proto-ipv6=y
@@ -17,10 +17,20 @@ CONFIG_PACKAGE_luci-proto-relay=y
 # Application support
 CONFIG_PACKAGE_luci-app-wireguard=y
 CONFIG_PACKAGE_luci-app-firewall=y
+CONFIG_PACKAGE_luci-app-wol=y
 
-# Misc
+# Monitoring
 CONFIG_PACKAGE_zabbix-agentd=y
 
+# Used for certificate generation and usage
+CONFIG_PACKAGE_openssl-util=y
+
+# Prometheus requires libubus-lua to work as it tries all modules anyways
+CONFIG_PACKAGE_prometheus-node-exporter-lua=y
+CONFIG_PACKAGE_prometheus-node-exporter-lua-hostapd_stations=y
+CONFIG_PACKAGE_prometheus-node-exporter-lua-openwrt=y
+CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi=y
+
 # ZRAM
 CONFIG_PROCD_ZRAM_TMPFS=y
 CONFIG_PACKAGE_kmod-zram=m

generic/files/etc/uci-defaults/00-configsync-prime

@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+printf '%s\n\t%s\n' "package configsync" "config configdata 'configdata'" | uci import
+echo "* * * * * /usr/bin/configsync" >> /etc/crontabs/root
+
+uci rename 'firewall.@zone[0]'=lan
+uci delete 'firewall.lan.network'
+uci add_list 'firewall.lan.network'=iface_lan
+
+uci rename 'network.lan'=iface_lan
+
+uci rename 'network.@device[0]'=br_lan
+
+uci rename 'wireless.radio0'=radio24
+uci rename 'wireless.default_radio0'=iface_radio24
+
+uci rename 'wireless.radio1'=radio5
+uci rename 'wireless.default_radio1'=iface_radio5
+
+while uci -q delete 'dhcp.@dhcp[0]'; do :; done # Delete any DHCP configuration on initial setup

generic/files/etc/uci-defaults/90-sshkeys

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+mkdir -vp /root/.ssh
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvF6ftc49bcvQTmfmB6ulukduJfaykFdLnayXta5y+p alexd/2023-10-12" >> /root/.ssh/authorized_keys

generic/files/usr/bin/configsync

@@ -0,0 +1,90 @@
+#!/bin/sh
+set -x
+
+CONFDIR="$(mktemp -p /tmp -d "configsync.XXXXXXXXX")" || return 1
+CFGPATH="$CONFDIR/config"
+CSUMPATH="$CONFDIR/checksum"
+ROLLBACKPATH="/etc/uci-defaults/00-rollback-config"
+CONFIGSAVE="configsync.configdata"
+TIMEOUT="10"
+
+deps() {
+	# Check that everything is present
+	for bin in sha256sum rm rmdir wget printf chmod cat uci; do
+		which "$bin" >/dev/null 2>&1 || return 1
+	done
+}
+
+cleanup() {
+	rm -v "$CFGPATH" "$CSUMPATH"
+	rmdir "$CONFDIR"
+}
+
+fetch() {
+	local dl=1
+	for endpoint in $(uci get "$CONFIGSAVE".endpoints); do
+		wget -T "$TIMEOUT" "$endpoint/config" -O "$CFGPATH" || continue
+		wget -T "$TIMEOUT" "$endpoint/checksum" -O "$CSUMPATH" || continue
+		dl=0
+		break
+	done
+	return $dl
+}
+
+verify() {
+	if [ -r "$CFGPATH" ] && [ -r "$CSUMPATH" ]; then
+		local cfgcsum="$(sha256sum "$CFGPATH" | cut -d' ' -f1)"
+		local expcsum="$(cat "$CSUMPATH")"
+		local badcsum="$(uci -q get "$CONFIGSAVE".lastbadcsum)"
+		if [ "$cfgcsum" != "$expcsum" ]; then
+			echo "sha256 checksum mismatched, discarding" >&2
+			return 1
+		fi
+		if [ "$expcsum" == "$badcsum" ]; then
+			echo "known bad config, discarding" >&2
+			return 1
+		fi
+		uci set "$CONFIGSAVE".currentcsum="$(cat "$CSUMPATH")"
+	fi
+}
+
+exp_cfg() {
+	# Export config for rollback
+	EXPORT="$(uci export)" || return
+	printf '%s\n%s\n%s\n%s\n%s\n' \
+		'#!/bin/sh' \
+		'uci import <<EOF' \
+		"$EXPORT" \
+		'EOF' \
+		'reload_config' > "$ROLLBACKPATH"
+	chmod +x "$ROLLBACKPATH"
+}
+
+run_cfg() {
+	chmod +x "$CFGPATH"
+	"$CFGPATH"
+}
+
+rollback() {
+	# Mark current checksum as bad
+	uci set "$CONFIGSAVE".lastbadcsum="$(uci -q get "$CONFIGSAVE".currentcsum)"
+
+	# Rollback if config commit has been attempted
+	[ -x "$ROLLBACKPATH" ] && "$ROLLBACKPATH" && echo "Rolled back last known working config" >&2
+}
+
+ret=0
+if deps; then
+	if fetch; then
+		if ! (verify && exp_cfg && run_cfg); then
+			ret=1
+		fi
+	else
+		rollback
+	fi
+else
+	ret=1
+fi
+
+cleanup
+return $ret