Add ah-ap-121 and bump version

2023-11-28 08:54:28 +00:00 · 2023-11-28 08:54:28 +00:00 · 5402e7ce24
parent c55cf88cf9
commit 5402e7ce24
8 changed files with 135 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
-bin/
+generic/ath79/
 generic/x86/
 generic/mediatek/
--- a/base-debian/Containerfile
+++ b/base-debian/Containerfile
@ -7,7 +7,7 @@ RUN --mount=type=cache,dst=/var/cache/apt/archives apt-get install --no-install-
 	ca-certificates \
 	git
-RUN git clone --depth='1' --branch='v23.05.0-rc4' https://git.openwrt.org/openwrt/openwrt.git /root/OpenWRT
+RUN git clone --depth='1' --branch='v23.05.2' https://git.openwrt.org/openwrt/openwrt.git /root/OpenWRT
 WORKDIR /root/OpenWRT
 RUN --mount=type=cache,dst=/var/cache/apt/archives apt-get install --no-install-recommends -y \
--- a/generic/Containerfile
+++ b/generic/Containerfile
@ -1,4 +1,4 @@
-FROM localhost/openwrt-base:debian AS builder
+FROM localhost/openwrt-base:debian-23.05.2 AS builder
 ARG PLATFORM=x86
 ARG SUBTARGET=64
@ -30,6 +30,7 @@ RUN --mount=type=cache,dst=/root/.ccache make -j$(nproc) \
 	toolchain/compile
 ADD config /run/config
 ADD files/ files/
 RUN cat /run/target.config /run/config >> .config
 RUN make defconfig
--- a/generic/Makefile
+++ b/generic/Makefile
@ -1,6 +1,7 @@
 .DEFAULT_GOAL: all
 TARGETS := \
 	ath79/nand/aerohive_hiveap-121 \
 	ath79/generic/ubnt_unifiac-pro \
 	mediatek/filogic/bananapi_bpi-r3 \
 	mediatek/mt7622/ubnt_unifi-6-lr-v1 \
@ -9,7 +10,7 @@ TARGETS := \
 all: $(TARGETS)
-$(TARGETS): Containerfile config
+$(TARGETS): files/ Containerfile config
 	buildah build \
 		--layers=true \
 		--network=host \
--- a/generic/config
+++ b/generic/config
@ -7,7 +7,7 @@ CONFIG_LUCI_LANG_de=y
 CONFIG_PACKAGE_luci-mod-dashboard=y
 CONFIG_PACKAGE_luci-mod-network=y
 CONFIG_PACKAGE_luci-mod-status=y
-CONFIG_PACKAGE_luci-theme-openwrt-2020=y
+CONFIG_PACKAGE_luci-theme-bootstrap=y
 # Protocol support
 CONFIG_PACKAGE_luci-proto-ipv6=y
@ -17,10 +17,20 @@ CONFIG_PACKAGE_luci-proto-relay=y
 # Application support
 CONFIG_PACKAGE_luci-app-wireguard=y
 CONFIG_PACKAGE_luci-app-firewall=y
 CONFIG_PACKAGE_luci-app-wol=y
-# Misc
+# Monitoring
 CONFIG_PACKAGE_zabbix-agentd=y
 # Used for certificate generation and usage
 CONFIG_PACKAGE_openssl-util=y
 # Prometheus requires libubus-lua to work as it tries all modules anyways
 CONFIG_PACKAGE_prometheus-node-exporter-lua=y
 CONFIG_PACKAGE_prometheus-node-exporter-lua-hostapd_stations=y
 CONFIG_PACKAGE_prometheus-node-exporter-lua-openwrt=y
 CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi=y
 # ZRAM
 CONFIG_PROCD_ZRAM_TMPFS=y
 CONFIG_PACKAGE_kmod-zram=m
--- a/generic/files/etc/uci-defaults/00-configsync-prime
+++ b/generic/files/etc/uci-defaults/00-configsync-prime
@ -0,0 +1,21 @@
 #!/bin/sh
 set -e
 printf '%s\n\t%s\n' "package configsync" "config configdata 'configdata'" | uci import
 echo "* * * * * /usr/bin/configsync" >> /etc/crontabs/root
 uci rename 'firewall.@zone[0]'=lan
 uci delete 'firewall.lan.network'
 uci add_list 'firewall.lan.network'=iface_lan
 uci rename 'network.lan'=iface_lan
 uci rename 'network.@device[0]'=br_lan
 uci rename 'wireless.radio0'=radio24
 uci rename 'wireless.default_radio0'=iface_radio24
 uci rename 'wireless.radio1'=radio5
 uci rename 'wireless.default_radio1'=iface_radio5
 while uci -q delete 'dhcp.@dhcp[0]'; do :; done # Delete any DHCP configuration on initial setup
--- a/generic/files/etc/uci-defaults/90-sshkeys
+++ b/generic/files/etc/uci-defaults/90-sshkeys
@ -0,0 +1,4 @@
 #!/bin/sh
 mkdir -vp /root/.ssh
 echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvF6ftc49bcvQTmfmB6ulukduJfaykFdLnayXta5y+p alexd/2023-10-12" >> /root/.ssh/authorized_keys
--- a/generic/files/usr/bin/configsync
+++ b/generic/files/usr/bin/configsync
@ -0,0 +1,90 @@
 #!/bin/sh
 set -x
 CONFDIR="$(mktemp -p /tmp -d "configsync.XXXXXXXXX")" || return 1
 CFGPATH="$CONFDIR/config"
 CSUMPATH="$CONFDIR/checksum"
 ROLLBACKPATH="/etc/uci-defaults/00-rollback-config"
 CONFIGSAVE="configsync.configdata"
 TIMEOUT="10"
 deps() {
 	# Check that everything is present
 	for bin in sha256sum rm rmdir wget printf chmod cat uci; do
 		which "$bin" >/dev/null 2>&1 || return 1
 	done
 }
 cleanup() {
 	rm -v "$CFGPATH" "$CSUMPATH"
 	rmdir "$CONFDIR"
 }
 fetch() {
 	local dl=1
 	for endpoint in $(uci get "$CONFIGSAVE".endpoints); do
 		wget -T "$TIMEOUT" "$endpoint/config" -O "$CFGPATH" || continue
 		wget -T "$TIMEOUT" "$endpoint/checksum" -O "$CSUMPATH" || continue
 		dl=0
 		break
 	done
 	return $dl
 }
 verify() {
 	if [ -r "$CFGPATH" ] && [ -r "$CSUMPATH" ]; then
 		local cfgcsum="$(sha256sum "$CFGPATH" | cut -d' ' -f1)"
 		local expcsum="$(cat "$CSUMPATH")"
 		local badcsum="$(uci -q get "$CONFIGSAVE".lastbadcsum)"
 		if [ "$cfgcsum" != "$expcsum" ]; then
 			echo "sha256 checksum mismatched, discarding" >&2
 			return 1
 		fi
 		if [ "$expcsum" == "$badcsum" ]; then
 			echo "known bad config, discarding" >&2
 			return 1
 		fi
 		uci set "$CONFIGSAVE".currentcsum="$(cat "$CSUMPATH")"
 	fi
 }
 exp_cfg() {
 	# Export config for rollback
 	EXPORT="$(uci export)" || return
 	printf '%s\n%s\n%s\n%s\n%s\n' \
 		'#!/bin/sh' \
 		'uci import <<EOF' \
 		"$EXPORT" \
 		'EOF' \
 		'reload_config' > "$ROLLBACKPATH"
 	chmod +x "$ROLLBACKPATH"
 }
 run_cfg() {
 	chmod +x "$CFGPATH"
 	"$CFGPATH"
 }
 rollback() {
 	# Mark current checksum as bad
 	uci set "$CONFIGSAVE".lastbadcsum="$(uci -q get "$CONFIGSAVE".currentcsum)"
 	# Rollback if config commit has been attempted
 	[ -x "$ROLLBACKPATH" ] && "$ROLLBACKPATH" && echo "Rolled back last known working config" >&2
 }
 ret=0
 if deps; then
 	if fetch; then
 		if ! (verify && exp_cfg && run_cfg); then
 			ret=1
 		fi
 	else
 		rollback
 	fi
 else
 	ret=1
 fi
 cleanup
 return $ret