├── hosts ├── roles ├── factory │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── build-config │ ├── templates │ │ ├── customfeeds.conf.j2 │ │ ├── aclite-network.j2 │ │ ├── althea-firmware-release.j2 │ │ ├── ea6350v3-network.j2 │ │ ├── nanopi-r2c-network.j2 │ │ ├── nanopi-r2s-network.j2 │ │ ├── pi2-network.j2 │ │ ├── pi3-64-network.j2 │ │ ├── pi4-64-network.j2 │ │ ├── edgerouterlite-network.j2 │ │ ├── glb1300-network.j2 │ │ ├── gl-mt6000-network.j2 │ │ ├── linksys_whw03-network.j2 │ │ ├── linksys_whw03v2-network.j2 │ │ ├── cudy_wr2100-network.j2 │ │ ├── linksys_e5600-network.j2 │ │ ├── mikrotik_hap-ac2-network.j2 │ │ ├── mikrotik_hap-ac3-network.j2 │ │ ├── netgear_ex6100v2-network.j2 │ │ ├── tplinka6v3-network.j2 │ │ ├── ea7300v1-network.j2 │ │ ├── ea7300v2-network.j2 │ │ ├── ea7500v2-network.j2 │ │ ├── wrt1900ac-network.j2 │ │ ├── dl-wrtx36-network.j2 │ │ ├── wrt1900acs-network.j2 │ │ ├── wrt3200acm-network.j2 │ │ ├── wrt32x-network.j2 │ │ ├── dropbear.j2 │ │ ├── ea8300-network.j2 │ │ ├── mr8300-network.j2 │ │ ├── x86_64-exit-network.j2 │ │ ├── espressobin-ultra-network.j2 │ │ ├── pi2-wireless.j2 │ │ ├── pi3-64-wireless.j2 │ │ ├── pi3-wireless.j2 │ │ ├── pi4-64-wireless.j2 │ │ ├── aircube-wireless.j2 │ │ ├── netgear_r7800-network.j2 │ │ ├── pi3-network.j2 │ │ ├── aircube-network.j2 │ │ ├── rc.button.j2 │ │ ├── x86-network.j2 │ │ ├── x86-exit-network.j2 │ │ ├── n750-network.j2 │ │ ├── edgerouterx-network.j2 │ │ ├── ubnt_edgerouter-4-network.j2 │ │ ├── x86_64-network.j2 │ │ ├── edgerouterx-sfp-network.j2 │ │ ├── erx-sfp-poe.sh.j2 │ │ ├── mikrotik_routerboard-750gr3-network.j2 │ │ ├── mikrotik_routerboard-760igs-network.j2 │ │ ├── ea6350v3-wireless.j2 │ │ ├── mikrotik_hap-ac2-wireless.j2 │ │ ├── mikrotik_hap-ac3-wireless.j2 │ │ ├── netgear_ex6100v2-wireless.j2 │ │ ├── mikrotik_hap-ac3-exit-wireless.j2 │ │ ├── ea7300v1-wireless.j2 │ │ ├── ea7300v2-wireless.j2 │ │ ├── ea7500v2-wireless.j2 │ │ ├── dl-wrtx36-wireless.j2 │ │ ├── n750-wireless.j2 │ │ ├── aclite-wireless.j2 │ │ ├── glb1300-wireless.j2 │ │ ├── tplinkc7v2-wireless.j2 │ │ ├── glb1300-exit-wireless.j2 │ │ ├── babeld.j2 │ │ ├── gl-mt6000-wireless.j2 │ │ ├── gl-mt6000-exit-wireless.j2 │ │ ├── wrt1900acs-wireless.j2 │ │ ├── tplinka6v3-wireless.j2 │ │ ├── cudy_wr2100-wireless.j2 │ │ ├── linksys_e5600-wireless.j2 │ │ ├── netgear_r7800-wireless.j2 │ │ ├── wrt1900ac-wireless.j2 │ │ ├── tplinkc7v2-network.j2 │ │ ├── gl-mt6000-exit-network.j2 │ │ ├── glb1300-exit-network.j2 │ │ ├── mikrotik_hap-ac3-exit-network.j2 │ │ ├── ea8300-wireless.j2 │ │ ├── mr8300-wireless.j2 │ │ ├── wrt3200acm-wireless.j2 │ │ ├── wrt32x-wireless.j2 │ │ ├── rita_exit.toml.j2 │ │ ├── rita.toml.j2 │ │ ├── linksys_whw03v2-wireless.j2 │ │ ├── linksys_whw03-wireless.j2 │ │ └── firewall.j2 │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── build-extender-config │ ├── templates │ │ ├── customfeeds.conf.j2 │ │ ├── glb1300-extender-network.j2 │ │ ├── firewall.j2 │ │ ├── dropbear.j2 │ │ ├── mikrotik_hap-ac2-extender-network.j2 │ │ ├── mikrotik_hap-ac2-extender-wireless.j2 │ │ └── glb1300-extender-wireless.j2 │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── build │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── prepare-sources │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── prepare-config │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── upgrade │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml └── check-deps │ ├── tasks │ └── main.yml │ └── defaults │ └── main.yml ├── profiles ├── management │ ├── althea-packages.yml │ ├── althea-dev.yml │ ├── althea-release.yml │ └── hawk-managed.yml ├── devices │ ├── pi2.yml │ ├── edgerouterlite.yml │ ├── aclite.yml │ ├── nanopi-r2s.yml │ ├── pi3-64.yml │ ├── gl-mt6000.yml │ ├── espressobin-ultra.yml │ ├── aircubeISP.yml │ ├── edgerouterx.yml │ ├── glb1300.yml │ ├── pi4-64.yml │ ├── ubnt_edgerouter-4.yml │ ├── edgerouterx-sfp.yml │ ├── ea7300v1.yml │ ├── ea7300v2.yml │ ├── ea7500v2.yml │ ├── dl-wrtx36.yml │ ├── mikrotik_routerboard-750gr3.yml │ ├── netgear_r7800.yml │ ├── ea6350v3.yml │ ├── tplinkc7v2.yml │ ├── mikrotik_routerboard-760igs.yml │ ├── wrt32x.yml │ ├── nanopi-r2c.yml │ ├── glb1300-extender.yml │ ├── wrt1900ac.yml │ ├── wrt3200acm.yml │ ├── wrt1900acs.yml │ ├── cudy_wr2100.yml │ ├── linksys_e5600.yml │ ├── n750.yml │ ├── tplinka6v3.yml │ ├── netgear_ex6100v2.yml │ ├── mikrotik_hap-ac2-extender.yml │ ├── x86.yml │ ├── ea8300.yml │ ├── linksys-whw03v2.yml │ ├── mr8300.yml │ ├── linksys-whw03.yml │ ├── mikrotik_hap-ac2.yml │ ├── mikrotik_hap-ac3.yml │ └── x86_64.yml └── exit │ ├── glb1300.yml │ ├── gl-mt6000.yml │ ├── mikrotik_hap-ac3.yml │ └── x86_64.yml ├── firmware-root └── etc │ ├── opkg │ └── keys │ │ ├── a4f10321b64cd4d0 │ │ └── d0c48aa656b025d9 │ ├── sysupgrade.conf │ ├── hosts │ ├── sysctl.conf │ ├── resolv.conf │ ├── banner │ ├── uci-defaults │ └── 99-set-r2s-macaddr │ └── config │ └── dhcp ├── first-time-setup.yml ├── ansible.cfg ├── .gitignore ├── config ├── glb1300-extender ├── mikrotik_hap-ac2-extender ├── mikrotik_hap-ac2 ├── netgear_ex6100v2 ├── n750 ├── aircube ├── edgerouterlite ├── pi2 ├── aclite ├── linksys_e5600 ├── tplinkc7v2 ├── cudy_wr2100 ├── ea7300v1 ├── ea7300v2 ├── ea7500v2 ├── ea8300 ├── glb1300 ├── glb1300-exit ├── mr8300 ├── tplinka6v3 ├── ea6350v3 ├── netgear_r7800 ├── wrt1900ac ├── wrt1900acs ├── nanopi-r2c ├── mikrotik_routerboard-750gr3 ├── mikrotik_routerboard-760igs ├── pi4-64 ├── wrt32x ├── edgerouterx ├── wrt3200acm ├── edgerouterx-sfp ├── nanopi-r2s ├── espressobin-ultra ├── pi3-64 ├── ubnt_edgerouter-4 ├── linksys_whw03v2 ├── linksys_whw03 ├── mikrotik_hap-ac3 ├── dl-wrtx36 ├── x86_64-exit ├── gl-mt6000 ├── gl-mt6000-exit └── mikrotik_hap-ac3-exit ├── scripts ├── build-extender.sh ├── upload-rc.sh ├── build-exit-managed.sh ├── flash_mikrotik_tftp.sh ├── build-managed-release.sh ├── build-default-release.sh └── virtualbox │ └── setupVms.sh ├── firmware-build.yml ├── requirements.yaml ├── .ansible-lint ├── .travis.yml └── .github └── workflows └── ansible-lint.yml /hosts: -------------------------------------------------------------------------------- 1 | [routers] 2 | 192.168.1.1 3 | -------------------------------------------------------------------------------- /roles/factory/defaults/main.yml: -------------------------------------------------------------------------------- 1 | source_dir: build/ 2 | router_ip: 192.168.1.1 3 | -------------------------------------------------------------------------------- /profiles/management/althea-packages.yml: -------------------------------------------------------------------------------- 1 | # do not copy images when building packages 2 | 3 | copy_images: false 4 | 5 | -------------------------------------------------------------------------------- /firmware-root/etc/opkg/keys/a4f10321b64cd4d0: -------------------------------------------------------------------------------- 1 | Althea build key 2 | RWSk8QMhtkzU0FOLdJmg3eShUIaCNRxhyRafAclw0hhGQBapN6KpJdyv 3 | -------------------------------------------------------------------------------- /roles/build-config/templates/customfeeds.conf.j2: -------------------------------------------------------------------------------- 1 | src/gz althea https://updates.altheamesh.com/{{release_feed}}packages/{{package_id}}/althea 2 | -------------------------------------------------------------------------------- /roles/build-extender-config/templates/customfeeds.conf.j2: -------------------------------------------------------------------------------- 1 | src/gz althea https://updates.altheamesh.com/{{release_feed}}packages/{{package_id}}/althea 2 | -------------------------------------------------------------------------------- /roles/build/defaults/main.yml: -------------------------------------------------------------------------------- 1 | source_dir: build/ 2 | ci: false 3 | supported: false 4 | copy_images: false 5 | image_prefix: "" 6 | rita_type: "client" -------------------------------------------------------------------------------- /roles/prepare-sources/defaults/main.yml: -------------------------------------------------------------------------------- 1 | repo: https://github.com/openwrt/openwrt 2 | version: v23.05.6 3 | source_dir: build/ 4 | apply_patches: true 5 | -------------------------------------------------------------------------------- /firmware-root/etc/opkg/keys/d0c48aa656b025d9: -------------------------------------------------------------------------------- 1 | untrusted comment: Althea Package Signing Key 2 | RWTQxIqmVrAl2XvKGniuqtx9Kzucm/XgmPJxbEj9tJrycFYGJpzJwEPO 3 | -------------------------------------------------------------------------------- /first-time-setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # A playbook to install OpenWRT build deps 3 | 4 | - hosts: 127.0.0.1 5 | connection: local 6 | roles: 7 | - check-deps 8 | -------------------------------------------------------------------------------- /roles/prepare-config/defaults/main.yml: -------------------------------------------------------------------------------- 1 | source_dir: build/ 2 | feeds_list: 3 | - "src-git althea https://github.com/althea-net/althea-packages.git" 4 | conf_to_build: ea6350v3 5 | -------------------------------------------------------------------------------- /roles/upgrade/defaults/main.yml: -------------------------------------------------------------------------------- 1 | source_dir: build/ 2 | router_ip: 192.168.10.1 3 | squashfs: "squashfs-" 4 | ssh_args: '-o "UserKnownHostsFile /dev/null" -o "StrictHostKeyChecking no"' 5 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | remote_tmp = /tmp/.ansible/ 3 | [ssh_connection] 4 | host_key_checking = False 5 | pipelining = True 6 | ssh_args = -o ControlMaster=auto -o ControlPersist=60s 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | *.txt 3 | secrets/* 4 | build/ 5 | scripts/virtualbox/vboxDisks/* 6 | images-archive/ 7 | completed-images/ 8 | 9 | workspace.code-workspace 10 | 11 | internal 12 | ansible -------------------------------------------------------------------------------- /config/glb1300-extender: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_glinet_gl-b1300=y 4 | CONFIG_PACKAGE_rita-extender=y 5 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /roles/build-config/templates/aclite-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | config interface 'rita_eth0' 5 | option ifname 'eth0' 6 | option proto 'static' 7 | -------------------------------------------------------------------------------- /scripts/build-extender.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eux 3 | cd $(dirname $0)/.. 4 | 5 | ansible-playbook -e @profiles/devices/mikrotik_hap-ac2-extender.yml -e @profiles/management/althea-managed.yml build-extender.yml 6 | -------------------------------------------------------------------------------- /roles/build-config/templates/althea-firmware-release.j2: -------------------------------------------------------------------------------- 1 | # Althea firmware release version and details 2 | upstream_commit_hash: {{source_version.after}} 3 | firmware_build_date: {{ ansible_date_time.date }} 4 | device: {{device}} 5 | -------------------------------------------------------------------------------- /firmware-build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # A playbook to build Althea firmware 3 | 4 | - hosts: 127.0.0.1 5 | connection: local 6 | roles: 7 | - prepare-sources 8 | - prepare-config 9 | - build-config 10 | - build 11 | -------------------------------------------------------------------------------- /firmware-root/etc/sysupgrade.conf: -------------------------------------------------------------------------------- 1 | # files here will be added to the config files kept during a normal sysupgrade (without the -n option) 2 | # do "sysupgrade -l" to check 3 | /etc/rita.toml 4 | /etc/rita-debts.json 5 | /etc/rita-usage-tracker.json 6 | -------------------------------------------------------------------------------- /config/mikrotik_hap-ac2-extender: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_mikrotik=y 3 | CONFIG_TARGET_ipq40xx_mikrotik_DEVICE_mikrotik_hap-ac2=y 4 | CONFIG_PACKAGE_rita-extender=y 5 | CONFIG_PACKAGE_althea-tools=y 6 | CONFIG_PACKAGE_althea-usb=y -------------------------------------------------------------------------------- /firmware-root/etc/hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 localhost 2 | 3 | ::1 localhost ip6-localhost ip6-loopback 4 | ff02::1 ip6-allnodes 5 | ff02::2 ip6-allrouters 6 | 7 | 192.168.10.1 althearouter.net 8 | 192.168.10.1 althearouter 9 | 192.168.10.1 althea 10 | -------------------------------------------------------------------------------- /config/mikrotik_hap-ac2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_mikrotik=y 3 | CONFIG_TARGET_ipq40xx_mikrotik_DEVICE_mikrotik_hap-ac2=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-rust-binaries=y 7 | CONFIG_PACKAGE_althea-dash=y 8 | -------------------------------------------------------------------------------- /config/netgear_ex6100v2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_netgear_ex6100v2=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | -------------------------------------------------------------------------------- /config/n750: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ath79=y 2 | CONFIG_TARGET_ath79_generic=y 3 | CONFIG_TARGET_ath79_generic_DEVICE_wd_mynet-n750=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /roles/build-config/templates/ea6350v3-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/nanopi-r2c-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/nanopi-r2s-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/pi2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/pi3-64-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/pi4-64-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /config/aircube: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ath79=y 2 | CONFIG_TARGET_ath79_generic=y 3 | CONFIG_TARGET_ath79_generic_DEVICE_ubnt_acb-isp=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /config/edgerouterlite: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_octeon=y 2 | CONFIG_TARGET_octeon_DEVICE_erlite=y 3 | CONFIG_TARGET_BOARD="octeon" 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/pi2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_brcm2708=y 2 | CONFIG_TARGET_brcm2708_bcm2709=y 3 | CONFIG_TARGET_brcm2708_bcm2709_DEVICE_rpi-2=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/edgerouterlite-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/glb1300-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /config/aclite: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ar71xx=y 2 | CONFIG_TARGET_ar71xx_generic=y 3 | CONFIG_TARGET_ar71xx_generic_DEVICE_ubnt-unifiac-lite=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /config/linksys_e5600: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_linksys_e5600=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /config/tplinkc7v2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ar71xx=y 2 | CONFIG_TARGET_ar71xx_generic=y 3 | CONFIG_TARGET_ar71xx_generic_DEVICE_archer-c7-v2=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /firmware-root/etc/sysctl.conf: -------------------------------------------------------------------------------- 1 | # Defaults are configured in /etc/sysctl.d/* and can be customized in this file 2 | net.netfilter.nf_conntrack_max=65536 3 | fs.file-max=65536 4 | net.ipv6.neigh.default.gc_thresh3 = 4096 5 | net.ipv6.neigh.default.gc_thresh2 = 2048 6 | net.ipv6.neigh.default.gc_thresh1 = 1024 7 | -------------------------------------------------------------------------------- /roles/build-config/templates/gl-mt6000-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/linksys_whw03-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/linksys_whw03v2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /config/cudy_wr2100: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_cudy_wr2100=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/ea7300v1: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_linksys_ea7300-v1=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/ea7300v2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_linksys_ea7300-v2=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/ea7500v2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_linksys_ea7500-v2=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/ea8300: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_linksys_ea8300=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/glb1300: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_glinet_gl-b1300=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /config/glb1300-exit: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_glinet_gl-b1300=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_rita-exit=y 7 | CONFIG_PACKAGE_rita-exit-dash=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/mr8300: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_linksys_mr8300=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/tplinka6v3: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_tplink_archer-a6-v3=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /profiles/devices/pi2.yml: -------------------------------------------------------------------------------- 1 | # Also supports pi3 2 | conf_to_build: pi2 3 | device: "rpi-2" 4 | package_id: arm_cortex-a7_neon-vfpv4/ 5 | supported: false 6 | 7 | channel: 11 8 | 9 | listen_interfaces: 10 | - eth0 11 | 12 | lan_interfaces: "wlan0" 13 | 14 | rust_target: armv7-unknown-linux-musleabihf 15 | -------------------------------------------------------------------------------- /roles/build-config/templates/cudy_wr2100-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/linksys_e5600-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_hap-ac2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_hap-ac3-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /roles/build-config/templates/netgear_ex6100v2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /config/ea6350v3: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_linksys_ea6350v3=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/netgear_r7800: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq806x=y 2 | CONFIG_TARGET_ipq806x_generic=y 3 | CONFIG_TARGET_ipq806x_generic_DEVICE_netgear_r7800=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/wrt1900ac: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mvebu=y 2 | CONFIG_TARGET_mvebu_cortexa9=y 3 | CONFIG_TARGET_mvebu_cortexa9_DEVICE_linksys_wrt1900ac-v1=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/wrt1900acs: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mvebu=y 2 | CONFIG_TARGET_mvebu_cortexa9=y 3 | CONFIG_TARGET_mvebu_cortexa9_DEVICE_linksys_wrt1900acs=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/nanopi-r2c: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_rockchip=y 2 | CONFIG_TARGET_rockchip_armv8=y 3 | CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r2s=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /roles/build-config/templates/tplinka6v3-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | 11 | -------------------------------------------------------------------------------- /config/mikrotik_routerboard-750gr3: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_mikrotik_routerboard-750gr3=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y -------------------------------------------------------------------------------- /config/mikrotik_routerboard-760igs: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_mikrotik_routerboard-760igs=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | -------------------------------------------------------------------------------- /config/pi4-64: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_bcm27xx=y 2 | CONFIG_TARGET_bcm27xx_bcm2711=y 3 | CONFIG_TARGET_bcm27xx_bcm2711_DEVICE_rpi-4=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /scripts/upload-rc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eux 3 | cd $(dirname $0)/.. 4 | export SERVER=updates 5 | export HTTP_DIR=/usr/share/nginx/html/ 6 | 7 | # run this after running either build managed or build default release with a package 8 | # signing key in the folder 9 | 10 | rsync -ahz --delete build/bin/packages $SERVER:$HTTP_DIR/rc/ 11 | -------------------------------------------------------------------------------- /config/wrt32x: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mvebu=y 2 | CONFIG_TARGET_mvebu_cortexa9=y 3 | CONFIG_TARGET_mvebu_cortexa9_DEVICE_linksys_wrt32x=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /roles/build-config/templates/ea7300v1-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option packet_steering '1' 3 | option ula_prefix 'auto' 4 | 5 | {% for interface in listen_interfaces %} 6 | config interface 'rita_{{interface | replace(".","")}}' 7 | option ifname {{interface}} 8 | option proto static 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /roles/build-config/templates/ea7300v2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option packet_steering '1' 3 | option ula_prefix 'auto' 4 | 5 | {% for interface in listen_interfaces %} 6 | config interface 'rita_{{interface | replace(".","")}}' 7 | option ifname {{interface}} 8 | option proto static 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /roles/build-config/templates/ea7500v2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option packet_steering '1' 3 | option ula_prefix 'auto' 4 | 5 | {% for interface in listen_interfaces %} 6 | config interface 'rita_{{interface | replace(".","")}}' 7 | option ifname {{interface}} 8 | option proto static 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /config/edgerouterx: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_ubnt_edgerouter-x=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /config/wrt3200acm: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mvebu=y 2 | CONFIG_TARGET_mvebu_cortexa9=y 3 | CONFIG_TARGET_mvebu_cortexa9_DEVICE_linksys_wrt3200acm=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /config/edgerouterx-sfp: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ramips=y 2 | CONFIG_TARGET_ramips_mt7621=y 3 | CONFIG_TARGET_ramips_mt7621_DEVICE_ubnt_edgerouter-x-sfp=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /config/nanopi-r2s: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_rockchip=y 2 | CONFIG_TARGET_rockchip_armv8=y 3 | CONFIG_TARGET_rockchip_armv8_DEVICE_friendlyarm_nanopi-r2s=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /config/espressobin-ultra: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mvebu=y 2 | CONFIG_TARGET_mvebu_cortexa53=y 3 | CONFIG_TARGET_mvebu_cortexa53_DEVICE_globalscale_espressobin-ultra=y 4 | CONFIG_PACKAGE_althea-babeld=y 5 | CONFIG_PACKAGE_althea-cron-jobs=y 6 | CONFIG_PACKAGE_althea-dash=y 7 | CONFIG_PACKAGE_althea-rust-binaries=y 8 | CONFIG_PACKAGE_althea-tools=y 9 | CONFIG_PACKAGE_althea-usb=y 10 | -------------------------------------------------------------------------------- /profiles/devices/edgerouterlite.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: edgerouterlite 2 | device: "erlite" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "octeon/generic-glibc/openwrt-octeon-erlite-squashfs-sysupgrade.tar" 6 | supported: false 7 | 8 | listen_interfaces: 9 | - eth0 10 | - eth1 11 | 12 | lan_interfaces: "eth2" 13 | 14 | rust_target: mips64-unknown-linux-gnuabi64 15 | -------------------------------------------------------------------------------- /requirements.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | roles: 3 | - name: davidalger.stackdriver 4 | - name: cyberark.conjur-host-identity 5 | - name: geerlingguy.mysql 6 | - name: geerlingguy.apache 7 | 8 | collections: 9 | - name: community.zabbix 10 | - name: community.proxysql 11 | - name: community.mongodb 12 | - name: infinidat.infinibox 13 | - name: infoblox.nios_modules 14 | -------------------------------------------------------------------------------- /roles/build-extender-config/templates/glb1300-extender-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | config switch 5 | option name 'switch0' 6 | option reset '1' 7 | option enable_vlan '1' 8 | 9 | config switch_vlan 10 | option device 'switch0' 11 | option vlan '1' 12 | option ports '3 4 0t' -------------------------------------------------------------------------------- /profiles/devices/aclite.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: aclite 2 | device: "ubnt-unifiac-lite" 3 | package_id: mips_24kc 4 | image_paths: 5 | - "ar71xx/generic/openwrt-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin" 6 | 7 | channel: 11 8 | five_ghz_channel: 36 9 | 10 | listen_interfaces: 11 | - eth0 12 | 13 | lan_interfaces: "wlan0 wlan1" 14 | 15 | rust_target: mips-unknown-linux-musl 16 | -------------------------------------------------------------------------------- /profiles/devices/nanopi-r2s.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: nanopi-r2s 2 | device: "friendlyarm_nanopi-r2s" 3 | package_id: aarch64_generic 4 | image_paths: 5 | - "rockchip/armv8/openwrt-rockchip-armv8-friendlyarm_nanopi-r2s-squashfs-sysupgrade.img.gz" 6 | supported: true 7 | 8 | listen_interfaces: 9 | - eth0 10 | 11 | lan_interfaces: "eth1 eth2" 12 | 13 | rust_target: aarch64-unknown-linux-musl 14 | -------------------------------------------------------------------------------- /roles/build-extender-config/templates/firewall.j2: -------------------------------------------------------------------------------- 1 | config defaults 2 | option tcp_ecn 1 3 | option input REJECT 4 | option output ACCEPT 5 | option forward REJECT 6 | 7 | config zone 8 | option name lan 9 | list network 'lan' 10 | option input ACCEPT 11 | option output ACCEPT 12 | option forward ACCEPT 13 | 14 | 15 | config include 16 | option path /etc/firewall.user 17 | -------------------------------------------------------------------------------- /roles/build-config/templates/wrt1900ac-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | config interface 'backhaul6' 11 | option ifname '@backhaul' 12 | option proto 'dhcpv6' -------------------------------------------------------------------------------- /roles/build-config/templates/dl-wrtx36-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | config interface 'backhaul6' 11 | option ifname '@backhaul' 12 | option proto 'dhcpv6' -------------------------------------------------------------------------------- /roles/build-config/templates/wrt1900acs-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | config interface 'backhaul6' 11 | option ifname '@backhaul' 12 | option proto 'dhcpv6' -------------------------------------------------------------------------------- /roles/build-config/templates/wrt3200acm-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | config interface 'backhaul6' 11 | option ifname '@backhaul' 12 | option proto 'dhcpv6' -------------------------------------------------------------------------------- /config/pi3-64: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_brcm2708=y 2 | CONFIG_TARGET_brcm2708_bcm2710=y 3 | CONFIG_TARGET_brcm2708_bcm2710_DEVICE_rpi-3=y 4 | CONFIG_DEVEL=y 5 | CONFIG_TOOLCHAINOPTS=y 6 | CONFIG_LIBC_USE_GLIBC=y 7 | CONFIG_USE_GLIBC=y 8 | CONFIG_PACKAGE_althea-babeld=y 9 | CONFIG_PACKAGE_althea-cron-jobs=y 10 | CONFIG_PACKAGE_althea-dash=y 11 | CONFIG_PACKAGE_althea-rust-binaries=y 12 | CONFIG_PACKAGE_althea-tools=y 13 | -------------------------------------------------------------------------------- /profiles/devices/pi3-64.yml: -------------------------------------------------------------------------------- 1 | # 64bit target for the pi3 2 | conf_to_build: pi3-64 3 | device: "rpi-3" 4 | package_id: aarch64_cortex-a53 5 | image_paths: 6 | - "brcm2708/bcm2710-glibc/openwrt-brcm2708-bcm2710-rpi-3-ext4-factory.img.gz" 7 | supported: false 8 | 9 | channel: 11 10 | 11 | listen_interfaces: 12 | - eth0 13 | 14 | lan_interfaces: "wlan0" 15 | 16 | rust_target: aarch64-unknown-linux-gnu 17 | -------------------------------------------------------------------------------- /roles/build-config/templates/wrt32x-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | config interface 'backhaul6' 11 | option ifname '@backhaul' 12 | option proto 'dhcpv6' 13 | -------------------------------------------------------------------------------- /profiles/management/althea-dev.yml: -------------------------------------------------------------------------------- 1 | insert_keys: false 2 | default_exit: "test" 3 | keys_to_insert: [] 4 | 5 | wifi_ssid_two_ghz: AltheaHome-2.4 6 | wifi_ssid_five_ghz: AltheaHome-5 7 | exit_wifi_ssid_two_ghz: AltheaExit-2 8 | exit_wifi_ssid_five_ghz: AltheaExit-5 9 | wifi_disabled: 0 10 | wifi_key: ChangeMe 11 | 12 | password_auth: "yes" 13 | 14 | logging_enabled: true 15 | logging_level: "INFO" 16 | 17 | release_feed: "rc/" 18 | -------------------------------------------------------------------------------- /profiles/devices/gl-mt6000.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: gl-mt6000 2 | device: "gl-mt6000" 3 | package_id: aarch64_cortex-a53 4 | image_paths: 5 | - "mediatek/filogic/openwrt-mediatek-filogic-glinet_gl-mt6000-squashfs-sysupgrade.bin" 6 | supported: true 7 | 8 | channel: 11 9 | five_ghz_channel: 36 10 | 11 | listen_interfaces: 12 | - eth1 13 | 14 | lan_interfaces: "lan1 lan2 lan3 lan4 lan5" 15 | 16 | rust_target: aarch64-unknown-linux-musl 17 | -------------------------------------------------------------------------------- /profiles/devices/espressobin-ultra.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: espressobin-ultra 2 | device: "globalscale_espressobin_ultra" 3 | package_id: aarch64_cortex-a53 4 | image_paths: 5 | - "mvebu/cortexa53/openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img.gz" 6 | supported: false 7 | 8 | listen_interfaces: 9 | - lan2 10 | - lan1 11 | - lan0 12 | 13 | lan_interfaces: "lan3" 14 | 15 | rust_target: aarch64-unknown-linux-gnu 16 | -------------------------------------------------------------------------------- /profiles/devices/aircubeISP.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: aircube 2 | device: "ubnt_acb-isp" 3 | package_id: ath79 4 | image_paths: 5 | - "ath79/generic/openwrt-ath79-generic-ubnt_acb-isp-squashfs-sysupgrade.bin" 6 | supported: false 7 | 8 | channel: 11 9 | 10 | # babel interfaces for gateway operation 11 | listen_interfaces: 12 | - eth1 13 | - eth0.3 14 | - eth0.4 15 | 16 | lan_interfaces: "eth0.2" 17 | 18 | rust_target: mips-unknown-linux-musl 19 | -------------------------------------------------------------------------------- /config/ubnt_edgerouter-4: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_octeon=y 2 | CONFIG_TARGET_octeon_DEVICE_ubnt_edgerouter-4=y 3 | CONFIG_TARGET_BOARD="octeon" 4 | CONFIG_DEVEL=y 5 | CONFIG_TOOLCHAINOPTS=y 6 | CONFIG_LIBC_USE_GLIBC=y 7 | CONFIG_USE_GLIBC=y 8 | CONFIG_PACKAGE_openwisp-config-wolfssl=y 9 | CONFIG_PACKAGE_althea-babeld=y 10 | CONFIG_PACKAGE_althea-cron-jobs=y 11 | CONFIG_PACKAGE_althea-dash=y 12 | CONFIG_PACKAGE_althea-rust-binaries=y 13 | CONFIG_PACKAGE_althea-tools=y 14 | -------------------------------------------------------------------------------- /profiles/devices/edgerouterx.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: edgerouterx 2 | device: "ubnt-erx" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-ubnt_edgerouter-x-squashfs-sysupgrade.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-ubnt_edgerouter-x-initramfs-kernel.bin" 7 | supported: true 8 | 9 | listen_interfaces: 10 | - eth4 11 | 12 | lan_interfaces: "eth0 eth1 eth2 eth3" 13 | 14 | rust_target: mipsel-unknown-linux-musl 15 | -------------------------------------------------------------------------------- /profiles/devices/glb1300.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: glb1300 2 | device: "gl-b1300" 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-glinet_gl-b1300-squashfs-sysupgrade.bin" 6 | supported: true 7 | 8 | channel: 11 9 | # 5ghz note only 20mhz channel widths 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - wan 14 | 15 | lan_interfaces: "lan1 lan2" 16 | 17 | rust_target: armv7-unknown-linux-musleabihf 18 | -------------------------------------------------------------------------------- /roles/build-extender-config/templates/dropbear.j2: -------------------------------------------------------------------------------- 1 | {% if remote_mesh_access and insert_keys %} 2 | config dropbear 3 | option PasswordAuth 'no' 4 | option Port '2200' 5 | config dropbear 6 | option Port '22' 7 | option Interface 'lan' 8 | {% else %} 9 | config dropbear 10 | option PasswordAuth '{{password_auth}}' 11 | option Port '{{ssh_port}}' 12 | option Interface 'lan' 13 | {% endif %} 14 | -------------------------------------------------------------------------------- /profiles/devices/pi4-64.yml: -------------------------------------------------------------------------------- 1 | # 64bit target for the pi4 2 | conf_to_build: pi4-64 3 | device: "rpi-4" 4 | package_id: aarch64_cortex-a53 5 | image_paths: 6 | - "bcm27xx/bcm2711/openwrt-bcm27xx-bcm2711-rpi-4-ext4-factory.img.gz" 7 | - "bcm27xx/bcm2711/openwrt-bcm27xx-bcm2711-rpi-4-squashfs-sysupgrade.img.gz" 8 | supported: true 9 | 10 | channel: 11 11 | 12 | listen_interfaces: 13 | - eth0 14 | 15 | lan_interfaces: "wlan0" 16 | 17 | rust_target: aarch64-unknown-linux-musl 18 | -------------------------------------------------------------------------------- /profiles/devices/ubnt_edgerouter-4.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: ubnt_edgerouter-4 2 | device: "ubnt_edgerouter-4" 3 | package_id: mips64_octeonplus 4 | image_paths: 5 | - "octeon/generic-glibc/openwrt-octeon-ubnt_edgerouter-4-initramfs-kernel.bin" 6 | - "octeon/generic-glibc/openwrt-octeon-ubnt_edgerouter-4-squashfs-sysupgrade.tar" 7 | supported: false 8 | 9 | listen_interfaces: 10 | - eth0 11 | 12 | lan_interfaces: "eth1 eth2" 13 | 14 | rust_target: mips64-unknown-linux-gnuabi64 15 | -------------------------------------------------------------------------------- /roles/factory/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Flashes routers in their factory state, only the n600 and 750 series for now 3 | 4 | - name: Upload firmware 5 | command: curl -F files=@{{source_dir}}/bin/targets/{{target}}/generic/openwrt-{{target}}-generic-{{device}}-squashfs-factory.bin http://192.168.1.1/up.htm 6 | 7 | - name: Wait for router to come back 8 | wait_for: 9 | host: "{{router_ip}}" 10 | port: 22 11 | state: started 12 | delay: 30 13 | timeout: 600 14 | -------------------------------------------------------------------------------- /firmware-root/etc/resolv.conf: -------------------------------------------------------------------------------- 1 | # Primarily all requests go to the exit dns server, with 2 | # a wide array of backups in case of resolver failure 3 | # these are only for firmware functions 4 | # user requests go to the servers in the dnsmasq config. 5 | nameserver 172.168.0.254 6 | nameserver 8.8.8.8 7 | nameserver 1.0.0.1 8 | nameserver 74.82.42.42 9 | nameserver 149.112.112.10 10 | nameserver 64.6.65.6 11 | nameserver 2606:4700:4700::1001 12 | nameserver 2001:4860:4860::8844 13 | 14 | -------------------------------------------------------------------------------- /profiles/devices/edgerouterx-sfp.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: edgerouterx-sfp 2 | device: "ubnt-erx-sfp" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-ubnt_edgerouter-x-sfp-squashfs-sysupgrade.bin" 6 | supported: true 7 | 8 | # provides poe control 9 | custom_script: erx-sfp-poe.sh 10 | 11 | listen_interfaces: 12 | - eth4 13 | - eth5 # SFP port 14 | 15 | lan_interfaces: "eth0 eth1 eth2 eth3" 16 | 17 | rust_target: mipsel-unknown-linux-musl 18 | -------------------------------------------------------------------------------- /roles/build-config/templates/dropbear.j2: -------------------------------------------------------------------------------- 1 | {% if remote_mesh_access and insert_keys %} 2 | config dropbear 3 | option PasswordAuth 'no' 4 | option Port '2200' 5 | config dropbear 6 | option PasswordAuth 'no' 7 | option Port '22' 8 | option Interface 'lan' 9 | {% else %} 10 | config dropbear 11 | option PasswordAuth '{{password_auth}}' 12 | option Port '{{ssh_port}}' 13 | option Interface 'lan' 14 | {% endif %} 15 | -------------------------------------------------------------------------------- /firmware-root/etc/banner: -------------------------------------------------------------------------------- 1 | ___ __ .___________. __ __ _______ ___ 2 | / \ | | | || | | | | ____| / \ 3 | / ^ \ | | `---| |----`| |__| | | |__ / ^ \ 4 | / /_\ \ | | | | | __ | | __| / /_\ \ 5 | / _____ \ | `----. | | | | | | | |____ / _____ \ 6 | /__/ \__\ |_______| |__| |__| |__| |_______/__/ \__\ 7 | 8 | Welcome to the Althea mesh firmware, derived from OpenWRT. 9 | -------------------------------------------------------------------------------- /profiles/devices/ea7300v1.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: ea7300v1 2 | device: "linksys_ea7300v1" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_ea7300-v1-squashfs-sysupgrade.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_ea7300-v1-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - wan 14 | 15 | lan_interfaces: "lan1 lan2 lan3 lan4" 16 | 17 | rust_target: mipsel-unknown-linux-musl 18 | -------------------------------------------------------------------------------- /profiles/devices/ea7300v2.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: ea7300v2 2 | device: "linksys_ea7300v2" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_ea7300-v2-squashfs-sysupgrade.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_ea7300-v2-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - wan 14 | 15 | lan_interfaces: "lan1 lan2 lan3 lan4" 16 | 17 | rust_target: mipsel-unknown-linux-musl 18 | -------------------------------------------------------------------------------- /profiles/devices/ea7500v2.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: ea7500v2 2 | device: "linksys_ea7500v2" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_ea7500-v2-squashfs-sysupgrade.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_ea7500-v2-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - wan 14 | 15 | lan_interfaces: "lan1 lan2 lan3 lan4" 16 | 17 | rust_target: mipsel-unknown-linux-musl 18 | -------------------------------------------------------------------------------- /roles/build-config/templates/ea8300-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | #config device 'switch_dev' 5 | # option name 'eth0' 6 | # option macaddr '60:38:e0:a6:4f:73' 7 | 8 | #config device 'wan_dev' 9 | # option name 'eth1' 10 | # option macaddr '60:38:e0:a6:4f:72' 11 | 12 | {% for interface in listen_interfaces %} 13 | config interface 'rita_{{interface | replace(".","")}}' 14 | option ifname {{interface}} 15 | option proto static 16 | {% endfor %} 17 | -------------------------------------------------------------------------------- /roles/build-config/templates/mr8300-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | #config device 'switch_dev' 5 | # option name 'eth0' 6 | # option macaddr '60:38:e0:a6:4f:73' 7 | 8 | #config device 'wan_dev' 9 | # option name 'eth1' 10 | # option macaddr '60:38:e0:a6:4f:72' 11 | 12 | {% for interface in listen_interfaces %} 13 | config interface 'rita_{{interface | replace(".","")}}' 14 | option ifname {{interface}} 15 | option proto static 16 | {% endfor %} 17 | -------------------------------------------------------------------------------- /profiles/devices/dl-wrtx36.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: dl-wrtx36 2 | device: "dl-wrtx36" 3 | package_id: aarch64_cortex-a53 4 | image_paths: 5 | - "ipq807x/generic/openwrt-ipq807x-generic-dynalink_dl-wrx36-squashfs-sysupgrade.bin" 6 | - "ipq807x/generic/openwrt-ipq807x-generic-dynalink_dl-wrx36-squashfs-factory.ubi" 7 | supported: true 8 | 9 | channel: 1 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - wan 14 | 15 | lan_interfaces: "lan1 lan2 lan3 lan4" 16 | 17 | rust_target: aarch64-unknown-linux-musl 18 | -------------------------------------------------------------------------------- /profiles/devices/mikrotik_routerboard-750gr3.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: mikrotik_routerboard-750gr3 2 | device: mikrotik_routerboard-750gr3 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-mikrotik_routerboard-750gr3-initramfs-kernel.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-mikrotik_routerboard-750gr3-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | listen_interfaces: 10 | - wan 11 | 12 | lan_interfaces: "lan2 lan3 lan4 lan5" 13 | 14 | rust_target: mipsel-unknown-linux-musl 15 | -------------------------------------------------------------------------------- /profiles/devices/netgear_r7800.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: netgear_r7800 2 | device: "netgear_r7800" 3 | package_id: arm_cortex-a15_neon-vfpv4 4 | image_paths: 5 | - "ipq806x/generic/openwrt-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin" 6 | - "ipq806x/generic/openwrt-ipq806x-generic-netgear_r7800-squashfs-factory.img" 7 | supported: false 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - eth0.2 14 | 15 | lan_interfaces: "eth1.1" 16 | 17 | rust_target: armv7-unknown-linux-musleabihf 18 | -------------------------------------------------------------------------------- /profiles/exit/glb1300.yml: -------------------------------------------------------------------------------- 1 | rita_type: "exit" 2 | conf_to_build: "glb1300-exit" 3 | device: "gl-b1300" 4 | package_id: arm_cortex-a7_neon-vfpv4 5 | image_paths: 6 | - "ipq40xx/generic/openwrt-ipq40xx-generic-glinet_gl-b1300-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | channel: 11 10 | # 5ghz note only 20mhz channel widths 11 | five_ghz_channel: 36 12 | 13 | wan_interface: "wan" 14 | 15 | listen_interfaces: 16 | - wan 17 | 18 | lan_interfaces: "lan1 lan2" 19 | 20 | rust_target: armv7-unknown-linux-musleabihf 21 | -------------------------------------------------------------------------------- /roles/build-config/templates/x86_64-exit-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | config interface 'backhaul' 5 | option ifname 'eth0' 6 | option proto 'dhcp' 7 | 8 | config interface 'backhaul6' 9 | option ifname '@backhaul' 10 | option proto 'dhcpv6' 11 | 12 | {% for interface in listen_interfaces %} 13 | config interface 'rita_{{interface | replace(".","")}}' 14 | option ifname {{interface}} 15 | option proto static 16 | option ip6addr fde6::1 17 | {% endfor %} 18 | -------------------------------------------------------------------------------- /profiles/devices/ea6350v3.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: ea6350v3 2 | device: "linksys_ea6350v3" 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_ea6350v3-squashfs-sysupgrade.bin" 6 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_ea6350v3-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | listen_interfaces: 13 | - wan 14 | 15 | lan_interfaces: "lan1 lan2 lan3 lan4" 16 | 17 | rust_target: armv7-unknown-linux-musleabihf 18 | -------------------------------------------------------------------------------- /profiles/devices/tplinkc7v2.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: tplinkc7v2 2 | device: "tplink_archer-c7-v2" 3 | package_id: mips_24kc 4 | image_paths: 5 | - "ar71xx/generic/openwrt-ar71xx-generic-archer-c7-v2-squashfs-factory-us.bin" 6 | supported: false 7 | 8 | private_radio: 9 | - radio0 10 | - radio1 11 | 12 | channel: 11 13 | # 5ghz note only 20mhz channel widths 14 | five_ghz_channel: 36 15 | 16 | listen_interfaces: 17 | - eth0.1 18 | 19 | lan_interfaces: "eth1.2 eth1.3 eth1.4 eth1.5" 20 | 21 | rust_target: mips-unknown-linux-musl 22 | -------------------------------------------------------------------------------- /profiles/devices/mikrotik_routerboard-760igs.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: mikrotik_routerboard-760igs 2 | device: mikrotik_routerboard-760igs 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-mikrotik_routerboard-760igs-initramfs-kernel.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-mikrotik_routerboard-760igs-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | listen_interfaces: 10 | - wan 11 | - sfp 12 | 13 | lan_interfaces: "lan2 lan3 lan4 lan5" 14 | 15 | rust_target: mipsel-unknown-linux-musl 16 | -------------------------------------------------------------------------------- /roles/build-config/templates/espressobin-ultra-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | config interface 'backhaul' 5 | option ifname 'wan' 6 | option proto 'dhcp' 7 | option ip6assign '60' 8 | 9 | config interface 'backhaul6' 10 | option ifname '@backhaul' 11 | option proto 'dhcpv6' 12 | 13 | {% for interface in listen_interfaces %} 14 | config interface 'rita_{{interface | replace(".","")}}' 15 | option ifname {{interface}} 16 | option proto static 17 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/pi2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key '{{wifi_key}}' 16 | -------------------------------------------------------------------------------- /roles/build-config/templates/pi3-64-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key '{{wifi_key}}' 16 | -------------------------------------------------------------------------------- /roles/build-config/templates/pi3-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key '{{wifi_key}}' 16 | -------------------------------------------------------------------------------- /roles/build-config/templates/pi4-64-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key '{{wifi_key}}' 16 | -------------------------------------------------------------------------------- /profiles/devices/wrt32x.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: wrt32x 2 | device: "linksys_wrt32x" 3 | package_id: arm_cortex-a9_vfpv3-d16 4 | image_paths: 5 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt32x-squashfs-sysupgrade.bin" 6 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt32x-squashfs-factory.img" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | wifi_encryption: "psk2+ccmp" 13 | 14 | listen_interfaces: 15 | - wan 16 | 17 | lan_interfaces: "lan1 lan2 lan3 lan4" 18 | 19 | rust_target: armv7-unknown-linux-musleabihf 20 | -------------------------------------------------------------------------------- /roles/build-config/templates/aircube-wireless.j2: -------------------------------------------------------------------------------- 1 | 2 | config wifi-device 'radio0' 3 | option type 'mac80211' 4 | option channel '{{channel}}' 5 | option hwmode '11g' 6 | option path 'platform/ahb/ahb:apb/18100000.wmac' 7 | option htmode 'HT20' 8 | option disabled '{{wifi_disabled}}' 9 | 10 | config wifi-iface 'default_radio0' 11 | option device 'radio0' 12 | option network 'lan' 13 | option mode 'ap' 14 | option ifname 'wlan0' 15 | option ssid '{{wifi_ssid_two_ghz}}' 16 | option encryption '{{wifi_encryption}}' 17 | option key '{{wifi_key}}' 18 | -------------------------------------------------------------------------------- /profiles/devices/nanopi-r2c.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: nanopi-r2c 2 | device: "friendlyarm_nanopi-r2c" 3 | package_id: aarch64_generic 4 | image_paths: 5 | - "rockchip/armv8/openwrt-rockchip-armv8-friendlyarm_nanopi-r2c-squashfs-sysupgrade.img.gz" 6 | - "rockchip/armv8/openwrt-rockchip-armv8-friendlyarm_nanopi-r2c-ext4-sysupgrade.img.gz" 7 | supported: false 8 | 9 | listen_interfaces: 10 | - eth0 11 | 12 | lan_interfaces: "eth1" 13 | 14 | rust_target: aarch64-unknown-linux-musl 15 | 16 | repo: https://github.com/althea-net/openwrt 17 | version: v21.02.1-r2c 18 | -------------------------------------------------------------------------------- /scripts/build-exit-managed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eux 3 | cd $(dirname $0)/.. 4 | 5 | # desktops / servers 6 | ansible-playbook -e @profiles/exit/x86_64.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 7 | 8 | ansible-playbook -e @profiles/exit/mikrotik_hap-ac3.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 9 | ansible-playbook -e @profiles/exit/glb1300.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 10 | ansible-playbook -e @profiles/exit/gl-mt6000.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 11 | -------------------------------------------------------------------------------- /profiles/devices/glb1300-extender.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: glb1300-extender 2 | device: "gl-b1300" 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-glinet_gl-b1300-squashfs-sysupgrade.bin" 6 | supported: true 7 | rita_type: "extender" 8 | 9 | channel: 11 10 | # 5ghz note only 20mhz channel widths 11 | five_ghz_channel: 36 12 | 13 | lan_interfaces: "lan1 lan2" 14 | 15 | wan_interface: "wan" 16 | 17 | # For sqm tuning 18 | real_interfaces: 19 | - eth0 20 | - eth1 21 | 22 | rust_target: armv7-unknown-linux-musleabihf 23 | -------------------------------------------------------------------------------- /profiles/devices/wrt1900ac.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: wrt1900ac 2 | device: "linksys_wrt1900ac" 3 | package_id: arm_cortex-a9_vfpv3-d16 4 | image_paths: 5 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt1900ac-v1-squashfs-sysupgrade.bin" 6 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt1900ac-v1-squashfs-factory.img" 7 | supported: false 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | wifi_encryption: "psk2+ccmp" 13 | 14 | listen_interfaces: 15 | - wan 16 | 17 | lan_interfaces: "lan1 lan2 lan3 lan4" 18 | 19 | rust_target: armv7-unknown-linux-musleabihf 20 | -------------------------------------------------------------------------------- /profiles/devices/wrt3200acm.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: wrt3200acm 2 | device: "linksys_wrt3200acm" 3 | package_id: arm_cortex-a9_vfpv3-d16 4 | image_paths: 5 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt3200acm-squashfs-sysupgrade.bin" 6 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt3200acm-squashfs-factory.img" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | wifi_encryption: "psk2+ccmp" 13 | 14 | listen_interfaces: 15 | - wan 16 | 17 | lan_interfaces: "lan1 lan2 lan3 lan4" 18 | 19 | rust_target: armv7-unknown-linux-musleabihf 20 | -------------------------------------------------------------------------------- /profiles/devices/wrt1900acs.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: wrt1900acs 2 | device: "linksys_wrt1900acs" 3 | package_id: arm_cortex-a9_vfpv3-d16 4 | image_paths: 5 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin" 6 | - "mvebu/cortexa9/openwrt-mvebu-cortexa9-linksys_wrt1900acs-squashfs-factory.img" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | wifi_encryption: "psk2+ccmp" 13 | 14 | 15 | listen_interfaces: 16 | - wan 17 | 18 | lan_interfaces: "lan1 lan2 lan3 lan4" 19 | 20 | rust_target: armv7-unknown-linux-musleabihf 21 | -------------------------------------------------------------------------------- /profiles/devices/cudy_wr2100.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: cudy_wr2100 2 | device: "cudy_wr2100" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-cudy_wr2100-initramfs-kernel.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-cudy_wr2100-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | private_radio: 10 | - radio0 11 | - radio1 12 | 13 | channel: 11 14 | # 5ghz note only 20mhz channel widths 15 | five_ghz_channel: 36 16 | 17 | listen_interfaces: 18 | - wan 19 | 20 | lan_interfaces: "lan1 lan2 lan3 lan4" 21 | 22 | rust_target: mipsel-unknown-linux-musl 23 | -------------------------------------------------------------------------------- /profiles/devices/linksys_e5600.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: linksys_e5600 2 | device: "linksys_e5600" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_e5600-squashfs-factory.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-linksys_e5600-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | private_radio: 10 | - radio0 11 | - radio1 12 | 13 | channel: 11 14 | # 5ghz note only 20mhz channel widths 15 | five_ghz_channel: 36 16 | 17 | listen_interfaces: 18 | - wan 19 | 20 | lan_interfaces: "lan1 lan2 lan3 lan4" 21 | 22 | rust_target: mipsel-unknown-linux-musl 23 | -------------------------------------------------------------------------------- /profiles/devices/n750.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: n750 2 | device: "mynet-n750" 3 | package_id: mips_24kc 4 | image_paths: 5 | - "ath79/generic/openwrt-ath79-generic-wd_mynet-n750-squashfs-sysupgrade.bin" 6 | - "ath79/generic/openwrt-ath79-generic-wd_mynet-n750-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 1 10 | # 5ghz note only 20mhz channel widths 11 | five_ghz_channel: 165 12 | 13 | # babel interfaces for gateway operation 14 | listen_interfaces: 15 | - eth0.2 16 | - eth0.3 17 | - eth0.4 18 | - eth0.5 19 | 20 | lan_interfaces: "eth0.1" 21 | 22 | rust_target: mips-unknown-linux-musl 23 | -------------------------------------------------------------------------------- /profiles/management/althea-release.yml: -------------------------------------------------------------------------------- 1 | # This is the standard release profile. This does collect error level info from the device 2 | # you can either disable logging or change the logging server 3 | 4 | default_exit: "test" 5 | insert_keys: false 6 | logging_enabled: true 7 | logging_level: "ERROR" 8 | wifi_ssid_two_ghz: AltheaHome-2 9 | wifi_ssid_five_ghz: AltheaHome-5 10 | exit_wifi_ssid_two_ghz: AltheaExit-2 11 | exit_wifi_ssid_five_ghz: AltheaExit-5 12 | wifi_disabled: 0 13 | wifi_key: ChangeMe 14 | copy_images: true 15 | 16 | password_auth: "yes" 17 | 18 | release_feed: "" 19 | remote_mesh_access: false 20 | -------------------------------------------------------------------------------- /profiles/devices/tplinka6v3.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: tplinka6v3 2 | device: "tplink_archer-a6-v3" 3 | package_id: mipsel_24kc 4 | image_paths: 5 | - "ramips/mt7621/openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-factory.bin" 6 | - "ramips/mt7621/openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | private_radio: 10 | - radio0 11 | - radio1 12 | 13 | channel: 11 14 | # 5ghz note only 20mhz channel widths 15 | five_ghz_channel: 36 16 | 17 | listen_interfaces: 18 | - wan 19 | 20 | lan_interfaces: "lan1 lan2 lan3 lan4" 21 | 22 | rust_target: mipsel-unknown-linux-musl 23 | -------------------------------------------------------------------------------- /profiles/devices/netgear_ex6100v2.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: netgear_ex6100v2 2 | device: "netgear_ex6100v2" 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-netgear_ex6100v2-squashfs-factory.img" 6 | #- "ipq40xx/generic/openwrt-ipq40xx-generic-netgear_ex6100v2-squashfs-sysupgrade.bin" 7 | 8 | supported: true 9 | 10 | channel: 11 11 | five_ghz_channel: 36 12 | 13 | # if the one eth port is set to mesh, then the dashboard is only accessible via the wifi 14 | listen_interfaces: 15 | - wan 16 | 17 | lan_interfaces: "" 18 | 19 | rust_target: armv7-unknown-linux-musleabihf 20 | -------------------------------------------------------------------------------- /profiles/exit/gl-mt6000.yml: -------------------------------------------------------------------------------- 1 | rita_type: "exit" 2 | conf_to_build: gl-mt6000-exit 3 | device: "gl-mt6000" 4 | package_id: aarch64_cortex-a53 5 | image_paths: 6 | - "mediatek/filogic/openwrt-mediatek-filogic-glinet_gl-mt6000-squashfs-factory.bin" 7 | - "mediatek/filogic/openwrt-mediatek-filogic-glinet_gl-mt6000-squashfs-sysupgrade.bin" 8 | supported: true 9 | 10 | channel: 11 11 | five_ghz_channel: 36 12 | 13 | listen_interfaces: 14 | - eth1 15 | 16 | lan_interfaces: "lan1 lan2 lan3 lan4 lan5" 17 | 18 | # Reference value, see network.j2 to modify 19 | wan_interface: "eth1" 20 | 21 | rust_target: aarch64-unknown-linux-musl 22 | -------------------------------------------------------------------------------- /roles/build-config/templates/netgear_r7800-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | 11 | config switch 12 | option name 'switch0' 13 | option reset '1' 14 | option enable_vlan '1' 15 | 16 | config switch_vlan 17 | option device 'switch0' 18 | option vlan '1' 19 | option ports '1 2 3 4 6t' 20 | 21 | config switch_vlan 22 | option device 'switch0' 23 | option vlan '2' 24 | option ports '5 0t' 25 | -------------------------------------------------------------------------------- /profiles/devices/mikrotik_hap-ac2-extender.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: mikrotik_hap-ac2-extender 2 | device: mikrotik_hap-ac2 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-initramfs-kernel.bin" 6 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-squashfs-sysupgrade.bin" 7 | supported: true 8 | rita_type: "extender" 9 | 10 | private_radio: 11 | - radio0 12 | - radio1 13 | 14 | channel: 11 15 | # 5ghz note only 20mhz channel widths 16 | five_ghz_channel: 36 17 | 18 | lan_interfaces: "wan lan1 lan2 lan3 lan4" 19 | 20 | rust_target: armv7-unknown-linux-musleabihf 21 | -------------------------------------------------------------------------------- /profiles/devices/x86.yml: -------------------------------------------------------------------------------- 1 | # Config for generic x86 pc's, setup for 5 ports currently. 2 | # as a note PCI cards seem to start with eth0 as the first port on the 3 | # lowest number pci slot card, counting down, then returning to the mobo port 4 | # this may not always hold true 5 | 6 | # To flash just untar the ext4 image and write it to a flash drive 7 | conf_to_build: x86 8 | device: "i386" 9 | package_id: i386_pentium4 10 | 11 | channel: 11 12 | five_ghz_channel: 36 13 | 14 | listen_interfaces: 15 | - eth2 16 | - eth3 17 | - eth4 18 | 19 | lan_interfaces: "eth1" 20 | 21 | wan_interface: "eth0" 22 | 23 | rust_target: i586-unknown-linux-musl 24 | -------------------------------------------------------------------------------- /roles/build-extender-config/templates/mikrotik_hap-ac2-extender-network.j2: -------------------------------------------------------------------------------- 1 | config switch 2 | option name 'switch0' 3 | option reset '1' 4 | option enable_vlan '1' 5 | 6 | # you can't use vlan 1 on this device, so we put port 1 on vlan 5 7 | config switch_vlan 8 | option device 'switch0' 9 | option vlan '11' 10 | option ports '1 0t' 11 | 12 | config switch_vlan 13 | option device 'switch0' 14 | option vlan '12' 15 | option ports '2 0t' 16 | 17 | config switch_vlan 18 | option device 'switch0' 19 | option vlan '13' 20 | option ports '3 0t' 21 | 22 | config switch_vlan 23 | option device 'switch0' 24 | option vlan '14' 25 | option ports '4 0t' -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - var-spacing 3 | - package-latest 4 | - risky-file-permissions 5 | - role-name 6 | - command-instead-of-module 7 | - no-changed-when 8 | - no-handler 9 | - fqcn-builtins 10 | warn_list: # or 'skip_list' to silence them completely 11 | - command-instead-of-shell # Use shell only when shell functionality is required. 12 | - experimental # all rules tagged as experimental 13 | - literal-compare # Don't compare to literal True/False. 14 | - risky-shell-pipe # Shells that use pipes should set the pipefail option. 15 | - unnamed-task # All tasks should be named. 16 | - yaml # Violations reported by yamllint. 17 | -------------------------------------------------------------------------------- /roles/build-config/templates/pi3-network.j2: -------------------------------------------------------------------------------- 1 | config interface 'loopback' 2 | option ifname 'lo' 3 | option proto 'static' 4 | option ipaddr '127.0.0.1' 5 | option netmask '255.0.0.0' 6 | 7 | config globals 'globals' 8 | option ula_prefix 'auto' 9 | 10 | config interface 'lan' 11 | option type 'bridge' 12 | option ifname 'wlan0' 13 | option proto 'static' 14 | option ipaddr '{{lan_ip}}' 15 | option netmask '255.255.255.0' 16 | option ip6assign '60' 17 | 18 | 19 | {% for interface in listen_interfaces %} 20 | config interface 'rita_{{interface | replace(".","")}}' 21 | option ifname {{interface}} 22 | option proto static 23 | {% endfor %} -------------------------------------------------------------------------------- /scripts/flash_mikrotik_tftp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | USER=thomas 3 | IFNAME=enp164s0u1u4 4 | 5 | IMAGE=2022-01-19-19-58-openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-initramfs-kernel.bin 6 | 7 | #port 67 must be open to receive BOOTP messages 8 | firewall-cmd --add-port=67/udp 9 | 10 | #/sbin/ip addr replace 192.168.1.10/24 dev $IFNAME 11 | #/sbin/ip link set dev $IFNAME up 12 | 13 | /usr/sbin/dnsmasq --user=$USER \ 14 | --no-daemon \ 15 | --listen-address 192.168.1.10 \ 16 | --bind-interfaces \ 17 | -p0 \ 18 | --dhcp-authoritative \ 19 | --dhcp-range=192.168.1.100,192.168.1.200 \ 20 | --bootp-dynamic \ 21 | --dhcp-boot=$IMAGE \ 22 | --log-dhcp \ 23 | --enable-tftp \ 24 | --tftp-root=$(pwd) 25 | -------------------------------------------------------------------------------- /roles/upgrade/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Upgrades LEDE devices to the newly built firmware 3 | # Use with EXTRAORDINARY CAUTION 4 | 5 | - name: Copy over new firmware file 6 | shell: "scp {{ssh_args}} {{source_dir}}/bin/targets/{{image_path}} root@\\[{{router_ip}}\\]:/tmp/sysupgrade.{{extension}}" 7 | 8 | - name: Apply the update, please cross your fingers and wait 5 minutes 9 | command: "ssh {{ssh_args}} root@{{router_ip}} sysupgrade -v -n /tmp/sysupgrade.{{extension}}" 10 | ignore_errors: true 11 | async: 0 12 | poll: 0 13 | 14 | - name: Wait for router to come back 15 | wait_for: 16 | host: "{{router_ip}}" 17 | port: 22 18 | state: started 19 | delay: 30 20 | timeout: 600 21 | -------------------------------------------------------------------------------- /roles/build-extender-config/defaults/main.yml: -------------------------------------------------------------------------------- 1 | source_dir: build 2 | disable_password_login: false 3 | remote_mesh_access: false 4 | insert_keys: false 5 | keys_to_insert: 6 | - "" 7 | dropbear_wan_accessible: false 8 | ssh_port: 22 9 | password_auth: 0 10 | # should default to sae-mixed (WPA3/2), which depends on wpad-basic-wolfssl and is enabled by default in openwrt-21.02 11 | # due to high rate of incompatible devices default remains wpa2 only, this should be changed back in the future 12 | wifi_encryption: "psk2+tkip+ccmp" 13 | final_device_template: "{{ conf_to_build if device_template is not defined else device_template }}" 14 | wireless_conf_path: "{{role_path}}/templates/{{final_device_template}}-wireless.j2" -------------------------------------------------------------------------------- /roles/build-config/templates/aircube-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | 10 | config switch 11 | option name 'switch0' 12 | option reset '1' 13 | option enable_vlan '1' 14 | 15 | config switch_vlan 16 | option device 'switch0' 17 | option vlan '2' 18 | option ports '2 0t' 19 | 20 | config switch_vlan 21 | option device 'switch0' 22 | option vlan '3' 23 | option ports '3 0t' 24 | 25 | config switch_vlan 26 | option device 'switch0' 27 | option vlan '4' 28 | option ports '4 0t' 29 | 30 | -------------------------------------------------------------------------------- /profiles/devices/ea8300.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: ea8300 2 | device: "linksys_ea8300" 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_ea8300-squashfs-sysupgrade.bin" 6 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_ea8300-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | # this device has a history of using low vlans and moving them around between 13 | # releases because of that we've moved our own vlans up to 10+ and set it up 14 | # such that port eth0.11 -> the switch (eth0) and port 1 (vlan 11 = 10 + port number 1) 15 | listen_interfaces: 16 | - wan 17 | 18 | lan_interfaces: "lan1 lan2 lan3 lan4" 19 | 20 | rust_target: armv7-unknown-linux-musleabihf 21 | -------------------------------------------------------------------------------- /profiles/devices/linksys-whw03v2.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: linksys_whw03v2 2 | device: linksys_whw03v2 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_whw03v2-squashfs-factory.bin" 6 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_whw03v2-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | private_radio: 10 | - radio0 11 | - radio1 12 | - radio2 13 | 14 | # does not support channel 11 15 | channel: 1 16 | # note the first radio on this device must take channel 149 17 | # with the last device taking channel 36 18 | five_ghz_channel: 149 19 | five_ghz_channel_alt: 36 20 | 21 | listen_interfaces: 22 | - wan 23 | 24 | lan_interfaces: "lan" 25 | 26 | 27 | rust_target: armv7-unknown-linux-musleabihf 28 | -------------------------------------------------------------------------------- /profiles/devices/mr8300.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: mr8300 2 | device: "linksys_mr8300" 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_mr8300-squashfs-sysupgrade.bin" 6 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_mr8300-squashfs-factory.bin" 7 | supported: true 8 | 9 | channel: 11 10 | five_ghz_channel: 36 11 | 12 | # this device has a history of using low vlans and moving them around between 13 | # releases because of that we've moved our own vlans up to 10+ and set it up 14 | # such that port eth0.11 -> the switch (eth0) and port 1 (vlan 11 = 10 + port number 1) 15 | listen_interfaces: 16 | - wan 17 | 18 | lan_interfaces: "lan1 lan2 lan3 lan4" 19 | 20 | rust_target: armv7-unknown-linux-musleabihf 21 | -------------------------------------------------------------------------------- /profiles/exit/mikrotik_hap-ac3.yml: -------------------------------------------------------------------------------- 1 | rita_type: "exit" 2 | conf_to_build: "mikrotik_hap-ac3-exit" 3 | 4 | device: mikrotik_hap-ac3 5 | package_id: arm_cortex-a7_neon-vfpv4 6 | image_paths: 7 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-initramfs-kernel.bin" 8 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-squashfs-sysupgrade.bin" 9 | supported: true 10 | 11 | private_radio: 12 | - radio0 13 | - radio1 14 | 15 | channel: 11 16 | # 5ghz note only 20mhz channel widths 17 | five_ghz_channel: 36 18 | 19 | # Reference value, see network.j2 to modify 20 | wan_interface: "wan" 21 | 22 | listen_interfaces: 23 | - lan2 24 | - lan3 25 | - lan4 26 | 27 | lan_interfaces: "lan1" 28 | 29 | rust_target: armv7-unknown-linux-musleabihf 30 | -------------------------------------------------------------------------------- /profiles/devices/linksys-whw03.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: linksys_whw03 2 | device: linksys_whw03 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | apply_patches: false 5 | image_paths: 6 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_whw03-squashfs-factory.bin" 7 | - "ipq40xx/generic/openwrt-ipq40xx-generic-linksys_whw03-squashfs-sysupgrade.bin" 8 | supported: true 9 | version: v24.10.0 10 | 11 | private_radio: 12 | - radio0 13 | - radio1 14 | - radio2 15 | 16 | # does not support channel 11 17 | channel: 1 18 | # note the first radio on this device must take channel 149 19 | # with the last device taking channel 36 20 | five_ghz_channel: 36 21 | five_ghz_channel_alt: 149 22 | 23 | listen_interfaces: 24 | - wan 25 | 26 | lan_interfaces: "lan" 27 | 28 | 29 | rust_target: armv7-unknown-linux-musleabihf 30 | -------------------------------------------------------------------------------- /roles/build-config/templates/rc.button.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . /lib/functions.sh 4 | 5 | OVERLAY="$( grep ' /overlay ' /proc/mounts )" 6 | 7 | case "$ACTION" in 8 | timeout) 9 | . /etc/diag.sh 10 | set_state failsafe 11 | ;; 12 | released) 13 | if [ "$SEEN" -lt 1 ] 14 | then 15 | echo "REBOOT" > /dev/console 16 | sync 17 | reboot 18 | elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ] 19 | then 20 | echo "ROUTER RESET" > /dev/console 21 | rm /overlay/upper/etc/config/wireless 22 | /etc/init.d/rita stop 23 | sed -i 's/rita_dashboard_password.*//g' /etc/rita.toml 24 | sync 25 | reboot 26 | fi 27 | ;; 28 | esac 29 | 30 | return 0 31 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: 2 | - c 3 | - python 4 | - rust 5 | rust: 6 | - nightly 7 | cache: 8 | - ccache 9 | - pip 10 | - cargo 11 | install: 12 | - sudo apt-get install python-pip 13 | - sudo pip install ansible 14 | - sudo pip install ansible-lint 15 | 16 | sudo: required 17 | 18 | env: 19 | - DEVICE=n600.yml PROFILE=althea-dev.yml 20 | - DEVICE=n750.yml PROFILE=althea-dev.yml 21 | - DEVICE=edgerouterx.yml PROFILE=althea-dev.yml 22 | - DEVICE=ar750.yml PROFILE=althea-dev.yml 23 | - DEVICE=dir860l.yml PROFILE=althea-dev.yml 24 | - DEVICE=wdr3600.yml PROFILE=althea-dev.yml 25 | - DEVICE=omnia.yml PROFILE=althea-dev.yml 26 | 27 | 28 | script: 29 | - ansible-playbook first-time-setup.yml 30 | - ansible-playbook -e @profiles/devices/$DEVICE -e @profiles/management/$PROFILE -e ci=True firmware-build.yml 31 | -------------------------------------------------------------------------------- /roles/prepare-sources/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Downloads and prepares the openwrt sources by applying patches 3 | 4 | - name: Create build directory 5 | file: 6 | path: "{{source_dir}}" 7 | state: directory 8 | 9 | - name: Clone OpenWRT 10 | git: 11 | repo: "{{repo}}" 12 | dest: "{{source_dir}}" 13 | update: true 14 | version: "{{version}}" 15 | register: source_version 16 | 17 | - name: Apply patches 18 | command: git am --no-gpg-sign "{{ item }}" 19 | with_fileglob: 20 | - "patches/*" 21 | args: 22 | chdir: "{{source_dir}}" 23 | when: apply_patches 24 | 25 | - name: Update Rust 26 | shell: "{{ansible_env.HOME}}/.cargo/bin/rustup update" 27 | 28 | - name: Grab rust targets for hardware profile 29 | command: "{{ansible_env.HOME}}/.cargo/bin/rustup target add {{rust_target}}" 30 | ignore_errors: true 31 | -------------------------------------------------------------------------------- /roles/build-config/templates/x86-network.j2: -------------------------------------------------------------------------------- 1 | config interface 'loopback' 2 | option ifname 'lo' 3 | option proto 'static' 4 | option ipaddr '127.0.0.1' 5 | option netmask '255.0.0.0' 6 | 7 | config globals 'globals' 8 | option ula_prefix 'auto' 9 | 10 | config interface 'lan' 11 | option type 'bridge' 12 | option ifname 'eth1' 13 | option proto 'static' 14 | option ipaddr '{{lan_ip}}' 15 | option netmask '255.255.255.0' 16 | option ip6assign '60' 17 | 18 | config interface 'backhaul' 19 | option ifname 'eth0' 20 | option proto 'dhcp' 21 | 22 | config interface 'backhaul6' 23 | option ifname '@backhaul' 24 | option proto 'dhcpv6' 25 | 26 | 27 | {% for interface in listen_interfaces %} 28 | config interface 'rita_{{interface | replace(".","")}}' 29 | option ifname {{interface}} 30 | option proto static 31 | option ip6addr fde6::1 32 | {% endfor %} 33 | -------------------------------------------------------------------------------- /roles/build-config/templates/x86-exit-network.j2: -------------------------------------------------------------------------------- 1 | config interface 'loopback' 2 | option ifname 'lo' 3 | option proto 'static' 4 | option ipaddr '127.0.0.1' 5 | option netmask '255.0.0.0' 6 | 7 | config globals 'globals' 8 | option ula_prefix 'auto' 9 | 10 | config interface 'lan' 11 | option type 'bridge' 12 | option ifname 'eth1' 13 | option proto 'static' 14 | option ipaddr '{{lan_ip}}' 15 | option netmask '255.255.255.0' 16 | option ip6assign '60' 17 | 18 | config interface 'backhaul' 19 | option ifname 'eth0' 20 | option proto 'dhcp' 21 | 22 | config interface 'backhaul6' 23 | option ifname '@backhaul' 24 | option proto 'dhcpv6' 25 | 26 | 27 | {% for interface in listen_interfaces %} 28 | config interface 'rita_{{interface | replace(".","")}}' 29 | option ifname {{interface}} 30 | option proto static 31 | option ip6addr fde6::1 32 | {% endfor %} 33 | -------------------------------------------------------------------------------- /profiles/devices/mikrotik_hap-ac2.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: mikrotik_hap-ac2 2 | device: mikrotik_hap-ac2 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-initramfs-kernel.bin" 6 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-squashfs-sysupgrade.bin" 7 | supported: true 8 | 9 | private_radio: 10 | - radio0 11 | - radio1 12 | 13 | channel: 11 14 | # 5ghz note only 20mhz channel widths 15 | five_ghz_channel: 36 16 | 17 | listen_interfaces: 18 | - wan 19 | 20 | # this device has a history of using low vlans and moving them around between 21 | # releases because of that we've moved our own vlans up to 10+ and set it up 22 | # such that port eth0.11 -> the switch (eth0) and port 1 (vlan 11 = 10 + port number 1) 23 | lan_interfaces: "lan1 lan2 lan3 lan4" 24 | 25 | rust_target: armv7-unknown-linux-musleabihf 26 | -------------------------------------------------------------------------------- /firmware-root/etc/uci-defaults/99-set-r2s-macaddr: -------------------------------------------------------------------------------- 1 | # The NanoPi R2S has a non-unique macaddr on its WAN chip. The OpenWRT system generates a unique MAC and saves it in /etc/board.json 2 | # This script will pull it out and set it on the wan interface on first boot 3 | # See https://openwrt.org/docs/guide-developer/uci-defaults for more info on this way to set params at first boot 4 | 5 | # exit early if this is not an r2s 6 | DEVICE=$(grep device /etc/rita.toml | tr -d '"' | sed 's/device = //') 7 | [ "$DEVICE" != "friendlyarm_nanopi-r2s" ] && exit 0 8 | 9 | # get the macaddr from the board.json and insert it into the WAN interface, which is by default named rita_eth0 10 | MAC=`cat /etc/board.json | grep -A 10 network | grep -A 6 wan | grep macaddr | tr -d '"' | sed 's/\t*macaddr: //'` 11 | [ -n "$MAC" ] && { 12 | uci set network.rita_eth0.macaddr=$MAC 13 | uci commit network 14 | } 15 | 16 | exit 0 -------------------------------------------------------------------------------- /profiles/devices/mikrotik_hap-ac3.yml: -------------------------------------------------------------------------------- 1 | conf_to_build: mikrotik_hap-ac3 2 | device: mikrotik_hap-ac3 3 | package_id: arm_cortex-a7_neon-vfpv4 4 | image_paths: 5 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-initramfs-kernel.bin" 6 | - "ipq40xx/mikrotik/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-squashfs-sysupgrade.bin" 7 | supported: true 8 | apply_patches: true 9 | 10 | private_radio: 11 | - radio0 12 | - radio1 13 | 14 | channel: 11 15 | # 5ghz note only 20mhz channel widths 16 | five_ghz_channel: 36 17 | 18 | listen_interfaces: 19 | - wan 20 | 21 | # this device has a history of using low vlans and moving them around between 22 | # releases because of that we've moved our own vlans up to 10+ and set it up 23 | # such that port eth0.11 -> the switch (eth0) and port 1 (vlan 11 = 10 + port number 1) 24 | lan_interfaces: "lan1 lan2 lan3 lan4" 25 | 26 | 27 | rust_target: armv7-unknown-linux-musleabihf 28 | -------------------------------------------------------------------------------- /roles/build-config/templates/n750-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% for interface in listen_interfaces %} 5 | config interface 'rita_{{interface | replace(".","")}}' 6 | option ifname {{interface}} 7 | option proto static 8 | {% endfor %} 9 | config switch 10 | option name 'switch0' 11 | option reset '1' 12 | option enable_vlan '1' 13 | config switch_vlan 14 | option device 'switch0' 15 | option vlan '1' 16 | option ports '1 0t' 17 | config switch_vlan 18 | option device 'switch0' 19 | option vlan '2' 20 | option ports '5 0t' 21 | config switch_vlan 22 | option device 'switch0' 23 | option vlan '3' 24 | option ports '4 0t' 25 | config switch_vlan 26 | option device 'switch0' 27 | option vlan '4' 28 | option ports '2 0t' 29 | config switch_vlan 30 | option device 'switch0' 31 | option vlan '5' 32 | option ports '3 0t' -------------------------------------------------------------------------------- /roles/build-config/templates/edgerouterx-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | config interface 'backhaul6' 22 | option ifname '@backhaul' 23 | option proto {{ 'dhcpv6' if not wan_6proto is defined else wan_6proto }} 24 | {% if wan_ip6addr is defined %} 25 | option ip6addr '{{wan_ip6addr}}' 26 | {% endif %} 27 | 28 | {% for interface in listen_interfaces %} 29 | config interface 'rita_{{interface | replace(".","")}}' 30 | option ifname {{interface}} 31 | option proto static 32 | {% endfor %} 33 | -------------------------------------------------------------------------------- /roles/build-config/templates/ubnt_edgerouter-4-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | config interface 'backhaul6' 22 | option ifname '@backhaul' 23 | option proto {{ 'dhcpv6' if not wan_6proto is defined else wan_6proto }} 24 | {% if wan_ip6addr is defined %} 25 | option ip6addr '{{wan_ip6addr}}' 26 | {% endif %} 27 | 28 | {% for interface in listen_interfaces %} 29 | config interface 'rita_{{interface | replace(".","")}}' 30 | option ifname {{interface}} 31 | option proto static 32 | {% endfor %} -------------------------------------------------------------------------------- /roles/build-config/templates/x86_64-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | config interface 'backhaul6' 22 | option ifname '@backhaul' 23 | option proto {{ 'dhcpv6' if not wan_6proto is defined else wan_6proto }} 24 | {% if wan_ip6addr is defined %} 25 | option ip6addr '{{wan_ip6addr}}' 26 | {% endif %} 27 | 28 | {% for interface in listen_interfaces %} 29 | config interface 'rita_{{interface | replace(".","")}}' 30 | option ifname {{interface}} 31 | option proto static 32 | option ip6addr fde6::1 33 | {% endfor %} 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/edgerouterx-sfp-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | config interface 'backhaul6' 22 | option ifname '@backhaul' 23 | option proto {{ 'dhcpv6' if not wan_6proto is defined else wan_6proto }} 24 | {% if wan_ip6addr is defined %} 25 | option ip6addr '{{wan_ip6addr}}' 26 | {% endif %} 27 | 28 | {% for interface in listen_interfaces %} 29 | config interface 'rita_{{interface | replace(".","")}}' 30 | option ifname {{interface}} 31 | option proto static 32 | {% endfor %} 33 | -------------------------------------------------------------------------------- /roles/build-config/templates/erx-sfp-poe.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/ash 2 | # 3 | # This is a utility script to enable the POE features of this 4 | # edgerouter-x SFP. To enable this script add a line running it 5 | # to /etc/rc.local 6 | 7 | # kernel >= 5.4.33 496 .. 500 become 400 .. 404 8 | 9 | # Turn on POE all ports except eth4(LAN) 10 | # eth0 WAN port 11 | echo "496" > /sys/class/gpio/export 12 | echo "out" > /sys/class/gpio/gpio496/direction 13 | echo "1" > /sys/class/gpio/gpio496/value 14 | #eth1 15 | echo "497" > /sys/class/gpio/export 16 | echo "out" > /sys/class/gpio/gpio497/direction 17 | echo "1" > /sys/class/gpio/gpio497/value 18 | #eth2 19 | echo "498" > /sys/class/gpio/export 20 | echo "out" > /sys/class/gpio/gpio498/direction 21 | echo "1" > /sys/class/gpio/gpio498/value 22 | #eth3 23 | echo "499" > /sys/class/gpio/export 24 | echo "out" > /sys/class/gpio/gpio499/direction 25 | echo "0" > /sys/class/gpio/gpio499/value 26 | #eth4 27 | echo "500" > /sys/class/gpio/export 28 | echo "out" > /sys/class/gpio/gpio500/direction 29 | echo "0" > /sys/class/gpio/gpio500/value 30 | -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_routerboard-750gr3-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | config interface 'backhaul6' 22 | option ifname '@backhaul' 23 | option proto {{ 'dhcpv6' if not wan_6proto is defined else wan_6proto }} 24 | {% if wan_ip6addr is defined %} 25 | option ip6addr '{{wan_ip6addr}}' 26 | {% endif %} 27 | 28 | {% for interface in listen_interfaces %} 29 | config interface 'rita_{{interface | replace(".","")}}' 30 | option ifname {{interface}} 31 | option proto static 32 | {% endfor %} 33 | -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_routerboard-760igs-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | config interface 'backhaul6' 22 | option ifname '@backhaul' 23 | option proto {{ 'dhcpv6' if not wan_6proto is defined else wan_6proto }} 24 | {% if wan_ip6addr is defined %} 25 | option ip6addr '{{wan_ip6addr}}' 26 | {% endif %} 27 | 28 | {% for interface in listen_interfaces %} 29 | config interface 'rita_{{interface | replace(".","")}}' 30 | option ifname {{interface}} 31 | option proto static 32 | {% endfor %} 33 | -------------------------------------------------------------------------------- /roles/build-config/templates/ea6350v3-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_hap-ac2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_hap-ac3-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/netgear_ex6100v2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' 35 | -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_hap-ac3-exit-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{exit_wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{exit_wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-extender-config/templates/mikrotik_hap-ac2-extender-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/ea7300v1-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/ea7300v2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/ea7500v2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ifname 'wlan1' 32 | option ssid '{{wifi_ssid_five_ghz}}' 33 | option encryption '{{wifi_encryption}}' 34 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/dl-wrtx36-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option path 'platform/soc/c000000.wifi' 4 | option channel '{{five_ghz_channel}}' 5 | option band '5g' 6 | option htmode 'HE80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan1' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option path 'platform/soc/c000000.wifi+1' 21 | option channel '{{channel}}' 22 | option band '2g' 23 | option htmode 'HE20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan0' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/prepare-config/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copies in the deltas for the Firmware 3 | 4 | - name: Sync items to be inserted into the root file system 5 | ansible.posix.synchronize: 6 | src: firmware-root/ 7 | dest: "{{source_dir}}/files/" 8 | recursive: true 9 | delete: true 10 | 11 | - name: Check if feeds.conf exists 12 | stat: 13 | path: "{{source_dir }}/feeds.conf" 14 | register: feeds 15 | 16 | - name: Create feeds.conf 17 | copy: 18 | src: "{{source_dir}}/feeds.conf.default" 19 | dest: "{{source_dir}}/feeds.conf" 20 | when: not feeds.stat.exists 21 | 22 | - name: Add custom feeds 23 | lineinfile: 24 | line: "{{item}}" 25 | dest: "{{source_dir}}feeds.conf" 26 | state: present 27 | with_items: "{{feeds_list}}" 28 | 29 | - name: Update feeds 30 | shell: "cd {{source_dir}}; ./scripts/feeds update -a" 31 | 32 | - name: Grab feeds 33 | shell: "cd {{source_dir}}; ./scripts/feeds install -a" 34 | 35 | - name: Copy in config 36 | copy: 37 | src: "config/{{conf_to_build}}" 38 | dest: "{{source_dir}}/.config" 39 | 40 | - name: Build the full config 41 | community.general.make: 42 | chdir: "{{source_dir}}/" 43 | target: defconfig 44 | -------------------------------------------------------------------------------- /roles/build-config/templates/n750-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/ar934x_wmac' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key 'ChangeMe' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'pci0000:00/0000:00:00.0' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan1' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/check-deps/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Determines if the required dependencies are installed 3 | 4 | - name: Install Debian deps 5 | apt: 6 | name: "{{debian_deps}}" 7 | state: present 8 | when: ansible_distribution == 'Debian' 9 | become: true 10 | 11 | - name: Install Ubuntu deps 12 | apt: 13 | name: "{{ubuntu_deps}}" 14 | state: present 15 | when: ansible_distribution == 'Ubuntu' 16 | become: true 17 | 18 | - name: Install Fedora deps 19 | dnf: 20 | name: "{{fedora_deps}}" 21 | state: present 22 | when: ansible_distribution == 'Fedora' 23 | become: true 24 | 25 | - name: Install CentOS/RHEL deps 26 | yum: 27 | name: "{{centos_deps}}" 28 | state: present 29 | when: ansible_distribution == 'Debian' or ansible_distribution == 'Red Hat Enterprise Linux' 30 | become: true 31 | 32 | - name: Install Archlinux Deps 33 | community.general.pacman: 34 | name: "{{arch_deps}}" 35 | state: present 36 | when: ansible_distribution == 'Archlinux' 37 | become: true 38 | 39 | - name: Download rust setup script 40 | command: "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh" 41 | 42 | - name: Install yarn 43 | command: "npm -g install yarn" 44 | -------------------------------------------------------------------------------- /profiles/devices/x86_64.yml: -------------------------------------------------------------------------------- 1 | # Config for generic x86_64 pc's, setup for 5 ports currently. 2 | # as a note PCI cards seem to start with eth0 as the first port on the 3 | # lowest number pci slot card, counting down, then returning to the mobo port 4 | # this may not always hold true 5 | 6 | # To flash just untar the ext4 image and write it to a flash drive 7 | 8 | # used in op tools and althea-firmware-release 9 | device: x86_64 10 | 11 | # used to select which config 12 | conf_to_build: x86_64 13 | 14 | # used in /etc/customfeeds.conf path 15 | package_id: x86_64 16 | 17 | # used to copy images to completed-images upon completion 18 | image_paths: 19 | - "x86/64/openwrt-x86-64-generic-squashfs-combined.img.gz" 20 | - "x86/64/openwrt-x86-64-generic-squashfs-combined-efi.img.gz" 21 | - "x86/64/openwrt-x86-64-generic-squashfs-combined.vdi" 22 | - "x86/64/openwrt-x86-64-generic-squashfs-combined.vmdk" 23 | 24 | supported: true 25 | 26 | listen_interfaces: 27 | - eth2 28 | - eth3 29 | - eth4 30 | - eth5 31 | - eth6 32 | - eth7 33 | - eth8 34 | 35 | lan_interfaces: "eth1" 36 | 37 | # Reference value, see network.j2 to modify 38 | wan_interface: "eth0" 39 | 40 | rust_target: x86_64-unknown-linux-musl 41 | -------------------------------------------------------------------------------- /roles/build-config/templates/aclite-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/qca956x_wmac' 6 | option htmode 'HT20' 7 | option ifname 'wlan0' 8 | option disabled '{{wifi_disabled}}' 9 | 10 | config wifi-iface 'default_radio0' 11 | option device 'radio0' 12 | option network 'lan' 13 | option mode 'ap' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key 'ChangeMe' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'pci0000:00/0000:00:00.0' 23 | option htmode 'VHT80' 24 | option ifname 'wlan1' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/glb1300-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key 'ChangeMe' 16 | option ifname 'wlan0' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ssid '{{wifi_ssid_five_ghz}}' 31 | option encryption '{{wifi_encryption}}' 32 | option key '{{wifi_key}}' 33 | option ifname 'wlan1' -------------------------------------------------------------------------------- /roles/build-config/templates/tplinkc7v2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio1' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/qca955x_wmac' 6 | option htmode 'HT20' 7 | option ifname 'wlan1' 8 | option disabled '{{wifi_disabled}}' 9 | 10 | config wifi-iface 'default_radio1' 11 | option device 'radio1' 12 | option network 'lan' 13 | option mode 'ap' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio0' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'pci0000:01/0000:01:00.0' 23 | option htmode 'VHT80' 24 | option ifname 'wlan0' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | config wifi-iface 'default_radio0' 28 | option device 'radio0' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/glb1300-exit-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{exit_wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key 'ChangeMe' 16 | option ifname 'wlan0' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ssid '{{exit_wifi_ssid_five_ghz}}' 31 | option encryption '{{wifi_encryption}}' 32 | option key '{{wifi_key}}' 33 | option ifname 'wlan1' -------------------------------------------------------------------------------- /roles/build-extender-config/templates/glb1300-extender-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'platform/soc/a000000.wifi' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ssid '{{wifi_ssid_two_ghz}}' 14 | option encryption '{{wifi_encryption}}' 15 | option key 'ChangeMe' 16 | option ifname 'wlan0' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'platform/soc/a800000.wifi' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ssid '{{wifi_ssid_five_ghz}}' 31 | option encryption '{{wifi_encryption}}' 32 | option key '{{wifi_key}}' 33 | option ifname 'wlan1' -------------------------------------------------------------------------------- /roles/build-config/templates/babeld.j2: -------------------------------------------------------------------------------- 1 | package babeld 2 | 3 | config general 4 | option 'random-id' 'true' 5 | option 'debug' '0' 6 | ## Even though babeld wants log-file uci needs log_file 7 | option 'log_file' '/var/log/babeld.log' 8 | ## Enable ipv6-subtrees by default since OpenWrt should ship with a 9 | ## recent enough kernel for it to work. 10 | option 'ipv6_subtrees' 'true' 11 | option 'fee' '{{default_price}}' 12 | option 'local_port_readwrite' '6872' 13 | 14 | ## default per-interface options 15 | config interface 16 | option 'enable_timestamps' 'true' 17 | option 'max_rtt_penalty' '2000' 18 | 19 | config interface 20 | option 'ifname' 'fake_interface' 21 | option 'hello_interval' '4' 22 | 23 | config filter 24 | option 'type' 'redistribute' 25 | option 'eq' '128' 26 | option 'action' 'allow' 27 | 28 | config filter 29 | option 'type' 'out' 30 | option 'eq' '128' 31 | option 'action' 'allow' 32 | 33 | ## Does not share internal addresses 34 | config filter 35 | option 'type' 'redistribute' 36 | option 'local' 'true' 37 | option 'action' 'deny' 38 | -------------------------------------------------------------------------------- /roles/build-config/templates/gl-mt6000-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option path 'platform/soc/18000000.wifi' 4 | option channel '{{channel}}' 5 | option band '2g' 6 | option htmode 'HE40' 7 | option disabled '{{wifi_disabled}}' 8 | option country 'US' 9 | option legacy_rates '0' 10 | 11 | config wifi-iface 'default_radio0' 12 | option device 'radio0' 13 | option network 'lan' 14 | option mode 'ap' 15 | option ssid '{{wifi_ssid_two_ghz}}' 16 | option encryption '{{wifi_encryption}}' 17 | option key '{{wifi_key}}' 18 | option wds '1' 19 | option isolate '0' 20 | option ifname 'wlan0' 21 | 22 | config wifi-device 'radio1' 23 | option type 'mac80211' 24 | option path 'platform/soc/18000000.wifi+1' 25 | option channel '{{five_ghz_channel}}' 26 | option band '5g' 27 | option htmode 'HE80' 28 | option disabled '0' 29 | option country 'US' 30 | option legacy_rates '0' 31 | 32 | config wifi-iface 'default_radio1' 33 | option device 'radio1' 34 | option network 'lan' 35 | option mode 'ap' 36 | option ssid '{{wifi_ssid_five_ghz}}' 37 | option encryption '{{wifi_encryption}}' 38 | option key '{{wifi_key}}' 39 | option wds '1' 40 | option isolate '0' 41 | option ifname 'wlan1' 42 | -------------------------------------------------------------------------------- /roles/build-config/templates/gl-mt6000-exit-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option path 'platform/soc/18000000.wifi' 4 | option channel '{{channel}}' 5 | option band '2g' 6 | option htmode 'HE40' 7 | option disabled '{{wifi_disabled}}' 8 | option country 'US' 9 | option legacy_rates '0' 10 | 11 | config wifi-iface 'default_radio0' 12 | option device 'radio0' 13 | option network 'lan' 14 | option mode 'ap' 15 | option ssid '{{exit_wifi_ssid_two_ghz}}' 16 | option encryption '{{wifi_encryption}}' 17 | option key '{{wifi_key}}' 18 | option wds '1' 19 | option isolate '0' 20 | option ifname 'wlan0' 21 | 22 | config wifi-device 'radio1' 23 | option type 'mac80211' 24 | option path 'platform/soc/18000000.wifi+1' 25 | option channel '{{five_ghz_channel}}' 26 | option band '5g' 27 | option htmode 'HE80' 28 | option disabled '0' 29 | option country 'US' 30 | option legacy_rates '0' 31 | 32 | config wifi-iface 'default_radio1' 33 | option device 'radio1' 34 | option network 'lan' 35 | option mode 'ap' 36 | option ssid '{{exit_wifi_ssid_five_ghz}}' 37 | option encryption '{{wifi_encryption}}' 38 | option key '{{wifi_key}}' 39 | option wds '1' 40 | option isolate '0' 41 | option ifname 'wlan1' 42 | -------------------------------------------------------------------------------- /profiles/exit/x86_64.yml: -------------------------------------------------------------------------------- 1 | # Config for generic x86_64 pc's as an exit, setup for 5 ports currently. 2 | # as a note PCI cards seem to start with eth0 as the first port on the 3 | # lowest number pci slot card, counting down, then returning to the mobo port 4 | # this may not always hold true 5 | 6 | # To flash just untar the ext4 image and write it to a flash drive or internal disk 7 | rita_type: "exit" 8 | 9 | # used to select which config 10 | conf_to_build: x86_64-exit 11 | 12 | # used in op tools and althea-firmware-release 13 | device: x86_64 14 | 15 | # used in /etc/customfeeds.conf path 16 | package_id: x86_64 17 | 18 | # used to copy images to completed-images upon completion 19 | image_paths: 20 | - "x86/64/openwrt-x86-64-generic-squashfs-combined.img.gz" 21 | - "x86/64/openwrt-x86-64-generic-squashfs-combined-efi.img.gz" 22 | - "x86/64/openwrt-x86-64-generic-squashfs-combined.vdi" 23 | - "x86/64/openwrt-x86-64-generic-squashfs-combined.vmdk" 24 | 25 | supported: true 26 | 27 | listen_interfaces: 28 | - eth2 29 | - eth3 30 | - eth4 31 | - eth5 32 | - eth6 33 | - eth7 34 | - eth8 35 | 36 | lan_interfaces: "eth1" 37 | 38 | # Reference value, see network.j2 to modify 39 | wan_interface: "eth0" 40 | 41 | rust_target: x86_64-unknown-linux-musl 42 | -------------------------------------------------------------------------------- /roles/build-config/templates/wrt1900acs-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{five_ghz_channel}}' 4 | option hwmode '11a' 5 | option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0' 6 | option htmode 'VHT80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan1' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{channel}}' 21 | option hwmode '11g' 22 | option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan0' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | 35 | -------------------------------------------------------------------------------- /roles/build-config/templates/tplinka6v3-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'HT20' 7 | option ifname 'wlan0' 8 | option disabled '{{wifi_disabled}}' 9 | 10 | config wifi-iface 'default_radio0' 11 | option device 'radio0' 12 | option network 'lan' 13 | option mode 'ap' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' 23 | option htmode 'VHT80' 24 | option ifname 'wlan1' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/cudy_wr2100-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'HT20' 7 | option ifname 'wlan0' 8 | option disabled '{{wifi_disabled}}' 9 | 10 | config wifi-iface 'default_radio0' 11 | option device 'radio0' 12 | option network 'lan' 13 | option mode 'ap' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' 23 | option htmode 'VHT80' 24 | option ifname 'wlan1' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/linksys_e5600-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'HT20' 7 | option ifname 'wlan0' 8 | option disabled '{{wifi_disabled}}' 9 | 10 | config wifi-iface 'default_radio0' 11 | option device 'radio0' 12 | option network 'lan' 13 | option mode 'ap' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' 23 | option htmode 'VHT80' 24 | option ifname 'wlan1' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | config wifi-iface 'default_radio1' 28 | option device 'radio1' 29 | option network 'lan' 30 | option mode 'ap' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/netgear_r7800-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{five_ghz_channel}}' 4 | option hwmode '11a' 5 | option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'VHT80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan1' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{channel}}' 21 | option hwmode '11g' 22 | option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan0' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | 35 | -------------------------------------------------------------------------------- /roles/build-config/templates/wrt1900ac-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{channel}}' 4 | option hwmode '11g' 5 | option path 'soc/soc:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0' 6 | option htmode 'HT20' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_two_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{five_ghz_channel}}' 21 | option hwmode '11a' 22 | option path 'soc/soc:pcie@82000000/pci0000:00/0000:00:03.0/0000:03:00.0' 23 | option htmode 'VHT80' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan1' 31 | option ssid '{{wifi_ssid_five_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | -------------------------------------------------------------------------------- /roles/build-config/templates/tplinkc7v2-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | #config interface 'backhaul' 5 | # option ifname 'eth0.1' 6 | # option proto 'dhcp' 7 | # option ip6assign '60' 8 | 9 | config interface 'backhaul6' 10 | option ifname '@backhaul' 11 | option proto 'dhcpv6' 12 | 13 | 14 | {% for interface in listen_interfaces %} 15 | config interface 'rita_{{interface | replace(".","")}}' 16 | option ifname {{interface}} 17 | option proto static 18 | {% endfor %} 19 | 20 | config switch 21 | option name 'switch0' 22 | option reset '1' 23 | option enable_vlan '1' 24 | 25 | config switch_vlan 26 | option device 'switch0' 27 | option vlan '2' 28 | option ports '2 0t' 29 | config switch_vlan 30 | option device 'switch0' 31 | option vlan '3' 32 | option ports '3 0t' 33 | config switch_vlan 34 | option device 'switch0' 35 | option vlan '4' 36 | option ports '4 0t' 37 | config switch_vlan 38 | option device 'switch0' 39 | option vlan '5' 40 | option ports '5 0t' 41 | 42 | # WAN 43 | config switch_vlan 44 | option device 'switch0' 45 | option vlan '1' 46 | option ports '1 6t' 47 | -------------------------------------------------------------------------------- /roles/build-config/templates/gl-mt6000-exit-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | {% if wan_interface is defined %} 22 | config interface 'backhaul' 23 | option ifname '{{wan_interface}}' 24 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 25 | {% if wan_ipaddr is defined %} 26 | option ipaddr '{{wan_ipaddr}}' 27 | {% endif %} 28 | {% if wan_gateway is defined %} 29 | option gateway '{{wan_gateway}}' 30 | {% endif %} 31 | {% if wan_dns is defined %} 32 | {% for dns in wan_dns %} 33 | list dns '{{dns}}' 34 | {% endfor %} 35 | {% endif %} 36 | {% endif %} 37 | 38 | {% for interface in listen_interfaces %} 39 | config interface 'rita_{{interface | replace(".","")}}' 40 | option ifname {{interface}} 41 | option proto static 42 | {% endfor %} 43 | -------------------------------------------------------------------------------- /roles/build-config/templates/glb1300-exit-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | {% if wan_interface is defined %} 22 | config interface 'backhaul' 23 | option ifname '{{wan_interface}}' 24 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 25 | {% if wan_ipaddr is defined %} 26 | option ipaddr '{{wan_ipaddr}}' 27 | {% endif %} 28 | {% if wan_gateway is defined %} 29 | option gateway '{{wan_gateway}}' 30 | {% endif %} 31 | {% if wan_dns is defined %} 32 | {% for dns in wan_dns %} 33 | list dns '{{dns}}' 34 | {% endfor %} 35 | {% endif %} 36 | {% endif %} 37 | 38 | {% for interface in listen_interfaces %} 39 | config interface 'rita_{{interface | replace(".","")}}' 40 | option ifname {{interface}} 41 | option proto static 42 | {% endfor %} 43 | -------------------------------------------------------------------------------- /roles/build-config/templates/mikrotik_hap-ac3-exit-network.j2: -------------------------------------------------------------------------------- 1 | config globals 'globals' 2 | option ula_prefix 'auto' 3 | 4 | {% if wan_interface is defined %} 5 | config interface 'backhaul' 6 | option ifname '{{wan_interface}}' 7 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 8 | {% if wan_ipaddr is defined %} 9 | option ipaddr '{{wan_ipaddr}}' 10 | {% endif %} 11 | {% if wan_gateway is defined %} 12 | option gateway '{{wan_gateway}}' 13 | {% endif %} 14 | {% if wan_dns is defined %} 15 | {% for dns in wan_dns %} 16 | list dns '{{dns}}' 17 | {% endfor %} 18 | {% endif %} 19 | {% endif %} 20 | 21 | {% if wan_interface is defined %} 22 | config interface 'backhaul' 23 | option ifname '{{wan_interface}}' 24 | option proto {{ 'dhcp' if not wan_proto is defined else wan_proto }} 25 | {% if wan_ipaddr is defined %} 26 | option ipaddr '{{wan_ipaddr}}' 27 | {% endif %} 28 | {% if wan_gateway is defined %} 29 | option gateway '{{wan_gateway}}' 30 | {% endif %} 31 | {% if wan_dns is defined %} 32 | {% for dns in wan_dns %} 33 | list dns '{{dns}}' 34 | {% endfor %} 35 | {% endif %} 36 | {% endif %} 37 | 38 | {% for interface in listen_interfaces %} 39 | config interface 'rita_{{interface | replace(".","")}}' 40 | option ifname {{interface}} 41 | option proto static 42 | {% endfor %} 43 | -------------------------------------------------------------------------------- /.github/workflows/ansible-lint.yml: -------------------------------------------------------------------------------- 1 | name: Ansible linting 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | - master 8 | pull_request: 9 | 10 | jobs: 11 | # Runs a syntax check only for the playbooks 12 | syntax-basic: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v2 16 | - name: Syntax check playbooks 17 | run: | 18 | pip3 install --user ansible 19 | ansible-playbook -i hosts --syntax-check --list-tasks *.yml 20 | # Runs a syntax check for all maangement and router combinations 21 | syntax-all: 22 | runs-on: ubuntu-latest 23 | strategy: 24 | matrix: 25 | management: ["althea-dev.yml", "althea-packages.yml", "althea-release.yml", "hawk-managed.yml"] 26 | router: ["x86_64.yml", "nanopi-r2s.yml", "wrt3200acm.yml", "wrt32x.yml", "wrt1900acs.yml", "dl-wrtx36.yml", "glb1300.yml", "ea6350v3.yml", "mr8300.yml", "ea8300.yml", "mikrotik_hap-ac2.yml", "mikrotik_hap-ac3.yml", "netgear_ex6100v2.yml", "pi4-64.yml"] 27 | steps: 28 | - uses: actions/checkout@v2 29 | - name: Syntax check playbooks 30 | run: | 31 | pip3 install --user ansible 32 | ansible-playbook -i hosts --syntax-check -e @profiles/devices/${{matrix.router}} -e @profiles/management/${{matrix.management}} --list-tasks *.yml -------------------------------------------------------------------------------- /firmware-root/etc/config/dhcp: -------------------------------------------------------------------------------- 1 | config dnsmasq 2 | option domainneeded '1' 3 | option boguspriv '0' 4 | option filterwin2k '0' 5 | option localise_queries '0' 6 | option rebind_protection '1' 7 | option rebind_localhost '1' 8 | option local '/lan/' 9 | option domain 'lan' 10 | option expandhosts '1' 11 | option nonegcache '0' 12 | option authoritative '1' 13 | option readethers '0' 14 | option leasefile '/tmp/dhcp.leases' 15 | option resolvfile '/etc/resolv.conf' 16 | option nonwildcard '1' 17 | option localservice '1' 18 | option cachesize '1000' 19 | list server '172.168.0.254' 20 | list server '1.1.1.1' 21 | list server '8.8.8.8' 22 | list server '2606:4700:4700::1111' 23 | list server '2001:4860:4860::8888' 24 | 25 | config dhcp 'lan' 26 | option interface 'lan' 27 | option start '100' 28 | option limit '150' 29 | option leasetime '5d' 30 | option dhcpv6 'server' 31 | option ra 'server' 32 | 33 | config dhcp 'pbs' 34 | option interface 'pbs' 35 | option start '100' 36 | option limit '150' 37 | option leasetime '1d' 38 | option dhcpv6 'server' 39 | option ra 'server' 40 | 41 | config dhcp 'backhaul' 42 | option interface 'backhaul' 43 | option ignore '1' 44 | 45 | config odhcpd 'odhcpd' 46 | option maindhcp '0' 47 | option leasefile '/tmp/hosts/odhcpd' 48 | option leasetrigger '/usr/sbin/odhcpd-update' 49 | option loglevel '4' 50 | -------------------------------------------------------------------------------- /roles/build-config/templates/ea8300-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio2' 2 | option type 'mac80211' 3 | option channel '149' 4 | option hwmode '11a' 5 | option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'VHT80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio2' 10 | option device 'radio2' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan2' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | 19 | config wifi-device 'radio1' 20 | option type 'mac80211' 21 | option channel '{{channel}}' 22 | option hwmode '11g' 23 | option path 'platform/soc/a000000.wifi' 24 | option htmode 'HT20' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | 28 | config wifi-iface 'default_radio1' 29 | option device 'radio1' 30 | option network 'lan' 31 | option mode 'ap' 32 | option ifname 'wlan1' 33 | option ssid '{{wifi_ssid_two_ghz}}' 34 | option encryption '{{wifi_encryption}}' 35 | option key '{{wifi_key}}' 36 | 37 | 38 | config wifi-device 'radio0' 39 | option type 'mac80211' 40 | option channel '{{five_ghz_channel}}' 41 | option hwmode '11a' 42 | option path 'platform/soc/a800000.wifi' 43 | option htmode 'VHT80' 44 | option disabled '{{wifi_disabled}}' 45 | 46 | config wifi-iface 'default_radio0' 47 | option device 'radio0' 48 | option network 'lan' 49 | option mode 'ap' 50 | option ifname 'wlan0' 51 | option ssid '{{wifi_ssid_five_ghz}}' 52 | option encryption '{{wifi_encryption}}' 53 | option key '{{wifi_key}}' 54 | 55 | -------------------------------------------------------------------------------- /roles/build-config/templates/mr8300-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio2' 2 | option type 'mac80211' 3 | option channel '149' 4 | option hwmode '11a' 5 | option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0' 6 | option htmode 'VHT80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio2' 10 | option device 'radio2' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan2' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | 19 | config wifi-device 'radio1' 20 | option type 'mac80211' 21 | option channel '{{channel}}' 22 | option hwmode '11g' 23 | option path 'platform/soc/a000000.wifi' 24 | option htmode 'HT20' 25 | option disabled '{{wifi_disabled}}' 26 | 27 | 28 | config wifi-iface 'default_radio1' 29 | option device 'radio1' 30 | option network 'lan' 31 | option mode 'ap' 32 | option ifname 'wlan1' 33 | option ssid '{{wifi_ssid_two_ghz}}' 34 | option encryption '{{wifi_encryption}}' 35 | option key '{{wifi_key}}' 36 | 37 | 38 | config wifi-device 'radio0' 39 | option type 'mac80211' 40 | option channel '{{five_ghz_channel}}' 41 | option hwmode '11a' 42 | option path 'platform/soc/a800000.wifi' 43 | option htmode 'VHT80' 44 | option disabled '{{wifi_disabled}}' 45 | 46 | config wifi-iface 'default_radio0' 47 | option device 'radio0' 48 | option network 'lan' 49 | option mode 'ap' 50 | option ifname 'wlan0' 51 | option ssid '{{wifi_ssid_five_ghz}}' 52 | option encryption '{{wifi_encryption}}' 53 | option key '{{wifi_key}}' 54 | 55 | -------------------------------------------------------------------------------- /profiles/management/hawk-managed.yml: -------------------------------------------------------------------------------- 1 | # This profile is used by Hawk Networks INC for normal operations, so remote access is enabled and 2 | # ssh keys are inserted, you can use this as a template to build your own managed images 3 | 4 | default_exit: "test" 5 | insert_keys: true 6 | logging_enabled: true 7 | logging_level: "INFO" 8 | keys_to_insert: 9 | - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIClZDyDmJt6iR30PBlEII9EpwDPfpKB4Lnw+R5TnlRGSAAAABHNzaDo= chiara@althea.systems" 10 | - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPaVT0XU/17bA7nMQTZb19cwxHNyy3pJE148I5QDAb9qAAAABHNzaDo= justin-primary@althea.net" 11 | - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICwZzBR9ygQUbLSgXPNhhA6A/2f12MeUUduVwkaVh6+kAAAABHNzaDo= justin-secondary@althea.net" 12 | - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBR8P2K6fwUSJiygGEYjnQej9q96CfTdCB4s+u+2kMwYAAAABHNzaDo= justin-tertiary@althea.net" 13 | - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKIHutGmtkioT2o+EkmgakH0gv8Zyl83KuqU5v73UineAAAABHNzaDo= thomas-primary@althea.systems" 14 | - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPlLsiBAHAtJindxr9j9sLKlnwzY5t2U+FVuyuU5BqIQAAAABHNzaDo= thomas-secondary@althea.systems" 15 | wifi_ssid_two_ghz: AltheaHome-2 16 | wifi_ssid_five_ghz: AltheaHome-5 17 | exit_wifi_ssid_two_ghz: AltheaExit-2 18 | exit_wifi_ssid_five_ghz: AltheaExit-5 19 | wifi_disabled: 0 20 | wifi_key: ChangeMe 21 | copy_images: true 22 | # enables alterante reset button behavior, specifically instead of 23 | # resetting the device by deleting all overlay data it will reset the wifi config 24 | # and rita dashboard password, allowing access to the device without erasing it's data 25 | reset_button_alt: true 26 | 27 | password_auth: "no" 28 | 29 | release_feed: "" 30 | remote_mesh_access: true 31 | image_prefix: "hawk-managed-" 32 | -------------------------------------------------------------------------------- /roles/build-config/templates/wrt3200acm-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{five_ghz_channel}}' 4 | option hwmode '11a' 5 | option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0' 6 | option htmode 'VHT40' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan1' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{channel}}' 21 | option hwmode '11g' 22 | option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan0' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | 35 | config wifi-device 'radio2' 36 | option type 'mac80211' 37 | option channel '{{five_ghz_channel}}' 38 | option hwmode '11a' 39 | option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1' 40 | option htmode 'VHT40' 41 | option disabled '{{wifi_disabled}}' 42 | 43 | config wifi-iface 'default_radio2' 44 | option device 'radio2' 45 | option network 'lan' 46 | option ifname 'wlan2' 47 | option mode 'ap' 48 | option ssid '{{wifi_ssid_five_ghz}}' 49 | option encryption '{{wifi_encryption}}' 50 | option key '{{wifi_key}}' 51 | -------------------------------------------------------------------------------- /roles/build-config/templates/wrt32x-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option channel '{{five_ghz_channel}}' 4 | option hwmode '11a' 5 | option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0' 6 | option htmode 'VHT40' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan1' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option channel '{{channel}}' 21 | option hwmode '11g' 22 | option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan0' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | 35 | config wifi-device 'radio2' 36 | option type 'mac80211' 37 | option channel '{{five_ghz_channel}}' 38 | option hwmode '11a' 39 | option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1' 40 | option htmode 'VHT40' 41 | option disabled '{{wifi_disabled}}' 42 | 43 | config wifi-iface 'default_radio2' 44 | option device 'radio2' 45 | option network 'lan' 46 | option ifname 'wlan2' 47 | option mode 'ap' 48 | option ssid '{{wifi_ssid_five_ghz}}' 49 | option encryption '{{wifi_encryption}}' 50 | option key '{{wifi_key}}' 51 | -------------------------------------------------------------------------------- /scripts/build-managed-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eux 3 | cd $(dirname $0)/.. 4 | export SERVER=updates 5 | export HTTP_DIR=/usr/share/nginx/html/ 6 | 7 | # desktops / servers 8 | ansible-playbook -e @profiles/devices/x86_64.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 9 | 10 | # rockchip 11 | ansible-playbook -e @profiles/devices/nanopi-r2s.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 12 | 13 | # mvebu 14 | ansible-playbook -e @profiles/devices/wrt3200acm.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 15 | ansible-playbook -e @profiles/devices/wrt32x.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 16 | ansible-playbook -e @profiles/devices/wrt1900acs.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 17 | 18 | # ipq807x 19 | ansible-playbook -e @profiles/devices/dl-wrtx36.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 20 | ansible-playbook -e @profiles/devices/gl-mt6000.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 21 | 22 | # ipq40xx 23 | ansible-playbook -e @profiles/devices/glb1300.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 24 | ansible-playbook -e @profiles/devices/ea6350v3.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 25 | ansible-playbook -e @profiles/devices/mr8300.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 26 | ansible-playbook -e @profiles/devices/ea8300.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 27 | ansible-playbook -e @profiles/devices/mikrotik_hap-ac2.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 28 | ansible-playbook -e @profiles/devices/mikrotik_hap-ac3.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 29 | ansible-playbook -e @profiles/devices/netgear_ex6100v2.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 30 | ansible-playbook -e @profiles/devices/linksys-whw03v2.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 31 | 32 | #broadcom 33 | ansible-playbook -e @profiles/devices/pi4-64.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 34 | 35 | # ipq40xx on openwrt master 36 | ansible-playbook -e @profiles/devices/linksys-whw03.yml -e @profiles/management/hawk-managed.yml firmware-build.yml 37 | -------------------------------------------------------------------------------- /scripts/build-default-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eux 3 | cd $(dirname $0)/.. 4 | export SERVER=updates 5 | export HTTP_DIR=/usr/share/nginx/html/ 6 | 7 | # desktops / servers 8 | ansible-playbook -e @profiles/devices/x86_64.yml -e @profiles/management/althea-release.yml firmware-build.yml 9 | 10 | # rockchip 11 | ansible-playbook -e @profiles/devices/nanopi-r2s.yml -e @profiles/management/althea-release.yml firmware-build.yml 12 | 13 | # mvebu 14 | ansible-playbook -e @profiles/devices/wrt3200acm.yml -e @profiles/management/althea-release.yml firmware-build.yml 15 | ansible-playbook -e @profiles/devices/wrt32x.yml -e @profiles/management/althea-release.yml firmware-build.yml 16 | ansible-playbook -e @profiles/devices/wrt1900acs.yml -e @profiles/management/althea-release.yml firmware-build.yml 17 | 18 | # aarch64 19 | ansible-playbook -e @profiles/devices/dl-wrtx36.yml -e @profiles/management/althea-release.yml firmware-build.yml 20 | ansible-playbook -e @profiles/devices/gl-mt6000.yml -e @profiles/management/althea-release.yml firmware-build.yml 21 | 22 | # ipq40xx 23 | ansible-playbook -e @profiles/devices/glb1300.yml -e @profiles/management/althea-release.yml firmware-build.yml 24 | ansible-playbook -e @profiles/devices/ea6350v3.yml -e @profiles/management/althea-release.yml firmware-build.yml 25 | ansible-playbook -e @profiles/devices/mr8300.yml -e @profiles/management/althea-release.yml firmware-build.yml 26 | ansible-playbook -e @profiles/devices/ea8300.yml -e @profiles/management/althea-release.yml firmware-build.yml 27 | ansible-playbook -e @profiles/devices/mikrotik_hap-ac2.yml -e @profiles/management/althea-release.yml firmware-build.yml 28 | ansible-playbook -e @profiles/devices/mikrotik_hap-ac3.yml -e @profiles/management/althea-release.yml firmware-build.yml 29 | ansible-playbook -e @profiles/devices/linksys-whw03v2.yml -e @profiles/management/althea-release.yml firmware-build.yml 30 | ansible-playbook -e @profiles/devices/netgear_ex6100v2.yml -e @profiles/management/althea-release.yml firmware-build.yml 31 | 32 | #broadcom 33 | ansible-playbook -e @profiles/devices/pi4-64.yml -e @profiles/management/althea-release.yml firmware-build.yml 34 | 35 | # ipq40xx on openwrt master 36 | ansible-playbook -e @profiles/devices/linksys-whw03.yml -e @profiles/management/althea-release.yml firmware-build.yml 37 | -------------------------------------------------------------------------------- /config/linksys_whw03v2: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_linksys_whw03v2=y 4 | CONFIG_IFSTAT_SNMP=y 5 | CONFIG_LIBCURL_COOKIES=y 6 | CONFIG_LIBCURL_FILE=y 7 | CONFIG_LIBCURL_FTP=y 8 | CONFIG_LIBCURL_HTTP=y 9 | CONFIG_LIBCURL_MBEDTLS=y 10 | CONFIG_LIBCURL_NGHTTP2=y 11 | CONFIG_LIBCURL_NO_SMB="!" 12 | CONFIG_LIBCURL_PROXY=y 13 | CONFIG_LIBCURL_UNIX_SOCKETS=y 14 | CONFIG_OPENSSL_ENGINE=y 15 | CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y 16 | CONFIG_OPENSSL_WITH_ASM=y 17 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 18 | CONFIG_OPENSSL_WITH_CMS=y 19 | CONFIG_OPENSSL_WITH_DEPRECATED=y 20 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 21 | CONFIG_OPENSSL_WITH_IDEA=y 22 | CONFIG_OPENSSL_WITH_MDC2=y 23 | CONFIG_OPENSSL_WITH_PSK=y 24 | CONFIG_OPENSSL_WITH_SEED=y 25 | CONFIG_OPENSSL_WITH_SRP=y 26 | CONFIG_OPENSSL_WITH_TLS13=y 27 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 28 | CONFIG_PACKAGE_althea-babeld=y 29 | CONFIG_PACKAGE_althea-cron-jobs=y 30 | CONFIG_PACKAGE_althea-dash=y 31 | CONFIG_PACKAGE_althea-rust-binaries=y 32 | CONFIG_PACKAGE_althea-tools=y 33 | CONFIG_PACKAGE_ca-certificates=y 34 | CONFIG_PACKAGE_curl=y 35 | CONFIG_PACKAGE_ifstat=y 36 | CONFIG_PACKAGE_iftop=y 37 | CONFIG_PACKAGE_iperf3=y 38 | CONFIG_PACKAGE_ipset=y 39 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 40 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 41 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 42 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 43 | CONFIG_PACKAGE_kmod-ipt-core=y 44 | CONFIG_PACKAGE_kmod-ipt-ipset=y 45 | CONFIG_PACKAGE_kmod-nf-ipt=y 46 | CONFIG_PACKAGE_kmod-sched-cake=y 47 | CONFIG_PACKAGE_kmod-sched-core=y 48 | CONFIG_PACKAGE_kmod-udptunnel4=y 49 | CONFIG_PACKAGE_kmod-udptunnel6=y 50 | CONFIG_PACKAGE_kmod-wireguard=y 51 | CONFIG_PACKAGE_libatomic=y 52 | CONFIG_PACKAGE_libcurl=y 53 | CONFIG_PACKAGE_libiperf3=y 54 | CONFIG_PACKAGE_libipset=y 55 | CONFIG_PACKAGE_libncurses=y 56 | CONFIG_PACKAGE_libnetsnmp=y 57 | CONFIG_PACKAGE_libnghttp2=y 58 | CONFIG_PACKAGE_libopenssl=y 59 | CONFIG_PACKAGE_libpcap=y 60 | CONFIG_PACKAGE_libpci=y 61 | CONFIG_PACKAGE_libpcre2=y 62 | CONFIG_PACKAGE_libustream-mbedtls=m 63 | CONFIG_PACKAGE_libustream-openssl=y 64 | CONFIG_PACKAGE_mtr-nojson=y 65 | CONFIG_PACKAGE_nano=y 66 | CONFIG_PACKAGE_rpcd=y 67 | CONFIG_PACKAGE_tc-tiny=y 68 | CONFIG_PACKAGE_tcpdump=y 69 | CONFIG_PACKAGE_terminfo=y 70 | CONFIG_PACKAGE_uhttpd=y 71 | CONFIG_PACKAGE_wireguard-tools=y 72 | CONFIG_PCRE2_JIT_ENABLED=y 73 | -------------------------------------------------------------------------------- /config/linksys_whw03: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_generic=y 3 | CONFIG_TARGET_ipq40xx_generic_DEVICE_linksys_whw03=y 4 | CONFIG_HTOP_LMSENSORS=y 5 | CONFIG_IFSTAT_SNMP=y 6 | CONFIG_LIBCURL_COOKIES=y 7 | CONFIG_LIBCURL_FILE=y 8 | CONFIG_LIBCURL_FTP=y 9 | CONFIG_LIBCURL_HTTP=y 10 | CONFIG_LIBCURL_MBEDTLS=y 11 | CONFIG_LIBCURL_NGHTTP2=y 12 | CONFIG_LIBCURL_NO_SMB="!" 13 | CONFIG_LIBCURL_PROXY=y 14 | CONFIG_LIBCURL_UNIX_SOCKETS=y 15 | CONFIG_OPENSSL_ENGINE=y 16 | CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y 17 | CONFIG_OPENSSL_WITH_ASM=y 18 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 19 | CONFIG_OPENSSL_WITH_CMS=y 20 | CONFIG_OPENSSL_WITH_DEPRECATED=y 21 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 22 | CONFIG_OPENSSL_WITH_IDEA=y 23 | CONFIG_OPENSSL_WITH_MDC2=y 24 | CONFIG_OPENSSL_WITH_PSK=y 25 | CONFIG_OPENSSL_WITH_SEED=y 26 | CONFIG_OPENSSL_WITH_SRP=y 27 | CONFIG_OPENSSL_WITH_TLS13=y 28 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 29 | CONFIG_PACKAGE_althea-babeld=y 30 | CONFIG_PACKAGE_althea-cron-jobs=y 31 | CONFIG_PACKAGE_althea-dash=y 32 | CONFIG_PACKAGE_althea-rust-binaries=y 33 | CONFIG_PACKAGE_althea-tools=y 34 | CONFIG_PACKAGE_ca-certificates=y 35 | CONFIG_PACKAGE_curl=y 36 | CONFIG_PACKAGE_htop=y 37 | CONFIG_PACKAGE_ifstat=y 38 | CONFIG_PACKAGE_iftop=y 39 | CONFIG_PACKAGE_iperf3=y 40 | CONFIG_PACKAGE_ipset=y 41 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 42 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 43 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 44 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 45 | CONFIG_PACKAGE_kmod-ipt-core=y 46 | CONFIG_PACKAGE_kmod-ipt-ipset=y 47 | CONFIG_PACKAGE_kmod-nf-ipt=y 48 | CONFIG_PACKAGE_kmod-sched-cake=y 49 | CONFIG_PACKAGE_kmod-sched-core=y 50 | CONFIG_PACKAGE_kmod-udptunnel4=y 51 | CONFIG_PACKAGE_kmod-udptunnel6=y 52 | CONFIG_PACKAGE_kmod-wireguard=y 53 | CONFIG_PACKAGE_libatomic=y 54 | CONFIG_PACKAGE_libcurl=y 55 | CONFIG_PACKAGE_libiperf3=y 56 | CONFIG_PACKAGE_libipset=y 57 | CONFIG_PACKAGE_libncurses=y 58 | CONFIG_PACKAGE_libnetsnmp=y 59 | CONFIG_PACKAGE_libnghttp2=y 60 | CONFIG_PACKAGE_libopenssl=y 61 | CONFIG_PACKAGE_libpcap=y 62 | CONFIG_PACKAGE_libpci=y 63 | CONFIG_PACKAGE_libpcre2=y 64 | CONFIG_PACKAGE_libustream-mbedtls=m 65 | CONFIG_PACKAGE_libustream-openssl=y 66 | CONFIG_PACKAGE_mtr-nojson=y 67 | CONFIG_PACKAGE_nano=y 68 | CONFIG_PACKAGE_rpcd=y 69 | CONFIG_PACKAGE_tc-tiny=y 70 | CONFIG_PACKAGE_tcpdump=y 71 | CONFIG_PACKAGE_terminfo=y 72 | CONFIG_PACKAGE_uhttpd=y 73 | CONFIG_PACKAGE_wireguard-tools=y 74 | CONFIG_PCRE2_JIT_ENABLED=y 75 | -------------------------------------------------------------------------------- /roles/build-extender-config/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role builds the network and wireless configuration for the extender router 3 | 4 | - name: Create Dropbear folder 5 | file: 6 | path: "{{source_dir}}/files/etc/dropbear/" 7 | state: directory 8 | mode: 0700 9 | 10 | - name: Add keys to login 11 | lineinfile: 12 | dest: "{{source_dir}}/files/etc/dropbear/authorized_keys" 13 | line: "{{item}}" 14 | state: present 15 | create: true 16 | with_items: "{{keys_to_insert}}" 17 | when: insert_keys 18 | 19 | - name: Authorized keys only readable by owner 20 | file: 21 | path: "{{source_dir}}/files/etc/dropbear/authorized_keys" 22 | mode: 0600 23 | when: insert_keys 24 | 25 | - name: Create the UCI config folder 26 | file: 27 | path: "{{source_dir}}/files/etc/config/" 28 | state: directory 29 | 30 | - name: Template dropbear config 31 | template: 32 | src: "dropbear.j2" 33 | dest: "{{source_dir}}/files/etc/config/dropbear" 34 | 35 | - name: Template firewall config 36 | template: 37 | src: "firewall.j2" 38 | dest: "{{source_dir}}/files/etc/config/firewall" 39 | 40 | # Network and wifi stuff is hardware specific, so we keep templates for each 41 | # supported device. it really shouldn't ever change much in upstream LEDE 42 | # but do remember it's possible 43 | - name: Template network interface configuration 44 | template: 45 | src: "{{final_device_template}}-network.j2" 46 | dest: "{{source_dir}}/files/etc/config/network" 47 | 48 | - name: Insert Lan network 49 | blockinfile: 50 | insertbefore: BOF 51 | marker: "#LAN" 52 | path: "{{source_dir}}/files/etc/config/network" 53 | block: | 54 | config interface 'lan' 55 | option type 'bridge' 56 | option ifname '{{lan_interfaces}}' 57 | option proto 'dhcp' 58 | 59 | 60 | # we insert boilerplate stuff into the network configs here for the sake of de-duplication 61 | - name: Insert Loopback network 62 | blockinfile: 63 | insertbefore: BOF 64 | marker: "#LO" 65 | path: "{{source_dir}}/files/etc/config/network" 66 | block: | 67 | config interface 'loopback' 68 | option ifname 'lo' 69 | option proto 'static' 70 | option ipaddr '127.0.0.1' 71 | option netmask '255.0.0.0' 72 | 73 | - name: Template wifi interface configuration 74 | template: 75 | src: "{{final_device_template}}-wireless.j2" 76 | dest: "{{source_dir}}/files/etc/config/wireless" 77 | when: wireless_conf_path is file 78 | 79 | - name: Template package update url 80 | template: 81 | src: customfeeds.conf.j2 82 | dest: "{{source_dir}}/files/etc/opkg/customfeeds.conf" 83 | -------------------------------------------------------------------------------- /roles/check-deps/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Known requirements per distro, please expand if you encounter breakage 2 | known_distros: 3 | - Arch Linux 4 | - CentOS 5 | - Debian 6 | - Fedora 7 | - Red Hat Enterprise Linux 8 | - Ubuntu 9 | 10 | debian_deps: 11 | - build-essential 12 | - file 13 | - gawk 14 | - gettext 15 | - git 16 | - libncurses5-dev 17 | - libssl-dev 18 | - npm 19 | - python 20 | - subversion 21 | - systemtap-sdt-dev 22 | - time 23 | - unzip 24 | - zlib1g-dev 25 | - curl 26 | 27 | centos_deps: 28 | - binutils 29 | - bison 30 | - bzip2 31 | - flex 32 | - gawk 33 | - gcc 34 | - gcc-c++ 35 | - gettext 36 | - git-core 37 | - glibc 38 | - glibc-devel 39 | - glibc-static 40 | - intltool 41 | - libselinux-python 42 | - make 43 | - ncurses-devel 44 | - ncurses-libs 45 | - npm 46 | - openssl-devel 47 | - patch 48 | - perl-ExtUtils-MakeMaker 49 | - quilt 50 | - sdcc 51 | - sed 52 | - sharutils 53 | - subversion 54 | - systemtap-sdt-devel 55 | - time 56 | - unzip 57 | - wget 58 | - xz 59 | - zlib-devel 60 | - zlib-static 61 | - curl 62 | 63 | ubuntu_deps: 64 | - build-essential 65 | - flex 66 | - gawk 67 | - gcc-multilib 68 | - gettext 69 | - git-core 70 | - libncurses5-dev 71 | - libssl-dev 72 | - npm 73 | - subversion 74 | - systemtap-sdt-dev 75 | - time 76 | - unzip 77 | - zlib1g-dev 78 | - curl 79 | 80 | fedora_deps: 81 | - binutils 82 | - bzip2 83 | - gcc 84 | - gcc-c++ 85 | - gawk 86 | - gettext 87 | - git-core 88 | - flex 89 | - ncurses-devel 90 | - ncurses-compat-libs 91 | - zlib-devel 92 | - zlib-static 93 | - make 94 | - patch 95 | - unzip 96 | - perl-ExtUtils-MakeMaker 97 | - perl-Thread-Queue 98 | - glibc 99 | - glibc-devel 100 | - glibc-static 101 | - quilt 102 | - sed 103 | - sdcc 104 | - intltool 105 | - sharutils 106 | - bison 107 | - wget 108 | - openssl-devel 109 | - systemtap-sdt-devel 110 | - npm 111 | - time 112 | - curl 113 | - which 114 | - ansible 115 | - rsync 116 | - genisoimage 117 | - qemu-img 118 | 119 | arch_deps: 120 | - automake 121 | - binutils 122 | - bison 123 | - bzip2 124 | - flex 125 | - gawk 126 | - gcc 127 | - gcc-libs 128 | - gettext 129 | - git 130 | - glibc 131 | - intltool 132 | - ncurses 133 | - npm 134 | - openssl 135 | - patch 136 | - perl 137 | - quilt 138 | - sdcc 139 | - sed 140 | - sharutils 141 | - subversion 142 | - systemtap 143 | - time 144 | - unzip 145 | - wget 146 | - zlib 147 | - curl 148 | -------------------------------------------------------------------------------- /roles/build-config/templates/rita_exit.toml.j2: -------------------------------------------------------------------------------- 1 | allowed_countries = [] 2 | description = "{{description}}" 3 | remote_log = {{remote_log}} 4 | workers = {{workers}} 5 | 6 | 7 | [exit_network] 8 | entry_timeout = {{entry_timeout}} 9 | exit_hello_port = {{exit_hello_port}} 10 | exit_price = {{exit_price}} 11 | exit_start_ip = "{{exit_start_ip}}" 12 | {% if geoip_api_key is defined %} 13 | geoip_api_key = "{{geoip_api_key}}" 14 | {% endif %} 15 | {% if geoip_api_user is defined %} 16 | geoip_api_user = "{{geoip_api_user}}" 17 | {% endif %} 18 | netmask = {{own_internal_netmask}} 19 | own_internal_ip = "{{own_internal_ip}}" 20 | wg_private_key_path = "/tmp/exit-priv" 21 | wg_tunnel_port = {{wg_tunnel_port}} 22 | wg_v2_tunnel_port = {{wg_v2_tunnel_port}} 23 | registered_users_contract_addr = "{{registered_users_contract_addr}}" 24 | 25 | [network] 26 | babel_port = 6872 27 | backup_created = false 28 | discovery_ip = "ff02::1:8" 29 | {% if wan_interface is defined %} 30 | external_nic = "{{wan_interface}}" 31 | {% elif external_nic is defined %} 32 | external_nic = "{{external_nic}}" 33 | {% endif %} 34 | manual_peers = [] 35 | metric_factor = {{exit_metric_factor}} 36 | nickname = "{{nickname}}" 37 | peer_interfaces = [{% for iface in (exit_direct_peer_interfaces + exit_direct_peer_vlans) %}"{{iface}}"{{ "," if not loop.last else "" }}{% endfor %}] 38 | rita_contact_port = 4874 39 | rita_dashboard_port = {{rita_dashboard_port}} 40 | rita_hello_port = {{rita_hello_port}} 41 | rita_tick_interval = 5 42 | usage_tracker_file = "/etc/rita-usage-tracker.json" 43 | user_set_release_feed = false 44 | wg_private_key_path = "/tmp/priv" 45 | wg_start_port = {{wg_start_port}} 46 | device = "{{device}}" 47 | 48 | [network.shaper_settings] 49 | enabled = {{network_shaper_enabled}} 50 | max_speed = 10000 51 | min_speed = 50 52 | 53 | [payment] 54 | apply_incoming_credit_immediately = true 55 | balance_warning_level = "10000000000000000" 56 | bridge_enabled = {{bridge_enabled}} 57 | client_can_use_free_tier = true 58 | close_threshold = "-504000000000000000" 59 | debt_limit_enabled = {{debt_limit_enabled}} 60 | debts_file = "/etc/rita-exit-debts.json" 61 | dynamic_fee_multiplier = 6000 62 | forgive_on_reboot = false 63 | free_tier_throughput = {{free_tier_throughput}} 64 | fudge_factor = 0 65 | gas_price = "1000000000" 66 | light_client_fee = 0 67 | local_fee = 0 68 | net_version = "100" 69 | node_list = [{% for node in full_nodes %}"{{node}}"{{ "," if not loop.last else "" }}{% endfor %}] 70 | nonce = "1035843" 71 | pay_threshold = "126000000000000000" 72 | simulated_transaction_fee = 10 73 | simulated_transaction_fee_address = "0xEE8BBA37508cd6f9dB7c8AD0AE2b3DE0168c1b36" 74 | system_chain = "{{system_chain}}" 75 | withdraw_chain = "{{system_chain}}" -------------------------------------------------------------------------------- /roles/build/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Builds the firmware 3 | 4 | - name: Build firmware when not CI 5 | block: 6 | - name: Download files required for build 7 | shell: "cd {{source_dir}}; make -j{{ansible_processor_vcpus|int}} download" 8 | register: download_result 9 | ignore_errors: true 10 | 11 | - name: Print help on failure 12 | fail: 13 | msg: "Dependency download failed, run 'cd {{source_dir}}; make V=s world' to see why." 14 | when: download_result is failed 15 | 16 | - name: Build the firmware, could take a while 17 | shell: "cd {{source_dir}}; export RUST_TRIPLE={{rust_target}}; nice make -j{{ansible_processor_vcpus}} world" 18 | register: build_result 19 | ignore_errors: true 20 | 21 | - name: Print help on failure 22 | fail: 23 | msg: "Firmware compliation failed, run 'cd {{source_dir}}; export RUST_TRIPLE={{rust_target}}; make V=s world' to see why." 24 | when: build_result is failed 25 | 26 | - name: Print Success 27 | debug: 28 | msg: "Firmware Successfully built!" 29 | 30 | - name: Create staging folder 31 | file: 32 | path: completed-images/ 33 | state: directory 34 | 35 | - name: Create archive folder 36 | file: 37 | path: images-archive/ 38 | state: directory 39 | 40 | - name: Copy image to staging folder 41 | copy: 42 | src: "build/bin/targets/{{item}}" 43 | dest: "completed-images/{{image_prefix}}{{ansible_date_time.date}}-{{ansible_date_time.hour}}-{{ansible_date_time.minute}}-{{item | basename}}" 44 | with_items: "{{image_paths}}" 45 | when: supported and copy_images and rita_type == "client" 46 | 47 | - name: Copy image to staging folder 48 | copy: 49 | src: "build/bin/targets/{{item}}" 50 | dest: "completed-images/extender-{{ansible_date_time.date}}-{{ansible_date_time.hour}}-{{ansible_date_time.minute}}-{{item | basename}}" 51 | with_items: "{{image_paths}}" 52 | when: supported and copy_images and rita_type == "extender" 53 | 54 | - name: Copy image to staging folder 55 | copy: 56 | src: "build/bin/targets/{{item}}" 57 | dest: "completed-images/{{image_prefix}}exit-{{ansible_date_time.date}}-{{ansible_date_time.hour}}-{{ansible_date_time.minute}}-{{item | basename}}" 58 | with_items: "{{image_paths}}" 59 | when: supported and copy_images and rita_type == "exit" 60 | 61 | - name: Copy image to archive folder 62 | copy: 63 | src: "build/bin/targets/{{item}}" 64 | dest: "images-archive/{{ansible_date_time.date}}-{{ansible_date_time.hour}}-{{ansible_date_time.minute}}-{{item | basename}}" 65 | with_items: "{{image_paths}}" 66 | when: supported and copy_images 67 | 68 | when: not ci 69 | -------------------------------------------------------------------------------- /scripts/virtualbox/setupVms.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | DIR=$(dirname $0) 3 | diskPath="$DIR/vboxDisks" 4 | imagePath="$DIR/../../build/bin/targets/x86/generic/openwrt-x86-generic-combined-squashfs.vdi" 5 | 6 | for i in $(seq 1 $1) 7 | do 8 | hostip="192.168.70.$(expr \( $i - 1 \) \* 8 + 1)" 9 | dhcp="192.168.70.$(expr \( $i - 1 \) \* 8 + 6)" 10 | guestip="192.168.70.$(expr \( $i - 1 \) \* 8 + 2)" 11 | vboxmanage clonemedium disk $imagePath $diskPath/testDisk$i.vdi 12 | vboxmanage createvm --name AltheaTest$i --ostype Linux --register 13 | vboxmanage hostonlyif create 14 | #get the latest interface created 15 | vnet=`vboxmanage list hostonlyifs |sed -n -e 's/^Name:\s*//p' | sort -r| head -n 1` 16 | #configure interface for a 255.255.255.254 network, even numbers are host, odd are guest 17 | vboxmanage hostonlyif ipconfig $vnet --ip $hostip --netmask 255.255.255.248 18 | vboxmanage dhcpserver add --ifname $vnet --ip $dhcp --lowerip $guestip --upperip $guestip --netmask 255.255.255.248 --enable 19 | vboxmanage modifyvm AltheaTest$i --memory 256 --vram 16 --nic1 hostonly --hostonlyadapter1 $vnet 20 | vboxmanage storagectl AltheaTest$i --name IDE --add ide 21 | vboxmanage storageattach AltheaTest$i --storagectl IDE --port 1 --device 1 --type hdd --medium $diskPath/testDisk$i.vdi 22 | done 23 | 24 | vboxmanage closemedium $imagePath 25 | 26 | vboxmanage modifyvm AltheaTest1 --nic2 intnet --intnet2 althea1 27 | vboxmanage modifyvm AltheaTest2 --nic2 intnet --intnet2 althea1 28 | vboxmanage modifyvm AltheaTest2 --nic3 intnet --intnet3 althea2 29 | vboxmanage modifyvm AltheaTest3 --nic2 intnet --intnet2 althea2 30 | 31 | vboxmanage startvm AltheaTest1 32 | vboxmanage startvm AltheaTest2 33 | vboxmanage startvm AltheaTest3 34 | 35 | while ! ssh root@192.168.70.2 -n -o "StrictHostKeyChecking no" 36 | do 37 | echo "trying to connect via ssh" 38 | sleep 5 39 | done 40 | 41 | node1Script="sed -i '31,50d' /etc/config/network" 42 | 43 | ###Node1### 44 | ssh -o "StrictHostKeyChecking no" root@192.168.70.2 $node1Script 45 | 46 | while ! ssh root@192.168.70.10 -n -o "StrictHostKeyChecking no" 47 | do 48 | echo "trying to connect via ssh" 49 | sleep 1 50 | done 51 | 52 | node2Script="sed -i 's/192\.168\.2\.1/192\.168\.2\.2/' /etc/config/network;\ 53 | sed -i '23s/192\.168\.2\.2/192\.168\.2\.1/' /etc/config/network;\ 54 | sed -i 's/10\.0\.0\.2/10\.0\.0\.3/' /etc/config/network" 55 | 56 | 57 | ###Node2### 58 | ssh -o "StrictHostKeyChecking no" root@192.168.70.10 $node2Script 59 | 60 | while ! ssh root@192.168.70.18 -n -o "StrictHostKeyChecking no" 61 | do 62 | echo "trying to connect via ssh" 63 | sleep 1 64 | done 65 | 66 | node3Script="sed -i 's/192\.168\.2\.1/192\.168\.3\.2/' /etc/config/network;\ 67 | sed -i 's/192\.168\.2\.2/192\.168\.3\.1/' /etc/config/network;\ 68 | sed -i 's/10\.0\.0\.2/10\.0\.0\.5/' /etc/config/network;\ 69 | sed -i '31,50d' /etc/config/network" 70 | 71 | 72 | ##Node3## 73 | ssh -o "StrictHostKeyChecking no" root@192.168.70.18 $node3Script 74 | 75 | ##Reboot## 76 | ssh -o "StrictHostKeyChecking no" root@192.168.70.2 reboot 77 | ssh -o "StrictHostKeyChecking no" root@192.168.70.10 reboot 78 | ssh -o "StrictHostKeyChecking no" root@192.168.70.18 reboot 79 | -------------------------------------------------------------------------------- /config/mikrotik_hap-ac3: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_mikrotik=y 3 | CONFIG_TARGET_ipq40xx_mikrotik_DEVICE_mikrotik_hap-ac3=y 4 | CONFIG_IFSTAT_SNMP=y 5 | CONFIG_LIBCURL_COOKIES=y 6 | CONFIG_LIBCURL_FILE=y 7 | CONFIG_LIBCURL_FTP=y 8 | CONFIG_LIBCURL_HTTP=y 9 | CONFIG_LIBCURL_MBEDTLS=y 10 | CONFIG_LIBCURL_NGHTTP2=y 11 | CONFIG_LIBCURL_NO_SMB="!" 12 | CONFIG_LIBCURL_PROXY=y 13 | CONFIG_PACKAGE_althea-babeld=y 14 | CONFIG_PACKAGE_althea-cron-jobs=y 15 | CONFIG_PACKAGE_althea-dash=y 16 | CONFIG_PACKAGE_althea-rust-binaries=y 17 | CONFIG_PACKAGE_althea-tools=y 18 | CONFIG_PACKAGE_althea-usb=y 19 | CONFIG_PACKAGE_block-mount=y 20 | CONFIG_PACKAGE_ca-certificates=y 21 | CONFIG_PACKAGE_curl=y 22 | CONFIG_PACKAGE_e2fsprogs=y 23 | CONFIG_PACKAGE_ifstat=y 24 | CONFIG_PACKAGE_iftop=y 25 | CONFIG_PACKAGE_iperf3=y 26 | CONFIG_PACKAGE_ipset=y 27 | # CONFIG_PACKAGE_kmod-ath10k-ct is not set 28 | CONFIG_PACKAGE_kmod-ath10k-ct-smallbuffers=y 29 | CONFIG_PACKAGE_kmod-crypto-kpp=y 30 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 31 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 32 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 33 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 34 | CONFIG_PACKAGE_kmod-fs-ext4=y 35 | CONFIG_PACKAGE_kmod-ipt-core=y 36 | CONFIG_PACKAGE_kmod-ipt-ipset=y 37 | # CONFIG_PACKAGE_kmod-ledtrig-gpio is not set 38 | CONFIG_PACKAGE_kmod-lib-crc16=y 39 | CONFIG_PACKAGE_kmod-mii=y 40 | CONFIG_PACKAGE_kmod-nf-ipt=y 41 | CONFIG_PACKAGE_kmod-sched-cake=y 42 | CONFIG_PACKAGE_kmod-sched-core=y 43 | CONFIG_PACKAGE_kmod-scsi-core=y 44 | CONFIG_PACKAGE_kmod-udptunnel4=y 45 | CONFIG_PACKAGE_kmod-udptunnel6=y 46 | CONFIG_PACKAGE_kmod-usb-ehci=y 47 | CONFIG_PACKAGE_kmod-usb-net=y 48 | CONFIG_PACKAGE_kmod-usb-net-cdc-eem=y 49 | CONFIG_PACKAGE_kmod-usb-net-cdc-ether=y 50 | CONFIG_PACKAGE_kmod-usb-net-cdc-mbim=y 51 | CONFIG_PACKAGE_kmod-usb-net-cdc-ncm=y 52 | CONFIG_PACKAGE_kmod-usb-net-cdc-subset=y 53 | CONFIG_PACKAGE_kmod-usb-net-ipheth=y 54 | CONFIG_PACKAGE_kmod-usb-net-rtl8150=y 55 | CONFIG_PACKAGE_kmod-usb-net-rtl8152=y 56 | CONFIG_PACKAGE_kmod-usb-ohci=y 57 | CONFIG_PACKAGE_kmod-usb-ohci-pci=y 58 | CONFIG_PACKAGE_kmod-usb-storage=y 59 | CONFIG_PACKAGE_kmod-usb-storage-uas=y 60 | CONFIG_PACKAGE_kmod-usb-uhci=y 61 | CONFIG_PACKAGE_kmod-usb-wdm=y 62 | CONFIG_PACKAGE_kmod-usb2=y 63 | CONFIG_PACKAGE_kmod-usb2-pci=y 64 | CONFIG_PACKAGE_kmod-wireguard=y 65 | CONFIG_PACKAGE_libblkid=y 66 | CONFIG_PACKAGE_libcomerr=y 67 | CONFIG_PACKAGE_libcurl=y 68 | CONFIG_PACKAGE_libevdev=y 69 | CONFIG_PACKAGE_libext2fs=y 70 | CONFIG_PACKAGE_libipset=y 71 | CONFIG_PACKAGE_libmbedtls=y 72 | CONFIG_PACKAGE_libncurses=y 73 | CONFIG_PACKAGE_libnetsnmp=y 74 | CONFIG_PACKAGE_libnghttp2=y 75 | CONFIG_PACKAGE_libpcap=y 76 | CONFIG_PACKAGE_libpci=y 77 | CONFIG_PACKAGE_libpcre=y 78 | CONFIG_PACKAGE_librt=y 79 | CONFIG_PACKAGE_libss=y 80 | CONFIG_PACKAGE_libudev-zero=y 81 | CONFIG_PACKAGE_libusb-1.0=y 82 | CONFIG_PACKAGE_libuuid=y 83 | CONFIG_PACKAGE_mtr-nojson=y 84 | CONFIG_PACKAGE_nano=y 85 | CONFIG_PACKAGE_r8152-firmware=y 86 | CONFIG_PACKAGE_rpcd=y 87 | CONFIG_PACKAGE_tc-tiny=y 88 | CONFIG_PACKAGE_tcpdump=y 89 | CONFIG_PACKAGE_terminfo=y 90 | CONFIG_PACKAGE_uhttpd=y 91 | CONFIG_PACKAGE_usbutils=y 92 | CONFIG_PACKAGE_wireguard-tools=y 93 | CONFIG_PCRE_JIT_ENABLED=y 94 | -------------------------------------------------------------------------------- /roles/build-config/templates/rita.toml.j2: -------------------------------------------------------------------------------- 1 | [payment] 2 | buffer_period = 3 3 | 4 | [network] 5 | babel_port = 6872 6 | rita_contact_port = 4874 7 | rita_hello_port = 4876 8 | rita_dashboard_port = 4877 9 | rita_tick_interval = 5 10 | wg_private_key_path = "/tmp/priv" 11 | wg_start_port = 60000 12 | tunnel_timeout_seconds = 900 13 | peer_interfaces = [{% for interface in listen_interfaces_extended %}"{{interface}}"{{ "," if not loop.last else "" }}{% endfor %}] 14 | {% if wan_interface is defined %} 15 | external_nic = "{{wan_interface}}" 16 | {% endif %} 17 | manual_peers = ["test.althea.org", "exit.althea.net", "10.45.0.1"] 18 | conf_link_local = true 19 | default_route = [] 20 | device = "{{device}}" 21 | 22 | [exit_client] 23 | wg_listen_port = 59999 24 | lan_nics = ['lan'] 25 | current_exit = "{{default_exit}}" 26 | 27 | [exit_client.new_exits.test] 28 | registration_port = 4875 29 | description = "The Althea testing exit cluster. Unstable!" 30 | state = "New" 31 | root_ip = "fd00::1337:1e0f" 32 | eth_address = "0x5aee3dff733f56cfe7e5390b9cc3a46a90ca1cfa" 33 | wg_public_key = "zgAlhyOQy8crB0ewrsWt3ES9SvFguwx5mq9i2KiknmA=" 34 | 35 | [exit_client.new_exits.us_west] 36 | registration_port = 4875 37 | description = "The Althea Production US exit" 38 | state = "New" 39 | root_ip = "fd00::1337:0e2f" 40 | eth_address = "0x72d9e579f691d62aa7e0703840db6dd2fa9fae21" 41 | wg_public_key = "jkIodvXKgij/rAEQXFEPJpls6ooxXJEC5XlWA1uUPUg=" 42 | 43 | [exit_client.new_exits.africa] 44 | registration_port = 4875 45 | description = "Althea Africa exit" 46 | state = "New" 47 | root_ip = "fd00::1337:2e2f" 48 | eth_address = "0xEba3aF4E87663b3Bb57FC89976502b960e3906ff" 49 | wg_public_key = "V0tgdQ2Ljx5xyw4UMQ6a7ZztQmyvqrUp/4jrFcCeG1w=" 50 | 51 | [exit_client.new_exits.revabit] 52 | registration_port = 4875 53 | description = "Revabit Africa Exit" 54 | state = "New" 55 | root_ip = "fd01::3737:1" 56 | eth_address = "0xfd6E3Cb9699811e2EeE72825a141EE7e7e6d46F4" 57 | wg_public_key = "IQXzsopZ8O6iAssJAxtdE7VSqmY3x6eHuy39giKHc3k=" 58 | 59 | [exit_client.new_exits.south_america_eth] 60 | registration_port = 4875 61 | description = "Nodo de salida de America del Sur" 62 | state = "New" 63 | root_ip = "fd00::1337:6e2f" 64 | eth_address = "0x81b6c9f8cfd8f135743a9d39b3b0386024ea4cc8" 65 | wg_public_key = "AlsMwUkJmiA+EQ45p+n+RAtXq1rCA51k58HRwlzoETs=" 66 | 67 | [exit_client.new_exits.apac] 68 | registration_port = 4875 69 | description = "In Singapore" 70 | state = "New" 71 | root_ip = "fd00::1337:4e2f" 72 | eth_address = "0xe4ad1f9aa23957d294d869b70fc8f28774df896e" 73 | wg_public_key = "1kKSpzdhI4kfqeMqch9I1bXqOUXeKN7EQBecVzW60ys=" 74 | 75 | [exit_client.new_exits.ca] 76 | registration_port = 4875 77 | description = "Canada Althea Exit" 78 | state = "New" 79 | root_ip = "fd00::1337:3e9f" 80 | eth_address = "0x90b82ed41dcd867df7d2aedab62280e82fcd64f3" 81 | wg_public_key = "D0z23bOTn5RQgM87nuxx6zgmFMMAKBHXSOXopHtZhTc=" 82 | 83 | [exit_client.new_exits.pr] 84 | registration_port = 4875 85 | description = "Puerto Rico Exit" 86 | state = "New" 87 | root_ip = "fd00::1337:eaf1" 88 | wg_public_key = "2wnoOmOuCwqV6dIjzn0uaALSxhwx+w8XH2neUr5NRUY=" 89 | eth_address = "0x6c806Fea0fE17CCdc90312E5dFe53D69EaFE7762" 90 | 91 | 92 | [operator] 93 | display_operator_setup = true 94 | 95 | [log] 96 | {% if logging_enabled %} 97 | enabled = true 98 | {% else %} 99 | enabled = false 100 | {% endif %} 101 | level = "{{logging_level}}" 102 | dest_url = "{{logging_url}}" 103 | -------------------------------------------------------------------------------- /config/dl-wrtx36: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq807x=y 2 | CONFIG_TARGET_ipq807x_generic=y 3 | CONFIG_TARGET_ipq807x_generic_DEVICE_dynalink_dl-wrx36=y 4 | CONFIG_HTOP_LMSENSORS=y 5 | CONFIG_IFSTAT_SNMP=y 6 | CONFIG_LIBCURL_COOKIES=y 7 | CONFIG_LIBCURL_FILE=y 8 | CONFIG_LIBCURL_FTP=y 9 | CONFIG_LIBCURL_HTTP=y 10 | CONFIG_LIBCURL_MBEDTLS=y 11 | CONFIG_LIBCURL_NGHTTP2=y 12 | CONFIG_LIBCURL_NO_SMB="!" 13 | CONFIG_LIBCURL_PROXY=y 14 | CONFIG_LIBCURL_UNIX_SOCKETS=y 15 | CONFIG_OPENSSL_ENGINE=y 16 | CONFIG_OPENSSL_WITH_ASM=y 17 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 18 | CONFIG_OPENSSL_WITH_CMS=y 19 | CONFIG_OPENSSL_WITH_DEPRECATED=y 20 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 21 | CONFIG_OPENSSL_WITH_IDEA=y 22 | CONFIG_OPENSSL_WITH_MDC2=y 23 | CONFIG_OPENSSL_WITH_PSK=y 24 | CONFIG_OPENSSL_WITH_SEED=y 25 | CONFIG_OPENSSL_WITH_SRP=y 26 | CONFIG_OPENSSL_WITH_TLS13=y 27 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 28 | CONFIG_PACKAGE_althea-babeld=y 29 | CONFIG_PACKAGE_althea-cron-jobs=y 30 | CONFIG_PACKAGE_althea-dash=y 31 | CONFIG_PACKAGE_althea-rust-binaries=y 32 | CONFIG_PACKAGE_althea-tools=y 33 | CONFIG_PACKAGE_althea-usb=y 34 | CONFIG_PACKAGE_block-mount=y 35 | CONFIG_PACKAGE_ca-certificates=y 36 | CONFIG_PACKAGE_curl=y 37 | CONFIG_PACKAGE_htop=y 38 | CONFIG_PACKAGE_ifstat=y 39 | CONFIG_PACKAGE_iftop=y 40 | CONFIG_PACKAGE_iperf3=y 41 | CONFIG_PACKAGE_ipset=y 42 | CONFIG_PACKAGE_kmod-crypto-kpp=y 43 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 44 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 45 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 46 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 47 | CONFIG_PACKAGE_kmod-crypto-sha256=y 48 | CONFIG_PACKAGE_kmod-ipt-core=y 49 | CONFIG_PACKAGE_kmod-ipt-ipset=y 50 | CONFIG_PACKAGE_kmod-mii=y 51 | CONFIG_PACKAGE_kmod-nf-ipt=y 52 | CONFIG_PACKAGE_kmod-sched-cake=y 53 | CONFIG_PACKAGE_kmod-sched-core=y 54 | CONFIG_PACKAGE_kmod-scsi-core=y 55 | CONFIG_PACKAGE_kmod-udptunnel4=y 56 | CONFIG_PACKAGE_kmod-udptunnel6=y 57 | CONFIG_PACKAGE_kmod-usb-ehci=y 58 | CONFIG_PACKAGE_kmod-usb-net=y 59 | CONFIG_PACKAGE_kmod-usb-net-cdc-eem=y 60 | CONFIG_PACKAGE_kmod-usb-net-cdc-ether=y 61 | CONFIG_PACKAGE_kmod-usb-net-cdc-mbim=y 62 | CONFIG_PACKAGE_kmod-usb-net-cdc-ncm=y 63 | CONFIG_PACKAGE_kmod-usb-net-cdc-subset=y 64 | CONFIG_PACKAGE_kmod-usb-net-ipheth=y 65 | CONFIG_PACKAGE_kmod-usb-net-rtl8150=y 66 | CONFIG_PACKAGE_kmod-usb-net-rtl8152=y 67 | CONFIG_PACKAGE_kmod-usb-ohci=y 68 | CONFIG_PACKAGE_kmod-usb-ohci-pci=y 69 | CONFIG_PACKAGE_kmod-usb-storage=y 70 | CONFIG_PACKAGE_kmod-usb-storage-uas=y 71 | CONFIG_PACKAGE_kmod-usb-uhci=y 72 | CONFIG_PACKAGE_kmod-usb-wdm=y 73 | CONFIG_PACKAGE_kmod-usb2=y 74 | CONFIG_PACKAGE_kmod-usb2-pci=y 75 | CONFIG_PACKAGE_kmod-wireguard=y 76 | CONFIG_PACKAGE_libatomic=y 77 | CONFIG_PACKAGE_libcurl=y 78 | CONFIG_PACKAGE_libevdev=y 79 | CONFIG_PACKAGE_libiperf3=y 80 | CONFIG_PACKAGE_libipset=y 81 | CONFIG_PACKAGE_libncurses=y 82 | CONFIG_PACKAGE_libnetsnmp=y 83 | CONFIG_PACKAGE_libnghttp2=y 84 | CONFIG_PACKAGE_libopenssl=y 85 | CONFIG_PACKAGE_libpcap=y 86 | CONFIG_PACKAGE_libpci=y 87 | CONFIG_PACKAGE_libpcre2=y 88 | CONFIG_PACKAGE_libudev-zero=y 89 | CONFIG_PACKAGE_libusb-1.0=y 90 | CONFIG_PACKAGE_libustream-openssl=y 91 | CONFIG_PACKAGE_mtr-nojson=y 92 | CONFIG_PACKAGE_nano=y 93 | CONFIG_PACKAGE_r8152-firmware=y 94 | CONFIG_PACKAGE_rpcd=y 95 | CONFIG_PACKAGE_tc-tiny=y 96 | CONFIG_PACKAGE_tcpdump=y 97 | CONFIG_PACKAGE_terminfo=y 98 | CONFIG_PACKAGE_uhttpd=y 99 | CONFIG_PACKAGE_usbutils=y 100 | CONFIG_PACKAGE_wireguard-tools=y 101 | -------------------------------------------------------------------------------- /config/x86_64-exit: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_x86=y 2 | CONFIG_TARGET_x86_64=y 3 | CONFIG_TARGET_x86_64_DEVICE_generic=y 4 | CONFIG_DEVEL=y 5 | CONFIG_TOOLCHAINOPTS=y 6 | CONFIG_GRUB_TITLE="Althea Exit" 7 | CONFIG_IFSTAT_SNMP=y 8 | CONFIG_IMAGEOPT=y 9 | CONFIG_LIBCURL_COOKIES=y 10 | CONFIG_LIBCURL_FILE=y 11 | CONFIG_LIBCURL_FTP=y 12 | CONFIG_LIBCURL_HTTP=y 13 | CONFIG_LIBCURL_NGHTTP2=y 14 | CONFIG_LIBCURL_NO_SMB="!" 15 | CONFIG_LIBCURL_OPENSSL=y 16 | CONFIG_LIBCURL_PROXY=y 17 | CONFIG_LIBCURL_UNIX_SOCKETS=y 18 | CONFIG_OPENSSL_ENGINE=y 19 | CONFIG_OPENSSL_OPTIMIZE_SPEED=y 20 | CONFIG_OPENSSL_WITH_ASM=y 21 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 22 | CONFIG_OPENSSL_WITH_CMS=y 23 | CONFIG_OPENSSL_WITH_DEPRECATED=y 24 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 25 | CONFIG_OPENSSL_WITH_IDEA=y 26 | CONFIG_OPENSSL_WITH_MDC2=y 27 | CONFIG_OPENSSL_WITH_PSK=y 28 | CONFIG_OPENSSL_WITH_SEED=y 29 | CONFIG_OPENSSL_WITH_SRP=y 30 | CONFIG_OPENSSL_WITH_TLS13=y 31 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 32 | CONFIG_PACKAGE_althea-babeld=y 33 | CONFIG_PACKAGE_althea-cron-jobs=y 34 | CONFIG_PACKAGE_althea-tools=y 35 | CONFIG_PACKAGE_ca-certificates=y 36 | CONFIG_PACKAGE_curl=y 37 | CONFIG_PACKAGE_ifstat=y 38 | CONFIG_PACKAGE_iftop=y 39 | CONFIG_PACKAGE_iperf3=y 40 | CONFIG_PACKAGE_ipset=y 41 | CONFIG_PACKAGE_kmod-crypto-acompress=y 42 | CONFIG_PACKAGE_kmod-crypto-blake2b=y 43 | CONFIG_PACKAGE_kmod-crypto-kpp=y 44 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 45 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 46 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 47 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 48 | CONFIG_PACKAGE_kmod-crypto-xxhash=y 49 | CONFIG_PACKAGE_kmod-fs-btrfs=y 50 | CONFIG_PACKAGE_kmod-fs-ext4=y 51 | CONFIG_PACKAGE_kmod-ipt-core=y 52 | CONFIG_PACKAGE_kmod-ipt-ipset=y 53 | CONFIG_PACKAGE_kmod-lib-crc16=y 54 | CONFIG_PACKAGE_kmod-lib-lzo=y 55 | CONFIG_PACKAGE_kmod-lib-raid6=y 56 | CONFIG_PACKAGE_kmod-lib-xor=y 57 | CONFIG_PACKAGE_kmod-lib-xxhash=y 58 | CONFIG_PACKAGE_kmod-lib-zlib-deflate=y 59 | CONFIG_PACKAGE_kmod-lib-zlib-inflate=y 60 | CONFIG_PACKAGE_kmod-lib-zstd=y 61 | CONFIG_PACKAGE_kmod-nf-ipt=y 62 | CONFIG_PACKAGE_kmod-sched-cake=y 63 | CONFIG_PACKAGE_kmod-sched-core=y 64 | CONFIG_PACKAGE_kmod-udptunnel4=y 65 | CONFIG_PACKAGE_kmod-udptunnel6=y 66 | CONFIG_PACKAGE_kmod-wireguard=y 67 | CONFIG_PACKAGE_libatomic=y 68 | CONFIG_PACKAGE_libbpf=y 69 | CONFIG_PACKAGE_libcurl=y 70 | CONFIG_PACKAGE_libelf=y 71 | CONFIG_PACKAGE_libiperf3=y 72 | CONFIG_PACKAGE_libipset=y 73 | CONFIG_PACKAGE_libmbedtls=m 74 | CONFIG_PACKAGE_libncurses=y 75 | CONFIG_PACKAGE_libnetsnmp=y 76 | CONFIG_PACKAGE_libnghttp2=y 77 | CONFIG_PACKAGE_libopenssl=y 78 | CONFIG_PACKAGE_libpcap=y 79 | CONFIG_PACKAGE_libpci=y 80 | CONFIG_PACKAGE_libpcre2=y 81 | CONFIG_PACKAGE_libreadline=y 82 | CONFIG_PACKAGE_libustream-mbedtls=m 83 | CONFIG_PACKAGE_libustream-openssl=y 84 | CONFIG_PACKAGE_libxtables=y 85 | CONFIG_PACKAGE_mtr-nojson=y 86 | CONFIG_PACKAGE_nano=y 87 | CONFIG_PACKAGE_rita-exit=y 88 | CONFIG_PACKAGE_rpcd=y 89 | CONFIG_PACKAGE_tc-mod-iptables=y 90 | CONFIG_PACKAGE_tc-tiny=y 91 | CONFIG_PACKAGE_tcpdump=y 92 | CONFIG_PACKAGE_terminfo=y 93 | CONFIG_PACKAGE_wireguard-tools=y 94 | CONFIG_PACKAGE_zlib=y 95 | CONFIG_PCRE2_JIT_ENABLED=y 96 | CONFIG_STRIP_ARGS="--strip-all" 97 | CONFIG_TARGET_KERNEL_PARTSIZE=32 98 | # CONFIG_TARGET_ROOTFS_EXT4FS is not set 99 | CONFIG_TARGET_ROOTFS_PARTSIZE=512 100 | # CONFIG_USE_SSTRIP is not set 101 | CONFIG_USE_STRIP=y 102 | CONFIG_VDI_IMAGES=y 103 | CONFIG_VMDK_IMAGES=y 104 | -------------------------------------------------------------------------------- /config/gl-mt6000: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mediatek=y 2 | CONFIG_TARGET_mediatek_filogic=y 3 | CONFIG_TARGET_mediatek_filogic_DEVICE_glinet_gl-mt6000=y 4 | CONFIG_HTOP_LMSENSORS=y 5 | CONFIG_IFSTAT_SNMP=y 6 | CONFIG_LIBCURL_COOKIES=y 7 | CONFIG_LIBCURL_FILE=y 8 | CONFIG_LIBCURL_FTP=y 9 | CONFIG_LIBCURL_HTTP=y 10 | CONFIG_LIBCURL_MBEDTLS=y 11 | CONFIG_LIBCURL_NGHTTP2=y 12 | CONFIG_LIBCURL_NO_SMB="!" 13 | CONFIG_LIBCURL_PROXY=y 14 | CONFIG_LIBCURL_UNIX_SOCKETS=y 15 | CONFIG_OPENSSL_ENGINE=y 16 | CONFIG_OPENSSL_WITH_ASM=y 17 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 18 | CONFIG_OPENSSL_WITH_CMS=y 19 | CONFIG_OPENSSL_WITH_DEPRECATED=y 20 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 21 | CONFIG_OPENSSL_WITH_IDEA=y 22 | CONFIG_OPENSSL_WITH_MDC2=y 23 | CONFIG_OPENSSL_WITH_PSK=y 24 | CONFIG_OPENSSL_WITH_SEED=y 25 | CONFIG_OPENSSL_WITH_SRP=y 26 | CONFIG_OPENSSL_WITH_TLS13=y 27 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 28 | CONFIG_PACKAGE_althea-babeld=y 29 | CONFIG_PACKAGE_althea-cron-jobs=y 30 | CONFIG_PACKAGE_althea-dash=y 31 | CONFIG_PACKAGE_althea-rust-binaries=y 32 | CONFIG_PACKAGE_althea-tools=y 33 | CONFIG_PACKAGE_althea-usb=y 34 | CONFIG_PACKAGE_block-mount=y 35 | CONFIG_PACKAGE_ca-certificates=y 36 | CONFIG_PACKAGE_curl=y 37 | CONFIG_PACKAGE_htop=y 38 | CONFIG_PACKAGE_ifstat=y 39 | CONFIG_PACKAGE_iftop=y 40 | CONFIG_PACKAGE_iperf3=y 41 | CONFIG_PACKAGE_ipset=y 42 | CONFIG_PACKAGE_kmod-crypto-kpp=y 43 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 44 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 45 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 46 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 47 | CONFIG_PACKAGE_kmod-fs-ext4=y 48 | CONFIG_PACKAGE_kmod-ipt-core=y 49 | CONFIG_PACKAGE_kmod-ipt-ipset=y 50 | CONFIG_PACKAGE_kmod-lib-crc16=y 51 | CONFIG_PACKAGE_kmod-mii=y 52 | CONFIG_PACKAGE_kmod-nf-ipt=y 53 | CONFIG_PACKAGE_kmod-sched-cake=y 54 | CONFIG_PACKAGE_kmod-sched-core=y 55 | CONFIG_PACKAGE_kmod-scsi-core=y 56 | CONFIG_PACKAGE_kmod-udptunnel4=y 57 | CONFIG_PACKAGE_kmod-udptunnel6=y 58 | CONFIG_PACKAGE_kmod-usb-ehci=y 59 | CONFIG_PACKAGE_kmod-usb-net=y 60 | CONFIG_PACKAGE_kmod-usb-net-cdc-eem=y 61 | CONFIG_PACKAGE_kmod-usb-net-cdc-ether=y 62 | CONFIG_PACKAGE_kmod-usb-net-cdc-mbim=y 63 | CONFIG_PACKAGE_kmod-usb-net-cdc-ncm=y 64 | CONFIG_PACKAGE_kmod-usb-net-cdc-subset=y 65 | CONFIG_PACKAGE_kmod-usb-net-ipheth=y 66 | CONFIG_PACKAGE_kmod-usb-net-rtl8150=y 67 | CONFIG_PACKAGE_kmod-usb-net-rtl8152=y 68 | CONFIG_PACKAGE_kmod-usb-ohci=y 69 | CONFIG_PACKAGE_kmod-usb-ohci-pci=y 70 | CONFIG_PACKAGE_kmod-usb-storage=y 71 | CONFIG_PACKAGE_kmod-usb-storage-uas=y 72 | CONFIG_PACKAGE_kmod-usb-uhci=y 73 | CONFIG_PACKAGE_kmod-usb-wdm=y 74 | CONFIG_PACKAGE_kmod-usb2=y 75 | CONFIG_PACKAGE_kmod-usb2-pci=y 76 | CONFIG_PACKAGE_kmod-wireguard=y 77 | CONFIG_PACKAGE_libatomic=y 78 | CONFIG_PACKAGE_libcurl=y 79 | CONFIG_PACKAGE_libevdev=y 80 | CONFIG_PACKAGE_libiperf3=y 81 | CONFIG_PACKAGE_libipset=y 82 | CONFIG_PACKAGE_libncurses=y 83 | CONFIG_PACKAGE_libnetsnmp=y 84 | CONFIG_PACKAGE_libnghttp2=y 85 | CONFIG_PACKAGE_libopenssl=y 86 | CONFIG_PACKAGE_libpcap=y 87 | CONFIG_PACKAGE_libpci=y 88 | CONFIG_PACKAGE_libpcre2=y 89 | CONFIG_PACKAGE_libudev-zero=y 90 | CONFIG_PACKAGE_libusb-1.0=y 91 | CONFIG_PACKAGE_libustream-openssl=y 92 | CONFIG_PACKAGE_mtr-nojson=y 93 | CONFIG_PACKAGE_nano=y 94 | CONFIG_PACKAGE_r8152-firmware=y 95 | CONFIG_PACKAGE_rpcd=y 96 | CONFIG_PACKAGE_tc-tiny=y 97 | CONFIG_PACKAGE_tcpdump=y 98 | CONFIG_PACKAGE_terminfo=y 99 | CONFIG_PACKAGE_uhttpd=y 100 | CONFIG_PACKAGE_usbutils=y 101 | CONFIG_PACKAGE_wireguard-tools=y 102 | -------------------------------------------------------------------------------- /config/gl-mt6000-exit: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_mediatek=y 2 | CONFIG_TARGET_mediatek_filogic=y 3 | CONFIG_TARGET_mediatek_filogic_DEVICE_glinet_gl-mt6000=y 4 | CONFIG_HTOP_LMSENSORS=y 5 | CONFIG_IFSTAT_SNMP=y 6 | CONFIG_LIBCURL_COOKIES=y 7 | CONFIG_LIBCURL_FILE=y 8 | CONFIG_LIBCURL_FTP=y 9 | CONFIG_LIBCURL_HTTP=y 10 | CONFIG_LIBCURL_MBEDTLS=y 11 | CONFIG_LIBCURL_NGHTTP2=y 12 | CONFIG_LIBCURL_NO_SMB="!" 13 | CONFIG_LIBCURL_PROXY=y 14 | CONFIG_LIBCURL_UNIX_SOCKETS=y 15 | CONFIG_OPENSSL_ENGINE=y 16 | CONFIG_OPENSSL_WITH_ASM=y 17 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 18 | CONFIG_OPENSSL_WITH_CMS=y 19 | CONFIG_OPENSSL_WITH_DEPRECATED=y 20 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 21 | CONFIG_OPENSSL_WITH_IDEA=y 22 | CONFIG_OPENSSL_WITH_MDC2=y 23 | CONFIG_OPENSSL_WITH_PSK=y 24 | CONFIG_OPENSSL_WITH_SEED=y 25 | CONFIG_OPENSSL_WITH_SRP=y 26 | CONFIG_OPENSSL_WITH_TLS13=y 27 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 28 | CONFIG_PACKAGE_althea-babeld=y 29 | CONFIG_PACKAGE_althea-cron-jobs=y 30 | CONFIG_PACKAGE_althea-tools=y 31 | CONFIG_PACKAGE_althea-usb=y 32 | CONFIG_PACKAGE_block-mount=y 33 | CONFIG_PACKAGE_ca-certificates=y 34 | CONFIG_PACKAGE_curl=y 35 | CONFIG_PACKAGE_htop=y 36 | CONFIG_PACKAGE_ifstat=y 37 | CONFIG_PACKAGE_iftop=y 38 | CONFIG_PACKAGE_iperf3=y 39 | CONFIG_PACKAGE_ipset=y 40 | CONFIG_PACKAGE_kmod-crypto-kpp=y 41 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 42 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 43 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 44 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 45 | CONFIG_PACKAGE_kmod-fs-ext4=y 46 | CONFIG_PACKAGE_kmod-ipt-core=y 47 | CONFIG_PACKAGE_kmod-ipt-ipset=y 48 | CONFIG_PACKAGE_kmod-lib-crc16=y 49 | CONFIG_PACKAGE_kmod-mii=y 50 | CONFIG_PACKAGE_kmod-nf-ipt=y 51 | CONFIG_PACKAGE_kmod-sched-cake=y 52 | CONFIG_PACKAGE_kmod-sched-core=y 53 | CONFIG_PACKAGE_kmod-scsi-core=y 54 | CONFIG_PACKAGE_kmod-udptunnel4=y 55 | CONFIG_PACKAGE_kmod-udptunnel6=y 56 | CONFIG_PACKAGE_kmod-usb-ehci=y 57 | CONFIG_PACKAGE_kmod-usb-net=y 58 | CONFIG_PACKAGE_kmod-usb-net-cdc-eem=y 59 | CONFIG_PACKAGE_kmod-usb-net-cdc-ether=y 60 | CONFIG_PACKAGE_kmod-usb-net-cdc-mbim=y 61 | CONFIG_PACKAGE_kmod-usb-net-cdc-ncm=y 62 | CONFIG_PACKAGE_kmod-usb-net-cdc-subset=y 63 | CONFIG_PACKAGE_kmod-usb-net-ipheth=y 64 | CONFIG_PACKAGE_kmod-usb-net-rtl8150=y 65 | CONFIG_PACKAGE_kmod-usb-net-rtl8152=y 66 | CONFIG_PACKAGE_kmod-usb-ohci=y 67 | CONFIG_PACKAGE_kmod-usb-ohci-pci=y 68 | CONFIG_PACKAGE_kmod-usb-storage=y 69 | CONFIG_PACKAGE_kmod-usb-storage-uas=y 70 | CONFIG_PACKAGE_kmod-usb-uhci=y 71 | CONFIG_PACKAGE_kmod-usb-wdm=y 72 | CONFIG_PACKAGE_kmod-usb2=y 73 | CONFIG_PACKAGE_kmod-usb2-pci=y 74 | CONFIG_PACKAGE_kmod-wireguard=y 75 | CONFIG_PACKAGE_libatomic=y 76 | CONFIG_PACKAGE_libcurl=y 77 | CONFIG_PACKAGE_libevdev=y 78 | CONFIG_PACKAGE_libiperf3=y 79 | CONFIG_PACKAGE_libipset=y 80 | CONFIG_PACKAGE_libncurses=y 81 | CONFIG_PACKAGE_libnetsnmp=y 82 | CONFIG_PACKAGE_libnghttp2=y 83 | CONFIG_PACKAGE_libopenssl=y 84 | CONFIG_PACKAGE_libpcap=y 85 | CONFIG_PACKAGE_libpci=y 86 | CONFIG_PACKAGE_libpcre2=y 87 | CONFIG_PACKAGE_libudev-zero=y 88 | CONFIG_PACKAGE_libusb-1.0=y 89 | CONFIG_PACKAGE_libustream-mbedtls=m 90 | CONFIG_PACKAGE_libustream-openssl=y 91 | CONFIG_PACKAGE_mtr-nojson=y 92 | CONFIG_PACKAGE_nano=y 93 | CONFIG_PACKAGE_r8152-firmware=y 94 | CONFIG_PACKAGE_rita-exit=y 95 | CONFIG_PACKAGE_rita-exit-dash=y 96 | CONFIG_PACKAGE_rpcd=y 97 | CONFIG_PACKAGE_tc-tiny=y 98 | CONFIG_PACKAGE_tcpdump=y 99 | CONFIG_PACKAGE_terminfo=y 100 | CONFIG_PACKAGE_uhttpd=y 101 | CONFIG_PACKAGE_usbutils=y 102 | CONFIG_PACKAGE_wireguard-tools=y 103 | -------------------------------------------------------------------------------- /roles/build-config/defaults/main.yml: -------------------------------------------------------------------------------- 1 | rita_type: "client" 2 | logging_enabled: false 3 | logging_level: "WARN" 4 | logging_url: "https://stats.altheamesh.com:9999/compressed_sink/" 5 | source_dir: build 6 | disable_password_login: false 7 | remote_mesh_access: false 8 | insert_keys: false 9 | keys_to_insert: 10 | - "" 11 | dropbear_wan_accessible: false 12 | ssh_port: 22 13 | password_auth: 0 14 | default_price: 100 15 | final_device_template: "{{ conf_to_build if device_template is not defined else device_template }}" 16 | wireless_conf_path: "{{role_path}}/templates/{{final_device_template}}-wireless.j2" 17 | 18 | mesh_subnets: 19 | - "f000::/4" # locally routable address and link local addresses, link local isn't forwarded anyways 20 | - "2000::/4" # most assigned unicast addresses 21 | - "3000::/4" # some depricated stuff 22 | - "4000::/4" # some depricated stuff 23 | - "5000::/4" # some depricated stuff 24 | 25 | wifi_key: "ChangeMe" 26 | 27 | lan_ip: "192.168.10.1" 28 | 29 | # should default to sae-mixed (WPA3/2), which depends on wpad-basic-wolfssl and is enabled by default in openwrt-21.02 30 | # due to high rate of incompatible devices default remains wpa2 only, this should be changed back in the future 31 | wifi_encryption: "psk2+tkip+ccmp" 32 | wifi_disabled: false 33 | wifi_ssid_two_ghz: "altheahome-2" 34 | wifi_ssid_five_ghz: "altheahome-5" 35 | default_exit: "us-west" 36 | release_feed: "" 37 | 38 | listen_interfaces_extended: "{{listen_interfaces}}" 39 | 40 | ####### exit defaults 41 | 42 | description: "Althea Exit Description" 43 | remote_log: "false" 44 | workers: 4 45 | 46 | ### [exit_network] 47 | entry_timeout: 7776000 48 | exit_hello_port: 4875 49 | exit_price: 10000000 50 | exit_start_ip: "172.168.0.100" 51 | # geoip_api_key: "" 52 | # geoip_api_user: "" 53 | own_internal_ip: "172.168.0.254" 54 | own_internal_netmask: 16 55 | wg_tunnel_port: 59999 56 | wg_v2_tunnel_port: 59998 57 | 58 | ### [localization] 59 | display_currency_symbol: "true" 60 | wyre_enabled: "false" 61 | 62 | ### [localization.support_number.code] 63 | support_number_code_source: "plus" 64 | support_number_code_value: 1 65 | 66 | ### [localization.support_number.national] 67 | support_number_value: 8664258432 68 | support_number_zeroes: 0 69 | 70 | ### [network] 71 | exit_metric_factor: 1900 72 | exit_direct_peer_interfaces: [] 73 | exit_direct_peer_vlans: [] 74 | nickname: "Althea Exit" 75 | rita_dashboard_port: 4877 76 | rita_hello_port: 4876 77 | # wan_interface: "eth0" 78 | # wan_proto: "dhcp" 79 | # wan_ipaddr: "1.1.1.2/24" 80 | # wan_ip6addr: "fd00::1/8" 81 | # wan_gateway: "1.1.1.1" 82 | # wan_dns: 83 | # - "8.8.8.8" 84 | # - "8.8.4.4" 85 | wg_private_key: "" 86 | wg_public_key: "" 87 | wg_start_port: 60000 88 | # invalid placeholder replace with real value on Althea L1 once deployed 89 | registered_users_contract_addr: "0xEE8BBA37508cd6f9dB7c8AD0AE2b3DE0168c1b36" 90 | 91 | ### [network.shaper_settings] 92 | network_shaper_enabled: "true" 93 | 94 | ### [payment] 95 | bridge_enabled: "true" 96 | debt_limit_enabled: "true" 97 | free_tier_throughput: 1000 98 | max_fee: 20000000 99 | full_nodes: ["https://dai.althea.net:443"] 100 | system_chain: "Xdai" 101 | 102 | # enables alterante reset button behavior 103 | # False: Default behavior, all overlay data is reset and the device is wiped 104 | # True: Instead of resetting the device by deleting all overlay data it will reset the wifi config 105 | # and rita dashboard password, allowing access to the device without erasing it's data 106 | reset_button_alt: false 107 | -------------------------------------------------------------------------------- /roles/build-config/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Builds the more sensitive and dynamic parts of the firmware root configuration 3 | # for example ssh keys are inserted in this role 4 | 5 | - name: Create Dropbear folder 6 | file: 7 | path: "{{source_dir}}/files/etc/dropbear/" 8 | state: directory 9 | mode: 0700 10 | 11 | - name: Add keys to login 12 | lineinfile: 13 | dest: "{{source_dir}}/files/etc/dropbear/authorized_keys" 14 | line: "{{item}}" 15 | state: present 16 | create: true 17 | with_items: "{{keys_to_insert}}" 18 | when: insert_keys 19 | 20 | - name: Authorized keys only readable by owner 21 | file: 22 | path: "{{source_dir}}/files/etc/dropbear/authorized_keys" 23 | mode: 0600 24 | when: insert_keys 25 | 26 | - name: Create Button configuration folder 27 | file: 28 | path: "{{source_dir}}/files/etc/rc.button/" 29 | state: directory 30 | when: reset_button_alt 31 | 32 | - name: Template reset button configuration 33 | template: 34 | src: "rc.button.j2" 35 | dest: "{{source_dir}}/files/etc/rc.button/reset" 36 | when: reset_button_alt 37 | 38 | - name: Create the UCI config folder 39 | file: 40 | path: "{{source_dir}}/files/etc/config/" 41 | state: directory 42 | 43 | - name: Template dropbear config 44 | template: 45 | src: "dropbear.j2" 46 | dest: "{{source_dir}}/files/etc/config/dropbear" 47 | 48 | - name: Template firewall config 49 | template: 50 | src: "firewall.j2" 51 | dest: "{{source_dir}}/files/etc/config/firewall" 52 | 53 | # Network and wifi stuff is hardware specific, so we keep templates for each 54 | # supported device. it really shouldn't ever change much in upstream LEDE 55 | # but do remember it's possible 56 | - name: Template network interface configuration 57 | template: 58 | src: "{{final_device_template}}-network.j2" 59 | dest: "{{source_dir}}/files/etc/config/network" 60 | 61 | - name: Insert Lan network 62 | blockinfile: 63 | insertbefore: BOF 64 | marker: "#LAN" 65 | path: "{{source_dir}}/files/etc/config/network" 66 | block: | 67 | config interface 'lan' 68 | option type 'bridge' 69 | option ifname '{{lan_interfaces}}' 70 | option proto 'static' 71 | option ipaddr '{{lan_ip}}' 72 | option netmask '255.255.255.0' 73 | option ip6assign '60' 74 | 75 | # we insert boilerplate stuff into the network configs here for the sake of de-duplication 76 | - name: Insert Loopback network 77 | blockinfile: 78 | insertbefore: BOF 79 | marker: "#LO" 80 | path: "{{source_dir}}/files/etc/config/network" 81 | block: | 82 | config interface 'loopback' 83 | option ifname 'lo' 84 | option proto 'static' 85 | option ipaddr '127.0.0.1' 86 | option netmask '255.0.0.0' 87 | 88 | - name: Template wifi interface configuration 89 | template: 90 | src: "{{final_device_template}}-wireless.j2" 91 | dest: "{{source_dir}}/files/etc/config/wireless" 92 | when: wireless_conf_path is file 93 | 94 | - name: Template the Babeld configuration 95 | template: 96 | src: "babeld.j2" 97 | dest: "{{source_dir}}/files/etc/config/babeld" 98 | 99 | - name: Template the Rita configuration 100 | template: 101 | src: "rita.toml.j2" 102 | dest: "{{source_dir}}/files/etc/rita.toml" 103 | when: rita_type == "client" 104 | 105 | - name: Template the rita-exit config 106 | template: 107 | src: rita_exit.toml.j2 108 | dest: "{{source_dir}}/files/etc/rita_exit.toml" 109 | when: rita_type == "exit" 110 | 111 | - name: Write out build details 112 | template: 113 | src: "althea-firmware-release.j2" 114 | dest: "{{source_dir}}/files/etc/althea-firmware-release" 115 | 116 | - name: Template any device specific scripts 117 | template: 118 | src: "{{custom_script}}.j2" 119 | dest: "{{source_dir}}/files/etc/{{custom_script}}" 120 | when: custom_script is defined 121 | 122 | - name: Template package update url 123 | template: 124 | src: customfeeds.conf.j2 125 | dest: "{{source_dir}}/files/etc/opkg/customfeeds.conf" 126 | -------------------------------------------------------------------------------- /config/mikrotik_hap-ac3-exit: -------------------------------------------------------------------------------- 1 | CONFIG_TARGET_ipq40xx=y 2 | CONFIG_TARGET_ipq40xx_mikrotik=y 3 | CONFIG_TARGET_ipq40xx_mikrotik_DEVICE_mikrotik_hap-ac3=y 4 | CONFIG_HTOP_LMSENSORS=y 5 | CONFIG_IFSTAT_SNMP=y 6 | CONFIG_LIBCURL_COOKIES=y 7 | CONFIG_LIBCURL_FILE=y 8 | CONFIG_LIBCURL_FTP=y 9 | CONFIG_LIBCURL_HTTP=y 10 | CONFIG_LIBCURL_MBEDTLS=y 11 | CONFIG_LIBCURL_NGHTTP2=y 12 | CONFIG_LIBCURL_NO_SMB="!" 13 | CONFIG_LIBCURL_PROXY=y 14 | CONFIG_LIBCURL_UNIX_SOCKETS=y 15 | CONFIG_OPENSSL_ENGINE=y 16 | CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y 17 | CONFIG_OPENSSL_WITH_ASM=y 18 | CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y 19 | CONFIG_OPENSSL_WITH_CMS=y 20 | CONFIG_OPENSSL_WITH_DEPRECATED=y 21 | CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y 22 | CONFIG_OPENSSL_WITH_IDEA=y 23 | CONFIG_OPENSSL_WITH_MDC2=y 24 | CONFIG_OPENSSL_WITH_PSK=y 25 | CONFIG_OPENSSL_WITH_SEED=y 26 | CONFIG_OPENSSL_WITH_SRP=y 27 | CONFIG_OPENSSL_WITH_TLS13=y 28 | CONFIG_OPENSSL_WITH_WHIRLPOOL=y 29 | CONFIG_PACKAGE_althea-babeld=y 30 | CONFIG_PACKAGE_althea-cron-jobs=y 31 | CONFIG_PACKAGE_althea-tools=y 32 | CONFIG_PACKAGE_althea-usb=y 33 | CONFIG_PACKAGE_block-mount=y 34 | CONFIG_PACKAGE_ca-certificates=y 35 | CONFIG_PACKAGE_curl=y 36 | CONFIG_PACKAGE_e2fsprogs=y 37 | CONFIG_PACKAGE_htop=y 38 | CONFIG_PACKAGE_ifstat=y 39 | CONFIG_PACKAGE_iftop=y 40 | CONFIG_PACKAGE_iperf3=y 41 | CONFIG_PACKAGE_ipset=y 42 | # CONFIG_PACKAGE_kmod-ath10k-ct is not set 43 | CONFIG_PACKAGE_kmod-ath10k-ct-smallbuffers=y 44 | CONFIG_PACKAGE_kmod-crypto-kpp=y 45 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y 46 | CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y 47 | CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y 48 | CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y 49 | CONFIG_PACKAGE_kmod-crypto-sha256=y 50 | CONFIG_PACKAGE_kmod-fs-ext4=y 51 | CONFIG_PACKAGE_kmod-ipt-core=y 52 | CONFIG_PACKAGE_kmod-ipt-ipset=y 53 | # CONFIG_PACKAGE_kmod-ledtrig-gpio is not set 54 | CONFIG_PACKAGE_kmod-lib-crc16=y 55 | CONFIG_PACKAGE_kmod-mii=y 56 | CONFIG_PACKAGE_kmod-nf-ipt=y 57 | CONFIG_PACKAGE_kmod-sched-cake=y 58 | CONFIG_PACKAGE_kmod-sched-core=y 59 | CONFIG_PACKAGE_kmod-scsi-core=y 60 | CONFIG_PACKAGE_kmod-udptunnel4=y 61 | CONFIG_PACKAGE_kmod-udptunnel6=y 62 | CONFIG_PACKAGE_kmod-usb-ehci=y 63 | CONFIG_PACKAGE_kmod-usb-net=y 64 | CONFIG_PACKAGE_kmod-usb-net-cdc-eem=y 65 | CONFIG_PACKAGE_kmod-usb-net-cdc-ether=y 66 | CONFIG_PACKAGE_kmod-usb-net-cdc-mbim=y 67 | CONFIG_PACKAGE_kmod-usb-net-cdc-ncm=y 68 | CONFIG_PACKAGE_kmod-usb-net-cdc-subset=y 69 | CONFIG_PACKAGE_kmod-usb-net-ipheth=y 70 | CONFIG_PACKAGE_kmod-usb-net-rtl8150=y 71 | CONFIG_PACKAGE_kmod-usb-net-rtl8152=y 72 | CONFIG_PACKAGE_kmod-usb-ohci=y 73 | CONFIG_PACKAGE_kmod-usb-ohci-pci=y 74 | CONFIG_PACKAGE_kmod-usb-storage=y 75 | CONFIG_PACKAGE_kmod-usb-storage-uas=y 76 | CONFIG_PACKAGE_kmod-usb-uhci=y 77 | CONFIG_PACKAGE_kmod-usb-wdm=y 78 | CONFIG_PACKAGE_kmod-usb2=y 79 | CONFIG_PACKAGE_kmod-usb2-pci=y 80 | CONFIG_PACKAGE_kmod-wireguard=y 81 | CONFIG_PACKAGE_libatomic=y 82 | CONFIG_PACKAGE_libblkid=y 83 | CONFIG_PACKAGE_libcomerr=y 84 | CONFIG_PACKAGE_libcurl=y 85 | CONFIG_PACKAGE_libevdev=y 86 | CONFIG_PACKAGE_libevent2-core=y 87 | CONFIG_PACKAGE_libext2fs=y 88 | CONFIG_PACKAGE_libiperf3=y 89 | CONFIG_PACKAGE_libipset=y 90 | CONFIG_PACKAGE_libncurses=y 91 | CONFIG_PACKAGE_libnetsnmp=y 92 | CONFIG_PACKAGE_libnghttp2=y 93 | CONFIG_PACKAGE_libopenssl=y 94 | CONFIG_PACKAGE_libpcap=y 95 | CONFIG_PACKAGE_libpci=y 96 | CONFIG_PACKAGE_libpcre=y 97 | CONFIG_PACKAGE_libpcre2=y 98 | CONFIG_PACKAGE_librt=y 99 | CONFIG_PACKAGE_libss=y 100 | CONFIG_PACKAGE_libudev-zero=y 101 | CONFIG_PACKAGE_libusb-1.0=y 102 | CONFIG_PACKAGE_libustream-mbedtls=m 103 | CONFIG_PACKAGE_libustream-openssl=y 104 | CONFIG_PACKAGE_libuuid=y 105 | CONFIG_PACKAGE_mtr-nojson=y 106 | CONFIG_PACKAGE_nano=y 107 | CONFIG_PACKAGE_r8152-firmware=y 108 | CONFIG_PACKAGE_rita-exit=y 109 | CONFIG_PACKAGE_rita-exit-dash=y 110 | CONFIG_PACKAGE_rpcd=y 111 | CONFIG_PACKAGE_tc-tiny=y 112 | CONFIG_PACKAGE_tcpdump=y 113 | CONFIG_PACKAGE_terminfo=y 114 | CONFIG_PACKAGE_tmux=y 115 | CONFIG_PACKAGE_uhttpd=y 116 | CONFIG_PACKAGE_usbutils=y 117 | CONFIG_PACKAGE_vim-full=y 118 | CONFIG_PACKAGE_wireguard-tools=y 119 | CONFIG_PCRE2_JIT_ENABLED=y 120 | CONFIG_PCRE_JIT_ENABLED=y 121 | -------------------------------------------------------------------------------- /roles/build-config/templates/linksys_whw03v2-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0' 4 | option channel '{{five_ghz_channel}}' 5 | option band '5g' 6 | option htmode 'VHT80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option path 'platform/soc/a000000.wifi' 21 | option channel '{{channel}}' 22 | option band '2g' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan1' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | 35 | config wifi-device 'radio2' 36 | option type 'mac80211' 37 | option path 'platform/soc/a800000.wifi' 38 | option channel '{{five_ghz_channel_alt}}' 39 | option band '5g' 40 | option htmode 'VHT80' 41 | option disabled '{{wifi_disabled}}' 42 | 43 | config wifi-iface 'default_radio2' 44 | option device 'radio2' 45 | option network 'lan' 46 | option mode 'ap' 47 | option ifname 'wlan2' 48 | option ssid '{{wifi_ssid_five_ghz}}' 49 | option encryption '{{wifi_encryption}}' 50 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/linksys_whw03-wireless.j2: -------------------------------------------------------------------------------- 1 | config wifi-device 'radio0' 2 | option type 'mac80211' 3 | option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0' 4 | option channel '{{five_ghz_channel}}' 5 | option band '5g' 6 | option htmode 'VHT80' 7 | option disabled '{{wifi_disabled}}' 8 | 9 | config wifi-iface 'default_radio0' 10 | option device 'radio0' 11 | option network 'lan' 12 | option mode 'ap' 13 | option ifname 'wlan0' 14 | option ssid '{{wifi_ssid_five_ghz}}' 15 | option encryption '{{wifi_encryption}}' 16 | option key '{{wifi_key}}' 17 | 18 | config wifi-device 'radio1' 19 | option type 'mac80211' 20 | option path 'platform/soc/a000000.wifi' 21 | option channel '{{channel}}' 22 | option band '2g' 23 | option htmode 'HT20' 24 | option disabled '{{wifi_disabled}}' 25 | 26 | config wifi-iface 'default_radio1' 27 | option device 'radio1' 28 | option network 'lan' 29 | option mode 'ap' 30 | option ifname 'wlan1' 31 | option ssid '{{wifi_ssid_two_ghz}}' 32 | option encryption '{{wifi_encryption}}' 33 | option key '{{wifi_key}}' 34 | 35 | config wifi-device 'radio2' 36 | option type 'mac80211' 37 | option path 'platform/soc/a800000.wifi' 38 | option channel '{{five_ghz_channel_alt}}' 39 | option band '5g' 40 | option htmode 'VHT80' 41 | option disabled '{{wifi_disabled}}' 42 | 43 | config wifi-iface 'default_radio2' 44 | option device 'radio2' 45 | option network 'lan' 46 | option mode 'ap' 47 | option ifname 'wlan2' 48 | option ssid '{{wifi_ssid_five_ghz}}' 49 | option encryption '{{wifi_encryption}}' 50 | option key '{{wifi_key}}' -------------------------------------------------------------------------------- /roles/build-config/templates/firewall.j2: -------------------------------------------------------------------------------- 1 | config defaults 2 | option tcp_ecn 1 3 | option input REJECT 4 | option output ACCEPT 5 | option forward REJECT 6 | 7 | config zone 8 | option name backhaul 9 | list network 'backhaul' 10 | list network 'lte' 11 | option input REJECT 12 | option output ACCEPT 13 | option forward REJECT 14 | 15 | config zone 16 | option name lan 17 | list network 'lan' 18 | option input ACCEPT 19 | option output ACCEPT 20 | option forward ACCEPT 21 | 22 | # We need this zone to receive mesh traffic 23 | config zone 24 | option name mesh 25 | {% for subnet in mesh_subnets %} 26 | list subnet '{{subnet}}' 27 | {% endfor %} 28 | option input REJECT 29 | option output ACCEPT 30 | option forward ACCEPT 31 | 32 | config rule 33 | option name Allow-Ping 34 | option src mesh 35 | option proto icmp 36 | option target ACCEPT 37 | 38 | config rule 39 | option name Allow-MLD 40 | option src mesh 41 | option proto icmp 42 | list icmp_type '130/0' 43 | list icmp_type '131/0' 44 | list icmp_type '132/0' 45 | list icmp_type '143/0' 46 | option family ipv6 47 | option target ACCEPT 48 | 49 | 50 | # Allow essential incoming IPv6 ICMP traffic 51 | config rule 52 | option name Allow-ICMPv6-Input 53 | option src mesh 54 | option proto icmp 55 | list icmp_type echo-request 56 | list icmp_type echo-reply 57 | list icmp_type destination-unreachable 58 | list icmp_type packet-too-big 59 | list icmp_type time-exceeded 60 | list icmp_type bad-header 61 | list icmp_type unknown-header-type 62 | list icmp_type router-solicitation 63 | list icmp_type neighbour-solicitation 64 | list icmp_type router-advertisement 65 | list icmp_type neighbour-advertisement 66 | option limit 1000/sec 67 | option family ipv6 68 | option target ACCEPT 69 | 70 | 71 | # Allow essential forwarded IPv6 ICMP traffic 72 | config rule 73 | option name Allow-ICMPv6-Forward 74 | option src mesh 75 | option dest * 76 | option proto icmp 77 | list icmp_type echo-request 78 | list icmp_type echo-reply 79 | list icmp_type destination-unreachable 80 | list icmp_type packet-too-big 81 | list icmp_type time-exceeded 82 | list icmp_type bad-header 83 | list icmp_type unknown-header-type 84 | option limit 1000/sec 85 | option family ipv6 86 | option target ACCEPT 87 | 88 | # Dropbear does not listen here by default it may be enabled 89 | # by the user 90 | config rule 91 | option name Allow-Mesh-SSH-2 92 | option src mesh 93 | option dest_port 2200 94 | option target ACCEPT 95 | 96 | config rule 97 | option name Allow-Babel 98 | option src mesh 99 | option dest_port 6696 100 | option target ACCEPT 101 | 102 | 103 | config rule 104 | option name Allow-Rita 105 | option src mesh 106 | option dest_port 4876 107 | option target ACCEPT 108 | 109 | config rule 110 | option name Allow-Rita-Payments 111 | option src mesh 112 | option dest_port 4874 113 | option target ACCEPT 114 | 115 | config rule 116 | option name Reject-Rita-Light-Client-Hello 117 | option src lan 118 | option dest_port 4878 119 | option target REJECT 120 | 121 | 122 | 123 | config rule 124 | option name Allow-Rita-Tunnels 125 | option src mesh 126 | option dest_port 59999-65535 127 | option target ACCEPT 128 | 129 | config rule 130 | option name Allow-Rita-Autosetup 131 | option src mesh 132 | option dest_port 4875 133 | option target ACCEPT 134 | 135 | # Dropbear does not listen here by default, it 136 | # may be enabled by the user 137 | config rule 138 | option name Allow-WAN-SSH 139 | option src backhaul 140 | option dest_port 2200 141 | option target ACCEPT 142 | 143 | config rule 144 | option name Allow-DHCP 145 | option src backhaul 146 | option proto udp 147 | option dest_port 68 148 | option target ACCEPT 149 | 150 | # Allow DHCPv6 replies 151 | # see https://dev.openwrt.org/ticket/10381 152 | config rule 153 | option name Allow-DHCPv6 154 | option src backhaul 155 | option proto udp 156 | option src_ip fc00::/6 157 | option dest_ip fc00::/6 158 | option dest_port 546 159 | option family ipv6 160 | option target ACCEPT 161 | 162 | config include 163 | option path /etc/firewall.user 164 | 165 | --------------------------------------------------------------------------------