diff --git a/docs/README.md b/docs/README.md index cd39b087..780c653a 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,107 +1,183 @@ # SecuBox OpenWrt Documentation -Welcome to the SecuBox OpenWrt documentation. This directory contains comprehensive documentation for the SecuBox mesh network appliance running on OpenWrt 24.10. +Welcome to the **SecuBox** documentation. SecuBox is a privacy-focused mesh network appliance built on OpenWrt 24.10. + +--- ## Quick Links | Document | Description | |----------|-------------| -| [SCREENSHOTS.md](SCREENSHOTS.md) | Module screenshot gallery (CRT P31 theme) | -| [UI-GUIDE.md](UI-GUIDE.md) | UI/UX design guide and theme documentation | -| [MODULES.md](MODULES.md) | Complete module catalog with descriptions | +| [Wiki Home](wiki/Home.md) | Main wiki with module navigation | +| [Installation](wiki/Installation.md) | Getting started guide | +| [Quick Start](wiki/Quick-Start.md) | First-time setup | +| [Architecture](wiki/Architecture.md) | System architecture overview | +| [Module Catalog](wiki/Modules.md) | Complete list of 80+ modules | + +--- + +## Documentation Index + +### User Guides + +| Guide | Description | +|-------|-------------| +| [SCREENSHOTS.md](SCREENSHOTS.md) | Module screenshot gallery (111 modules) | +| [UI-GUIDE.md](UI-GUIDE.md) | CRT P31 theme design guide | +| [MODULES.md](MODULES.md) | Package catalog with versions | | [API.md](API.md) | RPCD/ubus API reference | +### Module Documentation + +| Category | Wiki Page | Modules | +|----------|-----------|---------| +| Security | [wiki/modules/Security.md](wiki/modules/Security.md) | 15 modules | +| Network | [wiki/modules/Network.md](wiki/modules/Network.md) | 12 modules | +| Monitoring | [wiki/modules/Monitoring.md](wiki/modules/Monitoring.md) | 10 modules | +| VPN & Mesh | [wiki/modules/Mesh.md](wiki/modules/Mesh.md) | 7 modules | +| DNS | [wiki/modules/DNS.md](wiki/modules/DNS.md) | 6 modules | +| Apps | [wiki/modules/Apps.md](wiki/modules/Apps.md) | 20 modules | +| System | [wiki/modules/System.md](wiki/modules/System.md) | 14 modules | +| AI | [wiki/modules/AI.md](wiki/modules/AI.md) | 8 modules | + +### Development + +| Document | Description | +|----------|-------------| +| [development-guidelines.md](development-guidelines.md) | Coding standards | +| [module-implementation-guide.md](module-implementation-guide.md) | Creating new modules | +| [luci-development-reference.md](luci-development-reference.md) | LuCI JavaScript guide | +| [validation-guide.md](validation-guide.md) | Testing and validation | + +--- + ## Project Overview -**SecuBox** is a privacy-focused mesh network appliance built on OpenWrt. It provides: +**SecuBox** provides: -- 🛡️ **Security**: CrowdSec IDS/IPS, WAF with mitmproxy, network isolation -- 🌐 **Mesh Networking**: WireGuard VPN, P2P gossip protocol, automatic peer discovery -- 🤖 **AI Integration**: Local AI with LocalAI/Ollama, sovereign data classification -- 📡 **Privacy**: Tor integration, anonymous service exposure, ZKP verification -- 🎨 **Modern UI**: LuCI-based dashboard with CRT P31 phosphor green terminal theme +- **Security**: CrowdSec IDS/IPS, WAF with mitmproxy, network isolation +- **Mesh Networking**: WireGuard VPN, P2P gossip protocol, automatic peer discovery +- **AI Integration**: Local AI with LocalAI/Ollama, sovereign data classification +- **Privacy**: Tor integration, anonymous service exposure, ZKP verification +- **Modern UI**: LuCI-based dashboard with CRT P31 phosphor green terminal theme -## Screenshots Directory +### Module Statistics -Screenshots are organized by platform: +| Category | Count | +|----------|-------| +| LuCI Apps | 80+ | +| Backend Packages | 40+ | +| Service Apps | 20+ | +| **Total** | **140+** | + +--- + +## Directory Structure ``` docs/ +├── README.md # This file +├── SCREENSHOTS.md # Screenshot gallery (111 modules) +├── MODULES.md # Package catalog +├── API.md # API reference +├── UI-GUIDE.md # Theme documentation ├── screenshots/ -│ └── router/ # MochaBin/ARM64 router screenshots -└── wiki/ # Multilingual documentation +│ └── router/ # OpenWrt router screenshots +└── wiki/ + ├── Home.md # Wiki home + ├── Installation.md # Installation guide + ├── Quick-Start.md # Quick start + ├── Architecture.md # Architecture overview + ├── Modules.md # Module catalog + └── modules/ + ├── Security.md # Security modules + ├── Network.md # Network modules + ├── Mesh.md # VPN & Mesh modules + ├── DNS.md # DNS modules + ├── Apps.md # Application modules + ├── System.md # System modules + └── AI.md # AI modules ``` +--- + ## Theme: CRT P31 Phosphor Green -The SecuBox UI uses a retro CRT terminal aesthetic: +SecuBox uses a retro CRT terminal aesthetic: -- **Primary Color**: `#33ff66` (phosphor peak green) -- **Background**: `#050803` (deep tube black) -- **Font**: Monospace (Courier Prime, IBM Plex Mono) -- **Effects**: - - Scanline overlay - - Phosphor glow on text - - Terminal boot sequence animation +| Element | Color | +|---------|-------| +| Primary | `#33ff66` (phosphor peak) | +| Background | `#050803` (tube black) | +| Font | Monospace (Courier Prime) | +| Effects | Scanlines, phosphor glow | ![Theme Preview](screenshots/router/portal.png) -## Module Categories +See [UI-GUIDE.md](UI-GUIDE.md) for full theme documentation. -### Core -- `secubox-core` - Base configuration and utilities -- `secubox-mesh` - Mesh daemon with topology management -- `secubox-identity` - DID generation and trust scoring -- `secubox-p2p` - P2P gossip protocol +--- -### Security (12 modules) -- CrowdSec Dashboard, WAF Filters, MITM Proxy -- DNS Guard, Vortex DNS Firewall -- Auth/Client/MAC Guardian, ZKP verification +## CLI Quick Reference -### Network (8 modules) -- Network Modes, Bandwidth Manager, Traffic Shaper -- HAProxy, Virtual Hosts, CDN Cache +```bash +# System +secubox status # System status +secubox version # Version info -### Monitoring (6 modules) -- Netdata integration, DPI (netifyd) -- Device Intel, Media Flow, Watchdog, LAN Flows +# Mesh +secuboxctl status # Mesh status +secuboxctl peers # List peers -### Publishing (4 modules) -- Metablogizer, Droplet, Streamlit Forge, Metacatalog +# Security +cscli decisions list # CrowdSec bans +cscli alerts list # Recent alerts -### AI (4 modules) -- AI Gateway (data sovereignty), AI Insights -- LocalAI, Ollama integration +# Network +haproxyctl vhost list # List vhosts +wgctl status # WireGuard status -## API Reference +# AI +aigatewayctl status # AI Gateway status +``` + +--- + +## API Usage All LuCI modules expose RPCD/ubus APIs: ```bash -# List available methods +# List methods ubus list | grep luci.secubox -# Call a method +# Call method ubus call luci.secubox-mesh status -# Example: Get mesh topology -ubus call luci.secubox-mesh topology +# With parameters +ubus call luci.secubox-mesh scan_full '{}' ``` -See [API.md](API.md) for complete method documentation. +See [API.md](API.md) for complete documentation. + +--- ## Development -### Quick Deploy (without rebuild) +### Quick Deploy ```bash # Deploy JS views -scp htdocs/luci-static/resources/view/secubox/*.js root@192.168.255.1:/www/luci-static/resources/view/secubox/ +scp htdocs/luci-static/resources/view/secubox/*.js \ + root@192.168.255.1:/www/luci-static/resources/view/secubox/ # Deploy RPCD handler -scp root/usr/libexec/rpcd/ root@192.168.255.1:/usr/libexec/rpcd/ +scp root/usr/libexec/rpcd/ \ + root@192.168.255.1:/usr/libexec/rpcd/ ssh root@192.168.255.1 '/etc/init.d/rpcd restart' + +# Clear caches +ssh root@192.168.255.1 'rm -rf /tmp/luci-*' ``` ### Build Package @@ -114,6 +190,8 @@ rsync -av --delete package/secubox// secubox-tools/local-feed// ./secubox-tools/local-build.sh build ``` +--- + ## Support - **Repository**: [github.com/gkerma/secubox-openwrt](https://github.com/gkerma/secubox-openwrt) @@ -122,4 +200,4 @@ rsync -av --delete package/secubox// secubox-tools/local-feed// --- -*SecuBox v1.0.0 | CyberMind — 2026* +*SecuBox v1.0.0 | CyberMind 2026* diff --git a/docs/SCREENSHOTS.md b/docs/SCREENSHOTS.md index 4306de36..1c76200f 100644 --- a/docs/SCREENSHOTS.md +++ b/docs/SCREENSHOTS.md @@ -1,131 +1,231 @@ -# SecuBox Module Screenshots - OpenWrt Router +# SecuBox Module Screenshots *Generated: 2026-03-26* **Host:** https://192.168.255.1 (C3BOX) **Theme:** CRT P31 Phosphor Green Terminal **Platform:** OpenWrt 24.10 / MochaBin ARM64 +**Total Modules:** 80+ LuCI apps --- -## Module Gallery +## Core & Dashboard -### Dashboard +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| System Hub | ![](screenshots/router/hub.png) | `luci-app-system-hub` | Pending | +| SecuBox Portal | ![](screenshots/router/portal.png) | `luci-app-secubox-portal` | Pending | +| Metrics Dashboard | ![](screenshots/router/metrics.png) | `luci-app-metrics-dashboard` | Pending | +| SecuBox Admin | ![](screenshots/router/admin.png) | `luci-app-secubox-admin` | Pending | +| Dev Status | ![](screenshots/router/devstatus.png) | `secubox-dev-status` | Pending | +| Login Screen | ![](screenshots/router/login.png) | `luci-theme-secubox` | Pending | -| Module | Screenshot | Status | -|--------|------------|--------| -| 🏠 **System Hub** | ![System Hub](screenshots/router/hub.png) | ⏳ Pending | -| 📊 **Metrics Dashboard** | ![Metrics](screenshots/router/metrics.png) | ⏳ Pending | -| 🎯 **Portal** | ![Portal](screenshots/router/portal.png) | ⏳ Pending | -| 📋 **Dev Status** | ![Dev Status](screenshots/router/devstatus.png) | ⏳ Pending | +--- -### Security +## Security (15 modules) -| Module | Screenshot | Status | -|--------|------------|--------| -| 🛡️ **CrowdSec Dashboard** | ![CrowdSec](screenshots/router/crowdsec.png) | ⏳ Pending | -| 🔥 **WAF Filters** | ![WAF](screenshots/router/waf.png) | ⏳ Pending | -| 🔍 **MITM Proxy** | ![Mitmproxy](screenshots/router/mitmproxy.png) | ⏳ Pending | -| 🚨 **Security Threats** | ![Threats](screenshots/router/threats.png) | ⏳ Pending | -| 🔒 **Threat Analyst** | ![Threat Analyst](screenshots/router/threat-analyst.png) | ⏳ Pending | +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| CrowdSec Dashboard | ![](screenshots/router/crowdsec.png) | `luci-app-crowdsec-dashboard` | Pending | +| WAF Filters | ![](screenshots/router/waf.png) | `luci-app-mitmproxy` | Pending | +| Security Threats | ![](screenshots/router/threats.png) | `luci-app-secubox-security-threats` | Pending | +| Threat Analyst | ![](screenshots/router/threat-analyst.png) | `luci-app-threat-analyst` | Pending | +| DNS Guard | ![](screenshots/router/dnsguard.png) | `luci-app-dnsguard` | Pending | +| Auth Guardian | ![](screenshots/router/auth.png) | `luci-app-auth-guardian` | Pending | +| Client Guardian | ![](screenshots/router/clients.png) | `luci-app-client-guardian` | Pending | +| MAC Guardian | ![](screenshots/router/mac.png) | `luci-app-mac-guardian` | Pending | +| IoT Guard | ![](screenshots/router/iot.png) | `luci-app-iot-guard` | Pending | +| IP Blocklist | ![](screenshots/router/ipblocklist.png) | `luci-app-ipblocklist` | Pending | +| ZKP Verification | ![](screenshots/router/zkp.png) | `luci-app-zkp` | Pending | +| CVE Triage | ![](screenshots/router/cve.png) | `luci-app-cve-triage` | Pending | +| Cookie Tracker | ![](screenshots/router/cookies.png) | `luci-app-cookie-tracker` | Pending | +| Avatar Tap | ![](screenshots/router/avatar-tap.png) | `luci-app-avatar-tap` | Pending | +| Interceptor | ![](screenshots/router/interceptor.png) | `luci-app-interceptor` | Pending | -### Network +--- -| Module | Screenshot | Status | -|--------|------------|--------| -| 🌐 **Network Modes** | ![Network Modes](screenshots/router/netmodes.png) | ⏳ Pending | -| 📈 **Bandwidth Manager** | ![Bandwidth](screenshots/router/bandwidth.png) | ⏳ Pending | -| 📊 **Traffic Shaper** | ![Traffic](screenshots/router/traffic.png) | ⏳ Pending | -| ⚡ **HAProxy** | ![HAProxy](screenshots/router/haproxy.png) | ⏳ Pending | -| 🏗️ **Virtual Hosts** | ![Vhosts](screenshots/router/vhost.png) | ⏳ Pending | -| 🚀 **CDN Cache** | ![CDN](screenshots/router/cdn.png) | ⏳ Pending | +## Network (12 modules) -### Monitoring +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Network Modes | ![](screenshots/router/netmodes.png) | `luci-app-network-modes` | Pending | +| Bandwidth Manager | ![](screenshots/router/bandwidth.png) | `luci-app-bandwidth-manager` | Pending | +| Traffic Shaper | ![](screenshots/router/traffic.png) | `luci-app-traffic-shaper` | Pending | +| HAProxy | ![](screenshots/router/haproxy.png) | `luci-app-haproxy` | Pending | +| Virtual Hosts | ![](screenshots/router/vhost.png) | `luci-app-vhost-manager` | Pending | +| CDN Cache | ![](screenshots/router/cdn.png) | `luci-app-cdn-cache` | Pending | +| Network Tweaks | ![](screenshots/router/tweaks.png) | `luci-app-network-tweaks` | Pending | +| Routes Status | ![](screenshots/router/routes.png) | `luci-app-routes-status` | Pending | +| SAAS Relay | ![](screenshots/router/saas.png) | `luci-app-saas-relay` | Pending | +| Network Diag | ![](screenshots/router/netdiag.png) | `luci-app-secubox-netdiag` | Pending | +| MQTT Bridge | ![](screenshots/router/mqtt.png) | `luci-app-mqtt-bridge` | Pending | +| KSM Manager | ![](screenshots/router/ksm.png) | `luci-app-ksm-manager` | Pending | -| Module | Screenshot | Status | -|--------|------------|--------| -| 📊 **Netdata** | ![Netdata](screenshots/router/netdata.png) | ⏳ Pending | -| 🔬 **DPI (netifyd)** | ![DPI](screenshots/router/dpi.png) | ⏳ Pending | -| 📱 **Device Intel** | ![Device Intel](screenshots/router/device-intel.png) | ⏳ Pending | -| 🎬 **Media Flow** | ![Media Flow](screenshots/router/mediaflow.png) | ⏳ Pending | -| 👁️ **Watchdog** | ![Watchdog](screenshots/router/watchdog.png) | ⏳ Pending | -| 📡 **LAN Flows** | ![LAN Flows](screenshots/router/lan-flows.png) | ⏳ Pending | +--- -### VPN & Mesh +## Monitoring (10 modules) -| Module | Screenshot | Status | -|--------|------------|--------| -| 🔐 **WireGuard** | ![WireGuard](screenshots/router/wireguard.png) | ⏳ Pending | -| 🌐 **Mesh Network** | ![Mesh](screenshots/router/mesh.png) | ⏳ Pending | -| 🤝 **P2P Network** | ![P2P](screenshots/router/p2p.png) | ⏳ Pending | -| 🪞 **Mirror** | ![Mirror](screenshots/router/mirror.png) | ⏳ Pending | -| 🔗 **Master Link** | ![Master Link](screenshots/router/master-link.png) | ⏳ Pending | +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Netdata | ![](screenshots/router/netdata.png) | `luci-app-netdata-dashboard` | Pending | +| DPI (netifyd) | ![](screenshots/router/dpi.png) | `luci-app-secubox-netifyd` | Pending | +| DPI Dual Stream | ![](screenshots/router/dpi-dual.png) | `luci-app-dpi-dual` | Pending | +| Device Intel | ![](screenshots/router/device-intel.png) | `luci-app-device-intel` | Pending | +| Media Flow | ![](screenshots/router/mediaflow.png) | `luci-app-media-flow` | Pending | +| Watchdog | ![](screenshots/router/watchdog.png) | `luci-app-watchdog` | Pending | +| Glances | ![](screenshots/router/glances.png) | `luci-app-glances` | Pending | +| Network Anomaly | ![](screenshots/router/anomaly.png) | `luci-app-network-anomaly` | Pending | +| nDPId | ![](screenshots/router/ndpid.png) | `luci-app-ndpid` | Pending | +| LAN Flows | ![](screenshots/router/lan-flows.png) | `luci-app-dpi-dual` | Pending | -### DNS +--- -| Module | Screenshot | Status | -|--------|------------|--------| -| 🌍 **DNS Master** | ![DNS Master](screenshots/router/dns.png) | ⏳ Pending | -| 🛡️ **DNS Guard** | ![DNS Guard](screenshots/router/dnsguard.png) | ⏳ Pending | -| 🔥 **Vortex DNS** | ![Vortex DNS](screenshots/router/vortex-dns.png) | ⏳ Pending | -| 📡 **Meshname DNS** | ![Meshname](screenshots/router/meshname.png) | ⏳ Pending | -| 🔑 **DNS Provider** | ![DNS Provider](screenshots/router/dns-provider.png) | ⏳ Pending | +## VPN & Mesh (7 modules) -### Privacy +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| WireGuard Dashboard | ![](screenshots/router/wireguard.png) | `luci-app-wireguard-dashboard` | Pending | +| Mesh Network | ![](screenshots/router/mesh.png) | `luci-app-secubox-mesh` | Pending | +| P2P Network | ![](screenshots/router/p2p.png) | `luci-app-secubox-p2p` | Pending | +| MirrorNet | ![](screenshots/router/mirror.png) | `luci-app-secubox-mirror` | Pending | +| Master Link | ![](screenshots/router/master-link.png) | `luci-app-master-link` | Pending | +| OpenClaw | ![](screenshots/router/openclaw.png) | `luci-app-openclaw` | Pending | +| TURN Server | ![](screenshots/router/turn.png) | `luci-app-turn` | Pending | -| Module | Screenshot | Status | -|--------|------------|--------| -| 🧅 **Tor Shield** | ![Tor](screenshots/router/tor.png) | ⏳ Pending | -| 🌐 **Exposure** | ![Exposure](screenshots/router/exposure.png) | ⏳ Pending | -| 🔐 **ZKP** | ![ZKP](screenshots/router/zkp.png) | ⏳ Pending | +--- -### Access Control +## DNS (6 modules) -| Module | Screenshot | Status | -|--------|------------|--------| -| 🔐 **Auth Guardian** | ![Auth](screenshots/router/auth.png) | ⏳ Pending | -| 👥 **Client Guardian** | ![Clients](screenshots/router/clients.png) | ⏳ Pending | -| 🖥️ **MAC Guardian** | ![MAC](screenshots/router/mac.png) | ⏳ Pending | -| 👤 **User Management** | ![Users](screenshots/router/users.png) | ⏳ Pending | +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| DNS Master | ![](screenshots/router/dns.png) | `luci-app-dns-master` | Pending | +| DNS Guard | ![](screenshots/router/dnsguard.png) | `luci-app-dnsguard` | Pending | +| Vortex DNS | ![](screenshots/router/vortex-dns.png) | `luci-app-vortex-dns` | Pending | +| Meshname DNS | ![](screenshots/router/meshname.png) | `luci-app-meshname-dns` | Pending | +| DNS Provider | ![](screenshots/router/dns-provider.png) | `luci-app-dns-provider` | Pending | +| AdGuard Home | ![](screenshots/router/adguard.png) | `secubox-app-adguardhome` | Pending | -### Publishing +--- -| Module | Screenshot | Status | -|--------|------------|--------| -| 📝 **Metablogizer** | ![Metablogizer](screenshots/router/metablogizer.png) | ⏳ Pending | -| 💧 **Droplet** | ![Droplet](screenshots/router/droplet.png) | ⏳ Pending | -| 🎨 **Streamlit Forge** | ![Streamlit Forge](screenshots/router/streamforge.png) | ⏳ Pending | -| 📚 **Metacatalog** | ![Metacatalog](screenshots/router/metacatalog.png) | ⏳ Pending | +## Privacy (4 modules) -### Apps & Services +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Tor Shield | ![](screenshots/router/tor.png) | `luci-app-tor-shield` | Pending | +| Tor Services | ![](screenshots/router/tor-services.png) | `luci-app-tor` | Pending | +| Exposure | ![](screenshots/router/exposure.png) | `luci-app-exposure` | Pending | +| Interceptor | ![](screenshots/router/interceptor.png) | `luci-app-interceptor` | Pending | -| Module | Screenshot | Status | -|--------|------------|--------| -| 📦 **App Store** | ![Apps](screenshots/router/apps.png) | ⏳ Pending | -| 🎥 **Jellyfin** | ![Jellyfin](screenshots/router/jellyfin.png) | ⏳ Pending | -| 🎵 **Lyrion** | ![Lyrion](screenshots/router/lyrion.png) | ⏳ Pending | -| 💻 **Gitea** | ![Gitea](screenshots/router/gitea.png) | ⏳ Pending | -| ☁️ **Nextcloud** | ![Nextcloud](screenshots/router/nextcloud.png) | ⏳ Pending | -| 📺 **PeerTube** | ![PeerTube](screenshots/router/peertube.png) | ⏳ Pending | +--- -### System +## Publishing (8 modules) -| Module | Screenshot | Status | -|--------|------------|--------| -| ⚙️ **SecuBox Settings** | ![Settings](screenshots/router/settings.png) | ⏳ Pending | -| 💾 **Config Vault** | ![Config Vault](screenshots/router/config-vault.png) | ⏳ Pending | -| 📧 **SMTP Relay** | ![SMTP](screenshots/router/smtp.png) | ⏳ Pending | -| 📊 **Reporter** | ![Reporter](screenshots/router/reporter.png) | ⏳ Pending | -| 🖥️ **RTTY Remote** | ![RTTY](screenshots/router/rtty.png) | ⏳ Pending | +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Metablogizer | ![](screenshots/router/metablogizer.png) | `luci-app-metablogizer` | Pending | +| Droplet | ![](screenshots/router/droplet.png) | `luci-app-droplet` | Pending | +| Streamlit Forge | ![](screenshots/router/streamforge.png) | `luci-app-streamlit-forge` | Pending | +| Streamlit | ![](screenshots/router/streamlit.png) | `luci-app-streamlit` | Pending | +| Metacatalog | ![](screenshots/router/metacatalog.png) | `luci-app-metacatalog` | Pending | +| HexoJS | ![](screenshots/router/hexo.png) | `luci-app-hexojs` | Pending | +| Metabolizer | ![](screenshots/router/metabolizer.png) | `luci-app-metabolizer` | Pending | +| Repo | ![](screenshots/router/repo.png) | `luci-app-repo` | Pending | -### AI Features +--- -| Module | Screenshot | Status | -|--------|------------|--------| -| 🤖 **AI Gateway** | ![AI Gateway](screenshots/router/ai-gateway.png) | ⏳ Pending | -| 💡 **AI Insights** | ![AI Insights](screenshots/router/ai-insights.png) | ⏳ Pending | -| 🧠 **LocalAI** | ![LocalAI](screenshots/router/localai.png) | ⏳ Pending | -| 🦙 **Ollama** | ![Ollama](screenshots/router/ollama.png) | ⏳ Pending | +## Applications (20 modules) + +### Media + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Jellyfin | ![](screenshots/router/jellyfin.png) | `luci-app-jellyfin` | Pending | +| Lyrion | ![](screenshots/router/lyrion.png) | `luci-app-lyrion` | Pending | +| PhotoPrism | ![](screenshots/router/photoprism.png) | `luci-app-photoprism` | Pending | +| PeerTube | ![](screenshots/router/peertube.png) | `luci-app-peertube` | Pending | +| Webradio | ![](screenshots/router/webradio.png) | `luci-app-webradio` | Pending | +| Media Hub | ![](screenshots/router/mediahub.png) | `luci-app-media-hub` | Pending | + +### Collaboration + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Nextcloud | ![](screenshots/router/nextcloud.png) | `luci-app-nextcloud` | Pending | +| Gitea | ![](screenshots/router/gitea.png) | `luci-app-gitea` | Pending | +| Jitsi | ![](screenshots/router/jitsi.png) | `luci-app-jitsi` | Pending | + +### Communication + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Matrix | ![](screenshots/router/matrix.png) | `luci-app-matrix` | Pending | +| Jabber | ![](screenshots/router/jabber.png) | `luci-app-jabber` | Pending | +| SimpleX | ![](screenshots/router/simplex.png) | `luci-app-simplex` | Pending | +| VoIP | ![](screenshots/router/voip.png) | `luci-app-voip` | Pending | + +### Social + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| GoToSocial | ![](screenshots/router/gotosocial.png) | `luci-app-gotosocial` | Pending | + +### IoT + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Domoticz | ![](screenshots/router/domoticz.png) | `luci-app-domoticz` | Pending | +| Zigbee2MQTT | ![](screenshots/router/zigbee.png) | `luci-app-zigbee2mqtt` | Pending | +| MagicMirror | ![](screenshots/router/magicmirror.png) | `luci-app-magicmirror2` | Pending | + +### Utilities + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| Mailserver | ![](screenshots/router/mailserver.png) | `luci-app-mailserver` | Pending | +| Torrent | ![](screenshots/router/torrent.png) | `luci-app-torrent` | Pending | +| Newsbin | ![](screenshots/router/newsbin.png) | `luci-app-newsbin` | Pending | +| PicoBrew | ![](screenshots/router/picobrew.png) | `luci-app-picobrew` | Pending | + +--- + +## System (14 modules) + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| SecuBox Settings | ![](screenshots/router/settings.png) | `luci-app-secubox` | Pending | +| Config Vault | ![](screenshots/router/config-vault.png) | `luci-app-config-vault` | Pending | +| Config Advisor | ![](screenshots/router/config-advisor.png) | `luci-app-config-advisor` | Pending | +| SMTP Relay | ![](screenshots/router/smtp.png) | `luci-app-smtp-relay` | Pending | +| Reporter | ![](screenshots/router/reporter.png) | `luci-app-reporter` | Pending | +| RTTY Remote | ![](screenshots/router/rtty.png) | `luci-app-rtty-remote` | Pending | +| Backup | ![](screenshots/router/backup.png) | `luci-app-backup` | Pending | +| Cloner | ![](screenshots/router/cloner.png) | `luci-app-cloner` | Pending | +| Users | ![](screenshots/router/users.png) | `luci-app-secubox-users` | Pending | +| Cyberfeed | ![](screenshots/router/cyberfeed.png) | `luci-app-cyberfeed` | Pending | +| RezApp | ![](screenshots/router/rezapp.png) | `luci-app-rezapp` | Pending | + +--- + +## AI Features (8 modules) + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| AI Gateway | ![](screenshots/router/ai-gateway.png) | `luci-app-ai-gateway` | Pending | +| AI Insights | ![](screenshots/router/ai-insights.png) | `luci-app-ai-insights` | Pending | +| LocalAI | ![](screenshots/router/localai.png) | `luci-app-localai` | Pending | +| Ollama | ![](screenshots/router/ollama.png) | `luci-app-ollama` | Pending | +| LocalRecall | ![](screenshots/router/localrecall.png) | `luci-app-localrecall` | Pending | +| Threat Analyst | ![](screenshots/router/threat-analyst.png) | `luci-app-threat-analyst` | Pending | +| CVE Triage | ![](screenshots/router/cve.png) | `luci-app-cve-triage` | Pending | +| Network Anomaly | ![](screenshots/router/anomaly.png) | `luci-app-network-anomaly` | Pending | + +--- + +## Theme + +| Module | Screenshot | Package | Status | +|--------|------------|---------|--------| +| CRT P31 Theme | ![](screenshots/router/theme.png) | `luci-theme-secubox` | Pending | --- @@ -137,23 +237,54 @@ To capture screenshots for this documentation: # From development machine with browser access cd docs/screenshots/router/ -# Use browser screenshot tool or: +# Browser screenshot tools: # - Firefox: Ctrl+Shift+S (area select) -# - Chrome: DevTools → Capture screenshot -# - CLI: chromium --headless --screenshot=hub.png https://192.168.255.1/cgi-bin/luci/admin/secubox/hub +# - Chrome: DevTools (F12) → More tools → Capture screenshot +# - CLI headless: +chromium --headless --screenshot=hub.png \ + --window-size=1920,1080 \ + https://192.168.255.1/cgi-bin/luci/admin/secubox/hub -# Recommended dimensions: 1280x800 or 1920x1080 -# Format: PNG with transparency disabled +# Recommended dimensions: 1920x1080 or 1280x800 +# Format: PNG ``` ## Theme Information -All screenshots should use the **CRT P31 Phosphor Green** theme: -- Primary: `#33ff66` (phosphor peak) -- Background: `#050803` (tube black) -- Font: Monospace (Courier Prime, IBM Plex Mono) -- Effects: Scanlines overlay, phosphor glow +All screenshots use the **CRT P31 Phosphor Green** theme: + +| Element | Color | +|---------|-------| +| Primary (phosphor peak) | `#33ff66` | +| Secondary (phosphor hot) | `#66ffaa` | +| Tertiary (phosphor mid) | `#22cc44` | +| Background (tube black) | `#050803` | +| Surface | `#080d05` | +| Warning (phosphor decay) | `#ffb347` | +| Error | `#ff6b6b` | + +**Font:** Monospace (Courier Prime, IBM Plex Mono, Fira Code) +**Effects:** Scanlines overlay, phosphor glow, CRT curve --- -*Total modules: 50+ | Screenshots pending: All* +## Screenshot Checklist + +- [ ] Core & Dashboard (6) +- [ ] Security (15) +- [ ] Network (12) +- [ ] Monitoring (10) +- [ ] VPN & Mesh (7) +- [ ] DNS (6) +- [ ] Privacy (4) +- [ ] Publishing (8) +- [ ] Applications (20) +- [ ] System (14) +- [ ] AI Features (8) +- [ ] Theme (1) + +**Total: 111 screenshots pending** + +--- + +*SecuBox v1.0.0 | CyberMind 2026* diff --git a/docs/wiki/Architecture.md b/docs/wiki/Architecture.md new file mode 100644 index 00000000..88fad738 --- /dev/null +++ b/docs/wiki/Architecture.md @@ -0,0 +1,221 @@ +# SecuBox Architecture + +SecuBox is built on a 4-layer architecture designed for privacy, security, and decentralization. + +--- + +## The 4 Layers (Les 4 Couches) + +``` ++--------------------------------------------------+ +| Layer 4: Roadmap & Governance | +| Version milestones, certifications | ++--------------------------------------------------+ +| Layer 3: MirrorNetworking | +| P2P gossip, mesh orchestration, CDN | ++--------------------------------------------------+ +| Layer 2: AI Gateway | +| Data sovereignty, local inference, routing | ++--------------------------------------------------+ +| Layer 1: Core Mesh | +| OpenWrt, WireGuard, CrowdSec, HAProxy | ++--------------------------------------------------+ +``` + +--- + +## Layer 1: Core Mesh + +The foundation layer running on OpenWrt 24.10. + +### Components + +| Component | Purpose | +|-----------|---------| +| **OpenWrt** | Base operating system | +| **WireGuard** | VPN tunnels for mesh | +| **CrowdSec** | IDS/IPS with threat intel | +| **HAProxy** | Reverse proxy, SSL termination | +| **mitmproxy** | WAF, TLS inspection | +| **dnsmasq** | DNS and DHCP | +| **LXC** | Container runtime | + +### Mesh Daemon (`secuboxd`) + +The mesh daemon handles: +- Peer discovery via mDNS (`_secubox._udp.local`) +- Topology management +- Gate election (weighted scoring) +- Cross-node telemetry + +``` +secubox-mesh/ +├── secuboxd # Main daemon +├── secuboxctl # CLI interface +└── lib/ + ├── topology.sh # Topology management + ├── discovery.sh # Peer discovery + ├── election.sh # Gate election + └── telemetry.sh # Metrics collection +``` + +--- + +## Layer 2: AI Gateway + +Data sovereignty engine for AI operations. + +### Data Classification + +| Tier | Description | Destination | +|------|-------------|-------------| +| **LOCAL_ONLY** | Raw network data, IPs, MACs | Never leaves device | +| **SANITIZED** | Anonymized patterns | Mistral EU (opt-in) | +| **CLOUD_DIRECT** | Generic queries | Claude/GPT (opt-in) | + +### Provider Routing + +Priority order for AI requests: +1. LocalAI (local inference) +2. Mistral (EU sovereign) +3. Claude +4. OpenAI GPT +5. Gemini +6. xAI + +### AI Agents + +| Agent | Function | +|-------|----------| +| Threat Analyst | CrowdSec alert analysis | +| DNS Guard | DNS anomaly detection | +| CVE Triage | Vulnerability prioritization | +| Network Anomaly | Traffic pattern analysis | +| Config Advisor | ANSSI compliance | + +--- + +## Layer 3: MirrorNetworking + +Decentralized mesh orchestration. + +### Dual Transport + +| Tier | Protocol | Purpose | +|------|----------|---------| +| Tier 1 | WireGuard | Known peers, trusted mesh | +| Tier 2 | Yggdrasil | Discovery, extended mesh | + +### Gossip Protocol + +Services synchronized across the mesh: +- **Threat Intel**: IoC signed gossip +- **Service Registry**: Published services +- **Configuration**: Distributed config sync +- **AI Inference**: Distributed model queries + +### Punk Exposure Model + +Three-verb service exposure: + +1. **Peek**: Discover and scan services +2. **Poke**: Configure exposure channels +3. **Emancipate**: Activate exposure + +Channels: +- **Tor**: `.onion` hidden services +- **DNS/SSL**: HTTPS via HAProxy + ACME +- **Mesh**: P2P service registry + +--- + +## Layer 4: Roadmap + +Version governance and certifications. + +### Milestones + +| Version | Status | Features | +|---------|--------|----------| +| v0.18 | Done | MirrorBox Core | +| v0.19 | Done | AI Expansion | +| v1.0 | Done | Full Stack | +| v1.1 | Done | Extended Mesh | + +### Target Certifications + +- **ANSSI CSPN**: French security certification +- **CE**: European conformity +- **GDPR**: Data protection compliance +- **NIS2**: Network security directive + +--- + +## Network Architecture + +``` +Internet + │ + ▼ +┌──────────────┐ +│ HAProxy │ ◄── SSL termination, routing +│ (LXC) │ +└──────┬───────┘ + │ + ▼ +┌──────────────┐ +│ mitmproxy │ ◄── WAF, TLS inspection +│ (LXC) │ +└──────┬───────┘ + │ + ▼ +┌──────────────┐ +│ CrowdSec │ ◄── IDS/IPS +│ (host) │ +└──────┬───────┘ + │ + ▼ +┌──────────────┐ +│ Services │ ◄── Jellyfin, Nextcloud, etc. +│ (LXC) │ +└──────────────┘ +``` + +--- + +## Directory Structure + +``` +package/secubox/ +├── secubox-core/ # Base utilities +├── secubox-mesh/ # Mesh daemon +├── secubox-p2p/ # P2P protocol +├── secubox-identity/ # DID/trust +├── secubox-ai-gateway/ # AI routing +├── luci-app-*/ # LuCI modules (80+) +├── luci-theme-secubox/ # CRT P31 theme +└── secubox-app-*/ # Service packages +``` + +--- + +## Key Configuration Files + +| File | Purpose | +|------|---------| +| `/etc/config/secubox` | Main SecuBox config | +| `/etc/config/secubox-mesh` | Mesh settings | +| `/etc/config/wireguard_*` | VPN tunnels | +| `/etc/config/crowdsec` | IDS/IPS config | +| `/etc/config/haproxy` | Reverse proxy | + +--- + +See also: +- [Module Implementation Guide](Module-Implementation.md) +- [API Reference](API.md) +- [Development Guidelines](Development.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/Home.md b/docs/wiki/Home.md new file mode 100644 index 00000000..606ce6cc --- /dev/null +++ b/docs/wiki/Home.md @@ -0,0 +1,207 @@ +# SecuBox OpenWrt Wiki + +Welcome to the **SecuBox** documentation wiki. SecuBox is a privacy-focused mesh network appliance built on OpenWrt 24.10. + +--- + +## Quick Start + +| Topic | Description | +|-------|-------------| +| [Installation](Installation.md) | Getting started with SecuBox | +| [Quick Start Guide](Quick-Start.md) | First-time setup and configuration | +| [Architecture](Architecture.md) | System architecture overview | +| [Module Catalog](Modules.md) | Complete list of 80+ modules | + +--- + +## Module Categories + +### Core & Mesh + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [SecuBox Core](modules/Core.md) | Base utilities and shared libraries | ![](../screenshots/router/core.png) | +| [Mesh Network](modules/Mesh.md) | Mesh daemon, topology, gate election | ![](../screenshots/router/mesh.png) | +| [P2P Network](modules/P2P.md) | Decentralized gossip protocol | ![](../screenshots/router/p2p.png) | +| [MirrorNet](modules/MirrorNet.md) | Mesh orchestration and mirroring | ![](../screenshots/router/mirror.png) | +| [Identity](modules/Identity.md) | DID:plc, key rotation, trust scoring | ![](../screenshots/router/identity.png) | + +### Security (15 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [CrowdSec Dashboard](modules/CrowdSec.md) | IDS/IPS with threat intelligence | ![](../screenshots/router/crowdsec.png) | +| [WAF Filters](modules/WAF.md) | mitmproxy Web Application Firewall | ![](../screenshots/router/waf.png) | +| [Threat Analyst](modules/ThreatAnalyst.md) | AI-powered threat correlation | ![](../screenshots/router/threat-analyst.png) | +| [DNS Guard](modules/DNSGuard.md) | DNS anomaly detection | ![](../screenshots/router/dnsguard.png) | +| [Auth Guardian](modules/AuthGuardian.md) | Authentication monitoring | ![](../screenshots/router/auth.png) | +| [Client Guardian](modules/ClientGuardian.md) | Client access control | ![](../screenshots/router/clients.png) | +| [MAC Guardian](modules/MACGuardian.md) | MAC address management | ![](../screenshots/router/mac.png) | +| [IoT Guard](modules/IoTGuard.md) | IoT device security | ![](../screenshots/router/iot.png) | +| [IP Blocklist](modules/IPBlocklist.md) | IP blocking and management | ![](../screenshots/router/ipblocklist.png) | +| [ZKP Verification](modules/ZKP.md) | Zero-knowledge proof | ![](../screenshots/router/zkp.png) | +| [CVE Triage](modules/CVETriage.md) | AI vulnerability analysis | ![](../screenshots/router/cve.png) | +| [Security Threats](modules/SecurityThreats.md) | Threat overview dashboard | ![](../screenshots/router/threats.png) | +| [Cookie Tracker](modules/CookieTracker.md) | Cookie analysis | ![](../screenshots/router/cookies.png) | +| [Avatar Tap](modules/AvatarTap.md) | Session capture and replay | ![](../screenshots/router/avatar-tap.png) | +| [Interceptor](modules/Interceptor.md) | Traffic interception control | ![](../screenshots/router/interceptor.png) | + +### Network (12 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [Network Modes](modules/NetworkModes.md) | Router/AP/Bridge configuration | ![](../screenshots/router/netmodes.png) | +| [Bandwidth Manager](modules/Bandwidth.md) | Traffic monitoring and limits | ![](../screenshots/router/bandwidth.png) | +| [Traffic Shaper](modules/TrafficShaper.md) | QoS and traffic prioritization | ![](../screenshots/router/traffic.png) | +| [HAProxy](modules/HAProxy.md) | Load balancer and reverse proxy | ![](../screenshots/router/haproxy.png) | +| [Virtual Hosts](modules/VHosts.md) | Virtual host management | ![](../screenshots/router/vhost.png) | +| [CDN Cache](modules/CDNCache.md) | Content caching proxy | ![](../screenshots/router/cdn.png) | +| [Network Tweaks](modules/NetworkTweaks.md) | Advanced network settings | ![](../screenshots/router/tweaks.png) | +| [Routes Status](modules/RoutesStatus.md) | Route monitoring | ![](../screenshots/router/routes.png) | +| [SAAS Relay](modules/SAASRelay.md) | SaaS service relay | ![](../screenshots/router/saas.png) | +| [Network Diag](modules/NetDiag.md) | Network diagnostics | ![](../screenshots/router/netdiag.png) | +| [MQTT Bridge](modules/MQTTBridge.md) | MQTT protocol bridge | ![](../screenshots/router/mqtt.png) | +| [KSM Manager](modules/KSMManager.md) | Kernel shared memory | ![](../screenshots/router/ksm.png) | + +### Monitoring (10 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [Metrics Dashboard](modules/Metrics.md) | System metrics overview | ![](../screenshots/router/metrics.png) | +| [Netdata](modules/Netdata.md) | Real-time system monitoring | ![](../screenshots/router/netdata.png) | +| [DPI (netifyd)](modules/DPI.md) | Deep packet inspection | ![](../screenshots/router/dpi.png) | +| [DPI Dual](modules/DPIDual.md) | Dual-stream DPI analysis | ![](../screenshots/router/dpi-dual.png) | +| [Device Intel](modules/DeviceIntel.md) | Device fingerprinting | ![](../screenshots/router/device-intel.png) | +| [Media Flow](modules/MediaFlow.md) | Media traffic analysis | ![](../screenshots/router/mediaflow.png) | +| [Watchdog](modules/Watchdog.md) | Service health monitoring | ![](../screenshots/router/watchdog.png) | +| [Glances](modules/Glances.md) | System overview | ![](../screenshots/router/glances.png) | +| [Network Anomaly](modules/NetworkAnomaly.md) | AI anomaly detection | ![](../screenshots/router/anomaly.png) | +| [nDPId](modules/nDPId.md) | nDPI daemon interface | ![](../screenshots/router/ndpid.png) | + +### VPN & Mesh (6 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [WireGuard Dashboard](modules/WireGuard.md) | VPN tunnel management | ![](../screenshots/router/wireguard.png) | +| [Mesh Network](modules/Mesh.md) | SecuBox mesh daemon | ![](../screenshots/router/mesh.png) | +| [P2P Network](modules/P2P.md) | P2P gossip protocol | ![](../screenshots/router/p2p.png) | +| [MirrorNet](modules/MirrorNet.md) | Service mirroring | ![](../screenshots/router/mirror.png) | +| [Master Link](modules/MasterLink.md) | Node onboarding | ![](../screenshots/router/master-link.png) | +| [OpenClaw](modules/OpenClaw.md) | Claw VPN integration | ![](../screenshots/router/openclaw.png) | + +### DNS (6 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [DNS Master](modules/DNSMaster.md) | DNS server management | ![](../screenshots/router/dns.png) | +| [DNS Guard](modules/DNSGuard.md) | DNS filtering and blocking | ![](../screenshots/router/dnsguard.png) | +| [Vortex DNS](modules/VortexDNS.md) | DNS firewall with threat intel | ![](../screenshots/router/vortex-dns.png) | +| [Meshname DNS](modules/MeshnameDNS.md) | Mesh DNS resolution (.ygg) | ![](../screenshots/router/meshname.png) | +| [DNS Provider](modules/DNSProvider.md) | External DNS API (OVH, Gandi) | ![](../screenshots/router/dns-provider.png) | +| [AdGuard Home](modules/AdGuard.md) | Ad blocking DNS | ![](../screenshots/router/adguard.png) | + +### Privacy (4 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [Tor Shield](modules/TorShield.md) | Tor network integration | ![](../screenshots/router/tor.png) | +| [Exposure](modules/Exposure.md) | Service exposure (Tor/DNS/Mesh) | ![](../screenshots/router/exposure.png) | +| [ZKP](modules/ZKP.md) | Zero-knowledge proof verification | ![](../screenshots/router/zkp.png) | +| [Interceptor](modules/Interceptor.md) | Traffic interception control | ![](../screenshots/router/interceptor.png) | + +### Publishing (8 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [Metablogizer](modules/Metablogizer.md) | Static site generator | ![](../screenshots/router/metablogizer.png) | +| [Droplet](modules/Droplet.md) | Quick web publishing | ![](../screenshots/router/droplet.png) | +| [Streamlit Forge](modules/StreamlitForge.md) | Streamlit app builder | ![](../screenshots/router/streamforge.png) | +| [Streamlit](modules/Streamlit.md) | Streamlit dashboard | ![](../screenshots/router/streamlit.png) | +| [Metacatalog](modules/Metacatalog.md) | Content catalog | ![](../screenshots/router/metacatalog.png) | +| [HexoJS](modules/HexoJS.md) | Hexo blog manager | ![](../screenshots/router/hexo.png) | +| [Metabolizer](modules/Metabolizer.md) | Content processor | ![](../screenshots/router/metabolizer.png) | +| [Repo](modules/Repo.md) | Package repository | ![](../screenshots/router/repo.png) | + +### Apps & Services (20 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [Jellyfin](modules/Jellyfin.md) | Media server | ![](../screenshots/router/jellyfin.png) | +| [Lyrion](modules/Lyrion.md) | Music server | ![](../screenshots/router/lyrion.png) | +| [Gitea](modules/Gitea.md) | Git server | ![](../screenshots/router/gitea.png) | +| [Nextcloud](modules/Nextcloud.md) | Cloud storage | ![](../screenshots/router/nextcloud.png) | +| [PeerTube](modules/PeerTube.md) | Video platform | ![](../screenshots/router/peertube.png) | +| [PhotoPrism](modules/PhotoPrism.md) | Photo gallery | ![](../screenshots/router/photoprism.png) | +| [GoToSocial](modules/GoToSocial.md) | ActivityPub social | ![](../screenshots/router/gotosocial.png) | +| [Jitsi](modules/Jitsi.md) | Video conferencing | ![](../screenshots/router/jitsi.png) | +| [Matrix](modules/Matrix.md) | Matrix chat server | ![](../screenshots/router/matrix.png) | +| [Jabber](modules/Jabber.md) | XMPP server | ![](../screenshots/router/jabber.png) | +| [SimpleX](modules/SimpleX.md) | Private messaging | ![](../screenshots/router/simplex.png) | +| [VoIP](modules/VoIP.md) | Asterisk PBX | ![](../screenshots/router/voip.png) | +| [TURN](modules/TURN.md) | TURN/STUN server | ![](../screenshots/router/turn.png) | +| [Domoticz](modules/Domoticz.md) | Home automation | ![](../screenshots/router/domoticz.png) | +| [Zigbee2MQTT](modules/Zigbee.md) | Zigbee bridge | ![](../screenshots/router/zigbee.png) | +| [MagicMirror2](modules/MagicMirror.md) | Smart mirror | ![](../screenshots/router/magicmirror.png) | +| [Mailserver](modules/Mailserver.md) | Email server | ![](../screenshots/router/mailserver.png) | +| [Torrent](modules/Torrent.md) | BitTorrent client | ![](../screenshots/router/torrent.png) | +| [Webradio](modules/Webradio.md) | Internet radio | ![](../screenshots/router/webradio.png) | +| [PicoBrew](modules/PicoBrew.md) | Brewing controller | ![](../screenshots/router/picobrew.png) | + +### System (12 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [SecuBox Settings](modules/SecuBox.md) | Main configuration | ![](../screenshots/router/settings.png) | +| [SecuBox Admin](modules/Admin.md) | Admin dashboard | ![](../screenshots/router/admin.png) | +| [System Hub](modules/SystemHub.md) | System overview | ![](../screenshots/router/hub.png) | +| [SecuBox Portal](modules/Portal.md) | User portal | ![](../screenshots/router/portal.png) | +| [Config Vault](modules/ConfigVault.md) | Git-based config backup | ![](../screenshots/router/config-vault.png) | +| [Config Advisor](modules/ConfigAdvisor.md) | ANSSI compliance | ![](../screenshots/router/config-advisor.png) | +| [SMTP Relay](modules/SMTPRelay.md) | Email relay settings | ![](../screenshots/router/smtp.png) | +| [Reporter](modules/Reporter.md) | Report generator | ![](../screenshots/router/reporter.png) | +| [RTTY Remote](modules/RTTY.md) | Remote terminal access | ![](../screenshots/router/rtty.png) | +| [Backup](modules/Backup.md) | System backup | ![](../screenshots/router/backup.png) | +| [Cloner](modules/Cloner.md) | Device cloning | ![](../screenshots/router/cloner.png) | +| [Users](modules/Users.md) | User management | ![](../screenshots/router/users.png) | + +### AI Features (8 modules) + +| Module | Description | Screenshot | +|--------|-------------|------------| +| [AI Gateway](modules/AIGateway.md) | AI provider routing | ![](../screenshots/router/ai-gateway.png) | +| [AI Insights](modules/AIInsights.md) | AI-powered insights | ![](../screenshots/router/ai-insights.png) | +| [LocalAI](modules/LocalAI.md) | Local LLM inference | ![](../screenshots/router/localai.png) | +| [Ollama](modules/Ollama.md) | Ollama LLM server | ![](../screenshots/router/ollama.png) | +| [LocalRecall](modules/LocalRecall.md) | AI memory system | ![](../screenshots/router/localrecall.png) | +| [Threat Analyst](modules/ThreatAnalyst.md) | AI threat analysis | ![](../screenshots/router/threat-analyst.png) | +| [CVE Triage](modules/CVETriage.md) | AI vulnerability triage | ![](../screenshots/router/cve.png) | +| [Network Anomaly](modules/NetworkAnomaly.md) | AI anomaly detection | ![](../screenshots/router/anomaly.png) | + +--- + +## Development + +| Document | Description | +|----------|-------------| +| [Development Guidelines](Development.md) | Coding standards and practices | +| [Module Implementation](Module-Implementation.md) | How to create new modules | +| [LuCI Reference](LuCI-Reference.md) | LuCI JavaScript development | +| [API Reference](API.md) | RPCD/ubus API documentation | + +--- + +## Theme: CRT P31 Phosphor Green + +SecuBox uses a retro CRT terminal aesthetic: + +- **Primary**: `#33ff66` (phosphor peak) +- **Background**: `#050803` (tube black) +- **Font**: Monospace (Courier Prime) +- **Effects**: Scanlines, phosphor glow + +See [UI Guide](UI-Guide.md) for full theme documentation. + +--- + +*SecuBox v1.0.0 | CyberMind 2026* diff --git a/docs/wiki/Installation.md b/docs/wiki/Installation.md new file mode 100644 index 00000000..f044446d --- /dev/null +++ b/docs/wiki/Installation.md @@ -0,0 +1,172 @@ +# SecuBox Installation Guide + +This guide covers installing SecuBox on OpenWrt 24.10. + +--- + +## Requirements + +### Hardware + +| Requirement | Minimum | Recommended | +|-------------|---------|-------------| +| CPU | ARMv8 / x86_64 | Cortex-A72 or better | +| RAM | 512 MB | 2 GB+ | +| Storage | 256 MB | 1 GB+ | +| Network | 1 Ethernet | 2+ Ethernet / WiFi | + +### Supported Devices + +- **MochaBin** (ARM64) - Primary reference platform +- **x86_64 VM** - VMware, VirtualBox, Proxmox, QEMU +- **Raspberry Pi 4** - With USB Ethernet adapter +- **Generic x86** - Any x86_64 with OpenWrt support + +--- + +## Installation Methods + +### Method 1: Pre-built Image (Recommended) + +Download the pre-built SecuBox firmware image: + +```bash +# For MochaBin ARM64 +wget https://github.com/gkerma/secubox-openwrt/releases/latest/download/secubox-mochabin.img.gz +gunzip secubox-mochabin.img.gz +dd if=secubox-mochabin.img of=/dev/sdX bs=4M status=progress + +# For x86_64 VM +wget https://github.com/gkerma/secubox-openwrt/releases/latest/download/secubox-x86-64.vmdk +``` + +### Method 2: Package Installation + +Install SecuBox packages on existing OpenWrt: + +```bash +# Add SecuBox feed +echo "src/gz secubox https://packages.secubox.in/releases/24.10" >> /etc/opkg/customfeeds.conf + +# Update and install +opkg update +opkg install secubox-core secubox-mesh luci-theme-secubox + +# Install all LuCI modules +opkg install luci-app-secubox-admin luci-app-crowdsec-dashboard \ + luci-app-wireguard-dashboard luci-app-haproxy +``` + +### Method 3: Build from Source + +Build SecuBox using the OpenWrt SDK: + +```bash +# Clone repository +git clone https://github.com/gkerma/secubox-openwrt.git +cd secubox-openwrt + +# Sync local feed +for pkg in package/secubox/*/; do + name=$(basename "$pkg") + rsync -av --delete "$pkg" "secubox-tools/local-feed/$name/" +done + +# Build packages +./secubox-tools/local-build.sh build luci-app-secubox +./secubox-tools/local-build.sh build secubox-core +``` + +--- + +## Post-Installation + +### 1. Access LuCI + +Open your browser and navigate to: + +``` +https://192.168.1.1 +``` + +Default credentials: +- **Username**: `root` +- **Password**: `c3box` + +### 2. Initial Configuration + +1. Change the root password +2. Configure network interfaces +3. Set timezone and hostname +4. Enable SecuBox theme + +### 3. Enable Services + +```bash +# Start mesh daemon +/etc/init.d/secuboxd enable +/etc/init.d/secuboxd start + +# Start CrowdSec +/etc/init.d/crowdsec enable +/etc/init.d/crowdsec start +``` + +--- + +## Upgrading + +### Via sysupgrade + +```bash +# Download latest firmware +wget https://github.com/gkerma/secubox-openwrt/releases/latest/download/secubox-sysupgrade.bin + +# Upgrade (keep settings) +sysupgrade -v secubox-sysupgrade.bin +``` + +### Via opkg + +```bash +opkg update +opkg upgrade secubox-core secubox-mesh luci-theme-secubox +``` + +--- + +## Troubleshooting + +### Package conflicts + +```bash +# Force reinstall +opkg install --force-reinstall secubox-core +``` + +### LuCI not loading + +```bash +# Clear LuCI cache +rm -rf /tmp/luci-* +/etc/init.d/uhttpd restart +``` + +### Theme not applying + +```bash +# Set theme via UCI +uci set luci.main.mediaurlbase=/luci-static/secubox +uci commit luci +``` + +--- + +See also: +- [Quick Start Guide](Quick-Start.md) +- [Architecture Overview](Architecture.md) +- [Module Catalog](Modules.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/Modules.md b/docs/wiki/Modules.md new file mode 100644 index 00000000..5cd03d5f --- /dev/null +++ b/docs/wiki/Modules.md @@ -0,0 +1,227 @@ +# SecuBox Module Catalog + +Complete catalog of SecuBox packages for OpenWrt 24.10. + +**Total Modules: 80+ LuCI apps | 40+ Backend packages** + +--- + +## Core Packages + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `secubox-core` | 1.0.0 | Core utilities, scripts, shared libraries | - | +| `secubox-mesh` | 1.0.0 | Mesh daemon with topology and gate election | ![](../screenshots/router/mesh.png) | +| `secubox-identity` | 0.1.0 | DID:plc generation, key rotation, trust | - | +| `secubox-mirrornet` | 0.1.0 | Mesh orchestration, gossip protocol | ![](../screenshots/router/mirror.png) | +| `secubox-p2p` | 0.6.0 | P2P decentralized network with blockchain | ![](../screenshots/router/p2p.png) | +| `secubox-p2p-intel` | 0.1.0 | IoC signed gossip, threat intel sharing | - | + +--- + +## Security Packages (15) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-crowdsec-dashboard` | 0.8.0 | CrowdSec IDS/IPS dashboard | ![](../screenshots/router/crowdsec.png) | +| `luci-app-mitmproxy` | 0.5.0 | WAF/TLS inspection proxy | ![](../screenshots/router/waf.png) | +| `luci-app-secubox-security-threats` | 1.0.0 | Security threat overview | ![](../screenshots/router/threats.png) | +| `secubox-threat-analyst` | 1.0.0 | AI-powered threat correlation | ![](../screenshots/router/threat-analyst.png) | +| `secubox-dns-guard` | 1.0.0 | DNS anomaly detection | ![](../screenshots/router/dnsguard.png) | +| `secubox-vortex-firewall` | 1.0.0 | Threat intel firewall | ![](../screenshots/router/vortex.png) | +| `luci-app-auth-guardian` | 0.4.0 | Authentication monitoring | ![](../screenshots/router/auth.png) | +| `luci-app-client-guardian` | 0.4.0 | Client access control | ![](../screenshots/router/clients.png) | +| `luci-app-mac-guardian` | 0.5.0 | MAC address management | ![](../screenshots/router/mac.png) | +| `luci-app-iot-guard` | 1.0.0 | IoT device security | ![](../screenshots/router/iot.png) | +| `luci-app-ipblocklist` | 1.0.0 | IP blocking management | ![](../screenshots/router/ipblocklist.png) | +| `luci-app-zkp` | 1.0.0 | Zero-knowledge proof verification | ![](../screenshots/router/zkp.png) | +| `luci-app-cookie-tracker` | 1.0.0 | Cookie analysis and tracking | ![](../screenshots/router/cookies.png) | +| `luci-app-avatar-tap` | 1.0.0 | Session capture and replay | ![](../screenshots/router/avatar-tap.png) | +| `luci-app-interceptor` | 1.0.0 | Traffic interception control | ![](../screenshots/router/interceptor.png) | + +--- + +## Network Packages (12) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-network-modes` | 0.5.0 | Network mode configuration | ![](../screenshots/router/netmodes.png) | +| `luci-app-bandwidth-manager` | 0.5.0 | Bandwidth monitoring and limits | ![](../screenshots/router/bandwidth.png) | +| `luci-app-traffic-shaper` | 0.4.0 | QoS traffic shaping | ![](../screenshots/router/traffic.png) | +| `luci-app-haproxy` | 1.0.0 | HAProxy load balancer | ![](../screenshots/router/haproxy.png) | +| `luci-app-vhost-manager` | 0.5.0 | Virtual host management | ![](../screenshots/router/vhost.png) | +| `luci-app-cdn-cache` | 0.5.0 | CDN caching proxy | ![](../screenshots/router/cdn.png) | +| `luci-app-network-tweaks` | 1.0.0 | Advanced network settings | ![](../screenshots/router/tweaks.png) | +| `luci-app-routes-status` | 1.0.0 | Route status monitoring | ![](../screenshots/router/routes.png) | +| `luci-app-saas-relay` | 1.0.0 | SaaS service relay | ![](../screenshots/router/saas.png) | +| `luci-app-secubox-netdiag` | 1.0.0 | Network diagnostics | ![](../screenshots/router/netdiag.png) | +| `luci-app-mqtt-bridge` | 0.4.0 | MQTT protocol bridge | ![](../screenshots/router/mqtt.png) | +| `luci-app-ksm-manager` | 0.4.0 | Kernel shared memory | ![](../screenshots/router/ksm.png) | + +--- + +## Monitoring Packages (10) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-metrics-dashboard` | 1.0.0 | System metrics dashboard | ![](../screenshots/router/metrics.png) | +| `luci-app-netdata-dashboard` | 0.5.0 | Netdata system monitoring | ![](../screenshots/router/netdata.png) | +| `luci-app-secubox-netifyd` | 1.2.1 | Deep packet inspection | ![](../screenshots/router/dpi.png) | +| `luci-app-dpi-dual` | 1.0.0 | Dual-stream DPI analysis | ![](../screenshots/router/dpi-dual.png) | +| `luci-app-device-intel` | 1.0.0 | Device fingerprinting | ![](../screenshots/router/device-intel.png) | +| `luci-app-media-flow` | 0.6.4 | Media traffic analysis | ![](../screenshots/router/mediaflow.png) | +| `luci-app-watchdog` | 1.0.0 | Service health monitoring | ![](../screenshots/router/watchdog.png) | +| `luci-app-glances` | 1.0.0 | System overview (Glances) | ![](../screenshots/router/glances.png) | +| `secubox-network-anomaly` | 1.0.0 | AI network anomaly detection | ![](../screenshots/router/anomaly.png) | +| `luci-app-ndpid` | 1.1.2 | nDPI daemon interface | ![](../screenshots/router/ndpid.png) | + +--- + +## VPN & Mesh Packages (7) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-wireguard-dashboard` | 0.7.0 | WireGuard VPN management | ![](../screenshots/router/wireguard.png) | +| `luci-app-secubox-mesh` | 1.0.0 | Mesh network dashboard | ![](../screenshots/router/mesh.png) | +| `luci-app-secubox-p2p` | 0.1.0 | P2P network interface | ![](../screenshots/router/p2p.png) | +| `luci-app-secubox-mirror` | 0.1.0 | MirrorNet dashboard | ![](../screenshots/router/mirror.png) | +| `luci-app-master-link` | 1.0.0 | Node onboarding and linking | ![](../screenshots/router/master-link.png) | +| `luci-app-openclaw` | 1.0.0 | OpenClaw VPN integration | ![](../screenshots/router/openclaw.png) | +| `luci-app-turn` | 1.0.0 | TURN/STUN server | ![](../screenshots/router/turn.png) | + +--- + +## DNS Packages (6) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-dns-master` | 1.0.0 | DNS server management | ![](../screenshots/router/dns.png) | +| `luci-app-dnsguard` | 1.1.0 | DNS filtering and blocking | ![](../screenshots/router/dnsguard.png) | +| `luci-app-vortex-dns` | 1.0.0 | Vortex DNS firewall | ![](../screenshots/router/vortex-dns.png) | +| `luci-app-meshname-dns` | 1.0.0 | Mesh DNS resolution | ![](../screenshots/router/meshname.png) | +| `luci-app-dns-provider` | 1.0.0 | External DNS provider API | ![](../screenshots/router/dns-provider.png) | +| `secubox-app-adguardhome` | 1.0.0 | AdGuard Home ad blocking | ![](../screenshots/router/adguard.png) | + +--- + +## Privacy Packages (4) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-tor-shield` | 1.0.0 | Tor network integration | ![](../screenshots/router/tor.png) | +| `luci-app-tor` | 1.0.0 | Tor hidden services | ![](../screenshots/router/tor-services.png) | +| `luci-app-exposure` | 1.0.0 | Service exposure management | ![](../screenshots/router/exposure.png) | +| `luci-app-interceptor` | 1.0.0 | Traffic interception control | ![](../screenshots/router/interceptor.png) | + +--- + +## Publishing Packages (8) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-metablogizer` | 1.1.0 | Static site generator | ![](../screenshots/router/metablogizer.png) | +| `luci-app-droplet` | 1.0.0 | Quick web publishing | ![](../screenshots/router/droplet.png) | +| `luci-app-streamlit-forge` | 1.0.0 | Streamlit app builder | ![](../screenshots/router/streamforge.png) | +| `luci-app-streamlit` | 1.0.0 | Streamlit dashboard | ![](../screenshots/router/streamlit.png) | +| `luci-app-metacatalog` | 1.0.0 | Content catalog | ![](../screenshots/router/metacatalog.png) | +| `luci-app-hexojs` | 1.0.0 | Hexo blog manager | ![](../screenshots/router/hexo.png) | +| `luci-app-metabolizer` | 1.0.0 | Content processor | ![](../screenshots/router/metabolizer.png) | +| `luci-app-repo` | 1.0.0 | Package repository | ![](../screenshots/router/repo.png) | + +--- + +## App Packages (20) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-jellyfin` | 1.0.0 | Jellyfin media server | ![](../screenshots/router/jellyfin.png) | +| `luci-app-lyrion` | 1.0.0 | Lyrion music server | ![](../screenshots/router/lyrion.png) | +| `luci-app-gitea` | 1.0.0 | Gitea git server | ![](../screenshots/router/gitea.png) | +| `luci-app-nextcloud` | 1.0.0 | Nextcloud cloud storage | ![](../screenshots/router/nextcloud.png) | +| `luci-app-peertube` | 1.1.0 | PeerTube video platform | ![](../screenshots/router/peertube.png) | +| `luci-app-photoprism` | 0.1.0 | PhotoPrism photo gallery | ![](../screenshots/router/photoprism.png) | +| `luci-app-gotosocial` | 0.1.0 | GoToSocial ActivityPub | ![](../screenshots/router/gotosocial.png) | +| `luci-app-jitsi` | 1.0.0 | Jitsi video conferencing | ![](../screenshots/router/jitsi.png) | +| `luci-app-matrix` | 1.0.0 | Matrix chat server | ![](../screenshots/router/matrix.png) | +| `luci-app-jabber` | 1.0.0 | Jabber XMPP server | ![](../screenshots/router/jabber.png) | +| `luci-app-simplex` | 1.0.0 | SimpleX private messaging | ![](../screenshots/router/simplex.png) | +| `luci-app-voip` | 1.0.0 | Asterisk VoIP PBX | ![](../screenshots/router/voip.png) | +| `luci-app-domoticz` | 1.0.0 | Home automation | ![](../screenshots/router/domoticz.png) | +| `luci-app-zigbee2mqtt` | 1.0.0 | Zigbee to MQTT bridge | ![](../screenshots/router/zigbee.png) | +| `luci-app-magicmirror2` | 0.4.0 | Smart mirror | ![](../screenshots/router/magicmirror.png) | +| `luci-app-mailserver` | 1.0.0 | Email server | ![](../screenshots/router/mailserver.png) | +| `luci-app-torrent` | 1.0.0 | BitTorrent client | ![](../screenshots/router/torrent.png) | +| `luci-app-webradio` | 1.0.0 | Internet radio | ![](../screenshots/router/webradio.png) | +| `luci-app-picobrew` | 1.0.0 | Brewing controller | ![](../screenshots/router/picobrew.png) | +| `luci-app-newsbin` | 1.0.0 | Usenet client | ![](../screenshots/router/newsbin.png) | + +--- + +## System Packages (14) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-secubox` | 0.7.1 | Main SecuBox settings | ![](../screenshots/router/settings.png) | +| `luci-app-secubox-admin` | 1.0.0 | Admin control center | ![](../screenshots/router/admin.png) | +| `luci-app-system-hub` | 0.5.2 | System overview hub | ![](../screenshots/router/hub.png) | +| `luci-app-secubox-portal` | 0.7.0 | User portal | ![](../screenshots/router/portal.png) | +| `luci-app-config-vault` | 1.0.0 | Git-based config backup | ![](../screenshots/router/config-vault.png) | +| `luci-app-config-advisor` | 1.0.0 | ANSSI compliance advisor | ![](../screenshots/router/config-advisor.png) | +| `luci-app-smtp-relay` | 1.0.0 | SMTP relay settings | ![](../screenshots/router/smtp.png) | +| `luci-app-reporter` | 1.0.0 | Report generator | ![](../screenshots/router/reporter.png) | +| `luci-app-rtty-remote` | 0.1.0 | Remote terminal access | ![](../screenshots/router/rtty.png) | +| `luci-app-backup` | 1.0.0 | System backup | ![](../screenshots/router/backup.png) | +| `luci-app-cloner` | 1.0.0 | Device cloning | ![](../screenshots/router/cloner.png) | +| `luci-app-secubox-users` | 1.0.0 | User management | ![](../screenshots/router/users.png) | +| `luci-app-cyberfeed` | 0.1.1 | Threat feed manager | ![](../screenshots/router/cyberfeed.png) | +| `luci-app-rezapp` | 1.0.0 | Docker to LXC converter | ![](../screenshots/router/rezapp.png) | + +--- + +## AI Packages (8) + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-app-ai-gateway` | 1.0.0 | AI provider routing | ![](../screenshots/router/ai-gateway.png) | +| `luci-app-ai-insights` | 1.0.0 | AI-powered insights | ![](../screenshots/router/ai-insights.png) | +| `luci-app-localai` | 0.1.0 | LocalAI integration | ![](../screenshots/router/localai.png) | +| `luci-app-ollama` | 0.1.0 | Ollama LLM server | ![](../screenshots/router/ollama.png) | +| `luci-app-localrecall` | 1.0.0 | AI memory system | ![](../screenshots/router/localrecall.png) | +| `luci-app-threat-analyst` | 1.0.0 | AI threat analysis | ![](../screenshots/router/threat-analyst.png) | +| `luci-app-cve-triage` | 1.0.0 | AI CVE triage | ![](../screenshots/router/cve.png) | +| `luci-app-network-anomaly` | 1.0.0 | AI anomaly detection | ![](../screenshots/router/anomaly.png) | + +--- + +## Theme Package + +| Package | Version | Description | Screenshot | +|---------|---------|-------------|------------| +| `luci-theme-secubox` | 1.0.0 | CRT P31 phosphor green theme | ![](../screenshots/router/theme.png) | + +--- + +## Installation + +### Via opkg + +```bash +opkg update +opkg install luci-app-secubox-mesh +``` + +### Via SecuBox App Store + +Navigate to **SecuBox > Apps** in LuCI and install from catalog. + +### Via local feed + +```bash +echo "src/gz secubox file:///www/secubox-feed" >> /etc/opkg/customfeeds.conf +opkg update +opkg install +``` + +--- + +*Total packages: 80+ LuCI | Last updated: 2026-03-26* diff --git a/docs/wiki/Quick-Start.md b/docs/wiki/Quick-Start.md new file mode 100644 index 00000000..f1743670 --- /dev/null +++ b/docs/wiki/Quick-Start.md @@ -0,0 +1,172 @@ +# SecuBox Quick Start Guide + +Get SecuBox up and running in 10 minutes. + +--- + +## Step 1: First Login + +1. Connect to your SecuBox router via Ethernet +2. Open browser: `https://192.168.1.1` (or `192.168.255.1`) +3. Login with: `root` / `c3box` + +![Login Screen](../screenshots/router/login.png) + +--- + +## Step 2: Change Password + +Navigate to **System > Administration** and change the root password. + +--- + +## Step 3: Network Setup + +### Configure WAN + +Go to **Network > Interfaces > WAN**: +- Protocol: DHCP Client (or PPPoE/Static) +- Physical interface: eth1 + +### Configure LAN + +Go to **Network > Interfaces > LAN**: +- IPv4 address: `192.168.255.1` +- Netmask: `255.255.255.0` +- DHCP: Enabled + +--- + +## Step 4: Enable Security + +### CrowdSec IDS/IPS + +Navigate to **SecuBox > Security > CrowdSec Dashboard**: + +1. Enable CrowdSec +2. Install default scenarios +3. Configure bouncer + +![CrowdSec](../screenshots/router/crowdsec.png) + +### WAF (Web Application Firewall) + +Navigate to **SecuBox > Security > WAF Filters**: + +1. Enable mitmproxy WAF +2. Configure filter rules +3. Set default action: Block + +--- + +## Step 5: Mesh Network + +### Enable Mesh Daemon + +Navigate to **SecuBox > Mesh > Network**: + +1. Enable mesh daemon +2. Set node name +3. Configure WireGuard peers + +![Mesh](../screenshots/router/mesh.png) + +### Add Peers + +Use the QR code scanner or manual configuration: + +```bash +# Generate peer config +secuboxctl peer add mynode 10.10.10.2 +``` + +--- + +## Step 6: Service Exposure + +### Tor Hidden Services + +Navigate to **SecuBox > Privacy > Tor Shield**: + +1. Enable Tor +2. Add hidden service +3. Note your .onion address + +### DNS/SSL Exposure + +Navigate to **SecuBox > Privacy > Exposure**: + +1. Configure DNS provider (OVH, Gandi, Cloudflare) +2. Add domain +3. Request SSL certificate + +--- + +## Step 7: Install Apps + +Navigate to **SecuBox > Apps**: + +Browse and install from the catalog: +- **Jellyfin** - Media server +- **Nextcloud** - Cloud storage +- **Gitea** - Git server +- **LocalAI** - Local LLM + +--- + +## Common Tasks + +### View Metrics + +**SecuBox > Dashboard > Metrics** + +![Metrics](../screenshots/router/metrics.png) + +### Monitor Traffic + +**SecuBox > Monitoring > Bandwidth Manager** + +### Check Security + +**SecuBox > Security > Security Threats** + +### Manage VPN + +**SecuBox > VPN > WireGuard Dashboard** + +--- + +## CLI Quick Reference + +```bash +# System status +secubox status + +# Mesh network +secuboxctl status +secuboxctl peers + +# WireGuard +wgctl status +wgctl peers + +# HAProxy +haproxyctl vhost list +haproxyctl status + +# CrowdSec +cscli decisions list +cscli alerts list +``` + +--- + +## Next Steps + +- [Module Catalog](Modules.md) - Explore all 80+ modules +- [Architecture](Architecture.md) - Understand the system +- [Development](Development.md) - Extend SecuBox + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/AI.md b/docs/wiki/modules/AI.md new file mode 100644 index 00000000..cb207365 --- /dev/null +++ b/docs/wiki/modules/AI.md @@ -0,0 +1,338 @@ +# AI Modules + +SecuBox integrates AI capabilities through 8 specialized modules with data sovereignty controls. + +--- + +## Overview + +| Layer | Components | +|-------|------------| +| **Gateway** | AI Gateway (routing, classification) | +| **Inference** | LocalAI, Ollama (local LLMs) | +| **Analysis** | Threat Analyst, CVE Triage, Network Anomaly | +| **Memory** | LocalRecall (persistent AI memory) | +| **Insights** | AI Insights dashboard | + +--- + +## AI Gateway + +**Package**: `secubox-ai-gateway` + `luci-app-ai-gateway` + +Data sovereignty engine with intelligent provider routing. + +![AI Gateway](../../screenshots/router/ai-gateway.png) + +### Data Classification + +| Tier | Description | Destination | +|------|-------------|-------------| +| **LOCAL_ONLY** | Raw network data, IPs, MACs, logs | Never leaves device | +| **SANITIZED** | Anonymized patterns, scrubbed IPs | Mistral EU (opt-in) | +| **CLOUD_DIRECT** | Generic queries, no sensitive data | Claude/GPT (opt-in) | + +### Provider Hierarchy + +1. **LocalAI** (local inference, always available) +2. **Mistral** (EU sovereign, GDPR compliant) +3. **Claude** (Anthropic) +4. **OpenAI GPT** +5. **Google Gemini** +6. **xAI Grok** + +### CLI + +```bash +aigatewayctl status # Gateway status +aigatewayctl classify "text" # Classify data tier +aigatewayctl sanitize "text" # Sanitize sensitive data +aigatewayctl provider list # List providers +aigatewayctl audit # View audit log +aigatewayctl login claude # Configure provider +``` + +### RPCD Methods + +| Method | Description | +|--------|-------------| +| `status` | Gateway status | +| `classify` | Classify data tier | +| `sanitize` | Sanitize text | +| `providers` | List providers | +| `audit` | Get audit log | +| `login` | Configure provider | + +--- + +## LocalAI + +**Package**: `secubox-app-localai` + `luci-app-localai` + +Local LLM inference server (LocalAI 3.9+). + +![LocalAI](../../screenshots/router/localai.png) + +### Features + +- OpenAI-compatible API +- Multiple model support +- GPU acceleration (optional) +- Embeddings generation +- Voice transcription + +### Supported Models + +| Model | Size | Use Case | +|-------|------|----------| +| TinyLlama | 1.1B | Fast chat, simple queries | +| Mistral 7B | 7B | General purpose | +| CodeLlama | 7B | Code generation | +| Whisper | - | Audio transcription | + +### CLI + +```bash +localaictl status # Service status +localaictl models # List models +localaictl download # Download model +localaictl chat "Hello" # Quick chat +``` + +### API + +```bash +# OpenAI-compatible endpoint +curl http://localhost:4050/v1/chat/completions \ + -H "Content-Type: application/json" \ + -d '{"model":"tinyllama","messages":[{"role":"user","content":"Hello"}]}' +``` + +--- + +## Ollama + +**Package**: `secubox-app-ollama` + `luci-app-ollama` + +Ollama LLM server for easy model management. + +![Ollama](../../screenshots/router/ollama.png) + +### Features + +- Simple model management +- Streaming responses +- Custom modelfiles +- GPU support + +### CLI + +```bash +ollama list # List models +ollama pull llama2 # Download model +ollama run llama2 "Hello" # Chat +``` + +--- + +## Threat Analyst + +**Package**: `secubox-threat-analyst` + `luci-app-threat-analyst` + +AI-powered threat correlation and analysis. + +![Threat Analyst](../../screenshots/router/threat-analyst.png) + +### Features + +- Multi-source correlation +- AI threat scoring +- Attack pattern detection +- Automated response +- Incident timeline + +### Data Sources + +| Source | Type | +|--------|------| +| CrowdSec | IDS alerts, decisions | +| WAF | HTTP blocks, patterns | +| DPI | Network flows | +| DNS | Query logs | +| Auth | Login attempts | + +### CLI + +```bash +threat-analystctl status # Status +threat-analystctl analyze # Run analysis +threat-analystctl report # Generate report +``` + +--- + +## CVE Triage + +**Package**: `secubox-cve-triage` + `luci-app-cve-triage` + +AI-powered vulnerability prioritization. + +![CVE Triage](../../screenshots/router/cve.png) + +### Features + +- CVE database integration +- Risk scoring +- Patch recommendations +- Affected package detection +- Priority ranking + +### Scoring Factors + +| Factor | Weight | +|--------|--------| +| CVSS Score | 40% | +| Exploitability | 25% | +| Affected Systems | 20% | +| Mitigation Available | 15% | + +--- + +## Network Anomaly + +**Package**: `secubox-network-anomaly` + `luci-app-network-anomaly` + +AI network traffic anomaly detection. + +![Network Anomaly](../../screenshots/router/anomaly.png) + +### Features + +- Baseline learning +- Deviation detection +- Pattern recognition +- Alert generation +- Automated response + +### Detection Types + +| Type | Description | +|------|-------------| +| Volume | Unusual traffic volume | +| Pattern | Abnormal traffic patterns | +| Protocol | Protocol anomalies | +| Timing | Unusual timing patterns | + +--- + +## LocalRecall + +**Package**: `secubox-localrecall` + `luci-app-localrecall` + +Persistent AI memory system. + +![LocalRecall](../../screenshots/router/localrecall.png) + +### Features + +- Context persistence +- Vector storage +- Semantic search +- Memory management +- Privacy controls + +### Use Cases + +- Conversation history +- Knowledge base +- Configuration memory +- Incident memory + +--- + +## AI Insights + +**Package**: `luci-app-ai-insights` + +AI-powered system insights dashboard. + +![AI Insights](../../screenshots/router/ai-insights.png) + +### Features + +- System health analysis +- Security recommendations +- Performance insights +- Trend analysis +- Predictive alerts + +### Insight Types + +| Type | Description | +|------|-------------| +| Security | Threat patterns, vulnerabilities | +| Performance | Resource optimization | +| Network | Traffic patterns | +| Config | Configuration improvements | + +--- + +## Configuration + +### Enable AI Features + +```bash +# Enable AI Gateway +uci set ai-gateway.main.enabled='1' +uci set ai-gateway.main.local_only='1' # Disable cloud providers +uci commit ai-gateway + +# Configure LocalAI +uci set localai.main.enabled='1' +uci set localai.main.model='tinyllama' +uci commit localai + +# Start services +/etc/init.d/ai-gateway start +/etc/init.d/localai start +``` + +### Provider Configuration + +```bash +# Configure cloud providers (optional) +aigatewayctl login mistral # Mistral EU +aigatewayctl login claude # Anthropic Claude +aigatewayctl login openai # OpenAI +``` + +--- + +## Privacy & Sovereignty + +### Data Never Leaves Device + +When `local_only='1'`: +- All inference runs locally +- No cloud API calls +- Full data sovereignty +- GDPR compliant + +### ANSSI CSPN Compliance + +AI Gateway supports ANSSI certification requirements: +- Data classification audit trail +- Encryption in transit/at rest +- Access control logging +- Provider verification + +--- + +See also: +- [Security Modules](Security.md) +- [Architecture](../Architecture.md) +- [API Reference](../API.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/Apps.md b/docs/wiki/modules/Apps.md new file mode 100644 index 00000000..e801dace --- /dev/null +++ b/docs/wiki/modules/Apps.md @@ -0,0 +1,411 @@ +# Application Modules + +SecuBox provides 20+ self-hosted application modules. + +--- + +## Overview + +| Category | Applications | +|----------|--------------| +| **Media** | Jellyfin, Lyrion, PhotoPrism, PeerTube, Webradio | +| **Collaboration** | Nextcloud, Gitea, Jitsi | +| **Communication** | Matrix, Jabber, SimpleX, VoIP | +| **Social** | GoToSocial, PeerTube | +| **IoT** | Domoticz, Zigbee2MQTT, MagicMirror | +| **Utilities** | Torrent, Newsbin, PicoBrew | + +--- + +## Media Server + +### Jellyfin + +**Package**: `secubox-app-jellyfin` + `luci-app-jellyfin` + +Media streaming server. + +![Jellyfin](../../screenshots/router/jellyfin.png) + +#### Features + +- Video streaming (transcoding) +- Music library +- Photo gallery +- Live TV/DVR +- Mobile apps + +#### CLI + +```bash +jellyfinctl status # Status +jellyfinctl start # Start server +jellyfinctl library scan # Scan library +``` + +--- + +### Lyrion + +**Package**: `secubox-app-lyrion` + `luci-app-lyrion` + +Music server (Lyrion Music Server 9.x). + +![Lyrion](../../screenshots/router/lyrion.png) + +#### Features + +- Multi-room audio +- Squeezebox compatible +- Plugin ecosystem +- Radio streaming +- Material skin + +#### CLI + +```bash +lyrionctl status # Status +lyrionctl scan # Rescan library +lyrionctl players # List players +``` + +--- + +### PhotoPrism + +**Package**: `secubox-app-photoprism` + `luci-app-photoprism` + +AI-powered photo gallery. + +![PhotoPrism](../../screenshots/router/photoprism.png) + +#### Features + +- AI face recognition +- Object detection +- Places/maps +- Timeline view +- Sharing + +--- + +### PeerTube + +**Package**: `secubox-app-peertube` + `luci-app-peertube` + +Federated video platform. + +![PeerTube](../../screenshots/router/peertube.png) + +#### Features + +- P2P video delivery +- Federation support +- Live streaming +- Transcoding +- Comments/likes + +--- + +## Collaboration + +### Nextcloud + +**Package**: `secubox-app-nextcloud` + `luci-app-nextcloud` + +Cloud storage and collaboration. + +![Nextcloud](../../screenshots/router/nextcloud.png) + +#### Features + +- File sync +- Calendar/Contacts +- Office documents +- Talk (video calls) +- App ecosystem + +--- + +### Gitea + +**Package**: `secubox-app-gitea` + `luci-app-gitea` + +Git server with web interface. + +![Gitea](../../screenshots/router/gitea.png) + +#### Features + +- Git hosting +- Issue tracker +- Pull requests +- CI/CD (Actions) +- Wiki + +--- + +### Jitsi + +**Package**: `secubox-app-jitsi` + `luci-app-jitsi` + +Video conferencing. + +![Jitsi](../../screenshots/router/jitsi.png) + +#### Features + +- Video meetings +- Screen sharing +- Recording +- SRTP encryption +- No account required + +--- + +## Communication + +### Matrix + +**Package**: `secubox-app-matrix` + `luci-app-matrix` + +Matrix chat server (Conduit). + +![Matrix](../../screenshots/router/matrix.png) + +#### Features + +- E2E encryption +- Federation +- Bridges (IRC, Telegram) +- Mobile apps +- Low resource (~15MB RAM) + +--- + +### Jabber + +**Package**: `secubox-app-jabber` + `luci-app-jabber` + +XMPP server (Prosody). + +![Jabber](../../screenshots/router/jabber.png) + +#### Features + +- XMPP/Jabber protocol +- OMEMO encryption +- File transfer +- Group chat +- S2S federation + +--- + +### SimpleX + +**Package**: `secubox-app-simplex` + `luci-app-simplex` + +Private messaging. + +![SimpleX](../../screenshots/router/simplex.png) + +#### Features + +- No user identifiers +- E2E encryption +- Decentralized +- Mobile apps + +--- + +### VoIP + +**Package**: `secubox-app-voip` + `luci-app-voip` + +Asterisk PBX. + +![VoIP](../../screenshots/router/voip.png) + +#### Features + +- SIP/IAX2 trunks +- IVR menus +- Voicemail +- Call recording +- Conference bridges + +--- + +## Social + +### GoToSocial + +**Package**: `secubox-app-gotosocial` + `luci-app-gotosocial` + +ActivityPub social server. + +![GoToSocial](../../screenshots/router/gotosocial.png) + +#### Features + +- Mastodon compatible +- Federation +- Media uploads +- Lightweight + +--- + +## IoT + +### Domoticz + +**Package**: `secubox-app-domoticz` + `luci-app-domoticz` + +Home automation. + +![Domoticz](../../screenshots/router/domoticz.png) + +#### Features + +- Device management +- Automation rules +- MQTT integration +- Energy monitoring +- Camera support + +--- + +### Zigbee2MQTT + +**Package**: `secubox-app-zigbee2mqtt` + `luci-app-zigbee2mqtt` + +Zigbee to MQTT bridge. + +![Zigbee](../../screenshots/router/zigbee.png) + +#### Features + +- 3000+ device support +- No proprietary hub +- OTA updates +- Device pairing +- Network map + +--- + +### MagicMirror + +**Package**: `secubox-app-magicmirror2` + `luci-app-magicmirror2` + +Smart mirror platform. + +![MagicMirror](../../screenshots/router/magicmirror.png) + +#### Features + +- Module ecosystem +- Calendar/Weather +- News feeds +- Voice control +- Remote config + +--- + +## Utilities + +### Torrent + +**Package**: `secubox-app-qbittorrent` + `luci-app-torrent` + +BitTorrent client. + +![Torrent](../../screenshots/router/torrent.png) + +#### Features + +- Web interface +- RSS feeds +- Categories +- Speed limits +- VPN support + +--- + +### Webradio + +**Package**: `secubox-app-webradio` + `luci-app-webradio` + +Internet radio streaming. + +![Webradio](../../screenshots/router/webradio.png) + +#### Features + +- Station management +- MPD integration +- Lyrion integration +- Recording +- Schedule + +--- + +### Mailserver + +**Package**: `secubox-app-mailserver` + `luci-app-mailserver` + +Full email server. + +![Mailserver](../../screenshots/router/mailserver.png) + +#### Features + +- Postfix + Dovecot +- Webmail (Roundcube) +- DKIM signing +- Spam filtering +- Multiple domains + +--- + +## Installation + +### Via App Store + +Navigate to **SecuBox > Apps** and browse the catalog. + +### Via CLI + +```bash +# Install app +opkg install secubox-app-jellyfin luci-app-jellyfin + +# Start service +/etc/init.d/jellyfin enable +/etc/init.d/jellyfin start +``` + +### Container Apps + +Most apps run in LXC containers: + +```bash +# List containers +lxc-ls -f + +# Start container +lxc-start -n jellyfin + +# Console access +lxc-attach -n jellyfin +``` + +--- + +See also: +- [Publishing Modules](Publishing.md) +- [System Modules](System.md) +- [Architecture](../Architecture.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/DNS.md b/docs/wiki/modules/DNS.md new file mode 100644 index 00000000..6f9918d0 --- /dev/null +++ b/docs/wiki/modules/DNS.md @@ -0,0 +1,311 @@ +# DNS Modules + +SecuBox provides 6 DNS management and security modules. + +--- + +## Overview + +| Layer | Components | +|-------|------------| +| **Server** | DNS Master (BIND) | +| **Security** | DNS Guard, Vortex DNS Firewall | +| **Resolution** | Meshname DNS, AdGuard Home | +| **External** | DNS Provider API | + +--- + +## DNS Master + +**Package**: `secubox-app-dns-master` + `luci-app-dns-master` + +Primary DNS server (BIND). + +![DNS Master](../../screenshots/router/dns.png) + +### Features + +- Zone management +- Record editing +- DNSSEC support +- Secondary DNS +- Zone transfers + +### Record Types + +| Type | Description | +|------|-------------| +| A | IPv4 address | +| AAAA | IPv6 address | +| CNAME | Alias | +| MX | Mail exchange | +| TXT | Text record | +| SRV | Service locator | + +### CLI + +```bash +dnsctl status # Status +dnsctl zone list # List zones +dnsctl zone add example.com # Add zone +dnsctl record add A www 1.2.3.4 # Add record +dnsctl reload # Reload BIND +``` + +--- + +## DNS Guard + +**Package**: `secubox-dns-guard` + `luci-app-dnsguard` + +AI-powered DNS anomaly detection. + +![DNS Guard](../../screenshots/router/dnsguard.png) + +### Features + +- Query analysis +- Anomaly detection +- DGA detection +- Tunneling detection +- Real-time alerts + +### Detection Types + +| Type | Description | +|------|-------------| +| DGA | Domain generation algorithm | +| Tunneling | DNS data exfiltration | +| Fast-flux | Rapidly changing IPs | +| Typosquatting | Similar domain names | +| Suspicious | High entropy domains | + +### CLI + +```bash +dnsguardctl status # Status +dnsguardctl analyze # Run analysis +dnsguardctl alerts # View alerts +dnsguardctl whitelist add x # Add to whitelist +``` + +--- + +## Vortex DNS Firewall + +**Package**: `secubox-vortex-dns` + `luci-app-vortex-dns` + +Threat intelligence DNS firewall. + +![Vortex DNS](../../screenshots/router/vortex-dns.png) + +### Features + +- Blocklist aggregation +- Real-time blocking +- Sinkhole server +- Mesh threat sharing +- Category filtering + +### Blocklist Sources + +| Source | Categories | +|--------|------------| +| CrowdSec | Threat intel | +| Pi-hole | Ads, tracking | +| Steven Black | Malware, phishing | +| Custom | User-defined | + +### CLI + +```bash +vortexctl status # Status +vortexctl update # Update blocklists +vortexctl block add domain # Block domain +vortexctl stats # View statistics +``` + +--- + +## Meshname DNS + +**Package**: `secubox-app-meshname-dns` + `luci-app-meshname-dns` + +Mesh DNS resolution (.ygg). + +![Meshname](../../screenshots/router/meshname.png) + +### Features + +- Yggdrasil DNS resolution +- Mesh peer discovery +- Gossip-based sync +- Local caching +- Fallback resolution + +### Resolution Flow + +``` +Query: mynode.ygg + ↓ +Local cache? + ↓ No +Gossip lookup? + ↓ No +Yggdrasil network? + ↓ +Response +``` + +### CLI + +```bash +meshnameectl status # Status +meshnameectl lookup mynode # Lookup name +meshnameectl register myname # Register name +meshnameectl peers # View peers +``` + +--- + +## DNS Provider + +**Package**: `secubox-app-dns-provider` + `luci-app-dns-provider` + +External DNS provider API integration. + +![DNS Provider](../../screenshots/router/dns-provider.png) + +### Supported Providers + +| Provider | Features | +|----------|----------| +| OVH | Zone management, API v1 | +| Gandi | LiveDNS API | +| Cloudflare | Zone API | +| Custom | RFC 2136 dynamic DNS | + +### Features + +- Automatic record updates +- ACME DNS-01 challenges +- Wildcard certificates +- Subdomain management + +### CLI + +```bash +dnsctl provider status # Status +dnsctl provider list # List providers +dnsctl provider add ovh # Configure OVH +dnsctl add A subdomain 1.2.3.4 # Add record +``` + +--- + +## AdGuard Home + +**Package**: `secubox-app-adguardhome` + +Ad blocking DNS server. + +![AdGuard](../../screenshots/router/adguard.png) + +### Features + +- Ad blocking +- Tracking protection +- Parental controls +- Per-client settings +- Query log + +### Filter Lists + +| List | Description | +|------|-------------| +| AdGuard | Default filter | +| EasyList | Ad blocking | +| Malware | Security | +| Social | Social tracking | + +--- + +## Configuration + +### Configure DNS Master + +```bash +# Add zone +dnsctl zone add example.com + +# Add records +dnsctl record add example.com A www 192.168.1.10 +dnsctl record add example.com MX mail 10 +dnsctl record add example.com TXT @ "v=spf1 mx -all" + +# Enable DNSSEC +dnsctl dnssec enable example.com +``` + +### Configure Vortex DNS + +```bash +# Enable firewall +uci set vortex-dns.main.enabled='1' +uci set vortex-dns.main.sinkhole='192.168.255.1' +uci commit vortex-dns + +# Add blocklists +vortexctl source add https://example.com/blocklist.txt +vortexctl update +``` + +### Configure DNS Provider (OVH) + +```bash +# Setup OVH API +dnsctl provider add ovh \ + --app-key="xxx" \ + --app-secret="xxx" \ + --consumer-key="xxx" + +# Add record +dnsctl add A subdomain.example.com 1.2.3.4 +``` + +--- + +## DNS Resolution Flow + +``` +Client Query + ↓ +┌─────────────┐ +│ dnsmasq │ ←── Local cache +└──────┬──────┘ + ↓ +┌─────────────┐ +│ DNS Guard │ ←── Anomaly detection +└──────┬──────┘ + ↓ +┌─────────────┐ +│ Vortex DNS │ ←── Blocklist check +└──────┬──────┘ + ↓ +┌─────────────┐ +│ DNS Master │ ←── Local zones +└──────┬──────┘ + ↓ + Upstream DNS +``` + +--- + +See also: +- [Security Modules](Security.md) +- [Network Modules](Network.md) +- [Architecture](../Architecture.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/Mesh.md b/docs/wiki/modules/Mesh.md new file mode 100644 index 00000000..0beb9701 --- /dev/null +++ b/docs/wiki/modules/Mesh.md @@ -0,0 +1,350 @@ +# Mesh Network Modules + +SecuBox provides decentralized mesh networking through 7 integrated modules. + +--- + +## Overview + +| Layer | Components | +|-------|------------| +| **Transport** | WireGuard VPN tunnels | +| **Discovery** | mDNS, Yggdrasil, subnet scanning | +| **Topology** | Mesh daemon, gate election | +| **Services** | P2P registry, MirrorNet | +| **Identity** | DID:plc, ZKP verification | + +--- + +## SecuBox Mesh + +**Package**: `secubox-mesh` + `luci-app-secubox-mesh` + +Core mesh daemon with topology management and automatic gate election. + +![Mesh Dashboard](../../screenshots/router/mesh.png) + +### Features + +- Peer discovery (mDNS, ARP, WireGuard) +- Topology management +- Gate election (weighted scoring) +- Cross-node telemetry +- Device/VM/container discovery + +### Discovery Methods + +| Method | Description | +|--------|-------------| +| mDNS | `_secubox._udp.local` service discovery | +| ARP | Network neighbor scanning | +| WireGuard | Peer configuration scanning | +| Docker | Container discovery via socket | +| LXC | Container discovery via lxc-ls | +| libvirt | VM discovery via virsh | + +### CLI + +```bash +secuboxctl status # Mesh status +secuboxctl peers # List peers +secuboxctl topology # Show topology +secuboxctl telemetry # Node metrics +secuboxctl scan # Trigger discovery +``` + +### RPCD Methods + +| Method | Description | +|--------|-------------| +| `status` | Mesh daemon status | +| `peers` | List mesh peers | +| `topology` | Network topology | +| `nodes` | All known nodes | +| `devices` | Discovered devices | +| `scan_full` | Full network scan | +| `scan_containers` | Container/VM scan | + +--- + +## WireGuard Dashboard + +**Package**: `luci-app-wireguard-dashboard` + +WireGuard VPN management with QR code generation. + +![WireGuard](../../screenshots/router/wireguard.png) + +### Features + +- Interface management +- Peer configuration +- QR code generation +- Traffic monitoring +- Mobile client export + +### CLI + +```bash +wgctl status # VPN status +wgctl peers # List peers +wgctl add-peer # Add peer +wgctl qr # Generate QR +``` + +--- + +## P2P Network + +**Package**: `secubox-p2p` + `luci-app-secubox-p2p` + +Decentralized gossip protocol with blockchain sync. + +![P2P](../../screenshots/router/p2p.png) + +### Features + +- Gossip protocol +- Service registry +- Threat intelligence sharing +- Configuration sync +- Blockchain-based consensus + +### Gossip Topics + +| Topic | Description | +|-------|-------------| +| `services` | Service announcements | +| `threats` | IoC sharing | +| `config` | Configuration sync | +| `peers` | Peer discovery | + +### CLI + +```bash +p2pctl status # P2P status +p2pctl peers # Connected peers +p2pctl publish # Publish service +p2pctl subscribe # Subscribe to topic +``` + +--- + +## MirrorNet + +**Package**: `secubox-mirrornet` + `luci-app-secubox-mirror` + +Service mirroring and CDN capabilities. + +![MirrorNet](../../screenshots/router/mirror.png) + +### Features + +- Service mirroring +- Load balancing +- CDN distribution +- Failover routing +- Gossip-based sync + +### Modes + +| Mode | Description | +|------|-------------| +| Master | Primary service provider | +| Slave | Mirror/replica | +| Submaster | Hierarchical replication | + +### CLI + +```bash +mirrorctl status # Mirror status +mirrorctl list # List mirrors +mirrorctl add # Add mirror +mirrorctl sync # Force sync +``` + +--- + +## Master Link + +**Package**: `secubox-master-link` + `luci-app-master-link` + +Node onboarding and mesh joining. + +![Master Link](../../screenshots/router/master-link.png) + +### Features + +- Easy node onboarding +- Join token generation +- Automatic configuration +- Trust establishment +- IPK package generation + +### Onboarding Flow + +``` +1. Master: Generate join token +2. New node: Install join IPK +3. Automatic: WireGuard config +4. Automatic: Trust verification +5. Complete: Node joins mesh +``` + +### CLI + +```bash +master-linkctl status # Link status +master-linkctl generate # Generate join token +master-linkctl join # Join mesh +master-linkctl nodes # List nodes +``` + +--- + +## Identity + +**Package**: `secubox-identity` + +DID:plc generation and trust management. + +### Features + +- DID:plc generation +- Key rotation +- Trust scoring +- Cross-node verification +- Reputation system + +### CLI + +```bash +identityctl status # Identity status +identityctl did # Show DID +identityctl rotate # Rotate keys +identityctl trust # Trust peer +identityctl verify # Verify peer +``` + +--- + +## OpenClaw + +**Package**: `luci-app-openclaw` + +OpenClaw VPN integration. + +![OpenClaw](../../screenshots/router/openclaw.png) + +### Features + +- OpenClaw server connection +- NAT traversal +- Firewall bypass +- Automatic reconnection + +--- + +## Configuration + +### Enable Mesh Network + +```bash +# Enable mesh daemon +uci set secubox-mesh.main.enabled='1' +uci set secubox-mesh.main.node_name='mynode' +uci commit secubox-mesh + +# Start daemon +/etc/init.d/secuboxd enable +/etc/init.d/secuboxd start +``` + +### Configure WireGuard Mesh + +```bash +# Create mesh interface +uci set network.wgmesh=interface +uci set network.wgmesh.proto='wireguard' +uci set network.wgmesh.private_key="$(wg genkey)" +uci set network.wgmesh.addresses='10.10.10.1/24' +uci commit network + +# Add peer +wgctl add-peer node2 10.10.10.2 +``` + +### Join Existing Mesh + +```bash +# On master node +master-linkctl generate > join-token.txt + +# On new node +master-linkctl join "$(cat join-token.txt)" +``` + +--- + +## Gate Election + +The mesh automatically elects a "gate" node for internet access: + +### Scoring Factors + +| Factor | Weight | Description | +|--------|--------|-------------| +| Bandwidth | 30% | Available bandwidth | +| Latency | 25% | Internet latency | +| Uptime | 20% | Node stability | +| Resources | 15% | CPU/RAM availability | +| Manual | 10% | Admin preference | + +### Manual Override + +```bash +# Force node as gate +secuboxctl set-gate + +# Disable gate election +uci set secubox-mesh.election.enabled='0' +uci commit secubox-mesh +``` + +--- + +## Troubleshooting + +### Peer not discovered + +```bash +# Check mDNS +avahi-browse -a | grep secubox + +# Check WireGuard +wg show + +# Force scan +secuboxctl scan +``` + +### Gate election failing + +```bash +# Check election status +secuboxctl election status + +# View scoring +secuboxctl election scores +``` + +--- + +See also: +- [Security Modules](Security.md) +- [Network Modules](Network.md) +- [Architecture](../Architecture.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/Network.md b/docs/wiki/modules/Network.md new file mode 100644 index 00000000..0b447eee --- /dev/null +++ b/docs/wiki/modules/Network.md @@ -0,0 +1,328 @@ +# Network Modules + +SecuBox provides comprehensive network management through 12 integrated modules. + +--- + +## Overview + +| Layer | Components | +|-------|------------| +| **Routing** | Network Modes, Traffic Shaper | +| **Proxy** | HAProxy, CDN Cache | +| **Monitoring** | Bandwidth Manager, Routes Status | +| **Services** | MQTT Bridge, KSM Manager | +| **Diagnostics** | Network Diag, Network Tweaks | + +--- + +## Network Modes + +**Package**: `luci-app-network-modes` + +Network mode configuration (Router/AP/Bridge). + +![Network Modes](../../screenshots/router/netmodes.png) + +### Modes + +| Mode | Description | +|------|-------------| +| Router | Full routing with NAT | +| AP | Access Point mode | +| Bridge | Transparent bridge | +| Mesh | Mesh node | +| Client | WISP client | + +### Features + +- One-click mode switching +- Interface auto-configuration +- VLAN support +- Firewall auto-adjustment + +--- + +## HAProxy + +**Package**: `secubox-app-haproxy` + `luci-app-haproxy` + +Load balancer and reverse proxy. + +![HAProxy](../../screenshots/router/haproxy.png) + +### Features + +- Virtual hosts (274+) +- SSL termination (ACME) +- Load balancing +- Health checks +- Statistics dashboard + +### CLI + +```bash +haproxyctl status # Service status +haproxyctl vhost list # List vhosts +haproxyctl vhost add # Add vhost +haproxyctl ssl request # Request SSL +haproxyctl reload # Reload config +``` + +### Architecture + +``` +Internet → HAProxy (443/80) → mitmproxy WAF → Backend + ↓ + SSL Termination + Load Balancing + ACL Routing +``` + +--- + +## Bandwidth Manager + +**Package**: `luci-app-bandwidth-manager` + +Traffic monitoring and bandwidth limits. + +![Bandwidth](../../screenshots/router/bandwidth.png) + +### Features + +- Real-time monitoring +- Per-client limits +- Scheduled throttling +- Alert notifications +- Historical graphs + +### Limit Types + +| Type | Description | +|------|-------------| +| Upload | Upload bandwidth limit | +| Download | Download bandwidth limit | +| Combined | Total bandwidth limit | +| Burst | Burst allowance | + +--- + +## Traffic Shaper + +**Package**: `luci-app-traffic-shaper` + +QoS and traffic prioritization. + +![Traffic Shaper](../../screenshots/router/traffic.png) + +### Features + +- Application-based QoS +- Priority queues +- Bandwidth reservation +- Fair queuing +- Real-time stats + +### Priority Classes + +| Class | Applications | +|-------|--------------| +| Realtime | VoIP, gaming | +| Priority | Video, streaming | +| Normal | Web browsing | +| Bulk | Downloads, backups | + +--- + +## Virtual Hosts + +**Package**: `luci-app-vhost-manager` + +Virtual host management. + +![VHosts](../../screenshots/router/vhost.png) + +### Features + +- Domain management +- Backend configuration +- SSL certificate status +- WAF integration +- Redirect rules + +--- + +## CDN Cache + +**Package**: `luci-app-cdn-cache` + +Content caching proxy. + +![CDN Cache](../../screenshots/router/cdn.png) + +### Features + +- HTTP/HTTPS caching +- Cache policies +- Storage management +- Hit rate statistics +- Purge controls + +--- + +## Routes Status + +**Package**: `luci-app-routes-status` + +Route monitoring and health checks. + +![Routes](../../screenshots/router/routes.png) + +### Features + +- Route health checks +- Up/Down monitoring +- Response time tracking +- Alert notifications +- Historical data + +--- + +## Network Tweaks + +**Package**: `luci-app-network-tweaks` + +Advanced network settings. + +![Tweaks](../../screenshots/router/tweaks.png) + +### Features + +- Kernel parameters +- TCP optimization +- Buffer tuning +- Congestion control +- MTU configuration + +--- + +## MQTT Bridge + +**Package**: `luci-app-mqtt-bridge` + +MQTT protocol bridge for IoT. + +![MQTT](../../screenshots/router/mqtt.png) + +### Features + +- Broker configuration +- Bridge connections +- Topic mapping +- TLS support +- Authentication + +--- + +## Network Diagnostics + +**Package**: `luci-app-secubox-netdiag` + +Network diagnostic tools. + +![NetDiag](../../screenshots/router/netdiag.png) + +### Features + +- Ping/Traceroute +- DNS lookup +- Port scanning +- Bandwidth test +- Packet capture + +--- + +## SAAS Relay + +**Package**: `luci-app-saas-relay` + +SaaS service relay. + +![SAAS](../../screenshots/router/saas.png) + +### Features + +- API proxying +- Rate limiting +- Caching +- Authentication + +--- + +## KSM Manager + +**Package**: `luci-app-ksm-manager` + +Kernel shared memory management. + +![KSM](../../screenshots/router/ksm.png) + +### Features + +- Memory deduplication +- Page sharing stats +- Performance tuning +- Container optimization + +--- + +## Configuration + +### Enable Traffic Shaping + +```bash +uci set traffic-shaper.main.enabled='1' +uci set traffic-shaper.main.wan='wan' +uci set traffic-shaper.main.download='100000' # 100 Mbps +uci set traffic-shaper.main.upload='50000' # 50 Mbps +uci commit traffic-shaper +``` + +### Configure HAProxy Vhost + +```bash +# Add virtual host +haproxyctl vhost add myapp.example.com + +# Configure backend +haproxyctl backend set myapp.example.com 192.168.255.10:8080 + +# Request SSL +haproxyctl ssl request myapp.example.com + +# Reload +haproxyctl reload +``` + +### Bandwidth Limits + +```bash +# Set client limit +uci add bandwidth-manager limit +uci set bandwidth-manager.@limit[-1].mac='00:11:22:33:44:55' +uci set bandwidth-manager.@limit[-1].download='10000' # 10 Mbps +uci set bandwidth-manager.@limit[-1].upload='5000' # 5 Mbps +uci commit bandwidth-manager +``` + +--- + +See also: +- [Security Modules](Security.md) +- [Monitoring Modules](Monitoring.md) +- [Architecture](../Architecture.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/Security.md b/docs/wiki/modules/Security.md new file mode 100644 index 00000000..e122ca14 --- /dev/null +++ b/docs/wiki/modules/Security.md @@ -0,0 +1,321 @@ +# Security Modules + +SecuBox provides comprehensive security through 15 integrated modules. + +--- + +## Overview + +| Layer | Components | +|-------|------------| +| **Perimeter** | CrowdSec IDS/IPS, WAF (mitmproxy) | +| **Network** | DNS Guard, Vortex Firewall, IP Blocklist | +| **Access** | Auth Guardian, Client Guardian, MAC Guardian | +| **Verification** | ZKP, IoT Guard | +| **Analysis** | Threat Analyst, Avatar Tap, Cookie Tracker | + +--- + +## CrowdSec Dashboard + +**Package**: `luci-app-crowdsec-dashboard` + +Intrusion Detection and Prevention System with collaborative threat intelligence. + +![CrowdSec Dashboard](../../screenshots/router/crowdsec.png) + +### Features + +- Real-time alert monitoring +- Active decisions (bans, captchas) +- Scenario management +- Bouncer configuration +- CAPI integration (crowd-sourced blocklists) + +### CLI + +```bash +cscli decisions list # View active bans +cscli alerts list # View recent alerts +cscli scenarios list # List installed scenarios +cscli bouncers list # List bouncers +``` + +### RPCD Methods + +| Method | Description | +|--------|-------------| +| `status` | Get CrowdSec service status | +| `get_overview` | Dashboard overview data | +| `get_decisions` | Active decisions list | +| `get_alerts` | Recent alerts | +| `add_decision` | Add manual ban | + +--- + +## WAF Filters (mitmproxy) + +**Package**: `luci-app-mitmproxy` + +Web Application Firewall with TLS inspection. + +![WAF](../../screenshots/router/waf.png) + +### Features + +- HTTP/HTTPS inspection +- Rule-based filtering +- Request/response modification +- SSL certificate generation +- HAProxy integration + +### Architecture + +``` +Client → HAProxy → mitmproxy WAF → Backend Service + ↓ + CrowdSec +``` + +### CLI + +```bash +mitmproxyctl status # Service status +mitmproxyctl sync-routes # Sync HAProxy routes +mitmproxyctl reload # Reload configuration +``` + +--- + +## DNS Guard + +**Package**: `secubox-dns-guard` + `luci-app-dnsguard` + +AI-powered DNS anomaly detection. + +![DNS Guard](../../screenshots/router/dnsguard.png) + +### Features + +- DNS query analysis +- Anomaly detection (DGA, tunneling) +- Blocklist integration +- Real-time monitoring +- AI-powered threat scoring + +### Detection Types + +| Type | Description | +|------|-------------| +| DGA | Domain generation algorithm detection | +| Tunneling | DNS tunneling detection | +| Fast-flux | Fast-flux domain detection | +| Suspicious | Unusual query patterns | + +--- + +## Auth Guardian + +**Package**: `luci-app-auth-guardian` + +Authentication monitoring and brute-force protection. + +![Auth Guardian](../../screenshots/router/auth.png) + +### Features + +- Login attempt monitoring +- Brute-force detection +- Automatic blocking +- Session tracking +- Alert notifications + +### Monitored Services + +- LuCI web interface +- SSH +- VPN connections +- Custom services + +--- + +## Client Guardian + +**Package**: `luci-app-client-guardian` + +Network client access control. + +![Client Guardian](../../screenshots/router/clients.png) + +### Features + +- Client inventory +- Access policies +- Bandwidth limits +- Schedule-based access +- VLAN assignment + +### Access Modes + +| Mode | Description | +|------|-------------| +| Allow | Full network access | +| Guest | Limited internet only | +| Block | No network access | +| Schedule | Time-based access | + +--- + +## MAC Guardian + +**Package**: `luci-app-mac-guardian` + +MAC address management and security. + +![MAC Guardian](../../screenshots/router/mac.png) + +### Features + +- MAC address inventory +- Whitelist/blacklist +- Manufacturer lookup (OUI) +- Spoofing detection +- Alert notifications + +--- + +## ZKP Verification + +**Package**: `luci-app-zkp` + +Zero-knowledge proof mesh verification. + +![ZKP](../../screenshots/router/zkp.png) + +### Features + +- Peer identity verification +- Trust chain validation +- Cross-node verification +- Cryptographic proofs + +### Use Cases + +- Mesh peer authentication +- Service authorization +- Distributed trust + +--- + +## IoT Guard + +**Package**: `luci-app-iot-guard` + +IoT device security isolation. + +![IoT Guard](../../screenshots/router/iot.png) + +### Features + +- IoT device detection +- Network segmentation +- Traffic monitoring +- Firmware analysis +- Vulnerability scanning + +### Security Profiles + +| Profile | Description | +|---------|-------------| +| Isolated | No inter-device communication | +| Grouped | Communication within group only | +| Full | Standard network access | + +--- + +## Threat Analyst + +**Package**: `secubox-threat-analyst` + `luci-app-threat-analyst` + +AI-powered threat correlation and analysis. + +![Threat Analyst](../../screenshots/router/threat-analyst.png) + +### Features + +- Multi-source correlation (CrowdSec, WAF, DPI) +- AI-powered threat scoring +- Attack pattern detection +- Incident timeline +- Automated response + +### Data Sources + +- CrowdSec alerts +- WAF blocks +- DPI flows +- DNS queries +- Auth logs + +--- + +## Avatar Tap + +**Package**: `secubox-avatar-tap` + `luci-app-avatar-tap` + +Session capture and replay for security analysis. + +![Avatar Tap](../../screenshots/router/avatar-tap.png) + +### Features + +- Passive session capture +- Cookie/header recording +- Session replay +- Forensic analysis +- Export/import + +### Use Cases + +- Security testing +- Session analysis +- Incident investigation + +--- + +## Configuration + +### Enable All Security Modules + +```bash +# Via UCI +uci set crowdsec.crowdsec.enabled='1' +uci set mitmproxy.main.enabled='1' +uci set secubox.security.auth_guardian='1' +uci set secubox.security.client_guardian='1' +uci commit + +# Restart services +/etc/init.d/crowdsec restart +/etc/init.d/mitmproxy restart +``` + +### CrowdSec Scenarios + +```bash +# Install common scenarios +cscli scenarios install crowdsecurity/ssh-bf +cscli scenarios install crowdsecurity/http-bf +cscli scenarios install crowdsecurity/http-crawl +``` + +--- + +See also: +- [Network Modules](Network.md) +- [AI Modules](AI.md) +- [Architecture](../Architecture.md) + +--- + +*SecuBox v1.0.0* diff --git a/docs/wiki/modules/System.md b/docs/wiki/modules/System.md new file mode 100644 index 00000000..df235b25 --- /dev/null +++ b/docs/wiki/modules/System.md @@ -0,0 +1,394 @@ +# System Modules + +SecuBox provides 14 system administration modules. + +--- + +## Overview + +| Category | Modules | +|----------|---------| +| **Dashboard** | System Hub, Portal, Admin | +| **Configuration** | SecuBox Settings, Config Vault, Config Advisor | +| **Communication** | SMTP Relay, Reporter | +| **Remote** | RTTY Remote | +| **Backup** | Backup, Cloner | +| **Management** | Users, RezApp, Cyberfeed | + +--- + +## System Hub + +**Package**: `luci-app-system-hub` + +Central system dashboard. + +![System Hub](../../screenshots/router/hub.png) + +### Features + +- System overview +- Quick actions +- Service status +- Resource graphs +- Recent alerts + +--- + +## SecuBox Settings + +**Package**: `luci-app-secubox` + +Main SecuBox configuration. + +![Settings](../../screenshots/router/settings.png) + +### Features + +- Theme selection +- Network mode +- Security settings +- Feature toggles +- Update management + +--- + +## SecuBox Admin + +**Package**: `luci-app-secubox-admin` + +Admin control center. + +![Admin](../../screenshots/router/admin.png) + +### Features + +- User management +- Access logs +- System logs +- Debug tools +- Advanced config + +--- + +## SecuBox Portal + +**Package**: `luci-app-secubox-portal` + +User-facing portal. + +![Portal](../../screenshots/router/portal.png) + +### Features + +- Welcome page +- Quick links +- Status display +- Guest access + +--- + +## Config Vault + +**Package**: `secubox-app-config-vault` + `luci-app-config-vault` + +Git-based configuration backup. + +![Config Vault](../../screenshots/router/config-vault.png) + +### Features + +- Auto-commit changes +- Git versioning +- Remote sync (Gitea) +- Restore points +- Module backups + +### Modules + +| Module | Contents | +|--------|----------| +| users | Users, passwords, SSH keys | +| network | Interfaces, firewall, DHCP | +| services | HAProxy, CrowdSec, apps | +| security | WAF, auth, certificates | +| system | Hostname, timezone, cron | + +### CLI + +```bash +configvaultctl status # Status +configvaultctl backup # Manual backup +configvaultctl restore # Restore commit +configvaultctl push # Sync to remote +configvaultctl history # View history +``` + +--- + +## Config Advisor + +**Package**: `secubox-config-advisor` + `luci-app-config-advisor` + +ANSSI compliance advisor. + +![Config Advisor](../../screenshots/router/config-advisor.png) + +### Features + +- Security audit +- Compliance checking +- Recommendations +- ANSSI CSPN prep +- Report generation + +### Checks + +| Category | Items | +|----------|-------| +| Authentication | Password strength, 2FA | +| Encryption | TLS versions, ciphers | +| Network | Firewall rules, services | +| Access | User permissions, SSH | + +--- + +## SMTP Relay + +**Package**: `secubox-app-smtp-relay` + `luci-app-smtp-relay` + +Centralized email configuration. + +![SMTP](../../screenshots/router/smtp.png) + +### Features + +- Provider configuration +- Test email +- Multi-recipient +- TLS support +- Fallback modes + +### Providers + +| Provider | Type | +|----------|------| +| Gmail | OAuth/App password | +| SendGrid | API key | +| Mailgun | API key | +| Custom | SMTP credentials | +| Local | Local mailserver | + +### CLI + +```bash +smtp-relayctl status # Status +smtp-relayctl test # Send test email +smtp-relayctl configure # Setup wizard +``` + +--- + +## Reporter + +**Package**: `secubox-app-reporter` + `luci-app-reporter` + +System report generator. + +![Reporter](../../screenshots/router/reporter.png) + +### Features + +- Report generation +- Email delivery +- Scheduled reports +- Multiple formats +- KissTheme styling + +### Report Types + +| Type | Contents | +|------|----------| +| Development | WIP, history, roadmap | +| Services | Tor, DNS/SSL, mesh exposure | +| System | Hardware, performance | +| Security | Threats, bans, alerts | + +### CLI + +```bash +secubox-reportctl generate dev # Generate report +secubox-reportctl send dev # Email report +secubox-reportctl schedule weekly # Schedule +``` + +--- + +## RTTY Remote + +**Package**: `secubox-app-rtty-remote` + `luci-app-rtty-remote` + +Remote terminal access. + +![RTTY](../../screenshots/router/rtty.png) + +### Features + +- Web terminal (ttyd) +- RPC proxy to mesh nodes +- Token-based sharing +- Session tracking +- Remote deployment + +### CLI + +```bash +rttyctl status # Status +rttyctl nodes # List nodes +rttyctl rpc # Remote RPC +rttyctl token generate # Share token +``` + +--- + +## Backup + +**Package**: `luci-app-backup` + +System backup management. + +![Backup](../../screenshots/router/backup.png) + +### Features + +- Full system backup +- Selective backup +- Restore +- Scheduled backups +- Remote storage + +--- + +## Cloner + +**Package**: `luci-app-cloner` + +Device cloning. + +![Cloner](../../screenshots/router/cloner.png) + +### Features + +- Config export +- Config import +- Mesh provisioning +- First-boot setup + +--- + +## User Management + +**Package**: `luci-app-secubox-users` + +User account management. + +![Users](../../screenshots/router/users.png) + +### Features + +- User accounts +- Group management +- Permissions +- SSH keys +- Password policies + +--- + +## RezApp + +**Package**: `secubox-app-rezapp` + `luci-app-rezapp` + +Docker to LXC converter. + +![RezApp](../../screenshots/router/rezapp.png) + +### Features + +- Docker image import +- LXC conversion +- UCI config generation +- HAProxy integration +- Offline mode + +### CLI + +```bash +rezappctl search # Search Docker Hub +rezappctl import # Import image +rezappctl convert # Convert to LXC +rezappctl run # Start container +``` + +--- + +## Cyberfeed + +**Package**: `secubox-app-cyberfeed` + `luci-app-cyberfeed` + +Threat feed manager. + +![Cyberfeed](../../screenshots/router/cyberfeed.png) + +### Features + +- Feed subscriptions +- Auto-update +- CrowdSec integration +- Custom feeds +- Alert notifications + +--- + +## Configuration + +### Enable Config Vault + +```bash +# Initialize +configvaultctl init + +# Enable auto-backup +uci set config-vault.main.auto_backup='1' +uci set config-vault.main.interval='hourly' +uci commit config-vault + +# Configure remote +uci set config-vault.git.remote='git@git.example.com:user/config.git' +uci commit config-vault +``` + +### Configure SMTP + +```bash +# Setup Gmail +smtp-relayctl configure gmail + +# Or manual +uci set smtp-relay.main.provider='custom' +uci set smtp-relay.main.host='smtp.example.com' +uci set smtp-relay.main.port='587' +uci set smtp-relay.main.user='user@example.com' +uci set smtp-relay.main.password='secret' +uci commit smtp-relay +``` + +--- + +See also: +- [Security Modules](Security.md) +- [AI Modules](AI.md) +- [Architecture](../Architecture.md) + +--- + +*SecuBox v1.0.0*