gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Add comprehensive wiki and module documentation

Browse Source 
Wiki structure:
- Home.md: Main navigation with module categories
- Installation.md: Getting started guide
- Quick-Start.md: First-time setup walkthrough
- Architecture.md: 4-layer architecture overview
- Modules.md: Complete catalog of 80+ modules

Module documentation (docs/wiki/modules/):
- Security.md: 15 security modules (CrowdSec, WAF, Guardians)
- Network.md: 12 network modules (HAProxy, Bandwidth, Traffic)
- Mesh.md: 7 VPN/mesh modules (WireGuard, P2P, MirrorNet)
- DNS.md: 6 DNS modules (DNS Master, Vortex, Meshname)
- Apps.md: 20 application modules (Jellyfin, Nextcloud, Matrix)
- System.md: 14 system modules (Config Vault, Reporter, RTTY)
- AI.md: 8 AI modules (Gateway, LocalAI, Threat Analyst)

Updated:
- SCREENSHOTS.md: Expanded to 111 modules with all categories
- README.md: Added wiki links and module index

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-26 12:35:31 +01:00
parent 54f7b4bc64
commit 01246a693d
14 changed files with 3820 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
docs/README.md
View File

@ -1,107 +1,183 @@
# SecuBox OpenWrt Documentation
Welcome to the SecuBox OpenWrt documentation. This directory contains comprehensive documentation for the SecuBox mesh network appliance running on OpenWrt 24.10.
Welcome to the **SecuBox** documentation. SecuBox is a privacy-focused mesh network appliance built on OpenWrt 24.10.
---
## Quick Links
| Document | Description |
|----------|-------------|
| [SCREENSHOTS.md](SCREENSHOTS.md) | Module screenshot gallery (CRT P31 theme) |
| [UI-GUIDE.md](UI-GUIDE.md) | UI/UX design guide and theme documentation |
| [MODULES.md](MODULES.md) | Complete module catalog with descriptions |
| [Wiki Home](wiki/Home.md) | Main wiki with module navigation |
| [Installation](wiki/Installation.md) | Getting started guide |
| [Quick Start](wiki/Quick-Start.md) | First-time setup |
| [Architecture](wiki/Architecture.md) | System architecture overview |
| [Module Catalog](wiki/Modules.md) | Complete list of 80+ modules |
---
## Documentation Index
### User Guides
| Guide | Description |
|-------|-------------|
| [SCREENSHOTS.md](SCREENSHOTS.md) | Module screenshot gallery (111 modules) |
| [UI-GUIDE.md](UI-GUIDE.md) | CRT P31 theme design guide |
| [MODULES.md](MODULES.md) | Package catalog with versions |
| [API.md](API.md) | RPCD/ubus API reference |
### Module Documentation
| Category | Wiki Page | Modules |
|----------|-----------|---------|
| Security | [wiki/modules/Security.md](wiki/modules/Security.md) | 15 modules |
| Network | [wiki/modules/Network.md](wiki/modules/Network.md) | 12 modules |
| Monitoring | [wiki/modules/Monitoring.md](wiki/modules/Monitoring.md) | 10 modules |
| VPN & Mesh | [wiki/modules/Mesh.md](wiki/modules/Mesh.md) | 7 modules |
| DNS | [wiki/modules/DNS.md](wiki/modules/DNS.md) | 6 modules |
| Apps | [wiki/modules/Apps.md](wiki/modules/Apps.md) | 20 modules |
| System | [wiki/modules/System.md](wiki/modules/System.md) | 14 modules |
| AI | [wiki/modules/AI.md](wiki/modules/AI.md) | 8 modules |
### Development
| Document | Description |
|----------|-------------|
| [development-guidelines.md](development-guidelines.md) | Coding standards |
| [module-implementation-guide.md](module-implementation-guide.md) | Creating new modules |
| [luci-development-reference.md](luci-development-reference.md) | LuCI JavaScript guide |
| [validation-guide.md](validation-guide.md) | Testing and validation |
---
## Project Overview
**SecuBox** is a privacy-focused mesh network appliance built on OpenWrt. It provides:
**SecuBox** provides:
- 🛡️ **Security**: CrowdSec IDS/IPS, WAF with mitmproxy, network isolation
- 🌐 **Mesh Networking**: WireGuard VPN, P2P gossip protocol, automatic peer discovery
- 🤖 **AI Integration**: Local AI with LocalAI/Ollama, sovereign data classification
- 📡 **Privacy**: Tor integration, anonymous service exposure, ZKP verification
- 🎨 **Modern UI**: LuCI-based dashboard with CRT P31 phosphor green terminal theme
- **Security**: CrowdSec IDS/IPS, WAF with mitmproxy, network isolation
- **Mesh Networking**: WireGuard VPN, P2P gossip protocol, automatic peer discovery
- **AI Integration**: Local AI with LocalAI/Ollama, sovereign data classification
- **Privacy**: Tor integration, anonymous service exposure, ZKP verification
- **Modern UI**: LuCI-based dashboard with CRT P31 phosphor green terminal theme
## Screenshots Directory
### Module Statistics
Screenshots are organized by platform:
| Category | Count |
|----------|-------|
| LuCI Apps | 80+ |
| Backend Packages | 40+ |
| Service Apps | 20+ |
| **Total** | **140+** |
---
## Directory Structure
```
docs/
├── README.md # This file
├── SCREENSHOTS.md # Screenshot gallery (111 modules)
├── MODULES.md # Package catalog
├── API.md # API reference
├── UI-GUIDE.md # Theme documentation
├── screenshots/
│ └── router/ # MochaBin/ARM64 router screenshots
└── wiki/ # Multilingual documentation
│ └── router/ # OpenWrt router screenshots
└── wiki/
├── Home.md # Wiki home
├── Installation.md # Installation guide
├── Quick-Start.md # Quick start
├── Architecture.md # Architecture overview
├── Modules.md # Module catalog
└── modules/
├── Security.md # Security modules
├── Network.md # Network modules
├── Mesh.md # VPN & Mesh modules
├── DNS.md # DNS modules
├── Apps.md # Application modules
├── System.md # System modules
└── AI.md # AI modules
```
---
## Theme: CRT P31 Phosphor Green
The SecuBox UI uses a retro CRT terminal aesthetic:
SecuBox uses a retro CRT terminal aesthetic:
- **Primary Color**: `#33ff66` (phosphor peak green)
- **Background**: `#050803` (deep tube black)
- **Font**: Monospace (Courier Prime, IBM Plex Mono)
- **Effects**:
- Scanline overlay
- Phosphor glow on text
- Terminal boot sequence animation
| Element | Color |
|---------|-------|
| Primary | `#33ff66` (phosphor peak) |
| Background | `#050803` (tube black) |
| Font | Monospace (Courier Prime) |
| Effects | Scanlines, phosphor glow |
![Theme Preview](screenshots/router/portal.png)
## Module Categories
See [UI-GUIDE.md](UI-GUIDE.md) for full theme documentation.
### Core
- `secubox-core` - Base configuration and utilities
- `secubox-mesh` - Mesh daemon with topology management
- `secubox-identity` - DID generation and trust scoring
- `secubox-p2p` - P2P gossip protocol
---
### Security (12 modules)
- CrowdSec Dashboard, WAF Filters, MITM Proxy
- DNS Guard, Vortex DNS Firewall
- Auth/Client/MAC Guardian, ZKP verification
## CLI Quick Reference
### Network (8 modules)
- Network Modes, Bandwidth Manager, Traffic Shaper
- HAProxy, Virtual Hosts, CDN Cache
```bash
# System
secubox status # System status
secubox version # Version info
### Monitoring (6 modules)
- Netdata integration, DPI (netifyd)
- Device Intel, Media Flow, Watchdog, LAN Flows
# Mesh
secuboxctl status # Mesh status
secuboxctl peers # List peers
### Publishing (4 modules)
- Metablogizer, Droplet, Streamlit Forge, Metacatalog
# Security
cscli decisions list # CrowdSec bans
cscli alerts list # Recent alerts
### AI (4 modules)
- AI Gateway (data sovereignty), AI Insights
- LocalAI, Ollama integration
# Network
haproxyctl vhost list # List vhosts
wgctl status # WireGuard status
## API Reference
# AI
aigatewayctl status # AI Gateway status
```
---
## API Usage
All LuCI modules expose RPCD/ubus APIs:
```bash
# List available methods
# List methods
ubus list | grep luci.secubox
# Call a method
# Call method
ubus call luci.secubox-mesh status
# Example: Get mesh topology
ubus call luci.secubox-mesh topology
# With parameters
ubus call luci.secubox-mesh scan_full '{}'
```
See [API.md](API.md) for complete method documentation.
See [API.md](API.md) for complete documentation.
---
## Development
### Quick Deploy (without rebuild)
### Quick Deploy
```bash
# Deploy JS views
scp htdocs/luci-static/resources/view/secubox/*.js root@192.168.255.1:/www/luci-static/resources/view/secubox/
scp htdocs/luci-static/resources/view/secubox/*.js \
root@192.168.255.1:/www/luci-static/resources/view/secubox/
# Deploy RPCD handler
scp root/usr/libexec/rpcd/<handler> root@192.168.255.1:/usr/libexec/rpcd/
scp root/usr/libexec/rpcd/<handler> \
root@192.168.255.1:/usr/libexec/rpcd/
ssh root@192.168.255.1 '/etc/init.d/rpcd restart'
# Clear caches
ssh root@192.168.255.1 'rm -rf /tmp/luci-*'
```
### Build Package
@ -114,6 +190,8 @@ rsync -av --delete package/secubox/<pkg>/ secubox-tools/local-feed/<pkg>/
./secubox-tools/local-build.sh build <pkg>
```
---
## Support
- **Repository**: [github.com/gkerma/secubox-openwrt](https://github.com/gkerma/secubox-openwrt)
@ -122,4 +200,4 @@ rsync -av --delete package/secubox/<pkg>/ secubox-tools/local-feed/<pkg>/
---
*SecuBox v1.0.0 | CyberMind 2026*
*SecuBox v1.0.0 | CyberMind 2026*

343
docs/SCREENSHOTS.md
View File

@ -1,131 +1,231 @@
# SecuBox Module Screenshots - OpenWrt Router
# SecuBox Module Screenshots
*Generated: 2026-03-26*
**Host:** https://192.168.255.1 (C3BOX)
**Theme:** CRT P31 Phosphor Green Terminal
**Platform:** OpenWrt 24.10 / MochaBin ARM64
**Total Modules:** 80+ LuCI apps
---
## Module Gallery
## Core & Dashboard
### Dashboard
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| System Hub | ![](screenshots/router/hub.png) | `luci-app-system-hub` | Pending |
| SecuBox Portal | ![](screenshots/router/portal.png) | `luci-app-secubox-portal` | Pending |
| Metrics Dashboard | ![](screenshots/router/metrics.png) | `luci-app-metrics-dashboard` | Pending |
| SecuBox Admin | ![](screenshots/router/admin.png) | `luci-app-secubox-admin` | Pending |
| Dev Status | ![](screenshots/router/devstatus.png) | `secubox-dev-status` | Pending |
| Login Screen | ![](screenshots/router/login.png) | `luci-theme-secubox` | Pending |
| Module | Screenshot | Status |
|--------|------------|--------|
| 🏠 **System Hub** | ![System Hub](screenshots/router/hub.png) | ⏳ Pending |
| 📊 **Metrics Dashboard** | ![Metrics](screenshots/router/metrics.png) | ⏳ Pending |
| 🎯 **Portal** | ![Portal](screenshots/router/portal.png) | ⏳ Pending |
| 📋 **Dev Status** | ![Dev Status](screenshots/router/devstatus.png) | ⏳ Pending |
---
### Security
## Security (15 modules)
| Module | Screenshot | Status |
|--------|------------|--------|
| 🛡️ **CrowdSec Dashboard** | ![CrowdSec](screenshots/router/crowdsec.png) | ⏳ Pending |
| 🔥 **WAF Filters** | ![WAF](screenshots/router/waf.png) | ⏳ Pending |
| 🔍 **MITM Proxy** | ![Mitmproxy](screenshots/router/mitmproxy.png) | ⏳ Pending |
| 🚨 **Security Threats** | ![Threats](screenshots/router/threats.png) | ⏳ Pending |
| 🔒 **Threat Analyst** | ![Threat Analyst](screenshots/router/threat-analyst.png) | ⏳ Pending |
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| CrowdSec Dashboard | ![](screenshots/router/crowdsec.png) | `luci-app-crowdsec-dashboard` | Pending |
| WAF Filters | ![](screenshots/router/waf.png) | `luci-app-mitmproxy` | Pending |
| Security Threats | ![](screenshots/router/threats.png) | `luci-app-secubox-security-threats` | Pending |
| Threat Analyst | ![](screenshots/router/threat-analyst.png) | `luci-app-threat-analyst` | Pending |
| DNS Guard | ![](screenshots/router/dnsguard.png) | `luci-app-dnsguard` | Pending |
| Auth Guardian | ![](screenshots/router/auth.png) | `luci-app-auth-guardian` | Pending |
| Client Guardian | ![](screenshots/router/clients.png) | `luci-app-client-guardian` | Pending |
| MAC Guardian | ![](screenshots/router/mac.png) | `luci-app-mac-guardian` | Pending |
| IoT Guard | ![](screenshots/router/iot.png) | `luci-app-iot-guard` | Pending |
| IP Blocklist | ![](screenshots/router/ipblocklist.png) | `luci-app-ipblocklist` | Pending |
| ZKP Verification | ![](screenshots/router/zkp.png) | `luci-app-zkp` | Pending |
| CVE Triage | ![](screenshots/router/cve.png) | `luci-app-cve-triage` | Pending |
| Cookie Tracker | ![](screenshots/router/cookies.png) | `luci-app-cookie-tracker` | Pending |
| Avatar Tap | ![](screenshots/router/avatar-tap.png) | `luci-app-avatar-tap` | Pending |
| Interceptor | ![](screenshots/router/interceptor.png) | `luci-app-interceptor` | Pending |
### Network
---
| Module | Screenshot | Status |
|--------|------------|--------|
| 🌐 **Network Modes** | ![Network Modes](screenshots/router/netmodes.png) | ⏳ Pending |
| 📈 **Bandwidth Manager** | ![Bandwidth](screenshots/router/bandwidth.png) | ⏳ Pending |
| 📊 **Traffic Shaper** | ![Traffic](screenshots/router/traffic.png) | ⏳ Pending |
| ⚡ **HAProxy** | ![HAProxy](screenshots/router/haproxy.png) | ⏳ Pending |
| 🏗️ **Virtual Hosts** | ![Vhosts](screenshots/router/vhost.png) | ⏳ Pending |
| 🚀 **CDN Cache** | ![CDN](screenshots/router/cdn.png) | ⏳ Pending |
## Network (12 modules)
### Monitoring
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Network Modes | ![](screenshots/router/netmodes.png) | `luci-app-network-modes` | Pending |
| Bandwidth Manager | ![](screenshots/router/bandwidth.png) | `luci-app-bandwidth-manager` | Pending |
| Traffic Shaper | ![](screenshots/router/traffic.png) | `luci-app-traffic-shaper` | Pending |
| HAProxy | ![](screenshots/router/haproxy.png) | `luci-app-haproxy` | Pending |
| Virtual Hosts | ![](screenshots/router/vhost.png) | `luci-app-vhost-manager` | Pending |
| CDN Cache | ![](screenshots/router/cdn.png) | `luci-app-cdn-cache` | Pending |
| Network Tweaks | ![](screenshots/router/tweaks.png) | `luci-app-network-tweaks` | Pending |
| Routes Status | ![](screenshots/router/routes.png) | `luci-app-routes-status` | Pending |
| SAAS Relay | ![](screenshots/router/saas.png) | `luci-app-saas-relay` | Pending |
| Network Diag | ![](screenshots/router/netdiag.png) | `luci-app-secubox-netdiag` | Pending |
| MQTT Bridge | ![](screenshots/router/mqtt.png) | `luci-app-mqtt-bridge` | Pending |
| KSM Manager | ![](screenshots/router/ksm.png) | `luci-app-ksm-manager` | Pending |
| Module | Screenshot | Status |
|--------|------------|--------|
| 📊 **Netdata** | ![Netdata](screenshots/router/netdata.png) | ⏳ Pending |
| 🔬 **DPI (netifyd)** | ![DPI](screenshots/router/dpi.png) | ⏳ Pending |
| 📱 **Device Intel** | ![Device Intel](screenshots/router/device-intel.png) | ⏳ Pending |
| 🎬 **Media Flow** | ![Media Flow](screenshots/router/mediaflow.png) | ⏳ Pending |
| 👁️ **Watchdog** | ![Watchdog](screenshots/router/watchdog.png) | ⏳ Pending |
| 📡 **LAN Flows** | ![LAN Flows](screenshots/router/lan-flows.png) | ⏳ Pending |
---
### VPN & Mesh
## Monitoring (10 modules)
| Module | Screenshot | Status |
|--------|------------|--------|
| 🔐 **WireGuard** | ![WireGuard](screenshots/router/wireguard.png) | ⏳ Pending |
| 🌐 **Mesh Network** | ![Mesh](screenshots/router/mesh.png) | ⏳ Pending |
| 🤝 **P2P Network** | ![P2P](screenshots/router/p2p.png) | ⏳ Pending |
| 🪞 **Mirror** | ![Mirror](screenshots/router/mirror.png) | ⏳ Pending |
| 🔗 **Master Link** | ![Master Link](screenshots/router/master-link.png) | ⏳ Pending |
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Netdata | ![](screenshots/router/netdata.png) | `luci-app-netdata-dashboard` | Pending |
| DPI (netifyd) | ![](screenshots/router/dpi.png) | `luci-app-secubox-netifyd` | Pending |
| DPI Dual Stream | ![](screenshots/router/dpi-dual.png) | `luci-app-dpi-dual` | Pending |
| Device Intel | ![](screenshots/router/device-intel.png) | `luci-app-device-intel` | Pending |
| Media Flow | ![](screenshots/router/mediaflow.png) | `luci-app-media-flow` | Pending |
| Watchdog | ![](screenshots/router/watchdog.png) | `luci-app-watchdog` | Pending |
| Glances | ![](screenshots/router/glances.png) | `luci-app-glances` | Pending |
| Network Anomaly | ![](screenshots/router/anomaly.png) | `luci-app-network-anomaly` | Pending |
| nDPId | ![](screenshots/router/ndpid.png) | `luci-app-ndpid` | Pending |
| LAN Flows | ![](screenshots/router/lan-flows.png) | `luci-app-dpi-dual` | Pending |
### DNS
---
| Module | Screenshot | Status |
|--------|------------|--------|
| 🌍 **DNS Master** | ![DNS Master](screenshots/router/dns.png) | ⏳ Pending |
| 🛡️ **DNS Guard** | ![DNS Guard](screenshots/router/dnsguard.png) | ⏳ Pending |
| 🔥 **Vortex DNS** | ![Vortex DNS](screenshots/router/vortex-dns.png) | ⏳ Pending |
| 📡 **Meshname DNS** | ![Meshname](screenshots/router/meshname.png) | ⏳ Pending |
| 🔑 **DNS Provider** | ![DNS Provider](screenshots/router/dns-provider.png) | ⏳ Pending |
## VPN & Mesh (7 modules)
### Privacy
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| WireGuard Dashboard | ![](screenshots/router/wireguard.png) | `luci-app-wireguard-dashboard` | Pending |
| Mesh Network | ![](screenshots/router/mesh.png) | `luci-app-secubox-mesh` | Pending |
| P2P Network | ![](screenshots/router/p2p.png) | `luci-app-secubox-p2p` | Pending |
| MirrorNet | ![](screenshots/router/mirror.png) | `luci-app-secubox-mirror` | Pending |
| Master Link | ![](screenshots/router/master-link.png) | `luci-app-master-link` | Pending |
| OpenClaw | ![](screenshots/router/openclaw.png) | `luci-app-openclaw` | Pending |
| TURN Server | ![](screenshots/router/turn.png) | `luci-app-turn` | Pending |
| Module | Screenshot | Status |
|--------|------------|--------|
| 🧅 **Tor Shield** | ![Tor](screenshots/router/tor.png) | ⏳ Pending |
| 🌐 **Exposure** | ![Exposure](screenshots/router/exposure.png) | ⏳ Pending |
| 🔐 **ZKP** | ![ZKP](screenshots/router/zkp.png) | ⏳ Pending |
---
### Access Control
## DNS (6 modules)
| Module | Screenshot | Status |
|--------|------------|--------|
| 🔐 **Auth Guardian** | ![Auth](screenshots/router/auth.png) | ⏳ Pending |
| 👥 **Client Guardian** | ![Clients](screenshots/router/clients.png) | ⏳ Pending |
| 🖥️ **MAC Guardian** | ![MAC](screenshots/router/mac.png) | ⏳ Pending |
| 👤 **User Management** | ![Users](screenshots/router/users.png) | ⏳ Pending |
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| DNS Master | ![](screenshots/router/dns.png) | `luci-app-dns-master` | Pending |
| DNS Guard | ![](screenshots/router/dnsguard.png) | `luci-app-dnsguard` | Pending |
| Vortex DNS | ![](screenshots/router/vortex-dns.png) | `luci-app-vortex-dns` | Pending |
| Meshname DNS | ![](screenshots/router/meshname.png) | `luci-app-meshname-dns` | Pending |
| DNS Provider | ![](screenshots/router/dns-provider.png) | `luci-app-dns-provider` | Pending |
| AdGuard Home | ![](screenshots/router/adguard.png) | `secubox-app-adguardhome` | Pending |
### Publishing
---
| Module | Screenshot | Status |
|--------|------------|--------|
| 📝 **Metablogizer** | ![Metablogizer](screenshots/router/metablogizer.png) | ⏳ Pending |
| 💧 **Droplet** | ![Droplet](screenshots/router/droplet.png) | ⏳ Pending |
| 🎨 **Streamlit Forge** | ![Streamlit Forge](screenshots/router/streamforge.png) | ⏳ Pending |
| 📚 **Metacatalog** | ![Metacatalog](screenshots/router/metacatalog.png) | ⏳ Pending |
## Privacy (4 modules)
### Apps & Services
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Tor Shield | ![](screenshots/router/tor.png) | `luci-app-tor-shield` | Pending |
| Tor Services | ![](screenshots/router/tor-services.png) | `luci-app-tor` | Pending |
| Exposure | ![](screenshots/router/exposure.png) | `luci-app-exposure` | Pending |
| Interceptor | ![](screenshots/router/interceptor.png) | `luci-app-interceptor` | Pending |
| Module | Screenshot | Status |
|--------|------------|--------|
| 📦 **App Store** | ![Apps](screenshots/router/apps.png) | ⏳ Pending |
| 🎥 **Jellyfin** | ![Jellyfin](screenshots/router/jellyfin.png) | ⏳ Pending |
| 🎵 **Lyrion** | ![Lyrion](screenshots/router/lyrion.png) | ⏳ Pending |
| 💻 **Gitea** | ![Gitea](screenshots/router/gitea.png) | ⏳ Pending |
| ☁️ **Nextcloud** | ![Nextcloud](screenshots/router/nextcloud.png) | ⏳ Pending |
| 📺 **PeerTube** | ![PeerTube](screenshots/router/peertube.png) | ⏳ Pending |
---
### System
## Publishing (8 modules)
| Module | Screenshot | Status |
|--------|------------|--------|
| ⚙️ **SecuBox Settings** | ![Settings](screenshots/router/settings.png) | ⏳ Pending |
| 💾 **Config Vault** | ![Config Vault](screenshots/router/config-vault.png) | ⏳ Pending |
| 📧 **SMTP Relay** | ![SMTP](screenshots/router/smtp.png) | ⏳ Pending |
| 📊 **Reporter** | ![Reporter](screenshots/router/reporter.png) | ⏳ Pending |
| 🖥️ **RTTY Remote** | ![RTTY](screenshots/router/rtty.png) | ⏳ Pending |
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Metablogizer | ![](screenshots/router/metablogizer.png) | `luci-app-metablogizer` | Pending |
| Droplet | ![](screenshots/router/droplet.png) | `luci-app-droplet` | Pending |
| Streamlit Forge | ![](screenshots/router/streamforge.png) | `luci-app-streamlit-forge` | Pending |
| Streamlit | ![](screenshots/router/streamlit.png) | `luci-app-streamlit` | Pending |
| Metacatalog | ![](screenshots/router/metacatalog.png) | `luci-app-metacatalog` | Pending |
| HexoJS | ![](screenshots/router/hexo.png) | `luci-app-hexojs` | Pending |
| Metabolizer | ![](screenshots/router/metabolizer.png) | `luci-app-metabolizer` | Pending |
| Repo | ![](screenshots/router/repo.png) | `luci-app-repo` | Pending |
### AI Features
---
| Module | Screenshot | Status |
|--------|------------|--------|
| 🤖 **AI Gateway** | ![AI Gateway](screenshots/router/ai-gateway.png) | ⏳ Pending |
| 💡 **AI Insights** | ![AI Insights](screenshots/router/ai-insights.png) | ⏳ Pending |
| 🧠 **LocalAI** | ![LocalAI](screenshots/router/localai.png) | ⏳ Pending |
| 🦙 **Ollama** | ![Ollama](screenshots/router/ollama.png) | ⏳ Pending |
## Applications (20 modules)
### Media
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Jellyfin | ![](screenshots/router/jellyfin.png) | `luci-app-jellyfin` | Pending |
| Lyrion | ![](screenshots/router/lyrion.png) | `luci-app-lyrion` | Pending |
| PhotoPrism | ![](screenshots/router/photoprism.png) | `luci-app-photoprism` | Pending |
| PeerTube | ![](screenshots/router/peertube.png) | `luci-app-peertube` | Pending |
| Webradio | ![](screenshots/router/webradio.png) | `luci-app-webradio` | Pending |
| Media Hub | ![](screenshots/router/mediahub.png) | `luci-app-media-hub` | Pending |
### Collaboration
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Nextcloud | ![](screenshots/router/nextcloud.png) | `luci-app-nextcloud` | Pending |
| Gitea | ![](screenshots/router/gitea.png) | `luci-app-gitea` | Pending |
| Jitsi | ![](screenshots/router/jitsi.png) | `luci-app-jitsi` | Pending |
### Communication
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Matrix | ![](screenshots/router/matrix.png) | `luci-app-matrix` | Pending |
| Jabber | ![](screenshots/router/jabber.png) | `luci-app-jabber` | Pending |
| SimpleX | ![](screenshots/router/simplex.png) | `luci-app-simplex` | Pending |
| VoIP | ![](screenshots/router/voip.png) | `luci-app-voip` | Pending |
### Social
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| GoToSocial | ![](screenshots/router/gotosocial.png) | `luci-app-gotosocial` | Pending |
### IoT
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Domoticz | ![](screenshots/router/domoticz.png) | `luci-app-domoticz` | Pending |
| Zigbee2MQTT | ![](screenshots/router/zigbee.png) | `luci-app-zigbee2mqtt` | Pending |
| MagicMirror | ![](screenshots/router/magicmirror.png) | `luci-app-magicmirror2` | Pending |
### Utilities
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| Mailserver | ![](screenshots/router/mailserver.png) | `luci-app-mailserver` | Pending |
| Torrent | ![](screenshots/router/torrent.png) | `luci-app-torrent` | Pending |
| Newsbin | ![](screenshots/router/newsbin.png) | `luci-app-newsbin` | Pending |
| PicoBrew | ![](screenshots/router/picobrew.png) | `luci-app-picobrew` | Pending |
---
## System (14 modules)
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| SecuBox Settings | ![](screenshots/router/settings.png) | `luci-app-secubox` | Pending |
| Config Vault | ![](screenshots/router/config-vault.png) | `luci-app-config-vault` | Pending |
| Config Advisor | ![](screenshots/router/config-advisor.png) | `luci-app-config-advisor` | Pending |
| SMTP Relay | ![](screenshots/router/smtp.png) | `luci-app-smtp-relay` | Pending |
| Reporter | ![](screenshots/router/reporter.png) | `luci-app-reporter` | Pending |
| RTTY Remote | ![](screenshots/router/rtty.png) | `luci-app-rtty-remote` | Pending |
| Backup | ![](screenshots/router/backup.png) | `luci-app-backup` | Pending |
| Cloner | ![](screenshots/router/cloner.png) | `luci-app-cloner` | Pending |
| Users | ![](screenshots/router/users.png) | `luci-app-secubox-users` | Pending |
| Cyberfeed | ![](screenshots/router/cyberfeed.png) | `luci-app-cyberfeed` | Pending |
| RezApp | ![](screenshots/router/rezapp.png) | `luci-app-rezapp` | Pending |
---
## AI Features (8 modules)
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| AI Gateway | ![](screenshots/router/ai-gateway.png) | `luci-app-ai-gateway` | Pending |
| AI Insights | ![](screenshots/router/ai-insights.png) | `luci-app-ai-insights` | Pending |
| LocalAI | ![](screenshots/router/localai.png) | `luci-app-localai` | Pending |
| Ollama | ![](screenshots/router/ollama.png) | `luci-app-ollama` | Pending |
| LocalRecall | ![](screenshots/router/localrecall.png) | `luci-app-localrecall` | Pending |
| Threat Analyst | ![](screenshots/router/threat-analyst.png) | `luci-app-threat-analyst` | Pending |
| CVE Triage | ![](screenshots/router/cve.png) | `luci-app-cve-triage` | Pending |
| Network Anomaly | ![](screenshots/router/anomaly.png) | `luci-app-network-anomaly` | Pending |
---
## Theme
| Module | Screenshot | Package | Status |
|--------|------------|---------|--------|
| CRT P31 Theme | ![](screenshots/router/theme.png) | `luci-theme-secubox` | Pending |
---
@ -137,23 +237,54 @@ To capture screenshots for this documentation:
# From development machine with browser access
cd docs/screenshots/router/
# Use browser screenshot tool or:
# Browser screenshot tools:
# - Firefox: Ctrl+Shift+S (area select)
# - Chrome: DevTools → Capture screenshot
# - CLI: chromium --headless --screenshot=hub.png https://192.168.255.1/cgi-bin/luci/admin/secubox/hub
# - Chrome: DevTools (F12) → More tools → Capture screenshot
# - CLI headless:
chromium --headless --screenshot=hub.png \
--window-size=1920,1080 \
https://192.168.255.1/cgi-bin/luci/admin/secubox/hub
# Recommended dimensions: 1280x800 or 1920x1080
# Format: PNG with transparency disabled
# Recommended dimensions: 1920x1080 or 1280x800
# Format: PNG
```
## Theme Information
All screenshots should use the **CRT P31 Phosphor Green** theme:
- Primary: `#33ff66` (phosphor peak)
- Background: `#050803` (tube black)
- Font: Monospace (Courier Prime, IBM Plex Mono)
- Effects: Scanlines overlay, phosphor glow
All screenshots use the **CRT P31 Phosphor Green** theme:
| Element | Color |
|---------|-------|
| Primary (phosphor peak) | `#33ff66` |
| Secondary (phosphor hot) | `#66ffaa` |
| Tertiary (phosphor mid) | `#22cc44` |
| Background (tube black) | `#050803` |
| Surface | `#080d05` |
| Warning (phosphor decay) | `#ffb347` |
| Error | `#ff6b6b` |
**Font:** Monospace (Courier Prime, IBM Plex Mono, Fira Code)
**Effects:** Scanlines overlay, phosphor glow, CRT curve
---
*Total modules: 50+ | Screenshots pending: All*
## Screenshot Checklist
- [ ] Core & Dashboard (6)
- [ ] Security (15)
- [ ] Network (12)
- [ ] Monitoring (10)
- [ ] VPN & Mesh (7)
- [ ] DNS (6)
- [ ] Privacy (4)
- [ ] Publishing (8)
- [ ] Applications (20)
- [ ] System (14)
- [ ] AI Features (8)
- [ ] Theme (1)
**Total: 111 screenshots pending**
---
*SecuBox v1.0.0 | CyberMind 2026*

221
docs/wiki/Architecture.md Normal file
View File

@ -0,0 +1,221 @@
# SecuBox Architecture
SecuBox is built on a 4-layer architecture designed for privacy, security, and decentralization.
---
## The 4 Layers (Les 4 Couches)
```
+--------------------------------------------------+
| Layer 4: Roadmap & Governance |
| Version milestones, certifications |
+--------------------------------------------------+
| Layer 3: MirrorNetworking |
| P2P gossip, mesh orchestration, CDN |
+--------------------------------------------------+
| Layer 2: AI Gateway |
| Data sovereignty, local inference, routing |
+--------------------------------------------------+
| Layer 1: Core Mesh |
| OpenWrt, WireGuard, CrowdSec, HAProxy |
+--------------------------------------------------+
```
---
## Layer 1: Core Mesh
The foundation layer running on OpenWrt 24.10.
### Components
| Component | Purpose |
|-----------|---------|
| **OpenWrt** | Base operating system |
| **WireGuard** | VPN tunnels for mesh |
| **CrowdSec** | IDS/IPS with threat intel |
| **HAProxy** | Reverse proxy, SSL termination |
| **mitmproxy** | WAF, TLS inspection |
| **dnsmasq** | DNS and DHCP |
| **LXC** | Container runtime |
### Mesh Daemon (`secuboxd`)
The mesh daemon handles:
- Peer discovery via mDNS (`_secubox._udp.local`)
- Topology management
- Gate election (weighted scoring)
- Cross-node telemetry
```
secubox-mesh/
├── secuboxd # Main daemon
├── secuboxctl # CLI interface
└── lib/
├── topology.sh # Topology management
├── discovery.sh # Peer discovery
├── election.sh # Gate election
└── telemetry.sh # Metrics collection
```
---
## Layer 2: AI Gateway
Data sovereignty engine for AI operations.
### Data Classification
| Tier | Description | Destination |
|------|-------------|-------------|
| **LOCAL_ONLY** | Raw network data, IPs, MACs | Never leaves device |
| **SANITIZED** | Anonymized patterns | Mistral EU (opt-in) |
| **CLOUD_DIRECT** | Generic queries | Claude/GPT (opt-in) |
### Provider Routing
Priority order for AI requests:
1. LocalAI (local inference)
2. Mistral (EU sovereign)
3. Claude
4. OpenAI GPT
5. Gemini
6. xAI
### AI Agents
| Agent | Function |
|-------|----------|
| Threat Analyst | CrowdSec alert analysis |
| DNS Guard | DNS anomaly detection |
| CVE Triage | Vulnerability prioritization |
| Network Anomaly | Traffic pattern analysis |
| Config Advisor | ANSSI compliance |
---
## Layer 3: MirrorNetworking
Decentralized mesh orchestration.
### Dual Transport
| Tier | Protocol | Purpose |
|------|----------|---------|
| Tier 1 | WireGuard | Known peers, trusted mesh |
| Tier 2 | Yggdrasil | Discovery, extended mesh |
### Gossip Protocol
Services synchronized across the mesh:
- **Threat Intel**: IoC signed gossip
- **Service Registry**: Published services
- **Configuration**: Distributed config sync
- **AI Inference**: Distributed model queries
### Punk Exposure Model
Three-verb service exposure:
1. **Peek**: Discover and scan services
2. **Poke**: Configure exposure channels
3. **Emancipate**: Activate exposure
Channels:
- **Tor**: `.onion` hidden services
- **DNS/SSL**: HTTPS via HAProxy + ACME
- **Mesh**: P2P service registry
---
## Layer 4: Roadmap
Version governance and certifications.
### Milestones
| Version | Status | Features |
|---------|--------|----------|
| v0.18 | Done | MirrorBox Core |
| v0.19 | Done | AI Expansion |
| v1.0 | Done | Full Stack |
| v1.1 | Done | Extended Mesh |
### Target Certifications
- **ANSSI CSPN**: French security certification
- **CE**: European conformity
- **GDPR**: Data protection compliance
- **NIS2**: Network security directive
---
## Network Architecture
```
Internet
┌──────────────┐
│ HAProxy │ ◄── SSL termination, routing
│ (LXC) │
└──────┬───────┘
┌──────────────┐
│ mitmproxy │ ◄── WAF, TLS inspection
│ (LXC) │
└──────┬───────┘
┌──────────────┐
│ CrowdSec │ ◄── IDS/IPS
│ (host) │
└──────┬───────┘
┌──────────────┐
│ Services │ ◄── Jellyfin, Nextcloud, etc.
│ (LXC) │
└──────────────┘
```
---
## Directory Structure
```
package/secubox/
├── secubox-core/ # Base utilities
├── secubox-mesh/ # Mesh daemon
├── secubox-p2p/ # P2P protocol
├── secubox-identity/ # DID/trust
├── secubox-ai-gateway/ # AI routing
├── luci-app-*/ # LuCI modules (80+)
├── luci-theme-secubox/ # CRT P31 theme
└── secubox-app-*/ # Service packages
```
---
## Key Configuration Files
| File | Purpose |
|------|---------|
| `/etc/config/secubox` | Main SecuBox config |
| `/etc/config/secubox-mesh` | Mesh settings |
| `/etc/config/wireguard_*` | VPN tunnels |
| `/etc/config/crowdsec` | IDS/IPS config |
| `/etc/config/haproxy` | Reverse proxy |
---
See also:
- [Module Implementation Guide](Module-Implementation.md)
- [API Reference](API.md)
- [Development Guidelines](Development.md)
---
*SecuBox v1.0.0*

207
docs/wiki/Home.md Normal file
View File

@ -0,0 +1,207 @@
# SecuBox OpenWrt Wiki
Welcome to the **SecuBox** documentation wiki. SecuBox is a privacy-focused mesh network appliance built on OpenWrt 24.10.
---
## Quick Start
| Topic | Description |
|-------|-------------|
| [Installation](Installation.md) | Getting started with SecuBox |
| [Quick Start Guide](Quick-Start.md) | First-time setup and configuration |
| [Architecture](Architecture.md) | System architecture overview |
| [Module Catalog](Modules.md) | Complete list of 80+ modules |
---
## Module Categories
### Core & Mesh
| Module | Description | Screenshot |
|--------|-------------|------------|
| [SecuBox Core](modules/Core.md) | Base utilities and shared libraries | ![](../screenshots/router/core.png) |
| [Mesh Network](modules/Mesh.md) | Mesh daemon, topology, gate election | ![](../screenshots/router/mesh.png) |
| [P2P Network](modules/P2P.md) | Decentralized gossip protocol | ![](../screenshots/router/p2p.png) |
| [MirrorNet](modules/MirrorNet.md) | Mesh orchestration and mirroring | ![](../screenshots/router/mirror.png) |
| [Identity](modules/Identity.md) | DID:plc, key rotation, trust scoring | ![](../screenshots/router/identity.png) |
### Security (15 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [CrowdSec Dashboard](modules/CrowdSec.md) | IDS/IPS with threat intelligence | ![](../screenshots/router/crowdsec.png) |
| [WAF Filters](modules/WAF.md) | mitmproxy Web Application Firewall | ![](../screenshots/router/waf.png) |
| [Threat Analyst](modules/ThreatAnalyst.md) | AI-powered threat correlation | ![](../screenshots/router/threat-analyst.png) |
| [DNS Guard](modules/DNSGuard.md) | DNS anomaly detection | ![](../screenshots/router/dnsguard.png) |
| [Auth Guardian](modules/AuthGuardian.md) | Authentication monitoring | ![](../screenshots/router/auth.png) |
| [Client Guardian](modules/ClientGuardian.md) | Client access control | ![](../screenshots/router/clients.png) |
| [MAC Guardian](modules/MACGuardian.md) | MAC address management | ![](../screenshots/router/mac.png) |
| [IoT Guard](modules/IoTGuard.md) | IoT device security | ![](../screenshots/router/iot.png) |
| [IP Blocklist](modules/IPBlocklist.md) | IP blocking and management | ![](../screenshots/router/ipblocklist.png) |
| [ZKP Verification](modules/ZKP.md) | Zero-knowledge proof | ![](../screenshots/router/zkp.png) |
| [CVE Triage](modules/CVETriage.md) | AI vulnerability analysis | ![](../screenshots/router/cve.png) |
| [Security Threats](modules/SecurityThreats.md) | Threat overview dashboard | ![](../screenshots/router/threats.png) |
| [Cookie Tracker](modules/CookieTracker.md) | Cookie analysis | ![](../screenshots/router/cookies.png) |
| [Avatar Tap](modules/AvatarTap.md) | Session capture and replay | ![](../screenshots/router/avatar-tap.png) |
| [Interceptor](modules/Interceptor.md) | Traffic interception control | ![](../screenshots/router/interceptor.png) |
### Network (12 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [Network Modes](modules/NetworkModes.md) | Router/AP/Bridge configuration | ![](../screenshots/router/netmodes.png) |
| [Bandwidth Manager](modules/Bandwidth.md) | Traffic monitoring and limits | ![](../screenshots/router/bandwidth.png) |
| [Traffic Shaper](modules/TrafficShaper.md) | QoS and traffic prioritization | ![](../screenshots/router/traffic.png) |
| [HAProxy](modules/HAProxy.md) | Load balancer and reverse proxy | ![](../screenshots/router/haproxy.png) |
| [Virtual Hosts](modules/VHosts.md) | Virtual host management | ![](../screenshots/router/vhost.png) |
| [CDN Cache](modules/CDNCache.md) | Content caching proxy | ![](../screenshots/router/cdn.png) |
| [Network Tweaks](modules/NetworkTweaks.md) | Advanced network settings | ![](../screenshots/router/tweaks.png) |
| [Routes Status](modules/RoutesStatus.md) | Route monitoring | ![](../screenshots/router/routes.png) |
| [SAAS Relay](modules/SAASRelay.md) | SaaS service relay | ![](../screenshots/router/saas.png) |
| [Network Diag](modules/NetDiag.md) | Network diagnostics | ![](../screenshots/router/netdiag.png) |
| [MQTT Bridge](modules/MQTTBridge.md) | MQTT protocol bridge | ![](../screenshots/router/mqtt.png) |
| [KSM Manager](modules/KSMManager.md) | Kernel shared memory | ![](../screenshots/router/ksm.png) |
### Monitoring (10 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [Metrics Dashboard](modules/Metrics.md) | System metrics overview | ![](../screenshots/router/metrics.png) |
| [Netdata](modules/Netdata.md) | Real-time system monitoring | ![](../screenshots/router/netdata.png) |
| [DPI (netifyd)](modules/DPI.md) | Deep packet inspection | ![](../screenshots/router/dpi.png) |
| [DPI Dual](modules/DPIDual.md) | Dual-stream DPI analysis | ![](../screenshots/router/dpi-dual.png) |
| [Device Intel](modules/DeviceIntel.md) | Device fingerprinting | ![](../screenshots/router/device-intel.png) |
| [Media Flow](modules/MediaFlow.md) | Media traffic analysis | ![](../screenshots/router/mediaflow.png) |
| [Watchdog](modules/Watchdog.md) | Service health monitoring | ![](../screenshots/router/watchdog.png) |
| [Glances](modules/Glances.md) | System overview | ![](../screenshots/router/glances.png) |
| [Network Anomaly](modules/NetworkAnomaly.md) | AI anomaly detection | ![](../screenshots/router/anomaly.png) |
| [nDPId](modules/nDPId.md) | nDPI daemon interface | ![](../screenshots/router/ndpid.png) |
### VPN & Mesh (6 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [WireGuard Dashboard](modules/WireGuard.md) | VPN tunnel management | ![](../screenshots/router/wireguard.png) |
| [Mesh Network](modules/Mesh.md) | SecuBox mesh daemon | ![](../screenshots/router/mesh.png) |
| [P2P Network](modules/P2P.md) | P2P gossip protocol | ![](../screenshots/router/p2p.png) |
| [MirrorNet](modules/MirrorNet.md) | Service mirroring | ![](../screenshots/router/mirror.png) |
| [Master Link](modules/MasterLink.md) | Node onboarding | ![](../screenshots/router/master-link.png) |
| [OpenClaw](modules/OpenClaw.md) | Claw VPN integration | ![](../screenshots/router/openclaw.png) |
### DNS (6 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [DNS Master](modules/DNSMaster.md) | DNS server management | ![](../screenshots/router/dns.png) |
| [DNS Guard](modules/DNSGuard.md) | DNS filtering and blocking | ![](../screenshots/router/dnsguard.png) |
| [Vortex DNS](modules/VortexDNS.md) | DNS firewall with threat intel | ![](../screenshots/router/vortex-dns.png) |
| [Meshname DNS](modules/MeshnameDNS.md) | Mesh DNS resolution (.ygg) | ![](../screenshots/router/meshname.png) |
| [DNS Provider](modules/DNSProvider.md) | External DNS API (OVH, Gandi) | ![](../screenshots/router/dns-provider.png) |
| [AdGuard Home](modules/AdGuard.md) | Ad blocking DNS | ![](../screenshots/router/adguard.png) |
### Privacy (4 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [Tor Shield](modules/TorShield.md) | Tor network integration | ![](../screenshots/router/tor.png) |
| [Exposure](modules/Exposure.md) | Service exposure (Tor/DNS/Mesh) | ![](../screenshots/router/exposure.png) |
| [ZKP](modules/ZKP.md) | Zero-knowledge proof verification | ![](../screenshots/router/zkp.png) |
| [Interceptor](modules/Interceptor.md) | Traffic interception control | ![](../screenshots/router/interceptor.png) |
### Publishing (8 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [Metablogizer](modules/Metablogizer.md) | Static site generator | ![](../screenshots/router/metablogizer.png) |
| [Droplet](modules/Droplet.md) | Quick web publishing | ![](../screenshots/router/droplet.png) |
| [Streamlit Forge](modules/StreamlitForge.md) | Streamlit app builder | ![](../screenshots/router/streamforge.png) |
| [Streamlit](modules/Streamlit.md) | Streamlit dashboard | ![](../screenshots/router/streamlit.png) |
| [Metacatalog](modules/Metacatalog.md) | Content catalog | ![](../screenshots/router/metacatalog.png) |
| [HexoJS](modules/HexoJS.md) | Hexo blog manager | ![](../screenshots/router/hexo.png) |
| [Metabolizer](modules/Metabolizer.md) | Content processor | ![](../screenshots/router/metabolizer.png) |
| [Repo](modules/Repo.md) | Package repository | ![](../screenshots/router/repo.png) |
### Apps & Services (20 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [Jellyfin](modules/Jellyfin.md) | Media server | ![](../screenshots/router/jellyfin.png) |
| [Lyrion](modules/Lyrion.md) | Music server | ![](../screenshots/router/lyrion.png) |
| [Gitea](modules/Gitea.md) | Git server | ![](../screenshots/router/gitea.png) |
| [Nextcloud](modules/Nextcloud.md) | Cloud storage | ![](../screenshots/router/nextcloud.png) |
| [PeerTube](modules/PeerTube.md) | Video platform | ![](../screenshots/router/peertube.png) |
| [PhotoPrism](modules/PhotoPrism.md) | Photo gallery | ![](../screenshots/router/photoprism.png) |
| [GoToSocial](modules/GoToSocial.md) | ActivityPub social | ![](../screenshots/router/gotosocial.png) |
| [Jitsi](modules/Jitsi.md) | Video conferencing | ![](../screenshots/router/jitsi.png) |
| [Matrix](modules/Matrix.md) | Matrix chat server | ![](../screenshots/router/matrix.png) |
| [Jabber](modules/Jabber.md) | XMPP server | ![](../screenshots/router/jabber.png) |
| [SimpleX](modules/SimpleX.md) | Private messaging | ![](../screenshots/router/simplex.png) |
| [VoIP](modules/VoIP.md) | Asterisk PBX | ![](../screenshots/router/voip.png) |
| [TURN](modules/TURN.md) | TURN/STUN server | ![](../screenshots/router/turn.png) |
| [Domoticz](modules/Domoticz.md) | Home automation | ![](../screenshots/router/domoticz.png) |
| [Zigbee2MQTT](modules/Zigbee.md) | Zigbee bridge | ![](../screenshots/router/zigbee.png) |
| [MagicMirror2](modules/MagicMirror.md) | Smart mirror | ![](../screenshots/router/magicmirror.png) |
| [Mailserver](modules/Mailserver.md) | Email server | ![](../screenshots/router/mailserver.png) |
| [Torrent](modules/Torrent.md) | BitTorrent client | ![](../screenshots/router/torrent.png) |
| [Webradio](modules/Webradio.md) | Internet radio | ![](../screenshots/router/webradio.png) |
| [PicoBrew](modules/PicoBrew.md) | Brewing controller | ![](../screenshots/router/picobrew.png) |
### System (12 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [SecuBox Settings](modules/SecuBox.md) | Main configuration | ![](../screenshots/router/settings.png) |
| [SecuBox Admin](modules/Admin.md) | Admin dashboard | ![](../screenshots/router/admin.png) |
| [System Hub](modules/SystemHub.md) | System overview | ![](../screenshots/router/hub.png) |
| [SecuBox Portal](modules/Portal.md) | User portal | ![](../screenshots/router/portal.png) |
| [Config Vault](modules/ConfigVault.md) | Git-based config backup | ![](../screenshots/router/config-vault.png) |
| [Config Advisor](modules/ConfigAdvisor.md) | ANSSI compliance | ![](../screenshots/router/config-advisor.png) |
| [SMTP Relay](modules/SMTPRelay.md) | Email relay settings | ![](../screenshots/router/smtp.png) |
| [Reporter](modules/Reporter.md) | Report generator | ![](../screenshots/router/reporter.png) |
| [RTTY Remote](modules/RTTY.md) | Remote terminal access | ![](../screenshots/router/rtty.png) |
| [Backup](modules/Backup.md) | System backup | ![](../screenshots/router/backup.png) |
| [Cloner](modules/Cloner.md) | Device cloning | ![](../screenshots/router/cloner.png) |
| [Users](modules/Users.md) | User management | ![](../screenshots/router/users.png) |
### AI Features (8 modules)
| Module | Description | Screenshot |
|--------|-------------|------------|
| [AI Gateway](modules/AIGateway.md) | AI provider routing | ![](../screenshots/router/ai-gateway.png) |
| [AI Insights](modules/AIInsights.md) | AI-powered insights | ![](../screenshots/router/ai-insights.png) |
| [LocalAI](modules/LocalAI.md) | Local LLM inference | ![](../screenshots/router/localai.png) |
| [Ollama](modules/Ollama.md) | Ollama LLM server | ![](../screenshots/router/ollama.png) |
| [LocalRecall](modules/LocalRecall.md) | AI memory system | ![](../screenshots/router/localrecall.png) |
| [Threat Analyst](modules/ThreatAnalyst.md) | AI threat analysis | ![](../screenshots/router/threat-analyst.png) |
| [CVE Triage](modules/CVETriage.md) | AI vulnerability triage | ![](../screenshots/router/cve.png) |
| [Network Anomaly](modules/NetworkAnomaly.md) | AI anomaly detection | ![](../screenshots/router/anomaly.png) |
---
## Development
| Document | Description |
|----------|-------------|
| [Development Guidelines](Development.md) | Coding standards and practices |
| [Module Implementation](Module-Implementation.md) | How to create new modules |
| [LuCI Reference](LuCI-Reference.md) | LuCI JavaScript development |
| [API Reference](API.md) | RPCD/ubus API documentation |
---
## Theme: CRT P31 Phosphor Green
SecuBox uses a retro CRT terminal aesthetic:
- **Primary**: `#33ff66` (phosphor peak)
- **Background**: `#050803` (tube black)
- **Font**: Monospace (Courier Prime)
- **Effects**: Scanlines, phosphor glow
See [UI Guide](UI-Guide.md) for full theme documentation.
---
*SecuBox v1.0.0 | CyberMind 2026*

172
docs/wiki/Installation.md Normal file
View File

@ -0,0 +1,172 @@
# SecuBox Installation Guide
This guide covers installing SecuBox on OpenWrt 24.10.
---
## Requirements
### Hardware
| Requirement | Minimum | Recommended |
|-------------|---------|-------------|
| CPU | ARMv8 / x86_64 | Cortex-A72 or better |
| RAM | 512 MB | 2 GB+ |
| Storage | 256 MB | 1 GB+ |
| Network | 1 Ethernet | 2+ Ethernet / WiFi |
### Supported Devices
- **MochaBin** (ARM64) - Primary reference platform
- **x86_64 VM** - VMware, VirtualBox, Proxmox, QEMU
- **Raspberry Pi 4** - With USB Ethernet adapter
- **Generic x86** - Any x86_64 with OpenWrt support
---
## Installation Methods
### Method 1: Pre-built Image (Recommended)
Download the pre-built SecuBox firmware image:
```bash
# For MochaBin ARM64
wget https://github.com/gkerma/secubox-openwrt/releases/latest/download/secubox-mochabin.img.gz
gunzip secubox-mochabin.img.gz
dd if=secubox-mochabin.img of=/dev/sdX bs=4M status=progress
# For x86_64 VM
wget https://github.com/gkerma/secubox-openwrt/releases/latest/download/secubox-x86-64.vmdk
```
### Method 2: Package Installation
Install SecuBox packages on existing OpenWrt:
```bash
# Add SecuBox feed
echo "src/gz secubox https://packages.secubox.in/releases/24.10" >> /etc/opkg/customfeeds.conf
# Update and install
opkg update
opkg install secubox-core secubox-mesh luci-theme-secubox
# Install all LuCI modules
opkg install luci-app-secubox-admin luci-app-crowdsec-dashboard \
luci-app-wireguard-dashboard luci-app-haproxy
```
### Method 3: Build from Source
Build SecuBox using the OpenWrt SDK:
```bash
# Clone repository
git clone https://github.com/gkerma/secubox-openwrt.git
cd secubox-openwrt
# Sync local feed
for pkg in package/secubox/*/; do
name=$(basename "$pkg")
rsync -av --delete "$pkg" "secubox-tools/local-feed/$name/"
done
# Build packages
./secubox-tools/local-build.sh build luci-app-secubox
./secubox-tools/local-build.sh build secubox-core
```
---
## Post-Installation
### 1. Access LuCI
Open your browser and navigate to:
```
https://192.168.1.1
```
Default credentials:
- **Username**: `root`
- **Password**: `c3box`
### 2. Initial Configuration
1. Change the root password
2. Configure network interfaces
3. Set timezone and hostname
4. Enable SecuBox theme
### 3. Enable Services
```bash
# Start mesh daemon
/etc/init.d/secuboxd enable
/etc/init.d/secuboxd start
# Start CrowdSec
/etc/init.d/crowdsec enable
/etc/init.d/crowdsec start
```
---
## Upgrading
### Via sysupgrade
```bash
# Download latest firmware
wget https://github.com/gkerma/secubox-openwrt/releases/latest/download/secubox-sysupgrade.bin
# Upgrade (keep settings)
sysupgrade -v secubox-sysupgrade.bin
```
### Via opkg
```bash
opkg update
opkg upgrade secubox-core secubox-mesh luci-theme-secubox
```
---
## Troubleshooting
### Package conflicts
```bash
# Force reinstall
opkg install --force-reinstall secubox-core
```
### LuCI not loading
```bash
# Clear LuCI cache
rm -rf /tmp/luci-*
/etc/init.d/uhttpd restart
```
### Theme not applying
```bash
# Set theme via UCI
uci set luci.main.mediaurlbase=/luci-static/secubox
uci commit luci
```
---
See also:
- [Quick Start Guide](Quick-Start.md)
- [Architecture Overview](Architecture.md)
- [Module Catalog](Modules.md)
---
*SecuBox v1.0.0*

227
docs/wiki/Modules.md Normal file
View File

@ -0,0 +1,227 @@
# SecuBox Module Catalog
Complete catalog of SecuBox packages for OpenWrt 24.10.
**Total Modules: 80+ LuCI apps | 40+ Backend packages**
---
## Core Packages
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `secubox-core` | 1.0.0 | Core utilities, scripts, shared libraries | - |
| `secubox-mesh` | 1.0.0 | Mesh daemon with topology and gate election | ![](../screenshots/router/mesh.png) |
| `secubox-identity` | 0.1.0 | DID:plc generation, key rotation, trust | - |
| `secubox-mirrornet` | 0.1.0 | Mesh orchestration, gossip protocol | ![](../screenshots/router/mirror.png) |
| `secubox-p2p` | 0.6.0 | P2P decentralized network with blockchain | ![](../screenshots/router/p2p.png) |
| `secubox-p2p-intel` | 0.1.0 | IoC signed gossip, threat intel sharing | - |
---
## Security Packages (15)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-crowdsec-dashboard` | 0.8.0 | CrowdSec IDS/IPS dashboard | ![](../screenshots/router/crowdsec.png) |
| `luci-app-mitmproxy` | 0.5.0 | WAF/TLS inspection proxy | ![](../screenshots/router/waf.png) |
| `luci-app-secubox-security-threats` | 1.0.0 | Security threat overview | ![](../screenshots/router/threats.png) |
| `secubox-threat-analyst` | 1.0.0 | AI-powered threat correlation | ![](../screenshots/router/threat-analyst.png) |
| `secubox-dns-guard` | 1.0.0 | DNS anomaly detection | ![](../screenshots/router/dnsguard.png) |
| `secubox-vortex-firewall` | 1.0.0 | Threat intel firewall | ![](../screenshots/router/vortex.png) |
| `luci-app-auth-guardian` | 0.4.0 | Authentication monitoring | ![](../screenshots/router/auth.png) |
| `luci-app-client-guardian` | 0.4.0 | Client access control | ![](../screenshots/router/clients.png) |
| `luci-app-mac-guardian` | 0.5.0 | MAC address management | ![](../screenshots/router/mac.png) |
| `luci-app-iot-guard` | 1.0.0 | IoT device security | ![](../screenshots/router/iot.png) |
| `luci-app-ipblocklist` | 1.0.0 | IP blocking management | ![](../screenshots/router/ipblocklist.png) |
| `luci-app-zkp` | 1.0.0 | Zero-knowledge proof verification | ![](../screenshots/router/zkp.png) |
| `luci-app-cookie-tracker` | 1.0.0 | Cookie analysis and tracking | ![](../screenshots/router/cookies.png) |
| `luci-app-avatar-tap` | 1.0.0 | Session capture and replay | ![](../screenshots/router/avatar-tap.png) |
| `luci-app-interceptor` | 1.0.0 | Traffic interception control | ![](../screenshots/router/interceptor.png) |
---
## Network Packages (12)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-network-modes` | 0.5.0 | Network mode configuration | ![](../screenshots/router/netmodes.png) |
| `luci-app-bandwidth-manager` | 0.5.0 | Bandwidth monitoring and limits | ![](../screenshots/router/bandwidth.png) |
| `luci-app-traffic-shaper` | 0.4.0 | QoS traffic shaping | ![](../screenshots/router/traffic.png) |
| `luci-app-haproxy` | 1.0.0 | HAProxy load balancer | ![](../screenshots/router/haproxy.png) |
| `luci-app-vhost-manager` | 0.5.0 | Virtual host management | ![](../screenshots/router/vhost.png) |
| `luci-app-cdn-cache` | 0.5.0 | CDN caching proxy | ![](../screenshots/router/cdn.png) |
| `luci-app-network-tweaks` | 1.0.0 | Advanced network settings | ![](../screenshots/router/tweaks.png) |
| `luci-app-routes-status` | 1.0.0 | Route status monitoring | ![](../screenshots/router/routes.png) |
| `luci-app-saas-relay` | 1.0.0 | SaaS service relay | ![](../screenshots/router/saas.png) |
| `luci-app-secubox-netdiag` | 1.0.0 | Network diagnostics | ![](../screenshots/router/netdiag.png) |
| `luci-app-mqtt-bridge` | 0.4.0 | MQTT protocol bridge | ![](../screenshots/router/mqtt.png) |
| `luci-app-ksm-manager` | 0.4.0 | Kernel shared memory | ![](../screenshots/router/ksm.png) |
---
## Monitoring Packages (10)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-metrics-dashboard` | 1.0.0 | System metrics dashboard | ![](../screenshots/router/metrics.png) |
| `luci-app-netdata-dashboard` | 0.5.0 | Netdata system monitoring | ![](../screenshots/router/netdata.png) |
| `luci-app-secubox-netifyd` | 1.2.1 | Deep packet inspection | ![](../screenshots/router/dpi.png) |
| `luci-app-dpi-dual` | 1.0.0 | Dual-stream DPI analysis | ![](../screenshots/router/dpi-dual.png) |
| `luci-app-device-intel` | 1.0.0 | Device fingerprinting | ![](../screenshots/router/device-intel.png) |
| `luci-app-media-flow` | 0.6.4 | Media traffic analysis | ![](../screenshots/router/mediaflow.png) |
| `luci-app-watchdog` | 1.0.0 | Service health monitoring | ![](../screenshots/router/watchdog.png) |
| `luci-app-glances` | 1.0.0 | System overview (Glances) | ![](../screenshots/router/glances.png) |
| `secubox-network-anomaly` | 1.0.0 | AI network anomaly detection | ![](../screenshots/router/anomaly.png) |
| `luci-app-ndpid` | 1.1.2 | nDPI daemon interface | ![](../screenshots/router/ndpid.png) |
---
## VPN & Mesh Packages (7)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-wireguard-dashboard` | 0.7.0 | WireGuard VPN management | ![](../screenshots/router/wireguard.png) |
| `luci-app-secubox-mesh` | 1.0.0 | Mesh network dashboard | ![](../screenshots/router/mesh.png) |
| `luci-app-secubox-p2p` | 0.1.0 | P2P network interface | ![](../screenshots/router/p2p.png) |
| `luci-app-secubox-mirror` | 0.1.0 | MirrorNet dashboard | ![](../screenshots/router/mirror.png) |
| `luci-app-master-link` | 1.0.0 | Node onboarding and linking | ![](../screenshots/router/master-link.png) |
| `luci-app-openclaw` | 1.0.0 | OpenClaw VPN integration | ![](../screenshots/router/openclaw.png) |
| `luci-app-turn` | 1.0.0 | TURN/STUN server | ![](../screenshots/router/turn.png) |
---
## DNS Packages (6)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-dns-master` | 1.0.0 | DNS server management | ![](../screenshots/router/dns.png) |
| `luci-app-dnsguard` | 1.1.0 | DNS filtering and blocking | ![](../screenshots/router/dnsguard.png) |
| `luci-app-vortex-dns` | 1.0.0 | Vortex DNS firewall | ![](../screenshots/router/vortex-dns.png) |
| `luci-app-meshname-dns` | 1.0.0 | Mesh DNS resolution | ![](../screenshots/router/meshname.png) |
| `luci-app-dns-provider` | 1.0.0 | External DNS provider API | ![](../screenshots/router/dns-provider.png) |
| `secubox-app-adguardhome` | 1.0.0 | AdGuard Home ad blocking | ![](../screenshots/router/adguard.png) |
---
## Privacy Packages (4)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-tor-shield` | 1.0.0 | Tor network integration | ![](../screenshots/router/tor.png) |
| `luci-app-tor` | 1.0.0 | Tor hidden services | ![](../screenshots/router/tor-services.png) |
| `luci-app-exposure` | 1.0.0 | Service exposure management | ![](../screenshots/router/exposure.png) |
| `luci-app-interceptor` | 1.0.0 | Traffic interception control | ![](../screenshots/router/interceptor.png) |
---
## Publishing Packages (8)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-metablogizer` | 1.1.0 | Static site generator | ![](../screenshots/router/metablogizer.png) |
| `luci-app-droplet` | 1.0.0 | Quick web publishing | ![](../screenshots/router/droplet.png) |
| `luci-app-streamlit-forge` | 1.0.0 | Streamlit app builder | ![](../screenshots/router/streamforge.png) |
| `luci-app-streamlit` | 1.0.0 | Streamlit dashboard | ![](../screenshots/router/streamlit.png) |
| `luci-app-metacatalog` | 1.0.0 | Content catalog | ![](../screenshots/router/metacatalog.png) |
| `luci-app-hexojs` | 1.0.0 | Hexo blog manager | ![](../screenshots/router/hexo.png) |
| `luci-app-metabolizer` | 1.0.0 | Content processor | ![](../screenshots/router/metabolizer.png) |
| `luci-app-repo` | 1.0.0 | Package repository | ![](../screenshots/router/repo.png) |
---
## App Packages (20)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-jellyfin` | 1.0.0 | Jellyfin media server | ![](../screenshots/router/jellyfin.png) |
| `luci-app-lyrion` | 1.0.0 | Lyrion music server | ![](../screenshots/router/lyrion.png) |
| `luci-app-gitea` | 1.0.0 | Gitea git server | ![](../screenshots/router/gitea.png) |
| `luci-app-nextcloud` | 1.0.0 | Nextcloud cloud storage | ![](../screenshots/router/nextcloud.png) |
| `luci-app-peertube` | 1.1.0 | PeerTube video platform | ![](../screenshots/router/peertube.png) |
| `luci-app-photoprism` | 0.1.0 | PhotoPrism photo gallery | ![](../screenshots/router/photoprism.png) |
| `luci-app-gotosocial` | 0.1.0 | GoToSocial ActivityPub | ![](../screenshots/router/gotosocial.png) |
| `luci-app-jitsi` | 1.0.0 | Jitsi video conferencing | ![](../screenshots/router/jitsi.png) |
| `luci-app-matrix` | 1.0.0 | Matrix chat server | ![](../screenshots/router/matrix.png) |
| `luci-app-jabber` | 1.0.0 | Jabber XMPP server | ![](../screenshots/router/jabber.png) |
| `luci-app-simplex` | 1.0.0 | SimpleX private messaging | ![](../screenshots/router/simplex.png) |
| `luci-app-voip` | 1.0.0 | Asterisk VoIP PBX | ![](../screenshots/router/voip.png) |
| `luci-app-domoticz` | 1.0.0 | Home automation | ![](../screenshots/router/domoticz.png) |
| `luci-app-zigbee2mqtt` | 1.0.0 | Zigbee to MQTT bridge | ![](../screenshots/router/zigbee.png) |
| `luci-app-magicmirror2` | 0.4.0 | Smart mirror | ![](../screenshots/router/magicmirror.png) |
| `luci-app-mailserver` | 1.0.0 | Email server | ![](../screenshots/router/mailserver.png) |
| `luci-app-torrent` | 1.0.0 | BitTorrent client | ![](../screenshots/router/torrent.png) |
| `luci-app-webradio` | 1.0.0 | Internet radio | ![](../screenshots/router/webradio.png) |
| `luci-app-picobrew` | 1.0.0 | Brewing controller | ![](../screenshots/router/picobrew.png) |
| `luci-app-newsbin` | 1.0.0 | Usenet client | ![](../screenshots/router/newsbin.png) |
---
## System Packages (14)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-secubox` | 0.7.1 | Main SecuBox settings | ![](../screenshots/router/settings.png) |
| `luci-app-secubox-admin` | 1.0.0 | Admin control center | ![](../screenshots/router/admin.png) |
| `luci-app-system-hub` | 0.5.2 | System overview hub | ![](../screenshots/router/hub.png) |
| `luci-app-secubox-portal` | 0.7.0 | User portal | ![](../screenshots/router/portal.png) |
| `luci-app-config-vault` | 1.0.0 | Git-based config backup | ![](../screenshots/router/config-vault.png) |
| `luci-app-config-advisor` | 1.0.0 | ANSSI compliance advisor | ![](../screenshots/router/config-advisor.png) |
| `luci-app-smtp-relay` | 1.0.0 | SMTP relay settings | ![](../screenshots/router/smtp.png) |
| `luci-app-reporter` | 1.0.0 | Report generator | ![](../screenshots/router/reporter.png) |
| `luci-app-rtty-remote` | 0.1.0 | Remote terminal access | ![](../screenshots/router/rtty.png) |
| `luci-app-backup` | 1.0.0 | System backup | ![](../screenshots/router/backup.png) |
| `luci-app-cloner` | 1.0.0 | Device cloning | ![](../screenshots/router/cloner.png) |
| `luci-app-secubox-users` | 1.0.0 | User management | ![](../screenshots/router/users.png) |
| `luci-app-cyberfeed` | 0.1.1 | Threat feed manager | ![](../screenshots/router/cyberfeed.png) |
| `luci-app-rezapp` | 1.0.0 | Docker to LXC converter | ![](../screenshots/router/rezapp.png) |
---
## AI Packages (8)
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-app-ai-gateway` | 1.0.0 | AI provider routing | ![](../screenshots/router/ai-gateway.png) |
| `luci-app-ai-insights` | 1.0.0 | AI-powered insights | ![](../screenshots/router/ai-insights.png) |
| `luci-app-localai` | 0.1.0 | LocalAI integration | ![](../screenshots/router/localai.png) |
| `luci-app-ollama` | 0.1.0 | Ollama LLM server | ![](../screenshots/router/ollama.png) |
| `luci-app-localrecall` | 1.0.0 | AI memory system | ![](../screenshots/router/localrecall.png) |
| `luci-app-threat-analyst` | 1.0.0 | AI threat analysis | ![](../screenshots/router/threat-analyst.png) |
| `luci-app-cve-triage` | 1.0.0 | AI CVE triage | ![](../screenshots/router/cve.png) |
| `luci-app-network-anomaly` | 1.0.0 | AI anomaly detection | ![](../screenshots/router/anomaly.png) |
---
## Theme Package
| Package | Version | Description | Screenshot |
|---------|---------|-------------|------------|
| `luci-theme-secubox` | 1.0.0 | CRT P31 phosphor green theme | ![](../screenshots/router/theme.png) |
---
## Installation
### Via opkg
```bash
opkg update
opkg install luci-app-secubox-mesh
```
### Via SecuBox App Store
Navigate to **SecuBox > Apps** in LuCI and install from catalog.
### Via local feed
```bash
echo "src/gz secubox file:///www/secubox-feed" >> /etc/opkg/customfeeds.conf
opkg update
opkg install <package-name>
```
---
*Total packages: 80+ LuCI | Last updated: 2026-03-26*

172
docs/wiki/Quick-Start.md Normal file
View File

@ -0,0 +1,172 @@
# SecuBox Quick Start Guide
Get SecuBox up and running in 10 minutes.
---
## Step 1: First Login
1. Connect to your SecuBox router via Ethernet
2. Open browser: `https://192.168.1.1` (or `192.168.255.1`)
3. Login with: `root` / `c3box`
![Login Screen](../screenshots/router/login.png)
---
## Step 2: Change Password
Navigate to **System > Administration** and change the root password.
---
## Step 3: Network Setup
### Configure WAN
Go to **Network > Interfaces > WAN**:
- Protocol: DHCP Client (or PPPoE/Static)
- Physical interface: eth1
### Configure LAN
Go to **Network > Interfaces > LAN**:
- IPv4 address: `192.168.255.1`
- Netmask: `255.255.255.0`
- DHCP: Enabled
---
## Step 4: Enable Security
### CrowdSec IDS/IPS
Navigate to **SecuBox > Security > CrowdSec Dashboard**:
1. Enable CrowdSec
2. Install default scenarios
3. Configure bouncer
![CrowdSec](../screenshots/router/crowdsec.png)
### WAF (Web Application Firewall)
Navigate to **SecuBox > Security > WAF Filters**:
1. Enable mitmproxy WAF
2. Configure filter rules
3. Set default action: Block
---
## Step 5: Mesh Network
### Enable Mesh Daemon
Navigate to **SecuBox > Mesh > Network**:
1. Enable mesh daemon
2. Set node name
3. Configure WireGuard peers
![Mesh](../screenshots/router/mesh.png)
### Add Peers
Use the QR code scanner or manual configuration:
```bash
# Generate peer config
secuboxctl peer add mynode 10.10.10.2
```
---
## Step 6: Service Exposure
### Tor Hidden Services
Navigate to **SecuBox > Privacy > Tor Shield**:
1. Enable Tor
2. Add hidden service
3. Note your .onion address
### DNS/SSL Exposure
Navigate to **SecuBox > Privacy > Exposure**:
1. Configure DNS provider (OVH, Gandi, Cloudflare)
2. Add domain
3. Request SSL certificate
---
## Step 7: Install Apps
Navigate to **SecuBox > Apps**:
Browse and install from the catalog:
- **Jellyfin** - Media server
- **Nextcloud** - Cloud storage
- **Gitea** - Git server
- **LocalAI** - Local LLM
---
## Common Tasks
### View Metrics
**SecuBox > Dashboard > Metrics**
![Metrics](../screenshots/router/metrics.png)
### Monitor Traffic
**SecuBox > Monitoring > Bandwidth Manager**
### Check Security
**SecuBox > Security > Security Threats**
### Manage VPN
**SecuBox > VPN > WireGuard Dashboard**
---
## CLI Quick Reference
```bash
# System status
secubox status
# Mesh network
secuboxctl status
secuboxctl peers
# WireGuard
wgctl status
wgctl peers
# HAProxy
haproxyctl vhost list
haproxyctl status
# CrowdSec
cscli decisions list
cscli alerts list
```
---
## Next Steps
- [Module Catalog](Modules.md) - Explore all 80+ modules
- [Architecture](Architecture.md) - Understand the system
- [Development](Development.md) - Extend SecuBox
---
*SecuBox v1.0.0*

338
docs/wiki/modules/AI.md Normal file
View File

@ -0,0 +1,338 @@
# AI Modules
SecuBox integrates AI capabilities through 8 specialized modules with data sovereignty controls.
---
## Overview
| Layer | Components |
|-------|------------|
| **Gateway** | AI Gateway (routing, classification) |
| **Inference** | LocalAI, Ollama (local LLMs) |
| **Analysis** | Threat Analyst, CVE Triage, Network Anomaly |
| **Memory** | LocalRecall (persistent AI memory) |
| **Insights** | AI Insights dashboard |
---
## AI Gateway
**Package**: `secubox-ai-gateway` + `luci-app-ai-gateway`
Data sovereignty engine with intelligent provider routing.
![AI Gateway](../../screenshots/router/ai-gateway.png)
### Data Classification
| Tier | Description | Destination |
|------|-------------|-------------|
| **LOCAL_ONLY** | Raw network data, IPs, MACs, logs | Never leaves device |
| **SANITIZED** | Anonymized patterns, scrubbed IPs | Mistral EU (opt-in) |
| **CLOUD_DIRECT** | Generic queries, no sensitive data | Claude/GPT (opt-in) |
### Provider Hierarchy
1. **LocalAI** (local inference, always available)
2. **Mistral** (EU sovereign, GDPR compliant)
3. **Claude** (Anthropic)
4. **OpenAI GPT**
5. **Google Gemini**
6. **xAI Grok**
### CLI
```bash
aigatewayctl status # Gateway status
aigatewayctl classify "text" # Classify data tier
aigatewayctl sanitize "text" # Sanitize sensitive data
aigatewayctl provider list # List providers
aigatewayctl audit # View audit log
aigatewayctl login claude # Configure provider
```
### RPCD Methods
| Method | Description |
|--------|-------------|
| `status` | Gateway status |
| `classify` | Classify data tier |
| `sanitize` | Sanitize text |
| `providers` | List providers |
| `audit` | Get audit log |
| `login` | Configure provider |
---
## LocalAI
**Package**: `secubox-app-localai` + `luci-app-localai`
Local LLM inference server (LocalAI 3.9+).
![LocalAI](../../screenshots/router/localai.png)
### Features
- OpenAI-compatible API
- Multiple model support
- GPU acceleration (optional)
- Embeddings generation
- Voice transcription
### Supported Models
| Model | Size | Use Case |
|-------|------|----------|
| TinyLlama | 1.1B | Fast chat, simple queries |
| Mistral 7B | 7B | General purpose |
| CodeLlama | 7B | Code generation |
| Whisper | - | Audio transcription |
### CLI
```bash
localaictl status # Service status
localaictl models # List models
localaictl download <model> # Download model
localaictl chat "Hello" # Quick chat
```
### API
```bash
# OpenAI-compatible endpoint
curl http://localhost:4050/v1/chat/completions \
-H "Content-Type: application/json" \
-d '{"model":"tinyllama","messages":[{"role":"user","content":"Hello"}]}'
```
---
## Ollama
**Package**: `secubox-app-ollama` + `luci-app-ollama`
Ollama LLM server for easy model management.
![Ollama](../../screenshots/router/ollama.png)
### Features
- Simple model management
- Streaming responses
- Custom modelfiles
- GPU support
### CLI
```bash
ollama list # List models
ollama pull llama2 # Download model
ollama run llama2 "Hello" # Chat
```
---
## Threat Analyst
**Package**: `secubox-threat-analyst` + `luci-app-threat-analyst`
AI-powered threat correlation and analysis.
![Threat Analyst](../../screenshots/router/threat-analyst.png)
### Features
- Multi-source correlation
- AI threat scoring
- Attack pattern detection
- Automated response
- Incident timeline
### Data Sources
| Source | Type |
|--------|------|
| CrowdSec | IDS alerts, decisions |
| WAF | HTTP blocks, patterns |
| DPI | Network flows |
| DNS | Query logs |
| Auth | Login attempts |
### CLI
```bash
threat-analystctl status # Status
threat-analystctl analyze # Run analysis
threat-analystctl report # Generate report
```
---
## CVE Triage
**Package**: `secubox-cve-triage` + `luci-app-cve-triage`
AI-powered vulnerability prioritization.
![CVE Triage](../../screenshots/router/cve.png)
### Features
- CVE database integration
- Risk scoring
- Patch recommendations
- Affected package detection
- Priority ranking
### Scoring Factors
| Factor | Weight |
|--------|--------|
| CVSS Score | 40% |
| Exploitability | 25% |
| Affected Systems | 20% |
| Mitigation Available | 15% |
---
## Network Anomaly
**Package**: `secubox-network-anomaly` + `luci-app-network-anomaly`
AI network traffic anomaly detection.
![Network Anomaly](../../screenshots/router/anomaly.png)
### Features
- Baseline learning
- Deviation detection
- Pattern recognition
- Alert generation
- Automated response
### Detection Types
| Type | Description |
|------|-------------|
| Volume | Unusual traffic volume |
| Pattern | Abnormal traffic patterns |
| Protocol | Protocol anomalies |
| Timing | Unusual timing patterns |
---
## LocalRecall
**Package**: `secubox-localrecall` + `luci-app-localrecall`
Persistent AI memory system.
![LocalRecall](../../screenshots/router/localrecall.png)
### Features
- Context persistence
- Vector storage
- Semantic search
- Memory management
- Privacy controls
### Use Cases
- Conversation history
- Knowledge base
- Configuration memory
- Incident memory
---
## AI Insights
**Package**: `luci-app-ai-insights`
AI-powered system insights dashboard.
![AI Insights](../../screenshots/router/ai-insights.png)
### Features
- System health analysis
- Security recommendations
- Performance insights
- Trend analysis
- Predictive alerts
### Insight Types
| Type | Description |
|------|-------------|
| Security | Threat patterns, vulnerabilities |
| Performance | Resource optimization |
| Network | Traffic patterns |
| Config | Configuration improvements |
---
## Configuration
### Enable AI Features
```bash
# Enable AI Gateway
uci set ai-gateway.main.enabled='1'
uci set ai-gateway.main.local_only='1' # Disable cloud providers
uci commit ai-gateway
# Configure LocalAI
uci set localai.main.enabled='1'
uci set localai.main.model='tinyllama'
uci commit localai
# Start services
/etc/init.d/ai-gateway start
/etc/init.d/localai start
```
### Provider Configuration
```bash
# Configure cloud providers (optional)
aigatewayctl login mistral # Mistral EU
aigatewayctl login claude # Anthropic Claude
aigatewayctl login openai # OpenAI
```
---
## Privacy & Sovereignty
### Data Never Leaves Device
When `local_only='1'`:
- All inference runs locally
- No cloud API calls
- Full data sovereignty
- GDPR compliant
### ANSSI CSPN Compliance
AI Gateway supports ANSSI certification requirements:
- Data classification audit trail
- Encryption in transit/at rest
- Access control logging
- Provider verification
---
See also:
- [Security Modules](Security.md)
- [Architecture](../Architecture.md)
- [API Reference](../API.md)
---
*SecuBox v1.0.0*

411
docs/wiki/modules/Apps.md Normal file
View File

@ -0,0 +1,411 @@
# Application Modules
SecuBox provides 20+ self-hosted application modules.
---
## Overview
| Category | Applications |
|----------|--------------|
| **Media** | Jellyfin, Lyrion, PhotoPrism, PeerTube, Webradio |
| **Collaboration** | Nextcloud, Gitea, Jitsi |
| **Communication** | Matrix, Jabber, SimpleX, VoIP |
| **Social** | GoToSocial, PeerTube |
| **IoT** | Domoticz, Zigbee2MQTT, MagicMirror |
| **Utilities** | Torrent, Newsbin, PicoBrew |
---
## Media Server
### Jellyfin
**Package**: `secubox-app-jellyfin` + `luci-app-jellyfin`
Media streaming server.
![Jellyfin](../../screenshots/router/jellyfin.png)
#### Features
- Video streaming (transcoding)
- Music library
- Photo gallery
- Live TV/DVR
- Mobile apps
#### CLI
```bash
jellyfinctl status # Status
jellyfinctl start # Start server
jellyfinctl library scan # Scan library
```
---
### Lyrion
**Package**: `secubox-app-lyrion` + `luci-app-lyrion`
Music server (Lyrion Music Server 9.x).
![Lyrion](../../screenshots/router/lyrion.png)
#### Features
- Multi-room audio
- Squeezebox compatible
- Plugin ecosystem
- Radio streaming
- Material skin
#### CLI
```bash
lyrionctl status # Status
lyrionctl scan # Rescan library
lyrionctl players # List players
```
---
### PhotoPrism
**Package**: `secubox-app-photoprism` + `luci-app-photoprism`
AI-powered photo gallery.
![PhotoPrism](../../screenshots/router/photoprism.png)
#### Features
- AI face recognition
- Object detection
- Places/maps
- Timeline view
- Sharing
---
### PeerTube
**Package**: `secubox-app-peertube` + `luci-app-peertube`
Federated video platform.
![PeerTube](../../screenshots/router/peertube.png)
#### Features
- P2P video delivery
- Federation support
- Live streaming
- Transcoding
- Comments/likes
---
## Collaboration
### Nextcloud
**Package**: `secubox-app-nextcloud` + `luci-app-nextcloud`
Cloud storage and collaboration.
![Nextcloud](../../screenshots/router/nextcloud.png)
#### Features
- File sync
- Calendar/Contacts
- Office documents
- Talk (video calls)
- App ecosystem
---
### Gitea
**Package**: `secubox-app-gitea` + `luci-app-gitea`
Git server with web interface.
![Gitea](../../screenshots/router/gitea.png)
#### Features
- Git hosting
- Issue tracker
- Pull requests
- CI/CD (Actions)
- Wiki
---
### Jitsi
**Package**: `secubox-app-jitsi` + `luci-app-jitsi`
Video conferencing.
![Jitsi](../../screenshots/router/jitsi.png)
#### Features
- Video meetings
- Screen sharing
- Recording
- SRTP encryption
- No account required
---
## Communication
### Matrix
**Package**: `secubox-app-matrix` + `luci-app-matrix`
Matrix chat server (Conduit).
![Matrix](../../screenshots/router/matrix.png)
#### Features
- E2E encryption
- Federation
- Bridges (IRC, Telegram)
- Mobile apps
- Low resource (~15MB RAM)
---
### Jabber
**Package**: `secubox-app-jabber` + `luci-app-jabber`
XMPP server (Prosody).
![Jabber](../../screenshots/router/jabber.png)
#### Features
- XMPP/Jabber protocol
- OMEMO encryption
- File transfer
- Group chat
- S2S federation
---
### SimpleX
**Package**: `secubox-app-simplex` + `luci-app-simplex`
Private messaging.
![SimpleX](../../screenshots/router/simplex.png)
#### Features
- No user identifiers
- E2E encryption
- Decentralized
- Mobile apps
---
### VoIP
**Package**: `secubox-app-voip` + `luci-app-voip`
Asterisk PBX.
![VoIP](../../screenshots/router/voip.png)
#### Features
- SIP/IAX2 trunks
- IVR menus
- Voicemail
- Call recording
- Conference bridges
---
## Social
### GoToSocial
**Package**: `secubox-app-gotosocial` + `luci-app-gotosocial`
ActivityPub social server.
![GoToSocial](../../screenshots/router/gotosocial.png)
#### Features
- Mastodon compatible
- Federation
- Media uploads
- Lightweight
---
## IoT
### Domoticz
**Package**: `secubox-app-domoticz` + `luci-app-domoticz`
Home automation.
![Domoticz](../../screenshots/router/domoticz.png)
#### Features
- Device management
- Automation rules
- MQTT integration
- Energy monitoring
- Camera support
---
### Zigbee2MQTT
**Package**: `secubox-app-zigbee2mqtt` + `luci-app-zigbee2mqtt`
Zigbee to MQTT bridge.
![Zigbee](../../screenshots/router/zigbee.png)
#### Features
- 3000+ device support
- No proprietary hub
- OTA updates
- Device pairing
- Network map
---
### MagicMirror
**Package**: `secubox-app-magicmirror2` + `luci-app-magicmirror2`
Smart mirror platform.
![MagicMirror](../../screenshots/router/magicmirror.png)
#### Features
- Module ecosystem
- Calendar/Weather
- News feeds
- Voice control
- Remote config
---
## Utilities
### Torrent
**Package**: `secubox-app-qbittorrent` + `luci-app-torrent`
BitTorrent client.
![Torrent](../../screenshots/router/torrent.png)
#### Features
- Web interface
- RSS feeds
- Categories
- Speed limits
- VPN support
---
### Webradio
**Package**: `secubox-app-webradio` + `luci-app-webradio`
Internet radio streaming.
![Webradio](../../screenshots/router/webradio.png)
#### Features
- Station management
- MPD integration
- Lyrion integration
- Recording
- Schedule
---
### Mailserver
**Package**: `secubox-app-mailserver` + `luci-app-mailserver`
Full email server.
![Mailserver](../../screenshots/router/mailserver.png)
#### Features
- Postfix + Dovecot
- Webmail (Roundcube)
- DKIM signing
- Spam filtering
- Multiple domains
---
## Installation
### Via App Store
Navigate to **SecuBox > Apps** and browse the catalog.
### Via CLI
```bash
# Install app
opkg install secubox-app-jellyfin luci-app-jellyfin
# Start service
/etc/init.d/jellyfin enable
/etc/init.d/jellyfin start
```
### Container Apps
Most apps run in LXC containers:
```bash
# List containers
lxc-ls -f
# Start container
lxc-start -n jellyfin
# Console access
lxc-attach -n jellyfin
```
---
See also:
- [Publishing Modules](Publishing.md)
- [System Modules](System.md)
- [Architecture](../Architecture.md)
---
*SecuBox v1.0.0*

311
docs/wiki/modules/DNS.md Normal file
View File

@ -0,0 +1,311 @@
# DNS Modules
SecuBox provides 6 DNS management and security modules.
---
## Overview
| Layer | Components |
|-------|------------|
| **Server** | DNS Master (BIND) |
| **Security** | DNS Guard, Vortex DNS Firewall |
| **Resolution** | Meshname DNS, AdGuard Home |
| **External** | DNS Provider API |
---
## DNS Master
**Package**: `secubox-app-dns-master` + `luci-app-dns-master`
Primary DNS server (BIND).
![DNS Master](../../screenshots/router/dns.png)
### Features
- Zone management
- Record editing
- DNSSEC support
- Secondary DNS
- Zone transfers
### Record Types
| Type | Description |
|------|-------------|
| A | IPv4 address |
| AAAA | IPv6 address |
| CNAME | Alias |
| MX | Mail exchange |
| TXT | Text record |
| SRV | Service locator |
### CLI
```bash
dnsctl status # Status
dnsctl zone list # List zones
dnsctl zone add example.com # Add zone
dnsctl record add A www 1.2.3.4 # Add record
dnsctl reload # Reload BIND
```
---
## DNS Guard
**Package**: `secubox-dns-guard` + `luci-app-dnsguard`
AI-powered DNS anomaly detection.
![DNS Guard](../../screenshots/router/dnsguard.png)
### Features
- Query analysis
- Anomaly detection
- DGA detection
- Tunneling detection
- Real-time alerts
### Detection Types
| Type | Description |
|------|-------------|
| DGA | Domain generation algorithm |
| Tunneling | DNS data exfiltration |
| Fast-flux | Rapidly changing IPs |
| Typosquatting | Similar domain names |
| Suspicious | High entropy domains |
### CLI
```bash
dnsguardctl status # Status
dnsguardctl analyze # Run analysis
dnsguardctl alerts # View alerts
dnsguardctl whitelist add x # Add to whitelist
```
---
## Vortex DNS Firewall
**Package**: `secubox-vortex-dns` + `luci-app-vortex-dns`
Threat intelligence DNS firewall.
![Vortex DNS](../../screenshots/router/vortex-dns.png)
### Features
- Blocklist aggregation
- Real-time blocking
- Sinkhole server
- Mesh threat sharing
- Category filtering
### Blocklist Sources
| Source | Categories |
|--------|------------|
| CrowdSec | Threat intel |
| Pi-hole | Ads, tracking |
| Steven Black | Malware, phishing |
| Custom | User-defined |
### CLI
```bash
vortexctl status # Status
vortexctl update # Update blocklists
vortexctl block add domain # Block domain
vortexctl stats # View statistics
```
---
## Meshname DNS
**Package**: `secubox-app-meshname-dns` + `luci-app-meshname-dns`
Mesh DNS resolution (.ygg).
![Meshname](../../screenshots/router/meshname.png)
### Features
- Yggdrasil DNS resolution
- Mesh peer discovery
- Gossip-based sync
- Local caching
- Fallback resolution
### Resolution Flow
```
Query: mynode.ygg
Local cache?
↓ No
Gossip lookup?
↓ No
Yggdrasil network?
Response
```
### CLI
```bash
meshnameectl status # Status
meshnameectl lookup mynode # Lookup name
meshnameectl register myname # Register name
meshnameectl peers # View peers
```
---
## DNS Provider
**Package**: `secubox-app-dns-provider` + `luci-app-dns-provider`
External DNS provider API integration.
![DNS Provider](../../screenshots/router/dns-provider.png)
### Supported Providers
| Provider | Features |
|----------|----------|
| OVH | Zone management, API v1 |
| Gandi | LiveDNS API |
| Cloudflare | Zone API |
| Custom | RFC 2136 dynamic DNS |
### Features
- Automatic record updates
- ACME DNS-01 challenges
- Wildcard certificates
- Subdomain management
### CLI
```bash
dnsctl provider status # Status
dnsctl provider list # List providers
dnsctl provider add ovh # Configure OVH
dnsctl add A subdomain 1.2.3.4 # Add record
```
---
## AdGuard Home
**Package**: `secubox-app-adguardhome`
Ad blocking DNS server.
![AdGuard](../../screenshots/router/adguard.png)
### Features
- Ad blocking
- Tracking protection
- Parental controls
- Per-client settings
- Query log
### Filter Lists
| List | Description |
|------|-------------|
| AdGuard | Default filter |
| EasyList | Ad blocking |
| Malware | Security |
| Social | Social tracking |
---
## Configuration
### Configure DNS Master
```bash
# Add zone
dnsctl zone add example.com
# Add records
dnsctl record add example.com A www 192.168.1.10
dnsctl record add example.com MX mail 10
dnsctl record add example.com TXT @ "v=spf1 mx -all"
# Enable DNSSEC
dnsctl dnssec enable example.com
```
### Configure Vortex DNS
```bash
# Enable firewall
uci set vortex-dns.main.enabled='1'
uci set vortex-dns.main.sinkhole='192.168.255.1'
uci commit vortex-dns
# Add blocklists
vortexctl source add https://example.com/blocklist.txt
vortexctl update
```
### Configure DNS Provider (OVH)
```bash
# Setup OVH API
dnsctl provider add ovh \
--app-key="xxx" \
--app-secret="xxx" \
--consumer-key="xxx"
# Add record
dnsctl add A subdomain.example.com 1.2.3.4
```
---
## DNS Resolution Flow
```
Client Query
┌─────────────┐
│ dnsmasq │ ←── Local cache
└──────┬──────┘
┌─────────────┐
│ DNS Guard │ ←── Anomaly detection
└──────┬──────┘
┌─────────────┐
│ Vortex DNS │ ←── Blocklist check
└──────┬──────┘
┌─────────────┐
│ DNS Master │ ←── Local zones
└──────┬──────┘
Upstream DNS
```
---
See also:
- [Security Modules](Security.md)
- [Network Modules](Network.md)
- [Architecture](../Architecture.md)
---
*SecuBox v1.0.0*

350
docs/wiki/modules/Mesh.md Normal file
View File

@ -0,0 +1,350 @@
# Mesh Network Modules
SecuBox provides decentralized mesh networking through 7 integrated modules.
---
## Overview
| Layer | Components |
|-------|------------|
| **Transport** | WireGuard VPN tunnels |
| **Discovery** | mDNS, Yggdrasil, subnet scanning |
| **Topology** | Mesh daemon, gate election |
| **Services** | P2P registry, MirrorNet |
| **Identity** | DID:plc, ZKP verification |
---
## SecuBox Mesh
**Package**: `secubox-mesh` + `luci-app-secubox-mesh`
Core mesh daemon with topology management and automatic gate election.
![Mesh Dashboard](../../screenshots/router/mesh.png)
### Features
- Peer discovery (mDNS, ARP, WireGuard)
- Topology management
- Gate election (weighted scoring)
- Cross-node telemetry
- Device/VM/container discovery
### Discovery Methods
| Method | Description |
|--------|-------------|
| mDNS | `_secubox._udp.local` service discovery |
| ARP | Network neighbor scanning |
| WireGuard | Peer configuration scanning |
| Docker | Container discovery via socket |
| LXC | Container discovery via lxc-ls |
| libvirt | VM discovery via virsh |
### CLI
```bash
secuboxctl status # Mesh status
secuboxctl peers # List peers
secuboxctl topology # Show topology
secuboxctl telemetry # Node metrics
secuboxctl scan # Trigger discovery
```
### RPCD Methods
| Method | Description |
|--------|-------------|
| `status` | Mesh daemon status |
| `peers` | List mesh peers |
| `topology` | Network topology |
| `nodes` | All known nodes |
| `devices` | Discovered devices |
| `scan_full` | Full network scan |
| `scan_containers` | Container/VM scan |
---
## WireGuard Dashboard
**Package**: `luci-app-wireguard-dashboard`
WireGuard VPN management with QR code generation.
![WireGuard](../../screenshots/router/wireguard.png)
### Features
- Interface management
- Peer configuration
- QR code generation
- Traffic monitoring
- Mobile client export
### CLI
```bash
wgctl status # VPN status
wgctl peers # List peers
wgctl add-peer <name> <ip> # Add peer
wgctl qr <peer> # Generate QR
```
---
## P2P Network
**Package**: `secubox-p2p` + `luci-app-secubox-p2p`
Decentralized gossip protocol with blockchain sync.
![P2P](../../screenshots/router/p2p.png)
### Features
- Gossip protocol
- Service registry
- Threat intelligence sharing
- Configuration sync
- Blockchain-based consensus
### Gossip Topics
| Topic | Description |
|-------|-------------|
| `services` | Service announcements |
| `threats` | IoC sharing |
| `config` | Configuration sync |
| `peers` | Peer discovery |
### CLI
```bash
p2pctl status # P2P status
p2pctl peers # Connected peers
p2pctl publish <service> # Publish service
p2pctl subscribe <topic> # Subscribe to topic
```
---
## MirrorNet
**Package**: `secubox-mirrornet` + `luci-app-secubox-mirror`
Service mirroring and CDN capabilities.
![MirrorNet](../../screenshots/router/mirror.png)
### Features
- Service mirroring
- Load balancing
- CDN distribution
- Failover routing
- Gossip-based sync
### Modes
| Mode | Description |
|------|-------------|
| Master | Primary service provider |
| Slave | Mirror/replica |
| Submaster | Hierarchical replication |
### CLI
```bash
mirrorctl status # Mirror status
mirrorctl list # List mirrors
mirrorctl add <service> <peer> # Add mirror
mirrorctl sync # Force sync
```
---
## Master Link
**Package**: `secubox-master-link` + `luci-app-master-link`
Node onboarding and mesh joining.
![Master Link](../../screenshots/router/master-link.png)
### Features
- Easy node onboarding
- Join token generation
- Automatic configuration
- Trust establishment
- IPK package generation
### Onboarding Flow
```
1. Master: Generate join token
2. New node: Install join IPK
3. Automatic: WireGuard config
4. Automatic: Trust verification
5. Complete: Node joins mesh
```
### CLI
```bash
master-linkctl status # Link status
master-linkctl generate # Generate join token
master-linkctl join <token> # Join mesh
master-linkctl nodes # List nodes
```
---
## Identity
**Package**: `secubox-identity`
DID:plc generation and trust management.
### Features
- DID:plc generation
- Key rotation
- Trust scoring
- Cross-node verification
- Reputation system
### CLI
```bash
identityctl status # Identity status
identityctl did # Show DID
identityctl rotate # Rotate keys
identityctl trust <peer> # Trust peer
identityctl verify <peer> # Verify peer
```
---
## OpenClaw
**Package**: `luci-app-openclaw`
OpenClaw VPN integration.
![OpenClaw](../../screenshots/router/openclaw.png)
### Features
- OpenClaw server connection
- NAT traversal
- Firewall bypass
- Automatic reconnection
---
## Configuration
### Enable Mesh Network
```bash
# Enable mesh daemon
uci set secubox-mesh.main.enabled='1'
uci set secubox-mesh.main.node_name='mynode'
uci commit secubox-mesh
# Start daemon
/etc/init.d/secuboxd enable
/etc/init.d/secuboxd start
```
### Configure WireGuard Mesh
```bash
# Create mesh interface
uci set network.wgmesh=interface
uci set network.wgmesh.proto='wireguard'
uci set network.wgmesh.private_key="$(wg genkey)"
uci set network.wgmesh.addresses='10.10.10.1/24'
uci commit network
# Add peer
wgctl add-peer node2 10.10.10.2
```
### Join Existing Mesh
```bash
# On master node
master-linkctl generate > join-token.txt
# On new node
master-linkctl join "$(cat join-token.txt)"
```
---
## Gate Election
The mesh automatically elects a "gate" node for internet access:
### Scoring Factors
| Factor | Weight | Description |
|--------|--------|-------------|
| Bandwidth | 30% | Available bandwidth |
| Latency | 25% | Internet latency |
| Uptime | 20% | Node stability |
| Resources | 15% | CPU/RAM availability |
| Manual | 10% | Admin preference |
### Manual Override
```bash
# Force node as gate
secuboxctl set-gate <node>
# Disable gate election
uci set secubox-mesh.election.enabled='0'
uci commit secubox-mesh
```
---
## Troubleshooting
### Peer not discovered
```bash
# Check mDNS
avahi-browse -a | grep secubox
# Check WireGuard
wg show
# Force scan
secuboxctl scan
```
### Gate election failing
```bash
# Check election status
secuboxctl election status
# View scoring
secuboxctl election scores
```
---
See also:
- [Security Modules](Security.md)
- [Network Modules](Network.md)
- [Architecture](../Architecture.md)
---
*SecuBox v1.0.0*

328
docs/wiki/modules/Network.md Normal file
View File

@ -0,0 +1,328 @@
# Network Modules
SecuBox provides comprehensive network management through 12 integrated modules.
---
## Overview
| Layer | Components |
|-------|------------|
| **Routing** | Network Modes, Traffic Shaper |
| **Proxy** | HAProxy, CDN Cache |
| **Monitoring** | Bandwidth Manager, Routes Status |
| **Services** | MQTT Bridge, KSM Manager |
| **Diagnostics** | Network Diag, Network Tweaks |
---
## Network Modes
**Package**: `luci-app-network-modes`
Network mode configuration (Router/AP/Bridge).
![Network Modes](../../screenshots/router/netmodes.png)
### Modes
| Mode | Description |
|------|-------------|
| Router | Full routing with NAT |
| AP | Access Point mode |
| Bridge | Transparent bridge |
| Mesh | Mesh node |
| Client | WISP client |
### Features
- One-click mode switching
- Interface auto-configuration
- VLAN support
- Firewall auto-adjustment
---
## HAProxy
**Package**: `secubox-app-haproxy` + `luci-app-haproxy`
Load balancer and reverse proxy.
![HAProxy](../../screenshots/router/haproxy.png)
### Features
- Virtual hosts (274+)
- SSL termination (ACME)
- Load balancing
- Health checks
- Statistics dashboard
### CLI
```bash
haproxyctl status # Service status
haproxyctl vhost list # List vhosts
haproxyctl vhost add <domain> # Add vhost
haproxyctl ssl request <domain> # Request SSL
haproxyctl reload # Reload config
```
### Architecture
```
Internet → HAProxy (443/80) → mitmproxy WAF → Backend
SSL Termination
Load Balancing
ACL Routing
```
---
## Bandwidth Manager
**Package**: `luci-app-bandwidth-manager`
Traffic monitoring and bandwidth limits.
![Bandwidth](../../screenshots/router/bandwidth.png)
### Features
- Real-time monitoring
- Per-client limits
- Scheduled throttling
- Alert notifications
- Historical graphs
### Limit Types
| Type | Description |
|------|-------------|
| Upload | Upload bandwidth limit |
| Download | Download bandwidth limit |
| Combined | Total bandwidth limit |
| Burst | Burst allowance |
---
## Traffic Shaper
**Package**: `luci-app-traffic-shaper`
QoS and traffic prioritization.
![Traffic Shaper](../../screenshots/router/traffic.png)
### Features
- Application-based QoS
- Priority queues
- Bandwidth reservation
- Fair queuing
- Real-time stats
### Priority Classes
| Class | Applications |
|-------|--------------|
| Realtime | VoIP, gaming |
| Priority | Video, streaming |
| Normal | Web browsing |
| Bulk | Downloads, backups |
---
## Virtual Hosts
**Package**: `luci-app-vhost-manager`
Virtual host management.
![VHosts](../../screenshots/router/vhost.png)
### Features
- Domain management
- Backend configuration
- SSL certificate status
- WAF integration
- Redirect rules
---
## CDN Cache
**Package**: `luci-app-cdn-cache`
Content caching proxy.
![CDN Cache](../../screenshots/router/cdn.png)
### Features
- HTTP/HTTPS caching
- Cache policies
- Storage management
- Hit rate statistics
- Purge controls
---
## Routes Status
**Package**: `luci-app-routes-status`
Route monitoring and health checks.
![Routes](../../screenshots/router/routes.png)
### Features
- Route health checks
- Up/Down monitoring
- Response time tracking
- Alert notifications
- Historical data
---
## Network Tweaks
**Package**: `luci-app-network-tweaks`
Advanced network settings.
![Tweaks](../../screenshots/router/tweaks.png)
### Features
- Kernel parameters
- TCP optimization
- Buffer tuning
- Congestion control
- MTU configuration
---
## MQTT Bridge
**Package**: `luci-app-mqtt-bridge`
MQTT protocol bridge for IoT.
![MQTT](../../screenshots/router/mqtt.png)
### Features
- Broker configuration
- Bridge connections
- Topic mapping
- TLS support
- Authentication
---
## Network Diagnostics
**Package**: `luci-app-secubox-netdiag`
Network diagnostic tools.
![NetDiag](../../screenshots/router/netdiag.png)
### Features
- Ping/Traceroute
- DNS lookup
- Port scanning
- Bandwidth test
- Packet capture
---
## SAAS Relay
**Package**: `luci-app-saas-relay`
SaaS service relay.
![SAAS](../../screenshots/router/saas.png)
### Features
- API proxying
- Rate limiting
- Caching
- Authentication
---
## KSM Manager
**Package**: `luci-app-ksm-manager`
Kernel shared memory management.
![KSM](../../screenshots/router/ksm.png)
### Features
- Memory deduplication
- Page sharing stats
- Performance tuning
- Container optimization
---
## Configuration
### Enable Traffic Shaping
```bash
uci set traffic-shaper.main.enabled='1'
uci set traffic-shaper.main.wan='wan'
uci set traffic-shaper.main.download='100000' # 100 Mbps
uci set traffic-shaper.main.upload='50000' # 50 Mbps
uci commit traffic-shaper
```
### Configure HAProxy Vhost
```bash
# Add virtual host
haproxyctl vhost add myapp.example.com
# Configure backend
haproxyctl backend set myapp.example.com 192.168.255.10:8080
# Request SSL
haproxyctl ssl request myapp.example.com
# Reload
haproxyctl reload
```
### Bandwidth Limits
```bash
# Set client limit
uci add bandwidth-manager limit
uci set bandwidth-manager.@limit[-1].mac='00:11:22:33:44:55'
uci set bandwidth-manager.@limit[-1].download='10000' # 10 Mbps
uci set bandwidth-manager.@limit[-1].upload='5000' # 5 Mbps
uci commit bandwidth-manager
```
---
See also:
- [Security Modules](Security.md)
- [Monitoring Modules](Monitoring.md)
- [Architecture](../Architecture.md)
---
*SecuBox v1.0.0*

321
docs/wiki/modules/Security.md Normal file
View File

@ -0,0 +1,321 @@
# Security Modules
SecuBox provides comprehensive security through 15 integrated modules.
---
## Overview
| Layer | Components |
|-------|------------|
| **Perimeter** | CrowdSec IDS/IPS, WAF (mitmproxy) |
| **Network** | DNS Guard, Vortex Firewall, IP Blocklist |
| **Access** | Auth Guardian, Client Guardian, MAC Guardian |
| **Verification** | ZKP, IoT Guard |
| **Analysis** | Threat Analyst, Avatar Tap, Cookie Tracker |
---
## CrowdSec Dashboard
**Package**: `luci-app-crowdsec-dashboard`
Intrusion Detection and Prevention System with collaborative threat intelligence.
![CrowdSec Dashboard](../../screenshots/router/crowdsec.png)
### Features
- Real-time alert monitoring
- Active decisions (bans, captchas)
- Scenario management
- Bouncer configuration
- CAPI integration (crowd-sourced blocklists)
### CLI
```bash
cscli decisions list # View active bans
cscli alerts list # View recent alerts
cscli scenarios list # List installed scenarios
cscli bouncers list # List bouncers
```
### RPCD Methods
| Method | Description |
|--------|-------------|
| `status` | Get CrowdSec service status |
| `get_overview` | Dashboard overview data |
| `get_decisions` | Active decisions list |
| `get_alerts` | Recent alerts |
| `add_decision` | Add manual ban |
---
## WAF Filters (mitmproxy)
**Package**: `luci-app-mitmproxy`
Web Application Firewall with TLS inspection.
![WAF](../../screenshots/router/waf.png)
### Features
- HTTP/HTTPS inspection
- Rule-based filtering
- Request/response modification
- SSL certificate generation
- HAProxy integration
### Architecture
```
Client → HAProxy → mitmproxy WAF → Backend Service
CrowdSec
```
### CLI
```bash
mitmproxyctl status # Service status
mitmproxyctl sync-routes # Sync HAProxy routes
mitmproxyctl reload # Reload configuration
```
---
## DNS Guard
**Package**: `secubox-dns-guard` + `luci-app-dnsguard`
AI-powered DNS anomaly detection.
![DNS Guard](../../screenshots/router/dnsguard.png)
### Features
- DNS query analysis
- Anomaly detection (DGA, tunneling)
- Blocklist integration
- Real-time monitoring
- AI-powered threat scoring
### Detection Types
| Type | Description |
|------|-------------|
| DGA | Domain generation algorithm detection |
| Tunneling | DNS tunneling detection |
| Fast-flux | Fast-flux domain detection |
| Suspicious | Unusual query patterns |
---
## Auth Guardian
**Package**: `luci-app-auth-guardian`
Authentication monitoring and brute-force protection.
![Auth Guardian](../../screenshots/router/auth.png)
### Features
- Login attempt monitoring
- Brute-force detection
- Automatic blocking
- Session tracking
- Alert notifications
### Monitored Services
- LuCI web interface
- SSH
- VPN connections
- Custom services
---
## Client Guardian
**Package**: `luci-app-client-guardian`
Network client access control.
![Client Guardian](../../screenshots/router/clients.png)
### Features
- Client inventory
- Access policies
- Bandwidth limits
- Schedule-based access
- VLAN assignment
### Access Modes
| Mode | Description |
|------|-------------|
| Allow | Full network access |
| Guest | Limited internet only |
| Block | No network access |
| Schedule | Time-based access |
---
## MAC Guardian
**Package**: `luci-app-mac-guardian`
MAC address management and security.
![MAC Guardian](../../screenshots/router/mac.png)
### Features
- MAC address inventory
- Whitelist/blacklist
- Manufacturer lookup (OUI)
- Spoofing detection
- Alert notifications
---
## ZKP Verification
**Package**: `luci-app-zkp`
Zero-knowledge proof mesh verification.
![ZKP](../../screenshots/router/zkp.png)
### Features
- Peer identity verification
- Trust chain validation
- Cross-node verification
- Cryptographic proofs
### Use Cases
- Mesh peer authentication
- Service authorization
- Distributed trust
---
## IoT Guard
**Package**: `luci-app-iot-guard`
IoT device security isolation.
![IoT Guard](../../screenshots/router/iot.png)
### Features
- IoT device detection
- Network segmentation
- Traffic monitoring
- Firmware analysis
- Vulnerability scanning
### Security Profiles
| Profile | Description |
|---------|-------------|
| Isolated | No inter-device communication |
| Grouped | Communication within group only |
| Full | Standard network access |
---
## Threat Analyst
**Package**: `secubox-threat-analyst` + `luci-app-threat-analyst`
AI-powered threat correlation and analysis.
![Threat Analyst](../../screenshots/router/threat-analyst.png)
### Features
- Multi-source correlation (CrowdSec, WAF, DPI)
- AI-powered threat scoring
- Attack pattern detection
- Incident timeline
- Automated response
### Data Sources
- CrowdSec alerts
- WAF blocks
- DPI flows
- DNS queries
- Auth logs
---
## Avatar Tap
**Package**: `secubox-avatar-tap` + `luci-app-avatar-tap`
Session capture and replay for security analysis.
![Avatar Tap](../../screenshots/router/avatar-tap.png)
### Features
- Passive session capture
- Cookie/header recording
- Session replay
- Forensic analysis
- Export/import
### Use Cases
- Security testing
- Session analysis
- Incident investigation
---
## Configuration
### Enable All Security Modules
```bash
# Via UCI
uci set crowdsec.crowdsec.enabled='1'
uci set mitmproxy.main.enabled='1'
uci set secubox.security.auth_guardian='1'
uci set secubox.security.client_guardian='1'
uci commit
# Restart services
/etc/init.d/crowdsec restart
/etc/init.d/mitmproxy restart
```
### CrowdSec Scenarios
```bash
# Install common scenarios
cscli scenarios install crowdsecurity/ssh-bf
cscli scenarios install crowdsecurity/http-bf
cscli scenarios install crowdsecurity/http-crawl
```
---
See also:
- [Network Modules](Network.md)
- [AI Modules](AI.md)
- [Architecture](../Architecture.md)
---
*SecuBox v1.0.0*

394
docs/wiki/modules/System.md Normal file
View File

@ -0,0 +1,394 @@
# System Modules
SecuBox provides 14 system administration modules.
---
## Overview
| Category | Modules |
|----------|---------|
| **Dashboard** | System Hub, Portal, Admin |
| **Configuration** | SecuBox Settings, Config Vault, Config Advisor |
| **Communication** | SMTP Relay, Reporter |
| **Remote** | RTTY Remote |
| **Backup** | Backup, Cloner |
| **Management** | Users, RezApp, Cyberfeed |
---
## System Hub
**Package**: `luci-app-system-hub`
Central system dashboard.
![System Hub](../../screenshots/router/hub.png)
### Features
- System overview
- Quick actions
- Service status
- Resource graphs
- Recent alerts
---
## SecuBox Settings
**Package**: `luci-app-secubox`
Main SecuBox configuration.
![Settings](../../screenshots/router/settings.png)
### Features
- Theme selection
- Network mode
- Security settings
- Feature toggles
- Update management
---
## SecuBox Admin
**Package**: `luci-app-secubox-admin`
Admin control center.
![Admin](../../screenshots/router/admin.png)
### Features
- User management
- Access logs
- System logs
- Debug tools
- Advanced config
---
## SecuBox Portal
**Package**: `luci-app-secubox-portal`
User-facing portal.
![Portal](../../screenshots/router/portal.png)
### Features
- Welcome page
- Quick links
- Status display
- Guest access
---
## Config Vault
**Package**: `secubox-app-config-vault` + `luci-app-config-vault`
Git-based configuration backup.
![Config Vault](../../screenshots/router/config-vault.png)
### Features
- Auto-commit changes
- Git versioning
- Remote sync (Gitea)
- Restore points
- Module backups
### Modules
| Module | Contents |
|--------|----------|
| users | Users, passwords, SSH keys |
| network | Interfaces, firewall, DHCP |
| services | HAProxy, CrowdSec, apps |
| security | WAF, auth, certificates |
| system | Hostname, timezone, cron |
### CLI
```bash
configvaultctl status # Status
configvaultctl backup # Manual backup
configvaultctl restore <hash> # Restore commit
configvaultctl push # Sync to remote
configvaultctl history # View history
```
---
## Config Advisor
**Package**: `secubox-config-advisor` + `luci-app-config-advisor`
ANSSI compliance advisor.
![Config Advisor](../../screenshots/router/config-advisor.png)
### Features
- Security audit
- Compliance checking
- Recommendations
- ANSSI CSPN prep
- Report generation
### Checks
| Category | Items |
|----------|-------|
| Authentication | Password strength, 2FA |
| Encryption | TLS versions, ciphers |
| Network | Firewall rules, services |
| Access | User permissions, SSH |
---
## SMTP Relay
**Package**: `secubox-app-smtp-relay` + `luci-app-smtp-relay`
Centralized email configuration.
![SMTP](../../screenshots/router/smtp.png)
### Features
- Provider configuration
- Test email
- Multi-recipient
- TLS support
- Fallback modes
### Providers
| Provider | Type |
|----------|------|
| Gmail | OAuth/App password |
| SendGrid | API key |
| Mailgun | API key |
| Custom | SMTP credentials |
| Local | Local mailserver |
### CLI
```bash
smtp-relayctl status # Status
smtp-relayctl test # Send test email
smtp-relayctl configure # Setup wizard
```
---
## Reporter
**Package**: `secubox-app-reporter` + `luci-app-reporter`
System report generator.
![Reporter](../../screenshots/router/reporter.png)
### Features
- Report generation
- Email delivery
- Scheduled reports
- Multiple formats
- KissTheme styling
### Report Types
| Type | Contents |
|------|----------|
| Development | WIP, history, roadmap |
| Services | Tor, DNS/SSL, mesh exposure |
| System | Hardware, performance |
| Security | Threats, bans, alerts |
### CLI
```bash
secubox-reportctl generate dev # Generate report
secubox-reportctl send dev # Email report
secubox-reportctl schedule weekly # Schedule
```
---
## RTTY Remote
**Package**: `secubox-app-rtty-remote` + `luci-app-rtty-remote`
Remote terminal access.
![RTTY](../../screenshots/router/rtty.png)
### Features
- Web terminal (ttyd)
- RPC proxy to mesh nodes
- Token-based sharing
- Session tracking
- Remote deployment
### CLI
```bash
rttyctl status # Status
rttyctl nodes # List nodes
rttyctl rpc <node> <method> # Remote RPC
rttyctl token generate # Share token
```
---
## Backup
**Package**: `luci-app-backup`
System backup management.
![Backup](../../screenshots/router/backup.png)
### Features
- Full system backup
- Selective backup
- Restore
- Scheduled backups
- Remote storage
---
## Cloner
**Package**: `luci-app-cloner`
Device cloning.
![Cloner](../../screenshots/router/cloner.png)
### Features
- Config export
- Config import
- Mesh provisioning
- First-boot setup
---
## User Management
**Package**: `luci-app-secubox-users`
User account management.
![Users](../../screenshots/router/users.png)
### Features
- User accounts
- Group management
- Permissions
- SSH keys
- Password policies
---
## RezApp
**Package**: `secubox-app-rezapp` + `luci-app-rezapp`
Docker to LXC converter.
![RezApp](../../screenshots/router/rezapp.png)
### Features
- Docker image import
- LXC conversion
- UCI config generation
- HAProxy integration
- Offline mode
### CLI
```bash
rezappctl search <term> # Search Docker Hub
rezappctl import <image> # Import image
rezappctl convert <name> # Convert to LXC
rezappctl run <name> # Start container
```
---
## Cyberfeed
**Package**: `secubox-app-cyberfeed` + `luci-app-cyberfeed`
Threat feed manager.
![Cyberfeed](../../screenshots/router/cyberfeed.png)
### Features
- Feed subscriptions
- Auto-update
- CrowdSec integration
- Custom feeds
- Alert notifications
---
## Configuration
### Enable Config Vault
```bash
# Initialize
configvaultctl init
# Enable auto-backup
uci set config-vault.main.auto_backup='1'
uci set config-vault.main.interval='hourly'
uci commit config-vault
# Configure remote
uci set config-vault.git.remote='git@git.example.com:user/config.git'
uci commit config-vault
```
### Configure SMTP
```bash
# Setup Gmail
smtp-relayctl configure gmail
# Or manual
uci set smtp-relay.main.provider='custom'
uci set smtp-relay.main.host='smtp.example.com'
uci set smtp-relay.main.port='587'
uci set smtp-relay.main.user='user@example.com'
uci set smtp-relay.main.password='secret'
uci commit smtp-relay
```
---
See also:
- [Security Modules](Security.md)
- [AI Modules](AI.md)
- [Architecture](../Architecture.md)
---
*SecuBox v1.0.0*