fix(crowdsec): Dynamic LAPI port detection + feed docs

- Fix LAPI status check to dynamically read port from config - Previously hardcoded wrong port (8080 vs 8180) - Add comprehensive SecuBox feed documentation to README - Document opkg configuration, HAProxy publishing, troubleshooting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 10:41:25 +01:00 · 2026-01-28 10:41:25 +01:00 · 68f961f666
commit 68f961f666
parent 8e7a5b1bb9
2 changed files with 132 additions and 2 deletions
--- a/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
+++ b/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
@ -2322,9 +2322,17 @@ get_overview() {
 	fi
 	json_close_array

-	# LAPI status (quick check)
+	# LAPI status (dynamic port detection from config)
 	local lapi_ok=0
-	if [ "$cs_running" = "1" ] && grep -qi ":1F90 " /proc/net/tcp 2>/dev/null; then
+	local lapi_port=""
+	# Get LAPI port from credentials or config file
+	lapi_port=$(grep -oE ':[0-9]+/?$' /etc/crowdsec/local_api_credentials.yaml 2>/dev/null | tr -d ':/')
+	[ -z "$lapi_port" ] && lapi_port=$(grep 'listen_uri' /etc/crowdsec/config.yaml 2>/dev/null | grep -oE ':[0-9]+$' | tr -d ':')
+	[ -z "$lapi_port" ] && lapi_port=8080
+	# Convert port to hex for /proc/net/tcp lookup
+	local lapi_port_hex
+	lapi_port_hex=$(printf '%04X' "$lapi_port")
+	if [ "$cs_running" = "1" ] && grep -qi ":${lapi_port_hex} " /proc/net/tcp 2>/dev/null; then
 		lapi_ok=1
 	fi
 	json_add_string "lapi_status" "$([ "$lapi_ok" = "1" ] && echo available || echo unavailable)"
--- a/secubox-tools/README.md
+++ b/secubox-tools/README.md
@ -438,6 +438,128 @@ mv htdocs/luci-static/resources/view/example-dashboard \
 chmod +x luci-app-example/root/usr/libexec/rpcd/luci.example
 ```

+## SecuBox Package Feed
+
+The SecuBox feed provides custom OpenWrt packages installable via `opkg`. After building packages, they are synced to `/www/secubox-feed` on the router.
+
+### Feed Structure
+
+```
+/www/secubox-feed/
+├── Packages              # Package index (text)
+├── Packages.gz           # Compressed package index
+├── Packages.sig          # Optional signature
+└── *.ipk                 # Package files
+```
+
+### Configuring opkg to Use the Feed
+
+**Option 1: Local File Access (same device)**
+```bash
+echo 'src/gz secubox file:///www/secubox-feed' >> /etc/opkg/customfeeds.conf
+opkg update
+```
+
+**Option 2: HTTP Access (network devices)**
+```bash
+# From other devices on the network (replace IP with your router's address)
+echo 'src/gz secubox http://192.168.255.1/secubox-feed' >> /etc/opkg/customfeeds.conf
+opkg update
+```
+
+**Option 3: HAProxy Published Feed (with SSL)**
+```bash
+# If published via HAProxy with domain
+echo 'src/gz secubox https://feed.example.com' >> /etc/opkg/customfeeds.conf
+opkg update
+```
+
+### Installing Packages from the Feed
+
+```bash
+# Update package lists
+opkg update
+
+# List available SecuBox packages
+opkg list | grep -E '^(luci-app-|secubox-)'
+
+# Install a package
+opkg install luci-app-service-registry
+
+# Install with dependencies
+opkg install --force-depends luci-app-haproxy
+```
+
+### Regenerating the Package Index
+
+After adding new .ipk files to the feed:
+
+```bash
+# On the router
+cd /www/secubox-feed
+/usr/libexec/opkg-make-index . > Packages
+gzip -k Packages
+```
+
+Or use the deploy command:
+```bash
+# From development machine
+./secubox-tools/local-build.sh deploy root@192.168.255.1 "luci-app-*"
+```
+
+### App Store Integration
+
+The LuCI App Store reads from `apps-local.json` to list available packages:
+
+```bash
+# Generate apps manifest from feed
+cat /www/secubox-feed/Packages | awk '
+/^Package:/ { pkg=$2 }
+/^Version:/ { ver=$2 }
+/^Description:/ { desc=substr($0, 14); print pkg, ver, desc }
+'
+```
+
+The Service Registry dashboard aggregates installed apps and their status.
+
+### Exposing Feed via HAProxy
+
+To publish the feed with HTTPS:
+
+```bash
+# Create HAProxy backend for the feed
+ubus call luci.haproxy create_backend '{"name":"secubox-feed","mode":"http"}'
+ubus call luci.haproxy create_server '{"backend":"secubox-feed","address":"127.0.0.1","port":80}'
+ubus call luci.haproxy create_vhost '{"domain":"feed.example.com","backend":"secubox-feed","ssl":1,"acme":1}'
+
+# Request certificate
+ubus call luci.haproxy request_certificate '{"domain":"feed.example.com"}'
+```
+
+### Troubleshooting
+
+**Feed not updating:**
+```bash
+# Check feed URL is accessible
+curl -I http://192.168.255.1/secubox-feed/Packages
+
+# Check opkg config
+cat /etc/opkg/customfeeds.conf
+
+# Force refresh
+rm /var/opkg-lists/secubox
+opkg update
+```
+
+**Package signature errors:**
+```bash
+# Skip signature verification (development only)
+opkg update --no-check-certificate
+opkg install --force-checksum <package>
+```
+
+---
+
 ## Integration with CI/CD

 The validation script can be integrated into GitHub Actions workflows: