gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,525 Commits 4 Branches 293 Tags 320 MiB
9c4d8dcdfd
Commit Graph

5 Commits

Author SHA1 Message Date
CyberMind-FR
62f2f6a7a8 docs(secubox): Add KISS README for all 46 remaining packages 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 07:34:06 +01:00
CyberMind-FR
04908fc414 feat(multi): CrowdSec LAPI port fix, Streamlit/HexoJS multi-instance 
CrowdSec:
- Change LAPI default port from 8080 to 8180 (avoid Docker conflict)
- Update bouncer config, init script, and RPCD dashboard
- Fix port detection hex value (1FF4 for 8180)

Streamlit:
- Complete rewrite with folder-based app structure
- Multi-instance support (multiple apps on different ports)
- Gitea integration (clone, pull, setup commands)
- Auto-install requirements.txt with hash-based caching

HexoJS:
- Multi-instance support with folder structure
- Multiple blog instances on different ports

HAProxy:
- Auto-generate fallback backends (luci, apps, default_luci)
- Add --server letsencrypt to ACME commands

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 06:37:19 +01:00
CyberMind-FR
4e5d5275f9 refactor: Merge secubox-app-crowdsec-bouncer into cs-firewall-bouncer 
- Move UCI defaults script for auto-registration to cs-firewall-bouncer
- Remove redundant secubox-app-crowdsec-bouncer wrapper package
- Update luci-app-crowdsec-dashboard reference to new package name
- Increment PKG_RELEASE to 3

The defaults script handles:
- Automatic bouncer registration with CrowdSec LAPI
- Interface detection for LAN/WAN
- API key generation and UCI config update

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 06:46:09 +01:00
CyberMind-FR
f72ea0da32 fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs 
The init script created nftables sets and chains but never added the
actual DROP rules to block traffic from blacklisted IPs. This caused
the bouncer to populate sets correctly but traffic was never blocked.

Added DROP rules for:
- IPv4 input chain (crowdsec-blacklists)
- IPv4 forward chain (crowdsec-blacklists)
- IPv6 input chain (crowdsec6-blacklists)
- IPv6 forward chain (crowdsec6-blacklists)

Each rule respects the deny_log and deny_action configuration options.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-16 08:27:46 +01:00
CyberMind-FR
e62919eec7 refactor(packages): Rename and reorganize SecuBox packages 
- Rename crowdsec-firewall-bouncer to secubox-app-cs-firewall-bouncer
- Rename secubox-auth-logger to secubox-app-auth-logger
- Delete secubox-crowdsec-setup (merged into other packages)
- Fix circular dependencies in luci-app-secubox-crowdsec
- Fix dependency chain in secubox-app-crowdsec-bouncer
- Add consolidated get_overview API to crowdsec-dashboard
- Improve crowdsec-dashboard overview performance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-15 10:42:52 +01:00