Implements token-based authentication that grants RPC and terminal access
without requiring LuCI credentials. Support technicians can connect using
a short 6-character code.
CLI commands:
- rttyctl token generate [ttl] [permissions]
- rttyctl token list
- rttyctl token validate <code>
- rttyctl token revoke <code>
- rttyctl token-rpc <code> <object> <method> [params]
RPCD methods:
- token_generate: Create support token with TTL
- token_list: List active tokens
- token_validate: Check token validity
- token_revoke: Revoke a token
- token_rpc: Execute RPC with token auth (no LuCI session needed)
LuCI Support Panel:
- Generate code with selectable validity (30m/1h/2h/4h)
- Enter code to connect to remote node
- Token-authenticated RPC execution
- Live token list with copy/revoke actions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Local addresses (127.0.0.1, localhost, 192.168.255.1, lan IP) now use
direct ubus call instead of HTTP JSON-RPC, providing full access to
all ubus methods without authentication restrictions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- jshn cannot embed raw JSON in objects, use printf instead
- Return proper {"success":true,"result":{...}} format
- Handle error cases with escaped error messages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix TypeError in support.js: add null checks for DOM elements
- Move menu entries from Services to System Hub (KISS UI)
- Menu paths: admin/secubox/system/system-hub/rtty-remote
- Menu paths: admin/secubox/system/system-hub/support
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Dashboard now includes:
- Authoritative Zones table with View/Dump/Reload actions
- Import Zone modal with domain input
- Zone content viewer with download option
- Secondary DNS providers section
- Add Secondary modal (OVH/Gandi/Cloudflare support)
New RPC calls for zone_list, zone_dump, zone_import, zone_export,
zone_reload, secondary_list, secondary_add, secondary_remove.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove 2>/dev/null from for-loop glob pattern which causes syntax
error in BusyBox ash shell. The [ -f "$zf" ] check handles the
case when no zone files exist.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive zone management for DNS master functionality:
- vortexctl zone list/dump/import/export/reload commands
- Secondary DNS provider configuration (OVH support)
- RPCD methods for LuCI integration
- ACL permissions for new methods
This enables importing zones from external providers (Gandi) and
configuring OVH as secondary DNS with SecuBox as authoritative master.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Skip UCI userlists already defined in AUTH_USERLIST_FILE to avoid
duplicate 'secubox_users' userlist warning
- Fix indentation of nocache http-request rules in _emit_sorted_path_acls
- Use correct ACL names for path-based nocache rules
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Port 8889 conflicts with avatar-tap Streamlit service.
Updated mitmproxy-in instance to use port 8890 for HAProxy WAF routing.
Changes:
- UCI config: proxy_port and listen_port now default to 8890
- mitmproxyctl: Updated fallback defaults and documentation
- README: Updated architecture diagrams with correct port
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Root cause: jshn overhead + subshell issues with piped while loops
- Solution: Direct JSON output with printf, temp file for vhosts
- Deployed ACL file for LuCI authentication
- Handler now returns 226 vhosts in <10 seconds
Also:
- Added ROADMAP.md with version milestones and dependency graph
- Updated WIP.md with today's completed tasks
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Lyrion: Default media_path changed from /srv/media to /mnt/MUSIC
- PhotoPrism: Default originals_path changed from /srv/photoprism/originals to /mnt/PHOTO
These paths reflect the actual mount points used for external media storage.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add PHOTOPRISM_READONLY=true to prevent writes to originals
- Add PHOTOPRISM_SIDECAR_PATH and PHOTOPRISM_CACHE_PATH to writable storage
- Create run_photoprism_cmd helper to pass environment to lxc-attach
- Fixes indexing on read-only Apple Photos library mounts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add originals_path option to UCI config (default: /srv/photoprism/originals)
- Add set_config RPC method to update originals_path from LuCI
- Add Storage Settings section to LuCI dashboard
- Update LXC config to use configurable ORIGINALS_PATH
- Update get_stats to scan originals_path instead of data_path/originals
- Lyrion media_path already configurable via Settings page
Both services now support external mount points:
- PhotoPrism: /mnt/PHOTO for photos
- Lyrion: /mnt/MUSIC for music
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace MariaDB with SQLite (no external database needed)
- Update LXC config with proper device permissions and capabilities
- Install libvips42 instead of mariadb-server
- Fix binary path to ./bin/photoprism
- Use environment variables instead of options.yml
- Simplify backup to just archive storage directory
- Update WIP.md with SQLite note
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New packages:
- secubox-app-photoprism: LXC-based PhotoPrism deployment
- Debian Bookworm container with MariaDB, FFmpeg
- AI face recognition, object detection, places/maps
- photoprismctl CLI: install/start/stop/index/import/emancipate
- HAProxy integration via mitmproxy (WAF-safe)
- luci-app-photoprism: KISS-themed dashboard
- Stats cards (photos, videos, storage)
- Service controls and AI feature display
- Emancipate form for public exposure
- RPCD backend with 12 methods
docs: Update WIP.md with PhotoPrism feature
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix jshn boolean handling (use 1/0 instead of "true"/"false")
- Rework UI with dark theme compatible styling
- Add emoji-based status indicators (🔗🔒🛡️✅)
- Simplify interface with async Load More pagination
- Update README.md to v0.18.0 with 86 modules
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Renamed from routes-status to vhosts-checker to avoid conflict with
OpenWrt's default network routes page.
- KISS UI theme with header chips and status cards
- Shows HAProxy vhosts with mitmproxy route status (OUT/IN)
- SSL certificate status indicators
- WAF bypass detection
- Sync routes and add missing route actions
- Accessible at Status → VHosts Checker and KISS UI Network → VHosts Checker
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite overview.js with KissTheme.wrap() for consistent SecuBox styling
- Add header chips for stats (vhosts, active, missing routes, WAF bypass, SSL)
- Add service status cards (HAProxy, mitmproxy, host IP)
- Add to KISS navigation under Network → Routes Status
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New package luci-app-routes-status providing:
- HAProxy vhosts status overview (218+ vhosts supported)
- mitmproxy route configuration status (OUT/IN routes)
- SSL certificate status indicators
- WAF bypass detection (vhosts not using mitmproxy_inspector)
- Sync routes and add missing route actions
- RPCD backend with batch processing for large vhost counts
Accessible at Status → Routes Status in LuCI.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
secubox-users:
- Add gitea and jellyfin to supported services list
- Add create/update/delete handlers for gitea (via API) and jellyfin
- Update CLI help and status display to include new services
luci-app-secubox-users:
- Add jellyfin service checkbox and badge in frontend
- Update RPCD handler to check jellyfin service status
mitmproxy routing fix:
- nextcloudctl: Use host LAN IP instead of 127.0.0.1 for WAF routes
(mitmproxy runs in container, can't reach host's localhost)
- metablogizerctl: Same fix for mitmproxy route registration
- mitmproxyctl: Fix sync_metablogizer_routes to use host IP
This fixes 502/403 errors when accessing services through HAProxy->mitmproxy
because the mitmproxy container couldn't route to 127.0.0.1 on the host.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- network-modes: Remove orphan code block after final esac statement
- netdata-dashboard: Replace bash process substitution with POSIX awk
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously, emancipation relied on secubox-route or mitmproxyctl sync-routes
which didn't reliably add routes to haproxy-routes.json. This caused newly
emancipated services to return 404 from mitmproxy.
Changes:
- streamlitctl: Direct JSON write as primary method for route registration
- metablogizerctl: Direct JSON write as primary method
- peertubectl: Direct JSON write as primary method
- pinaforectl: Direct JSON write + route through mitmproxy_inspector for WAF
All emancipation flows now directly write to /srv/mitmproxy-in/haproxy-routes.json
using Python, with secubox-route and mitmproxyctl as fallbacks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The RPCD returns 'bytes_saved' but the JS was looking for
'bandwidth_saved_bytes', causing the "BW Saved" stat to always show 0.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Validated secubox-image.sh and secubox-sysupgrade.sh scripts:
- Fixed curl redirect issue: ASU API returns 301 redirects
- Added -L flag to 9 curl calls across both scripts
- Verified all device profiles valid (mochabin, espressobin, x86-64)
- Confirmed POSIX sh compatibility for sysupgrade script
- Validated first-boot script syntax
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- WAF-safe SSL: Route through mitmproxy_inspector, auto-add routes
- Scheduled backups: setup-backup-cron with hourly/daily/weekly support
- Email/SMTP: setup-mail command for outbound notifications
- CalDAV/CardDAV: connections command shows sync URLs for all clients
- New RPCD methods: get_connections, setup_mail, setup_backup_cron
- ACL updated with new method permissions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changes:
- Enable WAF auto-ban by default (sensitivity: moderate, min_severity: high)
- Add whitelist for common safe IPs (localhost, router)
- Add browser cache busting via version parameter in CSS loads
- Document deployment scripts in secubox-tools/README.md
- Create CVE Layer 7 architecture documentation
WAF auto-ban now active with:
- 3 threats within 5 minutes triggers ban
- 4-hour ban duration
- Critical CVEs (Log4Shell, SQLi, CMDi) ban immediately
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Route AI requests through the AI Gateway for data sovereignty compliance.
Changes:
- secubox-mcp-server: ai.sh now prefers AI Gateway (port 4050), falls back to LocalAI
- secubox-threat-analyst: UCI config adds ai_gateway_url option
- threat-analyst CLI shows both Gateway and LocalAI status
- analyzer.sh and appliers.sh use ai_url (Gateway preferred)
- README updated with AI Gateway integration section
The AI Gateway ensures threat data (IPs, MACs, logs) is classified as
LOCAL_ONLY and never leaves the device, supporting ANSSI CSPN compliance.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement secubox-ai-gateway package with intelligent AI request routing
based on data sensitivity classification for GDPR/ANSSI compliance.
Features:
- 3-tier data classification: LOCAL_ONLY, SANITIZED, CLOUD_DIRECT
- Provider hierarchy: LocalAI > Mistral (EU) > Claude > GPT > Gemini > xAI
- PII sanitizer: IPv4/IPv6, MAC, credentials, private keys scrubbing
- OpenAI-compatible API proxy on port 4050
- aigatewayctl CLI: status, classify, sanitize, provider, audit commands
- RPCD backend with 11 ubus methods for LuCI integration
- ANSSI CSPN audit logging in JSONL format
Classification patterns detect:
- IP addresses, MAC addresses, private keys
- Credentials (password, secret, token, api_key)
- System paths, security tool references
- WireGuard configuration data
All cloud providers are opt-in. Default LOCAL_ONLY ensures data
sovereignty - sensitive data never leaves the device.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add centralized route registry (`secubox-route`) in secubox-core to eliminate
route management duplication across metablogizerctl, streamlitctl, and
mitmproxyctl.
New features:
- `/etc/config/secubox-routes` - UCI config for central route registry
- `/usr/sbin/secubox-route` - CLI for route management (add, remove, sync)
- Import routes from HAProxy, MetaBlogizer, Streamlit with source tracking
- Auto-sync to all mitmproxy instances on route changes
- Skip wildcard domains and LuCI (port 8081) routes
Updated services to use centralized registry:
- metablogizerctl: Use secubox-route add instead of mitmproxyctl sync
- streamlitctl: Use secubox-route add with domain/port params
- peertubectl: Use secubox-route add for emancipation
- vhost-manager/mitmproxy.sh: Prefer secubox-route when available
- mitmproxyctl: Delegate to secubox-route import-all for sync-routes
This prevents route mixups between services and provides a single
source of truth for all WAF routing configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Skip wildcard domains (starting with '.') in sync-routes to allow
unknown subdomains to show "WAF SAYS NO" 404 page instead of blog
- Fix log_info() to output to stderr to prevent JSON corruption in
sync-routes when log messages mixed with JSON fragments
- Escape CSS curly braces in NOT_FOUND_HTML for Python .format()
compatibility (fixes KeyError: 'box-sizing')
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Restores missing functionality in the Streamlit dashboard:
- Re-upload button: Upload new .py/.zip to replace existing app code
- Gitea Sync button: Pull latest changes from Gitea repository
The buttons appear in the Apps Library table for each app.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements Meshname DNS for Yggdrasil mesh networks with gossip-based
service discovery and dnsmasq integration.
New packages:
- secubox-app-meshname-dns: Core service with meshnamectl CLI
- luci-app-meshname-dns: LuCI dashboard for service management
Features:
- Services announce .ygg domains via gossip protocol (meshname_announce)
- dnsmasq integration via /tmp/hosts/meshname dynamic hosts file
- Cross-node resolution through gossip message propagation
- RPCD handler with 8 methods for LuCI integration
CLI commands: announce, revoke, resolve, list, sync, status, daemon
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- secubox_analytics.py: Add 'strict' as alias for 'aggressive' in autoban
- Fix waf_bypass false positives on LuCI static resources
- Root cause: different analytics versions across mitmproxy instances
- Update HISTORY.md with OpenClaw Gemini fix and WAF tuning
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Gemini 1.5 models no longer available in API. Updated model list to:
- gemini-2.0-flash
- gemini-2.5-flash
- gemini-2.5-pro
- gemini-flash-latest
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added gemini provider with models: gemini-1.5-flash, gemini-1.5-pro, gemini-pro
- Updated RPCD handler with Gemini API endpoint
- Updated settings.js with Google AI Studio link
- Updated chat.js to parse Gemini response format
- Changed Ollama default URL to LocalAI (port 8091)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete LuCI app with:
- Chat view with real-time AI conversation
- Settings view for provider/model/API key configuration
- Integrations view for Telegram/Discord/Slack/Email/Calendar
- RPCD backend handling all ubus calls
- Support for Anthropic, OpenAI, and Ollama providers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
mitmproxy haproxy_router.py:
- Return 404 instead of routing to LuCI (8081) for missing routes
- Block any routes that point to port 8081
- Add "WAF Says NO" themed 404 page with multi-layer WAF visual
HAProxy (deployed on router):
- Configure end_of_internet backend with custom errorfiles
- Add "End of Internet" themed error pages for 5xx errors
- Patched haproxyctl to include errorfile directives
New package: secubox-app-openclaw
- Personal AI assistant integration for SecuBox
- Supports Anthropic Claude, OpenAI, and Ollama providers
- Chat integrations (Telegram, Discord, Slack)
- Email/calendar automation support
- CLI tool: openclawctl
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Was timing out with 199 HAProxy vhosts due to ~600 UCI calls.
Optimizations:
- get_haproxy_vhosts(): Single uci show + awk parsing instead of
per-vhost uci -q get calls (600 calls → 1 call)
- get_init_services(): Check only key services, use symlink detection
instead of executing init scripts
- get_metrics_summary(): Read CrowdSec data from cache file instead
of slow cscli commands
Result: Handler now responds in <1s with 204 published services.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
form.Map.render() returns a Promise, not a DOM element. Passing it
directly to KissTheme.wrap() caused "does not implement interface Node"
errors. Fixed by awaiting the Promise with .then() before wrapping.
Affected views:
- metablogizer/settings.js
- localai/settings.js
- domoticz/overview.js
- simplex/overview.js
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- luci.mailserver: Detect LXC containers for webmail status (not just Docker)
- docs: Add nginx static file fix and webmail detection to HISTORY/WIP
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace per-site UCI calls with single-pass awk parsing
- Pre-fetch listening ports, HAProxy backends, and Tor services
- Fix getline variable corruption that produced invalid JSON
- Reduce execution time from 30+ seconds to 0.23 seconds
- Update signaling.gk2.secubox.in route to port 8083 (LXC)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrote method_get_vhosts() to use single-pass awk parsing
- Reduced execution time from 30+ seconds timeout to 0.24 seconds
- Added arm, armada, files42 routes to mitmproxy config
The previous implementation made 4 UCI calls per vhost (764 total)
causing the luci-tree page to timeout. New implementation parses
uci show output once with awk.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add route management commands:
- `mitmproxyctl route list` - List all routes
- `mitmproxyctl route add <domain> <ip> <port>` - Add manual route
- `mitmproxyctl route remove <domain>` - Remove route
- `mitmproxyctl route check` - Check for missing routes
- Improve sync-routes to scan MetaBlogizer and Streamlit services:
- Auto-detect enabled MetaBlogizer sites and add routes
- Auto-detect enabled Streamlit instances with matching vhosts
- Warn about mitmproxy_inspector vhosts with missing routes
- Update routes config with 188 routes
This fixes the issue where services using mitmproxy_inspector backend
would fall back to default because their routes were not configured.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Deployed Yggdrasil on master (aarch64) and clone (x86_64)
- Connected to 2 public peers + LAN multicast auto-discovery
- Bidirectional ping6 and SSH over Yggdrasil working
- Fixed firewall zones: device="ygg0" required for nftables
- IPv6: master 201:e4d4:..., clone 201:a9d8:...
- Marks v1.1+ Yggdrasil overlay as complete
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed _print_uci_userlist to use config_list_foreach
- Each user now gets separate "user ... password ..." line
- Fixes HAProxy basic auth with multiple users
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix auth for Streamlit container (no ubus access)
- Use HTTP JSON-RPC to /ubus endpoint for authentication
- Add ALERTE.DEPOT app source to repo
- Update HISTORY.md with VoIP and auth fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Shell 'local' keyword only works inside functions, not case statements
- Remove all 'local' declarations to fix RPCD handler execution
- Fixes "not in a function" error when calling trunk_test and other methods
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix active_calls and extensions count to output clean integers
- Remove tr -cd which was causing duplicate values in JSON
- Use simpler variable assignment with fallback to 0
- Prevents malformed JSON output from cmd_status()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Gitea as a service option in SecuBox Users UI
- Add Gitea checkbox in Add User modal
- Add Gitea service badge in status display
- Implement password sync to Gitea via API on password change
- Fix Gitea API call to include login_name parameter
- Add gitea to check_service() and get_status()
- Sync passwords to all enabled services (email, jabber, nextcloud, gitea)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The bare `except:` clause catches SystemExit which is raised by
sys.exit(0), causing the script to fall through to sys.exit(1).
Changed to `except Exception:` which doesn't catch SystemExit,
allowing proper exit code propagation.
Also:
- Simplified Python extraction script
- Use double quotes for string literals (shell compatibility)
- Write Python script to temp file instead of heredoc (RPCD stdin conflict)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Streamlit upload now matches MetaBlogizer KISS pattern:
- Auto-detects ZIP files by magic bytes (PK header)
- Extracts app.py from ZIP archives automatically
- Adds UTF-8 encoding declaration to Python files
- Installs requirements.txt dependencies in background
- Restarts instance on re-upload for immediate update
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Upload modal now defaults to replacing index.html
- "Set as index" checkbox checked by default
- Uncheck to use original filename (shows destination field)
- Fixes issue where uploads weren't updating main page
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed button logic from exp.vhost_exists to exp.emancipated
- Non-emancipated sites now correctly show "Expose" button
- Emancipated sites show "Unpublish" button
- vhost_exists was incorrectly true for some non-emancipated sites
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add auto-republish to method_upload_file (was only in upload_finalize)
- Add Gitea push to cmd_publish when gitea.enabled=1
- Use haproxyctl reload instead of init.d (container-aware)
- Uploaded content now triggers full republish flow for emancipated sites
This fixes the issue where uploading new HTML content didn't update
the live site because republish wasn't triggered.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New RPC method `change_password` in luci.secubox-users
- Verifies current password before allowing change
- Syncs new password to all enabled services (email, jabber, nextcloud)
- Matrix/PeerTube require manual password update (noted in response)
- Portal UI updates:
- New "Account" section with "Change Password" card
- Password change modal with current/new/confirm fields
- "My Services" card showing enabled services
- ACL updated to include new authentication methods
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move UCI domain update BEFORE slow haproxyctl reload (prevents RPC timeout)
- Run HAProxy generate/reload/cert in background subshell
- Fix vhost name encoding: use tr '.-' '_' (matches streamlitctl)
- Use sed instead of jq for mitmproxy routes (jq may not be installed)
- Tested: domain edit returns immediately, UCI updated correctly
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Show domain column with editable input for non-exposed instances
- Show clickable domain link + edit button for exposed instances
- Add editDomain modal for changing domain on exposed instances
- Domain input pre-filled with default (id.gk2.secubox.in)
- Separate Status column for SSL/WAF badges
- Update API to support domain parameter in renameInstance
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update _emancipate_haproxy() to use mitmproxy_inspector backend
- Add mitmproxy route entries for domain -> streamlit port
- Aligns CLI behavior with RPCD emancipate_instance
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add auto Gitea push on emancipate and app rename
- Route emancipated instances through mitmproxy_inspector (WAF) by default
- Add mitmproxy route entries for domains
- Enhanced rename_app to actually rename folders/files
- Enhanced rename_instance to update HAProxy vhost and mitmproxy routes
- Display WAF badge in dashboard for exposed instances
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add lxc_start_bg() and lxc_reload() functions for container management
- Replace all /etc/init.d/haproxy calls with container-aware functions
- Fix haproxy-sync-certs to use haproxyctl reload
- Host HAProxy init script disabled, container is sole handler
Resolves intermittent 404 errors caused by dual HAProxy instances.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add --version and --profile CLI options to secubox-cloner build command
- Add versions command to list available OpenWrt releases (24.10.5, 24.10.0, 23.05.5, 23.05.4)
- Add package profiles: slim (minimal), core (mesh essentials), full (clone current device)
- Add list_versions and list_build_profiles RPCD methods for LuCI
- Update build_image RPCD to accept version and profile parameters
- Update ACL permissions for new read methods
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replaces unreliable nohup-based remote flash with staged approach:
1. remote_prepare_flash: Upload image + store options
2. remote_confirm_flash: Execute sysupgrade directly
3. remote_flash_status: Check flash state
4. remote_cancel_flash: Abort pending flash
Key fixes:
- Use /tmp for firmware (large tmpfs vs small rootfs)
- Direct sysupgrade execution (no nohup, works on OpenWrt)
- Proper dbclient SSH without unavailable commands
- Background job with & instead of nohup
Tested: x86_64 VM successfully flashed from 24.10.5 to 24.10.0
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Factory tab to Cloning Station with:
- Discovery Mode toggle (enable/disable zero-touch provisioning)
- Pending Devices list with approve/reject and profile assignment
- Bulk Token Generator (1-50 tokens with profile selection)
- Hardware Inventory table (MAC, Model, CPU, RAM, Storage)
Implementation:
- 8 RPC declarations for factory methods
- 5 state properties for factory data
- 5 render functions, 6 event handlers
- Factory data polling in 5-second refresh cycle when on tab
- KISS theme UI components throughout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes Roundcube IMAP "Internal error occurred" caused by Dovecot
running mail processes as uid 102 (Alpine default) instead of the
actual vmail user uid 5000.
Changes:
- configure_postfix: virtual_uid_maps/gid_maps 102/105 → 5000/5000
- configure_dovecot: mail_uid/gid, first_valid_uid, userdb args
- cmd_add_user: passwd file entries and ownership
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add inventory.sh for hardware inventory collection (MAC, serial, model, CPU, RAM, storage)
- Add profiles.sh for profile management and device matching
- Add default.json profile template for auto-provisioned peers
- Add discovery mode to master-link.sh with pending queue and approval workflow
- Add bulk token generation (up to 100 tokens per batch)
- Enhance 50-secubox-clone-provision with inventory collection and discovery join
- Add 9 new RPCD methods to luci.cloner for factory provisioning
- Fix p2p-mesh.sh to be silent when sourced as library
- Add UCI options: discovery_mode, auto_approve_known, discovery_window, default_profile
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
P2P Mesh Intelligence implementation:
- Add ZKP trust bonus (+20) for verified peers in IOC validation
- Create blockchain.sh for permanent threat_ioc and ioc_feedback blocks
- Create feedback.sh for IOC effectiveness tracking and reputation updates
- Enhance gossip.sh IOC handler with ZKP-validated trust checks
- Add SCORE_IOC_EFFECTIVE (+5) and SCORE_IOC_FALSE_POSITIVE (-8) to reputation
- Add zkp_trust_bonus and feedback config options
fix(mailserver): Correct vmail UID from 102 to 5000
Dovecot was using wrong UID (102/redis instead of 5000/vmail) causing
permission denied errors when accessing mailboxes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed _check_interval from 10 to 1 to ensure new routes are picked up
immediately when the haproxy-routes.json file is updated.
This fixes the quick publish flow where new sites weren't accessible
immediately because mitmproxy only checked for route changes every
10 requests.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When MetaBlogizer creates HAProxy vhosts, it routes through mitmproxy_inspector
for WAF inspection. However, mitmproxyctl sync-routes needs the original_backend
field to determine where to forward traffic after WAF inspection.
Without original_backend, sites would return 404 after upload because mitmproxy
had no route to forward traffic to the actual backend.
This fix adds original_backend=$backend_name to all 3 vhost creation locations:
- method_create_site (line 491)
- method_emancipate_site (line 1210)
- method_upload_and_create_site (line 2001)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Upload workflow now works without needing to unpublish/expose again.
The reload_haproxy() function now calls mitmproxyctl sync-routes to
ensure mitmproxy picks up new routes immediately after vhost creation.
Root cause: Upload created HAProxy vhost and mitmproxy route file entry,
but mitmproxy never received a reload signal to activate the route.
Running emancipate fixed it because it called mitmproxyctl sync-routes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- metablogizer: reload_haproxy() now copies config to /etc/haproxy.cfg
- haproxyctl: generate_config() syncs to /etc/haproxy.cfg after generation
- Fixes issue where newly uploaded sites return 404 because HAProxy
reads config from /etc/haproxy.cfg but config was only generated to
/srv/haproxy/config/haproxy.cfg
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
HAProxy runs on the host, not in an LXC container. The LED pulse
script was incorrectly checking `lxc-attach -n haproxy -- pgrep haproxy`
which always failed, causing constant SPUNK ALERT red LED flashing.
Changed to check host process directly with `pgrep haproxy`.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move kiss-theme.js from luci-app-secubox-portal to theme package
- Bump theme version to 0.4.8
- Prevents file conflict between packages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add convert_to_qcow2() function using qemu-img
- Add QCOW2_FILE output path variable
- Create proxmox-import.sh helper script for easy VM import
- Update distribution package to include QCOW2 and Proxmox script
- Add Proxmox VE instructions to README
- Update usage help with QCOW2 output
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add extra_media_paths UCI option for additional bind mounts
- Supports both simple paths (/mnt/usb) and mapped paths (host:container)
- Automatically skips non-existent paths with info message
Example UCI config:
option extra_media_paths '/mnt/sdb1:/mnt/usb /mnt/nas:/mnt/nas'
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove cgroup:mixed from mount.auto (incompatible with cgroup v2)
- Add lxc.net.0.type = none for proper host network sharing
- Add lxc.seccomp.profile = and lxc.autodev = 1 for cgroup v2
Fixes container startup failure with "Failed to mount /sys/fs/cgroup"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BusyBox ash's read command collapses consecutive tab delimiters,
causing the protected field to end up in the wrong variable.
Fix: Use "-" as placeholder for empty fields, then strip it when reading.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add lock badge CSS for protected site cards
- Add login banner for unauthenticated users
- Detect auth_required flag from metablogizer UCI config
- Hide protected cards until sessionStorage token present
- Filter respects authentication state in search and category views
Works with secubox-core portal-auth system.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sites on *.gk2.secubox.in were failing because HAProxy couldn't match
the SNI to the correct certificate. New add_haproxy_cert() helper:
- Extracts base domain from subdomain
- Creates UCI cert entry mapping domain to wildcard cert file
- Applied to all vhost creation paths (create, upload, republish)
Sites now work immediately after one-click deploy without manual
certificate configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace fragile sed-based JSON manipulation with Python for adding
mitmproxy routes. The new add_mitmproxy_route() helper function:
- Updates both /srv/mitmproxy/ and /srv/mitmproxy-in/ routes files
- Uses proper JSON parsing instead of string substitution
- Ensures sites are immediately accessible after one-click deploy
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When editing a site and changing its domain, automatically:
- Remove the old HAProxy vhost for the previous domain
- Create a new vhost for the new domain with priority=50
- Regenerate and reload HAProxy configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add inline Edit button for each site in the dashboard allowing users
to modify site name, domain, description, and enabled status directly
from the overview page without navigating to settings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New package secubox-app-talk-hpb:
- Docker-based signaling server and Janus WebRTC gateway
- Auto-generates TURN/SIGNALING/INTERNAL secrets
- Creates HAProxy vhost with SSL/ACME
- STUN/TURN server with UDP+TCP support
- CLI tool: talk-hpbctl setup/status/test/logs
Hub generator v5:
- Add PeerTube videos with thumbnails and duration badges
- Fix Streamlit instance detection (=instance vs =app)
- Total count now: sites + streamlit + videos
MetaBlogizer fix:
- Add priority=50 to new vhosts to prevent wildcard catch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Multi-view portal with grid/list/compact modes
- Automatic site categorization (Intelligence, Dev, Finance, etc.)
- Iframe thumbnail previews of real site content
- Tag cloud and category tabs with emoji indicators
- Instant search by domain/name/category
- Auto-refresh via cron every 5 minutes
- Created explicit vhosts for 54 MetaBlogizer sites
- Fixed wildcard routing priority
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Both create_site_from_upload and upload_and_create_site were missing
HAProxy vhost creation step (step 8 from create_site method).
Changes:
- Add vhost creation with backend=mitmproxy_inspector for WAF routing
- Add mitmproxy route to /srv/mitmproxy-in/haproxy-routes.json
- Apply same fix to original create_site method for consistency
This ensures all MetaBlogizer uploaded sites are immediately accessible
via HTTPS and all traffic passes through WAF inspection.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add create_site_from_upload RPC method for chunked site creation
- Modify JS api to auto-chunk files >40KB (ubus message size limit)
- Upload chunks sequentially via upload_chunk, then finalize with
create_site_from_upload
- Add no_cache vhost option to haproxyctl for cache-control headers
- Fix large file upload failures caused by shell argument size limits
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed glob pattern from ${slug}*.vtt to *.vtt to catch all subtitle files
- Fixed language extraction regex to work with any filename format
- Redirected yt-dlp subtitle output to stderr
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New peertube-import script for importing from YouTube, Vimeo, 1000+ sites
- CGI endpoints for portal integration (peertube-import, peertube-import-status)
- Portal UI: Video Import card with progress tracking
- Multi-language subtitle download and PeerTube caption upload
- Fixed stdout/stderr separation for reliable function returns
- UCI config: uses peertube.admin.username/password
- Package version bumped to 1.2.0
- Added README.md with full documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PeerTube videos don't include the automatic_captions field in their
yt-dlp JSON output. The jq filter was attempting (.automatic_captions | keys)
which fails with "null (null) has no keys" when the field is missing.
Fixed by adding null-coalescing: ((.automatic_captions // {}) | keys)
Also applied same fix to subtitles field for consistency.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New CLI: peertube-analyse
- Extract video metadata via yt-dlp
- Download existing PeerTube subtitles (VTT)
- Fallback to Whisper local transcription (medium model)
- Claude AI analysis with structured intelligence report
Features:
- POSIX-compatible (OpenWrt, Alpine, Debian)
- Modular pipeline with graceful degradation
- Colored terminal output with status indicators
- Configurable Whisper model and language
- Truncation for large transcripts (12k chars)
CLI flags:
--url <url> Video URL
--no-whisper Subtitles only
--force-whisper Force transcription
--no-analyse Skip Claude analysis
--model <name> Whisper model
--lang <code> Language code
Output structure:
./output/<slug>/
├── <slug>.meta.json
├── <slug>.transcript.txt
└── <slug>.analyse.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New packages:
- luci-app-webradio: Web radio management with Lyrion bridge tab
- luci-app-turn: TURN/STUN server UI for WebRTC (Jitsi integration)
- secubox-app-lyrion-bridge: Lyrion → Squeezelite → FFmpeg → Icecast pipeline
- secubox-app-squeezelite: Squeezelite audio player with FIFO output
- secubox-app-turn: TURN server with ACME SSL and Jitsi setup
- secubox-app-webradio: Icecast/ezstream web radio server
Features:
- HTTPS streaming via HAProxy (stream.gk2.secubox.in)
- Lyrion Music Server bridge for streaming playlists to Icecast
- TURN server with time-limited credential generation
- CrowdSec integration for WebRadio security
- Schedule-based radio programming with jingles
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use SecuBox blue cyberpunk theme (matching login.html)
- Check secubox_token for authentication, redirect to login.html if missing
- Add Guacamole to administration services
- Consistent styling across all portal pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add login.html with RPCD authentication via luci.secubox-users
- Add reset.html for token-based password recovery
- Both pages use SecuBox cyberpunk dark theme
- Default password: Secubox@2026
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Portal login now authenticates against SecuBox users (UCI config)
instead of hardcoded credentials.
New RPCD methods in luci.secubox-users:
- authenticate: Verify username/password, return session token
- recover: Send password reset email
- reset_password: Set new password with recovery token
Portal pages:
- login.html: Login form with password recovery link
- reset.html: Password reset form (from email link)
Features:
- SHA256 password hashing
- Session tokens stored in /tmp/secubox-sessions/
- Email-based password recovery via mailctl
- Public ACL access (no LuCI login required)
- Passwords synced to services if sync_passwords=1
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add upload_and_create_site: one-click deploy with auto HAProxy setup
- Add unpublish_site: remove HAProxy vhost while preserving content
- Add set_auth_required: toggle authentication requirement per site
- Add get_sites_exposure_status: exposure/cert status for all sites
- Simplify dashboard to KISS UI pattern with status badges
- Action buttons: Share, Upload, Expose/Unpublish, Lock/Unlock, Delete
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reduce dashboard from ~1000 to ~400 lines following MetaBlogizer pattern:
- Replace cbi-value divs with simple status table
- Compact instances table with Enable/Disable/Expose/Delete actions
- Compact apps table with Edit/Delete actions
- Inline forms for adding instances and uploading files
- Remove Gitea section and rename functions
- Cleaner emancipate modal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Videos imported via yt-dlp are now automatically uploaded to PeerTube:
- OAuth authentication using UCI-stored admin credentials
- Video upload via PeerTube REST API
- Real-time job status polling with import_job_status method
- Progress indicator in LuCI UI
- Automatic cleanup of temp files
New RPCD method: import_job_status for polling job progress.
Version bumped to 1.1.0.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The IP Blocklist backend package was missing from the feed.
Manually built and added the IPK since wget-ssl dependency
failed to build in the SDK.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace jsonfilter with grep for CrowdSec decision counting
- Add ipset existence check before listing blocked IPs
- Add safety fallbacks for empty/invalid counts
- Bump version to 0.5.2-r2
The jsonfilter -e '@[*]' approach failed with CrowdSec's
multi-line JSON output, causing exit code 251 errors.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Return Mbps as decimal strings instead of integers (shows 0.45 instead of 0)
- Replace iptables tracking with conntrack/nftables for per-client bytes
- Works with nftables kernel that has no iptables compatibility
Note: Add cron job for historical data: */5 * * * * ubus call luci.bandwidth-manager record_stats
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The CrowdSec dashboard was reading from /srv/mitmproxy/threats.log
but the WAF input instance writes to /srv/mitmproxy-in/threats.log.
Fixed paths:
- threats.log: /srv/mitmproxy -> /srv/mitmproxy-in
- autoban-processed.log: /srv/mitmproxy -> /srv/mitmproxy-in
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Portal page with all service links using *.gk2.secubox.in format
- User guide with updated gk2 subdomain URLs
- Guide link added to login page bottom
- HAProxy vhost configured for portal.secubox.in
- WAF routing enabled through mitmproxy
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add upload.js wizard with multi-target publishing (HexoJS, Gitea, Streamlit, MetaBlogizer)
- Add submit.js for user content submission with moderation workflow
- Add moderation RPCD methods: submit_for_review, list_pending, approve_submission, reject_submission
- Update ACL with new moderation permissions
- Add menu entries for Upload and Submit & Moderate views
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add MixMonitor integration for automatic call recording
- Add voipctl rec commands: enable/disable/status/list/play/download/delete/cleanup
- Add recordings.js LuCI view with audio player and date filtering
- Add RPCD methods for recording management
- Add UCI config section for recording settings (format, retention)
- Fix OVH API signature to use openssl instead of sha1sum
- Improve PJSIP trunk config with realm and qualify settings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add luci-app-voip, luci-app-jabber, luci-app-jitsi, luci-app-mail,
luci-app-nextcloud, luci-app-webradio to AI & Communication category.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Jingle VoIP, SMS Relay, and Voicemail Notifications sections to
the Jabber overview.js. Expose 9 new RPC methods in api.js for VoIP
control. Also includes remaining VoIP package updates (dialer view,
asterisk-config.sh) from previous session.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Asterisk was removed from Debian Bookworm main repositories.
Added Bullseye repo with pinning to install asterisk packages.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New packages:
- secubox-app-voip: Asterisk PBX in LXC container
- luci-app-voip: Dashboard with extensions, trunks, click-to-call
VoIP features:
- voipctl CLI for container, extensions, trunks, calls, voicemail
- OVH Telephony API auto-provisioning for SIP trunks
- Click-to-call web interface with quick dial
- RPCD backend with 15 methods
Jabber VoIP integration:
- Jingle VoIP support (STUN/TURN via mod_external_services)
- SMS relay via OVH (messages to sms@domain)
- Voicemail notifications via Asterisk AMI → XMPP
- 9 new RPCD methods for VoIP features
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add webchat setup with Converse.js for browser-based chat access
- Fix Prosody HTTP binding to all interfaces (not just localhost)
- Add http_interfaces and https_interfaces to config
- Run Prosody as prosody user to avoid root permission issues
- Add /chat/ path for webchat served by Prosody http_files module
- Mount webchat directory in LXC container for easy customization
- Update install/emancipate output to show webchat URL
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Run Prosody as prosody user (not root) via su -s /bin/sh
- Fix process detection to look for lua.*prosody pattern
- Generate SSL certs using openssl instead of prosodyctl
- Remove deprecated cross_domain_websocket option
- Create config file before certificate generation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New packages:
- secubox-app-jabber: LXC-based Prosody XMPP server with:
- Debian Bookworm container
- Full XMPP support (C2S, S2S, MUC, MAM)
- HTTP upload for file sharing
- BOSH and WebSocket for web clients
- SSL/TLS encryption
- User and room management via jabberctl
- luci-app-jabber: LuCI dashboard with:
- Status overview and service controls
- User management (add/delete)
- Emancipate workflow (HAProxy + SSL + DNS)
- Connection info display
- Log viewer
CLI commands:
jabberctl install/uninstall/start/stop/status
jabberctl user add/del/passwd/list
jabberctl room create/delete/list
jabberctl emancipate <domain>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Install yt-dlp in PeerTube LXC container for video downloads
- Add RPCD methods: import_video, import_status
- Add UI section with URL input and download button
- Support YouTube, Vimeo, and 1000+ video sites
- Download videos to import folder for PeerTube admin upload
- Show download status and video count
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security KISS Dashboard:
- Add ndpid (nDPI daemon) to RPCD status method
- Add ndpid to services monitoring array (6 services total)
APPS Portal:
- Add Streamlit to Services category (Python data apps)
- Add MetaBlogizer to Services category (AI blog generation)
Also includes secubox-cloner enhancements from earlier session.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add wazuh_running status check to RPCD handler
- Display Wazuh alongside CrowdSec, netifyd, mitmproxy in dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete WebRadio management interface for OpenWrt:
- Dashboard with server status, listeners, now playing
- Icecast/Ezstream server configuration
- Playlist management with shuffle/upload
- Programming grid scheduler with jingle support
- Live audio input via DarkIce (ALSA)
- Security: SSL/TLS, rate limiting, CrowdSec integration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
