secubox-openwrt

gandalf/secubox-openwrt

Fork 0

Commit Graph

Author	SHA1	Message	Date
CyberMind-FR	8015d790e0	feat(cloner): Add SecuBox Station Cloner/Deployer Host-side orchestrator (secubox-clone-station.sh): - Dual USB serial control with MOKATOOL integration - ASU API firmware building for clone images - TFTP serving with auto-generated U-Boot commands - Full workflow: detect → pull → flash → verify On-device CLI (secubox-cloner): - Build ext4 images for same device type - TFTP server management via dnsmasq - Clone token generation with auto-approve - Integration with master-link mesh onboarding First-boot provisioning (50-secubox-clone-provision): - Partition resize to full disk (parted + resize2fs) - Master discovery via mDNS/network scan - Automatic mesh join with pre-approved tokens Master-link enhancements: - ml_clone_token_generate() for 24h auto-approve tokens - ml_token_is_auto_approve() for token type detection - Auto-approve logic in join request handler SecuBox CLI additions: - secubox clone (build, serve, token, status, list, export) - secubox master-link (status, peers, token, join, approve) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-08 06:52:59 +01:00
CyberMind-FR	549c0425e7	feat: Stats evolution, LED tri-color pulse, Widget Fabricator Stats Collection: - Add unified secubox-stats-collector for crowdsec/mitmproxy/firewall - Add secubox-status-json and metablogizer-json for landing page - JSON cache files in /tmp/secubox/ for double-buffer status LED Pulse Daemon: - Tri-color status sync matching control panel (Health/CPU/Memory) - SPUNK ALERT mode for critical service failures (HAProxy/CrowdSec down) - Integrated into secubox-core init.d for auto-start on boot Landing Page: - Add Blogaliser section with MetaBlogizer sites - Add health indicators (green/yellow/red status dots) - Add security stats (dropped, bans, connections) Streamlit Enhancements: - Add test_upload RPCD method for upload validation - Add reupload button for replacing existing apps - Add secubox_control.py reading from cache (LXC-compatible) - Update ACL and API for new methods HAProxy Fixes: - Fix invalid use_backend entries (IP:port -> backend names) - Add streamlit_hello backend - Save routing to UCI config for persistence Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-06 20:43:45 +01:00
CyberMind-FR	d2f56e0aab	feat(secubox-core): implement modular framework foundation v0.8.0 Add comprehensive SecuBox Core Framework - production-ready modular infrastructure for OpenWrt-based security appliances. ## Core Components ### Service Infrastructure - procd-managed secubox-core daemon - UCI configuration schema (/etc/config/secubox) - First-boot provisioning system - Automatic directory structure creation - Device ID generation ### CLI Interface (secubox) Complete command-line interface with 6 main commands: - app: Module/AppStore management - profile: Profile and template engine - device: Device operations and info - net: Network management tools - diag: Diagnostics and health checks - ai: AI copilot stub (experimental) ### Module Management (AppStore) - Catalog-based module discovery (22 modules) - Installation/removal workflows - Dependency resolution via opkg - Lifecycle hooks (pre/post install/remove) - Module health monitoring - JSON and table output formats ### Profile Engine - Declarative configuration (YAML/JSON) - Module orchestration - UCI override system - Dry-run validation - Configuration export ### Diagnostics System - CPU, memory, storage monitoring - Network connectivity tests - Service health checks - Configurable thresholds - Color-coded output - Diagnostic report generation ### Recovery System - Automatic snapshot creation - Configuration backup/restore - Rollback capability - Interactive recovery mode - Snapshot management (keep last 5) ### ubus RPC API (luci.secubox) Complete RPC interface with 20+ methods: - getStatus, getVersion, reload - getModules, installModule, removeModule - listProfiles, applyProfile, validateProfile - runDiagnostics, getHealth, getLogs - createSnapshot, restoreSnapshot, listSnapshots ### Supporting Tools - secubox-verify: Module signature verification - common.sh: Shared helper functions - Example profiles ## Technical Details Package: secubox-core v0.8.0 Dependencies: bash, libubox, libubus, libuci, rpcd, jsonfilter Size: ~85KB (source) Memory: ~16MB footprint Files: 16 files total ## Architecture Native OpenWrt integration: - procd for service management - ubus for RPC communication - UCI for configuration - opkg for package management - BusyBox-compatible scripts ## Module Discovery Automatically discovers 22 existing SecuBox modules: - adguardhome, auth-guardian, bandwidth-manager - cdn-cache, client-guardian, crowdsec-dashboard - domoticz, ksm-manager, lyrion, magicmirror - media-flow, mqtt-bridge, netdata-dashboard - netifyd-dashboard, network-modes, nextcloud - secubox-hub, system-hub, traffic-shaper - vhost-manager, wireguard-dashboard, zigbee2mqtt ## Deployment Status ✅ Tested on router (root@192.168.8.191) ✅ All core functionality verified ✅ Module discovery working (22/22) ✅ ubus API operational ✅ Health checks passing ✅ Recovery system functional ## Documentation - README.md: Comprehensive user documentation (11KB) - IMPLEMENTATION.md: Technical implementation details (16KB) - Example profile: home-basic.json ## Next Phase (v0.9.0) - LuCI WebUI integration - Enhanced profile templating - Module installation workflows - Dashboard views 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-01 16:21:45 +01:00

Author

SHA1

Message

Date

CyberMind-FR

8015d790e0

feat(cloner): Add SecuBox Station Cloner/Deployer

Host-side orchestrator (secubox-clone-station.sh):
- Dual USB serial control with MOKATOOL integration
- ASU API firmware building for clone images
- TFTP serving with auto-generated U-Boot commands
- Full workflow: detect → pull → flash → verify

On-device CLI (secubox-cloner):
- Build ext4 images for same device type
- TFTP server management via dnsmasq
- Clone token generation with auto-approve
- Integration with master-link mesh onboarding

First-boot provisioning (50-secubox-clone-provision):
- Partition resize to full disk (parted + resize2fs)
- Master discovery via mDNS/network scan
- Automatic mesh join with pre-approved tokens

Master-link enhancements:
- ml_clone_token_generate() for 24h auto-approve tokens
- ml_token_is_auto_approve() for token type detection
- Auto-approve logic in join request handler

SecuBox CLI additions:
- secubox clone (build, serve, token, status, list, export)
- secubox master-link (status, peers, token, join, approve)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-08 06:52:59 +01:00

CyberMind-FR

549c0425e7

feat: Stats evolution, LED tri-color pulse, Widget Fabricator

Stats Collection:
- Add unified secubox-stats-collector for crowdsec/mitmproxy/firewall
- Add secubox-status-json and metablogizer-json for landing page
- JSON cache files in /tmp/secubox/ for double-buffer status

LED Pulse Daemon:
- Tri-color status sync matching control panel (Health/CPU/Memory)
- SPUNK ALERT mode for critical service failures (HAProxy/CrowdSec down)
- Integrated into secubox-core init.d for auto-start on boot

Landing Page:
- Add Blogaliser section with MetaBlogizer sites
- Add health indicators (green/yellow/red status dots)
- Add security stats (dropped, bans, connections)

Streamlit Enhancements:
- Add test_upload RPCD method for upload validation
- Add reupload button for replacing existing apps
- Add secubox_control.py reading from cache (LXC-compatible)
- Update ACL and API for new methods

HAProxy Fixes:
- Fix invalid use_backend entries (IP:port -> backend names)
- Add streamlit_hello backend
- Save routing to UCI config for persistence

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-06 20:43:45 +01:00

CyberMind-FR

d2f56e0aab

feat(secubox-core): implement modular framework foundation v0.8.0

Add comprehensive SecuBox Core Framework - production-ready modular
infrastructure for OpenWrt-based security appliances.

## Core Components

### Service Infrastructure
- procd-managed secubox-core daemon
- UCI configuration schema (/etc/config/secubox)
- First-boot provisioning system
- Automatic directory structure creation
- Device ID generation

### CLI Interface (secubox)
Complete command-line interface with 6 main commands:
- app: Module/AppStore management
- profile: Profile and template engine
- device: Device operations and info
- net: Network management tools
- diag: Diagnostics and health checks
- ai: AI copilot stub (experimental)

### Module Management (AppStore)
- Catalog-based module discovery (22 modules)
- Installation/removal workflows
- Dependency resolution via opkg
- Lifecycle hooks (pre/post install/remove)
- Module health monitoring
- JSON and table output formats

### Profile Engine
- Declarative configuration (YAML/JSON)
- Module orchestration
- UCI override system
- Dry-run validation
- Configuration export

### Diagnostics System
- CPU, memory, storage monitoring
- Network connectivity tests
- Service health checks
- Configurable thresholds
- Color-coded output
- Diagnostic report generation

### Recovery System
- Automatic snapshot creation
- Configuration backup/restore
- Rollback capability
- Interactive recovery mode
- Snapshot management (keep last 5)

### ubus RPC API (luci.secubox)
Complete RPC interface with 20+ methods:
- getStatus, getVersion, reload
- getModules, installModule, removeModule
- listProfiles, applyProfile, validateProfile
- runDiagnostics, getHealth, getLogs
- createSnapshot, restoreSnapshot, listSnapshots

### Supporting Tools
- secubox-verify: Module signature verification
- common.sh: Shared helper functions
- Example profiles

## Technical Details

**Package**: secubox-core v0.8.0
**Dependencies**: bash, libubox, libubus, libuci, rpcd, jsonfilter
**Size**: ~85KB (source)
**Memory**: ~16MB footprint
**Files**: 16 files total

## Architecture

Native OpenWrt integration:
- procd for service management
- ubus for RPC communication
- UCI for configuration
- opkg for package management
- BusyBox-compatible scripts

## Module Discovery

Automatically discovers 22 existing SecuBox modules:
- adguardhome, auth-guardian, bandwidth-manager
- cdn-cache, client-guardian, crowdsec-dashboard
- domoticz, ksm-manager, lyrion, magicmirror
- media-flow, mqtt-bridge, netdata-dashboard
- netifyd-dashboard, network-modes, nextcloud
- secubox-hub, system-hub, traffic-shaper
- vhost-manager, wireguard-dashboard, zigbee2mqtt

## Deployment Status

✅ Tested on router (root@192.168.8.191)
✅ All core functionality verified
✅ Module discovery working (22/22)
✅ ubus API operational
✅ Health checks passing
✅ Recovery system functional

## Documentation

- README.md: Comprehensive user documentation (11KB)
- IMPLEMENTATION.md: Technical implementation details (16KB)
- Example profile: home-basic.json

## Next Phase (v0.9.0)

- LuCI WebUI integration
- Enhanced profile templating
- Module installation workflows
- Dashboard views

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-01-01 16:21:45 +01:00

3 Commits