secubox-openwrt

Author	SHA1	Message	Date
CyberMind-FR	8769a60275	feat(sbom): Add CRA Annex I compliant SBOM pipeline Implements comprehensive Software Bill of Materials generation for EU Cyber Resilience Act compliance with ANSSI CSPN certification path. SBOM Pipeline: - scripts/check-sbom-prereqs.sh: Prerequisites validation (OpenWrt, tools, Kconfig) - scripts/sbom-generate.sh: Multi-source SBOM generation (native, feed, rootfs, firmware) - scripts/sbom-audit-feed.sh: PKG_HASH/PKG_LICENSE feed audit with MANIFEST.md - Makefile: SBOM targets (sbom, sbom-quick, sbom-validate, sbom-scan, sbom-audit) - .github/workflows/sbom-release.yml: CI with CVE gating and auto-security issues Documentation: - SECURITY.md: CRA Art. 13 §6 compliant vulnerability disclosure policy - docs/sbom-pipeline.md: Architecture, CRA mapping, ANSSI CSPN guidance AI Gateway (bonus feed): - secubox-ai-gateway: 3-tier data classification (LOCAL_ONLY/SANITIZED/CLOUD_DIRECT) - luci-app-ai-gateway: LuCI dashboard with provider management and audit logging Output formats: CycloneDX 1.6 (primary) + SPDX 2.3 (secondary) Tools: syft, grype, cyclonedx-cli (auto-installed if missing) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-04 08:01:00 +01:00
CyberMind-FR	4a0ab9530f	feat(mesh): Yggdrasil extended peer discovery + bugfixes ## New Features - secubox-app-yggdrasil-discovery: Mesh peer discovery via gossip protocol - yggctl CLI: status, self, peers, announce, discover, bootstrap - Auto-peering with trust verification (master-link fingerprint) - Daemon for periodic announcements ## Bug Fixes - tor-shield: Fix opkg downloads failing when Tor active - DNS over Tor disabled by default - Auto-exclude public DNS servers from iptables rules - Excluded domains bypass list (openwrt.org, pool.ntp.org, etc.) - haproxy: Fix portal 503 "End of Internet" error - Corrected malformed vhost backend configuration - Regenerated HAProxy config from UCI - luci-app-nextcloud: Fix users list showing empty - RPC expect clause was extracting array, render expected object ## Updated - Bonus feed: All IPKs rebuilt - Documentation: HISTORY.md, WIP.md, TODO.md updated Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-28 17:32:41 +01:00
CyberMind-FR	5d905c23ac	feat(openclaw): Add Google Gemini API support - Added gemini provider with models: gemini-1.5-flash, gemini-1.5-pro, gemini-pro - Updated RPCD handler with Gemini API endpoint - Updated settings.js with Google AI Studio link - Updated chat.js to parse Gemini response format - Changed Ollama default URL to LocalAI (port 8091) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-27 11:47:17 +01:00
CyberMind-FR	29e2eac616	fix(haproxy): Sync generated config to /etc/haproxy.cfg - metablogizer: reload_haproxy() now copies config to /etc/haproxy.cfg - haproxyctl: generate_config() syncs to /etc/haproxy.cfg after generation - Fixes issue where newly uploaded sites return 404 because HAProxy reads config from /etc/haproxy.cfg but config was only generated to /srv/haproxy/config/haproxy.cfg Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-24 08:02:42 +01:00
CyberMind-FR	08ebaefafb	feat(portal): Add login and password reset pages for SSO - Add login.html with RPCD authentication via luci.secubox-users - Add reset.html for token-based password recovery - Both pages use SecuBox cyberpunk dark theme - Default password: Secubox@2026 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-21 13:21:15 +01:00
CyberMind-FR	b2ec879814	fix(feed): Add missing secubox-app-ipblocklist backend package The IP Blocklist backend package was missing from the feed. Manually built and added the IPK since wget-ssl dependency failed to build in the SDK. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-21 07:52:09 +01:00
CyberMind-FR	f9f2be9252	fix(system-hub): Fix get_denoise_stats RPCD returning no response - Replace jsonfilter with grep for CrowdSec decision counting - Add ipset existence check before listing blocked IPs - Add safety fallbacks for empty/invalid counts - Bump version to 0.5.2-r2 The jsonfilter -e '@[*]' approach failed with CrowdSec's multi-line JSON output, causing exit code 251 errors. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-21 07:05:24 +01:00
CyberMind-FR	58220065b5	feat(v0.23.0): Matrix homeserver, SaaS Relay CDN caching, Media Hub dashboard Matrix Homeserver (Conduit): - E2EE mesh messaging using Conduit v0.10.12 in LXC container - matrixctl CLI: install/uninstall, user/room management, federation - luci-app-matrix: status cards, user form, emancipate, mesh publish - RPCD backend with 17 methods - Identity (DID) integration and P2P mesh publication SaaS Relay CDN Caching & Session Replay: - CDN cache profiles: minimal, gandalf (default), aggressive - Session replay modes: shared, per_user, master - saasctl cache/session commands for management - Enhanced mitmproxy addon (415 lines) with response caching Media Services Hub Dashboard: - Unified dashboard at /admin/services/media-hub - Category-organized cards (streaming, conferencing, apps, etc.) - Service status indicators with start/stop/restart controls - RPCD backend querying 8 media services Also includes: - HexoJS static upload workflow and multi-user auth - Jitsi config.js Promise handling fix - Feed package updates Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-20 11:44:26 +01:00
CyberMind-FR	b6747c197e	feat(security): Add instant ban feature and user management - Add enhanced instant ban for critical threats (SQL injection, CVE exploits, RCE) - CrowdSec trigger scenario for single-hit bans on severity=critical - Instant ban daemon (10s polling) for rapid response - UCI options: instant_ban_enabled, instant_ban_duration (48h default) - WAF addon updated to route critical threats to instant-ban.log - Add centralized user management (secubox-core-users, luci-app-secubox-users) - CLI tool: secubox-users add/del/passwd/list/sync/status - LuCI dashboard under System > SecuBox Users - Unified user provisioning across Nextcloud, PeerTube, Matrix, Jabber, Email - Add Matrix/Conduit integration (secubox-app-matrix, luci-app-matrix) - LXC-based Conduit homeserver deployment - Full RPCD handler with user/room management - HAProxy integration for federation - Add provision-users.sh script for bulk user creation - Update secubox-feed with new IPKs Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-19 20:17:28 +01:00
CyberMind-FR	b78ea3b683	fix(nextcloud): Fix LXC rootfs download and chroot mounts - Parse HTML directory listing instead of non-existent index.json - URL-encode colon in date path for LXC image server - Add mount_chroot_fs/umount_chroot_fs helpers for proper chroot - Mount /dev, /dev/pts, /proc, /sys before running apt - Remove php-smbclient (not in base repos) - Install gnupg/gpgv first for apt verification Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-16 08:02:01 +01:00
CyberMind-FR	ffb9fe3785	fix(peertube): Change default port from 9000 to 9001 Port 9000 is used by Lyrion music server. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-15 06:04:25 +01:00
CyberMind-FR	54d555206b	chore(feed): Update secubox-app-bonus local feed packages Regenerated Packages index with proper Filename fields for all ipk files. Updated all package versions to latest builds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-14 17:18:02 +01:00
CyberMind-FR	cd53d508fa	feat(jellyfin): Update to v3.0.0 with LXC-based deployment - Rebuilt secubox-app-jellyfin package with LXC controller - Updated package feed with new Jellyfin ipk - Synced all SecuBox packages to local feed Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-14 09:48:51 +01:00
CyberMind-FR	cac9fa3e4f	fix(mitmproxy): Fix false positives for legitimate browsers - Remove 'mozilla/5.0' from BOT_SIGNATURES - was flagging ALL modern browsers as bots since this is the standard UA prefix - Fix suspicious UA detection - no longer flags normal browsers - Increase CrowdSec bruteforce threshold from 5/30s to 10/60s to reduce false positives from normal login flows Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-14 05:51:53 +01:00

14 Commits