name: Build SecuBox VM Image (x86_64) on: # Manual trigger workflow_dispatch: inputs: openwrt_version: description: 'OpenWrt version' required: true default: '24.10.5' type: choice options: - '24.10.5' - '23.05.5' - 'SNAPSHOT' image_format: description: 'VM image format' required: true default: 'all' type: choice options: - all - vmdk - vdi - qcow2 rootfs_size: description: 'Root filesystem size (MB)' required: true default: '1024' type: choice options: - '512' - '1024' - '2048' - '4096' # Automatic trigger on version tags push: tags: - 'v*.*.*' - 'v*.*.*-vm' env: OPENWRT_VERSION: ${{ github.event.inputs.openwrt_version || '24.10.5' }} ROOTFS_SIZE: ${{ github.event.inputs.rootfs_size || '1024' }} permissions: contents: write jobs: # ============================================ # Build x86_64 VM firmware with SecuBox # ============================================ build-vm: runs-on: ubuntu-latest name: SecuBox VM (x86_64) steps: - name: Checkout SecuBox packages uses: actions/checkout@v4 - name: Free disk space run: | echo "๐Ÿงน Cleaning up disk space..." sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc sudo docker image prune --all --force df -h - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y \ build-essential clang flex bison g++ gawk \ gcc-multilib g++-multilib gettext git libncurses5-dev \ libssl-dev python3-setuptools python3-dev rsync \ swig unzip zlib1g-dev file wget curl qemu-utils ninja-build - name: Clone OpenWrt run: | if [[ "${{ env.OPENWRT_VERSION }}" == "SNAPSHOT" ]]; then git clone --depth 1 https://github.com/openwrt/openwrt.git openwrt else git clone --depth 1 --branch v${{ env.OPENWRT_VERSION }} \ https://github.com/openwrt/openwrt.git openwrt fi - name: Update feeds run: | cd openwrt # Remove unwanted feeds if [[ -f "feeds.conf.default" ]]; then sed -i '/telephony/d' feeds.conf.default sed -i '/routing/d' feeds.conf.default echo "โœ… Removed telephony and routing from feeds.conf.default" fi echo "๐Ÿ”„ Updating feeds..." if ! ./scripts/feeds update -a 2>&1 | tee feed-update.log; then echo "โš ๏ธ Feed update had errors:" tail -30 feed-update.log echo "Continuing anyway..." fi echo "๐Ÿ“ฆ Installing feeds..." if ! ./scripts/feeds install -a 2>&1 | tee feed-install.log; then echo "โš ๏ธ Feed install had warnings, checking directories..." fi # Verify feeds echo "๐Ÿ” Verifying feeds..." for feed in packages luci; do if [[ -d "feeds/$feed" ]]; then FEED_SIZE=$(du -sh "feeds/$feed" 2>/dev/null | cut -f1 || echo "?") echo " โœ… feeds/$feed ($FEED_SIZE)" else echo " โŒ feeds/$feed missing!" exit 1 fi done - name: Copy SecuBox packages run: | echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" echo "๐Ÿ“ฆ COPYING SECUBOX PACKAGES" echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" mkdir -p openwrt/package/secubox PKG_COUNT=0 # Copy top-level luci-app-* packages for pkg in luci-app-*/; do if [[ -d "$pkg" ]]; then PKG_NAME=$(basename "$pkg") echo " โœ… $PKG_NAME" cp -r "$pkg" openwrt/package/secubox/ # Fix Makefile include path if [[ -f "openwrt/package/secubox/$PKG_NAME/Makefile" ]]; then sed -i 's|include.*luci\.mk|include $(TOPDIR)/feeds/luci/luci.mk|' "openwrt/package/secubox/$PKG_NAME/Makefile" fi PKG_COUNT=$((PKG_COUNT + 1)) fi done # Copy package/secubox/* packages for pkg in package/secubox/*/; do if [[ -d "$pkg" ]]; then PKG_NAME=$(basename "$pkg") echo " โœ… $PKG_NAME (package/secubox)" cp -r "$pkg" openwrt/package/secubox/ # Fix Makefile include path for luci packages if [[ -f "openwrt/package/secubox/$PKG_NAME/Makefile" ]]; then sed -i 's|include.*luci\.mk|include $(TOPDIR)/feeds/luci/luci.mk|' "openwrt/package/secubox/$PKG_NAME/Makefile" fi PKG_COUNT=$((PKG_COUNT + 1)) fi done # Copy luci-theme-secubox if [[ -d "luci-theme-secubox" ]]; then echo " โœ… luci-theme-secubox" cp -r luci-theme-secubox openwrt/package/secubox/ sed -i 's|include.*luci\.mk|include $(TOPDIR)/feeds/luci/luci.mk|' "openwrt/package/secubox/luci-theme-secubox/Makefile" PKG_COUNT=$((PKG_COUNT + 1)) fi echo "" echo "๐Ÿ“Š Total: $PKG_COUNT SecuBox packages copied" echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" - name: Generate VM configuration run: | cd openwrt cat > .config << EOF # ============================================ # SecuBox VM x86_64 Configuration # ============================================ # Target: x86_64 (generic) CONFIG_TARGET_x86=y CONFIG_TARGET_x86_64=y CONFIG_TARGET_x86_64_DEVICE_generic=y # Image settings CONFIG_TARGET_ROOTFS_SQUASHFS=y CONFIG_TARGET_ROOTFS_EXT4FS=y CONFIG_TARGET_KERNEL_PARTSIZE=32 CONFIG_TARGET_ROOTFS_PARTSIZE=${{ env.ROOTFS_SIZE }} # VM image formats CONFIG_VMDK_IMAGES=y CONFIG_VDI_IMAGES=y CONFIG_QCOW2_IMAGES=y CONFIG_GRUB_EFI_IMAGES=y CONFIG_GRUB_IMAGES=y # Disable GDB # CONFIG_GDB is not set CONFIG_BUILD_LOG=y # ============================================ # Base System # ============================================ # LuCI CONFIG_PACKAGE_luci=y CONFIG_PACKAGE_luci-ssl=y CONFIG_PACKAGE_luci-app-opkg=y CONFIG_PACKAGE_luci-theme-openwrt-2020=y CONFIG_PACKAGE_luci-theme-secubox=y # DNS (dnsmasq-full only) # CONFIG_PACKAGE_dnsmasq is not set CONFIG_PACKAGE_dnsmasq-full=y # Networking CONFIG_PACKAGE_curl=y CONFIG_PACKAGE_wget-ssl=y CONFIG_PACKAGE_iptables=y CONFIG_PACKAGE_ip6tables=y CONFIG_PACKAGE_kmod-nft-core=y # VM Guest Tools CONFIG_PACKAGE_qemu-ga=y # Storage CONFIG_PACKAGE_kmod-fs-ext4=y CONFIG_PACKAGE_kmod-fs-vfat=y CONFIG_PACKAGE_block-mount=y CONFIG_PACKAGE_e2fsprogs=y CONFIG_PACKAGE_fdisk=y # Virtualization drivers CONFIG_PACKAGE_kmod-virtio-net=y CONFIG_PACKAGE_kmod-virtio-balloon=y CONFIG_PACKAGE_kmod-virtio-blk=y CONFIG_PACKAGE_kmod-virtio-pci=y CONFIG_PACKAGE_kmod-e1000=y CONFIG_PACKAGE_kmod-e1000e=y CONFIG_PACKAGE_kmod-vmxnet3=y # Monitoring CONFIG_PACKAGE_htop=y CONFIG_PACKAGE_iftop=y CONFIG_PACKAGE_tcpdump=y CONFIG_PACKAGE_netstat-nat=y # SSH CONFIG_PACKAGE_openssh-sftp-server=y # ============================================ # SecuBox Core Packages # ============================================ CONFIG_PACKAGE_secubox-app=y CONFIG_PACKAGE_luci-app-secubox=y CONFIG_PACKAGE_luci-app-system-hub=y CONFIG_PACKAGE_luci-app-metrics-dashboard=y # ============================================ # Security & Monitoring # ============================================ CONFIG_PACKAGE_luci-app-crowdsec-dashboard=y CONFIG_PACKAGE_luci-app-netdata-dashboard=y # ============================================ # Network Intelligence # ============================================ CONFIG_PACKAGE_luci-app-netifyd-dashboard=y CONFIG_PACKAGE_luci-app-network-modes=y # ============================================ # VPN & Access Control # ============================================ CONFIG_PACKAGE_wireguard-tools=y CONFIG_PACKAGE_kmod-wireguard=y CONFIG_PACKAGE_luci-app-wireguard-dashboard=y CONFIG_PACKAGE_qrencode=y CONFIG_PACKAGE_luci-app-client-guardian=y # ============================================ # Bandwidth & Traffic # ============================================ CONFIG_PACKAGE_luci-app-bandwidth-manager=y CONFIG_PACKAGE_luci-app-media-flow=y # ============================================ # Services # ============================================ CONFIG_PACKAGE_luci-app-cdn-cache=y CONFIG_PACKAGE_luci-app-vhost-manager=y # ============================================ # Docker Support (optional for VM) # ============================================ CONFIG_PACKAGE_docker=y CONFIG_PACKAGE_dockerd=y CONFIG_PACKAGE_docker-compose=y CONFIG_PACKAGE_luci-app-dockerman=y EOF - name: Apply configuration run: | cd openwrt make defconfig echo "" echo "๐Ÿ“‹ Final configuration:" grep -E "^CONFIG_TARGET|^CONFIG_PACKAGE_(luci-app|secubox|docker)" .config | head -50 - name: Download sources run: | cd openwrt echo "๐Ÿ“ฅ Downloading source packages..." make download -j$(nproc) V=s || make download -j1 V=s - name: Build firmware run: | cd openwrt echo "" echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" echo "๐Ÿ”จ Building SecuBox VM Firmware" echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" echo "Target: x86_64" echo "OpenWrt: ${{ env.OPENWRT_VERSION }}" echo "Root FS: ${{ env.ROOTFS_SIZE }}MB" echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" echo "" # Build with all CPUs make -j$(nproc) V=s 2>&1 | tee build.log || { echo "โš ๏ธ Parallel build failed, retrying with single thread..." make -j1 V=s 2>&1 | tee build-retry.log } - name: Prepare release artifacts run: | mkdir -p release echo "๐Ÿ“ฆ Collecting VM images..." # Copy all x86_64 images for img in openwrt/bin/targets/x86/64/*.img.gz \ openwrt/bin/targets/x86/64/*.vmdk \ openwrt/bin/targets/x86/64/*.vdi \ openwrt/bin/targets/x86/64/*.qcow2; do if [[ -f "$img" ]]; then echo " โœ… $(basename "$img")" cp "$img" release/ fi done # Copy SHA256SUMS if [[ -f "openwrt/bin/targets/x86/64/sha256sums" ]]; then cp openwrt/bin/targets/x86/64/sha256sums release/ fi # Generate manifest cat > release/MANIFEST.md << EOF # SecuBox VM Image - OpenWrt ${{ env.OPENWRT_VERSION }} ## Build Information - **Date**: $(date -u +%Y-%m-%dT%H:%M:%SZ) - **OpenWrt Version**: ${{ env.OPENWRT_VERSION }} - **Target**: x86_64 - **Root FS Size**: ${{ env.ROOTFS_SIZE }}MB ## Included SecuBox Packages - luci-app-secubox (Core dashboard) - luci-app-system-hub (System management) - luci-app-metrics-dashboard (Real-time metrics) - luci-app-crowdsec-dashboard (Security monitoring) - luci-app-wireguard-dashboard (VPN management) - luci-app-network-modes (Network configuration) - luci-app-bandwidth-manager (Traffic control) - luci-app-vhost-manager (Virtual hosts) - luci-theme-secubox (Dark theme) - Docker support (dockerd, docker-compose) ## Quick Start ### VMware 1. Import the \`.vmdk\` file as a new VM 2. Configure 2+ CPU cores, 2GB+ RAM 3. Add network adapters (NAT + Host-only recommended) 4. Boot and access LuCI at http://192.168.1.1 ### VirtualBox 1. Create new VM (Linux, Other 64-bit) 2. Use existing disk: select the \`.vdi\` file 3. Configure 2+ CPU cores, 2GB+ RAM 4. Add network adapters 5. Boot and access LuCI at http://192.168.1.1 ### QEMU/KVM \`\`\`bash qemu-system-x86_64 \\ -m 2048 \\ -smp 2 \\ -drive file=secubox-*.qcow2,format=qcow2 \\ -netdev user,id=net0,hostfwd=tcp::8080-:80,hostfwd=tcp::8443-:443 \\ -device virtio-net-pci,netdev=net0 \\ -nographic \`\`\` ### Proxmox \`\`\`bash qm create 100 --name secubox --memory 2048 --cores 2 --net0 virtio,bridge=vmbr0 qm importdisk 100 secubox-*.qcow2 local-lvm qm set 100 --scsi0 local-lvm:vm-100-disk-0 qm set 100 --boot order=scsi0 qm start 100 \`\`\` ## Default Credentials - **Username**: root - **Password**: (none - set on first login) ## Documentation - [SecuBox Documentation](https://github.com/secubox/secubox-openwrt) EOF echo "" echo "๐Ÿ“‹ Release artifacts:" ls -lh release/ - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: secubox-vm-x86_64-${{ env.OPENWRT_VERSION }} path: release/ retention-days: 30 - name: Create Release if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: release/* body_path: release/MANIFEST.md draft: false prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-beta') }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Build summary run: | echo "## ๐ŸŽ‰ SecuBox VM Build Complete" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "| Property | Value |" >> $GITHUB_STEP_SUMMARY echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY echo "| OpenWrt Version | ${{ env.OPENWRT_VERSION }} |" >> $GITHUB_STEP_SUMMARY echo "| Target | x86_64 |" >> $GITHUB_STEP_SUMMARY echo "| Root FS Size | ${{ env.ROOTFS_SIZE }}MB |" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### ๐Ÿ“ฆ Generated Images" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY ls -lh release/ | while read line; do echo "- $line" >> $GITHUB_STEP_SUMMARY done