secubox-openwrt/README.md

# SecuBox - Security Suite for OpenWrt

**Version:** 0.16.0
**Last Updated:** 2026-01-27
**Status:** Active Development
**Modules:** 38 LuCI Applications

[![Build OpenWrt Packages](https://github.com/CyberMind-FR/secubox-openwrt/actions/workflows/build-openwrt-packages.yml/badge.svg)](https://github.com/CyberMind-FR/secubox-openwrt/actions/workflows/build-openwrt-packages.yml)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](LICENSE)

## Overview

SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of 38 specialized dashboards and tools. All modules are compiled automatically for multiple OpenWrt architectures via GitHub Actions.

**Website:** [secubox.cybermood.eu](https://secubox.cybermood.eu)
**Publisher:** [CyberMind.fr](https://cybermind.fr)

---

## SecuBox Modules

### SecuBox Core (5 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-secubox** | 0.7.1 | Central dashboard/Hub for all SecuBox modules |
| **luci-app-secubox-portal** | 0.7.0 | Unified entry point with tabbed navigation |
| **luci-app-secubox-admin** | 1.0.0 | Admin control center with appstore and monitoring |
| **luci-app-secubox-bonus** | 0.2.0 | Documentation, local repo, and app store |
| **luci-app-system-hub** | 0.5.1 | Central system control with logs and backup |

### Security & Threat Management (9 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-crowdsec-dashboard** | 0.7.0 | Real-time CrowdSec security monitoring |
| **luci-app-secubox-security-threats** | 1.0.0 | Unified netifyd DPI + CrowdSec intelligence |
| **luci-app-client-guardian** | 0.4.0 | Network access, captive portal, parental controls |
| **luci-app-auth-guardian** | 0.4.0 | OAuth2/OIDC authentication, voucher system |
| **luci-app-exposure** | 1.0.0 | Service exposure manager |
| **luci-app-tor-shield** | 1.0.0 | Tor anonymization dashboard |
| **luci-app-mitmproxy** | 0.4.0 | HTTPS traffic inspection |
| **luci-app-cyberfeed** | 0.1.1 | Cyberpunk RSS feed aggregator |
| **luci-app-ksm-manager** | 0.4.0 | Cryptographic key/HSM management |

### Deep Packet Inspection (2 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-ndpid** | 1.1.2 | nDPId deep packet inspection dashboard |
| **luci-app-secubox-netifyd** | 1.2.1 | netifyd DPI with real-time flow monitoring |

### Network & Connectivity (8 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-vhost-manager** | 0.5.0 | Nginx reverse proxy with Let's Encrypt SSL |
| **luci-app-haproxy** | 1.0.0 | Load balancer with vhosts and SSL |
| **luci-app-wireguard-dashboard** | 0.7.0 | WireGuard VPN monitoring |
| **luci-app-network-modes** | 0.5.0 | Sniffer, AP, Relay, Router modes |
| **luci-app-network-tweaks** | 1.0.0 | Auto Proxy DNS & Hosts from vhosts |
| **luci-app-mqtt-bridge** | 0.4.0 | USB-to-MQTT IoT hub |
| **luci-app-cdn-cache** | 0.5.0 | Content delivery optimization |
| **luci-app-media-flow** | 0.6.4 | Streaming detection (Netflix, YouTube, Spotify) |

### Bandwidth & Traffic Management (2 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-bandwidth-manager** | 0.5.0 | QoS rules, client quotas, SQM integration |
| **luci-app-traffic-shaper** | 0.4.0 | TC/CAKE traffic shaping |

### Content & Web Platforms (5 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-gitea** | 1.0.0 | Gitea Platform management |
| **luci-app-hexojs** | 1.0.0 | Hexo static site generator |
| **luci-app-metabolizer** | 1.0.0 | Metabolizer CMS support |
| **luci-app-magicmirror2** | 0.4.0 | MagicMirror2 smart display |
| **luci-app-mmpm** | 0.2.0 | MagicMirror Package Manager |

### AI/LLM & Analytics (4 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-localai** | 0.1.0 | LocalAI LLM management |
| **luci-app-ollama** | 0.1.0 | Ollama LLM management |
| **luci-app-glances** | 1.0.0 | Glances system monitoring |
| **luci-app-netdata-dashboard** | 0.5.0 | Real-time Netdata monitoring |

### Streaming & Data Processing (2 modules)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-streamlit** | 1.0.0 | Streamlit Platform management |
| **luci-app-picobrew** | 1.0.0 | PicoBrew Server management |

### IoT & Smart Devices (1 module)

| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-zigbee2mqtt** | 1.0.0 | Zigbee2MQTT docker management |

---

## Supported Architectures

### ARM 64-bit (AArch64)
| Target | Devices |
|--------|---------|
| `aarch64-cortex-a53` | ESPRESSObin, BananaPi R64 |
| `aarch64-cortex-a72` | MOCHAbin, Raspberry Pi 4, NanoPi R4S |
| `mediatek-filogic` | GL.iNet MT3000, BananaPi R3 |
| `rockchip-armv8` | NanoPi R4S/R5S, FriendlyARM |
| `bcm27xx-bcm2711` | Raspberry Pi 4, Compute Module 4 |

### ARM 32-bit
| Target | Devices |
|--------|---------|
| `arm-cortex-a7-neon` | Orange Pi, BananaPi, Allwinner |
| `arm-cortex-a9-neon` | Linksys WRT, Turris Omnia |
| `qualcomm-ipq40xx` | Google WiFi, Zyxel NBG6617 |

### MIPS
| Target | Devices |
|--------|---------|
| `mips-24kc` | TP-Link Archer, Ubiquiti |
| `mipsel-24kc` | Xiaomi, GL.iNet, Netgear |

### x86
| Target | Devices |
|--------|---------|
| `x86-64` | PC, VMs, Docker, Proxmox |

---

## Installation

### From Pre-built Packages

Download from [GitHub Releases](https://github.com/CyberMind-FR/secubox-openwrt/releases):

```bash
opkg update
opkg install luci-app-secubox-portal_*.ipk
opkg install luci-app-system-hub_*.ipk
opkg install luci-app-crowdsec-dashboard_*.ipk
```

### Build from Source

```bash
# Clone into OpenWrt SDK
cd ~/openwrt-sdk/package/
git clone https://github.com/CyberMind-FR/secubox-openwrt.git secubox

# Build
cd ~/openwrt-sdk/
make package/secubox/luci-app-secubox-portal/compile V=s
```

### Add as OpenWrt Feed

Add to `feeds.conf.default`:
```
src-git secubox https://github.com/CyberMind-FR/secubox-openwrt.git
```

Then:
```bash
./scripts/feeds update secubox
./scripts/feeds install -a -p secubox
make menuconfig  # Select modules under LuCI > Applications
make V=s
```

---

## Repository Structure

```
secubox-openwrt/
├── package/secubox/           # All 38 SecuBox LuCI packages
│   ├── luci-app-secubox/      # Core hub
│   ├── luci-app-secubox-portal/
│   ├── luci-app-secubox-admin/
│   ├── luci-app-crowdsec-dashboard/
│   ├── luci-app-secubox-netifyd/
│   ├── luci-app-haproxy/
│   ├── luci-app-streamlit/
│   ├── luci-app-gitea/
│   ├── luci-app-hexojs/
│   └── ... (38 modules total)
├── secubox-tools/             # Build tools and local SDK
│   ├── local-build.sh         # Local package builder
│   ├── validate-modules.sh    # Module validation
│   ├── openwrt/               # Full toolchain (for Go/native builds)
│   └── sdk/                   # OpenWrt SDK (for LuCI apps)
├── DOCS/                      # Documentation
│   ├── DEVELOPMENT-GUIDELINES.md
│   ├── QUICK-START.md
│   └── VALIDATION-GUIDE.md
└── .github/workflows/         # CI/CD
```

### Build Requirements

**SDK builds** (for LuCI apps - shell/Lua packages):
```bash
./secubox-tools/local-build.sh build luci-app-crowdsec-dashboard
```

**Full toolchain builds** (for Go/native packages):
```bash
cd secubox-tools/openwrt
make package/crowdsec/compile V=s
```

| Package | Build Type | Reason |
|---------|------------|--------|
| `crowdsec` | Toolchain | Go binary with CGO |
| `crowdsec-firewall-bouncer` | Toolchain | Go binary with CGO |
| `netifyd` | Toolchain | C++ native binary |
| `nodogsplash` | Toolchain | C native binary |
| All `luci-app-*` | SDK | Shell/Lua/JS packages |

---

## OpenWrt Compatibility

| Version | Status | Package Format |
|---------|--------|----------------|
| 25.x | Testing | `.apk` |
| 24.10.x | **Recommended** | `.ipk` |
| 23.05.x | Supported | `.ipk` |

---

## Development

### Developer Documentation

| Guide | Description |
|-------|-------------|
| [DOCS/DEVELOPMENT-GUIDELINES.md](./DOCS/DEVELOPMENT-GUIDELINES.md) | Design System, RPCD/ubus, ACL, JavaScript |
| [DOCS/QUICK-START.md](./DOCS/QUICK-START.md) | Quick reference and code templates |
| [DOCS/VALIDATION-GUIDE.md](./DOCS/VALIDATION-GUIDE.md) | Module validation procedures |
| [CLAUDE.md](./CLAUDE.md) | OpenWrt shell scripting guidelines |
| [secubox-tools/README.md](./secubox-tools/README.md) | Build tools and SDK usage |

### Critical Rules

1. **RPCD naming**: filename = ubus object (`luci.system-hub`)
2. **Menu paths**: path = view file (`system-hub/overview.js`)
3. **Permissions**: RPCD=755, CSS/JS=644
4. **Validate**: `./secubox-tools/validate-modules.sh`
5. **Go/native packages**: Use full toolchain, not SDK

---

## Public Pages

SecuBox includes public pages accessible without authentication:

- **Crowdfunding Campaign** - Support the project development
- **Bug Bounty Program** - Security vulnerability reporting
- **Development Status** - Modules list, roadmap, changelog

Access at: `https://your-secubox/cgi-bin/luci/secubox-public/`

---

## Links

- **Website**: [secubox.cybermood.eu](https://secubox.cybermood.eu)
- **GitHub**: [github.com/CyberMind-FR/secubox-openwrt](https://github.com/CyberMind-FR/secubox-openwrt)
- **Publisher**: [CyberMind.fr](https://cybermind.fr)
- **Issues**: [GitHub Issues](https://github.com/CyberMind-FR/secubox-openwrt/issues)

---

## License

Apache-2.0 © 2024-2026 CyberMind.fr

---

## Contributing

1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request

---

## Author

**Gandalf** - [CyberMind.fr](https://cybermind.fr)

**Made with love in France**