Automate access-point image build

access-points/.gitignore

@@ -0,0 +1,2 @@
+build/
+dl/

access-points/build-image.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+[ $# -ge 1 ] || exit 1
+CONTROL="$1"; shift
+IMAGEBUILDER_URL=${IMAGEBUILDER_URL:-http://downloads.lede-project.org/snapshots/targets/ar71xx/generic/lede-imagebuilder-ar71xx-generic.Linux-x86_64.tar.xz}
+
+TOPDIR="$PWD"
+DLDIR=${DLDIR:-"dl"}
+BUILDDIR=${BUILDDIR:-"build"}
+IMAGEDIR=${IMAGEDIR:-"images"}
+
+mkdir -p "$DLDIR"
+mkdir -p "$BUILDDIR"; rm -rf "$BUILDDIR"/*
+mkdir -p "$IMAGEDIR"
+
+VERSION="$(basename "$(git describe --always --tags --dirty --match 'access-points/*')")"
+IMAGEDIR="$IMAGEDIR"/"$VERSION"
+mkdir "$IMAGEDIR"
+
+imagebuilder="$(basename "$IMAGEBUILDER_URL")"
+
+(
+    cd "$DLDIR"
+    wget --continue "$IMAGEBUILDER_URL" -O "$imagebuilder"
+)
+
+tar -C "$BUILDDIR" -axf "$DLDIR"/"$imagebuilder"
+
+IMAGEBUILDER_DIR="$BUILDDIR"/"$(tar -atf "$DLDIR"/"$imagebuilder" | head -n1)"
+
+image="lede-ar71xx-generic-tl-wr841-v10-squashfs-sysupgrade.bin"
+
+
+(
+    IFS='
+'
+    export PROFILE PACKAGES
+    . "$CONTROL"
+
+    tmp=$(mktemp --tmpdir -d files.XXXXXXXXX)
+
+    cp -aLTv "$TOPDIR/$FILES" "$tmp"
+    echo "$VERSION" > "$tmp"/etc/its-access-point-version
+
+    cd "$IMAGEBUILDER_DIR"
+    make image FILES="$tmp"
+)
+
+cp "$IMAGEBUILDER_DIR"/bin/targets/ar71xx/generic/"$image" "$IMAGEDIR"/
+
+{
+    printf '%s\n' "Date: $(date -R)"
+    printf '%s\n' "Image-Builder: $IMAGEBUILDER_URL"
+    printf '%s\n'
+    printf 'Checksums-Sha512:\n'
+    {
+        ( cd "$DLDIR"   ; sha512sum "$imagebuilder" )
+        ( cd "$IMAGEDIR"; sha512sum "$image")
+    } | sed 's/^/  /'
+} > "$IMAGEDIR"/image-manifest

access-points/control/tl-wr841-v10

@@ -0,0 +1,11 @@
+PROFILE=tl-wr841-v10
+FILES=files/tl-wr841-v10
+PACKAGES='
+  collectd
+  collectd-mod-wireless
+  collectd-mod-interface
+  collectd-mod-load
+  collectd-mod-network
+  -firewall
+  -ip6tables
+  -kmod-ip6tables'

access-points/files/tl-wr841-v10/etc/collectd.conf

@@ -0,0 +1,30 @@
+# Config file for collectd. More info: https://collectd.org/
+# Note: Luci statistics will generate a new config and overwrite this file.
+
+#Hostname   "localhost"
+#FQDNLookup  true
+BaseDir "/var/run/collectd"
+Include "/etc/collectd/conf.d"
+PIDFile "/var/run/collectd.pid"
+PluginDir "/usr/lib/collectd"
+TypesDB "/usr/share/collectd/types.db"
+Interval    30
+ReadThreads 2
+
+LoadPlugin interface
+LoadPlugin load
+#LoadPlugin ping
+
+<Plugin interface>
+	IgnoreSelected false
+	Interface "lan"
+</Plugin>
+
+LoadPlugin network
+<Plugin network>
+	Server "collectd.asozial" "25826"
+	Forward false
+</Plugin>
+
+
+LoadPlugin wireless

access-points/files/tl-wr841-v10/etc/config/dhcp

@@ -0,0 +1,17 @@
+
+config dnsmasq
+	option listen 0
+
+config dhcp 'lan'
+	option interface 'lan'
+	option ignore 1
+
+config dhcp 'wan'
+	option interface 'wan'
+	option ignore '1'
+
+config odhcpd 'odhcpd'
+	option maindhcp '0'
+	option leasefile '/tmp/hosts/odhcpd'
+	option leasetrigger '/usr/sbin/odhcpd-update'
+

access-points/files/tl-wr841-v10/etc/config/dropbear

@@ -0,0 +1,5 @@
+config dropbear
+	option PasswordAuth 'off'
+	option RootPasswordAuth 'off'
+	option Port         '22'
+#	option BannerFile   '/etc/banner'

access-points/files/tl-wr841-v10/etc/config/firewall

@@ -0,0 +1,5 @@
+config defaults
+	option syn_flood	1
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		ACCEPT

access-points/files/tl-wr841-v10/etc/config/network

@@ -0,0 +1,32 @@
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config interface 'apctl'
+	option ifname 'eth1.2'
+	option proto 'dhcp'
+
+config interface 'lan'
+	option type 'bridge'
+	option ifname 'eth1'
+	option proto 'static'
+
+config interface 'recovery'
+	option type 'bridge'
+	option ifname 'eth0'
+	option proto 'static'
+	option ipaddr '192.168.1.1'
+	option netmask '255.0.0.0'
+
+config switch
+	option name 'switch0'
+	option reset '1'
+	option enable '1'
+	option enable_vlan '1'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '1'
+	option ports '1 2 3 4 0'

access-points/files/tl-wr841-v10/etc/config/system

@@ -0,0 +1,48 @@
+
+config system
+	option hostname 'ITS-AP-unassigned'
+	option timezone 'UTC'
+
+config timeserver 'ntp'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'
+	option enabled '1'
+	option enable_server '0'
+
+config led 'led_wan'
+	option name 'WAN'
+	option sysfs 'tp-link:green:wan'
+	option trigger 'netdev'
+	option mode 'link tx rx'
+	option dev 'eth1'
+
+config led 'led_lan1'
+	option name 'LAN1'
+	option sysfs 'tp-link:green:lan1'
+	option trigger 'switch0'
+	option port_mask '0x10'
+
+config led 'led_lan2'
+	option name 'LAN2'
+	option sysfs 'tp-link:green:lan2'
+	option trigger 'switch0'
+	option port_mask '0x08'
+
+config led 'led_lan3'
+	option name 'LAN3'
+	option sysfs 'tp-link:green:lan3'
+	option trigger 'switch0'
+	option port_mask '0x04'
+
+config led 'led_lan4'
+	option name 'LAN4'
+	option sysfs 'tp-link:green:lan4'
+	option trigger 'switch0'
+	option port_mask '0x02'
+
+config led 'led_wlan'
+	option name 'WLAN'
+	option sysfs 'tp-link:green:wlan'
+	option trigger 'phy0tpt'

access-points/files/tl-wr841-v10/etc/config/wireless

@@ -0,0 +1,15 @@
+config wifi-device  radio0
+	option type     mac80211
+	option channel  1
+	option hwmode	11g
+	option path	'platform/qca953x_wmac'
+	option htmode	HT20
+	option disabled '1'
+
+config wifi-iface
+	option device   radio0
+	option network  lan
+	option mode     ap
+	option ssid     it-syndikat
+	option encryption psk2
+	option key      '<WIRELESS KEY HERE>'

access-points/files/tl-wr841-v10/etc/dropbear/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1DbwksyuM2iVU/mSSQb8fcTT3smODyeaztPvpf1eO49dn4MecAcU58zq2g4DKumC5q1bCrMqphY9ea+USSrYpf+Z++fezOsPxad4Mr4ixu0Ha8Vo4CLCfDxcAxZhYulAxnPd2w8gByIQIUnmGZBGyAXuD0Yxi+2cpn3jGWI1N96cwyhSzY0/QmjfeUbqb+pdiEjm/JTBuo/sBmfJmd9QayMvxOz1Rrz1TuO89vm/Vl1P+kIFStoBsEeUH8+YquIPuPqgq3d6H+iU68NNtbpYAwMJS30um4uhu/xO/VHclCafqOuQvYRkjBJARNPmMl/DUcithNCW2AvDctJsZpB1l dxld@Eli

access-points/files/tl-wr841-v10/etc/hotplug.d/iface/10-disable-wifi-when-uplink-gone

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+logger -t wifi-uplink hotplug "$DEVICE" "$INTERFACE" "$ACTION"
+
+# 'lan' doesn't work for some reason
+[ "$INTERFACE" = apctl ] || exit 0
+
+logger -t wifi-uplink devchange "$DEVICE" "$INTERFACE" "$ACTION"
+
+[ "$ACTION" = ifup ] && {
+    logger -t wifi-uplink up "$DEVICE" "$INTERFACE" "$ACTION"
+    uci set wireless.@wifi-device[0].disabled=0
+    wifi
+}
+
+[ "$ACTION" = ifdown ] && {
+    logger -t wifi-uplink down "$DEVICE" "$INTERFACE" "$ACTION"
+    wifi down
+    uci set wireless.@wifi-device[0].disabled=1
+}

access-points/files/tl-wr841-v10/etc/uci-defaults/50-config-from-mac

@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+
+mac=$(cat /sys/class/net/wlan0/address)
+
+hostname=
+channel=
+if [ "$mac" = 60:e3:27:b8:16:ec ]; then
+    hostname=cz-ap0
+    channel=6
+elif [ "$mac" = 60:e3:27:ed:86:9a ]; then
+    hostname=cz-ap1
+    channel=11
+elif [ "$mac" = 60:e3:27:ed:9b:b0 ]; then
+    hostname=lz-ap0
+    channel=1
+fi
+
+uci set system.@system[0].hostname=$hostname
+uci commit system
+uci set wireless.radio0.channel=$channel
+uci commit wireless
+echo $(uci get system.@system[0].hostname) > /proc/sys/kernel/hostname

access-points/files/tl-wr841-v10/etc/uci-defaults/51-secrets

@@ -0,0 +1 @@
+../../../../../.git/annex/objects/Vk/8w/SHA256E-s95--196dc6eecef78da77ea459b552dc3e0690f7c8e99007105d9715020ba7c60480/SHA256E-s95--196dc6eecef78da77ea459b552dc3e0690f7c8e99007105d9715020ba7c60480