From 23125a970e78c5e5f2d0803b92f0f9d01b0c707b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Gr=C3=B6ber?= <dxld@darkboxed.org>
Date: Wed, 4 Oct 2017 18:52:03 +0200
Subject: [PATCH] Automate access-point image build

---
 access-points/.gitignore                      |  2 +
 access-points/build-image.sh                  | 60 +++++++++++++++++++
 access-points/control/tl-wr841-v10            | 11 ++++
 .../doc-ap-reinstall.txt                      |  0
 .../doc-ap-reset.txt                          |  0
 .../files/tl-wr841-v10/etc/collectd.conf      | 30 ++++++++++
 .../files/tl-wr841-v10/etc/config/dhcp        | 17 ++++++
 .../files/tl-wr841-v10/etc/config/dropbear    |  5 ++
 .../files/tl-wr841-v10/etc/config/firewall    |  5 ++
 .../files/tl-wr841-v10/etc/config/network     | 32 ++++++++++
 .../files/tl-wr841-v10/etc/config/system      | 48 +++++++++++++++
 .../files/tl-wr841-v10/etc/config/ubootenv    |  0
 .../files/tl-wr841-v10/etc/config/wireless    | 15 +++++
 .../tl-wr841-v10/etc/dropbear/authorized_keys |  1 +
 .../iface/10-disable-wifi-when-uplink-gone    | 20 +++++++
 .../etc/uci-defaults/50-config-from-mac       | 23 +++++++
 .../tl-wr841-v10/etc/uci-defaults/51-secrets  |  1 +
 17 files changed, 270 insertions(+)
 create mode 100644 access-points/.gitignore
 create mode 100755 access-points/build-image.sh
 create mode 100644 access-points/control/tl-wr841-v10
 rename doc-ap-reinstall.txt => access-points/doc-ap-reinstall.txt (100%)
 rename doc-ap-reset.txt => access-points/doc-ap-reset.txt (100%)
 create mode 100644 access-points/files/tl-wr841-v10/etc/collectd.conf
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/dhcp
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/dropbear
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/firewall
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/network
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/system
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/ubootenv
 create mode 100644 access-points/files/tl-wr841-v10/etc/config/wireless
 create mode 100644 access-points/files/tl-wr841-v10/etc/dropbear/authorized_keys
 create mode 100644 access-points/files/tl-wr841-v10/etc/hotplug.d/iface/10-disable-wifi-when-uplink-gone
 create mode 100755 access-points/files/tl-wr841-v10/etc/uci-defaults/50-config-from-mac
 create mode 120000 access-points/files/tl-wr841-v10/etc/uci-defaults/51-secrets

diff --git a/access-points/.gitignore b/access-points/.gitignore
new file mode 100644
index 0000000..103c816
--- /dev/null
+++ b/access-points/.gitignore
@@ -0,0 +1,2 @@
+build/
+dl/
diff --git a/access-points/build-image.sh b/access-points/build-image.sh
new file mode 100755
index 0000000..1866f55
--- /dev/null
+++ b/access-points/build-image.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+[ $# -ge 1 ] || exit 1
+CONTROL="$1"; shift
+IMAGEBUILDER_URL=${IMAGEBUILDER_URL:-http://downloads.lede-project.org/snapshots/targets/ar71xx/generic/lede-imagebuilder-ar71xx-generic.Linux-x86_64.tar.xz}
+
+TOPDIR="$PWD"
+DLDIR=${DLDIR:-"dl"}
+BUILDDIR=${BUILDDIR:-"build"}
+IMAGEDIR=${IMAGEDIR:-"images"}
+
+mkdir -p "$DLDIR"
+mkdir -p "$BUILDDIR"; rm -rf "$BUILDDIR"/*
+mkdir -p "$IMAGEDIR"
+
+VERSION="$(basename "$(git describe --always --tags --dirty --match 'access-points/*')")"
+IMAGEDIR="$IMAGEDIR"/"$VERSION"
+mkdir "$IMAGEDIR"
+
+imagebuilder="$(basename "$IMAGEBUILDER_URL")"
+
+(
+    cd "$DLDIR"
+    wget --continue "$IMAGEBUILDER_URL" -O "$imagebuilder"
+)
+
+tar -C "$BUILDDIR" -axf "$DLDIR"/"$imagebuilder"
+
+IMAGEBUILDER_DIR="$BUILDDIR"/"$(tar -atf "$DLDIR"/"$imagebuilder" | head -n1)"
+
+image="lede-ar71xx-generic-tl-wr841-v10-squashfs-sysupgrade.bin"
+
+
+(
+    IFS='
+'
+    export PROFILE PACKAGES
+    . "$CONTROL"
+
+    tmp=$(mktemp --tmpdir -d files.XXXXXXXXX)
+
+    cp -aLTv "$TOPDIR/$FILES" "$tmp"
+    echo "$VERSION" > "$tmp"/etc/its-access-point-version
+
+    cd "$IMAGEBUILDER_DIR"
+    make image FILES="$tmp"
+)
+
+cp "$IMAGEBUILDER_DIR"/bin/targets/ar71xx/generic/"$image" "$IMAGEDIR"/
+
+{
+    printf '%s\n' "Date: $(date -R)"
+    printf '%s\n' "Image-Builder: $IMAGEBUILDER_URL"
+    printf '%s\n'
+    printf 'Checksums-Sha512:\n'
+    {
+        ( cd "$DLDIR"   ; sha512sum "$imagebuilder" )
+        ( cd "$IMAGEDIR"; sha512sum "$image")
+    } | sed 's/^/  /'
+} > "$IMAGEDIR"/image-manifest
diff --git a/access-points/control/tl-wr841-v10 b/access-points/control/tl-wr841-v10
new file mode 100644
index 0000000..67dc39e
--- /dev/null
+++ b/access-points/control/tl-wr841-v10
@@ -0,0 +1,11 @@
+PROFILE=tl-wr841-v10
+FILES=files/tl-wr841-v10
+PACKAGES='
+  collectd
+  collectd-mod-wireless
+  collectd-mod-interface
+  collectd-mod-load
+  collectd-mod-network
+  -firewall
+  -ip6tables
+  -kmod-ip6tables'
diff --git a/doc-ap-reinstall.txt b/access-points/doc-ap-reinstall.txt
similarity index 100%
rename from doc-ap-reinstall.txt
rename to access-points/doc-ap-reinstall.txt
diff --git a/doc-ap-reset.txt b/access-points/doc-ap-reset.txt
similarity index 100%
rename from doc-ap-reset.txt
rename to access-points/doc-ap-reset.txt
diff --git a/access-points/files/tl-wr841-v10/etc/collectd.conf b/access-points/files/tl-wr841-v10/etc/collectd.conf
new file mode 100644
index 0000000..a9b5b55
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/collectd.conf
@@ -0,0 +1,30 @@
+# Config file for collectd. More info: https://collectd.org/
+# Note: Luci statistics will generate a new config and overwrite this file.
+
+#Hostname   "localhost"
+#FQDNLookup  true
+BaseDir "/var/run/collectd"
+Include "/etc/collectd/conf.d"
+PIDFile "/var/run/collectd.pid"
+PluginDir "/usr/lib/collectd"
+TypesDB "/usr/share/collectd/types.db"
+Interval    30
+ReadThreads 2
+
+LoadPlugin interface
+LoadPlugin load
+#LoadPlugin ping
+
+<Plugin interface>
+	IgnoreSelected false
+	Interface "lan"
+</Plugin>
+
+LoadPlugin network
+<Plugin network>
+	Server "collectd.asozial" "25826"
+	Forward false
+</Plugin>
+
+
+LoadPlugin wireless
diff --git a/access-points/files/tl-wr841-v10/etc/config/dhcp b/access-points/files/tl-wr841-v10/etc/config/dhcp
new file mode 100644
index 0000000..d3dc5b8
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/config/dhcp
@@ -0,0 +1,17 @@
+
+config dnsmasq
+	option listen 0
+
+config dhcp 'lan'
+	option interface 'lan'
+	option ignore 1
+
+config dhcp 'wan'
+	option interface 'wan'
+	option ignore '1'
+
+config odhcpd 'odhcpd'
+	option maindhcp '0'
+	option leasefile '/tmp/hosts/odhcpd'
+	option leasetrigger '/usr/sbin/odhcpd-update'
+
diff --git a/access-points/files/tl-wr841-v10/etc/config/dropbear b/access-points/files/tl-wr841-v10/etc/config/dropbear
new file mode 100644
index 0000000..8bef2d1
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/config/dropbear
@@ -0,0 +1,5 @@
+config dropbear
+	option PasswordAuth 'off'
+	option RootPasswordAuth 'off'
+	option Port         '22'
+#	option BannerFile   '/etc/banner'
diff --git a/access-points/files/tl-wr841-v10/etc/config/firewall b/access-points/files/tl-wr841-v10/etc/config/firewall
new file mode 100644
index 0000000..e993787
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/config/firewall
@@ -0,0 +1,5 @@
+config defaults
+	option syn_flood	1
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		ACCEPT
diff --git a/access-points/files/tl-wr841-v10/etc/config/network b/access-points/files/tl-wr841-v10/etc/config/network
new file mode 100644
index 0000000..e41af30
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/config/network
@@ -0,0 +1,32 @@
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config interface 'apctl'
+	option ifname 'eth1.2'
+	option proto 'dhcp'
+
+config interface 'lan'
+	option type 'bridge'
+	option ifname 'eth1'
+	option proto 'static'
+
+config interface 'recovery'
+	option type 'bridge'
+	option ifname 'eth0'
+	option proto 'static'
+	option ipaddr '192.168.1.1'
+	option netmask '255.0.0.0'
+
+config switch
+	option name 'switch0'
+	option reset '1'
+	option enable '1'
+	option enable_vlan '1'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '1'
+	option ports '1 2 3 4 0'
diff --git a/access-points/files/tl-wr841-v10/etc/config/system b/access-points/files/tl-wr841-v10/etc/config/system
new file mode 100644
index 0000000..d554a0d
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/config/system
@@ -0,0 +1,48 @@
+
+config system
+	option hostname 'ITS-AP-unassigned'
+	option timezone 'UTC'
+
+config timeserver 'ntp'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'
+	option enabled '1'
+	option enable_server '0'
+
+config led 'led_wan'
+	option name 'WAN'
+	option sysfs 'tp-link:green:wan'
+	option trigger 'netdev'
+	option mode 'link tx rx'
+	option dev 'eth1'
+
+config led 'led_lan1'
+	option name 'LAN1'
+	option sysfs 'tp-link:green:lan1'
+	option trigger 'switch0'
+	option port_mask '0x10'
+
+config led 'led_lan2'
+	option name 'LAN2'
+	option sysfs 'tp-link:green:lan2'
+	option trigger 'switch0'
+	option port_mask '0x08'
+
+config led 'led_lan3'
+	option name 'LAN3'
+	option sysfs 'tp-link:green:lan3'
+	option trigger 'switch0'
+	option port_mask '0x04'
+
+config led 'led_lan4'
+	option name 'LAN4'
+	option sysfs 'tp-link:green:lan4'
+	option trigger 'switch0'
+	option port_mask '0x02'
+
+config led 'led_wlan'
+	option name 'WLAN'
+	option sysfs 'tp-link:green:wlan'
+	option trigger 'phy0tpt'
diff --git a/access-points/files/tl-wr841-v10/etc/config/ubootenv b/access-points/files/tl-wr841-v10/etc/config/ubootenv
new file mode 100644
index 0000000..e69de29
diff --git a/access-points/files/tl-wr841-v10/etc/config/wireless b/access-points/files/tl-wr841-v10/etc/config/wireless
new file mode 100644
index 0000000..cb98dea
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/config/wireless
@@ -0,0 +1,15 @@
+config wifi-device  radio0
+	option type     mac80211
+	option channel  1
+	option hwmode	11g
+	option path	'platform/qca953x_wmac'
+	option htmode	HT20
+	option disabled '1'
+
+config wifi-iface
+	option device   radio0
+	option network  lan
+	option mode     ap
+	option ssid     it-syndikat
+	option encryption psk2
+	option key      '<WIRELESS KEY HERE>'
diff --git a/access-points/files/tl-wr841-v10/etc/dropbear/authorized_keys b/access-points/files/tl-wr841-v10/etc/dropbear/authorized_keys
new file mode 100644
index 0000000..bccae01
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/dropbear/authorized_keys
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1DbwksyuM2iVU/mSSQb8fcTT3smODyeaztPvpf1eO49dn4MecAcU58zq2g4DKumC5q1bCrMqphY9ea+USSrYpf+Z++fezOsPxad4Mr4ixu0Ha8Vo4CLCfDxcAxZhYulAxnPd2w8gByIQIUnmGZBGyAXuD0Yxi+2cpn3jGWI1N96cwyhSzY0/QmjfeUbqb+pdiEjm/JTBuo/sBmfJmd9QayMvxOz1Rrz1TuO89vm/Vl1P+kIFStoBsEeUH8+YquIPuPqgq3d6H+iU68NNtbpYAwMJS30um4uhu/xO/VHclCafqOuQvYRkjBJARNPmMl/DUcithNCW2AvDctJsZpB1l dxld@Eli
diff --git a/access-points/files/tl-wr841-v10/etc/hotplug.d/iface/10-disable-wifi-when-uplink-gone b/access-points/files/tl-wr841-v10/etc/hotplug.d/iface/10-disable-wifi-when-uplink-gone
new file mode 100644
index 0000000..83afd32
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/hotplug.d/iface/10-disable-wifi-when-uplink-gone
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+logger -t wifi-uplink hotplug "$DEVICE" "$INTERFACE" "$ACTION"
+
+# 'lan' doesn't work for some reason
+[ "$INTERFACE" = apctl ] || exit 0
+
+logger -t wifi-uplink devchange "$DEVICE" "$INTERFACE" "$ACTION"
+
+[ "$ACTION" = ifup ] && {
+    logger -t wifi-uplink up "$DEVICE" "$INTERFACE" "$ACTION"
+    uci set wireless.@wifi-device[0].disabled=0
+    wifi
+}
+
+[ "$ACTION" = ifdown ] && {
+    logger -t wifi-uplink down "$DEVICE" "$INTERFACE" "$ACTION"
+    wifi down
+    uci set wireless.@wifi-device[0].disabled=1
+}
diff --git a/access-points/files/tl-wr841-v10/etc/uci-defaults/50-config-from-mac b/access-points/files/tl-wr841-v10/etc/uci-defaults/50-config-from-mac
new file mode 100755
index 0000000..e876d66
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/uci-defaults/50-config-from-mac
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+
+mac=$(cat /sys/class/net/wlan0/address)
+
+hostname=
+channel=
+if [ "$mac" = 60:e3:27:b8:16:ec ]; then
+    hostname=cz-ap0
+    channel=6
+elif [ "$mac" = 60:e3:27:ed:86:9a ]; then
+    hostname=cz-ap1
+    channel=11
+elif [ "$mac" = 60:e3:27:ed:9b:b0 ]; then
+    hostname=lz-ap0
+    channel=1
+fi
+
+uci set system.@system[0].hostname=$hostname
+uci commit system
+uci set wireless.radio0.channel=$channel
+uci commit wireless
+echo $(uci get system.@system[0].hostname) > /proc/sys/kernel/hostname
diff --git a/access-points/files/tl-wr841-v10/etc/uci-defaults/51-secrets b/access-points/files/tl-wr841-v10/etc/uci-defaults/51-secrets
new file mode 120000
index 0000000..e3807b7
--- /dev/null
+++ b/access-points/files/tl-wr841-v10/etc/uci-defaults/51-secrets
@@ -0,0 +1 @@
+../../../../../.git/annex/objects/Vk/8w/SHA256E-s95--196dc6eecef78da77ea459b552dc3e0690f7c8e99007105d9715020ba7c60480/SHA256E-s95--196dc6eecef78da77ea459b552dc3e0690f7c8e99007105d9715020ba7c60480
\ No newline at end of file