From b99af29cbdc7295b736b3141db8d1342e0ac61dc Mon Sep 17 00:00:00 2001 From: Bart Van Der Meerssche Date: Sun, 19 Dec 2010 20:53:54 +0100 Subject: [PATCH] openwrt: port files dir to flukso v2 --- .../files/etc/avahi/services/flukso.service | 14 +++ .../files/etc/avahi/services/http.service | 10 +++ mote/v2/openwrt/files/etc/config/dhcp | 23 +++++ mote/v2/openwrt/files/etc/config/dropbear | 3 + mote/v2/openwrt/files/etc/config/firewall | 87 +++++++++++++++++++ mote/v2/openwrt/files/etc/config/network | 17 ++++ mote/v2/openwrt/files/etc/config/system | 25 +++--- mote/v2/openwrt/files/etc/config/uhttpd | 83 ++++++++++++++++++ mote/v2/openwrt/files/etc/config/wireless | 18 ++++ mote/v2/openwrt/files/etc/hosts | 2 + mote/v2/openwrt/files/etc/inittab | 2 + mote/v2/openwrt/files/etc/passwd | 3 + mote/v2/openwrt/files/etc/rc.local | 7 ++ .../openwrt/files/etc/ssl/certs/flukso.ca.crt | 21 +++++ mote/v2/openwrt/files/etc/sysctl.conf | 28 ++++++ 15 files changed, 332 insertions(+), 11 deletions(-) create mode 100644 mote/v2/openwrt/files/etc/avahi/services/flukso.service create mode 100644 mote/v2/openwrt/files/etc/avahi/services/http.service create mode 100644 mote/v2/openwrt/files/etc/config/dhcp create mode 100644 mote/v2/openwrt/files/etc/config/dropbear create mode 100644 mote/v2/openwrt/files/etc/config/firewall create mode 100644 mote/v2/openwrt/files/etc/config/network create mode 100644 mote/v2/openwrt/files/etc/config/uhttpd create mode 100644 mote/v2/openwrt/files/etc/config/wireless create mode 100644 mote/v2/openwrt/files/etc/hosts create mode 100644 mote/v2/openwrt/files/etc/inittab create mode 100644 mote/v2/openwrt/files/etc/passwd create mode 100644 mote/v2/openwrt/files/etc/rc.local create mode 100644 mote/v2/openwrt/files/etc/ssl/certs/flukso.ca.crt create mode 100644 mote/v2/openwrt/files/etc/sysctl.conf diff --git a/mote/v2/openwrt/files/etc/avahi/services/flukso.service b/mote/v2/openwrt/files/etc/avahi/services/flukso.service new file mode 100644 index 0000000..5b63cc6 --- /dev/null +++ b/mote/v2/openwrt/files/etc/avahi/services/flukso.service @@ -0,0 +1,14 @@ + + + + Flukso RESTful API on %h + + _flukso._tcp + 8080 + id1=0123456789abcdef0123456789abcde0 + id2=0123456789abcdef0123456789abcde1 + id3=0123456789abcdef0123456789abcde2 + path=/sensor + version=1.0 + + diff --git a/mote/v2/openwrt/files/etc/avahi/services/http.service b/mote/v2/openwrt/files/etc/avahi/services/http.service new file mode 100644 index 0000000..7e9be2d --- /dev/null +++ b/mote/v2/openwrt/files/etc/avahi/services/http.service @@ -0,0 +1,10 @@ + + + + Web Server on %h + + _http._tcp + 80 + path=/ + + diff --git a/mote/v2/openwrt/files/etc/config/dhcp b/mote/v2/openwrt/files/etc/config/dhcp new file mode 100644 index 0000000..38a8676 --- /dev/null +++ b/mote/v2/openwrt/files/etc/config/dhcp @@ -0,0 +1,23 @@ +config dnsmasq + option domainneeded 1 + option boguspriv 1 + option filterwin2k '0' #enable for dial on demand + option localise_queries 1 + option local '/lan/' + option domain 'home' + option expandhosts 1 + option nonegcache 0 + option authoritative 1 + option readethers 1 + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + +config dhcp + option interface lan + option start 100 + option limit 150 + option leasetime 12h + +config dhcp + option interface wan + option ignore 1 diff --git a/mote/v2/openwrt/files/etc/config/dropbear b/mote/v2/openwrt/files/etc/config/dropbear new file mode 100644 index 0000000..25d471a --- /dev/null +++ b/mote/v2/openwrt/files/etc/config/dropbear @@ -0,0 +1,3 @@ +config dropbear + option PasswordAuth 'on' + option Port '22' diff --git a/mote/v2/openwrt/files/etc/config/firewall b/mote/v2/openwrt/files/etc/config/firewall new file mode 100644 index 0000000..60f5f27 --- /dev/null +++ b/mote/v2/openwrt/files/etc/config/firewall @@ -0,0 +1,87 @@ +config defaults + option syn_flood 1 + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name lan + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name wan + option input REJECT + option output ACCEPT + option forward REJECT + option masq 1 + +config forwarding + option src lan + option dest wan + +## Enable this option if you encounter any MTU problems +## e.g. some websites work, others do not, submitting +## forms causes problems, ... +# option mtu_fix 1 + + +### EXAMPLE CONFIG SECTIONS +# do not allow a specific ip to access wan +#config rule +# option src lan +# option src_ip 192.168.45.2 +# option dest wan +# option proto tcp +# option target REJECT + +# block a specific mac on wan +#config rule +# option dest wan +# option src_mac 00:11:22:33:44:66 +# option target REJECT + +# block incoming ICMP traffic on a zone +#config rule +# option src lan +# option proto ICMP +# option target DROP + +# port redirect port coming in on wan to lan +#config redirect +# option src wan +# option src_dport 80 +# option dest lan +# option dest_ip 192.168.16.235 +# option dest_port 80 +# option proto tcp + +# include a file with users custom iptables rules +config include + option path /etc/firewall.user + + +### FULL CONFIG SECTIONS +#config rule +# option src lan +# option src lan +# option src_ip 192.168.45.2 +# option src_mac 00:11:22:33:44:55 +# option src_port 80 +# option dest wan +# option dest_ip 194.25.2.129 +# option dest_port 120 +# option proto tcp +# option target REJECT + +#config redirect +# option src lan +# option src_ip 192.168.45.2 +# option src_mac 00:11:22:33:44:55 +# option src_port 1024 +# option src_dport 80 +# option dest_ip 194.25.2.129 +# option dest_port 120 +# option proto tcp + diff --git a/mote/v2/openwrt/files/etc/config/network b/mote/v2/openwrt/files/etc/config/network new file mode 100644 index 0000000..ef1743b --- /dev/null +++ b/mote/v2/openwrt/files/etc/config/network @@ -0,0 +1,17 @@ +# Copyright (C) 2006 OpenWrt.org + +config interface loopback + option ifname lo + option proto static + option ipaddr 127.0.0.1 + option netmask 255.0.0.0 + +config interface wan + option ifname ath0 + option proto dhcp + +config interface lan + option ifname eth0 + option proto static + option ipaddr 192.168.255.1 + option netmask 255.255.255.0 diff --git a/mote/v2/openwrt/files/etc/config/system b/mote/v2/openwrt/files/etc/config/system index 1716d5f..3c8715c 100644 --- a/mote/v2/openwrt/files/etc/config/system +++ b/mote/v2/openwrt/files/etc/config/system @@ -1,17 +1,20 @@ config system - option hostname flukso option timezone UTC + option hostname flukso + option device 0123456789abcdef0123456789abcdef + option key 00112233445566778899aabbccddeeff + option version 210 config button - option button reset - option action released - option handler net_toggle - option min 2 - option max 5 + option button reset + option action released + option handler net_toggle + option min 2 + option max 5 config button - option button reset - option action released - option handler net_defaults - option min 10 - option max 30 + option button reset + option action released + option handler net_defaults + option min 10 + option max 30 diff --git a/mote/v2/openwrt/files/etc/config/uhttpd b/mote/v2/openwrt/files/etc/config/uhttpd new file mode 100644 index 0000000..123aec8 --- /dev/null +++ b/mote/v2/openwrt/files/etc/config/uhttpd @@ -0,0 +1,83 @@ +# Server configuration +config uhttpd main + + # HTTP listen addresses, multiple allowed + list listen_http 0.0.0.0:80 +# list listen_http [::]:80 + + # HTTPS listen addresses, multiple allowed +# list listen_https 0.0.0.0:443 +# list listen_https [::]:443 + + # Server document root + option home /www + + # Reject requests from RFC1918 IP addresses + # directed to the servers public IP(s). + # This is a DNS rebinding countermeasure. + option rfc1918_filter 1 + + # Certificate and private key for HTTPS. + # If no listen_https addresses are given, + # the key options are ignored. + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key + + # CGI url prefix, will be searched in docroot. + # Default is /cgi-bin + option cgi_prefix /cgi-bin + + # List of extension->interpreter mappings. + # Files with an associated interpreter can + # be called outside of the CGI prefix and do + # not need to be executable. +# list interpreter ".php=/usr/bin/php-cgi" +# list interpreter ".cgi=/usr/bin/perl" + + # Lua url prefix and handler script. + # Lua support is disabled if no prefix given. +# option lua_prefix /luci +# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua + + # CGI/Lua timeout, if the called script does not + # write data within the given amount of seconds, + # the server will terminate the request with + # 504 Gateway Timeout response. + option script_timeout 60 + + # Network timeout, if the current connection is + # blocked for the specified amount of seconds, + # the server will terminate the associated + # request process. + option network_timeout 30 + + # Basic auth realm, defaults to local hostname +# option realm OpenWrt + + # Configuration file in busybox httpd format +# option config /etc/httpd.conf + +config uhttpd restful + list listen_http 0.0.0.0:8080 + option home /www + option cgi_prefix /sensor + option script_timeout 5 + option network_timeout 5 + +# Certificate defaults for px5g key generator +config cert px5g + + # Validity time + option days 730 + + # RSA key size + option bits 1024 + + # Location + option country DE + option state Berlin + option location Berlin + + # Common name + option commonname OpenWrt + diff --git a/mote/v2/openwrt/files/etc/config/wireless b/mote/v2/openwrt/files/etc/config/wireless new file mode 100644 index 0000000..a099c79 --- /dev/null +++ b/mote/v2/openwrt/files/etc/config/wireless @@ -0,0 +1,18 @@ +config wifi-device wifi0 + option type atheros + option channel auto + option mode 11bg + option diversity 0 + option txantenna 1 + option rxantenna 1 + option disabled 0 + +config wifi-iface + option device wifi0 + option network wan + option mode sta + option nosbeacon 1 + option hidden 0 + option ssid zwaluw + option encryption wep + option key 4ae56b7820f6b6b3cba78da46b diff --git a/mote/v2/openwrt/files/etc/hosts b/mote/v2/openwrt/files/etc/hosts new file mode 100644 index 0000000..8b0d1ae --- /dev/null +++ b/mote/v2/openwrt/files/etc/hosts @@ -0,0 +1,2 @@ +127.0.0.1 localhost +192.168.255.1 flukso diff --git a/mote/v2/openwrt/files/etc/inittab b/mote/v2/openwrt/files/etc/inittab new file mode 100644 index 0000000..e8f1146 --- /dev/null +++ b/mote/v2/openwrt/files/etc/inittab @@ -0,0 +1,2 @@ +::sysinit:/etc/init.d/rcS S boot +::shutdown:/etc/init.d/rcS K stop diff --git a/mote/v2/openwrt/files/etc/passwd b/mote/v2/openwrt/files/etc/passwd new file mode 100644 index 0000000..208c93d --- /dev/null +++ b/mote/v2/openwrt/files/etc/passwd @@ -0,0 +1,3 @@ +root:$1$VtdkJasi$HdGYp/XcbJmQ3BInhA/ki/:0:0:root:/root:/bin/ash +nobody:*:65534:65534:nobody:/var:/bin/false +daemon:*:65534:65534:daemon:/var:/bin/false diff --git a/mote/v2/openwrt/files/etc/rc.local b/mote/v2/openwrt/files/etc/rc.local new file mode 100644 index 0000000..584da98 --- /dev/null +++ b/mote/v2/openwrt/files/etc/rc.local @@ -0,0 +1,7 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +# set the wifi led pin (=GPIO 7) direction to output +gpioctl dirout 7 + +exit 0 diff --git a/mote/v2/openwrt/files/etc/ssl/certs/flukso.ca.crt b/mote/v2/openwrt/files/etc/ssl/certs/flukso.ca.crt new file mode 100644 index 0000000..3296017 --- /dev/null +++ b/mote/v2/openwrt/files/etc/ssl/certs/flukso.ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJANYOkpI6yVcFMA0GCSqGSIb3DQEBBQUAMDMxCzAJBgNV +BAYTAkJFMQ8wDQYDVQQKEwZGbHVrc28xEzARBgNVBAMTCmZsdWtzby5uZXQwHhcN +MTAwNjAxMjE1ODAyWhcNMzUwNTI2MjE1ODAyWjAzMQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGRmx1a3NvMRMwEQYDVQQDEwpmbHVrc28ubmV0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA6CtNI3YrF/7Ak3etIe+XnL4HwJYki4PyaWI4S7W1 +49C9W5AEbEd7ufnsaku3eVxMqOP6b5L7MFpCCGDiM1Zt32yYAcL65eCrofZw1DE0 +SuWos0Z1P4y2rIUFHya8g8bUh7lUvq30IBgnnUh7Lo0eQT1XfnC/KMUnvseHI/iw +Y3HhYX+espsCPh1a0ATLlEk93XK99q/5mgojSGQxmwPj/91mOWmJOO4edEQAhK+u +t6wCNxZNnf9yyyzzLczwMytfrwBWJEJjJFTfr3JiEmHdl4dt7UiuElGLMr9dFhPV +12Bidxszov663ffUiIUmV/fkMWF1ZEWXFS0x+VJ52seChwIDAQABo4GVMIGSMB0G +A1UdDgQWBBQGMvERFrapN1lmOm9SVR8qB+uj/zBjBgNVHSMEXDBagBQGMvERFrap +N1lmOm9SVR8qB+uj/6E3pDUwMzELMAkGA1UEBhMCQkUxDzANBgNVBAoTBkZsdWtz +bzETMBEGA1UEAxMKZmx1a3NvLm5ldIIJANYOkpI6yVcFMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAOZjgNoNhJLckVMEYZiYWqRDWeRPBkyGStCH93r3 +42PpuKDyysxI1ldLTcUpUSrs1AtdSIEiEahWr6zVW4QW4o9iqO905E03aTO86L+P +j7SIBPP01M2f70pHpnz+uH1MDxsarI96qllslWfymYI7c6yUN/VciWfNWa38nK1l +MiQJuDvElNy8aN1JJtXHFUQK/I8ois1ATT1rGAiqrkDZIm4pdDmqB/zLI3qIJf8o +cKIo2x/YkVhuDmIpU/XVA13csXrXU+CLfFyNdY1a/6Dhv2B4wG6J5RGuxWmA+Igg +TTysD+aqqzs8XstqDu/aLjMzFKMaXNvDoCbdFQGVXfx0F1A= +-----END CERTIFICATE----- diff --git a/mote/v2/openwrt/files/etc/sysctl.conf b/mote/v2/openwrt/files/etc/sysctl.conf new file mode 100644 index 0000000..8989ee9 --- /dev/null +++ b/mote/v2/openwrt/files/etc/sysctl.conf @@ -0,0 +1,28 @@ +kernel.panic=3 +net.ipv4.conf.default.arp_ignore=1 +net.ipv4.conf.all.arp_ignore=1 +net.ipv4.ip_forward=1 +net.ipv4.icmp_echo_ignore_broadcasts=1 +net.ipv4.icmp_ignore_bogus_error_responses=1 +net.ipv4.tcp_ecn=0 +net.ipv4.tcp_fin_timeout=30 +net.ipv4.tcp_keepalive_time=120 +net.ipv4.tcp_syncookies=1 +net.ipv4.tcp_timestamps=0 +net.core.netdev_max_backlog=30 +net.netfilter.nf_conntrack_checksum=0 +net.ipv4.netfilter.ip_conntrack_checksum=0 +net.ipv4.netfilter.ip_conntrack_max=16384 +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 +# net.ipv6.conf.all.forwarding=1 + +# disable bridge firewalling by default +net.bridge.bridge-nf-call-arptables=0 +net.bridge.bridge-nf-call-ip6tables=0 +net.bridge.bridge-nf-call-iptables=0 + +# blink the wifi led (= GPIO7) +dev.wifi0.softled=1 +dev.wifi0.ledpin=7