diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-06 01:25:30 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-06 01:25:30 +0100 |
| commit | d92fa0478e116a4f189ac1229d952c15dcb4b5c4 (patch) | |
| tree | 338cbceb3b3b1fdf5a7352503298110d6530c581 /files | |
| parent | c9bf4a2b4a3e3551cded907cc8feacb360f322af (diff) | |
| download | ap01-d92fa0478e116a4f189ac1229d952c15dcb4b5c4.tar ap01-d92fa0478e116a4f189ac1229d952c15dcb4b5c4.tar.gz ap01-d92fa0478e116a4f189ac1229d952c15dcb4b5c4.tar.bz2 ap01-d92fa0478e116a4f189ac1229d952c15dcb4b5c4.tar.xz ap01-d92fa0478e116a4f189ac1229d952c15dcb4b5c4.zip | |
ap01: ...
Diffstat (limited to 'files')
| -rw-r--r-- | files/files/etc/config/dropbear | 5 | ||||
| -rw-r--r-- | files/files/etc/config/firewall | 69 | ||||
| -rw-r--r-- | files/files/etc/config/network | 45 | ||||
| -rw-r--r-- | files/files/etc/config/system | 18 | ||||
| -rw-r--r-- | files/files/etc/config/wireless | 43 | ||||
| -rw-r--r-- | files/files/etc/dropbear/authorized_keys | 1 | ||||
| -rw-r--r-- | files/files/etc/dropbear/dropbear_ed25519_host_key.sops | 21 | ||||
| -rw-r--r-- | files/files/etc/fw_env.config | 1 | ||||
| -rw-r--r-- | files/files/etc/rc.local | 7 | ||||
| -rw-r--r-- | files/files/etc/shadow | 9 | ||||
| -rw-r--r-- | files/files/etc/sysctl.conf | 1 |
11 files changed, 220 insertions, 0 deletions
diff --git a/files/files/etc/config/dropbear b/files/files/etc/config/dropbear new file mode 100644 index 0000000..39ba220 --- /dev/null +++ b/files/files/etc/config/dropbear | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | config dropbear | ||
| 2 | option Port '22' | ||
| 3 | option PasswordAuth 'off' | ||
| 4 | option RootPasswordAuth 'off' | ||
| 5 | |||
diff --git a/files/files/etc/config/firewall b/files/files/etc/config/firewall new file mode 100644 index 0000000..9b4d252 --- /dev/null +++ b/files/files/etc/config/firewall | |||
| @@ -0,0 +1,69 @@ | |||
| 1 | config defaults | ||
| 2 | option syn_flood '1' | ||
| 3 | option input 'ACCEPT' | ||
| 4 | option output 'ACCEPT' | ||
| 5 | option forward 'REJECT' | ||
| 6 | |||
| 7 | config zone 'lan' | ||
| 8 | option name 'lan' | ||
| 9 | list network 'lan' | ||
| 10 | option input 'ACCEPT' | ||
| 11 | option output 'ACCEPT' | ||
| 12 | option forward 'REJECT' | ||
| 13 | |||
| 14 | config zone 'mgmt' | ||
| 15 | option name 'mgmt' | ||
| 16 | list network 'mgmt' | ||
| 17 | option input 'ACCEPT' | ||
| 18 | option output 'ACCEPT' | ||
| 19 | option forward 'REJECT' | ||
| 20 | |||
| 21 | config rule | ||
| 22 | option name 'Allow-Ping' | ||
| 23 | option src '*' | ||
| 24 | option proto 'icmp' | ||
| 25 | option icmp_type 'echo-request' | ||
| 26 | option family 'ipv4' | ||
| 27 | option target 'ACCEPT' | ||
| 28 | |||
| 29 | config rule | ||
| 30 | option name 'Allow-ICMPv6-Input' | ||
| 31 | option src '*' | ||
| 32 | option proto 'icmp' | ||
| 33 | list icmp_type 'echo-request' | ||
| 34 | list icmp_type 'echo-reply' | ||
| 35 | list icmp_type 'destination-unreachable' | ||
| 36 | list icmp_type 'packet-too-big' | ||
| 37 | list icmp_type 'time-exceeded' | ||
| 38 | list icmp_type 'bad-header' | ||
| 39 | list icmp_type 'unknown-header-type' | ||
| 40 | list icmp_type 'router-solicitation' | ||
| 41 | list icmp_type 'neighbour-solicitation' | ||
| 42 | list icmp_type 'router-advertisement' | ||
| 43 | list icmp_type 'neighbour-advertisement' | ||
| 44 | option limit '1000/sec' | ||
| 45 | option family 'ipv6' | ||
| 46 | option target 'ACCEPT' | ||
| 47 | |||
| 48 | config rule | ||
| 49 | option name 'Allow-ICMPv6-Forward' | ||
| 50 | option src '*' | ||
| 51 | option dest '*' | ||
| 52 | option proto 'icmp' | ||
| 53 | list icmp_type 'echo-request' | ||
| 54 | list icmp_type 'echo-reply' | ||
| 55 | list icmp_type 'destination-unreachable' | ||
| 56 | list icmp_type 'packet-too-big' | ||
| 57 | list icmp_type 'time-exceeded' | ||
| 58 | list icmp_type 'bad-header' | ||
| 59 | list icmp_type 'unknown-header-type' | ||
| 60 | option limit '1000/sec' | ||
| 61 | option family 'ipv6' | ||
| 62 | option target 'ACCEPT' | ||
| 63 | |||
| 64 | config rule | ||
| 65 | option name 'Allow-SSH' | ||
| 66 | option src '*' | ||
| 67 | option dest_port '22' | ||
| 68 | option proto 'tcp' | ||
| 69 | option target 'ACCEPT' | ||
diff --git a/files/files/etc/config/network b/files/files/etc/config/network new file mode 100644 index 0000000..288cdc9 --- /dev/null +++ b/files/files/etc/config/network | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | config interface 'loopback' | ||
| 2 | option ifname 'lo' | ||
| 3 | option proto 'static' | ||
| 4 | option ipaddr '127.0.0.1' | ||
| 5 | option netmask '255.0.0.0' | ||
| 6 | |||
| 7 | config globals 'globals' | ||
| 8 | option ula_prefix 'fd69:f71f:1364::/48' | ||
| 9 | |||
| 10 | config interface 'lan' | ||
| 11 | option type 'bridge' | ||
| 12 | option proto 'dhcp' | ||
| 13 | list ifname 'eth0.3' | ||
| 14 | list ifname 'eth0.101' | ||
| 15 | list ifname 'eth0.102' | ||
| 16 | |||
| 17 | config interface 'mgmt' | ||
| 18 | option type 'bridge' | ||
| 19 | option proto 'dhcp' | ||
| 20 | list ifname 'eth0.2' | ||
| 21 | |||
| 22 | config switch | ||
| 23 | option name 'switch0' | ||
| 24 | option reset '1' | ||
| 25 | option enable_vlan '1' | ||
| 26 | |||
| 27 | config switch_vlan | ||
| 28 | option device 'switch0' | ||
| 29 | option vlan '101' | ||
| 30 | option ports '3 0t' | ||
| 31 | |||
| 32 | config switch_vlan | ||
| 33 | option device 'switch0' | ||
| 34 | option vlan '102' | ||
| 35 | option ports '2 0t' | ||
| 36 | |||
| 37 | config switch_vlan | ||
| 38 | option device 'switch0' | ||
| 39 | option vlan '3' | ||
| 40 | option ports '2t 0t' | ||
| 41 | |||
| 42 | config switch_vlan | ||
| 43 | option device 'switch0' | ||
| 44 | option vlan '2' | ||
| 45 | option ports '2t 0t' \ No newline at end of file | ||
diff --git a/files/files/etc/config/system b/files/files/etc/config/system new file mode 100644 index 0000000..e5ccea0 --- /dev/null +++ b/files/files/etc/config/system | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | config system | ||
| 2 | option timezone 'UTC' | ||
| 3 | option ttylogin '0' | ||
| 4 | option log_size '64' | ||
| 5 | option urandom_seed '0' | ||
| 6 | option hostname 'ap01' | ||
| 7 | |||
| 8 | config timeserver 'ntp' | ||
| 9 | option enabled '1' | ||
| 10 | option enable_server '0' | ||
| 11 | list server '10.141.1.1' | ||
| 12 | |||
| 13 | config led | ||
| 14 | option name 'BlueDome' | ||
| 15 | option trigger 'none' | ||
| 16 | option brightness '0' | ||
| 17 | option default '0' | ||
| 18 | option sysfs 'blue:dome' | ||
diff --git a/files/files/etc/config/wireless b/files/files/etc/config/wireless new file mode 100644 index 0000000..6204c21 --- /dev/null +++ b/files/files/etc/config/wireless | |||
| @@ -0,0 +1,43 @@ | |||
| 1 | config wifi-device 'radio0' | ||
| 2 | option type 'mac80211' | ||
| 3 | option hwmode '11a' | ||
| 4 | option path 'pci0000:00/0000:00:00.0' | ||
| 5 | option htmode 'VHT80' | ||
| 6 | option country 'DE' | ||
| 7 | option disabled '0' | ||
| 8 | option channel '60' | ||
| 9 | |||
| 10 | config wifi-iface 'default_radio0' | ||
| 11 | option device 'radio0' | ||
| 12 | option network 'lan' | ||
| 13 | option mode 'ap' | ||
| 14 | option key '<passphrase>' | ||
| 15 | option ssid 'shannon' | ||
| 16 | option encryption 'psk2+ccmp' | ||
| 17 | option ieee80211r '1' | ||
| 18 | option mobility_domain 'e612' | ||
| 19 | option ft_psk_generate_local '1' | ||
| 20 | option ft_over_ds '1' | ||
| 21 | option pmk_r1_push '1' | ||
| 22 | |||
| 23 | config wifi-device 'radio1' | ||
| 24 | option type 'mac80211' | ||
| 25 | option channel '11' | ||
| 26 | option hwmode '11g' | ||
| 27 | option path 'platform/ahb/18100000.wmac' | ||
| 28 | option htmode 'HT20' | ||
| 29 | option country 'DE' | ||
| 30 | option disabled '0' | ||
| 31 | |||
| 32 | config wifi-iface 'default_radio1' | ||
| 33 | option device 'radio1' | ||
| 34 | option network 'lan' | ||
| 35 | option mode 'ap' | ||
| 36 | option ssid 'shannon' | ||
| 37 | option encryption 'psk2+ccmp' | ||
| 38 | option key '<passphrase>' | ||
| 39 | option ieee80211r '1' | ||
| 40 | option mobility_domain 'e612' | ||
| 41 | option ft_psk_generate_local '1' | ||
| 42 | option ft_over_ds '1' | ||
| 43 | option pmk_r1_push '1' | ||
diff --git a/files/files/etc/dropbear/authorized_keys b/files/files/etc/dropbear/authorized_keys new file mode 100644 index 0000000..e9aaf21 --- /dev/null +++ b/files/files/etc/dropbear/authorized_keys | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrHPERae+OUTNOzNf9d2767ljFCm5hgmQw48Dj4RrlU gkleen@sif.midgard.yggdrasil | |||
diff --git a/files/files/etc/dropbear/dropbear_ed25519_host_key.sops b/files/files/etc/dropbear/dropbear_ed25519_host_key.sops new file mode 100644 index 0000000..4757e37 --- /dev/null +++ b/files/files/etc/dropbear/dropbear_ed25519_host_key.sops | |||
| @@ -0,0 +1,21 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:VLWYJ9WkBtH428VWlrb5Bwtcp8ONUPxcvW9cNFC0dpEf+i1FKHHoaQJ7t6jTAn2vR/tW3gQ1NQw1OG42ISaDyvOZvx2Axl3Y20LdYL/TcJ0ZV08=,iv:uIllCug5SLdx5Z72GNdVr9LFbFA7tNNVhAbJhWqwgDQ=,tag:rR0Za81+313HsggbDoppdQ==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-01-05T23:40:44Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:4X+vdVWKrr7zlVAlRPd3ZCrVQIcqtHfEoxncemPvgPN4OrBoKLhKOkFn0UmzM3FxOfQsTVagvLzcz2TjQ6iwpeigzGETIdMSolOLg1mSwk1+mJliTaOZUTuTvkybZJYda1DKcpRY61HAVAWjPNgxtGe/VdSAhbQFmlgx3Vbi+fc=,iv:HOoc4ojQBKoaCp/qLFEs/HJAL9ilknhqpM7xgP4ZQ4o=,tag:Ih+mzHyk3u/3mOCR8/kyXw==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-01-05T23:40:44Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA2WT0pJ8xrYTjc1nz1oAmjUptqCbFRC4WvyiO69w8Riww\n9dGqIDPFj63lC/WgzWdbLdBw4mga6JPV81BJUZvmf6u3EIH9d97Dvch4jMdJgY0t\n0l4BUw/tckmp6bGjsrswU5HOn6M8fXcRPUz1tIl71XjpKsTy5z40W+Afzg+Oetly\nrNEIJNHS+tOVNaACi8mWjBa/aZmXHAY96kT0wViwDM6CI7kbqupEL6ZEXl5ENfJa\n=i4pI\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 16 | } | ||
| 17 | ], | ||
| 18 | "unencrypted_suffix": "_unencrypted", | ||
| 19 | "version": "3.7.1" | ||
| 20 | } | ||
| 21 | } \ No newline at end of file | ||
diff --git a/files/files/etc/fw_env.config b/files/files/etc/fw_env.config new file mode 100644 index 0000000..a2a2b3c --- /dev/null +++ b/files/files/etc/fw_env.config | |||
| @@ -0,0 +1 @@ | |||
| /dev/mtd1 0x0000 0x10000 0x10000 | |||
diff --git a/files/files/etc/rc.local b/files/files/etc/rc.local new file mode 100644 index 0000000..569c686 --- /dev/null +++ b/files/files/etc/rc.local | |||
| @@ -0,0 +1,7 @@ | |||
| 1 | # Put your custom commands here that should be executed once | ||
| 2 | # the system init finished. By default this file does nothing. | ||
| 3 | |||
| 4 | echo "timer" > /sys/class/leds/ubnt\:blue\:dome/trigger | ||
| 5 | sleep 1 | ||
| 6 | echo "none" > /sys/class/leds/ubnt\:blue\:dome/trigger | ||
| 7 | exit 0 | ||
diff --git a/files/files/etc/shadow b/files/files/etc/shadow new file mode 100644 index 0000000..6511d4f --- /dev/null +++ b/files/files/etc/shadow | |||
| @@ -0,0 +1,9 @@ | |||
| 1 | root:x:0:0:99999:7::: | ||
| 2 | daemon:*:0:0:99999:7::: | ||
| 3 | ftp:*:0:0:99999:7::: | ||
| 4 | network:*:0:0:99999:7::: | ||
| 5 | nobody:*:0:0:99999:7::: | ||
| 6 | ntp:x:0:0:99999:7::: | ||
| 7 | dnsmasq:x:0:0:99999:7::: | ||
| 8 | logd:x:0:0:99999:7::: | ||
| 9 | ubus:x:0:0:99999:7::: \ No newline at end of file | ||
diff --git a/files/files/etc/sysctl.conf b/files/files/etc/sysctl.conf new file mode 100644 index 0000000..75dd97e --- /dev/null +++ b/files/files/etc/sysctl.conf | |||
| @@ -0,0 +1 @@ | |||
| net.ipv6.conf.default.accept_ra=1 | |||