-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathopenwrt-configure.sh
executable file
·164 lines (133 loc) · 5.99 KB
/
openwrt-configure.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/bin/bash
# Example usage:
# ./openwrt-configure.sh 192.168.88.1 main
# ./openwrt-configure.sh 192.168.88.2
ROUTER_IP="${ROUTER_IP=$1}"
# DEVICE can be main or <nothing>
DEVICE="${DEVICE:-$2}"
FULL_WPAD="${FULL_WPAD:-'true'}"
INSTALL_BRIDGER=${INSTALL_BRIDGER:-'false'}
INSTALL_DAWN=${INSTALL_DAWN:-'false'}
INSTALL_USTEER=${INSTALL_USTEER:-'false'}
INSTALL_DNSCRYPT_PROXY2=${INSTALL_DNSCRYPT_PROXY2:-'true'}
INSTALL_UNBOUND=${INSTALL_UNBOUND:-'false'}
INSTALL_ADGUARDHOME=${INSTALL_ADGUARDHOME:-'false'}
CRYPTO_LIB=${CRYPTO_LIB:-'openssl'} # wolfssl or openssl; if empty - mbedtls
# ADDITIONAL_PACKAGES=${ADDITIONAL_PACKAGES:-'kmod-mt7921e kmod-mt7921-common kmod-mt7921-firmware kmod-mt7925-common kmod-mt7925e'}
ADDITIONAL_PACKAGES=${ADDITIONAL_PACKAGES:-'bmon rsync bind-dig ethtool-full pciutils tcpdump iperf3 vim'}
INSTALL_LANG_PACKAGES=${INSTALL_LANG_PACKAGES:-'true'}
INSTALL_MINIMUM_PACKAGES=${INSTALL_MINIMUM_PACKAGES:-'false'}
SQM_TOOL=${SQM_TOOL:-'qosify'} # or luci-app-sqm
if [ -z "$ROUTER_IP" ]; then
echo "Please provide router ip like: 192.168.1.1"
exit 1
fi
COMMAND="opkg update"
if [[ "$FULL_WPAD" =~ True|true ]]; then
FS_FULL_WPAD_PACKAGES="-wpad-basic-mbedtls"
fi
if [ -z "$CRYPTO_LIB" ]; then
FS_FULL_WPAD_PACKAGES="$FS_FULL_WPAD_PACKAGES wpad-mbedtls"
COMMAND="$COMMAND; opkg remove wpad-basic-mbedtls; opkg install wpad-mbedtls"
fi
if [ -n "$CRYPTO_LIB" ]; then
COMMAND="$COMMAND; opkg remove wpad-basic-mbedtls; opkg install wpad-$CRYPTO_LIB"
if [[ "$CRYPTO_LIB" =~ ^(Wolfssl|wolfssl)$ ]]; then
FS_FULL_WPAD_PACKAGES="$FS_FULL_WPAD_PACKAGES -apk-mbedtls -libustream-mbedtls -libmbedtls libustream-wolfssl wpad-wolfssl apk-wolfssl"
elif [[ "$CRYPTO_LIB" =~ ^(Openssl|openssl)$ ]]; then
FS_FULL_WPAD_PACKAGES="$FS_FULL_WPAD_PACKAGES -apk-mbedtls -libustream-mbedtls -libmbedtls libustream-openssl wpad-openssl apk-openssl"
fi
fi
# basic packages
PACKAGES="collectd collectd-mod-sensors \
collectd-mod-dns collectd-mod-wireless \
luci-app-statistics luci htop curl owut \
irqbalance luci-app-irqbalance"
# additional
# fping kmod-crypto-user kmod-cryptodev
if [[ "$INSTALL_MINIMUM_PACKAGES" =~ True|true ]]; then
if [[ "$CRYPTO_LIB" =~ ^(Wolfssl|wolfssl|Openssl|openssl)$ ]]; then
echo -e "By choosing INSTALL_MINIMUM_PACKAGES, consider to use:\n\n export CRYPTO_LIB=mbedtls\n\n"
fi
if [[ "$INSTALL_DNSCRYPT_PROXY2" =~ True|true ]]; then
echo -e "It is not good to choose INSTALL_DNSCRYPT_PROXY2 on low space device!"
exit 1
fi
if [[ "$INSTALL_ADGUARDHOME" =~ True|true ]]; then
echo -e "It is not good to choose INSTALL_ADGUARDHOME on low space device!"
exit 1
fi
fi
if [[ "$INSTALL_DAWN" =~ True|true ]]; then
PACKAGES="$PACKAGES dawn luci-app-dawn"
fi
if [[ "$INSTALL_USTEER" =~ True|true ]]; then
PACKAGES="$PACKAGES usteer luci-app-usteer luci-i18n-usteer-pl"
fi
# additional packages
if [[ "$DEVICE" =~ Main|main ]]; then
PACKAGES="$PACKAGES luci-proto-wireguard kmod-wireguard wireguard-tools qrencode"
# PACKAGES="$PACKAGES luci-app-sqm"
PACKAGES="$PACKAGES $SQM_TOOL"
PACKAGES="$PACKAGES ddns-scripts luci-app-ddns bind-host"
if [[ "$INSTALL_DNSCRYPT_PROXY2" =~ True|true ]]; then
PACKAGES="$PACKAGES dnscrypt-proxy2"
fi
if [[ "$INSTALL_UNBOUND" =~ True|true ]]; then
PACKAGES="$PACKAGES unbound-daemon luci-app-unbound"
fi
if [[ "$INSTALL_ADGUARDHOME" =~ True|true ]]; then
PACKAGES="$PACKAGES adguardhome"
fi
fi
if ! [[ "$DEVICE" =~ Main|main ]] && [[ "$INSTALL_BRIDGER" =~ True|true ]]; then
PACKAGES="$PACKAGES bridger"
fi
if [[ "$INSTALL_LANG_PACKAGES" =~ True|true ]]; then
PACKAGES="$PACKAGES luci-i18n-firewall-pl luci-i18n-irqbalance-pl luci-i18n-statistics-pl luci-i18n-base-pl"
fi
COMMAND="$COMMAND; opkg install $PACKAGES $ADDITIONAL_PACKAGES; /etc/init.d/uhttpd start ; /etc/init.d/uhttpd enable;"
read -n 1 -r -p "Should I execute command: $COMMAND on root@$ROUTER_IP? " yn
case $yn in
[Yy]* ) ssh "root@$ROUTER_IP" "$COMMAND $PACKAGES";;
[Nn]* ) echo -e "\n\nFor firmware-selector.org: \n\n$PACKAGES $FS_FULL_WPAD_PACKAGES $ADDITIONAL_PACKAGES" ; exit 0;;
* ) echo "Please answer yes or no. If no, will show you packages for firmware-selector ;)";;
esac
echo -e "\n\nPackage installation completed!\n\n"
read -n 1 -r -p "Should I reboot device $ROUTER_IP? " yn
case $yn in
[Yy]* ) ssh "root@$ROUTER_IP" reboot;;
[Nn]* ) exit;;
* ) echo "Please answer yes or no.";;
esac
# For https://firmware-selector.openwrt.org/
# Add packages. NOTE: To install wpad-wolfssl, just replace the package name with wpad-basic-wolfssl
### basic
# opkg update;
# opkg install collectd collectd-mod-sensors collectd-mod-dns collectd-mod-wireless luci-app-statistics luci luci-i18n-base-pl vim htop curl iperf3 luci-app-attendedsysupgrade auc bmon irqbalance luci-app-irqbalance rsync
#
### additional
# opkg install bind-dig ethtool-full pciutils tcpdump
### wireguard
# luci-proto-wireguard kmod-wireguard wireguard-tools qrencode
### DNS over HTTPS
unbound-daemon luci-app-unbound
### DDNS
# ddns-scripts luci-app-ddns bind-host
### Bufferbloat - install SQM - https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm
# luci-app-sqm luci-i18n-sqm-pl sqm-scripts-extra
# # OR
# qosify - https://forum.openwrt.org/t/qosify-new-package-for-dscp-marking-cake/111789/1122
### Better roaming
# usteer luci-app-usteer
# OR
# dawn luci-app-dawn
### to use mbedtls, replace:
# libustream-wolfssl and wpad-basic-wolfssl *WITH* libustream-mbedtls and wpad-basic-mbedtls.
# to enable 802.11k/v replace:
# wpad-basic-mbedtls with wpad-mbedtls
# To replace mbedtls with openssl via firmware-selector, just add:
# -wpad-basic-mbedtls -libustream-mbedtls -libmbedtls libustream-openssl wpad-openssl -apk-mbedtls apk-openssl
#
# To replace mbedtls with wolfssl via firmware-selector, just add:
# -wpad-basic-mbedtls -libustream-mbedtls -libmbedtls libustream-wolfssl wpad-wolfssl -apk-mbedtls apk-wolfssl