epoch

.dockerignore

@@ -0,0 +1,4 @@
+/build
+/cache
+/temp
+

.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+/build
+/cache
+/temp

Dockerfile

@@ -0,0 +1,5 @@
+FROM alpine:3.14
+# Ref: https://openwrt.org/docs/guide-user/additional-software/imagebuilder
+RUN  apk --no-cache add build-base bash gawk bzip2 git python2 gettext
+COPY . /build
+WORKDIR /build

Makefile

@@ -0,0 +1,84 @@
+OPENWRT_RELEASE = 19.07.7
+OPENWRT_TARGET = ath79/generic
+OPENWRT_PROFILE = tplink_tl-wr1043nd-v2
+export OPENWRT_RELEASE OPENWRT_TARGET OPENWRT_PROFILE
+
+CONFIG = base
+IDENT = default
+DOCKER_TAG = git.projectflower.eu/flower/stigma
+export CONFIG IDENT
+
+TOP = $(shell pwd)
+CACHE_DIR = ./cache
+WORK_DIR = ./temp
+OUT_DIR = ./build
+export CACHE_DIR WORK_DIR OUT_DIR
+
+OPENWRT_FILES =
+OPENWRT_PACKAGES =
+OPENWRT_EXTRA_NAME = flower
+export OPENWRT_FILES OPENWRT_PACKAGES OPENWRT_EXTRA_NAME
+
+FILES_DIR = $(WORK_DIR)/files/$(OPENWRT_RELEASE)-$(OPENWRT_TARGET)-$(OPENWRT_PROFILE)-$(CONFIG)-$(IDENT)
+
+
+.PHONY: docker
+docker:
+	docker build -t $(DOCKER_TAG) .
+
+docker.%: docker
+	docker run \
+		-v /build/$(CACHE_FOLDER):$(TOP)/$(CACHE_FOLDER) \
+		-v /build/$(OUT_DIR):$(TOP)/$(OUT_DIR) \
+		--rm $(DOCKER_TAG) \
+		$(patsubst docker.%,%,$@) $(MAKEFLAGS)
+
+include $(wildcard configs/*.mk)
+
+.PHONY: image
+image: $(OUT_DIR)/openwrt-$(OPENWRT_RELEASE)-$(subst /,-,$(OPENWRT_TARGET))-$(CONFIG)-$(IDENT)/
+
+
+.SECONDARY:
+
+# Vital directories
+
+$(CACHE_DIR) $(WORK_DIR) $(OUT_DIR):
+	mkdir -p $@
+
+# The imagebuilder archive
+
+$(CACHE_DIR)/openwrt-imagebuilder-%.tar.xz: $(CACHE_DIR)
+	curl -sL https://downloads.openwrt.org/releases/$(OPENWRT_RELEASE)/targets/$(OPENWRT_TARGET)/$(notdir $@) -o $@
+
+# The extracted imagebuilder
+
+$(WORK_DIR)/%: $(CACHE_DIR)/%.tar.xz $(WORK_DIR)
+	tar -xC $(dir $@) -f $<
+
+# The main image!
+
+$(OUT_DIR)/openwrt-%-$(CONFIG)-$(IDENT)/: $(WORK_DIR)/openwrt-imagebuilder-%.$(shell uname -s)-$(shell uname -m) $(OUT_DIR)
+	rm -rf $(TOP)/$(FILES_DIR) && mkdir -p $(TOP)/$(FILES_DIR)
+
+	for f in $(OPENWRT_FILES); do \
+		cp -R $(TOP)/$$f/* $(TOP)/$(FILES_DIR); \
+	done
+
+	find "$(TOP)/$(FILES_DIR)" -name '*.env' | while read f; do \
+		envsubst < "$$f" > "$${f%%.env}" && rm "$$f"; \
+	done
+	find "$(TOP)/$(FILES_DIR)" -name '*.append.*' | while read f; do \
+		cat "$$f" >> "$${f%%.append.*}" && rm "$$f"; \
+	done
+
+	umask 022 && make -C $< \
+		image \
+		PROFILE=$(OPENWRT_PROFILE) \
+		PACKAGES="$(OPENWRT_PACKAGES)" \
+		FILES=$(TOP)/$(FILES_DIR) \
+		BIN_DIR=$(TOP)/$(WORK_DIR) \
+		EXTRA_IMAGE_NAME="$(OPENWRT_EXTRA_NAME)" \
+
+	mkdir -p $@
+	cp $(WORK_DIR)/*$(OPENWRT_EXTRA_NAME)*.bin $@

configs/base.mk

@@ -0,0 +1,25 @@
+export ARCADE_ID
+export ARCADE_SLUG
+export ARCADE_NAME
+
+export NETWORK_DHCP_ADDR
+NETWORK_DHCP_MASK = 255.255.255.0
+export NETWORK_DHCP_MASK
+
+export NETWORK_TEST_CONNECTIVITY
+export NETWORK_TEST_SERVICE
+
+NETWORK_DNS_SERVERS = 9.9.9.9
+export NETWORK_DNS_SERVERS
+export NETWORK_DNS_SERVER_OVERRIDES
+export NETWORK_DNS_ADDR_OVERRIDES
+
+.PHONY: base
+base: OPENWRT_PACKAGES += luci-ssl
+base: OPENWRT_FILES += configs/base
+base:
+	@$(MAKE) \
+		RELEASE=$(RELEASE) TARGET=$(TARGET) PROFILE=$(PROFILE) \
+		CONFIG=$(CONFIG) IDENT=$(IDENT) \
+		OPENWRT_FILES="$(OPENWRT_FILES)" OPENWRT_PACKAGES="$(OPENWRT_PACKAGES)" OPENWRT_EXTRA_NAME=$(OPENWRT_EXTRA_NAME) \
+		image

configs/base/etc/config/system.env

@@ -0,0 +1,17 @@
+
+config system
+	option ttylogin '0'
+	option log_size '64'
+	option urandom_seed '0'
+	option zonename 'UTC'
+	option hostname '${ARCADE_SLUG}-gateway'
+	option log_proto 'udp'
+	option conloglevel '8'
+	option cronloglevel '5'
+
+config timeserver 'ntp'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'
+

configs/base/etc/passwd

@@ -0,0 +1,7 @@
+root:x:0:0:root:/root:/bin/ash
+daemon:*:1:1:daemon:/var:/bin/false
+ftp:*:55:55:ftp:/home/ftp:/bin/false
+network:*:101:101:network:/var:/bin/false
+nobody:*:65534:65534:nobody:/var:/bin/false
+dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
+arcadeop:*:100:100:arcade operator:/home/arcadeop:/bin/ash

configs/base/etc/stigma.conf.env

@@ -0,0 +1,11 @@
+arcade_id=${ARCADE_ID}
+arcade_slug="${ARCADE_SLUG}"
+arcade_name="${ARCADE_NAME}"
+
+network_dhcp_addr="${NETWORK_DHCP_ADDR}"
+network_dhcp_mask="${NETWORK_DHCP_MASK}"
+network_dns_servers="${NETWORK_DNS_SERVERS}"
+network_dns_server_overrides="${NETWORK_DNS_SERVER_OVERRIDES}"
+network_dns_addr_overrides="${NETWORK_DNS_ADDR_OVERRIDES}"
+network_test_connectivity="${NETWORK_TEST_CONNECTIVITY}"
+network_test_service="${NETWORK_TEST_SERVICE}"

configs/base/etc/uci-defaults/90-set-dhcp-range

@@ -0,0 +1,7 @@
+#!/bin/sh
+. /etc/stigma.conf
+uci -q batch <<EOI
+set network.lan.ipaddr=${network_dhcp_addr}
+set network.lan.netmask=${network_dhcp_mask}
+commit network
+EOI

configs/base/etc/uci-defaults/91-set-dns-overrides

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -e
+
+. /etc/stigma.conf
+
+if [ -z "$network_dns_servers" ]; then
+	dns_servers="$(uci get dhcp.@dnsmasq[0].server || true)"
+else
+	dns_servers="$network_dns_servers"
+fi
+uci -q delete dhcp.@dnsmasq[0].server || true
+
+for addr in $network_dns_server_overrides; do
+	uci -q add_list "dhcp.@dnsmasq[0].server=/${addr/=/\/}"
+	uci -q add_list "dhcp.@dnsmasq[0].rebind_domain=${addr%%=*}"
+done
+
+for addr in $network_dns_addr_overrides; do
+	uci -q add_list "dhcp.@dnsmasq[0].address=/${addr/=/\/}"
+	uci -q add_list "dhcp.@dnsmasq[0].rebind_domain=${addr%%=*}"
+done
+
+for addr in $dns_servers; do
+	uci -q add_list "dhcp.@dnsmasq[0].server=$addr"
+done
+
+uci -q commit dhcp

configs/dev-ar750s.mk

@@ -0,0 +1,4 @@
+.PHONY: dev-ar750s
+dev-ar750s: OPENWRT_TARGET = ar71xx/generic
+dev-ar750s: OPENWRT_PROFILE = gl-ar750s
+dev-ar750s: flower

configs/dev-edgerouter.mk

@@ -0,0 +1,4 @@
+.PHONY: dev-edgerouter
+dev-edgerouter: OPENWRT_TARGET = ramips/mt7621
+dev-edgerouter: OPENWRT_PROFILE = ubnt-erx
+dev-edgerouter: flower

configs/dev-wr1043.mk

@@ -0,0 +1,4 @@
+.PHONY: dev-wr1043
+dev-wr1043: OPENWRT_TARGET = ath79/generic
+dev-wr1043: OPENWRT_PROFILE = tplink_tl-wr1043nd-v2
+dev-wr1043: flower

configs/flower.mk

@@ -0,0 +1,7 @@
+flower: OPENWRT_FILES += configs/flower
+flower: NETWORK_DHCP_ADDR = 10.57.$(ARCADE_ID).1
+flower: NETWORK_DHCP_MASK = 255.255.255.0
+flower: NETWORK_DNS_SERVER_OVERRIDES += konami.fun=10.57.0.1 konami.com=10.57.0.1 vpn.projectflower.eu=9.9.9.9 projectflower.eu=10.57.0.1
+flower: NETWORK_TEST_CONNECTIVITY = 10.57.0.1
+flower: NETWORK_TEST_SERVICE = https://kailua.projectflower.eu/healthcheck
+flower: openvpn

configs/flower/etc/shadow

@@ -0,0 +1,7 @@
+root:$1$nD9GRZx3$/YjrAE4vGcWCgKR8iJYaE.:18673:0:99999:7:::
+daemon:*:0:0:99999:7:::
+ftp:*:0:0:99999:7:::
+network:*:0:0:99999:7:::
+nobody:*:0:0:99999:7:::
+dnsmasq:x:0:0:99999:7:::
+arcadeop:$1$y1NGWVs/$S3iq5aHdv1QavoL9Lea7B.:18838:0:99999:7:::

configs/flower/root/.ssh/authorized_keys

@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1ziwgGDDl7dTnVhBwCXZ83JPQ1x/eBhoqKOzfsU4Gpl5D/aKXz1370H2IFIk63Mf8uzemV79SbvyX2GAkcgAzcSovyuhkzE+eGiFLrY32vSQqIkLMagPMlaTEymDnqVqRgnAySJ/jSsRD9GlCZwavsRCe25Zgcd2zCT62XwFFD/GluEORuuxZp+J2bsLE1dGKHhjCTdMtGQ53mk5JcWyKEj52h0s+7Hugo2PMADGV0qU1yvPEzD6wriz0CvNUpEDGWSek43/lby4B9Z+wXcCGMaQ4K3weIL7D9Ft2ceFmrNV9VfM1EE5hurdJaNqGl4WRbzk7+CKz32TMT95nbJIb
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2t+FnefS21FLxrcPURgU2p9yXKmqGrFGLC9Xm+7lgG

configs/flower/www/index.html.env

@@ -0,0 +1,115 @@
+<!DOCTYPE html>
+
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml" class="h-100">
+<head>
+    <meta charset="utf-8" />
+    <style>
+        .fullsplash-container {
+            font-family: 'Cabin', sans-serif;
+            color: white;
+        }
+
+        .lead-title {
+            flex: 0 0 10vw;
+            font-size: 96px;
+            font-weight: bold;
+            font-family: 'Cabin', sans-serif;
+        }
+        .content {
+            flex: 1;
+            justify-content: center;
+            text-shadow: 2px 2px 10px #666;
+        }
+        .content b {
+            text-shadow: 2px 2px 1px #444;
+        }
+
+        .environment {
+            font-family: 'Inconsolata', monospace;
+            text-transform: uppercase;
+            font-weight: bold;
+            color: black;
+            opacity: 0.2;
+            content: "LOL";
+            font-size: 80px;
+            position: fixed;
+            bottom: 0;
+            right: 0;
+            padding-right: 1vw;
+            padding-bottom: 30px;
+            order: 1;
+        }
+        .environment::before {
+            color: #bbbbbb;
+            content: "{";
+        }
+        .environment::after{
+            color: #bbbbbb;
+            content: "}";
+        }
+    </style>
+
+    <title>${ARCADE_NAME} - Flower Gateway Router</title>
+    <link rel="shortcut icon" href="/favicon.ico">
+    <link rel="stylesheet" href="/static/flower.css" type="text/css; charset=utf-8">
+</head>
+
+<body class="bg-colorize-prod h-100">
+    <div class="site-wrapper h-100">
+        <div class="fixed-top">
+            <nav class="navbar navbar-expand-lg navbar-light bg-light" role="navigation">
+                <div class="container">
+                    <a class="navbar-brand" href="/">
+                        <img class="d-inline-block align-top" src="/static/logo_navbar.png" alt="Flower"/>
+                    </a>
+                   <div class="collapse navbar-collapse" id="navbarNaviMenu">
+                       <ul class="navbar-nav mr-auto"></ul>
+                       <div class="navbar-text">
+                           <div class="btn-group btn-group-sm">
+                               <a href="/cgi-bin/luci" class="btn btn-success text-white"><span class="fa fa-fw fa-sign-in"></span> Settings</a>
+                           </div>
+                       </div>
+                   </div>
+               </div>
+            </nav>
+        </div>
+        <div class="site-wrapper-content h-100 container-fluid">
+            <div class="fullsplash-container row h-100 align-items-center justify-content-center">
+                <div class="p-7 text-right">
+                    <div class="lead-title">Stigma</div>
+                </div>
+                <div class="p-5">
+                    <h3 class="project"><i>The ultimate modular router firmware</i>. Since 2021.</h3>
+                    <h5 class="credit">From your friends at <a href="https://projectflower.eu">Team Flower</a> and <a href="https://openwrt.org" rel="external">OpenWrt</a>.</h5>
+
+                    <div class="card border-primary">
+                        <ul class="list-group list-group-flush text-light">
+                            <li class="list-group-item text-right bg-success" id="healthcheck"><i class="fa fa-check-circle"></i> Everything looks fine!</li>
+                        </ul>
+                        <div class="card-body">
+                            <p class="card-text text-dark">
+                                <i class="fa fa-home" aria-hidden="true" data-toggle="tooltip" data-placement="left" title="Arcade Information"></i>
+                                <strong>${ARCADE_NAME}</strong> (#${ARCADE_ID})
+                                <br />
+                                <i class="fa fa-info-circle" aria-hidden="true" data-toggle="tooltip" data-placement="left" title="Firmware Information"></i>
+                                OpenWrt ${OPENWRT_RELEASE} (${OPENWRT_TARGET}/${OPENWRT_PROFILE})
+                                <br />
+                                <small>
+                                    <i class="fa fa-link" aria-hidden="true" data-toggle="tooltip" data-placement="left" title="Service Connection URL (for games)"></i> <b>http://kailua.projectflower.eu/game</b>
+                                </small>
+                            </p>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div class="footer">
+            <span style="cursor: help" data-toggle="popover" data-placement="top" data-trigger="hover" data-html="true" data-delay="500" title="<span class='fa fa-fw fa-chevron-right'></span><b>Sakura</b>">
+                <span class='fa fa-fw fa-heart'></span> Team Flower + OpenWrt Project 2021
+            </span>
+            |
+            <a href="mailto:bugs@projectflower.eu"><span class="fa fa-fw fa-bug" aria-hidden="true" data-toggle="tooltip" data-placement="left" title="Report a Bug"></span></a>
+        </div>
+    </div>
+</body>
+</html>

configs/openvpn.mk

@@ -0,0 +1,4 @@
+.PHONY: openvpn
+openvpn: OPENWRT_PACKAGES += openvpn-mbedtls luci-app-openvpn
+openvpn: OPENWRT_FILES += configs/openvpn
+openvpn: base

configs/openvpn/etc/config/openvpn

@@ -0,0 +1,4 @@
+
+config openvpn 'Flower'
+	option config '/etc/openvpn/Flower.ovpn'
+	option enabled '1'

configs/openvpn/etc/uci-defaults/98-openvpn-add-interface

@@ -0,0 +1,7 @@
+#!/bin/sh
+uci -q batch <<EOI
+set network.openvpn=interface
+set network.openvpn.proto=none
+set network.openvpn.ifname=ovpn
+commit network
+EOI

configs/openvpn/etc/uci-defaults/99-openvpn-into-lan

@@ -0,0 +1,5 @@
+#!/bin/sh
+uci -q batch <<EOI
+add_list firewall.@zone[0].network=openvpn
+commit firewall
+EOI