From 76ce6c4ca3809e77b5cbb6c80556322c6ed3f1f9 Mon Sep 17 00:00:00 2001 From: backup-bot Date: Fri, 15 May 2026 02:03:00 +0000 Subject: [PATCH] Monthly OpenWrt backup Fri May 15 02:03:00 UTC 2026 --- bkps/wrt-bkp-172.16.1.1.sh | 1 + bkps/wrt-bkp-172.16.11.4.sh | 107 +- bkps/wrt-bkp-172.16.11.7.sh | 2173 +++------------------------------- bkps/wrt-bkp-172.16.111.7.sh | 90 +- bkps/wrt-bkp-172.16.17.1.sh | 1 + bkps/wrt-bkp-172.16.30.1.sh | 11 + 6 files changed, 366 insertions(+), 2017 deletions(-) diff --git a/bkps/wrt-bkp-172.16.1.1.sh b/bkps/wrt-bkp-172.16.1.1.sh index 0ca5850..b17b613 100644 --- a/bkps/wrt-bkp-172.16.1.1.sh +++ b/bkps/wrt-bkp-172.16.1.1.sh @@ -788,6 +788,7 @@ ip rule add priority 10 from all lookup 11 exit 0 CFGEOF +# WARNING: /etc/init.d/vsftpd не существует #---------------------------------------------------- #Generating cron #---------------------------------------------------- diff --git a/bkps/wrt-bkp-172.16.11.4.sh b/bkps/wrt-bkp-172.16.11.4.sh index d5eceaf..bd36926 100644 --- a/bkps/wrt-bkp-172.16.11.4.sh +++ b/bkps/wrt-bkp-172.16.11.4.sh @@ -51,8 +51,10 @@ opkg install fstools opkg install uci opkg install lua opkg install ucode-mod-fs +opkg install prometheus-node-exporter-lua-dawn opkg install luci-ssl opkg install dropbear +opkg install luci-app-dawn opkg install rpcd-mod-file opkg install mtd opkg install odhcpd-ipv6only @@ -124,6 +126,80 @@ set cjdns.@eth_interface[0]=eth_interface set cjdns.@eth_interface[0].beacon='2' set cjdns.@eth_interface[0].bind='br-lan' commit cjdns +set dawn.@local[0]=local +set dawn.@local[0].loglevel='0' +set dawn.@network[0]=network +set dawn.@network[0].broadcast_ip='10.0.0.255' +set dawn.@network[0].broadcast_port='1025' +set dawn.@network[0].tcp_port='1026' +set dawn.@network[0].network_option='2' +set dawn.@network[0].shared_key='Niiiiiiiiiiiiick' +set dawn.@network[0].iv='Niiiiiiiiiiiiick' +set dawn.@network[0].use_symm_enc='0' +set dawn.@network[0].collision_domain='-1' +set dawn.@network[0].bandwidth='-1' +set dawn.@hostapd[0]=hostapd +set dawn.@hostapd[0].hostapd_dir='/var/run/hostapd' +set dawn.@times[0]=times +set dawn.@times[0].con_timeout='60' +set dawn.@times[0].update_client='10' +set dawn.@times[0].remove_client='15' +set dawn.@times[0].remove_probe='30' +set dawn.@times[0].remove_ap='460' +set dawn.@times[0].update_hostapd='10' +set dawn.@times[0].update_tcp_con='10' +set dawn.@times[0].update_chan_util='5' +set dawn.@times[0].update_beacon_reports='20' +set dawn.global=metric +set dawn.global.min_probe_count='3' +set dawn.global.bandwidth_threshold='6' +set dawn.global.use_station_count='0' +set dawn.global.max_station_diff='1' +set dawn.global.eval_probe_req='0' +set dawn.global.eval_auth_req='0' +set dawn.global.eval_assoc_req='0' +set dawn.global.kicking='3' +set dawn.global.kicking_threshold='20' +set dawn.global.deny_auth_reason='1' +set dawn.global.deny_assoc_reason='17' +set dawn.global.min_number_to_kick='3' +set dawn.global.chan_util_avg_period='3' +set dawn.global.set_hostapd_nr='0' +set dawn.global.duration='0' +set dawn.global.rrm_mode='pat' +set dawn.802_11g=metric +set dawn.802_11g.initial_score='80' +set dawn.802_11g.ht_support='5' +set dawn.802_11g.vht_support='5' +set dawn.802_11g.no_ht_support='0' +set dawn.802_11g.no_vht_support='0' +set dawn.802_11g.rssi='15' +set dawn.802_11g.rssi_val='-60' +set dawn.802_11g.low_rssi_val='-80' +set dawn.802_11g.low_rssi='-15' +set dawn.802_11g.chan_util='0' +set dawn.802_11g.chan_util_val='140' +set dawn.802_11g.max_chan_util='-15' +set dawn.802_11g.max_chan_util_val='170' +set dawn.802_11g.rssi_weight='0' +set dawn.802_11g.rssi_center='-70' +set dawn.802_11a=metric +set dawn.802_11a.initial_score='100' +set dawn.802_11a.ht_support='5' +set dawn.802_11a.vht_support='5' +set dawn.802_11a.no_ht_support='0' +set dawn.802_11a.no_vht_support='0' +set dawn.802_11a.rssi='15' +set dawn.802_11a.rssi_val='-60' +set dawn.802_11a.low_rssi_val='-80' +set dawn.802_11a.low_rssi='-15' +set dawn.802_11a.chan_util='0' +set dawn.802_11a.chan_util_val='140' +set dawn.802_11a.max_chan_util='-15' +set dawn.802_11a.max_chan_util_val='170' +set dawn.802_11a.rssi_weight='0' +set dawn.802_11a.rssi_center='-70' +commit dawn set dhcp.@dnsmasq[0]=dnsmasq set dhcp.@dnsmasq[0].domainneeded='1' set dhcp.@dnsmasq[0].boguspriv='1' @@ -374,6 +450,10 @@ set network.@device[0].type='bridge' set network.@device[0].ports='lan1' 'lan2' 'wan' set network.@device[0].ipv6='0' commit network +set prometheus-node-exporter-lua.main=prometheus-node-exporter-lua +set prometheus-node-exporter-lua.main.listen_interface='loopback' +set prometheus-node-exporter-lua.main.listen_port='9100' +commit prometheus-node-exporter-lua set rpcd.@rpcd[0]=rpcd set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock' set rpcd.@rpcd[0].timeout='30' @@ -464,6 +544,10 @@ set uhttpd.defaults.state='Somewhere' set uhttpd.defaults.location='Unknown' set uhttpd.defaults.commonname='OpenWrt' commit uhttpd +set umdns.@umdns[0]=umdns +set umdns.@umdns[0].jail='1' +set umdns.@umdns[0].network='lan' +commit umdns set wireless.radio0=wifi-device set wireless.radio0.type='mac80211' set wireless.radio0.hwmode='11g' @@ -478,34 +562,46 @@ set wireless.radio1.hwmode='11a' set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' set wireless.radio1.cell_density='0' set wireless.radio1.country='RU' -set wireless.radio1.channel='auto' set wireless.radio1.htmode='VHT80' +set wireless.radio1.channel='60' set wireless.default_radio1=wifi-iface set wireless.default_radio1.device='radio1' set wireless.default_radio1.network='lan' set wireless.default_radio1.mode='ap' set wireless.default_radio1.key='23637387581' -set wireless.default_radio1.encryption='sae-mixed' set wireless.default_radio1.ssid='Buran' set wireless.default_radio1.ieee80211r='1' -set wireless.default_radio1.mobility_domain='f453' -set wireless.default_radio1.ft_over_ds='1' set wireless.default_radio1.ft_psk_generate_local='1' set wireless.default_radio1.wpa_disable_eapol_key_retries='1' set wireless.default_radio1.skip_inactivity_poll='1' +set wireless.default_radio1.mobility_domain='af53' +set wireless.default_radio1.ft_over_ds='0' +set wireless.default_radio1.ieee80211k='1' +set wireless.default_radio1.time_zone='MSK-3' +set wireless.default_radio1.encryption='sae' set wireless.wifinet2=wifi-iface set wireless.wifinet2.device='radio0' set wireless.wifinet2.mode='ap' set wireless.wifinet2.network='lan' set wireless.wifinet2.key='23637387581' set wireless.wifinet2.ssid='Buran' -set wireless.wifinet2.encryption='sae-mixed' set wireless.wifinet2.ieee80211r='1' set wireless.wifinet2.mobility_domain='af53' set wireless.wifinet2.ft_over_ds='0' set wireless.wifinet2.ft_psk_generate_local='1' set wireless.wifinet2.wpa_disable_eapol_key_retries='1' set wireless.wifinet2.skip_inactivity_poll='1' +set wireless.wifinet2.encryption='sae-mixed' +set wireless.wifinet3=wifi-iface +set wireless.wifinet3.device='radio1' +set wireless.wifinet3.mode='mesh' +set wireless.wifinet3.encryption='sae' +set wireless.wifinet3.mesh_id='BuranMesh' +set wireless.wifinet3.mesh_fwding='1' +set wireless.wifinet3.mesh_rssi_threshold='0' +set wireless.wifinet3.key='23637387581' +set wireless.wifinet3.network='lan' +set wireless.wifinet3.disabled='1' commit wireless EOI #---------------------------------------------------- @@ -1412,6 +1508,7 @@ cat << 'CFGEOF' > "/etc/rc.local" exit 0 CFGEOF +# WARNING: /etc/init.d/vsftpd не существует #---------------------------------------------------- #Generating cron #---------------------------------------------------- diff --git a/bkps/wrt-bkp-172.16.11.7.sh b/bkps/wrt-bkp-172.16.11.7.sh index 0f821e5..074aadd 100644 --- a/bkps/wrt-bkp-172.16.11.7.sh +++ b/bkps/wrt-bkp-172.16.11.7.sh @@ -1,6 +1,6 @@ #hostname= Buran-bee-stya.reut.loc -#DISTRIB_DESCRIPTION='OpenWrt 23.05.3 r23809-234f1a2efa' +#DISTRIB_DESCRIPTION='OpenWrt 24.10.5 r29087-d9c5716d1d' #profile = beeline_smartbox-turbo-plus #target = ramips #soc = mt7621 @@ -9,141 +9,127 @@ #---------------------------------------------------- #Generating cmd for install pkg #---------------------------------------------------- -opkg install luci-app-mosquitto -opkg install iwinfo -opkg install cgi-io -opkg install opkg -opkg install luci-app-opkg opkg install kmod-usb-storage-uas -opkg install ubus -opkg install rpcd -opkg install kmod-nft-fib -opkg install kmod-nfnetlink -opkg install kmod-crypto-hash -opkg install kmod-nf-reject6 -opkg install luci-mod-system -opkg install kmod-nf-flow -opkg install kmod-lib-crc-ccitt -opkg install ucode-mod-uloop -opkg install getrandom -opkg install ucode-mod-ubus -opkg install luci-theme-bootstrap -opkg install kmod-pppoe -opkg install kmod-pppox -opkg install kmod-nf-reject -opkg install procd-ujail -opkg install base-files -opkg install kmod-nf-nat -opkg install kmod-crypto-crc32c -opkg install ucode-mod-uci -opkg install netifd -opkg install uboot-envtools -opkg install dnsmasq opkg install usbutils -opkg install ubusd -opkg install kmod-crypto-acompress -opkg install rpcd-mod-ucode -opkg install ucode-mod-math -opkg install kmod-lib-crc32c -opkg install luci-mod-status opkg install block-mount -opkg install kmod-nft-nat opkg install kmod-usb3 opkg install kmod-fs-exfat -opkg install luci-app-firewall -opkg install ubi-utils -opkg install odhcp6c -opkg install fstools -opkg install uci -opkg install ucode-mod-fs opkg install kmod-fs-ext4 -opkg install luci-ssl -opkg install dropbear -opkg install rpcd-mod-file -opkg install mtd -opkg install odhcpd-ipv6only -opkg install procd-seccomp -opkg install ucode-mod-nl80211 -opkg install libiwinfo-data -opkg install ucode -opkg install rpcd-mod-luci -opkg install kmod-nf-log -opkg install urandom-seed -opkg install luci-proto-ppp -opkg install luci-mod-admin-full -opkg install ppp -opkg install luci-base -opkg install kmod-leds-gpio -opkg install kmod-gpio-button-hotplug -opkg install logd -opkg install kmod-mt7603 -opkg install kmod-nf-log6 -opkg install luci-proto-ipv6 -opkg install kmod-fs-ntfs3 -opkg install jshn +opkg install prometheus-node-exporter-lua-dawn +opkg install luci-app-dawn opkg install e2fsprogs -opkg install kmod-ppp -opkg install kmod-nft-offload -opkg install netcat -opkg install luci-app-samba4 -opkg install kmod-mt7615-firmware -opkg install uhttpd -opkg install kmod-nf-conntrack -opkg install usign -opkg install atftpd -opkg install ucode-mod-rtnl -opkg install ucode-mod-html -opkg install luci -opkg install kmod-nf-conntrack6 -opkg install luci-light -opkg install kmod-lib-lzo -opkg install ubox -opkg install kernel -opkg install rpcd-mod-iwinfo -opkg install luci-mod-network -opkg install kmod-nft-core -opkg install lldpd opkg install mount-utils -opkg install uhttpd-mod-ubus -opkg install fwtool -opkg install jsonfilter -opkg install liblucihttp-ucode opkg install iperf3 -opkg install hostapd-common opkg install vsftpd opkg install luci-app-hd-idle -opkg install urngd -opkg install kmod-slhc -opkg install rpcd-mod-rrdns -opkg install ppp-mod-pppoe #---------------------------------------------------- #Generating configuration Beeline SmartBox TURBO+ #---------------------------------------------------- uci -q batch << EOI -set atftpd.service=service -set atftpd.service.path='/srv/tftp' -commit atftpd +set dawn.@local[0]=local +set dawn.@local[0].loglevel='0' +set dawn.@network[0]=network +set dawn.@network[0].broadcast_ip='10.0.0.255' +set dawn.@network[0].broadcast_port='1025' +set dawn.@network[0].tcp_port='1026' +set dawn.@network[0].network_option='2' +set dawn.@network[0].shared_key='Niiiiiiiiiiiiick' +set dawn.@network[0].iv='Niiiiiiiiiiiiick' +set dawn.@network[0].use_symm_enc='0' +set dawn.@network[0].collision_domain='-1' +set dawn.@network[0].bandwidth='-1' +set dawn.@hostapd[0]=hostapd +set dawn.@hostapd[0].hostapd_dir='/var/run/hostapd' +set dawn.@times[0]=times +set dawn.@times[0].con_timeout='60' +set dawn.@times[0].update_client='10' +set dawn.@times[0].remove_client='15' +set dawn.@times[0].remove_probe='30' +set dawn.@times[0].remove_ap='460' +set dawn.@times[0].update_hostapd='10' +set dawn.@times[0].update_tcp_con='10' +set dawn.@times[0].update_chan_util='5' +set dawn.@times[0].update_beacon_reports='20' +set dawn.global=metric +set dawn.global.min_probe_count='3' +set dawn.global.bandwidth_threshold='6' +set dawn.global.use_station_count='0' +set dawn.global.max_station_diff='1' +set dawn.global.eval_probe_req='0' +set dawn.global.eval_auth_req='0' +set dawn.global.eval_assoc_req='0' +set dawn.global.kicking='3' +set dawn.global.kicking_threshold='20' +set dawn.global.deny_auth_reason='1' +set dawn.global.deny_assoc_reason='17' +set dawn.global.min_number_to_kick='3' +set dawn.global.chan_util_avg_period='3' +set dawn.global.set_hostapd_nr='0' +set dawn.global.duration='0' +set dawn.global.rrm_mode='pat' +set dawn.802_11g=metric +set dawn.802_11g.initial_score='80' +set dawn.802_11g.ht_support='5' +set dawn.802_11g.vht_support='5' +set dawn.802_11g.no_ht_support='0' +set dawn.802_11g.no_vht_support='0' +set dawn.802_11g.rssi='15' +set dawn.802_11g.rssi_val='-60' +set dawn.802_11g.low_rssi_val='-80' +set dawn.802_11g.low_rssi='-15' +set dawn.802_11g.chan_util='0' +set dawn.802_11g.chan_util_val='140' +set dawn.802_11g.max_chan_util='-15' +set dawn.802_11g.max_chan_util_val='170' +set dawn.802_11g.rssi_weight='0' +set dawn.802_11g.rssi_center='-70' +set dawn.802_11a=metric +set dawn.802_11a.initial_score='100' +set dawn.802_11a.ht_support='5' +set dawn.802_11a.vht_support='5' +set dawn.802_11a.no_ht_support='0' +set dawn.802_11a.no_vht_support='0' +set dawn.802_11a.rssi='15' +set dawn.802_11a.rssi_val='-60' +set dawn.802_11a.low_rssi_val='-80' +set dawn.802_11a.low_rssi='-15' +set dawn.802_11a.chan_util='0' +set dawn.802_11a.chan_util_val='140' +set dawn.802_11a.max_chan_util='-15' +set dawn.802_11a.max_chan_util_val='170' +set dawn.802_11a.rssi_weight='0' +set dawn.802_11a.rssi_center='-70' +commit dawn set dhcp.@dnsmasq[0]=dnsmasq set dhcp.@dnsmasq[0].domainneeded='1' +set dhcp.@dnsmasq[0].boguspriv='1' +set dhcp.@dnsmasq[0].filterwin2k='0' set dhcp.@dnsmasq[0].localise_queries='1' set dhcp.@dnsmasq[0].rebind_protection='1' set dhcp.@dnsmasq[0].rebind_localhost='1' set dhcp.@dnsmasq[0].local='/lan/' set dhcp.@dnsmasq[0].domain='lan' set dhcp.@dnsmasq[0].expandhosts='1' +set dhcp.@dnsmasq[0].nonegcache='0' set dhcp.@dnsmasq[0].cachesize='1000' set dhcp.@dnsmasq[0].authoritative='1' set dhcp.@dnsmasq[0].readethers='1' set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases' set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto' +set dhcp.@dnsmasq[0].nonwildcard='1' set dhcp.@dnsmasq[0].localservice='1' set dhcp.@dnsmasq[0].ednspacket_max='1232' +set dhcp.@dnsmasq[0].filter_aaaa='0' +set dhcp.@dnsmasq[0].filter_a='0' set dhcp.lan=dhcp set dhcp.lan.interface='lan' set dhcp.lan.start='100' set dhcp.lan.limit='150' set dhcp.lan.leasetime='12h' set dhcp.lan.dhcpv4='server' +set dhcp.lan.dhcpv6='server' +set dhcp.lan.ra='server' +set dhcp.lan.ra_flags='managed-config' 'other-config' set dhcp.lan.ignore='1' set dhcp.wan=dhcp set dhcp.wan.interface='wan' @@ -153,11 +139,13 @@ set dhcp.odhcpd.maindhcp='0' set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd' set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update' set dhcp.odhcpd.loglevel='4' +set dhcp.odhcpd.piofolder='/tmp/odhcpd-piofolder' commit dhcp -set dropbear.@dropbear[0]=dropbear -set dropbear.@dropbear[0].PasswordAuth='on' -set dropbear.@dropbear[0].RootPasswordAuth='on' -set dropbear.@dropbear[0].Port='22' +set dropbear.main=dropbear +set dropbear.main.enable='1' +set dropbear.main.PasswordAuth='on' +set dropbear.main.RootPasswordAuth='on' +set dropbear.main.Port='22' commit dropbear set firewall.@defaults[0]=defaults set firewall.@defaults[0].syn_flood='1' @@ -166,18 +154,18 @@ set firewall.@defaults[0].output='ACCEPT' set firewall.@defaults[0].forward='REJECT' set firewall.@zone[0]=zone set firewall.@zone[0].name='lan' -set firewall.@zone[0].network='lan' set firewall.@zone[0].input='ACCEPT' set firewall.@zone[0].output='ACCEPT' set firewall.@zone[0].forward='ACCEPT' +set firewall.@zone[0].network='lan' set firewall.@zone[1]=zone set firewall.@zone[1].name='wan' -set firewall.@zone[1].network='wan' 'wan6' set firewall.@zone[1].input='REJECT' set firewall.@zone[1].output='ACCEPT' set firewall.@zone[1].forward='REJECT' set firewall.@zone[1].masq='1' set firewall.@zone[1].mtu_fix='1' +set firewall.@zone[1].network='wan' 'wan6' set firewall.@forwarding[0]=forwarding set firewall.@forwarding[0].src='lan' set firewall.@forwarding[0].dest='wan' @@ -249,7 +237,7 @@ set firewall.@rule[8].target='ACCEPT' commit firewall set fstab.@global[0]=global set fstab.@global[0].anon_swap='0' -set fstab.@global[0].anon_mount='0' +set fstab.@global[0].anon_mount='1' set fstab.@global[0].auto_swap='1' set fstab.@global[0].auto_mount='1' set fstab.@global[0].delay_root='5' @@ -265,15 +253,6 @@ set hd-idle.@hd-idle[0].enabled='0' set hd-idle.@hd-idle[0].idle_time_unit='minutes' set hd-idle.@hd-idle[0].idle_time_interval='10' commit hd-idle -set lldpd.config=lldpd -set lldpd.config.enable_cdp='1' -set lldpd.config.enable_fdp='1' -set lldpd.config.enable_sonmp='1' -set lldpd.config.enable_edp='1' -set lldpd.config.lldp_class='4' -set lldpd.config.lldp_location='address country EU' -set lldpd.config.interface='loopback' 'lan' -commit lldpd set luci.main=core set luci.main.lang='auto' set luci.main.mediaurlbase='/luci-static/bootstrap' @@ -307,11 +286,6 @@ set luci.diag.dns='openwrt.org' set luci.diag.ping='openwrt.org' set luci.diag.route='openwrt.org' commit luci -set mosquitto.owrt=owrt -set mosquitto.owrt.use_uci='0' -set mosquitto.mosquitto=mosquitto -set mosquitto.persistence=persistence -commit mosquitto set network.loopback=interface set network.loopback.device='lo' set network.loopback.proto='static' @@ -340,7 +314,27 @@ set network.wan.proto='dhcp' set network.wan6=interface set network.wan6.device='wan' set network.wan6.proto='dhcpv6' +set network.@device[1]=device +set network.@device[1].name='mesh0' +set network.@device[1].ipv6='0' commit network +set openssl.legacy=provider +set openssl.legacy.enabled='1' +commit openssl +set prometheus-node-exporter-lua.main=prometheus-node-exporter-lua +set prometheus-node-exporter-lua.main.listen_interface='loopback' +set prometheus-node-exporter-lua.main.listen_port='9100' +commit prometheus-node-exporter-lua +set radius.@radius[0]=radius +set radius.@radius[0].disabled='1' +set radius.@radius[0].ca_cert='/etc/radius/ca.pem' +set radius.@radius[0].cert='/etc/radius/cert.pem' +set radius.@radius[0].key='/etc/radius/key.pem' +set radius.@radius[0].users='/etc/radius/users' +set radius.@radius[0].clients='/etc/radius/clients' +set radius.@radius[0].auth_port='1812' +set radius.@radius[0].acct_port='1813' +commit radius set rpcd.@rpcd[0]=rpcd set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock' set rpcd.@rpcd[0].timeout='30' @@ -350,19 +344,6 @@ set rpcd.@login[0].password='$p$root' set rpcd.@login[0].read='*' set rpcd.@login[0].write='*' commit rpcd -set samba4.@samba[0]=samba -set samba4.@samba[0].workgroup='WORKGROUP' -set samba4.@samba[0].charset='UTF-8' -set samba4.@samba[0].description='Samba on OpenWRT' -set samba4.@samba[0].enable_extra_tuning='1' -set samba4.@sambashare[0]=sambashare -set samba4.@sambashare[0].name='bkp' -set samba4.@sambashare[0].path='/mnt/sda' -set samba4.@sambashare[0].read_only='no' -set samba4.@sambashare[0].guest_ok='yes' -set samba4.@sambashare[0].create_mask='0666' -set samba4.@sambashare[0].dir_mask='0777' -commit samba4 set system.@system[0]=system set system.@system[0].hostname='Buran-bee-stya.reut.loc' set system.@system[0].timezone='MSK-3' @@ -375,6 +356,8 @@ set system.@system[0].log_proto='udp' set system.@system[0].conloglevel='8' set system.@system[0].cronloglevel='5' set system.ntp=timeserver +set system.ntp.enabled='1' +set system.ntp.enable_server='0' set system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org' set system.led_wan=led set system.led_wan.name='wan' @@ -383,50 +366,16 @@ set system.led_wan.trigger='netdev' set system.led_wan.mode='link tx rx' set system.led_wan.dev='wan' commit system +set ubihealthd.ubi0=ubi-device +set ubihealthd.ubi0.device='/dev/ubi0' +set ubihealthd.ubi0.enable='1' +commit ubihealthd set ubootenv.@ubootenv[0]=ubootenv set ubootenv.@ubootenv[0].dev='/dev/mtd0' set ubootenv.@ubootenv[0].offset='0x80000' set ubootenv.@ubootenv[0].envsize='0x1000' set ubootenv.@ubootenv[0].secsize='0x20000' commit ubootenv -set ucitrack.@network[0]=network -set ucitrack.@network[0].init='network' -set ucitrack.@network[0].affects='dhcp' -set ucitrack.@wireless[0]=wireless -set ucitrack.@wireless[0].affects='network' -set ucitrack.@firewall[0]=firewall -set ucitrack.@firewall[0].init='firewall' -set ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd' -set ucitrack.@olsr[0]=olsr -set ucitrack.@olsr[0].init='olsrd' -set ucitrack.@dhcp[0]=dhcp -set ucitrack.@dhcp[0].init='dnsmasq' -set ucitrack.@dhcp[0].affects='odhcpd' -set ucitrack.@odhcpd[0]=odhcpd -set ucitrack.@odhcpd[0].init='odhcpd' -set ucitrack.@dropbear[0]=dropbear -set ucitrack.@dropbear[0].init='dropbear' -set ucitrack.@httpd[0]=httpd -set ucitrack.@httpd[0].init='httpd' -set ucitrack.@fstab[0]=fstab -set ucitrack.@fstab[0].exec='/sbin/block mount' -set ucitrack.@qos[0]=qos -set ucitrack.@qos[0].init='qos' -set ucitrack.@system[0]=system -set ucitrack.@system[0].init='led' -set ucitrack.@system[0].exec='/etc/init.d/log reload' -set ucitrack.@system[0].affects='luci_statistics' 'dhcp' -set ucitrack.@luci_splash[0]=luci_splash -set ucitrack.@luci_splash[0].init='luci_splash' -set ucitrack.@upnpd[0]=upnpd -set ucitrack.@upnpd[0].init='miniupnpd' -set ucitrack.@ntpclient[0]=ntpclient -set ucitrack.@ntpclient[0].init='ntpclient' -set ucitrack.@samba[0]=samba -set ucitrack.@samba[0].init='samba' -set ucitrack.@tinyproxy[0]=tinyproxy -set ucitrack.@tinyproxy[0].init='tinyproxy' -commit ucitrack set uhttpd.main=uhttpd set uhttpd.main.listen_http='0.0.0.0:80' '[::]:80' set uhttpd.main.listen_https='0.0.0.0:443' '[::]:443' @@ -443,10 +392,9 @@ set uhttpd.main.script_timeout='60' set uhttpd.main.network_timeout='30' set uhttpd.main.http_keepalive='20' set uhttpd.main.tcp_keepalive='1' -set uhttpd.main.ucode_prefix='/cgi-bin/luci=/usr/share/ucode/luci/uhttpd.uc' set uhttpd.main.ubus_prefix='/ubus' set uhttpd.defaults=cert -set uhttpd.defaults.days='730' +set uhttpd.defaults.days='397' set uhttpd.defaults.key_type='ec' set uhttpd.defaults.bits='2048' set uhttpd.defaults.ec_curve='P-256' @@ -455,12 +403,27 @@ set uhttpd.defaults.state='Somewhere' set uhttpd.defaults.location='Unknown' set uhttpd.defaults.commonname='OpenWrt' commit uhttpd +set umdns.@umdns[0]=umdns +set umdns.@umdns[0].jail='1' +set umdns.@umdns[0].network='lan' +commit umdns +set wireless.wifinet1=wifi-iface +set wireless.wifinet1.device='radio1' +set wireless.wifinet1.ifname='mesh0' +set wireless.wifinet1.network='lan' +set wireless.wifinet1.mode='mesh' +set wireless.wifinet1.mesh_id='BuranMesh' +set wireless.wifinet1.encryption='sae' +set wireless.wifinet1.key='23637387581' +set wireless.wifinet1.mesh_fwding='1' +set wireless.wifinet1.mesh_rssi_threshold='0' +set wireless.wifinet1.disabled='1' set wireless.radio0=wifi-device set wireless.radio0.type='mac80211' set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' -set wireless.radio0.channel='auto' set wireless.radio0.band='2g' -set wireless.radio0.htmode='HT40' +set wireless.radio0.channel='auto' +set wireless.radio0.htmode='HT20' set wireless.radio0.cell_density='0' set wireless.radio0.country='RU' set wireless.default_radio0=wifi-iface @@ -468,7 +431,7 @@ set wireless.default_radio0.device='radio0' set wireless.default_radio0.network='lan' set wireless.default_radio0.mode='ap' set wireless.default_radio0.ssid='Buran' -set wireless.default_radio0.encryption='sae' +set wireless.default_radio0.encryption='sae-mixed' set wireless.default_radio0.key='23637387581' set wireless.default_radio0.disassoc_low_ack='0' set wireless.default_radio0.ieee80211w='1' @@ -477,11 +440,13 @@ set wireless.default_radio0.mobility_domain='af53' set wireless.default_radio0.ft_over_ds='0' set wireless.default_radio0.wpa_disable_eapol_key_retries='1' set wireless.default_radio0.skip_inactivity_poll='1' +set wireless.default_radio0.ocv='0' +set wireless.wifinet0=wifi-iface set wireless.radio1=wifi-device set wireless.radio1.type='mac80211' set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' -set wireless.radio1.channel='60' set wireless.radio1.band='5g' +set wireless.radio1.channel='60' set wireless.radio1.htmode='VHT160' set wireless.radio1.cell_density='0' set wireless.radio1.country='RU' @@ -499,1840 +464,15 @@ set wireless.default_radio1.mobility_domain='af53' set wireless.default_radio1.ft_over_ds='0' set wireless.default_radio1.wpa_disable_eapol_key_retries='1' set wireless.default_radio1.skip_inactivity_poll='1' +set wireless.default_radio1.ieee80211k='1' +set wireless.default_radio1.ocv='0' +set wireless.default_radio1.time_zone='MSK-3' commit wireless EOI #---------------------------------------------------- #Generating conf file #---------------------------------------------------- -mkdir -p "/etc/mosquitto" - -mkdir -p "/etc/mosquitto" - -#Gen file /etc/mosquitto/mosquitto.conf-opkg - -mkdir -p "/etc/mosquitto" -cat << 'CFGEOF' > "/etc/mosquitto/mosquitto.conf-opkg" -# Config file for mosquitto -# -# See mosquitto.conf(5) for more information. -# -# Default values are shown, uncomment to change. -# -# Use the # character to indicate a comment, but only if it is the -# very first character on the line. - -# ================================================================= -# General configuration -# ================================================================= - -# Use per listener security settings. -# -# It is recommended this option be set before any other options. -# -# If this option is set to true, then all authentication and access control -# options are controlled on a per listener basis. The following options are -# affected: -# -# acl_file -# allow_anonymous -# allow_zero_length_clientid -# auto_id_prefix -# password_file -# plugin -# plugin_opt_* -# psk_file -# -# Note that if set to true, then a durable client (i.e. with clean session set -# to false) that has disconnected will use the ACL settings defined for the -# listener that it was most recently connected to. -# -# The default behaviour is for this to be set to false, which maintains the -# setting behaviour from previous versions of mosquitto. -#per_listener_settings false - - -# This option controls whether a client is allowed to connect with a zero -# length client id or not. This option only affects clients using MQTT v3.1.1 -# and later. If set to false, clients connecting with a zero length client id -# are disconnected. If set to true, clients will be allocated a client id by -# the broker. This means it is only useful for clients with clean session set -# to true. -#allow_zero_length_clientid true - -# If allow_zero_length_clientid is true, this option allows you to set a prefix -# to automatically generated client ids to aid visibility in logs. -# Defaults to 'auto-' -#auto_id_prefix auto- - -# This option affects the scenario when a client subscribes to a topic that has -# retained messages. It is possible that the client that published the retained -# message to the topic had access at the time they published, but that access -# has been subsequently removed. If check_retain_source is set to true, the -# default, the source of a retained message will be checked for access rights -# before it is republished. When set to false, no check will be made and the -# retained message will always be published. This affects all listeners. -#check_retain_source true - -# QoS 1 and 2 messages will be allowed inflight per client until this limit -# is exceeded. Defaults to 0. (No maximum) -# See also max_inflight_messages -#max_inflight_bytes 0 - -# The maximum number of QoS 1 and 2 messages currently inflight per -# client. -# This includes messages that are partway through handshakes and -# those that are being retried. Defaults to 20. Set to 0 for no -# maximum. Setting to 1 will guarantee in-order delivery of QoS 1 -# and 2 messages. -#max_inflight_messages 20 - -# For MQTT v5 clients, it is possible to have the server send a "server -# keepalive" value that will override the keepalive value set by the client. -# This is intended to be used as a mechanism to say that the server will -# disconnect the client earlier than it anticipated, and that the client should -# use the new keepalive value. The max_keepalive option allows you to specify -# that clients may only connect with keepalive less than or equal to this -# value, otherwise they will be sent a server keepalive telling them to use -# max_keepalive. This only applies to MQTT v5 clients. The default, and maximum -# value allowable, is 65535. -# -# Set to 0 to allow clients to set keepalive = 0, which means no keepalive -# checks are made and the client will never be disconnected by the broker if no -# messages are received. You should be very sure this is the behaviour that you -# want. -# -# For MQTT v3.1.1 and v3.1 clients, there is no mechanism to tell the client -# what keepalive value they should use. If an MQTT v3.1.1 or v3.1 client -# specifies a keepalive time greater than max_keepalive they will be sent a -# CONNACK message with the "identifier rejected" reason code, and disconnected. -# -#max_keepalive 65535 - -# For MQTT v5 clients, it is possible to have the server send a "maximum packet -# size" value that will instruct the client it will not accept MQTT packets -# with size greater than max_packet_size bytes. This applies to the full MQTT -# packet, not just the payload. Setting this option to a positive value will -# set the maximum packet size to that number of bytes. If a client sends a -# packet which is larger than this value, it will be disconnected. This applies -# to all clients regardless of the protocol version they are using, but v3.1.1 -# and earlier clients will of course not have received the maximum packet size -# information. Defaults to no limit. Setting below 20 bytes is forbidden -# because it is likely to interfere with ordinary client operation, even with -# very small payloads. -#max_packet_size 0 - -# QoS 1 and 2 messages above those currently in-flight will be queued per -# client until this limit is exceeded. Defaults to 0. (No maximum) -# See also max_queued_messages. -# If both max_queued_messages and max_queued_bytes are specified, packets will -# be queued until the first limit is reached. -#max_queued_bytes 0 - -# Set the maximum QoS supported. Clients publishing at a QoS higher than -# specified here will be disconnected. -#max_qos 2 - -# The maximum number of QoS 1 and 2 messages to hold in a queue per client -# above those that are currently in-flight. Defaults to 1000. Set -# to 0 for no maximum (not recommended). -# See also queue_qos0_messages. -# See also max_queued_bytes. -#max_queued_messages 1000 -# -# This option sets the maximum number of heap memory bytes that the broker will -# allocate, and hence sets a hard limit on memory use by the broker. Memory -# requests that exceed this value will be denied. The effect will vary -# depending on what has been denied. If an incoming message is being processed, -# then the message will be dropped and the publishing client will be -# disconnected. If an outgoing message is being sent, then the individual -# message will be dropped and the receiving client will be disconnected. -# Defaults to no limit. -#memory_limit 0 - -# This option sets the maximum publish payload size that the broker will allow. -# Received messages that exceed this size will not be accepted by the broker. -# The default value is 0, which means that all valid MQTT messages are -# accepted. MQTT imposes a maximum payload size of 268435455 bytes. -#message_size_limit 0 - -# This option allows the session of persistent clients (those with clean -# session set to false) that are not currently connected to be removed if they -# do not reconnect within a certain time frame. This is a non-standard option -# in MQTT v3.1. MQTT v3.1.1 and v5.0 allow brokers to remove client sessions. -# -# Badly designed clients may set clean session to false whilst using a randomly -# generated client id. This leads to persistent clients that connect once and -# never reconnect. This option allows these clients to be removed. This option -# allows persistent clients (those with clean session set to false) to be -# removed if they do not reconnect within a certain time frame. -# -# The expiration period should be an integer followed by one of h d w m y for -# hour, day, week, month and year respectively. For example -# -# persistent_client_expiration 2m -# persistent_client_expiration 14d -# persistent_client_expiration 1y -# -# The default if not set is to never expire persistent clients. -#persistent_client_expiration - -# Write process id to a file. Default is a blank string which means -# a pid file shouldn't be written. -# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is -# being run automatically on boot with an init script and -# start-stop-daemon or similar. -#pid_file - -# Set to true to queue messages with QoS 0 when a persistent client is -# disconnected. These messages are included in the limit imposed by -# max_queued_messages and max_queued_bytes -# Defaults to false. -# This is a non-standard option for the MQTT v3.1 spec but is allowed in -# v3.1.1. -#queue_qos0_messages false - -# Set to false to disable retained message support. If a client publishes a -# message with the retain bit set, it will be disconnected if this is set to -# false. -#retain_available true - -# Disable Nagle's algorithm on client sockets. This has the effect of reducing -# latency of individual messages at the potential cost of increasing the number -# of packets being sent. -#set_tcp_nodelay false - -# Time in seconds between updates of the $SYS tree. -# Set to 0 to disable the publishing of the $SYS tree. -#sys_interval 10 - -# The MQTT specification requires that the QoS of a message delivered to a -# subscriber is never upgraded to match the QoS of the subscription. Enabling -# this option changes this behaviour. If upgrade_outgoing_qos is set true, -# messages sent to a subscriber will always match the QoS of its subscription. -# This is a non-standard option explicitly disallowed by the spec. -#upgrade_outgoing_qos false - -# When run as root, drop privileges to this user and its primary -# group. -# Set to root to stay as root, but this is not recommended. -# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist -# then it will drop privileges to the "nobody" user instead. -# If run as a non-root user, this setting has no effect. -# Note that on Windows this has no effect and so mosquitto should be started by -# the user you wish it to run as. -#user mosquitto - -# ================================================================= -# Listeners -# ================================================================= - -# Listen on a port/ip address combination. By using this variable -# multiple times, mosquitto can listen on more than one port. If -# this variable is used and neither bind_address nor port given, -# then the default listener will not be started. -# The port number to listen on must be given. Optionally, an ip -# address or host name may be supplied as a second argument. In -# this case, mosquitto will attempt to bind the listener to that -# address and so restrict access to the associated network and -# interface. By default, mosquitto will listen on all interfaces. -# Note that for a websockets listener it is not possible to bind to a host -# name. -# -# On systems that support Unix Domain Sockets, it is also possible -# to create a # Unix socket rather than opening a TCP socket. In -# this case, the port number should be set to 0 and a unix socket -# path must be provided, e.g. -# listener 0 /tmp/mosquitto.sock -# -# listener port-number [ip address/host name/unix socket path] -#listener - -# By default, a listener will attempt to listen on all supported IP protocol -# versions. If you do not have an IPv4 or IPv6 interface you may wish to -# disable support for either of those protocol versions. In particular, note -# that due to the limitations of the websockets library, it will only ever -# attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail -# if IPv6 is not available. -# -# Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to -# force the listener to only use IPv6. If you want support for both IPv4 and -# IPv6, then do not use the socket_domain option. -# -#socket_domain - -# Bind the listener to a specific interface. This is similar to -# the [ip address/host name] part of the listener definition, but is useful -# when an interface has multiple addresses or the address may change. If used -# with the [ip address/host name] part of the listener definition, then the -# bind_interface option will take priority. -# Not available on Windows. -# -# Example: bind_interface eth0 -#bind_interface - -# When a listener is using the websockets protocol, it is possible to serve -# http data as well. Set http_dir to a directory which contains the files you -# wish to serve. If this option is not specified, then no normal http -# connections will be possible. -#http_dir - -# The maximum number of client connections to allow. This is -# a per listener setting. -# Default is -1, which means unlimited connections. -# Note that other process limits mean that unlimited connections -# are not really possible. Typically the default maximum number of -# connections possible is around 1024. -#max_connections -1 - -# The listener can be restricted to operating within a topic hierarchy using -# the mount_point option. This is achieved be prefixing the mount_point string -# to all topics for any clients connected to this listener. This prefixing only -# happens internally to the broker; the client will not see the prefix. -#mount_point - -# Choose the protocol to use when listening. -# This can be either mqtt or websockets. -# Certificate based TLS may be used with websockets, except that only the -# cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported. -#protocol mqtt - -# Set use_username_as_clientid to true to replace the clientid that a client -# connected with with its username. This allows authentication to be tied to -# the clientid, which means that it is possible to prevent one client -# disconnecting another by using the same clientid. -# If a client connects with no username it will be disconnected as not -# authorised when this option is set to true. -# Do not use in conjunction with clientid_prefixes. -# See also use_identity_as_username. -# This does not apply globally, but on a per-listener basis. -#use_username_as_clientid - -# Change the websockets headers size. This is a global option, it is not -# possible to set per listener. This option sets the size of the buffer used in -# the libwebsockets library when reading HTTP headers. If you are passing large -# header data such as cookies then you may need to increase this value. If left -# unset, or set to 0, then the default of 1024 bytes will be used. -#websockets_headers_size - -# ----------------------------------------------------------------- -# Certificate based SSL/TLS support -# ----------------------------------------------------------------- -# The following options can be used to enable certificate based SSL/TLS support -# for this listener. Note that the recommended port for MQTT over TLS is 8883, -# but this must be set manually. -# -# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS -# support" section. Only one of certificate or PSK encryption support can be -# enabled for any listener. - -# Both of certfile and keyfile must be defined to enable certificate based -# TLS encryption. - -# Path to the PEM encoded server certificate. -#certfile - -# Path to the PEM encoded keyfile. -#keyfile - -# If you wish to control which encryption ciphers are used, use the ciphers -# option. The list of available ciphers can be optained using the "openssl -# ciphers" command and should be provided in the same format as the output of -# that command. This applies to TLS 1.2 and earlier versions only. Use -# ciphers_tls1.3 for TLS v1.3. -#ciphers - -# Choose which TLS v1.3 ciphersuites are used for this listener. -# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" -#ciphers_tls1.3 - -# If you have require_certificate set to true, you can create a certificate -# revocation list file to revoke access to particular client certificates. If -# you have done this, use crlfile to point to the PEM encoded revocation file. -#crlfile - -# To allow the use of ephemeral DH key exchange, which provides forward -# security, the listener must load DH parameters. This can be specified with -# the dhparamfile option. The dhparamfile can be generated with the command -# e.g. "openssl dhparam -out dhparam.pem 2048" -#dhparamfile - -# By default an TLS enabled listener will operate in a similar fashion to a -# https enabled web server, in that the server has a certificate signed by a CA -# and the client will verify that it is a trusted certificate. The overall aim -# is encryption of the network traffic. By setting require_certificate to true, -# the client must provide a valid certificate in order for the network -# connection to proceed. This allows access to the broker to be controlled -# outside of the mechanisms provided by MQTT. -#require_certificate false - -# cafile and capath define methods of accessing the PEM encoded -# Certificate Authority certificates that will be considered trusted when -# checking incoming client certificates. -# cafile defines the path to a file containing the CA certificates. -# capath defines a directory that will be searched for files -# containing the CA certificates. For capath to work correctly, the -# certificate files must have ".crt" as the file ending and you must run -# "openssl rehash " each time you add/remove a certificate. -#cafile -#capath - - -# If require_certificate is true, you may set use_identity_as_username to true -# to use the CN value from the client certificate as a username. If this is -# true, the password_file option will not be used for this listener. -#use_identity_as_username false - -# ----------------------------------------------------------------- -# Pre-shared-key based SSL/TLS support -# ----------------------------------------------------------------- -# The following options can be used to enable PSK based SSL/TLS support for -# this listener. Note that the recommended port for MQTT over TLS is 8883, but -# this must be set manually. -# -# See also the mosquitto-tls man page and the "Certificate based SSL/TLS -# support" section. Only one of certificate or PSK encryption support can be -# enabled for any listener. - -# The psk_hint option enables pre-shared-key support for this listener and also -# acts as an identifier for this listener. The hint is sent to clients and may -# be used locally to aid authentication. The hint is a free form string that -# doesn't have much meaning in itself, so feel free to be creative. -# If this option is provided, see psk_file to define the pre-shared keys to be -# used or create a security plugin to handle them. -#psk_hint - -# When using PSK, the encryption ciphers used will be chosen from the list of -# available PSK ciphers. If you want to control which ciphers are available, -# use the "ciphers" option. The list of available ciphers can be optained -# using the "openssl ciphers" command and should be provided in the same format -# as the output of that command. -#ciphers - -# Set use_identity_as_username to have the psk identity sent by the client used -# as its username. Authentication will be carried out using the PSK rather than -# the MQTT username/password and so password_file will not be used for this -# listener. -#use_identity_as_username false - - -# ================================================================= -# Persistence -# ================================================================= - -# If persistence is enabled, save the in-memory database to disk -# every autosave_interval seconds. If set to 0, the persistence -# database will only be written when mosquitto exits. See also -# autosave_on_changes. -# Note that writing of the persistence database can be forced by -# sending mosquitto a SIGUSR1 signal. -#autosave_interval 1800 - -# If true, mosquitto will count the number of subscription changes, retained -# messages received and queued messages and if the total exceeds -# autosave_interval then the in-memory database will be saved to disk. -# If false, mosquitto will save the in-memory database to disk by treating -# autosave_interval as a time in seconds. -#autosave_on_changes false - -# Save persistent message data to disk (true/false). -# This saves information about all messages, including -# subscriptions, currently in-flight messages and retained -# messages. -# retained_persistence is a synonym for this option. -#persistence false - -# The filename to use for the persistent database, not including -# the path. -#persistence_file mosquitto.db - -# Location for persistent database. -# Default is an empty string (current directory). -# Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or -# similar. -#persistence_location - - -# ================================================================= -# Logging -# ================================================================= - -# Places to log to. Use multiple log_dest lines for multiple -# logging destinations. -# Possible destinations are: stdout stderr syslog topic file dlt -# -# stdout and stderr log to the console on the named output. -# -# syslog uses the userspace syslog facility which usually ends up -# in /var/log/messages or similar. -# -# topic logs to the broker topic '$SYS/broker/log/', -# where severity is one of D, E, W, N, I, M which are debug, error, -# warning, notice, information and message. Message type severity is used by -# the subscribe/unsubscribe log_types and publishes log messages to -# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. -# -# The file destination requires an additional parameter which is the file to be -# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be -# closed and reopened when the broker receives a HUP signal. Only a single file -# destination may be configured. -# -# The dlt destination is for the automotive `Diagnostic Log and Trace` tool. -# This requires that Mosquitto has been compiled with DLT support. -# -# Note that if the broker is running as a Windows service it will default to -# "log_dest none" and neither stdout nor stderr logging is available. -# Use "log_dest none" if you wish to disable logging. -#log_dest stderr - -# Types of messages to log. Use multiple log_type lines for logging -# multiple types of messages. -# Possible types are: debug, error, warning, notice, information, -# none, subscribe, unsubscribe, websockets, all. -# Note that debug type messages are for decoding the incoming/outgoing -# network packets. They are not logged in "topics". -#log_type error -#log_type warning -#log_type notice -#log_type information - - -# If set to true, client connection and disconnection messages will be included -# in the log. -#connection_messages true - -# If using syslog logging (not on Windows), messages will be logged to the -# "daemon" facility by default. Use the log_facility option to choose which of -# local0 to local7 to log to instead. The option value should be an integer -# value, e.g. "log_facility 5" to use local5. -#log_facility - -# If set to true, add a timestamp value to each log message. -#log_timestamp true - -# Set the format of the log timestamp. If left unset, this is the number of -# seconds since the Unix epoch. -# This is a free text string which will be passed to the strftime function. To -# get an ISO 8601 datetime, for example: -# log_timestamp_format %Y-%m-%dT%H:%M:%S -#log_timestamp_format - -# Change the websockets logging level. This is a global option, it is not -# possible to set per listener. This is an integer that is interpreted by -# libwebsockets as a bit mask for its lws_log_levels enum. See the -# libwebsockets documentation for more details. "log_type websockets" must also -# be enabled. -#websockets_log_level 0 - - -# ================================================================= -# Security -# ================================================================= - -# If set, only clients that have a matching prefix on their -# clientid will be allowed to connect to the broker. By default, -# all clients may connect. -# For example, setting "secure-" here would mean a client "secure- -# client" could connect but another with clientid "mqtt" couldn't. -#clientid_prefixes - -# Boolean value that determines whether clients that connect -# without providing a username are allowed to connect. If set to -# false then a password file should be created (see the -# password_file option) to control authenticated client access. -# -# Defaults to false, unless there are no listeners defined in the configuration -# file, in which case it is set to true, but connections are only allowed from -# the local machine. -#allow_anonymous false - -# ----------------------------------------------------------------- -# Default authentication and topic access control -# ----------------------------------------------------------------- - -# Control access to the broker using a password file. This file can be -# generated using the mosquitto_passwd utility. If TLS support is not compiled -# into mosquitto (it is recommended that TLS support should be included) then -# plain text passwords are used, in which case the file should be a text file -# with lines in the format: -# username:password -# The password (and colon) may be omitted if desired, although this -# offers very little in the way of security. -# -# See the TLS client require_certificate and use_identity_as_username options -# for alternative authentication options. If a plugin is used as well as -# password_file, the plugin check will be made first. -#password_file - -# Access may also be controlled using a pre-shared-key file. This requires -# TLS-PSK support and a listener configured to use it. The file should be text -# lines in the format: -# identity:key -# The key should be in hexadecimal format without a leading "0x". -# If an plugin is used as well, the plugin check will be made first. -#psk_file - -# Control access to topics on the broker using an access control list -# file. If this parameter is defined then only the topics listed will -# have access. -# If the first character of a line of the ACL file is a # it is treated as a -# comment. -# Topic access is added with lines of the format: -# -# topic [read|write|readwrite|deny] -# -# The access type is controlled using "read", "write", "readwrite" or "deny". -# This parameter is optional (unless contains a space character) - if -# not given then the access is read/write. can contain the + or # -# wildcards as in subscriptions. -# -# The "deny" option can used to explicity deny access to a topic that would -# otherwise be granted by a broader read/write/readwrite statement. Any "deny" -# topics are handled before topics that grant read/write access. -# -# The first set of topics are applied to anonymous clients, assuming -# allow_anonymous is true. User specific topic ACLs are added after a -# user line as follows: -# -# user -# -# The username referred to here is the same as in password_file. It is -# not the clientid. -# -# -# If is also possible to define ACLs based on pattern substitution within the -# topic. The patterns available for substition are: -# -# %c to match the client id of the client -# %u to match the username of the client -# -# The substitution pattern must be the only text for that level of hierarchy. -# -# The form is the same as for the topic keyword, but using pattern as the -# keyword. -# Pattern ACLs apply to all users even if the "user" keyword has previously -# been given. -# -# If using bridges with usernames and ACLs, connection messages can be allowed -# with the following pattern: -# pattern write $SYS/broker/connection/%c/state -# -# pattern [read|write|readwrite] -# -# Example: -# -# pattern write sensor/%u/data -# -# If an plugin is used as well as acl_file, the plugin check will be -# made first. -#acl_file - -# ----------------------------------------------------------------- -# External authentication and topic access plugin options -# ----------------------------------------------------------------- - -# External authentication and access control can be supported with the -# plugin option. This is a path to a loadable plugin. See also the -# plugin_opt_* options described below. -# -# The plugin option can be specified multiple times to load multiple -# plugins. The plugins will be processed in the order that they are specified -# here. If the plugin option is specified alongside either of -# password_file or acl_file then the plugin checks will be made first. -# -# If the per_listener_settings option is false, the plugin will be apply to all -# listeners. If per_listener_settings is true, then the plugin will apply to -# the current listener being defined only. -# -# This option is also available as `auth_plugin`, but this use is deprecated -# and will be removed in the future. -# -#plugin - -# If the plugin option above is used, define options to pass to the -# plugin here as described by the plugin instructions. All options named -# using the format plugin_opt_* will be passed to the plugin, for example: -# -# This option is also available as `auth_opt_*`, but this use is deprecated -# and will be removed in the future. -# -# plugin_opt_db_host -# plugin_opt_db_port -# plugin_opt_db_username -# plugin_opt_db_password - - -# ================================================================= -# Bridges -# ================================================================= - -# A bridge is a way of connecting multiple MQTT brokers together. -# Create a new bridge using the "connection" option as described below. Set -# options for the bridges using the remaining parameters. You must specify the -# address and at least one topic to subscribe to. -# -# Each connection must have a unique name. -# -# The address line may have multiple host address and ports specified. See -# below in the round_robin description for more details on bridge behaviour if -# multiple addresses are used. Note that if you use an IPv6 address, then you -# are required to specify a port. -# -# The direction that the topic will be shared can be chosen by -# specifying out, in or both, where the default value is out. -# The QoS level of the bridged communication can be specified with the next -# topic option. The default QoS level is 0, to change the QoS the topic -# direction must also be given. -# -# The local and remote prefix options allow a topic to be remapped when it is -# bridged to/from the remote broker. This provides the ability to place a topic -# tree in an appropriate location. -# -# For more details see the mosquitto.conf man page. -# -# Multiple topics can be specified per connection, but be careful -# not to create any loops. -# -# If you are using bridges with cleansession set to false (the default), then -# you may get unexpected behaviour from incoming topics if you change what -# topics you are subscribing to. This is because the remote broker keeps the -# subscription for the old topic. If you have this problem, connect your bridge -# with cleansession set to true, then reconnect with cleansession set to false -# as normal. -#connection -#address [:] [[:]] -#topic [[[out | in | both] qos-level] local-prefix remote-prefix] - -# If you need to have the bridge connect over a particular network interface, -# use bridge_bind_address to tell the bridge which local IP address the socket -# should bind to, e.g. `bridge_bind_address 192.168.1.10` -#bridge_bind_address - -# If a bridge has topics that have "out" direction, the default behaviour is to -# send an unsubscribe request to the remote broker on that topic. This means -# that changing a topic direction from "in" to "out" will not keep receiving -# incoming messages. Sending these unsubscribe requests is not always -# desirable, setting bridge_attempt_unsubscribe to false will disable sending -# the unsubscribe request. -#bridge_attempt_unsubscribe true - -# Set the version of the MQTT protocol to use with for this bridge. Can be one -# of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311. -#bridge_protocol_version mqttv311 - -# Set the clean session variable for this bridge. -# When set to true, when the bridge disconnects for any reason, all -# messages and subscriptions will be cleaned up on the remote -# broker. Note that with cleansession set to true, there may be a -# significant amount of retained messages sent when the bridge -# reconnects after losing its connection. -# When set to false, the subscriptions and messages are kept on the -# remote broker, and delivered when the bridge reconnects. -#cleansession false - -# Set the amount of time a bridge using the lazy start type must be idle before -# it will be stopped. Defaults to 60 seconds. -#idle_timeout 60 - -# Set the keepalive interval for this bridge connection, in -# seconds. -#keepalive_interval 60 - -# Set the clientid to use on the local broker. If not defined, this defaults to -# 'local.'. If you are bridging a broker to itself, it is important -# that local_clientid and clientid do not match. -#local_clientid - -# If set to true, publish notification messages to the local and remote brokers -# giving information about the state of the bridge connection. Retained -# messages are published to the topic $SYS/broker/connection//state -# unless the notification_topic option is used. -# If the message is 1 then the connection is active, or 0 if the connection has -# failed. -# This uses the last will and testament feature. -#notifications true - -# Choose the topic on which notification messages for this bridge are -# published. If not set, messages are published on the topic -# $SYS/broker/connection//state -#notification_topic - -# Set the client id to use on the remote end of this bridge connection. If not -# defined, this defaults to 'name.hostname' where name is the connection name -# and hostname is the hostname of this computer. -# This replaces the old "clientid" option to avoid confusion. "clientid" -# remains valid for the time being. -#remote_clientid - -# Set the password to use when connecting to a broker that requires -# authentication. This option is only used if remote_username is also set. -# This replaces the old "password" option to avoid confusion. "password" -# remains valid for the time being. -#remote_password - -# Set the username to use when connecting to a broker that requires -# authentication. -# This replaces the old "username" option to avoid confusion. "username" -# remains valid for the time being. -#remote_username - -# Set the amount of time a bridge using the automatic start type will wait -# until attempting to reconnect. -# This option can be configured to use a constant delay time in seconds, or to -# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree -# of randomness to when the restart occurs. -# -# Set a constant timeout of 20 seconds: -# restart_timeout 20 -# -# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of -# 60 seconds: -# restart_timeout 10 30 -# -# Defaults to jitter with a base of 5 and cap of 30 -#restart_timeout 5 30 - -# If the bridge has more than one address given in the address/addresses -# configuration, the round_robin option defines the behaviour of the bridge on -# a failure of the bridge connection. If round_robin is false, the default -# value, then the first address is treated as the main bridge connection. If -# the connection fails, the other secondary addresses will be attempted in -# turn. Whilst connected to a secondary bridge, the bridge will periodically -# attempt to reconnect to the main bridge until successful. -# If round_robin is true, then all addresses are treated as equals. If a -# connection fails, the next address will be tried and if successful will -# remain connected until it fails -#round_robin false - -# Set the start type of the bridge. This controls how the bridge starts and -# can be one of three types: automatic, lazy and once. Note that RSMB provides -# a fourth start type "manual" which isn't currently supported by mosquitto. -# -# "automatic" is the default start type and means that the bridge connection -# will be started automatically when the broker starts and also restarted -# after a short delay (30 seconds) if the connection fails. -# -# Bridges using the "lazy" start type will be started automatically when the -# number of queued messages exceeds the number set with the "threshold" -# parameter. It will be stopped automatically after the time set by the -# "idle_timeout" parameter. Use this start type if you wish the connection to -# only be active when it is needed. -# -# A bridge using the "once" start type will be started automatically when the -# broker starts but will not be restarted if the connection fails. -#start_type automatic - -# Set the number of messages that need to be queued for a bridge with lazy -# start type to be restarted. Defaults to 10 messages. -# Must be less than max_queued_messages. -#threshold 10 - -# If try_private is set to true, the bridge will attempt to indicate to the -# remote broker that it is a bridge not an ordinary client. If successful, this -# means that loop detection will be more effective and that retained messages -# will be propagated correctly. Not all brokers support this feature so it may -# be necessary to set try_private to false if your bridge does not connect -# properly. -#try_private true - -# Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism -# for brokers to tell clients that they do not support retained messages, but -# this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a -# v3.1.1 or v3.1 broker that does not support retained messages, set the -# bridge_outgoing_retain option to false. This will remove the retain bit on -# all outgoing messages to that bridge, regardless of any other setting. -#bridge_outgoing_retain true - -# If you wish to restrict the size of messages sent to a remote bridge, use the -# bridge_max_packet_size option. This sets the maximum number of bytes for -# the total message, including headers and payload. -# Note that MQTT v5 brokers may provide their own maximum-packet-size property. -# In this case, the smaller of the two limits will be used. -# Set to 0 for "unlimited". -#bridge_max_packet_size 0 - - -# ----------------------------------------------------------------- -# Certificate based SSL/TLS support -# ----------------------------------------------------------------- -# Either bridge_cafile or bridge_capath must be defined to enable TLS support -# for this bridge. -# bridge_cafile defines the path to a file containing the -# Certificate Authority certificates that have signed the remote broker -# certificate. -# bridge_capath defines a directory that will be searched for files containing -# the CA certificates. For bridge_capath to work correctly, the certificate -# files must have ".crt" as the file ending and you must run "openssl rehash -# " each time you add/remove a certificate. -#bridge_cafile -#bridge_capath - - -# If the remote broker has more than one protocol available on its port, e.g. -# MQTT and WebSockets, then use bridge_alpn to configure which protocol is -# requested. Note that WebSockets support for bridges is not yet available. -#bridge_alpn - -# When using certificate based encryption, bridge_insecure disables -# verification of the server hostname in the server certificate. This can be -# useful when testing initial server configurations, but makes it possible for -# a malicious third party to impersonate your server through DNS spoofing, for -# example. Use this option in testing only. If you need to resort to using this -# option in a production environment, your setup is at fault and there is no -# point using encryption. -#bridge_insecure false - -# Path to the PEM encoded client certificate, if required by the remote broker. -#bridge_certfile - -# Path to the PEM encoded client private key, if required by the remote broker. -#bridge_keyfile - -# ----------------------------------------------------------------- -# PSK based SSL/TLS support -# ----------------------------------------------------------------- -# Pre-shared-key encryption provides an alternative to certificate based -# encryption. A bridge can be configured to use PSK with the bridge_identity -# and bridge_psk options. These are the client PSK identity, and pre-shared-key -# in hexadecimal format with no "0x". Only one of certificate and PSK based -# encryption can be used on one -# bridge at once. -#bridge_identity -#bridge_psk - - -# ================================================================= -# External config files -# ================================================================= - -# External configuration files may be included by using the -# include_dir option. This defines a directory that will be searched -# for config files. All files that end in '.conf' will be loaded as -# a configuration file. It is best to have this as the last option -# in the main file. This option will only be processed from the main -# configuration file. The directory specified must not contain the -# main configuration file. -# Files within include_dir will be loaded sorted in case-sensitive -# alphabetical order, with capital letters ordered first. If this option is -# given multiple times, all of the files from the first instance will be -# processed before the next instance. See the man page for examples. -#include_dir -CFGEOF - -#Gen file /etc/mosquitto/mosquitto.conf - -mkdir -p "/etc/mosquitto" -cat << 'CFGEOF' > "/etc/mosquitto/mosquitto.conf" -# Config file for mosquitto -# -# See mosquitto.conf(5) for more information. -# -# Default values are shown, uncomment to change. -# -# Use the # character to indicate a comment, but only if it is the -# very first character on the line. - -# ================================================================= -# General configuration -# ================================================================= - -# Use per listener security settings. -# -# It is recommended this option be set before any other options. -# -# If this option is set to true, then all authentication and access control -# options are controlled on a per listener basis. The following options are -# affected: -# -# acl_file -# allow_anonymous -# allow_zero_length_clientid -# auto_id_prefix -# password_file -# plugin -# plugin_opt_* -# psk_file -# -# Note that if set to true, then a durable client (i.e. with clean session set -# to false) that has disconnected will use the ACL settings defined for the -# listener that it was most recently connected to. -# -# The default behaviour is for this to be set to false, which maintains the -# setting behaviour from previous versions of mosquitto. -#per_listener_settings false - - -# This option controls whether a client is allowed to connect with a zero -# length client id or not. This option only affects clients using MQTT v3.1.1 -# and later. If set to false, clients connecting with a zero length client id -# are disconnected. If set to true, clients will be allocated a client id by -# the broker. This means it is only useful for clients with clean session set -# to true. -#allow_zero_length_clientid true - -# If allow_zero_length_clientid is true, this option allows you to set a prefix -# to automatically generated client ids to aid visibility in logs. -# Defaults to 'auto-' -#auto_id_prefix auto- - -# This option affects the scenario when a client subscribes to a topic that has -# retained messages. It is possible that the client that published the retained -# message to the topic had access at the time they published, but that access -# has been subsequently removed. If check_retain_source is set to true, the -# default, the source of a retained message will be checked for access rights -# before it is republished. When set to false, no check will be made and the -# retained message will always be published. This affects all listeners. -#check_retain_source true - -# QoS 1 and 2 messages will be allowed inflight per client until this limit -# is exceeded. Defaults to 0. (No maximum) -# See also max_inflight_messages -#max_inflight_bytes 0 - -# The maximum number of QoS 1 and 2 messages currently inflight per -# client. -# This includes messages that are partway through handshakes and -# those that are being retried. Defaults to 20. Set to 0 for no -# maximum. Setting to 1 will guarantee in-order delivery of QoS 1 -# and 2 messages. -#max_inflight_messages 20 - -# For MQTT v5 clients, it is possible to have the server send a "server -# keepalive" value that will override the keepalive value set by the client. -# This is intended to be used as a mechanism to say that the server will -# disconnect the client earlier than it anticipated, and that the client should -# use the new keepalive value. The max_keepalive option allows you to specify -# that clients may only connect with keepalive less than or equal to this -# value, otherwise they will be sent a server keepalive telling them to use -# max_keepalive. This only applies to MQTT v5 clients. The default, and maximum -# value allowable, is 65535. -# -# Set to 0 to allow clients to set keepalive = 0, which means no keepalive -# checks are made and the client will never be disconnected by the broker if no -# messages are received. You should be very sure this is the behaviour that you -# want. -# -# For MQTT v3.1.1 and v3.1 clients, there is no mechanism to tell the client -# what keepalive value they should use. If an MQTT v3.1.1 or v3.1 client -# specifies a keepalive time greater than max_keepalive they will be sent a -# CONNACK message with the "identifier rejected" reason code, and disconnected. -# -#max_keepalive 65535 - -# For MQTT v5 clients, it is possible to have the server send a "maximum packet -# size" value that will instruct the client it will not accept MQTT packets -# with size greater than max_packet_size bytes. This applies to the full MQTT -# packet, not just the payload. Setting this option to a positive value will -# set the maximum packet size to that number of bytes. If a client sends a -# packet which is larger than this value, it will be disconnected. This applies -# to all clients regardless of the protocol version they are using, but v3.1.1 -# and earlier clients will of course not have received the maximum packet size -# information. Defaults to no limit. Setting below 20 bytes is forbidden -# because it is likely to interfere with ordinary client operation, even with -# very small payloads. -#max_packet_size 0 - -# QoS 1 and 2 messages above those currently in-flight will be queued per -# client until this limit is exceeded. Defaults to 0. (No maximum) -# See also max_queued_messages. -# If both max_queued_messages and max_queued_bytes are specified, packets will -# be queued until the first limit is reached. -#max_queued_bytes 0 - -# Set the maximum QoS supported. Clients publishing at a QoS higher than -# specified here will be disconnected. -#max_qos 2 - -# The maximum number of QoS 1 and 2 messages to hold in a queue per client -# above those that are currently in-flight. Defaults to 1000. Set -# to 0 for no maximum (not recommended). -# See also queue_qos0_messages. -# See also max_queued_bytes. -#max_queued_messages 1000 -# -# This option sets the maximum number of heap memory bytes that the broker will -# allocate, and hence sets a hard limit on memory use by the broker. Memory -# requests that exceed this value will be denied. The effect will vary -# depending on what has been denied. If an incoming message is being processed, -# then the message will be dropped and the publishing client will be -# disconnected. If an outgoing message is being sent, then the individual -# message will be dropped and the receiving client will be disconnected. -# Defaults to no limit. -#memory_limit 0 - -# This option sets the maximum publish payload size that the broker will allow. -# Received messages that exceed this size will not be accepted by the broker. -# The default value is 0, which means that all valid MQTT messages are -# accepted. MQTT imposes a maximum payload size of 268435455 bytes. -#message_size_limit 0 - -# This option allows the session of persistent clients (those with clean -# session set to false) that are not currently connected to be removed if they -# do not reconnect within a certain time frame. This is a non-standard option -# in MQTT v3.1. MQTT v3.1.1 and v5.0 allow brokers to remove client sessions. -# -# Badly designed clients may set clean session to false whilst using a randomly -# generated client id. This leads to persistent clients that connect once and -# never reconnect. This option allows these clients to be removed. This option -# allows persistent clients (those with clean session set to false) to be -# removed if they do not reconnect within a certain time frame. -# -# The expiration period should be an integer followed by one of h d w m y for -# hour, day, week, month and year respectively. For example -# -# persistent_client_expiration 2m -# persistent_client_expiration 14d -# persistent_client_expiration 1y -# -# The default if not set is to never expire persistent clients. -#persistent_client_expiration - -# Write process id to a file. Default is a blank string which means -# a pid file shouldn't be written. -# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is -# being run automatically on boot with an init script and -# start-stop-daemon or similar. -#pid_file - -# Set to true to queue messages with QoS 0 when a persistent client is -# disconnected. These messages are included in the limit imposed by -# max_queued_messages and max_queued_bytes -# Defaults to false. -# This is a non-standard option for the MQTT v3.1 spec but is allowed in -# v3.1.1. -#queue_qos0_messages false - -# Set to false to disable retained message support. If a client publishes a -# message with the retain bit set, it will be disconnected if this is set to -# false. -#retain_available true - -# Disable Nagle's algorithm on client sockets. This has the effect of reducing -# latency of individual messages at the potential cost of increasing the number -# of packets being sent. -#set_tcp_nodelay false - -# Time in seconds between updates of the $SYS tree. -# Set to 0 to disable the publishing of the $SYS tree. -#sys_interval 10 - -# The MQTT specification requires that the QoS of a message delivered to a -# subscriber is never upgraded to match the QoS of the subscription. Enabling -# this option changes this behaviour. If upgrade_outgoing_qos is set true, -# messages sent to a subscriber will always match the QoS of its subscription. -# This is a non-standard option explicitly disallowed by the spec. -#upgrade_outgoing_qos false - -# When run as root, drop privileges to this user and its primary -# group. -# Set to root to stay as root, but this is not recommended. -# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist -# then it will drop privileges to the "nobody" user instead. -# If run as a non-root user, this setting has no effect. -# Note that on Windows this has no effect and so mosquitto should be started by -# the user you wish it to run as. -#user mosquitto - -# ================================================================= -# Listeners -# ================================================================= - -# Listen on a port/ip address combination. By using this variable -# multiple times, mosquitto can listen on more than one port. If -# this variable is used and neither bind_address nor port given, -# then the default listener will not be started. -# The port number to listen on must be given. Optionally, an ip -# address or host name may be supplied as a second argument. In -# this case, mosquitto will attempt to bind the listener to that -# address and so restrict access to the associated network and -# interface. By default, mosquitto will listen on all interfaces. -# Note that for a websockets listener it is not possible to bind to a host -# name. -# -# On systems that support Unix Domain Sockets, it is also possible -# to create a # Unix socket rather than opening a TCP socket. In -# this case, the port number should be set to 0 and a unix socket -# path must be provided, e.g. -# listener 0 /tmp/mosquitto.sock -# -# listener port-number [ip address/host name/unix socket path] -#listener - -# By default, a listener will attempt to listen on all supported IP protocol -# versions. If you do not have an IPv4 or IPv6 interface you may wish to -# disable support for either of those protocol versions. In particular, note -# that due to the limitations of the websockets library, it will only ever -# attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail -# if IPv6 is not available. -# -# Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to -# force the listener to only use IPv6. If you want support for both IPv4 and -# IPv6, then do not use the socket_domain option. -# -#socket_domain - -# Bind the listener to a specific interface. This is similar to -# the [ip address/host name] part of the listener definition, but is useful -# when an interface has multiple addresses or the address may change. If used -# with the [ip address/host name] part of the listener definition, then the -# bind_interface option will take priority. -# Not available on Windows. -# -# Example: bind_interface eth0 -#bind_interface - -# When a listener is using the websockets protocol, it is possible to serve -# http data as well. Set http_dir to a directory which contains the files you -# wish to serve. If this option is not specified, then no normal http -# connections will be possible. -#http_dir - -# The maximum number of client connections to allow. This is -# a per listener setting. -# Default is -1, which means unlimited connections. -# Note that other process limits mean that unlimited connections -# are not really possible. Typically the default maximum number of -# connections possible is around 1024. -#max_connections -1 - -# The listener can be restricted to operating within a topic hierarchy using -# the mount_point option. This is achieved be prefixing the mount_point string -# to all topics for any clients connected to this listener. This prefixing only -# happens internally to the broker; the client will not see the prefix. -#mount_point - -# Choose the protocol to use when listening. -# This can be either mqtt or websockets. -# Certificate based TLS may be used with websockets, except that only the -# cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported. -#protocol mqtt - -# Set use_username_as_clientid to true to replace the clientid that a client -# connected with with its username. This allows authentication to be tied to -# the clientid, which means that it is possible to prevent one client -# disconnecting another by using the same clientid. -# If a client connects with no username it will be disconnected as not -# authorised when this option is set to true. -# Do not use in conjunction with clientid_prefixes. -# See also use_identity_as_username. -# This does not apply globally, but on a per-listener basis. -#use_username_as_clientid - -# Change the websockets headers size. This is a global option, it is not -# possible to set per listener. This option sets the size of the buffer used in -# the libwebsockets library when reading HTTP headers. If you are passing large -# header data such as cookies then you may need to increase this value. If left -# unset, or set to 0, then the default of 1024 bytes will be used. -#websockets_headers_size - -# ----------------------------------------------------------------- -# Certificate based SSL/TLS support -# ----------------------------------------------------------------- -# The following options can be used to enable certificate based SSL/TLS support -# for this listener. Note that the recommended port for MQTT over TLS is 8883, -# but this must be set manually. -# -# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS -# support" section. Only one of certificate or PSK encryption support can be -# enabled for any listener. - -# Both of certfile and keyfile must be defined to enable certificate based -# TLS encryption. - -# Path to the PEM encoded server certificate. -#certfile - -# Path to the PEM encoded keyfile. -#keyfile - -# If you wish to control which encryption ciphers are used, use the ciphers -# option. The list of available ciphers can be optained using the "openssl -# ciphers" command and should be provided in the same format as the output of -# that command. This applies to TLS 1.2 and earlier versions only. Use -# ciphers_tls1.3 for TLS v1.3. -#ciphers - -# Choose which TLS v1.3 ciphersuites are used for this listener. -# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" -#ciphers_tls1.3 - -# If you have require_certificate set to true, you can create a certificate -# revocation list file to revoke access to particular client certificates. If -# you have done this, use crlfile to point to the PEM encoded revocation file. -#crlfile - -# To allow the use of ephemeral DH key exchange, which provides forward -# security, the listener must load DH parameters. This can be specified with -# the dhparamfile option. The dhparamfile can be generated with the command -# e.g. "openssl dhparam -out dhparam.pem 2048" -#dhparamfile - -# By default an TLS enabled listener will operate in a similar fashion to a -# https enabled web server, in that the server has a certificate signed by a CA -# and the client will verify that it is a trusted certificate. The overall aim -# is encryption of the network traffic. By setting require_certificate to true, -# the client must provide a valid certificate in order for the network -# connection to proceed. This allows access to the broker to be controlled -# outside of the mechanisms provided by MQTT. -#require_certificate false - -# cafile and capath define methods of accessing the PEM encoded -# Certificate Authority certificates that will be considered trusted when -# checking incoming client certificates. -# cafile defines the path to a file containing the CA certificates. -# capath defines a directory that will be searched for files -# containing the CA certificates. For capath to work correctly, the -# certificate files must have ".crt" as the file ending and you must run -# "openssl rehash " each time you add/remove a certificate. -#cafile -#capath - - -# If require_certificate is true, you may set use_identity_as_username to true -# to use the CN value from the client certificate as a username. If this is -# true, the password_file option will not be used for this listener. -#use_identity_as_username false - -# ----------------------------------------------------------------- -# Pre-shared-key based SSL/TLS support -# ----------------------------------------------------------------- -# The following options can be used to enable PSK based SSL/TLS support for -# this listener. Note that the recommended port for MQTT over TLS is 8883, but -# this must be set manually. -# -# See also the mosquitto-tls man page and the "Certificate based SSL/TLS -# support" section. Only one of certificate or PSK encryption support can be -# enabled for any listener. - -# The psk_hint option enables pre-shared-key support for this listener and also -# acts as an identifier for this listener. The hint is sent to clients and may -# be used locally to aid authentication. The hint is a free form string that -# doesn't have much meaning in itself, so feel free to be creative. -# If this option is provided, see psk_file to define the pre-shared keys to be -# used or create a security plugin to handle them. -#psk_hint - -# When using PSK, the encryption ciphers used will be chosen from the list of -# available PSK ciphers. If you want to control which ciphers are available, -# use the "ciphers" option. The list of available ciphers can be optained -# using the "openssl ciphers" command and should be provided in the same format -# as the output of that command. -#ciphers - -# Set use_identity_as_username to have the psk identity sent by the client used -# as its username. Authentication will be carried out using the PSK rather than -# the MQTT username/password and so password_file will not be used for this -# listener. -#use_identity_as_username false - - -# ================================================================= -# Persistence -# ================================================================= - -# If persistence is enabled, save the in-memory database to disk -# every autosave_interval seconds. If set to 0, the persistence -# database will only be written when mosquitto exits. See also -# autosave_on_changes. -# Note that writing of the persistence database can be forced by -# sending mosquitto a SIGUSR1 signal. -#autosave_interval 1800 - -# If true, mosquitto will count the number of subscription changes, retained -# messages received and queued messages and if the total exceeds -# autosave_interval then the in-memory database will be saved to disk. -# If false, mosquitto will save the in-memory database to disk by treating -# autosave_interval as a time in seconds. -#autosave_on_changes false - -# Save persistent message data to disk (true/false). -# This saves information about all messages, including -# subscriptions, currently in-flight messages and retained -# messages. -# retained_persistence is a synonym for this option. -#persistence false - -# The filename to use for the persistent database, not including -# the path. -#persistence_file mosquitto.db - -# Location for persistent database. -# Default is an empty string (current directory). -# Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or -# similar. -#persistence_location - - -# ================================================================= -# Logging -# ================================================================= - -# Places to log to. Use multiple log_dest lines for multiple -# logging destinations. -# Possible destinations are: stdout stderr syslog topic file dlt -# -# stdout and stderr log to the console on the named output. -# -# syslog uses the userspace syslog facility which usually ends up -# in /var/log/messages or similar. -# -# topic logs to the broker topic '$SYS/broker/log/', -# where severity is one of D, E, W, N, I, M which are debug, error, -# warning, notice, information and message. Message type severity is used by -# the subscribe/unsubscribe log_types and publishes log messages to -# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. -# -# The file destination requires an additional parameter which is the file to be -# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be -# closed and reopened when the broker receives a HUP signal. Only a single file -# destination may be configured. -# -# The dlt destination is for the automotive `Diagnostic Log and Trace` tool. -# This requires that Mosquitto has been compiled with DLT support. -# -# Note that if the broker is running as a Windows service it will default to -# "log_dest none" and neither stdout nor stderr logging is available. -# Use "log_dest none" if you wish to disable logging. -#log_dest stderr - -# Types of messages to log. Use multiple log_type lines for logging -# multiple types of messages. -# Possible types are: debug, error, warning, notice, information, -# none, subscribe, unsubscribe, websockets, all. -# Note that debug type messages are for decoding the incoming/outgoing -# network packets. They are not logged in "topics". -#log_type error -#log_type warning -#log_type notice -#log_type information - - -# If set to true, client connection and disconnection messages will be included -# in the log. -#connection_messages true - -# If using syslog logging (not on Windows), messages will be logged to the -# "daemon" facility by default. Use the log_facility option to choose which of -# local0 to local7 to log to instead. The option value should be an integer -# value, e.g. "log_facility 5" to use local5. -#log_facility - -# If set to true, add a timestamp value to each log message. -#log_timestamp true - -# Set the format of the log timestamp. If left unset, this is the number of -# seconds since the Unix epoch. -# This is a free text string which will be passed to the strftime function. To -# get an ISO 8601 datetime, for example: -# log_timestamp_format %Y-%m-%dT%H:%M:%S -#log_timestamp_format - -# Change the websockets logging level. This is a global option, it is not -# possible to set per listener. This is an integer that is interpreted by -# libwebsockets as a bit mask for its lws_log_levels enum. See the -# libwebsockets documentation for more details. "log_type websockets" must also -# be enabled. -#websockets_log_level 0 - - -# ================================================================= -# Security -# ================================================================= - -# If set, only clients that have a matching prefix on their -# clientid will be allowed to connect to the broker. By default, -# all clients may connect. -# For example, setting "secure-" here would mean a client "secure- -# client" could connect but another with clientid "mqtt" couldn't. -#clientid_prefixes - -# Boolean value that determines whether clients that connect -# without providing a username are allowed to connect. If set to -# false then a password file should be created (see the -# password_file option) to control authenticated client access. -# -# Defaults to false, unless there are no listeners defined in the configuration -# file, in which case it is set to true, but connections are only allowed from -# the local machine. -#allow_anonymous false - -# ----------------------------------------------------------------- -# Default authentication and topic access control -# ----------------------------------------------------------------- - -# Control access to the broker using a password file. This file can be -# generated using the mosquitto_passwd utility. If TLS support is not compiled -# into mosquitto (it is recommended that TLS support should be included) then -# plain text passwords are used, in which case the file should be a text file -# with lines in the format: -# username:password -# The password (and colon) may be omitted if desired, although this -# offers very little in the way of security. -# -# See the TLS client require_certificate and use_identity_as_username options -# for alternative authentication options. If a plugin is used as well as -# password_file, the plugin check will be made first. -#password_file - -# Access may also be controlled using a pre-shared-key file. This requires -# TLS-PSK support and a listener configured to use it. The file should be text -# lines in the format: -# identity:key -# The key should be in hexadecimal format without a leading "0x". -# If an plugin is used as well, the plugin check will be made first. -#psk_file - -# Control access to topics on the broker using an access control list -# file. If this parameter is defined then only the topics listed will -# have access. -# If the first character of a line of the ACL file is a # it is treated as a -# comment. -# Topic access is added with lines of the format: -# -# topic [read|write|readwrite|deny] -# -# The access type is controlled using "read", "write", "readwrite" or "deny". -# This parameter is optional (unless contains a space character) - if -# not given then the access is read/write. can contain the + or # -# wildcards as in subscriptions. -# -# The "deny" option can used to explicity deny access to a topic that would -# otherwise be granted by a broader read/write/readwrite statement. Any "deny" -# topics are handled before topics that grant read/write access. -# -# The first set of topics are applied to anonymous clients, assuming -# allow_anonymous is true. User specific topic ACLs are added after a -# user line as follows: -# -# user -# -# The username referred to here is the same as in password_file. It is -# not the clientid. -# -# -# If is also possible to define ACLs based on pattern substitution within the -# topic. The patterns available for substition are: -# -# %c to match the client id of the client -# %u to match the username of the client -# -# The substitution pattern must be the only text for that level of hierarchy. -# -# The form is the same as for the topic keyword, but using pattern as the -# keyword. -# Pattern ACLs apply to all users even if the "user" keyword has previously -# been given. -# -# If using bridges with usernames and ACLs, connection messages can be allowed -# with the following pattern: -# pattern write $SYS/broker/connection/%c/state -# -# pattern [read|write|readwrite] -# -# Example: -# -# pattern write sensor/%u/data -# -# If an plugin is used as well as acl_file, the plugin check will be -# made first. -#acl_file - -# ----------------------------------------------------------------- -# External authentication and topic access plugin options -# ----------------------------------------------------------------- - -# External authentication and access control can be supported with the -# plugin option. This is a path to a loadable plugin. See also the -# plugin_opt_* options described below. -# -# The plugin option can be specified multiple times to load multiple -# plugins. The plugins will be processed in the order that they are specified -# here. If the plugin option is specified alongside either of -# password_file or acl_file then the plugin checks will be made first. -# -# If the per_listener_settings option is false, the plugin will be apply to all -# listeners. If per_listener_settings is true, then the plugin will apply to -# the current listener being defined only. -# -# This option is also available as `auth_plugin`, but this use is deprecated -# and will be removed in the future. -# -#plugin - -# If the plugin option above is used, define options to pass to the -# plugin here as described by the plugin instructions. All options named -# using the format plugin_opt_* will be passed to the plugin, for example: -# -# This option is also available as `auth_opt_*`, but this use is deprecated -# and will be removed in the future. -# -# plugin_opt_db_host -# plugin_opt_db_port -# plugin_opt_db_username -# plugin_opt_db_password - - -# ================================================================= -# Bridges -# ================================================================= - -# A bridge is a way of connecting multiple MQTT brokers together. -# Create a new bridge using the "connection" option as described below. Set -# options for the bridges using the remaining parameters. You must specify the -# address and at least one topic to subscribe to. -# -# Each connection must have a unique name. -# -# The address line may have multiple host address and ports specified. See -# below in the round_robin description for more details on bridge behaviour if -# multiple addresses are used. Note that if you use an IPv6 address, then you -# are required to specify a port. -# -# The direction that the topic will be shared can be chosen by -# specifying out, in or both, where the default value is out. -# The QoS level of the bridged communication can be specified with the next -# topic option. The default QoS level is 0, to change the QoS the topic -# direction must also be given. -# -# The local and remote prefix options allow a topic to be remapped when it is -# bridged to/from the remote broker. This provides the ability to place a topic -# tree in an appropriate location. -# -# For more details see the mosquitto.conf man page. -# -# Multiple topics can be specified per connection, but be careful -# not to create any loops. -# -# If you are using bridges with cleansession set to false (the default), then -# you may get unexpected behaviour from incoming topics if you change what -# topics you are subscribing to. This is because the remote broker keeps the -# subscription for the old topic. If you have this problem, connect your bridge -# with cleansession set to true, then reconnect with cleansession set to false -# as normal. -#connection -#address [:] [[:]] -#topic [[[out | in | both] qos-level] local-prefix remote-prefix] - -# If you need to have the bridge connect over a particular network interface, -# use bridge_bind_address to tell the bridge which local IP address the socket -# should bind to, e.g. `bridge_bind_address 192.168.1.10` -#bridge_bind_address - -# If a bridge has topics that have "out" direction, the default behaviour is to -# send an unsubscribe request to the remote broker on that topic. This means -# that changing a topic direction from "in" to "out" will not keep receiving -# incoming messages. Sending these unsubscribe requests is not always -# desirable, setting bridge_attempt_unsubscribe to false will disable sending -# the unsubscribe request. -#bridge_attempt_unsubscribe true - -# Set the version of the MQTT protocol to use with for this bridge. Can be one -# of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311. -#bridge_protocol_version mqttv311 - -# Set the clean session variable for this bridge. -# When set to true, when the bridge disconnects for any reason, all -# messages and subscriptions will be cleaned up on the remote -# broker. Note that with cleansession set to true, there may be a -# significant amount of retained messages sent when the bridge -# reconnects after losing its connection. -# When set to false, the subscriptions and messages are kept on the -# remote broker, and delivered when the bridge reconnects. -#cleansession false - -# Set the amount of time a bridge using the lazy start type must be idle before -# it will be stopped. Defaults to 60 seconds. -#idle_timeout 60 - -# Set the keepalive interval for this bridge connection, in -# seconds. -#keepalive_interval 60 - -# Set the clientid to use on the local broker. If not defined, this defaults to -# 'local.'. If you are bridging a broker to itself, it is important -# that local_clientid and clientid do not match. -#local_clientid - -# If set to true, publish notification messages to the local and remote brokers -# giving information about the state of the bridge connection. Retained -# messages are published to the topic $SYS/broker/connection//state -# unless the notification_topic option is used. -# If the message is 1 then the connection is active, or 0 if the connection has -# failed. -# This uses the last will and testament feature. -#notifications true - -# Choose the topic on which notification messages for this bridge are -# published. If not set, messages are published on the topic -# $SYS/broker/connection//state -#notification_topic - -# Set the client id to use on the remote end of this bridge connection. If not -# defined, this defaults to 'name.hostname' where name is the connection name -# and hostname is the hostname of this computer. -# This replaces the old "clientid" option to avoid confusion. "clientid" -# remains valid for the time being. -#remote_clientid - -# Set the password to use when connecting to a broker that requires -# authentication. This option is only used if remote_username is also set. -# This replaces the old "password" option to avoid confusion. "password" -# remains valid for the time being. -#remote_password - -# Set the username to use when connecting to a broker that requires -# authentication. -# This replaces the old "username" option to avoid confusion. "username" -# remains valid for the time being. -#remote_username - -# Set the amount of time a bridge using the automatic start type will wait -# until attempting to reconnect. -# This option can be configured to use a constant delay time in seconds, or to -# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree -# of randomness to when the restart occurs. -# -# Set a constant timeout of 20 seconds: -# restart_timeout 20 -# -# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of -# 60 seconds: -# restart_timeout 10 30 -# -# Defaults to jitter with a base of 5 and cap of 30 -#restart_timeout 5 30 - -# If the bridge has more than one address given in the address/addresses -# configuration, the round_robin option defines the behaviour of the bridge on -# a failure of the bridge connection. If round_robin is false, the default -# value, then the first address is treated as the main bridge connection. If -# the connection fails, the other secondary addresses will be attempted in -# turn. Whilst connected to a secondary bridge, the bridge will periodically -# attempt to reconnect to the main bridge until successful. -# If round_robin is true, then all addresses are treated as equals. If a -# connection fails, the next address will be tried and if successful will -# remain connected until it fails -#round_robin false - -# Set the start type of the bridge. This controls how the bridge starts and -# can be one of three types: automatic, lazy and once. Note that RSMB provides -# a fourth start type "manual" which isn't currently supported by mosquitto. -# -# "automatic" is the default start type and means that the bridge connection -# will be started automatically when the broker starts and also restarted -# after a short delay (30 seconds) if the connection fails. -# -# Bridges using the "lazy" start type will be started automatically when the -# number of queued messages exceeds the number set with the "threshold" -# parameter. It will be stopped automatically after the time set by the -# "idle_timeout" parameter. Use this start type if you wish the connection to -# only be active when it is needed. -# -# A bridge using the "once" start type will be started automatically when the -# broker starts but will not be restarted if the connection fails. -#start_type automatic - -# Set the number of messages that need to be queued for a bridge with lazy -# start type to be restarted. Defaults to 10 messages. -# Must be less than max_queued_messages. -#threshold 10 - -# If try_private is set to true, the bridge will attempt to indicate to the -# remote broker that it is a bridge not an ordinary client. If successful, this -# means that loop detection will be more effective and that retained messages -# will be propagated correctly. Not all brokers support this feature so it may -# be necessary to set try_private to false if your bridge does not connect -# properly. -#try_private true - -# Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism -# for brokers to tell clients that they do not support retained messages, but -# this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a -# v3.1.1 or v3.1 broker that does not support retained messages, set the -# bridge_outgoing_retain option to false. This will remove the retain bit on -# all outgoing messages to that bridge, regardless of any other setting. -#bridge_outgoing_retain true - -# If you wish to restrict the size of messages sent to a remote bridge, use the -# bridge_max_packet_size option. This sets the maximum number of bytes for -# the total message, including headers and payload. -# Note that MQTT v5 brokers may provide their own maximum-packet-size property. -# In this case, the smaller of the two limits will be used. -# Set to 0 for "unlimited". -#bridge_max_packet_size 0 - - -# ----------------------------------------------------------------- -# Certificate based SSL/TLS support -# ----------------------------------------------------------------- -# Either bridge_cafile or bridge_capath must be defined to enable TLS support -# for this bridge. -# bridge_cafile defines the path to a file containing the -# Certificate Authority certificates that have signed the remote broker -# certificate. -# bridge_capath defines a directory that will be searched for files containing -# the CA certificates. For bridge_capath to work correctly, the certificate -# files must have ".crt" as the file ending and you must run "openssl rehash -# " each time you add/remove a certificate. -#bridge_cafile -#bridge_capath - - -# If the remote broker has more than one protocol available on its port, e.g. -# MQTT and WebSockets, then use bridge_alpn to configure which protocol is -# requested. Note that WebSockets support for bridges is not yet available. -#bridge_alpn - -# When using certificate based encryption, bridge_insecure disables -# verification of the server hostname in the server certificate. This can be -# useful when testing initial server configurations, but makes it possible for -# a malicious third party to impersonate your server through DNS spoofing, for -# example. Use this option in testing only. If you need to resort to using this -# option in a production environment, your setup is at fault and there is no -# point using encryption. -#bridge_insecure false - -# Path to the PEM encoded client certificate, if required by the remote broker. -#bridge_certfile - -# Path to the PEM encoded client private key, if required by the remote broker. -#bridge_keyfile - -# ----------------------------------------------------------------- -# PSK based SSL/TLS support -# ----------------------------------------------------------------- -# Pre-shared-key encryption provides an alternative to certificate based -# encryption. A bridge can be configured to use PSK with the bridge_identity -# and bridge_psk options. These are the client PSK identity, and pre-shared-key -# in hexadecimal format with no "0x". Only one of certificate and PSK based -# encryption can be used on one -# bridge at once. -#bridge_identity -#bridge_psk - - -# ================================================================= -# External config files -# ================================================================= - -# External configuration files may be included by using the -# include_dir option. This defines a directory that will be searched -# for config files. All files that end in '.conf' will be loaded as -# a configuration file. It is best to have this as the last option -# in the main file. This option will only be processed from the main -# configuration file. The directory specified must not contain the -# main configuration file. -# Files within include_dir will be loaded sorted in case-sensitive -# alphabetical order, with capital letters ordered first. If this option is -# given multiple times, all of the files from the first instance will be -# processed before the next instance. See the man page for examples. -#include_dir -listener 1883 0.0.0.0 -autosave_interval 86400 # once a day -persistence true -persistence_location /root/bkpscript -allow_anonymous true -CFGEOF - +# WARNING: /etc/mosquitto не существует # WARNING: /etc/bird.conf не существует # WARNING: /etc/bird4.conf не существует # WARNING: /etc/init.d/y_startup не существует @@ -2346,6 +486,25 @@ cat << 'CFGEOF' > "/etc/rc.local" exit 0 CFGEOF +#Gen file /etc/init.d/vsftpd + +mkdir -p "/etc/init.d" +cat << 'CFGEOF' > "/etc/init.d/vsftpd" +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2011 OpenWrt.org + +START=50 + +start() { + mkdir -m 0755 -p /var/run/vsftpd + service_start /usr/sbin/vsftpd +} + +stop() { + service_stop /usr/sbin/vsftpd +} +CFGEOF + #---------------------------------------------------- #Generating cron #---------------------------------------------------- diff --git a/bkps/wrt-bkp-172.16.111.7.sh b/bkps/wrt-bkp-172.16.111.7.sh index c9d82ab..ac9c875 100644 --- a/bkps/wrt-bkp-172.16.111.7.sh +++ b/bkps/wrt-bkp-172.16.111.7.sh @@ -51,8 +51,10 @@ opkg install fstools opkg install uci opkg install lua opkg install ucode-mod-fs +opkg install dawn opkg install luci-ssl opkg install dropbear +opkg install luci-app-dawn opkg install rpcd-mod-file opkg install mtd opkg install odhcpd-ipv6only @@ -92,7 +94,6 @@ opkg install kmod-nft-core opkg install uhttpd-mod-ubus opkg install fwtool opkg install jsonfilter -opkg install hostapd-common opkg install urngd opkg install kmod-slhc opkg install rpcd-mod-rrdns @@ -101,6 +102,80 @@ opkg install ppp-mod-pppoe #Generating configuration Xiaomi Mi Router 3G v2 #---------------------------------------------------- uci -q batch << EOI +set dawn.@local[0]=local +set dawn.@local[0].loglevel='0' +set dawn.@network[0]=network +set dawn.@network[0].broadcast_ip='10.0.0.255' +set dawn.@network[0].broadcast_port='1025' +set dawn.@network[0].tcp_port='1026' +set dawn.@network[0].network_option='2' +set dawn.@network[0].shared_key='Niiiiiiiiiiiiick' +set dawn.@network[0].iv='Niiiiiiiiiiiiick' +set dawn.@network[0].use_symm_enc='0' +set dawn.@network[0].collision_domain='-1' +set dawn.@network[0].bandwidth='-1' +set dawn.@hostapd[0]=hostapd +set dawn.@hostapd[0].hostapd_dir='/var/run/hostapd' +set dawn.@times[0]=times +set dawn.@times[0].con_timeout='60' +set dawn.@times[0].update_client='10' +set dawn.@times[0].remove_client='15' +set dawn.@times[0].remove_probe='30' +set dawn.@times[0].remove_ap='460' +set dawn.@times[0].update_hostapd='10' +set dawn.@times[0].update_tcp_con='10' +set dawn.@times[0].update_chan_util='5' +set dawn.@times[0].update_beacon_reports='20' +set dawn.global=metric +set dawn.global.min_probe_count='3' +set dawn.global.bandwidth_threshold='6' +set dawn.global.use_station_count='0' +set dawn.global.max_station_diff='1' +set dawn.global.eval_probe_req='0' +set dawn.global.eval_auth_req='0' +set dawn.global.eval_assoc_req='0' +set dawn.global.kicking='3' +set dawn.global.kicking_threshold='20' +set dawn.global.deny_auth_reason='1' +set dawn.global.deny_assoc_reason='17' +set dawn.global.min_number_to_kick='3' +set dawn.global.chan_util_avg_period='3' +set dawn.global.set_hostapd_nr='0' +set dawn.global.duration='0' +set dawn.global.rrm_mode='pat' +set dawn.802_11g=metric +set dawn.802_11g.initial_score='80' +set dawn.802_11g.ht_support='5' +set dawn.802_11g.vht_support='5' +set dawn.802_11g.no_ht_support='0' +set dawn.802_11g.no_vht_support='0' +set dawn.802_11g.rssi='15' +set dawn.802_11g.rssi_val='-60' +set dawn.802_11g.low_rssi_val='-80' +set dawn.802_11g.low_rssi='-15' +set dawn.802_11g.chan_util='0' +set dawn.802_11g.chan_util_val='140' +set dawn.802_11g.max_chan_util='-15' +set dawn.802_11g.max_chan_util_val='170' +set dawn.802_11g.rssi_weight='0' +set dawn.802_11g.rssi_center='-70' +set dawn.802_11a=metric +set dawn.802_11a.initial_score='100' +set dawn.802_11a.ht_support='5' +set dawn.802_11a.vht_support='5' +set dawn.802_11a.no_ht_support='0' +set dawn.802_11a.no_vht_support='0' +set dawn.802_11a.rssi='15' +set dawn.802_11a.rssi_val='-60' +set dawn.802_11a.low_rssi_val='-80' +set dawn.802_11a.low_rssi='-15' +set dawn.802_11a.chan_util='0' +set dawn.802_11a.chan_util_val='140' +set dawn.802_11a.max_chan_util='-15' +set dawn.802_11a.max_chan_util_val='170' +set dawn.802_11a.rssi_weight='0' +set dawn.802_11a.rssi_center='-70' +commit dawn set dhcp.@dnsmasq[0]=dnsmasq set dhcp.@dnsmasq[0].domainneeded='1' set dhcp.@dnsmasq[0].localise_queries='1' @@ -385,6 +460,10 @@ set uhttpd.defaults.state='Somewhere' set uhttpd.defaults.location='Unknown' set uhttpd.defaults.commonname='OpenWrt' commit uhttpd +set umdns.@umdns[0]=umdns +set umdns.@umdns[0].jail='1' +set umdns.@umdns[0].network='lan' +commit umdns set wireless.radio0=wifi-device set wireless.radio0.type='mac80211' set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' @@ -398,13 +477,13 @@ set wireless.default_radio0.device='radio0' set wireless.default_radio0.network='lan' set wireless.default_radio0.mode='ap' set wireless.default_radio0.ssid='Buran' -set wireless.default_radio0.encryption='psk2' set wireless.default_radio0.key='23637387581' set wireless.default_radio0.ieee80211r='1' -set wireless.default_radio0.ft_over_ds='1' set wireless.default_radio0.ft_psk_generate_local='1' set wireless.default_radio0.mobility_domain='4f37' set wireless.default_radio0.short_preamble='0' +set wireless.default_radio0.encryption='sae-mixed' +set wireless.default_radio0.ft_over_ds='0' set wireless.radio1=wifi-device set wireless.radio1.type='mac80211' set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' @@ -412,7 +491,7 @@ set wireless.radio1.band='5g' set wireless.radio1.cell_density='0' set wireless.radio1.country='RU' set wireless.radio1.channel='44' -set wireless.radio1.htmode='VHT40' +set wireless.radio1.htmode='VHT80' set wireless.default_radio1=wifi-iface set wireless.default_radio1.device='radio1' set wireless.default_radio1.network='lan' @@ -421,10 +500,10 @@ set wireless.default_radio1.encryption='sae-mixed' set wireless.default_radio1.key='23637387581' set wireless.default_radio1.ieee80211r='1' set wireless.default_radio1.mobility_domain='4f17' -set wireless.default_radio1.ft_over_ds='1' set wireless.default_radio1.ft_psk_generate_local='1' set wireless.default_radio1.short_preamble='0' set wireless.default_radio1.ssid='Buran' +set wireless.default_radio1.ft_over_ds='0' commit wireless EOI #---------------------------------------------------- @@ -2242,6 +2321,7 @@ cat << 'CFGEOF' > "/etc/rc.local" exit 0 CFGEOF +# WARNING: /etc/init.d/vsftpd не существует #---------------------------------------------------- #Generating cron #---------------------------------------------------- diff --git a/bkps/wrt-bkp-172.16.17.1.sh b/bkps/wrt-bkp-172.16.17.1.sh index 6a179e7..5a41bb2 100644 --- a/bkps/wrt-bkp-172.16.17.1.sh +++ b/bkps/wrt-bkp-172.16.17.1.sh @@ -710,6 +710,7 @@ ip rule add priority 10 from all lookup 11 exit 0 CFGEOF +# WARNING: /etc/init.d/vsftpd не существует #---------------------------------------------------- #Generating cron #---------------------------------------------------- diff --git a/bkps/wrt-bkp-172.16.30.1.sh b/bkps/wrt-bkp-172.16.30.1.sh index 7a5d918..c6ef2d5 100644 --- a/bkps/wrt-bkp-172.16.30.1.sh +++ b/bkps/wrt-bkp-172.16.30.1.sh @@ -28,6 +28,7 @@ opkg install luci-mod-system opkg install kmod-nf-flow opkg install kmod-lib-crc-ccitt opkg install getrandom +opkg install prometheus-node-exporter-lua-netstat opkg install ucode-mod-ubus opkg install minicom opkg install kmod-gre @@ -48,7 +49,9 @@ opkg install dnsmasq opkg install 3ginfo-text opkg install usbutils opkg install ubusd +opkg install prometheus-node-exporter-lua opkg install kmod-lib-crc32c +opkg install prometheus-node-exporter-lua-uci_dhcp_host opkg install luci-mod-status opkg install kmod-pptp opkg install kmod-usb-net-rndis @@ -72,6 +75,7 @@ opkg install lua opkg install ucode-mod-fs opkg install luci-ssl opkg install dropbear +opkg install prometheus-node-exporter-lua-openwrt opkg install luci-proto-3g opkg install curl opkg install rpcd-mod-file @@ -88,6 +92,7 @@ opkg install urandom-seed opkg install luci-proto-ppp opkg install luci-mod-admin-full opkg install ppp +opkg install prometheus-node-exporter-lua-snmp6 opkg install luci-base opkg install luci-app-commands opkg install socat @@ -102,6 +107,7 @@ opkg install kmod-wireguard opkg install wireguard-tools opkg install kmod-usb-serial opkg install luci-proto-ipv6 +opkg install prometheus-node-exporter-lua-nat_traffic opkg install kmod-nf-nathelper-extra opkg install jshn opkg install kmod-ppp @@ -414,6 +420,10 @@ set network.@wireguard_wg25[0].public_key='VDfyo+MoeratWuQAzjljHyuD76ldn6YMG+1D0 set network.@wireguard_wg25[0].private_key='OBWaGPKSlRw2rilY1zY8KFkwmLlenR7WhgRE/UBSRXg=' set network.@wireguard_wg25[0].allowed_ips='0.0.0.0/0' commit network +set prometheus-node-exporter-lua.main=prometheus-node-exporter-lua +set prometheus-node-exporter-lua.main.listen_interface='loopback' +set prometheus-node-exporter-lua.main.listen_port='9100' +commit prometheus-node-exporter-lua set rpcd.@rpcd[0]=rpcd set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock' set rpcd.@rpcd[0].timeout='30' @@ -1867,6 +1877,7 @@ echo 'AT^SYSCFGEX="0302",3fffffff,2,4,7fffffffffffffff,,' | socat - /dev/ttyUSB exit 0 CFGEOF +# WARNING: /etc/init.d/vsftpd не существует #---------------------------------------------------- #Generating cron #----------------------------------------------------