adminer/OpenWRT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76ce6c4ca3809e77b5cbb6c80556322c6ed3f1f9
OpenWRT/bkps/wrt-bkp-172.16.30.1.sh
T
backup-bot 76ce6c4ca3 Monthly OpenWrt backup Fri May 15 02:03:00 UTC 2026
2026-05-15 02:03:00 +00:00

1927 lines
71 KiB
Bash
Raw Blame History

#hostname= Buran-pruj
#DISTRIB_DESCRIPTION='OpenWrt 22.03.0 r19685-512e76967f'
#profile = xiaomi_mi-router-3g
#target = ramips
#soc = mt7621
#arch = mipsel_24kc
#Xiaomi Mi Router 3G custom default settings
#----------------------------------------------------
#Generating cmd for install pkg
#----------------------------------------------------
opkg install luci-proto-wireguard
opkg install iwinfo
opkg install cgi-io
opkg install luci-lib-base
opkg install opkg
opkg install luci-app-opkg
opkg install ubus
opkg install rpcd
opkg install luci-lib-ip
opkg install kmod-nft-fib
opkg install kmod-nfnetlink
opkg install libubus-lua
opkg install kmod-crypto-hash
opkg install kmod-nf-reject6
opkg install libiwinfo-lua
opkg install luci-mod-system
opkg install kmod-nf-flow
opkg install kmod-lib-crc-ccitt
opkg install getrandom
opkg install prometheus-node-exporter-lua-netstat
opkg install ucode-mod-ubus
opkg install minicom
opkg install kmod-gre
opkg install luci-theme-bootstrap
opkg install kmod-pppoe
opkg install kmod-usb-net-huawei-cdc-ncm
opkg install kmod-pppox
opkg install luci-app-wireguard
opkg install kmod-nf-reject
opkg install procd-ujail
opkg install base-files
opkg install kmod-nf-nat
opkg install kmod-crypto-crc32c
opkg install ucode-mod-uci
opkg install netifd
opkg install uboot-envtools
opkg install dnsmasq
opkg install 3ginfo-text
opkg install usbutils
opkg install ubusd
opkg install prometheus-node-exporter-lua
opkg install kmod-lib-crc32c
opkg install prometheus-node-exporter-lua-uci_dhcp_host
opkg install luci-mod-status
opkg install kmod-pptp
opkg install kmod-usb-net-rndis
opkg install luci-proto-modemmanager
opkg install kmod-nft-nat
opkg install kmod-usb2
opkg install kmod-usb-serial-option
opkg install kmod-usb3
opkg install luci-app-firewall
opkg install kmod-fs-nfs-v3
opkg install kmod-fs-nfs-v4
opkg install tcpdump
opkg install ubi-utils
opkg install nfs-utils
opkg install odhcp6c
opkg install fstools
opkg install lftp
opkg install iptables-mod-ipopt
opkg install uci
opkg install lua
opkg install ucode-mod-fs
opkg install luci-ssl
opkg install dropbear
opkg install prometheus-node-exporter-lua-openwrt
opkg install luci-proto-3g
opkg install curl
opkg install rpcd-mod-file
opkg install mtd
opkg install odhcpd-ipv6only
opkg install procd-seccomp
opkg install luci-proto-qmi
opkg install libiwinfo-data
opkg install usb-modeswitch
opkg install ucode
opkg install rpcd-mod-luci
opkg install kmod-nf-log
opkg install urandom-seed
opkg install luci-proto-ppp
opkg install luci-mod-admin-full
opkg install ppp
opkg install prometheus-node-exporter-lua-snmp6
opkg install luci-base
opkg install luci-app-commands
opkg install socat
opkg install kmod-leds-gpio
opkg install kmod-gpio-button-hotplug
opkg install logd
opkg install kmod-mt7603
opkg install ppp-mod-pptp
opkg install kmod-nf-log6
opkg install kmod-usb-net
opkg install kmod-wireguard
opkg install wireguard-tools
opkg install kmod-usb-serial
opkg install luci-proto-ipv6
opkg install prometheus-node-exporter-lua-nat_traffic
opkg install kmod-nf-nathelper-extra
opkg install jshn
opkg install kmod-ppp
opkg install kmod-nft-offload
opkg install uhttpd
opkg install kmod-nf-conntrack
opkg install kmod-fs-nfs
opkg install usign
opkg install kmod-usb-serial-ipw
opkg install modemmanager
opkg install luci-lib-nixio
opkg install comgt-ncm
opkg install liblucihttp-lua
opkg install luci-lib-jsonc
opkg install kmod-ipt-ipopt
opkg install luci
opkg install kmod-nf-conntrack6
opkg install kmod-usb-ledtrig-usbport
opkg install coreutils-stty
opkg install ubox
opkg install kernel
opkg install rpcd-mod-iwinfo
opkg install kmod-mt76x2
opkg install luci-mod-network
opkg install kmod-nft-core
opkg install kmod-mppe
opkg install uhttpd-mod-ubus
opkg install fwtool
opkg install jsonfilter
opkg install hostapd-common
opkg install kmod-usb-net-cdc-ether
opkg install urngd
opkg install kmod-slhc
opkg install rpcd-mod-rrdns
opkg install ppp-mod-pppoe
opkg install luci-proto-ncm
#----------------------------------------------------
#Generating configuration Xiaomi Mi Router 3G
#----------------------------------------------------
uci -q batch << EOI
set 3ginfo.@3ginfo[0]=3ginfo
set 3ginfo.@3ginfo[0].http_port='81'
set 3ginfo.@3ginfo[0].network='wan'
set 3ginfo.@3ginfo[0].device='/dev/ttyUSB1'
set 3ginfo.@3ginfo[0].language='en'
commit 3ginfo
set dhcp.@dnsmasq[0]=dnsmasq
set dhcp.@dnsmasq[0].domainneeded='1'
set dhcp.@dnsmasq[0].localise_queries='1'
set dhcp.@dnsmasq[0].rebind_protection='1'
set dhcp.@dnsmasq[0].rebind_localhost='1'
set dhcp.@dnsmasq[0].expandhosts='1'
set dhcp.@dnsmasq[0].authoritative='1'
set dhcp.@dnsmasq[0].readethers='1'
set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
set dhcp.@dnsmasq[0].localservice='1'
set dhcp.@dnsmasq[0].ednspacket_max='1232'
set dhcp.@dnsmasq[0].local='/pruj.loc/'
set dhcp.@dnsmasq[0].domain='pruj.loc'
set dhcp.@dnsmasq[0].server='/lan/10.0.254.1'
set dhcp.lan=dhcp
set dhcp.lan.interface='lan'
set dhcp.lan.start='100'
set dhcp.lan.limit='150'
set dhcp.lan.leasetime='12h'
set dhcp.lan.dhcpv4='server'
set dhcp.lan.dhcpv6='server'
set dhcp.lan.ra='server'
set dhcp.lan.ra_flags='managed-config' 'other-config'
set dhcp.wan=dhcp
set dhcp.wan.interface='wan'
set dhcp.wan.ignore='1'
set dhcp.wan.start='100'
set dhcp.wan.limit='150'
set dhcp.wan.leasetime='12h'
set dhcp.odhcpd=odhcpd
set dhcp.odhcpd.maindhcp='0'
set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
set dhcp.odhcpd.loglevel='4'
commit dhcp
set dropbear.@dropbear[0]=dropbear
set dropbear.@dropbear[0].PasswordAuth='on'
set dropbear.@dropbear[0].RootPasswordAuth='on'
set dropbear.@dropbear[0].Port='22'
commit dropbear
set firewall.@defaults[0]=defaults
set firewall.@defaults[0].output='ACCEPT'
set firewall.@defaults[0].forward='REJECT'
set firewall.@defaults[0].synflood_protect='1'
set firewall.@defaults[0].input='REJECT'
set firewall.@zone[0]=zone
set firewall.@zone[0].name='lan'
set firewall.@zone[0].input='ACCEPT'
set firewall.@zone[0].output='ACCEPT'
set firewall.@zone[0].forward='ACCEPT'
set firewall.@zone[0].network='lan'
set firewall.@zone[1]=zone
set firewall.@zone[1].name='wan'
set firewall.@zone[1].input='REJECT'
set firewall.@zone[1].output='ACCEPT'
set firewall.@zone[1].forward='REJECT'
set firewall.@zone[1].masq='1'
set firewall.@zone[1].mtu_fix='1'
set firewall.@zone[1].network='wan' 'wan6' '3g'
set firewall.@rule[0]=rule
set firewall.@rule[0].name='Allow-DHCP-Renew'
set firewall.@rule[0].src='wan'
set firewall.@rule[0].proto='udp'
set firewall.@rule[0].dest_port='68'
set firewall.@rule[0].target='ACCEPT'
set firewall.@rule[0].family='ipv4'
set firewall.@rule[1]=rule
set firewall.@rule[1].name='Allow-Ping'
set firewall.@rule[1].src='wan'
set firewall.@rule[1].proto='icmp'
set firewall.@rule[1].icmp_type='echo-request'
set firewall.@rule[1].family='ipv4'
set firewall.@rule[1].target='ACCEPT'
set firewall.@rule[2]=rule
set firewall.@rule[2].name='Allow-IGMP'
set firewall.@rule[2].src='wan'
set firewall.@rule[2].proto='igmp'
set firewall.@rule[2].family='ipv4'
set firewall.@rule[2].target='ACCEPT'
set firewall.@rule[3]=rule
set firewall.@rule[3].name='Allow-DHCPv6'
set firewall.@rule[3].src='wan'
set firewall.@rule[3].proto='udp'
set firewall.@rule[3].dest_port='546'
set firewall.@rule[3].family='ipv6'
set firewall.@rule[3].target='ACCEPT'
set firewall.@rule[4]=rule
set firewall.@rule[4].name='Allow-MLD'
set firewall.@rule[4].src='wan'
set firewall.@rule[4].proto='icmp'
set firewall.@rule[4].src_ip='fe80::/10'
set firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
set firewall.@rule[4].family='ipv6'
set firewall.@rule[4].target='ACCEPT'
set firewall.@rule[5]=rule
set firewall.@rule[5].name='Allow-ICMPv6-Input'
set firewall.@rule[5].src='wan'
set firewall.@rule[5].proto='icmp'
set firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
set firewall.@rule[5].limit='1000/sec'
set firewall.@rule[5].family='ipv6'
set firewall.@rule[5].target='ACCEPT'
set firewall.@rule[6]=rule
set firewall.@rule[6].name='Allow-ICMPv6-Forward'
set firewall.@rule[6].src='wan'
set firewall.@rule[6].dest='*'
set firewall.@rule[6].proto='icmp'
set firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
set firewall.@rule[6].limit='1000/sec'
set firewall.@rule[6].family='ipv6'
set firewall.@rule[6].target='ACCEPT'
set firewall.@rule[7]=rule
set firewall.@rule[7].name='Allow-IPSec-ESP'
set firewall.@rule[7].src='wan'
set firewall.@rule[7].dest='lan'
set firewall.@rule[7].proto='esp'
set firewall.@rule[7].target='ACCEPT'
set firewall.@rule[8]=rule
set firewall.@rule[8].name='Allow-ISAKMP'
set firewall.@rule[8].src='wan'
set firewall.@rule[8].dest='lan'
set firewall.@rule[8].dest_port='500'
set firewall.@rule[8].proto='udp'
set firewall.@rule[8].target='ACCEPT'
set firewall.@zone[2]=zone
set firewall.@zone[2].name='wg'
set firewall.@zone[2].input='ACCEPT'
set firewall.@zone[2].output='ACCEPT'
set firewall.@zone[2].network='wg25' 'wg30'
set firewall.@zone[2].forward='ACCEPT'
set firewall.@forwarding[0]=forwarding
set firewall.@forwarding[0].src='wg'
set firewall.@forwarding[0].dest='lan'
set firewall.@forwarding[1]=forwarding
set firewall.@forwarding[1].src='wg'
set firewall.@forwarding[1].dest='wan'
set firewall.@forwarding[2]=forwarding
set firewall.@forwarding[2].src='lan'
set firewall.@forwarding[2].dest='wg'
set firewall.@forwarding[3]=forwarding
set firewall.@forwarding[3].src='lan'
set firewall.@forwarding[3].dest='wan'
commit firewall
set luci.main=core
set luci.main.lang='auto'
set luci.main.mediaurlbase='/luci-static/bootstrap'
set luci.main.resourcebase='/luci-static/resources'
set luci.main.ubuspath='/ubus/'
set luci.flash_keep=extern
set luci.flash_keep.uci='/etc/config/'
set luci.flash_keep.dropbear='/etc/dropbear/'
set luci.flash_keep.openvpn='/etc/openvpn/'
set luci.flash_keep.passwd='/etc/passwd'
set luci.flash_keep.opkg='/etc/opkg.conf'
set luci.flash_keep.firewall='/etc/firewall.user'
set luci.flash_keep.uploads='/lib/uci/upload/'
set luci.languages=internal
set luci.sauth=internal
set luci.sauth.sessionpath='/tmp/luci-sessions'
set luci.sauth.sessiontime='3600'
set luci.ccache=internal
set luci.ccache.enable='1'
set luci.themes=internal
set luci.themes.Bootstrap='/luci-static/bootstrap'
set luci.themes.BootstrapDark='/luci-static/bootstrap-dark'
set luci.themes.BootstrapLight='/luci-static/bootstrap-light'
set luci.apply=internal
set luci.apply.rollback='90'
set luci.apply.holdoff='4'
set luci.apply.timeout='5'
set luci.apply.display='1.5'
set luci.diag=internal
set luci.diag.dns='openwrt.org'
set luci.diag.ping='openwrt.org'
set luci.diag.route='openwrt.org'
set luci.@command[0]=command
set luci.@command[0].name='signal'
set luci.@command[0].command='echo AT+CSQ | socat - /dev/ttyUSB1,crnl | grep ^+CSQ | cut -f2 -d'\'' '\'''
set luci.@command[1]=command
set luci.@command[1].name='тип подключения'
set luci.@command[1].command='echo AT^SYSINFOEX | socat - /dev/ttyUSB1,crnl '
set luci.@command[2]=command
set luci.@command[2].name='4G > 3G'
set luci.@command[2].command='echo '\''AT^SYSCFGEX="0302",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl'
set luci.@command[3]=command
set luci.@command[3].name='4G > 3G > 2G'
set luci.@command[3].command='echo '\''AT^SYSCFGEX="030201",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl'
set luci.@command[4]=command
set luci.@command[4].name='3G > 2G'
set luci.@command[4].command='echo '\''AT^SYSCFGEX="0201",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl'
set luci.@command[5]=command
set luci.@command[5].name='Auto'
set luci.@command[5].command='echo '\''AT^SYSCFGEX="00",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl'
set luci.@command[6]=command
set luci.@command[6].name='Route add'
set luci.@command[6].command='route add -net 172.16.11.0/24 gw 10.0.1.26 metric 1000'
commit luci
set mosquitto.owrt=owrt
set mosquitto.owrt.use_uci='0'
set mosquitto.mosquitto=mosquitto
set mosquitto.persistence=persistence
commit mosquitto
set network.loopback=interface
set network.loopback.device='lo'
set network.loopback.proto='static'
set network.loopback.ipaddr='127.0.0.1'
set network.loopback.netmask='255.0.0.0'
set network.globals=globals
set network.globals.packet_steering='1'
set network.globals.ula_prefix='fdd0:523b:82cd::/48'
set network.@device[0]=device
set network.@device[0].name='br-lan'
set network.@device[0].type='bridge'
set network.@device[0].ports='lan1' 'lan2'
set network.lan=interface
set network.lan.device='br-lan'
set network.lan.proto='static'
set network.lan.netmask='255.255.255.0'
set network.lan.ip6assign='60'
set network.lan.ipaddr='172.16.30.1'
set network.wan=interface
set network.wan.device='wan'
set network.wan.proto='static'
set network.wan.ipaddr='172.16.104.211'
set network.wan.netmask='255.255.255.192'
set network.wan.gateway='172.16.104.193'
set network.wan.dns='10.0.254.1' '188.128.84.20' '95.167.167.95' '9.9.9.9'
set network.wan6=interface
set network.wan6.device='wan'
set network.wan6.proto='dhcpv6'
set network.3g=interface
set network.3g.proto='3g'
set network.3g.ipv6='auto'
set network.3g.username='gdata'
set network.3g.password='gdata'
set network.3g.service='umts'
set network.3g.device='/dev/ttyUSB0'
set network.3g.delegate='0'
set network.3g.apn='internet'
set network.wg30=interface
set network.wg30.proto='wireguard'
set network.wg30.delegate='0'
set network.wg30.mtu='1420'
set network.wg30.private_key='EJmoZBKfkcO80Hve5C+cuCyGZ4mnA/9qVSSeWZ1GwW0='
set network.wg30.addresses='10.0.2.30/30'
set network.@wireguard_wg30[0]=wireguard_wg30
set network.@wireguard_wg30[0].description='muromec'
set network.@wireguard_wg30[0].endpoint_host='muromec.kapka.ru'
set network.@wireguard_wg30[0].persistent_keepalive='60'
set network.@wireguard_wg30[0].endpoint_port='12029'
set network.@wireguard_wg30[0].public_key='DPs/wFbmVzx1c0emUunwXs5oVlAA9TMOQHLjM1VlABg='
set network.@wireguard_wg30[0].allowed_ips='0.0.0.0/0'
set network.wg25=interface
set network.wg25.proto='wireguard'
set network.wg25.mtu='1420'
set network.wg25.private_key='wGveq/NTjQqYyA5ovz+uIWfeX/8PLLEOjxtXDt7fBm8='
set network.wg25.addresses='10.0.1.26/30'
set network.@wireguard_wg25[0]=wireguard_wg25
set network.@wireguard_wg25[0].description='turbo.kapka.ru'
set network.@wireguard_wg25[0].endpoint_host='turbo.kapka.ru'
set network.@wireguard_wg25[0].endpoint_port='12125'
set network.@wireguard_wg25[0].public_key='VDfyo+MoeratWuQAzjljHyuD76ldn6YMG+1D0bs/cWc='
set network.@wireguard_wg25[0].private_key='OBWaGPKSlRw2rilY1zY8KFkwmLlenR7WhgRE/UBSRXg='
set network.@wireguard_wg25[0].allowed_ips='0.0.0.0/0'
commit network
set prometheus-node-exporter-lua.main=prometheus-node-exporter-lua
set prometheus-node-exporter-lua.main.listen_interface='loopback'
set prometheus-node-exporter-lua.main.listen_port='9100'
commit prometheus-node-exporter-lua
set rpcd.@rpcd[0]=rpcd
set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock'
set rpcd.@rpcd[0].timeout='30'
set rpcd.@login[0]=login
set rpcd.@login[0].username='root'
set rpcd.@login[0].read='*'
set rpcd.@login[0].write='*'
commit rpcd
set socat.http=socat
set socat.http.enable='0'
set socat.http.SocatOptions='-d -d TCP6-LISTEN:8000,fork TCP4:192.168.1.20:80'
set socat.http.user='nobody'
commit socat
set system.@system[0]=system
set system.@system[0].ttylogin='0'
set system.@system[0].log_size='64'
set system.@system[0].urandom_seed='0'
set system.@system[0].compat_version='1.1'
set system.@system[0].zonename='Europe/Moscow'
set system.@system[0].timezone='MSK-3'
set system.@system[0].log_proto='udp'
set system.@system[0].conloglevel='8'
set system.@system[0].cronloglevel='5'
set system.@system[0].hostname='Buran-pruj'
set system.ntp=timeserver
set system.ntp.enable_server='1'
set system.ntp.interface='lan'
set system.ntp.server='ntp.ix.ru' 'ntp0.nl.net'
commit system
set ubootenv.@ubootenv[0]=ubootenv
set ubootenv.@ubootenv[0].dev='/dev/mtd1'
set ubootenv.@ubootenv[0].offset='0x0'
set ubootenv.@ubootenv[0].envsize='0x1000'
set ubootenv.@ubootenv[0].secsize='0x20000'
set ubootenv.@ubootsys[0]=ubootsys
set ubootenv.@ubootsys[0].dev='/dev/mtd2'
set ubootenv.@ubootsys[0].offset='0x0'
set ubootenv.@ubootsys[0].envsize='0x4000'
set ubootenv.@ubootsys[0].secsize='0x20000'
commit ubootenv
set ucitrack.@network[0]=network
set ucitrack.@network[0].init='network'
set ucitrack.@network[0].affects='dhcp'
set ucitrack.@wireless[0]=wireless
set ucitrack.@wireless[0].affects='network'
set ucitrack.@firewall[0]=firewall
set ucitrack.@firewall[0].init='firewall'
set ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd'
set ucitrack.@olsr[0]=olsr
set ucitrack.@olsr[0].init='olsrd'
set ucitrack.@dhcp[0]=dhcp
set ucitrack.@dhcp[0].init='dnsmasq'
set ucitrack.@dhcp[0].affects='odhcpd'
set ucitrack.@odhcpd[0]=odhcpd
set ucitrack.@odhcpd[0].init='odhcpd'
set ucitrack.@dropbear[0]=dropbear
set ucitrack.@dropbear[0].init='dropbear'
set ucitrack.@httpd[0]=httpd
set ucitrack.@httpd[0].init='httpd'
set ucitrack.@fstab[0]=fstab
set ucitrack.@fstab[0].exec='/sbin/block mount'
set ucitrack.@qos[0]=qos
set ucitrack.@qos[0].init='qos'
set ucitrack.@system[0]=system
set ucitrack.@system[0].init='led'
set ucitrack.@system[0].exec='/etc/init.d/log reload'
set ucitrack.@system[0].affects='luci_statistics' 'dhcp'
set ucitrack.@luci_splash[0]=luci_splash
set ucitrack.@luci_splash[0].init='luci_splash'
set ucitrack.@upnpd[0]=upnpd
set ucitrack.@upnpd[0].init='miniupnpd'
set ucitrack.@ntpclient[0]=ntpclient
set ucitrack.@ntpclient[0].init='ntpclient'
set ucitrack.@samba[0]=samba
set ucitrack.@samba[0].init='samba'
set ucitrack.@tinyproxy[0]=tinyproxy
set ucitrack.@tinyproxy[0].init='tinyproxy'
commit ucitrack
set uhttpd.main=uhttpd
set uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'
set uhttpd.main.listen_https='0.0.0.0:443' '[::]:443'
set uhttpd.main.redirect_https='0'
set uhttpd.main.home='/www'
set uhttpd.main.rfc1918_filter='1'
set uhttpd.main.max_requests='3'
set uhttpd.main.max_connections='100'
set uhttpd.main.cert='/etc/uhttpd.crt'
set uhttpd.main.key='/etc/uhttpd.key'
set uhttpd.main.cgi_prefix='/cgi-bin'
set uhttpd.main.script_timeout='60'
set uhttpd.main.network_timeout='30'
set uhttpd.main.http_keepalive='20'
set uhttpd.main.tcp_keepalive='1'
set uhttpd.main.ubus_prefix='/ubus'
set uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
set uhttpd.defaults=cert
set uhttpd.defaults.days='730'
set uhttpd.defaults.key_type='ec'
set uhttpd.defaults.bits='2048'
set uhttpd.defaults.ec_curve='P-256'
set uhttpd.defaults.country='ZZ'
set uhttpd.defaults.state='Somewhere'
set uhttpd.defaults.location='Unknown'
set uhttpd.defaults.commonname='OpenWrt'
commit uhttpd
set wireless.radio0=wifi-device
set wireless.radio0.type='mac80211'
set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
set wireless.radio0.band='2g'
set wireless.radio0.channel='auto'
set wireless.radio0.cell_density='0'
set wireless.radio0.htmode='HT40'
set wireless.default_radio0=wifi-iface
set wireless.default_radio0.device='radio0'
set wireless.default_radio0.network='lan'
set wireless.default_radio0.mode='ap'
set wireless.default_radio0.encryption='sae-mixed'
set wireless.default_radio0.key='23637387581'
set wireless.default_radio0.ssid='Buran'
set wireless.default_radio0.short_preamble='0'
set wireless.radio1=wifi-device
set wireless.radio1.type='mac80211'
set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
set wireless.radio1.channel='36'
set wireless.radio1.band='5g'
set wireless.radio1.cell_density='0'
set wireless.radio1.htmode='VHT80'
set wireless.default_radio1=wifi-iface
set wireless.default_radio1.device='radio1'
set wireless.default_radio1.network='lan'
set wireless.default_radio1.mode='ap'
set wireless.default_radio1.encryption='sae-mixed'
set wireless.default_radio1.key='23637387581'
set wireless.default_radio1.ssid='Buran-5G'
set wireless.default_radio1.short_preamble='0'
commit wireless
EOI
#----------------------------------------------------
#Generating conf file
#----------------------------------------------------
mkdir -p "/etc/mosquitto"
mkdir -p "/etc/mosquitto"
#Gen file /etc/mosquitto/mosquitto.conf
mkdir -p "/etc/mosquitto"
cat << 'CFGEOF' > "/etc/mosquitto/mosquitto.conf"
# Config file for mosquitto
#
# See mosquitto.conf(5) for more information.
#
# Default values are shown, uncomment to change.
#
# Use the # character to indicate a comment, but only if it is the
# very first character on the line.
# =================================================================
# General configuration
# =================================================================
# Use per listener security settings.
#
# It is recommended this option be set before any other options.
#
# If this option is set to true, then all authentication and access control
# options are controlled on a per listener basis. The following options are
# affected:
#use for the default listener.
listener 1883 0.0.0.0
# anonymous
allow_anonymous true
# persistence
persistence true
# name of the file for persistence
#persistence_file mosquitto.db
# location of the file for persistence
#persistence_location /mnt/sda1/mosquitto/
persistence_location /root/bkpscript/
#how often to save to the persistence file
#autosave_interval 432000 # once 5day
autosave_interval 86400 # once a day
#log_timestamp true
#log_dest file /mnt/sda1/mosquitto/mosquitto.log
#log_dest stdout
#password_file /etc/mosquitto/passwords.txt
#allow_anonymous true
#
# acl_file
# allow_anonymous
# allow_zero_length_clientid
# auto_id_prefix
# password_file
# plugin
# plugin_opt_*
# psk_file
#
# Note that if set to true, then a durable client (i.e. with clean session set
# to false) that has disconnected will use the ACL settings defined for the
# listener that it was most recently connected to.
#
# The default behaviour is for this to be set to false, which maintains the
# setting behaviour from previous versions of mosquitto.
#per_listener_settings false
# This option controls whether a client is allowed to connect with a zero
# length client id or not. This option only affects clients using MQTT v3.1.1
# and later. If set to false, clients connecting with a zero length client id
# are disconnected. If set to true, clients will be allocated a client id by
# the broker. This means it is only useful for clients with clean session set
# to true.
#allow_zero_length_clientid true
# If allow_zero_length_clientid is true, this option allows you to set a prefix
# to automatically generated client ids to aid visibility in logs.
# Defaults to 'auto-'
#auto_id_prefix auto-
# This option affects the scenario when a client subscribes to a topic that has
# retained messages. It is possible that the client that published the retained
# message to the topic had access at the time they published, but that access
# has been subsequently removed. If check_retain_source is set to true, the
# default, the source of a retained message will be checked for access rights
# before it is republished. When set to false, no check will be made and the
# retained message will always be published. This affects all listeners.
#check_retain_source true
# QoS 1 and 2 messages will be allowed inflight per client until this limit
# is exceeded. Defaults to 0. (No maximum)
# See also max_inflight_messages
#max_inflight_bytes 0
# The maximum number of QoS 1 and 2 messages currently inflight per
# client.
# This includes messages that are partway through handshakes and
# those that are being retried. Defaults to 20. Set to 0 for no
# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
# and 2 messages.
#max_inflight_messages 20
# For MQTT v5 clients, it is possible to have the server send a "server
# keepalive" value that will override the keepalive value set by the client.
# This is intended to be used as a mechanism to say that the server will
# disconnect the client earlier than it anticipated, and that the client should
# use the new keepalive value. The max_keepalive option allows you to specify
# that clients may only connect with keepalive less than or equal to this
# value, otherwise they will be sent a server keepalive telling them to use
# max_keepalive. This only applies to MQTT v5 clients. The default, and maximum
# value allowable, is 65535.
#
# Set to 0 to allow clients to set keepalive = 0, which means no keepalive
# checks are made and the client will never be disconnected by the broker if no
# messages are received. You should be very sure this is the behaviour that you
# want.
#
# For MQTT v3.1.1 and v3.1 clients, there is no mechanism to tell the client
# what keepalive value they should use. If an MQTT v3.1.1 or v3.1 client
# specifies a keepalive time greater than max_keepalive they will be sent a
# CONNACK message with the "identifier rejected" reason code, and disconnected.
#
#max_keepalive 65535
# For MQTT v5 clients, it is possible to have the server send a "maximum packet
# size" value that will instruct the client it will not accept MQTT packets
# with size greater than max_packet_size bytes. This applies to the full MQTT
# packet, not just the payload. Setting this option to a positive value will
# set the maximum packet size to that number of bytes. If a client sends a
# packet which is larger than this value, it will be disconnected. This applies
# to all clients regardless of the protocol version they are using, but v3.1.1
# and earlier clients will of course not have received the maximum packet size
# information. Defaults to no limit. Setting below 20 bytes is forbidden
# because it is likely to interfere with ordinary client operation, even with
# very small payloads.
#max_packet_size 0
# QoS 1 and 2 messages above those currently in-flight will be queued per
# client until this limit is exceeded. Defaults to 0. (No maximum)
# See also max_queued_messages.
# If both max_queued_messages and max_queued_bytes are specified, packets will
# be queued until the first limit is reached.
#max_queued_bytes 0
# Set the maximum QoS supported. Clients publishing at a QoS higher than
# specified here will be disconnected.
#max_qos 2
# The maximum number of QoS 1 and 2 messages to hold in a queue per client
# above those that are currently in-flight. Defaults to 1000. Set
# to 0 for no maximum (not recommended).
# See also queue_qos0_messages.
# See also max_queued_bytes.
#max_queued_messages 1000
#
# This option sets the maximum number of heap memory bytes that the broker will
# allocate, and hence sets a hard limit on memory use by the broker. Memory
# requests that exceed this value will be denied. The effect will vary
# depending on what has been denied. If an incoming message is being processed,
# then the message will be dropped and the publishing client will be
# disconnected. If an outgoing message is being sent, then the individual
# message will be dropped and the receiving client will be disconnected.
# Defaults to no limit.
#memory_limit 0
# This option sets the maximum publish payload size that the broker will allow.
# Received messages that exceed this size will not be accepted by the broker.
# The default value is 0, which means that all valid MQTT messages are
# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
#message_size_limit 0
# This option allows the session of persistent clients (those with clean
# session set to false) that are not currently connected to be removed if they
# do not reconnect within a certain time frame. This is a non-standard option
# in MQTT v3.1. MQTT v3.1.1 and v5.0 allow brokers to remove client sessions.
#
# Badly designed clients may set clean session to false whilst using a randomly
# generated client id. This leads to persistent clients that connect once and
# never reconnect. This option allows these clients to be removed. This option
# allows persistent clients (those with clean session set to false) to be
# removed if they do not reconnect within a certain time frame.
#
# The expiration period should be an integer followed by one of h d w m y for
# hour, day, week, month and year respectively. For example
#
# persistent_client_expiration 2m
# persistent_client_expiration 14d
# persistent_client_expiration 1y
#
# The default if not set is to never expire persistent clients.
#persistent_client_expiration
# Write process id to a file. Default is a blank string which means
# a pid file shouldn't be written.
# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
# being run automatically on boot with an init script and
# start-stop-daemon or similar.
#pid_file
# Set to true to queue messages with QoS 0 when a persistent client is
# disconnected. These messages are included in the limit imposed by
# max_queued_messages and max_queued_bytes
# Defaults to false.
# This is a non-standard option for the MQTT v3.1 spec but is allowed in
# v3.1.1.
#queue_qos0_messages false
# Set to false to disable retained message support. If a client publishes a
# message with the retain bit set, it will be disconnected if this is set to
# false.
#retain_available true
# Disable Nagle's algorithm on client sockets. This has the effect of reducing
# latency of individual messages at the potential cost of increasing the number
# of packets being sent.
#set_tcp_nodelay false
# Time in seconds between updates of the $SYS tree.
# Set to 0 to disable the publishing of the $SYS tree.
#sys_interval 10
# The MQTT specification requires that the QoS of a message delivered to a
# subscriber is never upgraded to match the QoS of the subscription. Enabling
# this option changes this behaviour. If upgrade_outgoing_qos is set true,
# messages sent to a subscriber will always match the QoS of its subscription.
# This is a non-standard option explicitly disallowed by the spec.
#upgrade_outgoing_qos false
# When run as root, drop privileges to this user and its primary
# group.
# Set to root to stay as root, but this is not recommended.
# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
# then it will drop privileges to the "nobody" user instead.
# If run as a non-root user, this setting has no effect.
# Note that on Windows this has no effect and so mosquitto should be started by
# the user you wish it to run as.
#user mosquitto
# =================================================================
# Listeners
# =================================================================
# Listen on a port/ip address combination. By using this variable
# multiple times, mosquitto can listen on more than one port. If
# this variable is used and neither bind_address nor port given,
# then the default listener will not be started.
# The port number to listen on must be given. Optionally, an ip
# address or host name may be supplied as a second argument. In
# this case, mosquitto will attempt to bind the listener to that
# address and so restrict access to the associated network and
# interface. By default, mosquitto will listen on all interfaces.
# Note that for a websockets listener it is not possible to bind to a host
# name.
#
# On systems that support Unix Domain Sockets, it is also possible
# to create a # Unix socket rather than opening a TCP socket. In
# this case, the port number should be set to 0 and a unix socket
# path must be provided, e.g.
# listener 0 /tmp/mosquitto.sock
#
# listener port-number [ip address/host name/unix socket path]
#listener
# By default, a listener will attempt to listen on all supported IP protocol
# versions. If you do not have an IPv4 or IPv6 interface you may wish to
# disable support for either of those protocol versions. In particular, note
# that due to the limitations of the websockets library, it will only ever
# attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
# if IPv6 is not available.
#
# Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
# force the listener to only use IPv6. If you want support for both IPv4 and
# IPv6, then do not use the socket_domain option.
#
#socket_domain
# Bind the listener to a specific interface. This is similar to
# the [ip address/host name] part of the listener definition, but is useful
# when an interface has multiple addresses or the address may change. If used
# with the [ip address/host name] part of the listener definition, then the
# bind_interface option will take priority.
# Not available on Windows.
#
# Example: bind_interface eth0
#bind_interface
# When a listener is using the websockets protocol, it is possible to serve
# http data as well. Set http_dir to a directory which contains the files you
# wish to serve. If this option is not specified, then no normal http
# connections will be possible.
#http_dir
# The maximum number of client connections to allow. This is
# a per listener setting.
# Default is -1, which means unlimited connections.
# Note that other process limits mean that unlimited connections
# are not really possible. Typically the default maximum number of
# connections possible is around 1024.
#max_connections -1
# The listener can be restricted to operating within a topic hierarchy using
# the mount_point option. This is achieved be prefixing the mount_point string
# to all topics for any clients connected to this listener. This prefixing only
# happens internally to the broker; the client will not see the prefix.
#mount_point
# Choose the protocol to use when listening.
# This can be either mqtt or websockets.
# Certificate based TLS may be used with websockets, except that only the
# cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported.
#protocol mqtt
# Set use_username_as_clientid to true to replace the clientid that a client
# connected with with its username. This allows authentication to be tied to
# the clientid, which means that it is possible to prevent one client
# disconnecting another by using the same clientid.
# If a client connects with no username it will be disconnected as not
# authorised when this option is set to true.
# Do not use in conjunction with clientid_prefixes.
# See also use_identity_as_username.
# This does not apply globally, but on a per-listener basis.
#use_username_as_clientid
# Change the websockets headers size. This is a global option, it is not
# possible to set per listener. This option sets the size of the buffer used in
# the libwebsockets library when reading HTTP headers. If you are passing large
# header data such as cookies then you may need to increase this value. If left
# unset, or set to 0, then the default of 1024 bytes will be used.
#websockets_headers_size
# -----------------------------------------------------------------
# Certificate based SSL/TLS support
# -----------------------------------------------------------------
# The following options can be used to enable certificate based SSL/TLS support
# for this listener. Note that the recommended port for MQTT over TLS is 8883,
# but this must be set manually.
#
# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
# support" section. Only one of certificate or PSK encryption support can be
# enabled for any listener.
# Both of certfile and keyfile must be defined to enable certificate based
# TLS encryption.
# Path to the PEM encoded server certificate.
#certfile
# Path to the PEM encoded keyfile.
#keyfile
# If you wish to control which encryption ciphers are used, use the ciphers
# option. The list of available ciphers can be optained using the "openssl
# ciphers" command and should be provided in the same format as the output of
# that command. This applies to TLS 1.2 and earlier versions only. Use
# ciphers_tls1.3 for TLS v1.3.
#ciphers
# Choose which TLS v1.3 ciphersuites are used for this listener.
# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
#ciphers_tls1.3
# If you have require_certificate set to true, you can create a certificate
# revocation list file to revoke access to particular client certificates. If
# you have done this, use crlfile to point to the PEM encoded revocation file.
#crlfile
# To allow the use of ephemeral DH key exchange, which provides forward
# security, the listener must load DH parameters. This can be specified with
# the dhparamfile option. The dhparamfile can be generated with the command
# e.g. "openssl dhparam -out dhparam.pem 2048"
#dhparamfile
# By default an TLS enabled listener will operate in a similar fashion to a
# https enabled web server, in that the server has a certificate signed by a CA
# and the client will verify that it is a trusted certificate. The overall aim
# is encryption of the network traffic. By setting require_certificate to true,
# the client must provide a valid certificate in order for the network
# connection to proceed. This allows access to the broker to be controlled
# outside of the mechanisms provided by MQTT.
#require_certificate false
# cafile and capath define methods of accessing the PEM encoded
# Certificate Authority certificates that will be considered trusted when
# checking incoming client certificates.
# cafile defines the path to a file containing the CA certificates.
# capath defines a directory that will be searched for files
# containing the CA certificates. For capath to work correctly, the
# certificate files must have ".crt" as the file ending and you must run
# "openssl rehash <path to capath>" each time you add/remove a certificate.
#cafile
#capath
# If require_certificate is true, you may set use_identity_as_username to true
# to use the CN value from the client certificate as a username. If this is
# true, the password_file option will not be used for this listener.
#use_identity_as_username false
# -----------------------------------------------------------------
# Pre-shared-key based SSL/TLS support
# -----------------------------------------------------------------
# The following options can be used to enable PSK based SSL/TLS support for
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
# this must be set manually.
#
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
# support" section. Only one of certificate or PSK encryption support can be
# enabled for any listener.
# The psk_hint option enables pre-shared-key support for this listener and also
# acts as an identifier for this listener. The hint is sent to clients and may
# be used locally to aid authentication. The hint is a free form string that
# doesn't have much meaning in itself, so feel free to be creative.
# If this option is provided, see psk_file to define the pre-shared keys to be
# used or create a security plugin to handle them.
#psk_hint
# When using PSK, the encryption ciphers used will be chosen from the list of
# available PSK ciphers. If you want to control which ciphers are available,
# use the "ciphers" option. The list of available ciphers can be optained
# using the "openssl ciphers" command and should be provided in the same format
# as the output of that command.
#ciphers
# Set use_identity_as_username to have the psk identity sent by the client used
# as its username. Authentication will be carried out using the PSK rather than
# the MQTT username/password and so password_file will not be used for this
# listener.
#use_identity_as_username false
# =================================================================
# Persistence
# =================================================================
# If persistence is enabled, save the in-memory database to disk
# every autosave_interval seconds. If set to 0, the persistence
# database will only be written when mosquitto exits. See also
# autosave_on_changes.
# Note that writing of the persistence database can be forced by
# sending mosquitto a SIGUSR1 signal.
#autosave_interval 1800
# If true, mosquitto will count the number of subscription changes, retained
# messages received and queued messages and if the total exceeds
# autosave_interval then the in-memory database will be saved to disk.
# If false, mosquitto will save the in-memory database to disk by treating
# autosave_interval as a time in seconds.
#autosave_on_changes false
# Save persistent message data to disk (true/false).
# This saves information about all messages, including
# subscriptions, currently in-flight messages and retained
# messages.
# retained_persistence is a synonym for this option.
#persistence false
# The filename to use for the persistent database, not including
# the path.
#persistence_file mosquitto.db
# Location for persistent database.
# Default is an empty string (current directory).
# Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
# similar.
#persistence_location
# =================================================================
# Logging
# =================================================================
# Places to log to. Use multiple log_dest lines for multiple
# logging destinations.
# Possible destinations are: stdout stderr syslog topic file dlt
#
# stdout and stderr log to the console on the named output.
#
# syslog uses the userspace syslog facility which usually ends up
# in /var/log/messages or similar.
#
# topic logs to the broker topic '$SYS/broker/log/<severity>',
# where severity is one of D, E, W, N, I, M which are debug, error,
# warning, notice, information and message. Message type severity is used by
# the subscribe/unsubscribe log_types and publishes log messages to
# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
#
# The file destination requires an additional parameter which is the file to be
# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
# closed and reopened when the broker receives a HUP signal. Only a single file
# destination may be configured.
#
# The dlt destination is for the automotive `Diagnostic Log and Trace` tool.
# This requires that Mosquitto has been compiled with DLT support.
#
# Note that if the broker is running as a Windows service it will default to
# "log_dest none" and neither stdout nor stderr logging is available.
# Use "log_dest none" if you wish to disable logging.
#log_dest stderr
# Types of messages to log. Use multiple log_type lines for logging
# multiple types of messages.
# Possible types are: debug, error, warning, notice, information,
# none, subscribe, unsubscribe, websockets, all.
# Note that debug type messages are for decoding the incoming/outgoing
# network packets. They are not logged in "topics".
#log_type error
#log_type warning
#log_type notice
#log_type information
# If set to true, client connection and disconnection messages will be included
# in the log.
#connection_messages true
# If using syslog logging (not on Windows), messages will be logged to the
# "daemon" facility by default. Use the log_facility option to choose which of
# local0 to local7 to log to instead. The option value should be an integer
# value, e.g. "log_facility 5" to use local5.
#log_facility
# If set to true, add a timestamp value to each log message.
#log_timestamp true
# Set the format of the log timestamp. If left unset, this is the number of
# seconds since the Unix epoch.
# This is a free text string which will be passed to the strftime function. To
# get an ISO 8601 datetime, for example:
# log_timestamp_format %Y-%m-%dT%H:%M:%S
#log_timestamp_format
# Change the websockets logging level. This is a global option, it is not
# possible to set per listener. This is an integer that is interpreted by
# libwebsockets as a bit mask for its lws_log_levels enum. See the
# libwebsockets documentation for more details. "log_type websockets" must also
# be enabled.
#websockets_log_level 0
# =================================================================
# Security
# =================================================================
# If set, only clients that have a matching prefix on their
# clientid will be allowed to connect to the broker. By default,
# all clients may connect.
# For example, setting "secure-" here would mean a client "secure-
# client" could connect but another with clientid "mqtt" couldn't.
#clientid_prefixes
# Boolean value that determines whether clients that connect
# without providing a username are allowed to connect. If set to
# false then a password file should be created (see the
# password_file option) to control authenticated client access.
#
# Defaults to false, unless there are no listeners defined in the configuration
# file, in which case it is set to true, but connections are only allowed from
# the local machine.
#allow_anonymous false
# -----------------------------------------------------------------
# Default authentication and topic access control
# -----------------------------------------------------------------
# Control access to the broker using a password file. This file can be
# generated using the mosquitto_passwd utility. If TLS support is not compiled
# into mosquitto (it is recommended that TLS support should be included) then
# plain text passwords are used, in which case the file should be a text file
# with lines in the format:
# username:password
# The password (and colon) may be omitted if desired, although this
# offers very little in the way of security.
#
# See the TLS client require_certificate and use_identity_as_username options
# for alternative authentication options. If a plugin is used as well as
# password_file, the plugin check will be made first.
#password_file
# Access may also be controlled using a pre-shared-key file. This requires
# TLS-PSK support and a listener configured to use it. The file should be text
# lines in the format:
# identity:key
# The key should be in hexadecimal format without a leading "0x".
# If an plugin is used as well, the plugin check will be made first.
#psk_file
# Control access to topics on the broker using an access control list
# file. If this parameter is defined then only the topics listed will
# have access.
# If the first character of a line of the ACL file is a # it is treated as a
# comment.
# Topic access is added with lines of the format:
#
# topic [read|write|readwrite|deny] <topic>
#
# The access type is controlled using "read", "write", "readwrite" or "deny".
# This parameter is optional (unless <topic> contains a space character) - if
# not given then the access is read/write. <topic> can contain the + or #
# wildcards as in subscriptions.
#
# The "deny" option can used to explicity deny access to a topic that would
# otherwise be granted by a broader read/write/readwrite statement. Any "deny"
# topics are handled before topics that grant read/write access.
#
# The first set of topics are applied to anonymous clients, assuming
# allow_anonymous is true. User specific topic ACLs are added after a
# user line as follows:
#
# user <username>
#
# The username referred to here is the same as in password_file. It is
# not the clientid.
#
#
# If is also possible to define ACLs based on pattern substitution within the
# topic. The patterns available for substition are:
#
# %c to match the client id of the client
# %u to match the username of the client
#
# The substitution pattern must be the only text for that level of hierarchy.
#
# The form is the same as for the topic keyword, but using pattern as the
# keyword.
# Pattern ACLs apply to all users even if the "user" keyword has previously
# been given.
#
# If using bridges with usernames and ACLs, connection messages can be allowed
# with the following pattern:
# pattern write $SYS/broker/connection/%c/state
#
# pattern [read|write|readwrite] <topic>
#
# Example:
#
# pattern write sensor/%u/data
#
# If an plugin is used as well as acl_file, the plugin check will be
# made first.
#acl_file
# -----------------------------------------------------------------
# External authentication and topic access plugin options
# -----------------------------------------------------------------
# External authentication and access control can be supported with the
# plugin option. This is a path to a loadable plugin. See also the
# plugin_opt_* options described below.
#
# The plugin option can be specified multiple times to load multiple
# plugins. The plugins will be processed in the order that they are specified
# here. If the plugin option is specified alongside either of
# password_file or acl_file then the plugin checks will be made first.
#
# If the per_listener_settings option is false, the plugin will be apply to all
# listeners. If per_listener_settings is true, then the plugin will apply to
# the current listener being defined only.
#
# This option is also available as `auth_plugin`, but this use is deprecated
# and will be removed in the future.
#
#plugin
# If the plugin option above is used, define options to pass to the
# plugin here as described by the plugin instructions. All options named
# using the format plugin_opt_* will be passed to the plugin, for example:
#
# This option is also available as `auth_opt_*`, but this use is deprecated
# and will be removed in the future.
#
# plugin_opt_db_host
# plugin_opt_db_port
# plugin_opt_db_username
# plugin_opt_db_password
# =================================================================
# Bridges
# =================================================================
# A bridge is a way of connecting multiple MQTT brokers together.
# Create a new bridge using the "connection" option as described below. Set
# options for the bridges using the remaining parameters. You must specify the
# address and at least one topic to subscribe to.
#
# Each connection must have a unique name.
#
# The address line may have multiple host address and ports specified. See
# below in the round_robin description for more details on bridge behaviour if
# multiple addresses are used. Note that if you use an IPv6 address, then you
# are required to specify a port.
#
# The direction that the topic will be shared can be chosen by
# specifying out, in or both, where the default value is out.
# The QoS level of the bridged communication can be specified with the next
# topic option. The default QoS level is 0, to change the QoS the topic
# direction must also be given.
#
# The local and remote prefix options allow a topic to be remapped when it is
# bridged to/from the remote broker. This provides the ability to place a topic
# tree in an appropriate location.
#
# For more details see the mosquitto.conf man page.
#
# Multiple topics can be specified per connection, but be careful
# not to create any loops.
#
# If you are using bridges with cleansession set to false (the default), then
# you may get unexpected behaviour from incoming topics if you change what
# topics you are subscribing to. This is because the remote broker keeps the
# subscription for the old topic. If you have this problem, connect your bridge
# with cleansession set to true, then reconnect with cleansession set to false
# as normal.
#connection <name>
#address <host>[:<port>] [<host>[:<port>]]
#topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
# If you need to have the bridge connect over a particular network interface,
# use bridge_bind_address to tell the bridge which local IP address the socket
# should bind to, e.g. `bridge_bind_address 192.168.1.10`
#bridge_bind_address
# If a bridge has topics that have "out" direction, the default behaviour is to
# send an unsubscribe request to the remote broker on that topic. This means
# that changing a topic direction from "in" to "out" will not keep receiving
# incoming messages. Sending these unsubscribe requests is not always
# desirable, setting bridge_attempt_unsubscribe to false will disable sending
# the unsubscribe request.
#bridge_attempt_unsubscribe true
# Set the version of the MQTT protocol to use with for this bridge. Can be one
# of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
#bridge_protocol_version mqttv311
# Set the clean session variable for this bridge.
# When set to true, when the bridge disconnects for any reason, all
# messages and subscriptions will be cleaned up on the remote
# broker. Note that with cleansession set to true, there may be a
# significant amount of retained messages sent when the bridge
# reconnects after losing its connection.
# When set to false, the subscriptions and messages are kept on the
# remote broker, and delivered when the bridge reconnects.
#cleansession false
# Set the amount of time a bridge using the lazy start type must be idle before
# it will be stopped. Defaults to 60 seconds.
#idle_timeout 60
# Set the keepalive interval for this bridge connection, in
# seconds.
#keepalive_interval 60
# Set the clientid to use on the local broker. If not defined, this defaults to
# 'local.<clientid>'. If you are bridging a broker to itself, it is important
# that local_clientid and clientid do not match.
#local_clientid
# If set to true, publish notification messages to the local and remote brokers
# giving information about the state of the bridge connection. Retained
# messages are published to the topic $SYS/broker/connection/<clientid>/state
# unless the notification_topic option is used.
# If the message is 1 then the connection is active, or 0 if the connection has
# failed.
# This uses the last will and testament feature.
#notifications true
# Choose the topic on which notification messages for this bridge are
# published. If not set, messages are published on the topic
# $SYS/broker/connection/<clientid>/state
#notification_topic
# Set the client id to use on the remote end of this bridge connection. If not
# defined, this defaults to 'name.hostname' where name is the connection name
# and hostname is the hostname of this computer.
# This replaces the old "clientid" option to avoid confusion. "clientid"
# remains valid for the time being.
#remote_clientid
# Set the password to use when connecting to a broker that requires
# authentication. This option is only used if remote_username is also set.
# This replaces the old "password" option to avoid confusion. "password"
# remains valid for the time being.
#remote_password
# Set the username to use when connecting to a broker that requires
# authentication.
# This replaces the old "username" option to avoid confusion. "username"
# remains valid for the time being.
#remote_username
# Set the amount of time a bridge using the automatic start type will wait
# until attempting to reconnect.
# This option can be configured to use a constant delay time in seconds, or to
# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree
# of randomness to when the restart occurs.
#
# Set a constant timeout of 20 seconds:
# restart_timeout 20
#
# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of
# 60 seconds:
# restart_timeout 10 30
#
# Defaults to jitter with a base of 5 and cap of 30
#restart_timeout 5 30
# If the bridge has more than one address given in the address/addresses
# configuration, the round_robin option defines the behaviour of the bridge on
# a failure of the bridge connection. If round_robin is false, the default
# value, then the first address is treated as the main bridge connection. If
# the connection fails, the other secondary addresses will be attempted in
# turn. Whilst connected to a secondary bridge, the bridge will periodically
# attempt to reconnect to the main bridge until successful.
# If round_robin is true, then all addresses are treated as equals. If a
# connection fails, the next address will be tried and if successful will
# remain connected until it fails
#round_robin false
# Set the start type of the bridge. This controls how the bridge starts and
# can be one of three types: automatic, lazy and once. Note that RSMB provides
# a fourth start type "manual" which isn't currently supported by mosquitto.
#
# "automatic" is the default start type and means that the bridge connection
# will be started automatically when the broker starts and also restarted
# after a short delay (30 seconds) if the connection fails.
#
# Bridges using the "lazy" start type will be started automatically when the
# number of queued messages exceeds the number set with the "threshold"
# parameter. It will be stopped automatically after the time set by the
# "idle_timeout" parameter. Use this start type if you wish the connection to
# only be active when it is needed.
#
# A bridge using the "once" start type will be started automatically when the
# broker starts but will not be restarted if the connection fails.
#start_type automatic
# Set the number of messages that need to be queued for a bridge with lazy
# start type to be restarted. Defaults to 10 messages.
# Must be less than max_queued_messages.
#threshold 10
# If try_private is set to true, the bridge will attempt to indicate to the
# remote broker that it is a bridge not an ordinary client. If successful, this
# means that loop detection will be more effective and that retained messages
# will be propagated correctly. Not all brokers support this feature so it may
# be necessary to set try_private to false if your bridge does not connect
# properly.
#try_private true
# Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism
# for brokers to tell clients that they do not support retained messages, but
# this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
# v3.1.1 or v3.1 broker that does not support retained messages, set the
# bridge_outgoing_retain option to false. This will remove the retain bit on
# all outgoing messages to that bridge, regardless of any other setting.
#bridge_outgoing_retain true
# If you wish to restrict the size of messages sent to a remote bridge, use the
# bridge_max_packet_size option. This sets the maximum number of bytes for
# the total message, including headers and payload.
# Note that MQTT v5 brokers may provide their own maximum-packet-size property.
# In this case, the smaller of the two limits will be used.
# Set to 0 for "unlimited".
#bridge_max_packet_size 0
# -----------------------------------------------------------------
# Certificate based SSL/TLS support
# -----------------------------------------------------------------
# Either bridge_cafile or bridge_capath must be defined to enable TLS support
# for this bridge.
# bridge_cafile defines the path to a file containing the
# Certificate Authority certificates that have signed the remote broker
# certificate.
# bridge_capath defines a directory that will be searched for files containing
# the CA certificates. For bridge_capath to work correctly, the certificate
# files must have ".crt" as the file ending and you must run "openssl rehash
# <path to capath>" each time you add/remove a certificate.
#bridge_cafile
#bridge_capath
# If the remote broker has more than one protocol available on its port, e.g.
# MQTT and WebSockets, then use bridge_alpn to configure which protocol is
# requested. Note that WebSockets support for bridges is not yet available.
#bridge_alpn
# When using certificate based encryption, bridge_insecure disables
# verification of the server hostname in the server certificate. This can be
# useful when testing initial server configurations, but makes it possible for
# a malicious third party to impersonate your server through DNS spoofing, for
# example. Use this option in testing only. If you need to resort to using this
# option in a production environment, your setup is at fault and there is no
# point using encryption.
#bridge_insecure false
# Path to the PEM encoded client certificate, if required by the remote broker.
#bridge_certfile
# Path to the PEM encoded client private key, if required by the remote broker.
#bridge_keyfile
# -----------------------------------------------------------------
# PSK based SSL/TLS support
# -----------------------------------------------------------------
# Pre-shared-key encryption provides an alternative to certificate based
# encryption. A bridge can be configured to use PSK with the bridge_identity
# and bridge_psk options. These are the client PSK identity, and pre-shared-key
# in hexadecimal format with no "0x". Only one of certificate and PSK based
# encryption can be used on one
# bridge at once.
#bridge_identity
#bridge_psk
# =================================================================
# External config files
# =================================================================
# External configuration files may be included by using the
# include_dir option. This defines a directory that will be searched
# for config files. All files that end in '.conf' will be loaded as
# a configuration file. It is best to have this as the last option
# in the main file. This option will only be processed from the main
# configuration file. The directory specified must not contain the
# main configuration file.
# Files within include_dir will be loaded sorted in case-sensitive
# alphabetical order, with capital letters ordered first. If this option is
# given multiple times, all of the files from the first instance will be
# processed before the next instance. See the man page for examples.
#include_dir
CFGEOF
#Gen file /etc/bird.conf
mkdir -p "/etc"
cat << 'CFGEOF' > "/etc/bird.conf"
# THIS CONFIG FILE IS NOT A COMPLETE DOCUMENTATION
# PLEASE LOOK IN THE BIRD DOCUMENTATION FOR MORE INFO
# However, most of options used here are just for example
# and will be removed in real-life configs.
log syslog all;
# Override router ID
router id 172.16.30.1;
# Turn on global debugging of all protocols
#debug protocols all;
ipv4 table bgpban;
ipv4 table ospfmy;
#ipv4 table master;
# Define a route filter...
# filter test_filter {
# if net ~ 10.0.0.0/16 then accept;
# else reject;
# }
filter fltOSPF {
if net = 192.168.0.0/16 then reject;
if net = 172.16.0.0/12 then reject;
else accept;
}
# The direct protocol automatically generates device routes to all network
# interfaces. Can exist in as many instances as you wish if you want to
# populate multiple routing tables with device routes. Because device routes
# are handled by Linux kernel, this protocol is usually not needed.
protocol direct {
interface "-wan0", "-wan1", "-3g-3g", "*"; # Restrict network interfaces it works with
ipv4;# {
# table ospfmy;
# table bgpban;
#import where net !=0.0.0.0/0;
#export where net !=0.0.0.0/0;
# };
#debug all;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
#protocol static {
# export all; # Default is export none
# route 0.0.0.0/0 via 62.168.0.13;
# route 10.0.0.0/8 reject;
# route 192.168.0.0/16 reject;
#}
#protocol rip {
# disabled;
# import all;
# export all;
# export filter test_filter;
# port 1520;
# period 7;
# infinity 16;
# garbage time 60;
# interface "*" { mode broadcast; };
# honor neighbor;
# honor always;
# honor never;
# authentication none;
#}
######################### OSPF
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel ospfMyKern {
ipv4 {
table ospfmy;
# table bgpban;
# import filter fltOSPF;
# import all;
# import where source != RTS_DEVICE;
# export where source != RTS_DEVICE && net !=0.0.0.0/0;
export all;
};
learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
# device routes yes;
kernel table 10;
# merge paths switch 16;
metric 10;
#debug all;
}
protocol kernel bgpbanKern {
ipv4 {
table bgpban;
# import all;
export all;
};
learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
# device routes yes;
kernel table 11;
# merge paths switch 16;
metric 10;
}
#protocol kernel {
# ipv4 {
# table master4;
## export all;
#import all;
# };
# persist;
# learn;
# scan time 60;
# kernel table 254;
#}
protocol pipe {
table ospfmy;
peer table master4;
# peer table bgpban;
import where net !=0.0.0.0/0;
export where net !=0.0.0.0/0;
#export all;
#export where source != RTS_DEVICE;
#debug all;
}
protocol ospf ASWG {
# disabled;
ipv4 {
table ospfmy;
# import filter fltOSPF;
import all;
export all;
};
# import all;
# export all;
# import filter { print ">>>>>>imp net accepted:", net; accept; };
# export filter { print ">>>>>>exp net accepted:", net; accept; };
# export where source = RTS_STATIC;
area 0 {
# networks {
# 10.0.1.0/24;
# 10.0.2.0/24;
# };
interface "wg30" { #9
cost 60;
hello 10;
retransmit 5;
wait 30;
dead 40;
type pointopoint;
priority 30;
# authentication simple;
# password "pass";
};
interface "wg25" {
cost 5;
hello 10;
retransmit 5;
wait 30;
dead 40;
type pointopoint;
priority 5;
# authentication simple;
# password "pass";
};
};
}
#########################BGP
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
#protocol kernel {
# table bgpban;
# learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
# scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
#}
protocol bgp {
# disabled;
ipv4 {
table bgpban;
import all;
export all;
};
# import all;
# export all;
# export where source = RTS_STATIC;
local as 65030;
neighbor 10.0.2.29 as 65029;
# multihop 20 via 10.0.2.9;
# multihop;
# hold time 240;
# startup hold time 240;
# connect retry time 120;
# keepalive time 80; # defaults to hold time / 3
# start delay time 5; # How long do we wait before initial connect
# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive
# # errors occur, we increase the delay exponentially ...
# error forget time 300; # ... until this timeout expires)
# disable after error; # Disable the protocol automatically when an error occurs
# next hop self; # Disable next hop processing and always advertise our local address as nexthop
# source address 62.168.0.14; # What local address we use for the TCP connection
# password "secret" # Password used for MD5 authentication
# rr client; # I am a route reflector and the neighor is my client
# rr cluster id 1.0.0.1 # Use this value for cluster id instead of my router id
# };
}
CFGEOF
# WARNING: /etc/bird4.conf не существует
#Gen file /etc/init.d/y_startup
mkdir -p "/etc/init.d"
cat << 'CFGEOF' > "/etc/init.d/y_startup"
#!/bin/sh /etc/rc.common
# Description: Enable custom route
# Author: Uak
START=90
USE_PROCD=1
EXTRA_COMMANDS="status"
EXTRA_HELP=" status Print Homebridge run information"
is_running() {
pgrep 'customRoute' > /dev/null 2>&1
}
start_service() {
route add -net 172.16.11.0/24 gw 10.0.1.26 metric 1000
#iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64
#ospf
#ip rule add priority 10 from all lookup 10
#bgp
#ip rule add priority 10 from all lookup 11
#$$echo 64 > /proc/sys/net/ipv4/ip_default_ttl
#$$iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64
#$$iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1500 -j TCPMSS --clamp-mss-to-pmtu -o 3g-3g
#iptables -t raw -A PREROUTING -p tcp --dport 1723 -j CT --helper pptp
#$$iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#activate use routing table 10 (OSPFmy)
ip rule add priority 10 from all lookup 10
#(birdban)
ip rule add priority 10 from all lookup 11
/etc/init.d/mosquitto start
echo 'AT^SYSCFGEX="0302",3fffffff,2,4,7fffffffffffffff,,' | socat - /dev/ttyUSB1,crnl
/etc/init.d/mosquitto start
}
reload_service(){
echo "Restarting customRoute"
stop
start
}
status()
{
if is_running; then
echo "Running"
else
echo "Stopped"
exit 1
fi
}
CFGEOF
#Gen file /etc/rc.local
mkdir -p "/etc"
cat << 'CFGEOF' > "/etc/rc.local"
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
route add -net 172.16.11.0/24 gw 10.0.1.26 metric 1000
ip rule add priority 10 from all lookup 10
#iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64
#ospf
#ip rule add priority 10 from all lookup 10
#bgp
#ip rule add priority 10 from all lookup 11
echo 64 > /proc/sys/net/ipv4/ip_default_ttl
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1500 -j TCPMSS --clamp-mss-to-pmtu -o 3g-3g
#iptables -t raw -A PREROUTING -p tcp --dport 1723 -j CT --helper pptp
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#activate use routing table 10 (OSPFmy)
ip rule add priority 10 from all lookup 10
#(birdban)
ip rule add priority 10 from all lookup 11
/etc/init.d/mosquitto start
echo 'AT^SYSCFGEX="0302",3fffffff,2,4,7fffffffffffffff,,' | socat - /dev/ttyUSB1,crnl
/etc/init.d/mosquitto start
exit 0
CFGEOF
# WARNING: /etc/init.d/vsftpd не существует
#----------------------------------------------------
#Generating cron
#----------------------------------------------------
#send sigtal strength
#*/10 * * * * mosquitto_pub -t /router/modem/signal -m $(echo AT+CSQ | socat - /dev/ttyUSB1,crnl | grep ^+CSQ | cut -f2 -d' ' | sed 's/,/./')
#send conn type
#*/30 * * * * mosquitto_pub -t /router/modem/conType -m $(echo AT^SYSINFOEX | socat - /dev/ttyUSB1,crnl | grep ':' | cut -d'"' -f4)
#send speed tests
15 3,9,13,19,22 * * * mosquitto_pub -t /router/modem/dspeed -m $(speedtest --output text --download | grep DOWNLOAD_SPEED|cut -d'=' -f2)
#save config to muromec
0 3 * * 1 sh /root/bkpscript/backup_script.sh
0 3 * * 1 echo "tar cfvz - \$(sysupgrade -l) | lftp 172.16.11.7 -e 'mkdir -p /backup/$HOSTNAME; put /dev/stdin -o /backup/$HOSTNAME/wrt_$(date +%Y%m%d).tar.gz; bye'" | sh
#@reboot echo 'AT^SYSCFGEX="0302",3fffffff,2,4,7fffffffffffffff,,' | socat - /dev/ttyUSB1,crnl
#@reboot route add -net 172.16.11.0/24 gw 10.0.1.26 metric 1000
#@reboot ip rule add priority 10 from all lookup 10
#boiler power on/off
00 4 * * * mosquitto_pub -t /Heater1/relay/18 -m 1
59 6 * * * mosquitto_pub -t /Heater1/relay/18 -m 0
#Heater on
#00 23 * * * mosquitto_pub -t /Heater1/relay/22 -m 1
#Kran off
00 23 * * * mosquitto_pub -t /Heater1/relay/98 -m 0
#Kran on
#00 5 * * * mosquitto_pub -t /Heater1/relay/98 -m 1
#Heater off
#00 7 * * * mosquitto_pub -t /Heater1/relay/22 -m 0
#reset alarm heater
#5 * * * * if [[ `mosquitto_sub -t /Heater1/Alarm/Heat -C 1` == 1 ]] ; then mosquitto_pub -t /Heater1/relay/22 -m 0; mosquitto_pub -t /H
eater1/relay/22 -m 1; fi
#Manual Heat ON OFF
#on
#05 23 * * * mosquitto_pub -t /Heater1/param/pidPump/ManSpeed -m 50 && mosquitto_pub -t /Heater1/relay/97 -m 1 && mosquitto_pub -t /Heater1/param/pidHeat/ManSpeed -m 2
#off
#00 3 * * * mosquitto_pub -t /Heater1/param/pidPump/ManSpeed -m 0 && mosquitto_pub -t /Heater1/relay/97 -m 0 && mosquitto_pub -t /Heater1/param/pidHeat/ManSpeed -m 0
Reference in New Issue View Git Blame Copy Permalink