Update config settings

Signed-off-by: Daniel Pawlik <pawlik.dan@gmail.com>

settings-configs/BPI-R4/adguardhome

@@ -0,0 +1,6 @@
+
+config adguardhome 'config'
+	option config '/etc/adguardhome/adguardhome.yaml'
+	option workdir '/var/lib/adguardhome'
+	option pidfile '/run/adguardhome.pid'
+

settings-configs/BPI-R4/ddns

@@ -1,40 +1,45 @@
 
-#
-# Please read https://openwrt.org/docs/guide-user/base-system/ddns
-#
-config ddns "global"
-	option ddns_dateformat "%F %R"
-#	option ddns_rundir "/var/run/ddns"
-#	option ddns_logdir "/var/log/ddns"
-	option ddns_loglines "250"
-	option upd_privateip "0"
+config ddns 'global'
+	option ddns_dateformat '%F %R'
+	option ddns_loglines '250'
+	option ddns_rundir '/var/run/ddns'
+	option ddns_logdir '/var/log/ddns'
 	option use_curl '1'
 
-config service 'DOMAIN'
+config service 'dancio_ipv4'
 	option service_name 'duckdns.org'
-	option lookup_host 'DOMAIN.duckdns.org'
+	option lookup_host 'my.duckdns.org'
 	option enabled '1'
 	option use_ipv6 '0'
-	option domain 'DOMAIN.duckdns.org'
-	option username 'MYUSER@GITHUB.COM'
-	option password 'MYTOKEN'
+	option domain 'my.duckdns.org'
+	option username 'my@github'
+	option password 'sometoken'
 	option ip_source 'network'
 	option ip_network 'wan'
 	option interface 'wan'
 	option use_syslog '2'
 	option check_unit 'minutes'
-	option force_unit 'minutes'
+	option force_unit 'hours'
 	option retry_unit 'seconds'
+	option check_interval '30'
+	option force_interval '1'
 
-config service 'DOMAIN_ipv6'
-	option service_name 'duckdns.org'
-	option use_ipv6 '1'
+config service 'dancio_desec'
+	option service_name 'desec.io'
+	option use_ipv6 '0'
 	option enabled '1'
-	option lookup_host 'DOMAIN.duckdns.org'
-	option domain 'DOMAIN'
-	option username 'MYUSER@GITHUB.COM'
-	option password 'MYTOKEN'
-	option interface 'wan6'
+	option lookup_host 'my.dedyn.io'
+	option domain 'my.dedyn.io'
+	option username 'my.dedyn.io'
+	option password 'token'
 	option ip_source 'network'
-	option ip_network 'wan6'
+	option interface 'wan'
+	option use_syslog '2'
+	option check_interval '15'
+	option check_unit 'minutes'
+	option force_interval '1'
+	option force_unit 'hours'
+	option retry_unit 'seconds'
+	option use_https '1'
+	option ip_network 'wan'
 

settings-configs/BPI-R4/firewall

@@ -9,20 +9,20 @@ config defaults
 
 config zone 'lan'
 	option name 'lan'
-	option network 'lan wg_lan'
 	option input 'ACCEPT'
 	option output 'ACCEPT'
 	option forward 'ACCEPT'
+	list network 'lan'
+	list network 'wg_lan'
 
 config zone 'wan'
 	option name 'wan'
-	list network 'wan'
-	list network 'wan6'
 	option input 'REJECT'
 	option output 'ACCEPT'
-	option forward 'REJECT'
+	option forward 'DROP'
 	option masq '1'
 	option mtu_fix '1'
+	list network 'wan'
 
 config forwarding
 	option src 'lan'
@@ -124,23 +124,43 @@ config rule
 config rule 'wg'
 	option name 'Allow-WireGuard-lan'
 	option src 'wan'
-	option dest_port '12345'
+	option dest_port '51820'
 	option proto 'udp'
 	option target 'ACCEPT'
 
+config rule
+	option name 'Block-Public-DNS-and-force-DoH-DoT'
+	option src 'lan'
+	option dest 'wan'
+	option dest_port '53 853 5353'
+	option target 'REJECT'
+	option enabled '0'
+
 config redirect
 	option dest 'lan'
 	option target 'DNAT'
-	option name 'Divert-DNS, port 53'
+	option name 'http server'
 	option src 'wan'
-	option src_dport '53'
-	option dest_port '53'
+	option src_dport '3000'
+	option dest_ip '192.168.88.117'
+	option dest_port '3000'
+	option enabled '0'
+
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'librespeed'
+	option src 'wan'
+	option src_dport '8989'
+	option dest_ip '192.168.88.1'
+	option dest_port '8989'
+	option enabled '0'
 
 config rule
-	option name 'Reject-DoT,port 853'
+	option name 'Block-DNS-from-WAN'
+	option src 'wan'
+	option dest_port '53'
 	list proto 'tcp'
-	option src 'lan'
-	option dest 'wan'
-	option dest_port '853'
+	list proto 'udp'
 	option target 'REJECT'
 

settings-configs/BPI-R4/network-pppoe

@@ -0,0 +1,72 @@
+
+config interface 'loopback'
+	option device 'lo'
+	option proto 'static'
+	list ipaddr '127.0.0.1/8'
+
+config globals 'globals'
+	option ula_prefix 'fd7e:38e9:4215::/48'
+	option packet_steering '1'
+	option steering_flows '256'
+
+config device
+	option name 'br-lan'
+	option type 'bridge'
+	list ports 'lan1'
+	list ports 'lan2'
+	list ports 'lan3'
+	list ports 'sfp-lan'
+	option igmp_snooping '1'
+
+config interface 'lan'
+	option device 'br-lan'
+	option proto 'static'
+	list ipaddr '192.168.88.1/24'
+	option ip6assign '60'
+
+config device
+	option name 'br-wan'
+	option type 'bridge'
+	list ports 'wan'
+	list ports 'sfp-wan'
+
+config device
+	option name 'wan'
+
+config interface 'wan'
+	option device 'br-wan.35'
+	option proto 'pppoe'
+	option username 'user'
+	option password 'password'
+	option ipv6 'auto'
+	option norelease '1'
+
+config interface 'wan6'
+	option device 'br-wan.35'
+	option proto 'dhcpv6'
+	option reqaddress 'try'
+	option reqprefix 'auto'
+	option norelease '1'
+	option peerdns '0'
+	option auto '0'
+
+# NOTE: usually on BPi-R4 would use br-wan, but below would be an
+# example, how it would be for other devices.
+
+config device
+	option type '8021q'
+	option ifname 'br-wan'
+	option vid '35'
+	option name 'br-wan.35'
+
+config device
+	option type '8021q'
+	option ifname 'wan'
+	option vid '35'
+	option name 'wan.35'
+
+config device
+	option type '8021q'
+	option ifname 'sfp-wan'
+	option vid '35'
+	option name 'sfp-wan.35'

settings-configs/BPI-R4/qosify-pppoe

@@ -0,0 +1,52 @@
+config defaults
+	list defaults /etc/qosify/*.conf
+	option dscp_prio video
+	option dscp_icmp +besteffort
+	option dscp_default_udp besteffort
+	option prio_max_avg_pkt_len 500
+
+config class besteffort
+	option ingress CS0
+	option egress CS0
+
+config class bulk
+	option ingress LE
+	option egress LE
+
+config class video
+	option ingress AF41
+	option egress AF41
+
+config class voice
+	option ingress CS6
+	option egress CS6
+	option bulk_trigger_pps 100
+	option bulk_trigger_timeout 5
+	option dscp_bulk CS0
+
+config interface 'wan'
+        option name 'wan'
+        option disabled '0'
+        option bandwidth_up '820mbit'
+        option bandwidth_down '820mbit'
+	####
+	option overhead_type manual
+	option overhead 44
+        option overhead_mpu 84
+	####
+	## https://forum.openwrt.org/t/qosify-new-package-for-dscp-marking-cake/111789/135
+	# option overhead_type manual
+	# option overhead_vlan 1
+	# option overhead 44
+	####
+        option mode 'diffserv4'
+        option nat '1'
+        option host_isolate '1'
+        option autorate_ingress '0'
+        option ingress_options ''
+        option egress_options ''
+
+config device 'wandev'
+        option disabled '0'
+        option name 'br-wan.35'
+        option bandwidth '820mbit'

settings-configs/BPI-R4/stubby

@@ -21,28 +21,19 @@ config stubby 'global'
        # option command_line_arguments ''
        # option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
        # option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
-       # option tls_min_version '1.2'
-       # option tls_max_version '1.3'
-
+       option tls_min_version '1.2'
+       option tls_max_version '1.3'
+       option openssl_cryptodev 0
 
+## NON BLOCKING ###
 config resolver
        option address '45.XX.XX.0'
-       option tls_auth_name 'XXX.dns.nextdns'
+       option tls_auth_name 'XX.dns.nextdns.io'
        option tls_port 853
 
 config resolver
-       option address '2a07:XXX::0'
-       option tls_auth_name 'XXX.dns.nextdns.io'
-       option tls_port 853
-
-config resolver
-       option address '9.9.9.11'
-       option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com'
-       option tls_port 853
-
-config resolver
-       option address '2620:fe::11'
-       option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com'
+       option address '2a07:XX::0'
+       option tls_auth_name 'XX.dns.nextdns.io'
        option tls_port 853
 
 config resolver
@@ -65,12 +56,33 @@ config resolver
        option tls_auth_name 'p1.freedns.controld.com'
        option tls_port 853
 
-# config resolver
-#        option address '1.0.0.1'
-#        option tls_auth_name 'cloudflare-dns.com'
-#        # option tls_port 853
-#        # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
-#        # option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
-#        # option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
-#        # option tls_min_version '1.2'
-#        # option tls_max_version '1.3'
+config resolver
+       option address '9.9.9.11'
+       option tls_auth_name 'ada.openbld.net'
+       option tls_port 853
+
+config resolver
+       option address '2620:fe::11'
+       option tls_auth_name 'ada.openbld.net'
+       option tls_port 853
+
+config resolver
+       option address '9.9.9.11'
+       option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com'
+       option tls_port 853
+
+config resolver
+       option address '2620:fe::11'
+       option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com'
+       option tls_port 853
+
+### Block smarttv + notrack
+#config resolver
+#       option address '9.9.9.11'
+#       option tls_auth_name '1-iabqabaqacaae.max.rethinkdns.com'
+#       option tls_port 853
+#
+#config resolver
+#       option address '2620:fe::11'
+#       option tls_auth_name '1-iabqabaqacaae.max.rethinkdns.com'
+#       option tls_port 853