github-personal/openwrt-builder
1
0
Fork 0
mirror of https://github.com/outbackdingo/openwrt-builder.git synced 2026-01-27 10:19:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
openwrt-builder/openwrt-configure.sh
Daniel Pawlik c8092afbd4 Add CONFIG_PACKAGE_kmod-tun for main-router config 
To install tailscale/zerotier package, it is required to install
kmod-tun. That would not increase image size too much, but would help
to use that software.

Signed-off-by: Daniel Pawlik <pawlik.dan@gmail.com>
2025-11-23 11:20:00 +01:00

173 lines
6.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Example usage:
# ./openwrt-configure.sh 192.168.88.1 main
# ./openwrt-configure.sh 192.168.88.2
#
## or extended
# SPEEDTEST_TOOLS=librespeed-go ./openwrt-configure.sh 192.168.88.1 main
ROUTER_IP="${ROUTER_IP=$1}"
# DEVICE can be main or <nothing>
DEVICE="${DEVICE:-$2}"
FULL_WPAD="${FULL_WPAD:-'true'}"
INSTALL_BRIDGER=${INSTALL_BRIDGER:-'true'}
INSTALL_DAWN=${INSTALL_DAWN:-'false'}
INSTALL_USTEER=${INSTALL_USTEER:-'false'}
DOH_PACKAGE=${DOH_PACKAGE:-'stubby'} # can be also: luci-app-unbound or dnscrypt-proxy2 or adguardhome or stubby
CRYPTO_LIB=${CRYPTO_LIB:-'openssl'} # wolfssl or openssl or mbedtls
# ADDITIONAL_PACKAGES=${ADDITIONAL_PACKAGES:-'kmod-mt7921e kmod-mt7921-common kmod-mt7921-firmware kmod-mt7925-common kmod-mt7925e luci-app-nft-qos'}
ADDITIONAL_PACKAGES=${ADDITIONAL_PACKAGES:-'bmon tcpdump iperf3 ethtool-full vim'}
INSTALL_LANG_PACKAGES=${INSTALL_LANG_PACKAGES:-'true'}
INSTALL_MINIMUM_PACKAGES=${INSTALL_MINIMUM_PACKAGES:-'false'}
SQM_TOOL=${SQM_TOOL:-'qosify'} # qosify or luci-app-sqm
SPEEDTEST_TOOLS=${SPEEDTEST_TOOLS:='librespeed-go'} # librespeed-go
if [ -z "$ROUTER_IP" ]; then
echo "Please provide router ip like: 192.168.1.1"
exit 1
fi
COMMAND="apk update"
if [[ "$FULL_WPAD" =~ True|true ]]; then
FS_FULL_WPAD_PACKAGES="-wpad-basic-mbedtls"
fi
if [[ "$CRYPTO_LIB" =~ ^(Wolfssl|wolfssl)$ ]]; then
# MAKE SURE IT IS ARMv8 or Intel AESNI, otherwise use: CONFIG_PACKAGE_libwolfssl=y
echo -e "\n\n If this is ARMv8, you can replace libwolfssl with libwolfsslcpu-crypto \n\n"
FS_FULL_WPAD_PACKAGES="$FS_FULL_WPAD_PACKAGES wpad-wolfssl luci-ssl"
elif [[ "$CRYPTO_LIB" =~ ^(Openssl|openssl)$ ]]; then
FS_FULL_WPAD_PACKAGES="$FS_FULL_WPAD_PACKAGES wpad-openssl luci-openssl"
elif [[ "$CRYPTO_LIB" =~ ^(Mbedtls|mbedtls)$ ]]; then
FS_FULL_WPAD_PACKAGES="$FS_FULL_WPAD_PACKAGES wpad-mbedtls luci-ssl"
COMMAND="$COMMAND; apk del wpad-basic-mbedtls; apk add wpad-mbedtls"
fi
# basic packages
PACKAGES="collectd collectd-mod-sensors \
collectd-mod-dns collectd-mod-wireless collectd-mod-ping \
luci-app-statistics luci htop curl owut \
irqbalance luci-app-irqbalance "
# additional
# fping kmod-crypto-user kmod-cryptodev
if [[ "$INSTALL_MINIMUM_PACKAGES" =~ True|true ]]; then
if [[ "$CRYPTO_LIB" =~ ^(Wolfssl|wolfssl|Openssl|openssl)$ ]]; then
echo -e "By choosing INSTALL_MINIMUM_PACKAGES, consider to use:\n\n export CRYPTO_LIB=mbedtls\n\n"
fi
if [[ "$DOH_PACKAGE" =~ dnscrypt-proxy2|adguardhome ]]; then
echo -e "It is not good to choose $DOH_PACKAGE on low space device!"
exit 1
fi
fi
if [[ "$INSTALL_DAWN" =~ True|true ]]; then
PACKAGES="$PACKAGES dawn luci-app-dawn"
fi
if [[ "$INSTALL_USTEER" =~ True|true ]]; then
PACKAGES="$PACKAGES usteer luci-app-usteer luci-i18n-usteer-pl"
fi
# additional packages
if [[ "$DEVICE" =~ Main|main ]]; then
PACKAGES="$PACKAGES ddns-scripts luci-app-ddns"
PACKAGES="$PACKAGES luci-proto-wireguard kmod-wireguard wireguard-tools qrencode"
PACKAGES="$PACKAGES tc-full pciutils kmod-phy-aquantia"
PACKAGES="$PACKAGES kmod-tun"
if [ -n "$SQM_TOOL" ]; then
PACKAGES="$PACKAGES $SQM_TOOL"
fi
if [ -n "$DOH_PACKAGE" ]; then
PACKAGES="$PACKAGES $DOH_PACKAGE"
fi
if [ -n "$SPEEDTEST_TOOLS" ]; then
PACKAGES="$PACKAGES $SPEEDTEST_TOOLS"
fi
fi
# NOTE: to enable WED for L2, you need to install bridger,
# otherwise WED would be just working for L3
# Also it is important to enable HW offload and
# do not disable firewall on dumb ap's.
if [[ "$INSTALL_BRIDGER" =~ True|true ]]; then
PACKAGES="$PACKAGES bridger"
fi
if [[ "$INSTALL_LANG_PACKAGES" =~ True|true ]]; then
PACKAGES="$PACKAGES luci-i18n-firewall-pl luci-i18n-irqbalance-pl luci-i18n-statistics-pl luci-i18n-base-pl"
fi
COMMAND="$COMMAND; apk add $PACKAGES $ADDITIONAL_PACKAGES; /etc/init.d/uhttpd start ; /etc/init.d/uhttpd enable;"
read -n 1 -r -p "Should I execute command: $COMMAND on root@$ROUTER_IP? " yn
case $yn in
[Yy]*) ssh "root@$ROUTER_IP" "$COMMAND $PACKAGES" ;;
[Nn]*)
echo -e "\n\nFor firmware-selector.org: \n\n$PACKAGES $FS_FULL_WPAD_PACKAGES $ADDITIONAL_PACKAGES"
exit 0
;;
*) echo "Please answer yes or no. If no, will show you packages for firmware-selector ;)" ;;
esac
echo -e "\n\nPackage installation completed!\n\n"
read -n 1 -r -p "Should I reboot device $ROUTER_IP? " yn
case $yn in
[Yy]*) ssh "root@$ROUTER_IP" reboot ;;
[Nn]*) exit ;;
*) echo "Please answer yes or no." ;;
esac
# For https://firmware-selector.openwrt.org/
# Add packages. NOTE: To install wpad-wolfssl, just replace the package name with wpad-basic-wolfssl
### basic
# apk update;
# apk add collectd collectd-mod-sensors collectd-mod-dns collectd-mod-wireless luci-app-statistics luci luci-i18n-base-pl vim htop curl iperf3 luci-app-attendedsysupgrade auc bmon irqbalance luci-app-irqbalance rsync
#
### additional
# apk add ethtool-full pciutils tcpdump
### wireguard
# luci-proto-wireguard kmod-wireguard wireguard-tools qrencode
### Tailscale/Zerotier
# kmod-tun
### DNS over HTTPS
# unbound-daemon luci-app-unbound
### DDNS
# ddns-scripts luci-app-ddns
### Bufferbloat - install SQM - https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm
# luci-app-sqm luci-i18n-sqm-pl sqm-scripts-extra
# # OR
# qosify - https://forum.openwrt.org/t/qosify-new-package-for-dscp-marking-cake/111789/1122
### Better roaming
# usteer luci-app-usteer
# OR
# dawn luci-app-dawn
#
### Limit bandwidth
# luci-app-nft-qos
### to use mbedtls, replace:
# libustream-wolfssl and wpad-basic-wolfssl *WITH* libustream-mbedtls and wpad-basic-mbedtls.
# to enable 802.11k/v replace:
# wpad-basic-mbedtls with wpad-mbedtls
# To replace mbedtls with openssl via firmware-selector, just add:
# -wpad-basic-mbedtls -libustream-mbedtls -libmbedtls libustream-openssl wpad-openssl -apk-mbedtls apk-openssl
#
# To replace mbedtls with wolfssl via firmware-selector, just add:
# -wpad-basic-mbedtls -libustream-mbedtls -libmbedtls libustream-wolfssl wpad-wolfssl -apk-mbedtls apk-wolfssl
#
Reference in New Issue View Git Blame Copy Permalink