feat: add turris omnia target

Makefile

@@ -30,6 +30,7 @@ EMISSARY_SERVER_URL ?=
 
 BASE_INSTALL ?= install-emissary-files
 ADDITIONAL_INSTALL ?=
+ADDITIONAL_OPENWRT_PACKAGES ?=
 
 include targets/*.mk
 include install/*.mk
@@ -51,7 +52,7 @@ build: $(IMAGEBUILDER_DIR_PATH) $(IMAGEBUILDER_CUSTOM_PACKAGES_DIR_PATH) $(IMAGE
 		-C "$(IMAGEBUILDER_DIR_PATH)" \
 		EXTRA_IMAGE_NAME="$(EXTRA_IMAGE_NAME)" \
 		PROFILE="$(OPENWRT_PROFILE)" \
-		PACKAGES="$(OPENWRT_PACKAGES)" \
+		PACKAGES="$(OPENWRT_PACKAGES) $(ADDITIONAL_OPENWRT_PACKAGES)" \
 		CONFIG_IPV6=n \
 		FILES="$(IMAGEBUILDER_CUSTOM_FILES_DIR_PATH)" \
 		BIN_DIR="$(BIN_DIR)" \

files/etc/config/emissary

@@ -1,5 +0,0 @@
-package emissary
-
-config main 'agent'
-    option reconciliation_interval '60'
-    option server_url 'https://emissary.cadol.es'

files/etc/init.d/emissary-agent

@@ -1,35 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-START=50
-STOP=50
-
-start_service() {
-  config_load emissary
-
-  mkdir -p /usr/share/emissary
-  mkdir -p /var/lib/emissary
-
-  config_get emissary_reconciliation_interval agent 'reconciliation_interval' "60"
-  config_get emissary_server_url agent 'server_url' "https://emissary.cadol.es"
-
-  local config_file="/etc/emissary/agent.yml"
-  procd_open_instance emissary-agent
-  procd_set_param env EMISSARY_SERVER_URL="$emissary_server_url" EMISSARY_RECONCILIATION_INTERVAL="$emissary_reconciliation_interval"
-  procd_set_param command /usr/local/bin/emissary
-  procd_append_param command --workdir /usr/share/emissary
-  procd_append_param command --config "$config_file"
-  procd_append_param command agent run
-  procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
-  procd_set_param file "$config_file"
-  procd_set_param stdout 1
-  procd_set_param stderr 1
-  procd_set_param pidfile /var/run/emissary-agent.pid
-  procd_close_instance
-}
-
-service_triggers()
-{
-  # Reload service (restart) on emissary config changes
-  procd_add_reload_trigger "emissary"
-}

files/etc/uci-defaults/99-emissary.sh

@@ -1,30 +0,0 @@
-#/bin/sh
-
-set -e
-
-main() {
-    local default_config="/etc/emissary/default.conf"
-    
-    if [ ! -f "${default_config}" ]; then
-        exit 0
-    fi
-
-    source "${default_config}"
-
-    if [ ! -z "${EMISSARY_RECONCILIATION_INTERVAL}" ]; then
-        uci set "emissary.agent.reconciliation_interval=${EMISSARY_RECONCILIATION_INTERVAL}"
-    fi
-    if [ ! -z "${EMISSARY_SERVER_URL}" ]; then
-        uci set "emissary.agent.server_url=${EMISSARY_SERVER_URL}"
-    fi
-
-    # Commit modifications
-    uci commit
-
-    # Delete file
-    rm -f "${default_config}"
-
-    /etc/init.d/emissary-agent enable
-}
-
-main

install/x86.mk

@@ -2,6 +2,6 @@ install-x86-network-config:
 	mkdir -p files/etc/config
 	cp misc/x86/uci/network files/etc/config/network
 
-install-x86-firewall-rules:
+install-x86-uci-defaults:
 	mkdir -p files/etc/uci-defaults
-	cp misc/x86/uci-defaults/99-x86-firewall-rules.sh files/etc/uci-defaults/99-x86-firewall-rules.sh
+	cp misc/x86/uci-defaults/* files/etc/uci-defaults/

misc/x86/uci-defaults/99-machine-id.sh

@@ -12,14 +12,13 @@ main() {
 
     # Accumulate data to create unique machine id
     local mac_addresses=$(cat /sys/class/net/*/address | uniq | sort)
-    local device_model=$(cat /sys/firmware/devicetree/base/model)
-    local urandom_seed=$(cat /etc/urandom.seed | sha256sum | cut -d ' ' -f1)
+    local device_uuid=$(dmidecode | grep UUID)
 
     # Ensure destination directory
     mkdir -p "$(dirname "$machine_id_file")"
 
     # Generate SHA256 hash of data and save it to $machine_id_file
-    echo "$mac_adresses $device_model $urandom_seed" | sha256sum | cut -d ' ' -f1 > "$machine_id_file"
+    echo "$mac_adresses $device_uuid" | sha256sum | cut -d ' ' -f1 > "$machine_id_file"
 }
 
 main

misc/x86/uci-defaults/99-x86-uci-custom.sh

@@ -3,6 +3,7 @@
 set -e
 
 main() {
+    # Update default firewall ruleset
     uci add firewall rule
     uci set firewall.@rule[-1].name='Allow SSH on WAN'
     uci set firewall.@rule[-1].src='wan'
@@ -25,15 +26,12 @@ main() {
     uci set firewall.@rule[-1].target='ACCEPT'
 
     uci commit firewall
-    service firewall restart
-
-    # Forward DNS queries to public DNS
-    ( uci -q delete dhcp.@dnsmasq[0].server || exit 0 )
-    uci add_list dhcp.@dnsmasq[0].server="8.8.8.8"
-    uci add_list dhcp.@dnsmasq[0].server="8.8.4.4"
     
+    # Disable DNS-rebind protection
+    uci set dhcp.@dnsmasq[0].rebind_protection='0'
     uci commit dhcp
-    service dnsmasq restart
+
+    reload_config
 }
 
 main

targets/generic.mk

@@ -2,7 +2,8 @@ all: x86-generic
 
 x86-generic:
 	$(MAKE) \
-		ADDITIONAL_INSTALL="install-x86-network-config install-x86-firewall-rules" \
+		ADDITIONAL_INSTALL="install-x86-network-config install-x86-uci-defaults" \
+		ADDITIONAL_OPENWRT_PACKAGES="dmidecode" \
 		OPENWRT_TARGET="x86/generic" \
 		EMISSARY_ARCH="386" \
 		OPENWRT_PROFILE="generic" \

targets/turris.mk

@@ -0,0 +1,9 @@
+all: omnia
+
+omnia:
+	$(MAKE) \
+		ADDITIONAL_INSTALL="" \
+		OPENWRT_TARGET="mvebu/cortexa9" \
+		EMISSARY_ARCH="arm64" \
+		OPENWRT_PROFILE="cznic_turris-omnia" \
+		build