feat: Split firmware into Bee (L2 transport) and Bumblebee (L3 gateway) roles

Bee (wr3000, ar300m16): minimal batman-adv mesh relay with gw_mode=client, no yggdrasil/GRE6/VPN/SQM/DoH, Parahub_Free bridged to private network. Bumblebee (axt1800, mt3000, mt6000, ax6s, ax53u): full stack with gw_mode=server, yggdrasil overlay, GRE6 tunnel, guest isolation, SQM, DoH. Build creates /etc/parahub/role marker; heartbeat reports firmware_role and mesh_ip; Bee uses public URL, Bumblebee tries yggdrasil with fallback. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 20:21:06 +00:00
parent 69a8285c8c
commit 383569de92
3 changed files with 286 additions and 89 deletions
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -22,26 +22,37 @@ device_config() {
        axt1800)
            OPENWRT_TARGET="qualcommax/ipq60xx"
            PROFILE="glinet_gl-axt1800"
+            FIRMWARE_ROLE="bumblebee"
            ;;
        mt3000)
            OPENWRT_TARGET="mediatek/filogic"
            PROFILE="glinet_gl-mt3000"
+            FIRMWARE_ROLE="bumblebee"
            ;;
        mt6000)
            OPENWRT_TARGET="mediatek/filogic"
            PROFILE="glinet_gl-mt6000"
+            FIRMWARE_ROLE="bumblebee"
            ;;
        ax6s)
            OPENWRT_TARGET="mediatek/filogic"
            PROFILE="xiaomi_redmi-router-ax6s"
+            FIRMWARE_ROLE="bumblebee"
            ;;
        ax53u)
            OPENWRT_TARGET="ramips/mt7621"
            PROFILE="asus_rt-ax53u"
+            FIRMWARE_ROLE="bumblebee"
            ;;
        ar300m16)
            OPENWRT_TARGET="ath79/generic"
            PROFILE="glinet_gl-ar300m16"
+            FIRMWARE_ROLE="bee"
+            ;;
+        wr3000)
+            OPENWRT_TARGET="mediatek/filogic"
+            PROFILE="cudy_wr3000-v1"
+            FIRMWARE_ROLE="bee"
            ;;
        *)
            return 1
@@ -53,42 +64,32 @@ device_config() {
 # Packages
 # ============================================================================

-PACKAGES_CORE=(
-    # batman-adv mesh
+# Bee (L2 Transport): minimal mesh relay — no overlay, no guest isolation
+PACKAGES_BEE=(
    kmod-batman-adv
    batctl-full
-
-    # 802.11s mesh support (replace basic wpad, includes OWE)
    wpad-mesh-mbedtls
    -wpad-basic-mbedtls
+    luci
+    curl
+)

-    # Yggdrasil overlay network
+# Bumblebee (L3 Gateway): full stack — overlay, VPN, guest isolation, diagnostics
+PACKAGES_BUMBLEBEE=(
+    kmod-batman-adv
+    batctl-full
+    wpad-mesh-mbedtls
+    -wpad-basic-mbedtls
    yggdrasil
-
-    # GRE6 tunnel (guest traffic → VPS gateway)
    kmod-gre6
-
-    # WireGuard (optional local Mullvad via parahub-mullvad script)
    kmod-wireguard
    wireguard-tools
    luci-proto-wireguard
-
-    # DNS-over-HTTPS for guest privacy
    https-dns-proxy
-
-    # SQM traffic shaping
    sqm-scripts
    kmod-sched-cake
-
-    # Management
    luci
    luci-app-sqm
-)
-
-PACKAGES_FULL=(
-    "${PACKAGES_CORE[@]}"
-
-    # Diagnostics
    tcpdump
    iperf3
    iwinfo
@@ -102,13 +103,18 @@ PACKAGES_FULL=(
 usage() {
    echo "Usage: $0 <device>"
    echo ""
-    echo "Devices:"
-    echo "  axt1800   GL.iNet GL-AXT1800 (Slate AX)    qualcommax/ipq60xx"
-    echo "  mt3000    GL.iNet GL-MT3000 (Beryl AX)      mediatek/filogic"
-    echo "  mt6000    GL.iNet GL-MT6000 (Flint 2)       mediatek/filogic"
-    echo "  ax6s      Xiaomi Redmi AX6S                 mediatek/filogic"
-    echo "  ax53u     Asus RT-AX53U                    ramips/mt7621"
-    echo "  ar300m16  GL.iNet GL-AR300M16-EXT (16MB)   ath79/generic"
+    echo "Devices:                                                          Role"
+    echo "  axt1800   GL.iNet GL-AXT1800 (Slate AX)    qualcommax/ipq60xx  Bumblebee"
+    echo "  mt3000    GL.iNet GL-MT3000 (Beryl AX)      mediatek/filogic   Bumblebee"
+    echo "  mt6000    GL.iNet GL-MT6000 (Flint 2)       mediatek/filogic   Bumblebee"
+    echo "  ax6s      Xiaomi Redmi AX6S                 mediatek/filogic   Bumblebee"
+    echo "  ax53u     Asus RT-AX53U                    ramips/mt7621       Bumblebee"
+    echo "  ar300m16  GL.iNet GL-AR300M16-EXT (16MB)   ath79/generic       Bee"
+    echo "  wr3000    Cudy AX3000 (WR3000)              mediatek/filogic   Bee"
+    echo ""
+    echo "Roles:"
+    echo "  Bumblebee  L3 Gateway — full stack (yggdrasil, VPN, guest isolation, SQM, DoH)"
+    echo "  Bee        L2 Transport — minimal mesh relay (batman-adv, luci, heartbeat)"
    echo ""
    echo "OpenWrt version: ${OPENWRT_VERSION} (override with OPENWRT_VERSION env var)"
    echo ""
@@ -146,18 +152,35 @@ download_builder() {
 build_firmware() {
    local dir
    dir="$(builder_dir)"
-    local packages="${PACKAGES_FULL[*]} ${PACKAGES_EXTRA:-}"
+
+    # Select package list by role
+    local packages
+    if [ "$FIRMWARE_ROLE" = "bee" ]; then
+        packages="${PACKAGES_BEE[*]} ${PACKAGES_EXTRA:-}"
+    else
+        packages="${PACKAGES_BUMBLEBEE[*]} ${PACKAGES_EXTRA:-}"
+    fi
+
+    # Create temp FILES dir with role marker
+    local tmpfiles
+    tmpfiles=$(mktemp -d)
+    cp -a "${PROJECT_DIR}/files/"* "$tmpfiles/"
+    mkdir -p "$tmpfiles/etc/parahub"
+    echo "$FIRMWARE_ROLE" > "$tmpfiles/etc/parahub/role"

    echo "Building firmware for profile: ${PROFILE}"
+    echo "Role: ${FIRMWARE_ROLE}"
    echo "Packages: ${packages}"
-    echo "Custom files: ${PROJECT_DIR}/files"
+    echo "Custom files: ${tmpfiles}"

    make -C "$dir" image \
        PROFILE="$PROFILE" \
        PACKAGES="$packages" \
-        FILES="${PROJECT_DIR}/files" \
+        FILES="$tmpfiles" \
        BIN_DIR="${PROJECT_DIR}/output"

+    rm -rf "$tmpfiles"
+
    echo ""
    echo "Build complete! Firmware images:"
    ls -lh "${PROJECT_DIR}/output/"*.bin 2>/dev/null || true
@@ -183,6 +206,7 @@ fi

 echo "=== Parahub Mesh Firmware Builder ==="
 echo "Device:  ${INPUT}"
+echo "Role:    ${FIRMWARE_ROLE}"
 echo "OpenWrt: ${OPENWRT_VERSION}"
 echo "Target:  ${OPENWRT_TARGET}"
 echo "Profile: ${PROFILE}"