- uci-defaults: WG keygen, vps_gateway interface+zone+forwarding
- heartbeat: sends wg_public_key, parses VPS config, calls vps-setup
- parahub-vps-setup: new script for auto-configuring VPS tunnel with
OTA bootstrap support and idempotent state tracking
- parahub-mullvad: setup disables vps_gateway, remove re-enables it
(fixes bug referencing non-existent vpn_tunnel interface)
- parahub-gw-check: works with both vps_gateway and mullvad_local
- sysupgrade.conf: preserves WG VPS keys across upgrades
- build.sh: bump PARAHUB_BUILD to 4
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Radical simplification — no more VPS data plane:
- Delete parahub-vpn-tunnel init script (GRE6 no longer used)
- Revert heartbeat to clean version (no tunnel_ip parsing)
- Add parahub-gw-check: monitors WireGuard handshake, switches
batman-adv gw_mode between server/client (cron every 2 min)
- Update uci-defaults: remove vpn_tunnel zone/interface, start
bumblebee as gw_mode=client (health check promotes to server)
Guest internet now requires Mullvad — kill switch by design.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
