norn/parahub-mesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
26 Commits 1 Branch 0 Tags
e31f626c7cffcdaebb4a29d78852d53676da29e7
Commit Graph

6 Commits

Author SHA1 Message Date
Parahub AI
e31f626c7c refactor: Remove GRE tunnels, add Mullvad gateway health check 
Radical simplification — no more VPS data plane:
- Delete parahub-vpn-tunnel init script (GRE6 no longer used)
- Revert heartbeat to clean version (no tunnel_ip parsing)
- Add parahub-gw-check: monitors WireGuard handshake, switches
  batman-adv gw_mode between server/client (cron every 2 min)
- Update uci-defaults: remove vpn_tunnel zone/interface, start
  bumblebee as gw_mode=client (health check promotes to server)

Guest internet now requires Mullvad — kill switch by design.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 12:50:31 +00:00
Parahub AI
f96a455dc8 feat: Dynamic tunnel IP from cloud heartbeat for multi-bumblebee support 
vpn-tunnel reads IP from /etc/parahub/tunnel_ip instead of hardcoded
172.16.0.2. On first boot, calls heartbeat synchronously to get assignment.
Heartbeat parses tunnel_ip from response and restarts vpn-tunnel on change.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-10 20:28:26 +00:00
Parahub AI
c5b9229ad0 feat: Add OTA auto-update and guest IPv6 via Yggdrasil 
OTA: build.sh writes version/profile to firmware, generates manifest.json
with SHA256 per device. parahub-autoupdate script runs nightly at 3am,
fetches manifest (Yggdrasil first), verifies checksum, runs sysupgrade.
sysupgrade.conf preserves /etc/parahub/, yggdrasil.conf, dropbear keys.

Guest IPv6: Yggdrasil 300::/64 subnet assigned to guest via SLAAC.
Separate yggdrasil firewall zone (5 zones total) with guest→yggdrasil
forwarding. IPv6 exempt from tc shaping — full speed to Parahub services.
IPv6 to WAN blocked. Heartbeat now reads version from file, not hardcoded.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-06 08:09:27 +00:00
Parahub AI
ef1b9c10ea feat: Replace SQM with per-client speed control for paid WiFi upgrade 
Add parahub-speed-control script (nftables set + tc HTB) for per-IP
speed shaping. Free tier 512kbps, paid tier unlimited. Heartbeat now
parses paid_clients from API response and syncs nftables set.

Replaced sqm-scripts/kmod-sched-cake/luci-app-sqm packages with
tc-full/kmod-ifb/kmod-sched-htb. Section 8 of uci-defaults creates
init.d service for speed control instead of SQM config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-05 22:35:16 +00:00
Parahub AI
968f90611e feat: Split firmware into Bee (L2 transport) and Bumblebee (L3 gateway) roles 
Bee (wr3000, ar300m16): minimal batman-adv mesh relay with gw_mode=client,
no yggdrasil/GRE6/VPN/SQM/DoH, Parahub_Free bridged to private network.
Bumblebee (axt1800, mt3000, mt6000, ax6s, ax53u): full stack with
gw_mode=server, yggdrasil overlay, GRE6 tunnel, guest isolation, SQM, DoH.

Build creates /etc/parahub/role marker; heartbeat reports firmware_role
and mesh_ip; Bee uses public URL, Bumblebee tries yggdrasil with fallback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-05 20:21:06 +00:00
Parahub AI
dde37c7a7b feat: Add heartbeat phone-home script and norn SSH key 
- parahub-heartbeat: cURL heartbeat to cloud API every 5min via cron
- authorized_keys: add norn@parahub-ng for WiFi password SSH retrieval
- 99-parahub-mesh: section 12 enables cron + heartbeat on first boot

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 18:30:20 +00:00