norn/parahub-mesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: norn:e4d44f821ae35c261e393da54dec3a3149eadcaf
Branches Tags
norn:master
..
compare: norn:master
Branches Tags
norn:master

3 Commits
e4d44f821a ... master

Author SHA1 Message Date
Parahub AI
2e7107a78a fix(wg): Use private_key instead of private_key_file (unsupported) 
OpenWrt's WireGuard proto handler doesn't support private_key_file —
it auto-generates a new key, causing mismatch with the heartbeat pubkey.
Read key from file and set as inline private_key instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-12 12:13:47 +00:00
Parahub AI
29c383bb2f fix(heartbeat): Generate VPS WG keypair on OTA from pre-VPS firmware 
uci-defaults only runs on first boot, so devices updating from ph3
would never generate WG keys. Heartbeat now generates them if missing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-12 11:49:01 +00:00
Parahub AI
15acd96076 fix(mullvad): Use --data-urlencode for Mullvad API key registration 
Base64 WG pubkeys with + or / chars break plain -d POST. Hit this
on VPS setup — "Invalid public key" from Mullvad API.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-12 11:43:55 +00:00
4 changed files with 12 additions and 4 deletions
Expand all files Collapse all files

2
files/etc/uci-defaults/99-parahub-mesh
View File

@@ -241,7 +241,7 @@ set network.wan.proto='dhcp'
# --- VPS gateway WireGuard (disabled until heartbeat activates it) ---
set network.vps_gateway=interface
set network.vps_gateway.proto='wireguard'
set network.vps_gateway.private_key_file='/etc/parahub/wg_vps_private.key'
set network.vps_gateway.private_key='$(cat /etc/parahub/wg_vps_private.key)'
set network.vps_gateway.mtu='1420'
set network.vps_gateway.ip4table='100'
set network.vps_gateway.auto='0'

8
files/usr/bin/parahub-heartbeat
View File

@@ -19,6 +19,14 @@ UPTIME="$(cut -d. -f1 /proc/uptime)"
MESH_IP=$(ip -4 addr show br-private 2>/dev/null | grep -o 'inet [0-9.]*' | cut -d' ' -f2)
MESH_IP="${MESH_IP:-unknown}"
# Generate WireGuard VPS keypair if missing (OTA from pre-VPS firmware)
if [ "$ROLE" != "bee" ] && [ ! -f /etc/parahub/wg_vps_private.key ] && command -v wg >/dev/null 2>&1; then
umask 077
wg genkey > /etc/parahub/wg_vps_private.key
wg pubkey < /etc/parahub/wg_vps_private.key > /etc/parahub/wg_vps_public.key
logger -t parahub-heartbeat "Generated VPS WireGuard keypair (OTA migration)"
fi
# Read WireGuard VPS public key (Bumblebee only)
WG_PUBKEY=""
if [ -f /etc/parahub/wg_vps_public.key ]; then

4
files/usr/bin/parahub-mullvad
View File

@@ -95,8 +95,8 @@ cmd_setup() {
# --- Step 2: Register with Mullvad API ---
echo "Registering key with Mullvad..."
RESULT=$(curl -s --max-time 15 -X POST https://api.mullvad.net/wg/ \
-d "account=$ACCOUNT" \
-d "pubkey=$PUBKEY")
--data-urlencode "account=$ACCOUNT" \
--data-urlencode "pubkey=$PUBKEY")
if echo "$RESULT" | grep -q "^[0-9]"; then
MULLVAD_IPV4=$(echo "$RESULT" | cut -d',' -f1)

2
files/usr/bin/parahub-vps-setup
View File

@@ -36,7 +36,7 @@ if ! uci -q get network.vps_gateway >/dev/null 2>&1; then
uci batch <<-BOOTSTRAP_NET
set network.vps_gateway=interface
set network.vps_gateway.proto='wireguard'
set network.vps_gateway.private_key_file='/etc/parahub/wg_vps_private.key'
set network.vps_gateway.private_key='$(cat /etc/parahub/wg_vps_private.key)'
set network.vps_gateway.mtu='1420'
set network.vps_gateway.ip4table='100'
BOOTSTRAP_NET