--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=yggdrasil
+PKG_VERSION:=0.3.5
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=https://codeload.github.com/yggdrasil-network/yggdrasil-go/tar.gz/v$(PKG_VERSION)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=2c69029adeb053ad049e90f1e4b7efa986094779868da77464d3c869984e861b
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-go-$(PKG_VERSION)
+
+PKG_LICENSE:=GPL-3.0
+PKG_MAINTAINER:=William Fleurant <meshnet@protonmail.com>
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/yggdrasil
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Routing and Redirection
+ TITLE:=Yggdrasil supports end-to-end encrypted IPv6 networks
+ URL:=https://yggdrasil-network.github.io/
+ DEPENDS:=$(GO_ARCH_DEPENDS) @IPV6 +kmod-tun +@(mips):KERNEL_MIPS_FPU_EMULATOR
+ PKGARCH:=all
+endef
+
+define Package/yggdrasil/description
+ Yggdrasil builds end-to-end encrypted networks with IPv6.
+ Beyond the similarities with cjdns is a different routing
+ algorithm. This globally-agreed spanning tree uses greedy
+ routing in a metric space. Back-pressure routing techniques
+ allow advanced link aggregation bonding on per-stream basis.
+ In turn, a single stream will span across multiple network
+ interfaces simultaneously with much greater throughput.
+endef
+
+ifeq ($(ARCH),aarch64)
+ GOARCH:=arm64
+endif
+
+ifeq ($(ARCH),arc)
+ GOARCH:=risc
+endif
+
+ifeq ($(ARCH),arc)
+ GOARCH:=risc
+endif
+
+ifeq ($(ARCH),arm)
+ GOARCH:=arm
+endif
+
+ifeq ($(ARCH),armeb)
+ GOARCH:=armbe
+endif
+
+ifeq ($(ARCH),i386)
+ GOARCH:=386
+endif
+
+ifeq ($(ARCH),mips)
+ GOARCH:=mips
+endif
+
+ifeq ($(ARCH),mips64)
+ GOARCH:=mips64
+endif
+
+ifeq ($(ARCH),mipsel)
+ GOARCH:=mipsle
+endif
+
+ifeq ($(ARCH),powerpc)
+ GOARCH:=ppc64
+endif
+
+define Build/Compile
+ cd $(PKG_BUILD_DIR) && \
+ GOOS="linux" \
+ GOARCH="$(GOARCH)" \
+ PKGVER="$(PKG_VERSION)" \
+ PKGNAME="yggdrasil-openwrt" \
+ $(PKG_BUILD_DIR)/build
+endef
+
+define Package/yggdrasil/install
+ $(INSTALL_DIR) \
+ $(1)/etc/init.d \
+ $(1)/etc/uci-defaults \
+ $(1)/usr/sbin
+
+ $(INSTALL_BIN) \
+ $(PKG_BUILD_DIR)/yggdrasil \
+ $(1)/usr/sbin
+
+ $(INSTALL_BIN) \
+ $(PKG_BUILD_DIR)/yggdrasilctl \
+ $(1)/usr/sbin
+
+ $(INSTALL_BIN) \
+ ./files/yggdrasil.defaults \
+ $(1)/etc/uci-defaults/yggdrasil
+
+ $(INSTALL_BIN) \
+ ./files/yggdrasil.init \
+ $(1)/etc/init.d/yggdrasil
+endef
+
+$(eval $(call BuildPackage,yggdrasil))
--- /dev/null
+#!/bin/sh
+
+yggConfig="/etc/yggdrasil.conf"
+
+if [ ! -e ${yggConfig} ]; then
+
+ yggdrasil -genconf -json > ${yggConfig}
+
+ # create the firewall zone
+ uci -q batch <<-EOF >/dev/null
+ add firewall zone
+ set firewall.@zone[-1].name=yggdrasil
+ add_list firewall.@zone[-1].network=yggdrasil
+ set firewall.@zone[-1].input=REJECT
+ set firewall.@zone[-1].output=ACCEPT
+ set firewall.@zone[-1].forward=REJECT
+ set firewall.@zone[-1].conntrack=1
+ set firewall.@zone[-1].family=ipv6
+EOF
+
+ # allow ICMP from yggdrasil zone, e.g. ping6
+ uci -q batch <<-EOF >/dev/null
+ add firewall rule
+ set firewall.@rule[-1].name='Allow-ICMPv6-yggdrasil'
+ set firewall.@rule[-1].src=yggdrasil
+ set firewall.@rule[-1].proto=icmp
+ add_list firewall.@rule[-1].icmp_type=echo-request
+ add_list firewall.@rule[-1].icmp_type=echo-reply
+ add_list firewall.@rule[-1].icmp_type=destination-unreachable
+ add_list firewall.@rule[-1].icmp_type=packet-too-big
+ add_list firewall.@rule[-1].icmp_type=time-exceeded
+ add_list firewall.@rule[-1].icmp_type=bad-header
+ add_list firewall.@rule[-1].icmp_type=unknown-header-type
+ set firewall.@rule[-1].limit='1000/sec'
+ set firewall.@rule[-1].family=ipv6
+ set firewall.@rule[-1].target=ACCEPT
+EOF
+
+ # allow SSH from yggdrasil zone, needs to be explicitly enabled
+ uci -q batch <<-EOF >/dev/null
+ add firewall rule
+ set firewall.@rule[-1].enabled=0
+ set firewall.@rule[-1].name='Allow-SSH-yggdrasil'
+ set firewall.@rule[-1].src=yggdrasil
+ set firewall.@rule[-1].proto=tcp
+ set firewall.@rule[-1].dest_port=22
+ set firewall.@rule[-1].target=ACCEPT
+EOF
+
+ # allow LuCI access from yggdrasil zone, needs to be explicitly enabled
+ uci -q batch <<-EOF >/dev/null
+ add firewall rule
+ set firewall.@rule[-1].enabled=0
+ set firewall.@rule[-1].name='Allow-HTTP-yggdrasil'
+ set firewall.@rule[-1].src=yggdrasil
+ set firewall.@rule[-1].proto=tcp
+ set firewall.@rule[-1].dest_port=80
+ set firewall.@rule[-1].target=ACCEPT
+EOF
+
+
+else
+ :
+fi
+
+exit 0
git.99rst.org / openwrt-packages.git / commitdiff