small-package/my-default-settings/files/etc/uci-defaults/99-default-settings

#!/bin/sh

([ -x /bin/bash ] && ! grep -q "^root.*bash" /etc/passwd) && sed -i "s/^\(root.*\/\)ash/\1bash/g" /etc/passwd

# [[ "$(df | grep overlay)" && ! "$(df | grep /rom/overlay)" ]] && firstboot

version=`uci -q get base_config.@status[0].version`

hostname=`uci -q get system.@system[0].hostname`
test -n "${hostname}" || hostname="OpenWrt"

if [ "$(uci -q get dhcp.@dnsmasq[0].port)" != "53" ]; then
	uci -q set dhcp.@dnsmasq[0].port='53'
	uci commit dhcp
fi

uci -q batch <<EOF
set attendedsysupgrade.server.url='https://op.supes.top'
commit attendedsysupgrade
EOF

uci set dockerd.firewall.extra_iptables_args='--match conntrack ! --ctstate RELATED,ESTABLISHED'
uci commit dockerd

sed -i '/profile.d/d' /lib/upgrade/keep.d/base-files

echo $(uci -q get uhttpd.main.index_page) | grep -q "cgi-bin/luci" ||
	uci -q add_list uhttpd.main.index_page='cgi-bin/luci' && uci commit uhttpd

/etc/init.d/wizard disable

[ -f /usr/bin/wget ] && 	
	ln -s /usr/bin/wget /usr/bin/wget-ssl

sed -i "s/git-.*-\(.*\)/git-\1/g" /usr/lib/lua/luci/version.lua

processor=`cat /proc/cpuinfo | grep 'processor' | wc -l`
test -n "$processor" || processor=3
sed -i "/^threads =/c\threads = $processor" /etc/uwsgi/vassals/luci-webui.ini
test $version -lt 1 && {
	uci -q set luci.main.lang='auto'
	uci -q set luci.main.mediaurlbase=/luci-static/edge
	uci commit luci
	
	uci -q set dropbear.@dropbear[0].Interface='lan'
	uci commit dropbear
	
	uci -q get system.@system[0] >/dev/null 2>&1 && {
		uci -q set system.@system[0].zonename='Asia/Shanghai'
		uci -q set system.@system[0].timezone='CST-8'
		uci -q del system.ntp.server
		uci -q add_list system.ntp.server='ntp.aliyun.com'
		uci -q add_list system.ntp.server='0.openwrt.pool.ntp.org'
		uci commit system
	}

	uci -q set uhttpd.main.rfc1918_filter=0
	uci -q set uhttpd.main.redirect_https=0
	uci -q set uhttpd.main.script_timeout='120'
	uci commit uhttpd
	
	(echo "root"; sleep 1; echo "root") | /bin/busybox passwd root >/dev/null 2>&1 &
	
	wifi_setup_radio(){
	local radio=$1
	htmode="$(uci get wireless.${radio}.htmode)"
	local widx=0
	while uci rename wireless.@wifi-iface[$widx]=default_radio$widx >/dev/null 2>&1; do widx=$((widx+1)); done
	uci -q get wireless.${radio} >/dev/null 2>&1 && {
			uci -q del wireless.${radio}.disabled
			uci -q set wireless.${radio}.country='US'
		
		if [ "$(uci -q get wireless.${radio}.band)" = "5g" ]; then
			uci -q set wireless.default_${radio}.ssid="${SSID}_5G"
			if [[ "${htmode}" == HE* ]]; then   # AX
				uci -q set wireless.${radio}.htmode="HE160"
				uci -q set wireless.${radio}.channel='44'
			else
				uci -q set wireless.${radio}.htmode="VHT80"   #AC
				uci -q set wireless.${radio}.channel="157"
			fi
			[[ "$(board_name)" == *cr660x ]] && {
				uci -q set wireless.${radio}.htmode="HE80"
				uci -q set wireless.${radio}.channel='157'
			}
		else
			uci -q set wireless.${radio}.htmode="HT40"   #N
			uci -q set wireless.${radio}.noscan='1'
			uci -q set wireless.${radio}.vendor_vht='1'
			uci -q set wireless.default_${radio}.ssid="${SSID}_2.4G"
			uci -q set wireless.${radio}.channel='auto'
		fi
			uci -q set wireless.default_${radio}.device="${radio}"
			if [ "${SSID_PASSWD}" ]; then
				uci -q set wireless.default_${radio}.encryption='psk2'
				uci -q set wireless.default_${radio}.key="${SSID_PASSWD}"
			else
				uci -q set wireless.default_${radio}.encryption='none'
			fi
		}
	}

	[ -f /etc/config/wireless ] && {
		SSID=${hostname}
		SSID_PASSWD=""
		for radio in radio0 radio1 radio2 radio3; do
			wifi_setup_radio ${radio}
		done
		uci commit wireless
	}

	uci -q set upnpd.config.enabled='1'
	uci commit upnpd
	
	grep -q log-facility /etc/dnsmasq.conf ||
		echo "log-facility=/dev/null" >> /etc/dnsmasq.conf

	[ -f /sys/module/xt_FULLCONENAT/refcnt ] && {
	uci -q set firewall.@defaults[0].fullcone='1'
	uci commit firewall
	}

	uci -q set fstab.@global[0].anon_mount=1
	uci commit fstab
 
	uci -q set network.@globals[0].packet_steering=1
	uci commit network
  
	uci -q set dhcp.@dnsmasq[0].dns_redirect='1'
	uci -q set dhcp.@dnsmasq[0].allservers='1'
	uci -q del dhcp.@dnsmasq[0].noresolv
	uci -q set dhcp.@dnsmasq[0].cachesize='1500'
	uci -q set dhcp.@dnsmasq[0].min_ttl='3600'
	uci -q set dhcp.lan.force='1'
	uci -q set dhcp.lan.ra='hybrid'
	uci -q set dhcp.lan.ndp='hybrid'
	uci -q set dhcp.lan.dhcpv6='hybrid'
	uci -q set dhcp.lan.force='1'
	uci commit dhcp

	uci -q set nft-qos.default.limit_enable='0'
	uci commit nft-qos

	uci -q set system.@system[0].conloglevel='4'
	uci -q set system.@system[0].cronloglevel='8'
	uci commit system
}

# kB
memtotal=`grep MemTotal /proc/meminfo | awk '{print $2}'`
if test $memtotal -ge 1048576; then
	# > 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=262144
elif test $memtotal -ge 524288; then
	# <= 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=131072
elif test $memtotal -ge 262144; then
	# <= 512M
	cachesize=8192
	dnsforwardmax=8192
	nf_conntrack_max=65536
elif test $memtotal -ge 131072; then
	# <= 256M
	cachesize=4096
	dnsforwardmax=4096
	nf_conntrack_max=65536
elif test $memtotal -ge 65536; then
	# <= 128M
	cachesize=2048
	dnsforwardmax=2048
	nf_conntrack_max=32768
else
	# < 64M
	cachesize=1024
	dnsforwardmax=1024
	nf_conntrack_max=16384
fi

test $version -lt 1 && {
	uci -q get dhcp.@dnsmasq[0] || uci -q add dhcp dnsmasq
	uci -q set dhcp.@dnsmasq[0].cachesize="$cachesize"
	uci -q set dhcp.@dnsmasq[0].dnsforwardmax="$dnsforwardmax"
	uci -q set dhcp.@dnsmasq[0].localservice='0'
	uci -q set dhcp.@dnsmasq[0].localise_queries='1'
	uci -q set dhcp.@dnsmasq[0].rebind_protection='0'
	uci -q set dhcp.@dnsmasq[0].rebind_localhost='1'
	uci commit dhcp
	uci -q set system.@system[0].zram_comp_algo='zstd'
	uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)"
	uci commit system
	
	# sysctl overwrite
	SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
	mkdir -p /etc/sysctl.d
	echo -n >$SYSCTL_LOCAL
	echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL
	echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL
	echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL
	echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL
	echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL
	echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL
	echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL
	echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL
	echo vm.swappiness=0 >>$SYSCTL_LOCAL
	version=1
}

cp -pR /www/cgi-bin/* /www/
rm -rf /tmp/luci-*

uci -q set base_config.@status[0].version=$version
uci commit base_config
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`#!/bin/sh`

			`([ -x /bin/bash ] && ! grep -q "^root.bash" /etc/passwd) && sed -i "s/^\(root.\/\)ash/\1bash/g" /etc/passwd`

			`# [[ "$(df \| grep overlay)" && ! "$(df \| grep /rom/overlay)" ]] && firstboot`

			version=`uci -q get base_config.@status[0].version`

update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			hostname=`uci -q get system.@system[0].hostname`
			`test -n "${hostname}" \|\| hostname="OpenWrt"`
update 03-17 20:35 2022-03-17 20:35:15 +08:00
			`if [ "$(uci -q get dhcp.@dnsmasq[0].port)" != "53" ]; then`
			`uci -q set dhcp.@dnsmasq[0].port='53'`
			`uci commit dhcp`
			`fi`

			`uci -q batch <<EOF`
			`set attendedsysupgrade.server.url='https://op.supes.top'`
			`commit attendedsysupgrade`
			`EOF`

			`uci set dockerd.firewall.extra_iptables_args='--match conntrack ! --ctstate RELATED,ESTABLISHED'`
			`uci commit dockerd`

			`sed -i '/profile.d/d' /lib/upgrade/keep.d/base-files`

			`echo $(uci -q get uhttpd.main.index_page) \| grep -q "cgi-bin/luci" \|\|`
			`uci -q add_list uhttpd.main.index_page='cgi-bin/luci' && uci commit uhttpd`
update 2022-05-20 23:45:13 2022-05-20 23:45:13 +08:00
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`/etc/init.d/wizard disable`

			`[ -f /usr/bin/wget ] &&`
			`ln -s /usr/bin/wget /usr/bin/wget-ssl`

			`sed -i "s/git-.-\(.\)/git-\1/g" /usr/lib/lua/luci/version.lua`

			processor=`cat /proc/cpuinfo \| grep 'processor' \| wc -l`
			`test -n "$processor" \|\| processor=3`
			`sed -i "/^threads =/c\threads = $processor" /etc/uwsgi/vassals/luci-webui.ini`
			`test $version -lt 1 && {`
			`uci -q set luci.main.lang='auto'`
			`uci -q set luci.main.mediaurlbase=/luci-static/edge`
			`uci commit luci`

			`uci -q set dropbear.@dropbear[0].Interface='lan'`
			`uci commit dropbear`

			`uci -q get system.@system[0] >/dev/null 2>&1 && {`
			`uci -q set system.@system[0].zonename='Asia/Shanghai'`
			`uci -q set system.@system[0].timezone='CST-8'`
			`uci -q del system.ntp.server`
			`uci -q add_list system.ntp.server='ntp.aliyun.com'`
			`uci -q add_list system.ntp.server='0.openwrt.pool.ntp.org'`
			`uci commit system`
			`}`

			`uci -q set uhttpd.main.rfc1918_filter=0`
			`uci -q set uhttpd.main.redirect_https=0`
			`uci -q set uhttpd.main.script_timeout='120'`
			`uci commit uhttpd`

			`(echo "root"; sleep 1; echo "root") \| /bin/busybox passwd root >/dev/null 2>&1 &`

			`wifi_setup_radio(){`
			`local radio=$1`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`htmode="$(uci get wireless.${radio}.htmode)"`
			`local widx=0`
			`while uci rename wireless.@wifi-iface[$widx]=default_radio$widx >/dev/null 2>&1; do widx=$((widx+1)); done`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`uci -q get wireless.${radio} >/dev/null 2>&1 && {`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`uci -q del wireless.${radio}.disabled`
update 2022-05-18 16:51:00 2022-05-18 16:51:00 +08:00			`uci -q set wireless.${radio}.country='US'`
update 03-17 20:35 2022-03-17 20:35:15 +08:00
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`if [ "$(uci -q get wireless.${radio}.band)" = "5g" ]; then`
			`uci -q set wireless.default_${radio}.ssid="${SSID}_5G"`
update 2022-06-19 08:55:37 2022-06-19 08:55:37 +08:00			`if [[ "${htmode}" == HE* ]]; then # AX`
update 2022-06-15 20:18:39 2022-06-15 20:18:39 +08:00			`uci -q set wireless.${radio}.htmode="HE160"`
			`uci -q set wireless.${radio}.channel='44'`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`else`
update 2022-06-19 08:55:37 2022-06-19 08:55:37 +08:00			`uci -q set wireless.${radio}.htmode="VHT80" #AC`
update 2022-06-15 20:18:39 2022-06-15 20:18:39 +08:00			`uci -q set wireless.${radio}.channel="157"`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`fi`
update 2022-06-19 08:55:37 2022-06-19 08:55:37 +08:00			`[[ "$(board_name)" == *cr660x ]] && {`
update 2022-06-15 20:18:39 2022-06-15 20:18:39 +08:00			`uci -q set wireless.${radio}.htmode="HE80"`
			`uci -q set wireless.${radio}.channel='157'`
			`}`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`else`
update 2022-06-19 08:55:37 2022-06-19 08:55:37 +08:00			`uci -q set wireless.${radio}.htmode="HT40" #N`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`uci -q set wireless.${radio}.noscan='1'`
			`uci -q set wireless.${radio}.vendor_vht='1'`
			`uci -q set wireless.default_${radio}.ssid="${SSID}_2.4G"`
update 2022-06-15 20:18:39 2022-06-15 20:18:39 +08:00			`uci -q set wireless.${radio}.channel='auto'`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`fi`
			`uci -q set wireless.default_${radio}.device="${radio}"`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`if [ "${SSID_PASSWD}" ]; then`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`uci -q set wireless.default_${radio}.encryption='psk2'`
			`uci -q set wireless.default_${radio}.key="${SSID_PASSWD}"`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`else`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`uci -q set wireless.default_${radio}.encryption='none'`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`fi`
			`}`
			`}`

			`[ -f /etc/config/wireless ] && {`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`SSID=${hostname}`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`SSID_PASSWD=""`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00			`for radio in radio0 radio1 radio2 radio3; do`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`wifi_setup_radio ${radio}`
			`done`
			`uci commit wireless`
			`}`
update 05-12 02:41:50 2022-05-12 02:41:50 +08:00
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`uci -q set upnpd.config.enabled='1'`
			`uci commit upnpd`

			`grep -q log-facility /etc/dnsmasq.conf \|\|`
			`echo "log-facility=/dev/null" >> /etc/dnsmasq.conf`

update 2022-06-08 08:51:53 2022-06-08 08:51:53 +08:00			`[ -f /sys/module/xt_FULLCONENAT/refcnt ] && {`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`uci -q set firewall.@defaults[0].fullcone='1'`
			`uci commit firewall`
update 2022-06-08 08:51:53 2022-06-08 08:51:53 +08:00			`}`
update 03-17 20:35 2022-03-17 20:35:15 +08:00
			`uci -q set fstab.@global[0].anon_mount=1`
			`uci commit fstab`

			`uci -q set network.@globals[0].packet_steering=1`
			`uci commit network`

			`uci -q set dhcp.@dnsmasq[0].dns_redirect='1'`
			`uci -q set dhcp.@dnsmasq[0].allservers='1'`
			`uci -q del dhcp.@dnsmasq[0].noresolv`
			`uci -q set dhcp.@dnsmasq[0].cachesize='1500'`
			`uci -q set dhcp.@dnsmasq[0].min_ttl='3600'`
			`uci -q set dhcp.lan.force='1'`
			`uci -q set dhcp.lan.ra='hybrid'`
			`uci -q set dhcp.lan.ndp='hybrid'`
			`uci -q set dhcp.lan.dhcpv6='hybrid'`
			`uci -q set dhcp.lan.force='1'`
			`uci commit dhcp`

			`uci -q set nft-qos.default.limit_enable='0'`
			`uci commit nft-qos`

			`uci -q set system.@system[0].conloglevel='4'`
			`uci -q set system.@system[0].cronloglevel='8'`
			`uci commit system`
			`}`

			`# kB`
			memtotal=`grep MemTotal /proc/meminfo \| awk '{print $2}'`
			`if test $memtotal -ge 1048576; then`
			`# > 1024M`
			`cachesize=10000`
			`dnsforwardmax=10000`
			`nf_conntrack_max=262144`
			`elif test $memtotal -ge 524288; then`
			`# <= 1024M`
			`cachesize=10000`
			`dnsforwardmax=10000`
			`nf_conntrack_max=131072`
			`elif test $memtotal -ge 262144; then`
			`# <= 512M`
			`cachesize=8192`
			`dnsforwardmax=8192`
			`nf_conntrack_max=65536`
			`elif test $memtotal -ge 131072; then`
			`# <= 256M`
			`cachesize=4096`
			`dnsforwardmax=4096`
			`nf_conntrack_max=65536`
			`elif test $memtotal -ge 65536; then`
			`# <= 128M`
			`cachesize=2048`
			`dnsforwardmax=2048`
			`nf_conntrack_max=32768`
			`else`
			`# < 64M`
			`cachesize=1024`
			`dnsforwardmax=1024`
			`nf_conntrack_max=16384`
			`fi`

			`test $version -lt 1 && {`
			`uci -q get dhcp.@dnsmasq[0] \|\| uci -q add dhcp dnsmasq`
			`uci -q set dhcp.@dnsmasq[0].cachesize="$cachesize"`
			`uci -q set dhcp.@dnsmasq[0].dnsforwardmax="$dnsforwardmax"`
			`uci -q set dhcp.@dnsmasq[0].localservice='0'`
			`uci -q set dhcp.@dnsmasq[0].localise_queries='1'`
			`uci -q set dhcp.@dnsmasq[0].rebind_protection='0'`
			`uci -q set dhcp.@dnsmasq[0].rebind_localhost='1'`
			`uci commit dhcp`
			`uci -q set system.@system[0].zram_comp_algo='zstd'`
			`uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)"`
			`uci commit system`
update 2022-06-07 08:44:07 2022-06-07 08:44:07 +08:00
			`# sysctl overwrite`
			`SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf`
			`mkdir -p /etc/sysctl.d`
			`echo -n >$SYSCTL_LOCAL`
			`echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL`
			`echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL`
			`echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL`
			`echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL`
			`echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL`
			`echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL`
			`echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL`
			`echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL`
			`echo vm.swappiness=0 >>$SYSCTL_LOCAL`
update 03-17 20:35 2022-03-17 20:35:15 +08:00			`version=1`
			`}`

			`cp -pR /www/cgi-bin/* /www/`
			`rm -rf /tmp/luci-*`

			`uci -q set base_config.@status[0].version=$version`
			`uci commit base_config`