gandalf/secubox-openwrt
gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3c0003614d
secubox-openwrt/DOCS/embedded/wizard-profiles.md

3.2 KiB
Raw Blame History

SecuBox Wizard & Profiles

Version: 1.0.0
Last Updated: 2025-12-28
Status: Active

The SecuBox hub now includes a guided setup wizard (LuCI → SecuBox → Wizard) and profile system. Use them to finish the first-run checklist, review app manifests, and apply predefined OS-like configurations (Home, Lab, Hardened, Gateway + DMZ).

First-Run Checklist

The wizard queries luci.secuboxs first_run_status ubus method to determine whether critical items are configured:

  1. Administrator password links to the LuCI password page.
  2. Timezone dropdown populated with common timezones; applying calls apply_first_run with { timezone: "Europe/Paris" }.
  3. Storage path defaults to /srv/secubox; prepares the directory and stores it in uci set secubox.main.storage_path.
  4. Network mode uses the existing Network Modes RPC to switch between router and dmz presets.

Each action can be run independently and is idempotent.

App Wizards (Manifests)

Apps ship manifests under /usr/share/secubox/plugins/<id>/manifest.json. secubox-app (installed at /usr/sbin/secubox-app) uses the same manifests for CLI installs, and the wizard consumes the wizard.fields section to build forms. Example snippet:

{
  "id": "zigbee2mqtt",
  "wizard": {
    "uci": { "config": "zigbee2mqtt", "section": "main" },
    "fields": [
      { "id": "serial_port", "label": "Serial Port", "uci_option": "serial_port" },
      { "id": "mqtt_host", "label": "MQTT Host", "uci_option": "mqtt_host" }
    ]
  }
}

Clicking “Configure” opens a modal that writes the provided values into the specified UCI section.

Profiles

Profiles are stored as JSON in /usr/share/secubox/profiles/ and can bundle:

  • network_mode: target SecuBox network mode (router, dmz, …)
  • apps: manifest IDs to install via secubox-app install <id>
  • packages: additional packages to ensure via opkg/apk
  • uci: array of {config, section, option, value} entries applied via UCI

Baseline profiles:

ID Description Highlights
home Home router + Zigbee2MQTT Router mode, installs Zigbee2MQTT + Netdata
lab Monitoring lab Router mode, ensures Netifyd & Bandwidth Manager
hardened Security-focused Enables CrowdSec + Client Guardian
gateway_dmz Router + DMZ segment Switches to DMZ mode and enables VHost manager

apply_profile automatically tars /etc/config to /etc/secubox-profiles/backups/ before modifying settings, so the Rollback last profile button (or rollback_profile RPC) instantly restores prior UCI files.

CLI References

  • secubox-app list|install|status manage app manifests (installed by luci-app-secubox).
  • ubus call luci.secubox list_profiles enumerate available profile manifests.
  • ubus call luci.secubox apply_profile '{"profile_id":"home"}' apply a preset programmatically.
  • secubox-app respects SECUBOX_PLUGINS_DIR if you need to point to custom manifest trees.

Combine the wizard UI with these commands to automate deployments or build higher-level orchestration (e.g., App Store pages, onboarding scripts).