chore: initial repo setup with baseline config backup
- Pull current config from router (OpenWRT 24.10.2) - Add backup, safe-apply, and push-all scripts - Add CLAUDE.md with workflow rules and context - Add network-map.md with current topology and planned VLANs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
61
CLAUDE.md
Normal file
61
CLAUDE.md
Normal file
@@ -0,0 +1,61 @@
|
||||
# OpenWRT Router Management
|
||||
|
||||
## Hardware
|
||||
|
||||
**Primary router:**
|
||||
- **Device:** TP-Link Archer AX23 v1
|
||||
- **OpenWRT:** 24.10.2 (ramips/mt7621)
|
||||
- **Router IP:** 10.0.0.1
|
||||
- **SSH:** `ssh openwrt`
|
||||
- **No USB port** — no USB WAN option
|
||||
|
||||
**WAN failover device:**
|
||||
- **Device:** GL-XE300 (Puli)
|
||||
- **Firmware:** GL.iNet 4.3.27 (OpenWRT 22.03.4)
|
||||
- **Current IP:** 192.168.8.1 (to be changed to 10.0.100.1 before wiring in)
|
||||
- **SSH:** `ssh openwrtwan`
|
||||
|
||||
## Repository Layout
|
||||
```
|
||||
config/ UCI config files pulled from /etc/config/ on the router
|
||||
scripts/ Backup, push, and safe-apply helpers
|
||||
docs/ Network map, VLAN plan, change log
|
||||
```
|
||||
|
||||
## Workflow Rules
|
||||
1. **Never edit the router directly for anything non-trivial.** Edit `config/` files here, then push.
|
||||
2. **All network/firewall/wireless changes go through `safe-apply.sh`** — it sets an auto-revert so a bad config can't permanently lock us out.
|
||||
3. **Run `backup.sh` before starting any work session** to ensure `config/` reflects the current router state.
|
||||
4. **Commit after every successful change.** The git log is the change history.
|
||||
|
||||
## Scripts
|
||||
```bash
|
||||
scripts/backup.sh # Pull config from router → config/, prompt to commit
|
||||
scripts/safe-apply.sh <name> # Push one config file with auto-revert safety net
|
||||
scripts/push-all.sh # Push all configs (low-risk bulk changes only)
|
||||
```
|
||||
|
||||
## Safe-Apply Pattern
|
||||
```bash
|
||||
# Edit config/network in this repo, then:
|
||||
./scripts/safe-apply.sh network 5 # 5-minute auto-revert window
|
||||
# Test connectivity — if working, confirm at the prompt
|
||||
```
|
||||
|
||||
## Config Files
|
||||
| File | Controls |
|
||||
|------|---------|
|
||||
| `network` | Interfaces, VLANs, WAN, bridges |
|
||||
| `wireless` | SSIDs, radios, encryption |
|
||||
| `firewall` | Zones, rules, forwarding, NAT |
|
||||
| `dhcp` | DHCP pools, static leases, DNS |
|
||||
| `system` | Hostname, timezone, logging |
|
||||
| `dropbear` | SSH daemon |
|
||||
|
||||
## Network Overview
|
||||
See `docs/network-map.md` for full topology, IP allocations, and device inventory.
|
||||
|
||||
## Planned Features (not yet implemented)
|
||||
- [ ] VLAN segmentation (trusted / servers / IoT / guest)
|
||||
- [ ] Multiple SSIDs mapped to VLANs
|
||||
- [ ] Failover WAN via ethernet-connected 4G device
|
||||
Reference in New Issue
Block a user