dan/openwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: initial repo setup with baseline config backup

Browse Source 
- Pull current config from router (OpenWRT 24.10.2)
- Add backup, safe-apply, and push-all scripts
- Add CLAUDE.md with workflow rules and context
- Add network-map.md with current topology and planned VLANs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dan Head
2026-03-21 13:54:16 +00:00
commit 4ee41bf881
17 changed files with 1601 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
README.md Normal file
View File

@@ -0,0 +1,69 @@
# OpenWRT Router Config
Version-controlled configuration for a home network running OpenWRT, managed from this repo rather than the router directly.
## Hardware
| Device | Role | IP | SSH |
|------------------------------------------|-----------------|------------|------------------|
| TP-Link Archer AX23 v1 (OpenWRT 24.10.2) | Primary router | 10.0.0.1 | `ssh openwrt` |
| GL-XE300 Puli (GL.iNet 4.3.27) | 4G WAN failover | 10.0.100.1 | `ssh openwrtwan` |
WAN: full fibre, 1 Gbps down / 100 Mbps up. Failover via 4G LTE handled by `mwan3`.
## Repository Layout
```
config/ UCI config files pulled from /etc/config/ on the router
scripts/ Backup, push, and safe-apply helpers
docs/ Network map, VLAN plan, change log
files/ Supporting config files (e.g. avahi-daemon.conf)
```
## Workflow
**Never edit the router directly for anything non-trivial.** The pattern is:
1. Run `scripts/backup.sh` at the start of any work session
2. Edit files in `config/`
3. Push with `scripts/safe-apply.sh` - this sets an auto-revert window so a bad config can't permanently lock you out
4. Confirm the change at the prompt to cancel the revert
5. Commit - the git log is the change history
```bash
# Pull current config from the router and optionally commit
./scripts/backup.sh
# Edit a config file, then push it with a 5-minute revert window
./scripts/safe-apply.sh network 5
# Push all configs (low-risk bulk changes only)
./scripts/push-all.sh
```
## Config Files
| File | Controls |
|------------|---------------------------------|
| `network` | Interfaces, VLANs, WAN, bridges |
| `wireless` | SSIDs, radios, encryption |
| `firewall` | Zones, rules, forwarding, NAT |
| `dhcp` | DHCP pools, static leases, DNS |
| `system` | Hostname, timezone, logging |
| `dropbear` | SSH daemon |
## Network
See [`docs/network-map.md`](docs/network-map.md) for the full topology, IP allocations, port forwards and planned VLAN layout.
### Planned VLANs (not yet implemented)
| VLAN | Name | Subnet | SSID |
|------|---------|--------------|-----------------|
| 1 | trusted | 10.0.1.0/24 | Moonshield |
| 10 | servers | 10.0.10.0/24 | wired only |
| 20 | iot | 10.0.20.0/24 | Cloud Connected |
| 30 | media | 10.0.30.0/24 | Pinball Map |
| 40 | guest | 10.0.40.0/24 | Passenger |
Full device inventory, static DHCP leases and cross-VLAN firewall rules are in [`docs/vlan-requirements.md`](docs/vlan-requirements.md). The implementation plan is in [`docs/implementation-plan.md`](docs/implementation-plan.md).