gluon-usteer: add package

Signed-off-by: David Bauer <mail@david-bauer.net>
Revert "generic: use testing kernel if possible"
2022-03-30 23:35:16 +02:00 · 2022-03-30 22:57:54 +02:00 · 2022-03-30 22:57:54 +02:00 · 2022-03-30 22:57:54 +02:00 · 2022-03-30 22:57:54 +02:00 · 2022-03-30 22:57:54 +02:00
279 changed files with 3386 additions and 7858 deletions
--- a/.ecrc
+++ b/.ecrc
@ -1,3 +0,0 @@
 {
  "Exclude": ["docs/_build"]
 }
--- a/.editorconfig
+++ b/.editorconfig
@ -7,43 +7,18 @@ insert_final_newline = true
 indent_style = tab
 charset = utf-8
 [Dockerfile]
 indent_style = space
 indent_size = 4
 [/patches/**]
 indent_style = unset
 indent_size = unset
 [*.c]
 [*.css]
 [*.dia]
 indent_style = space
 indent_size = 2
 [*.h]
 [*.html]
 [*.js]
 [*{.json,.ecrc}]
 indent_style = space
 indent_size = 2
 [*.lua]
 [{Makefile,*.mk}]
 indent_style = unset
 [*.md]
 indent_style = space
 indent_size = 4
 [*.pl]
 [*.py]
 indent_style = space
 indent_size = 4
@ -52,8 +27,6 @@ indent_size = 4
 indent_style = space
 indent_size = 2
 [*.sh]
 [*.yml]
 indent_style = space
 indent_size = 2
@ -61,7 +34,3 @@ indent_size = 2
 [CMakeLists.txt]
 indent_style = space
 indent_size = 2
 [{docs,contrib/ci}/*site*/**/*.conf]
 indent_style = space
 indent_size = 2
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -6,7 +6,7 @@ label: bug
 <!--
-Please carefully fill out the questionnaire below to help improve the
+Please carefully fill out the questionaire below to help improve the
 timely triaging of issues. Walk through the questions below and use
 them as an inspiration for what information you can provide.
@ -27,7 +27,7 @@ Thank you for taking the time to report a bug with the Gluon project.
 ### Bug report
 **What is the problem?**
-<!--
+<!-- 
 - What is not working as expected?
 - How is it misbehaving?
 - When did the problem first start showing up?
@ -43,7 +43,7 @@ Thank you for taking the time to report a bug with the Gluon project.
 -->
 **Gluon Version:**
-<!--
+<!-- 
 Please provide a usable Git reference before applying custom patches:
 By using a Git reference:
@ -58,9 +58,9 @@ Or the URL to the relevant Gluon commit
 <!--
 Please provide the URL to your site configuration repository and the
 explicit commit used to build the firmware experiencing the problem.
-
+ 
 Additionally excerpts of problem-related configuration parts are 
-often helpful.
+often helpful. 
 -->
 **Custom patches:**
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,4 +1,4 @@
-# Docs: <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates>
+# Docs: <https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates>
 version: 2
--- a/.github/filters.yml
+++ b/.github/filters.yml
@ -17,16 +17,6 @@
    "targets/generic",
    "targets/targets.mk"
  ],
  "ath79-mikrotik": [
    "targets/ath79-mikrotik",
    "modules",
    "Makefile",
    "patches/**",
    "scripts/**",
    "targets/generic",
    "targets/targets.mk",
    "targets/mikrotik.inc"
  ],
  "bcm27xx-bcm2708": [
    "targets/bcm27xx-bcm2708",
    "modules",
@ -56,16 +46,6 @@
    "targets/generic",
    "targets/targets.mk"
  ],
  "ipq40xx-mikrotik": [
    "targets/ipq40xx-mikrotik",
    "modules",
    "Makefile",
    "patches/**",
    "scripts/**",
    "targets/generic",
    "targets/targets.mk",
    "targets/mikrotik.inc"
  ],
  "ipq806x-generic": [
    "targets/ipq806x-generic",
    "modules",
@ -102,15 +82,6 @@
    "targets/generic",
    "targets/targets.mk"
  ],
  "mpc85xx-p1010": [
    "targets/mpc85xx-p1010",
    "modules",
    "Makefile",
    "patches/**",
    "scripts/**",
    "targets/generic",
    "targets/targets.mk"
  ],
  "mpc85xx-p1020": [
    "targets/mpc85xx-p1020",
    "modules",
@ -147,15 +118,6 @@
    "targets/generic",
    "targets/targets.mk"
  ],
  "realtek-rtl838x": [
    "targets/realtek-rtl838x",
    "modules",
    "Makefile",
    "patches/**",
    "scripts/**",
    "targets/generic",
    "targets/targets.mk"
  ],
  "rockchip-armv8": [
    "targets/rockchip-armv8",
    "modules",
@ -225,6 +187,14 @@
    "targets/targets.mk",
    "targets/bcm27xx.inc"
  ],
  "bcm27xx-bcm2711": [
    "targets/bcm27xx-bcm2711",
    "modules",
    "Makefile",
    "patches/**",
    "targets/generic",
    "targets/targets.mk"
  ],
  "mvebu-cortexa9": [
    "targets/mvebu-cortexa9",
    "modules",
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@ -2,19 +2,20 @@ name: Backport
 on:
  pull_request_target:
    types: [closed, labeled]
 permissions:
  contents: write # so it can comment
  pull-requests: write # so it can create pull requests
 jobs:
  backport:
    name: Backport Pull Request
    if: github.repository_owner == 'freifunk-gluon' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - name: Create backport PRs
        uses: korthout/backport-action@v1.2.0
        with:
-          # Config README: https://github.com/korthout/backport-action#backport-action
+          ref: ${{ github.event.pull_request.head.sha }}
      - name: Create backport PRs
        uses: zeebe-io/backport-action@v0.0.7
        with:
          # Config README: https://github.com/zeebe-io/backport-action#backport-action
          github_token: ${{ secrets.GITHUB_TOKEN }}
          github_workspace: ${{ github.workspace }}
          pull_description: |-
            Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/build-docs.yml
@ -9,21 +9,18 @@ on:
    paths:
      - 'docs**/'
      - '.github/workflows/build-docs.yml'
 permissions:
  contents: read
 jobs:
  build-documentation:
    name: docs
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - name: Install Dependencies
        run: sudo pip3 install sphinx-rtd-theme
      - name: Build documentation
        run: make -C docs html
      - name: Archive build output
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v2.3.1
        with:
          name: docs_output
          path: docs/_build/html
--- a/.github/workflows/build-gluon.yml
+++ b/.github/workflows/build-gluon.yml
@ -8,19 +8,13 @@ on:
  pull_request:
    types: [opened, synchronize, reopened]
 permissions:
  contents: read
 jobs:
  changed:
    permissions:
      contents: read  # for dorny/paths-filter to fetch a list of changed files
      pull-requests: read  # for dorny/paths-filter to read pull requests
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.filter.outputs.changes }}
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      # Filter targets based on changed files
      - uses: dorny/paths-filter@v2
@ -34,11 +28,11 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        # Read back changed targets to create build matrix
+        # Read back changd targets to create build matrix
        target: ${{ fromJSON(needs.changed.outputs.targets) }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - name: Install Dependencies
        run: sudo contrib/actions/install-dependencies.sh
@ -48,13 +42,13 @@ jobs:
      - name: Archive build logs
        if: ${{ !cancelled() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v2.3.1
        with:
          name: ${{ matrix.target }}_logs
          path: openwrt/logs
      - name: Archive build output
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v2.3.1
        with:
          name: ${{ matrix.target }}_output
          path: output
--- a/.github/workflows/check-patches.yml
+++ b/.github/workflows/check-patches.yml
@ -12,15 +12,12 @@ on:
      - 'modules'
      - 'patches/**'
      - '.github/workflows/check-patches.yml'
 permissions:
  contents: read
 jobs:
  check-patches:
    name: Check patches
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - name: Refresh patches
        run: make refresh-patches GLUON_SITEDIR="contrib/ci/minimal-site"
      - name: Show diff
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@ -4,18 +4,12 @@ on:
  # only execute base branch actions
  pull_request_target:
 permissions:
  contents: read
 jobs:
  labels:
    permissions:
      contents: read  # for actions/labeler to determine modified files
      pull-requests: write  # for actions/labeler to add labels to PRs
    runs-on: ubuntu-latest
    if: github.repository_owner == 'freifunk-gluon'
    steps:
-    - uses: actions/labeler@v4
+    - uses: actions/labeler@v3
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        sync-labels: true
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -3,15 +3,12 @@ on:
  push:
  pull_request:
    types: [opened, synchronize, reopened]
 permissions:
  contents: read
 jobs:
  lua:
    name: Lua
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - name: Install Dependencies
        run: sudo apt-get -y update && sudo apt-get -y install lua-check
      - name: Install example site
@ -23,32 +20,10 @@ jobs:
    name: Shell
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - name: Install Dependencies
        run: sudo apt-get -y update && sudo apt-get -y install shellcheck
      - name: Install example site
        run: ln -s ./docs/site-example ./site
      - name: Lint shell code
        run: make lint-sh
  editorconfig:
    name: Editorconfig
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Dependencies
        run: sudo apt install curl tar
      - name: Install editorconfig-checker
        env:
          VERSION: 2.7.0
          OS: linux
          ARCH: amd64
        run: |
          curl -O -L -C - https://github.com/editorconfig-checker/editorconfig-checker/releases/download/$VERSION/ec-$OS-$ARCH.tar.gz
          tar xzf ec-$OS-$ARCH.tar.gz
          sudo mv ./bin/ec-$OS-$ARCH /usr/bin/editorconfig-checker
          sudo chmod +x /usr/bin/editorconfig-checker
      - name: Install example site
        run: ln -s ./docs/site-example ./site
      - name: Lint editorconfig
        run: make lint-editorconfig
--- a/.luacheckrc
+++ b/.luacheckrc
@ -25,11 +25,9 @@ files["package/**/check_site.lua"] = {
 		"extend",
 		"in_domain",
 		"in_site",
 		"value",
 		"need",
 		"need_alphanumeric_key",
 		"need_array",
 		"need_array_elements_exclusive",
 		"need_array_of",
 		"need_boolean",
 		"need_chanlist",
@ -51,7 +49,6 @@ files["package/**/check_site.lua"] = {
 files["package/**/luasrc/lib/gluon/config-mode/*"] = {
 	globals = {
 		"MultiListValue",
 		"DynamicList",
 		"Flag",
 		"Form",
@ -65,7 +62,6 @@ files["package/**/luasrc/lib/gluon/config-mode/*"] = {
 		"translate",
 		"translatef",
 		"Value",
 		"Element",
 	},
 }
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@ -11,10 +11,6 @@ sphinx:
 # Optionally set the version of Python and requirements required to build your docs
 python:
   version: 3.8
   install:
   - requirements: docs/requirements.txt
 build:
    os: ubuntu-22.04
    tools:
        python: "3.8"
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -1,30 +0,0 @@
 workspace:
  base: /build
 #clone:
 # git:
 #   image: woodpeckerci/plugin-git
 #   settings:
 #     recursive: true
 pipeline:
  build-${TARGET}:
    image: "ubuntu:latest"
    pull: true
    environment:
      - input_version=v2022.1.4
      - GLUON_SITEDIR=../site
      - FORCE_UNSAFE_CONFIGURE=1
      - GLUON_TARGET=${TARGET}
      - GLUON_DEPRECATED=1
    commands:
      - echo ${TARGET}
      # - git config --global init.defaultBranch main
      # - sed -i 's/install/install file/' contrib/actions/install-dependencies.sh
      # - sh contrib/actions/install-dependencies.sh
      # - sh contrib/actions/run-build.sh ${TARGET}
 matrix:
  TARGET:
    - ath79-generic
    - x86-64
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -23,8 +23,8 @@ using other parts or why the proposed change breaks other parts of the system.
 They might even refuse the idea altogether - after all, they have to sleep well
 after merging the changes, too.
-The preferred way to discuss is in the IRC channel ([#gluon] on irc.hackint.org)
+The preferred way to discuss in the IRC channel ([#gluon] on irc.hackint.org)
-or on the [mailing list], however, you can also open a new issue on GitHub to
+or on the [mailing list], however, you can also open a new issue on Github to
 discuss there. We maintain a [list of rejected features] and we'd like to
 kindly ask you to review it first. In general, looking for duplicates may save
 you some time.
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 The code of Project Gluon may be distributed under the following terms, unless
 noted otherwise in individual files or subtrees.
-Copyright (c) Project Gluon
+Copyright (c) 2013-2021, Project Gluon
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
--- a/6
+++ b/6
@ -151,10 +151,7 @@ list-targets: FORCE
 		echo "$$target"
 	done
-lint: lint-editorconfig lint-lua lint-sh
+lint: lint-lua lint-sh
 lint-editorconfig: FORCE
 	@scripts/lint-editorconfig.sh
 lint-lua: FORCE
 	@scripts/lint-lua.sh
@ -184,7 +181,6 @@ config: $(LUA) FORCE
 		$(call CheckSite,$(conf)); \
 	)
 	$(OPENWRTMAKE) prepare-tmpinfo
 	$(GLUON_ENV) $(LUA) scripts/target_config.lua > openwrt/.config
 	$(OPENWRTMAKE) defconfig
 	$(GLUON_ENV) $(LUA) scripts/target_config_check.lua
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 [![Build Gluon](https://github.com/freifunk-gluon/gluon/actions/workflows/build-gluon.yml/badge.svg?branch=master)](https://github.com/freifunk-gluon/gluon/actions/workflows/build-gluon.yml)
-[![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/license/bsd-2-clause/)
+[![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/licenses/BSD-2-Clause)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/freifunk-gluon/gluon?sort=semver)](https://github.com/freifunk-gluon/gluon/releases/latest)
 # Gluon
@ -30,7 +30,7 @@ the future development of Gluon.
 Please refrain from using the `master` branch for anything else but development purposes!
 Use the most recent release instead. You can list all releases by running `git tag`
-and switch to one by running `git checkout v2022.1 && make update`.
+and switch to one by running `git checkout v2021.1 && make update`.
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *might break* eventually.
--- a/contrib/actions/install-dependencies.sh
+++ b/contrib/actions/install-dependencies.sh
@ -3,6 +3,6 @@
 set -e
 apt-get -y update
-apt-get -y install git build-essential python3 gawk unzip libncurses5-dev zlib1g-dev libssl-dev libelf-dev wget rsync time qemu-utils
+apt-get -y install git subversion build-essential python3 gawk unzip libncurses5-dev zlib1g-dev libssl-dev wget time qemu-utils
 apt-get -y clean
 rm -rf /var/lib/apt/lists/*
--- a/contrib/actions/run-build.sh
+++ b/contrib/actions/run-build.sh
@ -6,7 +6,7 @@ export BROKEN=1
 export GLUON_AUTOREMOVE=1
 export GLUON_DEPRECATED=1
 export GLUON_SITEDIR="contrib/ci/minimal-site"
-export GLUON_TARGET="$1"
+export GLUON_TARGET=$1
 export BUILD_LOG=1
 make update
--- a/contrib/ci/minimal-site/site.conf
+++ b/contrib/ci/minimal-site/site.conf
@ -1,4 +1,4 @@
-- This is an example site configuration for Gluon v2022.1
+-- This is an example site configuration for Gluon v2018.2+
 --
 -- Take a look at the documentation located at
 -- https://gluon.readthedocs.io/ for details.
@ -10,7 +10,7 @@
  -- hostname_prefix = 'freifunk-',
  -- Name of the community.
-  site_name = 'Continuous Integration',
+  site_name = 'Continious Integration',
  -- Shorthand of the community.
  site_code = 'ci',
@ -42,14 +42,10 @@
    -- Wireless channel.
    channel = 1,
-    -- ESSIDs used for client network.
+    -- ESSID used for client network.
    ap = {
      ssid = 'gluon-ci-ssid',
      -- disabled = true, -- (optional)
      -- Configuration for a backward compatible OWE network below.
      owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
      owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
    },
    mesh = {
@ -68,6 +64,8 @@
    outdoor_chanlist = '100-140',
    ap = {
      ssid = 'gluon-ci-ssid',
      owe_ssid = "owe.gluon-ci-ssid",
      owe_transition_mode = false,
    },
    mesh = {
      -- Adjust these values!
@ -76,12 +74,6 @@
    },
  },
  mesh = {
    vxlan = true,
    batman_adv = {
      routing_algo = 'BATMAN_IV',
    },
  },
  -- The next node feature allows clients to always reach the node it is
  -- connected to using a known IP address.
@ -92,19 +84,16 @@
    ip6 = 'fd::1',
  },
-  -- Options specific to routing protocols (optional)
+  mesh = {
-  -- mesh = {
+    vxlan = true,
-    -- Options specific to the batman-adv routing protocol (optional)
+    batman_adv = {
-    -- batman_adv = {
+      routing_algo = 'BATMAN_IV'
-      -- Gateway selection class (optional)
+    }
-      -- The default class 20 is based on the link quality (TQ) only,
+  },
      -- class 1 is calculated from both the TQ and the announced bandwidth
      -- gw_sel_class = 1,
    -- },
  -- },
  mesh_vpn = {
    -- enabled = true,
    mtu = 1312,
    fastd = {
      -- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@ -112,7 +101,6 @@
      -- List of crypto-methods to use.
      methods = {'salsa2012+umac'},
      mtu = 1312,
      -- configurable = true,
      -- syslog_level = 'warn',
@ -125,18 +113,7 @@
          peers = {
          },
          -- Optional: nested peer groups
          -- groups = {
            -- backbone_sub = {
              -- ...
            -- },
          -- ...
          -- },
        },
        -- Optional: additional peer groups, possibly with other limits
        -- backbone2 = {
          -- ...
        -- },
      },
    },
@ -153,8 +130,7 @@
  },
  autoupdater = {
-    -- Default branch (optional), can be overridden by setting GLUON_AUTOUPDATER_BRANCH when building.
+    -- Default branch. Don't forget to set GLUON_BRANCH when building!
    -- Set GLUON_AUTOUPDATER_ENABLED to enable the autoupdater by default for newly installed nodes.
    branch = 'stable',
    -- List of branches. You may define multiple branches.
@ -169,7 +145,7 @@
        -- Have multiple maintainers sign your build and only
        -- accept it when a sufficient number of them have
        -- signed it.
-        good_signatures = 0,
+        good_signatures = 2,
        -- List of public keys of maintainers.
        pubkeys = {
--- a/contrib/ci/olsr-site/i18n
+++ b/contrib/ci/olsr-site/i18n
@ -1 +0,0 @@
 ../minimal-site/i18n
--- a/contrib/ci/olsr-site/modules
+++ b/contrib/ci/olsr-site/modules
@ -1 +0,0 @@
 ../minimal-site/modules
--- a/contrib/ci/olsr-site/site.conf
+++ b/contrib/ci/olsr-site/site.conf
@ -1,176 +0,0 @@
 -- This is an example site configuration for Gluon v2022.1
 --
 -- Take a look at the documentation located at
 -- https://gluon.readthedocs.io/ for details.
 --
 -- This configuration will not work as is. You're required to make
 -- community specific changes to it!
 {
  -- Used for generated hostnames, e.g. freifunk-abcdef123456. (optional)
  -- hostname_prefix = 'freifunk-',
  -- Name of the community.
  site_name = 'Continuous Integration',
  -- Shorthand of the community.
  site_code = 'ci',
  -- 32 bytes of random data, encoded in hexadecimal
  -- This data must be unique among all sites and domains!
  -- Can be generated using: echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
  domain_seed = 'e9608c4ff338b920992d629190e9ff11049de1dfc3f299eac07792dfbcda341c',
  -- Prefixes used by clients within the mesh.
  -- prefix6 is required, prefix4 can be omitted if next_node.ip4
  -- is not set.
  prefix6 = 'fdff:cafe:cafe:cafe::/64',
  -- Prefixes used by nodes within the mesh
  node_prefix6 = 'fdff:cafe:cafe:cafe::/64',
  -- Timezone of your community.
  -- See https://openwrt.org/docs/guide-user/base-system/system_configuration#time_zones
  timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
  -- List of NTP servers in your community.
  -- Must be reachable using IPv6!
  --  ntp_servers = {'1.ntp.services.ffxx'},
  -- Wireless regulatory domain of your community.
  regdom = 'DE',
  -- Wireless configuration for 2.4 GHz interfaces.
  wifi24 = {
    -- Wireless channel.
    channel = 1,
    -- ESSIDs used for client network.
    ap = {
      ssid = 'gluon-ci-ssid',
      -- disabled = true, -- (optional)
      -- Configuration for a backward compatible OWE network below.
      owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
      owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
    },
    mesh = {
      -- Adjust these values!
      id = 'ueH3uXjdp', -- usually you don't want users to connect to this mesh-SSID, so use a cryptic id that no one will accidentally mistake for the client WiFi
      mcast_rate = 12000,
      -- disabled = true, -- (optional)
    },
  },
  -- Wireless configuration for 5 GHz interfaces.
  -- This should be equal to the 2.4 GHz variant, except
  -- for channel.
  wifi5 = {
    channel = 44,
    outdoor_chanlist = '100-140',
    ap = {
      ssid = 'gluon-ci-ssid',
      -- disabled = true, -- (optional)
      -- Configuration for a backward compatible OWE network below.
      owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
      owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
    },
    mesh = {
      -- Adjust these values!
      id = 'ueH3uXjdp',
      mcast_rate = 12000,
    },
  },
  -- The next node feature allows clients to always reach the node it is
  -- connected to using a known IP address.
  next_node = {
    -- anycast IPs of all nodes
    name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
    ip4 = '10.0.0.1',
    ip6 = 'fd::1',
  },
  -- Options specific to routing protocols (optional)
  mesh = {
    vxlan = true,
    olsrd = {},
  },
  mesh_vpn = {
    -- enabled = true,
    fastd = {
      -- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
      -- what these options do.
      -- List of crypto-methods to use.
      methods = {'salsa2012+umac'},
      mtu = 1312,
      -- configurable = true,
      -- syslog_level = 'warn',
      groups = {
        backbone = {
          -- Limit number of connected peers to reduce bandwidth.
          limit = 1,
          -- List of peers.
          peers = {
          },
          -- Optional: nested peer groups
          -- groups = {
            -- backbone_sub = {
              -- ...
            -- },
          -- ...
          -- },
        },
        -- Optional: additional peer groups, possibly with other limits
        -- backbone2 = {
          -- ...
        -- },
      },
    },
    bandwidth_limit = {
      -- The bandwidth limit can be enabled by default here.
      enabled = false,
      -- Default upload limit (kbit/s).
      egress = 200,
      -- Default download limit (kbit/s).
      ingress = 3000,
    },
  },
  autoupdater = {
    -- Default branch (optional), can be overridden by setting GLUON_AUTOUPDATER_BRANCH when building.
    -- Set GLUON_AUTOUPDATER_ENABLED to enable the autoupdater by default for newly installed nodes.
    branch = 'stable',
    -- List of branches. You may define multiple branches.
    branches = {
      stable = {
        name = 'stable',
        -- List of mirrors to fetch images from. IPv6 required!
        mirrors = {'http://1.updates.services.ffhl/stable/sysupgrade'},
        -- Number of good signatures required.
        -- Have multiple maintainers sign your build and only
        -- accept it when a sufficient number of them have
        -- signed it.
        good_signatures = 0,
        -- List of public keys of maintainers.
        pubkeys = {
        },
      },
    },
  },
 }
--- a/contrib/ci/olsr-site/site.mk
+++ b/contrib/ci/olsr-site/site.mk
@ -1,57 +0,0 @@
 ##	gluon site.mk makefile example
 ##	GLUON_FEATURES
 #		Specify Gluon features/packages to enable;
 #		Gluon will automatically enable a set of packages
 #		depending on the combination of features listed
 GLUON_FEATURES := \
 	autoupdater \
 	ebtables-filter-multicast \
 	ebtables-filter-ra-dhcp \
 	ebtables-limit-arp \
 	mesh-olsrd \
 	mesh-vpn-fastd \
 	respondd \
 	status-page \
 	web-advanced \
 	web-wizard
 GLUON_FEATURES_standard := \
  wireless-encryption-wpa3
 ##	GLUON_SITE_PACKAGES
 #		Specify additional Gluon/OpenWrt packages to include here;
 #		A minus sign may be prepended to remove a packages from the
 #		selection that would be enabled by default or due to the
 #		chosen feature flags
 GLUON_SITE_PACKAGES := iwinfo
 ##	DEFAULT_GLUON_RELEASE
 #		version string to use for images
 #		gluon relies on
 #			opkg compare-versions "$1" '>>' "$2"
 #		to decide if a version is newer or not.
 DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
 # Variables set with ?= can be overwritten from the command line
 ##	GLUON_RELEASE
 #		call make with custom GLUON_RELEASE flag, to use your own release version scheme.
 #		e.g.:
 #			$ make images GLUON_RELEASE=23.42+5
 #		would generate images named like this:
 #			gluon-ff%site_code%-23.42+5-%router_model%.bin
 GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
 # Default priority for updates.
 GLUON_PRIORITY ?= 0
 # Region code required for some images; supported values: us eu
 GLUON_REGION ?= eu
 # Languages to include
 GLUON_LANGS ?= en de
--- a/contrib/docker/Dockerfile
+++ b/contrib/docker/Dockerfile
@ -1,10 +1,11 @@
-FROM debian:bullseye-slim
+FROM debian:buster-slim
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    file \
    git \
    subversion \
    python3 \
    build-essential \
    gawk \
@ -20,14 +21,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    ecdsautils \
    lua-check \
    shellcheck \
-    && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /tmp/ec &&\
    wget -O /tmp/ec/ec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/download/2.7.0/ec-linux-amd64.tar.gz &&\
    tar -xvzf /tmp/ec/ec-linux-amd64.tar.gz &&\
    mv bin/ec-linux-amd64 /usr/local/bin/editorconfig-checker &&\
    rm -rf /tmp/ec
 RUN useradd -d /gluon gluon
 USER gluon
--- a/contrib/i18n-scan.pl
+++ b/contrib/i18n-scan.pl
@ -4,7 +4,7 @@ use strict;
 use warnings;
 use Text::Balanced qw(extract_bracketed extract_delimited extract_tagged);
-@ARGV >= 1 || die "Usage: $0 <source directory>\n";
+@ARGV >= 1 || die "Usage: $0 <source direcory>\n";
 my %stringtable;
@ -79,7 +79,7 @@ if( open F, "find @ARGV -type f '(' -name '*.html' -o -name '*.lua' ')' |" )
 				{
 					my $stag = quotemeta $1;
 					my $etag = $stag;
-					$etag =~ s/\[/]/g;
+					   $etag =~ s/\[/]/g;
 					( $res ) = extract_tagged($code, $stag, $etag);
--- a/contrib/push_pkg.sh
+++ b/contrib/push_pkg.sh
@ -127,7 +127,7 @@ while [ $# -gt 0 ]; do
 		# shellcheck disable=SC2029
 		if [ -n "$filename" ]; then
-			scp -O -P "${ssh_port}" "$feed/$filename" "root@${BL}${ssh_host}${BR}:/tmp/${filename}"
+			scp -P "${ssh_port}" "$feed/$filename" "root@${BL}${ssh_host}${BR}:/tmp/${filename}"
 			ssh -p "${ssh_port}" "root@${ssh_host}" "
 				set -e
 				echo Running opkg:
--- a/contrib/run_qemu.sh
+++ b/contrib/run_qemu.sh
@ -4,12 +4,12 @@
 #       Then you enter the command mode of qemu and can exit by typing "quit".
 qemu-system-x86_64 \
-	-d 'cpu_reset' \
+    -d 'cpu_reset' \
-	-enable-kvm \
+    -enable-kvm \
-	-gdb tcp::1234 \
+    -gdb tcp::1234 \
-	-nographic \
+    -nographic \
-	-netdev user,id=wan,hostfwd=tcp::2223-10.0.2.15:22 \
+    -netdev user,id=wan,hostfwd=tcp::2223-10.0.2.15:22 \
-	-device virtio-net-pci,netdev=wan,addr=0x06,id=nic1 \
+    -device virtio-net-pci,netdev=wan,addr=0x06,id=nic1 \
-	-netdev user,id=lan,hostfwd=tcp::6080-192.168.1.1:80,hostfwd=tcp::2222-192.168.1.1:22,net=192.168.1.100/24 \
+    -netdev user,id=lan,hostfwd=tcp::6080-192.168.1.1:80,hostfwd=tcp::2222-192.168.1.1:22,net=192.168.1.100/24 \
-	-device virtio-net-pci,netdev=lan,addr=0x05,id=nic2 \
+    -device virtio-net-pci,netdev=lan,addr=0x05,id=nic2 \
-	"$@"
+    "$@"
--- a/contrib/sign.sh
+++ b/contrib/sign.sh
@ -29,22 +29,11 @@ lower="$(mktemp)"
 trap 'rm -f "$upper" "$lower"' EXIT
-awk 'BEGIN    {
+awk 'BEGIN    { sep=0 }
-	sep = 0
+     /^---$/ { sep=1; next }
-}
+              { if(sep==0) print > "'"$upper"'";
-
+                else       print > "'"$lower"'"}' \
-/^---$/ {
+    "$manifest"
 	sep = 1;
 	next
 }
 {
 	if(sep == 0) {
 		print > "'"$upper"'"
 	} else {
 		print > "'"$lower"'"
 	}
 }' "$manifest"
 ecdsasign "$upper" < "$SECRET" >> "$lower"
--- a/contrib/sigtest.sh
+++ b/contrib/sigtest.sh
@ -1,7 +1,7 @@
 #!/bin/sh
 if [ $# -eq 0 ] || [ "-h" = "$1" ] || [ "-help" = "$1" ] || [ "--help" = "$1" ]; then
-	cat <<EOHELP
+    cat <<EOHELP
 Usage: $0 <public> <signed manifest>
 sigtest.sh checks if a manifest is signed by the public key <public>. There is
@ -12,7 +12,7 @@ See also:
 * https://gluon.readthedocs.io/en/latest/features/autoupdater.html
 EOHELP
-	exit 1
+    exit 1
 fi
 public="$1"
@ -21,29 +21,18 @@ upper="$(mktemp)"
 lower="$(mktemp)"
 ret=1
-awk 'BEGIN    {
+awk "BEGIN    { sep=0 }
-	sep = 0
+    /^---\$/ { sep=1; next }
-}
+              { if(sep==0) print > \"$upper\";
-
+                else       print > \"$lower\"}" \
-/^---$/ {
+    "$manifest"
 	sep = 1;
 	next
 }
 {
 	if(sep == 0) {
 		print > "'"$upper"'"
 	} else {
 		print > "'"$lower"'"
 	}
 }' "$manifest"
 while read -r line
 do
-	if ecdsaverify -s "$line" -p "$public" "$upper"; then
+    if ecdsaverify -s "$line" -p "$public" "$upper"; then
-		ret=0
+        ret=0
-		break
+        break
-	fi
+    fi
 done < "$lower"
 rm -f "$upper" "$lower"
--- a/docs/_static/css/custom.css
+++ b/docs/_static/css/custom.css
@ -1,8 +1,8 @@
 /*
-	This fixes the vertical position of list markers when the first
+  This fixes the vertical position of list markers when the first
-	element in the <li> is a <pre> block
+  element in the <li> is a <pre> block
-	Scrolling inside the <pre> block is still working as expected
+  Scrolling inside the <pre> block is still working as expected
 */
 .rst-content pre.literal-block,
 .rst-content div[class^='highlight'] pre {
--- a/docs/conf.py
+++ b/docs/conf.py
@ -20,11 +20,11 @@
 # -- Project information -----------------------------------------------------
 project = 'Gluon'
-copyright = 'Project Gluon'
+copyright = '2015-2021, Project Gluon'
 author = 'Project Gluon'
 # The short X.Y version
-version = '2022.1'
+version = '2021.1'
 # The full version, including alpha/beta/rc tags
 release = version
@ -58,7 +58,7 @@ master_doc = 'index'
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
-language = 'en'
+language = None
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
@ -71,13 +71,6 @@ pygments_style = None
 # Don't highlight code blocks unless requested explicitly
 highlight_language = 'none'
 # Ignore links to the config mode, as well as anchors on on hackint, which are
 # used to mark channel names and do not exist. Regular links are not effected.
 linkcheck_ignore = [
    'http://192.168.1.1',
    'https://webirc.hackint.org/#'
 ]
 # -- Options for HTML output -------------------------------------------------
@ -144,7 +137,7 @@ latex_elements = {
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
    (master_doc, 'Gluon.tex', 'Gluon Documentation',
-    'Project Gluon', 'manual'),
+     'Project Gluon', 'manual'),
 ]
@ -154,7 +147,7 @@ latex_documents = [
 # (source start file, name, description, authors, manual section).
 man_pages = [
    (master_doc, 'gluon', 'Gluon Documentation',
-    [author], 1)
+     [author], 1)
 ]
@ -165,8 +158,8 @@ man_pages = [
 #  dir menu entry, description, category)
 texinfo_documents = [
    (master_doc, 'Gluon', 'Gluon Documentation',
-    author, 'Gluon', 'One line description of project.',
+     author, 'Gluon', 'One line description of project.',
-    'Miscellaneous'),
+     'Miscellaneous'),
 ]
--- a/docs/dev/basics.rst
+++ b/docs/dev/basics.rst
@ -57,7 +57,7 @@ commits, making `git reflog` the only way to recover them!
  make refresh-patches
-In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt build system.
+In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt buildsystem.
 This command speeds up the maintenance of updating OpenWrt and feeds.
@ -77,7 +77,7 @@ apply:
 - use tabs instead of spaces
 - trailing whitespaces must be eliminated
 - files need to end with a final newline
- newlines need to have Unix line endings (lf)
+- newlines need to have unix line endings (lf)
 To that end we provide a ``.editorconfig`` configuration, which is supported by most
 of the editors out there.
--- a/docs/dev/build.rst
+++ b/docs/dev/build.rst
@ -91,7 +91,7 @@ update.sh
 getversion.sh
    Used to determine the version numbers of the repositories of Gluon and the
-    site configuration, to be included in the built firmware images as
+    site configuraiton, to be included in the built firmware images as
    */lib/gluon/gluon-version* and */lib/gluon/site-version*.
    By default, this uses ``git describe`` to generate a version number based
--- a/docs/dev/debugging.rst
+++ b/docs/dev/debugging.rst
@ -45,7 +45,7 @@ Some more information on how to use this tool can be found at
 Obtaining Stacktraces
 .....................
-On many targets stack traces can be read from the following
+On many targets stacktraces can be read from the following
 location after reboot: ::
  /sys/kernel/debug/crashlog
--- a/docs/dev/hardware.rst
+++ b/docs/dev/hardware.rst
@ -1,5 +1,5 @@
-Adding hardware support
+Adding support for new hardware
-=======================
+===============================
 This page will give a short overview on how to add support
 for new hardware to Gluon.
@ -7,232 +7,155 @@ Hardware requirements
 ---------------------
 Having an ath9k, ath10k or mt76 based WLAN adapter is highly recommended,
 although other chipsets may also work. VAP (multiple SSID) support
-with simultaneous AP + Mesh Point (802.11s) operation is required.
+is a requirement.
 Device checklist
 ----------------
 The description of pull requests adding device support must include the
 `device integration checklist
 <https://github.com/freifunk-gluon/gluon/wiki/Device-Integration-checklist>`_.
 The checklist ensures that core functionality of Gluon is well supported on the
 device.
 .. _device-class-definition:
 Device checklist
 ----------------
 Pull requests adding device support must have the device checklist
 included in their description. The checklist assures core functionality
 of Gluon is well supported on the device.
 The checklist can be found in the `wiki <https://github.com/freifunk-gluon/gluon/wiki/Device-Integration-checklist>`_.
 Device classes
 --------------
-All supported hardware is categorized into "device classes". This allows to
+Gluon currently is aware of two device classes. Depending on the device class, different
-adjust the feature set of Gluon to the different hardware's capabilities via
+features can be installed onto the device.
 ``site.mk`` without having to list individual devices.
-There are currently two devices classes defined: "standard" and "tiny". The
+The ``tiny`` device-class contains devices with the following limitations:
 "tiny" class contains all devices that do not meet the following requirements:
- At least 7 MiB of usable firmware space
+* All devices with less than 64 MB of system memory
- At least 64 MiB of RAM (128MiB for devices with ath10k radio)
+* All devices with less than 7 MB of usable firmware space
 * Devices using a single ath10k radio and less than 128MB of system memory
-Target configuration
+.. _hardware-adding-profiles:
 --------------------
 Gluon's hardware support is based on OpenWrt's. For each supported target,
 a configuration file exists at ``targets/<target>-<subtarget>`` (or just
 ``target/<target>`` for targets without subtargets) that contains all
 Gluon-specific settings for the target. The generic configuration
 ``targets/generic`` contains settings that affect all targets.
-All targets must be listed in ``target/targets.mk``.
+Adding profiles
 ---------------
 The vast majority of devices with ath9k WLAN are based on the ath79 target of OpenWrt.
 If the hardware you want to add support for is ath79, adding a new profile
 is sufficient.
-The target configuration language is based on Lua, so Lua's syntax for variables
+Profiles are defined in ``targets/*`` in a shell-based DSL (so common shell
-and control structures can be used.
+command syntax like ``if`` can be used).
-Device definitions
+The ``device`` command is used to define an image build for a device. It takes
-~~~~~~~~~~~~~~~~~~
+two or three parameters.
 To configure a device to be built for Gluon, the ``device`` function is used.
 In the simplest case, only two arguments are passed, for example:
-.. code-block:: lua
+The first parameter defines the Gluon profile name, which is used to refer to the
 device and is part of the generated image name. The profile name must be same as
 the output of the following command (on the target device), so the autoupdater
 can work::
-  device('tp-link-tl-wdr3600-v1', 'tplink_tl-wdr3600-v1')
+    lua -e 'print(require("platform_info").get_image_name())'
-The first argument is the device name in Gluon, which is part of the output
+While porting Gluon to a new device, it might happen that the profile name is
-image filename, and must correspond to the model string looked up by the
+unknown. Best practise is to generate an image first by using an arbitrary value
-autoupdater. The second argument is the corresponding device profile name in
+and then executing the lua command on the device and use its output from then on.
 OpenWrt, as found in ``openwrt/target/linux/<target>/image/*``.
-A table of additional settings can be passed as a third argument:
+The second parameter defines the name of the image files generated by OpenWrt. Usually,
 it is also the OpenWrt profile name; for devices that still use the old image build
 code, a third parameter with the OpenWrt profile name can be passed. The profile names
 can be found in the image Makefiles in ``openwrt/target/linux/<target>/image/Makefile``.
-.. code-block:: lua
+Examples::
-  device('ubiquiti-edgerouter-x', 'ubnt_edgerouter-x', {
+    device tp-link-tl-wr1043n-nd-v1 tl-wr1043nd-v1
-    factory = false,
+    device alfa-network-hornet-ub hornet-ub HORNETUB
    packages = {'-hostapd-mini'},
    manifest_aliases = {
      'ubnt-erx',
    },
  })
 The supported additional settings are described in the following sections.
 Suffixes and extensions
-~~~~~~~~~~~~~~~~~~~~~~~
+'''''''''''''''''''''''
 For many targets, OpenWrt generates images with the suffixes
 ``-squashfs-factory.bin`` and ``-squashfs-sysupgrade.bin``. For devices with
 different image names, is it possible to override the suffixes and extensions
 using the settings ``factory``, ``factory_ext``, ``sysupgrade`` and
 ``sysupgrade_ext``, for example:
-.. code-block:: lua
+By default, image files are expected to have the extension ``.bin``. In addition,
 the images generated by OpenWrt have a suffix before the extension that defaults to
 ``-squashfs-factory`` and ``-squashfs-sysupgrade``.
-  {
+This can be changed using the ``factory`` and ``sysupgrade`` commands, either at
-    factory = '-squashfs-combined',
+the top of the file to set the defaults for all images, or for a single image. There
-    factory_ext = '.img.gz',
+are three forms with 0 to 2 arguments (all work with ``sysupgrade`` as well)::
    sysupgrade = '-squashfs-combined',
    sysupgrade_ext = '.img.gz',
  }
-Only settings that differ from the defaults need to be passed. ``factory`` and
+    factory SUFFIX .EXT
-``sysupgrade`` can be set to ``false`` when no such images exist.
+    factory .EXT
    factory
-For some device types, there are multiple factory images with different
+When only an extension is given, the default suffix is retained. When no arguments
-extensions. ``factory_ext`` can be set to a table of strings to account for this
+are given, this signals that no factory (or sysupgrade) image exists.
 case:
-.. code-block:: lua
+Aliases
 '''''''
-  {
+Sometimes multiple models use the same OpenWrt images. In this case, the ``alias``
-    factory_ext = {'.img.gz', '.vmdk', '.vdi'},
+command can be used to create symlinks and additional entries in the autoupdater
-  }
+manifest for the alternative models.
-TODO: Extra images
+Standalone images
 '''''''''''''''''
-Aliases and manifest aliases
+On targets without *per-device rootfs* support in OpenWrt, the commands described above
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+can't be used. Instead, ``factory_image`` and ``sysupgrade_image`` are used::
 Sometimes multiple devices exist that use the same OpenWrt images. To make it
 easier to find these images, the ``aliases`` setting can be used to define
 additional device names. Gluon will create symlinks for these names in the
 image output directory.
-.. code-block:: lua
+    factory_image PROFILE IMAGE .EXT
    sysupgrade_image PROFILE IMAGE .EXT
-  device('aruba-ap-303', 'aruba_ap-303', {
+Again, the profile name must match the value printed by the aforementioned Lua
-    factory = false,
+command. The image name must match the part between the target name and the extension
-    aliases = {'aruba-instant-on-ap11'},
+as generated by OpenWrt and is to be omitted when no such part exists.
  })
-The aliased name will also be added to the autoupdate manifest, allowing upgrade
+Packages
-images to be found under the different name on targets that perform model name
+''''''''
 detection at runtime.
-It is also possible to add alternative names to the autoupdater manifest without
+The ``packages`` command takes an arbitrary number of arguments. Each argument
-creating a symlink by using ``manifest_aliases`` instead of ``aliases``, which
+defines an additional package to include in the images in addition to the default
-should be done when the alternative name does not refer to a separate device.
+package sets defined by OpenWrt. When a package name is prefixed by a minus sign, the
-This is particularly useful to allow the autoupdater to work when the model name
+packages are excluded instead.
 changed between Gluon versions.
-Package lists
+The ``packages`` command may be used at the top of a target definition to modify
-~~~~~~~~~~~~~
+the default package list for all images, or just for a single device (when the
-Gluon generates lists of packages that are installed in all images based on a
+target supports *per-default rootfs*).
 default list and the features and packages specified in the site configuration.
 In addition, OpenWrt defines additional per-device package lists. These lists
 may be modified in Gluon's device definitions, for example to include additional
 drivers and firmware, or to remove unneeded software. Packages to remove are
 prefixed with a ``-`` character.
-For many ath10k-based devices, this is used to replace the "CT" variant of
+Configuration
-ath10k with the mainline-based version:
+'''''''''''''
-.. code-block:: lua
+The ``config`` command allows to add arbitrary target-specific OpenWrt configuration
 to be emitted to ``.config``.
-  local ATH10K_PACKAGES_QCA9880 = {
+Notes
-    'kmod-ath10k',
+'''''
    '-kmod-ath10k-ct',
    '-kmod-ath10k-ct-smallbuffers',
    'ath10k-firmware-qca988x',
    '-ath10k-firmware-qca988x-ct',
  }
  device('openmesh-a40', 'openmesh_a40', {
    packages = ATH10K_PACKAGES_QCA9880,
    factory = false,
  })
-This example also shows how to define a local variable, allowing the package
+On devices with multiple WLAN adapters, care must also be taken that the primary MAC address is
-list to be reused for multiple devices.
+configured correctly. ``/lib/gluon/core/sysconfig/primary_mac`` should contain the MAC address which
 can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/010-primary-mac``
 in ``gluon-core`` might need a fix. (There have also been cases in which the address was incorrect
 even on devices with only one WLAN adapter, in these cases a OpenWrt bug was the cause).
 Device flags
 ~~~~~~~~~~~~
-The settings ``class``, ``deprecated`` or ``broken`` should be set according to
+Adding support for new hardware targets
-the device support status. The default values are as follows:
+---------------------------------------
-.. code-block:: lua
+Adding a new target is much more complex than adding a new profile. There are two basic steps
 required for adding a new target:
-  {
+Package adjustments
-    class = 'standard',
+'''''''''''''''''''
    deprecated = false,
    broken = false,
  }
- Device classes are described in :ref:`device-class-definition`
+One package that may need adjustments for new targets is ``libplatforminfo`` (to be found in
- Broken devices are untested or do not meet our requirements as given by the
+`packages/gluon/libs/libplatforminfo <https://github.com/freifunk-gluon/packages/tree/master/libs/libplatforminfo>`_).
-  device checklist
+If the new platform works fine with the definitions found in ``default.c``, nothing needs to be done. Otherwise,
- Deprecated devices are slated for removal in a future Gluon version due to
+create a definition for the added target or subtarget, either by symlinking one of the files in the ``templates``
-  hardware constraints
+directory, or adding a new source file.
-Global settings
+On many targets, Gluon's network setup scripts (mainly in the package ``gluon-core``)
-~~~~~~~~~~~~~~~
+won't run correctly without some adjustments, so better double check that everything is fine there (and the files
-There is a number of directives that can be used outside of a ``device()``
+``primary_mac``, ``lan_ifname`` and ``wan_ifname`` in ``/lib/gluon/core/sysconfig/`` contain sensible values).
 definition:
- ``include('filename')``: Include another file with global settings
+Build system support
- ``config(key, value)``: Set a config symbol in OpenWrt's ``.config``. Value
+''''''''''''''''''''
  may be a string, number, boolean, or nil. Booleans and nil are used for
  tristate symbols, where nil sets the symbol to ``m``.
 - ``try_config(key, value)``: Like ``config()``, but do not fail if setting
  the symbol is not possible (usually because its dependencies are not met)
 - ``packages { 'package1', '-package2', ... }``: Define a list of packages to
  add or remove for all devices of a target. Package lists passed to multiple
  calls of ``packages`` will be aggregated.
 - ``defaults { key = value, ... }``: Set default values for any of the
  additional settings that can be passed to ``device()``.
-Helper functions
+A definition for the new target must be created under ``targets``, and it must be added
-~~~~~~~~~~~~~~~~
+to ``targets/targets.mk``. The ``GluonTarget`` macro takes one to two arguments:
-The following helpers can be used in the target configuration:
+the target name and the OpenWrt subtarget name.
- ``env.KEY`` allows to access environment variables
+After this, is should be sufficient to call ``make GLUON_TARGET=<target>`` to build the images for the new target.
 - ``istrue(value)`` returns true if the passed string is a positive number
  (often used with ``env``, for example ``if istrue(env.GLUON_DEBUG) then ...``)
 Hardware support in packages
 ----------------------------
 In addition to the target configuration files, some device-specific changes may
 be required in packages.
 gluon-core
 ~~~~~~~~~~
 - ``/lib/gluon/upgrade/010-primary-mac``: Override primary MAC address selection
  Usually, the primary (label) MAC address is defined in OpenWrt's Device Trees.
  For devices or targets where this is not the case, it is possible to specify
  what interface to take the primary MAC address from in ``010-primary-mac``.
 - ``/lib/gluon/upgrade/020-interfaces``: Override LAN/WAN interface assignment
  On PoE-powered devices, the PoE input port should be "WAN".
 - ``/usr/lib/lua/gluon/platform.lua``: Contains a list of outdoor devices
 gluon-setup-mode
 ~~~~~~~~~~~~~~~~
 - ``/lib/gluon/upgrade/320-setup-ifname``: Contains a list of devices that use
  the WAN port for the config mode
  On PoE-powered devices, the PoE input port should be used for the config
  mode. This is handled correctly by default for outdoor devices listed in
  ``platform.lua``.
 libplatforminfo
 ~~~~~~~~~~~~~~~
 When adding support for a new target to Gluon, it may be necessary to adjust
 libplatforminfo to define how autoupdater image names are derived from the
 model name.
--- a/docs/features/configmode.rst
+++ b/docs/features/configmode.rst
@ -18,9 +18,6 @@ Config Mode by pressing and holding the RESET/WPS/DECT button for about three
 seconds. The device should reboot (all LEDs will turn off briefly) and
 Config Mode will be available.
 If you have access to the console of the node, there is the
 ``gluon-enter-setup-mode`` command, which reboots a node into Config Mode.
 Port Configuration
 ------------------
--- a/docs/features/dns-cache.rst
+++ b/docs/features/dns-cache.rst
@ -1,51 +0,0 @@
 DNS caching
 ===========
 User experience may be greatly improved when dns is accelerated. Also, it
 seems like a good idea to keep the number of packages being exchanged
 between node and gateway as small as possible. In order to do this, a
 DNS cache may be used on a node. The dnsmasq instance listening on port
 53 on the node will be reconfigured to answer requests, use a list of
 upstream servers and a specific cache size if the options listed below are
 added to site.conf. Upstream servers are the DNS servers which are normally
 used by the nodes to resolve hostnames (e.g. gateways/supernodes).
 There are the following settings:
    servers
    cacheentries
 To use the node's DNS server, both options should be set. The node will cache at
 most 'cacheentries' many DNS records in RAM. The 'servers' list will be used to
 resolve the received DNS queries if the request cannot be answered from
 cache. Gateways should announce the "next node" address via DHCP and RDNSS (if
 any). Note that not setting 'servers' here will lead to DNS not working: Once
 the gateways all announce the "next node" address for DNS, there is no way for
 nodes to automatically determine DNS servers. They have to be baked into the
 firmware.
 If these settings do not exist, the cache is not initialized and RAM usage will
 not increase.
 When next_node.name is set, an A record and an AAAA record for the
 next-node IP address are placed in the dnsmasq configuration. This means that
 the content of next_node.name may be resolved even without upstream connectivity.
 It is suggested to use the same name as the DNS server provides:
 e.g. nextnode.location.community.example.org (This way the name also works if a
 client uses static DNS Servers). Hint: If next_node.name does not contain a dot
 some browsers would open the searchpage instead.
 ::
  dns = {
    cacheentries = 5000,
    servers = { '2001:db8::1', },
  },
  next_node = {
    name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
    ip6 = '2001:db8:8::1',
    ip4 = '198.51.100.1',
  }
 Each cache entry will occupy about 90 bytes of RAM.
--- a/docs/features/dns-forwarder.rst
+++ b/docs/features/dns-forwarder.rst
@ -0,0 +1,26 @@
 DNS forwarder
 =============
 A Gluon node can be configured to act as a DNS forwarder. Requests for the
 next-node hostname(s) can be answered locally, without querying the upstream
 resolver.
 **Note:** While this reduces answer time and allows to use the next-node
 hostname without upstream connectivity, this feature should not be used for
 next-node hostnames that are FQDN when the zone uses DNSSEC.
 One or more upstream resolvers can be configured in the *dns.servers* setting.
 When *next_node.name* is set, A and/or AAAA records for the next-node IP
 addresses are placed in the dnsmasq configuration.
 ::
  dns = {
    servers = { '2001:db8::1', },
  },
  next_node = {
    name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
    ip6 = '2001:db8:8::1',
    ip4 = '198.51.100.1',
  }
--- a/docs/features/monitoring.rst
+++ b/docs/features/monitoring.rst
@ -47,7 +47,7 @@ installed. Please note that at least one alfred daemon is required to run as
 .. _alfred-json: https://github.com/ffnord/alfred-json
-The following data types are used:
+The following datatypes are used:
 * `nodeinfo`: 158
 * `statistics`: 159
--- a/docs/features/vpn.rst
+++ b/docs/features/vpn.rst
@ -11,7 +11,7 @@ There are currently three protocol handlers which can be selected
 via ``GLUON_FEATURES`` in ``site.mk``:
 mesh-vpn-fastd
-""""""""""""""
+~~~~~~~~~~~~~~
 fastd is a lightweight userspace tunneling daemon that
 implements cipher suites that are specifically designed
@ -25,7 +25,7 @@ at the cost of losing the ability to protect tunnel connections
 against eavesdropping or manipulation.
 mesh-vpn-tunneldigger
-"""""""""""""""""""""
+~~~~~~~~~~~~~~~~~~~~~
 Tunneldigger always uses L2TPv3, generally achieving the same
 performance as fastd with the ``null@l2tp`` method, but offering
@ -33,20 +33,18 @@ no security.
 Tunneldigger's primary drawback is the lack of IPv6 support.
 It also provides less configurability than fastd.
-mesh-vpn-wireguard
+mesh-vpn-wireguard (experimental)
-""""""""""""""""""
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-WireGuard is an encrypted in-kernel tunneling protocol that
+Wireguard is a new tunneling software that offers modern encryption
-provides encrypted transmission and at the same time offers
+methods and is implemented in the kernel, resulting in high throughput.
-high throughput.
+It is implemented in Gluon using the *wgpeerselector* tool.
 fastd
 ^^^^^
 .. _VPN fastd methods:
 Methods
-"""""""
+~~~~~~~
 fastd offers various different connection "methods" with different
 security properties that can be configured in the site configuration.
@ -65,64 +63,8 @@ considerable performance gain, especially on weaker embedded hardware.
 For L2TP offloading, the ``mesh-vpn-fastd-l2tp`` feature needs to be enabled in
 ``site.mk``.
 .. _vpn-gateway-configuration:
 Gateway / Supernode Configuration
 """""""""""""""""""""""""""""""""
 When only using the ``null`` or ``null@l2tp`` methods without offloading,
 simply add these methods to the front of the method list. ``null@l2tp``
 should always appear before ``null`` in the configuration when both are enabled.
 fastd v22 or newer is needed for the ``null@l2tp`` method.
 It is often not necessary to enable L2TP offloading on supernodes for
 performance reasons. Nodes using offloading can communicate with supernodes that
 don't use offloading as long as both use the ``null@l2tp`` method.
 .. _vpn-gateway-configuration-offloading:
 Offloading on Gateways / Supernodes
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 To enable L2TP offloading on the supornodes, it is recommended to study the
 fastd documentation section pertaining to the `offload configuration option
 <https://fastd.readthedocs.io/en/stable/manual/config.html#option-offload>`_.
 However, the important changes to the fastd config on your Supernode are:
    - | Set ``mode multitap;``
      | Every peer gets their own interface.
    - | Replace ``interface "foo":`` with ``interface "peer-%k";``
      | ``%k`` is substituted for a portion of the peers public key.
    - | Set ``offload l2tp yes;``
      | This tells fastd to use the l2tp kernel module.
    - | Set ``persist interface no;``
      | This tells fastd to only keep interfaces around while the connection is active.
 Note that in ``multitap`` mode, which is required when using L2TP offloading,
 fastd will create one interface per peer on the supernode's. This allows
 offloading the L2TP forwarding into the kernel space. But this also means added
 complexity with regards to handling those interfaces.
 There are two main options on how you can handle this:
    -  create ``on up`` and ``on down`` hooks
        - to handle interface setup and destruction
        - preferably using the async keyword, so hooks are not blocking fastd
    - use a daemon like systemd-networkd
 Examples for both options can be found in the
 `Wiki <https://github.com/freifunk-gluon/gluon/wiki/fastd-l2tp-offloading-on-supernodes>`_.
 Configurable Method
-"""""""""""""""""""
+~~~~~~~~~~~~~~~~~~~
 From the site configuration, fastd can be allowed to offer
 toggleable encryption in the config mode with the intent to
@ -134,7 +76,7 @@ performance gains provided by the latter (compared to the encrypted
 and authenticated methods) are very small.
 Site configuration
-~~~~~~~~~~~~~~~~~~
+------------------
 1)
  Add the feature ``web-mesh-vpn-fastd`` in ``site.mk``
@ -144,8 +86,32 @@ Site configuration
  Optionally, add ``null@l2tp`` to the ``mesh_vpn.fastd.methods`` table if you want
  "Performance mode" as default (not recommended)
 Gateway / Supernode Configuration
 ---------------------------------
 When only using the ``null`` or ``null@l2tp`` methods without offloading,
 simply add these methods to the front of the method list. ``null@l2tp``
 should always appear before ``null`` in the configuration when both are enabled.
 fastd v22 or newer is needed for the ``null@l2tp`` method.
 It is often not necessary to enable L2TP offloading on supernodes for
 performance reasons. Nodes using offloading can communicate with supornodes that
 don't use offloading as long as both use the ``null@l2tp`` method.
 To enable L2TP offloading on the supornodes as well, it is recommended to study
 the fastd documentation section pertaining to the `offload configuration option
 <https://fastd.readthedocs.io/en/stable/manual/config.html#option-offload>`_.
 Note that in ``multitap`` mode, which is required when using
 L2TP offloading, fastd will create one interface per peer
 on the supernode's side and it is the administrator's
 responsibility to ensure that these interfaces are handled correctly.
 In batman-adv-based setups this involves adding the dynamically created
 interfaces to an batadv interface using fastd's ``on up`` scripts or some
 network configuration daemon like systemd-networkd.
 Config Mode
-~~~~~~~~~~~
+-----------
 The resulting firmware will allow users to choose between secure (encrypted) and fast (unencrypted) transport.
@ -153,60 +119,3 @@ The resulting firmware will allow users to choose between secure (encrypted) and
 To confirm whether the correct cipher is being used, the log output
 of fastd can be checked using ``logread``.
 WireGuard
 ^^^^^^^^^
 In order to support WireGuard in Gluon, a few technologies are glued together.
 **VXLAN:** As Gluon typically relies on batman-adv, the Mesh VPN has to provide
 OSI Layer 2 transport. But WireGuard is an OSI Layer 3 tunneling protocol, so
 additional technology is necessary here. For this, we use VXLAN. In short, VXLAN
 is a well-known technology to encapsulate ethernet packages into IP packages.
 You can think of it as kind of similar to VLAN, but on a different layer. Here,
 we use VXLAN to transport batman-adv traffic over WireGuard.
 **wgpeerselector**: To connect all gluon nodes to each other, it is common to
 create a topology where each gluon node is connected to one of the available
 gateways via Mesh VPN respectively. To achieve this, the gluon node should be
 able to select a random gateway to connect to. But such "random selection of a
 peer" is not implemented in WireGuard by default. WireGuard only knows static
 peers. Therefore the *wgpeerselector* has been developed. It randomly selects a
 gateway, tries to establish a connection, and if it fails, tries to connect
 to the next gateway. This approach has several advantages, such as load
 balancing VPN connection attempts and avoiding problems with offline gateways.
 More information about the wgpeerselector and its algorithm can be found
 `here <https://github.com/freifunk-gluon/packages/blob/master/net/wgpeerselector/README.md>`__.
 On the gluon node both VXLAN and the wgpeerselector are well integrated and no
 explicit configuration of those tools is necessary, once the general WireGuard
 support has been configured.
 Attention must by paid to time synchronization. As WireGuard
 performs checks on timestamps in order to avoid replay attacks, time must
 be synchronized before the Mesh VPN connection is established. This means that
 the NTP servers specified in your site.conf must be publicly available (and not
 only through the mesh). Be aware that if you fail this, you may not directly see
 negative effects. Only when a previously connected node reboots the effect
 comes into play, as the gateway still knows about the old timestamp of the gluon
 node.
 gluon-mesh-vpn-key-translate
 """"""""""""""""""""""""""""
 Many communities already possess a collection of active fastd-keys when they
 plan migrating their community to WireGuard.
 These public keys known on the server-side can be derived into their WireGuard
 equivalent using `gluon-mesh-vpn-key-translate <https://github.com/AiyionPrime/gluon-mesh-vpn-key-translate>`__.
 The routers do the necessary reencoding of the private key seamlessly
 when updating firmware from fastd to the WireGuard variant.
 Gateway / Supernode Configuration
 """""""""""""""""""""""""""""""""
 On the gateway side, a software called *wireguard-vxlan-glue* is necessary. It
 is a small daemon that dynamically adds and removes forwarding rules for VXLAN
 interfaces, so traffic is sent correctly into the WireGuard interface. Thereby
 the forwarding rules are only installed if a client is connected, so
 unnecessary traffic in the kernel is avoided. The source can be found
 `here <https://github.com/freifunkh/wireguard-vxlan-glue/>`__.
--- a/docs/features/wired-mesh.rst
+++ b/docs/features/wired-mesh.rst
@ -51,83 +51,37 @@ Both Mesh-on-WAN and Mesh-on-LAN can be configured on the "Network" page
 of the *Advanced settings* (if the package ``gluon-web-network`` is installed).
 It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by adding
-the ``mesh`` role to the ``interfaces.*.default_roles`` options in your
+the ``mesh`` role to the ``interfaces.*.default_roles`` options in site.conf.
 :ref:`site.conf<user-site-interfaces>`.
 .. _wired-mesh-commandline:
 Commandline
 ===========
 Starting with release 2022.1, the wired network configuration is rebuilt from ``/etc/config/gluon``
 upon each ``gluon-reconfigure``.
 Therefore the network configuration is overwritten at least with every firmware upgrade.
 Every interface has a list of roles assigned to it which can be ``client``, ``mesh`` or ``uplink``.
 When the client role is assigned to an interface in combination with other roles
 (like 'client', 'mesh' in the Mesh-on-LAN example below), the other roles take
 precedence, enabling mesh but not client in the previous example.
 The setup/config-mode interface is every interface with the role ``client`` which makes removing
 it from interfaces not only unnecessary, but generally unrecommended.
 In order to make persistent changes to the router's configuration it's necessary to:
 * change the sections in ``/etc/config/gluon`` e.g. using uci (see examples below)
 * call ``gluon-reconfigure`` to re-generate ``/etc/config/network``
 * apply the networking changes, either through executing ``service network restart`` or by performing a ``reboot``
 Enable Mesh-on-WAN::
-  uci add_list gluon.iface_wan.role='mesh'
+  uci set network.mesh_wan.disabled=0
-  uci commit gluon
+  uci commit network
 Disable Mesh-on-WAN::
-  uci del_list gluon.iface_wan.role='mesh'
+  uci set network.mesh_wan.disabled=1
-  uci commit gluon
+  uci commit network
 Enable Mesh-on-LAN::
-  uci add_list gluon.iface_lan.role='mesh'
+  uci set network.mesh_lan.disabled=0
-  uci commit gluon
+  for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
    uci del_list network.client.ifname=$ifname
  done
  uci commit network
 Disable Mesh-on-LAN::
-  uci del_list gluon.iface_lan.role='mesh'
+  uci set network.mesh_lan.disabled=1
-  uci commit gluon
+  for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
    uci add_list network.client.ifname=$ifname
  done
  uci commit network
-For devices with a single interface, instead of `iface_lan` and `iface_wan` configuration is
+Please note that this configuration has changed in Gluon 2016.1. Using
-done with `iface_single`.
+the old commands on 2016.1 and later will break the corresponding options
 Enable Mesh-on-Single::
  uci add_list gluon.iface_single.role='mesh'
  uci commit gluon
 Disable Mesh-on-Single::
  uci del_list gluon.iface_single.role='mesh'
  uci commit gluon
 Furthermore it is possible to make use of 802.1Q VLAN.
 The following statements would create a VLAN with id 8 on ``eth0`` and join the mesh network with it::
  uci set gluon.iface_lan_vlan8=interface
  uci set gluon.iface_lan_vlan8.name='eth0.8'
  uci add_list gluon.iface_lan_vlan8.role='mesh'
  uci commit gluon
 Other VLAN-interfaces could be configured on the same parent interface in order to have
 all three roles available on ``eth0`` without having them interfere with each other.
 This feature comes in especially handy for the persistent configuration of virtual machines
 as offloader for bigger installations.
 A ``reboot`` is not sufficient to apply an altered configuration; calling ``gluon-reconfigure`` before is
 mandatory in order for changes to take effect.
 Please note that this configuration has changed in Gluon 2022.1. Using
 the old commands on 2022.1 and later will break the corresponding options
 in the *Advanced settings*.
--- a/docs/features/wlan-configuration.rst
+++ b/docs/features/wlan-configuration.rst
@ -16,10 +16,10 @@ by the user). This means that it is not possible to enable or disable an existin
 configurations during upgrades.
 During upgrades the wifi channel of the 2.4GHz and 5GHz radio will be restored to the channel
-configured in the site.conf. The channel width will be reset to Gluon's default. If you need to preserve
+configured in the site.conf. If you need to preserve a user defined wifi channel during upgrades
-these settings during upgrades you can configure this via the uci section ``gluon-core.wireless``::
+you can configure this via the uci section ``gluon-core.wireless``::
-  uci set gluon.wireless.preserve_channels='1'
+  uci set gluon-core.@wireless[0].preserve_channels='1'
 When channels should be preserved, toggling the outdoor mode will have no effect on the channel settings.
 Therefore, the Outdoor mode settings won't be displayed in config mode.
--- a/docs/index.rst
+++ b/docs/index.rst
@ -6,80 +6,79 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
 .. toctree::
-  :caption: User Documentation
+   :caption: User Documentation
-  :maxdepth: 2
+   :maxdepth: 2
-  user/getting_started
+   user/getting_started
-  user/site
+   user/site
-  user/supported_devices
+   user/supported_devices
-  user/x86
+   user/x86
-  user/faq
+   user/faq
  user/mtu
 .. toctree::
-  :caption: Features
+   :caption: Features
-  :maxdepth: 2
+   :maxdepth: 2
-  features/configmode
+   features/configmode
-  features/autoupdater
+   features/autoupdater
-  features/wlan-configuration
+   features/wlan-configuration
-  features/private-wlan
+   features/private-wlan
-  features/wired-mesh
+   features/wired-mesh
-  features/dns-cache
+   features/dns-forwarder
-  features/monitoring
+   features/monitoring
-  features/multidomain
+   features/multidomain
-  features/authorized-keys
+   features/authorized-keys
-  features/roles
+   features/roles
-  features/vpn
+   features/vpn
 .. toctree::
-  :caption: Developer Documentation
+   :caption: Developer Documentation
-  :maxdepth: 2
+   :maxdepth: 2
-  dev/basics
+   dev/basics
-  dev/hardware
+   dev/hardware
-  dev/packages
+   dev/packages
-  dev/upgrade
+   dev/upgrade
-  dev/uplink
+   dev/uplink
-  dev/mac_addresses
+   dev/mac_addresses
-  dev/site_library
+   dev/site_library
-  dev/build
+   dev/build
-  dev/debugging
+   dev/debugging
 .. toctree::
-  :caption: gluon-web Reference
+   :caption: gluon-web Reference
-  :maxdepth: 1
+   :maxdepth: 1
-  dev/web/controller
+   dev/web/controller
-  dev/web/model
+   dev/web/model
-  dev/web/view
+   dev/web/view
-  dev/web/i18n
+   dev/web/i18n
-  dev/web/config-mode
+   dev/web/config-mode
 .. toctree::
-  :caption: Packages
+   :caption: Packages
-  :maxdepth: 1
+   :maxdepth: 1
-  package/gluon-client-bridge
+   package/gluon-client-bridge
-  package/gluon-config-mode-domain-select
+   package/gluon-config-mode-domain-select
-  package/gluon-ebtables-filter-multicast
+   package/gluon-ebtables-filter-multicast
-  package/gluon-ebtables-filter-ra-dhcp
+   package/gluon-ebtables-filter-ra-dhcp
-  package/gluon-ebtables-limit-arp
+   package/gluon-ebtables-limit-arp
-  package/gluon-ebtables-source-filter
+   package/gluon-ebtables-source-filter
-  package/gluon-hoodselector
+   package/gluon-hoodselector
-  package/gluon-logging
+   package/gluon-logging
-  package/gluon-mesh-batman-adv
+   package/gluon-mesh-batman-adv
-  package/gluon-mesh-wireless-sae
+   package/gluon-mesh-wireless-sae
-  package/gluon-radv-filterd
+   package/gluon-radv-filterd
-  package/gluon-scheduled-domain-switch
+   package/gluon-scheduled-domain-switch
-  package/gluon-web-admin
+   package/gluon-web-admin
-  package/gluon-web-logging
+   package/gluon-web-logging
 .. toctree::
-  :caption: Releases
+   :caption: Releases
-  :maxdepth: 1
+   :maxdepth: 1
-  releases/index
+   releases/index
 License
 -------
--- a/docs/multidomain-site-example/site.conf
+++ b/docs/multidomain-site-example/site.conf
@ -20,10 +20,10 @@
  },
  mesh_vpn = {
    mtu = 1312,
    fastd = {
      methods = {'salsa2012+umac'},
      mtu = 1312,
    },
    bandwidth_limit = {
--- a/docs/releases/index.rst
+++ b/docs/releases/index.rst
@ -2,128 +2,117 @@ Release Notes
 =============
 .. toctree::
-  :caption: Gluon 2022.1
+   :caption: Gluon 2021.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2022.1.4
+   v2021.1.1
-  v2022.1.3
+   v2021.1
  v2022.1.2
  v2022.1.1
  v2022.1
 .. toctree::
-  :caption: Gluon 2021.1
+   :caption: Gluon 2020.2
-  :maxdepth: 2
+   :maxdepth: 2
-  v2021.1.2
+   v2020.2.3
-  v2021.1.1
+   v2020.2.2
-  v2021.1
+   v2020.2.1
   v2020.2
 .. toctree::
-  :caption: Gluon 2020.2
+   :caption: Gluon 2020.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2020.2.3
+   v2020.1.4
-  v2020.2.2
+   v2020.1.3
-  v2020.2.1
+   v2020.1.2
-  v2020.2
+   v2020.1.1
   v2020.1
 .. toctree::
-  :caption: Gluon 2020.1
+   :caption: Gluon 2019.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2020.1.4
+   v2019.1.3
-  v2020.1.3
+   v2019.1.2
-  v2020.1.2
+   v2019.1.1
-  v2020.1.1
+   v2019.1
  v2020.1
 .. toctree::
-  :caption: Gluon 2019.1
+   :caption: Gluon 2018.2
-  :maxdepth: 2
+   :maxdepth: 2
-  v2019.1.3
+   v2018.2.4
-  v2019.1.2
+   v2018.2.3
-  v2019.1.1
+   v2018.2.2
-  v2019.1
+   v2018.2.1
   v2018.2
 .. toctree::
-  :caption: Gluon 2018.2
+   :caption: Gluon 2018.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2018.2.4
+   v2018.1.4
-  v2018.2.3
+   v2018.1.3
-  v2018.2.2
+   v2018.1.2
-  v2018.2.1
+   v2018.1.1
-  v2018.2
+   v2018.1
 .. toctree::
-  :caption: Gluon 2018.1
+   :caption: Gluon 2017.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2018.1.4
+   v2017.1.8
-  v2018.1.3
+   v2017.1.7
-  v2018.1.2
+   v2017.1.6
-  v2018.1.1
+   v2017.1.5
-  v2018.1
+   v2017.1.4
   v2017.1.3
   v2017.1.2
   v2017.1.1
   v2017.1
 .. toctree::
-  :caption: Gluon 2017.1
+   :caption: Gluon 2016.2
-  :maxdepth: 2
+   :maxdepth: 2
-  v2017.1.8
+   v2016.2.7
-  v2017.1.7
+   v2016.2.6
-  v2017.1.6
+   v2016.2.5
-  v2017.1.5
+   v2016.2.4
-  v2017.1.4
+   v2016.2.3
-  v2017.1.3
+   v2016.2.2
-  v2017.1.2
+   v2016.2.1
-  v2017.1.1
+   v2016.2
  v2017.1
 .. toctree::
-  :caption: Gluon 2016.2
+   :caption: Gluon 2016.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2016.2.7
+   v2016.1.6
-  v2016.2.6
+   v2016.1.5
-  v2016.2.5
+   v2016.1.4
-  v2016.2.4
+   v2016.1.3
-  v2016.2.3
+   v2016.1.2
-  v2016.2.2
+   v2016.1.1
-  v2016.2.1
+   v2016.1
  v2016.2
 .. toctree::
-  :caption: Gluon 2016.1
+   :caption: Gluon 2015.1
-  :maxdepth: 2
+   :maxdepth: 2
-  v2016.1.6
+   v2015.1.2
-  v2016.1.5
+   v2015.1.1
-  v2016.1.4
+   v2015.1
  v2016.1.3
  v2016.1.2
  v2016.1.1
  v2016.1
 .. toctree::
-  :caption: Gluon 2015.1
+   :caption: Gluon 2014.4
-  :maxdepth: 2
+   :maxdepth: 2
-  v2015.1.2
+   v2014.4
  v2015.1.1
  v2015.1
 .. toctree::
-  :caption: Gluon 2014.4
+   :caption: Gluon 2014.3
-  :maxdepth: 2
+   :maxdepth: 2
-  v2014.4
+   v2014.3.1
-
+   v2014.3
 .. toctree::
  :caption: Gluon 2014.3
  :maxdepth: 2
  v2014.3.1
  v2014.3
--- a/docs/releases/v2017.1.rst
+++ b/docs/releases/v2017.1.rst
@ -88,8 +88,6 @@ New features
 * Add support for making nodes a DNS cache for clients
  (`#1000 <https://github.com/freifunk-gluon/gluon/pull/1000>`_)
  See also: :doc:`../features/dns-cache`
 * Add L2TP via tunneldigger as an alternative VPN system
  (`#978 <https://github.com/freifunk-gluon/gluon/pull/978>`_)
--- a/docs/releases/v2018.1.2.rst
+++ b/docs/releases/v2018.1.2.rst
@ -28,7 +28,7 @@ Bugfixes
  As the path to both config mode and status page were changed between versions
  users could be affected by a redirect to a no more valid URL. 
-* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt/routing/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
+* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt-routing/packages/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
 Other changes
 ~~~~~~~~~~~~~
--- a/docs/releases/v2020.1.rst
+++ b/docs/releases/v2020.1.rst
@ -127,10 +127,10 @@ Renamed targets
 Status Page
 ~~~~~~~~~~~
- Gateway nexthop information has been added to the status page when batman-adv
+- Gateway nexthop information has been added to the statuspage when batman-adv
  is used. This includes its MAC address and prettyname as well as the interface
  name towards the selected gateway.
- The site name has been added to the status page. If the node is in a multidomain
+- The site name has been added to the statuspage. If the node is in a multidomain
  setup it will also show the domain name.
 DECT button to enter config mode
--- a/docs/releases/v2020.2.3.rst
+++ b/docs/releases/v2020.2.3.rst
@ -7,7 +7,7 @@ Bugfixes
 - LEDs on the ASUS RT-AC51 are now fully functional.
 - Netgear EX6150v1 randomly booting into failsafe mode has been fixed.
-  This happened dependent on the state of the mode setting switch.
+  This happened dependant on the state of the mode setting switch.
 - Dnsmasq has been patched against multiple security issues in its DNS response validation.
  See the OpenWrt advisory at https://openwrt.org/advisory/2021-01-19-1
--- a/docs/releases/v2021.1.1.rst
+++ b/docs/releases/v2021.1.1.rst
@ -30,11 +30,11 @@ ramips-mt76x8
 Bugfixes
 --------
- Missing bandwidth limit settings resulted in a respondd crash for v2021.1.
+- Missing bandwith limit settings resulted in a respondd crash for v2021.1.
 - The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations.
- Disabling Radio interfaces in v2021.1 could lead to null pointer dereferences in the respondd airtime module, as the survey returns no data in this case.
+- Disabling Radio interfaces in v2021.1 could lead to nullpointer dereferences in the respondd airtime module, as the survey returns no data in this case.
 Known issues
--- a/docs/releases/v2021.1.2.rst
+++ b/docs/releases/v2021.1.2.rst
@ -1,131 +0,0 @@
 Gluon 2021.1.2
 ==============
 Important notes
 ---------------
 This release fixes a **critical security vulnerability** in Gluon's
 autoupdater.
 Upgrades to v2021.1 and later releases are only supported from releases v2018.2
 and later. Migration code for upgrades from older versions has been removed to
 simplify maintenance.
 Updates
 -------
 - The Linux kernel was updated to version 4.14.275
 - The mac80211 wireless driver stack was updated to a version based on kernel
  4.19.237
 Various minor package updates are not listed here and can be found in the commit
 log.
 Bugfixes
 --------
 * **[SECURITY]** Autoupdater: Fix signature verification
  A recently discovered issue (CVE-2022-24884) in the *ecdsautils* package
  allows forgery of cryptographic signatures. This vulnerability can be
  exploited to create a manifest accepted by the autoupdater without knowledge
  of the signers' private keys. By intercepting nodes' connections to the update
  server, such a manifest allows to distribute malicious firmware updates.
  This is a **critical** vulnerability. All nodes with autoupdater must be
  updated. Requiring multiple signatures for an update does *not* mitigate the
  issue.
  As a temporary workaround, the issue can be mitigated on individual nodes by
  disabling the autoupdater via config mode or using the following commands::
    uci set autoupdater.settings.enabled=0
    uci commit autoupdater
  A fixed firmware should be installed manually before enabling the autoupdater
  again.
  See security advisory `GHSA-qhcg-9ffp-78pw
  <https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw>`_
  for further information on this vulnerability.
 * **[SECURITY]** Config Mode: Prevent Cross-Site Request Forgery (CSRF)
  The Config Mode was not validating the *Origin* header of POST requests.
  This allowed arbitrary websites to modify   configuration (including SSH keys)
  on a Gluon node in Config Mode reachable from a user's browser by sending POST
  requests with form data to 192.168.1.1.
  The impact of this issue is considered low, as nodes are only vulnerable while
  in Config Mode.
 * Config Mode: Fix occasionally hanging page load after submitting the
  configuration wizard causing the reboot message and VPN key not to be
  displayed
 * Config Mode (OSM): Update default OpenLayers source URL
  The OSM feature of the Config Mode was broken when the default source URL was
  used for OpenLayers, as the old URL has become unavailable. The default was
  updated to a URL that should not become unavailable again.
 * Config Mode (OSM): Fix error when using ``"`` character in attribution text
 * respondd-module-airtime: Fix respondd crash on devices with disabled WLAN
  interfaces
  Several improvements were made to the error handling of the
  *respondd-module-airtime* package. The "PHY ID" field (introduced in Gluon
  2021.1) was removed again.
 * ipq40xx: Fix bad WLAN performance on Plasma Cloud PA1200 and PA2200 devices
 * Fix occasional build failure in "perl" package with high number of threads
  (``-j32`` or higher)
 Other improvements
 ------------------
 * Several improvements were made to the status page:
  - WLAN channel display does not require the *respondd-module-airtime* package
    anymore
  - The "gateway nexthop" label now links to the status page of the nexthop node
  - The timeout to retrieve information from neighbour nodes was increased,
    making the display of the name
    of overloaded, slow or otherwise badly reachable nodes more likely to
    succeed
 Known issues
 ------------
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a
  soft-bricked state due to bad blocks on the NAND flash which the NAND driver
  before this release does not handle well.
  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
 * The integration of the BATMAN_V routing algorithm is incomplete.
  - Mesh neighbors don't appear on the status page.
    (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to
    account for the new throughput metric.
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are
  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * In configurations without VXLAN, the MAC address of the WAN interface is
  modified even when Mesh-on-WAN is disabled
  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected
  (like VMware when promiscuous mode is disallowed).
--- a/docs/releases/v2022.1.1.rst
+++ b/docs/releases/v2022.1.1.rst
@ -1,85 +0,0 @@
 Gluon 2022.1.1
 ==============
 Important notes
 ---------------
 This release mitigates multiple flaws in the Linux wireless stack fixing RCE and DoS vulnerabilities.
 Added hardware support
 ----------------------
 ipq40xx-generic
 ~~~~~~~~~~~~~~~
 - GL.iNet
  - GL-AP1300
 mpc85xx-p1010
 ~~~~~~~~~~~~~
 - TP-Link
  - TL-WDR4900 (v1)
 ramips-mt7621
 ~~~~~~~~~~~~~
 - ZyXEL
  - NWA50AX
 rockchip-armv8
 ~~~~~~~~~~~~~~
 - FriendlyElec
  - NanoPi R4S (4GB LPDDR4)
 Bugfixes
 --------
 * Multiple mitigations for (`critical vulnerabilities <https://seclists.org/oss-sec/2022/q4/20>`_) in the Linux kernel WLAN stack. This only concerns Gluon v2022.1, older Gluon versions are unaffected.
   * CVE-2022-41674
   * CVE-2022-42719
   * CVE-2022-42720
   * CVE-2022-42721
   * CVE-2022-42722
 * Fixes `security issues in WolfSSL <https://openwrt.org/releases/22.03/notes-22.03.1#security_fixes>`_. People who have installed additional, non-Gluon packages which rely on WolfSSL's TLS 1.3 implementation might be affected. Firmwares using either gluon-mesh-wireless-sae or gluon-wireless-encryption-wpa3 are unaffected by these issues, since only WPA-Enterprise relies on the affected TLS functionality.
   * CVE-2022-38152
   * CVE-2022-39173
 * Fixes the update path for GL-AR300M and NanoStation Loco M2/M5 (XW) devices.
 Known issues
 ------------
 * A workaround for Android devices not waking up to their MLD subscriptions was removed,
  potentially breaking IPv6 connectivity for these devices after extended sleep periods.
  (`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
 * The integration of the BATMAN_V routing algorithm is incomplete.
  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
    metric.
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
--- a/docs/releases/v2022.1.2.rst
+++ b/docs/releases/v2022.1.2.rst
@ -1,37 +0,0 @@
 Gluon 2022.1.2
 ==============
 Bugfixes
 --------
 * Various build-errors which sporadically occur when building with a large thread-count have been fixed
 * Android devices do not lose their IPv6 connectivity after extended idle-time
 * The 802.11s mesh network is now using 802.11ax HE-modes when supported by hardware
 Known issues
 ------------
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
 * The integration of the BATMAN_V routing algorithm is incomplete.
  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
    metric.
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
--- a/docs/releases/v2022.1.3.rst
+++ b/docs/releases/v2022.1.3.rst
@ -1,40 +0,0 @@
 Gluon 2022.1.3
 ==============
 Bugfixes
 --------
 * Ipq40xx Wave2 devices temporarily use non-ct firmware again to work around 802.11s unicast package loss in ath10k-ct
  (`#2692 <https://github.com/freifunk-gluon/gluon/issues/2692>`_)
 * Modify kernel builds slightly to work around a boot hang on various devices based on the QCA9563 SoC - especially the Unifi AC-* devices
  (`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784>`_)
 * Work around an issue with wifi setup timing by waiting a bit while device initialisation is ongoing
  (`#2779 <https://github.com/freifunk-gluon/gluon/issues/2779>`_)
 Known issues
 ------------
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
 * The integration of the BATMAN_V routing algorithm is incomplete.
  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
    metric.
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
--- a/docs/releases/v2022.1.4.rst
+++ b/docs/releases/v2022.1.4.rst
@ -1,136 +0,0 @@
 Gluon 2022.1.4
 ==============
 Added hardware support
 ----------------------
 ath79-generic
 ~~~~~~~~~~~~~
 - LibreRouter
  - LibreRouter (v1)
 - Teltonika
  - RUT230 (v1)
 ath79-nand
 ~~~~~~~~~~
 - Aerohive
  - HiveAP 121
 - NETGEAR
  - WNDR4300 (v1)
 lantiq-xrx200
 ~~~~~~~~~~~~~
 - Arcadyan
  - o2 Box 6431
 ramips-mt7621
 ~~~~~~~~~~~~~
 - Cudy
  - X6 (v1, v2)
 - D-Link
  - DAP-X1860 (A1)
 - GL.iNet
  - GL-MT1300
 - Mercusys
  - MR70X (v1)
 - Xiaomi
  - Mi Router 3G
 ramips-mt76x8
 ~~~~~~~~~~~~~
 - TP-Link
  - RE200 (v3)
 realtek-rtl838x
 ~~~~~~~~~~~~~~~
 - D-Link
  - DGS-1210-10P
 ipq40xx-generic
 ~~~~~~~~~~~~~~~
 - AVM
  - FRITZBox 7520
 ipq40xx-mikrotik
 ~~~~~~~~~~~~~~~~
 - Mikrotik
  - hAP ac2
 Bugfixes
 --------
 * Enterasys WS-AP3705i now uses the correct image-name for use with the autoupdater
  (`#2819 <https://github.com/freifunk-gluon/gluon/issues/2819>`_)
 * Reduce memory Usage for ath10k on ZyXEL WRE6606 devices
  (`#2842 <https://github.com/freifunk-gluon/gluon/issues/2842>`_)
 * Replace the Workaround for failed boots on ath79 with a proper fix.
  (`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784#issuecomment-1452126501>`_)
 * AVM FRITZ!Box 7360 v2 flashed with the incorrect image for v1 will automatically update to the correct image.
 * Revert OOM inducing switch of ath79 Wave2 firmware back to -ct
  (`#2879 <https://github.com/freifunk-gluon/gluon/pull/2879>`_)
 Known issues
 ------------
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
 * The integration of the BATMAN_V routing algorithm is incomplete.
  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
    metric.
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
--- a/docs/releases/v2022.1.rst
+++ b/docs/releases/v2022.1.rst
@ -1,417 +0,0 @@
 Gluon 2022.1
 ============
 Important notes
 ---------------
 Upgrades to v2022.1 and later releases are only supported from releases v2020.1 and later. This is due to migrations that have been removed to simplify maintenance.
 Added hardware support
 ----------------------
 ath79-generic
 ~~~~~~~~~~~~~
 - D-Link
  - DAP-2660 A1
 - Enterasys
  - WS-AP3705i
 - Siemens
  - WS-AP3610
 - TP-Link
  - Archer A7 v5
  - CPE510 v2
  - CPE510 v3
  - CPE710 v1
  - EAP225-Outdoor v1
  - WBS210 v2
 ath79-mikrotik
 ~~~~~~~~~~~~~~
 - Mikrotik
  - RB951Ui-2nD
 ipq40xx-generic
 ~~~~~~~~~~~~~~~
 - Aruba Networks
  - AP-303H
  - AP-365
  - InstantOn AP11D
  - InstantOn AP17
 ipq40xx-mikrotik
 ~~~~~~~~~~~~~~~~
 - Mikrotik
  - SXTsq-5-AC
 ramips-mt7620
 ~~~~~~~~~~~~~
 - Xiaomi
  - Mi Router 3G (v2)
 ramips-mt7621
 ~~~~~~~~~~~~~
 - Cudy
  - WR2100
 - Netgear
  - R6260
  - WAC104
  - WAX202
 - TP-Link
  - RE500
  - RE650 v1
 - Ubiquiti
  - UniFi 6 Lite
 - Xiaomi
  - Mi Router 4A (Gigabit Edition)
 ramips-mt7622
 ~~~~~~~~~~~~~
 - Linksys
  - E8450
 - Xiaomi
  - AX3200
 - Ubiquiti
  - UniFi 6 LR
 ramips-mt76x8
 ~~~~~~~~~~~~~
 - GL.iNet
  - microuter-N300
 - Netgear
  - R6020
 - RAVPower
  - RP-WD009
 - TP-Link
  - Archer C20 v4
  - Archer C20 v5
  - RE200 v2
  - RE305 v1
 - Xiaomi
  - Mi Router 4C
  - Mi Router 4A (100M Edition)
 rockchip-armv8
 ~~~~~~~~~~~~~~
 - FriendlyElec
  - NanoPi R2S
 mpc85xx-p1010
 ~~~~~~~~~~~~~
 - Sophos
  - RED 15w rev. 1
 mpc85xx-p1020
 ~~~~~~~~~~~~~
 - Extreme Networks
  - WS-AP3825i
 Removed Devices
 ---------------
 This list contains devices which do not have enough memory or flash to
 be operated with this Gluon release.
 - D-Link
  - DIR-615 (C1, D1, D2, D3, D4, H1)
 - Linksys
  - WRT160NL
 - TP-Link
  - TL-MR13U (v1)
  - TL-MR3020 (v1)
  - TL-MR3040 (v1, v2)
  - TL-MR3220 (v1, v2)
  - TL-MR3420 (v1, v2)
  - TL-WA701N/ND (v1, v2)
  - TL-WA730RE (v1)
  - TL-WA750RE (v1)
  - TL-WA801N/ND (v1, v2, v3)
  - TL-WA830RE (v1, v2)
  - TL-WA850RE (v1)
  - TL-WA860RE (v1)
  - TL-WA901N/ND (v1, v2, v3, v4, v5)
  - TL-WA7210N (v2)
  - TL-WA7510N (v1)
  - TL-WR703N (v1)
  - TL-WR710N (v1, v2)
  - TL-WR740N (v1, v3, v4, v5)
  - TL-WR741N/ND (v1, v2, v4, v5)
  - TL-WR743N/ND (v1, v2)
  - TL-WR840N (v2)
  - TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
  - TL-WR841N/ND (v1, v2)
  - TL-WR843N/ND (v1)
  - TL-WR940N (v1, v2, v3, v4, v5, v6)
  - TL-WR941ND (v2, v3, v4, v5, v6)
  - TL-WR1043N/ND (v1)
  - WDR4900
 - Ubiquiti
  - AirGateway
  - AirGateway Pro
  - AirRouter
  - Bullet
  - LS-SR71
  - Nanostation XM
  - Nanostation Loco XM
  - Picostation
 - Unknown
  - A5-V11
 - VoCore
  - VoCore (8M, 16M)
 Atheros target migration
 ------------------------
 All Atheros MIPS devices built with the ``ar71xx-generic``,
 ``ar71xx-nand`` as well as ``ar71xx-tiny`` were deprecated upstream and
 are therefore not available with Gluon anymore.
 Many devices previously built with ``ar71xx-generic`` and
 ``ar71xx-nand`` are now available with the ``ath79-generic`` as well as
 ``ath79-nand`` target respectively.
 Missing devices
 ~~~~~~~~~~~~~~~
 The following devices have not yet been integrated into Gluons ath79
 targets.
 - 8Devices
  - Carambola 2
 - Aerohive
  - HiveAP 121
 - Allnet
  - ALL0315
 - Buffalo
  - WZR-HP-G300NH2
  - WZR-HP-G450H
 - GL.iNet
  - 6408A v1
 - NETGEAR
  - WNDR4300
  - WNDRMAC
  -  WNDRMAC v2
 - TP-Link
  - WR2543
 - Ubiquiti
  - Rocket
 - WD
  - MyNet N600
  - MyNet N750
 - ZyXEL
  - NB6616
  - NB6716
 Features
 --------
 WireGuard
 ~~~~~~~~~
 Gluon got WireGuard support. This allows offloading **encrypted**
 connections into kernel space, increasing performance by forwarding
 packets without the need for context switches between user and kernel
 space.
 In order to reuse existing (already verified) fastd-keypairs for
 WireGuard, a key derivation procedure is `currently being
 developed <https://github.com/freifunk-gluon/gluon/pull/2601>`__. This
 should ease migration from fastd to WireGuard in case whitelisting VPN
 keys is desired.
 fastd L2TP
 ~~~~~~~~~~
 fastd can now act as a connection broker for unencrypted L2TP-based
 tunneling within Gluons mesh-vpn framework. This new ``null@l2tp``
 connection method allows for increased performance within existing
 fastd setups.
 In addition to a sufficiently
 :ref:`configured fastd-based VPN server<vpn-gateway-configuration>`,
 this requires further modifications to a sites :ref:`VPN fastd methods<VPN fastd methods>`.
 Major changes
 -------------
 OpenWrt
 ~~~~~~~
 This release is based on the newest OpenWrt 22.03 release branch.
 It ships with Linux kernel 5.10 as well as wireless-backports 5.15.
 Network changes (DSA / Upgrade-Behavior)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The ``ramips-mt7621`` and ``lantiq-xrx200`` targets now use the upstream DSA
 subsystem instead of OpenWrt swconfig for managing ethernet switches.
 Gluon detects the existing user-intent and automatically applies it over
 to DSA syntax. See the section about network reconfiguration for more
 details.
 System reconfiguration
 ~~~~~~~~~~~~~~~~~~~~~~
 The network and system-LED configurations are now re-generated after
 each update / invocation of ``gluon-reconfigure``.
 The user-intent is preserved within Gluon’s implemented functionality
 (Wired-Mesh / Client access / WAN).
 As an additional feature, Gluon now supports assigning roles to
 interfaces. This behavior is explained
 :ref:`here<wired-mesh-commandline>`.
 Site changes
 ------------
 VPN provider MTU
 ~~~~~~~~~~~~~~~~
 To account for multiple VPN methods available for a site, the MTU used
 for the VPN tunnel connection is now moved to the specific VPN provider
 configuration. For fastd this means that ``mesh_vpn.mtu`` needs to be
 moved to ``mesh_vpn.fastd.mtu``. (`#2352 <https://github.com/freifunk-gluon/gluon/pull/2352>`__)
 Preconfigured Interfaces Roles
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Instead of ``mesh_on_wan`` and ``mesh_on_lan`` there is now an
 ``interfaces`` block to configure the default behavior of network
 interfaces. Details can be found in the 
 :ref:`documentation<user-site-interfaces>`.
 Minor changes
 -------------
 - The ``brcm2708-bcm2708`` ``brcm2708-bcm2709`` ``brcm2708-bcm2710``
  targets were renamed to ``bcm27xx-bcm2708`` ``bcm27xx-bcm2709`` and
  ``bcm27xx-bcm2710``
 - The GL.iNet GL-AR750S was moved to the ``ath79-nand`` subtarget
 - Gluon now ships the ath10k-ct firmware derivation for
  QCA9886 / QCA9888 / QCA9896 / QCA9898 / QCA9984 /
  QCA9994 / IPQ4018 / IPQ4028 / IPQ4019 / IPQ4029
  radios (`#2541 <https://github.com/freifunk-gluon/gluon/pull/2541>`__)
 - WolfSSL instead of OpenSSL is now used when built with WPA3 support
 - The option to configure the wireless-channel independent from the
  site-selected channel was moved from
  ``gluon-core.wireless.preserve_channels`` to
  ``gluon.wireless.preserve_channels``
 - ``gluon-info`` is a new command that provides information about the
  current node
 - ``GLUON_DEPRECATED`` is now set to 0 by default
 - To reboot a running gluon-node into setup-mode, Gluon now offers the
  ``gluon-enter-setup-mode`` command
 - Devices without WLAN do not show the private-wifi configuration
  anymore
 - The Autoupdater now uses the site default branch in case it is
  configured to use a non-existent / invalid branch
 Known issues
 ------------
 * A workaround for Android devices not waking up to their MLD subscriptions was removed,
  potentially breaking IPv6 connectivity for these devices after extended sleep periods.
  (`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
 * The integration of the BATMAN_V routing algorithm is incomplete.
  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
    metric.
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@ -1 +1 @@
-sphinx-rtd-theme==1.2.0
+sphinx-rtd-theme==1.0.0
--- a/docs/site-example/i18n/de.po
+++ b/docs/site-example/i18n/de.po
@ -58,7 +58,7 @@ msgid "gluon-config-mode:novpn"
 msgstr ""
 "<p><strong>Du hast ausgewählt die Internetverbindung (Mesh-VPN) nicht zu "
 "nutzen</strong>. Dein Knoten kann also nur dann eine Verbindung zum "
-"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind.</p>"
+"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind."
 "<p>Bitte schicke uns eine E-Mail mit dem Namen deines Knotens "
 "(<em><%= pcdata(hostname) %></em>) und ein paar Informationen an <a href="
 "\"mailto:freifunk-keys@lists.in-kiel.de?"
--- a/docs/site-example/modules
+++ b/docs/site-example/modules
@ -9,13 +9,14 @@
 #GLUON_SITE_FEEDS='my_own_packages'
 ##	PACKAGES_$feedname_REPO
-#		the git repository from where to clone the package feed
+#		the  git repository from where to clone the package feed
 #PACKAGES_MY_OWN_PACKAGES_REPO=https://github.com/.../my-own-packages.git
 ##	PACKAGES_$feedname_COMMIT
 #		the version/commit of the git repository to clone
 #PACKAGES_MY_OWN_PACKAGES_COMMIT=123456789aabcda1a69b04278e4d38f2a3f57e49
-##	PACKAGES_$feedname_BRANCH
+##  PACKAGES_$feedname_BRANCH
-#		the branch to check out
+#   the branch to check out
 #PACKAGES_MY_OWN_PACKAGES_BRANCH=my_branch
--- a/docs/site-example/site.conf
+++ b/docs/site-example/site.conf
@ -1,4 +1,4 @@
-- This is an example site configuration for Gluon v2022.1
+-- This is an example site configuration for Gluon v2021.1
 --
 -- Take a look at the documentation located at
 -- https://gluon.readthedocs.io/ for details.
@ -105,6 +105,7 @@
  mesh_vpn = {
    -- enabled = true,
    mtu = 1312,
    fastd = {
      -- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@ -112,7 +113,6 @@
      -- List of crypto-methods to use.
      methods = {'salsa2012+umac'},
      mtu = 1312,
      -- configurable = true,
      -- syslog_level = 'warn',
--- a/docs/user/faq.rst
+++ b/docs/user/faq.rst
@ -25,3 +25,84 @@ interface. This DNS server must be announced in router advertisements (using
 on *batman-adv*. If your mesh does not have global IPv6 connectivity, you can setup
 your *radvd* not to announce a default route by setting the *default lifetime* to 0;
 in this case, the *radvd* is only used to announce the DNS server.
 .. _faq-mtu:
 What is a good MTU on the mesh-vpn?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Setting the MTU on the transport interface requires careful consideration, as
 setting it too low will cause excessive fragmentation and setting it too high
 may leave peers with a broken tunnel due to packet loss.
 Consider these key values:
 - Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
  of 1280 Byte specified in RFC 2460
  - and configure `MSS clamping`_ accordingly,
  - and announce your link MTU via Router Advertisements and DHCP
  .. _MSS clamping: https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
 - Encapsulation: Account for the overhead created by the configured mesh protocol
  encapsulating the payload, which is up to 32 Byte (14 Byte Ethernet + 18 Byte
  batadv).
 - PMTU: What MTU does the path between your gateway and each of its peers support?
 For reference, the complete MTU stack looks like this:
 .. image:: mtu-diagram_v5.png
 Minimum MTU
 -----------
 Calculate the minimum transport MTU by adding the encapsulation overhead to the
 minimum payload MTU required. This is the lowest recommended value, since going
 lower would cause unnecessary fragmentation for clients which respect the announced
 link MTU.
 Example: Our network currently uses batman-adv v15, it therefore requires up
 to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
 transporting IPv6.::
  \        1312              1294          1280                                 0
   \---------+-----------------+-------------+----------------------------------+
    \TAP     |    batadv v15   |   Ethernet  |            Payload               |
     \-------+-----------------+-------------+----------------------------------+
      \      ^
             |
          MTU_LOW = 1280 Byte + 14 Byte + 18 Byte = 1312 Byte
 Maximum MTU
 -----------
 Calculating the maximum transport MTU is interesting, because it increases the
 throughput, by allowing larger payloads to be transported, but also more difficult
 as you have to take into account the tunneling overhead and each peers PMTU, which
 varies between providers.
 The underlying reasons are mostly PPPoE, Tunneling and IPv6 transition technologies
 like DS-Lite.
 Example: The peer with the smallest MTU on your network is behind DS-Lite and can
 transport IPv4 packets up to 1436 Bytes in size. Your tunnel uses IPv4 (20 Byte),
 UDP (8 Byte), Fastd (24 byte) and you require TAP (14 Byte) for Layer 2 (Ethernet)
 Tunneling.::
  1436                1416     1408                    1384          1370    \
    +-------------------+--------+-----------------------+-------------+------\
    |        IP         |  UDP   |         Fastd         |     TAP     |    bat\
    +-------------------+--------+-----------------------+-------------+--------\
                                                                       ^         \
                                                                       |
       MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
 Conclusion
 ----------
 Determining the maximum MTU can be a tedious process, especially since the PMTU
 of peers could change at any time. The general recommendation for maximized
 compatibility is therefore the minimum MTU of 1312 Byte, which works well with
 both IPv4 and IPv6.
--- a/docs/user/getting_started.rst
+++ b/docs/user/getting_started.rst
@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2022.1*. Always get Gluon using git and don't try to download it
+e.g. *v2021.1*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.
 Please keep in mind that there is no "default Gluon" build; a site configuration
@ -25,20 +25,18 @@ An example configuration can be found in the Gluon repository at *docs/site-exam
 Dependencies
 ------------
 To build Gluon, several packages need to be installed on the system. On a
-freshly installed Debian Bullseye system the following packages are required:
+freshly installed Debian Stretch system the following packages are required:
 * `git` (to get Gluon and other dependencies)
 * `subversion`
 * `python3`
 * `build-essential`
 * `ecdsautils` (to sign firmware, see `contrib/sign.sh`)
 * `gawk`
 * `unzip`
 * `libncurses-dev` (actually `libncurses5-dev`)
 * `libz-dev` (actually `zlib1g-dev`)
 * `libssl-dev`
 * `libelf-dev` (to build x86-64)
 * `wget`
 * `rsync`
 * `time` (built-in `time` doesn't work)
 * `qemu-utils`
@ -52,7 +50,7 @@ Building the images
 -------------------
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2022.1*.
+version you'd like to checkout, e.g. *v2021.1*.
 ::
--- a/docs/user/mtu.rst
+++ b/docs/user/mtu.rst
@ -1,223 +0,0 @@
 MTU for Mesh-VPN
 ================
 What is a good MTU on the mesh-vpn?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Setting the MTU on the transport interface requires careful consideration, as
 setting it too low will cause excessive fragmentation and setting it too high
 may leave peers with a broken tunnel due to packet loss.
 Consider these key values:
 - Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
  of 1280 Byte specified in RFC 2460
  - and configure `MSS clamping`_ accordingly,
  - and announce your link MTU via Router Advertisements and DHCP
  .. _MSS clamping: https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
 - Encapsulation: Account for the overhead created by the configured mesh protocol
  encapsulating the payload, which is up to 32 Byte (14 Byte Ethernet + 18 Byte
  batadv).
 - PMTU: What MTU does the path between your gateway and each of its peers support?
 For reference, the complete MTU stack looks like this:
 .. image:: mtu-diagram_v5.png
 Example for Minimum MTU
 -----------------------
 Calculate the minimum transport MTU by adding the encapsulation overhead to the
 minimum payload MTU required. This is the lowest recommended value, since going
 lower would cause unnecessary fragmentation for clients which respect the announced
 link MTU.
 .. editorconfig-checker-disable
 Example: Our network currently uses batman-adv v15, it therefore requires up
 to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
 transporting IPv6.::
  \        1312              1294          1280                                 0
   \---------+-----------------+-------------+----------------------------------+
    \TAP     |    batadv v15   |   Ethernet  |            Payload               |
     \-------+-----------------+-------------+----------------------------------+
      \      ^
             |
          MTU_LOW = 1280 Byte + 14 Byte + 18 Byte = 1312 Byte
 Example for Maximum MTU
 -----------------------
 Calculating the maximum transport MTU is interesting, because it increases the
 throughput, by allowing larger payloads to be transported, but also more difficult
 as you have to take into account the tunneling overhead and each peers PMTU, which
 varies between providers.
 The underlying reasons are mostly PPPoE, Tunneling and IPv6 transition technologies
 like DS-Lite.
 Example: The peer with the smallest MTU on your network is behind DS-Lite and can
 transport IPv4 packets up to 1436 Bytes in size. Your tunnel uses IPv4 (20 Byte),
 UDP (8 Byte), Fastd (24 byte) and you require TAP (14 Byte) for Layer 2 (Ethernet)
 Tunneling.::
  1436                1416     1408                    1384          1370    \
    +-------------------+--------+-----------------------+-------------+------\
    |        IP         |  UDP   |         Fastd         |     TAP     |    bat\
    +-------------------+--------+-----------------------+-------------+--------\
                                                                       ^         \
                                                                       |
       MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
 .. editorconfig-checker-enable
 Tables for Different VPN Providers
 ----------------------------------
 VPN Protocol Overhead (IPv4)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Overhead of the VPN protocol layers in bytes on top of an Ethernet frame.
 +----------+-------+--------------+-----------+
 |          | fastd | Tunneldigger | Wireguard |
 +==========+=======+==============+===========+
 | IPv4     | 20    | 20           | 20        |
 +----------+-------+--------------+-----------+
 | UDP      | 8     | 8            | 8         |
 +----------+-------+--------------+-----------+
 | Protocol | 24    | 8            | 32        |
 +----------+-------+--------------+-----------+
 | TAP      | 14    | 14           | /         |
 +----------+-------+--------------+-----------+
 | Sum      | 66    | 50           | 60        |
 +----------+-------+--------------+-----------+
 Intermediate Layer Overhead
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Overhead of additional layers on top of the VPN packet needed for different VPN
 providers.
 +------------+-------+--------------+-----------+
 |            | fastd | Tunneldigger | Wireguard |
 +============+=======+==============+===========+
 | IPv6       | /     | /            | 40        |
 +------------+-------+--------------+-----------+
 | vxlan      | /     | /            | 16        |
 +------------+-------+--------------+-----------+
 | Ethernet   | /     | /            | 14        |
 +------------+-------+--------------+-----------+
 | Batman v15 | 18    | 18           | 18        |
 +------------+-------+--------------+-----------+
 | Ethernet   | 14    | 14           | 14        |
 +------------+-------+--------------+-----------+
 | Sum        | 32    | 32           | 102       |
 +------------+-------+--------------+-----------+
 Minimum MTU
 ^^^^^^^^^^^
 Calculation of different derived MTUs based on a 1280 byte payload to
 avoid fragmentation.
 Suggestions:
 - This configuration is only suggested for fastd and Tunneldigger.
 - For WireGuard, this configuration is **unsuitable**. To obtain a 1280 byte
  payload with our protocol stack (see below), the Ethernet frame payload would
  be 1442 bytes long (for IPv4). As we assume that the WAN network might have
  a (worst case) MTU of only 1436 (with DSLite), this packet would be too long
  for the WAN network.
 +-------------------------------+-------+--------------+-----------+
 |                               | fastd | Tunneldigger | Wireguard |
 +===============================+=======+==============+===========+
 | max unfragmented payload\*    | 1280  | 1280         | 1280      |
 +-------------------------------+-------+--------------+-----------+
 | intermed layer overhead       | 32    | 32           | 102       |
 +-------------------------------+-------+--------------+-----------+
 | VPN MTU\*\*                   | 1312  | 1312         | 1382      |
 +-------------------------------+-------+--------------+-----------+
 | protocol overhead (IPv4)      | 66    | 50           | 60        |
 +-------------------------------+-------+--------------+-----------+
 | min acceptable WAN MTU (IPv4) | 1378  | 1362         | **1442**  |
 +-------------------------------+-------+--------------+-----------+
 | min acceptable WAN MTU (IPv6) | 1398  | 1382         | 1462      |
 +-------------------------------+-------+--------------+-----------+
 \* Maximum size of payload going into the bat0 interface, that will not be
 fragmented by batman.
 \*\* This is the MTU that is set in the site.conf.
 Maximum MTU
 ^^^^^^^^^^^
 Calculation of different derived MTUs based on a maximum WAN MTU of 1436.
 Suggestions:
 - This configuration can be used for fastd and Tunneldigger.
 - For WireGuard, this is the recommended configuration. batman-adv will
  fragment larger packets transparently to avoid packet loss.
 +-------------------------------+-------+--------------+-----------+
 |                               | fastd | Tunneldigger | Wireguard |
 +===============================+=======+==============+===========+
 | min acceptable WAN MTU (IPv4) | 1436  | 1436         | 1436      |
 +-------------------------------+-------+--------------+-----------+
 | protocol overhead (IPv4)      | 66    | 50           | 60        |
 +-------------------------------+-------+--------------+-----------+
 | VPN MTU\*\*                   | 1370  | 1386         | 1376      |
 +-------------------------------+-------+--------------+-----------+
 | intermed layer overhead       | 32    | 32           | 102       |
 +-------------------------------+-------+--------------+-----------+
 | max unfragmented payload\*    | 1338  | 1354         | 1274      |
 +-------------------------------+-------+--------------+-----------+
 | min acceptable WAN MTU (IPv6) | 1398  | 1382         | 1462      |
 +-------------------------------+-------+--------------+-----------+
 \* Maximum size of payload going into the bat0 interface, that will not be
 fragmented by batman.
 \*\* This is the MTU that is set in the site.conf.
 Suggested MSS Values
 ^^^^^^^^^^^^^^^^^^^^
 It is highly advised to use MSS clamping for TCP on the gateways/supernodes in
 order to avoid the fragmentation mechanism of batman whenever possible.
 Especially on small embedded devices, fragmentation costs performance.
 As batmans fragmentation is transparent to the TCP layer, clamping the MSS
 automatically to the PMTU does not work. Instead, the MSS must be specified
 explicitly. In iptables, this is done via :code:`-j TCPMSS --set-mss X`,
 whereby :code:`X` is the desired MSS.
 Since the MSS is specified in terms of payload of a TCP packet, the MSS is
 different for IPv4 and IPv6. Here are some examples for different max
 unfragmented payloads:
 +---------------------------------+------+------+------+------+
 | max unfragmented payload        | 1274 | 1280 | 1338 | 1354 |
 +=================================+======+======+======+======+
 | suggested MSS (IPv4, -40 bytes) | 1234 | 1240 | 1298 | 1314 |
 +---------------------------------+------+------+------+------+
 | suggested MSS (IPv6, -60 bytes) | 1214 | 1220 | 1278 | 1294 |
 +---------------------------------+------+------+------+------+
 Conclusion
 ^^^^^^^^^^
 Determining the maximum MTU can be a tedious process, especially since the PMTU
 of peers could change at any time. The general recommendation for maximized
 compatibility is therefore an MTU of 1312 bytes (for fastd and tunneldigger)
 and 1376 bytes (for WireGuard).
--- a/docs/user/site.rst
+++ b/docs/user/site.rst
@ -49,13 +49,10 @@ node_prefix6
    node_prefix6 = 'fdca::ffee:babe:2::/64'
-node_client_prefix6 \: optional, deprecated
+node_client_prefix6
-  DEPRECATED: Don't specify it anymore, this prefix will then
+  The ipv6 prefix from which the client-specific IP-address is calculated that
-  automatically be generated from the domain_seed.
+  is assigned to each node by l3roamd to allow efficient communication when 
-
+  roaming. This is exclusively useful when running a routing mesh protocol
  An IPv6 prefix internally used by the l3roamd protocol, used to allow
  an efficient handover via unicast when a client roamed.
  This is exclusively useful when running a routing mesh protocol
  like babel. e.g. ::
    node_client_prefix6 = 'fdca::ffee:babe:3::/64'
@ -291,7 +288,7 @@ mesh_vpn
  The `enabled` option can be set to true to enable the VPN by default. `mtu`
  defines the MTU of the VPN interface, determining a proper MTU value is described
-  in :doc:`mtu`.
+  in the :ref:`FAQ <faq-mtu>`.
  By default the public key of a node's VPN daemon is not added to announced respondd
  data; this prevents malicious ISPs from correlating VPN sessions with specific mesh
@ -334,10 +331,10 @@ mesh_vpn
    mesh_vpn = {
      -- enabled = true,
      mtu = 1312,
      -- pubkey_privacy = true,
      fastd = {
        mtu = 1312,
        methods = {'salsa2012+umac'},
        -- configurable = true,
        -- syslog_level = 'warn',
@ -387,22 +384,7 @@ mesh_vpn
      },
      tunneldigger = {
-        mtu = 1312,
+        brokers = {'vpn1.alpha-centauri.freifunk.net'}
        brokers = {'vpn1.alpha-centauri.freifunk.net'},
      },
      wireguard = {
        mtu = 1376,
        peers = {
          vpn1 = {
            public_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=',
            endpoint = 'vpn1.alpha-centauri.freifunk.net:51810',
          },
          vpn2 = {
            public_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=',
            endpoint = 'vpn2.alpha-centauri.freifunk.net:51810',
          },
        },
      },
      bandwidth_limit = {
@ -417,8 +399,6 @@ mesh_vpn
      },
    }
 .. _user-site-interfaces:
 interfaces \: optional
  Default setup for Ethernet ports.
  ::
@ -448,8 +428,13 @@ interfaces \: optional
  The ``client`` role requires exclusive control over an interface. When
  the ``client`` role is assigned to an interface at the same time as other
  roles (like ``'client', 'mesh'`` in the above example), the other roles take
-  precedence (enabling ``mesh``, but not ``client`` in the example). In that
+  precedence (enabling ``mesh``, but not ``client`` in the example).
-  case, the ``client`` role is removed from the config of the interface.
+
  Such a default configuration still fulfills a purpose (and is in fact the
  recommended way to enable "Mesh-on-LAN" by default): The "LAN interface
  meshing" checkbox in the advanced network settings will only add or remove
  the ``mesh`` role, so the ``client`` role must already be in the configuration
  to make the LAN port a regular client interface when the checkbox is disabled.
  All interface settings are optional. If unset, the following defaults are
  used:
--- a/docs/user/supported_devices.rst
+++ b/docs/user/supported_devices.rst
@ -4,20 +4,9 @@ Supported Devices & Architectures
 ath79-generic
 --------------
 * ALFA Network
  - AP121F
 * AVM
  - FRITZ!WLAN Repeater 300E [#avmflash]_
  - Fritz!WLAN Repeater 450E [#avmflash]_
  - Fritz!Box 4020 [#avmflash]_
 * Buffalo
  - WZR-HP-AG300H / WZR-600DHP
  - WZR-HP-G300NH (rtl8366s)
 * devolo
@ -35,41 +24,21 @@ ath79-generic
  - DAP-2660 A1 [#lan_as_wan]_
  - DIR-505 A1 [#lan_as_wan]_
  - DIR-505 A2 [#lan_as_wan]_
  - DIR-825 B1
 * Enterasys
  - WS-AP3705i
 * Extreme Networks
  - WS-AP3805i
 * GL.iNet
  - 6416A
  - GL-AR150
  - GL-AR300M-Lite
  - GL-AR750
  - GL-USB150 (Microuter)
 * Joy-IT
  - JT-OR750i
 * LibreRouter
  - LibreRouter v1 [#missing_radios]_
 * Netgear
  - WNDR3700 (v1, v2)
  - WNDR3800
  - WNR2200 (8M, 16M)
 * OCEDO
  - Koala
  - Raccoon
 * Onion
@ -99,71 +68,35 @@ ath79-generic
  - WS-AP3610
 * Teltonika
  - RUT230 (v1)
 * TP-Link
  - Archer A7 (v5)
-  - Archer C5 (v1)
+  - Archer C6 (v2)
-  - Archer C6 (v2 EU/RU/JP)
+  - Archer C7 (v2)
-  - Archer C7 (v2, v4, v5)
+  - CPE210 (v1.0, v1.1, v2.0)
  - Archer C59 (v1)
  - CPE210 (v1.0, v1.1, v2.0, v3.0, v3.1, v3.20)
  - CPE220 (v3.0)
-  - CPE510 (v1.0, v1.1, v2.0, v3.0)
+  - CPE510 (v1.0, v1.1)
-  - CPE710 (v1.0)
+  - CPE510 (v2.0)
  - CPE510 (v3.0)
  - EAP225-Outdoor (v1)
  - RE450 (v1)
  - TL-WDR3500 (v1)
  - TL-WDR3600 (v1)
  - TL-WDR4300 (v1)
-  - TL-WR810N (v1)
+  - TL-WR1043N/ND (v3, v4)
-  - TL-WR842N/ND (v3)
+  - WBS210 (v2.0)
  - TL-WR1043N/ND (v2, v3, v4, v5)
  - WBS210 (v1.20, v2.0)
  - WBS510 (v1.20)
 * Ubiquiti
  - NanoBeam M5 (XW)
  - NanoStation Loco M2/M5 (XW)
  - NanoStation M2/M5 (XW)
  - UniFi AC Lite
  - UniFi AC LR
  - UniFi AC Mesh
  - UniFi AC Mesh Pro
  - UniFi AC Pro
  - UniFi AP
  - UniFi AP LR
  - UniFi AP Outdoor+
  - UniFi AP PRO
 ath79-nand
 ----------
 * Aerohive
  - HiveAP 121
 * GL.iNet
  - GL-AR300M
  - GL-AR750S
  - GL-XE300
 * Netgear
  - WNDR3700 (v4)
  - WNDR4300 (v1)
 ath79-mikrotik
 --------------
 * Mikrotik
  - RB951Ui-2nD (hAP)
 brcm2708-bcm2708
 ----------------
@ -191,8 +124,7 @@ ipq40xx-generic
 * AVM
  - FRITZ!Box 4040 [#avmflash]_
-  - FRITZ!Box 7520 (v1) [#eva_ramboot]_ [#lan_as_wan]_
+  - FRITZ!Box 7530 [#eva_ramboot]_
  - FRITZ!Box 7530 [#eva_ramboot]_ [#lan_as_wan]_
  - FRITZ!Repeater 1200 [#eva_ramboot]_
 * EnGenius
@ -201,7 +133,6 @@ ipq40xx-generic
 * GL.iNet
  - GL-AP1300
  - GL-B1300
 * Linksys
@ -228,15 +159,6 @@ ipq40xx-generic
  - NBG6617
  - WRE6606  [#device-class-tiny]_
 ipq40xx-mikrotik
 ----------------
 * Mikrotik
  - DISC Lite5 ac (RBDiscG-5acD)
  - hAP ac2
  - SXTsq 5 ac (RBSXTsqG-5acD)
 ipq806x-generic
 ---------------
@ -247,10 +169,6 @@ ipq806x-generic
 lantiq-xrx200
 -------------
 * Arcadyan
  - VGV7510KW22 (o2 Box 6431)
 * AVM
  - FRITZ!Box 7360 (v1, v2) [#avmflash]_ [#lan_as_wan]_
@ -258,10 +176,6 @@ lantiq-xrx200
  - FRITZ!Box 7362 SL [#eva_ramboot]_ [#lan_as_wan]_
  - FRITZ!Box 7412 [#eva_ramboot]_
 * TP-Link
  - TD-W8970 (v1) [#lan_as_wan]_
 lantiq-xway
 -----------
@ -276,20 +190,12 @@ lantiq-xway
 mediatek-mt7622
 ---------------
 * Linksys
  - E8450
 * Ubiquiti
  - UniFi 6 LR
-* Xiaomi
+mpc85xx-generic
-
+---------------
  - AX3200 (RB03)
 mpc85xx-p1010
 -------------
 * Sophos
@ -310,10 +216,6 @@ mpc85xx-p1020
  - WS-AP3710i
 * Extreme Networks
  - WS-AP3825i
 * OCEDO
  - Panda
@ -321,10 +223,6 @@ mpc85xx-p1020
 ramips-mt7620
 -------------
 * ASUS
  - RT-AC51U
 * GL.iNet
  - GL-MT300A
@ -358,37 +256,14 @@ ramips-mt7621
  - RT-AC57U
 * Cudy
  - WR1300 (v1)
  - WR2100
  - X6 (v1, v2)
 * D-Link
  - DAP-X1860 (A1)
  - DIR-860L (B1)
 * GL.iNet
  - GL-MT1300
 * Mercusys
  - MR70X (v1)
 * NETGEAR
  - EX6150 (v1)
  - R6220
  - R6260
  - WAC104
  - WAX202
 * TP-Link
  - RE500 (v1)
  - RE650 (v1)
 * Ubiquiti
@ -396,23 +271,14 @@ ramips-mt7621
  - EdgeRouter X-SFP
  - UniFi 6 Lite
 * Wavlink
  - WS-WN572HP3 (4G)
 * ZBT
  - WG3526-16M
  - WG3526-32M
 * ZyXEL
  - NWA50AX
 * Xiaomi
  - Xiaomi Mi Router 4A (Gigabit Edition)
  - Xiaomi Mi Router 3G (v1, v2)
 ramips-mt76x8
 -------------
@ -429,7 +295,6 @@ ramips-mt76x8
 * NETGEAR
  - R6020
  - R6120
 * RAVPower
@ -438,10 +303,9 @@ ramips-mt76x8
 * TP-Link
-  - Archer C20 (v4, v5)
+  - Archer C50 (v3)
-  - Archer C50 (v3, v4)
+  - Archer C50 (v4)
-  - RE200 (v2, v3)
+  - RE200 (v2)
  - RE305 (v1) [#device-class-tiny]
  - TL-MR3020 (v3)
  - TL-MR3420 (v5)
  - TL-WA801ND (v5)
@ -455,23 +319,14 @@ ramips-mt76x8
 * Xiaomi
  - Xiaomi Mi Router 4A (100M Edition)
  - Xiaomi Mi Router 4A (100M International Edition)
  - Xiaomi Mi Router 4C
 realtek-rtl838x
 ---------------
 * D-Link
  - DGS-1210-10P (F1)
 rockchip-armv8
 --------------
 * FriendlyElec
  - NanoPi R2S
  - NanoPi R4S (4GB LPDDR4)
 sunxi-cortexa7
 --------------
@ -510,7 +365,7 @@ Footnotes
 .. [#device-class-tiny]
  These devices only support a subset of Gluons capabilities due to flash or memory
-  size constraints. Devices are classified as tiny if they provide less than 7M of usable
+  size constraints. Devices are classified as tiny in they provide less than 7M of usable
  flash space or have a low amount of system memory. For more information, see the
  developer documentation: :ref:`device-class-definition`.
@ -524,10 +379,6 @@ Footnotes
 .. [#lan_as_wan]
  All LAN ports on this device are used as WAN.
 .. [#missing_radios]
  This device contains more than two WLAN radios, which is currently
  unsupported by Gluon. Only the first two radios will work.
 .. [#modular_ethernet]
  These devices follow a modular principle,
  which means even basic functionality like ethernet is provided by an expansion-board,
--- a/docs/user/x86.rst
+++ b/docs/user/x86.rst
@ -15,7 +15,7 @@ The following targets for x86 images exist:
    There are three images:
-    * `generic` (compressed "raw" image, can be written to a disk directly or booted with qemu)
+    * `generic` (compressed "raw" image, can written to a disk directly or booted with qemu)
    * `virtualbox` (VDI image)
    * `vmware` (VMDK image)
--- a/14
+++ b/14
@ -1,16 +1,16 @@
 GLUON_FEEDS='packages routing gluon'
 OPENWRT_REPO=https://github.com/openwrt/openwrt.git
-OPENWRT_BRANCH=openwrt-22.03
+OPENWRT_BRANCH=master
-OPENWRT_COMMIT=e500494771537b9f42f78e4d907bed18b6383606
+OPENWRT_COMMIT=c41da167d21612916376c9125e8c75ed6fe706fe
 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
-PACKAGES_PACKAGES_BRANCH=openwrt-22.03
+PACKAGES_PACKAGES_BRANCH=master
-PACKAGES_PACKAGES_COMMIT=55eed1761207f4dfdb8e7d79138f6f65c8849b50
+PACKAGES_PACKAGES_COMMIT=2366b268131e4e114d4aff4ed86083b5a5e17ccb
 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git
-PACKAGES_ROUTING_BRANCH=openwrt-22.03
+PACKAGES_ROUTING_BRANCH=master
-PACKAGES_ROUTING_COMMIT=1cc7676b9f32acc30ec47f15fcb70380d5d6ef01
+PACKAGES_ROUTING_COMMIT=e3c68429239f77c895b32502e2609df8b72c6caa
 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
-PACKAGES_GLUON_COMMIT=29912ec6308fd10b47763b4cf28a638d07f59973
+PACKAGES_GLUON_COMMIT=308166e3c6b2d571606dd1dbfadd2bb8e31d8f90
--- a/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
+++ b/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
@ -6,17 +6,17 @@ local file = '/etc/dropbear/authorized_keys'
 local keys = {}
 local function load_keys()
-	for line in io.lines(file) do
+  for line in io.lines(file) do
-		keys[line] = true
+    keys[line] = true
-	end
+  end
 end
 pcall(load_keys)
 local f = io.open(file, 'a')
 for _, key in ipairs(site.authorized_keys()) do
-	if not keys[key] then
+  if not keys[key] then
-		f:write(key .. '\n')
+    f:write(key .. '\n')
-	end
+  end
 end
 f:close()
--- a/package/gluon-autoupdater/check_site.lua
+++ b/package/gluon-autoupdater/check_site.lua
@ -1,25 +1,11 @@
-local branches = table_keys(need_table({'autoupdater', 'branches'}, function(branch)
+need_string(in_site({'autoupdater', 'branch'}), false)
 need_table({'autoupdater', 'branches'}, function(branch)
 	need_alphanumeric_key(branch)
 	need_string(in_site(extend(branch, {'name'})))
 	need_string_array_match(extend(branch, {'mirrors'}), '^http://')
 	local pubkeys = need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
 	need_number(in_site(extend(branch, {'good_signatures'})))
-	need(in_site(extend(branch, {'good_signatures'})), function(good_signatures)
+	need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
 		return good_signatures <= #pubkeys
 	end, nil, string.format('be less than or equal to the number of public keys (%d)', #pubkeys))
 	obsolete(in_site(extend(branch, {'probability'})), 'Use GLUON_PRIORITY in site.mk instead.')
-end))
+end)
 need_one_of(in_site({'autoupdater', 'branch'}), branches, false)
 -- Check GLUON_AUTOUPDATER_BRANCH
 local default_branch
 local f = io.open((os.getenv('IPKG_INSTROOT') or '') .. '/lib/gluon/autoupdater/default_branch')
 if f then
 	default_branch = f:read('*line')
 	f:close()
 end
 need_one_of(value('GLUON_AUTOUPDATER_BRANCH', default_branch), branches, false)
--- a/package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
+++ b/package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
@ -2,15 +2,15 @@
 stop() {
-	if [ -x /etc/init.d/"$1" ]; then
+        if [ -x /etc/init.d/"$1" ]; then
-		echo "Stopping $1..."
+                echo "Stopping $1..."
-		/etc/init.d/"$1" stop
+                /etc/init.d/"$1" stop
-	fi
+        fi
 }
 start_enabled() {
-	if [ -x /etc/init.d/"$1" ] && /etc/init.d/"$1" enabled; then
+        if [ -x /etc/init.d/"$1" ] && /etc/init.d/"$1" enabled; then
-		echo "Starting $1..."
+                echo "Starting $1..."
-		/etc/init.d/"$1" start
+                /etc/init.d/"$1" start
-	fi
+        fi
 }
--- a/package/gluon-autoupdater/luasrc/lib/gluon/upgrade/500-autoupdater
+++ b/package/gluon-autoupdater/luasrc/lib/gluon/upgrade/500-autoupdater
@ -21,34 +21,25 @@ for name, config in pairs(site.autoupdater.branches()) do
 	end
 end
-local function default_branch()
+if not uci:get('autoupdater', 'settings') then
 	local enabled = unistd.access('/lib/gluon/autoupdater/default_enabled') ~= nil
 	local branch = site.autoupdater.branch(min_branch)
 	local f = io.open('/lib/gluon/autoupdater/default_branch')
 	if f then
-		local ret = f:read('*line')
+		branch = f:read('*line')
 		f:close()
 		return ret
 	end
 	return site.autoupdater.branch(min_branch)
 end
 local enabled, branch
 if not uci:get('autoupdater', 'settings') then
 	enabled = unistd.access('/lib/gluon/autoupdater/default_enabled') ~= nil
 end
 local old_branch = uci:get('autoupdater', 'settings', 'branch')
 if not old_branch or not uci:get('autoupdater', old_branch) then
 	branch = default_branch()
 	if not branch then
 		enabled = false
 	end
 end
-uci:section('autoupdater', 'autoupdater', 'settings', {
+	uci:section('autoupdater', 'autoupdater', 'settings', {
-	enabled = enabled,
+		enabled = enabled,
-	branch = branch,
+		branch = branch,
-})
+	})
 end
 uci:set('autoupdater', 'settings', 'version_file', '/lib/gluon/release')
--- a/package/gluon-autoupdater/src/respondd.c
+++ b/package/gluon-autoupdater/src/respondd.c
@ -1,5 +1,27 @@
-/* SPDX-FileCopyrightText: 2016, Matthias Schiffer <mschiffer@universe-factory.net> */
+/*
-/* SPDX-License-Identifier: BSD-2-Clause */
+  Copyright (c) 2016, Matthias Schiffer <mschiffer@universe-factory.net>
  All rights reserved.
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:
    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.
    2. Redistributions in binary form must reproduce the above copyright notice,
       this list of conditions and the following disclaimer in the documentation
       and/or other materials provided with the distribution.
  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <respondd.h>
@ -37,7 +59,7 @@ static struct json_object * get_autoupdater(void) {
 	return ret;
-error:
+ error:
 	uci_free_context(ctx);
 	return NULL;
 }
--- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless
+++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless
@ -90,16 +90,21 @@ local function configure_owe_transition_mode(config, radio_name)
 	local name_client = 'client_' .. radio_name
 	local name_owe = 'owe_' .. radio_name
-	local ifname_client = uci:get('wireless', name_client, 'ifname')
+	local ssid_client = uci:get('wireless', name_client, 'ssid')
-	local ifname_owe = uci:get('wireless', name_owe, 'ifname')
+	local ssid_owe = uci:get('wireless', name_owe, 'ssid')
-	if not (ifname_client and ifname_owe) then
+	local macaddr_client = uci:get('wireless', name_client, 'macaddr')
 	local macaddr_owe = uci:get('wireless', name_owe, 'macaddr')
 	if not (ssid_client and ssid_owe and macaddr_client and macaddr_owe) then
 		return
 	end
-	uci:set('wireless', name_client, 'owe_transition_ifname', ifname_owe)
+	uci:set('wireless', name_client, 'owe_transition_ssid', ssid_owe)
-	uci:set('wireless', name_owe, 'owe_transition_ifname', ifname_client)
+	uci:set('wireless', name_client, 'owe_transition_bssid', macaddr_owe)
 	uci:set('wireless', name_owe, 'owe_transition_ssid', ssid_client)
 	uci:set('wireless', name_owe, 'owe_transition_bssid', macaddr_client)
 	uci:set('wireless', name_owe, 'hidden', '1')
 end
--- a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua
+++ b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua
@ -10,11 +10,11 @@ return function(form, uci)
 	local msg = pkg_i18n.translate(
 		'Your internet connection can be used to establish a ' ..
-		'VPN connection with other nodes. ' ..
+	        'VPN connection with other nodes. ' ..
-		'Enable this option if there are no other nodes reachable ' ..
+	        'Enable this option if there are no other nodes reachable ' ..
-		'over WLAN in your vicinity or you want to make a part of ' ..
+	        'over WLAN in your vicinity or you want to make a part of ' ..
-		'your connection\'s bandwidth available for the network. You can limit how ' ..
+	        'your connection\'s bandwidth available for the network. You can limit how ' ..
-		'much bandwidth the node will use at most.'
+	        'much bandwidth the node will use at most.'
 	)
 	local s = form:section(Section, nil, msg)
--- a/package/gluon-config-mode-theme/files/lib/gluon/config-mode/view/theme/layout.html
+++ b/package/gluon-config-mode-theme/files/lib/gluon/config-mode/view/theme/layout.html
@ -1,7 +1,12 @@
 <%#
-SPDX-License-Identifier: Apache-2.0
+Copyright 2008 Steven Barth <steven@midlink.org>
-SPDX-FileCopyrightText: 2008 Steven Barth <steven@midlink.org>
+Copyright 2008-2010 Jo-Philipp Wich <xm@subsignal.org>
-SPDX-FileCopyrightText: 2008-2010 Jo-Philipp Wich <xm@subsignal.org>
+
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 	http://www.apache.org/licenses/LICENSE-2.0
 -%>
 <%
 	local pretty_hostname = require "pretty_hostname"
@ -38,7 +43,7 @@ SPDX-FileCopyrightText: 2008-2010 Jo-Philipp Wich <xm@subsignal.org>
 		table.sort(ret,
 			function(a, b)
 				return (node.nodes[a].order or 100)
-					< (node.nodes[b].order or 100)
+				     < (node.nodes[b].order or 100)
 			end
 		)
 		return ret
@ -120,7 +125,7 @@ SPDX-FileCopyrightText: 2008-2010 Jo-Philipp Wich <xm@subsignal.org>
 	</div>
 	<div id="maincontainer">
-		<%
+	  <%
 			if not hidenav then
 				menutree(unpack(request))
 			end
--- a/package/gluon-config-mode-theme/files/lib/gluon/config-mode/www/static/gluon.css
+++ b/package/gluon-config-mode-theme/files/lib/gluon/config-mode/www/static/gluon.css
--- a/package/gluon-config-mode-theme/sass/gluon.scss
+++ b/package/gluon-config-mode-theme/sass/gluon.scss
@ -6,7 +6,7 @@
 	sass --sourcemap=none -C -t compressed sass/gluon.scss files/lib/gluon/config-mode/www/static/gluon.css
-	When committing changes to this file make sure to commit the respective
+	When commiting changes to this file make sure to commit the respective
 	changes to the compilid version within the same commit!
 */
@ -273,10 +273,6 @@ input[type=checkbox] {
 		text-align: center;
 		font-size: 1.7em;
 	}
 	&[disabled] + label {
 		background-color: #dcdcdc !important;
 	}
 }
 input[type=radio] {
@ -370,13 +366,6 @@ input[type=password] {
 	min-width: 20em;
 }
 .gluon-multi-list-option-descr {
 	display: inline-block;
 	vertical-align: top;
 	margin-top: 0.35em;
 	margin-left: 0.4em;
 }
 .gluon-button {
 	@include button;
@ -529,11 +518,6 @@ textarea {
 	}
 }
 .gluon-warning {
 	@extend .gluon-section-descr;
 	background: lighten($ffyellow, 35);
 }
 .error500 {
 	border: 1px dotted #ff0000;
 	background-color: #ffffff;
--- a/package/gluon-core/check_site.lua
+++ b/package/gluon-core/check_site.lua
@ -66,7 +66,6 @@ need_boolean(in_site({'poe_passthrough'}), false)
 if need_table({'dns'}, nil, false) then
 	need_string_array_match({'dns', 'servers'}, '^[%x:]+$')
 	need_number({'dns', 'cacheentries'}, false)
 end
 need_string_array(in_domain({'next_node', 'name'}), false)
@ -77,11 +76,7 @@ need_boolean(in_domain({'mesh', 'vxlan'}), false)
 local interfaces_roles = {'client', 'uplink', 'mesh'}
 for _, config in ipairs({'wan', 'lan', 'single'}) do
-	local default_roles = in_site({'interfaces', config, 'default_roles'})
+	need_array_of(in_site({'interfaces', config, 'default_roles'}), interfaces_roles, false)
 	need_array_of(default_roles, interfaces_roles, false)
 	need_array_elements_exclusive(default_roles, 'client', 'mesh', false)
 	need_array_elements_exclusive(default_roles, 'client', 'uplink', false)
 end
 obsolete({'mesh_on_wan'}, 'Use interfaces.wan.default_roles.')
--- a/package/gluon-core/files/etc/hotplug.d/firmware/20-gluon-ath10k-fwcfg
+++ b/package/gluon-core/files/etc/hotplug.d/firmware/20-gluon-ath10k-fwcfg
@ -1,9 +0,0 @@
 #!/bin/sh
 [ -e "/lib/firmware/$FIRMWARE" ] && exit 0
 case "$FIRMWARE" in
 ath10k/fwcfg*)
 	cp "/lib/gluon/ath10k-fwcfg.txt" "/lib/firmware/$FIRMWARE"
 	;;
 esac
--- a/package/gluon-core/files/etc/uci-defaults/zzz-gluon-upgrade
+++ b/package/gluon-core/files/etc/uci-defaults/zzz-gluon-upgrade
@ -1,10 +1,5 @@
 #!/bin/sh
 # Work around an issue with wifi setup timing by waiting a bit
 # while device initialisation is ongoing.
 # https://github.com/freifunk-gluon/gluon/issues/2779
 sleep 3
 gluon-reconfigure
 exit 0
--- a/package/gluon-core/files/lib/gluon/ath10k-fwcfg.txt
+++ b/package/gluon-core/files/lib/gluon/ath10k-fwcfg.txt
@ -1,4 +0,0 @@
 vdevs = 4
 peers = 96
 active_peers = 96
 stations = 96
--- a/package/gluon-core/files/lib/gluon/core/mesh/post-setup.d/.keep
+++ b/package/gluon-core/files/lib/gluon/core/mesh/post-setup.d/.keep
--- a/package/gluon-core/files/lib/netifd/proto/gluon_wired.sh
+++ b/package/gluon-core/files/lib/netifd/proto/gluon_wired.sh
@ -5,90 +5,90 @@
 init_proto "$@"
 proto_gluon_wired_init_config() {
-	proto_config_add_boolean transitive
+        proto_config_add_boolean transitive
-	proto_config_add_int index
+        proto_config_add_int index
-	proto_config_add_boolean vxlan
+        proto_config_add_boolean vxlan
-	proto_config_add_string vxpeer6addr
+        proto_config_add_string vxpeer6addr
 }
 xor2() {
-	echo -n "${1:0:1}"
+        echo -n "${1:0:1}"
-	echo -n "${1:1:1}" | tr '0123456789abcdef' '23016745ab89efcd'
+        echo -n "${1:1:1}" | tr '0123456789abcdef' '23016745ab89efcd'
 }
 is_layer3_device () {
-	local addrlen="$(cat "/sys/class/net/$1/addr_len")"
+        local addrlen="$(cat "/sys/class/net/$1/addr_len")"
-	test "$addrlen" -eq 0
+        test "$addrlen" -eq 0
 }
 # shellcheck disable=SC2086
 interface_linklocal() {
-	if is_layer3_device "$1"; then
+        if is_layer3_device "$1"; then
-		if ! ubus call network.interface dump | \
+                if ! ubus call network.interface dump | \
-		jsonfilter -e "@.interface[@.l3_device='$1']['ipv6-address'][*].address" | \
+                     jsonfilter -e "@.interface[@.l3_device='$1']['ipv6-address'][*].address" | \
-		grep -e '^fe[89ab][0-9a-f]' -m 1; then
+                     grep -e '^fe[89ab][0-9a-f]' -m 1; then
-			proto_notify_error "$config" "MISSING_LL_ADDR_ON_LOWER_IFACE"
+                        proto_notify_error "$config" "MISSING_LL_ADDR_ON_LOWER_IFACE"
-			proto_block_restart "$config"
+                        proto_block_restart "$config"
-			exit 1
+                        exit 1
-		fi
+                fi
-		return
+                return
-	fi
+        fi
-	local macaddr="$(ubus call network.device status '{"name": "'"$1"'"}' | jsonfilter -e '@.macaddr')"
+        local macaddr="$(ubus call network.device status '{"name": "'"$1"'"}' | jsonfilter -e '@.macaddr')"
-	local oldIFS="$IFS"; IFS=':'; set -- $macaddr; IFS="$oldIFS"
+        local oldIFS="$IFS"; IFS=':'; set -- $macaddr; IFS="$oldIFS"
-	echo "fe80::$(xor2 "$1")$2:$3ff:fe$4:$5$6"
+        echo "fe80::$(xor2 "$1")$2:$3ff:fe$4:$5$6"
 }
 proto_gluon_wired_setup() {
-	local config="$1"
+        local config="$1"
-	local ifname="$2"
+        local ifname="$2"
-	local meshif="$config"
+        local meshif="$config"
-	local transitive index vxlan vxpeer6addr
+        local transitive index vxlan vxpeer6addr
-	json_get_vars transitive index vxlan vxpeer6addr
+        json_get_vars transitive index vxlan vxpeer6addr
-	# default args
+        # default args
-	[ -z "$vxlan" ] && vxlan=1
+        [ -z "$vxlan" ] && vxlan=1
-	[ -z "$vxpeer6addr" ] && vxpeer6addr='ff02::15c'
+        [ -z "$vxpeer6addr" ] && vxpeer6addr='ff02::15c'
-	proto_init_update "$ifname" 1
+        proto_init_update "$ifname" 1
-	proto_send_update "$config"
+        proto_send_update "$config"
-	if [ "$vxlan" -eq 1 ]; then
+        if [ "$vxlan" -eq 1 ]; then
-		meshif="vx_$config"
+                meshif="vx_$config"
-		json_init
+                json_init
-		json_add_string name "$meshif"
+                json_add_string name "$meshif"
-		[ -n "$index" ] && json_add_string macaddr "$(lua -e "print(require('gluon.util').generate_mac($index))")"
+                [ -n "$index" ] && json_add_string macaddr "$(lua -e "print(require('gluon.util').generate_mac($index))")"
-		json_add_string proto 'vxlan6'
+                json_add_string proto 'vxlan6'
-		json_add_string tunlink "$config"
+                json_add_string tunlink "$config"
-		# ip6addr (the lower interface ip6) is used by the vxlan.sh proto
+                # ip6addr (the lower interface ip6) is used by the vxlan.sh proto
-		json_add_string ip6addr "$(interface_linklocal "$ifname")"
+                json_add_string ip6addr "$(interface_linklocal "$ifname")"
-		json_add_string peer6addr "$vxpeer6addr"
+                json_add_string peer6addr "$vxpeer6addr"
-		json_add_int vid "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vxlan", 3), 16))')"
+                json_add_int vid "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vxlan", 3), 16))')"
-		json_add_boolean rxcsum '0'
+                json_add_boolean rxcsum '0'
-		json_add_boolean txcsum '0'
+                json_add_boolean txcsum '0'
-		json_close_object
+                json_close_object
-		ubus call network add_dynamic "$(json_dump)"
+                ubus call network add_dynamic "$(json_dump)"
-	fi
+        fi
-	json_init
+        json_init
-	json_add_string name "${config}_mesh"
+        json_add_string name "${config}_mesh"
-	json_add_string ifname "@${meshif}"
+        json_add_string ifname "@${meshif}"
-	json_add_string proto 'gluon_mesh'
+        json_add_string proto 'gluon_mesh'
-	json_add_boolean fixed_mtu 1
+        json_add_boolean fixed_mtu 1
-	[ -n "$transitive" ] && json_add_boolean transitive "$transitive"
+        [ -n "$transitive" ] && json_add_boolean transitive "$transitive"
-	json_close_object
+        json_close_object
-	ubus call network add_dynamic "$(json_dump)"
+        ubus call network add_dynamic "$(json_dump)"
 }
 proto_gluon_wired_teardown() {
-	local config="$1"
+        local config="$1"
-	proto_init_update "*" 0
+        proto_init_update "*" 0
-	proto_send_update "$config"
+        proto_send_update "$config"
 }
 add_protocol gluon_wired
--- a/package/gluon-core/luasrc/lib/gluon/check-site.lua
+++ b/package/gluon-core/luasrc/lib/gluon/check-site.lua
@ -55,20 +55,8 @@ local function merge(a, b)
 	return m
 end
 local function contains(table, val)
 	for i=1,#table do
 		if table[i] == val then
 			return true
 		end
 	end
 	return false
 end
 local function path_to_string(path)
 	if path.is_value then
 		return path.label
 	end
 	return table.concat(path, '.')
 end
@ -108,10 +96,6 @@ local function domain_src()
 end
 local function conf_src(path)
 	if path.is_value then
 		return 'Configuration'
 	end
 	local src
 	if has_domains then
@ -154,14 +138,6 @@ function M.in_domain(path)
 	return path
 end
 function M.value(label, value)
 	return {
 		is_value = true,
 		label = label,
 		value = value,
 	}
 end
 function M.this_domain()
 	return domain_code
 end
@ -195,10 +171,6 @@ function loadpath(path, base, c, ...)
 end
 local function loadvar(path)
 	if path.is_value then
 		return path.value
 	end
 	return loadpath({}, conf, unpack(path))
 end
@ -378,21 +350,6 @@ function M.need_array_of(path, array, required)
 	return M.need_array(path, function(e) M.need_one_of(e, array) end, required)
 end
 function M.need_array_elements_exclusive(path, a, b, required)
 	local val = need_type(path, 'table', required, 'be an array')
 	if not val then
 		return nil
 	end
 	if contains(val, a) and contains(val, b) then
 		config_error(conf_src(path),
 			'expected %s to contain only one of the elements %s and %s, but not both.',
 			path_to_string(path), format(a), format(b))
 	end
 	return val
 end
 function M.need_chanlist(path, channels, required)
 	local valid_chanlist = check_chanlist(channels)
 	return M.need(path, valid_chanlist, required,
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac
@ -87,9 +87,6 @@ local primary_addrs = {
 		{'ipq806x', 'generic', {
 			'netgear,r7800',
 		}},
 		{'lantiq', 'xrx200', {
 			'arcadyan,vgv7510kw22-nor',
 		}},
 		{'lantiq', 'xway', {
 			'netgear,dgn3500b',
 		}},
@ -105,7 +102,6 @@ local primary_addrs = {
 		}},
 		{'rockchip', 'armv8', {
 			'friendlyarm,nanopi-r2s',
 			'friendlyarm,nanopi-r4s',
 		}},
 		{'x86'},
 	}},
@ -121,7 +117,6 @@ local primary_addrs = {
 		}},
 		{'ramips', 'mt7620', {
 			'xiaomi,miwifi-mini',
 			'asus,rt-ac51u',
 		}},
 	}},
 	{phy(1), {
@ -151,7 +146,7 @@ for _, matcher in ipairs(primary_addrs) do
 		if platform.match(unpack(match)) then
 			local addr = f()
 			if addr then
-				sysconfig.primary_mac = addr:lower()
+				sysconfig.primary_mac = addr
 				return
 			end
 		end
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces
@ -46,35 +46,20 @@ if platform.match('ath79', 'generic', {
 	'tplink,cpe210-v1',
 	'tplink,cpe210-v2',
 	'tplink,cpe510-v1',
 	'tplink,wbs210-v1',
 	'tplink,wbs210-v2',
 	'tplink,wbs510-v1',
 	'ubnt,nanostation-m-xw',
 	'ubnt,unifi-ap-pro',
 }) then
 	lan_ifname, wan_ifname = wan_ifname, lan_ifname
-elseif platform.match('ath79', 'generic', {
+elseif platform.match('lantiq') then
-	'ubnt,unifi-ap-outdoor-plus',
+	local switch_data = board_data.switch or {}
-}) then
+	local switch0_data = switch_data.switch0 or {}
-	-- Temporary solution to separate interfaces in bridged default setup
+	local roles_data = switch0_data.roles or {}
-	lan_ifname, wan_ifname = 'eth0', 'eth1'
+	for _, role_data in ipairs(roles_data) do
-elseif platform.match('ath79', 'generic', {
+		if role_data.role == 'wan' then
-	'ubnt,unifiac-mesh-pro',
+			wan_ifname = iface_exists(role_data.device)
-	'ubnt,unifiac-pro',
+			break
-}) then
+		end
-	lan_ifname, wan_ifname = 'eth0.2', 'eth0.1'
+	end
 elseif platform.match('ramips', 'mt7621', {
 	'netgear,wac104',
 }) then
 	lan_ifname, wan_ifname = 'lan2 lan3 lan4', 'lan1'
 elseif platform.match('lantiq', 'xrx200', {
 	'arcadyan,vgv7510kw22-nor',
 }) then
 	lan_ifname, wan_ifname = 'lan1 lan2 lan3 lan4', 'wan'
 elseif platform.match('realtek', 'rtl838x', {
 	'd-link,dgs-1210-10p',
 }) then
 	lan_ifname, wan_ifname = 'lan2 lan3 lan4 lan5 lan6 lan7 lan8 lan9 lan10', 'lan1'
 end
 if wan_ifname and lan_ifname then
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/021-interface-roles
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/021-interface-roles
@ -7,10 +7,10 @@ local util = require 'gluon.util'
 -- Defaults from site.conf
 local roles = {
-	lan = site.interfaces.lan.default_roles({'client'}),
+	lan = site.interfaces.lan.roles({'client'}),
-	wan = site.interfaces.wan.default_roles({'uplink'}),
+	wan = site.interfaces.wan.roles({'uplink'}),
 }
-roles.single = site.interfaces.single.default_roles({unpack(roles.wan)})
+roles.single = site.interfaces.single.roles(roles.wan)
 -- Migration of Mesh-on-WAN/LAN setting from Gluon 2021.1 and older (to be removed in 2024)
 --
@ -63,19 +63,4 @@ for iface in pairs(interfaces) do
 	end
 end
 -- Fix invalid role configurations
 uci:foreach('gluon', 'interface', function(interface)
 	local function has_role(role)
 		return util.contains(interface.role, role)
 	end
 	if has_role('client') and (has_role('mesh') or has_role('uplink')) then
 		-- remove 'client' role
 		util.remove_from_set(interface.role, 'client')
 		uci:set('gluon', interface['.name'], 'role', interface.role)
 	end
 end)
 uci:save('gluon')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network
@ -1,22 +1,7 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local sysconfig = require 'gluon.sysconfig'
 local util = require 'gluon.util'
 local json = require 'jsonc'
 local function get_network_mac(name)
 	local board_data = json.load('/etc/board.json')
 	local network_data = (board_data or {}).network
 	if network_data == nil then
 		return nil
 	end
 	local ifdata = network_data[name] or {}
 	return ifdata.macaddr
 end
 local wan = uci:get_all('network_gluon-old', 'wan') or {}
 local wan6 = uci:get_all('network_gluon-old', 'wan6') or {}
@ -28,19 +13,11 @@ uci:section('network', 'interface', 'loopback', {
 	netmask = '255.0.0.0',
 })
 local wan_proto = 'dhcp'
 if sysconfig.gluon_version and wan.proto ~= nil then
 	-- Only restore WAN proto in case this is an upgrade
 	wan_proto = wan.proto
 end
 uci:section('network', 'interface', 'wan', {
-	proto = wan_proto,
+	proto = wan.proto or 'dhcp',
 	ipaddr = wan.ipaddr,
 	netmask = wan.netmask,
 	gateway = wan.gateway,
 	macaddr = get_network_mac('wan'),
 	ifname = util.get_role_interfaces(uci, 'uplink'),
 	type = 'bridge',
 	igmp_snooping = true,
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/115-swconfig
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/115-swconfig
@ -1,29 +0,0 @@
 #!/usr/bin/lua
 local platform = require 'gluon.platform'
 local uci = require('simple-uci').cursor()
 local switch_vlans = {
 	-- device identifier, lan ports, wan ports
 	["ubnt,unifiac-mesh-pro"] = {"3 0t", "2 0t"},
 	["ubnt,unifiac-pro"] = {"2 0t", "3 0t"},
 }
 local board_name = platform.get_board_name()
 local assignments = switch_vlans[board_name]
 if not platform.match('ath79', 'generic') or not assignments then
 	return
 end
 uci:delete_all('network', 'switch_vlan')
 for vlan, ports in ipairs(assignments) do
 	uci:section("network", "switch_vlan", nil, {
 		device = "switch0",
 		vlan = vlan,
 		ports = ports,
 	})
 end
 uci:save('network')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/190-preserve-wireless-channels
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/190-preserve-wireless-channels
@ -1,23 +0,0 @@
 #!/usr/bin/lua
 local wireless = require 'gluon.wireless'
 local uci = require('simple-uci').cursor()
 local preserve_channels = wireless.preserve_channels(uci)
 -- Migrate preserve channels from pre-2022.01
 local core_wireless = uci:get_first('gluon-core', 'wireless')
 if core_wireless ~= nil then
 	local preserve_legacy = uci:get_bool('gluon-core', core_wireless, 'preserve_channels')
 	if preserve_legacy then
 		preserve_channels = true
 	end
 	uci:delete('gluon-core', core_wireless)
 	uci:save('gluon-core')
 end
 uci:section('gluon', 'wireless', 'wireless', {
 	preserve_channels = preserve_channels or false,
 })
 uci:save('gluon')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless
@ -53,19 +53,19 @@ local function is_outdoor()
 end
 local function get_channel(radio, config)
-	if radio.band == '5g' and is_outdoor() then
+	local channel
 	if wireless.preserve_channels(uci) then
 		-- preserved channel always wins
 		channel = radio.channel
 	elseif radio.band == '5g' and is_outdoor() then
 		-- actual channel will be picked and probed from chanlist
-		return 'auto'
+		channel = 'auto'
 	end
-	return config.channel()
+	return channel or config.channel()
 end
 local function get_htmode(radio)
 	if wireless.preserve_channels(uci) then
 		return radio.htmode
 	end
 	if radio.band == '5g' and is_outdoor() then
 		local outdoor_htmode = uci:get('gluon', 'wireless', 'outdoor_' .. radio['.name'] .. '_htmode')
 		if outdoor_htmode ~= nil then
@ -175,20 +175,6 @@ local function configure_mesh_wireless(radio, index, config, disabled)
 	)
 end
 local function set_channels(radio, radio_name, config)
 	if wireless.preserve_channels(uci) then
 		return
 	end
 	local channel = get_channel(radio, config)
 	uci:set('wireless', radio_name, 'channel', channel)
 	local chanlist
 	if radio.band == '5g' and is_outdoor() then
 		chanlist = config.outdoor_chanlist()
 	end
 	uci:set('wireless', radio_name, 'channels', chanlist)
 end
 wireless.foreach_radio(uci, function(radio, index, config)
 	local radio_name = radio['.name']
@ -204,13 +190,13 @@ wireless.foreach_radio(uci, function(radio, index, config)
 		return
 	end
 	local channel = get_channel(radio, config)
 	local htmode = get_htmode(radio)
 	local beacon_interval = config.beacon_interval()
 	uci:delete('wireless', radio_name, 'disabled')
-	set_channels(radio, radio_name, config)
+	uci:set('wireless', radio_name, 'channel', channel)
 	uci:set('wireless', radio_name, 'htmode', htmode)
 	uci:set('wireless', radio_name, 'country', site.regdom())
@ -222,17 +208,22 @@ wireless.foreach_radio(uci, function(radio, index, config)
 		uci:set('wireless', radio_name, 'legacy_rates', false)
 		configure_mesh_wireless(radio, index, config)
 	elseif (band == '5g') then
 		-- ToDo: Remove in v2024.x
 		local hostapd_options = uci:get_list('wireless', radio_name, 'hostapd_options')
 		util.remove_from_set(hostapd_options, 'country3=0x4f')
 		uci:set_list('wireless', radio_name, 'hostapd_options', hostapd_options)
 		if is_outdoor() then
 			uci:set('wireless', radio_name, 'channels', config.outdoor_chanlist())
 			-- enforce outdoor channels by filtering the regdom for outdoor channels
-			uci:set('wireless', radio_name, 'country3', '0x4f')
+			local hostapd_options = uci:get_list('wireless', radio_name, 'hostapd_options')
 			util.add_to_set(hostapd_options, 'country3=0x4f')
 			uci:set_list('wireless', radio_name, 'hostapd_options', hostapd_options)
 			configure_mesh_wireless(radio, index, config, true)
 		else
-			uci:delete('wireless', radio_name, 'country3')
+			uci:delete('wireless', radio_name, 'channels')
 			local hostapd_options = uci:get_list('wireless', radio_name, 'hostapd_options')
 			util.remove_from_set(hostapd_options, 'country3=0x4f')
 			uci:set_list('wireless', radio_name, 'hostapd_options', hostapd_options)
 			configure_mesh_wireless(radio, index, config)
 		end
 	end
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-mesh
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-mesh
@ -33,14 +33,6 @@ if #mesh_interfaces_other > 0 then
 	else
 		iftype = 'bridge'
 		ifname = mesh_interfaces_other
 		for _, iface in ipairs(ifname) do
 			uci:section('network', 'device', nil, {
 				name = iface,
 				isolate = true,
 			})
 		end
 	end
 	uci:section('network', 'interface', 'mesh_other', {
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/250-cellular
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/250-cellular
@ -1,63 +0,0 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local platform = require 'gluon.platform'
 if not platform.is_cellular_device() then
 	return
 end
 local function set_or_delete(package, section, option, val)
 	if val ~= nil and string.len(val) ~= 0 then
 		uci:set(package, section, option, val)
 	else
 		uci:delete(package, section, option)
 	end
 end
 local function setup_ncm_qmi(devpath, control_type, delay)
 	local pdptype = uci:get('gluon', 'cellular', 'pdptype')
 	local pincode = uci:get('gluon', 'cellular', 'pin')
 	local username = uci:get('gluon', 'cellular', 'username')
 	local password = uci:get('gluon', 'cellular', 'password')
 	uci:section('network', 'interface', 'cellular', {
 		proto = control_type,
 		device = devpath,
 		disabled = not uci:get_bool('gluon', 'cellular', 'enabled'),
 		pdptype = pdptype,
 		apn = uci:get('gluon', 'cellular', 'apn'),
 	})
 	if pdptype ~= 'IP' then
 		uci:set('network', 'cellular', 'ipv6', 'auto')
 	else
 		uci:delete('network', 'cellular', 'ipv6')
 	end
 	set_or_delete('network', 'cellular', 'pincode', pincode)
 	set_or_delete('network', 'cellular', 'username', username)
 	set_or_delete('network', 'cellular', 'password', password)
 	set_or_delete('network', 'cellular', 'delay', delay)
 end
 if platform.match('ath79', 'nand', {
 	'glinet,gl-xe300',
 }) then
 	setup_ncm_qmi('/dev/cdc-wdm0', 'qmi', 15)
 elseif platform.match('ath79', 'nand', {
 	'zte,mf281',
 }) then
 	setup_ncm_qmi('/dev/ttyACM0', 'ncm', 15)
 elseif platform.match('ipq40xx', 'generic', {
 	'glinet,gl-ap1300',
 }) then
 	setup_ncm_qmi('/dev/cdc-wdm0', 'qmi', 15)
 elseif platform.match('ramips', 'mt7621', {
 	'wavlink,ws-wn572hp3-4g',
 }) then
 	setup_ncm_qmi('/dev/ttyUSB2', 'ncm', 15)
 end
 uci:save('network')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/300-firewall-rules
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/300-firewall-rules
@ -1,7 +1,6 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local platform = require 'gluon.platform'
 local defaults = uci:get_first('firewall', 'defaults')
@ -17,18 +16,8 @@ local function reject_input_on_wan(zone)
 	return true
 end
 local function add_cellular_wan(zone)
 	if zone.name == 'wan' then
 		uci:set('firewall', zone['.name'], 'network', {'wan', 'wan6', 'cellular_4', 'cellular_6'})
 	end
 end
 uci:foreach('firewall', 'zone', reject_input_on_wan)
 if platform.is_cellular_device() then
 	uci:foreach('firewall', 'zone', add_cellular_wan)
 end
 for _, zone in ipairs({'mesh', 'loc_client', 'wired_mesh'}) do
 	-- Other packages assign interfaces to these zones
 	uci:section('firewall', 'zone', zone, {
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/500-opkg
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/500-opkg
@ -37,7 +37,6 @@ local function replace_patterns(url)
 end
 local openwrt = site.opkg.openwrt()
 local extra = site.opkg.extra({})
@ -52,8 +51,6 @@ for _, line in ipairs(distfeeds) do
 	local name = line:match('^src/gz%s' .. prefix .. '(%S+)%s')
 	if name == 'core' then
 		f:write('# ' .. line .. '\n')
 	elseif name and openwrt then
 		f:write(string.format('src/gz %s %s/%s\n', prefix .. name, replace_patterns(openwrt), name))
 	else
 		f:write(line .. '\n')
 	end
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config
@ -12,7 +12,7 @@ uci:set('dhcp', dnsmasq, 'localise_queries', true)
 uci:set('dhcp', dnsmasq, 'localservice', false)
 uci:set('dhcp', dnsmasq, 'server', dns.servers)
-uci:set('dhcp', dnsmasq, 'cachesize', dns.cacheentries)
+uci:delete('dhcp', dnsmasq, 'cachesize')
 uci:delete('firewall', 'client_dns')
 if dns.servers then
--- a/package/gluon-core/luasrc/usr/bin/gluon-info
+++ b/package/gluon-core/luasrc/usr/bin/gluon-info
@ -26,7 +26,6 @@ local values = {
 		.. ' / ' .. util.trim(util.readfile('/lib/gluon/site-version')) },
 	{ 'Firmware release', util.trim(util.readfile('/lib/gluon/release')) },
 	{ 'Site', site.site_name() },
 	{ 'Domain', uci:get('gluon', 'core', 'domain') or 'n/a' },
 	{ 'Public VPN key', pubkey or 'n/a' },
 }
--- a/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua
+++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua
@ -25,27 +25,17 @@ end
 function M.is_outdoor_device()
 	if M.match('ath79', 'generic', {
 		'devolo,dvl1750x',
 		'librerouter,librerouter-v1',
 		'plasmacloud,pa300',
 		'plasmacloud,pa300e',
 		'tplink,cpe210-v1',
 		'tplink,cpe210-v2',
 		'tplink,cpe210-v3',
 		'tplink,cpe220-v3',
 		'tplink,cpe510-v1',
 		'tplink,cpe510-v2',
 		'tplink,cpe510-v3',
 		'tplink,cpe710-v1',
 		'tplink,eap225-outdoor-v1',
 		'tplink,wbs210-v1',
 		'tplink,wbs210-v2',
 		'tplink,wbs510-v1',
 		'ubnt,nanobeam-m5-xw',
 		'ubnt,nanostation-loco-m-xw',
 		'ubnt,nanostation-m-xw',
 		'ubnt,unifi-ap-outdoor-plus',
 		'ubnt,unifiac-mesh',
 		'ubnt,unifiac-mesh-pro',
 	}) then
 		return true
@ -55,36 +45,6 @@ function M.is_outdoor_device()
 		'plasmacloud,pa1200',
 	}) then
 		return true
 	elseif M.match('ipq40xx', 'mikrotik', {
 		'mikrotik,sxtsq-5-ac',
 	}) then
 		return true
 	elseif M.match('ramips', 'mt7621', {
 		'wavlink,ws-wn572hp3-4g',
 		'zyxel,nwa55axe',
 	}) then
 		return true
 	end
 	return false
 end
 function M.is_cellular_device()
 	if M.match('ath79', 'nand', {
 		'zte,mf281',
 		'glinet,gl-xe300',
 	}) then
 		return true
 	elseif M.match('ipq40xx', 'generic', {
 		'glinet,gl-ap1300',
 	}) then
 		return true
 	elseif M.match('ramips', 'mt7621', {
 		'wavlink,ws-wn572hp3-4g',
 	}) then
 		return true
 	end
 	return false
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
David Bauer	db2f6da9fb	gluon-usteer: add package Signed-off-by: David Bauer <mail@david-bauer.net>	2022-03-30 23:35:16 +02:00
David Bauer	d01280af13	Revert "generic: use testing kernel if possible" This reverts commit ab24407f05d3745c6dcb6bb1b4b9cde0a99ab417.	2022-03-30 22:57:54 +02:00
David Bauer	2dae9268bf	mpc85xx-p1010: flag WDR4900 as broken	2022-03-30 22:57:54 +02:00
David Bauer	6749d7f658	ramips-mt7621: add support for Tenbay T-MB5EU-V01	2022-03-30 22:57:54 +02:00
David Bauer	ab6aad45e0	bcm27xx-bcm2711: add RaspberryPi 4B	2022-03-30 22:57:54 +02:00
David Bauer	a7885dc24b	generic: remove firewall4	2022-03-30 22:57:54 +02:00
David Bauer	e3dc63da57	target: remove jool workaround	2022-03-30 22:57:54 +02:00
David Bauer	193eba9561	treewide: replace ip6tables with ip6tables-legacy	2022-03-30 22:57:54 +02:00
David Bauer	3384c6f1d8	actions: update ci	2022-03-30 22:57:54 +02:00
David Bauer	4f7755c4db	generic: use testing kernel if possible	2022-03-30 22:57:54 +02:00
David Bauer	d7e3db7e8e	gluon-core: don't rewrite distfeeds for next Don't rewrite the OpenWrt distfeeds, as the current way of formatting the URLs results in invalid URLs, as the path for snapshot packages differs from release packages. This is a hack and should be re-implemented properly in the future.	2022-03-30 22:57:54 +02:00
David Bauer	ca541f70c3	modules: switch to OpenWrt master	2022-03-30 22:57:54 +02:00
`@ -1,4 +1,4 @@`
	`# Docs: <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates>`	`# Docs: <https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates>`

	`version: 2`	`version: 2`
`@ -1 +1 @@`
	`sphinx-rtd-theme==1.2.0`	`sphinx-rtd-theme==1.0.0`