Initial web management interface

board/common/rootfs/etc/default/webui

@@ -0,0 +1,5 @@
+RESTCONF_URL=https://127.0.0.1/restconf
+INSECURE_TLS=1
+# Spool firmware uploads (and any other temp files) to the eMMC-backed /var/tmp
+# instead of the RAM-backed /tmp — a 160 MB .pkg upload otherwise OOM-kills us.
+TMPDIR=/var/tmp

board/common/rootfs/etc/nginx/app/restconf.conf

@@ -0,0 +1 @@
+../restconf.app

board/common/rootfs/etc/nginx/restconf-access.conf

@@ -0,0 +1,3 @@
+allow 127.0.0.1;
+allow ::1;
+deny all;

board/common/rootfs/etc/nginx/restconf.app

@@ -1,5 +1,6 @@
 # /telemetry/optics is for streaming (not used atm)
 location ~ ^/(restconf|yang|.well-known)/ {
+    include /etc/nginx/restconf-access.conf;
     grpc_pass grpc://[::1]:10080;
     grpc_set_header Host $host;
     grpc_set_header X-Real-IP $remote_addr;

configs/aarch64_defconfig

@@ -175,7 +175,6 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
-BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y
@@ -187,6 +186,8 @@ BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER=y
 BR2_PACKAGE_PODMAN_DRIVER_VFS=y
 BR2_PACKAGE_TETRIS=y
 BR2_PACKAGE_ROUSETTE=y
+# BR2_PACKAGE_LANDING is not set
+BR2_PACKAGE_WEBUI=y
 BR2_PACKAGE_RAUC_INSTALLATION_STATUS=y
 BR2_PACKAGE_HOST_PYTHON_YANGDOC=y
 BR2_PACKAGE_PCIUTILS=y

configs/aarch64_minimal_defconfig

@@ -144,6 +144,7 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
+BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y

configs/arm_defconfig

@@ -162,14 +162,15 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
-BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y
 BR2_PACKAGE_NETBROWSE=y
 BR2_PACKAGE_ONIEPROM=y
 BR2_PACKAGE_TETRIS=y
 BR2_PACKAGE_ROUSETTE=y
+# BR2_PACKAGE_LANDING is not set
+BR2_PACKAGE_WEBUI=y
 BR2_PACKAGE_RAUC_INSTALLATION_STATUS=y
 BR2_PACKAGE_HOST_PYTHON_YANGDOC=y
 IMAGE_ITB_AUX=y

configs/arm_minimal_defconfig

@@ -142,6 +142,7 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
+BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y

configs/riscv64_defconfig

@@ -194,7 +194,6 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
-BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y
@@ -206,6 +205,8 @@ BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER=y
 BR2_PACKAGE_PODMAN_DRIVER_VFS=y
 BR2_PACKAGE_TETRIS=y
 BR2_PACKAGE_ROUSETTE=y
+# BR2_PACKAGE_LANDING is not set
+BR2_PACKAGE_WEBUI=y
 BR2_PACKAGE_RAUC_INSTALLATION_STATUS=y
 BR2_PACKAGE_HOST_PYTHON_YANGDOC=y
 BR2_PACKAGE_PCIUTILS=y

configs/x86_64_defconfig

@@ -169,7 +169,6 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
-BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y
@@ -181,6 +180,8 @@ BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER=y
 BR2_PACKAGE_PODMAN_DRIVER_VFS=y
 BR2_PACKAGE_TETRIS=y
 BR2_PACKAGE_ROUSETTE=y
+# BR2_PACKAGE_LANDING is not set
+BR2_PACKAGE_WEBUI=y
 BR2_PACKAGE_RAUC_INSTALLATION_STATUS=y
 BR2_PACKAGE_HOST_PYTHON_YANGDOC=y
 BR2_PACKAGE_PCIUTILS=y

configs/x86_64_minimal_defconfig

@@ -141,6 +141,7 @@ BR2_PACKAGE_FIREWALL=y
 BR2_PACKAGE_IITO=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
+BR2_PACKAGE_LANDING=y
 BR2_PACKAGE_LOWDOWN=y
 BR2_PACKAGE_MCD=y
 BR2_PACKAGE_MDNS_ALIAS=y

doc/ChangeLog.md

@@ -4,10 +4,13 @@ Change Log
 All notable changes to the project are documented in this file.
 
 [v26.06.0][UNRELEASED]
---------------
+-------------------------
 
 ### Changes
 
+- Initial WebUI: static status pages and a tree view of operational status.
+  Curated configuration pages for a some tasks and a tree view for the rest.
+  Also includes a maintenance section for firmware upgrade and more
 - Add Wi-Fi roaming for fast, seamless handoff between access points that
   share an SSID: 802.11k, 802.11v and 802.11r (over-the-air FT).  See the
   [Wi-Fi][wifi] guide for details
@@ -18,6 +21,12 @@ All notable changes to the project are documented in this file.
 - Add `legacy-rates` option to re-enable 802.11b rates on 2.4 GHz for
   old IoT devices (disabled by default)
 
+### Fixes
+
+- Enabling IP masquerading in the firewall no longer enables IP forwarding on
+  all interfaces.  This has been an issue ever since the firewall support was
+  introduced in v25.10.0
+
 [wifi]: wifi.md
 
 [v26.05.0][] - 2026-05-29
@@ -2153,6 +2162,7 @@ Supported YANG models in addition to those used by sysrepo and netopeer:
 
 [buildroot]:  https://buildroot.org/
 [UNRELEASED]: https://github.com/kernelkit/infix/compare/v26.05.0...HEAD
+[v26.06.0]:   https://github.com/kernelkit/infix/compare/v26.05.0...v26.06.0
 [v26.05.0]:   https://github.com/kernelkit/infix/compare/v26.04.0...v26.05.0
 [v26.04.0]:   https://github.com/kernelkit/infix/compare/v26.03.0...v26.04.0
 [v26.03.0]:   https://github.com/kernelkit/infix/compare/v26.02.0...v26.03.0

package/Config.in

@@ -42,6 +42,7 @@ source "$BR2_EXTERNAL_INFIX_PATH/package/tetris/Config.in"
 source "$BR2_EXTERNAL_INFIX_PATH/package/libyang-cpp/Config.in"
 source "$BR2_EXTERNAL_INFIX_PATH/package/sysrepo-cpp/Config.in"
 source "$BR2_EXTERNAL_INFIX_PATH/package/rousette/Config.in"
+source "$BR2_EXTERNAL_INFIX_PATH/package/webui/Config.in"
 source "$BR2_EXTERNAL_INFIX_PATH/package/nghttp2-asio/Config.in"
 source "$BR2_EXTERNAL_INFIX_PATH/package/date-cpp/Config.in"
 source "$BR2_EXTERNAL_INFIX_PATH/package/rauc-installation-status/Config.in"

package/landing/landing.mk

@@ -14,6 +14,8 @@ define LANDING_INSTALL_TARGET_CMDS
         mkdir -p $(TARGET_DIR)/usr/html/
 	cp $(@D)/*.html $(TARGET_DIR)/usr/html/
 	cp $(@D)/*.png  $(TARGET_DIR)/usr/html/
+	$(INSTALL) -D -m 0644 $(LANDING_PKGDIR)/default.conf \
+		$(TARGET_DIR)/etc/nginx/available/default.conf
 endef
 
 $(eval $(generic-package))

package/webui/50x.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Loading…</title>
+<meta charset="utf-8">
+<meta http-equiv="refresh" content="3">
+<style>
+  html { color-scheme: light dark; font-family: Tahoma, Verdana, Arial, sans-serif; }
+  body { max-width: 32em; margin: 4em auto; text-align: center; }
+  h1 { font-weight: 500; margin-bottom: 0.5em; }
+  p { color: #888; margin: 0.5em 0; }
+  .spinner {
+    display: inline-block;
+    width: 1.5em;
+    height: 1.5em;
+    margin-top: 1em;
+    border: 3px solid currentColor;
+    border-top-color: transparent;
+    border-radius: 50%;
+    animation: rot 1s linear infinite;
+  }
+  @keyframes rot { to { transform: rotate(360deg); } }
+</style>
+</head>
+<body>
+<h1>Loading…</h1>
+<p>The device is finishing its startup. This page refreshes automatically.</p>
+<p><span class="spinner" aria-hidden="true"></span></p>
+</body>
+</html>

package/webui/Config.in

@@ -0,0 +1,9 @@
+config BR2_PACKAGE_WEBUI
+	bool "webui"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_ROUSETTE
+	depends on !BR2_PACKAGE_LANDING
+	help
+	  Web management interface for Infix, a Go+HTMX application
+	  that provides browser-based configuration and monitoring
+	  via RESTCONF.

package/webui/default.conf

@@ -0,0 +1,24 @@
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  _;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen       443 ssl;
+    listen       [::]:443 ssl;
+    server_name  _;
+    include      ssl.conf;
+
+    # 404 also points at /50x.html: the page is a "Loading…" screen
+    # with a meta-refresh, so the early-boot window where the Go
+    # backend isn't up yet (and any other transient 404 / 5xx) self-
+    # recovers as soon as upstream comes back.
+    error_page   404 500 502 503 504  /50x.html;
+    location = /50x.html {
+	root   html;
+    }
+
+    include /etc/nginx/app/*.conf;
+}

package/webui/webui-proxy.conf

@@ -0,0 +1,12 @@
+# Shared proxy-pass shape for the webui upstream. Included from every
+# location in webui.conf that forwards to the Go app so we don't have to
+# restate the header block when nested locations declare their own
+# proxy_* directives (which suppresses inheritance from the outer block).
+
+proxy_pass         http://127.0.0.1:10000;
+proxy_http_version 1.1;
+proxy_set_header   Host $host;
+proxy_set_header   X-Real-IP $remote_addr;
+proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header   X-Forwarded-Proto $scheme;
+proxy_redirect     off;

package/webui/webui.conf

@@ -0,0 +1,39 @@
+# 256 MiB covers current and near-future firmware images (the aarch64
+# .pkg is ~160 MiB today) without setting an alarming body-size cap on
+# devices that may only have 512 MiB of RAM. nginx is the single source
+# of truth for the upload ceiling.
+#
+# Set at server scope (top of file) rather than once on an outer
+# `location /` with a nested inner location: nginx inheritance of
+# client_max_body_size into a nested location that declares its own
+# `proxy_pass` block has bitten us before, silently falling back to
+# the http-level default of 1m and rejecting 160 MiB firmware uploads
+# with 413.
+client_max_body_size 256m;
+
+location / {
+    include /etc/nginx/webui-proxy.conf;
+}
+
+location = /firmware/upload {
+    # Body is buffered by nginx (to /var/cache/nginx/client-body, ext4
+    # on eMMC, with 16 KB RAM cap before spill) before forwarding to
+    # Go. The extra disk pass on a 160 MiB upload is ~30s on eMMC; in
+    # exchange Go gets a complete, well-formed request with a known
+    # Content-Length. The previous setup used `proxy_request_buffering
+    # off` to stream the body straight through and avoid the double
+    # write, but that raced the response write with the body forward:
+    # net/http EOFs the body reader at Content-Length, then closes the
+    # socket, but with streaming the multipart trailer can still be in
+    # the kernel receive buffer, so close() sends RST instead of FIN
+    # and nginx serves /50x.html to the client.
+    proxy_read_timeout 600s;
+    include /etc/nginx/webui-proxy.conf;
+}
+
+# Liveness probe served by nginx itself — no upstream call, no log line.
+# Used by the watchdog div in base.html and the reboot-overlay poller.
+location = /device-status {
+    access_log off;
+    return 204;
+}

package/webui/webui.mk

@@ -0,0 +1,29 @@
+################################################################################
+#
+# webui
+#
+################################################################################
+
+WEBUI_VERSION = 1.0
+WEBUI_SITE_METHOD = local
+WEBUI_SITE = $(BR2_EXTERNAL_INFIX_PATH)/src/webui
+WEBUI_GOMOD = github.com/kernelkit/webui
+WEBUI_LICENSE = MIT
+WEBUI_LICENSE_FILES = LICENSE
+WEBUI_REDISTRIBUTE = NO
+
+define WEBUI_INSTALL_EXTRA
+	$(INSTALL) -D -m 0644 $(WEBUI_PKGDIR)/webui.svc \
+		$(FINIT_D)/available/webui.conf
+	$(INSTALL) -D -m 0644 $(WEBUI_PKGDIR)/webui.conf \
+		$(TARGET_DIR)/etc/nginx/app/webui.conf
+	$(INSTALL) -D -m 0644 $(WEBUI_PKGDIR)/webui-proxy.conf \
+		$(TARGET_DIR)/etc/nginx/webui-proxy.conf
+	$(INSTALL) -D -m 0644 $(WEBUI_PKGDIR)/default.conf \
+		$(TARGET_DIR)/etc/nginx/available/default.conf
+	$(INSTALL) -D -m 0644 $(WEBUI_PKGDIR)/50x.html \
+		$(TARGET_DIR)/usr/html/50x.html
+endef
+WEBUI_POST_INSTALL_TARGET_HOOKS += WEBUI_INSTALL_EXTRA
+
+$(eval $(golang-package))

package/webui/webui.svc

@@ -0,0 +1,3 @@
+service <!> name:webui log:prio:daemon.info,tag:webui \
+	[2345] env:-/etc/default/webui webui -listen 127.0.0.1:10000 \
+	-- Web management interface

src/confd/src/services.c

@@ -557,7 +557,20 @@ static int restconf_change(sr_session_ctx_t *session, struct lyd_node *config, s
 
 	ena = lydx_is_enabled(srv, "enabled") &&
 	      lydx_is_enabled(lydx_get_xpathf(config, WEB_XPATH), "enabled");
-	svc_enable(ena, restconf, "restconf");
+
+	/*
+	 * restconf.app is permanently installed in nginx/app/ so rousette is
+	 * always reachable from loopback (required by the WebUI).  When external
+	 * RESTCONF access is disabled we tighten the location to loopback-only
+	 * by writing the appropriate allow/deny rules into the include file.
+	 */
+	FILE *fp = fopen("/etc/nginx/restconf-access.conf", "w");
+	if (fp) {
+		if (!ena)
+			fputs("allow 127.0.0.1;\nallow ::1;\ndeny all;\n", fp);
+		fclose(fp);
+	}
+	mdns_records(ena ? MDNS_ADD : MDNS_DELETE, restconf);
 	finit_reload("nginx");
 
 	return put(cfg);
@@ -703,13 +716,16 @@ static int web_change(sr_session_ctx_t *session, struct lyd_node *config, struct
 
 	/* Web master on/off: propagate to nginx and all sub-services */
 	if (lydx_get_xpathf(diff, WEB_XPATH "/enabled")) {
+		int rc_ena = ena && lydx_is_enabled(lydx_get_xpathf(config, WEB_RESTCONF_XPATH), "enabled");
 		int nb_ena = ena && lydx_is_enabled(lydx_get_xpathf(config, WEB_NETBROWSE_XPATH), "enabled");
 
 		svc_enable(ena && lydx_is_enabled(lydx_get_xpathf(config, WEB_CONSOLE_XPATH), "enabled"),
 			   ttyd, "ttyd");
 		svc_enable(nb_ena, netbrowse, "netbrowse");
-		svc_enable(ena && lydx_is_enabled(lydx_get_xpathf(config, WEB_RESTCONF_XPATH), "enabled"),
-			   restconf, "restconf");
+		/* Rousette follows web/enabled; external access is gated separately via restconf/enabled */
+		ena ? finit_enable("restconf") : finit_disable("restconf");
+		ena ? finit_enable("webui") : finit_disable("webui");
+		mdns_records(rc_ena ? MDNS_ADD : MDNS_DELETE, restconf);
 		svc_enable(ena, web, "nginx");
 		mdns_alias_conf(nb_ena);
 		finit_reload("mdns-alias");

src/rauc-installation-status/rauc-installation-status.c

@@ -47,10 +47,10 @@ int main(int argc, char **argv)
 		json_object_set_new(json, "last-error", json_string(strval));
 	props = rauc_installer_get_progress(rauc);
 	if(props) {
-		GVariant *val;
+		gint32 pct;
 		progress = json_object();
-		g_variant_get(props, "(@isi)", &val, &strval, NULL);
-		json_object_set_new(progress, "percentage",  json_string(g_variant_print(val, FALSE)));
+		g_variant_get(props, "(isi)", &pct, &strval, NULL);
+		json_object_set_new(progress, "percentage", json_integer(pct));
 		json_object_set_new(progress, "message", json_string(strval));
 		json_object_set_new(json, "progress", progress);
 	}

src/statd/python/yanger/ietf_system.py

@@ -257,9 +257,16 @@ def add_software(out):
     insert(out, "infix-system:software", software)
 
 def add_hostname(out):
-    hostname =  HOST.run(tuple(["hostname"]))
+    hostname = HOST.run(tuple(["hostname"]))
     out["hostname"] = hostname.strip()
 
+def add_contact_location(out):
+    for name in ("contact", "location"):
+        data = HOST.run_json(("copy", "running", "-x", f"/system/{name}"), {})
+        val = data.get("ietf-system:system", {}).get(name)
+        if val:
+            out[name] = val
+
 def add_timezone(out):
     path = HOST.run(tuple("realpath /etc/localtime".split()), "")
     timezone = None
@@ -448,6 +455,7 @@ def operational():
     out_state = out["ietf-system:system-state"]
     out_system = out["ietf-system:system"]
     add_hostname(out_system)
+    add_contact_location(out_system)
     add_users(out_system)
     add_timezone(out_system)
     add_software(out_state)