update luci app zerotier to enable auto NAT

package/lean/luci-app-zerotier/Makefile

@@ -10,7 +10,7 @@ LUCI_TITLE:=LuCI for Zerotier
 LUCI_DEPENDS:=+zerotier
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=3
+PKG_RELEASE:=9
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lean/luci-app-zerotier/luasrc/controller/zerotier.lua

@@ -5,8 +5,9 @@ function index()
 return
 end
 
-entry({"admin","services","zerotier"},cbi("zerotier"),_("ZeroTier"),90).dependent=true
-entry({"admin","services","zerotier","status"},call("act_status")).leaf=true
+entry({"admin","vpn"}, firstchild(), "VPN", 45).dependent = false
+entry({"admin","vpn","zerotier"},cbi("zerotier"),_("ZeroTier"),90).dependent=true
+entry({"admin","vpn","zerotier","status"},call("act_status")).leaf=true
 end
 
 function act_status()

package/lean/luci-app-zerotier/luasrc/model/cbi/zerotier.lua

@@ -2,31 +2,29 @@ local e=require"nixio.fs"
 local e=luci.http
 local o=require"luci.model.network".init()
 local a,t,e,b
-a=Map("zerotier",translate("ZeroTier"),translate("ZeroTier 是一款可以创建P2P虚拟局域网的开源软件。"))
+
+a=Map("zerotier",translate("ZeroTier"),translate("Zerotier is an open source, cross-platform and easy to use virtual LAN"))
 a:section(SimpleSection).template  = "zerotier/zerotier_status"
-t=a:section(NamedSection,"sample_config","zerotier",translate("全局设置"))
+
+t=a:section(NamedSection,"sample_config","zerotier")
 t.anonymous=true
 t.addremove=false
-e=t:option(Flag,"enabled",translate("启用"))
+
+e=t:option(Flag,"enabled",translate("Enable"))
 e.default=0
 e.rmempty=false
-e=t:option(ListValue,"interface",translate("接口"))
-for b,t in ipairs(o:get_networks())do
-if t:name()~="loopback" then e:value(t:name())end
-end
--- e=t:option(Value,"start_delay",translate("延时启动"),translate("Units:seconds"))
--- e.datatype="uinteger"
--- e.default="0"
--- e.rmempty=true
-e=t:option(DynamicList,"join",translate('ZeroTier 网络 ID'))
+
+e=t:option(DynamicList,"join",translate('ZeroTier Network ID'))
 e.password=true
 e.rmempty=false
-if nixio.fs.access("/etc/config/zerotier")then
-e=t:option(Button,"Configuration",translate("网络配置管理"))
-e.inputtitle=translate("打开网站")
-e.inputstyle="reload"
-e.write=function()
-luci.http.redirect("https://my.zerotier.com/")
-end
-end
+
+e=t:option(Flag,"nat",translate("Auto NAT Clients"))
+e.default=0
+e.rmempty=false
+e.description = translate("Allow zerotier clients access your LAN network")
+
+e=t:option(DummyValue,"opennewwindow" , 
+	translate("<input type=\"button\" class=\"cbi-button cbi-button-apply\" value=\"Zerotier.com\" onclick=\"window.open('https://my.zerotier.com/network')\" />"))
+e.description = translate("Create or manage your zerotier network, and auth clients who could access")
+
 return a

package/lean/luci-app-zerotier/luasrc/view/zerotier/zerotier_status.htm

@@ -1,13 +1,13 @@
 <script type="text/javascript">//<![CDATA[
-XHR.poll(3, '<%=url([[admin]], [[services]], [[zerotier]], [[status]])%>', null,
+XHR.poll(3, '<%=url([[admin]], [[vpn]], [[zerotier]], [[status]])%>', null,
 	function(x, data) {
 		var tb = document.getElementById('zerotier_status');
 		if (data && tb) {
 			if (data.running) {
-				var links = '<em><b><font color=green><%:RUNNING%></font></b></em>';
+				var links = '<em><b><font color=green>Zerotier <%:RUNNING%></font></b></em>';
 				tb.innerHTML = links;
 			} else {
-				tb.innerHTML = '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
+				tb.innerHTML = '<em><b><font color=red>Zerotier <%:NOT RUNNING%></font></b></em>';
 			}
 		}
 	}
@@ -16,7 +16,6 @@ XHR.poll(3, '<%=url([[admin]], [[services]], [[zerotier]], [[status]])%>', null,
 </script>
 <style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
 <fieldset class="cbi-section">
-	<legend><%:Running Status%></legend>
 	<p id="zerotier_status">
 		<em><%:Collecting data...%></em>
 	</p>

package/lean/luci-app-zerotier/po/zh-cn/zerotier.po

@@ -0,0 +1,11 @@
+msgid "Zerotier is an open source, cross-platform and easy to use virtual LAN"
+msgstr "Zerotier是一个开源，跨平台，而且适合内网穿透互联的傻瓜配置虚拟 VPN LAN"
+
+msgid "Auto NAT Clients"
+msgstr "自动允许客户端NAT"
+
+msgid "Allow zerotier clients access your LAN network"
+msgstr "允许Zerotier的拨入客户端访问LAN局域网"
+
+msgid "Create or manage your zerotier network, and auth clients who could access"
+msgstr "点击跳转到Zerotier官网管理平台，新建或者管理网络，并允许客户端接入访问你私人网路（新接入的节点默认不允许访问）"

package/lean/luci-app-zerotier/root/etc/init.d/zerotier

@@ -0,0 +1,99 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+
+USE_PROCD=1
+
+PROG=/usr/bin/zerotier-one
+CONFIG_PATH=/var/lib/zerotier-one
+
+section_enabled() {
+	config_get_bool enabled "$1" 'enabled' 0
+	[ $enabled -gt 0 ]
+}
+
+start_instance() {
+	local cfg="$1"
+	local port secret config_path
+	local ARGS=""
+
+	if ! section_enabled "$cfg"; then
+		echo "disabled in config"
+		return 1
+	fi
+
+	config_get config_path $cfg 'config_path'
+	config_get_bool port $cfg 'port'
+	config_get secret $cfg 'secret'
+
+	# Remove existing link or folder
+	rm -rf $CONFIG_PATH
+
+	# Create link from CONFIG_PATH to config_path
+	if [ -n "$config_path" -a "$config_path" != $CONFIG_PATH ]; then
+		if [ ! -d "$config_path" ]; then
+			echo "ZeroTier config_path does not exist: $config_path"
+			return
+		fi
+
+		ln -s $config_path $CONFIG_PATH
+	fi
+
+	mkdir -p $CONFIG_PATH/networks.d
+
+	if [ -n "$port" ]; then
+		ARGS="$ARGS -p$port"
+	fi
+
+	if [ "$secret" = "generate" ]; then
+		echo "Generate secret - please wait..."
+		local sf="/tmp/zt.$cfg.secret"
+
+		zerotier-idtool generate "$sf" > /dev/null
+		[ $? -ne 0 ] && return 1
+
+		secret="$(cat $sf)"
+		rm "$sf"
+
+		uci set zerotier.$cfg.secret="$secret"
+		uci commit zerotier
+	fi
+
+	if [ -n "$secret" ]; then
+		echo "$secret" > $CONFIG_PATH/identity.secret
+		# make sure there is not previous identity.public
+		rm -f $CONFIG_PATH/identity.public
+	fi
+
+	add_join() {
+		# an (empty) config file will cause ZT to join a network
+		touch $CONFIG_PATH/networks.d/$1.conf
+	}
+
+	config_list_foreach $cfg 'join' add_join
+
+	procd_open_instance
+	procd_set_param command $PROG $ARGS $CONFIG_PATH
+	procd_set_param stderr 1
+	procd_close_instance
+}
+
+start_service() {
+	config_load 'zerotier'
+	config_foreach start_instance 'zerotier'
+	nohup /etc/zerotier.start >> /tmp/zero.log 2>&1 &
+}
+
+stop_instance() {
+  nohup /etc/zerotier.stop > /tmp/zero.log 2>&1 &
+	local cfg="$1"
+
+	# Remove existing link or folder
+	rm -rf $CONFIG_PATH
+}
+
+stop_service() {
+	config_load 'zerotier'
+	config_foreach stop_instance 'zerotier'
+}
+

package/lean/luci-app-zerotier/root/etc/uci-defaults/40_luci-zerotier

@@ -5,6 +5,12 @@ uci -q batch <<-EOF >/dev/null
 	add ucitrack zerotier
 	set ucitrack.@zerotier[-1].init=zerotier
 	commit ucitrack
+  delete firewall.zerotier
+	set firewall.zerotier=include
+	set firewall.zerotier.type=script
+	set firewall.zerotier.path=/etc/zerotier.start
+	set firewall.zerotier.reload=1
+	commit firewall
 EOF
 
 rm -f /tmp/luci-indexcache

package/lean/luci-app-zerotier/root/etc/zerotier.start

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+zero_enable=$(uci get zerotier.sample_config.enabled)
+
+if [ $zero_enable -eq 1 ]; then
+
+while [ "$(ifconfig | grep zt | awk '{print $1}')" = "" ]  
+do 
+   echo "zt interface not started yet, try build rules after 5s"
+   sleep 5
+done
+
+nat_enable=$(uci get zerotier.sample_config.nat)
+zt0=$(ifconfig | grep zt | awk '{print $1}')
+echo "zt interface $zt0 is started!"
+echo $zt0 > /tmp/zt.nif
+iptables -D FORWARD -i $zt0 -j ACCEPT 2>/dev/null
+iptables -D FORWARD -o $zt0 -j ACCEPT 2>/dev/null
+iptables -t nat -D POSTROUTING -o $zt0 -j MASQUERADE 2>/dev/null
+if [ $nat_enable -eq 1 ]; then
+  iptables -I FORWARD -i $zt0 -j ACCEPT
+  iptables -I FORWARD -o $zt0 -j ACCEPT
+  iptables -t nat -I POSTROUTING -o $zt0 -j MASQUERADE
+fi
+
+fi
+
+

package/lean/luci-app-zerotier/root/etc/zerotier.stop

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+zt0=$(ifconfig | grep zt | awk '{print $1}')
+if [ "$zt0" = "" ]; then
+  zt0=$(cat /tmp/cat /tmp/zt.nif)
+fi
+echo "zt interface $zt0 is stopped!"
+iptables -D FORWARD -i $zt0 -j ACCEPT 2>/dev/null
+iptables -D FORWARD -o $zt0 -j ACCEPT 2>/dev/null
+iptables -t nat -D POSTROUTING -o $zt0 -j MASQUERADE 2>/dev/null