From 1aac11e6b39dbc562a6beca9d75f23790ad5a6f1 Mon Sep 17 00:00:00 2001
From: MickLesk <mickey.leskowitz@gmail.com>
Date: Thu, 2 Apr 2026 21:21:59 +0200
Subject: [PATCH] fix(openthread-br): set privileged mode, don't auto-start
 services

---
 ct/openthread-br.sh              |  2 +-
 install/openthread-br-install.sh |  4 +++-
 json/openthread-br.json          | 10 +++-------
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/ct/openthread-br.sh b/ct/openthread-br.sh
index 64e76a5a..273e3fb0 100644
--- a/ct/openthread-br.sh
+++ b/ct/openthread-br.sh
@@ -13,7 +13,7 @@ var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
+var_unprivileged="${var_unprivileged:-0}"
 
 header_info "$APP"
 variables
diff --git a/install/openthread-br-install.sh b/install/openthread-br-install.sh
index b9e4e362..9c4f69af 100644
--- a/install/openthread-br-install.sh
+++ b/install/openthread-br-install.sh
@@ -73,9 +73,11 @@ msg_ok "Configured Network"
 
 msg_info "Configuring Services"
 cat <<EOF >/etc/default/otbr-agent
+# USB example:   spinel+hdlc+uart:///dev/ttyACM0
+# TCP example:   spinel+hdlc+uart://192.168.1.100:9999
 OTBR_AGENT_OPTS="-I wpan0 -B eth0 spinel+hdlc+uart:///dev/ttyACM0"
 EOF
-systemctl enable -q --now otbr-agent otbr-web
+systemctl enable -q otbr-agent otbr-web
 msg_ok "Configured Services"
 
 motd_ssh
diff --git a/json/openthread-br.json b/json/openthread-br.json
index cec5bf43..73569a0f 100644
--- a/json/openthread-br.json
+++ b/json/openthread-br.json
@@ -7,7 +7,7 @@
     "date_created": "2026-03-30",
     "type": "ct",
     "updateable": true,
-    "privileged": false,
+    "privileged": true,
     "interface_port": 80,
     "documentation": "https://openthread.io/guides/border-router",
     "website": "https://openthread.io/",
@@ -33,15 +33,11 @@
     },
     "notes": [
         {
-            "text": "Requires a Thread Radio Co-Processor (RCP) USB device passed through to the LXC container (e.g. /dev/ttyACM0). Edit /etc/default/otbr-agent to configure the RCP device path.",
+            "text": "Requires a Thread Radio Co-Processor (RCP) device. USB: pass through to LXC (e.g. /dev/ttyACM0). TCP: use `spinel+hdlc+uart://IP:PORT` format.",
             "type": "warning"
         },
         {
-            "text": "This container runs in privileged mode for network administration (iptables, ipset, tun device access).",
-            "type": "info"
-        },
-        {
-            "text": "Services are not started automatically on first boot. Connect your RCP device, configure /etc/default/otbr-agent, then run: systemctl start otbr-agent && systemctl start otbr-web",
+            "text": "Services are enabled but not started at install. Configure `/etc/default/otbr-agent` with your RCP device, then run: `systemctl start otbr-agent && systemctl start otbr-web`",
             "type": "info"
         }
     ]