From 4858dae113d17fcb51ce1b40fa45f440a40afc33 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 30 Mar 2026 11:27:31 +0200
Subject: [PATCH] Add OpenThread Border Router (OTBR) script

- Build from source via git clone + cmake/ninja
- Privileged container for network admin (iptables/ipset/tun)
- Web GUI on port 80, REST API, mDNS service discovery
- Configurable RCP device path in /etc/default/otbr-agent
- Git-based update with shallow fetch + rebuild
---
 ct/openthread-br.sh              | 86 ++++++++++++++++++++++++++++++++
 install/openthread-br-install.sh | 83 ++++++++++++++++++++++++++++++
 json/openthread-br.json          | 48 ++++++++++++++++++
 3 files changed, 217 insertions(+)
 create mode 100644 ct/openthread-br.sh
 create mode 100644 install/openthread-br-install.sh
 create mode 100644 json/openthread-br.json

diff --git a/ct/openthread-br.sh b/ct/openthread-br.sh
new file mode 100644
index 00000000..92568ecc
--- /dev/null
+++ b/ct/openthread-br.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://openthread.io/guides/border-router
+
+APP="OpenThread Border Router"
+var_tags="${var_tags:-thread;iot;border-router;matter}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-0}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/ot-br-posix ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  cd /opt/ot-br-posix
+  LOCAL_COMMIT=$(git rev-parse HEAD)
+  $STD git fetch --depth 1 origin main
+  REMOTE_COMMIT=$(git rev-parse origin/main)
+
+  if [[ "${LOCAL_COMMIT}" == "${REMOTE_COMMIT}" ]]; then
+    msg_ok "Already up to date (${LOCAL_COMMIT:0:7})"
+    exit
+  fi
+
+  msg_info "Stopping Services"
+  systemctl stop otbr-web
+  systemctl stop otbr-agent
+  msg_ok "Stopped Services"
+
+  msg_info "Updating Source"
+  $STD git reset --hard origin/main
+  $STD git submodule update --depth 1 --init --recursive
+  msg_ok "Updated Source"
+
+  msg_info "Rebuilding OpenThread Border Router (Patience)"
+  cd /opt/ot-br-posix/build
+  $STD cmake -GNinja \
+    -DBUILD_TESTING=OFF \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DOTBR_DBUS=ON \
+    -DOTBR_MDNS=openthread \
+    -DOTBR_REST=ON \
+    -DOTBR_WEB=ON \
+    -DOTBR_BORDER_ROUTING=ON \
+    -DOTBR_BACKBONE_ROUTER=ON \
+    -DOT_FIREWALL=ON \
+    -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
+    ..
+  $STD ninja
+  $STD ninja install
+  msg_ok "Rebuilt OpenThread Border Router"
+
+  msg_info "Starting Services"
+  systemctl start otbr-agent
+  systemctl start otbr-web
+  msg_ok "Started Services"
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
diff --git a/install/openthread-br-install.sh b/install/openthread-br-install.sh
new file mode 100644
index 00000000..50f101ea
--- /dev/null
+++ b/install/openthread-br-install.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://openthread.io/guides/border-router
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  cmake \
+  ninja-build \
+  pkg-config \
+  git \
+  iproute2 \
+  libreadline-dev \
+  libncurses-dev \
+  rsyslog \
+  dbus \
+  libdbus-1-dev \
+  libjsoncpp-dev \
+  iptables \
+  ipset \
+  bind9 \
+  libnetfilter-queue1 \
+  libnetfilter-queue-dev \
+  libprotobuf-dev \
+  protobuf-compiler
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="20" setup_nodejs
+
+msg_info "Cloning OpenThread Border Router"
+$STD git clone --depth 1 https://github.com/openthread/ot-br-posix /opt/ot-br-posix
+cd /opt/ot-br-posix
+$STD git submodule update --depth 1 --init --recursive
+msg_ok "Cloned OpenThread Border Router"
+
+msg_info "Building OpenThread Border Router (Patience)"
+mkdir -p build && cd build
+$STD cmake -GNinja \
+  -DBUILD_TESTING=OFF \
+  -DCMAKE_INSTALL_PREFIX=/usr \
+  -DOTBR_DBUS=ON \
+  -DOTBR_MDNS=openthread \
+  -DOTBR_REST=ON \
+  -DOTBR_WEB=ON \
+  -DOTBR_BORDER_ROUTING=ON \
+  -DOTBR_BACKBONE_ROUTER=ON \
+  -DOT_FIREWALL=ON \
+  -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
+  ..
+$STD ninja
+$STD ninja install
+msg_ok "Built OpenThread Border Router"
+
+msg_info "Configuring Network"
+cat <<EOF >/etc/sysctl.d/99-otbr.conf
+net.ipv6.conf.all.forwarding=1
+net.ipv4.ip_forward=1
+EOF
+$STD sysctl -p /etc/sysctl.d/99-otbr.conf
+msg_ok "Configured Network"
+
+msg_info "Configuring Services"
+cat <<EOF >/etc/default/otbr-agent
+OTBR_AGENT_OPTS="-I wpan0 -B eth0 spinel+hdlc+uart:///dev/ttyACM0"
+EOF
+systemctl enable -q --now otbr-agent
+systemctl enable -q otbr-web
+msg_ok "Configured Services"
+
+motd_ssh
+customize
+cleanup_lxc
diff --git a/json/openthread-br.json b/json/openthread-br.json
new file mode 100644
index 00000000..5b0c7220
--- /dev/null
+++ b/json/openthread-br.json
@@ -0,0 +1,48 @@
+{
+    "name": "OpenThread Border Router",
+    "slug": "openthread-br",
+    "categories": [
+        17
+    ],
+    "date_created": "2026-03-30",
+    "type": "ct",
+    "updateable": true,
+    "privileged": true,
+    "interface_port": 80,
+    "documentation": "https://openthread.io/guides/border-router",
+    "website": "https://openthread.io/",
+    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openthread.webp",
+    "config_path": "/etc/default/otbr-agent",
+    "description": "OpenThread Border Router (OTBR) connects a Thread network to other IP-based networks such as Wi-Fi or Ethernet, providing bidirectional connectivity, mDNS/SRP service discovery, NAT64, and external Thread commissioning.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/openthread-br.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 2048,
+                "hdd": 4,
+                "os": "Debian",
+                "version": "13"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Requires a Thread Radio Co-Processor (RCP) USB device passed through to the LXC container (e.g. /dev/ttyACM0). Edit /etc/default/otbr-agent to configure the RCP device path.",
+            "type": "warning"
+        },
+        {
+            "text": "This container runs in privileged mode for network administration (iptables, ipset, tun device access).",
+            "type": "info"
+        },
+        {
+            "text": "Services are not started automatically on first boot. Connect your RCP device, configure /etc/default/otbr-agent, then run: systemctl start otbr-agent && systemctl start otbr-web",
+            "type": "info"
+        }
+    ]
+}
\ No newline at end of file