hectorm · August 14, 2019 23:02
diff --git a/dd_wrt_backup.sh b/dd_wrt_backup.sh
 #!/bin/sh

 # Author:     Héctor Molinero Fernández <[email protected]>
 # License:    MIT, https://opensource.org/licenses/MIT
 # Usage:
 #   ssh [email protected] 'sh -s' < dd_wrt_backup.sh > dd_wrt_restore.sh
 #   ssh [email protected] 'sh -s' < dd_wrt_restore.sh

 set -eu
 export LC_ALL=C

 template=$(cat <<-'EOF'
 # Reset
 nvram erase

 # Setup

 ## Basic setup

 ### WAN setup

 #### WAN connection type
 nvram set wan_proto='{{wan_proto}}'
 nvram set wan_ipaddr='{{wan_ipaddr}}'
 nvram set wan_netmask='{{wan_netmask}}'
 nvram set wan_gateway='{{wan_gateway}}'
 nvram set wan_dns='{{wan_dns}}'

 #### Optional settings
 nvram set router_name='{{router_name}}'
 nvram set wan_hostname='{{wan_hostname}}'
 nvram set wan_domain='{{wan_domain}}'
 nvram set mtu_enable='{{mtu_enable}}'
 nvram set wan_mtu='{{wan_mtu}}'
 nvram set sfe='{{sfe}}'
 nvram set lan_stp='{{lan_stp}}'

 ### Network setup

 #### Router IP
 nvram set lan_ipaddr='{{lan_ipaddr}}'
 nvram set lan_netmask='{{lan_netmask}}'
 nvram set lan_gateway='{{lan_gateway}}'
 nvram set sv_localdns='{{sv_localdns}}'

 #### Network address server settings (DHCP)
 nvram set dhcpfwd_enable='{{dhcpfwd_enable}}'
 nvram set lan_proto='{{lan_proto}}'
 nvram set dhcp_start='{{dhcp_start}}'
 nvram set dhcp_num='{{dhcp_num}}'
 nvram set dhcp_lease='{{dhcp_lease}}'
 nvram set wan_wins='{{wan_wins}}'
 nvram set dns_dnsmasq='{{dns_dnsmasq}}'
 nvram set auth_dnsmasq='{{auth_dnsmasq}}'
 nvram set dns_redirect='{{dns_redirect}}'

 #### Time settings
 nvram set ntp_enable='{{ntp_enable}}'
 nvram set time_zone='{{time_zone}}'
 nvram set ntp_server='{{ntp_server}}'

 ## IPv6
 nvram set ipv6_enable='{{ipv6_enable}}'

 # Wireless

 ## Basic settings

 ### Country settings

 #### Regulatory domain
 nvram set wl_regdomain='{{wl_regdomain}}'
 nvram set wl_reg_mode='{{wl_reg_mode}}'
 nvram set wl_tpc_db='{{wl_tpc_db}}'

 ### Wireless physical interface wl0

 #### Physical Interface wl0
 nvram set wl0_mode='{{wl0_mode}}'
 nvram set wl0_net_mode='{{wl0_net_mode}}'
 nvram set wl_ssid='{{wl_ssid}}'
 nvram set wl0_ssid='{{wl0_ssid}}'
 nvram set wl_channel='{{wl_channel}}'
 nvram set wl0_channel='{{wl0_channel}}'
 nvram set wl0_wchannel='{{wl0_wchannel}}'
 nvram set wl0_nbw='{{wl0_nbw}}'
 nvram set wl0_closed='{{wl0_closed}}'
 nvram set wl0_turbo_qam='{{wl0_turbo_qam}}'
 nvram set wl0_txbf='{{wl0_txbf}}'
 nvram set wl0_txbf_imp='{{wl0_txbf_imp}}'
 nvram set wl0_atf='{{wl0_atf}}'
 nvram set eth1_multicast_to_unicast='{{eth1_multicast_to_unicast}}'
 nvram set eth1_bridged='{{eth1_bridged}}'

 ### Wireless physical interface wl1

 #### Physical interface wl1
 nvram set wl1_mode='{{wl1_mode}}'
 nvram set wl1_net_mode='{{wl1_net_mode}}'
 nvram set wl1_ssid='{{wl1_ssid}}'
 nvram set wl1_channel='{{wl1_channel}}'
 nvram set wl1_wchannel='{{wl1_wchannel}}'
 nvram set wl1_nbw='{{wl1_nbw}}'
 nvram set wl1_closed='{{wl1_closed}}'
 nvram set wl1_txbf='{{wl1_txbf}}'
 nvram set wl1_txbf_imp='{{wl1_txbf_imp}}'
 nvram set wl1_atf='{{wl1_atf}}'
 nvram set eth2_multicast_to_unicast='{{eth2_multicast_to_unicast}}'
 nvram set eth2_bridged='{{eth2_bridged}}'

 ## Radius
 nvram set wl_radauth='{{wl_radauth}}'

 ## Wireless security

 ### Wireless security wl0

 #### Physical Interface wl0
 nvram set wl0_authmode='{{wl0_authmode}}'
 nvram set wl0_auth_mode='{{wl0_auth_mode}}'
 nvram set wl0_security_mode='{{wl0_security_mode}}'
 nvram set wl0_akm='{{wl0_akm}}'
 nvram set wl0_crypto='{{wl0_crypto}}'
 nvram set wl0_wpa_psk='{{wl0_wpa_psk}}'
 nvram set wl0_wpa_gtk_rekey='{{wl0_wpa_gtk_rekey}}'
 nvram set wl0_wds0='{{wl0_wds0}}'
 nvram set wl0_wep_buf='{{wl0_wep_buf}}'

 ### Wireless security wl1

 #### Physical Interface wl1
 nvram set wl1_authmode='{{wl1_authmode}}'
 nvram set wl1_auth_mode='{{wl1_auth_mode}}'
 nvram set wl1_security_mode='{{wl1_security_mode}}'
 nvram set wl1_akm='{{wl1_akm}}'
 nvram set wl1_crypto='{{wl1_crypto}}'
 nvram set wl1_wpa_psk='{{wl1_wpa_psk}}'
 nvram set wl1_wpa_gtk_rekey='{{wl1_wpa_gtk_rekey}}'
 nvram set wl1_wds0='{{wl1_wds0}}'
 nvram set wl1_wep_buf='{{wl1_wep_buf}}'

 ## MAC filter

 ### wl0 SSID
 nvram set wl0_macmode='{{wl0_macmode}}'
 nvram set wl0_macmode1='{{wl0_macmode1}}'

 ### wl1 SSID
 nvram set wl1_macmode='{{wl1_macmode}}'
 nvram set wl1_macmode1='{{wl1_macmode1}}'

 # Services

 ## Services

 ### DHCP client
 nvram set dhcpc_vendorclass='{{dhcpc_vendorclass}}'
 nvram set dhcpc_requestip='{{dhcpc_requestip}}'

 ### DHCP server
 nvram set dhcpd_usenvram='{{dhcpd_usenvram}}'
 nvram set dhcp_domain='{{dhcp_domain}}'
 nvram set lan_domain='{{lan_domain}}'
 nvram set dhcpd_options='{{dhcpd_options}}'
 nvram set static_leasenum='{{static_leasenum}}'
 nvram set static_leases='{{static_leases}}'

 ### Dnsmasq
 nvram set dnsmasq_enable='{{dnsmasq_enable}}'
 nvram set dnssec_proxy='{{dnssec_proxy}}'
 nvram set dnssec='{{dnssec}}'
 nvram set dnssec_cu='{{dnssec_cu}}'
 nvram set local_dns='{{local_dns}}'
 nvram set dnsmasq_no_dns_rebind='{{dnsmasq_no_dns_rebind}}'
 nvram set dnsmasq_strict='{{dnsmasq_strict}}'
 nvram set dnsmasq_add_mac='{{dnsmasq_add_mac}}'
 nvram set dnsmasq_rc='{{dnsmasq_rc}}'
 nvram set dnsmasq_cachesize='{{dnsmasq_cachesize}}'
 nvram set dnsmasq_options='{{dnsmasq_options}}'

 ### Hardware monitoring
 nvram set hwmon_temp_max='{{hwmon_temp_max}}'
 nvram set hwmon_temp_hyst='{{hwmon_temp_hyst}}'

 ### Lighttpd
 nvram set lighttpd_enable='{{lighttpd_enable}}'
 nvram set lighttpd_port='{{lighttpd_port}}'
 nvram set lighttpd_sslport='{{lighttpd_sslport}}'
 nvram set lighttpd_wan='{{lighttpd_wan}}'

 ### Link Layer Topology Discovery
 nvram set lltd_enabled='{{lltd_enabled}}'

 ### IP over DNS Tunneling
 nvram set nstxd_enable='{{nstxd_enable}}'
 nvram set nstx_ipenable='{{nstx_ipenable}}'
 nvram set nstx_ip='{{nstx_ip}}'
 nvram set nstx_log='{{nstx_log}}'

 ### PPPoE Relay
 nvram set pppoerelay_enable='{{pppoerelay_enable}}'

 ### SES / AOSS / EZ-SETUP / WPS Button
 nvram set radiooff_button='{{radiooff_button}}'
 nvram set radiooff_boot_off='{{radiooff_boot_off}}'

 ### RFlow / MACupd
 nvram set rflow_enable='{{rflow_enable}}'
 nvram set rflow_ip='{{rflow_ip}}'
 nvram set rflow_port='{{rflow_port}}'
 nvram set rflow_if='{{rflow_if}}'
 nvram set macupd_enable='{{macupd_enable}}'
 nvram set macupd_ip='{{macupd_ip}}'
 nvram set macupd_port='{{macupd_port}}'
 nvram set macupd_interval='{{macupd_interval}}'

 ### SNMP
 nvram set snmpd_enable='{{snmpd_enable}}'
 nvram set snmpd_syslocation='{{snmpd_syslocation}}'
 nvram set snmpd_syscontact='{{snmpd_syscontact}}'
 nvram set snmpd_sysname='{{snmpd_sysname}}'
 nvram set snmpd_rocommunity='{{snmpd_rocommunity}}'
 nvram set snmpd_rwcommunity='{{snmpd_rwcommunity}}'

 ### Secure Shell
 nvram set sshd_enable='{{sshd_enable}}'
 nvram set sshd_forwarding='{{sshd_forwarding}}'
 nvram set sshd_passwd_auth='{{sshd_passwd_auth}}'
 nvram set sshd_port='{{sshd_port}}'
 nvram set sshd_authorized_keys='{{sshd_authorized_keys}}'
 nvram set sshd_rsa_host_key='{{sshd_rsa_host_key}}'

 ### System log
 nvram set syslogd_enable='{{syslogd_enable}}'
 nvram set klogd_enable='{{klogd_enable}}'
 nvram set syslogd_rem_ip='{{syslogd_rem_ip}}'
 nvram set syslogd_file='{{syslogd_file}}'

 ### Telnet
 nvram set telnetd_enable='{{telnetd_enable}}'

 ### WAN traffic counter
 nvram set ttraff_enable='{{ttraff_enable}}'

 ### VNC
 nvram set vncr_enable='{{vncr_enable}}'

 ### Zabbix
 nvram set zabbix_enable='{{zabbix_enable}}'
 nvram set zabbix_serverip='{{zabbix_serverip}}'
 nvram set zabbix_usrpara='{{zabbix_usrpara}}'

 ## FreeRadius

 ### FreeRadius
 nvram set radius_enabled='{{radius_enabled}}'

 ## PPPoE server

 ### PPPoE server
 nvram set pppoeserver_enabled='{{pppoeserver_enabled}}'

 ## VPN

 ### PPTP server
 nvram set pptpd_enable='{{pptpd_enable}}'

 ### PPTP client
 nvram set pptpd_client_enable='{{pptpd_client_enable}}'

 ### OpenVPN server/daemon
 nvram set openvpn_enable='{{openvpn_enable}}'

 ### OpenVPN client
 nvram set openvpncl_enable='{{openvpncl_enable}}'

 ### IPsec server
 nvram set ipsecserver_enable='{{ipsecserver_enable}}'

 ## USB
 nvram set usb_enable='{{usb_enable}}'
 nvram set usb_printer='{{usb_printer}}'
 nvram set usb_storage='{{usb_storage}}'
 nvram set usb_ip='{{usb_ip}}'
 nvram set usb_automnt='{{usb_automnt}}'
 nvram set usb_runonmount='{{usb_runonmount}}'
 nvram set usb_mntjffs='{{usb_mntjffs}}'
 nvram set usb_mntopt='{{usb_mntopt}}'
 nvram set usb_ses_umount='{{usb_ses_umount}}'

 ## NAS

 ### ProFTPD
 nvram set proftpd_enable='{{proftpd_enable}}'

 ### Samba
 nvram set samba3_enable='{{samba3_enable}}'

 ### MiniDLNA
 nvram set dlna_enable='{{dlna_enable}}'

 ## Hotspot

 ### Hotspot System
 nvram set hotss_enable='{{hotss_enable}}'

 ### WiFiDog
 nvram set wd_enable='{{wd_enable}}'

 ### ChilliSpot
 nvram set chilli_enable='{{chilli_enable}}'

 ### HTTP redirect
 nvram set http_redirect_enable='{{http_redirect_enable}}'

 ### NoCatSplash
 nvram set NC_enable='{{NC_enable}}'

 ### Zero IP config
 nvram set shat_enable='{{shat_enable}}'

 ### SMTP redirect
 nvram set smtp_redirect_enable='{{smtp_redirect_enable}}'

 ## SIP proxy

 ### SIP proxy
 nvram set milkfish_enabled='{{milkfish_enabled}}'

 ## Adblocking

 ### Privoxy
 nvram set privoxy_enable='{{privoxy_enable}}'
 nvram set privoxy_pac_enable='{{privoxy_pac_enable}}'
 nvram set privoxy_transp_enable='{{privoxy_transp_enable}}'
 nvram set privoxy_transp_exclude='{{privoxy_transp_exclude}}'
 nvram set privoxy_advanced='{{privoxy_advanced}}'
 nvram set privoxy_conf='{{privoxy_conf}}'

 # Security

 ## Firewall

 ### Firewall protection
 nvram set filter='{{filter}}'

 ### Additional filters
 nvram set block_proxy='{{block_proxy}}'
 nvram set block_cookie='{{block_cookie}}'
 nvram set block_java='{{block_java}}'
 nvram set block_activex='{{block_activex}}'
 nvram set filter_tos='{{filter_tos}}'
 nvram set arp_spoofing='{{arp_spoofing}}'

 ### Block WAN requests
 nvram set block_wan='{{block_wan}}'
 nvram set block_multicast='{{block_multicast}}'
 nvram set block_loopback='{{block_loopback}}'
 nvram set block_ident='{{block_ident}}'
 nvram set block_snmp='{{block_snmp}}'

 ### Impede WAN DoS/Bruteforce
 nvram set limit_ssh='{{limit_ssh}}'
 nvram set limit_telnet='{{limit_telnet}}'
 nvram set limit_pptp='{{limit_pptp}}'
 nvram set limit_ftp='{{limit_ftp}}'

 ### Connection warning notifier
 nvram set warn_enabled='{{warn_enabled}}'
 nvram set warn_connlimit='{{warn_connlimit}}'
 nvram set warn_server='{{warn_server}}'
 nvram set warn_user='{{warn_user}}'
 nvram set warn_pass='{{warn_pass}}'
 nvram set warn_from='{{warn_from}}'
 nvram set warn_fromfull='{{warn_fromfull}}'
 nvram set warn_domain='{{warn_domain}}'
 nvram set warn_to='{{warn_to}}'

 ### Log management
 nvram set log_enable='{{log_enable}}'
 nvram set log_level='{{log_level}}'
 nvram set log_dropped='{{log_dropped}}'
 nvram set log_rejected='{{log_rejected}}'
 nvram set log_accepted='{{log_accepted}}'

 ## VPN passthrough
 nvram set ipsec_pass='{{ipsec_pass}}'
 nvram set pptp_pass='{{pptp_pass}}'
 nvram set l2tp_pass='{{l2tp_pass}}'

 # NAT / QoS

 ## Port forwarding
 nvram set forwardspec_entries='{{forwardspec_entries}}'
 nvram set forward_spec='{{forward_spec}}'

 ## Port range forwarding
 nvram set forward_entries='{{forward_entries}}'
 nvram set forward_port='{{forward_port}}'

 ## Port triggering
 nvram set trigger_entries='{{trigger_entries}}'
 nvram set port_trigger='{{port_trigger}}'

 ## UPnP
 nvram set upnp_enable='{{upnp_enable}}'

 ## DMZ
 nvram set dmz_enable='{{dmz_enable}}'

 ## QoS
 nvram set wshaper_enable='{{wshaper_enable}}'

 # Administration

 ## Management

 ### Router password
 nvram set http_username='{{http_username}}'
 nvram set http_passwd='{{http_passwd}}'

 ### Update
 nvram set autoupdate='{{autoupdate}}'

 ### Web access
 nvram set http_enable='{{http_enable}}'
 nvram set https_enable='{{https_enable}}'
 nvram set refresh_time='{{refresh_time}}'
 nvram set status_auth='{{status_auth}}'
 nvram set info_passwd='{{info_passwd}}'
 nvram set maskmac='{{maskmac}}'

 ### Remote access
 nvram set remote_management='{{remote_management}}'
 nvram set remote_mgt_https='{{remote_mgt_https}}'
 nvram set http_wanport='{{http_wanport}}'
 nvram set remote_mgt_ssh='{{remote_mgt_ssh}}'
 nvram set sshd_wanport='{{sshd_wanport}}'
 nvram set remote_mgt_telnet='{{remote_mgt_telnet}}'
 nvram set telnet_wanport='{{telnet_wanport}}'
 nvram set remote_ip_any='{{remote_ip_any}}'
 nvram set remote_ip='{{remote_ip}}'

 ### Boot wait
 nvram set boot_wait='{{boot_wait}}'

 ### Cron
 nvram set cron_enable='{{cron_enable}}'
 nvram set cron_jobs='{{cron_jobs}}'

 ### 802.1x
 nvram set nas_enable='{{nas_enable}}'

 ### Reset button
 nvram set resetbutton_enable='{{resetbutton_enable}}'

 ### Routing
 nvram set zebra_enable='{{zebra_enable}}'

 ### JFFS2 support
 nvram set enable_jffs2='{{enable_jffs2}}'
 nvram set clean_jffs2='{{clean_jffs2}}'

 ### Language selection
 nvram set language='{{language}}'

 ### IP filter settings
 nvram set tcp_congestion_control='{{tcp_congestion_control}}'
 nvram set ip_conntrack_max='{{ip_conntrack_max}}'
 nvram set ip_conntrack_tcp_timeouts='{{ip_conntrack_tcp_timeouts}}'
 nvram set ip_conntrack_udp_timeouts='{{ip_conntrack_udp_timeouts}}'

 ### Router GUI style
 nvram set router_style='{{router_style}}'
 nvram set router_style_dark='{{router_style_dark}}'

 ### CIFS automount
 nvram set samba_mount='{{samba_mount}}'
 nvram set samba_share='{{samba_share}}'
 nvram set samba_user='{{samba_user}}'
 nvram set samba_password='{{samba_password}}'
 nvram set samba_script='{{samba_script}}'

 ## Keep alive

 ### Proxy/Connection watchdog
 nvram set squid_watchdog_enable='{{squid_watchdog_enable}}'
 nvram set squid_watchdog_interval_sec='{{squid_watchdog_interval_sec}}'
 nvram set squid_proxy_server_ip='{{squid_proxy_server_ip}}'
 nvram set squid_proxy_server_port='{{squid_proxy_server_port}}'

 ### Schedule reboot
 nvram set schedule_enable='{{schedule_enable}}'
 nvram set schedule_hour_time='{{schedule_hour_time}}'
 nvram set schedule_hours='{{schedule_hours}}'
 nvram set schedule_minutes='{{schedule_minutes}}'
 nvram set schedule_weekdays='{{schedule_weekdays}}'

 ### WDS/Connection watchdog
 nvram set wds_watchdog_enable='{{wds_watchdog_enable}}'
 nvram set wds_watchdog_interval_sec='{{wds_watchdog_interval_sec}}'
 nvram set wds_watchdog_ips='{{wds_watchdog_ips}}'

 ## WOL

 ### Automatic Wake-On-LAN
 nvram set wol_enable='{{wol_enable}}'
 nvram set wol_interval='{{wol_interval}}'
 nvram set wol_hostname='{{wol_hostname}}'
 nvram set wol_passwd='{{wol_passwd}}'
 nvram set wol_macs='{{wol_macs}}'

 # Commit
 nvram commit
 reboot
 EOF
 )

 # Escape strings in sed: https://stackoverflow.com/a/29613573
 quoteRe() { printf -- '%s' "$1" | sed -e 's/[^^]/[&]/g; s/\^/\\^/g; $!a'\\''"$(printf '\n')"'\\n' | tr -d '\n'; }
 quoteSubst() { printf -- '%s' "$1" | sed -e ':a' -e '$!{N;ba' -e '}' -e 's/[&/\]/\\&/g; s/\n/\\&/g'; }

 # Substitute params
 params=$(printf -- '%s\n' "$template" | sed -n 's/.*{{\([[:alnum:]_-]\{1,\}\)}}.*/\1/p' | sort -u)
 for param in $params; do
 	k=$(quoteRe "$param")
 	v=$(quoteSubst "$(nvram get "$param" 2>/dev/null)" | sed "s/'/'\\\''/g")
 	template=$(printf -- '%s\n' "$template" | sed "s/{{${k}}}/${v}/g")
 done

 # Print script
 printf -- '%s\n\n%s\n' '#!/bin/sh' "$template"
	#!/bin/sh

	# Author: Héctor Molinero Fernández <[email protected]>
	# License: MIT, https://opensource.org/licenses/MIT
	# Usage:
	# ssh [email protected] 'sh -s' < dd_wrt_backup.sh > dd_wrt_restore.sh
	# ssh [email protected] 'sh -s' < dd_wrt_restore.sh

	set -eu
	export LC_ALL=C

	template=$(cat <<-'EOF'
	# Reset
	nvram erase

	# Setup

	## Basic setup

	### WAN setup

	#### WAN connection type
	nvram set wan_proto='{{wan_proto}}'
	nvram set wan_ipaddr='{{wan_ipaddr}}'
	nvram set wan_netmask='{{wan_netmask}}'
	nvram set wan_gateway='{{wan_gateway}}'
	nvram set wan_dns='{{wan_dns}}'

	#### Optional settings
	nvram set router_name='{{router_name}}'
	nvram set wan_hostname='{{wan_hostname}}'
	nvram set wan_domain='{{wan_domain}}'
	nvram set mtu_enable='{{mtu_enable}}'
	nvram set wan_mtu='{{wan_mtu}}'
	nvram set sfe='{{sfe}}'
	nvram set lan_stp='{{lan_stp}}'

	### Network setup

	#### Router IP
	nvram set lan_ipaddr='{{lan_ipaddr}}'
	nvram set lan_netmask='{{lan_netmask}}'
	nvram set lan_gateway='{{lan_gateway}}'
	nvram set sv_localdns='{{sv_localdns}}'

	#### Network address server settings (DHCP)
	nvram set dhcpfwd_enable='{{dhcpfwd_enable}}'
	nvram set lan_proto='{{lan_proto}}'
	nvram set dhcp_start='{{dhcp_start}}'
	nvram set dhcp_num='{{dhcp_num}}'
	nvram set dhcp_lease='{{dhcp_lease}}'
	nvram set wan_wins='{{wan_wins}}'
	nvram set dns_dnsmasq='{{dns_dnsmasq}}'
	nvram set auth_dnsmasq='{{auth_dnsmasq}}'
	nvram set dns_redirect='{{dns_redirect}}'

	#### Time settings
	nvram set ntp_enable='{{ntp_enable}}'
	nvram set time_zone='{{time_zone}}'
	nvram set ntp_server='{{ntp_server}}'

	## IPv6
	nvram set ipv6_enable='{{ipv6_enable}}'

	# Wireless

	## Basic settings

	### Country settings

	#### Regulatory domain
	nvram set wl_regdomain='{{wl_regdomain}}'
	nvram set wl_reg_mode='{{wl_reg_mode}}'
	nvram set wl_tpc_db='{{wl_tpc_db}}'

	### Wireless physical interface wl0

	#### Physical Interface wl0
	nvram set wl0_mode='{{wl0_mode}}'
	nvram set wl0_net_mode='{{wl0_net_mode}}'
	nvram set wl_ssid='{{wl_ssid}}'
	nvram set wl0_ssid='{{wl0_ssid}}'
	nvram set wl_channel='{{wl_channel}}'
	nvram set wl0_channel='{{wl0_channel}}'
	nvram set wl0_wchannel='{{wl0_wchannel}}'
	nvram set wl0_nbw='{{wl0_nbw}}'
	nvram set wl0_closed='{{wl0_closed}}'
	nvram set wl0_turbo_qam='{{wl0_turbo_qam}}'
	nvram set wl0_txbf='{{wl0_txbf}}'
	nvram set wl0_txbf_imp='{{wl0_txbf_imp}}'
	nvram set wl0_atf='{{wl0_atf}}'
	nvram set eth1_multicast_to_unicast='{{eth1_multicast_to_unicast}}'
	nvram set eth1_bridged='{{eth1_bridged}}'

	### Wireless physical interface wl1

	#### Physical interface wl1
	nvram set wl1_mode='{{wl1_mode}}'
	nvram set wl1_net_mode='{{wl1_net_mode}}'
	nvram set wl1_ssid='{{wl1_ssid}}'
	nvram set wl1_channel='{{wl1_channel}}'
	nvram set wl1_wchannel='{{wl1_wchannel}}'
	nvram set wl1_nbw='{{wl1_nbw}}'
	nvram set wl1_closed='{{wl1_closed}}'
	nvram set wl1_txbf='{{wl1_txbf}}'
	nvram set wl1_txbf_imp='{{wl1_txbf_imp}}'
	nvram set wl1_atf='{{wl1_atf}}'
	nvram set eth2_multicast_to_unicast='{{eth2_multicast_to_unicast}}'
	nvram set eth2_bridged='{{eth2_bridged}}'

	## Radius
	nvram set wl_radauth='{{wl_radauth}}'

	## Wireless security

	### Wireless security wl0

	#### Physical Interface wl0
	nvram set wl0_authmode='{{wl0_authmode}}'
	nvram set wl0_auth_mode='{{wl0_auth_mode}}'
	nvram set wl0_security_mode='{{wl0_security_mode}}'
	nvram set wl0_akm='{{wl0_akm}}'
	nvram set wl0_crypto='{{wl0_crypto}}'
	nvram set wl0_wpa_psk='{{wl0_wpa_psk}}'
	nvram set wl0_wpa_gtk_rekey='{{wl0_wpa_gtk_rekey}}'
	nvram set wl0_wds0='{{wl0_wds0}}'
	nvram set wl0_wep_buf='{{wl0_wep_buf}}'

	### Wireless security wl1

	#### Physical Interface wl1
	nvram set wl1_authmode='{{wl1_authmode}}'
	nvram set wl1_auth_mode='{{wl1_auth_mode}}'
	nvram set wl1_security_mode='{{wl1_security_mode}}'
	nvram set wl1_akm='{{wl1_akm}}'
	nvram set wl1_crypto='{{wl1_crypto}}'
	nvram set wl1_wpa_psk='{{wl1_wpa_psk}}'
	nvram set wl1_wpa_gtk_rekey='{{wl1_wpa_gtk_rekey}}'
	nvram set wl1_wds0='{{wl1_wds0}}'
	nvram set wl1_wep_buf='{{wl1_wep_buf}}'

	## MAC filter

	### wl0 SSID
	nvram set wl0_macmode='{{wl0_macmode}}'
	nvram set wl0_macmode1='{{wl0_macmode1}}'

	### wl1 SSID
	nvram set wl1_macmode='{{wl1_macmode}}'
	nvram set wl1_macmode1='{{wl1_macmode1}}'

	# Services

	## Services

	### DHCP client
	nvram set dhcpc_vendorclass='{{dhcpc_vendorclass}}'
	nvram set dhcpc_requestip='{{dhcpc_requestip}}'

	### DHCP server
	nvram set dhcpd_usenvram='{{dhcpd_usenvram}}'
	nvram set dhcp_domain='{{dhcp_domain}}'
	nvram set lan_domain='{{lan_domain}}'
	nvram set dhcpd_options='{{dhcpd_options}}'
	nvram set static_leasenum='{{static_leasenum}}'
	nvram set static_leases='{{static_leases}}'

	### Dnsmasq
	nvram set dnsmasq_enable='{{dnsmasq_enable}}'
	nvram set dnssec_proxy='{{dnssec_proxy}}'
	nvram set dnssec='{{dnssec}}'
	nvram set dnssec_cu='{{dnssec_cu}}'
	nvram set local_dns='{{local_dns}}'
	nvram set dnsmasq_no_dns_rebind='{{dnsmasq_no_dns_rebind}}'
	nvram set dnsmasq_strict='{{dnsmasq_strict}}'
	nvram set dnsmasq_add_mac='{{dnsmasq_add_mac}}'
	nvram set dnsmasq_rc='{{dnsmasq_rc}}'
	nvram set dnsmasq_cachesize='{{dnsmasq_cachesize}}'
	nvram set dnsmasq_options='{{dnsmasq_options}}'

	### Hardware monitoring
	nvram set hwmon_temp_max='{{hwmon_temp_max}}'
	nvram set hwmon_temp_hyst='{{hwmon_temp_hyst}}'

	### Lighttpd
	nvram set lighttpd_enable='{{lighttpd_enable}}'
	nvram set lighttpd_port='{{lighttpd_port}}'
	nvram set lighttpd_sslport='{{lighttpd_sslport}}'
	nvram set lighttpd_wan='{{lighttpd_wan}}'

	### Link Layer Topology Discovery
	nvram set lltd_enabled='{{lltd_enabled}}'

	### IP over DNS Tunneling
	nvram set nstxd_enable='{{nstxd_enable}}'
	nvram set nstx_ipenable='{{nstx_ipenable}}'
	nvram set nstx_ip='{{nstx_ip}}'
	nvram set nstx_log='{{nstx_log}}'

	### PPPoE Relay
	nvram set pppoerelay_enable='{{pppoerelay_enable}}'

	### SES / AOSS / EZ-SETUP / WPS Button
	nvram set radiooff_button='{{radiooff_button}}'
	nvram set radiooff_boot_off='{{radiooff_boot_off}}'

	### RFlow / MACupd
	nvram set rflow_enable='{{rflow_enable}}'
	nvram set rflow_ip='{{rflow_ip}}'
	nvram set rflow_port='{{rflow_port}}'
	nvram set rflow_if='{{rflow_if}}'
	nvram set macupd_enable='{{macupd_enable}}'
	nvram set macupd_ip='{{macupd_ip}}'
	nvram set macupd_port='{{macupd_port}}'
	nvram set macupd_interval='{{macupd_interval}}'

	### SNMP
	nvram set snmpd_enable='{{snmpd_enable}}'
	nvram set snmpd_syslocation='{{snmpd_syslocation}}'
	nvram set snmpd_syscontact='{{snmpd_syscontact}}'
	nvram set snmpd_sysname='{{snmpd_sysname}}'
	nvram set snmpd_rocommunity='{{snmpd_rocommunity}}'
	nvram set snmpd_rwcommunity='{{snmpd_rwcommunity}}'

	### Secure Shell
	nvram set sshd_enable='{{sshd_enable}}'
	nvram set sshd_forwarding='{{sshd_forwarding}}'
	nvram set sshd_passwd_auth='{{sshd_passwd_auth}}'
	nvram set sshd_port='{{sshd_port}}'
	nvram set sshd_authorized_keys='{{sshd_authorized_keys}}'
	nvram set sshd_rsa_host_key='{{sshd_rsa_host_key}}'

	### System log
	nvram set syslogd_enable='{{syslogd_enable}}'
	nvram set klogd_enable='{{klogd_enable}}'
	nvram set syslogd_rem_ip='{{syslogd_rem_ip}}'
	nvram set syslogd_file='{{syslogd_file}}'

	### Telnet
	nvram set telnetd_enable='{{telnetd_enable}}'

	### WAN traffic counter
	nvram set ttraff_enable='{{ttraff_enable}}'

	### VNC
	nvram set vncr_enable='{{vncr_enable}}'

	### Zabbix
	nvram set zabbix_enable='{{zabbix_enable}}'
	nvram set zabbix_serverip='{{zabbix_serverip}}'
	nvram set zabbix_usrpara='{{zabbix_usrpara}}'

	## FreeRadius

	### FreeRadius
	nvram set radius_enabled='{{radius_enabled}}'

	## PPPoE server

	### PPPoE server
	nvram set pppoeserver_enabled='{{pppoeserver_enabled}}'

	## VPN

	### PPTP server
	nvram set pptpd_enable='{{pptpd_enable}}'

	### PPTP client
	nvram set pptpd_client_enable='{{pptpd_client_enable}}'

	### OpenVPN server/daemon
	nvram set openvpn_enable='{{openvpn_enable}}'

	### OpenVPN client
	nvram set openvpncl_enable='{{openvpncl_enable}}'

	### IPsec server
	nvram set ipsecserver_enable='{{ipsecserver_enable}}'

	## USB
	nvram set usb_enable='{{usb_enable}}'
	nvram set usb_printer='{{usb_printer}}'
	nvram set usb_storage='{{usb_storage}}'
	nvram set usb_ip='{{usb_ip}}'
	nvram set usb_automnt='{{usb_automnt}}'
	nvram set usb_runonmount='{{usb_runonmount}}'
	nvram set usb_mntjffs='{{usb_mntjffs}}'
	nvram set usb_mntopt='{{usb_mntopt}}'
	nvram set usb_ses_umount='{{usb_ses_umount}}'

	## NAS

	### ProFTPD
	nvram set proftpd_enable='{{proftpd_enable}}'

	### Samba
	nvram set samba3_enable='{{samba3_enable}}'

	### MiniDLNA
	nvram set dlna_enable='{{dlna_enable}}'

	## Hotspot

	### Hotspot System
	nvram set hotss_enable='{{hotss_enable}}'

	### WiFiDog
	nvram set wd_enable='{{wd_enable}}'

	### ChilliSpot
	nvram set chilli_enable='{{chilli_enable}}'

	### HTTP redirect
	nvram set http_redirect_enable='{{http_redirect_enable}}'

	### NoCatSplash
	nvram set NC_enable='{{NC_enable}}'

	### Zero IP config
	nvram set shat_enable='{{shat_enable}}'

	### SMTP redirect
	nvram set smtp_redirect_enable='{{smtp_redirect_enable}}'

	## SIP proxy

	### SIP proxy
	nvram set milkfish_enabled='{{milkfish_enabled}}'

	## Adblocking

	### Privoxy
	nvram set privoxy_enable='{{privoxy_enable}}'
	nvram set privoxy_pac_enable='{{privoxy_pac_enable}}'
	nvram set privoxy_transp_enable='{{privoxy_transp_enable}}'
	nvram set privoxy_transp_exclude='{{privoxy_transp_exclude}}'
	nvram set privoxy_advanced='{{privoxy_advanced}}'
	nvram set privoxy_conf='{{privoxy_conf}}'

	# Security

	## Firewall

	### Firewall protection
	nvram set filter='{{filter}}'

	### Additional filters
	nvram set block_proxy='{{block_proxy}}'
	nvram set block_cookie='{{block_cookie}}'
	nvram set block_java='{{block_java}}'
	nvram set block_activex='{{block_activex}}'
	nvram set filter_tos='{{filter_tos}}'
	nvram set arp_spoofing='{{arp_spoofing}}'

	### Block WAN requests
	nvram set block_wan='{{block_wan}}'
	nvram set block_multicast='{{block_multicast}}'
	nvram set block_loopback='{{block_loopback}}'
	nvram set block_ident='{{block_ident}}'
	nvram set block_snmp='{{block_snmp}}'

	### Impede WAN DoS/Bruteforce
	nvram set limit_ssh='{{limit_ssh}}'
	nvram set limit_telnet='{{limit_telnet}}'
	nvram set limit_pptp='{{limit_pptp}}'
	nvram set limit_ftp='{{limit_ftp}}'

	### Connection warning notifier
	nvram set warn_enabled='{{warn_enabled}}'
	nvram set warn_connlimit='{{warn_connlimit}}'
	nvram set warn_server='{{warn_server}}'
	nvram set warn_user='{{warn_user}}'
	nvram set warn_pass='{{warn_pass}}'
	nvram set warn_from='{{warn_from}}'
	nvram set warn_fromfull='{{warn_fromfull}}'
	nvram set warn_domain='{{warn_domain}}'
	nvram set warn_to='{{warn_to}}'

	### Log management
	nvram set log_enable='{{log_enable}}'
	nvram set log_level='{{log_level}}'
	nvram set log_dropped='{{log_dropped}}'
	nvram set log_rejected='{{log_rejected}}'
	nvram set log_accepted='{{log_accepted}}'

	## VPN passthrough
	nvram set ipsec_pass='{{ipsec_pass}}'
	nvram set pptp_pass='{{pptp_pass}}'
	nvram set l2tp_pass='{{l2tp_pass}}'

	# NAT / QoS

	## Port forwarding
	nvram set forwardspec_entries='{{forwardspec_entries}}'
	nvram set forward_spec='{{forward_spec}}'

	## Port range forwarding
	nvram set forward_entries='{{forward_entries}}'
	nvram set forward_port='{{forward_port}}'

	## Port triggering
	nvram set trigger_entries='{{trigger_entries}}'
	nvram set port_trigger='{{port_trigger}}'

	## UPnP
	nvram set upnp_enable='{{upnp_enable}}'

	## DMZ
	nvram set dmz_enable='{{dmz_enable}}'

	## QoS
	nvram set wshaper_enable='{{wshaper_enable}}'

	# Administration

	## Management

	### Router password
	nvram set http_username='{{http_username}}'
	nvram set http_passwd='{{http_passwd}}'

	### Update
	nvram set autoupdate='{{autoupdate}}'

	### Web access
	nvram set http_enable='{{http_enable}}'
	nvram set https_enable='{{https_enable}}'
	nvram set refresh_time='{{refresh_time}}'
	nvram set status_auth='{{status_auth}}'
	nvram set info_passwd='{{info_passwd}}'
	nvram set maskmac='{{maskmac}}'

	### Remote access
	nvram set remote_management='{{remote_management}}'
	nvram set remote_mgt_https='{{remote_mgt_https}}'
	nvram set http_wanport='{{http_wanport}}'
	nvram set remote_mgt_ssh='{{remote_mgt_ssh}}'
	nvram set sshd_wanport='{{sshd_wanport}}'
	nvram set remote_mgt_telnet='{{remote_mgt_telnet}}'
	nvram set telnet_wanport='{{telnet_wanport}}'
	nvram set remote_ip_any='{{remote_ip_any}}'
	nvram set remote_ip='{{remote_ip}}'

	### Boot wait
	nvram set boot_wait='{{boot_wait}}'

	### Cron
	nvram set cron_enable='{{cron_enable}}'
	nvram set cron_jobs='{{cron_jobs}}'

	### 802.1x
	nvram set nas_enable='{{nas_enable}}'

	### Reset button
	nvram set resetbutton_enable='{{resetbutton_enable}}'

	### Routing
	nvram set zebra_enable='{{zebra_enable}}'

	### JFFS2 support
	nvram set enable_jffs2='{{enable_jffs2}}'
	nvram set clean_jffs2='{{clean_jffs2}}'

	### Language selection
	nvram set language='{{language}}'

	### IP filter settings
	nvram set tcp_congestion_control='{{tcp_congestion_control}}'
	nvram set ip_conntrack_max='{{ip_conntrack_max}}'
	nvram set ip_conntrack_tcp_timeouts='{{ip_conntrack_tcp_timeouts}}'
	nvram set ip_conntrack_udp_timeouts='{{ip_conntrack_udp_timeouts}}'

	### Router GUI style
	nvram set router_style='{{router_style}}'
	nvram set router_style_dark='{{router_style_dark}}'

	### CIFS automount
	nvram set samba_mount='{{samba_mount}}'
	nvram set samba_share='{{samba_share}}'
	nvram set samba_user='{{samba_user}}'
	nvram set samba_password='{{samba_password}}'
	nvram set samba_script='{{samba_script}}'

	## Keep alive

	### Proxy/Connection watchdog
	nvram set squid_watchdog_enable='{{squid_watchdog_enable}}'
	nvram set squid_watchdog_interval_sec='{{squid_watchdog_interval_sec}}'
	nvram set squid_proxy_server_ip='{{squid_proxy_server_ip}}'
	nvram set squid_proxy_server_port='{{squid_proxy_server_port}}'

	### Schedule reboot
	nvram set schedule_enable='{{schedule_enable}}'
	nvram set schedule_hour_time='{{schedule_hour_time}}'
	nvram set schedule_hours='{{schedule_hours}}'
	nvram set schedule_minutes='{{schedule_minutes}}'
	nvram set schedule_weekdays='{{schedule_weekdays}}'

	### WDS/Connection watchdog
	nvram set wds_watchdog_enable='{{wds_watchdog_enable}}'
	nvram set wds_watchdog_interval_sec='{{wds_watchdog_interval_sec}}'
	nvram set wds_watchdog_ips='{{wds_watchdog_ips}}'

	## WOL

	### Automatic Wake-On-LAN
	nvram set wol_enable='{{wol_enable}}'
	nvram set wol_interval='{{wol_interval}}'
	nvram set wol_hostname='{{wol_hostname}}'
	nvram set wol_passwd='{{wol_passwd}}'
	nvram set wol_macs='{{wol_macs}}'

	# Commit
	nvram commit
	reboot
	EOF
	)

	# Escape strings in sed: https://stackoverflow.com/a/29613573
	quoteRe() { printf -- '%s' "$1" \| sed -e 's/[^^]/[&]/g; s/\^/\\^/g; $!a'\\''"$(printf '\n')"'\\n' \| tr -d '\n'; }
	quoteSubst() { printf -- '%s' "$1" \| sed -e ':a' -e '$!{N;ba' -e '}' -e 's/[&/\]/\\&/g; s/\n/\\&/g'; }

	# Substitute params
	params=$(printf -- '%s\n' "$template" \| sed -n 's/.{{\([[:alnum:]_-]\{1,\}\)}}./\1/p' \| sort -u)
	for param in $params; do
	k=$(quoteRe "$param")
	v=$(quoteSubst "$(nvram get "$param" 2>/dev/null)" \| sed "s/'/'\\\''/g")
	template=$(printf -- '%s\n' "$template" \| sed "s/{{${k}}}/${v}/g")
	done

	# Print script
	printf -- '%s\n\n%s\n' '#!/bin/sh' "$template"