diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..503c669
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,37 @@
+# Freifunk München Firmware Changelog
+
+## v2015.1
+ - Updated to Gluon 2014.4 release
+ - Autoupdater
+ - Now enabled per default
+ - Also fetch firmware from build.freifunk-muenchen.de
+ - Require two signatures instead of one for stable autoupdate
+
+## snapshot~20141119
+ - fixed ipv4-prefix to /16 netmask
+ - changed gateways ips to domain-names
+ - changed `msg_pub_key` to automate entering the node-data to our key-form
+ - changed mesh-SSID from 02:0E:8E:1E:61:17 to mesh.ffm
+ - added `ntp_servers` '2.ntp.services.ffm','3.ntp.services.ffm','4.ntp.services.ffm'
+ - changed `site_code` back to ffmuc (instead of ffm)
+ - changed `hostname_prefix` to NULL
+ - changed `mesh_ssid` to mesh.ffmuc
+ - added public key from fpletz
+
+## 0.6~stable20141018
+ - changed ip address for gw02
+
+## 0.6~stable20141011
+ - gw04 hinzugefügt
+ - Text "Knoten hinzufügen" geändert
+ - Autoupdater auf "stable" als Standart-Wert gesetzt
+
+## 0.6~exp20141004
+ - Autoupdater hinzugefügt
+
+## 0.6~exp20140926
+ - Bugfixes
+ - gw02 hinzugefügt
+
+## 0.6~exp20140907
+ - initiale Version
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..4e23a29
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,50 @@
+GLUON_BUILD_DIR := gluon-build
+GLUON_GIT_URL := git://github.com/freifunk-gluon/gluon.git
+GLUON_GIT_REF := v2014.4
+
+SECRET_KEY_FILE ?= ${HOME}/.gluon-secret-key
+
+_GIT_DESCRIBE = $(shell git describe --tags 2>/dev/null)
+ifneq (,${_GIT_DESCRIBE})
+ GLUON_RELEASE := ${_GIT_DESCRIBE}
+ GLUON_BRANCH := stable
+else
+ GLUON_RELEASE ?= snapshot~$(shell date '+%Y%m%d')~$(shell git describe --always)
+ GLUON_BRANCH := experimental
+endif
+
+JOBS ?= $(shell cat /proc/cpuinfo | grep processor | wc -l)
+
+GLUON_MAKE := ${MAKE} -j ${JOBS} -C ${GLUON_BUILD_DIR} \
+ GLUON_RELEASE=${GLUON_RELEASE} \
+ GLUON_BRANCH=${GLUON_BRANCH}
+
+all: gluon-clean
+ ${MAKE} manifest
+ ${MAKE} gluon-clean
+
+build: gluon-prepare
+ ${GLUON_MAKE}
+
+manifest: build
+ ${GLUON_MAKE} manifest
+ mv ${GLUON_BUILD_DIR}/images .
+
+sign: manifest
+ ${GLUON_BUILD_DIR}/contrib/sign.sh ${SECRET_KEY_FILE} images/sysupgrade/${GLUON_BRANCH}.manifest
+
+${GLUON_BUILD_DIR}:
+ git clone ${GLUON_GIT_URL} ${GLUON_BUILD_DIR}
+
+gluon-prepare: images-clean ${GLUON_BUILD_DIR}
+ (cd ${GLUON_BUILD_DIR} && git fetch origin && git checkout -q ${GLUON_GIT_REF})
+ ln -sfT .. ${GLUON_BUILD_DIR}/site
+ ${GLUON_MAKE} update
+
+gluon-clean:
+ rm -rf ${GLUON_BUILD_DIR}
+
+images-clean:
+ rm -rf images
+
+clean: gluon-clean images-clean
diff --git a/site.conf b/site.conf
new file mode 100644
index 0000000..08aa28f
--- /dev/null
+++ b/site.conf
@@ -0,0 +1,256 @@
+--[[
+ gluon site.conf example
+
+ This file contains the Munich freifunk site.conf which was adopted from the original freifunk suite used in Luebeck.
+ There are comments added to most switches to explain the usage of gluon.
+
+ This is lua code now, not perl anymore.
+
+ Happy compiling!
+]]
+
+{
+ --[[ Community settings
+ hostname_prefix: Nodename prefix
+ freifunk-abcdef123456 (hex-part is generated from node's MAC address)
+ site_name: Name of your community
+ site_code: Shortcode of your community
+ ]]
+
+ hostname_prefix = 'freifunk',
+ site_name = 'Freifunk München',
+ site_code = 'ffrgb-bat14',
+ opkg_repo = 'http://openwrt.draic.info/barrier_breaker/14.07/%S/packages',
+
+
+ --[[ General network settings
+ prefix4: IPv4 range of your community
+ prefix6: IPv6 range of your community
+ is also required for radvd ]]
+
+ prefix4 = '10.80.0.0/16',
+ prefix6 = 'fdef:ffc0:4fff::/64',
+
+
+ --[[ NTP settings
+ Synchronize the time of the nodes
+ timezone: Timezone of your community
+ http://wiki.openwrt.org/doc/uci/system#time.zones
+ ntp_servers: List of NTP-Servers to query. You can use any public and/or your private NTP-Servers of your community.
+ http://www.pool.ntp.org/zone/de ]]
+
+ timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
+ ntp_servers = {'1.ntp.services.ffm','3.ntp.services.ffm'},
+
+ --[[ Wireless settings
+ regdom: IEEE 802.11 Regulatory Domain
+ http://en.wikipedia.org/wiki/IEEE_802.11#Regulatory_domains_and_legal_compliance
+ wifi24: Wifi settings for 2.4 GHz frequency devices
+ wifi5: Wifi settings for 5 GHz frequency devices
+ sub
+ ssid: Wifi name shown to the user (We recommend %site_code%.freifunk.net)
+ channel: Wifi channel to use
+ htmode: Specifies the channel width in 802.11n and 802.11ac mode, possible values are:
+ HT20 (single 20MHz channel),
+ HT40- (2x 20MHz channels, primary/control channel is upper, secondary channel is below)
+ HT40+ (2x 20MHz channels, primary/control channel is lower, secondary channel is above).
+ VHT20 / VHT40 / VHT80 / VHT160 (channel width in 802.11ac, extra channels are picked according to the specification)
+ http://wiki.openwrt.org/doc/uci/wireless#common.options (-> htmode)
+ mesh_ssid: SSID of the mesh-interface, an ugly SSID prevent clients from connecting (We recommend not to change this)
+ mesh_bssid: BSSID of the mesh-interface
+ mesh_mcast_rate: multicast rate of the mesh-interface ]]
+
+ regdom = 'DE',
+
+ wifi24 = {
+ ssid = 'regensburg.freifunk.net',
+ channel = 1,
+ htmode = 'HT40+',
+ mesh_ssid = 'mesh.ffmuc',
+ mesh_bssid = '02:0E:8E:1E:61:17', --[[ from https://muenchen.freifunk.net/wiki/Knoten#B.A.T.M.A.N._Advanced ]]
+ mesh_mcast_rate = 12000,
+ },
+
+ wifi5 = {
+ ssid = 'regensburg.freifunk.net',
+ channel = 44,
+ htmode = 'HT40+',
+ mesh_ssid = 'mesh.ffmuc',
+ mesh_bssid = '02:0E:8E:1E:61:17',
+ mesh_mcast_rate = 12000,
+ },
+
+
+ --[[ Next-Node
+ next_node: Howto reach the node you are currently connected to
+ The node will always be reachable at that address, and it's the same on all nodes. Because next_node packets are redirected within the node itself, there will be no conflicts.
+ sub
+ ip4: IPv4 Address to use
+ ip6: IPv6 Address to use
+ mac: MAC Address to use
+ (TODO: What is the purpose of this MAC-Address here?) ]]
+
+ next_node = {
+ ip4 = '10.80.0.1',
+ ip6 = 'fdef:ffc0:4fff::1',
+ mac = '16:41:95:40:f7:dc',
+ },
+
+
+ --[[ Gateway settings
+ fastd_mesh_vpn: fastd vpn settings
+ https://projects.universe-factory.net/projects/fastd/wiki/User_manual
+ sub
+ methods: encryption algorithms to use
+ https://projects.universe-factory.net/projects/fastd/wiki/Methods
+ When multiple method statements are given, the first one has the highest preference.
+ mtu: package size
+ backbone: fastd vpn gateways of your community
+ sub
+ limit: Number of gateways each node connects to
+ On startup, each node tries to connect to every gateway, and then chooses the number of 'limit' fastest gateways it could reach
+ peers: Gateways
+ sub sub
+ key: public fastd key of your gateway
+ https://github.com/tcatm/ecdsautils
+ remotes: List of fastd configuration strings to connect to your gateway server ]]
+
+
+ fastd_mesh_vpn = {
+ methods = {'salsa2012+umac', 'salsa2012+gmac'},
+ mtu = 1426,
+ backbone = {
+ limit = 2,
+ peers = {
+ vpn_gw01 = { --[[ VPN Server von Ole (netcap) ]]
+ key = '0ac59c349980993c99e74e1c5242c39cdd7282fbab0b9575b35762993df510f3',
+ remotes = {'ipv4 "37.120.168.150" port 10000'},
+ },
+ vpn_gw04 = { --[[ VPN Server von mephisto ]]
+ key = '40ebfaf04da006d9150d3d8adeaab0dfa62ca645b416403537cb009bbf2125b5',
+ remotes = {'ipv4 "213.166.225.3" port 10000'},
+ },
+ },
+ },
+ },
+
+ --[[ gluon autoupdater section
+ a how-to can be found here: http://gluon.readthedocs.org/en/latest/features/autoupdater.html
+ enable: 0, 1
+ branch: stable, beta, experimental
+ name: name of the branch
+ mirrors: comma separated ipv6 based mirror-servers to access the firmware image
+ good_signatures: number of at leased good signatures signed by the authors of the firmware
+ pubkeys: public keys of the authors of the firmware image ]]
+
+autoupdater = {
+ enabled = 1,
+ branch = 'stable',
+ branches = {
+ stable = {
+ name = 'stable',
+ mirrors = {
+ 'http://[fdef:ffc0:4fff::14]/firmware/stable/sysupgrade/',
+ },
+ probability = 0.08,
+ good_signatures = 1,
+ pubkeys = {
+ '4d6b1a8e2ecfdb59469c38c3659916dd6046cd5270ddd31c3319b21c508eaa07', -- mephisto
+ },
+ },
+ experimental = {
+ name = 'experimental',
+ mirrors = {
+ 'http://[fdef:ffc0:4fff::14]/firmware/experimental/sysupgrade/',
+ },
+ probability = 0.1,
+ good_signatures = 1,
+ pubkeys = {
+ '4d6b1a8e2ecfdb59469c38c3659916dd6046cd5270ddd31c3319b21c508eaa07', -- mephisto
+ },
+ },
+ },
+ },
+
+
+
+ --[[ Simple TC settings to limit the bandwidth of the vpn-uplink
+ mesh_vpn:
+ sub
+ ifname: name of the interface/bridge
+ enabled: default-value
+ limit_egress: default-value
+ limit_ingress: default-value ]]
+
+ simple_tc = {
+ mesh_vpn = {
+ ifname = 'mesh-vpn',
+ enabled = false,
+ limit_egress = 200,
+ limit_ingress = 3000,
+ },
+ },
+
+
+ --[[ Config Mode settings
+ Text shown on local website on node while in config mode (after initial flashing or after a long press and hold on the primary button and reboot). You can use html here.
+ msg_welcome: Welcome message shown at startup
+ msg_pubkey: Instructions for the user how your community handles the key exchange
+ only shown if VPN setting is selected
+ msg_reboot: Message shown when configuration is finished while the node is rebooting.
+
+ Variables
+ Within the text given here you can use variables which are
+ replaced when the respective website is delivered to the user.
+ Variables must be used in the format <%=NAME%>. See msg_pubkey for an example.
+ hostname: hostname of the node
+ pubkey: fastd public key of the node
+ sysconfig.primary_mac the primary mac of the node, also found printed beneath the device
+ ... other sysconfig.* variables: config_ifname, lan_ifname, wan_ifname ]]
+
+
+ config_mode = {
+ msg_welcome = [[
+Willkommen zum Einrichtungsassistenten für deinen neuen Münchner
+Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen
+entsprechend aus und sende es ab.
+]],
+ msg_pubkey = [[
+
+Dies ist der öffentliche Schlüssel deines Freifunk-Knotens. Erst nachdem
+er auf den Servern des Münchener Freifunk-Projektes eingetragen wurde,
+kann sich dein Knoten mit dem Münchner Mesh-VPN verbinden.
+
+
+
+Um deinen Knoten einzutragen, öffne in einem Browser deiner Wahl bitte Keyformular, fülle das Formular aus und schicke es ab.
+
+
+
+Informationen für das Formular:
+
+ - Knotenname: <%=hostname%>
+ - MAC-Adresse: <%=sysconfig.primary_mac%>
+ - Key: <%=pubkey%>
+
+
+
+
+Sollte das Formular nicht verfügbar sein, sende bitte eine Mail an Ole oder frnk.
+
+]],
+ msg_reboot = [[
+
+Dein Knoten startet gerade neu und wird anschließend versuchen,
+sich mit anderen Freifunk-Knoten in seiner Nähe zu
+verbinden. Weitere Informationen zur
+Münchner Freifunk-Community findest du auf
+unserer Webseite.
+
+
+Viel Spaß mit deinem Knoten und der Erkundung von Freifunk!
+
+]],
+ },
+}
+-- vim: set ft=lua:ts=2:sw=2:et
diff --git a/site.mk b/site.mk
new file mode 100644
index 0000000..717a1b2
--- /dev/null
+++ b/site.mk
@@ -0,0 +1,31 @@
+GLUON_SITE_PACKAGES := \
+ gluon-mesh-batman-adv-14 \
+ gluon-alfred \
+ gluon-announced \
+ gluon-autoupdater \
+ gluon-config-mode-autoupdater \
+ gluon-config-mode-hostname \
+ gluon-config-mode-mesh-vpn \
+ gluon-config-mode-geo-location \
+ gluon-config-mode-contact-info \
+ gluon-ebtables-filter-multicast \
+ gluon-ebtables-filter-ra-dhcp \
+ gluon-luci-admin \
+ gluon-luci-autoupdater \
+ gluon-luci-portconfig \
+ gluon-luci-private-wifi \
+ gluon-next-node \
+ gluon-mesh-vpn-fastd \
+ gluon-radvd \
+ gluon-status-page \
+ iwinfo \
+ iptables \
+ haveged
+
+
+DEFAULT_GLUON_RELEASE := snapshot~$(shell date '+%Y%m%d')
+
+# Allow overriding the release number from the command line
+GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
+
+GLUON_PRIORITY ?= 0