From 60ec0e7240e6db4da4431246400568d0b4a7d6ba Mon Sep 17 00:00:00 2001 From: adminroot Date: Thu, 18 Sep 2025 00:02:06 -0700 Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E8=87=B3?= =?UTF-8?q?=20/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup.sh | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 setup.sh diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..243a7b2 --- /dev/null +++ b/setup.sh @@ -0,0 +1,154 @@ +#!/bin/bash +#运行命令: bash <(wget -qO- https://oplist.nvme.cc/d/share/bash/setup.sh) +echo "请选择要执行的脚本(可多选,用空格分隔):" +echo "1. 开启BBR" +echo "2. 设置Swap大小" +echo "3. 配置常用alias缩写" +echo "4. apt安装常用软件" +echo "5. 配置防火墙" +echo "6. 安装公钥" +echo "7. 安装caddy" +echo "8. 安装conda" +echo "9. 安装docker" +echo "10. 安装ss-rust" +read -p "输入你的选择: " choices + +# 处理选择 +for choice in $choices; do + case $choice in + 1) + echo "执行开启BBR的脚本..." + echo -e "net.core.default_qdisc=fq\nnet.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf + sysctl -p + ;; + 2) + read -p "输入Swap内存大小(MB): " swap_size + echo "执行设置Swap内存大小的脚本..." + dd if=/dev/zero of=/swapfile bs=1M count=$swap_size + mkswap /swapfile + swapon /swapfile + echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab + ;; + 3) + echo "配置常用alias缩写" + wget https://oplist.nvme.cc/d/share/bash/alias.txt -qO ~/.alias.txt + echo -e 'if [ -f ~/.alias.txt ]; then\n . ~/.alias.txt\nfi' >>/etc/profile + echo -e 'if [ -f ~/.alias.txt ]; then\n . ~/.alias.txt\nfi' >>~/.bashrc + wget https://oplist.nvme.cc/d/share/bash/nanorc -O ~/.nanorc + ;; + 4) + echo "即将安装htop cbm tree tmux ufw curl wget lsof nano sudo git git-lfs 7z" + read -p "额外安装(包名): " app + apt update -y + apt install -y htop cbm tree tmux ufw curl wget lsof nano sudo git git-lfs $app + wget https://www.7-zip.org/a/7z2501-linux-x64.tar.xz -O 7z.tar.xz + tar -xf 7z.tar.xz -C /usr/local/bin/ --transform 's/7zz$/7z/' "7zz" + chmod +x /usr/local/bin/7z + rm 7z.tar.xz + ;; + 5) + echo "配置防火墙" + apt update -y + apt install -y ufw + ufw allow 22 + ufw allow 80 + ufw allow 443 + ufw allow 13576 + ufw allow 24687 + echo "y" | ufw enable + bash -c 'cat >> /etc/ufw/after.rules << "EOF" + +# BEGIN UFW AND DOCKER +*filter +:ufw-user-forward - [0:0] +:ufw-docker-logging-deny - [0:0] +:DOCKER-USER - [0:0] +-A DOCKER-USER -j ufw-user-forward + +-A DOCKER-USER -j RETURN -s 10.0.0.0/8 +-A DOCKER-USER -j RETURN -s 172.16.0.0/12 +-A DOCKER-USER -j RETURN -s 192.168.0.0/16 + +-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN + +-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16 +-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8 +-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12 +-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 192.168.0.0/16 +-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/8 +-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.16.0.0/12 + +-A DOCKER-USER -j RETURN + +-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] " +-A ufw-docker-logging-deny -j DROP + +COMMIT +# END UFW AND DOCKER +EOF +ufw reload' + ufw status + ;; + 6) + echo "安装公钥" + mkdir -p ~/.ssh + echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfs6zCFdRG9uCraZLo2KQK8xgWlfZVvQJF16z5hsCBgv4SDJk+tEvQYv+FABxziZhju9mBnAl92W0vz/MpDYccFk4lXNU2LzSMiDJYwvn4lYVU6fFUw7+qdxHd44RlHRNgFXDQAu89akPw5XEVwYDkr4JgTFsqeNvQBrD6jLT7MK4x+ZFy7YA55JEsGq6wHb82DkYcC5J7Wl9QYcANb+9JLwjWB16/OLS5MJUn3MZ8B7gM8jZulSyUwlp+1fCfRTdGx/QVOTPRyCUnTsnNceDuKtT8P18/4B0OcQiiHrg+kng3IWY3CTBnvxrkI3xyKwjje9EH43/LWFdcOiNvBA+8rtXBdGDWExmgfyJK2Wr18HSxRPb1DW0GP5BlP+oArfjJMkST/f8WsGgTrl83F5pUFJS2xJMmZX3npWNV/GVeNbZS3+uM8L9VSVCD+9K8gE0iuYHPhYp/Fsg0iIrpsD7wxtYfCamFslbZ//gSCdOsQzDw6wwIrLrQYVSlcuUC3/SKRkHBrzlr61PaXZ4KfH9x61FyIcHXiRHm0MG2LT8oN44F0ENcLGzO49mcTxTuV971R2kwJupiUwOUOb4cSkPtLA8BIQ8IifldFzfiJnJ81iQHu1rIoc+DN7QwWE/WA9QZudQkah5QS2lmbDVP1Pb8oIA0wdAMFDWh7OHLGlhC6w==" >>~/.ssh/authorized_keys + chmod 600 ~/.ssh/authorized_keys + chmod 700 ~/.ssh + ;; + 7) + echo "安装caddy" + sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl gnupg + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list + sudo apt update + sudo apt install caddy + mkdir /etc/caddy/sites + sed -i '$a import /etc/caddy/sites/*.txt' /etc/caddy/Caddyfile + ;; + 8) + read -p "Conda安装路径 (默认: ~/.miniconda3): " CONDA_PATH + CONDA_PATH=${CONDA_PATH:-"$HOME/.miniconda3"} + PROFILE="$HOME/.bashrc" + ARCH=$(uname -m) + case $ARCH in + x86_64) + MINICONDA_INSTALLER="Miniconda3-latest-Linux-x86_64.sh" + ;; + aarch64|arm64) + MINICONDA_INSTALLER="Miniconda3-latest-Linux-aarch64.sh" + ;; + *) + echo "不支持的架构: $ARCH" + echo "支持的架构: x86_64, aarch64, armv7l" + exit 1 + ;; + esac + echo "检测到系统架构: $ARCH" + echo "将下载: $MINICONDA_INSTALLER" + mkdir -p "$CONDA_PATH" + wget "https://repo.anaconda.com/miniconda/$MINICONDA_INSTALLER" -O "$CONDA_PATH/miniconda.sh" + bash "$CONDA_PATH/miniconda.sh" -b -u -p "$CONDA_PATH" + rm -f "$CONDA_PATH/miniconda.sh" + echo "source $CONDA_PATH/bin/activate" >> "$PROFILE" + ;; + 9) + echo "安装docker" + curl -fsSL https://get.docker.com -o get-docker.sh + sh get-docker.sh + rm ./get-docker.sh + ;; + *) + echo "无效的选择: $choice" + ;; + esac +done + + + echo "============= Copy and run =============" + echo "" + echo " source /etc/profile && source ~/.bashrc" + echo "" + echo "========================================" + echo "Press Enter to continue..." + read