#!/bin/bash
#运行命令： bash <(wget -qO- https://git.nvme.cc/adminroot/setup/raw/branch/main/setup.sh)
echo "请选择要执行的脚本（可多选，用空格分隔）："
echo "1. 开启BBR"
echo "2. 设置Swap大小"
echo "3. 配置常用alias缩写"
echo "4. apt安装常用软件"
echo "5. 配置防火墙"
echo "6. 安装公钥"
echo "7. 安装caddy"
echo "8. 安装conda"
echo "9. 安装docker"
echo "10. 安装ss-rust"  
read -p "输入你的选择: " choices

# 处理选择
for choice in $choices; do
    case $choice in
    1)
        echo "执行开启BBR的脚本..."
        echo -e "net.core.default_qdisc=fq\nnet.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
        sysctl -p
        ;;
    2)
        read -p "输入Swap内存大小(MB): " swap_size
        echo "执行设置Swap内存大小的脚本..."
        dd if=/dev/zero of=/swapfile bs=1M count=$swap_size
        mkswap /swapfile
        swapon /swapfile
        echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab
        ;;
    3)
        echo "配置常用alias缩写"
        wget https://git.nvme.cc/adminroot/setup/raw/branch/main/alias.txt -qO ~/.alias.txt
        echo -e 'if [ -f ~/.alias.txt ]; then\n    . ~/.alias.txt\nfi' >>~/.bashrc
        ;;
    4)
        echo "即将安装htop cbm tree ufw curl wget lsof micro git git-lfs 7z zellij"
        echo "可选: build-essential ffmpeg"
        read -p "额外安装（包名）: " app
        apt update -y
        apt install -y htop cbm tree ufw curl wget lsof micro git git-lfs $app
        wget https://www.7-zip.org/a/7z2501-linux-x64.tar.xz -O 7z.tar.xz
        tar -xf 7z.tar.xz -C /usr/local/bin/ --transform 's/7zz$/7z/' "7zz"
        chmod +x /usr/local/bin/7z
        rm 7z.tar.xz
        ;;
    5)
        echo "配置防火墙"
        apt update -y
        apt install -y ufw
        ufw allow 22
        ufw allow 80
        ufw allow 443
        ufw allow 13576
        ufw allow 24687
        echo "y" | ufw enable
        bash -c 'cat >> /etc/ufw/after.rules << "EOF"

# BEGIN UFW AND DOCKER
*filter
:ufw-user-forward - [0:0]
:ufw-docker-logging-deny - [0:0]
:DOCKER-USER - [0:0]
-A DOCKER-USER -j ufw-user-forward

-A DOCKER-USER -j RETURN -s 10.0.0.0/8
-A DOCKER-USER -j RETURN -s 172.16.0.0/12
-A DOCKER-USER -j RETURN -s 192.168.0.0/16

-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN

-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 192.168.0.0/16
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/8
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.16.0.0/12

-A DOCKER-USER -j RETURN

-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
-A ufw-docker-logging-deny -j DROP

COMMIT
# END UFW AND DOCKER
EOF
ufw reload'
        ufw status
        ;;
    6)
        echo "安装公钥"
        mkdir -p ~/.ssh
        echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDtyoFZlC25rUrOyGgkxd4xO3DgcJy751y6w0d6Rbx4 eureka" >>~/.ssh/authorized_keys
        chmod 600 ~/.ssh/authorized_keys
        chmod 700 ~/.ssh
        ;;
    7)
        echo "安装caddy"
        sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl gnupg
        curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
        curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
        sudo apt update
        sudo apt install caddy
        mkdir /etc/caddy/sites
        sed -i '$a import /etc/caddy/sites/*.txt' /etc/caddy/Caddyfile
        ;;
    8)
        read -p "Conda安装路径 (默认: ~/.miniconda3): " CONDA_PATH
        CONDA_PATH=${CONDA_PATH:-"$HOME/.miniconda3"}
        PROFILE="$HOME/.bashrc"
        ARCH=$(uname -m)
        case $ARCH in
            x86_64)
                MINICONDA_INSTALLER="Miniconda3-latest-Linux-x86_64.sh"
            ;;
            aarch64|arm64)
                MINICONDA_INSTALLER="Miniconda3-latest-Linux-aarch64.sh"
            ;;
            *)
                 echo "不支持的架构: $ARCH"
                echo "支持的架构: x86_64, aarch64, armv7l"
                exit 1
            ;;
        esac
        echo "检测到系统架构: $ARCH"
        echo "将下载: $MINICONDA_INSTALLER"
        mkdir -p "$CONDA_PATH"
        wget "https://repo.anaconda.com/miniconda/$MINICONDA_INSTALLER" -O "$CONDA_PATH/miniconda.sh"
        bash "$CONDA_PATH/miniconda.sh" -b -u -p "$CONDA_PATH"
        rm -f "$CONDA_PATH/miniconda.sh"
        echo "source $CONDA_PATH/bin/activate" >> "$PROFILE"
        ;;
    9)
        echo "安装docker"
        curl -fsSL https://get.docker.com -o get-docker.sh
        sh get-docker.sh
        rm ./get-docker.sh
        ;;
    *)
        echo "无效的选择: $choice"
        ;;
    esac
done


    echo "============= Copy and run ============="
    echo ""
    echo "source /etc/profile && source ~/.bashrc"
    echo ""
    echo "========================================"