156 lines
6.2 KiB
Bash
156 lines
6.2 KiB
Bash
#!/bin/bash
|
|
#运行命令: bash <(wget -qO- https://git.nvme.cc/adminroot/setup/raw/branch/main/setup.sh)
|
|
echo "请选择要执行的脚本(可多选,用空格分隔):"
|
|
echo "1. 开启BBR"
|
|
echo "2. 设置Swap大小"
|
|
echo "3. 配置常用alias缩写"
|
|
echo "4. apt安装常用软件"
|
|
echo "5. 配置防火墙"
|
|
echo "6. 安装公钥"
|
|
echo "7. 安装caddy"
|
|
echo "8. 安装conda"
|
|
echo "9. 安装docker"
|
|
echo "10. 安装ss-rust"
|
|
read -p "输入你的选择: " choices
|
|
|
|
# 处理选择
|
|
for choice in $choices; do
|
|
case $choice in
|
|
1)
|
|
echo "执行开启BBR的脚本..."
|
|
echo -e "net.core.default_qdisc=fq\nnet.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
|
|
sysctl -p
|
|
;;
|
|
2)
|
|
read -p "输入Swap内存大小(MB): " swap_size
|
|
echo "执行设置Swap内存大小的脚本..."
|
|
dd if=/dev/zero of=/swapfile bs=1M count=$swap_size
|
|
mkswap /swapfile
|
|
swapon /swapfile
|
|
echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab
|
|
;;
|
|
3)
|
|
echo "配置常用alias缩写"
|
|
wget https://git.nvme.cc/adminroot/setup/raw/branch/main/alias.txt -qO ~/.alias.txt
|
|
echo -e 'if [ -f ~/.alias.txt ]; then\n . ~/.alias.txt\nfi' >>/etc/profile
|
|
echo -e 'if [ -f ~/.alias.txt ]; then\n . ~/.alias.txt\nfi' >>~/.bashrc
|
|
wget https://git.nvme.cc/adminroot/setup/raw/branch/main/nanorc -O ~/.nanorc
|
|
;;
|
|
4)
|
|
echo "即将安装htop cbm tree tmux ufw curl wget lsof nano sudo git git-lfs 7z"
|
|
echo "可选: build-essential ffmpeg"
|
|
read -p "额外安装(包名): " app
|
|
apt update -y
|
|
apt install -y htop cbm tree tmux ufw curl wget lsof nano sudo git git-lfs $app
|
|
wget https://www.7-zip.org/a/7z2501-linux-x64.tar.xz -O 7z.tar.xz
|
|
tar -xf 7z.tar.xz -C /usr/local/bin/ --transform 's/7zz$/7z/' "7zz"
|
|
chmod +x /usr/local/bin/7z
|
|
rm 7z.tar.xz
|
|
;;
|
|
5)
|
|
echo "配置防火墙"
|
|
apt update -y
|
|
apt install -y ufw
|
|
ufw allow 22
|
|
ufw allow 80
|
|
ufw allow 443
|
|
ufw allow 13576
|
|
ufw allow 24687
|
|
echo "y" | ufw enable
|
|
bash -c 'cat >> /etc/ufw/after.rules << "EOF"
|
|
|
|
# BEGIN UFW AND DOCKER
|
|
*filter
|
|
:ufw-user-forward - [0:0]
|
|
:ufw-docker-logging-deny - [0:0]
|
|
:DOCKER-USER - [0:0]
|
|
-A DOCKER-USER -j ufw-user-forward
|
|
|
|
-A DOCKER-USER -j RETURN -s 10.0.0.0/8
|
|
-A DOCKER-USER -j RETURN -s 172.16.0.0/12
|
|
-A DOCKER-USER -j RETURN -s 192.168.0.0/16
|
|
|
|
-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN
|
|
|
|
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16
|
|
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8
|
|
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12
|
|
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 192.168.0.0/16
|
|
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/8
|
|
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.16.0.0/12
|
|
|
|
-A DOCKER-USER -j RETURN
|
|
|
|
-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
|
|
-A ufw-docker-logging-deny -j DROP
|
|
|
|
COMMIT
|
|
# END UFW AND DOCKER
|
|
EOF
|
|
ufw reload'
|
|
ufw status
|
|
;;
|
|
6)
|
|
echo "安装公钥"
|
|
mkdir -p ~/.ssh
|
|
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfs6zCFdRG9uCraZLo2KQK8xgWlfZVvQJF16z5hsCBgv4SDJk+tEvQYv+FABxziZhju9mBnAl92W0vz/MpDYccFk4lXNU2LzSMiDJYwvn4lYVU6fFUw7+qdxHd44RlHRNgFXDQAu89akPw5XEVwYDkr4JgTFsqeNvQBrD6jLT7MK4x+ZFy7YA55JEsGq6wHb82DkYcC5J7Wl9QYcANb+9JLwjWB16/OLS5MJUn3MZ8B7gM8jZulSyUwlp+1fCfRTdGx/QVOTPRyCUnTsnNceDuKtT8P18/4B0OcQiiHrg+kng3IWY3CTBnvxrkI3xyKwjje9EH43/LWFdcOiNvBA+8rtXBdGDWExmgfyJK2Wr18HSxRPb1DW0GP5BlP+oArfjJMkST/f8WsGgTrl83F5pUFJS2xJMmZX3npWNV/GVeNbZS3+uM8L9VSVCD+9K8gE0iuYHPhYp/Fsg0iIrpsD7wxtYfCamFslbZ//gSCdOsQzDw6wwIrLrQYVSlcuUC3/SKRkHBrzlr61PaXZ4KfH9x61FyIcHXiRHm0MG2LT8oN44F0ENcLGzO49mcTxTuV971R2kwJupiUwOUOb4cSkPtLA8BIQ8IifldFzfiJnJ81iQHu1rIoc+DN7QwWE/WA9QZudQkah5QS2lmbDVP1Pb8oIA0wdAMFDWh7OHLGlhC6w==" >>~/.ssh/authorized_keys
|
|
chmod 600 ~/.ssh/authorized_keys
|
|
chmod 700 ~/.ssh
|
|
;;
|
|
7)
|
|
echo "安装caddy"
|
|
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl gnupg
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
|
|
sudo apt update
|
|
sudo apt install caddy
|
|
mkdir /etc/caddy/sites
|
|
sed -i '$a import /etc/caddy/sites/*.txt' /etc/caddy/Caddyfile
|
|
;;
|
|
8)
|
|
read -p "Conda安装路径 (默认: ~/.miniconda3): " CONDA_PATH
|
|
CONDA_PATH=${CONDA_PATH:-"$HOME/.miniconda3"}
|
|
PROFILE="$HOME/.bashrc"
|
|
ARCH=$(uname -m)
|
|
case $ARCH in
|
|
x86_64)
|
|
MINICONDA_INSTALLER="Miniconda3-latest-Linux-x86_64.sh"
|
|
;;
|
|
aarch64|arm64)
|
|
MINICONDA_INSTALLER="Miniconda3-latest-Linux-aarch64.sh"
|
|
;;
|
|
*)
|
|
echo "不支持的架构: $ARCH"
|
|
echo "支持的架构: x86_64, aarch64, armv7l"
|
|
exit 1
|
|
;;
|
|
esac
|
|
echo "检测到系统架构: $ARCH"
|
|
echo "将下载: $MINICONDA_INSTALLER"
|
|
mkdir -p "$CONDA_PATH"
|
|
wget "https://repo.anaconda.com/miniconda/$MINICONDA_INSTALLER" -O "$CONDA_PATH/miniconda.sh"
|
|
bash "$CONDA_PATH/miniconda.sh" -b -u -p "$CONDA_PATH"
|
|
rm -f "$CONDA_PATH/miniconda.sh"
|
|
echo "source $CONDA_PATH/bin/activate" >> "$PROFILE"
|
|
;;
|
|
9)
|
|
echo "安装docker"
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
rm ./get-docker.sh
|
|
;;
|
|
*)
|
|
echo "无效的选择: $choice"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
echo "============= Copy and run ============="
|
|
echo ""
|
|
echo "source /etc/profile && source ~/.bashrc"
|
|
echo ""
|
|
echo "========================================"
|
|
echo "Press Enter to continue..."
|
|
read
|