上传文件至 /

vps_setup.sh

@@ -0,0 +1,259 @@
+#!/bin/bash
+
+# 设置变量
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$SCRIPT_DIR"
+
+# 安全配置函数
+setup_security() {
+    echo "配置系统安全..."
+    setup_ssh_keys
+    configure_ssh
+}
+
+setup_ssh_keys() {
+    echo "配置 SSH 密钥..."
+    current_user=$SUDO_USER
+    if [ -z "$current_user" ]; then
+        current_user=$(whoami)
+    fi
+    
+    user_home=$(eval echo ~${current_user})
+    ssh_dir="${user_home}/.ssh"
+    
+    mkdir -p "$ssh_dir"
+    chmod 700 "$ssh_dir"
+    
+    # 直接写入 SSH 公钥
+    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHzjJhJfSVQ0BMgjXsdSTLtmjna7bfWobvlEsQDEXYSFKYsrcHQoOYu6Yblst/190WLgP3wL1zr12Q5WuzUR303dWTAweYrqta7bzTNWS4vTt0a5jhTqvfPaB2hniQW3aghec+ryFQ7i4Ev3NfmAhv7jNsYS4j9pgnmcE4JZE//vogUVmxNfKBFZAlQ9hmygAQ56Xk+ITgswQYtkT+a38EBUwxAaCyKJDnN6rHRFBQ9XSH+YlMFtPfAyhR5ThvuqsDnf2M9481i7tmQmD2STg6Ll2+oJZLYXqH+fy554G0d8mVa9Vf5wZuUQTrbVEH/EkYmxMoRZJJCIFcEptLtF33 cc@DESKTOP-68E0GFD" > "${ssh_dir}/authorized_keys"
+    
+    chmod 600 "${ssh_dir}/authorized_keys"
+    chown -R ${current_user}:${current_user} "$ssh_dir"
+    
+    if ! grep -qE "^(ssh-rsa|ssh-ed25519)" "${ssh_dir}/authorized_keys"; then
+        echo "警告：公钥格式可能不正确"
+        return 1
+    fi
+    
+    echo "SSH 密钥配置完成"
+    return 0
+}
+
+configure_ssh() {
+    echo "配置 SSH 安全设置..."
+    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
+    sed -i 's/#Port 22/Port 44444/' /etc/ssh/sshd_config
+    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+    sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+    systemctl restart sshd
+    echo "SSH 配置完成：端口 44444，已禁用密码登录，已启用公钥认证"
+}
+
+# 软件包安装函数
+install_packages() {
+    echo "开始系统配置..."
+    pacman -Syu --noconfirm
+    pacman -S --noconfirm vim fish lsof net-tools btop
+    ln -s /usr/bin/vim /usr/bin/vi
+    chsh -s /usr/bin/fish
+
+    echo "安装 Docker..."
+    pacman -S --noconfirm docker docker-compose
+    systemctl enable docker
+    systemctl start docker
+
+    echo "配置 sing-box docker..."
+    mkdir -p /etc/sing-box/
+
+    echo '{
+  "log": {
+    "level": "info"
+  },
+  "dns": {
+    "servers": [
+      {
+        "address": "tls://8.8.8.8"
+      }
+    ]
+  },
+  "inbounds": [
+    {
+      "type": "naive",
+      "listen": "::",
+      "listen_port": 56789,
+      "users": [
+        {
+          "Username": "admin",
+          "Password": "1qaz2wsx"
+        }
+      ],
+      "tls": {
+        "enabled": true,
+        "acme": {
+          "domain": "qqqqqq",
+          "email": "admin@notko.top"
+        }
+      }
+    },
+    {
+      "type": "hysteria2",
+      "listen": "::",
+      "listen_port": 50000,
+      "up_mbps": 100,
+      "down_mbps": 30,
+      "users": [
+        {
+          "name": "admin",
+          "password": "1qaz2wsx"
+        }
+      ],
+      "tls": {
+        "enabled": true,
+        "server_name": "qqqqqq",
+        "acme": {
+          "domain": "qqqqqq",
+          "email": "admin@notko.top"
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct"
+    },
+    {
+      "type": "dns",
+      "tag": "dns-out"
+    }
+  ],
+  "route": {
+    "rules": [
+      {
+        "protocol": "dns",
+        "outbound": "dns-out"
+      }
+    ]
+  }
+}' > /etc/sing-box/config.json
+    sed -i "s/qqqqqq/$hostname/g" /etc/sing-box/config.json
+
+    docker run -d \
+                -v /etc/sing-box:/etc/sing-box/ \
+                --name=sing-box \
+                --network=host \
+                --restart=always \
+                ghcr.io/sagernet/sing-box \
+                -D /var/lib/sing-box \
+                -C /etc/sing-box/ run
+}
+
+# Arch Linux 安装函数
+install_arch() {
+    echo "开始安装 Arch Linux..."
+    if [ "$(id -u)" != "0" ]; then
+        echo "此脚本需要 root 权限运行"
+        exit 1
+    fi
+    
+    # 检测系统发行版并安装依赖
+    if [ -f /etc/os-release ]; then
+        . /etc/os-release
+        case $ID in
+            debian|ubuntu)
+                apt-get update
+                apt-get install -y curl zstd
+                ;;
+            centos|rhel|fedora)
+                yum install -y curl zstd
+                ;;
+            alpine)
+                apk add --no-cache curl zstd
+                ;;
+            *)
+                echo "未知的发行版，请手动安装 curl 和 zstd"
+                exit 1
+                ;;
+        esac
+    else
+        echo "无法检测系统发行版"
+        exit 1
+    fi
+    
+    curl -L https://gitlab.com/drizzt/vps2arch/-/raw/master/vps2arch -o /tmp/vps2arch
+    chmod +x /tmp/vps2arch
+    /tmp/vps2arch
+    echo "Arch Linux 安装完成，系统将重启..."
+}
+
+# 帮助信息
+usage() {
+    echo "用法: $0 [-h] [-m MODE] [-n HOSTNAME]"
+    echo "选项:"
+    echo "  -h            显示此帮助信息"
+    echo "  -m MODE       指定运行模式："
+    echo "                init  - 初始化现有系统"
+    echo "                arch  - 安装 Arch Linux"
+    echo "  -n HOSTNAME   设置主机名（在 init 模式下必须指定）"
+    exit 1
+}
+
+# 初始化系统
+initialize_current_system() {
+    if [ -z "$hostname" ]; then
+        echo "错误：必须使用 -n 参数指定主机名"
+        usage
+    fi
+    
+    echo "开始初始化 VPS..."
+    
+    # 设置主机名
+    echo "设置主机名为: $hostname"
+    name=$(echo $hostname | sed 's/\./-/g')
+    hostnamectl set-hostname "$name"
+    
+    setup_security
+    install_packages
+    echo "VPS 初始化完成！"
+}
+
+# 主函数
+main() {
+
+    while getopts "hm:n:" opt; do
+        case $opt in
+            h)
+                usage
+                ;;
+            m)
+                mode=$OPTARG
+                ;;
+            n)
+                hostname=$OPTARG
+                ;;
+            *)
+                usage
+                ;;
+        esac
+    done
+
+    if [ -z "$mode" ]; then
+        echo "错误：必须指定运行模式"
+        usage
+    fi
+
+    case $mode in
+        init)
+            initialize_current_system
+            ;;
+        arch)
+            install_arch
+            ;;
+        *)
+            echo "错误：无效的模式 '$mode'"
+            usage
+            ;;
+    esac
+}
+
+main "$@"