commit 31a98c30e93303ce1c6c3437cfe9d5abdbed24a2 Author: 1 <1@noreply.localhost> Date: Sun Dec 1 14:08:40 2024 +0800 上传文件至 / diff --git a/vps_setup.sh b/vps_setup.sh new file mode 100644 index 0000000..22921f5 --- /dev/null +++ b/vps_setup.sh @@ -0,0 +1,259 @@ +#!/bin/bash + +# 设置变量 +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$SCRIPT_DIR" + +# 安全配置函数 +setup_security() { + echo "配置系统安全..." + setup_ssh_keys + configure_ssh +} + +setup_ssh_keys() { + echo "配置 SSH 密钥..." + current_user=$SUDO_USER + if [ -z "$current_user" ]; then + current_user=$(whoami) + fi + + user_home=$(eval echo ~${current_user}) + ssh_dir="${user_home}/.ssh" + + mkdir -p "$ssh_dir" + chmod 700 "$ssh_dir" + + # 直接写入 SSH 公钥 + echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHzjJhJfSVQ0BMgjXsdSTLtmjna7bfWobvlEsQDEXYSFKYsrcHQoOYu6Yblst/190WLgP3wL1zr12Q5WuzUR303dWTAweYrqta7bzTNWS4vTt0a5jhTqvfPaB2hniQW3aghec+ryFQ7i4Ev3NfmAhv7jNsYS4j9pgnmcE4JZE//vogUVmxNfKBFZAlQ9hmygAQ56Xk+ITgswQYtkT+a38EBUwxAaCyKJDnN6rHRFBQ9XSH+YlMFtPfAyhR5ThvuqsDnf2M9481i7tmQmD2STg6Ll2+oJZLYXqH+fy554G0d8mVa9Vf5wZuUQTrbVEH/EkYmxMoRZJJCIFcEptLtF33 cc@DESKTOP-68E0GFD" > "${ssh_dir}/authorized_keys" + + chmod 600 "${ssh_dir}/authorized_keys" + chown -R ${current_user}:${current_user} "$ssh_dir" + + if ! grep -qE "^(ssh-rsa|ssh-ed25519)" "${ssh_dir}/authorized_keys"; then + echo "警告:公钥格式可能不正确" + return 1 + fi + + echo "SSH 密钥配置完成" + return 0 +} + +configure_ssh() { + echo "配置 SSH 安全设置..." + cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup + sed -i 's/#Port 22/Port 44444/' /etc/ssh/sshd_config + sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config + sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config + sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config + systemctl restart sshd + echo "SSH 配置完成:端口 44444,已禁用密码登录,已启用公钥认证" +} + +# 软件包安装函数 +install_packages() { + echo "开始系统配置..." + pacman -Syu --noconfirm + pacman -S --noconfirm vim fish lsof net-tools btop + ln -s /usr/bin/vim /usr/bin/vi + chsh -s /usr/bin/fish + + echo "安装 Docker..." + pacman -S --noconfirm docker docker-compose + systemctl enable docker + systemctl start docker + + echo "配置 sing-box docker..." + mkdir -p /etc/sing-box/ + + echo '{ + "log": { + "level": "info" + }, + "dns": { + "servers": [ + { + "address": "tls://8.8.8.8" + } + ] + }, + "inbounds": [ + { + "type": "naive", + "listen": "::", + "listen_port": 56789, + "users": [ + { + "Username": "admin", + "Password": "1qaz2wsx" + } + ], + "tls": { + "enabled": true, + "acme": { + "domain": "qqqqqq", + "email": "admin@notko.top" + } + } + }, + { + "type": "hysteria2", + "listen": "::", + "listen_port": 50000, + "up_mbps": 100, + "down_mbps": 30, + "users": [ + { + "name": "admin", + "password": "1qaz2wsx" + } + ], + "tls": { + "enabled": true, + "server_name": "qqqqqq", + "acme": { + "domain": "qqqqqq", + "email": "admin@notko.top" + } + } + } + ], + "outbounds": [ + { + "type": "direct" + }, + { + "type": "dns", + "tag": "dns-out" + } + ], + "route": { + "rules": [ + { + "protocol": "dns", + "outbound": "dns-out" + } + ] + } +}' > /etc/sing-box/config.json + sed -i "s/qqqqqq/$hostname/g" /etc/sing-box/config.json + + docker run -d \ + -v /etc/sing-box:/etc/sing-box/ \ + --name=sing-box \ + --network=host \ + --restart=always \ + ghcr.io/sagernet/sing-box \ + -D /var/lib/sing-box \ + -C /etc/sing-box/ run +} + +# Arch Linux 安装函数 +install_arch() { + echo "开始安装 Arch Linux..." + if [ "$(id -u)" != "0" ]; then + echo "此脚本需要 root 权限运行" + exit 1 + fi + + # 检测系统发行版并安装依赖 + if [ -f /etc/os-release ]; then + . /etc/os-release + case $ID in + debian|ubuntu) + apt-get update + apt-get install -y curl zstd + ;; + centos|rhel|fedora) + yum install -y curl zstd + ;; + alpine) + apk add --no-cache curl zstd + ;; + *) + echo "未知的发行版,请手动安装 curl 和 zstd" + exit 1 + ;; + esac + else + echo "无法检测系统发行版" + exit 1 + fi + + curl -L https://gitlab.com/drizzt/vps2arch/-/raw/master/vps2arch -o /tmp/vps2arch + chmod +x /tmp/vps2arch + /tmp/vps2arch + echo "Arch Linux 安装完成,系统将重启..." +} + +# 帮助信息 +usage() { + echo "用法: $0 [-h] [-m MODE] [-n HOSTNAME]" + echo "选项:" + echo " -h 显示此帮助信息" + echo " -m MODE 指定运行模式:" + echo " init - 初始化现有系统" + echo " arch - 安装 Arch Linux" + echo " -n HOSTNAME 设置主机名(在 init 模式下必须指定)" + exit 1 +} + +# 初始化系统 +initialize_current_system() { + if [ -z "$hostname" ]; then + echo "错误:必须使用 -n 参数指定主机名" + usage + fi + + echo "开始初始化 VPS..." + + # 设置主机名 + echo "设置主机名为: $hostname" + name=$(echo $hostname | sed 's/\./-/g') + hostnamectl set-hostname "$name" + + setup_security + install_packages + echo "VPS 初始化完成!" +} + +# 主函数 +main() { + + while getopts "hm:n:" opt; do + case $opt in + h) + usage + ;; + m) + mode=$OPTARG + ;; + n) + hostname=$OPTARG + ;; + *) + usage + ;; + esac + done + + if [ -z "$mode" ]; then + echo "错误:必须指定运行模式" + usage + fi + + case $mode in + init) + initialize_current_system + ;; + arch) + install_arch + ;; + *) + echo "错误:无效的模式 '$mode'" + usage + ;; + esac +} + +main "$@" \ No newline at end of file