|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +set -ueo pipefail |
| 4 | + |
| 5 | +function log_info() { echo -e "$(date +'%Y-%m-%d %H:%M:%S %z') $@" > /dev/tty; } |
| 6 | +function log_erro() { echo -e "$(date +'%Y-%m-%d %H:%M:%S %z') $@" > /dev/tty; exit -1; } |
| 7 | + |
| 8 | +DOMAIN=yunbinliu.com |
| 9 | +USER=yunbinliu |
| 10 | +PASS=lyb2636196546 |
| 11 | +PORT=443 |
| 12 | +SERVICE=https |
| 13 | + |
| 14 | +function update_os() { |
| 15 | + apt -y -qq update &> /dev/null # 更新软件源 |
| 16 | + apt -y -qq upgrade &> /dev/null # 更新软件 |
| 17 | + apt -y -qq autoremove &> /dev/null # 卸载没用的软件 |
| 18 | +} |
| 19 | + |
| 20 | +function handle_cerbot() { |
| 21 | + apt -y -qq install certbot |
| 22 | + certbot certificates | grep "$DOMAIN" || certbot certonly --standalone -d "$DOMAIN" # 申请证书 |
| 23 | +} |
| 24 | + |
| 25 | +function handle_gost() { |
| 26 | + which docker || bash <(curl -fsSL https://get.docker.com) # 安装 docker |
| 27 | + systemctl enable docker # 开机自动启动 |
| 28 | + |
| 29 | + if ! docker ps -a --format "{{.Names}}" | grep gost; then |
| 30 | + BIND_IP=0.0.0.0 |
| 31 | + CERT_DIR=/etc/letsencrypt |
| 32 | + CERT=${CERT_DIR}/live/${DOMAIN}/fullchain.pem |
| 33 | + KEY=${CERT_DIR}/live/${DOMAIN}/privkey.pem |
| 34 | + |
| 35 | + docker run -d \ |
| 36 | + --name gost \ |
| 37 | + -v ${CERT_DIR}:${CERT_DIR}:ro \ |
| 38 | + --net=host \ |
| 39 | + ginuerzh/gost -L "http2://${USER}:${PASS}@${BIND_IP}:${PORT}?cert=${CERT}&key=${KEY}&probe_resist=code:400&knock=www.google.com" |
| 40 | + fi |
| 41 | + |
| 42 | + docker ps --format "{{.Names}}" | grep gost || docker start gost # 启动 gost |
| 43 | +} |
| 44 | + |
| 45 | +function handle_firewall() { |
| 46 | + apt -y -qq install firewalld |
| 47 | + systemctl enable firewalld |
| 48 | + firewall-cmd --add-service=${SERVICE} --permanent --zone=public |
| 49 | + firewall-cmd --reload |
| 50 | +} |
| 51 | + |
| 52 | +function handle_cron() { |
| 53 | + apt -y -qq install cron |
| 54 | + |
| 55 | + cmd="certbot renew --force-renewal" |
| 56 | + crontab -l | grep "$cmd" || echo "0 0 1 * * $cmd" >> /var/spool/cron/crontabs/root |
| 57 | + |
| 58 | + cmd="docker restart gost" |
| 59 | + crontab -l | grep "$cmd" || echo "5 0 1 * * $cmd" >> /var/spool/cron/crontabs/root |
| 60 | +} |
| 61 | + |
| 62 | +function handle_user() { |
| 63 | + sudo useradd -m -s /bin/bash lyb || true # 添加用户 |
| 64 | + echo "lyb:654321" | sudo chpasswd # 设置密码 |
| 65 | + |
| 66 | + chmod +w /etc/sudoers |
| 67 | + grep -q lyb /etc/sudoers || echo "lyb ALL=(ALL:ALL) ALL" >> /etc/sudoers # 赋予 sudo 权限 |
| 68 | + chmod -w /etc/sudoers |
| 69 | + |
| 70 | + grep -q lyb /etc/ssh/sshd_config || echo "DenyUsers lyb" >> /etc/ssh/sshd_config # 禁止用户使用 ssh 登录 |
| 71 | + systemctl restart ssh |
| 72 | + |
| 73 | + echo "123" |
| 74 | + whoami |
| 75 | + su - lyb -c "pwd" || true |
| 76 | + whoami |
| 77 | + echo "123456" |
| 78 | +} |
| 79 | + |
| 80 | +function handle_vim() { |
| 81 | + apt -y -qq install vim |
| 82 | + cp ~/github/note/vimrc ~/.vimrc |
| 83 | +} |
| 84 | + |
| 85 | +function handle_other_soft() { |
| 86 | + apt -y -qq install lrzsz man-db |
| 87 | + unminimize |
| 88 | +} |
| 89 | + |
| 90 | +log_info "1. 更新系统..." |
| 91 | +update_os |
| 92 | + |
| 93 | +log_info "2. 申请证书..." |
| 94 | +handle_cerbot |
| 95 | + |
| 96 | +log_info "3. 处理 gost..." |
| 97 | +handle_gost |
| 98 | + |
| 99 | +log_info "4. 处理防火墙..." |
| 100 | +handle_firewall |
| 101 | + |
| 102 | +log_info "5. 添加定时任务..." |
| 103 | +handle_cron |
| 104 | + |
| 105 | +log_info "6. 处理用户..." |
| 106 | +handle_user |
| 107 | + |
| 108 | +log_info "8. 处理 vim..." |
| 109 | +handle_vim |
| 110 | + |
| 111 | +log_info "9. 安装其他常用软件..." |
| 112 | +handle_other_soft |
| 113 | + |
| 114 | +log_info "完成" |
| 115 | + |
0 commit comments