#!/bin/bash set -euo pipefail # ========================================== # 0. USER INTERACTION # ========================================== # Запрашиваем пароль сразу, чтобы скрипт мог работать без присмотра дальше echo "-----------------------------------------------------" echo "🔐 USER SETUP" echo "-----------------------------------------------------" read -sp "Enter password for new user 'supervisor': " SUPERVISOR_PASS echo if [ -z "$SUPERVISOR_PASS" ]; then echo "❌ Password cannot be empty." exit 1 fi # ========================================== # 1. CONFIGURATION # ========================================== # Netbird Setup Key (Get from Dashboard) NETBIRD_SETUP_KEY="7369BE4D-C485-4339-A7CA-C245FD95E857" # Mihomo Version (Direct Link) # Используем Alpha версию как в твоем мануале. Для Stable ищи release tag. MIHOMO_URL="https://github.com/vernesong/mihomo/releases/download/Prerelease-Alpha/mihomo-linux-amd64-v3-alpha-smart-06249f8.gz" # Remote Resources (URLs) REPO_BASE="https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main" URL_CONFIG_MIHOMO="${REPO_BASE}/config-clash/cadian/cadian.current.yaml" URL_UNIT_MIHOMO="${REPO_BASE}/init-scripts/systemd/mihomo.service" URL_UNIT_IPTABLES="${REPO_BASE}/init-scripts/systemd/mihomo-iptables.service" URL_SCRIPT_IPTABLES="${REPO_BASE}/scripts/iptables-mihomo-setup.sh" # Paths BIN_DIR="/usr/local/bin" CONF_DIR="/etc/mihomo" SYSTEMD_DIR="/etc/systemd/system" # ========================================== # 2. SYSTEM PREP & DEPENDENCIES # ========================================== echo ">>> [1/8] Updating system and installing dependencies..." apt-get update apt-get install -y curl wget ca-certificates gnupg tar iptables iproute2 gzip jq sudo openssh-server echo ">>> [2/8] Configuring Sysctl (Forwarding & TProxy requirements)..." # Критично для TProxy и маршрутизации cat < /etc/sysctl.d/99-warpgate.conf net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.wt0.rp_filter=0 EOF sysctl -p /etc/sysctl.d/99-warpgate.conf # ========================================== # 3. NETBIRD INSTALLATION # ========================================== echo ">>> [3/8] Installing Netbird..." if ! command -v netbird &> /dev/null; then curl -fsSL https://pkgs.netbird.io/install.sh | sh fi echo ">>> Connecting Netbird..." if ! netbird status | grep -q "Connected"; then if [ "$NETBIRD_SETUP_KEY" != "YOUR_NETBIRD_SETUP_KEY_HERE" ]; then netbird up --setup-key "$NETBIRD_SETUP_KEY" --allow-server-ssh --enable-ssh-root else echo "WARNING: Netbird Setup Key not set. Run 'netbird up --setup-key KEY --allow-server-ssh --enable-ssh-root' manually later." fi else echo "Netbird is already connected." fi # ========================================== # 4. ADGUARD VPN CLI # ========================================== echo ">>> [4/8] Installing AdGuard VPN CLI..." if ! command -v adguardvpn-cli &> /dev/null; then curl -fsSL https://raw.githubusercontent.com/AdguardTeam/AdGuardVPNCLI/master/scripts/release/install.sh | sh -s -- -v fi # Преднастройка (применится после логина) adguardvpn-cli config set-mode socks adguardvpn-cli config set-socks-host 0.0.0.0 adguardvpn-cli config set-tun-routing-mode none # ========================================== # 5. MIHOMO INSTALLATION # ========================================== echo ">>> [5/8] Installing Mihomo..." # User if ! id "mihomo" &>/dev/null; then useradd --system --no-create-home --shell /usr/sbin/nologin mihomo fi # Binary mkdir -p /opt/mihomo_tmp cd /opt/mihomo_tmp if [ ! -f "${BIN_DIR}/mihomo" ]; then echo "Downloading Mihomo binary..." wget -qO mihomo.gz "$MIHOMO_URL" gzip -d mihomo.gz mv mihomo "${BIN_DIR}/mihomo" chmod +x "${BIN_DIR}/mihomo" else echo "Mihomo binary already exists." fi # Directories mkdir -p "$CONF_DIR" mkdir -p /var/log/mihomo chown -R mihomo:mihomo "$CONF_DIR" /var/log/mihomo # ========================================== # 6. CONFIGURATION & UNITS DOWNLOAD # ========================================== echo ">>> [6/8] Downloading Configs and Units..." # 6.1 Mihomo Config if [ ! -f "${CONF_DIR}/config.yaml" ]; then echo "Fetching Config: $URL_CONFIG_MIHOMO" wget -qO "${CONF_DIR}/config.yaml" "$URL_CONFIG_MIHOMO" chown mihomo:mihomo "${CONF_DIR}/config.yaml" else echo "Config exists, skipping download to preserve settings." fi # 6.2 Iptables Setup Script echo "Fetching Script: $URL_SCRIPT_IPTABLES" wget -qO "${BIN_DIR}/iptables-mihomo-setup.sh" "$URL_SCRIPT_IPTABLES" chmod +x "${BIN_DIR}/iptables-mihomo-setup.sh" # 6.3 Systemd Units echo "Fetching Unit: $URL_UNIT_MIHOMO" wget -qO "${SYSTEMD_DIR}/mihomo.service" "$URL_UNIT_MIHOMO" echo "Fetching Unit: $URL_UNIT_IPTABLES" wget -qO "${SYSTEMD_DIR}/mihomo-iptables.service" "$URL_UNIT_IPTABLES" # 6.4 CONFIG VALIDATION echo "Validating Mihomo Configuration..." # -t = test config, -d = config directory if ! "${BIN_DIR}/mihomo" -t -d "$CONF_DIR"; then echo "❌ ERROR: Mihomo configuration test failed!" echo "Please inspect: ${CONF_DIR}/config.yaml" # Прерываем скрипт, чтобы не ломать DNS и не запускать сломанный сервис exit 1 else echo "✅ Configuration test passed." fi # Reload daemon to see new units systemctl daemon-reload # ========================================== # 7. USER & SSH SETUP (NEW) # ========================================== echo ">>> [7/8] Configuring User and SSH..." # 7.1 Create Supervisor if ! id "supervisor" &>/dev/null; then # -m создает домашнюю папку, -G sudo дает права администратора useradd -m -s /bin/bash -G sudo supervisor echo "supervisor:${SUPERVISOR_PASS}" | chpasswd echo "✅ User 'supervisor' created." else echo "User 'supervisor' already exists." fi # 7.2 Configure SSHD # Включаем вход по паролю и отключаем вход рутом (хорошая практика) sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config # На всякий случай включаем сервис systemctl enable ssh systemctl restart ssh echo "✅ SSH configured (Password Auth: YES)." # ========================================== # 7. DNS & FINALIZATION # ========================================== echo ">>> [8/8] Locking DNS..." systemctl stop systemd-resolved systemctl disable systemd-resolved rm -f /etc/resolv.conf echo "nameserver 127.0.0.1" > /etc/resolv.conf echo ">>> Enabling Services..." systemctl enable mihomo-iptables systemctl enable mihomo echo "-----------------------------------------------------" echo "INSTALLATION COMPLETE" echo "-----------------------------------------------------" echo "Next Steps:" echo "1. Login to AdGuard: 'adguardvpn-cli login'" echo "2. Start services: 'systemctl start mihomo-iptables mihomo'" echo "3. Check logs: 'journalctl -u mihomo -f'"