DaTekShaman/clash-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4064712533733df56c4922344eac834f1075f2ce
clash-rules/scripts/config-warpgate-debian.sh

208 lines
7.2 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
set -euo pipefail
# ==========================================
# 0. USER INTERACTION
# ==========================================
# Запрашиваем пароль сразу, чтобы скрипт мог работать без присмотра дальше
echo "-----------------------------------------------------"
echo "🔐 USER SETUP"
echo "-----------------------------------------------------"
read -sp "Enter password for new user 'supervisor': " SUPERVISOR_PASS
echo
if [ -z "$SUPERVISOR_PASS" ]; then
echo "❌ Password cannot be empty."
exit 1
fi
# ==========================================
# 1. CONFIGURATION
# ==========================================
# Netbird Setup Key (Get from Dashboard)
NETBIRD_SETUP_KEY="7369BE4D-C485-4339-A7CA-C245FD95E857"
# Mihomo Version (Direct Link)
# Используем Alpha версию как в твоем мануале. Для Stable ищи release tag.
MIHOMO_URL="https://github.com/vernesong/mihomo/releases/download/Prerelease-Alpha/mihomo-linux-amd64-v3-alpha-smart-06249f8.gz"
# Remote Resources (URLs)
# Укажи здесь ссылки на raw-файлы из твоего Gitea/GitHub
REPO_BASE="https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main"
URL_CONFIG_MIHOMO="${REPO_BASE}/config-clash/cadian/cadian.current.yaml"
URL_UNIT_MIHOMO="${REPO_BASE}/systemd-units/mihomo.service"
URL_UNIT_IPTABLES="${REPO_BASE}/systemd-units/mihomo-iptables.service"
URL_SCRIPT_IPTABLES="${REPO_BASE}/scripts/iptables-mihomo-setup.sh"
# Paths
BIN_DIR="/usr/local/bin"
CONF_DIR="/etc/mihomo"
SYSTEMD_DIR="/etc/systemd/system"
# ==========================================
# 2. SYSTEM PREP & DEPENDENCIES
# ==========================================
echo ">>> [1/8] Updating system and installing dependencies..."
apt-get update
apt-get install -y curl wget ca-certificates gnupg tar iptables iproute2 gzip jq sudo openssh-server
echo ">>> [2/8] Configuring Sysctl (Forwarding & TProxy requirements)..."
# Критично для TProxy и маршрутизации
cat <<EOF > /etc/sysctl.d/99-warpgate.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.wt0.rp_filter=0
EOF
sysctl --system
# ==========================================
# 3. NETBIRD INSTALLATION
# ==========================================
echo ">>> [3/8] Installing Netbird..."
if ! command -v netbird &> /dev/null; then
curl -fsSL https://pkgs.netbird.io/install.sh | sh
fi
echo ">>> Connecting Netbird..."
if ! netbird status | grep -q "Connected"; then
if [ "$NETBIRD_SETUP_KEY" != "YOUR_NETBIRD_SETUP_KEY_HERE" ]; then
netbird up --setup-key "$NETBIRD_SETUP_KEY" --allow-server-ssh --enable-ssh-root
else
echo "WARNING: Netbird Setup Key not set. Run 'netbird up --setup-key KEY --allow-server-ssh --enable-ssh-root' manually later."
fi
else
echo "Netbird is already connected."
fi
# ==========================================
# 4. ADGUARD VPN CLI
# ==========================================
echo ">>> [4/8] Installing AdGuard VPN CLI..."
if ! command -v adguardvpn-cli &> /dev/null; then
curl -fsSL https://raw.githubusercontent.com/AdguardTeam/AdGuardVPNCLI/master/scripts/release/install.sh | sh -s -- -v
fi
# Преднастройка (применится после логина)
adguardvpn-cli config set-mode socks
adguardvpn-cli config set-socks-host 0.0.0.0
adguardvpn-cli config set-tun-routing-mode none
# ==========================================
# 5. MIHOMO INSTALLATION
# ==========================================
echo ">>> [5/8] Installing Mihomo..."
# User
if ! id "mihomo" &>/dev/null; then
useradd --system --no-create-home --shell /usr/sbin/nologin mihomo
fi
# Binary
mkdir -p /opt/mihomo_tmp
cd /opt/mihomo_tmp
if [ ! -f "${BIN_DIR}/mihomo" ]; then
echo "Downloading Mihomo binary..."
wget -qO mihomo.gz "$MIHOMO_URL"
gzip -d mihomo.gz
mv mihomo "${BIN_DIR}/mihomo"
chmod +x "${BIN_DIR}/mihomo"
else
echo "Mihomo binary already exists."
fi
# Directories
mkdir -p "$CONF_DIR"
mkdir -p /var/log/mihomo
chown -R mihomo:mihomo "$CONF_DIR" /var/log/mihomo
# ==========================================
# 6. CONFIGURATION & UNITS DOWNLOAD
# ==========================================
echo ">>> [6/8] Downloading Configs and Units..."
# 6.1 Mihomo Config
if [ ! -f "${CONF_DIR}/config.yaml" ]; then
echo "Fetching Config: $URL_CONFIG_MIHOMO"
wget -qO "${CONF_DIR}/config.yaml" "$URL_CONFIG_MIHOMO"
chown mihomo:mihomo "${CONF_DIR}/config.yaml"
else
echo "Config exists, skipping download to preserve settings."
fi
# 6.2 Iptables Setup Script
echo "Fetching Script: $URL_SCRIPT_IPTABLES"
wget -qO "${BIN_DIR}/iptables-mihomo-setup.sh" "$URL_SCRIPT_IPTABLES"
chmod +x "${BIN_DIR}/iptables-mihomo-setup.sh"
# 6.3 Systemd Units
echo "Fetching Unit: $URL_UNIT_MIHOMO"
wget -qO "${SYSTEMD_DIR}/mihomo.service" "$URL_UNIT_MIHOMO"
echo "Fetching Unit: $URL_UNIT_IPTABLES"
wget -qO "${SYSTEMD_DIR}/mihomo-iptables.service" "$URL_UNIT_IPTABLES"
# 6.4 CONFIG VALIDATION
echo "Validating Mihomo Configuration..."
# -t = test config, -d = config directory
if ! "${BIN_DIR}/mihomo" -t -d "$CONF_DIR"; then
echo "❌ ERROR: Mihomo configuration test failed!"
echo "Please inspect: ${CONF_DIR}/config.yaml"
# Прерываем скрипт, чтобы не ломать DNS и не запускать сломанный сервис
exit 1
else
echo "✅ Configuration test passed."
fi
# Reload daemon to see new units
systemctl daemon-reload
# ==========================================
# 7. USER & SSH SETUP (NEW)
# ==========================================
echo ">>> [7/8] Configuring User and SSH..."
# 7.1 Create Supervisor
if ! id "supervisor" &>/dev/null; then
# -m создает домашнюю папку, -G sudo дает права администратора
useradd -m -s /bin/bash -G sudo supervisor
echo "supervisor:${SUPERVISOR_PASS}" | chpasswd
echo "✅ User 'supervisor' created."
else
echo "User 'supervisor' already exists."
fi
# 7.2 Configure SSHD
# Включаем вход по паролю и отключаем вход рутом (хорошая практика)
sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
# На всякий случай включаем сервис
systemctl enable ssh
systemctl restart ssh
echo "✅ SSH configured (Password Auth: YES)."
# ==========================================
# 7. DNS & FINALIZATION
# ==========================================
echo ">>> [8/8] Locking DNS..."
systemctl stop systemd-resolved
systemctl disable systemd-resolved
rm -f /etc/resolv.conf
echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo ">>> Enabling Services..."
systemctl enable mihomo-iptables
systemctl enable mihomo
echo "-----------------------------------------------------"
echo "INSTALLATION COMPLETE"
echo "-----------------------------------------------------"
echo "Next Steps:"
echo "1. Login to AdGuard: 'adguardvpn-cli login'"
echo "2. Start services: 'systemctl start mihomo-iptables mihomo'"
echo "3. Check logs: 'journalctl -u mihomo -f'"
Reference in New Issue View Git Blame Copy Permalink