231 lines
7.4 KiB
Bash
231 lines
7.4 KiB
Bash
#!/bin/sh
|
|
|
|
. /etc/os-release
|
|
. /lib/functions/uci-defaults.sh
|
|
|
|
[ $(uname -m) = "x86_64" ] && alias board_name="echo x86_64"
|
|
|
|
# OTA
|
|
OTA_URL="https://api.kejizero.xyz/openwrt/ota.json"
|
|
|
|
devices_setup()
|
|
{
|
|
case "$(board_name)" in
|
|
x86_64)
|
|
if [ "$kernel_version" = "6.12" ]; then
|
|
[ ! -d "/usr/share/openwrt_core" ] && {
|
|
sed -i '/targets/d' /etc/apk/repositories.d/distfeeds.list
|
|
echo "https://core.kejizero.xyz.com/x86_64/$(grep kernel /etc/apk/world | awk -F= '{print $2}')/packages.adb" >> /etc/apk/repositories.d/distfeeds.list
|
|
}
|
|
fi
|
|
uci set ota.config.api_url="$OTA_URL"
|
|
uci commit ota
|
|
;;
|
|
friendlyarm,nanopi-r2s|\
|
|
friendlyarm,nanopi-r4s|\
|
|
friendlyarm,nanopi-r76s)
|
|
uci set irqbalance.irqbalance.enabled='0'
|
|
uci commit irqbalance
|
|
service irqbalance stop
|
|
if [ "$kernel_version" = "6.12" ]; then
|
|
[ ! -d "/usr/share/openwrt_core" ] && {
|
|
sed -i '/targets/d' /etc/apk/repositories.d/distfeeds.list
|
|
echo "https://core.kejizero.xyz.com/aarch64_generic/$(grep kernel /etc/apk/world | awk -F= '{print $2}')/packages.adb" >> /etc/apk/repositories.d/distfeeds.list
|
|
}
|
|
uci set ota.config.api_url="$OTA_URL"
|
|
uci commit ota
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
#自动语言
|
|
uci set luci.main.lang=auto
|
|
uci commit luci
|
|
|
|
#自动挂载
|
|
uci set fstab.@global[0].anon_mount=1
|
|
uci commit fstab
|
|
|
|
# 设置主机名映射,解决安卓原生 TV 无法联网的问题
|
|
uci add dhcp domain
|
|
uci set "dhcp.@domain[-1].name=time.android.com"
|
|
uci set "dhcp.@domain[-1].ip=203.107.6.88"
|
|
|
|
# 设置所有网口可访问网页终端
|
|
uci delete ttyd.@ttyd[0].interface
|
|
|
|
# 设置所有网口可连接 SSH
|
|
uci set dropbear.@dropbear[0].Interface=''
|
|
uci commit
|
|
|
|
# 时区设置
|
|
uci set system.@system[0].zram_comp_algo='lz4'
|
|
uci set system.@system[0].timezone=CST-8
|
|
uci set system.@system[0].zonename=Asia/Shanghai
|
|
uci del system.ntp.server
|
|
uci add_list system.ntp.server='ntp.aliyun.com'
|
|
uci add_list system.ntp.server='cn.ntp.org.cn'
|
|
uci add_list system.ntp.server='ntp.ntsc.ac.cn'
|
|
uci commit system
|
|
|
|
# Feeds 更换镜像源
|
|
sed -i 's,downloads.openwrt.org,mirror.sjtu.edu.cn/openwrt,g' /etc/apk/repositories.d/distfeeds.list
|
|
|
|
# nginx
|
|
uci set nginx.global.uci_enable='true'
|
|
uci del nginx._lan
|
|
uci del nginx._redirect2ssl
|
|
uci add nginx server
|
|
uci rename nginx.@server[0]='_lan'
|
|
uci set nginx._lan.server_name='_lan'
|
|
uci add_list nginx._lan.listen='80 default_server'
|
|
uci add_list nginx._lan.listen='[::]:80 default_server'
|
|
#uci add_list nginx._lan.include='restrict_locally'
|
|
uci add_list nginx._lan.include='conf.d/*.locations'
|
|
uci set nginx._lan.access_log='off; # logd openwrt'
|
|
uci commit nginx
|
|
service nginx restart
|
|
|
|
# docker mirror
|
|
if [ -f /etc/config/dockerd ] && [ $(grep -c daocloud.io /etc/config/dockerd) -eq '0' ]; then
|
|
uci add_list dockerd.globals.registry_mirrors="https://docker.m.daocloud.io"
|
|
uci commit dockerd
|
|
fi
|
|
|
|
# firewall
|
|
[ $(grep -c shortcut_fe /etc/config/firewall) -eq '0' ] && uci set firewall.@defaults[0].flow_offloading='1'
|
|
if [ "$(ip link show | grep -c '^.*: eth')" -le 1 ] || [ "$OPENWRT_BOARD" = "armsr/armv8" ]; then
|
|
uci set firewall.@zone[1].input='ACCEPT'
|
|
fi
|
|
uci set firewall.@defaults[0].input='ACCEPT'
|
|
uci commit firewall
|
|
|
|
# diagnostics
|
|
if [ $(uci -q get luci.diag.ping) = "openwrt.org" ]; then
|
|
uci set luci.diag.dns='www.qq.com'
|
|
uci set luci.diag.ping='www.qq.com'
|
|
uci set luci.diag.route='www.qq.com'
|
|
uci commit luci
|
|
fi
|
|
|
|
# disable coremark
|
|
sed -i '/coremark/d' /etc/crontabs/root
|
|
crontab /etc/crontabs/root
|
|
|
|
# einat 启动并确认
|
|
(
|
|
if [ -f /etc/init.d/einat ]; then
|
|
uci set firewall.@defaults[0].fullcone="0"
|
|
uci set firewall.@defaults[0].brcmfullcone="0"
|
|
uci commit firewall
|
|
|
|
uci set einat.config.enabled="0"
|
|
uci commit einat
|
|
|
|
retry=0
|
|
wanif=""
|
|
while [ "$retry" -lt 30 ] && [ -z "$wanif" ]; do
|
|
wanif=$(ip route show default 2>/dev/null | awk '{print $5; exit}')
|
|
if [ -z "$wanif" ]; then
|
|
retry=`expr $retry + 1`
|
|
sleep 1
|
|
fi
|
|
done
|
|
|
|
if [ -n "$wanif" ]; then
|
|
uci set einat.config.ifname="$wanif"
|
|
uci set einat.config.enabled="1"
|
|
uci commit einat
|
|
|
|
max_retry=10
|
|
count=0
|
|
until ps | grep "[e]inat" >/dev/null 2>&1
|
|
do
|
|
/etc/init.d/einat start
|
|
count=`expr $count + 1`
|
|
if [ "$count" -ge "$max_retry" ]; then
|
|
break
|
|
fi
|
|
sleep 1
|
|
done
|
|
fi
|
|
fi
|
|
) >/dev/null 2>&1 &
|
|
|
|
# 默认开启 Packet Steering
|
|
uci set network.globals.packet_steering=$(( $(uname -r | grep -q "^5\.15"; echo $?) ? 2 : 1 ))
|
|
#uci set network.globals.packet_steering='1'
|
|
uci set network.globals.steering_flows='128'
|
|
uci commit network
|
|
|
|
# 通用即插即用
|
|
uci set upnpd.config.enabled='1'
|
|
uci del upnpd.config.force_forwarding
|
|
uci set upnpd.config.ext_allow_private_ipv4='1'
|
|
#uci del upnpd.config.use_stun
|
|
#uci del upnpd.config.stun_host
|
|
uci commit upnpd
|
|
|
|
# 网易云音乐
|
|
#echo "59.111.239.62 httpdns.n.netease.com" >> /etc/hosts && cat /etc/hosts | sort | uniq > /tmp/tmp_hosts && cat /tmp/tmp_hosts > /etc/hosts
|
|
echo "10 2 * * * cd /usr/share/unblockneteasemusic/core/ && openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/CN=*.music.163.com" && cd" >> /etc/crontabs/root && cat /etc/crontabs/root | sort -u > /tmp/tmp_cron_root && cat /tmp/tmp_cron_root > /etc/crontabs/root
|
|
|
|
# 定时清理
|
|
(crontab -l | sed '/find \/tmp/d'; echo "0 0 1 * * find /tmp -type f \( -name \"*.log\" -o -name \"*.txt\" \) -exec sh -c 'rm {} && touch {}' \;") | sed '/^$/d' | crontab -
|
|
|
|
# dnsmasq 设置以及开启 IPv6
|
|
uci del dhcp.lan.ra
|
|
uci del dhcp.lan.dhcpv6
|
|
uci del dhcp.lan.ndp
|
|
uci del dhcp.lan.ra_useleasetime
|
|
uci del dhcp.lan.preferred_lifetime
|
|
uci set dhcp.lan.leasetime='12h'
|
|
uci set dhcp.lan.ra='server'
|
|
uci del dhcp.lan.ra_flags
|
|
uci add_list dhcp.lan.ra_flags='none'
|
|
uci del dhcp.lan.min_preferred_lifetime
|
|
uci set dhcp.lan.max_preferred_lifetime='2700s'
|
|
uci del dhcp.lan.min_valid_lifetime
|
|
uci set dhcp.lan.max_valid_lifetime='5400s'
|
|
uci set dhcp.lan.dns_service='0'
|
|
uci set dhcp.@dnsmasq[0].rebind_protection='0'
|
|
uci commit dhcp
|
|
uci set network.lan.ip6assign='64'
|
|
uci set network.lan.ip6ifaceid='eui64'
|
|
uci delete network.globals.ula_prefix
|
|
uci commit network
|
|
sed -i '/log-facility/d' /etc/dnsmasq.conf
|
|
echo "log-facility=/dev/null" >> /etc/dnsmasq.conf
|
|
/etc/init.d/odhcpd restart
|
|
|
|
# nanopi fix
|
|
sed -i 's/eth1/eth1.*/g' /etc/hotplug.d/net/40-net-smp-affinity
|
|
sed -i 's/eth0/eth0.*/g' /etc/hotplug.d/net/40-net-smp-affinity
|
|
|
|
# SIP fix
|
|
sed -i '/sip/d' /etc/modules.d/nf-nathelper-extra
|
|
|
|
# 计划任务
|
|
uci set system.@system[0].cronloglevel="9"
|
|
uci commit system
|
|
/etc/init.d/cron restart
|
|
|
|
# 软链接
|
|
[ ! -f '/usr/bin/ip' ] && [ -f '/sbin/ip' ] && ln -sf /sbin/ip /usr/bin/ip
|
|
[ ! -f '/usr/bin/wget-ssl' ] && [ -f '/usr/bin/wget' ] && ln -sf /usr/bin/wget /usr/bin/wget-ssl
|
|
#[ ! -f '/usr/bin/ss-local' ] && [ -f '/usr/bin/sslocal' ] && ln -sf /usr/bin/sslocal /usr/bin/ss-local
|
|
[ ! -f '/usr/sbin/trojan' ] && [ -f '/usr/bin/trojan-go' ] && ln -sf /usr/bin/trojan-go /usr/bin/trojan
|
|
#[ ! -f '/usr/bin/v2ray' ] && [ -f '/usr/bin/xray' ] && ln -sf /usr/bin/xray /usr/bin/v2ray
|
|
#[ ! -f '/usr/bin/trojan-go' ] && [ -f '/usr/sbin/trojan-plus' ] && ln -sf /usr/sbin/trojan-plus /usr/bin/trojan-go
|
|
|
|
# Flag packages
|
|
opkg flag hold luci-app-firewall
|
|
opkg flag hold firewall
|
|
opkg flag hold dnsmasq-full
|
|
|
|
# init
|
|
devices_setup
|
|
|
|
exit 0
|