#!/bin/sh . /etc/os-release . /lib/functions/uci-defaults.sh [ $(uname -m) = "x86_64" ] && alias board_name="echo x86_64" # theme if [ -d "/www/luci-static/argon" ] && [ -z "$(uci -q get luci.main.pollinterval)" ]; then uci set luci.main.mediaurlbase='/luci-static/argon' uci set luci.main.pollinterval='3' uci commit luci fi # ttyd uci set ttyd.@ttyd[0].command='/bin/login -f root' uci commit ttyd /etc/init.d/ttyd restart # Set lucky uci set lucky.@lucky[0].enabled='0' uci commit lucky /etc/init.d/lucky restart # Set up hostname mapping uci add dhcp domain uci set "dhcp.@domain[-1].name=time.android.com" uci set "dhcp.@domain[-1].ip=203.107.6.88" uci commit dhcp # Set SSH uci delete ttyd.@ttyd[0].interface uci set dropbear.@dropbear[0].Interface='' uci commit # timezone uci set system.@system[0].timezone=CST-8 uci set system.@system[0].zonename=Asia/Shanghai uci commit system # log level uci set system.@system[0].conloglevel='1' uci set system.@system[0].cronloglevel='9' uci commit system # zram mem_total=$(grep MemTotal /proc/meminfo | awk '{print $2}') zram_size=$(echo | awk "{print int($mem_total*0.25/1024)}") uci set system.@system[0].zram_size_mb="$zram_size" uci set system.@system[0].zram_comp_algo='lz4' uci commit system # opkg mirror if [ $(grep -c SNAPSHOT /etc/opkg/distfeeds.conf) -eq '0' ]; then sed -i 's,downloads.openwrt.org,mirrors.aliyun.com/openwrt,g' /etc/opkg/distfeeds.conf else sed -i 's,downloads.openwrt.org,mirrors.pku.edu.cn/openwrt,g' /etc/opkg/distfeeds.conf fi # set password sed -i 's/root::0:0:99999:7:::/root:$1$V4UetPzk$CYXluq4wUazHjmCDBCqXF.:0:0:99999:7:::/g' /etc/shadow sed -i 's/root:::0:99999:7:::/root:$1$V4UetPzk$CYXluq4wUazHjmCDBCqXF.:0:0:99999:7:::/g' /etc/shadow devices_setup() { case "$(board_name)" in armsom,sige3|\ armsom,sige7|\ sinovoip,bpi-r2-pro|\ friendlyarm,nanopc-t4|\ friendlyarm,nanopc-t6|\ friendlyarm,nanopi-r2c|\ friendlyarm,nanopi-r2c-plus|\ friendlyarm,nanopi-r2s|\ friendlyarm,nanopi-r3s|\ friendlyarm,nanopi-r4s|\ friendlyarm,nanopi-r4se|\ friendlyarm,nanopi-r5c|\ friendlyarm,nanopi-r5s|\ friendlyarm,nanopi-r6c|\ friendlyarm,nanopi-r6s|\ huake,guangmiao-g4c|\ fastrhino,r6xs|\ hinlink,opc-h6xk|\ radxa,rock-5a|\ radxa,rock-5b|\ xunlong,orangepi-5|\ xunlong,orangepi-5-plus) uci set irqbalance.irqbalance.enabled='0' uci commit irqbalance service irqbalance stop [ ! -d "/usr/share/openwrt_core" ] && { sed -i '/openwrt_core/d' /etc/opkg/distfeeds.conf openwrt_core="openwrt_core/aarch64_generic" sed -i "\$a\src/gz openwrt_core https://raw.githubusercontent.com/QuickWrt/${openwrt_core}/$(grep Version /usr/lib/opkg/info/kernel.control | awk '{print $2}')" /etc/opkg/distfeeds.conf } uci set ota.config.api_url="https://api.kejizero.xyz/openwrt/rockchip.json" uci commit ota ;; x86_64) [ $(uname -r | awk -F. '{print $1}') = 6 ] && { [ -f /sys/kernel/btf/vmlinux ] && [ ! -d "/usr/share/openwrt_core" ] && { openwrt_core="openwrt_core/x86_64" sed -i '/openwrt_core/d' /etc/opkg/distfeeds.conf sed -i "\$a\src/gz openwrt_core https://raw.githubusercontent.com/QuickWrt/${openwrt_core}/$(grep Version /usr/lib/opkg/info/kernel.control | awk '{print $2}')" /etc/opkg/distfeeds.conf } } uci set ota.config.api_url="https://api.kejizero.xyz/openwrt/x86_64.json" uci commit ota ;; esac } # opkg mirror sed -i 's,downloads.openwrt.org,mirrors.aliyun.com/openwrt,g' /etc/opkg/distfeeds.conf # extra packages echo "src/gz openwrt_extras https://opkg.kejizero.xyz/openwrt-24.10/$(. /etc/openwrt_release ; echo $DISTRIB_ARCH)" >> /etc/opkg/distfeeds.conf # nginx uci set nginx.global.uci_enable='true' uci del nginx._lan uci del nginx._redirect2ssl uci add nginx server uci rename nginx.@server[0]='_lan' uci set nginx._lan.server_name='_lan' uci add_list nginx._lan.listen='80 default_server' uci add_list nginx._lan.listen='[::]:80 default_server' #uci add_list nginx._lan.include='restrict_locally' uci add_list nginx._lan.include='conf.d/*.locations' uci set nginx._lan.access_log='off; # logd openwrt' uci commit nginx service nginx restart # docker mirror if [ -f /etc/config/dockerd ] && [ $(grep -c daocloud.io /etc/config/dockerd) -eq '0' ]; then uci add_list dockerd.globals.registry_mirrors="https://docker.m.daocloud.io" uci commit dockerd fi # firewall [ $(grep -c shortcut_fe /etc/config/firewall) -eq '0' ] && uci set firewall.@defaults[0].flow_offloading='1' if [ $(ifconfig -a | grep -o '^eth[^ ]*' | wc -l) -le 1 ] || [ "$OPENWRT_BOARD" = "armsr/armv8" ]; then uci set firewall.@zone[1].input='ACCEPT' fi uci set firewall.@defaults[0].input='ACCEPT' uci commit firewall # diagnostics if [ $(uci -q get luci.diag.ping) = "openwrt.org" ]; then uci set luci.diag.dns='www.qq.com' uci set luci.diag.ping='www.qq.com' uci set luci.diag.route='www.qq.com' uci commit luci fi # packet steering uci -q get network.globals.packet_steering > /dev/null || { uci set network.globals='globals' uci set network.globals.packet_steering=2 uci set network.globals.steering_flows='128' uci commit network } # disable coremark sed -i '/coremark/d' /etc/crontabs/root crontab /etc/crontabs/root # Smartdns相关设置 uci add smartdns server uci set smartdns.@server[0].enabled='1' uci set smartdns.@server[0].type='udp' uci set smartdns.@server[0].name='清华大学TUNA协会' uci set smartdns.@server[0].ip='101.6.6.6' uci set smartdns.@server[0].server_group='smartdns-China' uci set smartdns.@server[0].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[1].enabled='1' uci set smartdns.@server[1].type='udp' uci set smartdns.@server[1].name='114' uci set smartdns.@server[1].ip='114.114.114.114' uci set smartdns.@server[1].server_group='smartdns-China' uci set smartdns.@server[1].blacklist_ip='0' uci set smartdns.@server[1].port='53' uci add smartdns server uci set smartdns.@server[2].enabled='1' uci set smartdns.@server[2].type='udp' uci set smartdns.@server[2].name='ail dns ipv4' uci set smartdns.@server[2].ip='223.5.5.5' uci set smartdns.@server[2].port='53' uci set smartdns.@server[2].server_group='smartdns-China' uci set smartdns.@server[2].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[3].enabled='1' uci set smartdns.@server[3].name='Ali DNS' uci set smartdns.@server[3].ip='https://dns.alidns.com/dns-query' uci set smartdns.@server[3].type='https' uci set smartdns.@server[3].no_check_certificate='0' uci set smartdns.@server[3].server_group='smartdns-China' uci set smartdns.@server[3].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[4].enabled='1' uci set smartdns.@server[4].name='360 Secure DNS' uci set smartdns.@server[4].type='https' uci set smartdns.@server[4].no_check_certificate='0' uci set smartdns.@server[4].server_group='smartdns-China' uci set smartdns.@server[4].blacklist_ip='0' uci set smartdns.@server[4].ip='https://doh.360.cn/dns-query' uci add smartdns server uci set smartdns.@server[5].enabled='1' uci set smartdns.@server[5].name='DNSPod Public DNS+' uci set smartdns.@server[5].ip='https://doh.pub/dns-query' uci set smartdns.@server[5].type='https' uci set smartdns.@server[5].no_check_certificate='0' uci set smartdns.@server[5].server_group='smartdns-China' uci set smartdns.@server[5].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[6].enabled='1' uci set smartdns.@server[6].type='udp' uci set smartdns.@server[6].name='baidu dns' uci set smartdns.@server[6].ip='180.76.76.76' uci set smartdns.@server[6].port='53' uci set smartdns.@server[6].server_group='smartdns-China' uci set smartdns.@server[6].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[7].enabled='1' uci set smartdns.@server[7].type='udp' uci set smartdns.@server[7].name='360dns' uci set smartdns.@server[7].ip='101.226.4.6' uci set smartdns.@server[7].port='53' uci set smartdns.@server[7].server_group='smartdns-China' uci set smartdns.@server[7].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[8].enabled='1' uci set smartdns.@server[8].type='udp' uci set smartdns.@server[8].name='dnspod' uci set smartdns.@server[8].ip='119.29.29.29' uci set smartdns.@server[8].port='53' uci set smartdns.@server[8].blacklist_ip='0' uci set smartdns.@server[8].server_group='smartdns-China' uci add smartdns server uci set smartdns.@server[9].enabled='1' uci set smartdns.@server[9].name='Cloudflare-tls' uci set smartdns.@server[9].ip='1.1.1.1' uci set smartdns.@server[9].type='tls' uci set smartdns.@server[9].server_group='smartdns-Overseas' uci set smartdns.@server[9].exclude_default_group='0' uci set smartdns.@server[9].blacklist_ip='0' uci set smartdns.@server[9].no_check_certificate='0' uci set smartdns.@server[9].port='853' uci set smartdns.@server[9].spki_pin='GP8Knf7qBae+aIfythytMbYnL+yowaWVeD6MoLHkVRg=' uci add smartdns server uci set smartdns.@server[10].enabled='1' uci set smartdns.@server[10].name='Google_DNS-tls' uci set smartdns.@server[10].type='tls' uci set smartdns.@server[10].server_group='smartdns-Overseas' uci set smartdns.@server[10].exclude_default_group='0' uci set smartdns.@server[10].blacklist_ip='0' uci set smartdns.@server[10].no_check_certificate='0' uci set smartdns.@server[10].port='853' uci set smartdns.@server[10].ip='8.8.4.4' uci set smartdns.@server[10].spki_pin='r/fTokourI3+um9Rws4XrHG6fWEmHpZ8iWnOUjzwwjQ=' uci add smartdns server uci set smartdns.@server[11].enabled='1' uci set smartdns.@server[11].name='Quad9-tls' uci set smartdns.@server[11].ip='9.9.9.9' uci set smartdns.@server[11].type='tls' uci set smartdns.@server[11].server_group='smartdns-Overseas' uci set smartdns.@server[11].exclude_default_group='0' uci set smartdns.@server[11].blacklist_ip='0' uci set smartdns.@server[11].no_check_certificate='0' uci set smartdns.@server[11].port='853' uci set smartdns.@server[11].spki_pin='/SlsviBkb05Y/8XiKF9+CZsgCtrqPQk5bh47o0R3/Cg=' uci add smartdns server uci set smartdns.@server[12].enabled='1' uci set smartdns.@server[12].name='quad9-ipv6' uci set smartdns.@server[12].ip='2620:fe::fe' uci set smartdns.@server[12].port='9953' uci set smartdns.@server[12].type='udp' uci set smartdns.@server[12].server_group='smartdns-Overseas' uci set smartdns.@server[12].exclude_default_group='0' uci set smartdns.@server[12].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[13].enabled='1' uci set smartdns.@server[13].name='谷歌DNS' uci set smartdns.@server[13].ip='https://dns.google/dns-query' uci set smartdns.@server[13].type='https' uci set smartdns.@server[13].no_check_certificate='0' uci set smartdns.@server[13].server_group='smartdns-Overseas' uci set smartdns.@server[13].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[14].enabled='1' uci set smartdns.@server[14].name='Cloudflare DNS ' uci set smartdns.@server[14].ip='https://dns.cloudflare.com/dns-query' uci set smartdns.@server[14].type='https' uci set smartdns.@server[14].no_check_certificate='0' uci set smartdns.@server[14].server_group='smartdns-Overseas' uci set smartdns.@server[14].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[15].enabled='1' uci set smartdns.@server[15].name='CIRA Canadian Shield DNS' uci set smartdns.@server[15].ip='https://private.canadianshield.cira.ca/dns-query' uci set smartdns.@server[15].type='https' uci set smartdns.@server[15].no_check_certificate='0' uci set smartdns.@server[15].server_group='smartdns-Overseas' uci set smartdns.@server[15].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[16].enabled='1' uci set smartdns.@server[16].name='Restena DNS' uci set smartdns.@server[16].ip='https://kaitain.restena.lu/dns-query' uci set smartdns.@server[16].type='https' uci set smartdns.@server[16].no_check_certificate='0' uci set smartdns.@server[16].server_group='smartdns-Overseas' uci set smartdns.@server[16].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[17].enabled='1' uci set smartdns.@server[17].name='Quad9 DNS' uci set smartdns.@server[17].ip='https://dns.quad9.net/dns-query' uci set smartdns.@server[17].type='https' uci set smartdns.@server[17].no_check_certificate='0' uci set smartdns.@server[17].server_group='smartdns-Overseas' uci set smartdns.@server[17].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[18].enabled='1' uci set smartdns.@server[18].name='CZ.NIC ODVR' uci set smartdns.@server[18].ip='https://odvr.nic.cz/doh' uci set smartdns.@server[18].type='https' uci set smartdns.@server[18].no_check_certificate='0' uci set smartdns.@server[18].server_group='smartdns-Overseas' uci set smartdns.@server[18].blacklist_ip='0' uci add smartdns server uci set smartdns.@server[19].enabled='1' uci set smartdns.@server[19].name='AhaDNS-Spain' uci set smartdns.@server[19].ip='https://doh.es.ahadns.net/dns-query ' uci set smartdns.@server[19].type='https' uci set smartdns.@server[19].no_check_certificate='0' uci set smartdns.@server[19].server_group='smartdns-Overseas' uci set smartdns.@server[19].blacklist_ip='0' uci commit smartdns /etc/init.d/smartdns restart ### nikki # 设置基础状态 uci set nikki.status='status' # 主配置 uci set nikki.config=config uci set nikki.config.init='1' uci set nikki.config.enabled='0' # 关闭 uci set nikki.config.profile='subscription:subscription' uci set nikki.config.start_delay='0' uci set nikki.config.scheduled_restart='0' uci set nikki.config.cron_expression='0 3 * * *' uci set nikki.config.test_profile='1' uci set nikki.config.fast_reload='1' # 代理设置 uci set nikki.proxy=proxy uci set nikki.proxy.enabled='1' uci set nikki.proxy.tcp_mode='redirect' uci set nikki.proxy.udp_mode='tun' uci set nikki.proxy.ipv4_dns_hijack='1' uci set nikki.proxy.ipv6_dns_hijack='1' uci set nikki.proxy.ipv4_proxy='1' uci set nikki.proxy.ipv6_proxy='1' uci set nikki.proxy.fake_ip_ping_hijack='1' uci set nikki.proxy.router_proxy='1' uci set nikki.proxy.lan_proxy='1' uci add_list nikki.proxy.lan_inbound_interface='lan' uci add_list nikki.proxy.bypass_dscp='4' uci set nikki.proxy.bypass_china_mainland_ip='0' uci set nikki.proxy.proxy_tcp_dport='0-65535' uci set nikki.proxy.proxy_udp_dport='0-65535' # 订阅配置(需替换真实URL) uci set nikki.subscription=subscription uci set nikki.subscription.name='订阅配置' uci set nikki.subscription.url='http://your_real_subscription_url.yaml' # 请修改 uci set nikki.subscription.user_agent='clash.meta' uci set nikki.subscription.prefer='remote' # 混合配置 uci set nikki.mixin=mixin uci set nikki.mixin.log_level='warning' uci set nikki.mixin.mode='rule' uci set nikki.mixin.match_process='off' uci set nikki.mixin.ipv6='1' uci set nikki.mixin.ui_path='ui' uci set nikki.mixin.ui_url='https://github.com/Zephyruso/zashboard/releases/latest/download/dist-cdn-fonts.zip' uci set nikki.mixin.api_listen='[::]:9090' uci set nikki.mixin.selection_cache='1' uci set nikki.mixin.allow_lan='1' uci set nikki.mixin.http_port='8080' uci set nikki.mixin.socks_port='1080' uci set nikki.mixin.mixed_port='7890' uci set nikki.mixin.redir_port='7891' uci set nikki.mixin.tproxy_port='7892' uci set nikki.mixin.authentication='1' uci set nikki.mixin.tun_device='ZeroWrt' uci set nikki.mixin.tun_stack='gvisor' uci set nikki.mixin.tun_dns_hijack='0' uci add_list nikki.mixin.tun_dns_hijacks='tcp://any:53' uci add_list nikki.mixin.tun_dns_hijacks='udp://any:53' uci set nikki.mixin.dns_listen='[::]:1053' uci set nikki.mixin.dns_ipv6='1' uci set nikki.mixin.dns_mode='fake-ip' uci set nikki.mixin.fake_ip_range='198.18.0.1/16' uci set nikki.mixin.fake_ip_filter='1' uci set nikki.mixin.fake_ip_cache='1' uci set nikki.mixin.hosts='1' uci set nikki.mixin.dns_nameserver='1' uci set nikki.mixin.dns_nameserver_policy='0' uci set nikki.mixin.sniffer_force_domain_name='0' uci set nikki.mixin.sniffer_ignore_domain_name='0' uci set nikki.mixin.sniffer_sniff='1' uci set nikki.mixin.rule='0' uci set nikki.mixin.rule_provider='0' uci set nikki.mixin.mixin_file_content='0' uci set nikki.mixin.unify_delay='1' uci set nikki.mixin.tcp_concurrent='1' uci set nikki.mixin.tcp_keep_alive_idle='600' uci set nikki.mixin.tcp_keep_alive_interval='15' uci set nikki.mixin.ui_name='Zashboard' uci set nikki.mixin.api_secret='123456' # 请修改 uci set nikki.mixin.tun_mtu='9000' uci set nikki.mixin.tun_gso='1' uci set nikki.mixin.tun_gso_max_size='65536' uci set nikki.mixin.tun_endpoint_independent_nat='1' uci add_list nikki.mixin.fake_ip_filters='+.lan' uci add_list nikki.mixin.fake_ip_filters='+.local' uci add_list nikki.mixin.fake_ip_filters='geosite:cn' uci set nikki.mixin.fake_ip_filter_mode='blacklist' uci set nikki.mixin.dns_respect_rules='0' uci set nikki.mixin.dns_doh_prefer_http3='0' uci set nikki.mixin.dns_system_hosts='1' uci set nikki.mixin.dns_hosts='1' uci set nikki.mixin.sniffer='1' uci set nikki.mixin.sniffer_sniff_dns_mapping='1' uci set nikki.mixin.sniffer_sniff_pure_ip='1' uci set nikki.mixin.geoip_format='dat' uci set nikki.mixin.geodata_loader='standard' uci set nikki.mixin.geosite_url='https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat' uci set nikki.mixin.geoip_dat_url='https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat' uci set nikki.mixin.geox_auto_update='1' uci set nikki.mixin.geox_update_interval='24' # 环境配置 uci set nikki.env=env uci set nikki.env.disable_safe_path_check='0' uci set nikki.env.disable_loopback_detector='0' uci set nikki.env.disable_quic_go_gso='0' uci set nikki.env.disable_quic_go_ecn='0' # 路由访问控制(第一组) uci set nikki.@router_access_control[0]=router_access_control uci set nikki.@router_access_control[0].enabled='1' uci add_list nikki.@router_access_control[0].user='dnsmasq' uci add_list nikki.@router_access_control[0].user='ftp' uci add_list nikki.@router_access_control[0].user='logd' uci add_list nikki.@router_access_control[0].user='nobody' uci add_list nikki.@router_access_control[0].user='ntp' uci add_list nikki.@router_access_control[0].user='ubus' uci add_list nikki.@router_access_control[0].group='dnsmasq' uci add_list nikki.@router_access_control[0].group='ftp' uci add_list nikki.@router_access_control[0].group='logd' uci add_list nikki.@router_access_control[0].group='nogroup' uci add_list nikki.@router_access_control[0].group='ntp' uci add_list nikki.@router_access_control[0].group='ubus' uci add_list nikki.@router_access_control[0].cgroup='adguardhome' uci add_list nikki.@router_access_control[0].cgroup='aria2' uci add_list nikki.@router_access_control[0].cgroup='dnsmasq' uci add_list nikki.@router_access_control[0].cgroup='netbird' uci add_list nikki.@router_access_control[0].cgroup='qbittorrent' uci add_list nikki.@router_access_control[0].cgroup='sysntpd' uci add_list nikki.@router_access_control[0].cgroup='tailscale' uci add_list nikki.@router_access_control[0].cgroup='zerotier' uci set nikki.@router_access_control[0].proxy='0' # 路由访问控制(第二组) uci set nikki.@router_access_control[1]=router_access_control uci set nikki.@router_access_control[1].enabled='1' uci set nikki.@router_access_control[1].proxy='1' # LAN访问控制 uci set nikki.lan_access_control=lan_access_control uci set nikki.lan_access_control.enabled='1' uci set nikki.lan_access_control.proxy='1' # 认证配置 uci set nikki.authentication=authentication uci set nikki.authentication.enabled='1' uci set nikki.authentication.username='admin' # 建议修改 uci set nikki.authentication.password='your_strong_password' # 必须修改 # 域名配置 uci set nikki.hosts=hosts uci set nikki.hosts.enabled='1' uci set nikki.hosts.domain_name='*.yourdomain.com' # 替换为实际域名 # DNS服务器配置(示例配置第一个) uci set nikki.@nameserver[0]=nameserver uci set nikki.@nameserver[0].enabled='1' uci set nikki.@nameserver[0].type='nameserver' uci add_list nikki.@nameserver[0].nameserver='223.5.5.5' uci add_list nikki.@nameserver[0].nameserver='119.29.29.29' # 提交所有更改 uci commit nikki # 重启服务 /etc/init.d/nikki restart # init devices_setup exit 0