517 lines
20 KiB
Bash
517 lines
20 KiB
Bash
#!/bin/sh
|
||
|
||
. /etc/os-release
|
||
. /lib/functions/uci-defaults.sh
|
||
|
||
[ $(uname -m) = "x86_64" ] && alias board_name="echo x86_64"
|
||
|
||
# theme
|
||
if [ -d "/www/luci-static/argon" ] && [ -z "$(uci -q get luci.main.pollinterval)" ]; then
|
||
uci set luci.main.mediaurlbase='/luci-static/argon'
|
||
uci set luci.main.pollinterval='3'
|
||
uci commit luci
|
||
fi
|
||
|
||
# ttyd
|
||
uci set ttyd.@ttyd[0].command='/bin/login -f root'
|
||
uci commit ttyd
|
||
/etc/init.d/ttyd restart
|
||
|
||
# Set lucky
|
||
uci set lucky.@lucky[0].enabled='0'
|
||
uci commit lucky
|
||
/etc/init.d/lucky restart
|
||
|
||
# Set up hostname mapping
|
||
uci add dhcp domain
|
||
uci set "dhcp.@domain[-1].name=time.android.com"
|
||
uci set "dhcp.@domain[-1].ip=203.107.6.88"
|
||
uci commit dhcp
|
||
|
||
# Set SSH
|
||
uci delete ttyd.@ttyd[0].interface
|
||
uci set dropbear.@dropbear[0].Interface=''
|
||
uci commit
|
||
|
||
# timezone
|
||
uci set system.@system[0].timezone=CST-8
|
||
uci set system.@system[0].zonename=Asia/Shanghai
|
||
uci commit system
|
||
|
||
# log level
|
||
uci set system.@system[0].conloglevel='1'
|
||
uci set system.@system[0].cronloglevel='9'
|
||
uci commit system
|
||
|
||
# zram
|
||
mem_total=$(grep MemTotal /proc/meminfo | awk '{print $2}')
|
||
zram_size=$(echo | awk "{print int($mem_total*0.25/1024)}")
|
||
uci set system.@system[0].zram_size_mb="$zram_size"
|
||
uci set system.@system[0].zram_comp_algo='lz4'
|
||
uci commit system
|
||
|
||
# opkg mirror
|
||
if [ $(grep -c SNAPSHOT /etc/opkg/distfeeds.conf) -eq '0' ]; then
|
||
sed -i 's,downloads.openwrt.org,mirrors.aliyun.com/openwrt,g' /etc/opkg/distfeeds.conf
|
||
else
|
||
sed -i 's,downloads.openwrt.org,mirrors.pku.edu.cn/openwrt,g' /etc/opkg/distfeeds.conf
|
||
fi
|
||
|
||
# set password
|
||
sed -i 's/root::0:0:99999:7:::/root:$1$V4UetPzk$CYXluq4wUazHjmCDBCqXF.:0:0:99999:7:::/g' /etc/shadow
|
||
sed -i 's/root:::0:99999:7:::/root:$1$V4UetPzk$CYXluq4wUazHjmCDBCqXF.:0:0:99999:7:::/g' /etc/shadow
|
||
|
||
devices_setup()
|
||
{
|
||
case "$(board_name)" in
|
||
armsom,sige3|\
|
||
armsom,sige7|\
|
||
sinovoip,bpi-r2-pro|\
|
||
friendlyarm,nanopc-t4|\
|
||
friendlyarm,nanopc-t6|\
|
||
friendlyarm,nanopi-r2c|\
|
||
friendlyarm,nanopi-r2c-plus|\
|
||
friendlyarm,nanopi-r2s|\
|
||
friendlyarm,nanopi-r3s|\
|
||
friendlyarm,nanopi-r4s|\
|
||
friendlyarm,nanopi-r4se|\
|
||
friendlyarm,nanopi-r5c|\
|
||
friendlyarm,nanopi-r5s|\
|
||
friendlyarm,nanopi-r6c|\
|
||
friendlyarm,nanopi-r6s|\
|
||
huake,guangmiao-g4c|\
|
||
fastrhino,r6xs|\
|
||
hinlink,opc-h6xk|\
|
||
radxa,rock-5a|\
|
||
radxa,rock-5b|\
|
||
xunlong,orangepi-5|\
|
||
xunlong,orangepi-5-plus)
|
||
uci set irqbalance.irqbalance.enabled='0'
|
||
uci commit irqbalance
|
||
service irqbalance stop
|
||
[ ! -d "/usr/share/openwrt_core" ] && {
|
||
sed -i '/openwrt_core/d' /etc/opkg/distfeeds.conf
|
||
openwrt_core="openwrt_core/aarch64_generic"
|
||
sed -i "\$a\src/gz openwrt_core https://raw.githubusercontent.com/QuickWrt/${openwrt_core}/$(grep Version /usr/lib/opkg/info/kernel.control | awk '{print $2}')" /etc/opkg/distfeeds.conf
|
||
}
|
||
uci set ota.config.api_url="https://api.kejizero.xyz/openwrt/rockchip.json"
|
||
uci commit ota
|
||
;;
|
||
x86_64)
|
||
[ $(uname -r | awk -F. '{print $1}') = 6 ] && {
|
||
[ -f /sys/kernel/btf/vmlinux ] && [ ! -d "/usr/share/openwrt_core" ] && {
|
||
openwrt_core="openwrt_core/x86_64"
|
||
sed -i '/openwrt_core/d' /etc/opkg/distfeeds.conf
|
||
sed -i "\$a\src/gz openwrt_core https://raw.githubusercontent.com/QuickWrt/${openwrt_core}/$(grep Version /usr/lib/opkg/info/kernel.control | awk '{print $2}')" /etc/opkg/distfeeds.conf
|
||
}
|
||
}
|
||
uci set ota.config.api_url="https://api.kejizero.xyz/openwrt/x86_64.json"
|
||
uci commit ota
|
||
;;
|
||
esac
|
||
}
|
||
|
||
# opkg mirror
|
||
sed -i 's,downloads.openwrt.org,mirrors.aliyun.com/openwrt,g' /etc/opkg/distfeeds.conf
|
||
|
||
# extra packages
|
||
echo "src/gz openwrt_extras https://opkg.kejizero.xyz/openwrt-24.10/$(. /etc/openwrt_release ; echo $DISTRIB_ARCH)" >> /etc/opkg/distfeeds.conf
|
||
|
||
# nginx
|
||
uci set nginx.global.uci_enable='true'
|
||
uci del nginx._lan
|
||
uci del nginx._redirect2ssl
|
||
uci add nginx server
|
||
uci rename nginx.@server[0]='_lan'
|
||
uci set nginx._lan.server_name='_lan'
|
||
uci add_list nginx._lan.listen='80 default_server'
|
||
uci add_list nginx._lan.listen='[::]:80 default_server'
|
||
#uci add_list nginx._lan.include='restrict_locally'
|
||
uci add_list nginx._lan.include='conf.d/*.locations'
|
||
uci set nginx._lan.access_log='off; # logd openwrt'
|
||
uci commit nginx
|
||
service nginx restart
|
||
|
||
# docker mirror
|
||
if [ -f /etc/config/dockerd ] && [ $(grep -c daocloud.io /etc/config/dockerd) -eq '0' ]; then
|
||
uci add_list dockerd.globals.registry_mirrors="https://docker.m.daocloud.io"
|
||
uci commit dockerd
|
||
fi
|
||
|
||
# firewall
|
||
[ $(grep -c shortcut_fe /etc/config/firewall) -eq '0' ] && uci set firewall.@defaults[0].flow_offloading='1'
|
||
if [ $(ifconfig -a | grep -o '^eth[^ ]*' | wc -l) -le 1 ] || [ "$OPENWRT_BOARD" = "armsr/armv8" ]; then
|
||
uci set firewall.@zone[1].input='ACCEPT'
|
||
fi
|
||
uci set firewall.@defaults[0].input='ACCEPT'
|
||
uci commit firewall
|
||
|
||
# diagnostics
|
||
if [ $(uci -q get luci.diag.ping) = "openwrt.org" ]; then
|
||
uci set luci.diag.dns='www.qq.com'
|
||
uci set luci.diag.ping='www.qq.com'
|
||
uci set luci.diag.route='www.qq.com'
|
||
uci commit luci
|
||
fi
|
||
|
||
# packet steering
|
||
uci -q get network.globals.packet_steering > /dev/null || {
|
||
uci set network.globals='globals'
|
||
uci set network.globals.packet_steering=2
|
||
uci set network.globals.steering_flows='128'
|
||
uci commit network
|
||
}
|
||
|
||
# disable coremark
|
||
sed -i '/coremark/d' /etc/crontabs/root
|
||
crontab /etc/crontabs/root
|
||
|
||
# Smartdns相关设置
|
||
uci add smartdns server
|
||
uci set smartdns.@server[0].enabled='1'
|
||
uci set smartdns.@server[0].type='udp'
|
||
uci set smartdns.@server[0].name='清华大学TUNA协会'
|
||
uci set smartdns.@server[0].ip='101.6.6.6'
|
||
uci set smartdns.@server[0].server_group='smartdns-China'
|
||
uci set smartdns.@server[0].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[1].enabled='1'
|
||
uci set smartdns.@server[1].type='udp'
|
||
uci set smartdns.@server[1].name='114'
|
||
uci set smartdns.@server[1].ip='114.114.114.114'
|
||
uci set smartdns.@server[1].server_group='smartdns-China'
|
||
uci set smartdns.@server[1].blacklist_ip='0'
|
||
uci set smartdns.@server[1].port='53'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[2].enabled='1'
|
||
uci set smartdns.@server[2].type='udp'
|
||
uci set smartdns.@server[2].name='ail dns ipv4'
|
||
uci set smartdns.@server[2].ip='223.5.5.5'
|
||
uci set smartdns.@server[2].port='53'
|
||
uci set smartdns.@server[2].server_group='smartdns-China'
|
||
uci set smartdns.@server[2].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[3].enabled='1'
|
||
uci set smartdns.@server[3].name='Ali DNS'
|
||
uci set smartdns.@server[3].ip='https://dns.alidns.com/dns-query'
|
||
uci set smartdns.@server[3].type='https'
|
||
uci set smartdns.@server[3].no_check_certificate='0'
|
||
uci set smartdns.@server[3].server_group='smartdns-China'
|
||
uci set smartdns.@server[3].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[4].enabled='1'
|
||
uci set smartdns.@server[4].name='360 Secure DNS'
|
||
uci set smartdns.@server[4].type='https'
|
||
uci set smartdns.@server[4].no_check_certificate='0'
|
||
uci set smartdns.@server[4].server_group='smartdns-China'
|
||
uci set smartdns.@server[4].blacklist_ip='0'
|
||
uci set smartdns.@server[4].ip='https://doh.360.cn/dns-query'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[5].enabled='1'
|
||
uci set smartdns.@server[5].name='DNSPod Public DNS+'
|
||
uci set smartdns.@server[5].ip='https://doh.pub/dns-query'
|
||
uci set smartdns.@server[5].type='https'
|
||
uci set smartdns.@server[5].no_check_certificate='0'
|
||
uci set smartdns.@server[5].server_group='smartdns-China'
|
||
uci set smartdns.@server[5].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[6].enabled='1'
|
||
uci set smartdns.@server[6].type='udp'
|
||
uci set smartdns.@server[6].name='baidu dns'
|
||
uci set smartdns.@server[6].ip='180.76.76.76'
|
||
uci set smartdns.@server[6].port='53'
|
||
uci set smartdns.@server[6].server_group='smartdns-China'
|
||
uci set smartdns.@server[6].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[7].enabled='1'
|
||
uci set smartdns.@server[7].type='udp'
|
||
uci set smartdns.@server[7].name='360dns'
|
||
uci set smartdns.@server[7].ip='101.226.4.6'
|
||
uci set smartdns.@server[7].port='53'
|
||
uci set smartdns.@server[7].server_group='smartdns-China'
|
||
uci set smartdns.@server[7].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[8].enabled='1'
|
||
uci set smartdns.@server[8].type='udp'
|
||
uci set smartdns.@server[8].name='dnspod'
|
||
uci set smartdns.@server[8].ip='119.29.29.29'
|
||
uci set smartdns.@server[8].port='53'
|
||
uci set smartdns.@server[8].blacklist_ip='0'
|
||
uci set smartdns.@server[8].server_group='smartdns-China'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[9].enabled='1'
|
||
uci set smartdns.@server[9].name='Cloudflare-tls'
|
||
uci set smartdns.@server[9].ip='1.1.1.1'
|
||
uci set smartdns.@server[9].type='tls'
|
||
uci set smartdns.@server[9].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[9].exclude_default_group='0'
|
||
uci set smartdns.@server[9].blacklist_ip='0'
|
||
uci set smartdns.@server[9].no_check_certificate='0'
|
||
uci set smartdns.@server[9].port='853'
|
||
uci set smartdns.@server[9].spki_pin='GP8Knf7qBae+aIfythytMbYnL+yowaWVeD6MoLHkVRg='
|
||
uci add smartdns server
|
||
uci set smartdns.@server[10].enabled='1'
|
||
uci set smartdns.@server[10].name='Google_DNS-tls'
|
||
uci set smartdns.@server[10].type='tls'
|
||
uci set smartdns.@server[10].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[10].exclude_default_group='0'
|
||
uci set smartdns.@server[10].blacklist_ip='0'
|
||
uci set smartdns.@server[10].no_check_certificate='0'
|
||
uci set smartdns.@server[10].port='853'
|
||
uci set smartdns.@server[10].ip='8.8.4.4'
|
||
uci set smartdns.@server[10].spki_pin='r/fTokourI3+um9Rws4XrHG6fWEmHpZ8iWnOUjzwwjQ='
|
||
uci add smartdns server
|
||
uci set smartdns.@server[11].enabled='1'
|
||
uci set smartdns.@server[11].name='Quad9-tls'
|
||
uci set smartdns.@server[11].ip='9.9.9.9'
|
||
uci set smartdns.@server[11].type='tls'
|
||
uci set smartdns.@server[11].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[11].exclude_default_group='0'
|
||
uci set smartdns.@server[11].blacklist_ip='0'
|
||
uci set smartdns.@server[11].no_check_certificate='0'
|
||
uci set smartdns.@server[11].port='853'
|
||
uci set smartdns.@server[11].spki_pin='/SlsviBkb05Y/8XiKF9+CZsgCtrqPQk5bh47o0R3/Cg='
|
||
uci add smartdns server
|
||
uci set smartdns.@server[12].enabled='1'
|
||
uci set smartdns.@server[12].name='quad9-ipv6'
|
||
uci set smartdns.@server[12].ip='2620:fe::fe'
|
||
uci set smartdns.@server[12].port='9953'
|
||
uci set smartdns.@server[12].type='udp'
|
||
uci set smartdns.@server[12].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[12].exclude_default_group='0'
|
||
uci set smartdns.@server[12].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[13].enabled='1'
|
||
uci set smartdns.@server[13].name='谷歌DNS'
|
||
uci set smartdns.@server[13].ip='https://dns.google/dns-query'
|
||
uci set smartdns.@server[13].type='https'
|
||
uci set smartdns.@server[13].no_check_certificate='0'
|
||
uci set smartdns.@server[13].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[13].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[14].enabled='1'
|
||
uci set smartdns.@server[14].name='Cloudflare DNS '
|
||
uci set smartdns.@server[14].ip='https://dns.cloudflare.com/dns-query'
|
||
uci set smartdns.@server[14].type='https'
|
||
uci set smartdns.@server[14].no_check_certificate='0'
|
||
uci set smartdns.@server[14].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[14].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[15].enabled='1'
|
||
uci set smartdns.@server[15].name='CIRA Canadian Shield DNS'
|
||
uci set smartdns.@server[15].ip='https://private.canadianshield.cira.ca/dns-query'
|
||
uci set smartdns.@server[15].type='https'
|
||
uci set smartdns.@server[15].no_check_certificate='0'
|
||
uci set smartdns.@server[15].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[15].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[16].enabled='1'
|
||
uci set smartdns.@server[16].name='Restena DNS'
|
||
uci set smartdns.@server[16].ip='https://kaitain.restena.lu/dns-query'
|
||
uci set smartdns.@server[16].type='https'
|
||
uci set smartdns.@server[16].no_check_certificate='0'
|
||
uci set smartdns.@server[16].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[16].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[17].enabled='1'
|
||
uci set smartdns.@server[17].name='Quad9 DNS'
|
||
uci set smartdns.@server[17].ip='https://dns.quad9.net/dns-query'
|
||
uci set smartdns.@server[17].type='https'
|
||
uci set smartdns.@server[17].no_check_certificate='0'
|
||
uci set smartdns.@server[17].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[17].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[18].enabled='1'
|
||
uci set smartdns.@server[18].name='CZ.NIC ODVR'
|
||
uci set smartdns.@server[18].ip='https://odvr.nic.cz/doh'
|
||
uci set smartdns.@server[18].type='https'
|
||
uci set smartdns.@server[18].no_check_certificate='0'
|
||
uci set smartdns.@server[18].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[18].blacklist_ip='0'
|
||
uci add smartdns server
|
||
uci set smartdns.@server[19].enabled='1'
|
||
uci set smartdns.@server[19].name='AhaDNS-Spain'
|
||
uci set smartdns.@server[19].ip='https://doh.es.ahadns.net/dns-query '
|
||
uci set smartdns.@server[19].type='https'
|
||
uci set smartdns.@server[19].no_check_certificate='0'
|
||
uci set smartdns.@server[19].server_group='smartdns-Overseas'
|
||
uci set smartdns.@server[19].blacklist_ip='0'
|
||
uci commit smartdns
|
||
/etc/init.d/smartdns restart
|
||
|
||
### nikki
|
||
# 设置基础状态
|
||
uci set nikki.status='status'
|
||
|
||
# 主配置
|
||
uci set nikki.config=config
|
||
uci set nikki.config.init='1'
|
||
uci set nikki.config.enabled='0' # 关闭
|
||
uci set nikki.config.profile='subscription:subscription'
|
||
uci set nikki.config.start_delay='0'
|
||
uci set nikki.config.scheduled_restart='0'
|
||
uci set nikki.config.cron_expression='0 3 * * *'
|
||
uci set nikki.config.test_profile='1'
|
||
uci set nikki.config.fast_reload='1'
|
||
|
||
# 代理设置
|
||
uci set nikki.proxy=proxy
|
||
uci set nikki.proxy.enabled='1'
|
||
uci set nikki.proxy.tcp_mode='redirect'
|
||
uci set nikki.proxy.udp_mode='tun'
|
||
uci set nikki.proxy.ipv4_dns_hijack='1'
|
||
uci set nikki.proxy.ipv6_dns_hijack='1'
|
||
uci set nikki.proxy.ipv4_proxy='1'
|
||
uci set nikki.proxy.ipv6_proxy='1'
|
||
uci set nikki.proxy.fake_ip_ping_hijack='1'
|
||
uci set nikki.proxy.router_proxy='1'
|
||
uci set nikki.proxy.lan_proxy='1'
|
||
uci add_list nikki.proxy.lan_inbound_interface='lan'
|
||
uci add_list nikki.proxy.bypass_dscp='4'
|
||
uci set nikki.proxy.bypass_china_mainland_ip='0'
|
||
uci set nikki.proxy.proxy_tcp_dport='0-65535'
|
||
uci set nikki.proxy.proxy_udp_dport='0-65535'
|
||
|
||
# 订阅配置(需替换真实URL)
|
||
uci set nikki.subscription=subscription
|
||
uci set nikki.subscription.name='订阅配置'
|
||
uci set nikki.subscription.url='http://your_real_subscription_url.yaml' # 请修改
|
||
uci set nikki.subscription.user_agent='clash.meta'
|
||
uci set nikki.subscription.prefer='remote'
|
||
|
||
# 混合配置
|
||
uci set nikki.mixin=mixin
|
||
uci set nikki.mixin.log_level='warning'
|
||
uci set nikki.mixin.mode='rule'
|
||
uci set nikki.mixin.match_process='off'
|
||
uci set nikki.mixin.ipv6='1'
|
||
uci set nikki.mixin.ui_path='ui'
|
||
uci set nikki.mixin.ui_url='https://github.com/Zephyruso/zashboard/releases/latest/download/dist-cdn-fonts.zip'
|
||
uci set nikki.mixin.api_listen='[::]:9090'
|
||
uci set nikki.mixin.selection_cache='1'
|
||
uci set nikki.mixin.allow_lan='1'
|
||
uci set nikki.mixin.http_port='8080'
|
||
uci set nikki.mixin.socks_port='1080'
|
||
uci set nikki.mixin.mixed_port='7890'
|
||
uci set nikki.mixin.redir_port='7891'
|
||
uci set nikki.mixin.tproxy_port='7892'
|
||
uci set nikki.mixin.authentication='1'
|
||
uci set nikki.mixin.tun_device='ZeroWrt'
|
||
uci set nikki.mixin.tun_stack='gvisor'
|
||
uci set nikki.mixin.tun_dns_hijack='0'
|
||
uci add_list nikki.mixin.tun_dns_hijacks='tcp://any:53'
|
||
uci add_list nikki.mixin.tun_dns_hijacks='udp://any:53'
|
||
uci set nikki.mixin.dns_listen='[::]:1053'
|
||
uci set nikki.mixin.dns_ipv6='1'
|
||
uci set nikki.mixin.dns_mode='fake-ip'
|
||
uci set nikki.mixin.fake_ip_range='198.18.0.1/16'
|
||
uci set nikki.mixin.fake_ip_filter='1'
|
||
uci set nikki.mixin.fake_ip_cache='1'
|
||
uci set nikki.mixin.hosts='1'
|
||
uci set nikki.mixin.dns_nameserver='1'
|
||
uci set nikki.mixin.dns_nameserver_policy='0'
|
||
uci set nikki.mixin.sniffer_force_domain_name='0'
|
||
uci set nikki.mixin.sniffer_ignore_domain_name='0'
|
||
uci set nikki.mixin.sniffer_sniff='1'
|
||
uci set nikki.mixin.rule='0'
|
||
uci set nikki.mixin.rule_provider='0'
|
||
uci set nikki.mixin.mixin_file_content='0'
|
||
uci set nikki.mixin.unify_delay='1'
|
||
uci set nikki.mixin.tcp_concurrent='1'
|
||
uci set nikki.mixin.tcp_keep_alive_idle='600'
|
||
uci set nikki.mixin.tcp_keep_alive_interval='15'
|
||
uci set nikki.mixin.ui_name='Zashboard'
|
||
uci set nikki.mixin.api_secret='123456' # 请修改
|
||
uci set nikki.mixin.tun_mtu='9000'
|
||
uci set nikki.mixin.tun_gso='1'
|
||
uci set nikki.mixin.tun_gso_max_size='65536'
|
||
uci set nikki.mixin.tun_endpoint_independent_nat='1'
|
||
uci add_list nikki.mixin.fake_ip_filters='+.lan'
|
||
uci add_list nikki.mixin.fake_ip_filters='+.local'
|
||
uci add_list nikki.mixin.fake_ip_filters='geosite:cn'
|
||
uci set nikki.mixin.fake_ip_filter_mode='blacklist'
|
||
uci set nikki.mixin.dns_respect_rules='0'
|
||
uci set nikki.mixin.dns_doh_prefer_http3='0'
|
||
uci set nikki.mixin.dns_system_hosts='1'
|
||
uci set nikki.mixin.dns_hosts='1'
|
||
uci set nikki.mixin.sniffer='1'
|
||
uci set nikki.mixin.sniffer_sniff_dns_mapping='1'
|
||
uci set nikki.mixin.sniffer_sniff_pure_ip='1'
|
||
uci set nikki.mixin.geoip_format='dat'
|
||
uci set nikki.mixin.geodata_loader='standard'
|
||
uci set nikki.mixin.geosite_url='https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat'
|
||
uci set nikki.mixin.geoip_dat_url='https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
|
||
uci set nikki.mixin.geox_auto_update='1'
|
||
uci set nikki.mixin.geox_update_interval='24'
|
||
|
||
# 环境配置
|
||
uci set nikki.env=env
|
||
uci set nikki.env.disable_safe_path_check='0'
|
||
uci set nikki.env.disable_loopback_detector='0'
|
||
uci set nikki.env.disable_quic_go_gso='0'
|
||
uci set nikki.env.disable_quic_go_ecn='0'
|
||
|
||
# 路由访问控制(第一组)
|
||
uci set nikki.@router_access_control[0]=router_access_control
|
||
uci set nikki.@router_access_control[0].enabled='1'
|
||
uci add_list nikki.@router_access_control[0].user='dnsmasq'
|
||
uci add_list nikki.@router_access_control[0].user='ftp'
|
||
uci add_list nikki.@router_access_control[0].user='logd'
|
||
uci add_list nikki.@router_access_control[0].user='nobody'
|
||
uci add_list nikki.@router_access_control[0].user='ntp'
|
||
uci add_list nikki.@router_access_control[0].user='ubus'
|
||
uci add_list nikki.@router_access_control[0].group='dnsmasq'
|
||
uci add_list nikki.@router_access_control[0].group='ftp'
|
||
uci add_list nikki.@router_access_control[0].group='logd'
|
||
uci add_list nikki.@router_access_control[0].group='nogroup'
|
||
uci add_list nikki.@router_access_control[0].group='ntp'
|
||
uci add_list nikki.@router_access_control[0].group='ubus'
|
||
uci add_list nikki.@router_access_control[0].cgroup='adguardhome'
|
||
uci add_list nikki.@router_access_control[0].cgroup='aria2'
|
||
uci add_list nikki.@router_access_control[0].cgroup='dnsmasq'
|
||
uci add_list nikki.@router_access_control[0].cgroup='netbird'
|
||
uci add_list nikki.@router_access_control[0].cgroup='qbittorrent'
|
||
uci add_list nikki.@router_access_control[0].cgroup='sysntpd'
|
||
uci add_list nikki.@router_access_control[0].cgroup='tailscale'
|
||
uci add_list nikki.@router_access_control[0].cgroup='zerotier'
|
||
uci set nikki.@router_access_control[0].proxy='0'
|
||
|
||
# 路由访问控制(第二组)
|
||
uci set nikki.@router_access_control[1]=router_access_control
|
||
uci set nikki.@router_access_control[1].enabled='1'
|
||
uci set nikki.@router_access_control[1].proxy='1'
|
||
|
||
# LAN访问控制
|
||
uci set nikki.lan_access_control=lan_access_control
|
||
uci set nikki.lan_access_control.enabled='1'
|
||
uci set nikki.lan_access_control.proxy='1'
|
||
|
||
# 认证配置
|
||
uci set nikki.authentication=authentication
|
||
uci set nikki.authentication.enabled='1'
|
||
uci set nikki.authentication.username='admin' # 建议修改
|
||
uci set nikki.authentication.password='your_strong_password' # 必须修改
|
||
|
||
# 域名配置
|
||
uci set nikki.hosts=hosts
|
||
uci set nikki.hosts.enabled='1'
|
||
uci set nikki.hosts.domain_name='*.yourdomain.com' # 替换为实际域名
|
||
|
||
# DNS服务器配置(示例配置第一个)
|
||
uci set nikki.@nameserver[0]=nameserver
|
||
uci set nikki.@nameserver[0].enabled='1'
|
||
uci set nikki.@nameserver[0].type='nameserver'
|
||
uci add_list nikki.@nameserver[0].nameserver='223.5.5.5'
|
||
uci add_list nikki.@nameserver[0].nameserver='119.29.29.29'
|
||
|
||
# 提交所有更改
|
||
uci commit nikki
|
||
|
||
# 重启服务
|
||
/etc/init.d/nikki restart
|
||
|
||
# init
|
||
devices_setup
|
||
|
||
exit 0
|