-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinit.sh
More file actions
198 lines (184 loc) · 5.61 KB
/
init.sh
File metadata and controls
198 lines (184 loc) · 5.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
#!/bin/bash
set -eE
# SSH密钥
PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2A0zvOGzFHVmeOqijww+vz7VtSZNPuIA6tMIeTxXk0"
# 用户名(默认为linran)
USERNAME="linran"
# 主机名
HOSTNAME="home"
# SSH端口
SSH_PORT="22"
main() {
check_os
init-system
user
}
check_os() {
# 检查是否以root权限运行
if [ "$EUID" -ne 0 ]; then
error_and_exit "请以root权限运行此脚本"
fi
# 检查操作系统是否为Debian 13
if [ -f /etc/os-release ]; then
# shellcheck disable=SC1091
. /etc/os-release
if [ "$ID" != "debian" ]; then
error_and_exit "此脚本仅支持Debian 13 (trixie)"
elif [ "$VERSION_ID" != "13" ]; then
error_and_exit "此脚本仅支持Debian 13 (trixie)"
fi
fi
}
# 初始化系统和软件包
init-system() {
init() {
echo "正在初始化系统..."
if is_in_china; then
rm -f /etc/apt/sources.list
echo "正在配置国内镜像源..."
cat > /etc/apt/sources.list.d/debian.sources << EOF
Types: deb deb-src
URIs: http://mirrors.tuna.tsinghua.edu.cn/debian
Suites: trixie trixie-updates trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: http://mirrors.tuna.tsinghua.edu.cn/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
else
echo "当前不在国内,使用默认源"
fi
echo "正在更新镜像源..."
apt update && apt upgrade -y
echo "正在安装必要的工具..."
apt install -y \
curl \
git \
sudo \
systemd \
openssh-server
get_name
}
# 覆盖默认用户名
get_name() {
read -rp "请输入要创建的用户名 (默认: linran): " input_username
USERNAME=${input_username:-linran}
read -rp "请输入主机名 (默认: home): " input_hostname
HOSTNAME=${input_hostname:-home}
# 执行
# config_hostname
adduser
}
# 配置主机名
config_hostname() {
cat > /etc/hosts << EOF
127.0.0.1 $HOSTNAME
::1 $HOSTNAME ip6-localhost ip6-loopback
EOF
echo "$HOSTNAME" > /etc/hostname
hostnamectl set-hostname "$HOSTNAME"
}
# 添加用户
adduser() {
if id "$USERNAME" &>/dev/null; then
echo "用户 $USERNAME 已存在"
else
echo "正在创建用户 $USERNAME..."
useradd -m -s /bin/bash "$USERNAME"
echo "$USERNAME:123456" | chpasswd
echo "用户 $USERNAME 已创建,默认密码: 123456"
fi
read -rp "请输入用户公钥 (默认公钥): " input_public_key
PUBLIC_KEY=${input_public_key:-$PUBLIC_KEY}
echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USERNAME"
chmod 440 "/etc/sudoers.d/$USERNAME"
config_ssh
}
# 配置SSH
config_ssh() {
read -rp "请输入SSH端口 (默认: 22): " input_ssh_port
SSH_PORT=${input_ssh_port:-22}
read -rp "是否开启密码登录?(true/false) [默认false]: " input
enable_pwd=${input:-false}
echo "正在配置SSH..."
sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
# 设置密码登录
if [ "$enable_pwd" = "true" ]; then
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
else
sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
fi
# 创建authorized_keys添加公钥
mkdir -p /home/"$USERNAME"/.ssh
echo "$PUBLIC_KEY" > /home/"$USERNAME"/.ssh/authorized_keys
chmod 700 /home/"$USERNAME"/.ssh
chmod 600 /home/"$USERNAME"/.ssh/authorized_keys
chown -R "$USERNAME":"$USERNAME" /home/"$USERNAME"/.ssh
if is_docker; then
echo "检测到当前环境为Docker容器,SSH服务可能无法正常使用"
else
systemctl restart sshd
echo "SSH服务已重启"
fi
echo "SSH配置完成"
}
init
}
user(){
#if is_in_china; then
# curl -fsSLO https://gh.llkk.cc/https://raw.githubusercontent.com/MingriLingran/debian-init/main/user-init.sh
#else
# curl -fsSLO https://raw.githubusercontent.com/MingriLingran/debian-init/main/user-init.sh
#fi
mv "$(pwd)"/user-init.sh /home/"$USERNAME"/user-init.sh
chown "$USERNAME":"$USERNAME" /home/"$USERNAME"/user-init.sh
chmod +x /home/"$USERNAME"/user-init.sh
echo "=============================="
echo "不要关闭终端,请勿退出"
echo "验证公钥登录是否正常"
echo "=============================="
echo "请新开终端登录到"$USERNAME"用户"
echo "默认密码: 123456"
echo "执行“bash user-init.sh”"
echo "=============================="
if is_docker; then
echo "检测到当前环境为Docker容器,SSH服务可能无法正常使用"
fi
}
# ----------------------------------------
is_in_china() {
[ "$force_cn" = 1 ] && return 0
if ! command -v curl &> /dev/null; then
echo "curl命令不存在,默认设置为中国镜像源" >&2
_loc=CN
elif [ -z "$_loc" ]; then
if ! _loc=$(curl -L http://www.qualcomm.cn/cdn-cgi/trace | grep '^loc=' | cut -d= -f2 | grep .); then
error_and_exit "Can not get location."
fi
echo "Location: $_loc" >&2
fi
[ "$_loc" = CN ]
}
is_docker() {
# 检测 cgroup 中的 Docker 标识
if grep -q "docker" /proc/1/cgroup 2>/dev/null; then
return 1
fi
# 检查 .dockerenv 文件
if [ -f "/.dockerenv" ]; then
return 1
fi
# 检测 cgroup 路径是否包含容器特征
if grep -q "kubepods" /proc/self/cgroup 2>/dev/null; then
return 1
fi
return 0
}
error_and_exit() {
echo "$@"
exit 1
}
main