#!/bin/bash # 安装微信和qq qqurl="http://work.eisc.cn/ruanjian/ubuntu/deb/work/qq/" weixinurl="http://work.eisc.cn/ruanjian/ubuntu/deb/work/weixin/" dir="/datadisk/eisc/download/weixin" debList=( linuxqq_3.1.1-11223_amd64.deb ukylin-wine_70.6.3.25_amd64.deb ukylin-wechat_3.0.0_amd64.deb ) sudo mkdir -p $dir ; sudo chmod 777 $dir ; cd $dir download_deb(){ for i in ${debList[*]} do debname=`echo $i | awk -F"_" '{print $1}'` debnameInstalled=`sudo dpkg -l | grep $debname` debnameInstalledLength=${#debnameInstalled} if [ $debnameInstalledLength -gt 1 ] then echo "[ok] 该包 $i 已经安装，安装信息： $debnameInstalled" else echo "[runing] 正在检查是否下载安装包: $i" if [ ! -e $i ] then echo "[runing] 当前没有下载，正在下载包：$i" case "$i" in "linuxqq_3.1.1-11223_amd64.deb") wget $qqurl/$i ;; "ukylin-wine_70.6.3.25_amd64.deb") wget $weixinurl/$i ;; "ukylin-wechat_3.0.0_amd64.deb") wget $weixinurl/$i ;; *) echo "该包没有定义下载地址，包： $i" esac else echo "[ok] 已经下载: $i " fi echo "正在安装: $i" sudo apt install -y xdotool ; sudo apt --fix-broken install -y # 安装依赖包 sudo dpkg -i $i fi done } download_deb cd # 一键安装： # wget eisc.cn/file/ubuntu/shell/server/weixin.sh; sudo chmod +x weixin.sh ; ./weixin.sh

sudo apt-get install lutris# lutris  游戏模拟器需要 wine32:i386 支持sudo dpkg --add-architecture i386 && sudo apt-get update && sudo apt-get install wine32:i386 https://github.com/lutris/dxvk/releases/download/v2.2/dxvk-2.2.tar.xz https://github.com/lutris/dxvk-nvapi/releases/download/v0.6.3/dxvk-nvapi-v0.6.3.tar.xz https://github.com/lutris/vkd3d/releases/download/v2.9/vkd3d-v2.9.tar.xzhttps://github.com/lutris/dgvoodoo2/releases/download/v2.8/dgvoodoo2-v2.8.tar.xzhttps://github.com/lutris/d3d_extras/releases/download/v2/v2.tar.xzgithub.com/GloriousEggroll/wine-ge-custom/releases/download/GE-Proton8-13/wine-lutris-GE-Proton8-13-x86_64.tar.xzlutris-GE-Proton8-13-x86_64/bin/wine /home/eisc/下载/WeChatSetup.exe# 安装命令卸载 wine ：sudo apt remove wine32:i386 -ysudo rm -rf ~/.wine/

wget work.eisc.cn//ruanjian/ubuntu/deb/tools/chrome.tar.gz# 研究已经安装 deb 包，使用程序方式打开google自动创建 图标 

如果你想在Ubuntu上搭建一个在线流程图的平台，你可以使用开源的项目来实现。其中一个流行的开源项目是draw.io，它提供了一个基于Web的流程图绘制工具。 要在Ubuntu上安装draw.io的源码，你可以按照以下步骤进行操作： 安装Java开发工具包（JDK）： sudo apt update sudo apt install default-jdk 安装Apache Maven构建工具： sudo apt install maven 克隆draw.io的源码仓库： git clone https://github.com/jgraph/drawio.git 进入draw.io目录并使用Maven构建项目： cd drawio mvn clean package 构建完成后，在draw.io/target/目录下会生成war文件。将war文件部署到Tomcat或其他Java Web服务器中。 以上步骤会从draw.io的GitHub仓库克隆最新的源码，并使用Maven构建项目。你可以根据自己的需要进行修改和定制。 请注意，这只是一个基本的安装过程，你可能还需要进行其他配置和依赖项的安装，具体取决于你的环境和需求。你可以参考draw.io的官方文档和GitHub仓库以获取更详细的信息和指导。环境配置nano /etc/profile#### jdk ####export JDK_HOME=/datadisk/eisc/server/path/jdk-20.0.2/binexport PATH=${JDK_HOME}:$PATH#### MVN ####export MVN_HOME=/datadisk/eisc/server/path/apache-maven-4.0.0-alpha-7/binexport PATH=${MVN_HOME}:$PATH# 目录根据实际修改reboot#  重启生效。或者： source /etc/profle ; bash  刷新1. jdkwget work.eisc.cn/ruanjian/ubuntu/deb/server/jdk-20_linux-x64_bin.tar.gz2.mavenwget work.eisc.cn/ruanjian/ubuntu/deb/bin//apache-maven-4.0.0-alpha-7-bin.tar.gzmvn archetype:generate -DgroupId=com.example -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false# 配置 mvn poxnano pom.xml# 在maven 根目录下 写入下面信息<project xmlns="http://maven.apache.org/POM/4.0.0"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">    <modelVersion>4.0.0</modelVersion>    <groupId>com.example</groupId>    <artifactId>my-app</artifactId>    <version>1.0-SNAPSHOT</version>    <properties>        <maven.compiler.source>1.8</maven.compiler.source>        <maven.compiler.target>1.8</maven.compiler.target>    </properties>    <dependencies>        <!-- 添加您需要的依赖项 -->    </dependencies></project>mvn install ; mvn clean install#在maven 根目录下 执行命令################ 安装在线流程图 ####################git clone https://github.com/jgraph/drawio.gitcd ./frawio/drawio/my-appmvn clean package在目录：./frawio/drawio/my-app/target 生成 tar包

sudo apt install gnome-tweaks -y sudo apt reinstall -y gnome-shell-extensions sudo reboot # 重启电脑 wget http://work.eisc.cn/ruanjian/ubuntu/gnome/Cupertino-Catalina.tar.gz wget http://work.eisc.cn/ruanjian/ubuntu/gnome/Sierra-light.tar.gz wget http://work.eisc.cn/ruanjian/ubuntu/gnome/Minimal-Conception.tar.gz sudo tar -xzvf Cupertino-Catalina.tar.gz sudo tar -xzvf Sierra-light.tar.gz sudo tar -xzvf Minimal-Conception.tar.gz sudo cp -R Sierra-light /usr/share/themes/ sudo cp -R Minimal-Conception /usr/share/themes/ # 主题+shell sudo cp -R Cupertino-Catalina /usr/share/icons/ # 图标 # 安装后，需要设置 扩展 运用软件 -> 下滑到 【User Themes】里面的 Load shell thems 打开这个功能 gnome-tweaks # 点击外观 shell 选择 Minimal # 点击运用程序 选择 Sierra-light # 点击 图标 选择： Cupertino-Catalina # 窗口标题栏 -> 标题栏按钮 -> 放置 -> 左 # 设置 -> 外观 -> dock -> 面板模式（关） -> 屏幕上的位置 （底部） # 设置 -> Dock > 面板模式 ： 将 Dock 延伸至屏幕边缘 -> 关闭

nautilus  ./  # 打开当前目录下的文件管理器

命令窗口输入命令： nm-connection-editor # wifi 设置 # 需要删除之前创建的 wifi ： 光标选中 已创建的 点击 减 号 # 创建：点击 + 号 -> 选择连接类型 -> （硬件 wifi ） -> 创建 -> # 连接名称： eisc -> SSID eisc -> 模式 ： 热点wifi -> 频段 5G # 设备：选择网卡 -> wi-Fi 安全性： WPA 及 WPA2 个人 -> 密码： aaaassss # 常规：取消勾选： 自动以优先级连接 # 保存 （热点自动打开） # 设置 -> wifi -> 右上角 三点多选 展开 -> 打开 wifi 教程： https://blog.csdn.net/weixin_48319333/article/details/129901969

sudo service NetworkManager stop  ; sudo rm -rf  /var/lib/NetworkManager/NetworkManager.state  ; sudo service NetworkManager start

sudo apt install  -y  traceroute  traceroute  eisc.cnyum -y install mtrmtr -r -c10 eisc.cn              # -c 10 发10个包ip route show# ip gateway is  

#!/bin/bash # # https://github.com/Nyr/openvpn-install # # Copyright (c) 2013 Nyr. Released under the MIT License. vpnGW="10.1.1.0" # Detect Debian users running the script with "sh" instead of bash if readlink /proc/$$/exe | grep -q "dash"; then echo 'This installer needs to be run with "bash", not "sh".' exit fi # Discard stdin. Needed when running from an one-liner which includes a newline read -N 999999 -t 0.001 # Detect OpenVZ 6 if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then echo "The system is running an old kernel, which is incompatible with this installer." exit fi # Detect OS # $os_version variables aren't always in use, but are kept here for convenience if grep -qs "ubuntu" /etc/os-release; then os="ubuntu" os_version=$(grep 'VERSION_ID' /etc/os-release | cut -d '"' -f 2 | tr -d '.') group_name="nogroup" elif [[ -e /etc/debian_version ]]; then os="debian" os_version=$(grep -oE '[0-9]+' /etc/debian_version | head -1) group_name="nogroup" elif [[ -e /etc/almalinux-release || -e /etc/rocky-release || -e /etc/centos-release ]]; then os="centos" os_version=$(grep -shoE '[0-9]+' /etc/almalinux-release /etc/rocky-release /etc/centos-release | head -1) group_name="nobody" elif [[ -e /etc/fedora-release ]]; then os="fedora" os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1) group_name="nobody" else echo "This installer seems to be running on an unsupported distribution. Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora." exit fi if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then echo "Ubuntu 18.04 or higher is required to use this installer. This version of Ubuntu is too old and unsupported." exit fi if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then echo "Debian 9 or higher is required to use this installer. This version of Debian is too old and unsupported." exit fi if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then echo "CentOS 7 or higher is required to use this installer. This version of CentOS is too old and unsupported." exit fi # Detect environments where $PATH does not include the sbin directories if ! grep -q sbin <<< "$PATH"; then echo '$PATH does not include sbin. Try using "su -" instead of "su".' exit fi if [[ "$EUID" -ne 0 ]]; then echo "This installer needs to be run with superuser privileges." exit fi if [[ ! -e /dev/net/tun ]] || ! ( exec 7<>/dev/net/tun ) 2>/dev/null; then echo "The system does not have the TUN device available. TUN needs to be enabled before running this installer." exit fi new_client () { # Generates the custom client.ovpn { cat /etc/openvpn/server/client-common.txt echo "<ca>" cat /etc/openvpn/server/easy-rsa/pki/ca.crt echo "</ca>" echo "<cert>" sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt echo "</cert>" echo "<key>" cat /etc/openvpn/server/easy-rsa/pki/private/"$client".key echo "</key>" echo "<tls-crypt>" sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key echo "</tls-crypt>" } > ~/"$client".ovpn } if [[ ! -e /etc/openvpn/server/server.conf ]]; then # Detect some Debian minimal setups where neither wget nor curl are installed if ! hash wget 2>/dev/null && ! hash curl 2>/dev/null; then echo "Wget is required to use this installer." read -n1 -r -p "Press any key to install Wget and continue..." apt-get update apt-get install -y wget fi clear echo 'Welcome to this OpenVPN road warrior installer!' # If system has a single IPv4, it is selected automatically. Else, ask the user if [[ $(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}') -eq 1 ]]; then ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}') else number_of_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}') echo echo "Which IPv4 address should be used?" ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') ' read -p "IPv4 address [1]: " ip_number until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do echo "$ip_number: invalid selection." read -p "IPv4 address [1]: " ip_number done [[ -z "$ip_number" ]] && ip_number="1" ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p) fi # If $ip is a private IP address, the server must be behind NAT if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then echo echo "This server is behind NAT. What is the public IPv4 address or hostname?" # Get public IP and sanitize with grep get_public_ip=$(grep -m 1 -oE '^[0-9]{1,3}(\.[0-9]{1,3}){3}$' <<< "$(wget -T 10 -t 1 -4qO- "http://ip1.dynupdate.no-ip.com/" || curl -m 10 -4Ls "http://ip1.dynupdate.no-ip.com/")") read -p "Public IPv4 address / hostname [$get_public_ip]: " public_ip # If the checkip service is unavailable and user didn't provide input, ask again until [[ -n "$get_public_ip" || -n "$public_ip" ]]; do echo "Invalid input." read -p "Public IPv4 address / hostname: " public_ip done [[ -z "$public_ip" ]] && public_ip="$get_public_ip" fi # If system has a single IPv6, it is selected automatically if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}') fi # If system has multiple IPv6, ask the user to select one if [[ $(ip -6 addr | grep -c 'inet6 [23]') -gt 1 ]]; then number_of_ip6=$(ip -6 addr | grep -c 'inet6 [23]') echo echo "Which IPv6 address should be used?" ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | nl -s ') ' read -p "IPv6 address [1]: " ip6_number until [[ -z "$ip6_number" || "$ip6_number" =~ ^[0-9]+$ && "$ip6_number" -le "$number_of_ip6" ]]; do echo "$ip6_number: invalid selection." read -p "IPv6 address [1]: " ip6_number done [[ -z "$ip6_number" ]] && ip6_number="1" ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p) fi echo echo "Which protocol should OpenVPN use?" echo " 1) UDP (recommended)" echo " 2) TCP" read -p "Protocol [1]: " protocol until [[ -z "$protocol" || "$protocol" =~ ^[12]$ ]]; do echo "$protocol: invalid selection." read -p "Protocol [1]: " protocol done case "$protocol" in 1|"") protocol=udp ;; 2) protocol=tcp ;; esac echo echo "What port should OpenVPN listen to?" read -p "Port [1194]: " port until [[ -z "$port" || "$port" =~ ^[0-9]+$ && "$port" -le 65535 ]]; do echo "$port: invalid port." read -p "Port [1194]: " port done [[ -z "$port" ]] && port="1194" echo echo "Select a DNS server for the clients:" echo " 1) Current system resolvers" echo " 2) Google" echo " 3) 1.1.1.1" echo " 4) OpenDNS" echo " 5) Quad9" echo " 6) AdGuard" read -p "DNS server [1]: " dns until [[ -z "$dns" || "$dns" =~ ^[1-6]$ ]]; do echo "$dns: invalid selection." read -p "DNS server [1]: " dns done echo echo "Enter a name for the first client:" read -p "Name [client]: " unsanitized_client # Allow a limited set of characters to avoid conflicts client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client") [[ -z "$client" ]] && client="client" echo echo "OpenVPN installation is ready to begin." # Install a firewall if firewalld or iptables are not already available if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then if [[ "$os" == "centos" || "$os" == "fedora" ]]; then firewall="firewalld" # We don't want to silently enable firewalld, so we give a subtle warning # If the user continues, firewalld will be installed and enabled during setup echo "firewalld, which is required to manage routing tables, will also be installed." elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then # iptables is way less invasive than firewalld so no warning is given firewall="iptables" fi fi read -n1 -r -p "Press any key to continue..." # If running inside a container, disable LimitNPROC to prevent conflicts if systemd-detect-virt -cq; then mkdir /etc/systemd/system/openvpn-server@server.service.d/ 2>/dev/null echo "[Service] LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf fi if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then apt-get update apt-get install -y --no-install-recommends openvpn openssl ca-certificates $firewall elif [[ "$os" = "centos" ]]; then yum install -y epel-release yum install -y openvpn openssl ca-certificates tar $firewall else # Else, OS must be Fedora dnf install -y openvpn openssl ca-certificates tar $firewall fi # If firewalld was just installed, enable it if [[ "$firewall" == "firewalld" ]]; then systemctl enable --now firewalld.service fi # Get easy-rsa easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.2/EasyRSA-3.1.2.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ cd /etc/openvpn/server/easy-rsa/ # Create the PKI, set up the CA and the server and client certificates ./easyrsa --batch init-pki ./easyrsa --batch build-ca nopass ./easyrsa --batch --days=3650 build-server-full server nopass ./easyrsa --batch --days=3650 build-client-full "$client" nopass ./easyrsa --batch --days=3650 gen-crl # Move the stuff we need cp pki/ca.crt pki/private/ca.key pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn/server # CRL is read with each client connection, while OpenVPN is dropped to nobody chown nobody:"$group_name" /etc/openvpn/server/crl.pem # Without +x in the directory, OpenVPN can't run a stat() on the CRL file chmod o+x /etc/openvpn/server/ # Generate key for tls-crypt openvpn --genkey --secret /etc/openvpn/server/tc.key # Create the DH parameters file using the predefined ffdhe2048 group echo '-----BEGIN DH PARAMETERS----- MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== -----END DH PARAMETERS-----' > /etc/openvpn/server/dh.pem # Generate server.conf echo "local $ip port $port proto $protocol dev tun ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-crypt tc.key topology subnet server $vpnGW 255.255.255.0" > /etc/openvpn/server/server.conf # IPv6 if [[ -z "$ip6" ]]; then echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server/server.conf else echo 'server-ipv6 fddd:1194:1194:1194::/64' >> /etc/openvpn/server/server.conf echo 'push "redirect-gateway def1 ipv6 bypass-dhcp"' >> /etc/openvpn/server/server.conf fi echo 'ifconfig-pool-persist ipp.txt' >> /etc/openvpn/server/server.conf # DNS case "$dns" in 1|"") # Locate the proper resolv.conf # Needed for systems running systemd-resolved if grep '^nameserver' "/etc/resolv.conf" | grep -qv '127.0.0.53' ; then resolv_conf="/etc/resolv.conf" else resolv_conf="/run/systemd/resolve/resolv.conf" fi # Obtain the resolvers from resolv.conf and use them for OpenVPN grep -v '^#\|^;' "$resolv_conf" | grep '^nameserver' | grep -v '127.0.0.53' | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | while read line; do echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server/server.conf done ;; 2) echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server/server.conf ;; 3) echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server/server.conf ;; 4) echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server/server.conf ;; 5) echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 149.112.112.112"' >> /etc/openvpn/server/server.conf ;; 6) echo 'push "dhcp-option DNS 94.140.14.14"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 94.140.15.15"' >> /etc/openvpn/server/server.conf ;; esac echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf echo "keepalive 10 120 cipher AES-256-CBC user nobody group $group_name persist-key persist-tun verb 3 crl-verify crl.pem" >> /etc/openvpn/server/server.conf if [[ "$protocol" = "udp" ]]; then echo "explicit-exit-notify" >> /etc/openvpn/server/server.conf fi # Enable net.ipv4.ip_forward for the system echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-openvpn-forward.conf # Enable without waiting for a reboot or service restart echo 1 > /proc/sys/net/ipv4/ip_forward if [[ -n "$ip6" ]]; then # Enable net.ipv6.conf.all.forwarding for the system echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/99-openvpn-forward.conf # Enable without waiting for a reboot or service restart echo 1 > /proc/sys/net/ipv6/conf/all/forwarding fi if systemctl is-active --quiet firewalld.service; then # Using both permanent and not permanent rules to avoid a firewalld # reload. # We don't use --add-service=openvpn because that would only work with # the default port and protocol. firewall-cmd --add-port="$port"/"$protocol" firewall-cmd --zone=trusted --add-source=$vpnGW/24 firewall-cmd --permanent --add-port="$port"/"$protocol" firewall-cmd --permanent --zone=trusted --add-source=$vpnGW/24 # Set NAT for the VPN subnet firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s $vpnGW/24 ! -d $vpnGW/24 -j SNAT --to "$ip" firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s $vpnGW/24 ! -d $vpnGW/24 -j SNAT --to "$ip" if [[ -n "$ip6" ]]; then firewall-cmd --zone=trusted --add-source=fddd:1194:1194:1194::/64 firewall-cmd --permanent --zone=trusted --add-source=fddd:1194:1194:1194::/64 firewall-cmd --direct --add-rule ipv6 nat POSTROUTING 0 -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to "$ip6" firewall-cmd --permanent --direct --add-rule ipv6 nat POSTROUTING 0 -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to "$ip6" fi else # Create a service to set up persistent iptables rules iptables_path=$(command -v iptables) ip6tables_path=$(command -v ip6tables) # nf_tables is not available as standard in OVZ kernels. So use iptables-legacy # if we are in OVZ, with a nf_tables backend and iptables-legacy is available. if [[ $(systemd-detect-virt) == "openvz" ]] && readlink -f "$(command -v iptables)" | grep -q "nft" && hash iptables-legacy 2>/dev/null; then iptables_path=$(command -v iptables-legacy) ip6tables_path=$(command -v ip6tables-legacy) fi echo "[Unit] Before=network.target [Service] Type=oneshot ExecStart=$iptables_path -t nat -A POSTROUTING -s $vpnGW/24 ! -d $vpnGW/24 -j SNAT --to $ip ExecStart=$iptables_path -I INPUT -p $protocol --dport $port -j ACCEPT ExecStart=$iptables_path -I FORWARD -s $vpnGW/24 -j ACCEPT ExecStart=$iptables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT ExecStop=$iptables_path -t nat -D POSTROUTING -s $vpnGW/24 ! -d $vpnGW/24 -j SNAT --to $ip ExecStop=$iptables_path -D INPUT -p $protocol --dport $port -j ACCEPT ExecStop=$iptables_path -D FORWARD -s $vpnGW/24 -j ACCEPT ExecStop=$iptables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" > /etc/systemd/system/openvpn-iptables.service if [[ -n "$ip6" ]]; then echo "ExecStart=$ip6tables_path -t nat -A POSTROUTING -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to $ip6 ExecStart=$ip6tables_path -I FORWARD -s fddd:1194:1194:1194::/64 -j ACCEPT ExecStart=$ip6tables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT ExecStop=$ip6tables_path -t nat -D POSTROUTING -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to $ip6 ExecStop=$ip6tables_path -D FORWARD -s fddd:1194:1194:1194::/64 -j ACCEPT ExecStop=$ip6tables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" >> /etc/systemd/system/openvpn-iptables.service fi echo "RemainAfterExit=yes [Install] WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service systemctl enable --now openvpn-iptables.service fi # If SELinux is enabled and a custom port was selected, we need this if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$port" != 1194 ]]; then # Install semanage if not already present if ! hash semanage 2>/dev/null; then if [[ "$os_version" -eq 7 ]]; then # Centos 7 yum install -y policycoreutils-python else # CentOS 8 or Fedora dnf install -y policycoreutils-python-utils fi fi semanage port -a -t openvpn_port_t -p "$protocol" "$port" fi # If the server is behind NAT, use the correct IP address [[ -n "$public_ip" ]] && ip="$public_ip" # client-common.txt is created so we have a template to add further users later echo "client dev tun proto $protocol remote $ip $port resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC ignore-unknown-option block-outside-dns verb 3" > /etc/openvpn/server/client-common.txt # Enable and start the OpenVPN service systemctl enable --now openvpn-server@server.service # Generates the custom client.ovpn new_client echo echo "Finished!" echo echo "The client configuration is available in:" ~/"$client.ovpn" echo "New clients can be added by running this script again." else clear echo "OpenVPN is already installed." echo echo "Select an option:" echo " 1) Add a new client" echo " 2) Revoke an existing client" echo " 3) Remove OpenVPN" echo " 4) Exit" read -p "Option: " option until [[ "$option" =~ ^[1-4]$ ]]; do echo "$option: invalid selection." read -p "Option: " option done case "$option" in 1) echo echo "Provide a name for the client:" read -p "Name: " unsanitized_client client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client") while [[ -z "$client" || -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; do echo "$client: invalid name." read -p "Name: " unsanitized_client client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client") done cd /etc/openvpn/server/easy-rsa/ ./easyrsa --batch --days=3650 build-client-full "$client" nopass # Generates the custom client.ovpn new_client echo echo "$client added. Configuration available in:" ~/"$client.ovpn" exit ;; 2) # This option could be documented a bit better and maybe even be simplified # ...but what can I say, I want some sleep too number_of_clients=$(tail -n +2 /etc/openvpn/server/easy-rsa/pki/index.txt | grep -c "^V") if [[ "$number_of_clients" = 0 ]]; then echo echo "There are no existing clients!" exit fi echo echo "Select the client to revoke:" tail -n +2 /etc/openvpn/server/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' read -p "Client: " client_number until [[ "$client_number" =~ ^[0-9]+$ && "$client_number" -le "$number_of_clients" ]]; do echo "$client_number: invalid selection." read -p "Client: " client_number done client=$(tail -n +2 /etc/openvpn/server/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$client_number"p) echo read -p "Confirm $client revocation? [y/N]: " revoke until [[ "$revoke" =~ ^[yYnN]*$ ]]; do echo "$revoke: invalid selection." read -p "Confirm $client revocation? [y/N]: " revoke done if [[ "$revoke" =~ ^[yY]$ ]]; then cd /etc/openvpn/server/easy-rsa/ ./easyrsa --batch revoke "$client" ./easyrsa --batch --days=3650 gen-crl rm -f /etc/openvpn/server/crl.pem cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem # CRL is read with each client connection, when OpenVPN is dropped to nobody chown nobody:"$group_name" /etc/openvpn/server/crl.pem echo echo "$client revoked!" else echo echo "$client revocation aborted!" fi exit ;; 3) echo read -p "Confirm OpenVPN removal? [y/N]: " remove until [[ "$remove" =~ ^[yYnN]*$ ]]; do echo "$remove: invalid selection." read -p "Confirm OpenVPN removal? [y/N]: " remove done if [[ "$remove" =~ ^[yY]$ ]]; then port=$(grep '^port ' /etc/openvpn/server/server.conf | cut -d " " -f 2) protocol=$(grep '^proto ' /etc/openvpn/server/server.conf | cut -d " " -f 2) if systemctl is-active --quiet firewalld.service; then ip=$(firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s $vpnGW/24 '"'"'!'"'"' -d $vpnGW/24' | grep -oE '[^ ]+$') # Using both permanent and not permanent rules to avoid a firewalld reload. firewall-cmd --remove-port="$port"/"$protocol" firewall-cmd --zone=trusted --remove-source=$vpnGW/24 firewall-cmd --permanent --remove-port="$port"/"$protocol" firewall-cmd --permanent --zone=trusted --remove-source=$vpnGW/24 firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s $vpnGW/24 ! -d $vpnGW/24 -j SNAT --to "$ip" firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s $vpnGW/24 ! -d $vpnGW/24 -j SNAT --to "$ip" if grep -qs "server-ipv6" /etc/openvpn/server/server.conf; then ip6=$(firewall-cmd --direct --get-rules ipv6 nat POSTROUTING | grep '\-s fddd:1194:1194:1194::/64 '"'"'!'"'"' -d fddd:1194:1194:1194::/64' | grep -oE '[^ ]+$') firewall-cmd --zone=trusted --remove-source=fddd:1194:1194:1194::/64 firewall-cmd --permanent --zone=trusted --remove-source=fddd:1194:1194:1194::/64 firewall-cmd --direct --remove-rule ipv6 nat POSTROUTING 0 -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to "$ip6" firewall-cmd --permanent --direct --remove-rule ipv6 nat POSTROUTING 0 -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to "$ip6" fi else systemctl disable --now openvpn-iptables.service rm -f /etc/systemd/system/openvpn-iptables.service fi if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$port" != 1194 ]]; then semanage port -d -t openvpn_port_t -p "$protocol" "$port" fi systemctl disable --now openvpn-server@server.service rm -f /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf rm -f /etc/sysctl.d/99-openvpn-forward.conf if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then rm -rf /etc/openvpn/server apt-get remove --purge -y openvpn else # Else, OS must be CentOS or Fedora yum remove -y openvpn rm -rf /etc/openvpn/server fi echo echo "OpenVPN removed!" else echo echo "OpenVPN removal aborted!" fi exit ;; 4) exit ;; esac fi help() { sudo chmod u+x openvpn-install.sh ./openvpn-install.sh sudo cp /root/ubuntuvps.ovpn $HOME/ sudo chown $USER:$USER ubuntuvps.ovpn echo "当前是help 帮助中心..." sudo openvpn --genkey --secret static-OpenVPN.key # 生成 vpn 密钥 }

#!/bin/bash # git.sh ############################# 创建仓库初始化仓库 ########################### 创建远程仓库：192.168.4.53:3000 右上角的创建 注意初始化时候本地文件夹和仓库名一致 nano .gitignore # 写入屏蔽文件， git push -u origin master # 推送本地代码到远程，如果需要拉取代码： git pull ################### rv1126 sdk 初始化git 并且开始 编译 ################### wget http://73e.top/download/docker/rv11xx-camera/rv11xx.tar.gz tar -xzvf rv11xx.tar.gz -C ./ && cd rv1126 # 下载并解压sdk ，进入sdk 根目录，执行下面配置 sdk rm -rf .git && rm -rf chivalrous/.git # 删除原有的 .git 配置 #------ touch README.md && git init git add * # 将当前目录所有文件以增加的方式进行上传。 git add -A # 覆盖方式上传 git reset * # 清除暂存区内容 git commit -m "first commit" # 上传本次任务备注 # git config --global --add safe.directory /datadisk/git # 安全提示，将目录加权限 #----------------- 初始化 git 仓库 首次配置git -----------------# touch README.md git init git checkout -b main git add README.md git commit -m "first commit" git config --global user.email "root@eisc.cn" && git config --global user.name "wanyang" # 告诉git 我是谁; global [ˈɡləʊbl] 完整的 git config --global credential.helper store # 长期储存密码 git pull时候的登陆密码 # 执行完后查看%HOME%目录下的.gitconfig文件 # [krəˈ den ʃ l] 凭据； [ˈhel pə(r)] 助手 [s tɔː] 储存 git remote add origin http://192.168.122.80:3000/eisc/eisc.git # 配置仓库 #------------------- 分支管理 -----------------------# git checkout -b main # 创建分支 mian git branch # 查看当前分支 git branch -r # 列出所有分支 git checkout 'APP' # 切换分支到 APP git log --pretty=oneline # 查看修改版本 ID 和时间 git reset --hard 6b1915e5b2a7291e5a7706041942d17cb08c1245 # 恢复到之前的版本 git push origin APP --force # 覆盖远程分支 git add -A ; git commit -m "123" ; git push --set-upstream origin APP # -A 覆盖远程 * 追加 ； 提交内容到 APP 分支 #------------------- 暂存区 -----------------------# git rm -rf Objects # 删除暂存区中的文件夹 ： 无意义，因为会删除本地文件夹 #-----------------------------------------------------------------# git remote add origin http://192.168.4.53:3000/mengxun/MXI_A01_Rv1126.git # 新增配置http 方式进行连接git 仓库 # git branch –set-upstream-to=origin/master master # 忽略此命令：重新为git pull添加跟踪分支即可。 # [rɪˈ məʊt] 远程 [ˈɒ rɪ dʒɪn] 起源 # rv1126 工程路径：http://192.168.4.53/mengxun/MXI_A01_Rv1126 git remote # 查看有哪些remote git remote remove origin # 删除 git push -u origin main # 上传分支 git fetch --all && git reset --hard origin/master && git pull # 覆盖本地并获取 # [fe tʃ] 提取； git branch --set-upstream-to=origin/master master # 当前分支没有跟踪信息。请指定您要变基到哪一个分支。 # [b rɑːn tʃ] 分支 [ˌʌpˈ s triː m] 上游 [ˈɒ rɪ dʒɪn] 起源，[ˈmɑːstə] 控制 git pull # 拉取最新代码 #-------------- 开始 rv1126 编译 --------------# ./build.sh lunch # 选择 ：7. BoardConfig-ctk-ipc.mk ./envsetup.sh # 选择： 105. rockchip_rv11xx_ctk_ipc ./build.sh # 开始编译 #-------------- 解决报错：编译错误：libgpg-error-1.25 ------------# 编译包：libgpg-error 1.27 Building 错误 sudo find ./ -name mkstrtable.awk cd ~/rv1126/buildroot/output/rockchip_rv11xx_ctk_ipc/build/libgpg-error-1.27/src subl mkstrtable.awk # 修改文件 print "static const char " namespace "msgstr[] = "; 修改为： print "static const char " pkg_namespace "msgstr[] = "; sub (/\#.+/, ""); 修改为： sub (/#.+/, ""); print "static const int " namespace "msgidx[] ="; 修改为：print "static const int " pkg_namespace "msgidx[] ="; print namespace "msgidxof (int code)"; 修改为：print pkg_namespace "msgidxof (int code)"; rc下面的Makefile Makfile.in Makefile.am 需要修改一个名字，加上 gpk_ namespace 改为： pkg_namespace #------------------------- ./build.sh # 再次编译 #--------- 编译app 报错，删除cmake ，重新编译 # mkdir build ; cd build ; cmake .. # 手动添加编译，编译输出文件到 指定 build目录 subl ~/rv1126/app/CameraModule/CMakeLists.txt # 修改cmake 的编译gcc 为sdk 目录，如下： set(CMAKE_C_COMPILER ~/rv1126/buildroot/output/rockchip_rv11xx_ctk_ipc/host/bin/arm-linux-gnueabihf-gcc) set(CMAKE_CXX_COMPILER ~/rv1126/buildroot/output/rockchip_rv11xx_ctk_ipc/host/bin/arm-linux-gnueabihf-g++) 或者创建 git sdk 目录 软连接 到家目录 rv1126 ，如下： ln -s /git/rv11xx/ ~/rv1126 cd ~/rv1126/app/CameraModule/app/build && rm -rf * # 进入项目编译路径 cmake .. # 重新生成cmake 方法 rm -rf ~/rv1126/buildroot/output/rockchip_rv11xx_ctk_ipc/build/CameraModule-0.0.1/ # 删除输出目录，重新编译，会报错没有可执行文件进行安装。需要再次删除输出目录重新编译 # 注意：需要编译两次才能编过 # 参考：https://blog.csdn.net/QQ962662562/article/details/122363849 ######################################## rv1126 配置结束 ########################################## ##### 其他备注资料 ###### #-------- rv11xx 恢复文件 删除版本 ------# git reflog # 查看版本 git reset --hard 729fa0bab # 重置到之前的版本 git status # 查看git仓库的状态 git diff # 查看git修改了的内容 git log --pretty=oneline # 显示提交者和时间 git fetch --all && git reset --hard origin/master && git pull # 强制覆盖本地 #-------- 说明 -----——# $ git reset --hard HEAD #恢复当前版本，删除工作区和缓存区的修改 $ git reset --soft HEAD^ #恢复上一个版本，保留工作区，缓存区准备再次提交commit $ git reset --mixed HEAD #恢复当前版本，保留工作区，清空缓存区 $ git reset --hard 1094a #切换到特定版本号，并删除工作区和缓存区的修改 #场景1：修改仅存在工作区 $ git checkout -- readme.txt # 单文件 #场景2：修改存在暂存区、工作区 $ git reset HEAD readme.txt $ git checkout -- readme.txt #场景3：修改存在版本库、暂存区、工作区 $ git reset --hard 1094a 参考：https://blog.csdn.net/zeye5731/article/details/122261447 ################ 退回一个版本 ############### #-------- git 暂存区 删除 ----------# git rm -r --cached ./ # 删除暂存区文件，指定当前目录 git reset --hard HEAD # 恢复当前版本，删除工作区和缓存区的修改 git status -s # 查看看文件 #---------------------------------------------------# git push -u origin master # 推送本地代码到远程，如果需要拉取代码： git pull git push --set-upstream origin master # 当前master 没有对应上游分支，推送当前分支并建立与远程上游的跟踪 #------------- git 推送 -----------# git add * # 不覆盖性上传 git add -A # -A 覆盖性上传 git reset * # 清除暂存区内容 git commit -m "将本地当前目录所有文件添加到远程git仓库" git push origin master # 推送到 master 分支 git commit -m "new rv1126" # 重新推送 #------------ git 下载 ---------------# git clone http://192.168.4.53:3000/mengxun/MXI_A01_Rv1126.git # 远程仓库拉取到本地 # 忽略以下命令，报错。 git pull origin master # 如果远程分支是与当前分支合并，则冒号后面的部分可以省略。 git pull origin master:brantest # 忽略此步骤：将远程主机 origin 的 master 分支拉取过来，与本地的 brantest 分支合并。 #------------------ git log 历史版本 -------------- git log # 查看历史的版本 windos 安装git ：https://www.runoob.com/git/git-install-setup.html #------------- 屏蔽文件 --------# nano MXI_A01_Rv1126/.gitignore ./rv11xx/buildroot/output/ # 屏蔽当前文件夹下的目录 git add ./rv11xx/buildroot/output/111/1111.txt # 注意： 流程 1. 下载完整的sdk 进行编译 2. sdk 里面有很多 .gitignore 屏蔽文件，因此本地的这些文件会告诉git 哪些文件不需要上传。 #------------- git commit 本地版本删除 ------------# git rebase -i HEAD~1 # 选择上一个版本进行编辑：将 pick xxx commit1 中的 pick 改为 drop 保存后，自动删除 注意：将.git 不能删除其中有版本缓存用于对比，将其他项目文件删除，再将原来的文件复制进入 #---------------- 故障排查 ------------# You've added another git repository inside your current repository. 原因： 即在本地初始化的仓库(使用 git init的文件夹) 中的某一个文件夹，也含有 .git 文件 。 解决： 删除子文件夹里的.git文件，或者重命名为其他名字。然后重新add、commit、push # 提示：You've added another git repository inside your current repository. # # 提示：您已经在当前存储库中添加了另一个git存储库。 解答：删除当前目录的 .git 隐藏文件，重新添加 。 说明：git 包含版本备份。 BR2_PACKAGE_WPA_SUPPLICANT_NL80211=y