setup for clash

setup.sh

#!/bin/bash 

set -e 

# run as root
if [[ "$(whoami)" != "root" ]]; then
    exit -1
fi

addgroup clash
useradd -m -g clash -s /bin/bash clash 
cd /home/clash


su clash -c "mkdir -p /home/clash/.config/clash" && \
    curl https://update.glados-config.com/clash/143008/9d3b540/43856/glados-terminal.yaml > /home/clash/.config/clash/config.yaml &&\
    sed -i -e '/dashboard:*/d' -e '/socks-port/a redir-port: 7892' -e 's/enable: false/enable: true/' -e 's/listen: 127.0.0.1:53/listen: 127.0.0.1:1053/' -e 's/allow-lan: false/allow-lan: true/'  /home/clash/.config/clash/config.yaml 

wget https://github.com/Dreamacro/clash/releases/download/v1.6.5/clash-linux-amd64-v1.6.5.gz &&\
    gzip -d clash-linux-amd64-v1.6.5.gz &&\
    mv clash-linux-amd64-v1.6.5 /usr/local/bin/clash &&\
    chmod +x /usr/local/bin/clash


cat <<EOF > /etc/systemd/system/clash.service
[Unit]
Description=clash service
After=network.target

[Service]
User=clash
Group=clash
ExecStart=/usr/local/bin/clash -d /home/clash/.config/clash
Restart=always

[Install]
WantedBy=multi-user.target
EOF

curl https://gist.githubusercontent.com/dagrons/ddabe32a5a750dc10d13ea884d70ba2f/raw/333eefb14cac20c8f7df2fe3778c7d8ffb13df48/iptables.rules > /etc/iptables.rules

cat <<EOF > /etc/systemd/system/load-iptables.service 
[Unit]
Description = Apply iptables rules
After = clash.target

[Service]
User = root
Type = oneshot
ExecStart = /bin/sh -c 'iptables-restore < /etc/iptables.rules'

[Install]
WantedBy = multi-user.target
EOF

setcap 'cap_net_admin,cap_net_bind_service=+ep' /usr/local/bin/clash

systemctl enable clash && systemctl start clash 
systemctl enable load-iptables  && systemctl start load-iptables