drejohnson · March 18, 2020 12:45
diff --git a/install.sh b/install.sh
 #!/bin/sh

 set -e

 # you may want upgrade netifd first

 # timezone
 TIMEZONE=HKT-8

 # override shadowsocks server config
 METHOD=xchacha20-ietf-poly1305
 HOST=
 PORT=
 KEY=

 # scripts path
 PATH_WATCHDOG=/usr/bin/ss-watchdog
 PATH_CHNROUTE=/usr/bin/update-chnroute


 # add openwrt dist repo
 for a in $(opkg print-architecture | awk '{print $2}'); do
  case "$a" in
    all|noarch)
      ;;
    aarch64_armv8-a|arm_arm1176jzf-s_vfp|arm_arm926ej-s|arm_cortex-a15_neon-vfpv4|arm_cortex-a5|arm_cortex-a53_neon-vfpv4|arm_cortex-a7_neon-vfpv4|arm_cortex-a8_vfpv3|arm_cortex-a9|arm_cortex-a9_neon|arm_cortex-a9_vfpv3|arm_fa526|arm_mpcore|arm_mpcore_vfp|arm_xscale|armeb_xscale|i386_pentium|i386_pentium4|mips_24kc|mips_mips32|mips64_octeon|mipsel_24kc|mipsel_74kc|mipsel_mips32|powerpc_464fp|powerpc_8540|x86_64)
      ARCH=${a}
      ;;
    *)
      echo "Architectures not support."
      exit 0
      ;;
  esac
 done

 echo -e "\nTarget Arch:\033[32m $ARCH \033[0m\n"

 if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then
  wget http://openwrt-dist.sourceforge.net/openwrt-dist.pub
  opkg-key add openwrt-dist.pub
  echo "src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/$ARCH" >> /etc/opkg/customfeeds.conf
  echo "src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci" >> /etc/opkg/customfeeds.conf
  rm openwrt-dist.pub
 fi

 opkg update

 echo === repo configured ===


 # bypass china
 opkg install luci-app-chinadns luci-app-dns-forwarder luci-app-shadowsocks shadowsocks-libev iptables-mod-tproxy luci-compat

 # install https wget
 opkg install ca-certificates ca-bundle wget

 # apps
 opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-upnp collectd-mod-ping collectd-mod-dns

 echo === software installed ===


 # create ip list update script
 cat > $PATH_CHNROUTE << 'EOF'
 #!/bin/sh
 wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt
 EOF
 chmod +x $PATH_CHNROUTE

 # create watchdog script
 cat > $PATH_WATCHDOG << 'EOF'
 #!/bin/sh
 LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
 TIMEOUT=3
 TRIES=3
 RATING_URL=https://www.google.com/
 REFERENCE_URL=https://www.alipay.com/

 network_probe () {
  wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1
  echo $?
 }

 if [ `network_probe $RATING_URL` = 0 ]; then
  echo [$LOGTIME] No Problem
  exit 0
 elif [ `network_probe $REFERENCE_URL` = 0 ]; then
  echo [$LOGTIME] Problem decteted. Restarting shadowsocks
  /etc/init.d/shadowsocks restart > /dev/null
 else
  echo [$LOGTIME] Network problem. Do nothing
 fi
 EOF
 chmod +x $PATH_WATCHDOG


 # config shadowsocks
 SERVER=`uci add shadowsocks servers`
 uci set shadowsocks.$SERVER.encrypt_method=$METHOD
 uci set shadowsocks.$SERVER.fast_open=1
 uci set shadowsocks.$SERVER.no_delay=1
 uci set shadowsocks.$SERVER.password=$KEY
 uci set shadowsocks.$SERVER.server=$HOST
 uci set shadowsocks.$SERVER.server_port=$PORT
 uci set shadowsocks.@transparent_proxy[0].main_server=$SERVER
 uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt
 uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443"


 # timezone
 uci set system.@system[0].timezone=$TIMEZONE


 # dns
 uci set chinadns.@chinadns[0].enable=1
 uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300
 uci set dns-forwarder.@dns-forwarder[0].enable=1
 uci set network.wan.peerdns=0
 uci set dhcp.@dnsmasq[0].noresolv=1
 uci set dhcp.@dnsmasq[0].cachesize=10000
 uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353


 # config upnp
 uci set upnpd.config.enabled=1


 # config adblock
 uci set adblock.global.adb_enabled=1
 uci set adblock.global.adb_fetchutil=wget
 uci set adblock.global.adb_trigger=timed
 uci set adblock.extra.adb_dnsflush=1
 uci set adblock.extra.adb_nice=10
 uci set adblock.extra.adb_triggerdelay=30
 mkdir -p /root/adblock


 # config cron
 crontab - << 'EOF'
 # beware UTC
 # update chnroute at sunday 3:30am
 30 3 * * 0 update-chnroute

 # Reboot at 4:30am every monday
 # Note: To avoid infinite reboot loop, wait 70 seconds
 # and touch a file in /etc so clock will be set
 # properly to 4:31 on reboot before cron starts.
 30 4 * * 1 sleep 70 && touch /etc/banner && reboot

 # shadowsocks watchdog, check every 5 min
 */5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1

 # clean log every monday
 0 1 * * 1 echo "" > /var/log/ss-watchdog.log
 EOF


 # apply changes
 uci commit
 luci-reload

 echo === config applied ===

 # system update
 update-chnroute
 opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade --force-maintainer

 echo === system upgraded ===

 echo all done, congratulations!
	#!/bin/sh

	set -e

	# you may want upgrade netifd first

	# timezone
	TIMEZONE=HKT-8

	# override shadowsocks server config
	METHOD=xchacha20-ietf-poly1305
	HOST=
	PORT=
	KEY=

	# scripts path
	PATH_WATCHDOG=/usr/bin/ss-watchdog
	PATH_CHNROUTE=/usr/bin/update-chnroute


	# add openwrt dist repo
	for a in $(opkg print-architecture \| awk '{print $2}'); do
	case "$a" in
	all\|noarch)
	;;
	aarch64_armv8-a\|arm_arm1176jzf-s_vfp\|arm_arm926ej-s\|arm_cortex-a15_neon-vfpv4\|arm_cortex-a5\|arm_cortex-a53_neon-vfpv4\|arm_cortex-a7_neon-vfpv4\|arm_cortex-a8_vfpv3\|arm_cortex-a9\|arm_cortex-a9_neon\|arm_cortex-a9_vfpv3\|arm_fa526\|arm_mpcore\|arm_mpcore_vfp\|arm_xscale\|armeb_xscale\|i386_pentium\|i386_pentium4\|mips_24kc\|mips_mips32\|mips64_octeon\|mipsel_24kc\|mipsel_74kc\|mipsel_mips32\|powerpc_464fp\|powerpc_8540\|x86_64)
	ARCH=${a}
	;;
	*)
	echo "Architectures not support."
	exit 0
	;;
	esac
	done

	echo -e "\nTarget Arch:\033[32m $ARCH \033[0m\n"

	if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then
	wget http://openwrt-dist.sourceforge.net/openwrt-dist.pub
	opkg-key add openwrt-dist.pub
	echo "src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/$ARCH" >> /etc/opkg/customfeeds.conf
	echo "src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci" >> /etc/opkg/customfeeds.conf
	rm openwrt-dist.pub
	fi

	opkg update

	echo === repo configured ===


	# bypass china
	opkg install luci-app-chinadns luci-app-dns-forwarder luci-app-shadowsocks shadowsocks-libev iptables-mod-tproxy luci-compat

	# install https wget
	opkg install ca-certificates ca-bundle wget

	# apps
	opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-upnp collectd-mod-ping collectd-mod-dns

	echo === software installed ===


	# create ip list update script
	cat > $PATH_CHNROUTE << 'EOF'
	#!/bin/sh
	wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' \| awk -F\\| '/CN\\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt
	EOF
	chmod +x $PATH_CHNROUTE

	# create watchdog script
	cat > $PATH_WATCHDOG << 'EOF'
	#!/bin/sh
	LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
	TIMEOUT=3
	TRIES=3
	RATING_URL=https://www.google.com/
	REFERENCE_URL=https://www.alipay.com/

	network_probe () {
	wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1
	echo $?
	}

	if [ `network_probe $RATING_URL` = 0 ]; then
	echo [$LOGTIME] No Problem
	exit 0
	elif [ `network_probe $REFERENCE_URL` = 0 ]; then
	echo [$LOGTIME] Problem decteted. Restarting shadowsocks
	/etc/init.d/shadowsocks restart > /dev/null
	else
	echo [$LOGTIME] Network problem. Do nothing
	fi
	EOF
	chmod +x $PATH_WATCHDOG


	# config shadowsocks
	SERVER=`uci add shadowsocks servers`
	uci set shadowsocks.$SERVER.encrypt_method=$METHOD
	uci set shadowsocks.$SERVER.fast_open=1
	uci set shadowsocks.$SERVER.no_delay=1
	uci set shadowsocks.$SERVER.password=$KEY
	uci set shadowsocks.$SERVER.server=$HOST
	uci set shadowsocks.$SERVER.server_port=$PORT
	uci set shadowsocks.@transparent_proxy[0].main_server=$SERVER
	uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt
	uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443"


	# timezone
	uci set system.@system[0].timezone=$TIMEZONE


	# dns
	uci set chinadns.@chinadns[0].enable=1
	uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300
	uci set dns-forwarder.@dns-forwarder[0].enable=1
	uci set network.wan.peerdns=0
	uci set dhcp.@dnsmasq[0].noresolv=1
	uci set dhcp.@dnsmasq[0].cachesize=10000
	uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353


	# config upnp
	uci set upnpd.config.enabled=1


	# config adblock
	uci set adblock.global.adb_enabled=1
	uci set adblock.global.adb_fetchutil=wget
	uci set adblock.global.adb_trigger=timed
	uci set adblock.extra.adb_dnsflush=1
	uci set adblock.extra.adb_nice=10
	uci set adblock.extra.adb_triggerdelay=30
	mkdir -p /root/adblock


	# config cron
	crontab - << 'EOF'
	# beware UTC
	# update chnroute at sunday 3:30am
	30 3 * * 0 update-chnroute

	# Reboot at 4:30am every monday
	# Note: To avoid infinite reboot loop, wait 70 seconds
	# and touch a file in /etc so clock will be set
	# properly to 4:31 on reboot before cron starts.
	30 4 * * 1 sleep 70 && touch /etc/banner && reboot

	# shadowsocks watchdog, check every 5 min
	/5 * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1

	# clean log every monday
	0 1 * * 1 echo "" > /var/log/ss-watchdog.log
	EOF


	# apply changes
	uci commit
	luci-reload

	echo === config applied ===

	# system update
	update-chnroute
	opkg list-upgradable \| cut -f 1 -d ' ' \| xargs opkg upgrade --force-maintainer

	echo === system upgraded ===

	echo all done, congratulations!