gengen1988/install.sh

## install.sh
#!/bin/sh

set -e

echo === configure openwrt version 21.02.0 ===

# override shadowsocks server config
SERVER_NAME=lightsail-tokyo
METHOD=xchacha20-ietf-poly1305
HOST=
PORT=
KEY=

# scripts path
PATH_WATCHDOG=/usr/bin/ss-watchdog
PATH_CHNROUTE=/usr/bin/chnroute-update


echo === add openwrt dist repo ===
for a in $(opkg print-architecture | awk '{print $2}'); do
        case "$a" in
                all|noarch)
                        ;;
                aarch64_armv8-a|aarch64_cortex-a53|aarch64_cortex-a72|aarch64_generic|arm_arm926ej-s|arm_arm1176jzf-s_vfp|arm_cortex-a5|arm_cortex-a5_neon-vfpv4|arm_cortex-a5_vfpv4|arm_cortex-a7_neon-vfpv4|arm_cortex-a8_vfpv3|arm_cortex-a9|arm_cortex-a9_neon|arm_cortex-a9_vfpv3|arm_cortex-a15_neon-vfpv4|arm_cortex-a53_neon-vfpv4|arm_fa526|arm_mpcore|arm_mpcore_vfp|arm_xscale|armeb_xscale|i386_pentium|i386_pentium4|mips64_octeon|mips_24kc|mips_mips32|mipsel_24kc|mipsel_24kc_24kf|mipsel_74kc|mipsel_mips32|powerpc_464fp|powerpc_8540|x86_64)
                        ARCH=${a}
                        ;;
                *)
                        echo "Architectures not support."
                        exit 0
                        ;;
        esac
done

echo -e "\nTarget Arch:\033[32m $ARCH \033[0m\n"

if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then
        wget http://openwrt-dist.sourceforge.net/packages/openwrt-dist.pub
        opkg-key add openwrt-dist.pub
        echo "src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/$ARCH" >>/etc/opkg/customfeeds.conf
        echo "src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci" >>/etc/opkg/customfeeds.conf
fi

opkg update


echo === install packages ===
# bypass china
opkg install \
  luci-app-chinadns \
  luci-app-dns-forwarder \
  luci-app-shadowsocks \
  shadowsocks-libev \
  iptables-mod-tproxy \
  luci-compat

# allow https wget
opkg install \
  ca-certificates \
  ca-bundle \
  wget

# apps
opkg install \
  luci-app-adblock \
  luci-app-statistics \
  collectd-mod-ping \
  collectd-mod-dns


echo === create admin scripts ===
# create ip list update script
cat > $PATH_CHNROUTE << 'EOF'
#!/bin/sh
wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt
EOF
chmod +x $PATH_CHNROUTE

# create watchdog script
cat > $PATH_WATCHDOG << 'EOF'
#!/bin/sh
LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
TIMEOUT=3
TRIES=3
RATING_URL=https://www.google.com/
REFERENCE_URL=https://www.alipay.com/
network_probe () {
  wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1
  echo $?
}
if [ `network_probe $RATING_URL` = 0 ]; then
  echo [$LOGTIME] No Problem
  exit 0
elif [ `network_probe $REFERENCE_URL` = 0 ]; then
  echo [$LOGTIME] Problem decteted. Restarting shadowsocks
  /etc/init.d/shadowsocks restart > /dev/null
else
  echo [$LOGTIME] Network problem. Do nothing
fi
EOF
chmod +x $PATH_WATCHDOG


echo === config shadowsocks ===
SERVER_ID=`uci add shadowsocks servers`
uci set shadowsocks.@servers[-1].alias=$SERVER_NAME
uci set shadowsocks.@servers[-1].encrypt_method=$METHOD
uci set shadowsocks.@servers[-1].fast_open=1
uci set shadowsocks.@servers[-1].no_delay=1
uci set shadowsocks.@servers[-1].password=$KEY
uci set shadowsocks.@servers[-1].server=$HOST
uci set shadowsocks.@servers[-1].server_port=$PORT
uci add_list shadowsocks.@transparent_proxy[0].main_server=$SERVER_ID
uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt
uci set shadowsocks.@access_control[0].ipt_ext='-m multiport --dports 53,80,443,465,587,993'


echo === config dns ===
uci set chinadns.@chinadns[0].enable=1
uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300
uci set dns-forwarder.@dns-forwarder[0].enable=1
uci set dhcp.@dnsmasq[0].noresolv=1
uci set dhcp.@dnsmasq[0].cachesize=10000
uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353
uci set network.wan.peerdns=0
uci set network.wwan.peerdns=0
uci add_list network.wan.dns=127.0.0.1
uci add_list network.wwan.dns=127.0.0.1


echo === config adblock ===
uci set adblock.global.adb_triggerdelay=30


echo === config cron ===
crontab - << 'EOF'
# beware timezone
# update chnroute at sunday 3:30am
30 3 * * 0 chnroute-update
# Reboot at 4:30am every monday
# Note: To avoid infinite reboot loop, wait 70 seconds
# and touch a file in /etc so clock will be set
# properly to 4:31 on reboot before cron starts.
30 4 * * 1 sleep 70 && touch /etc/banner && reboot
# shadowsocks watchdog, check every 5 min
*/5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1
# clean log every monday
0 1 * * 1 echo "" > /var/log/ss-watchdog.log
EOF


echo === apply changes ===
uci commit
luci-reload


echo === update system ===


# beware dns configuration override
# you may want upgrade netifd & dnsmasq first
#opkg upgrade netifd dnsmasq
#opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
#chnroute-update

echo '=== all done, congratulations! (you may reboot now) ==='
	#!/bin/sh

	set -e

	echo === configure openwrt version 21.02.0 ===

	# override shadowsocks server config
	SERVER_NAME=lightsail-tokyo
	METHOD=xchacha20-ietf-poly1305
	HOST=
	PORT=
	KEY=

	# scripts path
	PATH_WATCHDOG=/usr/bin/ss-watchdog
	PATH_CHNROUTE=/usr/bin/chnroute-update



	echo === add openwrt dist repo ===
	for a in $(opkg print-architecture \| awk '{print $2}'); do
	case "$a" in
	all\|noarch)
	;;
	aarch64_armv8-a\|aarch64_cortex-a53\|aarch64_cortex-a72\|aarch64_generic\|arm_arm926ej-s\|arm_arm1176jzf-s_vfp\|arm_cortex-a5\|arm_cortex-a5_neon-vfpv4\|arm_cortex-a5_vfpv4\|arm_cortex-a7_neon-vfpv4\|arm_cortex-a8_vfpv3\|arm_cortex-a9\|arm_cortex-a9_neon\|arm_cortex-a9_vfpv3\|arm_cortex-a15_neon-vfpv4\|arm_cortex-a53_neon-vfpv4\|arm_fa526\|arm_mpcore\|arm_mpcore_vfp\|arm_xscale\|armeb_xscale\|i386_pentium\|i386_pentium4\|mips64_octeon\|mips_24kc\|mips_mips32\|mipsel_24kc\|mipsel_24kc_24kf\|mipsel_74kc\|mipsel_mips32\|powerpc_464fp\|powerpc_8540\|x86_64)
	ARCH=${a}
	;;
	*)
	echo "Architectures not support."
	exit 0
	;;
	esac
	done

	echo -e "\nTarget Arch:\033[32m $ARCH \033[0m\n"

	if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then
	wget http://openwrt-dist.sourceforge.net/packages/openwrt-dist.pub
	opkg-key add openwrt-dist.pub
	echo "src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/$ARCH" >>/etc/opkg/customfeeds.conf
	echo "src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci" >>/etc/opkg/customfeeds.conf
	fi

	opkg update



	echo === install packages ===
	# bypass china
	opkg install \
	luci-app-chinadns \
	luci-app-dns-forwarder \
	luci-app-shadowsocks \
	shadowsocks-libev \
	iptables-mod-tproxy \
	luci-compat

	# allow https wget
	opkg install \
	ca-certificates \
	ca-bundle \
	wget

	# apps
	opkg install \
	luci-app-adblock \
	luci-app-statistics \
	collectd-mod-ping \
	collectd-mod-dns



	echo === create admin scripts ===
	# create ip list update script
	cat > $PATH_CHNROUTE << 'EOF'
	#!/bin/sh
	wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' \| awk -F\\| '/CN\\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt
	EOF
	chmod +x $PATH_CHNROUTE

	# create watchdog script
	cat > $PATH_WATCHDOG << 'EOF'
	#!/bin/sh
	LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
	TIMEOUT=3
	TRIES=3
	RATING_URL=https://www.google.com/
	REFERENCE_URL=https://www.alipay.com/
	network_probe () {
	wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1
	echo $?
	}
	if [ `network_probe $RATING_URL` = 0 ]; then
	echo [$LOGTIME] No Problem
	exit 0
	elif [ `network_probe $REFERENCE_URL` = 0 ]; then
	echo [$LOGTIME] Problem decteted. Restarting shadowsocks
	/etc/init.d/shadowsocks restart > /dev/null
	else
	echo [$LOGTIME] Network problem. Do nothing
	fi
	EOF
	chmod +x $PATH_WATCHDOG



	echo === config shadowsocks ===
	SERVER_ID=`uci add shadowsocks servers`
	uci set shadowsocks.@servers[-1].alias=$SERVER_NAME
	uci set shadowsocks.@servers[-1].encrypt_method=$METHOD
	uci set shadowsocks.@servers[-1].fast_open=1
	uci set shadowsocks.@servers[-1].no_delay=1
	uci set shadowsocks.@servers[-1].password=$KEY
	uci set shadowsocks.@servers[-1].server=$HOST
	uci set shadowsocks.@servers[-1].server_port=$PORT
	uci add_list shadowsocks.@transparent_proxy[0].main_server=$SERVER_ID
	uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt
	uci set shadowsocks.@access_control[0].ipt_ext='-m multiport --dports 53,80,443,465,587,993'



	echo === config dns ===
	uci set chinadns.@chinadns[0].enable=1
	uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300
	uci set dns-forwarder.@dns-forwarder[0].enable=1
	uci set dhcp.@dnsmasq[0].noresolv=1
	uci set dhcp.@dnsmasq[0].cachesize=10000
	uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353
	uci set network.wan.peerdns=0
	uci set network.wwan.peerdns=0
	uci add_list network.wan.dns=127.0.0.1
	uci add_list network.wwan.dns=127.0.0.1



	echo === config adblock ===
	uci set adblock.global.adb_triggerdelay=30



	echo === config cron ===
	crontab - << 'EOF'
	# beware timezone
	# update chnroute at sunday 3:30am
	30 3 * * 0 chnroute-update
	# Reboot at 4:30am every monday
	# Note: To avoid infinite reboot loop, wait 70 seconds
	# and touch a file in /etc so clock will be set
	# properly to 4:31 on reboot before cron starts.
	30 4 * * 1 sleep 70 && touch /etc/banner && reboot
	# shadowsocks watchdog, check every 5 min
	/5 * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1
	# clean log every monday
	0 1 * * 1 echo "" > /var/log/ss-watchdog.log
	EOF



	echo === apply changes ===
	uci commit
	luci-reload



	echo === update system ===


	# beware dns configuration override
	# you may want upgrade netifd & dnsmasq first
	#opkg upgrade netifd dnsmasq
	#opkg list-upgradable \| cut -f 1 -d ' ' \| xargs opkg upgrade
	#chnroute-update

	echo '=== all done, congratulations! (you may reboot now) ==='