├── CNAME ├── .gitignore ├── _config.yml ├── bash ├── pve6_non_ustc_cn_source.sh ├── pve6_non_tuna_cn_source.sh ├── debian_install_frr_rpki_and_bgpq4.sh ├── ufw_ospf.sh ├── pve_get_debian10_ci.sh ├── pull_code.sh ├── pve_template_import.sh ├── pve-import-template.sh ├── get_composer_cn.sh ├── vaultwarden_backup.sh ├── pve_dnsmasq.sh ├── debian10_frrouting_install.sh ├── vmbr_iptables_nat_init.sh ├── gobgp.sh ├── cloudinit_install.sh ├── pve7-initial.sh ├── pve5_nat_dog.sh ├── debian_cn_test_action_int.sh ├── deb_frrouting_install.sh ├── pve6_nat_dog.sh ├── debian10_frrouting_install_cn.sh ├── pve_cn_init.sh ├── cn_devstack_trystack_bionic.sh ├── pve_cn_master_init.sh ├── Readme.md └── linux_router_kickstart.sh ├── README.md ├── LICENSE ├── python ├── juniper_show_route_output_to_ip_ regex.py ├── juniper-backup.py └── backup-r2.py └── docker-compose └── zabbix.yaml /CNAME: -------------------------------------------------------------------------------- 1 | bash.rbq.sh -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-merlot -------------------------------------------------------------------------------- /bash/pve6_non_ustc_cn_source.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "deb http://mirrors.ustc.edu.cn/proxmox/debian/pve buster pve-no-subscription " >> /etc/apt/sources.list.d/pve-no-sub.list 4 | 5 | # 注释掉企业源 6 | echo "#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list 7 | -------------------------------------------------------------------------------- /bash/pve6_non_tuna_cn_source.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "deb https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian buster pve-no-subscription" >> /etc/apt/sources.list.d/pve-no-sub.list 4 | 5 | # 注释掉企业源 6 | echo "#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list 7 | -------------------------------------------------------------------------------- /bash/debian_install_frr_rpki_and_bgpq4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Install BGPQ4 3 | apt install libtool autoconf g++ make 4 | wget https://github.com/bgp/bgpq4/archive/refs/tags/1.9.tar.gz 5 | tar -xzvf 1.9.tar.gz 6 | cd bgpq4-1.9/ 7 | ./bootstrap 8 | ./configure 9 | make 10 | make install 11 | 12 | # Install FRR RPKI 13 | apt install frr-rpki-rtrlib 14 | sed -i 's/\(bgpd_options=".*\)"$/\1 -M rpki"/' /etc/frr/daemons 15 | 16 | service frr restart 17 | -------------------------------------------------------------------------------- /bash/ufw_ospf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # reference: https://butwt.wordpress.com/2018/03/05/quaga-ospf-on-ubuntu/ 4 | # UFW放行OSPF报文 5 | 6 | #V6 7 | echo " 8 | # allow Link local multicast 9 | -A ufw6-before-input -p ospf -d ff02::/16 -j ACCEPT 10 | " >> /etc/ufw/before6.rules 11 | 12 | #V4 13 | ufw allow from 224.0.0.0/24 14 | 15 | #UFW 開啟IP轉發 16 | sed 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw 17 | 18 | ufw disable && ufw enable 19 | -------------------------------------------------------------------------------- /bash/pve_get_debian10_ci.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # YFsama PVE导入Debian10 鏡像使用 4 | 5 | apt install -y wget 6 | 7 | # TODO: 国内放个镜像 8 | wget "http://cdimage.debian.org/cdimage/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2" 9 | 10 | qm importdisk $0 debian-10-openstack-amd64.qcow2 $1 11 | qm set $0 --virtio0 $1:vm-$0-disk-0 12 | qm set $0 --boot c --bootdisk virtio0 13 | qm set $0 --serial0 socket --vga serial0 14 | qm set $0 --ide2 $1:cloudinit 15 | qm template $0 16 | -------------------------------------------------------------------------------- /bash/pull_code.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # !需修改配置才能使用! 4 | # 修改下面兩個參數后,配置crontab/webhook调用即可 5 | # 自动拉取代码 6 | 7 | localPath="/www/wwwroot/" 8 | 9 | echo "Update $localPath" 10 | 11 | if [ -d "$localPath" ]; then 12 | cd $localPath || exit 13 | git reset --hard origin/master 14 | 15 | git pull origin master 16 | echo "Updated" 17 | 18 | chown -R www:www $localPath 19 | exit 20 | else 21 | echo "Path nof found" 22 | exit 23 | fi 24 | -------------------------------------------------------------------------------- /bash/pve_template_import.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | dir=* #当前目录 4 | vmid=2000 5 | for i in ${dir} 6 | do 7 | if [ $i == $0 ] 8 | then 9 | continue 10 | fi 11 | qm create $vmid --name ${i%.qcow2} --agent 1 12 | qm importdisk $vmid $i $1 13 | qm set $vmid --virtio0 $1:vm-$vmid-disk-0 14 | qm set $vmid --boot c --bootdisk virtio0 15 | # qm set $num --serial0 socket --vga serial0 16 | qm set $vmid --ide2 $1:cloudinit 17 | qm template $vmid 18 | vmid=$((vmid+1)) 19 | done 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # MoYuScript 2 | 3 | ![](https:*//img.shields.io/badge/license-MIT-000000.svg) 4 | 5 | 6 | 7 | ### 介紹 8 | 9 | YFsama日常配置一些環境時使用的命令 10 | 11 | 簡短的命令封裝成了一個個小脚本 12 | 13 | 用於平時偷懶摸魚的時候使用 14 | 15 | 16 | 17 | ### 文檔 18 | 19 | 怎么食用? 20 | 21 | Bash脚本写了用法的可以在 [Bash目录](https://bash.rbq.sh/bash) 可以看到 22 | 23 | 没写用法的自己看名字看代码吧 24 | 25 | 26 | ### 注意 27 | 28 | 此處脚本只兼容指定環境 29 | 30 | 31 | 32 | ### 更新 33 | 34 | 更新隨緣,覺得可以偷懶的都會變成脚本加進來 35 | 36 | 37 | 38 | ### 許可 39 | 40 | MIT 41 | 42 | > 恁想幹嘛就幹嘛,反正是些脚本而已,毫無代碼質量可言,愛怎麽用這麽用,出問題不負責 -------------------------------------------------------------------------------- /bash/pve-import-template.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 获取要import的存储,如果没有就是 local-lvm 4 | if [ -z $1 ]; then 5 | w="local-lvm" 6 | else 7 | w=$1 8 | fi 9 | 10 | # 嵌套虚拟化 11 | modprobe -r kvm_intel 12 | modprobe kvm_intel nested=1 13 | echo "options kvm_intel nested=1" >> /etc/modprobe.d/modprobe.conf 14 | 15 | apt update -y 16 | apt upgrade -y 17 | 18 | # 安装软件 19 | apt install curl wget gnupg2 git -y 20 | 21 | git clone https://github.com/ISIFNET/pve-import-template.git 22 | 23 | cd pve-import-template 24 | 25 | bash setup.sh 26 | 27 | ./import.py $w 28 | -------------------------------------------------------------------------------- /bash/get_composer_cn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #安裝Composer 4 | php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" 5 | php -r "if (hash_file('sha384', 'composer-setup.php') === 'c5b9b6d368201a9db6f74e2611495f369991b72d9c8cbd3ffbc63edff210eb73d46ffbfce88669ad33695ef77dc76976') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" 6 | php composer-setup.php 7 | php -r "unlink('composer-setup.php');" 8 | 9 | #配置國內鏡像 10 | composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/ 11 | -------------------------------------------------------------------------------- /bash/vaultwarden_backup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DATE=`date +%Y%m%d` 4 | 5 | BACKUP_DB_PATH=/backup/db 6 | BACKUP_ZIP_PATH=/backup/zip 7 | BACKUP_TEMP_PATH=/backup/tmp 8 | VW_DATA_PATH=/vw_data 9 | 10 | sqlite3 $VW_DATA_PATH/db.sqlite3 ".backup '$BACKUP_DB_PATH/db-$DATE.sqlite3'" 11 | 12 | cd $VW_DATA_PATH 13 | cp -r `ls $VW_DATA_PATH | grep -v sqlite3 | xargs` $BACKUP_TEMP_PATH 14 | 15 | cd $BACKUP_TEMP_PATH 16 | BACKUP_ZIP_NAME=$BACKUP_ZIP_PATH/vw-data-$DATE.zip 17 | zip -rq $BACKUP_ZIP_NAME * 18 | 19 | rm -r $BACKUP_TEMP_PATH/* 20 | 21 | find $BACKUP_ZIP_PATH -name "*.zip" -type f -mtime +30 -exec rm {} \; 22 | 23 | rclone copy $BACKUP_DB_PATH/db-$DATE.sqlite3 minio:vaultwarden-db 24 | rclone copy $BACKUP_ZIP_NAME minio:vaultwarden-file 25 | -------------------------------------------------------------------------------- /bash/pve_dnsmasq.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | apt install dnsmasq 4 | 5 | echo " 6 | server=223.5.5.5 7 | server=8.8.8.8 8 | listen-address=172.24.31.254 9 | resolv-file=/etc/resolv.dnsmasq.conf 10 | dhcp-range=172.24.31.40,172.24.31.240,12h 11 | dhcp-option=option:router,172.24.31.254 12 | dhcp-option=option:dns-server,223.5.5.5.114,8.8.8.8 13 | " > /etc/dnsmasq.conf 14 | 15 | echo "nameserver 127.0.0.1" > /etc/resolv.conf 16 | 17 | echo " 18 | nameserver 223.5.5.5 19 | nameserver 8.8.8.8 20 | " > /etc/resolv.dnsmasq.conf 21 | 22 | iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT 23 | iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 24 | 25 | iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 26 | iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 27 | 28 | service iptables save 29 | service iptables restart 30 | -------------------------------------------------------------------------------- /bash/debian10_frrouting_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 更改DNS 4 | echo "nameserver 8.8.8.8" > /etc/resolv.conf 5 | 6 | # 更新系統 組件 7 | apt update -y 8 | apt upgrade -y 9 | apt install -y curl gnupg2 traceroute 10 | 11 | # 安裝FRRouting 12 | 13 | curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - 14 | FRRVER="frr-stable" 15 | echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list 16 | sudo apt update -y && sudo apt install -y frr frr-pythontools 17 | 18 | # 開啓IP轉發 19 | echo " 20 | net.ipv4.conf.all.forwarding = 1 21 | net.ipv6.conf.all.disable_ipv6 = 0 22 | net.ipv6.conf.default.disable_ipv6 = 0 23 | net.ipv6.conf.lo.disable_ipv6 = 0 24 | net.ipv6.conf.default.forwarding = 1 25 | net.ipv6.conf.all.forwarding = 1 26 | net.ipv6.conf.all.proxy_ndp = 1 27 | net.ipv6.conf.all.accept_ra = 2 28 | " > /etc/sysctl.conf 29 | 30 | sysctl -p 31 | 32 | # 打开Frr全部功能 33 | sed -i "s/=no/=yes/g" /etc/frr/daemons 34 | service frr restart 35 | 36 | sudo vtysh 37 | -------------------------------------------------------------------------------- /bash/vmbr_iptables_nat_init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #添加網卡 4 | echo " 5 | 6 | auto vmbr1 7 | iface vmbr1 inet static 8 | address 172.24.31.254 9 | netmask 24 10 | bridge-ports none 11 | bridge-stp off 12 | bridge-fd 0 13 | " >> /etc/network/interfaces 14 | 15 | ifup vmbr1 16 | 17 | # 開啓IP轉發 18 | echo " 19 | net.ipv4.conf.all.forwarding = 1 20 | net.ipv6.conf.all.disable_ipv6 = 0 21 | net.ipv6.conf.default.disable_ipv6 = 0 22 | net.ipv6.conf.lo.disable_ipv6 = 0 23 | net.ipv6.conf.default.forwarding = 1 24 | net.ipv6.conf.all.forwarding = 1 25 | net.ipv6.conf.all.proxy_ndp = 1 26 | net.ipv6.conf.all.accept_ra = 2 27 | " > /etc/sysctl.conf 28 | 29 | sysctl -p 30 | # IPtable初始化 保存 31 | iptables -t nat -A POSTROUTING -s '172.24.31.0/24' -o vmbr0 -j MASQUERADE 32 | 33 | touch /etc/network/if-pre-up.d/iptables 34 | 35 | echo " 36 | #!/bin/sh 37 | /sbin/iptables-restore < /etc/iptables 38 | " > /etc/network/if-pre-up.d/iptables 39 | 40 | chmod +x /etc/network/if-pre-up.d/iptables 41 | 42 | iptables-save > /etc/iptables 43 | 44 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 YFsama 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /bash/gobgp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Thanks Github Copilot 4 | curl https://api.github.com/repos/osrg/gobgp/releases/latest | grep "browser_download_url.*linux_amd64.tar.gz" | cut -d : -f 2,3 | tr -d \" | wget -qi - 5 | 6 | tar -xzvf gobgp_*_linux_amd64.tar.gz 7 | mv gobgp /usr/bin/ 8 | mv gobgpd /usr/bin/ 9 | 10 | groupadd --system gobgpd 11 | useradd --system -d /var/lib/gobgpd -s /bin/bash -g gobgpd gobgpd 12 | mkdir -p /var/{lib,run,log}/gobgpd 13 | chown -R gobgpd:gobgpd /var/{lib,run,log}/gobgpd 14 | mkdir -p /etc/gobgpd 15 | chown -R gobgpd:gobgpd /etc/gobgpd 16 | 17 | echo ' 18 | [Unit] 19 | Description=GoBGP Routing Daemon 20 | Wants=network.target 21 | After=network.target 22 | 23 | [Service] 24 | Type=notify 25 | ExecStartPre=/usr/bin/gobgpd -f /etc/gobgpd/gobgpd.conf -d 26 | ExecStart=/usr/bin/gobgpd -f /etc/gobgpd/gobgpd.conf --sdnotify 27 | ExecReload=/usr/bin/kill -HUP $MAINPID 28 | StandardOutput=journal 29 | StandardError=journal 30 | User=gobgpd 31 | Group=gobgpd 32 | AmbientCapabilities=CAP_NET_BIND_SERVICE 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | ' > /usr/lib/systemd/system/gobgp.service 37 | 38 | echo ' 39 | [global.config] 40 | as = 65535 41 | router-id = "10.0.0.0" 42 | 43 | ' > /etc/gobgpd/gobgpd.conf 44 | 45 | systemctl enable gobgp.service 46 | systemctl start gobgp.service 47 | 48 | service gobgp status -------------------------------------------------------------------------------- /bash/cloudinit_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #空白系统配置成支持CI的系统 4 | 5 | #更新系统 6 | apt update -y || yum update -y 7 | apt upgrade -y || yum upgrade -y 8 | 9 | #安装组件 10 | yum install sudo -y || apt install -y sudo 11 | sudo yum install -y git epel-release traceroute wget curl vim nano net-tools || sudo apt install -y apt-transport-https ca-certificates net-tools traceroute wget curl vim nano 12 | 13 | #安装Cloud-init 14 | apt install -y cloud-init || yum install -y cloud-init cloud-utils-growpart 15 | 16 | #安装qemu-guest 17 | apt install -y qemu-guest-agent || yum install -y qemu-guest-agent 18 | 19 | #替换cloud.cfg qemu.cfg 20 | sed -i -e '/- package-update-upgrade-install/d' /etc/cloud/cloud.cfg 21 | sed -i -e 's/disable_root: true/disable_root: false \nssh_pwauth: true/g' -e 's/ssh_pwauth: 0/ssh_pwauth: 1/g' /etc/cloud/cloud.cfg 22 | sed -i -e 's/disable_root: 1/disable_root: 0/g' -e 's/ssh_pwauth: 0/ssh_pwauth: 1/g' /etc/cloud/cloud.cfg 23 | 24 | #开机启动 Qemu-Guest-Agent 25 | systemctl start qemu-guest-agent 26 | systemctl enable qemu-guest-agent || chkconfig qemu-ga on 27 | 28 | #写MOTD 29 | echo " 30 | Welcome back! Master 31 | " > /etc/motd 32 | 33 | #删除记录 34 | 35 | echo > /var/log/btmp 36 | echo > /var/log/wtmp 37 | echo > /var/log/secure 38 | echo > ~/.bash_history 39 | 40 | history -c 41 | 42 | rm ~/anaconda-ks.cfg 43 | rm cloudinit_install.sh -------------------------------------------------------------------------------- /bash/pve7-initial.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ ! $1 ]; then 4 | net=$1; 5 | else 6 | net="10.100.0.0/24"; 7 | fi 8 | 9 | if [ ! $2 ]; then 10 | gateway=$2; 11 | else 12 | gateway="10.100.0.254"; 13 | fi 14 | 15 | if [ ! $3 ]; then 16 | int=$3; 17 | else 18 | int="vmbr100"; 19 | fi 20 | 21 | #添加網卡 22 | echo " 23 | 24 | auto ${int} 25 | iface ${int} inet static 26 | address ${gateway} 27 | netmask 24 28 | bridge-ports none 29 | bridge-stp off 30 | bridge-fd 0 31 | " >> /etc/network/interfaces 32 | 33 | ifup ${int} 34 | 35 | # 開啓IP轉發 36 | echo " 37 | net.ipv4.conf.all.forwarding = 1 38 | net.ipv6.conf.all.disable_ipv6 = 0 39 | net.ipv6.conf.default.disable_ipv6 = 0 40 | net.ipv6.conf.lo.disable_ipv6 = 0 41 | net.ipv6.conf.default.forwarding = 1 42 | net.ipv6.conf.all.forwarding = 1 43 | net.ipv6.conf.all.proxy_ndp = 1 44 | net.ipv6.conf.all.accept_ra = 2 45 | " >> /etc/sysctl.conf 46 | 47 | sysctl -p 48 | # IPtable初始化 保存 49 | iptables -t nat -A POSTROUTING -s ${net} -o vmbr0 -j MASQUERADE 50 | 51 | apt install -y iptables-persistent 52 | 53 | #开启嵌套虚拟化 54 | modprobe -r kvm_intel 55 | modprobe kvm_intel nested=1 56 | echo "options kvm_intel nested=1" >> /etc/modprobe.d/modprobe.conf 57 | 58 | 59 | echo "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription " >> /etc/apt/sources.list.d/pve-no-sub.list 60 | 61 | # 注释掉企业源 62 | echo "#deb https://enterprise.proxmox.com/debian/pve bullseye pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list 63 | -------------------------------------------------------------------------------- /bash/pve5_nat_dog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #https://rbq.ai/p/581/ 3 | #狗蛋给咱的PVE5 NAT脚本 4 | 5 | rm -rf /etc/apt/sources.list.d/* 6 | cat > /etc/apt/sources.list <<'EOF' 7 | deb http://ftp.cn.debian.org/debian/ stretch main 8 | deb-src http://ftp.cn.debian.org/debian/ stretch main 9 | 10 | deb http://security.debian.org/ stretch/updates main contrib non-free 11 | deb-src http://security.debian.org/ stretch/updates main contrib non-free 12 | 13 | deb http://ftp.cn.debian.org/debian/ stretch-updates main contrib non-free 14 | deb-src http://ftp.cn.debian.org/debian/ stretch-updates main contrib non-free 15 | EOF 16 | apt-get update 17 | apt-get -y install dnsmasq 18 | cat >> /etc/network/interfaces <<'EOF' 19 | 20 | auto vmbr1 21 | iface vmbr1 inet static 22 | address 192.168.0.1 23 | netmask 255.255.255.0 24 | bridge_ports none 25 | bridge_stp off 26 | bridge_fd 0 27 | EOF 28 | cat >> /etc/dnsmasq.conf <<'EOF' 29 | interface=vmbr1 30 | #dhcp-option=1,255.255.225.0 31 | dhcp-range=192.168.0.100,192.168.0.199,12h 32 | dhcp-option=3,192.168.0.1 33 | dhcp-option=option:dns-server,114.114.114.114,8.8.8.8 34 | EOF 35 | cat >> /etc/sysctl.conf <<'EOF' 36 | net.ipv4.ip_forward = 1 37 | EOF 38 | sysctl -p 39 | iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE 40 | cat > /etc/network/if-pre-up.d/iptables <<'EOF' 41 | #!/bin/bash 42 | /sbin/iptables-restore < /etc/iptables.up.rules 43 | EOF 44 | chmod +x /etc/network/if-pre-up.d/iptables 45 | iptables-save > /etc/iptables.up.rules 46 | service networking restart 47 | service dnsmasq restart 48 | rm 1.sh 49 | -------------------------------------------------------------------------------- /bash/debian_cn_test_action_int.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | down="eth1" 4 | time=`date +%Y-%m-%d" "%H:%M:%S` 5 | ping="223.5.5.5" 6 | target="www.baidu.com" 7 | 8 | function network() 9 | { 10 | #超时时间 11 | local timeout=3 12 | #获取响应状态码 13 | local ret_code=`curl -I -s --connect-timeout ${timeout} ${target} -w %{http_code} | tail -n1` 14 | if [ "x$ret_code" = "x200" ]; then 15 | #网络畅通 16 | return 1 17 | else 18 | #网络不畅通 19 | return 0 20 | fi 21 | return 0 22 | } 23 | 24 | network 25 | 26 | if [ $? -eq 0 ];then 27 | # 写一个失败次数 (读取原本的) 28 | if [ -e ./fail ];then 29 | num=`cat ./fail` 30 | else 31 | num=0 32 | fi 33 | 34 | new=`expr $num + 1` 35 | echo $new > ./fail 36 | 37 | if [ $num -gt 2 ]; then 38 | # 如果甚至还ping不通(也有可能是测试站挂了x) 39 | # Todo 这里也触发一次远程提醒 40 | ping -c 3 $ping > /dev/null 2>&1 41 | if [ $? -ne 0 ]; then 42 | echo 1 > ./down 43 | echo "Interface down ${down} - ${time}" 44 | ifdown $down 45 | else 46 | echo "Ping ok ${ping} - ${time}" 47 | fi 48 | fi 49 | 50 | echo "Curl fail: ${num} - ${time}" 51 | exit -1 52 | else 53 | if [ -e ./fail ];then 54 | rm ./fail 55 | fi 56 | 57 | # 如果存在把接口禁用了就重新启用接口 58 | if [ -e ./down ]; then 59 | echo "Interface up ${down} - ${time}" 60 | ifup $down 61 | rm ./down 62 | fi 63 | fi 64 | 65 | # 清理Log 66 | line=`wc -l < ./log` 67 | 68 | if [ $line -gt 5 ];then 69 | tail -3 ./log > ./log.temp 70 | mv ./log.temp ./log 71 | echo "Clear log - ${time}" >> ./log 72 | fi 73 | 74 | 75 | echo "Script finished! - ${time}" 76 | exit 0 77 | -------------------------------------------------------------------------------- /python/juniper_show_route_output_to_ip_ regex.py: -------------------------------------------------------------------------------- 1 | import re 2 | 3 | def process_as_path(as_path): 4 | # 展开方括号内的 ASN 5 | as_path = re.sub(r'\[([0-9\s]+)\]', r'\1', as_path) 6 | 7 | # 提取 ASN 序列 8 | as_numbers = re.findall(r'\d+', as_path) 9 | 10 | # 去除前导 localpref 11 | as_numbers = [asn for asn in as_numbers if asn != "999"] 12 | 13 | # AS-Path 必须以 9886 开头 14 | if as_numbers and as_numbers[0] != "9886": 15 | as_numbers.insert(0, "9886") 16 | 17 | # 合并连续重复的 ASN 18 | compressed_as_path = [] 19 | last_asn = None 20 | for asn in as_numbers: 21 | if asn != last_asn: 22 | compressed_as_path.append(asn) 23 | last_asn = asn 24 | 25 | # 生成最终格式 26 | formatted_as_path = "^(" + "_)+(".join(compressed_as_path) + "_)+$" 27 | return formatted_as_path 28 | 29 | def process_bgp_output(lines): 30 | results = [] 31 | for line in lines: 32 | parts = line.split() 33 | if len(parts) < 2: 34 | continue 35 | 36 | # 提取 IP/CIDR 37 | ip_cidr = parts[1] 38 | 39 | # 提取 AS-Path 部分 40 | as_path = " ".join(parts[4:]) # 省略前面的无关字段 41 | 42 | # 处理 AS-Path 43 | formatted_as_path = process_as_path(as_path) 44 | 45 | # 生成最终输出 46 | result = f"{ip_cidr} AS-Path: {formatted_as_path}" 47 | results.append(result) 48 | 49 | return results 50 | 51 | # 示例输入数据 52 | bgp_output = """ 53 | * 11.45.1.4/24 Self 999 114514 I 54 | * 19.19.8.10/24 Self 0 999 114514 1919810 I 55 | """ 56 | 57 | # 处理 BGP 数据 58 | lines = bgp_output.strip().split("\n") 59 | processed_results = process_bgp_output(lines) 60 | 61 | # 输出结果 62 | for res in processed_results: 63 | print(res) 64 | -------------------------------------------------------------------------------- /bash/deb_frrouting_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 更新系統 組件 4 | apt update -y 5 | apt upgrade -y 6 | apt install -y curl gnupg2 traceroute net-tools wget lsb-release sudo 7 | 8 | # 安裝FRRouting 9 | curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - 10 | FRRVER="frr-stable" 11 | echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list 12 | sudo apt update -y && sudo apt install -y frr frr-pythontools 13 | 14 | # 開啓IP轉發 15 | echo " 16 | 17 | #Script Addons Start 18 | 19 | net.ipv4.conf.all.forwarding = 1 20 | net.ipv6.conf.all.disable_ipv6 = 0 21 | net.ipv6.conf.default.disable_ipv6 = 0 22 | net.ipv6.conf.lo.disable_ipv6 = 0 23 | net.ipv6.conf.default.forwarding = 1 24 | net.ipv6.conf.all.forwarding = 1 25 | net.ipv6.conf.all.proxy_ndp = 1 26 | net.ipv6.conf.all.accept_ra = 2 27 | 28 | net.ipv4.tcp_syncookies = 1 29 | net.ipv4.tcp_tw_reuse = 1 30 | net.ipv4.tcp_tw_recycle = 1 31 | net.ipv4.tcp_fin_timeout = 30 32 | net.inet.udp.checksum=1 33 | net.ipv4.icmp_ignore_bogus_error_responses = 1 34 | net.ipv4.tcp_syn_retries = 1 35 | net.ipv4.icmp_echo_ignore_broadcasts = 1 36 | net.ipv4.tcp_wmem = 30000000 30000000 30000000 37 | net.ipv4.ip_local_port_range = 1024 65000 38 | net.ipv4.netfilter.ip_conntrack_max=204800 39 | net.core.optmem_max = 10000000 40 | net.core.rmem_default = 10000000 41 | net.core.rmem_max = 10000000 42 | net.core.default_qdisc=fq 43 | net.ipv4.tcp_congestion_control=bbr 44 | 45 | #Script Addons End 46 | 47 | " >> /etc/sysctl.conf 48 | 49 | sysctl -p 50 | 51 | sed -i "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons 52 | sed -i "s/ospf6d=no/ospf6d=yes/g" /etc/frr/daemons 53 | sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons 54 | sed -i "s/bfdd=no/bfdd=yes/g" /etc/frr/daemons 55 | sed -i "s/pbrd=no/pbrd=yes/g" /etc/frr/daemons 56 | 57 | service frr restart 58 | -------------------------------------------------------------------------------- /bash/pve6_nat_dog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #狗蛋給咱的PVE5 NAT腳本(已修改為PVE6 4 | 5 | rm -rf /etc/apt/sources.list.d/* 6 | #修改為清華Debian10鏡像源 7 | echo " 8 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 9 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 10 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 11 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 12 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 13 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 14 | deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 15 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 16 | " > /etc/apt/sources.list 17 | 18 | apt-get update 19 | apt-get -y install dnsmasq 20 | cat >> /etc/network/interfaces <<'EOF' 21 | 22 | auto vmbr1 23 | iface vmbr1 inet static 24 | address 192.168.0.1 25 | netmask 255.255.255.0 26 | bridge_ports none 27 | bridge_stp off 28 | bridge_fd 0 29 | EOF 30 | cat >> /etc/dnsmasq.conf <<'EOF' 31 | interface=vmbr1 32 | #dhcp-option=1,255.255.225.0 33 | dhcp-range=192.168.0.100,192.168.0.199,12h 34 | dhcp-option=3,192.168.0.1 35 | dhcp-option=option:dns-server,114.114.114.114,8.8.8.8 36 | EOF 37 | cat >> /etc/sysctl.conf <<'EOF' 38 | net.ipv4.ip_forward = 1 39 | EOF 40 | sysctl -p 41 | iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE 42 | cat > /etc/network/if-pre-up.d/iptables <<'EOF' 43 | #!/bin/bash 44 | /sbin/iptables-restore < /etc/iptables.up.rules 45 | EOF 46 | chmod +x /etc/network/if-pre-up.d/iptables 47 | iptables-save > /etc/iptables.up.rules 48 | service networking restart 49 | service dnsmasq restart 50 | rm 1.sh 51 | -------------------------------------------------------------------------------- /bash/debian10_frrouting_install_cn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # YFsama Debian 10 OpenStack鏡像使用的安裝FRR脚本 4 | 5 | # 修改為清華鏡像源 6 | echo " 7 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 8 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 9 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 10 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 11 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 12 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 13 | deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 14 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 15 | " > /etc/apt/sources.list 16 | 17 | # 更改DNS 18 | echo "nameserver 8.8.8.8" > /etc/resolv.conf 19 | 20 | # 更新系統 組件 21 | apt update -y 22 | apt upgrade -y 23 | apt install -y curl gnupg2 traceroute 24 | 25 | # 安裝FRRouting 26 | 27 | curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - 28 | FRRVER="frr-stable" 29 | echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list 30 | sudo apt update -y && sudo apt install -y frr frr-pythontools 31 | 32 | # 開啓IP轉發 33 | echo " 34 | net.ipv4.conf.all.forwarding = 1 35 | net.ipv6.conf.all.disable_ipv6 = 0 36 | net.ipv6.conf.default.disable_ipv6 = 0 37 | net.ipv6.conf.lo.disable_ipv6 = 0 38 | net.ipv6.conf.default.forwarding = 1 39 | net.ipv6.conf.all.forwarding = 1 40 | net.ipv6.conf.all.proxy_ndp = 1 41 | net.ipv6.conf.all.accept_ra = 2 42 | " > /etc/sysctl.conf 43 | 44 | sysctl -p 45 | 46 | # 打开Frr全部功能 47 | sed -i "s/=no/=yes/g" /etc/frr/daemons 48 | service frr restart 49 | 50 | sudo vtysh -------------------------------------------------------------------------------- /bash/pve_cn_init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 变更更新源 4 | echo "deb https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian buster pve-no-subscription" >> /etc/apt/sources.list.d/pve-no-sub.list 5 | # 注释掉企业源 6 | echo "#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list 7 | 8 | 9 | # 开启嵌套虚拟化 10 | 11 | modprobe -r kvm_intel 12 | modprobe kvm_intel nested=1 13 | echo "options kvm_intel nested=1" >> /etc/modprobe.d/modprobe.conf 14 | 15 | # APT切换清华源 16 | echo " 17 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 18 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 19 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 20 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 21 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 22 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 23 | deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 24 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 25 | " > /etc/apt/sources.list 26 | 27 | # 更改DNS 28 | echo "nameserver 8.8.8.8" > /etc/resolv.conf 29 | 30 | 31 | # 更新系统 32 | 33 | apt update -y 34 | apt upgrade -y 35 | 36 | # 安装软件 37 | apt install curl wget ifupdown2 git zip -y 38 | 39 | # 開啓IP轉發 40 | echo " 41 | net.ipv4.conf.all.forwarding = 1 42 | net.ipv6.conf.all.disable_ipv6 = 0 43 | net.ipv6.conf.default.disable_ipv6 = 0 44 | net.ipv6.conf.lo.disable_ipv6 = 0 45 | net.ipv6.conf.default.forwarding = 1 46 | net.ipv6.conf.all.forwarding = 1 47 | net.ipv6.conf.all.proxy_ndp = 1 48 | net.ipv6.conf.all.accept_ra = 2 49 | " > /etc/sysctl.conf 50 | 51 | sysctl -p 52 | 53 | 54 | -------------------------------------------------------------------------------- /bash/cn_devstack_trystack_bionic.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # MercyCloud 服务开发环境搭建脚本 4 | # MercyCloud服务是基于ussuri发现版兼容,所以本脚本是在Ubuntu Bionic环境下安装ussuri发行版 5 | 6 | echo " 7 | deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse 8 | deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse 9 | 10 | deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse 11 | deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse 12 | 13 | deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse 14 | deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse 15 | 16 | deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse 17 | deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse 18 | 19 | deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse 20 | deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse 21 | " > /etc/apt/sources.list 22 | 23 | 24 | apt-get update 25 | 26 | apt-get install git 27 | 28 | mkdir ~/.pip 29 | echo " 30 | [global] 31 | index-url = https://mirrors.aliyun.com/pypi/simple/ 32 | 33 | [install] 34 | trusted-host=mirrors.aliyun.com 35 | " > ~/.pip/pip.conf 36 | 37 | 38 | 39 | sudo useradd -s /bin/bash -d /opt/stack -m stack 40 | echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack 41 | sudo su - stack 42 | 43 | git clone http://git.trystack.cn/openstack/devstack.git -b stable/ussuri 44 | 45 | mkdir ~/.pip 46 | echo " 47 | [global] 48 | index-url = https://mirrors.aliyun.com/pypi/simple/ 49 | 50 | [install] 51 | trusted-host=mirrors.aliyun.com 52 | " > ~/.pip/pip.conf 53 | 54 | 55 | 56 | 57 | # 修改為清華鏡像源 58 | echo " 59 | [[local|localrc]] 60 | 61 | 62 | ADMIN_PASSWORD=awsl 63 | DATABASE_PASSWORD=$ADMIN_PASSWORD 64 | RABBIT_PASSWORD=$ADMIN_PASSWORD 65 | SERVICE_PASSWORD=$ADMIN_PASSWORD 66 | 67 | # use TryStack git mirror 68 | GIT_BASE=http://git.trystack.cn 69 | NOVNC_REPO=http://git.trystack.cn/kanaka/noVNC.git 70 | SPICE_REPO=http://git.trystack.cn/git/spice/spice-html5.git 71 | " > ~/devstack/local.conf 72 | 73 | cd ~/devstack && ./stack.sh -------------------------------------------------------------------------------- /python/juniper-backup.py: -------------------------------------------------------------------------------- 1 | import paramiko 2 | import os 3 | import datetime 4 | 5 | # 定义要连接的Juniper MX304服务器信息 6 | servers = [ 7 | {'hostname': '192.168.1.1', 'username': 'admin', 'password': 'password', 'name': 'Server1'}, 8 | {'hostname': '192.168.1.2', 'username': 'admin', 'password': 'password', 'name': 'Server2'}, 9 | # 添加更多服务器信息 10 | ] 11 | 12 | # 获取当前日期时间,作为备份文件的标识 13 | timestamp = datetime.datetime.now().strftime('%Y%m%d_%H%M%S') 14 | 15 | # 遍历每个服务器 16 | for server in servers: 17 | hostname = server['hostname'] 18 | username = server['username'] 19 | password = server['password'] 20 | server_name = server['name'] 21 | 22 | # 定义每个服务器的备份目录 23 | server_backup_dir = os.path.join('./backup_configs/', server_name) 24 | 25 | # 创建服务器的备份目录(如果不存在) 26 | if not os.path.exists(server_backup_dir): 27 | os.makedirs(server_backup_dir) 28 | 29 | try: 30 | # 创建SSH客户端 31 | ssh = paramiko.SSHClient() 32 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 33 | ssh.connect(hostname, username=username, password=password,timeout=15) 34 | 35 | # 备份 display set 格式的配置文件 36 | stdin, stdout, stderr = ssh.exec_command('show configuration | display set') 37 | config_set_data = stdout.read().decode('utf-8') 38 | backup_filename_set = f'{server_name}_backup_set_{timestamp}.conf' 39 | backup_filepath_set = os.path.join(server_backup_dir, backup_filename_set) 40 | 41 | # 将 display set 配置文件内容写入备份文件 42 | with open(backup_filepath_set, 'w') as f: 43 | f.write(config_set_data) 44 | 45 | print(f'备份成功: {backup_filename_set}') 46 | 47 | # 备份普通格式的配置文件 48 | stdin, stdout, stderr = ssh.exec_command('show configuration') 49 | config_data = stdout.read().decode('utf-8') 50 | backup_filename_normal = f'{server_name}_backup_{timestamp}.conf' 51 | backup_filepath_normal = os.path.join(server_backup_dir, backup_filename_normal) 52 | 53 | # 将普通配置文件内容写入备份文件 54 | with open(backup_filepath_normal, 'w') as f: 55 | f.write(config_data) 56 | 57 | print(f'备份成功: {backup_filename_normal}') 58 | 59 | # 关闭SSH连接 60 | ssh.close() 61 | 62 | except Exception as e: 63 | print(f'无法连接到 {hostname}: {str(e)}') 64 | 65 | print('所有备份完成!') 66 | -------------------------------------------------------------------------------- /docker-compose/zabbix.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | zabbix-web-nginx-mysql: 5 | image: zabbix/zabbix-web-nginx-mysql:alpine-trunk 6 | restart: always 7 | environment: 8 | - DB_SERVER_HOST=zabbix-mysql 9 | - MYSQL_DATABASE=zabbix 10 | - MYSQL_USER=zabbix 11 | - MYSQL_PASSWORD=zabbix 12 | - MYSQL_ROOT_PASSWORD=cUR9CG5fPS5JSSTb 13 | - ZBX_SERVER_HOST=zabbix-server-mysql 14 | ports: 15 | - 8080:8080 16 | volumes: 17 | - /etc/localtime:/etc/localtime 18 | - /data/zabbix/fonts/DejaVuSans.ttf:/usr/share/zabbix/assets/fonts/DejaVuSans.ttf 19 | networks: 20 | - zbx_net 21 | depends_on: 22 | - zabbix-server-mysql 23 | - zabbix-mysql 24 | zabbix-mysql: 25 | image: mysql:8.0.37 26 | restart: always 27 | ports: 28 | - 3306:3306 29 | environment: 30 | - MYSQL_DATABASE=zabbix 31 | - MYSQL_USER=zabbix 32 | - MYSQL_PASSWORD=zabbix 33 | - MYSQL_ROOT_PASSWORD=cUR9CG5fPS5JSSTb 34 | command: 35 | - mysqld 36 | - --default-authentication-plugin=mysql_native_password 37 | - --character-set-server=utf8 38 | - --collation-server=utf8_bin 39 | volumes: 40 | - /etc/localtime:/etc/localtime 41 | - /data/zabbix/db:/var/lib/mysql 42 | networks: 43 | - zbx_net 44 | zabbix-java-gateway: 45 | image: zabbix/zabbix-java-gateway:alpine-trunk 46 | restart: always 47 | volumes: 48 | - /etc/localtime:/etc/localtime 49 | networks: 50 | - zbx_net 51 | zabbix-server-mysql: 52 | image: zabbix/zabbix-server-mysql:alpine-trunk 53 | restart: always 54 | volumes: 55 | - zabbix-server-vol:/etc/zabbix 56 | - /data/zabbix/alertscripts:/usr/lib/zabbix/alertscripts 57 | - /etc/localtime:/etc/localtime 58 | ports: 59 | - 10051:10051 60 | environment: 61 | - DB_SERVER_HOST=zabbix-mysql 62 | - MYSQL_DATABASE=zabbix 63 | - MYSQL_USER=zabbix 64 | - MYSQL_PASSWORD=zabbix 65 | - MYSQL_ROOT_PASSWORD=cUR9CG5fPS5JSSTb 66 | - ZBX_JAVAGATEWAY=zabbix-java-gateway 67 | - ZBX_JAVAGATEWAY_ENABLE=true 68 | - ZBX_JAVAGATEWAYPORT=10052 69 | - ZBX_CACHESIZE=8G 70 | - ZBX_WMWARECACHESIZE=4G 71 | depends_on: 72 | - zabbix-mysql 73 | networks: 74 | - zbx_net 75 | zabbix-agent: 76 | image: zabbix/zabbix-agent:alpine-trunk 77 | restart: always 78 | ports: 79 | - 10050:10050 80 | environment: 81 | - ZBX_HOSTNAME=Zabbix server 82 | - ZBX_SERVER_HOST=zabbix-server-mysql 83 | - ZBX_SERVER_PORT=10051 84 | networks: 85 | - zbx_net 86 | 87 | networks: 88 | zbx_net: 89 | driver: bridge 90 | 91 | volumes: 92 | zabbix-server-vol: 93 | -------------------------------------------------------------------------------- /bash/pve_cn_master_init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # 变更更新源 5 | echo "deb https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian buster pve-no-subscription" >> /etc/apt/sources.list.d/pve-no-sub.list 6 | # 注释掉企业源 7 | echo "#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list 8 | 9 | 10 | # 开启嵌套虚拟化 11 | 12 | modprobe -r kvm_intel 13 | modprobe kvm_intel nested=1 14 | echo "options kvm_intel nested=1" >> /etc/modprobe.d/modprobe.conf 15 | 16 | # APT切换清华源 17 | echo " 18 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 19 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free 20 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 21 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free 22 | deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 23 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free 24 | deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 25 | # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free 26 | " > /etc/apt/sources.list 27 | 28 | 29 | 30 | # 更新系统 31 | 32 | apt update -y 33 | apt upgrade -y 34 | 35 | # 安装软件 36 | apt install -y dig whois curl wget ifupdown2 git zip traceroute 37 | 38 | # 開啓IP轉發 39 | echo " 40 | net.ipv4.conf.all.forwarding = 1 41 | net.ipv6.conf.all.disable_ipv6 = 0 42 | net.ipv6.conf.default.disable_ipv6 = 0 43 | net.ipv6.conf.lo.disable_ipv6 = 0 44 | net.ipv6.conf.default.forwarding = 1 45 | net.ipv6.conf.all.forwarding = 1 46 | net.ipv6.conf.all.proxy_ndp = 1 47 | net.ipv6.conf.all.accept_ra = 2 48 | " > /etc/sysctl.conf 49 | 50 | sysctl -p 51 | 52 | 53 | # 创建一张NAT网卡备用 54 | 55 | cat >> /etc/network/interfaces <<'EOF' 56 | 57 | auto vmbr3 58 | iface vmbr3 inet static 59 | address 10.21.0.254 60 | netmask 255.255.255.0 61 | bridge_ports none 62 | bridge_stp off 63 | bridge_fd 0 64 | EOF 65 | 66 | 67 | iptables -t nat -A POSTROUTING -s 10.21.0.254/24 -j MASQUERADE 68 | cat > /etc/network/if-pre-up.d/iptables <<'EOF' 69 | #!/bin/bash 70 | /sbin/iptables-restore < /etc/iptables.up.rules 71 | EOF 72 | chmod +x /etc/network/if-pre-up.d/iptables 73 | iptables-save > /etc/iptables.up.rules 74 | 75 | 76 | # 下载系统 77 | mdkir ~/system 78 | cd ~/system 79 | wget http://cn.system.down.hstack.io:9886/system_wget.log 80 | wget -i system_wget.log 81 | rm -f system_wget.log 82 | 83 | dir=* #当前目录 84 | vmid=2000 85 | for i in ${dir} 86 | do 87 | if [ $i == $0 ] 88 | then 89 | continue 90 | fi 91 | qm create $vmid --name ${i%.qcow2} --agent 1 92 | qm importdisk $vmid $i $1 93 | qm set $vmid --virtio0 $1:vm-$vmid-disk-0 94 | qm set $vmid --boot c --bootdisk virtio0 95 | # qm set $num --serial0 socket --vga serial0 96 | qm set $vmid --ide2 $1:cloudinit 97 | qm template $vmid 98 | vmid=$((vmid+1)) 99 | done 100 | -------------------------------------------------------------------------------- /bash/Readme.md: -------------------------------------------------------------------------------- 1 | # MoYu脚本 2 | 3 | ## 网络相关摸鱼脚本 4 | 5 | ### 安装GOBGP(AMD64默认) 6 | 7 | ``` 8 | #wget 9 | wget -O - https://bash.rbq.sh/bash/gobgp.sh | bash 10 | #curl 11 | curl https://bash.rbq.sh/bash/gobgp.sh | bash 12 | ``` 13 | 14 | ### Linux路由器起始配置 15 | 16 | 开启MPLS,安装FRR(附加RPKI,启用常用的路由协议 )及BGPQ4,在/root目录放一个开机启动文件 17 | 18 | ``` 19 | #wget 20 | wget -O - https://bash.rbq.sh/bash/linux_router_kickstart.sh | bash 21 | #curl 22 | curl https://bash.rbq.sh/bash/linux_router_kickstart.sh | bash 23 | ``` 24 | 25 | ## Proxmox配置摸鱼脚本 26 | 27 | ### 引入模版 28 | 29 | ~~~bash 30 | #wget 31 | wget -O - https://bash.rbq.sh/bash/pve-import-template.sh | bash 32 | #curl 33 | curl https://bash.rbq.sh/bash/pve-import-template.sh | bash 34 | ~~~ 35 | 36 | Thanks: https://github.com/balthild/pve-import-template 37 | 38 | ### 配置NAT网卡+DHCP 39 | 40 | 来自狗蛋的PVE网卡脚本,原本只有PVE5版本,咱在基础上改了一下也能支持PVE6了 41 | 42 | #### PVE5 43 | 44 | ~~~bash 45 | #wget 46 | wget -O - https://bash.rbq.sh/bash/pve5_nat_dog.sh | bash 47 | #curl 48 | curl https://bash.rbq.sh/bash/pve5_nat_dog.sh | bash 49 | ~~~ 50 | 51 | #### PVE6 52 | 53 | 54 | ~~~bash 55 | #wget 56 | wget -O - https://bash.rbq.sh/bash/pve6_nat_dog.sh | bash 57 | #curl 58 | curl https://bash.rbq.sh/bash/pve6_nat_dog.sh | bash 59 | ~~~ 60 | 61 | ### 中科大PVE更新源 62 | 63 | 切换中科大免订阅源 64 | 65 | ~~~bash 66 | #wget 67 | wget -O - https://bash.rbq.sh/bash/pve6_non_ustc_cn_source.sh | bash 68 | #curl 69 | curl https://bash.rbq.sh/bash/pve6_non_ustc_cn_source.sh | bash 70 | ~~~ 71 | 72 | 73 | ### 清华PVE更新源 74 | 75 | 清华免订阅源 76 | 77 | ~~~bash 78 | #wget 79 | wget -O - https://bash.rbq.sh/bash/pve6_non_tuna_cn_source.sh | bash 80 | #curl 81 | curl https://bash.rbq.sh/bash/pve6_non_tuna_cn_source.sh | bash 82 | ~~~ 83 | 84 | ### 配置NAT网卡 85 | 86 | 没DHCP服务干干净净的配置NAT网卡脚本 87 | 88 | ~~~bash 89 | #wget 90 | wget -O - https://bash.rbq.sh/bash/vmbr_iptables_nat_init.sh | bash 91 | #curl 92 | curl https://bash.rbq.sh/bash/vmbr_iptables_nat_init.sh | bash 93 | ~~~ 94 | 95 | ### PVE习惯性配置 96 | 97 | YF平时习惯性给PVE的一些配置 98 | 99 | ~~~bash 100 | #wget 101 | wget -O - https://bash.rbq.sh/bash/pve_cn_init.sh | bash 102 | #curl 103 | curl https://bash.rbq.sh/bash/pve_cn_init.sh | bash 104 | ~~~ 105 | 106 | 107 | ## 通用 108 | 109 | ### UFW放行OSPF 110 | 111 | 在UFW防火墙中放行OSPF协议 112 | Ubuntu WDNMD(就因为ufw搞定咱排查了半天 113 | 114 | ~~~bash 115 | #wget 116 | wget -O - https://bash.rbq.sh/bash/ufw_ospf.sh | bash 117 | #curl 118 | curl https://bash.rbq.sh/bash/ufw_ospf.sh | bash 119 | ~~~ 120 | 121 | ### 安装作曲家 122 | 123 | 没啥好说,使用需要先安装好php 124 | 125 | ~~~bash 126 | #wget 127 | wget -O - https://bash.rbq.sh/bash/get_composer_cn.sh | bash 128 | #curl 129 | curl https://bash.rbq.sh/bash/get_composer_cn.sh | bash 130 | ~~~ 131 | 132 | 133 | ### 配置系统模板基础 134 | 135 | 让纯净的系统安装一些软件+支持各种云 136 | 137 | ~~~bash 138 | #wget 139 | wget -O - https://bash.rbq.sh/bash/cloudinit_install.sh | bash 140 | #curl 141 | curl https://bash.rbq.sh/bash/cloudinit_install.sh | bash 142 | ~~~ 143 | 144 | ## 需配置脚本 145 | 146 | ### 自动拉代码 147 | 148 | 请下载后自己更改 149 | 150 | ~~~bash 151 | #wget 152 | wget https://bash.rbq.sh/bash/pull_code.sh 153 | ~~~ 154 | 155 | ### 自动拉代码 156 | 157 | 请下载后自己更改 158 | 159 | ~~~bash 160 | #wget 161 | wget https://bash.rbq.sh/bash/pull_code.sh 162 | ~~~ 163 | -------------------------------------------------------------------------------- /python/backup-r2.py: -------------------------------------------------------------------------------- 1 | import os 2 | import boto3 3 | from botocore.client import Config 4 | from botocore.exceptions import NoCredentialsError 5 | 6 | # Cloudflare R2 配置 7 | r2_access_key_id = 'your_access_key_id' 8 | r2_secret_access_key = 'your_secret_access_key' 9 | r2_bucket_name = 'your_bucket_name' 10 | r2_endpoint_url = 'https://your_r2_endpoint_url' 11 | 12 | # 初始化R2的S3客户端,使用指定的签名版本 13 | s3_client = boto3.client('s3', 14 | endpoint_url=r2_endpoint_url, 15 | aws_access_key_id=r2_access_key_id, 16 | aws_secret_access_key=r2_secret_access_key, 17 | config=Config(signature_version='s3v4')) 18 | 19 | # 定义本地备份目录 20 | backup_root_dir = '/backup' 21 | 22 | def file_exists_in_r2(bucket_name, object_name): 23 | """检查R2中是否存在指定的文件""" 24 | try: 25 | s3_client.head_object(Bucket=bucket_name, Key=object_name) 26 | return True 27 | except Exception: 28 | return False 29 | 30 | def upload_to_r2(file_path, bucket_name, object_name=None): 31 | """上传文件到Cloudflare R2,如果文件不存在""" 32 | if object_name is None: 33 | object_name = os.path.basename(file_path) 34 | 35 | if file_exists_in_r2(bucket_name, object_name): 36 | print(f'文件已存在: {object_name}, 跳过上传') 37 | else: 38 | try: 39 | s3_client.upload_file(file_path, bucket_name, object_name) 40 | print(f'上传成功: {file_path} 到 R2 -> {object_name}') 41 | except FileNotFoundError: 42 | print(f'文件未找到: {file_path}') 43 | except NoCredentialsError: 44 | print('无法访问凭证,上传失败') 45 | except Exception as e: 46 | print(f'上传到R2时发生错误: {str(e)}') 47 | 48 | def list_r2_files(bucket_name, prefix=''): 49 | """列出R2存储桶中的所有文件,并按最后修改时间排序""" 50 | try: 51 | response = s3_client.list_objects_v2(Bucket=bucket_name, Prefix=prefix) 52 | files = response.get('Contents', []) 53 | files.sort(key=lambda x: x['LastModified'], reverse=True) 54 | return files 55 | except Exception as e: 56 | print(f'列出R2文件时发生错误: {str(e)}') 57 | return [] 58 | 59 | def delete_r2_file(bucket_name, key): 60 | """从R2删除指定的文件""" 61 | try: 62 | s3_client.delete_object(Bucket=bucket_name, Key=key) 63 | print(f'删除文件: {key}') 64 | except Exception as e: 65 | print(f'删除R2文件时发生错误: {str(e)}') 66 | 67 | def manage_r2_files(bucket_name, prefix='', max_files=50): 68 | """确保R2上只保留最新的 max_files 份备份文件""" 69 | files = list_r2_files(bucket_name, prefix) 70 | if len(files) > max_files: 71 | for file in files[max_files:]: 72 | delete_r2_file(bucket_name, file['Key']) 73 | 74 | def sync_backups_to_r2(backup_root_dir, max_files=50): 75 | """同步本地备份到 R2,并管理保留的文件数量""" 76 | for root, _, files in os.walk(backup_root_dir): 77 | for file_name in files: 78 | file_path = os.path.join(root, file_name) 79 | relative_path = os.path.relpath(file_path, backup_root_dir) 80 | 81 | # 上传文件到Cloudflare R2 82 | upload_to_r2(file_path, r2_bucket_name, object_name=relative_path) 83 | 84 | # 同步后管理R2上的文件数量,保留最新的max_files个文件 85 | manage_r2_files(r2_bucket_name, prefix=os.path.dirname(relative_path), max_files=max_files) 86 | 87 | # 执行同步操作 88 | sync_backups_to_r2(backup_root_dir, max_files=50) 89 | 90 | print('同步完成!') 91 | -------------------------------------------------------------------------------- /bash/linux_router_kickstart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 安装FRR+RPKI 优化系统加载项 开启MPLS 在 ~ 预留一个开机启动的文件 4 | 5 | # System Update 6 | apt update -y 7 | apt upgrade -y 8 | apt install -y curl gnupg2 traceroute net-tools tcpdump wget lsb-release sudo 9 | 10 | # Install BGPQ4 11 | apt install -y libtool autoconf g++ make 12 | wget https://github.com/bgp/bgpq4/archive/refs/tags/1.9.tar.gz 13 | tar -xzvf 1.9.tar.gz 14 | cd bgpq4-1.9/ 15 | ./bootstrap 16 | ./configure 17 | make 18 | make install 19 | 20 | cd ~ 21 | 22 | # FRR INSTALLL 23 | curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - 24 | FRRVER="frr-stable" 25 | echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list 26 | sudo apt update -y && sudo apt install -y frr frr-pythontools 27 | 28 | #开启常用的协议 29 | sed -i "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons 30 | sed -i "s/ospf6d=no/ospf6d=yes/g" /etc/frr/daemons 31 | sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons 32 | sed -i "s/bfdd=no/bfdd=yes/g" /etc/frr/daemons 33 | sed -i "s/pbrd=no/pbrd=yes/g" /etc/frr/daemons 34 | sed -i "s/isisd=no/isisd=yes/g" /etc/frr/daemons 35 | sed -i "s/ldpd=no/ldpd=yes/g" /etc/frr/daemons 36 | sed -i "s/pathd=no/pathd=yes/g" /etc/frr/daemons 37 | 38 | # RPKI 39 | apt install -y frr-rpki-rtrlib 40 | sed -i 's/\(bgpd_options=".*\)"$/\1 -M rpki"/' /etc/frr/daemons 41 | 42 | service frr restart 43 | 44 | # 长期 添加 Modules 45 | echo " 46 | mpls_router 47 | mpls_gso 48 | mpls_iptunnel 49 | " >> /etc/modules-load.d/modules.conf 50 | 51 | # 临时加载 52 | modprobe mpls_router 53 | modprobe mpls_gso 54 | modprobe mpls_iptunnel 55 | 56 | # Sysctl Addons 57 | echo " 58 | 59 | #Script Addons Start 60 | 61 | net.ipv4.conf.all.forwarding = 1 62 | net.ipv6.conf.all.disable_ipv6 = 0 63 | net.ipv6.conf.all.forwarding = 1 64 | 65 | # see details in https://help.aliyun.com/knowledge_detail/39428.html 66 | net.ipv4.conf.all.rp_filter = 0 67 | net.ipv4.conf.default.rp_filter = 0 68 | net.ipv4.conf.default.arp_announce = 2 69 | net.ipv4.conf.lo.arp_announce = 2 70 | net.ipv4.conf.all.arp_announce = 2 71 | 72 | # see details in https://help.aliyun.com/knowledge_detail/41334.html 73 | net.ipv4.tcp_max_tw_buckets = 5000 74 | net.ipv4.tcp_syncookies = 1 75 | net.ipv4.tcp_max_syn_backlog = 1024 76 | net.ipv4.tcp_synack_retries = 2 77 | net.ipv4.tcp_slow_start_after_idle = 0 78 | 79 | # BBR 80 | net.core.default_qdisc=fq 81 | net.ipv4.tcp_congestion_control=bbr 82 | 83 | # TCP 84 | 85 | net.ipv4.tcp_syncookies = 1 86 | net.ipv4.tcp_tw_reuse = 1 87 | net.ipv4.tcp_fin_timeout = 30 88 | net.ipv4.tcp_syn_retries = 2 89 | vm.swappiness=1 90 | net.core.rmem_max=16777216 91 | net.core.wmem_max=16777216 92 | net.ipv4.tcp_rmem=4096 212992 16777216 93 | net.ipv4.tcp_wmem=4096 212992 16777216 94 | 95 | # VRF DOT REMOVE IPV6 96 | net.ipv6.conf.all.keep_addr_on_down=1 97 | 98 | #Script Addons End 99 | 100 | # MPLS 101 | 102 | net.mpls.conf.lo.input=1 103 | net.mpls.conf.dummy0.input=1 104 | 105 | net.mpls.platform_labels=1048575 106 | 107 | " >> /etc/sysctl.conf 108 | 109 | 110 | # 开机启动脚本 111 | 112 | echo " 113 | [Unit] 114 | Description=Startup Script 115 | 116 | [Service] 117 | ExecStart=/root/startup.sh 118 | 119 | [Install] 120 | WantedBy=default.target 121 | 122 | " > /etc/systemd/system/startup.service 123 | 124 | echo "" >> /root/startup.sh 125 | 126 | chmod +x /root/startup.sh 127 | 128 | systemctl enable startup 129 | 130 | --------------------------------------------------------------------------------