ss+dnsmasq+dnscrypt2

#!/bin/bash

ssh "$*" "[ -f /opt/etc/toggle_proxy.sh ]  && /opt/etc/toggle_proxy.sh disable"

self="$(curl -sS https://raw.githubusercontent.com/zw963/deployment_bash/v0.4.9/deploy_start.sh)" && eval "$self"

export target=$1

config=./router/ss/opt/etc/shadowsocks.json
if [ ! -e $config ];then
    echo "Please add ${config} before deploy."
    exit
fi

copy router/ss/opt/etc/apply_iptables_rule.sh /opt/etc
copy router/ss/opt/etc/apply_ipset_rule.sh /opt/etc
copy router/ss/opt/etc/patch_router /opt/etc
copy router/ss/opt/etc/switch_proxy.sh /opt/etc
copy router/ss/opt/etc/shadowsocks.* /opt/etc

copy router/opt/etc/dnscrypt-proxy.toml /opt/etc
copy router/opt/etc/dnsmasq.d/foreign_domains.conf /opt/etc/dnsmasq.d/foreign_domains.conf
copy router/opt/etc/restart_dnsmasq /opt/etc

copy router/opt/etc/clean_iptables_rule.sh /opt/etc
copy router/opt/etc/toggle_proxy.sh /opt/etc
copy router/opt/etc/localips /opt/etc
copy router/opt/etc/update_ip_whitelist /opt/etc
copy router/opt/etc/update_dns_whitelist /opt/etc
copy router/opt/etc/enable_swap.sh /opt/etc

[ -e router/opt/etc/user_ip_whitelist.txt ] && copy router/opt/etc/user_ip_whitelist.txt /opt/etc
[ -e router/opt/etc/user_domain_name_whitelist.txt ] && copy router/opt/etc/user_domain_name_whitelist.txt /opt/etc
[ -e router/opt/etc/user_domain_name_blocklist.txt ] && copy router/opt/etc/user_domain_name_blocklist.txt /opt/etc
[ -e router/opt/etc/user_domain_name_gfwlist.txt ] && copy router/opt/etc/user_domain_name_gfwlist.txt /opt/etc

deploy_start

# ----------------------------------------------------
#
# 下面的脚本会在远程路由器之上执行, 请根据所需，酌情修改。
#
# ---------------------------------------------------

# 如果第一次运行本脚本, 请务必初始化 entware 包管理系统.
# ssh 登陆路由器, 执行 entware-setup.sh, 选择 1'

if ! opkg update; then
    echo "Run \`opkg update' failed."
    echo "Run \`entware-setup.sh' to initalize entware-ng!"
    exit
else
    opkg upgrade
fi

# 如果不存在 ipset (例如 AC66U), 首先安装 ipset4
which ipset &>/dev/null || opkg install ipset4

# 添加 AC87U 的 ipset protocal version 6 的 iptables/ipset 支持.
ipset_protocal_version=$(ipset -v |grep -o 'version.*[0-9]' |head -n1 |cut -d' ' -f2)

set -e

opkg install libc libssp libev libmbedtls libpcre libpthread libsodium haveged zlib libopenssl

if opkg find shadowsocks-libev |grep -qs -e '.*'; then
    opkg install shadowsocks-libev
elif opkg find shadowsocks-libev-ss-redir |grep -qs -e '.*'; then
    opkg install shadowsocks-libev-config shadowsocks-libev-ss-redir
fi

opkg --autoremove remove dnscrypt-proxy
opkg install dnscrypt-proxy2_nohf
opkg install bind-dig

if [ "$ipset_protocal_version" == 6 ]; then
    # AC87U 无需安装新版的 iptables/ipset
    echo 'skip install iptables command'
else
    # AC66U, 需要额外安装新版的 iptables
    opkg install iptables
fi

# ----------------------------------------------------
#
# 下面执行一些脚本检查与替换。
#
# ---------------------------------------------------

# 确保 shadowsocks.json 中的 local_address 替换为路由器 ip 地址。
replace_regex '"local_address".*' '"local_address":'" \"$targetip\"," /opt/etc/shadowsocks.json

# 将 dnscrypt 作为 dnsmasq 的上游 DNS 服务器
replace_regex 'server=/#/.*' 'server=/#/127.0.0.1#65053' /opt/etc/dnsmasq.d/foreign_domains.conf
#
# 默认 shadowsocks 启动脚本使用 ss-redir 而不是 ss-local, 端口 1080.
replace_string ss-local ss-redir /opt/etc/init.d/S22shadowsocks

# ----------------------------------------------------
#
# 设定脚本执行权限
#
# ---------------------------------------------------

cd /opt/etc

chmod +x apply_ipset_rule.sh \
      apply_iptables_rule.sh \
      clean_iptables_rule.sh \
      patch_router \
      restart_dnsmasq \
      toggle_proxy.sh \
      switch_proxy.sh \
      update_dns_whitelist \
      update_ip_whitelist \
      enable_swap.sh \
      /jffs/scripts/services-start

# ----------------------------------------------------
#
# 启动所需的脚本
#
# ---------------------------------------------------

# 每隔 1 分钟检测下所有的服务是否运行.
add_service wan-start 'cru a run-services "*/1 * * * *" "/jffs/scripts/services-start"'
# 星期一的 3:25 分升级 IP 白名单.
add_service wan-start 'cru a update_ip_whitelist "25 3 * * 2" "/opt/etc/update_ip_whitelist"'
# 星期一的 4:25 分升级域名白名单.
add_service wan-start 'cru a update_dns_whitelist "25 4 * * 2" "/opt/etc/update_dns_whitelist"'
# 确保即使不重启，也将 wan-start 中的任务加入 crontab
/jffs/scripts/wan-start

# Disable enable swap file because merlin introduce it in AMPM.
# # 打开swap
# echo 'Enabling swap'
# /opt/etc/enable_swap.sh
# add_service post-mount '/opt/etc/enable_swap.sh'

# 更新 IP 白名单和 DNS 白名单.
/opt/etc/update_ip_whitelist
/opt/etc/update_dns_whitelist

# 如果 DHCP 重新分配 IP 地址时, 会清除 iptables rule, 此时重新应用 iptables
add_service dhcpc-event '/opt/etc/apply_iptables_rule.sh'

set +e
/jffs/scripts/services-stop
set -e
/jffs/scripts/services-start

# 在所有服务启动之后, 运行 /opt/etc/patch_router 为 dnsmasq 追加配置, 并重启 dnsmasq 服务.
add_service services-start '[ -f /tmp/patch_router_is_run ] || /opt/etc/patch_router'
/opt/etc/patch_router