deploy_side_router

#!/bin/bash

self="$(\curl -sS https://gitlab.com/zw963/deployment_bash/-/raw/v0.8.9/deploy_start.sh)" && eval "$self"

export_variable target=$1
export_variable arch=${router_arch-linux-amd64}

echo "Set \$router_arch env to e.g. \`linux-arm32-v5' for deploy Xray into ASUS AC5300 router.
For the correct Arch name, check https://github.com/XTLS/Xray-core/releases assets.
Current arch using: ${arch}"

config_folder=./downloaded_binary/${arch}
config=${config_folder}/config.json

if [ ! -f "$config" ];then
    echo "Please create ${config} or generate it use ./deploy_server root@some_ip before deploy to side router."
    exit 1
fi

assets=(geoip.dat geosite.dat geoip-only-cn-private.dat v2ray xray)

for i in "${assets[@]}"; do
    if [ ! -f "${config_folder}/$i" ];then
        echo "${config_folder}/$i is missing, predownload it use ./deploy_server root@some_ip before deploy to router."
        exit 1
    fi
done

echo 'Copy downloaded binary to router ...'
copy $config_folder downloaded_binary

if cat $config |grep -qs '"protocol": "vless"'; then
    service_name=xray
else
    service_name=v2ray
fi

if [ "$use_xtls" ]; then
    export_variable service_name=xray
else
    export_variable service_name=${service_name}
fi

echo "Set \$use_xtls=true if prefer deploy Xray instead of V2ray.
Current auto-detect: ${service_name}.
"

function postinstall () {
    set -u
    echo
    echo 'Please waiting for 3 seconds to check google available ...'

    sleep 3

    sh /opt/etc/check_google_use_socks5.sh

    check_google=$(curl -so /dev/null -w 'Google: %{http_code}\n' google.com)
    if [[ "$check_google" =~ 301|200 ]]; then
        echo "visit google successful, Your's ip is: $(curl http://ipecho.net/plain; echo)"
    else
        echo 'visit google failed, something was wrong!'
    fi
}

ssh "$*" "sudo mkdir -p /opt/etc /opt/sbin /var/log/${service_name}"
copy router/opt/etc/apply_iptables_rule.sh /opt/etc/
copy router/opt/etc/clean_iptables_rule.sh /opt/etc
copy router/opt/etc/update_geodata.sh /opt/etc
copy router/opt/etc/toggle_proxy.sh /opt/etc
copy router/opt/etc/patch_router /opt/etc
copy router/opt/etc/iptables-rule.service /etc/systemd/system
copy router/opt/etc/check_google_use_proxy.sh /opt/etc
copy router/opt/etc/check_google_use_socks5.sh /opt/etc
copy router/opt/etc/debug_v2ray.sh /opt/etc

deploy_start

set -eu

# --------------------------------------------------------------------------------
#
# Following script will be run on router, please change it to meet your's need.
#
# -------------------------------------------------------------------------------

#
# 如果第一次运行本脚本, 请务必注意以下几点：

# 1. 软路由设定使用固定 IP,
# 2. 软路由将 gateway 以及 dns1 指定到你的主路由(WiFi 路由器) IP.
# 3. 以上设定完后，在主路由通过(路由器的) web 界面，将网关(gateway)以及第一个 dns(dns1)
#    软路由 IP 地址.

# 以 centos 7 为例，需要针对 /etc/sysconfig/network-scripts/ifcfg-enp0s25
# 做如下更改：(enp0s25 为网卡 interface)
# - 修改 BOOTPROTO=none
# - 设定 IPADDR=192.168.50.111 (同网段任意固定 IP)
# - 设定 GATEWAY=192.168.50.1 (主路由器 IP)
# - 设定 DNS1=192.168.50.1 (主路由 IP)
# - 设定 PREFIX=24 (用来初始化 netmask 等)
# - for centos 7, systemctl restart network OR
#    for centos 8, nmcli connection down enp0s25 && sudo nmcli connection up enp0s25
# - 关闭 firewalld, 因为它可能会造成 iptables-rule.service 在启动时失败。

# 最后，可选的，打开 /etc/systemd/logind.conf, 修改为如下设置，来避免关闭盖子待机。
# [Login]
# HandleLidSwitch=ignore
# HandleLidSwitchDocked=ignore

# 还需要阻止自动 suspend, 以及 hibernate.(取消使用 unmask 替换 mask)
# $ systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

cd downloaded_binary

if ! ./$service_name version &>/dev/null; then
    echo "Invalid $service version/arch supported by current side router, please download correct version."
    exit
fi

set +e
systemctl stop ${service_name}
set -e

cp $service_name geosite.dat geoip-only-cn-private.dat /opt/sbin/
cp services/{$service_name.service,$service_name@.service} /etc/systemd/system
cp config.json /opt/etc

replace_regex1 'RestartPreventExitStatus=23' 'RestartPreventExitStatus=23
# Added by user
LimitNPROC=500
LimitNOFILE=1000000' /etc/systemd/system/$service_name.service
replace_regex1 'RestartPreventExitStatus=23' 'RestartPreventExitStatus=23
# Added by user
LimitNPROC=500
LimitNOFILE=1000000' /etc/systemd/system/$service_name@.service
replace_string1 "/usr/local/bin/$service_name run -config /etc/$service_name/config.json" "/opt/sbin/$service_name run -config /opt/etc/config.json" /etc/systemd/system/$service_name.service
replace_string1 "/usr/local/bin/$service_name run -config /etc/$service_name/%i.json" "/opt/sbin/$service_name run -config /opt/etc/%i.json" /etc/systemd/system/$service_name@.service
systemctl daemon-reload

# ----------------------------------------------------
#
# 下面执行一些脚本检查与替换。
#
# ---------------------------------------------------

cd /opt/etc
chmod +x apply_iptables_rule.sh \
      clean_iptables_rule.sh \
      update_geodata.sh \
      toggle_proxy.sh \
      patch_router \
      check_google_use_proxy.sh \
      check_google_use_socks5.sh \
      debug_v2ray.sh

# 默认配置文件适用于路由器配合 dnsmasq 一起使用，使用旁路由时，直接在 53 端口监听即可。
replace_string '65053' '53' /opt/etc/config.json

/opt/etc/clean_iptables_rule.sh && chmod -x /opt/etc/apply_iptables_rule.sh
chmod +x /opt/etc/apply_iptables_rule.sh && /opt/etc/apply_iptables_rule.sh

# ----------------------------------------------------
#
# 启动所需的脚本
#
# ---------------------------------------------------

set +e
systemctl disable firewalld &>/dev/null
systemctl stop firewalld &>/dev/null
set -e

systemctl daemon-reload && systemctl start ${service_name} && systemctl enable ${service_name} && systemctl status ${service_name}
systemctl start iptables-rule &&  systemctl enable iptables-rule
cp /opt/etc/update_geodata.sh /etc/cron.weekly/

config_sysctl_for_proxy

# 旁路由必须开启 ip_forward v4，否则主机无法使用 ssh
sed -i 's/# net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.d/99-proxy.conf

/opt/etc/patch_router && echo "Congratulations, [0m[33mDeploy succssful[0m!"
echo 'Remember run `sysctl -w net.ipv4.ip_forward=1 && sysctl -p'