[c-alert type=”success”]https://lod.pub/ 彼寄-章鱼星球折腾记 [/c-alert]
[TOC]
ATV固件 安装(含CE安装)
硬件准备
- 双公USB数据线
- U盘
- windows系统的电脑
- 鼠标/键盘
软件准备
- 晶晨官方的USB Burning Tool
- rufus/或者Linux系统的dd
- ATV ROM
- CoreELEC官方ROM
- CoreELEC的dtb
- 修改版bootloader
简单整理了一下章鱼的资源,下载可以来这里
操作步骤
1.U盘烧录CoreELEC官方rom dd if=img of=/dev/mmcblk0 bs=1M
2.将 CE专用的dtb 文件放置到u盘根目录
3.将U盘插入盒子 通电启动 进入CE系统,配置网络和SSH等
4.scp传输修改版bootloader到盒子
5.SSH连接到盒子, 刷入修改版bootloader
dd if=./bootloader of=/dev/mmcblk0 bs=1M
5.打开USB Burning Tools 选择ATV镜像
6.盒子断电,找跟牙签或者同样粗细的东西,插入RESET口,同时使用双公头连接电脑和盒子,几秒后松开RESET,开始刷机。
7.等待数分钟后,刷机完成。重新通电 & enjoy.
安装 armbian
软硬件准备同上,我这里使用的是SD卡
官方镜像一枚(建议桌面版,可以不需要但不能没有)
操作步骤
1.使用Rufus 或者 dd 刷入镜像
sudo dd bs=4M if=Armbian_20.10_Arm-64_bionic_current_5.9.0.img of=/dev/sdb
2.修改BOOT分区中 extlinux 目录下的extlinux.conf,aml s9xxx栏下 改为 meson-gxm-s912-libretech-pc.dtb 除本行和最后一行外多余部分用#号注释掉
3.根目录下找到合适的SOC型号,文件名修改为u-boot.ext
4.下载终端模拟器ansole.apk到U盘,插入章鱼盒子,通电开机
5.安装ansole,并进入终端,输入reboot update 重启
6.进入armbian,进行配置。
armbian禁用zram
参考这里
armbian 安装和使用 docker
安装
root身份执行
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh --mirror Aliyun
启动
docker 容器时差问题解决
#方法一:重启容器,添加以下参数
-v /etc/localtime:/etc/localtime:ro
#方法二:不重启容器的话,复制文件到容器中
docker cp /etc/localtime [containerId]:/etc/localtime
#方法三:启动容器时,添加环境变量(推荐)
-e LC_ALL="en_US.UTF-8" -e TZ="Asia/Shanghai"
#查看容器内的时间和本机时间
$docker exec [containerId] date
$date
镜像加速
登录到阿里云容器面板 进入镜像加速界面
操作文档 Ctrl CV
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["你的镜像加速链接"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
安装 portainer
docker pull portainer/portainer-ce:linux-arm64
docker volume create portainer_data
docker run --name portainer -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:linux-arm64
docker update --restart=always portainer
安装 openwrt
# openwrt
ip link set eth0 promisc on
docker network create -d macvlan --subnet=10.10.10.0/24 --gateway=10.10.10.1 -o parent=eth0 -o macvlan_mode=bridge macnet
docker import openwrt-bcm27xx-bcm2710-rpi-3-rootfs.tar.gz
docker run --name openwrt --restart always -d --network macnet --privileged openwrt /sbin/init
docker exec -it openwrt sh # 配置自身ipv4
docker restart openwrt # web界面配置网关 关闭DHCP
# 甜糖部署
docker pull ericwang2006/ttnode
docker run -itd -v /mnt/data/ttnode:/mnts --name ttnode --net=macnet --ip=10.10.10.12 --dns=114.114.114.114 --mac-address C2:F2:9C:C5:B2:77 --privileged=true --restart=always ericwang2006/ttnode
docker exec -it ttnode /bin/bash # 配置帐号
# UPnP出现问题可以在主路由中设置dmz(防火墙) 配置文件如下
#
config redirect
option src wan
option proto all
option dest_ip 10.10.10.12
option target DNAT
vim /etc/network/interfaces
# Wired adapter #1
# 为 eth0 分配地址
#auto eth0
#allow-hotplug eth0
#no-auto-down eth0
#iface eth0 inet static
# address 10.10.10.11
# netmask 255.255.255.0
# gateway 10.10.10.1
# dns-nameservers 10.10.10.1
# pre-up ifconfig eth0 hw ether de:a5:bc:9c:b9:b4
# up ip link set eth0 promisc on
# 不为 eth0 分配地址
auto eth0
#allow-hotplug eth0
#no-auto-down eth0
iface eth0 inet manual
#iface eth0 inet static
#address 192.168.1.100
#netmask 255.255.255.0
#gateway 192.168.1.1
#dns-nameservers 192.168.1.1
# hwaddress ether # if you want to set MAC manually
# pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838
auto macvlan
iface macvlan inet static
hostname Octopus
address 10.10.10.11
netmask 255.255.255.0
gateway 10.10.10.1
dns-nameservers 10.10.10.1
pre-up ip link add macvlan link eth0 type macvlan mode bridge
post-down ip link del macvlan link eth0 type macvlan mode bridge
# Wireless adapter #1
# Armbian ships with network-manager installed by default. To save you time
# and hassles consider using 'sudo nmtui' instead of configuring Wi-Fi settings
# manually. The below lines are only meant as an example how configuration could
# be done in an anachronistic way:
#
#allow-hotplug wlan0
#iface wlan0 inet dhcp
#address 192.168.0.100
#netmask 255.255.255.0
#gateway 192.168.0.1
#dns-nameservers 8.8.8.8 8.8.4.4
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Disable power saving on compatible chipsets (prevents SSH/connection dropouts over WiFi)
#wireless-mode Managed
#wireless-power off
# Local loopback
auto lo
iface lo inet loopback
修复SSH欢迎界语句无IP显示问题
vim /etc/update-motd.d/30-armbian-sysinfo
#SHOW_IP_PATTERN="^bond.*|^[ewr].*|^br.*|^lt.*|^umts.*|^lan.*"
# Add pattern for macvlan match by Chen on 2021-2-1.
SHOW_IP_PATTERN="^bond.*|^[ewr].*|^br.*|^lt.*|^umts.*|^lan.*|^mac.*"
宿主机与 docker 容器互联
ip route add 10.10.10.10 dev macvlan
宿主机设置网关为docker openwrt
#修改默认路由
route del default
ip route add default via 10.10.10.10 dev macvlan
#恢复原配置
route del default
ip route add default via 10.10.10.1 dev eth0
定时调整灯光
crontab -e
#夜间模式灯光
40 22 * * * /usr/bin/bash -c 'cd /home/用户目录/python-yeelight && python /home/用户目录/python-yeelight/light_auto_night_mode.py' >> Light.log
#日间模式灯光
40 6 * * * /usr/bin/bash -c 'cd /home/用户目录/python-yeelight && python /home/用户目录/python-yeelight/light_auto_day_mode.py' >> Light.log
保持网络链接
当章鱼所在的网络状态出现变化(如自身断电重启或主路由重启)章鱼很可能出现无法正确配置网卡的情况(其实是自己懒得去找方法配置),于是通过定时执行脚本的方式去重启故障网络状态下的章鱼。
vim /root/network-status-check.sh
#! /bin/bash
#检测网络连接
log=/root/log/network$(date +%Y%m%d-%H).log
#判断输出日志文件是否存在
ping -c 1 10.10.10.1 > /dev/null 2>&1
if [ $? -eq 0 ];then
echo `date` 检测网络正常
else
if [ ! -f ${log} ]
then
touch ${log}
fi
echo `date` 检测网络异常 >> ${log}
ifdown eth0
ifup eth0
ifdown macvlan
ifup macvlan
systemctl restart networking
#systemctl restart network-manager
systemctl start docker
# ip route del default
# ip route add default via 10.10.10.1 dev eth0
ip route show >> ${log}
ifconfig >> ${log}
sleep 5
ping -c 1 10.10.10.1 > /dev/null 2>&1
if [ $? -eq 0 ];then
echo `date` 检测网络恢复到正常 >> ${log}
ifup macvlan
systemctl start docker
else
echo `date` 网络故障将进行重启操作 >> ${log}
ip route show >> ${log}
ifconfig >> ${log}
reboot
fi
fi
vim /etc/crontab
*/5 * * * * root bash /root/network-status-check.sh
参考文章
Bitwardenrs密码管理器服务
docker run -itd \
--restart=always \
--name bitwarden \
-e PGID=1000 \
-e PUID=1000 \
-e TZ="Asia/Shanghai" \
-e 'SERVER_ADMIN_EMAIL'='[email protected]' \
-e 'SIGNUPS_ALLOWED'='false' \
-e 'INVITATIONS_ALLOWED'='true' \
-e 'WEBSOCKET_ENABLED'='true' \
-e 'ADMIN_TOKEN'='' \ ###openssl rand -base64 48
-e ROCKET_TLS='{certs="/ssl/uhttpd.crt",key="/ssl/uhttpd.key"}' \
-v /mnt/data/keys/:/ssl/ \
-v /mnt/data/bitwarden/:/data/ \
-p 443:80 \
bitwardenrs/server:aarch64
参考视频
Radicale CalDAV服务
## 默认安全等级
docker run -d --name radicale \
-p 5232:5232 \
--health-cmd="curl --fail http://localhost:5232 || exit 1" \
--health-interval=30s \
--health-retries=3 \
-v ~/radicale/data:/data \
-v ~/radicale/config:/config:ro \
tomsquest/docker-radicale
## 高安全等级
docker run -d --name radicale \
-p 127.0.0.1:5232:5232 \
--read-only \
--init \
--security-opt="no-new-privileges:true" \
--cap-drop ALL \
--cap-add CHOWN \
--cap-add SETUID \
--cap-add SETGID \
--cap-add KILL \
--pids-limit 50 \
--memory 256M \
--health-cmd="curl --fail http://localhost:5232 || exit 1" \
--health-interval=30s \
--health-retries=3 \
-v ~/radicale/data:/data \
-v ~/radicale/config:/config:ro \
tomsquest/docker-radicale
通过 nginx 添加 SSL反向代理
server
{
listen 5443 ssl http2;
server_name cal.lod.pub;
client_max_body_size 4096M;
# 定义主页url
index .web;
# 定义反向代理地址和端口
location / {
proxy_pass http://172.17.0.6:5232;
}
#HTTP_TO_HTTPS_END
ssl_certificate /var/www/html/config/uhttpd.crt;
ssl_certificate_key /var/www/html/config/uhttpd.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# 497状态码自动跳转 以5443端口打开https
error_page 497 https://$host:5443$uri;
# You may need this to prevent return 404 recursion.
location = /404.html {
internal;
}
}
OneIndex
docker run -d \
--name oneindex \
-p 8085:80 \
-p 5443:5443 \
-p 8333:8333 \
-p 4443:4443 \
-p 3443:3443 \
-p 2443:2443 \
-p 3333:3333 \
-p 2333:2333 \
-p 2233:2233 \
-p 7773:7773 \
-p 6443:6443 \
--restart=always \
-v ~/oneindex/config:/var/www/html/config \
-v ~/oneindex/cache:/var/www/html/cache \
-e REFRESH_TOKEN='0 * * * *' \
-e REFRESH_CACHE='*/10 * * * *' \
lstcml/oneindex
SSL证书和伪静态支持
docker exec -it oneindex bash
vi /etc/nginx/nginx.conf
修改末尾 virtual host 配置
# Includes virtual hosts configs.
include /var/www/html/config/nginx/*.conf;
将证书文件传至配置文件夹
vim ~/oneindex/config/nginx/nginx-oneindex.conf
server
{
listen 8085;
listen 80 ssl http2;
server_name pan.lod.pub;
client_max_body_size 4096M;
index index.html index.php;
location / {
index index.html;
root /var/www/html;
#Implementing PHP pseudo static
try_files $uri /index.php?$args;
}
#HTTP_TO_HTTPS_END
# 定义SSL证书位置
ssl_certificate /var/www/html/config/uhttpd.crt;
ssl_certificate_key /var/www/html/config/uhttpd.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# 497状态码自动跳转 以8085端口打开https
error_page 497 https://$host:8085$uri;
# You may need this to prevent return 404 recursion.
location = /404.html {
internal;
}
#Add PHP support
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
include fastcgi_params;
}
# 加载OneIndex伪静态配置
include /var/www/html/config/urlRewrite.conf;
}
vim ~/oneindex/config/urlRewrite.conf
if (!-f $request_filename){
set $rule_0 1$rule_0;
}
if (!-d $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/(.*) /?/$1 last;
}
ShareList
git clone https://github.com/reruin/sharelist
cd sharelist
vim Dockerfile
docker build -t sharelist:arm64 ./
# ~/sharelist/Dockerfile
FROM alpine:latest
ADD . /sharelist/
WORKDIR /sharelist
VOLUME /sharelist/cache
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
RUN apk add --no-cache nodejs
RUN apk add --no-cache npm
RUN npm install
ENV HOST 0.0.0.0
ENV PORT 33001
EXPOSE 33001
CMD ["npm", "start"]
Docker 中文文档
ArchiveBox
#创建一个新的空目录并初始化你的收藏集(可以指定任何目录)。
mkdir ~/archivebox && cd ~/archivebox
curl -O 'https://raw.githubusercontent.com/ArchiveBox/ArchiveBox/master/docker-compose.yml'
docker-compose run archivebox init --setup
#启动web服务
docker-compose up
docker run -v $PWD:/data -p 8000:8000 archivebox/archivebox:master
# completely optional, CLI can always be used without running a server
# docker run -v $PWD:/data -it [subcommand] [--args]
wallabag
部署服务
docker run --name wallabag -p 9090:80 -v $HOME/docker/wallabag/data:/var/www/wallabag/data -v $HOME/docker/wallabag/images:/var/www/wallabag/web/assets/images -e LC_ALL="en_US.UTF-8" -e TZ="Asia/Shanghai" -e SYMFONY__ENV__DOMAIN_NAME=https://域名 ugeek/wallabag:arm
添加规则
docker exec -it wallabag /bin/bash
vi /var/www/wallabag/vendor/j0k3r/graby-site-config/sspai.com.txt
# By:ScarletCollar
# This filter is tested on:
# https://sspai.com/post/61235
# https://sspai.com/post/66539
http_header(user-agent): Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
author: //span[@class='nickname']/text()
title://dev[@id='article-title']/text()
date://div[@class='timer']/text()
body://div[@class='content wangEditor-txt minHeight']
#去除前文matrix首页推荐,有概率误杀正文内容
strip://hr/preceding-sibling::*
test_url: https://sspai.com/post/61235
crond 资料备份/杂项
/etc/crontab
*/10 * * * * root bash /root/network-status-check.sh
7 3 * * 7 root apt update;apt upgrade -y
7 */12 * * * root RESTIC_PASSWORD=Cret1Owquohot, restic -r rclone:OneIndex:restic backup /home/用户目录/radicale
0 1 */7 * * root RESTIC_PASSWORD=Cret1Owquohot, restic -r rclone:OneIndex:restic backup /home/用户目录
1 4 */15 * * root scp root@10.10.10.1:/etc/uhttp* /home/用户目录/oneindex/config/;systemctl restart docker
crontab -e
#信息推送
*/30 * * * * /usr/bin/bash -c 'cd /home/用户目录/ && python3 /home/用户目录/etaa_exam_news_wxpush.py' >> wxpush.log 2>&1
#坚果云KeePass文件同步
7 1 * * * /usr/bin/bash -c 'curl --user 用户名:应用密钥 https://dav.jianguoyun.com/dav/KeePass/kp.kdbx > /home/用户目录/KeePass/kp$(date "+\%Y\%m\%d").kdbx' && /usr/bin/bash -c 'curl -u 用户名:密码\\) -T /home/用户目录/KeePass/kp$(date "+\%Y\%m\%d").kdbx https://ise.teracloud.jp:443/dav/KeePass/kp$(date "+\%Y\%m\%d").kdbx'
#和彩云签到
1 6 * * * /usr/bin/bash -c 'cd /home/用户目录/HeCaiYun && python3 /home/用户目录/HeCaiYun/HeCaiYunSign.py' >> wxpush.log 2>&1
