init_debian.sh

#!/bin/bash
#####	name:debian初始化脚本	#####
#####	author:xiaoz			#####
#####	date:2022/08/18			#####

#获取SSH端口
ssh_port=$1

#初始化软件
init_soft(){
	echo '--------------------------------------------------------------';
	echo 'Install curl/wget and ufw.'
	echo '--------------------------------------------------------------';
	#更新软件
	apt-get update
	#使用nftables
	#update-alternatives --set iptables /usr/sbin/iptables-nft
	#update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
	#update-alternatives --set arptables /usr/sbin/arptables-nft
	#update-alternatives --set ebtables /usr/sbin/ebtables-nft


	#安装必要软件
	apt-get -y install curl wget ufw net-tools
	#apt-get -y install firewalld
	#启动firewalld
	#systemctl start firewalld && systemctl enable firewalld
	
	#FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables
	#针对上面的错误，需要将iptables更换为nftables
	#sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf
	
	#放行常见端口
	ufw allow 80
	ufw allow 443
	ufw allow 22

	ufw --force enable
	systemctl enable ufw
}

#初始化SSH配置
#修改端口和允许root登录
init_ssh(){
	echo '--------------------------------------------------------------';
	echo 'Modifying SSH port.'
	echo '--------------------------------------------------------------';
	#先放行端口
	ufw allow ${ssh_port}

	#修改ssh配置文件
	#修改SSH端口
	echo "Port ${ssh_port}" >> /etc/ssh/sshd_config
	#允许root登录
	echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

	#重启SSH服务
	systemctl restart sshd
}

#初始化时区
init_timezone(){
    echo '--------------------------------------------------------------';
    echo 'Setting time zone.'
    echo '--------------------------------------------------------------';
    #设置时区为上海
    timedatectl set-timezone Asia/Shanghai

    apt-get install -y cron

    #安装 chrony 或 systemd-timesyncd 以替代 ntpdate
    if apt-get install -y chrony; then
        systemctl enable chrony
        systemctl start chrony
        chronyc -a 'burst 4/4'
    else
        apt-get install -y systemd-timesyncd
        systemctl enable systemd-timesyncd
        systemctl start systemd-timesyncd
    fi

    #写入定时任务以确保时间同步
    (crontab -l 2>/dev/null; echo "*/20 * * * * chronyc burst 4/4 > /dev/null 2>&1 || systemctl restart systemd-timesyncd > /dev/null 2>&1") | crontab -

    #重载定时任务
    /etc/init.d/cron reload
}

#设置虚拟内存，如果存在虚拟内存，则不设置
set_swap() {
	echo '--------------------------------------------------------------';
	echo 'Setting swap.'
	echo '--------------------------------------------------------------';
	curl -s "https://raw.githubusercontent.com/helloxz/shell/master/set_swap.sh" | bash
}

#开启BBR
enable_bbr(){
	echo '--------------------------------------------------------------';
	echo 'Enabling BBR.'
	echo '--------------------------------------------------------------';
	#写入配置文件
	echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
	echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf

	#使内核参数生效
	sysctl -p
}

#修改默认的描述符限制
change_ulimit() {
	echo '--------------------------------------------------------------';
	echo 'Modifying ulimit.'
	echo '--------------------------------------------------------------';
	echo 'fs.file-max = 65535' >> /etc/sysctl.conf
	echo '* soft nofile 65535' >> /etc/security/limits.conf
	echo '* hard nofile 65535' >> /etc/security/limits.conf
	echo 'ulimit -SHn 65535' >> /etc/profile

	#使内核参数生效
	sysctl -p
}

#安装vim
install_vim() {
	apt-get remove vim-common -y
	apt-get install vim -y
	sed -i 's/mouse=a/mouse-=a/g' /usr/share/vim/vim*/defaults.vim
}

# add_lias
add_alias() {
	cp ~/.bashrc ~/.bashrc.bak
	echo "alias ll='ls -l'" >> ~/.bashrc
	source ~/.bashrc
}

#调用函数执行
init_soft && init_timezone && set_swap && enable_bbr && change_ulimit && install_vim && add_alias