章鱼星球折腾记

在 2021年1月16日 23点44分 发布于 矿渣 分类

[TOC]

ATV固件 安装(含CE安装)

硬件准备

  1. 双公USB数据线
  2. U盘
  3. windows系统的电脑
  4. 鼠标/键盘

软件准备

  1. 晶晨官方的USB Burning Tool
  2. rufus/或者Linux系统的dd

  3. ATV ROM

  4. CoreELEC官方ROM

  5. CoreELEC的dtb

  6. 修改版bootloader

简单整理了一下章鱼的资源,下载可以来这里

操作步骤

1.U盘烧录CoreELEC官方rom dd if=img of=/dev/mmcblk0 bs=1M

2.将 CE专用的dtb 文件放置到u盘根目录

3.将U盘插入盒子 通电启动 进入CE系统,配置网络和SSH等

4.scp传输修改版bootloader到盒子

5.SSH连接到盒子, 刷入修改版bootloader

dd if=./bootloader of=/dev/mmcblk0 bs=1M

5.打开USB Burning Tools 选择ATV镜像

6.盒子断电,找跟牙签或者同样粗细的东西,插入RESET口,同时使用双公头连接电脑和盒子,几秒后松开RESET,开始刷机。

7.等待数分钟后,刷机完成。重新通电 & enjoy.

安装 armbian

软硬件准备同上,我这里使用的是SD卡

官方镜像一枚(建议桌面版,可以不需要但不能没有)

操作步骤

1.使用Rufus 或者 dd 刷入镜像

sudo dd bs=4M if=Armbian_20.10_Arm-64_bionic_current_5.9.0.img of=/dev/sdb

2.修改BOOT分区中 extlinux 目录下的extlinux.conf,aml s9xxx栏下 改为 meson-gxm-s912-libretech-pc.dtb 除本行和最后一行外多余部分用#号注释掉

3.根目录下找到合适的SOC型号,文件名修改为u-boot.ext

4.下载终端模拟器ansole.apk到U盘,插入章鱼盒子,通电开机

5.安装ansole,并进入终端,输入reboot update 重启

6.进入armbian,进行配置。

armbian禁用zram

参考这里

armbian 安装和使用 docker

安装

root身份执行

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh --mirror Aliyun

启动

service docker start

docker 容器时差问题解决

#方法一:重启容器,添加以下参数
-v /etc/localtime:/etc/localtime:ro

#方法二:不重启容器的话,复制文件到容器中
docker cp /etc/localtime [containerId]:/etc/localtime

#方法三:启动容器时,添加环境变量(推荐)
-e LC_ALL="en_US.UTF-8" -e TZ="Asia/Shanghai"

#查看容器内的时间和本机时间
$docker exec [containerId] date
$date

镜像加速

登录到阿里云容器面板 进入镜像加速界面

操作文档 Ctrl CV

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["你的镜像加速链接"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

安装 portainer

docker pull portainer/portainer-ce:linux-arm64
docker volume create portainer_data
docker run --name portainer -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:linux-arm64
docker update --restart=always portainer

安装 openwrt

# openwrt
ip link set eth0 promisc on
docker network create -d macvlan --subnet=10.10.10.0/24 --gateway=10.10.10.1 -o parent=eth0 -o macvlan_mode=bridge macnet
docker import openwrt-bcm27xx-bcm2710-rpi-3-rootfs.tar.gz
docker run --name openwrt --restart always -d --network macnet --privileged openwrt /sbin/init
docker exec -it openwrt sh # 配置自身ipv4
docker restart openwrt # web界面配置网关 关闭DHCP
# 甜糖部署
docker pull ericwang2006/ttnode
docker run -itd   -v /mnt/data/ttnode:/mnts   --name ttnode   --net=macnet --ip=10.10.10.12 --dns=114.114.114.114 --mac-address C2:F2:9C:C5:B2:77   --privileged=true   --restart=always   ericwang2006/ttnode
docker exec -it ttnode /bin/bash # 配置帐号
# UPnP出现问题可以在主路由中设置dmz(防火墙) 配置文件如下
#
  config redirect
        option src              wan
        option proto            all
        option dest_ip          10.10.10.12
        option target           DNAT

vim /etc/network/interfaces

# Wired adapter #1
# 为 eth0 分配地址
#auto eth0
#allow-hotplug eth0
#no-auto-down eth0
#iface eth0 inet static
#  address 10.10.10.11
#  netmask 255.255.255.0
#  gateway 10.10.10.1
#  dns-nameservers 10.10.10.1
#  pre-up ifconfig eth0 hw ether de:a5:bc:9c:b9:b4
#  up ip link set eth0 promisc on

# 不为 eth0 分配地址
auto eth0
#allow-hotplug eth0
#no-auto-down eth0
iface eth0 inet manual

#iface eth0 inet static
#address 192.168.1.100
#netmask 255.255.255.0
#gateway 192.168.1.1
#dns-nameservers 192.168.1.1
#       hwaddress ether # if you want to set MAC manually
#       pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838

auto macvlan
iface macvlan inet static
  hostname Octopus
  address 10.10.10.11
  netmask 255.255.255.0
  gateway 10.10.10.1
  dns-nameservers 10.10.10.1
  pre-up ip link add macvlan link eth0 type macvlan mode bridge
  post-down ip link del macvlan link eth0 type macvlan mode bridge

# Wireless adapter #1
# Armbian ships with network-manager installed by default. To save you time
# and hassles consider using 'sudo nmtui' instead of configuring Wi-Fi settings
# manually. The below lines are only meant as an example how configuration could
# be done in an anachronistic way:
# 
#allow-hotplug wlan0
#iface wlan0 inet dhcp
#address 192.168.0.100
#netmask 255.255.255.0
#gateway 192.168.0.1
#dns-nameservers 8.8.8.8 8.8.4.4
#   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Disable power saving on compatible chipsets (prevents SSH/connection dropouts over WiFi)
#wireless-mode Managed
#wireless-power off

# Local loopback
auto lo
iface lo inet loopback

修复SSH欢迎界语句无IP显示问题

vim /etc/update-motd.d/30-armbian-sysinfo

#SHOW_IP_PATTERN="^bond.*|^[ewr].*|^br.*|^lt.*|^umts.*|^lan.*"
# Add pattern for macvlan match by Chen on 2021-2-1.
SHOW_IP_PATTERN="^bond.*|^[ewr].*|^br.*|^lt.*|^umts.*|^lan.*|^mac.*"

宿主机与 docker 容器互联

ip route add 10.10.10.10 dev macvlan

宿主机设置网关为docker openwrt

#修改默认路由
route del default
ip route add default via 10.10.10.10 dev macvlan
#恢复原配置
route del default
ip route add default via 10.10.10.1 dev eth0

定时调整灯光

crontab -e

#夜间模式灯光
40 22 * * *     /usr/bin/bash -c 'cd /home/用户目录/python-yeelight && python /home/用户目录/python-yeelight/light_auto_night_mode.py' >> Light.log
#日间模式灯光
40 6 * * *      /usr/bin/bash -c 'cd /home/用户目录/python-yeelight && python /home/用户目录/python-yeelight/light_auto_day_mode.py' >> Light.log

保持网络链接

当章鱼所在的网络状态出现变化(如自身断电重启或主路由重启)章鱼很可能出现无法正确配置网卡的情况(其实是自己懒得去找方法配置),于是通过定时执行脚本的方式去重启故障网络状态下的章鱼。

vim /root/network-status-check.sh

#! /bin/bash
#检测网络连接
log=/root/log/network$(date +%Y%m%d-%H).log
#判断输出日志文件是否存在
ping -c 1 10.10.10.1 > /dev/null 2>&1
if [ $? -eq 0 ];then
    echo `date` 检测网络正常 
else
    if [ ! -f ${log} ]
    then
        touch ${log}
    fi
    echo `date` 检测网络异常 >> ${log}
    ifdown eth0
    ifup eth0
    ifdown macvlan
    ifup macvlan
    systemctl restart networking
    #systemctl restart network-manager
    systemctl start docker
 #   ip route del default
  #  ip route add default via 10.10.10.1 dev eth0
    ip route show >> ${log}
    ifconfig >> ${log}
    sleep 5
    ping -c 1 10.10.10.1 > /dev/null 2>&1
    if [ $? -eq 0 ];then
        echo `date` 检测网络恢复到正常 >> ${log}
        ifup macvlan
        systemctl start docker
    else
        echo `date` 网络故障将进行重启操作 >> ${log}
        ip route show >> ${log}
        ifconfig >> ${log}
        reboot
    fi
fi

vim /etc/crontab

*/5 *   * * *   root    bash /root/network-status-check.sh

参考文章

Bitwardenrs密码管理器服务

docker run -itd \
--restart=always \
--name bitwarden \
-e PGID=1000 \
-e PUID=1000 \
-e TZ="Asia/Shanghai" \
-e 'SERVER_ADMIN_EMAIL'='scarletcollar@foxmail.com' \
-e 'SIGNUPS_ALLOWED'='false' \
-e 'INVITATIONS_ALLOWED'='true' \
-e 'WEBSOCKET_ENABLED'='true' \
-e 'ADMIN_TOKEN'='' \ ###openssl rand -base64 48 
-e ROCKET_TLS='{certs="/ssl/uhttpd.crt",key="/ssl/uhttpd.key"}' \
-v /mnt/data/keys/:/ssl/ \
-v /mnt/data/bitwarden/:/data/ \
-p 443:80 \
bitwardenrs/server:aarch64

参考视频

Radicale CalDAV服务

## 默认安全等级
 docker run -d --name radicale \
    -p 5232:5232 \
    --health-cmd="curl --fail http://localhost:5232 || exit 1" \
    --health-interval=30s \
    --health-retries=3 \
    -v ~/radicale/data:/data \
    -v ~/radicale/config:/config:ro \
    tomsquest/docker-radicale

## 高安全等级
docker run -d --name radicale \
    -p 127.0.0.1:5232:5232 \
    --read-only \
    --init \
    --security-opt="no-new-privileges:true" \
    --cap-drop ALL \
    --cap-add CHOWN \
    --cap-add SETUID \
    --cap-add SETGID \
    --cap-add KILL \
    --pids-limit 50 \
    --memory 256M \
    --health-cmd="curl --fail http://localhost:5232 || exit 1" \
    --health-interval=30s \
    --health-retries=3 \
    -v ~/radicale/data:/data \
    -v ~/radicale/config:/config:ro \
    tomsquest/docker-radicale

通过 nginx 添加 SSL反向代理

server
{
    listen 5443 ssl http2;
    server_name cal.lod.pub;
    client_max_body_size 4096M;
    # 定义主页url
    index .web;
    # 定义反向代理地址和端口
    location / {
        proxy_pass http://172.17.0.6:5232;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate   /var/www/html/config/uhttpd.crt;                           
    ssl_certificate_key    /var/www/html/config/uhttpd.key;                        
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    # 497状态码自动跳转 以5443端口打开https
    error_page 497 https://$host:5443$uri;
    # You may need this to prevent return 404 recursion.
    location = /404.html {
        internal;
    }
}

OneIndex

docker run -d \
    --name oneindex \
    -p 8085:80 \
    -p 5443:5443 \
    -p 8333:8333 \
    -p 4443:4443 \
    -p 3443:3443 \
    -p 2443:2443 \
    -p 3333:3333 \
    -p 2333:2333 \
    -p 2233:2233 \
    -p 7773:7773 \
    -p 6443:6443 \
    --restart=always \
    -v ~/oneindex/config:/var/www/html/config \
    -v ~/oneindex/cache:/var/www/html/cache \
    -e REFRESH_TOKEN='0 * * * *' \
    -e REFRESH_CACHE='*/10 * * * *' \
    lstcml/oneindex

SSL证书和伪静态支持

docker exec -it oneindex bash

vi /etc/nginx/nginx.conf

修改末尾 virtual host 配置

# Includes virtual hosts configs.
include /var/www/html/config/nginx/*.conf;  

将证书文件传至配置文件夹

vim ~/oneindex/config/nginx/nginx-oneindex.conf

server
{
    listen 8085;
    listen 80 ssl http2;
    server_name pan.lod.pub;
    client_max_body_size 4096M;
    index index.html index.php;
    location / {
        index index.html;
        root /var/www/html;
        #Implementing PHP pseudo static
        try_files $uri /index.php?$args;
    }
    #HTTP_TO_HTTPS_END
    # 定义SSL证书位置
    ssl_certificate   /var/www/html/config/uhttpd.crt;                           
    ssl_certificate_key    /var/www/html/config/uhttpd.key;                        
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    # 497状态码自动跳转 以8085端口打开https
    error_page 497 https://$host:8085$uri; 
    # You may need this to prevent return 404 recursion.
    location = /404.html {
        internal;
    }
    #Add PHP support
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
        include fastcgi_params;
    }
    # 加载OneIndex伪静态配置
    include /var/www/html/config/urlRewrite.conf;
}

vim ~/oneindex/config/urlRewrite.conf

if (!-f $request_filename){
    set $rule_0 1$rule_0;
}
if (!-d $request_filename){
    set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
    rewrite ^/(.*) /?/$1 last;
}

ShareList

git clone https://github.com/reruin/sharelist
cd sharelist
vim Dockerfile
docker build -t sharelist:arm64 ./
# ~/sharelist/Dockerfile
FROM alpine:latest

ADD . /sharelist/
WORKDIR /sharelist
VOLUME /sharelist/cache

RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
RUN apk add --no-cache nodejs
RUN apk add --no-cache npm 

RUN npm install

ENV HOST 0.0.0.0
ENV PORT 33001

EXPOSE 33001

CMD ["npm", "start"]

Docker 中文文档

ArchiveBox

#创建一个新的空目录并初始化你的收藏集(可以指定任何目录)。
mkdir ~/archivebox && cd ~/archivebox
curl -O 'https://raw.githubusercontent.com/ArchiveBox/ArchiveBox/master/docker-compose.yml'
docker-compose run archivebox init --setup

#启动web服务
docker-compose up
docker run -v $PWD:/data -p 8000:8000 archivebox/archivebox:master
# completely optional, CLI can always be used without running a server
# docker run -v $PWD:/data -it [subcommand] [--args]

wallabag

部署服务

docker run --name wallabag -p 9090:80 -v $HOME/docker/wallabag/data:/var/www/wallabag/data -v $HOME/docker/wallabag/images:/var/www/wallabag/web/assets/images -e LC_ALL="en_US.UTF-8" -e TZ="Asia/Shanghai" -e SYMFONY__ENV__DOMAIN_NAME=https://域名 ugeek/wallabag:arm

添加规则

docker exec -it wallabag /bin/bash

vi /var/www/wallabag/vendor/j0k3r/graby-site-config/sspai.com.txt

# By:ScarletCollar
# This filter is tested on:
# https://sspai.com/post/61235
# https://sspai.com/post/66539 

http_header(user-agent): Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

author: //span[@class='nickname']/text()
title://dev[@id='article-title']/text()
date://div[@class='timer']/text()
body://div[@class='content wangEditor-txt minHeight']

#去除前文matrix首页推荐,有概率误杀正文内容
strip://hr/preceding-sibling::*

test_url: https://sspai.com/post/61235

crond 资料备份/杂项

/etc/crontab

*/10 *  * * *   root    bash /root/network-status-check.sh
7 3     * * 7   root    apt update;apt upgrade -y
7 */12  * * *   root    RESTIC_PASSWORD=Cret1Owquohot, restic -r rclone:OneIndex:restic backup /home/用户目录/radicale
0 1     */7 * * root    RESTIC_PASSWORD=Cret1Owquohot, restic -r rclone:OneIndex:restic backup /home/用户目录
1 4     */15 * *        root    scp root@10.10.10.1:/etc/uhttp* /home/用户目录/oneindex/config/;systemctl restart docker

crontab -e

#信息推送
*/30 * * * *      /usr/bin/bash -c 'cd /home/用户目录/ && python3 /home/用户目录/etaa_exam_news_wxpush.py' >> wxpush.log 2>&1

#坚果云KeePass文件同步
7 1 * * *       /usr/bin/bash -c 'curl --user 用户名:应用密钥 https://dav.jianguoyun.com/dav/KeePass/kp.kdbx > /home/用户目录/KeePass/kp$(date "+\%Y\%m\%d").kdbx' && /usr/bin/bash -c 'curl -u 用户名:密码\\) -T /home/用户目录/KeePass/kp$(date "+\%Y\%m\%d").kdbx https://ise.teracloud.jp:443/dav/KeePass/kp$(date "+\%Y\%m\%d").kdbx'

#和彩云签到
1 6 * * *      /usr/bin/bash -c 'cd /home/用户目录/HeCaiYun && python3 /home/用户目录/HeCaiYun/HeCaiYunSign.py' >> wxpush.log 2>&1