gh_mirrors/reinstall
1
0
Fork 0
mirror of https://github.com/bin456789/reinstall.git synced 2025-01-18 20:39:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

core: 支持修改 ssh rdp web 端口

Browse Source
This commit is contained in:
bin456789 2024-10-12 23:07:01 +08:00
parent b3fef989b0
commit 91a969ae75
No known key found for this signature in database
GPG Key ID: EE301B386DE6C11B
10 changed files with 323 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.en.md
View File

@ -126,7 +126,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
- On virtual machines, the appropriate official slimmed-down kernel will be automatically installed. - On virtual machines, the appropriate official slimmed-down kernel will be automatically installed.
- To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>. - To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>.
- Username `root`, password `123@@@`. It may take a few minutes for the password to take effect on the first boot. - Username `root`, password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
- When switching to key-based authentication, you also need to modify the files inside `/etc/ssh/sshd_config.d/` - After reinstalling, if you need to change SSH port or switch to key-based login, be sure to modify the files inside `/etc/ssh/sshd_config.d/`.
- Optional parameters:
- `--ssh-port PORT` to change the SSH port
- `--hold 2` to prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
```bash ```bash
bash reinstall.sh centos 9 bash reinstall.sh centos 9
@ -158,6 +161,8 @@ bash reinstall.sh centos 9
<summary>Experimental Features</summary> <summary>Experimental Features</summary>
The following features are experimental and may not support modifying the SSH port or other options.
Install Debian using a cloud image, suitable for machines with slower CPUs Install Debian using a cloud image, suitable for machines with slower CPUs
```bash ```bash
@ -183,6 +188,10 @@ bash reinstall.sh ubuntu --installer
- Supports `raw`, `vhd` images or those compressed with `xz` or `gzip`. - Supports `raw`, `vhd` images or those compressed with `xz` or `gzip`.
- When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect. - When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect.
- When deploy a Linux image, the script will not modify any contents of the image. - When deploy a Linux image, the script will not modify any contents of the image.
- Optional parameters:
- `--rdp-port PORT` to change the RDP port (Windows only).
- `--allow-ping` to allow ping responses (Windows only).
- `--hold 2` to prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
```bash ```bash
bash reinstall.sh dd --img https://example.com/xxx.xz bash reinstall.sh dd --img https://example.com/xxx.xz
@ -218,8 +227,12 @@ bash reinstall.sh netboot.xyz
- Username `administrator`, password `123@@@` - Username `administrator`, password `123@@@`
- If remote login fails, try using the username `.\administrator`. - If remote login fails, try using the username `.\administrator`.
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot. - The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
- Optional parameters:
- `--rdp-port PORT` to change the RDP port
- `--allow-ping` to allow ping responses
- `--hold 2` to allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
![Installing Windows](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7) ![Windows Installation](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
#### Method 1: Allow the script to automatically find the ISO #### Method 1: Allow the script to automatically find the ISO
@ -365,9 +378,10 @@ Most ARM machines support ISO installation of Windows 11 24H2, but some machines
- ✔Azure: B2pts_v2 - ✔Azure: B2pts_v2
- ✔Alibaba Cloud: g8y, c8y, r8y (may occasionally get stuck on the boot logo during restart; force restart to resolve) - ✔Alibaba Cloud: g8y, c8y, r8y (may occasionally get stuck on the boot logo during restart; force restart to resolve)
- ✔Alibaba Cloud: g6r, c6r - ✔Alibaba Cloud: g6r, c6r
- ✔Oracle Cloud: A1.Flex (manual loading of the graphics driver is required after installation) - ✔Oracle Cloud A1.Flex (Success depends on the machine's creation date; newer instances are more likely to install successfully. You will also need to manually load the GPU drivers after installation.)
- ✔AWS: T4g - ✔AWS: T4g
- ✔Scaleway: COPARM1 - ✔Scaleway: COPARM1
- ✔Gcore
- ❌Google Cloud: t2a (lacking network card driver) - ❌Google Cloud: t2a (lacking network card driver)
<details> <details>

20
README.md
View File

@ -126,7 +126,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
- 在虚拟机上,会自动安装合适的官方精简内核 - 在虚拟机上,会自动安装合适的官方精简内核
- 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接 - 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接
- 用户名 `root` 密码 `123@@@`,可能首次开机几分钟后密码才生效 - 用户名 `root` 密码 `123@@@`,可能首次开机几分钟后密码才生效
- 改为密钥登录时,还要修改 `/etc/ssh/sshd_config.d/` 里面的文件 - 重装后如需修改 SSH 端口 / 改成密钥登录,还要注意修改 `/etc/ssh/sshd_config.d/` 里面的文件
- 可选参数
- `--ssh-port PORT` 修改 SSH 端口
- `--hold 2` 安装结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os` (此功能不支持 Debian / Kali)
```bash ```bash
bash reinstall.sh centos 9 bash reinstall.sh centos 9
@ -158,6 +161,8 @@ bash reinstall.sh centos 9
<summary>实验性功能</summary> <summary>实验性功能</summary>
以下功能为实验性质,可能不支持修改 ssh 端口等其它选项
用云镜像安装 Debian适合于 CPU 较慢的机器 用云镜像安装 Debian适合于 CPU 较慢的机器
```bash ```bash
@ -183,6 +188,10 @@ bash reinstall.sh ubuntu --installer
- 支持 `raw` `vhd` 或者经过 `xz` `gzip` 压缩的镜像 - 支持 `raw` `vhd` 或者经过 `xz` `gzip` 压缩的镜像
- DD Windows 镜像时,会扩展系统盘,静态 IP 的机器会配置好 IP可能首次开机几分钟后才生效 - DD Windows 镜像时,会扩展系统盘,静态 IP 的机器会配置好 IP可能首次开机几分钟后才生效
- DD Linux 镜像时,脚本不会修改镜像的任何内容 - DD Linux 镜像时,脚本不会修改镜像的任何内容
- 可选参数
- `--rdp-port PORT` 修改 RDP 端口 (仅限 Windows)
- `--allow-ping` 允许被 Ping (仅限 Windows)
- `--hold 2` DD 结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os`
```bash ```bash
bash reinstall.sh dd --img https://example.com/xxx.xz bash reinstall.sh dd --img https://example.com/xxx.xz
@ -218,8 +227,12 @@ bash reinstall.sh netboot.xyz
- 用户名 `administrator` 密码 `123@@@` - 用户名 `administrator` 密码 `123@@@`
- 如果远程登录失败,尝试使用用户名 `.\administrator` - 如果远程登录失败,尝试使用用户名 `.\administrator`
- 静态机器会自动配置好 IP可能首次开机几分钟后才生效 - 静态机器会自动配置好 IP可能首次开机几分钟后才生效
- 可选参数
- `--rdp-port PORT` 更改 RDP 端口
- `--allow-ping` 允许被 Ping
- `--hold 2` 在重启进入 Windows 官方安装程序前,可连接 SSH 修改硬盘内容,硬盘挂载在 `/os`
![Windows 安装中](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7) ![Windows 安装界面](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
#### 方法 1: 让脚本自动查找 ISO #### 方法 1: 让脚本自动查找 ISO
@ -365,9 +378,10 @@ Windows Server 2025 SERVERDATACENTER
- ✔Azure B2pts_v2 - ✔Azure B2pts_v2
- ✔️阿里云 g8y c8y r8y (有几率重启时卡开机 Logo强制重启即可) - ✔️阿里云 g8y c8y r8y (有几率重启时卡开机 Logo强制重启即可)
- ✔️阿里云 g6r c6r - ✔️阿里云 g6r c6r
- ✔️甲骨文云 A1.Flex (安装后需要手动加载显卡驱动) - ✔️甲骨文云 A1.Flex (视乎机器的创建日期,越新的越有可能成功安装,安装后需要手动加载显卡驱动)
- ✔AWS T4g - ✔AWS T4g
- ✔Scaleway COPARM1 - ✔Scaleway COPARM1
- ✔Gcore
- ❌谷歌云 t2a (缺少网卡驱动) - ❌谷歌云 t2a (缺少网卡驱动)
<details> <details>

6
cloud-init.yaml
View File

@ -21,10 +21,14 @@ runcmd:
# 下面这行删除 clout-init 创建的 sshd_config # 下面这行删除 clout-init 创建的 sshd_config
- test $(wc -l </etc/ssh/sshd_config) -le 1 && cat /etc/ssh/sshd_config >>/etc/ssh/sshd_config.d/50-cloud-init.conf && rm -f /etc/ssh/sshd_config - test $(wc -l </etc/ssh/sshd_config) -le 1 && cat /etc/ssh/sshd_config >>/etc/ssh/sshd_config.d/50-cloud-init.conf && rm -f /etc/ssh/sshd_config
- echo "PermitRootLogin yes" >/etc/ssh/sshd_config.d/01-permitrootlogin.conf || sed -Ei 's/^#?PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config - echo "PermitRootLogin yes" >/etc/ssh/sshd_config.d/01-permitrootlogin.conf || sed -Ei 's/^#?PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
- echo "Port @SSH_PORT@" >/etc/ssh/sshd_config.d/01-change-ssh-port.conf || sed -Ei 's/^#?Port .*/Port @SSH_PORT@/' /etc/ssh/sshd_config
# 已创建的 ssh 连接会沿用旧的配置(未开启密码登录),这时即使输入正确的密码,也会提示 Access Denied # 已创建的 ssh 连接会沿用旧的配置(未开启密码登录),这时即使输入正确的密码,也会提示 Access Denied
# systemctl restart sshd 只会重启监听进程,不会关闭已创建的连接(子进程) # systemctl restart sshd 只会重启监听进程,不会关闭已创建的连接(子进程)
- pkill sshd || true - pkill sshd || true
- systemctl restart sshd || systemctl restart ssh # daemon-reload 会刷新 /run/systemd/generator/ssh.socket.d/addresses.conf
- systemctl daemon-reload
- for s in ssh.socket ssh.service sshd.socket sshd.service; do systemctl is-enabled $s && systemctl restart $s && break; done
- sed -i -e '/^[[:space:]]*password:/d' -e '/[[:space:]]*root:/d' /etc/cloud/cloud.cfg.d/99_fallback.cfg
- touch /etc/cloud/cloud-init.disabled - touch /etc/cloud/cloud-init.disabled
# ubuntu 镜像运行 echo -e '\nDone' -e 会被显示出来 # ubuntu 镜像运行 echo -e '\nDone' -e 会被显示出来
- printf '\n%s\n' 'reinstall done' >/dev/tty0 || true - printf '\n%s\n' 'reinstall done' >/dev/tty0 || true

10
debian.cfg
View File

@ -162,8 +162,16 @@ d-i partman/early_command string true; \
# if [ "$link_grub_dir" = 1 ]; then mkdir /target/boot/grub2; echo 'chainloader (hd0)+1' >/target/boot/grub2/grub.cfg; fi; \ # if [ "$link_grub_dir" = 1 ]; then mkdir /target/boot/grub2; echo 'chainloader (hd0)+1' >/target/boot/grub2/grub.cfg; fi; \
d-i preseed/late_command string true; \ d-i preseed/late_command string true; \
eval "$(grep -o 'extra_link_grub_dir=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \ eval "$(grep -o 'extra_link_grub_dir=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \
eval "$(grep -o 'extra_ssh_port=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \
if [ "$link_grub_dir" = 1 ]; then ln -s grub /target/boot/grub2; fi; \ if [ "$link_grub_dir" = 1 ]; then ln -s grub /target/boot/grub2; fi; \
in-target systemctl enable ssh; \ in-target systemctl enable ssh; \
echo "PermitRootLogin yes" >/target/etc/ssh/sshd_config.d/01-permitrootlogin.conf || \ echo "PermitRootLogin yes" >/target/etc/ssh/sshd_config.d/01-permitrootlogin.conf || \
echo "PermitRootLogin yes" >>/target/etc/ssh/sshd_config echo "PermitRootLogin yes" >>/target/etc/ssh/sshd_config; \
if [ -n "$ssh_port" ] && ! [ "$ssh_port" = 22 ]; then \
echo "Port $ssh_port" >/target/etc/ssh/sshd_config.d/01-change-ssh-port.conf || \
echo "Port $ssh_port" >>/target/etc/ssh/sshd_config; \
fi

4
logviewer-nginx.conf
View File

@ -1,6 +1,6 @@
server { server {
listen 80; listen @WEB_PORT@;
listen [::]:80; listen [::]:@WEB_PORT@;
root /; root /;
gzip on; gzip on;

86
reinstall.sh
View File

@ -59,6 +59,11 @@ Usage: $reinstall____ centos 9
windows --image-name='windows xxx yyy' --iso='http://xxx.com/xxx.iso' windows --image-name='windows xxx yyy' --iso='http://xxx.com/xxx.iso'
netboot.xyz netboot.xyz
Options: [--ssh-port PORT]
[--rdp-port PORT]
[--web-port PORT]
[--allow-ping]
Manual: https://github.com/bin456789/reinstall Manual: https://github.com/bin456789/reinstall
EOF EOF
@ -194,6 +199,14 @@ is_use_firmware() {
[ "$nextos_distro" = debian ] && ! is_virt [ "$nextos_distro" = debian ] && ! is_virt
} }
is_digit() {
[[ "$1" =~ ^[0-9]+$ ]]
}
is_port_valid() {
is_digit "$1" && [ "$1" -ge 1 ] && [ "$1" -le 65535 ]
}
get_host_by_url() { get_host_by_url() {
cut -d/ -f3 <<<$1 cut -d/ -f3 <<<$1
} }
@ -2315,6 +2328,11 @@ find_grub_extlinux_cfg() {
fi fi
} }
# 空格、&、用户输入的网址要加引号,否则 grub 无法正确识别
is_need_quote() {
[[ "$1" = *' '* ]] || [[ "$1" = *'&'* ]] || [[ "$1" = http* ]]
}
# 转换 finalos_a=1 为 finalos.a=1 ,排除 finalos_mirrorlist # 转换 finalos_a=1 为 finalos.a=1 ,排除 finalos_mirrorlist
build_finalos_cmdline() { build_finalos_cmdline() {
if vars=$(compgen -v finalos_); then if vars=$(compgen -v finalos_); then
@ -2322,7 +2340,9 @@ build_finalos_cmdline() {
value=${!key} value=${!key}
key=${key#finalos_} key=${key#finalos_}
if [ -n "$value" ] && [ $key != "mirrorlist" ]; then if [ -n "$value" ] && [ $key != "mirrorlist" ]; then
finalos_cmdline+=" finalos_$key='$value'" is_need_quote "$value" &&
finalos_cmdline+=" finalos_$key='$value'" ||
finalos_cmdline+=" finalos_$key=$value"
fi fi
done done
fi fi
@ -2334,10 +2354,13 @@ build_extra_cmdline() {
# 会将 extra.xxx=yyy 写入新系统的 /etc/modprobe.d/local.conf # 会将 extra.xxx=yyy 写入新系统的 /etc/modprobe.d/local.conf
# https://answers.launchpad.net/ubuntu/+question/249456 # https://answers.launchpad.net/ubuntu/+question/249456
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads # https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
for key in confhome hold force cloud_image main_disk; do for key in confhome hold force force_old_windows_setup cloud_image main_disk \
ssh_port rdp_port web_port allow_ping password; do
value=${!key} value=${!key}
if [ -n "$value" ]; then if [ -n "$value" ]; then
extra_cmdline+=" extra_$key='$value'" is_need_quote "$value" &&
extra_cmdline+=" extra_$key='$value'" ||
extra_cmdline+=" extra_$key=$value"
fi fi
done done
@ -3042,8 +3065,28 @@ else
fi fi
fi fi
long_opts=
for o in ci installer debug minimal allow-ping \
hold: \
sleep: \
iso: \
image-name: \
boot-wim: \
img: \
lang: \
ssh-port: \
rdp-port: \
web-port: \
allow-ping: \
commit: \
force: \
force-old-windows-setup:; do
[ -n "$long_opts" ] && long_opts+=,
long_opts+=$o
done
# 整理参数 # 整理参数
if ! opts=$(getopt -n $0 -o "" --long ci,installer,debug,minimal,hold:,sleep:,iso:,image-name:,img:,lang:,commit:,force: -- "$@"); then if ! opts=$(getopt -n $0 -o "" --long "$long_opts" -- "$@"); then
usage_and_exit usage_and_exit
fi fi
@ -3073,18 +3116,41 @@ while true; do
minimal=1 minimal=1
shift shift
;; ;;
--allow-ping)
allow_ping=1
shift
;;
--hold | --sleep) --hold | --sleep)
hold=$2 if ! { [ "$2" = 1 ] || [ "$2" = 2 ]; }; then
if ! { [ "$hold" = 1 ] || [ "$hold" = 2 ]; }; then error_and_exit "Invalid $1 value: $2"
error_and_exit "Invalid --hold value: $hold."
fi fi
hold=$2
shift 2 shift 2
;; ;;
--force) --force)
force=$2 if ! { [ "$2" = bios ] || [ "$2" = efi ]; }; then
if ! { [ "$force" = bios ] || [ "$force" = efi ]; }; then error_and_exit "Invalid $1 value: $2"
error_and_exit "Invalid --force value: $force."
fi fi
force=$2
shift 2
;;
--ssh-port)
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
ssh_port=$2
shift 2
;;
--rdp-port)
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
rdp_port=$2
shift 2
;;
--web-port)
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
web_port=$2
shift 2
;;
--force-old-windows-setup)
force_old_windows_setup=$2
shift 2 shift 2
;; ;;
--img) --img)

140
trans.sh
View File

@ -75,7 +75,8 @@ wget() {
echo "$@" | grep -o 'http[^ ]*' >&2 echo "$@" | grep -o 'http[^ ]*' >&2
if command wget 2>&1 | grep -q BusyBox; then if command wget 2>&1 | grep -q BusyBox; then
# busybox wget 没有重试功能 # busybox wget 没有重试功能
retry 5 command wget "$@" # 好像默认永不超时
retry 5 command wget "$@" -T 10
else else
# 原版 wget 自带重试功能 # 原版 wget 自带重试功能
command wget --tries=5 --progress=bar:force "$@" command wget --tries=5 --progress=bar:force "$@"
@ -215,12 +216,21 @@ is_use_cloud_image() {
[ -n "$cloud_image" ] && [ "$cloud_image" = 1 ] [ -n "$cloud_image" ] && [ "$cloud_image" = 1 ]
} }
is_allow_ping() {
[ -n "$allow_ping" ] && [ "$allow_ping" = 1 ]
}
setup_nginx() { setup_nginx() {
apk add nginx apk add nginx
# shellcheck disable=SC2154 # shellcheck disable=SC2154
wget $confhome/logviewer.html -O /logviewer.html wget $confhome/logviewer.html -O /logviewer.html
wget $confhome/logviewer-nginx.conf -O /etc/nginx/http.d/default.conf wget $confhome/logviewer-nginx.conf -O /etc/nginx/http.d/default.conf
if [ -z "$web_port" ]; then
web_port=80
fi
sed -i "s/@WEB_PORT@/$web_port/gi" /etc/nginx/http.d/default.conf
# rc-service nginx start # rc-service nginx start
if pgrep nginx >/dev/null; then if pgrep nginx >/dev/null; then
nginx -s reload nginx -s reload
@ -577,6 +587,14 @@ is_windows_support_rdnss() {
error_and_exit "Not found kernel32.dll" error_and_exit "Not found kernel32.dll"
} }
is_need_change_ssh_port() {
[ -n "$ssh_port" ] && ! [ "$ssh_port" = 22 ]
}
is_need_change_rdp_port() {
[ -n "$rdp_port" ] && ! [ "$rdp_port" = 3389 ]
}
is_need_manual_set_dnsv6() { is_need_manual_set_dnsv6() {
# 有没有可能是静态但是有 rdnss # 有没有可能是静态但是有 rdnss
! is_have_ipv6 && return $FALSE ! is_have_ipv6 && return $FALSE
@ -1320,6 +1338,9 @@ install_nixos() {
if [ -e /os/swapfile ] && $keep_swap; then if [ -e /os/swapfile ] && $keep_swap; then
nix_swap="swapDevices = [{ device = \"/swapfile\"; size = $swap_size; }];" nix_swap="swapDevices = [{ device = \"/swapfile\"; size = $swap_size; }];"
fi fi
if is_need_change_ssh_port; then
nix_ssh_ports="services.openssh.ports = [ $ssh_port ];"
fi
# TODO: 准确匹配网卡,添加 udev 或者直接配置 networkd 匹配 mac # TODO: 准确匹配网卡,添加 udev 或者直接配置 networkd 匹配 mac
create_nixos_network_config /tmp/nixos_network_config.nix create_nixos_network_config /tmp/nixos_network_config.nix
@ -1332,6 +1353,7 @@ $nix_substituters
boot.kernelParams = [ $(get_ttys console= | quote_word) ]; boot.kernelParams = [ $(get_ttys console= | quote_word) ];
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes"; services.openssh.settings.PermitRootLogin = "yes";
$nix_ssh_ports
$(cat /tmp/nixos_network_config.nix) $(cat /tmp/nixos_network_config.nix)
################################################### ###################################################
EOF EOF
@ -1632,6 +1654,9 @@ EOF
chroot $os_dir systemctl enable systemd-resolved chroot $os_dir systemctl enable systemd-resolved
chroot $os_dir systemctl enable sshd chroot $os_dir systemctl enable sshd
allow_root_password_login $os_dir allow_root_password_login $os_dir
if is_need_change_ssh_port; then
change_ssh_port $os_dir $ssh_port
fi
# 修改密码 # 修改密码
change_root_password $os_dir change_root_password $os_dir
@ -2135,6 +2160,13 @@ download_cloud_init_config() {
# 修改密码 # 修改密码
sed -i "s/@PASSWORD@/$PASSWORD/" $ci_file sed -i "s/@PASSWORD@/$PASSWORD/" $ci_file
# 修改 ssh 端口
if is_need_change_ssh_port; then
sed -i "s/@SSH_PORT@/$ssh_port/g" $ci_file
else
sed -i "/@SSH_PORT@/d" $ci_file
fi
# swapfile # swapfile
# 如果分区表中已经有swapfile就跳过例如arch # 如果分区表中已经有swapfile就跳过例如arch
if ! grep -w swap $os_dir/etc/fstab; then if ! grep -w swap $os_dir/etc/fstab; then
@ -2179,10 +2211,27 @@ modify_windows() {
use_gpo=false use_gpo=false
fi fi
# 下载共同的子脚本 # bat 列表
bats=
# 1. rdp 端口
if is_need_change_rdp_port; then
create_win_change_rdp_port_script $os_dir/windows-change-rdp-port.bat "$rdp_port"
bats="$bats windows-change-rdp-port.bat"
fi
# 2. 允许 ping
if is_allow_ping; then
download $confhome/windows-allow-ping.bat $os_dir/windows-allow-ping.bat
bats="$bats windows-allow-ping.bat"
fi
# 3. 合并分区
# 可能 unattend.xml 已经设置了ExtendOSPartition不过运行resize没副作用 # 可能 unattend.xml 已经设置了ExtendOSPartition不过运行resize没副作用
bats="windows-resize.bat"
download $confhome/windows-resize.bat $os_dir/windows-resize.bat download $confhome/windows-resize.bat $os_dir/windows-resize.bat
bats="$bats windows-resize.bat"
# 4. 网络设置
for ethx in $(get_eths); do for ethx in $(get_eths); do
create_win_set_netconf_script $os_dir/windows-set-netconf-$ethx.bat create_win_set_netconf_script $os_dir/windows-set-netconf-$ethx.bat
bats="$bats windows-set-netconf-$ethx.bat" bats="$bats windows-set-netconf-$ethx.bat"
@ -2534,21 +2583,44 @@ create_swap() {
fi fi
} }
# arch gentoo 常规安装用
change_ssh_conf() {
os_dir=$1
key=$2
value=$3
sub_conf=$4
# arch 没有 /etc/ssh/sshd_config.d/ 文件夹
# opensuse tumbleweed 有 /etc/ssh/sshd_config.d/ 文件夹,但没有 /etc/ssh/sshd_config有/usr/etc/ssh/sshd_config
if grep -q 'Include.*/etc/ssh/sshd_config.d' $os_dir/etc/ssh/sshd_config ||
grep -q '^Include.*/etc/ssh/sshd_config.d/' $os_dir/usr/etc/ssh/sshd_config; then
mkdir -p $os_dir/etc/ssh/sshd_config.d/
echo "$key $value" >"$os_dir/etc/ssh/sshd_config.d/$sub_conf"
else
# 如果 sshd_config 存在此 key则替换
# 否则追加
line="^#?$key .*"
if grep -x "$line" $os_dir/etc/ssh/sshd_config; then
sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config
else
echo "$key $value" >>$os_dir/etc/ssh/sshd_config
fi
fi
}
# arch gentoo 常规安装用 # arch gentoo 常规安装用
allow_root_password_login() { allow_root_password_login() {
os_dir=$1 os_dir=$1
# 允许 root 密码登录 change_ssh_conf "$os_dir" PermitRootLogin yes 01-permitrootlogin.conf
# arch 没有 /etc/ssh/sshd_config.d/ 文件夹 }
# opensuse tumbleweed 有 /etc/ssh/sshd_config.d/ 文件夹,但没有 /etc/ssh/sshd_config但有/usr/etc/ssh/sshd_config
if grep 'Include.*/etc/ssh/sshd_config.d' $os_dir/etc/ssh/sshd_config; then # arch gentoo 常规安装用
mkdir -p $os_dir/etc/ssh/sshd_config.d/ change_ssh_port() {
echo 'PermitRootLogin yes' >$os_dir/etc/ssh/sshd_config.d/01-permitrootlogin.conf os_dir=$1
else ssh_port=$2
if ! grep -x 'PermitRootLogin yes' $os_dir/etc/ssh/sshd_config; then
echo 'PermitRootLogin yes' >>$os_dir/etc/ssh/sshd_config change_ssh_conf "$os_dir" Port "$ssh_port" 01-change-ssh-port.conf
fi
fi
} }
change_root_password() { change_root_password() {
@ -3418,6 +3490,17 @@ EOF
unix2dos $target unix2dos $target
} }
create_win_change_rdp_port_script() {
target=$1
rdp_port=$2
info "Create win change rdp port script"
echo "set RdpPort=$rdp_port" >$target
wget $confhome/windows-change-rdp-port.bat -O- >>$target
unix2dos $target
}
# virt-what 要用最新版 # virt-what 要用最新版
# vultr 1G High Frequency LAX 实际上是 kvm # vultr 1G High Frequency LAX 实际上是 kvm
# debian 11 virt-what 1.19 显示为 hyperv qemu # debian 11 virt-what 1.19 显示为 hyperv qemu
@ -3657,6 +3740,15 @@ install_windows() {
;; ;;
esac esac
# 防止用了不兼容架构的 iso
if ! {
{ [ "$(uname -m)" = "x86_64" ] && [ "$arch_wim" = x86_64 ]; } ||
{ [ "$(uname -m)" = "x86_64" ] && [ "$arch_wim" = x86 ]; } ||
{ [ "$(uname -m)" = "aarch64" ] && [ "$arch_wim" = arm64 ]; }
}; then
error_and_exit "The machine is $(uname -m), but the iso is $arch_wim."
fi
add_drivers() { add_drivers() {
info "Add drivers" info "Add drivers"
@ -4038,7 +4130,13 @@ install_windows() {
# 修改应答文件 # 修改应答文件
download $confhome/windows.xml /tmp/autounattend.xml download $confhome/windows.xml /tmp/autounattend.xml
locale=$(get_selected_image_prop 'Default Language') locale=$(get_selected_image_prop 'Default Language')
sed -i "s|%arch%|$arch|; s|%image_name%|$image_name|; s|%locale%|$locale|; s|%password%|$PASSWORD|" \ use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
sed -i \
-e "s|%arch%|$arch|" \
-e "s|%image_name%|$image_name|" \
-e "s|%locale%|$locale|" \
-e "s|%password%|$PASSWORD|" \
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
/tmp/autounattend.xml /tmp/autounattend.xml
# 修改应答文件,分区配置 # 修改应答文件,分区配置
@ -4174,8 +4272,12 @@ install_windows() {
# 添加引导 # 添加引导
if is_efi; then if is_efi; then
apk add efibootmgr # 现在 add_default_efi_to_nvram() 添加 bootx64.efi 到最前面
efibootmgr -c -L "Windows Installer" -d /dev/$xda -p1 -l "\\EFI\\boot\\$boot_efi" # 因此这里重复了
if false; then
apk add efibootmgr
efibootmgr -c -L "Windows Installer" -d /dev/$xda -p1 -l "\\EFI\\boot\\$boot_efi"
fi
else else
# 或者用 ms-sys # 或者用 ms-sys
apk add grub-bios apk add grub-bios
@ -4491,6 +4593,10 @@ hwclock -s || true
# 设置密码,安装并打开 ssh # 设置密码,安装并打开 ssh
echo "root:$PASSWORD" | chpasswd echo "root:$PASSWORD" | chpasswd
apk add openssh
if is_need_change_ssh_port; then
change_ssh_port / $ssh_port
fi
printf '\nyes' | setup-sshd printf '\nyes' | setup-sshd
# shellcheck disable=SC2154 # shellcheck disable=SC2154

21
windows-allow-ping.bat Normal file
View File

@ -0,0 +1,21 @@
@echo off
mode con cp select=437 >nul
setlocal EnableDelayedExpansion
rem https://learn.microsoft.com/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior#command-example-4-configure-icmp-settings
rem 旧版命令 netsh firewall set icmpsetting 8 对应的配置是:文件和打印机共享(回显请求 - ICMPv4-In)
set ICMPv4EchoTypeNum=8
set ICMPv6EchoTypeNum=128
for %%i in (4, 6) do (
netsh advfirewall firewall add rule ^
name="ICMP Echo Request (ICMPv%%i-In)" ^
dir=in ^
action=allow ^
program=System ^
protocol=ICMPv%%i:!ICMPv%%iEchoTypeNum!,any
)
rem 删除此脚本
del "%~f0"

47
windows-change-rdp-port.bat Normal file
View File

@ -0,0 +1,47 @@
@echo off
mode con cp select=437 >nul
rem set RdpPort=3333
rem https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/change-listening-port
rem HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
rem RemoteDesktop-Shadow-In-TCP
rem v2.33|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\RdpSa.exe|Name=@FirewallAPI.dll,-28778|Desc=@FirewallAPI.dll,-28779|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=TRUE|Defer=App|
rem RemoteDesktop-UserMode-In-TCP
rem v2.33|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28775|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
rem RemoteDesktop-UserMode-In-UDP
rem v2.33|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28776|Desc=@FirewallAPI.dll,-28777|EmbedCtxt=@FirewallAPI.dll,-28752|
rem 设置端口
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d %RdpPort% /f
rem 重启服务
rem 可以用 sc 或者 net
rem UmRdpService 依赖 TermService
rem sc stop 不能处理依赖关系,因此 sc stop TermService 前需要 sc stop UmRdpService
rem net stop 可以处理依赖关系
rem sc stop 是异步的rem net stop 不是异步,但有 timeout 时间
rem TermService 运行后UmRdpService 会自动运行
net stop TermService /y
net start TermService
rem 设置防火墙
rem 各个版本的防火墙自带的 rdp 规则略有不同
rem 全部版本都有: program=%SystemRoot%\system32\svchost.exe service=TermService
rem win7 还有: program=System service=
rem 以下为并集
for %%a in (TCP, UDP) do (
netsh advfirewall firewall add rule ^
name="Remote Desktop - Custom Port (%%a-In)" ^
dir=in ^
action=allow ^
service=any ^
protocol=%%a ^
localport=%RdpPort%
)
rem 删除此脚本
del "%~f0"

8
windows.xml
View File

@ -110,8 +110,11 @@
<FirewallGroups> <FirewallGroups>
<FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop">
<Profile>all</Profile> <Profile>all</Profile>
<!-- HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -->
<!-- Get-NetFirewallRule | Where-Object Name -like 'RemoteDesktop*' | fl Name,DisplayName,Description,DisplayGroup,Group -->
<!-- https://learn.microsoft.com/windows-hardware/customize/desktop/unattend/networking-mpssvc-svc-firewallgroups-firewallgroup-group -->
<Group>@FirewallAPI.dll,-28752</Group> <Group>@FirewallAPI.dll,-28752</Group>
<Active>true</Active> <Active>%use_default_rdp_port%</Active>
</FirewallGroup> </FirewallGroup>
</FirewallGroups> </FirewallGroups>
</component> </component>
@ -144,7 +147,8 @@
<SkipMachineOOBE>true</SkipMachineOOBE> <SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE> <SkipUserOOBE>true</SkipUserOOBE>
</OOBE> </OOBE>
<TimeZone>China Standard Time</TimeZone> <!-- 不设置时区,则使用镜像的默认时区 -->
<!-- <TimeZone>China Standard Time</TimeZone> -->
</component> </component>
</settings> </settings>
</unattend> </unattend>