参考文档
https://blog.upx8.com/3587
www.coolapk.com
termux
换源
ssh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| pkg install openssh
sshd
vim ~/.bashrc
===
if pgrep -x "sshd" >/dev/null
then
echo "sshd运行中..."
else
sshd
termux-wake-lock
echo "启动sshd"
fi
===
# 默认端口 8022
# 获取用户名
whoami
# 设置密码
passwd
|
开机自自动
- 安装插件 Termux:Boot (屏幕左边右滑出现菜单)
- 添加
1
2
3
4
5
6
7
8
9
| mkdir -p ~/.termux/boot/
vim ~/.termux/boot/0-start-sshd
===
#!/data/data/com.termux/files/usr/bin/bash
termux-wake-lock
sshd
===
chmod +x ~/.termux/boot/0-start-sshd
# termux-wake-lock命令可防止手机休眠导致 Termux 应用的进程被冻结
|
安装lxc
1
2
3
4
5
| pkg update
pkg install root-repo
pkg install lxc tsu
# tsu 切换到root用户
|
目录
1
2
3
4
| # 相当于 /usr 目录
tree -d -L 1 $PREFIX
# home目录也是特殊的
echo $HOME
|
访问外部存储
1
2
3
4
5
6
7
8
9
10
11
12
| # 符号链接
termux-setup-storage
tree storage
# df -h
ls /storage
# 内置存储
ls /storage/self/primary
# sd 卡
ls /storage/9C33-6BBD
# /sdcard 外部存储的根目录
|
安装debian
挂载cgroup
1
2
3
| tsu
# 检测cgroup版本, /sys/fs/cgroup type 后面的数字
mount | grep cgroup
|
cgroup1:`
1
| echo "lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy" >> /$PREFIX/share/lxc/config/common.conf
|
cgroup2:
1
| echo "lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=0" >> /$PREFIX/share/lxc/config/common.conf
|
配置网络host模式
1
| sed -i 's/lxc\.net\.0\.type = empty/lxc.net.0.type = none/g' /data/data/com.termux/files/usr/etc/lxc/default.conf
|
===每次重启lxc都要运行下面的命令===
1
2
3
| sudo mount -t tmpfs -o mode=755 tmpfs /sys/fs/cgroup && sudo mkdir -p /sys/fs/cgroup/devices && sudo mount -t cgroup -o devices cgroup /sys/fs/cgroup/devices && sudo mkdir -p /sys/fs/cgroup/systemd && sudo mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd
sudo lxc-setup-cgroups
|
创建容器
1
2
3
4
5
6
| lxc-create -t download -n debian -- --server mirrors.tuna.tsinghua.edu.cn/lxc-images --no-validate
# 接着输入
# 系统------debian
# 版本------bookworm
# 架构------arm64
|
修改密码
1
2
3
4
5
6
7
8
9
10
11
12
| sudo chroot $PREFIX/var/lib/lxc/debian/rootfs bin/passwd
# 或者修改
# /data/data/com.termux/files/usr/var/lib/lxc/debian/rootfs/etc/shadow
# 把 root:*: 改为 root:paa5KD6arxLr2:
# 这样密码就是123456
paVmoCD4tC8O2 135096
# 生成密码原理
echo $(perl -e 'print crypt($ARGV[0], "password")' 123456)
# 生成加密密码 =>
# paa5KD6arxLr2
|
启动容器
1
| lxc-start -n debian -d -F
|
添加开机启动
1
2
3
4
5
6
7
8
9
| vim ~/.termux/boot/1-debian
===
#!/data/data/com.termux/files/usr/bin/bash
sudo mount -t tmpfs -o mode=755 tmpfs /sys/fs/cgroup && sudo mkdir -p /sys/fs/cgroup/devices && sudo mount -t cgroup -o devices cgroup /sys/fs/cgroup/devices && sudo mkdir -p /sys/fs/cgroup/systemd && sudo mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd
sudo lxc-setup-cgroups
sudo lxc-start debian
===
chmod +x ~/.termux/boot/1-debian
|
LXC容器常用命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| # 查询已创建容器
sudo lxc-ls --fancy
# -n 容器名 -d 以守护进程运行
sudo lxc-start -n debian -d
# 查询容器状态
sudo lxc-info -n debian
# 启动容器
sudo lxc-start -n debian
# 停止容器
sudo lxc-stop -n debian
# 删除容器
sudo lxc-destroy -n debian
# 冻结容器(阻塞容器所有进程直到解冻)
sudo lxc-freeze -n debian
# 解冻容器
sudo lxc-unfreeze -n debian
# 登录容器
sudo lxc-console -n debian
# 退出
Type <Ctrl+a q> to exit the console
# 再次登录
sudo lxc-console -n debian
<Ctrl+a Ctrl+a> to enter
|
系统只读
1
2
| # 进入lxc需要先重新挂载/
mount -n -o remount,suid /
|
没有网络
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| groupadd -g 3003 aid_inet
usermod -G nogroup -g aid_inet _apt
echo "aid_inet:x:3003:" >> /etc/group
vim /etc/passwd
# _apt第二个数组改成3003
# _apt:x:123:3003::/nonexistent:/bin/false
vim /etc/group
# _apt添加到nogroup
# nogroup:x:65534:_apt
# 普通用户修改第二个用户组为3003
vim /etc/passwd
# 会被重置, 每次都要执行
echo "nameserver 8.8.8.8" > /etc/resolv.conf
systemctl stop systemd-resolved
systemctl disable systemd-resolved
|
配置路由
1
2
3
4
5
| getway=$(sudo ip route get 8.8.8.8 | awk '{ for(i=1; i<=NF; i++) { if($i == "via") { print $(i+1); break; } } }')
sudo ip rule add pref 1 from all lookup main
sudo ip rule add pref 2 from all lookup default
sudo ip route add default via $getway dev wlan0
sudo ip rule add from all lookup main pref 30000
|
调整防火墙
1
2
| apt install iptables
iptables -t filter -F
|
添加到 rc.local
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| vim /lib/systemd/system/rc-local.service
# 最后, 空一行, 添加
===
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
===
vim /etc/rc.local
===
#!/bin/sh
mount -n -o remount,suid /
systemctl start systemd-resolved
echo "nameserver 8.8.8.8" > /etc/resolv.conf
systemctl stop systemd-resolved
systemctl disable systemd-resolved
getway=$(sudo ip route get 8.8.8.8 | awk '{ for(i=1; i<=NF; i++) { if($i == "via") { print $(i+1); break; } } }')
sudo ip rule add pref 1 from all lookup main
sudo ip rule add pref 2 from all lookup default
sudo ip route add default via $getway dev wlan0
sudo ip rule add from all lookup main pref 30000
update-alternatives --set iptables /usr/sbin/iptables-legacy
iptables -t filter -F
===
chmod +x /etc/rc.local
systemctl enable rc-local
|
lxc里的docker报错
1
2
| 下载 https://redblue.lanzouk.com/iENa411tn8qj
解压后替换 /data/data/com.termux/files/usr/var/lib/lxc/debian/rootfs/usr/bin/runc
|
添加ssh启动
1
2
3
4
5
6
7
| apt install openssh-server
vim /etc/ssh/sshd_config
===
#PermitRootLogin prohibit-password
PermitRootLogin yes
===
systemctl restart sshd
|
1
2
| sudo ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
date
|
映射目录
1
2
3
4
5
| tsu
cd $PREFIX/var/lib/lxc/debian
vim config
# lxc.mount.entry = /宿主机路径 容器内路径 none bind 0 0
lxc.mount.entry = /storage/self/primary /data/data/com.termux/files/usr/var/lib/lxc/debian/rootfs none bind 0 0
|
查看电流
1
| /sys/class/power_supply/battery/current_now
|
proot
提取config
root 后, 提取 /proc/config.gz, 然后解压
selinux
getenforce
:强制模式 enforcing, 宽容模式 permissive
切换到宽容: setenforce 0
busybox mount -t cifs -o username=guest,password=,vers=3.0 //192.168.2.1/h1 /mnt/runtime/write/emulated/0/CIFS
mount -t cifs -o username=guest,password=,ro,iocharset=utf8 //192.168.1.2/h1 /mnt/runtime/write/emulated/0/CIFS
su –mount-master -c mount -o username=guest -t cifs //192.168.2.1/h1 /mnt/runtime/write/emulated/0/CIFS
alist
/usr/bin/alist admin set Xinmima –data ‘/etc/alist’
lxc
1
2
3
| alias start="su -c /data/lxc/ubuntu root"
alias stop="su -c /data/lxc/stop root"
|
tun
1
2
| lxc.cgroup.devices.allow = c 10:200 rwm
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
|
1
2
3
4
| modprobe tun
vim /etc/modules-load.d/modules.conf
tun
|
1
| ip rule add from 组网的设备ip lookup main pref 1
|
docker
1
2
3
| vim $PREFIX/etc/docker/daemon.json
storage-driver 改为vfs
|
container 装回旧版
1
2
3
4
5
| pkg install docker
pkg uninstall docker
pkg uninstall containerd
dpkg -i containerd_1.6.21-1_aarch64.deb
dpkg -i docker_1_20.10.24_aarch64.deb
|
网络
1
2
3
4
5
6
7
| pkg install iproute2
getway=$(ip route get 8.8.8.8 | grep -oP '(?<=via )[^ ]*')
sudo ip route add default via $getway dev wlan0
sudo ip rule add from all lookup main pref 30000
sudo ip rule add pref 1 from all lookup main
sudo ip rule add pref 2 from all lookup default
|
挂载
1
2
3
4
| sudo mount -o remount,rw /
sudo mount -t tmpfs -o uid=0,gid=0,mode=755 cgroup /sys/fs/cgroup
sudo dockerd --iptables=false &>/dev/null &
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| # It will make storage writable to add some file and folders docker require
sudo mount -o remount,rw /
# It will make cgroup mountable as existing process in dockerd can not mount properly
sudo mount -t tmpfs -o mode=755 tmpfs /sys/fs/cgroup
sudo mkdir -p /sys/fs/cgroup/devices
sudo mount -t cgroup -o devices cgroup /sys/fs/cgroup/devices
# It will check if /var/run/ folder already created and creat if not
DIRECTORY=/var/run/
if [ ! -d "$DIRECTORY" ]; then
mkdir -p /var/run/
fi
# It will mount run folder location of docker to official location
sudo mount --bind /data/docker/run/ /var/run/
# Now gracefully start docker
# iptables command not required as we have now network access
sudo dockerd &>/dev/null & # --iptables=false
|
1
| sudo ls /data/docker/lib/docker/volumes
|