first commit

.github/data/crt.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+PKI_DIR="/etc/openvpn/keys"
+echo 删除缓存目录 ${PKI_DIR}
+rm -Rf ${PKI_DIR}
+echo 新建目录 ${PKI_DIR}
+mkdir -p ${PKI_DIR}
+chmod -R 0600 ${PKI_DIR}
+cd ${PKI_DIR}
+touch index.txt; echo 1000 > serial
+echo 新建证书目录 newcerts
+mkdir newcerts
+echo 拷贝配置文件
+cp /etc/ssl/openssl.cnf ${PKI_DIR}
+cd newcerts
+echo 修改配置
+PKI_CNF=${PKI_DIR}/openssl.cnf
+sed -i '/^dir/   s:=.*:= /etc/openvpn/keys:' ${PKI_CNF}
+sed -i '/.*Name/ s:= match:= optional:' ${PKI_CNF}
+sed -i '/organizationName_default/    s:= .*:= WWW Ltd.:' ${PKI_CNF}
+sed -i '/stateOrProvinceName_default/ s:= .*:= London:' ${PKI_CNF}
+sed -i '/countryName_default/         s:= .*:= GB:' ${PKI_CNF}
+sed -i '/default_days/   s:=.*:= 3650:' ${PKI_CNF} ## default usu.: -days 365
+sed -i '/default_bits/   s:=.*:= 4096:' ${PKI_CNF} ## default usu.: -newkey rsa:2048
+echo 添加必要的内容
+cat >> ${PKI_CNF} <<"EOF"
+###############################################################################
+### Check via: openssl x509 -text -noout -in *.crt | grep 509 -A 1
+[ server ]
+# X509v3 Key Usage: Digital Signature, Key Encipherment
+# X509v3 Extended Key Usage: TLS Web Server Authentication
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ client ]
+# X509v3 Key Usage: Digital Signature
+# X509v3 Extended Key Usage: TLS Web Client Authentication
+keyUsage = digitalSignature
+extendedKeyUsage = clientAuth
+
+EOF
+echo 生成CA密钥和证书
+openssl req -batch -nodes -new -keyout "ca.key" -out "ca.crt" -x509 -config ${PKI_CNF} ## x509 (self-signed) for the CA
+echo 生成Server密钥和证书
+openssl req -batch -nodes -new -keyout "server.key" -out "server.csr" -subj "/CN=server" -config ${PKI_CNF}
+openssl ca -batch -keyfile "ca.key" -cert "ca.crt" -in "server.csr" -out "server.crt" -config ${PKI_CNF} -extensions server
+echo 生成Client密钥和证书
+openssl req -batch -nodes -new -keyout "client1.key" -out "client1.csr" -subj "/CN=client1" -config ${PKI_CNF}
+openssl ca -batch -keyfile "ca.key" -cert "ca.crt" -in "client1.csr" -out "client1.crt" -config ${PKI_CNF} -extensions client
+echo 生成dh2048.pem文件, 这一步会很久
+openssl dhparam -out dh2048.pem 2048
+echo 开始复制证书文件
+cp ca.crt client1.key client1.crt server.key server.crt /etc/openvpn
+echo 修改OpenVPN Server配置文件
+uci set openvpn.myvpn.dh=/etc/openvpn/dh2048.pem
+uci set openvpn.myvpn.duplicate_cn=1
+uci commit openvpn
+echo 添加防火墙规则
+sed -i '$a iptables -t nat -A PREROUTING -i eth1 -p udp --dport 53 -j REDIRECT --to-ports 1194' /etc/firewall.user
+/etc/init.d/openvpn restart
+/etc/init.d/firewall restart
+echo 执行完毕

.github/workflows/360T7.yml

@@ -0,0 +1,176 @@
+#
+# Copyright (c) 2019-2020 P3TERX <https://p3terx.com>
+#
+# This is free software, licensed under the MIT License.
+# See /LICENSE for more information.
+#
+# https://github.com/P3TERX/Actions-OpenWrt
+# Description: Build OpenWrt using GitHub Actions
+#
+
+name: 360T7
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '360T7/.config'
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 1 * *'
+
+env:
+  REPO_URL: https://github.com/hanwckf/immortalwrt-mt798x
+  REPO_BRANCH: openwrt-21.02
+  FEEDS_CONF: 360T7/feeds.conf.default
+  CONFIG_FILE: 360T7/.config
+  DIY_P1_SH: 360T7/diy1.sh
+  DIY_P2_SH: 360T7/diy2.sh
+  UPLOAD_FIRMWARE: false
+  UPLOAD_RELEASE: true
+  TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+  TELEGRAM_CHATID: ${{ secrets.TELEGRAM_CHATID }}
+  TZ: Asia/Shanghai
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+
+    steps:
+    - name: 检查项目分支
+      uses: actions/checkout@main
+
+    - name: 初始化编译环境
+      env:
+        DEBIAN_FRONTEND: noninteractive
+      run: |
+        sudo rm -rf /etc/apt/sources.list.d/* /usr/share/dotnet /usr/local/lib/android /opt/ghc
+        sudo apt update
+        sudo bash -c 'bash <(curl -s https://build-scripts.immortalwrt.org/init_build_environment.sh)'
+        sudo apt autoremove --purge
+        sudo apt clean
+        sudo timedatectl set-timezone "$TZ"
+        sudo mkdir -p /workdir
+        sudo chown $USER:$GROUPS /workdir
+        echo "FIRMWARE_VERSION=$(date +"%y%m%d")" >> $GITHUB_ENV
+        echo "START_DATE=$(date +%s)" >> $GITHUB_ENV
+
+    - name: 下载源码
+      working-directory: /workdir
+      run: |
+        df -hT $PWD
+        git clone --single-branch -b $REPO_BRANCH $REPO_URL openwrt
+        ln -sf /workdir/openwrt $GITHUB_WORKSPACE/openwrt
+
+    - name: 加载软件源
+      run: |
+        [ -e $FEEDS_CONF ] && mv $FEEDS_CONF openwrt/feeds.conf.default
+        chmod +x $DIY_P1_SH
+        cd openwrt
+        $GITHUB_WORKSPACE/$DIY_P1_SH
+
+    - name: 更新并安装软件源
+      run: cd openwrt && ./scripts/feeds update -a && ./scripts/feeds install -a
+
+    - name: 加载自定义配置
+      run: |
+        [ -e 360T7/files ] && mv 360T7/files openwrt/files
+        [ -e $CONFIG_FILE ] && mv $CONFIG_FILE openwrt/.config
+        chmod +x $DIY_P2_SH
+        cd openwrt
+        $GITHUB_WORKSPACE/$DIY_P2_SH
+
+    - name: 下载包
+      id: package
+      run: |
+        cd openwrt
+        make defconfig
+        make download -j8
+        find dl -size -1024c -exec ls -l {} \;
+        find dl -size -1024c -exec rm -f {} \;
+
+    - name: 编译固件
+      id: compile
+      run: |
+        cd openwrt
+        echo -e "$(nproc) thread compile"
+        if make -j$(nproc); then
+            echo "status=success" >> $GITHUB_OUTPUT
+        else
+            duration=$(( ($(date +%s) - ${{ env.START_DATE }}) / 60 )) && time=$(( duration / 60 ))小时$(( duration % 60 ))分钟
+            content="360T7固件编译失败%0A多线程编译失败，尝试单线程编译%0A固件版本：${{ env.FIRMWARE_VERSION }}%0A编译用时：${time}"
+            curl "https://api.telegram.org/bot${{ env.TELEGRAM_BOT_TOKEN }}/sendMessage?chat_id=${{ env.TELEGRAM_CHATID }}&text=$content"
+            second_time=$(date +%s)
+            if make -j1 V=s; then
+                echo "status=success" >> $GITHUB_OUTPUT
+            else
+                duration=$(( ($(date +%s) - ${second_time}) / 60 )) && time=$(( duration / 60 ))小时$(( duration % 60 ))分钟
+                content="360T7固件编译失败%0A单线程编译失败%0A固件版本：${{ env.FIRMWARE_VERSION }}%0A编译用时：${time}"
+                curl "https://api.telegram.org/bot${{ env.TELEGRAM_BOT_TOKEN }}/sendMessage?chat_id=${{ env.TELEGRAM_CHATID }}&text=$content"
+            fi
+        fi
+
+    - name: 整理文件
+      id: organize
+      if: steps.compile.outputs.status == 'success' && !cancelled()
+      run: |
+        # 整理固件包时候,删除您不想要的固件或者文件,让它不需要上传到Actions空间
+        cd openwrt/bin/targets/*/*
+        mkdir -p package
+        mv packages package/core
+        mv package packages
+        mv $GITHUB_WORKSPACE/openwrt/bin/packages/*/* packages
+        tar -czf packages.tar.gz packages
+        rm -rf packages
+        rm -rf version.buildinfo
+        rm -rf profiles.json
+        rm -rf *rootfs*
+        rm -rf *kernel*
+        rm -rf *.manifest
+        rm -rf feeds.buildinfo
+        rm -rf sha256sums
+        rm -rf *toolchain*
+        mv *sysupgrade.bin 360T7-${{ env.FIRMWARE_VERSION }}-sysupgrade.bin || echo 没有找到 *sysupgrade.bin 文件
+        mv *factory.bin 360T7-${{ env.FIRMWARE_VERSION }}-factory.bin || echo 没有找到 *factory.bin 文件
+        echo -e "$(sha256sum *)\n" > sha256sums
+        echo "FIRMWARE=$PWD" >> $GITHUB_ENV
+        echo "status=success" >> $GITHUB_OUTPUT
+
+    - name: 上传固件到Github Actions空间
+      if: steps.organize.outputs.status == 'success' && env.UPLOAD_FIRMWARE == 'true'
+      continue-on-error: true 
+      uses: actions/upload-artifact@main
+      with:
+        name: 360T7-${{ env.FIRMWARE_VERSION }}
+        path: ${{ env.FIRMWARE }}
+
+    - name: 创建release标签
+      id: tag
+      if: steps.organize.outputs.status == 'success' && env.UPLOAD_RELEASE == 'true' && !cancelled()
+      run: |
+        echo "编译时间：$(date -d "@${{ env.START_DATE }}" +"%Y年%m月%d日 %H点%M分")" >> release.txt
+        echo "默认网关：192.168.3.1" >> release.txt
+        echo 包含插件：$(grep "CONFIG_PACKAGE_luci-app-\(.*\)=y" openwrt/.config | sed "s/CONFIG_PACKAGE_luci-app-\(.*\)=y/\1/g" | grep -v "_\|arpbind\|autoreboot\|firewall\|mtk\|opkg") >> release.txt
+        echo "release_tag=$release_tag" >> $GITHUB_OUTPUT
+        echo "status=success" >> $GITHUB_OUTPUT
+
+    - name: 将固件上传到release
+      uses: softprops/action-gh-release@v1
+      if: steps.tag.outputs.status == 'success' && !cancelled()
+      continue-on-error: true
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      id: upload-release
+      with:
+        name: 360T7-${{ env.FIRMWARE_VERSION }}
+        tag_name: 360T7
+        body_path: release.txt
+        files: ${{ env.FIRMWARE }}/*
+
+    - name: Telegram 通知
+      if: steps.compile.outputs.status == 'success' && env.TELEGRAM_CHATID && env.TELEGRAM_BOT_TOKEN
+      run: |
+        duration=$(( ($(date +%s) - ${{ env.START_DATE }}) / 60 )) && time=$(( duration / 60 ))小时$(( duration % 60 ))分钟
+        content="360T7固件编译成功%0A固件版本：${{ env.FIRMWARE_VERSION }}%0A编译用时：${time}"
+        curl "https://api.telegram.org/bot${{ env.TELEGRAM_BOT_TOKEN }}/sendMessage?chat_id=${{ env.TELEGRAM_CHATID }}&text=$content"