# system-image **Repository Path**: FogVDN/system-image ## Basic Information - **Project Name**: system-image - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: ubuntu-24.04 - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2024-04-29 - **Last Updated**: 2025-09-04 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README 安装 Ubuntu 24.04 LTS ===================== 系统配置 -------- - 系统磁盘 25G ![系统配置](image.png) 安装界面 -------- ![安装界面-语言](image-1.png) ![安装界面-辅助选项](image-2.png) ![安装界面-键盘](image-3.png) ![安装界面-网络](image-4.png) ![安装界面-升级安装器](image-5.png) ![安装界面-安装模式](image-6.png) ![安装界面-安装选项](image-7.png) ![安装界面-添加第三方驱动](image-8.png) ![安装界面-手动选择磁盘](image-9.png) ![安装界面-手动分区-选择启动磁盘](image-10.png) ![安装界面-手动分区-建立根目录分区](image-11.png) ![安装界面-手动分区-结果](image-12.png) 这里计算机名应为 pear vvvvvvvvvvvvvvvvvvvv ![安装界面-用户设置](image-13.png) ^^^^^^^^^^^^^^^^^^^ 这里计算机名应为 pear ![安装界面-时区](image-14.png) ![安装界面-确认页](image-15.png) ![安装界面-安装完成](image-16.png) 完成后不要重启，选择“Continue testing”（继续测试），然后在安装 CD 环境打开终端。 ### 安装 SSH 服务 ```sh sudo apt update sudo apt install --quiet --assume-yes openssh-server sudo systemctl restart ssh.service passwd ``` ### 挂载系统目录并进入 chroot 环境 Ubuntu 的安装程序会把安装目标挂载到 `/target` 目录，我们需要把一些系统目录挂载到 `/target` 目录下，然后进入 chroot 环境。 ```sh TARGET=/target mount -t sysfs sysfs $TARGET/sys mount -t proc proc $TARGET/proc mount -t devtmpfs udev $TARGET/dev mount -t devpts devpts $TARGET/dev/pts mount -t tmpfs tmpfs $TARGET/run mount -t efivarfs efivarfs $TARGET/sys/firmware/efi/efivars mount -t securityfs securityfs $TARGET/sys/kernel/security mount -t cgroup2 cgroup2 $TARGET/sys/fs/cgroup mount -t pstore pstore $TARGET/sys/fs/pstore mount -t mqueue mqueue $TARGET/dev/mqueue mount -t configfs configfs $TARGET/sys/kernel/config mount -t debugfs debugfs $TARGET/sys/kernel/debug mount -t tracefs tracefs $TARGET/sys/kernel/tracing mount -t fusectl fusectl $TARGET/sys/fs/fuse/connections mount -t bpf bpf $TARGET/sys/fs/bpf mount -t tmpfs tmpfs $TARGET/dev/shm mount -t tmpfs tmpfs $TARGET/tmp mount -t tmpfs tmpfs $TARGET/var/lib/apt/lists mount -t tmpfs tmpfs $TARGET/var/lib/apt/mirrors chroot $TARGET /bin/bash ``` 配置新系统 ---------- ### 删除 SWAP ```sh rm -rf /swap.img sed -i '/swap.img/d' /etc/fstab ``` ### 设置系统区域与语言 ```sh echo "C.UTF-8 UTF-8" >>/etc/locale.gen echo "zh_CN.UTF-8 UTF-8" >>/etc/locale.gen dpkg-reconfigure --frontend=noninteractive locales ``` ### 手动设置DNS服务器 ```sh rm -f /etc/resolv.conf cat </etc/resolv.conf nameserver 127.0.0.1 nameserver 119.29.29.29 nameserver 223.5.5.5 nameserver 2402:4e00:: nameserver 2400:3200::1 nameserver 114.114.114.114 nameserver 8.8.8.8 search localdomain pear.link option edns0 trust-ad EOF ``` ### 添加软件源 ```sh # Set ubuntu sources cat </etc/apt/sources.list.d/ubuntu.sources Types: deb URIs: http://mirrors.ustc.edu.cn/ubuntu/ http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ Suites: noble noble-updates noble-backports noble-security Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF # Set OpenResty sources cat </etc/apt/sources.list.d/openresty.sources Types: deb URIs: http://openresty.org/package/ubuntu Suites: noble Components: main Signed-By: /etc/apt/keyrings/openresty-archive-keyring.gpg EOF wget -q https://openresty.org/package/pubkey.gpg -O - | gpg --dearmor >/etc/apt/keyrings/openresty-archive-keyring.gpg # Set Ookla Speedtest CLI sources cat </etc/apt/sources.list.d/ookla_speedtest-cli.sources Types: deb URIs: https://packagecloud.io/ookla/speedtest-cli/ubuntu Suites: jammy Components: main Signed-By: /etc/apt/keyrings/ookla_speedtest-cli-archive-keyring.gpg EOF wget -q "https://packagecloud.io/ookla/speedtest-cli/gpgkey" -O - | gpg --dearmor >/etc/apt/keyrings/ookla_speedtest-cli-archive-keyring.gpg apt update ``` ### 安装 OpenResty ```sh apt install -y openresty ``` ### 安装 Ookla Speedtest CLI ```sh apt install -y speedtest ``` ### 安装 Hardinfo2 从 Ubuntu 25.04 的镜像源找，最新版应该是 2.2.7 (截至2025-03-03) ### 安装 Google Chrome 浏览器 ```sh DOWNLOAD_LINK='https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb' wget -q "${DOWNLOAD_LINK}" -O /tmp/google-chrome-stable_current_amd64.deb sudo apt install -y /tmp/google-chrome-stable_current_amd64.deb ``` ### 安装 PearOS 系统包 ```sh apt install -y ./pearos.deb ./pearos-meta.deb ``` ### 删除无用软件包 ```sh apt purge --auto-remove --purge -y firefox snapd gnome-initial-setup cloud-* ubuntu-pro-* ubuntu-advantage-* apparmor ufw apport memtest86+ apt upgrade --auto-remove --purge -y rm -rf /etc/cloud /var/lib/update-notifier /var/log/unattended-upgrades ``` ### 添加自动更新软件源列表 ```sh cat </etc/apt/apt.conf.d/50unattended-upgrades-pearos Unattended-Upgrade::Origins-Pattern { "o=Google LLC"; "o=openresty.org"; }; EOF ``` ### 配置 PHP 参数 ```sh PHP_VERSION="8.3" TMP_SCRIPT="$(mktemp)" cat <<'EOF' >"$TMP_SCRIPT" s/^max_execution_time.*/max_execution_time = 3600/g s/^max_input_time.*/max_input_time = 3600/g s/^memory_limit.*/memory_limit = 512M/g s/^post_max_size.*/post_max_size = 10240M/g s/^upload_max_filesize.*/upload_max_filesize = 10240M/g EOF sed -i -f "$TMP_SCRIPT" /etc/php/${PHP_VERSION}/cli/php.ini sed -i -f "$TMP_SCRIPT" /etc/php/${PHP_VERSION}/fpm/php.ini ``` ### 关闭系统服务 ```sh systemctl disable NetworkManager.service NetworkManager-wait-online.service containerd.service docker.service gnome-remote-desktop.service systemd-networkd.service systemd-resolved.service networkd-dispatcher.service ``` ### 添加并配置用户 pear 和 support ```sh useradd -G adm,cdrom,dip,lpadmin,plugdev,sudo,users -m -U -p '$y$j9T$qp9U9BnCgeSXjkwk2jt4b/$g94zRoRZw4B2aUf3yhamA5MzPheiD1m0NIuQWH4b/Y0' -s /bin/bash -c Pear pear useradd -G adm,cdrom,dip,lpadmin,plugdev,sudo,users -m -U -p '$y$j9T$h6e.DtZXxY5OyKChfs6WF.$4NVcO05bxYMnLN1Odo8Eg6tLRxoxuDZcaibXylF4h14' -s /bin/bash support cat </etc/sudoers.d/pearos pear ALL=(ALL:ALL) NOPASSWD: ALL support ALL=(ALL:ALL) NOPASSWD: ALL EOF chmod 440 /etc/sudoers.d/pearos cat </var/lib/AccountsService/users/pear [User] Languages=zh_CN; FormatsLocale=zh_CN.UTF-8 EOF cat </var/lib/AccountsService/users/support [User] SystemAccount=true EOF cat </home/pear/.pam_environment LANGUAGE DEFAULT=zh_CN:en LANG DEFAULT=zh_CN.UTF-8 EOF ``` ### 其它配置 #### 网络 ```sh cat <<'EOF' >/etc/systemd/network/99-default.link [Match] OriginalName=* [Link] NamePolicy=keep kernel database slot path AlternativeNamesPolicy=database slot path MACAddressPolicy=persistent EOF cat <<'EOF' >/etc/udev/rules.d/25-pearbox-onboard-r8125.rules SUBSYSTEM=="net", SUBSYSTEMS=="pci", ATTRS{vendor}=="0x10ec", ATTRS{device}=="0x8125", ATTR{ifindex}=="2", NAME="eth0" SUBSYSTEM=="net", SUBSYSTEMS=="pci", ATTRS{vendor}=="0x10ec", ATTRS{device}=="0x8125", ATTR{ifindex}=="3", NAME="eth1" SUBSYSTEM=="net", SUBSYSTEMS=="pci", ATTRS{vendor}=="0x10ec", ATTRS{device}=="0x8125", ATTR{ifindex}=="4", NAME="eth2" SUBSYSTEM=="net", SUBSYSTEMS=="pci", ATTRS{vendor}=="0x10ec", ATTRS{device}=="0x8125", ATTR{ifindex}=="5", NAME="eth3" EOF ``` #### 禁止自动更新重启业务服务 ```sh cat <<'EOF' >/etc/needrestart/conf.d/pear.conf push @{$nrconf{blacklist_rc}}, qr(^openfog); push @{$nrconf{blacklist_rc}}, qr(^pear); push @{$nrconf{blacklist_rc}}, qr(^xc_cdn); EOF ``` #### 禁止 NetworkManager 管理所有设备 ```sh cat </etc/NetworkManager/conf.d/99-unmanaged-devices.conf [keyfile] unmanaged-devices=* EOF ``` #### 禁用 Wayland ```sh sed -i '/WaylandEnable=false/s/^#//' /etc/gdm3/custom.conf ``` #### 自动为系统重新生成 SSH 主机密钥 ```sh rm -rf /etc/ssh/ssh_host_* cat <<'EOF' >/etc/systemd/system/sshdkeygen.service [Unit] Description=SSH Key Generation Before=ssh.service ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub [Service] ExecStart=/usr/bin/ssh-keygen -A Type=oneshot RemainAfterExit=yes [Install] WantedBy=ssh.service EOF systemctl enable sshdkeygen.service ssh.service ``` #### 其它系统设定 ```sh # Select ViM as default editor sudo update-alternatives --set editor /usr/bin/vim.basic # Do not validate password strength sudo pam-auth-update --package --remove pwquality --force cat <<'EOF' >/etc/docker/daemon.json { "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "10" } } EOF ``` 安装 FRP -------- ```sh FRP_VERSION="0.61.0" wget -O /tmp/frp-amd64.tar.xz "https://download.openfogos.com/make_ubuntu/frp-${FRP_VERSION}-pear-amd64.tar.xz" tar -xf /tmp/frp-amd64.tar.xz -C / systemctl enable frpc.service ``` 安装终端程序 ------------ ```sh INSTALLATION_PATH=/opt/openfog wget -O /tmp/fog.tar.gz https://download.openfogos.com/release/fogvdn_PEAR_X64_LINUX_latest.tar.gz mkdir "${INSTALLATION_PATH}" cd "${INSTALLATION_PATH}" tar -xf /tmp/fog.tar.gz mkdir /etc/pear/ printf "INSTALLATION_PATH=\"${INSTALLATION_PATH}\"" >/etc/pear/pear_installation_path "${INSTALLATION_PATH}/etc/pear/pear_update/post_command.sh" ``` 安装 PearBox ------------ ```sh INSTALLATION_PATH=/opt/openfog PEARBOX_VERSION="2.3" # TODO: Download PearBox, save as /tmp/pearbox_x86_64-${PEARBOX_VERSION}.ppkg and /tmp/ppkg_config.json cat <"${INSTALLATION_PATH}/etc/pear/pear_updater/apps.json" { "apps": [ { "name": "pearbox_x86_64", "version": "${PEARBOX_VERSION}", "flags": [ "PRESERVE_CONF" ] } ] } EOF mkdir -p "${INSTALLATION_PATH}/etc/pear/pear_updater/packages/pearbox_x86_64/${PEARBOX_VERSION}" cd "${INSTALLATION_PATH}/etc/pear/pear_updater/packages/pearbox_x86_64/${PEARBOX_VERSION}" cp /tmp/pearbox_x86_64-${PEARBOX_VERSION}.ppkg pearbox_x86_64-${PEARBOX_VERSION}.ppkg tar -xf pearbox_x86_64-${PEARBOX_VERSION}.ppkg mkdir -p control tar -xf control.tar -C control tar -xf data.tar -C / tar -tf data.tar >file_list.txt jq -M '.src = ""' /tmp/ppkg_config.json >ppkg_info.json ./control/post_unpack.sh ``` ### 安装 Kodbox ```sh KODBOX_VERSION="1.56" mkdir -p /usr/local/openresty/nginx/kodbox cd /usr/local/openresty/nginx/kodbox wget -O /tmp/kodbox.zip "https://static.kodcloud.com/update/download/kodbox.${KODBOX_VERSION}.zip" unzip /tmp/kodbox.zip # TODO: wget oemPear.zip cd /usr/local/openresty/nginx/kodbox/plugins unzip /tmp/oemPear.zip cd /usr/local/openresty/nginx/kodbox cp plugins/oemPear/setting_user_more.php config/ chown -R www-data:www-data /usr/local/openresty/nginx/kodbox ``` 退出 Chroot 环境，然后安装 MySQL，并且把 `/target/var/lib/mysql` 挂载到 `/var/lib/mysql`。导入数据后，卸载 `/var/lib/mysql`。 ```sh # TODO: Check user and group id in /target/etc/passwd and /target/etc/group TARGET_MYSQL_UID=119 TARGET_MYSQL_GID=124 # TODO: Remove TARGET_MYSQL_UID and TARGET_MYSQL_GID from /etc/passwd and /etc/group in CD environment groupadd -g ${TARGET_MYSQL_GID} mysql useradd -u ${TARGET_MYSQL_UID} -g ${TARGET_MYSQL_GID} -r -s /bin/false -d /nonexistent -c "MySQL Server" mysql apt update apt install -y mysql-server systemctl stop mysql.service mount --rbind /target/var/lib/mysql /var/lib/mysql systemctl start mysql.service mysql <<'EOF' CREATE DATABASE kodbox; USE mysql; CREATE USER 'kodbox'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON kodbox.* TO 'kodbox'@'localhost'; FLUSH PRIVILEGES; EOF systemctl stop mysql.service umount -R /var/lib/mysql ``` 清理 ---- 在 Chroot 环境中执行以下命令： ```sh apt clean journalctl --vacuum-size=0 rm -rf /var/lib/dbus/machine-id rm -rf /var/lib/apt/extended_states /var/lib/apt/list/lock /var/lib/apt/periodic/unattended-upgrades-stamp /var/lib/apt/periodic/update-success-stamp rm -rf /var/cache/debconf/config.dat /var/cache/debconf/config.dat-old /var/cache/debconf/templates.dat /var/cache/debconf/templates.dat-old rm -rf /var/log/alternatives.log /var/log/apt /var/log/dpkg.log rm -rf /root/.bash_history /root/.local /root/.ssh /root/.lesshst /root/.viminfo /root/.wget-hsts ```