修复Alertmanager无法启动的问题

为cAdvisor添加架构判断

Ansible-Playbook/install_python3.yml

@@ -0,0 +1,20 @@
+- name: bootstrap python3
+  hosts: all
+  gather_facts: false
+
+  tasks:
+    - name: check python3 exists
+      raw: command -v python3
+      register: py3_check
+      ignore_errors: true
+
+    - name: install python3 (debian/ubuntu)
+      raw: |
+        apt update &&
+        apt install -y python3 python3-apt
+      when: py3_check.rc != 0
+
+    - name: install python3 (centos)
+      raw: |
+        yum install -y python3
+      when: py3_check.rc != 0

Ansible-Playbook/update_relayx_agent.yml

@@ -0,0 +1,13 @@
+- name: verified execution
+  hosts: all
+  gather_facts: false
+
+  tasks:
+    - name: download
+      get_url:
+        url: https://dl.relayx.cc/upgrade.sh
+        dest: /tmp/upgrade.sh
+        mode: '0755'
+
+    - name: run
+      command: sh /tmp/upgrade.sh

Forward-Tools/firewall_tools.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+set -e
+if [ "$EUID" -ne 0 ]; then
+  echo "❌ 请使用 root 用户运行"
+  exit 1
+fi
+
+if ! command -v firewall-cmd >/dev/null 2>&1; then
+  echo "❌ 未检测到 firewall-cmd"
+  exit 1
+fi
+
+if ! systemctl is-active firewalld >/dev/null 2>&1; then
+  echo "❌ firewalld 未运行"
+  exit 1
+fi
+
+firewall-cmd --permanent --add-masquerade
+
+ZONE=$(firewall-cmd --get-default-zone)
+
+get_forward_ports() {
+  mapfile -t RULES < <(
+    firewall-cmd --permanent --zone="$ZONE" --list-forward-ports || true
+  )
+}
+
+list_rules() {
+  get_forward_ports
+  echo
+  echo "📋 当前端口转发规则（zone=$ZONE）"
+  echo "--------------------------------------"
+
+  if [ "${#RULES[@]}" -eq 0 ]; then
+    echo "（暂无端口转发规则）"
+    return 1
+  fi
+
+  for i in "${!RULES[@]}"; do
+    printf "%2d) %s\n" "$((i+1))" "${RULES[$i]}"
+  done
+}
+
+add_rule() {
+  echo
+  read -rp "本地监听端口: " LOCAL_PORT
+  read -rp "目标 IP 地址: " TO_ADDR
+  read -rp "目标端口: " TO_PORT
+
+  echo "协议类型："
+  echo "1) TCP"
+  echo "2) UDP"
+  read -rp "选择 (1/2): " P
+
+  case "$P" in
+    1) PROTO="tcp" ;;
+    2) PROTO="udp" ;;
+    *) echo "❌ 无效选择"; return ;;
+  esac
+
+  RULE="port=${LOCAL_PORT}:proto=${PROTO}:toport=${TO_PORT}:toaddr=${TO_ADDR}"
+
+  firewall-cmd --permanent --zone="$ZONE" --add-forward-port="$RULE"
+  firewall-cmd --reload
+
+  echo "✅ 已添加端口转发规则"
+}
+
+############################
+# 删除规则
+############################
+delete_rule() {
+  list_rules || return
+
+  echo
+  read -rp "请输入要删除的规则编号: " IDX
+  [[ "$IDX" =~ ^[0-9]+$ ]] || { echo "❌ 输入无效"; return; }
+
+  RULE="${RULES[$((IDX-1))]}"
+  [[ -n "$RULE" ]] || { echo "❌ 编号不存在"; return; }
+
+  echo "⚠️ 即将删除规则："
+  echo "$RULE"
+  read -rp "确认删除？(y/N): " CONFIRM
+  [[ "$CONFIRM" =~ ^[Yy]$ ]] || return
+  firewall-cmd --permanent --zone="$ZONE" --remove-forward-port="$RULE"
+  firewall-cmd --reload
+
+
+  echo "🗑️ 规则已删除"
+}
+
+############################
+# 主菜单
+############################
+while true; do
+  echo
+  echo "====== firewalld 端口转发管理（forward-port） ======"
+  echo "1) 添加端口转发规则"
+  echo "2) 查看端口转发规则"
+  echo "3) 删除端口转发规则"
+  echo "0) 退出"
+  echo "==================================================="
+  read -rp "请选择: " C
+
+  case "$C" in
+    1) add_rule ;;
+    2) list_rules ;;
+    3) delete_rule ;;
+    0) exit 0 ;;
+    *) echo "❌ 无效选择" ;;
+  esac
+done

Forward-Tools/nftables_tools.sh

@@ -0,0 +1,151 @@
+#!/bin/bash
+
+# 确保脚本以 root 权限运行
+if [[ $EUID -ne 0 ]]; then
+   echo "错误：本脚本必须以 root 权限运行" 
+   exit 1
+fi
+
+# 检查是否安装了 nftables
+if ! command -v nft &> /dev/null; then
+    echo "未检查到 nftables，正在尝试安装..."
+    if command -v apt-get &> /dev/null; then
+        apt-get update -y && apt-get install -y nftables
+    elif command -v yum &> /dev/null; then
+        yum install -y nftables
+    else
+        echo "错误：无法自动安装 nftables，请手动安装后重试。"
+        exit 1
+    fi
+    systemctl enable nftables --now
+fi
+
+# 初始化 nftables 的 nat 表和链
+function init_nftables() {
+    nft list table ip nat &>/dev/null
+    if [ $? -ne 0 ]; then
+        echo ""
+        read -p "首次初始化，请输入外部网络接口名称 (oifname, 例如 eth0): " eth_name
+        if [[ -z "$eth_name" ]]; then
+            eth_name="eth0"
+            echo "未输入，默认使用 eth0"
+        fi
+
+        nft add table ip nat
+        # prerouting 链用于 DNAT (修改目标地址)
+        nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; policy accept \; }
+        # postrouting 链用于 SNAT/masquerade (修改源地址)
+        nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; policy accept \; }
+        
+        # 添加通用 masquerade 规则
+        nft add rule ip nat postrouting oifname "$eth_name" masquerade
+    fi
+}
+
+function save_rules() {
+    echo "正在保存 nftables 规则..."
+    if [ -f /etc/redhat-release ]; then
+        nft list ruleset > /etc/sysconfig/nftables.conf || echo "保存失败"
+    else
+        nft list ruleset > /etc/nftables.conf || echo "保存失败"
+    fi
+    echo "规则保存完毕。"
+}
+
+function add_rule() {
+    init_nftables
+
+    echo ""
+    read -p "请输入本地监听端口 (例如 8080): " local_port
+    read -p "请输入目标 IP 地址 (例如 10.0.0.2): " dest_ip
+    read -p "请输入目标端口 (不输入则默认和本地监听端口一致): " dest_port
+    read -p "请输入转发协议 (tcp/udp/both) [默认: both]: " protocol
+    protocol=${protocol:-both}
+    
+    if [[ -z "$dest_port" ]]; then
+        dest_port=$local_port
+    fi
+
+    if [[ -z "$local_port" || -z "$dest_ip" ]]; then
+        echo "本地端口和目标IP不能为空，操作取消。"
+        return
+    fi
+
+    echo "正在添加规则..."
+
+    if [[ "$protocol" == "tcp" || "$protocol" == "both" ]]; then
+        if [[ "$local_port" == "$dest_port" ]]; then
+            nft add rule ip nat prerouting tcp dport $local_port dnat to $dest_ip
+        else
+            nft add rule ip nat prerouting tcp dport $local_port dnat to $dest_ip:$dest_port
+        fi
+    fi
+
+    if [[ "$protocol" == "udp" || "$protocol" == "both" ]]; then
+        if [[ "$local_port" == "$dest_port" ]]; then
+            nft add rule ip nat prerouting udp dport $local_port dnat to $dest_ip
+        else
+            nft add rule ip nat prerouting udp dport $local_port dnat to $dest_ip:$dest_port
+        fi
+    fi
+
+    echo -e "\n成功添加端口转发规则: 本机:$local_port -> $dest_ip:$dest_port (协议: $protocol)"
+    save_rules
+}
+
+function list_rules() {
+    echo ""
+    echo "========== 当前的 NAT 转发规则 =========="
+    nft -a list table ip nat 2>/dev/null || echo "当前没有任何 NAT 规则。"
+    echo "========================================="
+}
+
+function del_rule() {
+    list_rules
+    echo ""
+    echo "提示: 删除规则需要提供上方输出中的链名称 (chain) 和句柄编号 (handle)。"
+    read -p "请输入所在链的名称 (例如 prerouting 或 postrouting): " chain_name
+    read -p "请输入要删除的 rule handle 编号: " handle_num
+    
+    if [[ -n "$chain_name" && -n "$handle_num" ]]; then
+        nft delete rule ip nat $chain_name handle $handle_num
+        if [ $? -eq 0 ]; then
+            echo "规则 (handle $handle_num) 已删除。"
+            save_rules
+        else
+            echo "错误: 删除失败，请检查链名和句柄编号是否正确。"
+        fi
+    else
+        echo "输入无效，操作取消。"
+    fi
+}
+
+function main() {
+    while true; do
+        echo ""
+        echo "==================================="
+        echo "    nftables 端口转发管理脚本       "
+        echo "==================================="
+        echo "1. 添加端口转发规则"
+        echo "2. 查看当前转发规则"
+        echo "3. 删除特定转发规则"
+        echo "4. 退出脚本"
+        echo "==================================="
+        read -p "请选择一个操作 [1-4]: " option
+
+        case $option in
+            1) add_rule ;;
+            2) list_rules ;;
+            3) del_rule ;;
+            4) 
+                echo "退出脚本..."
+                exit 0 
+                ;;
+            *) 
+                echo "无效的选项，请重新选择。" 
+                ;;
+        esac
+    done
+}
+
+main

Forward-Tools/socat_tools.sh

@@ -0,0 +1,214 @@
+#!/bin/bash
+
+set -e
+
+SERVICE_PREFIX="socat-"
+SYSTEMD_DIR="/etc/systemd/system"
+
+############################
+# Root 权限检查
+############################
+if [ "$EUID" -ne 0 ]; then
+  echo "❌ 请使用 root 用户运行此脚本"
+  exit 1
+fi
+
+############################
+# 检查并可选安装 socat
+############################
+install_socat() {
+  if command -v socat >/dev/null 2>&1; then
+    return
+  fi
+
+  echo "⚠️ 未检测到 socat"
+  read -rp "是否安装 socat 并继续？(y/N): " CONFIRM
+  [[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 1
+
+  . /etc/os-release
+
+  case "$ID" in
+    ubuntu|debian)
+      apt update -y && apt install -y socat
+      ;;
+    centos|rhel|almalinux|rocky)
+      yum install -y socat
+      ;;
+    fedora)
+      dnf install -y socat
+      ;;
+    arch)
+      pacman -Sy --noconfirm socat
+      ;;
+    opensuse*|sles)
+      zypper install -y socat
+      ;;
+    *)
+      echo "❌ 不支持的系统，请手动安装 socat"
+      exit 1
+      ;;
+  esac
+}
+
+install_socat
+
+############################
+# 列出 socat systemd 服务
+############################
+list_services() {
+  echo
+  echo "📋 当前 socat 转发规则："
+  echo "--------------------------------------------------"
+
+  mapfile -t SERVICES < <(systemctl list-unit-files \
+    | awk '{print $1}' \
+    | grep "^${SERVICE_PREFIX}.*\.service" || true)
+
+  if [ "${#SERVICES[@]}" -eq 0 ]; then
+    echo "（暂无 socat 规则）"
+    return 1
+  fi
+
+  for i in "${!SERVICES[@]}"; do
+    STATUS=$(systemctl is-active "${SERVICES[$i]}" 2>/dev/null || echo "unknown")
+    printf "%2d) %-30s [%s]\n" "$((i+1))" "${SERVICES[$i]}" "$STATUS"
+  done
+
+  return 0
+}
+
+############################
+# 创建新规则
+############################
+create_service() {
+  echo
+  read -rp "本地监听端口: " LOCAL_PORT
+  read -rp "目标 IP 地址: " TARGET_IP
+  read -rp "目标端口: " TARGET_PORT
+
+  echo "协议类型："
+  echo "1) TCP (IPv4) TO TCP (IPv4)"
+  echo "2) TCP (IPv6) TO TCP (IPv6)"
+  echo "3) UDP (IPv4) TO UDP (IPv4)"
+  echo "4) UDP (IPv6) TO UDP (IPv6)"
+  echo "5) TCP (IPv4) TO TCP (IPv6)"
+  echo "6) TCP (IPv6) TO TCP (IPv4)"
+  echo "7) UDP (IPv4) TO UDP (IPv6)"
+  echo "8) UDP (IPv6) TO UDP (IPv4)"
+
+  read -rp "选择 (1/2/3/4/5/6/7/8): " PROTO_CHOICE
+
+  case "$PROTO_CHOICE" in
+    1)
+      PROTO="tcp"
+      SOCAT_CMD="TCP-LISTEN:${LOCAL_PORT},reuseaddr,fork TCP:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    2)
+      PROTO="tcp6"
+      SOCAT_CMD="TCP6-LISTEN:${LOCAL_PORT},reuseaddr,fork TCP6:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    3)
+      PROTO="udp"
+      SOCAT_CMD="UDP-LISTEN:${LOCAL_PORT},reuseaddr,fork UDP:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    4)
+      PROTO="udp6"
+      SOCAT_CMD="UDP6-LISTEN:${LOCAL_PORT},reuseaddr,fork UDP6:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    5)
+      PROTO="tcp4to6"
+      SOCAT_CMD="TCP6-LISTEN:${LOCAL_PORT},reuseaddr,fork TCP:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    6)
+      PROTO="tcp6to4" 
+      SOCAT_CMD="TCP-LISTEN:${LOCAL_PORT},reuseaddr,fork TCP6:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    7)
+      PROTO="udp4to6"
+      SOCAT_CMD="UDP6-LISTEN:${LOCAL_PORT},reuseaddr,fork UDP:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+    8)
+      PROTO="udp6to4"
+      SOCAT_CMD="UDP-LISTEN:${LOCAL_PORT},reuseaddr,fork UDP6:${TARGET_IP}:${TARGET_PORT}"
+      ;;
+      
+    *)
+      echo "❌ 无效选择"
+      return
+      ;;
+  esac
+
+  SERVICE_NAME="${SERVICE_PREFIX}${PROTO}-${LOCAL_PORT}.service"
+  SERVICE_FILE="${SYSTEMD_DIR}/${SERVICE_NAME}"
+
+  cat > "$SERVICE_FILE" <<EOF
+[Unit]
+Description=Socat ${PROTO^^} Port Forward ${LOCAL_PORT} -> ${TARGET_IP}:${TARGET_PORT}
+After=network.target
+
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/socat ${SOCAT_CMD}
+Restart=always
+RestartSec=3
+LimitNOFILE=1048576
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+  systemctl daemon-reload
+  systemctl enable "$SERVICE_NAME" --now
+
+  echo "✅ 已创建并启动：$SERVICE_NAME"
+}
+
+############################
+# 删除规则
+############################
+delete_service() {
+  list_services || return
+
+  echo
+  read -rp "请输入要删除的规则编号: " INDEX
+  [[ "$INDEX" =~ ^[0-9]+$ ]] || { echo "❌ 输入无效"; return; }
+
+  SERVICE="${SERVICES[$((INDEX-1))]}"
+  [[ -n "$SERVICE" ]] || { echo "❌ 编号不存在"; return; }
+
+  echo "⚠️ 即将删除：$SERVICE"
+  read -rp "确认删除？(y/N): " CONFIRM
+  [[ "$CONFIRM" =~ ^[Yy]$ ]] || return
+
+  systemctl stop "$SERVICE" 2>/dev/null || true
+  systemctl disable "$SERVICE" 2>/dev/null || true
+  rm -f "${SYSTEMD_DIR}/${SERVICE}"
+
+  systemctl daemon-reload
+  systemctl reset-failed
+
+  echo "🗑️ 已删除：$SERVICE"
+}
+
+############################
+# 主菜单
+############################
+while true; do
+  echo
+  echo "========== Socat 转发规则管理 =========="
+  echo "1) 创建新的转发规则"
+  echo "2) 查看已有转发规则"
+  echo "3) 删除转发规则"
+  echo "0) 退出"
+  echo "======================================="
+  read -rp "请选择: " CHOICE
+
+  case "$CHOICE" in
+    1) create_service ;;
+    2) list_services ;;
+    3) delete_service ;;
+    0) exit 0 ;;
+    *) echo "❌ 无效选择" ;;
+  esac
+done

Prometheus/add_node.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# This script adds a new node to the Prometheus configuration file
+# Supports optional Basic Authentication (username/password)
+# Use: sudo ./add_node.sh <SERVER_IP> [USERNAME] [PASSWORD]
+
+if [ -z "$1" ]; then
+    echo "--- Prometheus Node Adder ---"
+    read -p "Enter Target IP/Hostname: " SERVER_IP
+    if [ -z "$SERVER_IP" ]; then
+        echo "Error: Target IP is required."
+        exit 1
+    fi
+    
+    read -p "Enable Basic Authentication? [y/N]: " ENABLE_AUTH
+    if [[ "$ENABLE_AUTH" =~ ^[Yy]$ ]]; then
+        read -p "Enter Username: " USER_NAME
+        read -s -p "Enter Password: " PASSWORD
+        echo "" # New line
+    fi
+else
+    SERVER_IP=$1
+    USER_NAME=$2
+    PASSWORD=$3
+fi
+
+CONFIG_FILE="/etc/prometheus/prometheus.yml"
+
+# Ensure the script is run with sudo
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run this script with sudo."
+  exit 1
+fi
+
+if [ ! -f "$CONFIG_FILE" ]; then
+    echo "Prometheus configuration file not found at $CONFIG_FILE"
+    exit 1
+fi
+
+echo "Adding node $SERVER_IP to $CONFIG_FILE..."
+
+# Build the configuration block
+JOB_BLOCK="
+  - job_name: 'nodes_$SERVER_IP'
+    static_configs:
+      - targets: ['$SERVER_IP:9100']"
+
+if [ -n "$USER_NAME" ] && [ -n "$PASSWORD" ]; then
+    echo "Applying basic authentication for user: $USER_NAME"
+    JOB_BLOCK="$JOB_BLOCK
+    basic_auth:
+      username: '$USER_NAME'
+      password: '$PASSWORD'"
+fi
+
+# Append the new job configuration
+echo "$JOB_BLOCK" >> "$CONFIG_FILE"
+
+# Restart Prometheus to apply changes
+if [ -x "/usr/bin/restart_prometheus" ]; then
+    /usr/bin/restart_prometheus
+else
+    systemctl restart prometheus
+fi
+
+echo "Done. node $SERVER_IP added. Prometheus restarted."

Prometheus/advanced_prometheus_config.sh

@@ -0,0 +1,154 @@
+#!/bin/bash
+
+# Advanced Prometheus Configuration Script
+# This script sets up a production-ready Prometheus configuration 
+# including alerting rules, rule files, and Alertmanager integration.
+
+set -e
+
+CONFIG_DIR="/etc/prometheus"
+RULES_DIR="$CONFIG_DIR/rules"
+DATA_DIR="$CONFIG_DIR/prometheus_data"
+MAIN_CONFIG="$CONFIG_DIR/prometheus.yml"
+
+# Ensure directories exist
+sudo mkdir -p "$RULES_DIR"
+sudo mkdir -p "$DATA_DIR"
+
+echo "Configuring Advanced Prometheus Features..."
+
+# 1. Create a Sample Alert Rule File
+echo "Creating default alert rules in $RULES_DIR/node_alerts.yml..."
+sudo tee "$RULES_DIR/node_alerts.yml" > /dev/null <<EOF
+groups:
+  - name: node_exporter_alerts
+    rules:
+      # Tiered Alerting for Instance Downtime
+      # Level 1: Warning if down for 2 minutes
+      - alert: InstanceDownWarning
+        expr: up == 0
+        for: 2m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Instance {{ \$labels.instance }} offline (Warning)"
+          description: "Target {{ \$labels.instance }} has been unreachable for over 2 minutes."
+
+      # Level 2: Critical if down for 5 minutes
+      - alert: InstanceDownCritical
+        expr: up == 0
+        for: 5m
+        labels:
+          severity: critical
+        annotations:
+          summary: "Instance {{ \$labels.instance }} offline (CRITICAL)"
+          description: "Crucial service node {{ \$labels.instance }} is DOWN for more than 5 minutes! Immediate action required."
+
+      # Alert for missing job entirely (e.g. no targets configured)
+      - alert: JobMissing
+        expr: absent(up{job="nodes"})
+        for: 5m
+        labels:
+          severity: critical
+        annotations:
+          summary: "Job {{ \$labels.job }} is missing"
+          description: "Prometheus is not receiving any data from the 'nodes' job. This usually means all targets are down or the configuration is broken."
+
+      # Alert for high CPU usage (>80%)
+      - alert: HighCPUUsage
+        expr: 100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80
+        for: 5m
+        labels:
+          severity: warning
+        annotations:
+          summary: "High CPU usage on {{ \$labels.instance }}"
+          description: "CPU usage is at {{ \$value | printf \"%.2f\" }}% on {{ \$labels.instance }}."
+
+      # Alert for high Memory usage (>85%)
+      - alert: HighMemoryUsage
+        expr: (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes * 100 > 85
+        for: 5m
+        labels:
+          severity: warning
+        annotations:
+          summary: "High Memory usage on {{ \$labels.instance }}"
+          description: "Memory usage is at {{ \$value | printf \"%.2f\" }}% on {{ \$labels.instance }}."
+
+      # Alert for high Disk usage (>90%)
+      - alert: HighDiskUsage
+        expr: (node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"}) / node_filesystem_size_bytes{mountpoint="/"} * 100 > 90
+        for: 5m
+        labels:
+          severity: critical
+        annotations:
+          summary: "High Disk usage on {{ \$labels.instance }}"
+          description: "Disk usage on / is at {{ \$value | printf \"%.2f\" }}% on {{ \$labels.instance }}."
+EOF
+
+# 2. Create the Advanced Main Configuration File
+echo "Creating advanced prometheus.yml..."
+sudo tee "$MAIN_CONFIG" > /dev/null <<EOF
+global:
+  scrape_interval: 15s     # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+  # external_labels allows this Prometheus to be identified in a multi-Prometheus environment
+  external_labels:
+    monitor: 'master-monitor'
+
+# Alerting specifies settings for Alertmanager
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets:
+            - localhost:9093 # Default Alertmanager port
+
+# rule_files specifies where to load alerting and recording rules
+rule_files:
+  - "rules/*.yml"
+
+# scrape_configs defines what targets Prometheus will scrape
+scrape_configs:
+  # The prometheus self-monitoring job
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  # Basic node_exporter job
+  - job_name: 'nodes'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['localhost:9100']
+
+# Remote Write (Example for external storage like Grafana Cloud, VictoriaMetrics, etc.)
+# remote_write:
+#   - url: "https://your-remote-write-endpoint/api/v1/write"
+#     basic_auth:
+#       username: "your_user"
+#       password: "your_password"
+
+  # Example of a job with many targets (placeholder)
+  # - job_name: 'external_nodes'
+  #   static_configs:
+  #     - targets: 
+  #       - '192.168.1.100:9100'
+  #       - '192.168.1.101:9100'
+
+EOF
+
+# 3. Apply changes by restarting Prometheus
+if [ -x "/usr/bin/restart_prometheus" ]; then
+    sudo /usr/bin/restart_prometheus
+else
+    sudo systemctl restart prometheus
+fi
+
+echo "-------------------------------------------------------"
+echo "Advanced Prometheus configuration applied successfully!"
+echo "Rules directory: $RULES_DIR"
+echo "Alerting rules loaded from: node_alerts.yml"
+echo "Alertmanager target set to: localhost:9093"
+echo "-------------------------------------------------------"
+echo "Note: If you haven't installed Alertmanager yet, you will see"
+echo "errors in the Prometheus logs about connecting to 9093."

Prometheus/install_Alertmanager.sh

@@ -0,0 +1,140 @@
+#!/bin/bash
+
+# Alertmanager Installation and Configuration Script
+# This script installs Alertmanager and configures email notifications.
+
+set -e
+
+# Detect Operation System
+
+if command -v apt >/dev/null 2>&1; then
+    echo "Detected apt-based system"
+    sudo apt update
+    sudo apt install -y wget curl tar 
+elif command -v dnf >/dev/null 2>&1; then
+    echo "Detected dnf-based system"
+    sudo dnf install -y wget curl tar 
+else
+    echo "Unsupported package manager"
+    exit 1
+fi
+
+# Download Alertmanager
+VERSION="0.32.0"
+CN_URL="https://s3.cloudyun.top/downloads/alertmanager-${VERSION}.linux-amd64.tar.gz"
+GLOBAL_URL="https://github.com/prometheus/alertmanager/releases/download/v${VERSION}/alertmanager-${VERSION}.linux-amd64.tar.gz"
+TARGET="/tmp/alertmanager.tar.gz"
+
+is_cn=false
+echo "Detecting geographic location..."
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
+if [ "$COUNTRY" = "CN" ]; then
+    is_cn=true
+    DOWNLOAD_URL="$CN_URL"
+else
+    DOWNLOAD_URL="$GLOBAL_URL"
+fi
+
+echo "Downloading from: $DOWNLOAD_URL"
+curl -fL -o "$TARGET" "$DOWNLOAD_URL"
+
+# Extract and Install
+echo "Extracting Alertmanager..."
+tar -zxvf "$TARGET" -C /tmp
+sudo mkdir -p /etc/alertmanager
+sudo cp "/tmp/alertmanager-${VERSION}.linux-amd64/alertmanager" /usr/bin/
+sudo cp "/tmp/alertmanager-${VERSION}.linux-amd64/amtool" /usr/bin/
+
+# Arguments for SMTP
+SMTP_HOST="smtp.example.com:465"
+SMTP_USER="user@example.com"
+SMTP_PASS="password"
+SMTP_FROM="alertmanager@example.com"
+EMAIL_TO="recipient@example.com"
+SMTP_REQUIRE_TLS="false"
+
+# Interactive SMTP Configuration
+echo ""
+echo "--------------------------------------------------------"
+echo "        Alertmanager SMTP Configuration Setup"
+echo "--------------------------------------------------------"
+read -p "Do you want to enable Email Notifications? [y/N]: " ENABLE_EMAIL
+if [[ "$ENABLE_EMAIL" =~ ^[Yy]$ ]]; then
+    read -p "Enter SMTP Host (e.g. smtp.qq.com:465): " SMTP_HOST
+    # Ensure port is included
+    if [[ ! "$SMTP_HOST" == *":"* ]]; then
+        echo "Warning: Port is missing. Using default port :465"
+        SMTP_HOST="${SMTP_HOST}:465"
+    fi
+
+    read -p "Enter SMTP Auth Username (Email): " SMTP_USER
+    read -s -p "Enter SMTP Auth Password: " SMTP_PASS
+    echo "" 
+    read -p "Enter Sender Email (Default: $SMTP_USER): " SMTP_FROM
+    [ -z "$SMTP_FROM" ] && SMTP_FROM="$SMTP_USER"
+    read -p "Enter Recipient Email: " EMAIL_TO
+    
+    # Simple logic to determine TLS requirement
+    if [[ "$SMTP_HOST" == *":587" ]] || [[ "$SMTP_HOST" == *":25" ]]; then
+        SMTP_REQUIRE_TLS="true"
+    else
+        SMTP_REQUIRE_TLS="false"
+    fi
+    echo "Notice: Detected port, setting smtp_require_tls to $SMTP_REQUIRE_TLS"
+fi
+
+# Create Configuration
+echo "Creating alertmanager.yml..."
+sudo tee "/etc/alertmanager/alertmanager.yml" > /dev/null <<EOF
+global:
+  resolve_timeout: 5m
+  smtp_smarthost: '$SMTP_HOST'
+  smtp_from: '$SMTP_FROM'
+  smtp_auth_username: '$SMTP_USER'
+  smtp_auth_password: '$SMTP_PASS'
+  smtp_require_tls: $SMTP_REQUIRE_TLS
+
+route:
+  group_by: ['alertname']
+  group_wait: 10s
+  group_interval: 5m
+  repeat_interval: 1h
+  receiver: 'email-notifications'
+
+receivers:
+- name: 'email-notifications'
+  email_configs:
+  - to: '$EMAIL_TO'
+    send_resolved: true
+EOF
+
+# Create systemd service
+echo "Creating systemd service for Alertmanager..."
+sudo tee "/etc/systemd/system/alertmanager.service" > /dev/null <<EOF
+[Unit]
+Description=Alertmanager
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=root
+Group=root
+Type=simple
+ExecStart=/usr/bin/alertmanager \\
+  --config.file=/etc/alertmanager/alertmanager.yml \\
+  --storage.path=/etc/alertmanager/data
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload and Start
+sudo systemctl daemon-reload
+sudo systemctl enable --now alertmanager.service
+
+echo "--------------------------------------------------------"
+echo "Alertmanager installed and configured with EMAIL support!"
+echo "Configuration File: /etc/alertmanager/alertmanager.yml"
+echo "Please edit the configuration to set your SMTP details."
+echo "--------------------------------------------------------"

Prometheus/install_Prometheus.sh

@@ -20,15 +20,14 @@ fi
 
 # Download Node Exporter
 
-CN_URL="https://s3.cloudyun.top/relayx/prometheus-3.9.1.linux-amd64.tar.gz"
+CN_URL="https://s3.cloudyun.top/downloads/prometheus-3.9.1.linux-amd64.tar.gz"
 GLOBAL_URL="https://github.com/prometheus/prometheus/releases/download/v3.9.1/prometheus-3.9.1.linux-amd64.tar.gz"
 TARGET="/tmp/prometheus-3.9.1.linux-amd64.tar.gz"
 
 is_cn=false
 
 echo "Detecting geographic location..."
-
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
-COUNTRY=$(curl -s --max-time 3 https://ipinfo.io/country || true)
 if [ "$COUNTRY" = "CN" ]; then
     is_cn=true
 fi
@@ -65,6 +64,18 @@ scrape_configs:
     static_configs:
       - targets: ['8.8.8.8:9100']
 
+  - job_name: 'nodes'
+    static_configs:
+      - targets: ['your-server-ip:9100']
+
+  # Basic Auth example:
+  # - job_name: 'nodes_auth'
+  #   static_configs:
+  #     - targets: ['your-server-ip:9100']
+  #   basic_auth:
+  #     username: 'user'
+  #     password: 'password'
+
 EOF
 
 # Create systemd service file

Prometheus/install_blackbox_exporter.sh

@@ -0,0 +1,117 @@
+#!/bin/bash
+set -e
+# Detect Operation System
+if command -v apt >/dev/null 2>&1; then
+    echo "Detected apt-based system"
+    sudo apt update
+    sudo apt install -y wget curl tar 
+elif command -v dnf >/dev/null 2>&1; then
+    echo "Detected dnf-based system"
+    sudo dnf install -y wget curl tar 
+else
+    echo "Unsupported package manager"
+    exit 1
+fi
+
+# Download Blackbox Exporter
+VERSION="0.28.0"
+ARCH="amd64"
+CN_URL="https://s3.cloudyun.top/downloads/blackbox_exporter-${VERSION}.linux-${ARCH}.tar.gz"
+GLOBAL_URL="https://github.com/prometheus/blackbox_exporter/releases/download/v${VERSION}/blackbox_exporter-${VERSION}.linux-${ARCH}.tar.gz"
+TARGET="/tmp/blackbox_exporter.tar.gz"
+is_cn=false
+
+echo "Detecting geographic location..."
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
+if [ "$COUNTRY" = "CN" ]; then
+    is_cn=true
+fi
+
+if [ "$is_cn" = true ]; then
+    echo "Geolocation: China mainland detected"
+    DOWNLOAD_URL="$CN_URL"
+else
+    echo "Geolocation: non-China region detected"
+    DOWNLOAD_URL="$GLOBAL_URL"
+fi
+
+echo "Downloading from: $DOWNLOAD_URL"
+curl -fL -o "$TARGET" "$DOWNLOAD_URL"
+
+# Extract
+echo "Extracting Blackbox Exporter..."
+tar -zxvf "$TARGET" -C /tmp
+sudo mkdir -p /blackbox_exporter
+sudo cp "/tmp/blackbox_exporter-${VERSION}.linux-${ARCH}/blackbox_exporter" /blackbox_exporter/
+sudo cp "/tmp/blackbox_exporter-${VERSION}.linux-${ARCH}/blackbox.yml" /blackbox_exporter/
+
+# choosing port
+DEFAULT_PORT=9115
+if [ -t 0 ]; then
+    while true; do
+        read -rp "Please enter blackbox_exporter listen port [default: ${DEFAULT_PORT}]: " PORT
+        PORT=${PORT:-$DEFAULT_PORT}
+        if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; then
+            break
+        else
+            echo "Invalid port. Please enter a number between 1 and 65535."
+        fi
+    done
+else
+    PORT=$DEFAULT_PORT
+    echo "No TTY detected, using default port: $PORT"
+fi
+
+# Create system user if not exists
+if ! id -u blackbox_exporter >/dev/null 2>&1; then
+    echo "Creating blackbox_exporter system user..."
+    sudo useradd --no-create-home --shell /bin/false blackbox_exporter
+fi
+
+# Set permissions and capabilities
+echo "Setting permissions and capabilities..."
+sudo chown -R blackbox_exporter:blackbox_exporter /blackbox_exporter
+# Grant raw socket capability for ICMP probing
+if command -v setcap >/dev/null 2>&1; then
+    sudo setcap 'cap_net_raw+ep' /blackbox_exporter/blackbox_exporter
+else
+    echo "Warning: setcap not found. ICMP probing might require root."
+fi
+
+
+
+# Create systemd service file
+SERVICE_FILE="/etc/systemd/system/blackbox_exporter.service"
+echo "Creating systemd service file..."
+sudo tee "$SERVICE_FILE" > /dev/null <<EOF
+[Unit]
+Description=Blackbox Exporter
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=blackbox_exporter
+Group=blackbox_exporter
+WorkingDirectory=/blackbox_exporter
+ExecStart=/blackbox_exporter/blackbox_exporter --config.file=/blackbox_exporter/blackbox.yml --web.listen-address=":${PORT}"
+Restart=always
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload systemd, enable and start service
+echo "Enabling and starting blackbox_exporter service..."
+sudo systemctl daemon-reload
+sudo systemctl enable --now blackbox_exporter.service
+
+echo "========================================================="
+echo "Blackbox Exporter installation completed!"
+echo "Listening on port: ${PORT}"
+echo "Config file: /blackbox_exporter/blackbox.yml"
+echo "========================================================="
+

Prometheus/install_cAdvisor.sh

@@ -16,16 +16,27 @@ else
     echo "Unsupported package manager"
     exit 1
 fi
+# 架构判断
+ARCH=$(uname -m)
+if [ "$ARCH" = "x86_64" ]; then
+    echo "Detected x86_64 architecture"
+    ARCH="amd64"
+elif [ "$ARCH" = "aarch64" ]; then
+    echo "Detected aarch64 architecture"
+    ARCH="arm64"
+else
+    echo "Unsupported architecture: $ARCH"
+    exit 1
+fi
 
 # Download Node Exporter 
-CN_URL="https://8.134.128.173/relayx/cadvisor-v0.55.1-linux-amd64"
+CN_URL="https://s3.cloudyun.top/downloads/cadvisor-v0.55.1-linux-$ARCH"
-GLOBAL_URL="https://github.com/google/cadvisor/releases/download/v0.55.1/cadvisor-v0.55.1-linux-amd64"
+GLOBAL_URL="https://github.com/google/cadvisor/releases/download/v0.55.1/cadvisor-v0.55.1-linux-$ARCH"
 TARGET=/tmp/cAdvisor
 is_cn=false
 
 echo "Detecting geographic location..."
-
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
-COUNTRY=$(curl -s --max-time 3 https://ipinfo.io/country || true)
 if [ "$COUNTRY" = "CN" ]; then
     is_cn=true
 fi
@@ -97,4 +108,4 @@ echo "Enabling and starting cAdvisior service..."
 sudo systemctl daemon-reload
 sudo systemctl enable --now cAdvisior.service
 
-echo "Node Exporter installation completed, listening on port ${PORT}"
+echo "cAdvisior installation completed, listening on port ${PORT}"

Prometheus/install_mysqld_exporter.sh

@@ -20,15 +20,14 @@ fi
 
 # Download Node Exporter
 
-CN_URL="https://8.134.128.173/relayx/node_exporter-1.10.2.linux-amd64.tar.gz"
+CN_URL="https://s3.cloudyun.top/downloads/node_exporter-1.10.2.linux-amd64.tar.gz"
 GLOBAL_URL="https://github.com/prometheus/mysqld_exporter/releases/download/v0.18.0/mysqld_exporter-0.18.0.linux-amd64.tar.gz"
 TARGET="/tmp/mysqld_exporter-0.18.0.linux-amd64.tar.gz"
 
 is_cn=false
 
 echo "Detecting geographic location..."
-
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
-COUNTRY=$(curl -s --max-time 3 https://ipinfo.io/country || true)
 if [ "$COUNTRY" = "CN" ]; then
     is_cn=true
 fi
@@ -55,7 +54,7 @@ tar -zxvf /tmp/mysqld_exporter-0.18.0.linux-amd64.tar.gz -C /tmp
 
 # Copy to /node_exporter
 echo "Copying Node Exporter to /node_exporter..."
-sudo cp -r /tmp/mysqld_exporter-0.18.0.linux-amd64.tar.gz/mysqld_exporter /usr/bin/mysqld_exporter
+sudo cp -r /tmp/mysqld_exporter-0.18.0.linux-amd64/mysqld_exporter /usr/bin/mysqld_exporter
 
 # Create mysqld_exporter config
 sudo tee "/etc/mysqld_exporter/my.cnf" > /dev/null <<EOF
@@ -82,9 +81,9 @@ After=network-online.target
 
 [Service]
 Type=simple
-User=mysqld_exporter
+User=root
-Group=mysqld_exporter
+Group=root
-ExecStart=/usr/local/bin/mysqld_exporter \
+ExecStart=/usr/bin/mysqld_exporter \
   --config.my-cnf=/etc/mysqld_exporter/my.cnf \
   --web.listen-address=0.0.0.0:9104
 Restart=always

Prometheus/install_node_exporter.sh

@@ -1,7 +1,34 @@
 #!/bin/bash
 set -e
 
-#Detect Operation System
+# Arguments for Basic Auth
+USER_NAME=""
+PASSWORD_PLAIN=""
+
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        --user) USER_NAME="$2"; shift ;;
+        --pass) PASSWORD_PLAIN="$2"; shift ;;
+        *) echo "Unknown option: $1"; exit 1 ;;
+    esac
+    shift
+done
+
+# If not provided via arguments, ask interactively
+if [ -z "$USER_NAME" ]; then
+    read -p "Do you want to enable Basic Authentication for Node Exporter? [y/N]: " ENABLE_AUTH
+    if [[ "$ENABLE_AUTH" =~ ^[Yy]$ ]]; then
+        read -p "Enter Username: " USER_NAME
+        read -s -p "Enter Password: " PASSWORD_PLAIN
+        echo "" # New line after password
+        if [ -z "$USER_NAME" ] || [ -z "$PASSWORD_PLAIN" ]; then
+            echo "Error: Username and Password cannot be empty."
+            exit 1
+        fi
+    fi
+fi
+
+# Detect Operation System
 
 if command -v apt >/dev/null 2>&1; then
     echo "Detected apt-based system"
@@ -20,15 +47,14 @@ fi
 
 # Download Node Exporter
 
-CN_URL="https://8.134.128.173/relayx/node_exporter-1.10.2.linux-amd64.tar.gz"
+CN_URL="https://s3.cloudyun.top/downloads/node_exporter-1.10.2.linux-amd64.tar.gz"
 GLOBAL_URL="https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gz"
 TARGET="/tmp/node_exporter.tar.gz"
 
 is_cn=false
 
 echo "Detecting geographic location..."
-
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
-COUNTRY=$(curl -s --max-time 3 https://ipinfo.io/country || true)
 if [ "$COUNTRY" = "CN" ]; then
     is_cn=true
 fi
@@ -46,8 +72,6 @@ echo "Downloading from: $DOWNLOAD_URL"
 curl -fL -o "$TARGET" "$DOWNLOAD_URL"
 
 
-
-
 # Extract
 echo "Extracting Node Exporter..."
 tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
@@ -56,6 +80,37 @@ tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
 echo "Copying Node Exporter to /node_exporter..."
 sudo cp -r /tmp/node_exporter-1.10.2.linux-amd64 /node_exporter
 
+# Handle Basic Auth configuration
+if [ -n "$USER_NAME" ] && [ -n "$PASSWORD_PLAIN" ]; then
+    echo "Configuring Basic Authentication for Node Exporter..."
+    
+    # Generate bcrypt hash using python3 (common on Linux)
+    # If python3 is not available, you'll need to provide the hash manually
+    if command -v python3 >/dev/null 2>&1; then
+        HASHED_PASSWORD=$(python3 -c "import bcrypt; print(bcrypt.hashpw('$PASSWORD_PLAIN'.encode(), bcrypt.gensalt()).decode())" 2>/dev/null || true)
+        
+        # Fallback if bcrypt module is not installed
+        if [ -z "$HASHED_PASSWORD" ]; then
+             echo "Python bcrypt module not found, using simple crypt fallback (not bcrypt!)..."
+             HASHED_PASSWORD=$(python3 -c "import crypt; print(crypt.crypt('$PASSWORD_PLAIN', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || true)
+        fi
+    fi
+
+    if [ -n "$HASHED_PASSWORD" ]; then
+        sudo tee "/node_exporter/web-config.yml" > /dev/null <<EOF
+basic_auth_users:
+    $USER_NAME: $HASHED_PASSWORD
+EOF
+        EXTRA_OPTS="--web.config.file=/node_exporter/web-config.yml"
+        echo "Basic Auth configured for user: $USER_NAME"
+    else
+        echo "Warning: Could not generate password hash. Standard Node Exporter will be installed without auth."
+        EXTRA_OPTS=""
+    fi
+else
+    EXTRA_OPTS=""
+fi
+
 # Create systemd service file
 SERVICE_FILE="/etc/systemd/system/node_exporter.service"
 
@@ -68,7 +123,7 @@ After=network-online.target
 
 [Service]
 User=root
-ExecStart=/node_exporter/node_exporter --web.listen-address=":9100"
+ExecStart=/node_exporter/node_exporter --web.listen-address=":9100" $EXTRA_OPTS
 Restart=always
 
 [Install]
@@ -81,3 +136,6 @@ sudo systemctl daemon-reload
 sudo systemctl enable --now node_exporter.service
 
 echo "Node Exporter installation completed, listening on port 9100"
+if [ -n "$EXTRA_OPTS" ]; then
+    echo "Basic authentication is ENABLED."
+fi

Prometheus/install_node_exporter_arm64.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+set -e
+
+#Detect Operation System
+
+if command -v apt >/dev/null 2>&1; then
+    echo "Detected apt-based system"
+    sudo apt update
+    sudo apt install -y wget curl tar 
+
+elif command -v dnf >/dev/null 2>&1; then
+    echo "Detected dnf-based system"
+    sudo dnf install -y wget curl tar 
+
+else
+    echo "Unsupported package manager"
+    exit 1
+fi
+
+
+# Download Node Exporter
+
+CN_URL="https://s3.cloudyun.top/downloads/node_exporter-1.10.2.linux-arm64.tar.gz"
+GLOBAL_URL="https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-arm64.tar.gz"
+TARGET="/tmp/node_exporter.tar.gz"
+
+is_cn=false
+
+echo "Detecting geographic location..."
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
+if [ "$COUNTRY" = "CN" ]; then
+    is_cn=true
+fi
+
+
+if [ "$is_cn" = true ]; then
+    echo "Geolocation: China mainland detected"
+    DOWNLOAD_URL="$CN_URL"
+else
+    echo "Geolocation: non-China region detected"
+    DOWNLOAD_URL="$GLOBAL_URL"
+fi
+
+
+echo "Downloading from: $DOWNLOAD_URL"
+curl -fL -o "$TARGET" "$DOWNLOAD_URL"
+
+
+
+
+# Extract
+echo "Extracting Node Exporter..."
+tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
+
+# Copy to /node_exporter
+echo "Copying Node Exporter to /node_exporter..."
+sudo cp -r /tmp/node_exporter-1.10.2.linux-arm64 /node_exporter
+
+# Create systemd service file
+SERVICE_FILE="/etc/systemd/system/node_exporter.service"
+
+echo "Creating systemd service file..."
+sudo tee "$SERVICE_FILE" > /dev/null <<EOF
+[Unit]
+Description=Node Exporter
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=root
+ExecStart=/node_exporter/node_exporter --web.listen-address=":9100"
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload systemd, enable and start service
+echo "Enabling and starting node_exporter service..."
+sudo systemctl daemon-reload
+sudo systemctl enable --now node_exporter.service
+
+echo "Node Exporter installation completed, listening on port 9100"

System-Init/install_frps.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+set -e
+
+# 设置版本号
+FRP_VERSION="0.54.0"
+
+# 检查是否为root用户
+if [ "$EUID" -ne 0 ]; then
+  echo "请使用 root 权限运行此脚本 (Please run as root)"
+  exit 1
+fi
+
+# 强制使用 amd64 架构
+FRP_ARCH="amd64"
+
+echo "=========================================="
+echo "准备安装 FRPS ${FRP_VERSION} (${FRP_ARCH})"
+echo "=========================================="
+
+# 交互式输入 token
+read -p "请输入 FRPS 认证 Token (留空则生成随机 Token): " FRP_TOKEN
+
+if [ -z "$FRP_TOKEN" ]; then
+    FRP_TOKEN=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)
+    echo "已生成随机 Token: $FRP_TOKEN"
+fi
+
+FRP_FILE="frp_${FRP_VERSION}_linux_${FRP_ARCH}.tar.gz"
+FRP_URL="https://s3.cloudyun.top/downloads/frp_0.54.0_linux_amd64.tar.gz"
+
+echo "正在下载 frp 安装包..."
+if command -v wget >/dev/null 2>&1; then
+    wget -c --show-progress "$FRP_URL"
+elif command -v curl >/dev/null 2>&1; then
+    curl -O -L "$FRP_URL"
+else
+    echo "未找到 wget 或 curl，请先安装其中一个。"
+    exit 1
+fi
+
+echo "正在解压安装包..."
+tar -zxf "${FRP_FILE}"
+cd "frp_${FRP_VERSION}_linux_${FRP_ARCH}"
+
+echo "正在安装 frps 到 /usr/local/bin/..."
+cp frps /usr/local/bin/
+chmod +x /usr/local/bin/frps
+
+echo "正在配置 frps..."
+mkdir -p /etc/frp
+cat > /etc/frp/frps.toml <<EOF
+bindPort = 7000
+
+[auth]
+method = "token"
+token = "${FRP_TOKEN}"
+EOF
+
+echo "正在配置 systemd 服务..."
+cat > /etc/systemd/system/frps.service <<EOF
+[Unit]
+Description=Frp Server Service
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Restart=on-failure
+RestartSec=5s
+ExecStart=/usr/local/bin/frps -c /etc/frp/frps.toml
+LimitNOFILE=1048576
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+echo "启动 frps 服务并设置开机自启..."
+systemctl daemon-reload
+systemctl enable frps
+systemctl start frps
+
+echo "清理临时文件..."
+cd ..
+rm -rf "frp_${FRP_VERSION}_linux_${FRP_ARCH}"
+rm -f "${FRP_FILE}"
+
+echo "=========================================="
+echo "FRPS 安装成功并已启动！"
+echo "版本: ${FRP_VERSION}"
+echo "绑定端口: 7000"
+echo "认证 Token: ${FRP_TOKEN}"
+echo "查看服务状态: systemctl status frps"
+echo "查看服务日志: journalctl -u frps -f"
+echo "=========================================="

System-Init/mysql-salve-config.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -e
+#检查操作系统类型
+if grep -Ei "red hat|rocky|alma|centos" /etc/os-release > /dev/null 2>&1; then
+    dnf -y install mysql8.4-server
+elif grep -Ei "debian|ubuntu" /etc/os-release > /dev/null 2>&1; then
+    echo 非红帽系操作系统,脚本不支持当前操作系统
+    exit 1
+fi
+#为防火墙放行3306端口
+firewall-cmd --add-port=3306/tcp --permanent
+firewall-cmd --reload
+
+#交互式输入MySQL从库IP
+read -p "请输入MySQL从库IP: " slave_ip
+read -p "请输入MySQL从库SSH密码: " slave_password
+#生成密钥并配置从库SSH免密登录
+if [ ! -f ~/.ssh/id_rsa ]; then
+    ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
+fi
+sshpass -p "${slave_password}" ssh-copy-id -o StrictHostKeyChecking=no root@${slave_ip}
+
+#通过交互式输入的IP和密码复制复制MySQL数据库证书到从库
+sshpass -p "${slave_password}" scp -o StrictHostKeyChecking=no /var/lib/mysql/*.pem root@${slave_ip}:/var/lib/mysql/

System-Init/system-init-shells-Lite.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+set -e
+#检测操作系统，如果是红帽操作系统则安装firewalld并开放端口
+if grep -Ei "red hat|rocky|alma|centos" /etc/os-release > /dev/null 2>&1; then
+    echo "Detected RHEL-based system"
+    sudo dnf -y install firewalld bash-completion
+    
+    sudo systemctl enable --now firewalld
+
+    ports=("22" "80" "443" "9100" "10000-65535")
+
+    for port in "${ports[@]}"; do
+        sudo firewall-cmd --permanent --add-port=${port}/tcp
+        sudo firewall-cmd --permanent --add-port=${port}/udp
+    done
+    #启用Firewall NAT转发
+    sudo firewall-cmd --permanent --add-masquerade --zone=public
+    
+    #重启Firewall
+    sudo firewall-cmd --reload
+    sudo firewall-cmd --list-ports
+
+sudo dnf install -y wget curl tar 
+
+# Download Node Exporter
+
+CN_URL="https://s3.cloudyun.top/downloads/node_exporter-1.10.2.linux-amd64.tar.gz"
+GLOBAL_URL="https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gz"
+TARGET="/tmp/node_exporter.tar.gz"
+
+is_cn=false
+
+echo "Detecting geographic location..."
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
+if [ "$COUNTRY" = "CN" ]; then
+    is_cn=true
+fi
+
+
+if [ "$is_cn" = true ]; then
+    echo "Geolocation: China mainland detected"
+    DOWNLOAD_URL="$CN_URL"
+else
+    echo "Geolocation: non-China region detected"
+    DOWNLOAD_URL="$GLOBAL_URL"
+fi
+
+echo "Downloading from: $DOWNLOAD_URL"
+curl -fL -o "$TARGET" "$DOWNLOAD_URL"
+
+
+# Extract
+echo "Extracting Node Exporter..."
+tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
+
+# Copy to /node_exporter
+echo "Copying Node Exporter to /node_exporter..."
+sudo cp -r /tmp/node_exporter-1.10.2.linux-amd64 /node_exporter
+
+# Create systemd service file
+SERVICE_FILE="/etc/systemd/system/node_exporter.service"
+
+echo "Creating systemd service file..."
+sudo tee "$SERVICE_FILE" > /dev/null <<EOF
+[Unit]
+Description=Node Exporter
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=root
+ExecStart=/node_exporter/node_exporter --web.listen-address=\":9100\"
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload systemd, enable and start service
+echo "Enabling and starting node_exporter service..."
+sudo systemctl daemon-reload
+sudo systemctl enable --now node_exporter.service
+
+echo "Node Exporter installation completed, listening on port 9100"
+
+
+else
+    echo "Current system is not RHEL-based"
+fi
+
+

System-Init/system-init-shells.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+set -e
+#检测操作系统，如果是红帽操作系统则安装firewalld并开放端口
+if grep -Ei "red hat|rocky|alma|centos" /etc/os-release > /dev/null 2>&1; then
+    echo "Detected RHEL-based system"
+
+    sudo dnf -y groupinstall "Server"
+
+    sudo systemctl enable --now firewalld
+
+    ports=("22" "80" "443" "9100" "10000-65535")
+
+    for port in "${ports[@]}"; do
+        sudo firewall-cmd --permanent --add-port=${port}/tcp
+        sudo firewall-cmd --permanent --add-port=${port}/udp
+    done
+    #启用Firewall NAT转发
+    sudo firewall-cmd --permanent --add-masquerade --zone=public
+    #重启Firewall
+    sudo firewall-cmd --reload
+    sudo firewall-cmd --list-ports
+
+sudo dnf install -y wget curl tar 
+
+# Download Node Exporter
+
+CN_URL="https://s3.cloudyun.top/downloads/node_exporter-1.10.2.linux-amd64.tar.gz"
+GLOBAL_URL="https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gz"
+TARGET="/tmp/node_exporter.tar.gz"
+
+is_cn=false
+
+echo "Detecting geographic location..."
+COUNTRY=$(curl -s --max-time 3 https://ipinfo.littlediary.cn/country || true)
+if [ "$COUNTRY" = "CN" ]; then
+    is_cn=true
+fi
+
+
+if [ "$is_cn" = true ]; then
+    echo "Geolocation: China mainland detected"
+    DOWNLOAD_URL="$CN_URL"
+else
+    echo "Geolocation: non-China region detected"
+    DOWNLOAD_URL="$GLOBAL_URL"
+fi
+
+echo "Downloading from: $DOWNLOAD_URL"
+curl -fL -o "$TARGET" "$DOWNLOAD_URL"
+
+
+# Extract
+echo "Extracting Node Exporter..."
+tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
+
+# Copy to /node_exporter
+echo "Copying Node Exporter to /node_exporter..."
+sudo cp -r /tmp/node_exporter-1.10.2.linux-amd64 /node_exporter
+
+# Create systemd service file
+SERVICE_FILE="/etc/systemd/system/node_exporter.service"
+
+echo "Creating systemd service file..."
+sudo tee "$SERVICE_FILE" > /dev/null <<EOF
+[Unit]
+Description=Node Exporter
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=root
+ExecStart=/node_exporter/node_exporter --web.listen-address=\":9100\"
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload systemd, enable and start service
+echo "Enabling and starting node_exporter service..."
+sudo systemctl daemon-reload
+sudo systemctl enable --now node_exporter.service
+
+echo "Node Exporter installation completed, listening on port 9100"
+
+
+else
+    echo "Current system is not RHEL-based"
+fi
+
+

archrived-shells/ffmpeg.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+extensions=("mp4" "avi" "mov" "mkv" "flv" "wmv")
+
+echo "开始批量转码(H.264 MP4)..."
+echo
+
+for ext in "${extensions[@]}"; do
+    for file in *."$ext"; do
+        [ -f "$file" ] || continue
+
+        # 👉 提取类似 1 (12).mp4 → 12
+        base=$(echo "$file" | sed -E 's/^1 \(([0-9]+)\)\.[^.]+$/\1/')
+
+        # 👉 如果匹配成功，就用纯数字，否则用原文件名
+        if [[ "$base" =~ ^[0-9]+$ ]]; then
+            output="${base}-h264.mp4"
+        else
+            output="${file%.*}-h264.mp4"
+        fi
+
+        if [ ! -f "$output" ]; then
+            echo "正在转码: $file --> $output"
+
+            ffmpeg -i "$file" \
+                -c:v libx264 -preset medium -crf 23 \
+                -c:a copy \
+                "$output"
+
+            if [ $? -eq 0 ]; then
+                echo "完成: $file"
+            else
+                echo "转码失败: $file"
+            fi
+            echo
+        else
+            echo "跳过 $file,因为 $output 已存在。"
+        fi
+    done
+done
+
+echo "所有任务执行完毕。"

archrived-shells/run-filebrowser.sh

@@ -8,3 +8,4 @@ docker run -dit \
     --name filebrowser \
     --privileged=true \
     filebrowser/filebrowser:latest
+

archrived-shells/showswap.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# 获取总 Swap（单位 kB）
+total_swap_kb=$(grep SwapTotal /proc/meminfo | awk '{print $2}')
+
+if [ "$total_swap_kb" -eq 0 ]; then
+    echo "系统未启用 Swap"
+    exit 1
+fi
+
+printf "%-8s %-12s %-25s %-12s %-8s\n" "PID" "USER" "PROCESS" "SWAP(MB)" "USAGE%"
+
+for pid in $(ls /proc | grep -E '^[0-9]+$'); do
+    if [ -r /proc/$pid/status ]; then
+        swap_kb=$(grep VmSwap /proc/$pid/status 2>/dev/null | awk '{print $2}')
+        if [ ! -z "$swap_kb" ] && [ "$swap_kb" -gt 0 ]; then
+            user=$(ps -o user= -p $pid 2>/dev/null)
+            comm=$(ps -o comm= -p $pid 2>/dev/null)
+
+            swap_mb=$(awk "BEGIN {printf \"%.2f\", $swap_kb/1024}")
+            percent=$(awk "BEGIN {printf \"%.2f\", ($swap_kb/$total_swap_kb)*100}")
+
+            printf "%-8s %-12s %-25s %-12s %-8s\n" \
+                "$pid" "$user" "$comm" "$swap_mb" "$percent"
+        fi
+    fi
+done | sort -k4 -nr