clashctl conf\backup.yaml runtime\config.yaml scripts\generate_config.sh scripts\install_systemd.sh scripts\run_clash.sh scripts\service_lib.sh

2026-03-21 22:06:45 +08:00 · 2026-03-20 16:51:29 +08:00
parent df37425226
commit 771ef38039
7 changed files with 924 additions and 214 deletions
--- a/scripts/generate_config.sh
+++ b/scripts/generate_config.sh
@ -0,0 +1,174 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+RUNTIME_DIR="$PROJECT_DIR/runtime"
+CONF_DIR="$PROJECT_DIR/conf"
+TEMP_DIR="$PROJECT_DIR/temp"
+LOG_DIR="$PROJECT_DIR/logs"
+
+RUNTIME_CONFIG="$RUNTIME_DIR/config.yaml"
+STATE_FILE="$RUNTIME_DIR/state.env"
+TEMP_DOWNLOAD="$TEMP_DIR/clash.yaml"
+TEMP_CONVERTED="$TEMP_DIR/clash_config.yaml"
+
+mkdir -p "$RUNTIME_DIR" "$CONF_DIR" "$TEMP_DIR" "$LOG_DIR"
+
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/.env"
+
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/scripts/get_cpu_arch.sh"
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/scripts/resolve_clash.sh"
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/scripts/config_utils.sh"
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/scripts/port_utils.sh"
+
+CLASH_HTTP_PORT="${CLASH_HTTP_PORT:-7890}"
+CLASH_SOCKS_PORT="${CLASH_SOCKS_PORT:-7891}"
+CLASH_REDIR_PORT="${CLASH_REDIR_PORT:-7892}"
+CLASH_LISTEN_IP="${CLASH_LISTEN_IP:-0.0.0.0}"
+CLASH_ALLOW_LAN="${CLASH_ALLOW_LAN:-false}"
+EXTERNAL_CONTROLLER_ENABLED="${EXTERNAL_CONTROLLER_ENABLED:-true}"
+EXTERNAL_CONTROLLER="${EXTERNAL_CONTROLLER:-127.0.0.1:9090}"
+ALLOW_INSECURE_TLS="${ALLOW_INSECURE_TLS:-false}"
+CLASH_AUTO_UPDATE="${CLASH_AUTO_UPDATE:-true}"
+CLASH_URL="${CLASH_URL:-}"
+
+CLASH_HTTP_PORT="$(resolve_port_value "HTTP" "$CLASH_HTTP_PORT")"
+CLASH_SOCKS_PORT="$(resolve_port_value "SOCKS" "$CLASH_SOCKS_PORT")"
+CLASH_REDIR_PORT="$(resolve_port_value "REDIR" "$CLASH_REDIR_PORT")"
+EXTERNAL_CONTROLLER="$(resolve_host_port "External Controller" "$EXTERNAL_CONTROLLER" "127.0.0.1")"
+
+write_state() {
+  local status="$1"
+  local reason="$2"
+  local source="${3:-unknown}"
+
+  cat > "$STATE_FILE" <<EOF
+LAST_GENERATE_STATUS=$status
+LAST_GENERATE_REASON=$reason
+LAST_CONFIG_SOURCE=$source
+LAST_GENERATE_AT=$(date -Iseconds)
+EOF
+}
+
+generate_secret() {
+  if [ -n "${CLASH_SECRET:-}" ]; then
+    echo "$CLASH_SECRET"
+    return
+  fi
+  if command -v openssl >/dev/null 2>&1; then
+    openssl rand -hex 16
+  else
+    head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n'
+  fi
+}
+
+SECRET="$(generate_secret)"
+
+upsert_yaml_kv() {
+  local file="$1" key="$2" value="$3"
+  [ -f "$file" ] || touch "$file"
+
+  if grep -qE "^[[:space:]]*${key}:" "$file"; then
+    sed -i -E "s|^[[:space:]]*${key}:.*$|${key}: ${value}|g" "$file"
+  else
+    printf "%s: %s\n" "$key" "$value" >> "$file"
+  fi
+}
+
+force_write_secret() {
+  local file="$1"
+  upsert_yaml_kv "$file" "secret" "$SECRET"
+}
+
+force_write_controller_and_ui() {
+  local file="$1"
+  if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then
+    upsert_yaml_kv "$file" "external-controller" "$EXTERNAL_CONTROLLER"
+    mkdir -p "$CONF_DIR"
+    ln -sfn "$PROJECT_DIR/dashboard/public" "$CONF_DIR/ui"
+    upsert_yaml_kv "$file" "external-ui" "$CONF_DIR/ui"
+  fi
+}
+
+download_subscription() {
+  [ -n "$CLASH_URL" ] || return 1
+
+  local curl_cmd=(curl -fL -S --retry 2 --connect-timeout 10 -m 30 -o "$TEMP_DOWNLOAD")
+  [ "$ALLOW_INSECURE_TLS" = "true" ] && curl_cmd+=(-k)
+  curl_cmd+=("$CLASH_URL")
+
+  "${curl_cmd[@]}"
+}
+
+use_fallback() {
+  [ -s "$CONF_DIR/fallback_config.yaml" ] || return 1
+  cp -f "$CONF_DIR/fallback_config.yaml" "$RUNTIME_CONFIG"
+  force_write_controller_and_ui "$RUNTIME_CONFIG"
+  force_write_secret "$RUNTIME_CONFIG"
+}
+
+is_full_config() {
+  local file="$1"
+  grep -qE '^(proxies:|proxy-providers:|mixed-port:|port:)' "$file"
+}
+
+main() {
+  if [ "$CLASH_AUTO_UPDATE" != "true" ]; then
+    if [ -s "$RUNTIME_CONFIG" ]; then
+      write_state "success" "auto_update_disabled_keep_runtime" "runtime_existing"
+      exit 0
+    fi
+    use_fallback
+    write_state "success" "auto_update_disabled_use_fallback" "fallback"
+    exit 0
+  fi
+
+  if ! download_subscription; then
+    if [ -s "$RUNTIME_CONFIG" ]; then
+      write_state "success" "download_failed_keep_last_good" "runtime_existing"
+      exit 0
+    fi
+    use_fallback
+    write_state "success" "download_failed_use_fallback" "fallback"
+    exit 0
+  fi
+
+  cp -f "$TEMP_DOWNLOAD" "$TEMP_CONVERTED"
+
+  if is_full_config "$TEMP_CONVERTED"; then
+    cp -f "$TEMP_CONVERTED" "$RUNTIME_CONFIG"
+    force_write_controller_and_ui "$RUNTIME_CONFIG"
+    force_write_secret "$RUNTIME_CONFIG"
+    write_state "success" "subscription_full" "subscription_full"
+    exit 0
+  fi
+
+  # 片段订阅：这里先保留模板拼接逻辑
+  if [ ! -s "$CONF_DIR/template_config.yaml" ]; then
+    echo "[ERROR] missing template_config.yaml" >&2
+    write_state "failed" "missing_template" "none"
+    exit 1
+  fi
+
+  sed -n '/^proxies:/,$p' "$TEMP_CONVERTED" > "$TEMP_DIR/proxy.txt"
+  cat "$CONF_DIR/template_config.yaml" > "$RUNTIME_CONFIG"
+  cat "$TEMP_DIR/proxy.txt" >> "$RUNTIME_CONFIG"
+
+  sed -i "s/CLASH_HTTP_PORT_PLACEHOLDER/${CLASH_HTTP_PORT}/g" "$RUNTIME_CONFIG"
+  sed -i "s/CLASH_SOCKS_PORT_PLACEHOLDER/${CLASH_SOCKS_PORT}/g" "$RUNTIME_CONFIG"
+  sed -i "s/CLASH_REDIR_PORT_PLACEHOLDER/${CLASH_REDIR_PORT}/g" "$RUNTIME_CONFIG"
+  sed -i "s/CLASH_LISTEN_IP_PLACEHOLDER/${CLASH_LISTEN_IP}/g" "$RUNTIME_CONFIG"
+  sed -i "s/CLASH_ALLOW_LAN_PLACEHOLDER/${CLASH_ALLOW_LAN}/g" "$RUNTIME_CONFIG"
+
+  force_write_controller_and_ui "$RUNTIME_CONFIG"
+  force_write_secret "$RUNTIME_CONFIG"
+
+  write_state "success" "subscription_fragment_merged" "subscription_fragment"
+}
+
+main "$@"
--- a/scripts/install_systemd.sh
+++ b/scripts/install_systemd.sh
@ -1,35 +1,25 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail

-#################### 基本变量 ####################
+PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+SERVICE_NAME="clash-for-linux"
+UNIT_PATH="/etc/systemd/system/${SERVICE_NAME}.service"

-Server_Dir="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
-Service_Name="clash-for-linux"
+SERVICE_USER="${CLASH_SERVICE_USER:-root}"
+SERVICE_GROUP="${CLASH_SERVICE_GROUP:-root}"

-Service_User="root"
-Service_Group="root"
-
-Unit_Path="/etc/systemd/system/${Service_Name}.service"
-Env_File="$Server_Dir/temp/clash-for-linux.sh"
-
-#################### 权限检查 ####################
+RUNTIME_DIR="$PROJECT_DIR/runtime"
+LOG_DIR="$PROJECT_DIR/logs"
+CONF_DIR="$PROJECT_DIR/conf"

 if [ "$(id -u)" -ne 0 ]; then
-  echo -e "[31m[ERROR] 需要 root 权限来安装 systemd 单元[0m"
+  echo "[ERROR] root required to install systemd unit" >&2
  exit 1
 fi

-#################### 目录初始化 ####################
+install -d -m 0755 "$RUNTIME_DIR" "$LOG_DIR" "$CONF_DIR"

-install -d -m 0755   "$Server_Dir/conf"   "$Server_Dir/logs"   "$Server_Dir/temp"
-
-# 预创建 env 文件，避免 systemd 因路径不存在报错
-: > "$Env_File"
-chmod 0644 "$Env_File"
-
-#################### 生成 systemd Unit ####################
-
-cat >"$Unit_Path" <<EOF
+cat >"$UNIT_PATH" <<EOF
 [Unit]
 Description=Clash for Linux (Mihomo)
 Documentation=https://github.com/wnlen/clash-for-linux
@ -40,32 +30,24 @@ StartLimitBurst=10

 [Service]
 Type=simple
-User=$Service_User
-Group=$Service_Group
-WorkingDirectory=$Server_Dir
-
-# 启动环境
-Environment=SYSTEMD_MODE=true
-Environment=CLASH_ENV_FILE=$Env_File
+User=${SERVICE_USER}
+Group=${SERVICE_GROUP}
+WorkingDirectory=${PROJECT_DIR}
 Environment=HOME=/root

-# 主进程必须由 start.sh 最后一跳 exec 成 mihomo/clash
-ExecStart=/bin/bash $Server_Dir/start.sh
-ExecStop=/bin/bash $Server_Dir/shutdown.sh
-ExecReload=/bin/kill -HUP \$MAINPID
+ExecStart=/bin/bash ${PROJECT_DIR}/scripts/run_clash.sh --foreground
+ExecStop=/bin/bash ${PROJECT_DIR}/clashctl --from-systemd stop

-# 常驻策略：即使上层脚本正常退出，也要由 systemd 拉回
 Restart=always
 RestartSec=5s

-# 停止与日志
 KillMode=mixed
 TimeoutStartSec=120
 TimeoutStopSec=30
+
 StandardOutput=journal
 StandardError=journal

-# 安全与文件权限
 UMask=0022
 NoNewPrivileges=false

@ -73,13 +55,11 @@ NoNewPrivileges=false
 WantedBy=multi-user.target
 EOF

-#################### 刷新 systemd ####################
-
 systemctl daemon-reload
-systemctl enable "$Service_Name".service >/dev/null 2>&1 || true
+systemctl enable "${SERVICE_NAME}.service" >/dev/null 2>&1 || true

-echo -e "[32m[OK] 已生成 systemd 单元: ${Unit_Path}[0m"
-echo -e "已启用开机自启，可执行以下命令启动服务："
-echo -e "  systemctl restart ${Service_Name}.service"
-echo -e "查看状态："
-echo -e "  systemctl status ${Service_Name}.service -l --no-pager"
+echo "[OK] systemd unit installed: ${UNIT_PATH}"
+echo "start   : systemctl start ${SERVICE_NAME}.service"
+echo "stop    : systemctl stop ${SERVICE_NAME}.service"
+echo "restart : systemctl restart ${SERVICE_NAME}.service"
+echo "status  : systemctl status ${SERVICE_NAME}.service -l --no-pager"
--- a/scripts/run_clash.sh
+++ b/scripts/run_clash.sh
@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+RUNTIME_DIR="$PROJECT_DIR/runtime"
+LOG_DIR="$PROJECT_DIR/logs"
+CONFIG_FILE="$RUNTIME_DIR/config.yaml"
+PID_FILE="$RUNTIME_DIR/clash.pid"
+
+mkdir -p "$RUNTIME_DIR" "$LOG_DIR"
+
+FOREGROUND=false
+DAEMON=false
+
+for arg in "$@"; do
+  case "$arg" in
+    --foreground) FOREGROUND=true ;;
+    --daemon) DAEMON=true ;;
+    *)
+      echo "[ERROR] Unknown arg: $arg" >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [ ! -s "$CONFIG_FILE" ]; then
+  echo "[ERROR] runtime config not found: $CONFIG_FILE" >&2
+  exit 2
+fi
+
+if grep -q '\${' "$CONFIG_FILE"; then
+  echo "[ERROR] unresolved placeholder found in $CONFIG_FILE" >&2
+  exit 2
+fi
+
+# 这里先沿用你原来的 resolve_clash.sh
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/scripts/get_cpu_arch.sh"
+# shellcheck disable=SC1091
+source "$PROJECT_DIR/scripts/resolve_clash.sh"
+
+CLASH_BIN="$(resolve_clash_bin "$PROJECT_DIR" "${CpuArch:-}")"
+
+if [ "$FOREGROUND" = true ]; then
+  exec "$CLASH_BIN" -f "$CONFIG_FILE" -d "$RUNTIME_DIR"
+fi
+
+if [ "$DAEMON" = true ]; then
+  nohup "$CLASH_BIN" -f "$CONFIG_FILE" -d "$RUNTIME_DIR" >>"$LOG_DIR/clash.log" 2>&1 &
+  echo $! > "$PID_FILE"
+  echo "[OK] Clash started in script mode, pid=$(cat "$PID_FILE")"
+  exit 0
+fi
+
+echo "[ERROR] Must specify --foreground or --daemon" >&2
+exit 2
--- a/scripts/service_lib.sh
+++ b/scripts/service_lib.sh
@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+RUNTIME_DIR="$PROJECT_DIR/runtime"
+PID_FILE="$RUNTIME_DIR/clash.pid"
+SERVICE_NAME="clash-for-linux.service"
+
+mkdir -p "$RUNTIME_DIR"
+
+has_systemd() {
+  command -v systemctl >/dev/null 2>&1
+}
+
+service_unit_exists() {
+  has_systemd || return 1
+  systemctl show "$SERVICE_NAME" -p LoadState --value 2>/dev/null | grep -q '^loaded$'
+}
+
+detect_mode() {
+  if service_unit_exists && systemctl is-active --quiet "$SERVICE_NAME"; then
+    echo "systemd"
+  elif is_script_running; then
+    echo "script"
+  elif service_unit_exists; then
+    echo "systemd-installed"
+  else
+    echo "none"
+  fi
+}
+
+read_pid() {
+  [ -f "$PID_FILE" ] || return 1
+  cat "$PID_FILE"
+}
+
+is_script_running() {
+  local pid
+  pid="$(read_pid 2>/dev/null || true)"
+  [ -n "${pid:-}" ] && kill -0 "$pid" 2>/dev/null
+}
+
+start_via_systemd() {
+  systemctl start "$SERVICE_NAME"
+}
+
+stop_via_systemd() {
+  systemctl stop "$SERVICE_NAME"
+}
+
+restart_via_systemd() {
+  systemctl restart "$SERVICE_NAME"
+}
+
+start_via_script() {
+  if is_script_running; then
+    echo "[INFO] clash already running (script mode)"
+    return 0
+  fi
+  "$PROJECT_DIR/scripts/run_clash.sh" --daemon
+}
+
+stop_via_script() {
+  local pid
+  pid="$(read_pid 2>/dev/null || true)"
+  if [ -n "${pid:-}" ] && kill -0 "$pid" 2>/dev/null; then
+    echo "[INFO] stopping clash pid=$pid"
+    kill "$pid"
+    sleep 1
+    if kill -0 "$pid" 2>/dev/null; then
+      kill -9 "$pid" 2>/dev/null || true
+    fi
+  fi
+  rm -f "$PID_FILE"
+}
+
+restart_via_script() {
+  stop_via_script || true
+  start_via_script
+}