cattom/blog
0
0
Fork 0
Code Actions Activity

Edit action config & Commands.md
All checks were successful
Deploy / deploy (push) Successful in 58s
Details

Browse Source
This commit is contained in:
Cat Tom
2026-03-12 19:57:52 +08:00
parent 36d1920012
commit 29cf27ac7f
2 changed files with 139 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitea/workflows/deploy.yaml
View File

@@ -11,5 +11,6 @@ jobs:
host: "100.114.118.48"
username: "root"
key: ${{ secrets.SSH_PRIVATE_KEY }}
passphrase: ${{ secrets.SSH_PRIVATE_KEY_PASSPHRASE }}
command_timeout: 3h
script: bash /root/maria/script/action/blog.sh

227
docs/tech/Commands-for-Server-Operation-and-Maintenance.md
View File

@@ -6,31 +6,51 @@ level: classified
## 初始化
Maria:
### Maria
**推送 GitHub 私钥**:
```bash
git config --global credential.helper store && git clone https://github.com/cattomgithub/maria.git
# 在 CatTomServer1 处执行
rsync -avP /home/cattom/.ssh/cattomgithub [server_id]:/root/.ssh/
# 指定用户名与 IP
rsync -avP /home/cattom/.ssh/cattomgithub root@[server_ip]:/root/.ssh/
# 指定端口、私钥、用户名和 IP
rsync -avP -e 'ssh -p 25800 -i /home/cattom/.ssh/Maria' /home/cattom/.ssh/cattomgithub root@[server_ip]:/root/.ssh/
```
cd maria/script && chmod +x *.sh && ./maria.sh
**克隆 Maria 仓库**:
```bash
git config --global credential.helper store && git clone https://github.com/cattomgithub/maria.git
cd maria/script && chmod +x *.sh && ./maria.sh
```
## 修改 SSH 配置
首先,启动 SSH 服务:
**启动 SSH 服务**:
```bash
sudo systemctl enable ssh && sudo systemctl restart ssh && sudo systemctl status ssh
sudo systemctl enable ssh && sudo systemctl restart ssh && sudo systemctl status ssh
```
接着,生成并配置 SSH 密钥。进入 CatTomServer3-1 终端,然后执行:
**配置 SSH 密钥**: 在 CatTomServer1 终端执行
```bash
ssh-keygen -m PEM -t rsa -b 4096 -C "[username]@[server_ip]" -f ~/.ssh/[server_name]
ssh-copy-id -p 25800 -i /home/cattom/.ssh/[server_name].pub root@[server_ip]
# Maria
ssh-copy-id -i /home/cattom/.ssh/Maria.pub root@[server_ip]
# HomeLab
ssh-copy-id -i /home/cattom/.ssh/CatTomServer.pub cattom@[server_ip]
# 指定端口
ssh-copy-id -p 25800 ...
```
最后,修改 `/etc/ssh/sshd_config`:
**修改 SSH 配置**:
```bash
sudo nano /etc/ssh/sshd_config
```
- Port 22 → **Port 25800**
- PermitRootLogin **prohibit-password** (取消该行注释)
@@ -42,10 +62,10 @@ Maria:
## 恢复备份文件/目录 (可选)
```bash
cd /root || exit
wget -c https://cattom.oss-cn-shenzhen.aliyuncs.com/[server_name]/backup/[file_name].tar.gz
tar -zxvf [file_name].tar.gz
sudo rm [file_name].tar.gz
cd /root || exit
wget -c https://cattom.oss-cn-shenzhen.aliyuncs.com/[server_name]/backup/[file_name].tar.gz
tar -zxvf [file_name].tar.gz
sudo rm [file_name].tar.gz
```
## 安装业务程序 (按需安装)
@@ -57,19 +77,19 @@ Maria:
请到 [Releases - traefik/traefik](https://github.com/traefik/traefik/releases/latest) 检查最新版本。
```bash
mkdir /root/traefik
cd /root/traefik || exit
mkdir /root/traefik
cd /root/traefik || exit
touch acme.json && chmod 600 acme.json
touch acme.json && chmod 600 acme.json
wget -c [link]
tar -zxvf [file_name] && rm [file_name] LICENSE.md CHANGELOG.md && mv traefik /usr/local/bin/traefik
wget -c [link]
tar -zxvf [file_name] && rm [file_name] LICENSE.md CHANGELOG.md && mv traefik /usr/local/bin/traefik
ln -s /root/maria/config/traefik/static.yaml /root/traefik/static.yaml
ln -s /root/maria/config/${SERVER}/traefik.yaml /root/traefik/dynamic.yaml
ln -s /root/maria/config/traefik/static.yaml /root/traefik/static.yaml
ln -s /root/maria/config/${SERVER}/traefik.yaml /root/traefik/dynamic.yaml
ln -s /root/maria/config/systemd/traefik.service /etc/systemd/system/traefik.service && sudo systemctl daemon-reload
sudo systemctl enable traefik.service && sudo systemctl restart traefik.service
ln -s /root/maria/config/systemd/traefik.service /etc/systemd/system/traefik.service && sudo systemctl daemon-reload
sudo systemctl enable traefik.service && sudo systemctl restart traefik.service
```
### 阿里云 CLI
@@ -77,20 +97,20 @@ Maria:
**注意: 请到 [RAM 访问控制](https://ram.console.aliyun.com/) 按照业务需求生成 AccessKey.**
```bash
cd /root || exit
cd /root || exit
/bin/bash -c "$(curl -fsSL https://aliyuncli.alicdn.com/install.sh)"
/bin/bash -c "$(curl -fsSL https://aliyuncli.alicdn.com/install.sh)"
aliyun configure set --profile profile1 --mode AK --access-key-id [AccessKeyID] --access-key-secret [AccessKeySecret] --region "cn-shenzhen"
aliyun configure set --profile profile1 --mode AK --access-key-id [AccessKeyID] --access-key-secret [AccessKeySecret] --region "cn-shenzhen"
```
阿里云 CLI 现已集成 ossutil示例:
```bash
# Example 1
aliyun ossutil sync /root/backup/ oss://cattom/${SERVER}/backup/ --force --update --delete -e oss-cn-shenzhen.aliyuncs.com
# Example 2
aliyun ossutil sync /root/blog/site oss://cattom-blog --force --update --delete --region cn-hongkong
# Example 1
aliyun ossutil sync /root/backup/ oss://cattom/${SERVER}/backup/ --force --update --delete -e oss-cn-shenzhen.aliyuncs.com
# Example 2
aliyun ossutil sync /root/blog/site oss://cattom-blog --force --update --delete --region cn-hongkong
```
### Flexget
@@ -98,34 +118,34 @@ Maria:
安装 Flexget:
```bash
cd /root || exit
sudo apt -y install python3 python3-full python3-pip python3.12-venv
python3 -m venv /root/flexget/
/root/flexget/bin/pip install --upgrade pip setuptools
/root/flexget/bin/pip install flexget
cd /root || exit
sudo apt -y install python3 python3-full python3-pip python3.12-venv
python3 -m venv /root/flexget/
/root/flexget/bin/pip install --upgrade pip setuptools
/root/flexget/bin/pip install flexget
```
测试配置并启动后台进程:
```bash
sudo ln -s /root/maria/config/flexget/config.yml /root/flexget/config.yml
/root/flexget/bin/flexget -c /root/flexget/config.yml --test execute
/root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config
sudo ln -s /root/maria/config/flexget/config.yml /root/flexget/config.yml
/root/flexget/bin/flexget -c /root/flexget/config.yml --test execute
/root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config
```
设置开机自启动:
```bash
(
(
crontab -u $(whoami) -l
echo "@reboot /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config"
) | crontab -u $(whoami) -
) | crontab -u $(whoami) -
```
配置 alias:
```bash
echo 'alias flexget="/root/flexget/bin/flexget -c /root/flexget/config.yml"' >> /root/.bashrc
echo 'alias flexget="/root/flexget/bin/flexget -c /root/flexget/config.yml"' >> /root/.bashrc
```
## 配置防火墙
@@ -157,44 +177,44 @@ Maria 非标端口开放表:
[^1]: 服务器3的 Prometheus 处于容器内,而 Node Exporter 处于宿主机,必须保留该规则以保持二者连通。
```bash
# 重置防火墙
sudo ufw reset
# 添加默认条件
sudo ufw default allow outgoing # 默认允许所有数据出站
sudo ufw default deny incoming # 默认禁止所有数据入站
# 重置防火墙
sudo ufw reset
# 添加默认条件
sudo ufw default allow outgoing # 默认允许所有数据出站
sudo ufw default deny incoming # 默认禁止所有数据入站
```
```bash
# SSH
sudo ufw allow 25800
# Web
sudo ufw allow 80 && sudo ufw allow 443
# SSH
sudo ufw allow 25800
# Web
sudo ufw allow 80 && sudo ufw allow 443
# Example 1
sudo ufw allow 7100
# Example 2
sudo ufw allow from 127.0.0.1 to any port 18080
# Example 3
sudo ufw allow 6888/udp
# Example 1
sudo ufw allow 7100
# Example 2
sudo ufw allow from 127.0.0.1 to any port 18080
# Example 3
sudo ufw allow 6888/udp
```
```bash
# 启用日志
sudo ufw logging medium
# 列出端口开放情况
sudo ufw status numbered
# 启用防火墙
sudo ufw enable
# 启用日志
sudo ufw logging medium
# 列出端口开放情况
sudo ufw status numbered
# 启用防火墙
sudo ufw enable
```
## 加载 Docker 容器
```bash
sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml pull
sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml up -d --remove-orphans
sudo docker system prune -f
# 可选
sudo systemctl restart traefik
sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml pull
sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml up -d --remove-orphans
sudo docker system prune -f
# 可选
sudo systemctl restart traefik
```
## 配置自动备份 (可选)
@@ -243,45 +263,66 @@ lsmod | grep bbr
若出现 `tcp_bbr` 的输出,说明开启成功。
## 配置 SSH Action
## 配置 Actions
### GitHub Actions
[cattomgithub/maria - Settings - Secrets - Actions](https://github.com/cattomgithub/maria/settings/secrets/actions)
转至 [cattomgithub/maria - Settings - Secrets - Actions](https://github.com/cattomgithub/maria/settings/secrets/actions)
修改以下配置项:
- SSH_HOSTS: foo,bar
服务器需配置 GitHub Actions Key进入 CatTomServer3-1 的终端,执行:
```bash
ssh-copy-id -f -p 25800 -i /home/cattom/.ssh/maria-github-actions-key.pub [server_id]
```
[Ref: 用于 GitHub Actions 的 SSH](https://github.com/appleboy/ssh-action/blob/master/README.zh-cn.md)
### Gitea Actions
## NFS 配置
```bash
# Install
sudo apt -y update && sudo apt -y install nfs-kernel-server nfs-common
# Modify firewall on host
sudo ufw allow from [client_ip] to any port nfs
# Create mount point on client
sudo mkdir -p [/path/on/client]
# Mount directories on client
sudo mount [host_ip]:[/path/on/host] [/path/on/client]
# Check stats on client
sudo df -h
# Mount the directories at boot
sudo echo "[host_ip]:[/path/on/host] [/path/on/client] nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >> /etc/fstab
# Unmount NFS
sudo umount [/path/on/client]
# Install
sudo apt -y update && sudo apt -y install nfs-kernel-server nfs-common
# Modify firewall on host
sudo ufw allow from [client_ip] to any port nfs
# Create mount point on client
sudo mkdir -p [/path/on/client]
# Mount directories on client
sudo mount [host_ip]:[/path/on/host] [/path/on/client]
# Check stats on client
sudo df -h
# Mount the directories at boot
sudo echo "[host_ip]:[/path/on/host] [/path/on/client] nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >> /etc/fstab
# Unmount NFS
sudo umount [/path/on/client]
```
## 进入 Docker 容器的终端
``` bash
sudo docker exec -it [container_name] /bin/bash
# Or
sudo docker exec -it [container_name] /bin/sh
sudo docker exec -it [container_name] /bin/bash
# Or
sudo docker exec -it [container_name] /bin/sh
```
## rsync 同步文件
rsync 参数解释:
- `-a`: 归档模式,保留文件的权限、时间戳、软链接、属主和属组。
- `-v`: 详细模式,输出同步过程中的文件名。
- `-z`: 在传输时进行压缩。
- `-P`: 等同于 `--partial` `--progress`。`--progress` 会显示每个文件的传输进度,`--partial` 允许断点续传。
rsync 对路径末尾的斜杠敏感:
- `/local/source/folder/` (有斜杠): 只同步文件夹里面的**内容**到目标目录。
- `/local/source/folder` (无斜杠): 将 `folder` 这个**目录本身连同里面的内容**,整个放入目标目录中。
``` bash
# 将本地文件夹推送到远程服务器 (Push)
rsync -avzP --delete /local/source/folder/ [server_id]:/remote/destination/folder/
# 从远程服务器拉取文件夹到本地 (Pull)
rsync -avzP --delete [server_id]:/local/source/folder/ /remote/destination/folder/
```
## 参考
[用于 GitHub Actions 的 SSH](https://github.com/appleboy/ssh-action/blob/master/README.zh-cn.md)