#!/usr/bin/env bash
export LANG=zh_CN.UTF-8
# set -e
# ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
# Function :CentOS7.X 系统手术刀
# Platform :RedHatEL7.x Based Platform
# Version  :1.01
# Date     :2022-02-14
# Author   :mugoLH
# Contact  :houxiaoshuai@baidu.com & hxsaj@126.com
# Company  :
# depend on:
# ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----

#  脚本引用 Import the script
# ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----

#  变量列表 List of common variables
# ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
#  一级目录
op_1=(
	系统优化
	软件安装
	存储操作
	退出
	)
#  二级目录_系统优化
op_1_1=(
	返回上级菜单
	修改字符集
	关闭selinux
	防火墙操作
	精简开机启动
	修改文件描述符
	安装常用工具及修改yum源
	优化系统内核
	加快ssh登录速度
	禁用ctrl+alt+del重启
	设置时间同步
	history优化
	退出
	)
#  二级目录_软件安装
op_1_2=(
	返回上级菜单
	docker
	nginx
	mysql
	redis
	kafka
	jdk
	tomcat
	keepalived
	gogs
	nfs
	sftp
	k8s
	退出
	)

#  函数列表 Function list
# ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
#  消息打印
function msgbox(){
	case $1 in
        text )   printf "\e[1;32;48m%-12s\e[0m %-1s\n" "${2}" "${3}"  >&1 ;;
        alert )  printf "\e[1;31;48m%-12s\e[0m %-1s\n" "${2}" "${3}"  >&1 ;;
        result ) printf "\e[1;32;48m%-12s\e[0m %-1s\n" "${2}" "${3}"  >&1 ;;
        normal ) printf "\e[1;32;48m%-12s\e[0m %-1s\n" "${2}" "${3}"  >&1 ;;
    esac
}

#  一级菜单
function menu_1(){

	ScriptPath=$(dirname $(readlink -f "$0"))
	clear
	msgbox "text" "  ┌-----------------------------------------------┐"
	msgbox "text" "  |****   欢迎使用cetnos系统工具"
	msgbox "text" "  |****   适用于CentOS 7.2+     版本"
	msgbox "text" "  |****   当前目录【 ${ScriptPath} 】"
	msgbox "text" "  └-----------------------------------------------┘"
	for i in ${op_1[@]};do
		echo ${i}
	done | awk '$0=NR") "$0' |awk '
	BEGIN{
		print "  ┌-----------------------------------------------┐";
		print "  | 序号 |           功能                          |";
		print "  └-----------------------------------------------┘";
	}
	{
		printf "     %-4s %-24s %-10s\n",$1,$2,$3;
	}
	END{
		print  "  └-----------------------------------------------┘";
	}'
    read -p "    选项1-${#op_1[@]}，自己看着选[1-${#op_1[@]}]:" num_1
}

#  二级菜单
function menu_2(){
	clear
	msgbox "text" "  ┌-----------------------------------------------┐"
	msgbox "text" "  |****   服务选项 "
	msgbox "text" "  └-----------------------------------------------┘"
    for i in ${op_1_1[@]};do
		echo ${i}
	done | awk '$0=NR") "$0' |awk '
	BEGIN{
		print "  ┌-----------------------------------------------┐";
		print "  | 序号 |           功能                          |";
		print "  └-----------------------------------------------┘";
	}
	{
		printf "     %-4s %-24s %-10s\n",$1,$2,$3;
	}
	END{
		print  "  └-----------------------------------------------┘";
	}'
    read -p "选择[1-13]:" num_2
}

#  1.修改字符集
function set_locale(){
    msgbox "text" "[ MESSAGE ] " "========================修改字符集========================="
    if grep -qw "zh_CN.UTF-8" /etc/locale.conf;then
    	msgbox "text" "字符集为 zh_CN.UTF-8，无需修改"
    else
    	echo -e "LANG=\"zh_CN.UTF-8\"\nSYSFONT=\"latarcyrheb-sun16\"" > /etc/locale.conf
    fi
    source /etc/locale.conf
    echo "#cat /etc/locale.conf"
    cat /etc/locale.conf
    msgbox "text"  "完成修改字符集"
}

#  2.关闭selinux
function set_selinux(){
    msgbox "text" "[ MESSAGE ] " "========================禁用SELINUX========================"
    # 执行
    if [[ $(getenforce) = "Enforcing" ]]; then
        setenforce 0 >/dev/null 2>&1
    fi
    if [ $(grep "^SELINUX=" /etc/selinux/config | awk -F "=" '{print$2}') != "disabled" ];then
        sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
        msgbox "text" "[ SUCCESS ]" "SELINUX为禁用成功"
    else
        msgbox "text" "[ STATUS  ]" "SELINUX为禁用状态"
    fi
}

#  3.关闭firewalld
function set_firewalld(){
    msgbox "text" "[ MESSAGE ] " "=======================防火墙操作========================="
    # 执行=
    if [ $(systemctl list-unit-files  | grep firewalld.service | awk '{print$2}') != "disabled" ] ; then
        systemctl disable firewalld >/dev/null 2>&1
    fi

    if [ $(systemctl status firewalld | awk '/Active/{print$2}') == "active" ] ; then
        systemctl stop    firewalld >/dev/null 2>&1
        msgbox "text" "[ SUCCESS ]" "Firewall防火墙关闭完成"
        return 0
    else
        msgbox "text" "[ STATUS  ]" "Firewall防火墙关闭为状态"
        return 0
    fi
}

#  4.精简开机启动
function set_chk(){
    msgbox "text" "[ MESSAGE ] " "=======================精简开机启动========================"
    systemctl disable auditd.service postfix.service
    echo '#systemctl list-unit-files | grep -E "auditd|postfix"'
    systemctl list-unit-files | grep -E "auditd|postfix"
    msgbox "text" "[ MESSAGE ] " "完成精简开机启动"
}

#  5.修改文件描述符
function set_limit(){
    msgbox "text" "[ MESSAGE ] " "======================修改文件描述符======================="
    echo '* - nofile 65535'>/etc/security/limits.conf
    ulimit -SHn 65535
    echo "#cat /etc/security/limits.conf"
    cat /etc/security/limits.conf
    echo "#ulimit -Sn ; ulimit -Hn"
    ulimit -Sn ; ulimit -Hn
    msgbox "text" "[ MESSAGE ] " "完成修改文件描述符"
}

#  6.安装常用工具及修改yum源
function set_yum(){
    msgbox "text" "[ MESSAGE ] " "=================安装常用工具及修改yum源==================="
    yum install wget -y &> /dev/null
    if [ $? -eq 0 ];then
        cd /etc/yum.repos.d/ && cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
        ping -c 1 mirrors.aliyun.com &> /dev/null
        if [ $? -eq 0 ];then
            wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
            yum clean all &> /dev/null
            yum makecache &> /dev/null
        else
            echo "无法连接网络"
                exit $?
        fi
    else
        echo "wget安装失败"
        exit $?
    fi
    yum -y install lsof lrzsz vim tree nmap nc sysstat &> /dev/null
    msgbox "text" "[ MESSAGE ] " "完成安装常用工具及修改yum源"
}

#  7. 优化系统内核
function set_kernel(){
    msgbox "text" "[ MESSAGE ] " "======================优化系统内核========================="
    chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l`
    if [ $chk_nf -eq 0 ];then
        cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 18000

net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 0
net.ipv4.tcp_max_orphans = 16000
net.ipv4.tcp_timestamps = 0

net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144

net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
    sysctl -p
    else
        echo "优化项已存在。"
    fi
    msgbox "text" "[ SUCCESS ]" "内核调优完成"
}

#  8.加快ssh登录速度
function set_ssh(){
    msgbox "text" "[ MESSAGE ] " "======================加快ssh登录速度======================"
    sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
    sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
    systemctl restart sshd.service
    echo "#grep GSSAPIAuthentication /etc/ssh/sshd_config"
    grep GSSAPIAuthentication /etc/ssh/sshd_config
    echo "#grep UseDNS /etc/ssh/sshd_config"
    grep UseDNS /etc/ssh/sshd_config
    msgbox "text" "[ SUCCESS ]" "完成加快ssh登录速度"
}

#  9. 禁用ctrl+alt+del重启
function set_restart(){
    msgbox "text" "[ MESSAGE ] " "===================禁用ctrl+alt+del重启===================="
    rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
    msgbox "text" "[ SUCCESS ]" "完成禁用ctrl+alt+del重启"
}

#  10. 设置时间同步
function set_ntpdate(){
    msgbox "text" "[ MESSAGE ] " "=======================设置时间同步========================"
    yum -y install ntpdate &> /dev/null
    if [ $? -eq 0 ];then
        /usr/sbin/ntpdate time.windows.com
        echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >> /var/spool/cron/root
    else
        echo "ntpdate安装失败"
        exit $?
    fi
    msgbox "text" "[ SUCCESS ]" "完成设置时间同步"
}

#  11. history优化
function set_history(){
    msgbox "text" "[ MESSAGE ] " "========================history优化========================"
    chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l`
    if [ $chk_his -eq 0 ];then
        cat >> /etc/profile <<'EOF'
#设置history格式
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: "
#记录shell执行的每一条命令
export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
    export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
    logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
fi;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'
EOF
        source /etc/profile
    else
        echo "优化项已存在。"
    fi
    msgbox "text" "[ SUCCESS ]" "完成history优化"
}



##  jdk安装
function jdk_ops(){
	ipath="/usr/local"
	installpath=$(cd `dirname $0`; pwd)
	jdkpath=""
	msgbox "pam" "========================jdk安装========================";echo
	msgbox "pam" "========================判断是否已经部署jdk========================";echo
	j=`whereis java`
	java=$(echo ${j} | grep "jdk")
	if [[ "$java" != "" ]];then
		msgbox "alert" "jdk已经安装了！！！";echo
    else
    	msgbox "pam" "未检测jdk安装，继续进行安装";echo
    	msgbox "pam" "解压jdk中";echo
    	tar -zxvf tool/jdk-*-linux-x64.tar.gz >/dev/null 2>&1
    	cd jdk* && jdkname=`pwd | awk -F '/' '{print $NF}'`
    	msgbox "alert" "获取jdk版本: ${jdkname}";echo
    	msgbox "alert" "。。******。。";echo
    	cd ${installpath}
    	msgbox "alert" "获取当前目录:${installpath}";echo
    	if [ -d "${ipath}/${jdkname}" ];then
    		msgbox "alert" "检测到${ipath}${jdkname}目录已存在！！！！";echo
    		msgbox "alert" "停止并退出jdk安装";echo
    		jdkpath=${ipath}/${jdkname}
    		break
    	else
    		msgbox "pam" "未检测到${ipath}${jdkname}目录";echo
    		msgbox "pam" "开始进行转移${jdkname}文件到${ipath}安装目录";echo
    		mv ${jdkname} ${ipath}
    		msgbox "pam" "jdk安装完毕！！！！";echo
    		msgbox "pam" "jdk安装目录：【  ${ipath}/${jdkname}   】";echo
    		jdkpath=${ipath}/${jdkname}
    		msgbox "text" "[ SUCCESS ]" "完成jdk程序安装"
    	fi

    	msgbox "pam" "开始进行java环境变量安装检测！！！";echo
    	chk_nf=`cat /etc/profile | grep JAVA_HOME |wc -l`
    	if [ $chk_nf -eq 0 ];then
    		msgbox "pam" "JAVA_HOME路径【${jdkpath}】注入中......";echo
    		echo "#设置JAVA_HOME变量" >> /etc/profile
    		echo "export JAVA_HOME=${jdkpath}" >> /etc/profile
    		echo 'export JRE_HOME=${JAVA_HOME}/jre'>> /etc/profile
    		echo 'export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib' >> /etc/profile
    		echo 'export PATH=${JAVA_HOME}/bin:$PATH' >> /etc/profile
    		msgbox "pam" "JAVA_HOME路径【${jdkpath}】注入完毕......";echo
    	else
    		msgbox "alert" "jdk环境变量已存在，停止设置！！";echo
    	fi
    fi
    action "完成java环境变量配置" /bin/true
    action "完成JAVA安装" /bin/true
    msgbox "pam" "============手工运行【 source /etc/profile】生效环境变量=====================";echo
}

#控制函数========================================
main(){
    menu1
    case $num1 in
    	1)
            #localeset
            selinuxset
            #firewalldset
            chkset
            limitset
            yumset
            kernelset
            sshset
            restartset
            ntpdateset
            historyset
            ;;
        2)
            menu2
            case $num2 in
                1) localeset    ;;
                2) selinuxset   ;;
                3) firewalldset ;;
                4) chkset       ;;
                5) limitset     ;;
                6) yumset       ;;
                7) kernelset    ;;
                8) sshset       ;;
                9) restartset   ;;
                10) ntpdateset  ;;
                11) historyset  ;;
                12) main        ;;
                13) exit        ;;
                *)  echo '只能选 [1-13]，不玩了退了.' ;;
            esac
            ;;
        3) installjdk ;;
        4) exit       ;;
        *)
            msgbox "alert" "####别乱按，想搞事情？？？只能选【1-4】选项!!!!!";echo
            sleep 3
            main
            ;;
    esac
}
main $*