#!/bin/bash
# 静态IP + DNS + SSH + 关闭防火墙/SELinux 一键脚本
echo "===== 开始配置静态IP环境 ====="

# ====================== 请根据你的环境修改以下配置 ======================
INTERFACE="ens33"          # 网卡名,保持默认即可
IP_ADDR="192.168.99.100"  # 你要设置的静态IP,改成你自己的网段
NETMASK="24"               # 子网掩码,24代表255.255.255.0
GATEWAY="192.168.99.2"    # 网关,改成你虚拟机/路由器的网关
DNS1="8.8.8.8"            # 首选DNS
DNS2="114.114.114.114"    # 备用DNS
# =======================================================================

# 1. 清空网卡现有IP和路由
ip addr flush dev $INTERFACE
ip route flush dev $INTERFACE
ip link set $INTERFACE up
echo "✅ 网卡已清空并启用"

# 2. 添加静态IP
ip addr add ${IP_ADDR}/${NETMASK} dev $INTERFACE
echo "✅ 静态IP配置完成:${IP_ADDR}/${NETMASK}"

# 3. 添加默认网关
ip route add default via $GATEWAY dev $INTERFACE
echo "✅ 默认网关配置完成:${GATEWAY}"

# 4. 配置DNS(永久生效)
systemctl stop systemd-resolved 2>/dev/null
systemctl disable systemd-resolved 2>/dev/null
rm -rf /etc/resolv.conf
echo "nameserver $DNS1" > /etc/resolv.conf
echo "nameserver $DNS2" >> /etc/resolv.conf
echo "✅ DNS配置完成:${DNS1}, ${DNS2}"

# 5. 安装并启动SSH服务
apt update -y
apt install -y openssh-server net-tools
systemctl start sshd
systemctl enable sshd
echo "✅ SSH服务已安装并开机自启"

# 6. 关闭防火墙
ufw disable 2>/dev/null
iptables -F 2>/dev/null
iptables -X 2>/dev/null
systemctl stop firewalld 2>/dev/null
systemctl disable firewalld 2>/dev/null
echo "✅ 防火墙已关闭"

# 7. 关闭SELinux(Ubuntu默认无)
if command -v setenforce &> /dev/null; then
    setenforce 0
    sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
    echo "✅ SELinux已关闭"
else
    echo "ℹ️ 系统未安装SELinux,跳过此步骤"
fi

# 8. 关闭AppArmor
systemctl stop apparmor 2>/dev/null
systemctl disable apparmor 2>/dev/null
echo "✅ AppArmor已关闭"

# ====================== 配置完成,显示信息 ======================
echo -e "\n===== 配置完成!当前网络信息 ====="
ip addr show $INTERFACE | grep -E "inet.*global"
ip route | grep default
cat /etc/resolv.conf
systemctl status sshd --no-pager | grep Active
echo "=================================="
echo "🎉 静态IP环境已配置完成!现在可以用 ${IP_ADDR} SSH连接服务器"