core: 支持修改 ssh rdp web 端口

Author: bin456789

README.en.md

@@ -126,7 +126,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
 - On virtual machines, the appropriate official slimmed-down kernel will be automatically installed.
 - To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>.
 - Username `root`, password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
-- When switching to key-based authentication, you also need to modify the files inside `/etc/ssh/sshd_config.d/`
+- After reinstalling, if you need to change SSH port or switch to key-based login, be sure to modify the files inside `/etc/ssh/sshd_config.d/`.
+- Optional parameters:
+  - `--ssh-port PORT` to change the SSH port
+  - `--hold 2` to prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
 
 ```bash
 bash reinstall.sh centos      9
@@ -158,6 +161,8 @@ bash reinstall.sh centos      9
 
 <summary>Experimental Features</summary>
 
+The following features are experimental and may not support modifying the SSH port or other options.
+
 Install Debian using a cloud image, suitable for machines with slower CPUs
 
 ```bash
@@ -183,6 +188,10 @@ bash reinstall.sh ubuntu --installer
 - Supports `raw`, `vhd` images or those compressed with `xz` or `gzip`.
 - When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect.
 - When deploy a Linux image, the script will not modify any contents of the image.
+- Optional parameters:
+  - `--rdp-port PORT` to change the RDP port (Windows only).
+  - `--allow-ping` to allow ping responses (Windows only).
+  - `--hold 2` to prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
 
 ```bash
 bash reinstall.sh dd --img https://example.com/xxx.xz
@@ -218,8 +227,12 @@ bash reinstall.sh netboot.xyz
 - Username `administrator`, password `123@@@`
 - If remote login fails, try using the username `.\administrator`.
 - The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
+- Optional parameters:
+  - `--rdp-port PORT` to change the RDP port
+  - `--allow-ping` to allow ping responses
+  - `--hold 2` to allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
 
-![Installing Windows](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
+![Windows Installation](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
 
 #### Method 1: Allow the script to automatically find the ISO
 
@@ -365,9 +378,10 @@ Most ARM machines support ISO installation of Windows 11 24H2, but some machines
 - ✔️Azure: B2pts_v2
 - ✔️Alibaba Cloud: g8y, c8y, r8y (may occasionally get stuck on the boot logo during restart; force restart to resolve)
 - ✔️Alibaba Cloud: g6r, c6r
-- ✔️Oracle Cloud: A1.Flex (manual loading of the graphics driver is required after installation)
+- ✔️Oracle Cloud A1.Flex (Success depends on the machine's creation date; newer instances are more likely to install successfully. You will also need to manually load the GPU drivers after installation.)
 - ✔️AWS: T4g
 - ✔️Scaleway: COPARM1
+- ✔️Gcore
 - ❌Google Cloud: t2a (lacking network card driver)
 
 <details>

README.md

@@ -126,7 +126,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
 - 在虚拟机上，会自动安装合适的官方精简内核
 - 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接
 - 用户名 `root` 密码 `123@@@`，可能首次开机几分钟后密码才生效
-- 改为密钥登录时，还要修改 `/etc/ssh/sshd_config.d/` 里面的文件
+- 重装后如需修改 SSH 端口 / 改成密钥登录，还要注意修改 `/etc/ssh/sshd_config.d/` 里面的文件
+- 可选参数
+  - `--ssh-port PORT` 修改 SSH 端口
+  - `--hold 2`        安装结束后不进入系统。可连接 SSH 修改系统内容，系统挂载在 `/os` (此功能不支持 Debian / Kali)
 
 ```bash
 bash reinstall.sh centos      9
@@ -158,6 +161,8 @@ bash reinstall.sh centos      9
 
 <summary>实验性功能</summary>
 
+以下功能为实验性质，可能不支持修改 ssh 端口等其它选项
+
 用云镜像安装 Debian，适合于 CPU 较慢的机器
 
 ```bash
@@ -183,6 +188,10 @@ bash reinstall.sh ubuntu --installer
 - 支持 `raw` `vhd` 或者经过 `xz` `gzip` 压缩的镜像
 - DD Windows 镜像时，会扩展系统盘，静态 IP 的机器会配置好 IP，可能首次开机几分钟后才生效
 - DD Linux 镜像时，脚本不会修改镜像的任何内容
+- 可选参数
+  - `--rdp-port PORT` 修改 RDP 端口 (仅限 Windows)
+  - `--allow-ping`    允许被 Ping (仅限 Windows)
+  - `--hold 2`        DD 结束后不进入系统。可连接 SSH 修改系统内容，系统挂载在 `/os`
 
 ```bash
 bash reinstall.sh dd --img https://example.com/xxx.xz
@@ -218,8 +227,12 @@ bash reinstall.sh netboot.xyz
 - 用户名 `administrator` 密码 `123@@@`
 - 如果远程登录失败，尝试使用用户名 `.\administrator`
 - 静态机器会自动配置好 IP，可能首次开机几分钟后才生效
+- 可选参数
+  - `--rdp-port PORT` 更改 RDP 端口
+  - `--allow-ping`    允许被 Ping
+  - `--hold 2`        在重启进入 Windows 官方安装程序前，可连接 SSH 修改硬盘内容，硬盘挂载在 `/os`
 
-![Windows 安装中](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
+![Windows 安装界面](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
 
 #### 方法 1: 让脚本自动查找 ISO
 
@@ -365,9 +378,10 @@ Windows Server 2025 SERVERDATACENTER
 - ✔️Azure     B2pts_v2
 - ✔️阿里云    g8y c8y r8y (有几率重启时卡开机 Logo，强制重启即可)
 - ✔️阿里云    g6r c6r
-- ✔️甲骨文云  A1.Flex     (安装后需要手动加载显卡驱动)
+- ✔️甲骨文云  A1.Flex     (视乎机器的创建日期，越新的越有可能成功安装，安装后还需要手动加载显卡驱动)
 - ✔️AWS       T4g
 - ✔️Scaleway  COPARM1
+- ✔️Gcore
 - ❌谷歌云    t2a         (缺少网卡驱动)
 
 <details>

cloud-init.yaml

@@ -21,10 +21,14 @@ runcmd:
   # 下面这行删除 clout-init 创建的 sshd_config
   - test $(wc -l </etc/ssh/sshd_config) -le 1 && cat /etc/ssh/sshd_config >>/etc/ssh/sshd_config.d/50-cloud-init.conf && rm -f /etc/ssh/sshd_config
   - echo "PermitRootLogin yes" >/etc/ssh/sshd_config.d/01-permitrootlogin.conf || sed -Ei 's/^#?PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+  - echo "Port @SSH_PORT@" >/etc/ssh/sshd_config.d/01-change-ssh-port.conf || sed -Ei 's/^#?Port .*/Port @SSH_PORT@/' /etc/ssh/sshd_config
   # 已创建的 ssh 连接会沿用旧的配置（未开启密码登录），这时即使输入正确的密码，也会提示 Access Denied
   # systemctl restart sshd 只会重启监听进程，不会关闭已创建的连接（子进程）
   - pkill sshd || true
-  - systemctl restart sshd || systemctl restart ssh
+  # daemon-reload 会刷新 /run/systemd/generator/ssh.socket.d/addresses.conf
+  - systemctl daemon-reload
+  - for s in ssh.socket ssh.service sshd.socket sshd.service; do systemctl is-enabled $s && systemctl restart $s && break; done
+  - sed -i -e '/^[[:space:]]*password:/d' -e '/[[:space:]]*root:/d' /etc/cloud/cloud.cfg.d/99_fallback.cfg
   - touch /etc/cloud/cloud-init.disabled
   # ubuntu 镜像运行 echo -e '\nDone' ，-e 会被显示出来
   - printf '\n%s\n' 'reinstall done' >/dev/tty0 || true

debian.cfg

@@ -162,8 +162,16 @@ d-i partman/early_command string true; \
 # if [ "$link_grub_dir" = 1 ]; then mkdir /target/boot/grub2; echo 'chainloader (hd0)+1' >/target/boot/grub2/grub.cfg; fi; \
 d-i preseed/late_command string true; \
     eval "$(grep -o 'extra_link_grub_dir=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \
+    eval "$(grep -o 'extra_ssh_port=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \
+
     if [ "$link_grub_dir" = 1 ]; then ln -s grub /target/boot/grub2; fi; \
 
     in-target systemctl enable ssh; \
+
     echo "PermitRootLogin yes" >/target/etc/ssh/sshd_config.d/01-permitrootlogin.conf || \
-    echo "PermitRootLogin yes" >>/target/etc/ssh/sshd_config
+    echo "PermitRootLogin yes" >>/target/etc/ssh/sshd_config; \
+
+    if [ -n "$ssh_port" ] && ! [ "$ssh_port" = 22 ]; then \
+        echo "Port $ssh_port" >/target/etc/ssh/sshd_config.d/01-change-ssh-port.conf || \
+        echo "Port $ssh_port" >>/target/etc/ssh/sshd_config; \
+    fi

logviewer-nginx.conf

@@ -1,6 +1,6 @@
 server {
-    listen 80;
-    listen [::]:80;
+    listen @WEB_PORT@;
+    listen [::]:@WEB_PORT@;
     root /;
 
     gzip on;

reinstall.sh

@@ -59,6 +59,11 @@ Usage: $reinstall____ centos      9
                       windows     --image-name='windows xxx yyy'  --iso='http://xxx.com/xxx.iso'
                       netboot.xyz
 
+       Options:       [--ssh-port PORT]
+                      [--rdp-port PORT]
+                      [--web-port PORT]
+                      [--allow-ping]
+
 Manual: https://github.com/bin456789/reinstall
 
 EOF
@@ -194,6 +199,14 @@ is_use_firmware() {
     [ "$nextos_distro" = debian ] && ! is_virt
 }
 
+is_digit() {
+    [[ "$1" =~ ^[0-9]+$ ]]
+}
+
+is_port_valid() {
+    is_digit "$1" && [ "$1" -ge 1 ] && [ "$1" -le 65535 ]
+}
+
 get_host_by_url() {
     cut -d/ -f3 <<<$1
 }
@@ -2315,14 +2328,21 @@ find_grub_extlinux_cfg() {
     fi
 }
 
+# 空格、&、用户输入的网址要加引号，否则 grub 无法正确识别
+is_need_quote() {
+    [[ "$1" = *' '* ]] || [[ "$1" = *'&'* ]] || [[ "$1" = http* ]]
+}
+
 # 转换 finalos_a=1 为 finalos.a=1 ，排除 finalos_mirrorlist
 build_finalos_cmdline() {
     if vars=$(compgen -v finalos_); then
         for key in $vars; do
             value=${!key}
             key=${key#finalos_}
             if [ -n "$value" ] && [ $key != "mirrorlist" ]; then
-                finalos_cmdline+=" finalos_$key='$value'"
+                is_need_quote "$value" &&
+                    finalos_cmdline+=" finalos_$key='$value'" ||
+                    finalos_cmdline+=" finalos_$key=$value"
             fi
         done
     fi
@@ -2334,10 +2354,13 @@ build_extra_cmdline() {
     # 会将 extra.xxx=yyy 写入新系统的 /etc/modprobe.d/local.conf
     # https://answers.launchpad.net/ubuntu/+question/249456
     # https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
-    for key in confhome hold force cloud_image main_disk; do
+    for key in confhome hold force force_old_windows_setup cloud_image main_disk \
+        ssh_port rdp_port web_port allow_ping password; do
         value=${!key}
         if [ -n "$value" ]; then
-            extra_cmdline+=" extra_$key='$value'"
+            is_need_quote "$value" &&
+                extra_cmdline+=" extra_$key='$value'" ||
+                extra_cmdline+=" extra_$key=$value"
         fi
     done
 
@@ -3042,8 +3065,28 @@ else
     fi
 fi
 
+long_opts=
+for o in ci installer debug minimal allow-ping \
+    hold: \
+    sleep: \
+    iso: \
+    image-name: \
+    boot-wim: \
+    img: \
+    lang: \
+    ssh-port: \
+    rdp-port: \
+    web-port: \
+    allow-ping: \
+    commit: \
+    force: \
+    force-old-windows-setup:; do
+    [ -n "$long_opts" ] && long_opts+=,
+    long_opts+=$o
+done
+
 # 整理参数
-if ! opts=$(getopt -n $0 -o "" --long ci,installer,debug,minimal,hold:,sleep:,iso:,image-name:,img:,lang:,commit:,force: -- "$@"); then
+if ! opts=$(getopt -n $0 -o "" --long "$long_opts" -- "$@"); then
     usage_and_exit
 fi
 
@@ -3073,18 +3116,41 @@ while true; do
         minimal=1
         shift
         ;;
+    --allow-ping)
+        allow_ping=1
+        shift
+        ;;
     --hold | --sleep)
-        hold=$2
-        if ! { [ "$hold" = 1 ] || [ "$hold" = 2 ]; }; then
-            error_and_exit "Invalid --hold value: $hold."
+        if ! { [ "$2" = 1 ] || [ "$2" = 2 ]; }; then
+            error_and_exit "Invalid $1 value: $2"
         fi
+        hold=$2
         shift 2
         ;;
     --force)
-        force=$2
-        if ! { [ "$force" = bios ] || [ "$force" = efi ]; }; then
-            error_and_exit "Invalid --force value: $force."
+        if ! { [ "$2" = bios ] || [ "$2" = efi ]; }; then
+            error_and_exit "Invalid $1 value: $2"
         fi
+        force=$2
+        shift 2
+        ;;
+    --ssh-port)
+        is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
+        ssh_port=$2
+        shift 2
+        ;;
+    --rdp-port)
+        is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
+        rdp_port=$2
+        shift 2
+        ;;
+    --web-port)
+        is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
+        web_port=$2
+        shift 2
+        ;;
+    --force-old-windows-setup)
+        force_old_windows_setup=$2
         shift 2
         ;;
     --img)