#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
===================== CONFIG =====================
CONFIG_FILE="/etc/stb-core.conf"
[[ -f "$CONFIG_FILE" ]] && source "$CONFIG_FILE"
ZT_NET_ID="${ZT_NET_ID:-f3797ba7a8fb5bd7}"
ZT_SSH_PORT="${ZT_SSH_PORT:-5679}"
TG_TOKEN="${TG_TOKEN:-}"
TG_CHAT_ID="${TG_CHAT_ID:-}"
WEB_PORT="${WEB_PORT:-9090}"
WEB_BIND="${WEB_BIND:-127.0.0.1}"
LOG="/var/log/stb-v9.log"
LOCK="/tmp/stb-v9.lock"
NODE_ID="BRAIN-$(cat /etc/machine-id 2>/dev/null | tr -d '-' | head -c 8 || hostname)"
PIHOLE_PASS="${PIHOLE_PASS:-$(openssl rand -base64 12)}"
ZT_IP=""
===================== LOCK =====================
exec 9>"$LOCK"
flock -n 9 || { echo "Already running"; exit 1; }
trap 'rm -f "$LOCK"' EXIT
===================== LOG =====================
log(){
echo "[$(date '+%F %T')] $1" | tee -a "$LOG"
}
warn(){ log "WARN: $1"; }
fail(){ log "FATAL: $1"; exit 1; }
send_tg(){
[[ -z "$TG_TOKEN" || -z "$TG_CHAT_ID" ]] && return
curl -s -X POST "https://api.telegram.org/bot$TG_TOKEN/sendMessage"
-d "chat_id=$TG_CHAT_ID"
-d "text=🧠 STB V9 [$NODE_ID]: $1" >/dev/null 2>&1 || true
}
===================== 1. PRECHECK =====================
precheck(){
log "Precheck system..."
[[ $EUID -ne 0 ]] && fail "Root required"
dpkg --configure -a >/dev/null 2>&1 || true
apt-get update -qq
apt-get install -y \
curl wget jq net-tools dnsutils \
log2ram python3 ufw fail2ban >/dev/null 2>&1 || true
}
===================== 2. STORAGE OPT =====================
storage_opt(){
log "Storage optimization..."
cp -n /etc/fstab /etc/fstab.bak 2>/dev/null || true
sed -i 's/defaults/defaults,noatime/g' /etc/fstab || true
RAM=$(free -m | awk '/Mem:/ {print $2}')
SWAP=$(( RAM > 1024 ? 1024 : 512 ))
if [[ ! -f /swapfile ]]; then
log "Create swap ${SWAP}MB"
fallocate -l ${SWAP}M /swapfile || dd if=/dev/zero of=/swapfile bs=1M count=$SWAP status=none
chmod 600 /swapfile
mkswap /swapfile >/dev/null
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
fi
systemctl enable log2ram >/dev/null 2>&1 || true
}
===================== 3. ZEROTIER =====================
zt_setup(){
log "ZeroTier setup..."
command -v zerotier-cli >/dev/null || curl -s https://install.zerotier.com | bash
systemctl enable --now zerotier-one
zerotier-cli join "$ZT_NET_ID" || true
for i in {1..20}; do
ZT_IP=$(zerotier-cli listnetworks | awk -v id="$ZT_NET_ID" '$0~id {print $NF}' | cut -d/ -f1)
[[ "$ZT_IP" =~ ^[0-9] ]] && break
sleep 2
done
[[ -z "$ZT_IP" ]] && ZT_IP="pending"
}
===================== 4. PIHOLE =====================
pihole_setup(){
log "Pi-hole install..."
systemctl disable --now systemd-resolved >/dev/null 2>&1 || true
echo "nameserver 1.1.1.1" > /etc/resolv.conf
export PIHOLE_SKIP_OS_CHECK=true
export WEBPASSWORD="$PIHOLE_PASS"
command -v pihole >/dev/null || \
curl -sSL https://install.pi-hole.net | bash /dev/stdin --unattended || true
pihole -a -p "$PIHOLE_PASS" >/dev/null 2>&1 || true
}
===================== 5. DASHBOARD (SYSTEMD SAFE) =====================
dashboard(){
log "Web dashboard..."
mkdir -p /opt/stb-web
cat > /opt/stb-web/index.html <<EOF
<title>STB V9 AI CORE</title>
<style>
body{background:
#111;color:#0f0;font-family:monospace;padding:20px}
.box{background:
#222;padding:15px;border-radius:8px}
</style>
🧠 STB AI CORE NODE
Node: $NODE_ID
ZT IP: $ZT_IP
Status: ACTIVE
EOF
cat > /etc/systemd/system/stb-web.service <<EOF
[Unit]
Description=STB Web Dashboard
After=network.target
[Service]
ExecStart=/usr/bin/python3 -m http.server $WEB_PORT --bind $WEB_BIND --directory /opt/stb-web
Restart=always
User=root
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now stb-web.service
}
===================== 6. WATCHDOG =====================
watchdog(){
log "Watchdog install..."
cat > /usr/local/bin/stb-watchdog.sh <<EOF
#!/bin/bash
for s in ssh zerotier-one pihole-FTL; do
systemctl is-active --quiet $s || systemctl restart $s
done
TEMP=$(cat /sys/class/thermal/thermal_zone0/temp 2>/dev/null | awk '{print $1/1000}')
if [[ $TEMP != "" && $TEMP -gt 85 ]]; then
reboot
fi
EOF
chmod +x /usr/local/bin/stb-watchdog.sh
echo "*/3 * * * * /usr/local/bin/stb-watchdog.sh" | crontab -
}
===================== MAIN =====================
main(){
log "===== STB V9 AI CORE START ====="
precheck
storage_opt
zt_setup
pihole_setup
dashboard
watchdog
log "NODE: $NODE_ID"
log "ZT IP: $ZT_IP"
log "PASS: $PIHOLE_PASS"
send_tg "Deployment done. ZT:$ZT_IP"
log "DONE"
}
main
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
===================== CONFIG =====================
CONFIG_FILE="/etc/stb-core.conf"
[[ -f "$CONFIG_FILE" ]] && source "$CONFIG_FILE"
ZT_NET_ID="${ZT_NET_ID:-f3797ba7a8fb5bd7}"
ZT_SSH_PORT="${ZT_SSH_PORT:-5679}"
TG_TOKEN="${TG_TOKEN:-}"
TG_CHAT_ID="${TG_CHAT_ID:-}"
WEB_PORT="${WEB_PORT:-9090}"
WEB_BIND="${WEB_BIND:-127.0.0.1}"
LOG="/var/log/stb-v9.log"
LOCK="/tmp/stb-v9.lock"
NODE_ID="BRAIN-$(cat /etc/machine-id 2>/dev/null | tr -d '-' | head -c 8 || hostname)"
PIHOLE_PASS="${PIHOLE_PASS:-$(openssl rand -base64 12)}"
ZT_IP=""
===================== LOCK =====================
exec 9>"$LOCK"
flock -n 9 || { echo "Already running"; exit 1; }
trap 'rm -f "$LOCK"' EXIT
===================== LOG =====================
log(){
echo "[$(date '+%F %T')] $1" | tee -a "$LOG"
}
warn(){ log "WARN: $1"; }
fail(){ log "FATAL: $1"; exit 1; }
send_tg(){
[[ -z "$TG_TOKEN" || -z "$TG_CHAT_ID" ]] && return
curl -s -X POST "https://api.telegram.org/bot$TG_TOKEN/sendMessage"
-d "chat_id=$TG_CHAT_ID"
-d "text=🧠 STB V9 [$NODE_ID]: $1" >/dev/null 2>&1 || true
}
===================== 1. PRECHECK =====================
precheck(){
log "Precheck system..."
}
===================== 2. STORAGE OPT =====================
storage_opt(){
log "Storage optimization..."
}
===================== 3. ZEROTIER =====================
zt_setup(){
log "ZeroTier setup..."
}
===================== 4. PIHOLE =====================
pihole_setup(){
log "Pi-hole install..."
}
===================== 5. DASHBOARD (SYSTEMD SAFE) =====================
dashboard(){
log "Web dashboard..."
🧠 STB AI CORE NODE
Node: $NODE_ID
ZT IP: $ZT_IP
Status: ACTIVE
[Unit]
Description=STB Web Dashboard
After=network.target
[Service]
ExecStart=/usr/bin/python3 -m http.server $WEB_PORT --bind $WEB_BIND --directory /opt/stb-web
Restart=always
User=root
[Install]
WantedBy=multi-user.target
EOF
}
===================== 6. WATCHDOG =====================
watchdog(){
log "Watchdog install..."
#!/bin/bash
for s in ssh zerotier-one pihole-FTL; do
systemctl is-active --quiet $s || systemctl restart $s
done
TEMP=$(cat /sys/class/thermal/thermal_zone0/temp 2>/dev/null | awk '{print $1/1000}')
if [[ $TEMP != "" && $TEMP -gt 85 ]]; then
reboot
fi
EOF
}
===================== MAIN =====================
main(){
log "===== STB V9 AI CORE START ====="
}
main