1. Linux
以下是一些日常开发运维中常用的 Linux 指令和配置方法,适用于 Debian 12 系统,部分也适用于其他 Linux 发行版
alias 和 function
Linux 常用 alias 和 function,可以添加到 ~/.bashrc 或 ~/.zshrc 中:
### ====== SAFETY LAYER ======
# Prevent accidental deletion of system directories
safe_rm() {
local danger_paths=(
"/" "/bin" "/boot" "/dev" "/etc" "/lib" "/lib64" "/proc"
"/root" "/sbin" "/sys" "/usr" "/var"
)
for p in "${danger_paths[@]}"; do
case "$PWD" in
$p|$p/*)
echo "Refusing to run rm in protected path: $p" >&2
return 1
;;
esac
done
command rm -i "$@"
}
alias rm='safe_rm'
# Protect against accidental overwrite with >
set -o noclobber # disable overwrite redirection; use >| to force
# Disable direct use of risky system commands
alias reboot='echo "Use systemctl reboot instead."'
alias shutdown='echo "Use systemctl poweroff instead."'
alias mkfs='echo "Direct mkfs disabled. Run manually if you are absolutely sure."'
alias dd='echo "dd disabled by alias. Use full path /bin/dd explicitly if necessary."'
### ====== SAFE INTERACTIVE DEFAULTS ======
alias cp='cp -i'
alias mv='mv -i'
# Optional: safer delete if trash-cli is installed
if command -v trash-put >/dev/null 2>&1; then
alias del='trash-put'
alias undel='trash-restore'
else
alias del='rm -i'
fi
### ====== QUALITY OF LIFE SHORTCUTS ======
alias ..='cd ..'
alias ...='cd ../..'
alias h='cd ~'
alias df='df -h'
alias du='du -h --max-depth=1'
alias mem='free -h'
alias ports='ss -tuln'
# Git shortcuts
alias gs='git status'
alias ga='git add .'
alias gc='git commit -m'
alias gp='git push'
alias gl='git pull'
# Docker shortcuts
alias dps='docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"'
alias dclean='docker system prune -f'
# Automatically list directory contents when changing dirs
chpwd() { ls --color=auto; }
### ====== PROMPT ENHANCEMENT ======
# Different prompt color for root and normal users
autoload -U colors && colors
if [[ $EUID -eq 0 ]]; then
PS1="%{$fg[red]%}%n@%m:%~ %#%{$reset_color%} "
else
PS1="%{$fg[green]%}%n@%m:%~ %#%{$reset_color%} "
fi
也可以新建 ~/.zshrc_safeguard 文件,内容同上,然后在 ~/.zshrc 中添加:
...
# Load safety and helper aliases
[ -f ~/.zsh_safeguard ] && source ~/.zsh_safeguard
1.1. Debian 12
Debian 12 是一个稳定的 Linux 发行版,适合服务器和桌面使用,以下操作默认 root 用户,酌情自行加 sudo
更改为科大源:
tee /etc/apt/sources.list <<EOF
deb https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
deb https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
deb https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
deb https://mirrors.ustc.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
EOF
安装常用软件:
apt update && apt install -y vim wget git curl htop gcc make openssl p7zip-full unzip screen net-tools build-essential
apt install -y btop supervisor proxychains iproute2 passwd iperf pipx
安装 oh-my-zsh:
apt install -y zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
更换 zsh 主题为 risto:
sed -i 's/ZSH_THEME="robbyrussell"/ZSH_THEME="risto"/' ~/.zshrc
exec zsh
时区更换到上海:
timedatectl set-timezone Asia/Shanghai
netplan 配置(静态 ip):
network:
ethernets:
enp1s0:
dhcp4: no
dhcp6: no
addresses: [192.168.10.11/24]
nameservers:
addresses:
- 192.168.10.12
routes:
- to: default
via: 192.168.10.12
on-link: true
添加 SSH 公钥到 authorized_keys 文件中:
mkdir -m 700 ~/.ssh
touch ~/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ57GU6Y5oNGHQYIKbn2XhosgqMBhW67FygKT3i/B10cagNM9msxJ8IIPMw6q2PcXtjwAgw8WqezCucHblkMxmygsnPbJBiV8s0tUg3Wld0VW1m0W0dQ98y7c0QNZ/4L5EtklqYMpSlOZ/w+GW+BXOTg7fNhIWsMVUyUjd726goA3REpcrLsrb0AzVYSzcnCyGdoD81FrQk9b4ud49eN6VnDafac372D+bb+3h7LYrA4gZjLXeDDUxp7OfQuTpZlbUsYc6YmJq8n/a0OOB1SRDxKVZ4ft9a5NBdWWEgsjxCb1zCVLoTsNl/MpF5nm4L17NlgFGtnyw92KuK1wlKhkV/t4sQskp0F/3N8Cz7ea8vFHJIgjibivCyxsB4CCrOLOVxrrwTYEgu1YvpWox1p160lvnkIivyMfNdz+NuEx7f5/6euD0HW0B0SO6K0iH0yGhGNX1N9MctbabPOhWaV8+RpsVROZNW41JWcrxGamelG00Jc3MfHobCNSje4j/ZmEwg5DsksX5gwq60Jx5Jzvf7caOSzqes4mWa3ggjMpwyVratga9uE4u38rKFsSg6YkYXuIiV37uxjFEHi74F95DI1Dh8kkUHDiuIMrkFlHJlQk4K3zlI14mgyQAzshIyYbISq+Rp4RiQAdpXf6wPl5kpdRFl8pQRJAjuk4iCIlA9w==" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
常用 alias / function:
vim() {
[[ -f "$1" ]] && cp "$1" ".$1"
command vim "$@"
}
1.2. python
全局修改为清华源:
echo -e "[global]\nindex-url = https://mirrors.ustc.edu.cn/pypi/simple" > /etc/pip.conf
uv 包管理器安装:
curl -LsSf https://astral.sh/uv/install.sh | sh
wget -qO- https://astral.sh/uv/install.sh | sh
1.3. supervisor
Supervisor 是一个进程管理工具,可以用来启动、停止和监控进程,它可以确保进程在崩溃后自动重启,并提供日志记录功能
参考:
[program:syncmemo]
directory=/opt/syncmemo
command=/opt/syncmemo/venv/bin/gunicorn --bind=127.0.0.1:28083 flaskr:app
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stdout_logfile_maxbytes=16MB
stdout_logfile_backups=2
redirect_stderr=true
# environment=PATH="/opt/syncmemo/venv/bin:%(ENV_PATH)s"
# environment=CONFIG="/opt/syncmemo/config.yaml"
user=app
创建一个无法登录的系统用户如 app 来运行应用程序,这是一种安全最佳实践:
useradd --system --no-create-home --shell /usr/sbin/nologin app
1.4. systemd
systemd 是 Linux 系统中用于启动和管理系统服务的工具,它提供了一种统一的方式来管理系统服务、挂载点、设备等,以运行服务 Gost 为例
先设置好日志格式,编辑 /etc/systemd/journald.conf 文件,确保以下配置(可选):
[Journal]
# 存储方式:持久化还是只在内存
Storage=persistent
# 压缩日志(节省空间)
Compress=yes
# 拆分模式(让每个用户或系统日志分开)
SplitMode=uid
# 限制日志量 &保留空间
SystemMaxUse=1G
SystemKeepFree=500M
# 限制单个日志文件最大值
SystemMaxFileSize=100M
# 限制旧日志最多保留多少时间(可选)
MaxRetentionSec=1month
# 转发设置(如果你还用传统 syslog)
ForwardToSyslog=yes
重启 systemd-journald 服务使配置生效:
systemctl restart systemd-journald
创建一个 systemd 服务文件 /etc/systemd/system/frpc.service,内容如下:
[Unit]
Description=Frpc Service
After=network.target
[Service]
Type=simple
User=frp
WorkingDirectory=/opt/frp
ExecStart=/opt/frp/frpc -C /opt/frp/config.yaml
Restart=on-failure
RestartSec=3s
LimitNOFILE=65535
LimitNPROC=65535
MemoryMax=1G
CPUAccounting=true
CPUQuota=90%
StandardOutput=journal
StandardError=journal
ProtectSystem=full
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
NoNewPrivileges=yes
PrivateTmp=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
[Install]
WantedBy=multi-user.target
启用并启动服务:
systemctl daemon-reload
systemctl enable --now gost
2. 第三方服务
2.1. 下载加速
URL:https://agent.chancel.me
此服务用于解决国内网络无法顺利连接到 github.com/www.debian.org 等网络状况不佳的网站
目前服务支持加速域名(包含其所有子域名):
- proxy.golang.org
- .*.debian.org
- github.com
- .*.github.com
- python.org
- .*.python.org
- githubusercontent.com
- .*.githubusercontent.com
- secure.gravatar.com
- objects.githubusercontent.com
- downloads.openwrt.org
使用方法:将原域名作为路径,域名替换为 agent.chancel.me 进行,例如:
- 源连接:
https://raw.githubusercontent.com/aristocratos/btop/main/CMakeLists.txt - 更改后的链接:
https://agent.chancel.me/raw.githubusercontent.com/aristocratos/btop/main/CMakeLists.txt
2.2. PlantUML
URL:https://plantuml.chancel.me
2.3. 本地文件/数据存取
https://api.chancel.me/api/file/<key>
上传文件采用 POST,下载文件采用 GET,示例:
# 上传文件
curl -X POST -F "file=@/path/to/myfile.txt" https://api.chancel.me/api/file/myfile
# 成功返回
{
"success": true,
"message": "文件已存储",
"data": {
"key": "myfile",
"file_info": {
"filename": "myfile.txt",
"mimetype": "application/octet-stream",
"size": 5147,
"original_size": 5147,
"compressed": true,
"compressed_size": 742,
"compression_ratio": "14.42%"
}
}
}
# 下载文件
curl -O -J https://api.chancel.me/api/file/myfile
2.4. IP查询
URL:https://api.chancel.me/api/ip
GET 请求返回调用者 IP
# 请求
curl https://api.chancel.me/api/ip
# 返回
{
"status": 1,
"msg": "Query success",
"data": {
"ip": "8.8.8.8"
},
"version":"V1.0.0"
}
3. AI
3.1. 聊天 Prompt
提示词工程优化师
You are a senior prompt engineer. Your task is to:
1. Receive the descriptive content provided by me;
2. Transform the description into concise, professional, and efficient English AI prompts;
3. Optimize according to prompt engineering best practices, including:
- Clearly defining goals and instructions;
- Using clear logical structure and step-by-step instructions;
- Adding necessary context to ensure relevance and operability;
- Providing examples when needed to guide output quality;
4. Only return the final optimized prompt without additional explanations.
编程快问快答
You are a **senior software engineer** assisting another engineer.
1. Receive my technical questions.
2. Answer with only the **most concise and essential content** — no unnecessary explanations.
3. Ensure correctness and reliability, basing answers only on **official documentation or trusted authoritative sources**.
4. At the end of each answer, provide a **source/reference link**.
Keep responses **minimal, precise, verified**.
学习助手
You are my **tutor for absolute beginners**. We will follow a structured Q&A learning process:
### Conversation Flow
1. **I ask a question** about something I want to understand.
2. **You analyze prerequisites** I need to learn in order to grasp the question, then ask me a series of simple, specific questions to check my current knowledge.
3. Based on my answers, you:
- Explain only the necessary foundational concepts I’m missing.
- Answer my original question at a level I can understand.
- Ask me **clear, concrete review questions** to confirm comprehension.
- If I fully understand, end the dialogue. If not, repeat step 3.
### Requirements
- Assume I have **zero prior knowledge**.
- Use **simple, accessible language**, avoiding jargon unless explained.
- Always build explanations step by step, checking my understanding as we go.
- Keep questions precise and easy to respond to.
3.2. 项目 Prompt
Python Flask 项目
这是一个基于 **Python 3.12 + Flask + DaisyUI/TailwindCSS** 的个人项目,使用 `uv` 包管理器,作为记录个人数据的 Web 应用(已实现登录验证、个人阅读/电影/游戏记录,数据来源豆瓣 API)。
请你作为资深软件工程师,在理解现有代码和架构的基础上协助优化和扩展,遵循以下规则:
## 整体要求
- 遵循 **Flask 最佳实践**:使用 Blueprints、模板继承、合理组织静态文件。
- 遵循 **DaisyUI/TailwindCSS 最佳实践**:布局简洁统一,兼容 light/dark 主题,响应式设计。
- 保持项目 **风格和代码规范一致**,避免引入破坏一致性的写法。
## 实现方式
- 前端:优先使用 DaisyUI 现成组件 (`btn`, `badge`, `navbar`, `menu`, `drawer`),尽量复用已有样式,不重复定义。
- 风格:全站配色、排版、按钮/标签保持一致。
- 后端:代码清晰、结构化,避免冗余。新增功能保持统一的日志输出与配置管理。
- 保证扩展性和可维护性:新增代码与现有目录/文件结构匹配。
## 代码规范
- 命名符合现有习惯,代码简洁。
- 按已有结构拆分(例如 `/flaskr/utils.py`, `/flaskr/config.py`, `config/*.yaml`)。
- 避免“盲目堆砌 UI”,修改要有合理设计思路。
## 输出要求
- **只输出代码和简要修改说明**,不写冗余的长文档。
- 所有代码必须与现有风格保持一致。
- 优化/新增内容需兼顾 **美观 + 可用性 + 可维护性**。
请你实现:
1. ...
2. ...
修改代码可优先参考:
* ...
* ...