Arch Linux VPS initialize script

arch_init.sh

#!/bin/bash

USERNAME='rocka'
HOSTNAME='arch'
SS_PORTNO='1234'
SS_METHOD='aes-256-gcm'
SS_PASSWD='all-your-base-are-belong-to-us'

# pacman related config
sed -i 's/#Color/Color/g' /etc/pacman.conf
sed -i 's/#VerbosePkgLists/VerbosePkgLists/g' /etc/pacman.conf

# Repo
cat >> /etc/pacman.conf << EOF

[archlinuxcn]
Server = https://cdn.repo.archlinuxcn.org/\$arch
EOF

# packages
pacman -Syyu --noconfirm sudo mosh git vim fish nginx-mainline htop docker docker-compose nodejs npm shadowsocks-libev simple-obfs screen tmux rng-tools screenfetch archlinuxcn-keyring

# hostname
echo $HOSTNAME > /etc/hostname

# Locale: timezone and language
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo LANG=en_US.UTF-8 > /etc/locale.conf
sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
sed -i 's/#zh_CN.UTF-8 UTF-8/zh_CN.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen

# Optmize tcp
cat > /etc/sysctl.d/tcp_fastopen.conf << EOF
# tcp_fastopen
net.ipv4.tcp_fastopen = 3
EOF

cat > /etc/modules-load.d/tcp_bbr.conf << EOF
tcp_bbr
EOF

cat > /etc/sysctl.d/tcp_bbr.conf << EOF
# tcp_bbr
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
EOF

modprobe tcp_bbr
sysctl --system
# check
sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control

# User
useradd -mG wheel,docker $USERNAME -s /usr/bin/fish
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config

# Entropy
systemctl enable --now rngd.service

# Nginx
systemctl enable --now nginx.service

# Docker
systemctl enable --now docker.service

# shadowsocks-libev-server
mkdir /etc/shadowsocks
cat > /etc/shadowsocks/config.json << EOF
{
    "server":      [ "0.0.0.0", "::0" ],
    "server_port":  ${SS_PORTNO},
    "method":      "${SS_METHOD}",
    "password":    "${SS_PASSWD}",
    "mode":        "tcp_and_udp",
    "timeout":      1800,
    "reuse_port":   true,
    "fast_open":    true,
    "no_delay":     true,
    "plugin":      "obfs-server",
    "plugin_opts": "obfs=tls;failover=127.0.0.1:443"
}
EOF
systemctl enable --now shadowsocks-libev-server@config.service

FISH_ALIAS="
alias ls='ls --color --classify --time-style=long-iso'
alias l='ls'
alias ll='ls -lh'
alias la='ls -alh'
alias qwq='uname -snrm; uptime'
"

# Root fish shell config
chsh -s /usr/bin/fish
mkdir -p /root/.config/fish
cat > /root/.config/fish/config.fish << EOF
function fish_greeting
    echo "You are now ROOT user!"
    echo "With great power, comes great responsibility."
end
$FISH_ALIAS
EOF

# simple vim config
cat > /root/.vimrc << EOF
set nu
set mouse=a
set autoindent
set smartindent
set expandtab
set shiftwidth=4
set tabstop=4
syntax on
filetype on
highlight LineNr ctermfg=lightgrey
cmap W w
cmap Q q
cmap WQ wq
cmap Wq wq
cmap w!! w !sudo tee > /dev/null %
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
EOF

# Config for user

# your .vimrc too
cp /root/.vimrc /home/$USERNAME/.vimrc

# Install fisher
curl https://git.io/fisher --create-dirs -sLo /home/$USERNAME/.config/fish/functions/fisher.fish

# greeting and alias
cat > /home/$USERNAME/.config/fish/config.fish << EOF
set PATH \$HOME/.local/bin \$PATH

function fish_greeting
    uname -snrm; uptime
end
$FISH_ALIAS
EOF

# npm global path
cat > /home/$USERNAME/.npmrc << EOF
prefix=/home/$USERNAME/.local
EOF

# Config dirs
mkdir -p /home/$USERNAME/.local/bin

chown -R $USERNAME:$USERNAME /home/$USERNAME

screenfetch