Skip to content

Instantly share code, notes, and snippets.

@rocka

rocka/arch_init.sh

Last active October 4, 2022 08:06
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Arch Linux VPS initialize script
Raw
arch_init.sh
#!/bin/bash
USERNAME='rocka'
HOSTNAME='arch'
SS_PORTNO='1234'
SS_METHOD='aes-256-gcm'
SS_PASSWD='all-your-base-are-belong-to-us'
# pacman related config
sed -i 's/#Color/Color/g' /etc/pacman.conf
sed -i 's/#VerbosePkgLists/VerbosePkgLists/g' /etc/pacman.conf
# Repo
cat >> /etc/pacman.conf << EOF
[archlinuxcn]
Server = https://cdn.repo.archlinuxcn.org/\$arch
EOF
# packages
pacman -Syyu --noconfirm sudo inetutils mosh git vim fish nginx-mainline htop pacman-contrib pacutils docker docker-compose nodejs npm shadowsocks-libev simple-obfs shadowsocks-v2ray-plugin tmux rng-tools archlinuxcn-keyring
# hostname
echo $HOSTNAME > /etc/hostname
# Locale: timezone and language
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo LANG=en_US.UTF-8 > /etc/locale.conf
sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
sed -i 's/#zh_CN.UTF-8 UTF-8/zh_CN.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen
# Optmize tcp
cat > /etc/sysctl.d/tcp_fastopen.conf << EOF
# tcp_fastopen
net.ipv4.tcp_fastopen = 3
EOF
cat > /etc/modules-load.d/tcp_bbr.conf << EOF
tcp_bbr
EOF
cat > /etc/sysctl.d/tcp_bbr.conf << EOF
# tcp_bbr
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
EOF
modprobe tcp_bbr
sysctl --system
# check
sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control
# User
useradd -mG wheel,docker $USERNAME -s /usr/bin/fish
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
# Entropy
systemctl enable --now rngd.service
# Nginx
systemctl enable --now nginx.service
# Docker
systemctl enable --now docker.service
# shadowsocks-libev-server
mkdir /etc/shadowsocks
cat > /etc/shadowsocks/config.json << EOF
{
"server": [ "0.0.0.0", "::0" ],
"server_port": ${SS_PORTNO},
"method": "${SS_METHOD}",
"password": "${SS_PASSWD}",
"mode": "tcp_and_udp",
"timeout": 1800,
"reuse_port": true,
"fast_open": true,
"no_delay": true,
"plugin": "obfs-server",
"plugin_opts": "obfs=tls;failover=127.0.0.1:443"
}
EOF
systemctl enable --now shadowsocks-libev-server@config.service
FISH_ALIAS="
alias ls='ls --color --classify --time-style=long-iso'
alias l='ls'
alias ll='ls -lh'
alias la='ls -alh'
alias qwq='uname -snrm; uptime'
"
# Root fish shell config
chsh -s /usr/bin/fish
mkdir -p /root/.config/fish
cat > /root/.config/fish/config.fish << EOF
function fish_greeting
echo "You are now ROOT user!"
echo "With great power, comes great responsibility."
end
$FISH_ALIAS
EOF
# simple vim config
cat > /root/.vimrc << EOF
unlet! skip_defaults_vim
source $VIMRUNTIME/defaults.vim
set nu
highlight LineNr ctermfg=lightgrey
set autoindent
set smartindent
set expandtab
set shiftwidth=4
set tabstop=4
set laststatus=2
set showtabline=2
EOF
# Config for user
# your .vimrc too
cp /root/.vimrc /home/$USERNAME/.vimrc
# Install fisher
curl https://git.io/fisher --create-dirs -sLo /home/$USERNAME/.config/fish/functions/fisher.fish
# greeting and alias
cat > /home/$USERNAME/.config/fish/config.fish << EOF
set PATH \$HOME/.local/bin \$PATH
function fish_greeting
uname -snrm; uptime
end
$FISH_ALIAS
EOF
# npm global path
cat > /home/$USERNAME/.npmrc << EOF
prefix=/home/$USERNAME/.local
EOF
# Config dirs
mkdir -p /home/$USERNAME/.local/bin
chown -R $USERNAME:$USERNAME /home/$USERNAME
echo "
Almost done! You may also want to:
- change password for user $USERNAME
- install some AUR helper
- instal package group 'base-devel' or 'meta-group-base-devel' on AUR
"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment