Instantly share code, notes, and snippets.

Embed
What would you like to do?
Arch Linux VPS initialize script
#!/bin/bash
USERNAME='rocka'
HOSTNAME='arch'
SS_PORTNO='1234'
SS_METHOD='aes-256-gcm'
SS_PASSWD='all-your-base-are-belong-to-us'
# pacman related config
sed -i 's/#Color/Color/g' /etc/pacman.conf
sed -i 's/#VerbosePkgLists/VerbosePkgLists/g' /etc/pacman.conf
# Repo
cat >> /etc/pacman.conf << EOF
[archlinuxcn]
Server = https://cdn.repo.archlinuxcn.org/\$arch
EOF
# Kernel and packages; I prefer lts kernel
pacman -Syyu --noconfirm linux-lts sudo mosh git vim fish nginx-mainline htop docker docker-compose nodejs npm shadowsocks-libev simple-obfs screen tmux rng-tools screenfetch archlinuxcn-keyring
pacman -Rs linux --noconfirm
grub-mkconfig -o /boot/grub/grub.cfg
# hostname
echo $HOSTNAME > /etc/hostname
# Locale: timezone and language
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo LANG=en_US.UTF-8 > /etc/locale.conf
sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
sed -i 's/#zh_CN.UTF-8 UTF-8/zh_CN.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen
# Optmize tcp
cat > /etc/sysctl.d/tcp_fastopen.conf << EOF
# tcp_fastopen
net.ipv4.tcp_fastopen = 3
EOF
cat > /etc/modules-load.d/tcp_bbr.conf << EOF
tcp_bbr
EOF
cat > /etc/sysctl.d/tcp_bbr.conf << EOF
# tcp_bbr
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
EOF
modprobe tcp_bbr
sysctl --system
# check
sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control
# User
useradd -mG wheel,docker $USERNAME -s /usr/bin/fish
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
# Entropy
systemctl enable --now rngd.service
# Nginx
systemctl enable --now nginx.service
# Docker
systemctl enable --now docker.service
# shadowsocks-libev-server
mkdir /etc/shadowsocks
cat > /etc/shadowsocks/config.json << EOF
{
"server": [ "0.0.0.0", "::0" ],
"server_port": ${SS_PORTNO},
"method": "${SS_METHOD}",
"password": "${SS_PASSWD}",
"mode": "tcp_and_udp",
"timeout": 1800,
"reuse_port": true,
"fast_open": true,
"no_delay": true,
"plugin": "obfs-server",
"plugin_opts": "obfs=tls;failover=127.0.0.1:443"
}
EOF
systemctl enable --now shadowsocks-libev-server@config.service
# Root fish shell config
chsh -s /usr/bin/fish
mkdir -p /root/.config/fish
cat > /root/.config/fish/config.fish << EOF
function fish_greeting
echo "You are now ROOT user!"
echo "With great power, comes great responsibility."
end
alias l="ls"
alias ll="ls -lh"
alias la="ls -Alh"
alias qwq="uname -snrm; uptime"
EOF
# Config for user
# Install fisher
curl https://git.io/fisher --create-dirs -sLo /home/$USERNAME/.config/fish/functions/fisher.fish
# greeting and alias
cat > /home/$USERNAME/.config/fish/config.fish << EOF
set PATH \$HOME/.local/bin \$PATH
function fish_greeting
uname -snrm; uptime
end
alias l="ls"
alias ll="ls -lh"
alias la="ls -Alh"
alias qwq="uname -snrm; uptime"
EOF
# npm global path
cat > /home/$USERNAME/.npmrc << EOF
prefix=/home/$USERNAME/.local
EOF
# Config dirs
mkdir -p /home/$USERNAME/.local/bin
chown -R $USERNAME:$USERNAME /home/$USERNAME
screenfetch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment