/arch_init.sh
Last active Dec 3, 2018
Arch Linux VPS initialize script
| #!/bin/bash | |
| USERNAME='rocka' | |
| HOSTNAME='arch' | |
| SS_PORTNO='1234' | |
| SS_METHOD='aes-256-gcm' | |
| SS_PASSWD='all-your-base-are-belong-to-us' | |
| # pacman related config | |
| sed -i 's/#Color/Color/g' /etc/pacman.conf | |
| sed -i 's/#VerbosePkgLists/VerbosePkgLists/g' /etc/pacman.conf | |
| # Repo | |
| cat >> /etc/pacman.conf << EOF | |
| [archlinuxcn] | |
| Server = https://cdn.repo.archlinuxcn.org/\$arch | |
| EOF | |
| # Kernel and packages; I prefer lts kernel | |
| pacman -Syyu --noconfirm linux-lts sudo mosh git vim fish nginx-mainline htop docker docker-compose nodejs npm shadowsocks-libev simple-obfs screen tmux rng-tools screenfetch archlinuxcn-keyring | |
| pacman -Rs linux --noconfirm | |
| grub-mkconfig -o /boot/grub/grub.cfg | |
| # hostname | |
| echo $HOSTNAME > /etc/hostname | |
| # Locale: timezone and language | |
| ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime | |
| echo LANG=en_US.UTF-8 > /etc/locale.conf | |
| sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen | |
| sed -i 's/#zh_CN.UTF-8 UTF-8/zh_CN.UTF-8 UTF-8/g' /etc/locale.gen | |
| locale-gen | |
| # Optmize tcp | |
| cat > /etc/sysctl.d/tcp_fastopen.conf << EOF | |
| # tcp_fastopen | |
| net.ipv4.tcp_fastopen = 3 | |
| EOF | |
| cat > /etc/modules-load.d/tcp_bbr.conf << EOF | |
| tcp_bbr | |
| EOF | |
| cat > /etc/sysctl.d/tcp_bbr.conf << EOF | |
| # tcp_bbr | |
| net.core.default_qdisc = fq | |
| net.ipv4.tcp_congestion_control = bbr | |
| EOF | |
| modprobe tcp_bbr | |
| sysctl --system | |
| # check | |
| sysctl net.ipv4.tcp_available_congestion_control | |
| sysctl net.ipv4.tcp_congestion_control | |
| # User | |
| useradd -mG wheel,docker $USERNAME -s /usr/bin/fish | |
| echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel | |
| sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config | |
| # Entropy | |
| systemctl enable --now rngd.service | |
| # Nginx | |
| systemctl enable --now nginx.service | |
| # Docker | |
| systemctl enable --now docker.service | |
| # shadowsocks-libev-server | |
| mkdir /etc/shadowsocks | |
| cat > /etc/shadowsocks/config.json << EOF | |
| { | |
| "server": [ "0.0.0.0", "::0" ], | |
| "server_port": ${SS_PORTNO}, | |
| "method": "${SS_METHOD}", | |
| "password": "${SS_PASSWD}", | |
| "mode": "tcp_and_udp", | |
| "timeout": 1800, | |
| "reuse_port": true, | |
| "fast_open": true, | |
| "no_delay": true, | |
| "plugin": "obfs-server", | |
| "plugin_opts": "obfs=tls;failover=127.0.0.1:443" | |
| } | |
| EOF | |
| systemctl enable --now shadowsocks-libev-server@config.service | |
| # Root fish shell config | |
| chsh -s /usr/bin/fish | |
| mkdir -p /root/.config/fish | |
| cat > /root/.config/fish/config.fish << EOF | |
| function fish_greeting | |
| echo "You are now ROOT user!" | |
| echo "With great power, comes great responsibility." | |
| end | |
| alias l="ls" | |
| alias ll="ls -lh" | |
| alias la="ls -Alh" | |
| alias qwq="uname -snrm; uptime" | |
| EOF | |
| # Config for user | |
| # Install fisher | |
| curl https://git.io/fisher --create-dirs -sLo /home/$USERNAME/.config/fish/functions/fisher.fish | |
| # greeting and alias | |
| cat > /home/$USERNAME/.config/fish/config.fish << EOF | |
| set PATH \$HOME/.local/bin \$PATH | |
| function fish_greeting | |
| uname -snrm; uptime | |
| end | |
| alias l="ls" | |
| alias ll="ls -lh" | |
| alias la="ls -Alh" | |
| alias qwq="uname -snrm; uptime" | |
| EOF | |
| # npm global path | |
| cat > /home/$USERNAME/.npmrc << EOF | |
| prefix=/home/$USERNAME/.local | |
| EOF | |
| # Config dirs | |
| mkdir -p /home/$USERNAME/.local/bin | |
| chown -R $USERNAME:$USERNAME /home/$USERNAME | |
| screenfetch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment