From 8f7aafb024f859c94543beb56860346f29908a30 Mon Sep 17 00:00:00 2001 From: Malcolm Stewart Date: Mon, 29 Dec 2025 15:31:58 -0500 Subject: [PATCH] Initial commit --- devops/deploy_gitea.yaml | 63 ++++++++++++++ devops/gitea_systemd.j2 | 85 +++++++++++++++++++ devops/inventory.yaml | 4 + minecraft_servers/inventory.yaml | 7 ++ .../modded_minecraft_server/tasks/main.yaml | 60 +++++++++++++ .../templates/FabricProxy-Lite.toml.j2 | 1 + .../templates/eula.txt.j2 | 1 + .../templates/server.properties.j2 | 59 +++++++++++++ .../templates/service.j2 | 11 +++ .../templates/start.sh.j2 | 3 + .../setup_minecraft_servers.yaml | 60 +++++++++++++ 11 files changed, 354 insertions(+) create mode 100644 devops/deploy_gitea.yaml create mode 100644 devops/gitea_systemd.j2 create mode 100644 devops/inventory.yaml create mode 100644 minecraft_servers/inventory.yaml create mode 100644 minecraft_servers/modded_minecraft_server/tasks/main.yaml create mode 100644 minecraft_servers/modded_minecraft_server/templates/FabricProxy-Lite.toml.j2 create mode 100644 minecraft_servers/modded_minecraft_server/templates/eula.txt.j2 create mode 100644 minecraft_servers/modded_minecraft_server/templates/server.properties.j2 create mode 100644 minecraft_servers/modded_minecraft_server/templates/service.j2 create mode 100644 minecraft_servers/modded_minecraft_server/templates/start.sh.j2 create mode 100644 minecraft_servers/setup_minecraft_servers.yaml diff --git a/devops/deploy_gitea.yaml b/devops/deploy_gitea.yaml new file mode 100644 index 0000000..6362912 --- /dev/null +++ b/devops/deploy_gitea.yaml @@ -0,0 +1,63 @@ +- name: Setup for Ansible + hosts: devops_servers + tasks: + - name: Install ACL + become: true + ansible.builtin.apt: + name: acl + state: latest +- name: Deploy Gitea + hosts: devops_servers + become: true + become_user: gitea + tasks: + - name: Install Dependencies + become_user: root + ansible.builtin.apt: + name: git + state: latest + - name: Create Directories + become_user: root + ansible.builtin.file: + path: "{{item}}" + state: directory + mode: '755' + owner: gitea + group: gitea + loop: + - "/var/lib/gitea" + - "/var/lib/gitea/custom" + - "/var/lib/gitea/data" + - "/var/lib/gitea/log" + - "/etc/gitea" + - name: Download tarball + ansible.builtin.get_url: + url: https://dl.gitea.com/gitea/1.25.3/gitea-1.25.3-linux-amd64.xz + dest: "/var/gitea/gitea.xz" + - name: Extract Binary + ansible.builtin.command: + argv: + - /usr/bin/xz + - -d + - -f + - "/var/gitea/gitea.xz" + chdir: "/usr/local/bin" + - name: Install Binary + become_user: root + ansible.builtin.copy: + remote_src: true + src: "/var/gitea/gitea" + dest: "/usr/local/bin/gitea" + owner: root + mode: '755' + - name: Install service + become_user: root + ansible.builtin.template: + src: "gitea_systemd.j2" + dest: "/etc/systemd/system/gitea.service" + - name: Start service + become_user: root + ansible.builtin.systemd_service: + name: gitea + state: restarted + enabled: true diff --git a/devops/gitea_systemd.j2 b/devops/gitea_systemd.j2 new file mode 100644 index 0000000..148f7ed --- /dev/null +++ b/devops/gitea_systemd.j2 @@ -0,0 +1,85 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=network.target +### +# Don't forget to add the database service dependencies +### +# +#Wants=mysql.service +#After=mysql.service +# +#Wants=mariadb.service +#After=mariadb.service +# +#Wants=postgresql.service +#After=postgresql.service +# +#Wants=memcached.service +#After=memcached.service +# +#Wants=redis.service +#After=redis.service +# +### +# If using socket activation for main http/s +### +# +#After=gitea.main.socket +#Requires=gitea.main.socket +# +### +# (You can also provide gitea an http fallback and/or ssh socket too) +# +# An example of /etc/systemd/system/gitea.main.socket +### +## +## [Unit] +## Description=Gitea Web Socket +## PartOf=gitea.service +## +## [Socket] +## Service=gitea.service +## ListenStream= +## NoDelay=true +## +## [Install] +## WantedBy=sockets.target +## +### + +[Service] +# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that +# LimitNOFILE=524288:524288 +RestartSec=2s +Type=simple +User=gitea@kanidm.malcolms.xyz +Group=gitea +WorkingDirectory=/var/lib/gitea/ +# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file +# (manually creating /run/gitea doesn't work, because it would not persist across reboots) +#RuntimeDirectory=gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=USER=gitea@kanidm.malcolms.xyz HOME=/home/gitea@kanidm.malcolms.xyz GITEA_WORK_DIR=/var/lib/gitea +# If you install Git to directory prefix other than default PATH (which happens +# for example if you install other versions of Git side-to-side with +# distribution version), uncomment below line and add that prefix to PATH +# Don't forget to place git-lfs binary on the PATH below if you want to enable +# Git LFS support +#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin +# If you want to bind Gitea to a port below 1024, uncomment +# the two values below, or use socket activation to pass Gitea its ports as above +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE +### +# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to +# set the following value to false to allow capabilities to be applied on gitea process. The following +# value if set to true sandboxes gitea service and prevent any processes from running with privileges +# in the host user namespace. +### +#PrivateUsers=false +### + +[Install] +WantedBy=multi-user.target diff --git a/devops/inventory.yaml b/devops/inventory.yaml new file mode 100644 index 0000000..b4e73d6 --- /dev/null +++ b/devops/inventory.yaml @@ -0,0 +1,4 @@ +devops_servers: + hosts: + devops_1: + ansible_host: devops-1.malcolms.xyz diff --git a/minecraft_servers/inventory.yaml b/minecraft_servers/inventory.yaml new file mode 100644 index 0000000..50584f3 --- /dev/null +++ b/minecraft_servers/inventory.yaml @@ -0,0 +1,7 @@ +minecraft_servers: + hosts: + minecraft-3: + ansible_host: minecraft-3.malcolms.xyz + minecraft-5: + ansible_host: minecraft-5.malcolms.xyz + diff --git a/minecraft_servers/modded_minecraft_server/tasks/main.yaml b/minecraft_servers/modded_minecraft_server/tasks/main.yaml new file mode 100644 index 0000000..9c96638 --- /dev/null +++ b/minecraft_servers/modded_minecraft_server/tasks/main.yaml @@ -0,0 +1,60 @@ + +- name: Setup directory + become: true + become_user: root + ansible.builtin.file: + path: "/var/minecraft/{{mc_instance}}" + state: directory + owner: minecraft + group: ansible +- name: Setup cfg file + ansible.builtin.template: + owner: minecraft + src: server.properties.j2 + dest: "/var/minecraft/{{mc_instance}}/server.properties" +- name: Download JAR + ansible.builtin.get_url: + url: https://meta.fabricmc.net/v2/versions/loader/1.21.11/0.18.4/1.1.0/server/jar + dest: "/var/minecraft/{{mc_instance}}/server.jar" +- name: Set EULA + ansible.builtin.template: + owner: minecraft + src: eula.txt.j2 + dest: "/var/minecraft/{{mc_instance}}/eula.txt" +- name: Install service file + become_user: root + ansible.builtin.template: + src: service.j2 + dest: "/etc/systemd/system/minecraft-{{mc_instance}}.service" +- name: Install start script + ansible.builtin.template: + owner: minecraft + src: start.sh.j2 + dest: "/var/minecraft/{{mc_instance}}/start.sh" + mode: '550' +- name: Create mods directory + ansible.builtin.file: + path: "/var/minecraft/{{mc_instance}}/mods" + state: directory +- name: Create config directory + ansible.builtin.file: + path: "/var/minecraft/{{mc_instance}}/config" + state: directory +- name: Install mods + ansible.builtin.get_url: + url: "{{item.url}}" + dest: "/var/minecraft/{{mc_instance}}/mods/{{item.dest}}" + loop: "{{mods}}" +- name: Install FabricProxy Config + ansible.builtin.template: + owner: minecraft + src: FabricProxy-Lite.toml.j2 + dest: "/var/minecraft/{{mc_instance}}/config/FabricProxy-Lite.toml" +- name: Start service + become_user: root + ansible.builtin.systemd_service: + name: "minecraft-{{mc_instance}}" + enabled: true + state: started + + diff --git a/minecraft_servers/modded_minecraft_server/templates/FabricProxy-Lite.toml.j2 b/minecraft_servers/modded_minecraft_server/templates/FabricProxy-Lite.toml.j2 new file mode 100644 index 0000000..ff596b4 --- /dev/null +++ b/minecraft_servers/modded_minecraft_server/templates/FabricProxy-Lite.toml.j2 @@ -0,0 +1 @@ +secret = "{{proxy_secret}}" diff --git a/minecraft_servers/modded_minecraft_server/templates/eula.txt.j2 b/minecraft_servers/modded_minecraft_server/templates/eula.txt.j2 new file mode 100644 index 0000000..02dccd9 --- /dev/null +++ b/minecraft_servers/modded_minecraft_server/templates/eula.txt.j2 @@ -0,0 +1 @@ +eula=true diff --git a/minecraft_servers/modded_minecraft_server/templates/server.properties.j2 b/minecraft_servers/modded_minecraft_server/templates/server.properties.j2 new file mode 100644 index 0000000..d9771fd --- /dev/null +++ b/minecraft_servers/modded_minecraft_server/templates/server.properties.j2 @@ -0,0 +1,59 @@ +#Minecraft server properties +#(File modification date and time) +enable-jmx-monitoring=false +rcon.port={{rcon_port}} +level-seed= +gamemode=survival +enable-command-block=false +enable-query=false +generator-settings={} +enforce-secure-profile=true +level-name=world +motd={{motd}} +query.port=25565 +pvp=true +generate-structures=true +max-chained-neighbor-updates=1000000 +difficulty=easy +network-compression-threshold=256 +max-tick-time=60000 +require-resource-pack=false +use-native-transport=true +max-players=20 +online-mode=true +enable-status=true +allow-flight=false +initial-disabled-packs= +broadcast-rcon-to-ops=true +view-distance=10 +server-ip= +resource-pack-prompt= +allow-nether=true +server-port={{server_port}} +enable-rcon={{rcon_enable}} +sync-chunk-writes=true +op-permission-level=4 +prevent-proxy-connections=false +hide-online-players=false +resource-pack= +entity-broadcast-range-percentage=100 +simulation-distance=10 +rcon.password={{rcon_password}} +player-idle-timeout=0 +force-gamemode=false +rate-limit=0 +hardcore=false +white-list={{mc_whitelist}} +broadcast-console-to-ops=true +spawn-npcs=true +spawn-animals=true +log-ips=true +function-permission-level=2 +initial-enabled-packs=vanilla +level-type=minecraft\:normal +text-filtering-config= +spawn-monsters=true +enforce-whitelist=false +spawn-protection=16 +resource-pack-sha1= +max-world-size=29999984 diff --git a/minecraft_servers/modded_minecraft_server/templates/service.j2 b/minecraft_servers/modded_minecraft_server/templates/service.j2 new file mode 100644 index 0000000..8d3259f --- /dev/null +++ b/minecraft_servers/modded_minecraft_server/templates/service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description= Minecraft server instance {{mc_instance}} +Requires=network.target + +[Service] +ExecStart=/var/minecraft/{{mc_instance}}/start.sh +User=minecraft +Group=minecraft + +[Install] +WantedBy=default.target diff --git a/minecraft_servers/modded_minecraft_server/templates/start.sh.j2 b/minecraft_servers/modded_minecraft_server/templates/start.sh.j2 new file mode 100644 index 0000000..df4e973 --- /dev/null +++ b/minecraft_servers/modded_minecraft_server/templates/start.sh.j2 @@ -0,0 +1,3 @@ +#!/bin/bash +cd /var/minecraft/{{mc_instance}} +java -Xmx{{max_memory}}M -Xms{{small_memory}}M -jar server.jar -nogui diff --git a/minecraft_servers/setup_minecraft_servers.yaml b/minecraft_servers/setup_minecraft_servers.yaml new file mode 100644 index 0000000..72d7909 --- /dev/null +++ b/minecraft_servers/setup_minecraft_servers.yaml @@ -0,0 +1,60 @@ +- name: Minecraft pre setup + hosts: minecraft_servers + tasks: + - name: Install Package + become: true + ansible.builtin.apt: + name: openjdk-25-jre-headless + state: latest + - name: Install Package + become: true + ansible.builtin.apt: + name: acl + state: latest +- name: Minecraft Config Seeding + hosts: minecraft-3 + become: true + become_user: minecraft + vars: + server_port: 25565 + rcon_port: 25575 + rcon_enable: true + mc_whitelist: false + motd: Test Server + rcon_password: "" + mc_instance: "destiny" + max_memory: 2600 + small_memory: 1300 + mods: + - url: https://cdn.modrinth.com/data/8dI2tmqs/versions/nR8AIdvx/FabricProxy-Lite-2.11.0.jar + dest: "fabricProxy.jar" + - url: https://cdn.modrinth.com/data/gvQqBUqZ/versions/gl30uZvp/lithium-fabric-0.21.2%2Bmc1.21.11.jar + dest: "lithium.jar" + - url: https://cdn.modrinth.com/data/P7dR8mSH/versions/gB6TkYEJ/fabric-api-0.140.2%2B1.21.11.jar + dest: "fabric-api.jar" + proxy_secret: "AVXMVzev80E6" + roles: + - modded_minecraft_server +- name: Minecraft 5 Deploy + hosts: minecraft-5 + become: true + become_user: minecraft + vars: + server_port: 25565 + rcon_port: 25575 + rcon_enable: true + mc_whitelist: false + motd: "Test Server 5" + rcon_password: "" + mc_instance: "test-5" + max_memory: 2600 + small_memory: 1300 + mods: + - url: https://cdn.modrinth.com/data/gvQqBUqZ/versions/gl30uZvp/lithium-fabric-0.21.2%2Bmc1.21.11.jar + dest: "lithium.jar" + - url: https://cdn.modrinth.com/data/P7dR8mSH/versions/gB6TkYEJ/fabric-api-0.140.2%2B1.21.11.jar + dest: "fabric-api.jar" + proxy_secret: "AVXMVzev80E6" + roles: + - modded_minecraft_server +