Initial commit

2025-12-29 15:31:58 -05:00
commit 8f7aafb024
11 changed files with 354 additions and 0 deletions
--- a/devops/deploy_gitea.yaml
+++ b/devops/deploy_gitea.yaml
@@ -0,0 +1,63 @@
+- name: Setup for Ansible
+  hosts: devops_servers
+  tasks:
+    - name: Install ACL
+      become: true
+      ansible.builtin.apt:
+        name: acl
+        state: latest
+- name: Deploy Gitea
+  hosts: devops_servers
+  become: true
+  become_user: gitea
+  tasks:
+    - name: Install Dependencies
+      become_user: root
+      ansible.builtin.apt:
+        name: git
+        state: latest
+    - name: Create Directories
+      become_user: root
+      ansible.builtin.file:
+        path: "{{item}}"
+        state: directory
+        mode: '755'
+        owner: gitea
+        group: gitea
+      loop:
+        - "/var/lib/gitea"
+        - "/var/lib/gitea/custom"
+        - "/var/lib/gitea/data"
+        - "/var/lib/gitea/log"
+        - "/etc/gitea"
+    - name: Download tarball
+      ansible.builtin.get_url:
+        url: https://dl.gitea.com/gitea/1.25.3/gitea-1.25.3-linux-amd64.xz
+        dest: "/var/gitea/gitea.xz"
+    - name: Extract Binary
+      ansible.builtin.command:
+        argv:
+          - /usr/bin/xz
+          - -d
+          - -f
+          - "/var/gitea/gitea.xz"
+        chdir: "/usr/local/bin" 
+    - name: Install Binary
+      become_user: root
+      ansible.builtin.copy:
+        remote_src: true
+        src: "/var/gitea/gitea"
+        dest: "/usr/local/bin/gitea"
+        owner: root
+        mode: '755'
+    - name: Install service
+      become_user: root
+      ansible.builtin.template:
+        src: "gitea_systemd.j2"
+        dest: "/etc/systemd/system/gitea.service"
+    - name: Start service
+      become_user: root
+      ansible.builtin.systemd_service:
+        name: gitea
+        state: restarted
+        enabled: true
--- a/devops/gitea_systemd.j2
+++ b/devops/gitea_systemd.j2
@@ -0,0 +1,85 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=network.target
+###
+# Don't forget to add the database service dependencies
+###
+#
+#Wants=mysql.service
+#After=mysql.service
+#
+#Wants=mariadb.service
+#After=mariadb.service
+#
+#Wants=postgresql.service
+#After=postgresql.service
+#
+#Wants=memcached.service
+#After=memcached.service
+#
+#Wants=redis.service
+#After=redis.service
+#
+###
+# If using socket activation for main http/s
+###
+#
+#After=gitea.main.socket
+#Requires=gitea.main.socket
+#
+###
+# (You can also provide gitea an http fallback and/or ssh socket too)
+#
+# An example of /etc/systemd/system/gitea.main.socket
+###
+##
+## [Unit]
+## Description=Gitea Web Socket
+## PartOf=gitea.service
+##
+## [Socket]
+## Service=gitea.service
+## ListenStream=<some_port>
+## NoDelay=true
+##
+## [Install]
+## WantedBy=sockets.target
+##
+###
+
+[Service]
+# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# LimitNOFILE=524288:524288
+RestartSec=2s
+Type=simple
+User=gitea@kanidm.malcolms.xyz
+Group=gitea
+WorkingDirectory=/var/lib/gitea/
+# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
+# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=gitea
+ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+Restart=always
+Environment=USER=gitea@kanidm.malcolms.xyz HOME=/home/gitea@kanidm.malcolms.xyz GITEA_WORK_DIR=/var/lib/gitea
+# If you install Git to directory prefix other than default PATH (which happens
+# for example if you install other versions of Git side-to-side with
+# distribution version), uncomment below line and add that prefix to PATH
+# Don't forget to place git-lfs binary on the PATH below if you want to enable
+# Git LFS support
+#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
+# If you want to bind Gitea to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Gitea its ports as above
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on gitea process. The following
+# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
+###
+
+[Install]
+WantedBy=multi-user.target
--- a/devops/inventory.yaml
+++ b/devops/inventory.yaml
@@ -0,0 +1,4 @@
+devops_servers:
+  hosts:
+    devops_1:
+      ansible_host: devops-1.malcolms.xyz
--- a/minecraft_servers/inventory.yaml
+++ b/minecraft_servers/inventory.yaml
@@ -0,0 +1,7 @@
+minecraft_servers:
+  hosts:
+    minecraft-3:
+      ansible_host: minecraft-3.malcolms.xyz
+    minecraft-5:
+      ansible_host: minecraft-5.malcolms.xyz
+
--- a/minecraft_servers/modded_minecraft_server/tasks/main.yaml
+++ b/minecraft_servers/modded_minecraft_server/tasks/main.yaml
@@ -0,0 +1,60 @@
+
+- name: Setup directory
+  become: true
+  become_user: root
+  ansible.builtin.file:
+    path: "/var/minecraft/{{mc_instance}}"
+    state: directory
+    owner: minecraft
+    group: ansible
+- name: Setup cfg file
+  ansible.builtin.template:
+    owner: minecraft
+    src: server.properties.j2
+    dest: "/var/minecraft/{{mc_instance}}/server.properties"
+- name: Download JAR
+  ansible.builtin.get_url:
+    url: https://meta.fabricmc.net/v2/versions/loader/1.21.11/0.18.4/1.1.0/server/jar
+    dest: "/var/minecraft/{{mc_instance}}/server.jar"
+- name: Set EULA
+  ansible.builtin.template:
+    owner: minecraft
+    src: eula.txt.j2
+    dest: "/var/minecraft/{{mc_instance}}/eula.txt"
+- name: Install service file
+  become_user: root
+  ansible.builtin.template:
+    src: service.j2
+    dest: "/etc/systemd/system/minecraft-{{mc_instance}}.service"
+- name: Install start script
+  ansible.builtin.template:
+    owner: minecraft
+    src: start.sh.j2
+    dest: "/var/minecraft/{{mc_instance}}/start.sh"
+    mode: '550'
+- name: Create mods directory
+  ansible.builtin.file:
+    path: "/var/minecraft/{{mc_instance}}/mods"
+    state: directory
+- name: Create config directory
+  ansible.builtin.file:
+    path: "/var/minecraft/{{mc_instance}}/config"
+    state: directory
+- name: Install mods
+  ansible.builtin.get_url:
+    url: "{{item.url}}"
+    dest: "/var/minecraft/{{mc_instance}}/mods/{{item.dest}}"
+  loop: "{{mods}}"
+- name: Install FabricProxy Config
+  ansible.builtin.template:
+    owner: minecraft
+    src: FabricProxy-Lite.toml.j2
+    dest: "/var/minecraft/{{mc_instance}}/config/FabricProxy-Lite.toml"
+- name: Start service
+  become_user: root
+  ansible.builtin.systemd_service:
+    name: "minecraft-{{mc_instance}}"
+    enabled: true
+    state: started
+
+
--- a/minecraft_servers/modded_minecraft_server/templates/FabricProxy-Lite.toml.j2
+++ b/minecraft_servers/modded_minecraft_server/templates/FabricProxy-Lite.toml.j2
@@ -0,0 +1 @@
+secret = "{{proxy_secret}}"
--- a/minecraft_servers/modded_minecraft_server/templates/eula.txt.j2
+++ b/minecraft_servers/modded_minecraft_server/templates/eula.txt.j2
@@ -0,0 +1 @@
+eula=true
--- a/minecraft_servers/modded_minecraft_server/templates/server.properties.j2
+++ b/minecraft_servers/modded_minecraft_server/templates/server.properties.j2
@@ -0,0 +1,59 @@
+#Minecraft server properties
+#(File modification date and time)
+enable-jmx-monitoring=false
+rcon.port={{rcon_port}}
+level-seed=
+gamemode=survival
+enable-command-block=false
+enable-query=false
+generator-settings={}
+enforce-secure-profile=true
+level-name=world
+motd={{motd}}
+query.port=25565
+pvp=true
+generate-structures=true
+max-chained-neighbor-updates=1000000
+difficulty=easy
+network-compression-threshold=256
+max-tick-time=60000
+require-resource-pack=false
+use-native-transport=true
+max-players=20
+online-mode=true
+enable-status=true
+allow-flight=false
+initial-disabled-packs=
+broadcast-rcon-to-ops=true
+view-distance=10
+server-ip=
+resource-pack-prompt=
+allow-nether=true
+server-port={{server_port}}
+enable-rcon={{rcon_enable}}
+sync-chunk-writes=true
+op-permission-level=4
+prevent-proxy-connections=false
+hide-online-players=false
+resource-pack=
+entity-broadcast-range-percentage=100
+simulation-distance=10
+rcon.password={{rcon_password}}
+player-idle-timeout=0
+force-gamemode=false
+rate-limit=0
+hardcore=false
+white-list={{mc_whitelist}}
+broadcast-console-to-ops=true
+spawn-npcs=true
+spawn-animals=true
+log-ips=true
+function-permission-level=2
+initial-enabled-packs=vanilla
+level-type=minecraft\:normal
+text-filtering-config=
+spawn-monsters=true
+enforce-whitelist=false
+spawn-protection=16
+resource-pack-sha1=
+max-world-size=29999984
--- a/minecraft_servers/modded_minecraft_server/templates/service.j2
+++ b/minecraft_servers/modded_minecraft_server/templates/service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description= Minecraft server instance {{mc_instance}}
+Requires=network.target
+
+[Service]
+ExecStart=/var/minecraft/{{mc_instance}}/start.sh
+User=minecraft
+Group=minecraft
+
+[Install]
+WantedBy=default.target
--- a/minecraft_servers/modded_minecraft_server/templates/start.sh.j2
+++ b/minecraft_servers/modded_minecraft_server/templates/start.sh.j2
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /var/minecraft/{{mc_instance}}
+java -Xmx{{max_memory}}M -Xms{{small_memory}}M -jar server.jar -nogui
--- a/minecraft_servers/setup_minecraft_servers.yaml
+++ b/minecraft_servers/setup_minecraft_servers.yaml
@@ -0,0 +1,60 @@
+- name: Minecraft pre setup
+  hosts: minecraft_servers
+  tasks:
+    - name: Install Package
+      become: true
+      ansible.builtin.apt:
+        name: openjdk-25-jre-headless
+        state: latest
+    - name: Install Package
+      become: true
+      ansible.builtin.apt:
+        name: acl
+        state: latest
+- name: Minecraft Config Seeding
+  hosts: minecraft-3
+  become: true
+  become_user: minecraft
+  vars:
+    server_port: 25565
+    rcon_port: 25575
+    rcon_enable: true
+    mc_whitelist: false
+    motd: Test Server
+    rcon_password: ""
+    mc_instance: "destiny"
+    max_memory: 2600
+    small_memory: 1300
+    mods:
+      - url: https://cdn.modrinth.com/data/8dI2tmqs/versions/nR8AIdvx/FabricProxy-Lite-2.11.0.jar
+        dest: "fabricProxy.jar"
+      - url: https://cdn.modrinth.com/data/gvQqBUqZ/versions/gl30uZvp/lithium-fabric-0.21.2%2Bmc1.21.11.jar
+        dest: "lithium.jar"
+      - url: https://cdn.modrinth.com/data/P7dR8mSH/versions/gB6TkYEJ/fabric-api-0.140.2%2B1.21.11.jar
+        dest: "fabric-api.jar"
+    proxy_secret: "AVXMVzev80E6"
+  roles:
+    - modded_minecraft_server
+- name: Minecraft 5 Deploy
+  hosts: minecraft-5
+  become: true
+  become_user: minecraft
+  vars:
+    server_port: 25565
+    rcon_port: 25575
+    rcon_enable: true
+    mc_whitelist: false
+    motd: "Test Server 5"
+    rcon_password: ""
+    mc_instance: "test-5"
+    max_memory: 2600
+    small_memory: 1300
+    mods:
+      - url: https://cdn.modrinth.com/data/gvQqBUqZ/versions/gl30uZvp/lithium-fabric-0.21.2%2Bmc1.21.11.jar
+        dest: "lithium.jar"
+      - url: https://cdn.modrinth.com/data/P7dR8mSH/versions/gB6TkYEJ/fabric-api-0.140.2%2B1.21.11.jar
+        dest: "fabric-api.jar"
+    proxy_secret: "AVXMVzev80E6"
+  roles:
+    - modded_minecraft_server
+