update

2025-08-26 14:28:09 +02:00
parent 0315edf95f
commit 31711c7627
105 changed files with 1419 additions and 366 deletions
@@ -1,51 +0,0 @@
-name: Run ansible
-on:
-  push:
-  schedule:
-    - cron: "0 */12 * * *"
-
-jobs:
-  ansible_lint_and_syntax_check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-
-      - name: Install ansible
-        run: |
-          apt update && apt upgrade -y
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.x'
-
-      - name: Install Ansible and dependencies
-        run: |
-          pip install ansible ansible-lint
-
-      - name: Run Ansible Lint
-        run: ansible-lint
-        continue-on-error: true
-
-      - name: Run playbook "Minecraft"
-        run: | 
-          ansible-playbook -i inventories/hosts playbook.yml
-
-  run-ansible-playbook:
-    needs: ansible_lint_and_syntax_check # Ce job dépend du succès du précédent
-    runs-on: ubuntu-latest
-    if: gitea.ref == 'refs/heads/main' # Ce job ne s'exécute que pour les push sur la branche 'main'
-
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.x'
-
-      - name: Install Ansible and dependencies
-        run: |
-          pip install ansible
@@ -0,0 +1,54 @@
+name: Deploy Minecraft Server
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to deploy'
+        required: true
+        default: 'staging'
+        type: choice
+        options:
+        - staging
+        - production
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.environment || 'staging' }}
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
+        
+    - name: Install Ansible
+      run: pip install ansible
+      
+    - name: Setup SSH key
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ secrets.ANSIBLE_SSH_KEY }}" > ~/.ssh/ansible_key
+        chmod 600 ~/.ssh/ansible_key
+        ssh-keyscan -H ${{ secrets.ANSIBLE_HOST }} >> ~/.ssh/known_hosts
+        
+    - name: Create vault password file
+      run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.ansible_vault_pass
+      
+    - name: Deploy to staging
+      if: ${{ github.event.inputs.environment == 'staging' || github.ref == 'refs/heads/develop' }}
+      run: |
+        ansible-playbook -i inventories/staging/hosts.yml site.yml \
+          --vault-password-file ~/.ansible_vault_pass \
+          --private-key ~/.ssh/ansible_key
+          
+    - name: Deploy to production
+      if: ${{ github.event.inputs.environment == 'production' || github.ref == 'refs/heads/main' }}
+      run: |
+        ansible-playbook -i inventories/production/hosts.yml site.yml \
+          --vault-password-file ~/.ansible_vault_pass \
+          --private-key ~/.ssh/ansible_key
@@ -0,0 +1,33 @@
+name: Ansible Lint
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
+        
+    - name: Install dependencies
+      run: |
+        pip install ansible ansible-lint yamllint
+        
+    - name: Run yamllint
+      run: yamllint .
+      
+    - name: Run ansible-lint
+      run: ansible-lint
+      
+    - name: Validate inventory files
+      run: |
+        ansible-inventory --list -i inventories/production/hosts.yml
+        ansible-inventory --list -i inventories/staging/hosts.yml
@@ -1,14 +1,29 @@
-# ---> VisualStudioCode
-.vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-!.vscode/*.code-snippets
+# Ansible
+*.retry
+.vault_pass
+.ansible_vault_pass

-# Local History for Visual Studio Code
-.history/
+# SSH keys
+*.pem
+*.key
+id_rsa*
+ansible_key*

-# Built Visual Studio Code Extensions
-*.vsix
+# Temporary files
+*.tmp
+*.temp
+.DS_Store
+Thumbs.db

+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Logs
+*.log
+
+# Backups
+*.bak
+*.backup
@@ -1,62 +1,215 @@
-# Mincraft Ansible
+# Minecraft Spigot Server - Ansible Deployment

-Simplifier la gestion de Minecraft sur votre serveur Debian à l'aide d'Ansible.
+Ce projet Ansible permet de déployer automatiquement un serveur Minecraft Spigot complet avec hardening de sécurité, sauvegarde automatisée et gestion des mises à jour.

-Les instructions suivantes sont destinées à la mise en place d'un serveur Minecraft à partir de zéro en utilisant debian comme système d'exploitation.
-Cela peut se faire sur une machine physique ou une machine virtuelle.
-Cependant, les bases de ce projet pourraient facilement être réutilisées pour gérer un serveur existant ou même plusieurs serveurs.
+## 🚀 Fonctionnalités

-## Préconisation
+### ✅ Rôles disponibles
+- **01-server_hardening** : Durcissement sécuritaire du serveur
+- **02-installation-java** : Installation automatique de Java OpenJDK
+- **03-installation-minecraft** : Déploiement complet du serveur Spigot
+- **04-backups** : Système de sauvegarde automatisé
+- **05-update** : Gestion des mises à jour automatisées

-1. Installer l'édition du serveur Debian 12. ou 13. , en sélectionnant l'option serveur SSH lorsque cela est demandé pour un logiciel d'ajout à installer.
-2. Copiez votre clé SSH dans le nouveau serveur à l'aide de «ssh-copy-id».
+### 🔧 Composants installés
+- **Spigot 1.21.6** : Serveur Minecraft optimisé
+- **mcrcon** : Administration à distance via RCON
+- **Java 21** : Version optimale pour Spigot
+- **Fail2Ban** : Protection contre les attaques par force brute
+- **UFW** : Pare-feu simplifié
+- **Logrotate** : Rotation automatique des logs

-## Mise en place
+## 📁 Structure du projet

-1. Installer Ansible
-2. Ajoutez votre serveur Minecraft à l'adresse suivante:
+```
+minecraft-spigot-ansible/
+├── README.md                    # Documentation principale
+├── site.yml                     # Playbook principal
+├── ansible.cfg                  # Configuration Ansible
+├── inventories/                 # Inventaires des serveurs
+│   ├── production/              # Environnement de production
+│   └── staging/                 # Environnement de test
+├── roles/                       # Rôles Ansible
+│   ├── 01-server_hardening/     # Sécurisation du serveur
+│   ├── 02-installation-java/    # Installation Java
+│   ├── 03-installation-minecraft/ # Déploiement Minecraft
+│   ├── 04-backups/              # Système de sauvegarde
+│   └── 05-update/               # Gestion des mises à jour
+└── .gitea/workflows/            # CI/CD Gitea
+    ├── lint.yml                 # Tests et validation
+    └── deploy.yml               # Déploiement automatique
+```

-		[minecraft]
-		your.hostname.or.ip.address
+## ⚙️ Configuration requise

-3. Installer les forfaits nécessaires à Ansible pour travailler en exécutant:
+### Serveur cible
+- **OS** : Debian 10/11/12/13 ou Ubuntu LTS
+- **RAM** : Minimum 2GB (4GB recommandés)
+- **Stockage** : 20GB minimum
+- **Réseau** : Accès Internet pour téléchargements

-        ansible-playbook -K -l minecraft playbooks/main.yml
+### Serveur de contrôle
+- **Ansible** : Version 2.9 ou supérieure
+- **Python** : 3.8 ou supérieure
+- **SSH** : Accès par clé aux serveurs cibles

-## Installation
+## 🛠️ Installation et configuration

-### Spigot
+### 1. Préparation de l'environnement

-1. Ajoutez une variable définissant l'endroit où trouver votre exemplaire de la version 1649 du bocal Spigot à "/etc/ansible/hôtes":
+```bash
+# Cloner le repository
+git clone https://your-gitea-instance.com/your-repo/minecraft-spigot-ansible.git
+cd minecraft-spigot-ansible

-		[minecraft:vars]
-		spigot1649-path/path/to/spigot1649.jar
+# Installer Ansible (si nécessaire)
+pip install ansible ansible-lint yamllint

-2. Exécuter ce qui suit pour configurer le serveur pour exécuter Spigot:
+# Configurer les clés SSH
+ssh-keygen -t ed25519 -f ~/.ssh/ansible_key
+ssh-copy-id -i ~/.ssh/ansible_key.pub ansible@your-server-ip
+```

-        ansible-playbook -K-l minecraft playbooks/01-install-server.yml
+### 2. Configuration des inventaires

-## Mise à jour Spigot
+#### Production (`inventories/production/hosts.yml`)
+```yaml
+all:
+  children:
+    minecraft_servers:
+      hosts:
+        minecraft-prod-01:
+          ansible_host: YOUR_PROD_IP
+          ansible_user: ansible
+```

-Pour mettre à jour le patch appliqué à Spigot, soit mettre à jour les valeurs dans 'roles/spigot-server/defaults/main..yml', soit ajouter
-les versions mises à jour des variables suivantes dans la section `[minecraft:vars]` de votre `/etc/ansible/hosts` :
+#### Variables globales (`inventories/production/group_vars/minecraft_servers.yml`)
+```yaml
+minecraft_version: "1.21.6"
+minecraft_memory_min: "1G"
+minecraft_memory_max: "4G"
+minecraft_rcon_password: "your-secure-password"
+```

-        - Quelle version du patch Spigot appliquer
-        spigot-patch-version: '20141113a'
-        (addition de contrôle MD5 du dispositif transdermique appliqué)
-        '12ace759005798adf91d9fe4675fff48'
-        (en anglais)
-        spigot-patched-jar-md5: '870c9021be261bd285c966c642b23c32'
+### 3. Configuration des secrets

-Puis re-réparer:
+Créer un fichier vault pour les mots de passe :
+```bash
+ansible-vault create inventories/production/group_vars/vault.yml
+```

-        ansible-playbook -K -l minecraft playbooks/02-update-server.yml
+Contenu du vault :
+```yaml
+vault_minecraft_rcon_password: "your-secure-rcon-password"
+vault_mysql_password: "your-mysql-password"
+```

-## Consosole de serveur Minecraft
+## 🚀 Déploiement

-Pour se connecter à la console du serveur Minecraft:
+### Déploiement manuel

-1. SSH à votre serveur.
-2. Execution :
+```bash
+# Test de connectivité
+ansible all -i inventories/production/hosts.yml -m ping

-		sudo -u minecraft tmux joint-session -t minecraft
+# Déploiement complet
+ansible-playbook -i inventories/production/hosts.yml site.yml --ask-vault-pass
+
+# Déploiement par rôle spécifique
+ansible-playbook -i inventories/production/hosts.yml site.yml --tags "minecraft" --ask-vault-pass
+```
+
+### Déploiement par tags
+
+```bash
+# Sécurisation uniquement
+ansible-playbook site.yml --tags "hardening"
+
+# Installation Java uniquement
+ansible-playbook site.yml --tags "java"
+
+# Configuration Minecraft uniquement
+ansible-playbook site.yml --tags "minecraft"
+
+# Configuration des sauvegardes uniquement
+ansible-playbook site.yml --tags "backup"
+
+# Mises à jour uniquement
+ansible-playbook site.yml --tags "update"
+```
+
+## 🔐 Sécurité
+
+### Hardening automatique inclus
+- **SSH** : Configuration sécurisée (clés uniquement, port personnalisable)
+- **Firewall** : UFW avec règles restrictives
+- **Fail2Ban** : Protection anti-bruteforce
+- **Permissions** : Utilisateur dédié minecraft
+- **Logs** : Rotation automatique et surveillance
+
+### Ports ouverts par défaut
+- **22/tcp** : SSH (configurable)
+- **25565/tcp** : Minecraft
+- **25575/tcp** : RCON (localhost uniquement)
+
+## 💾 Système de sauvegarde
+
+### Types de sauvegardes
+- **Quotidienne** : 2h00, rétention 7 jours
+- **Hebdomadaire** : Dimanche 3h00, rétention 4 semaines  
+- **Mensuelle** : 1er du mois 4h00, rétention 6 mois
+
+### Localisation des sauvegardes
+```
+/opt/minecraft/backups/
+├── daily/      # Sauvegardes quotidiennes
+├── weekly/     # Sauvegardes hebdomadaires
+├── monthly/    # Sauvegardes mensuelles
+└── scripts/    # Scripts de sauvegarde
+```
+
+### Restauration
+```bash
+# Lister les sauvegardes disponibles
+sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh
+
+# Restaurer une sauvegarde spécifique
+sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh daily 20241201_020000
+```
+
+## 🔄 Gestion des mises à jour
+
+### Mises à jour automatiques
+Le rôle `05-update` vérifie et applique automatiquement :
+- **Clés SSH** : Nouvelles clés autorisées
+- **Système** : Paquets Debian/Ubuntu  
+- **Spigot** : Nouvelles versions disponibles
+
+### Processus de mise à jour Spigot
+1. Détection nouvelle version
+2. Téléchargement BuildTools
+3. Compilation en parallèle
+4. Tests de la nouvelle version
+5. Basculement sans interruption
+6. Nettoyage des anciennes versions
+
+## 🎮 Administration du serveur
+
+### Commandes utiles
+
+```bash
+# Statut du service
+systemctl status minecraft
+
+# Logs en temps réel
+journalctl -u minecraft -f
+
+# Console RCON
+/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password
+
+# Commandes RCON utiles
+/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "say Serveur en maintenance"
+/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "stop"
+```
+
+### Structure des fichiers Minecraft
@@ -0,0 +1,15 @@
+[defaults]
+host_key_checking = False
+inventory = inventories/production/hosts.yml
+remote_user = ansible
+private_key_file = ~/.ssh/ansible_key
+roles_path = roles
+stdout_callback = yaml
+gathering = smart
+fact_caching = memory
+forks = 5
+timeout = 30
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+pipelining = True
@@ -1 +0,0 @@
-eula=true
@@ -1,26 +0,0 @@
-
-[Unit]
-Description=Minecraft Server
-Wants=network.target
-After=network.target
-
-[Service]
-User=minecraft
-Group=minecraft
-UMask=0027
-
-Nice=1
-KillMode=none
-SuccessExitStatus=0 1 255
-
-NoNewPrivileges=true
-PrivateDevices=true
-ProtectHome=true
-ProtectSystem=full
-
-WorkingDirectory=/opt/minecraft/server
-ExecStart=/usr/bin/java -Xmx2048M -Xms2048M -jar spigot-1.21.8.jar nogui
-ExecStop=/opt/minecraft/tools/mcrcon/mcrcon -H 127.0.0.1 -P 25575 -p ${]Password} stop
-
-[Install]
-WantedBy=multi-user.target
@@ -1,19 +0,0 @@
---
-# Variables pour le rôle Java
-java_version: 17
-java_package: openjdk-{{ java_version }}-jdk
-
-# Variables pour le rôle du serveur Minecraft
-minecraft_user: minecraft
-minecraft_group: minecraft
-minecraft_dir: /opt/minecraft
-spigot_download_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
-spigot_jar_name: spigot-{{ minecraft_version }}.jar
-minecraft_version: 1.20.4
-server_properties_content:
-  eula: "true"
-  server-port: "25565"
-  max-players: "20"
-  motd: "Bienvenue sur notre serveur Minecraft !"
-  online-mode: "true"
-  # Ajoutez d'autres options si nécessaire
@@ -1 +0,0 @@
-# tmp
@@ -0,0 +1,17 @@
+---
+# Configuration globale pour la production
+environment: production
+timezone: Europe/Paris
+
+# Utilisateur Ansible
+ansible_user: ansible
+ansible_become: yes
+ansible_become_method: sudo
+
+# Configuration SSH
+ssh_port: 22
+ssh_allow_users: ["ansible", "minecraft"]
+
+# Configuration Firewall
+firewall_enabled: true
+firewall_default_policy: deny
@@ -0,0 +1,27 @@
+---
+# Configuration spécifique aux serveurs Minecraft
+minecraft_version: "1.21.6"
+minecraft_user: minecraft
+minecraft_group: minecraft
+minecraft_home: /opt/minecraft
+
+# Chemins
+minecraft_sources_dir: "{{ minecraft_home }}/sources"
+minecraft_server_dir: "{{ minecraft_home }}/server"
+minecraft_tools_dir: "{{ minecraft_home }}/tools"
+minecraft_backups_dir: "{{ minecraft_home }}/backups"
+
+# Configuration serveur
+minecraft_memory_min: "1G"
+minecraft_memory_max: "4G"
+minecraft_port: 25565
+minecraft_rcon_port: 25575
+minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
+
+# Java
+java_version: 21
+
+# Backups
+backup_retention_daily: 7
+backup_retention_weekly: 4
+backup_retention_monthly: 6
@@ -0,0 +1,13 @@
+---
+all:
+  children:
+    minecraft_servers:
+      hosts:
+        minecraft-prod-01:
+          ansible_host: 192.168.1.100
+          ansible_user: ansible
+          ansible_ssh_private_key_file: ~/.ssh/ansible_key
+        minecraft-prod-02:
+          ansible_host: 192.168.1.101
+          ansible_user: ansible
+          ansible_ssh_private_key_file: ~/.ssh/ansible_key
@@ -0,0 +1,17 @@
+---
+# Configuration globale pour le staging
+environment: staging
+timezone: Europe/Paris
+
+# Utilisateur Ansible
+ansible_user: ansible
+ansible_become: yes
+ansible_become_method: sudo
+
+# Configuration SSH
+ssh_port: 22
+ssh_allow_users: ["ansible", "minecraft"]
+
+# Configuration Firewall
+firewall_enabled: true
+firewall_default_policy: deny
@@ -0,0 +1,27 @@
+---
+# Configuration spécifique aux serveurs Minecraft de staging
+minecraft_version: "1.21.6"
+minecraft_user: minecraft
+minecraft_group: minecraft
+minecraft_home: /opt/minecraft
+
+# Chemins
+minecraft_sources_dir: "{{ minecraft_home }}/sources"
+minecraft_server_dir: "{{ minecraft_home }}/server"
+minecraft_tools_dir: "{{ minecraft_home }}/tools"
+minecraft_backups_dir: "{{ minecraft_home }}/backups"
+
+# Configuration serveur (plus petite pour staging)
+minecraft_memory_min: "512M"
+minecraft_memory_max: "2G"
+minecraft_port: 25565
+minecraft_rcon_port: 25575
+minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
+
+# Java
+java_version: 21
+
+# Backups (retention plus courte en staging)
+backup_retention_daily: 3
+backup_retention_weekly: 2
+backup_retention_monthly: 1
@@ -0,0 +1,9 @@
+---
+all:
+  children:
+    minecraft_servers:
+      hosts:
+        minecraft-staging-01:
+          ansible_host: 192.168.1.200
+          ansible_user: ansible
+          ansible_ssh_private_key_file: ~/.ssh/ansible_key
@@ -1,2 +0,0 @@
-[minecraft_servers_prd]
-minecraft-prd.tips-of-mine.local ansible_user=ansible
@@ -1,2 +0,0 @@
-[minecraft_servers_uat]
-minecraft-uat.tips-of-mine.local ansible_user=ansible
@@ -1,9 +0,0 @@
---
- name: Installer un serveur Minecraft Spigot
-  hosts: minecraft_servers
-  become: yes
-  vars_files:
-    - group_vars/all.yml
-  roles:
-    - 01-java
-    - 02-minecraft_server
@@ -1,5 +0,0 @@
---
- name: Vérifier si Java est déjà installé
-  ansible.builtin.shell: "java -version"
-  register: java_check
-  ignore_errors: yes
@@ -1,6 +0,0 @@
---
- name: Installer Java {{ java_version }}
-  ansible.builtin.package:
-    name: "{{ java_package }}"
-    state: present
-  when: java_check.rc != 0
@@ -1,5 +0,0 @@
---
- name: Vérifier la version de Java installée
-  ansible.builtin.shell: "java -version"
-  register: java_version_output
-  changed_when: false
@@ -1,4 +0,0 @@
---
- name: Afficher la version de Java
-  ansible.builtin.debug:
-    msg: "{{ java_version_output.stderr }}"
@@ -1,12 +0,0 @@
---
- name: Inclure la tâche de vérification
-  ansible.builtin.import_tasks: 01-check-java.yml
-
- name: Inclure la tâche d'installation
-  ansible.builtin.import_tasks: 02-install-java.yml
-
- name: Inclure la tâche de vérification d'installation
-  ansible.builtin.import_tasks: 03-check-java-install.yml
-
- name: Inclure la tâche d'affichage de la version installé
-  ansible.builtin.import_tasks: 04-display-version.yml
@@ -0,0 +1,25 @@
+---
+# Configuration par défaut pour le hardening
+ssh_port: 22
+ssh_protocol: 2
+ssh_permit_root_login: "no"
+ssh_password_authentication: "no"
+ssh_pub_key_authentication: "yes"
+ssh_allow_users: ["ansible"]
+ssh_max_auth_tries: 3
+ssh_client_alive_interval: 300
+ssh_client_alive_count_max: 2
+
+# Firewall
+ufw_default_incoming: deny
+ufw_default_outgoing: allow
+ufw_allowed_ports:
+  - 22/tcp
+  - 25565/tcp
+  - 25575/tcp
+
+# Fail2ban
+fail2ban_enabled: true
+fail2ban_bantime: 3600
+fail2ban_findtime: 600
+fail2ban_maxretry: 3
@@ -0,0 +1,7 @@
+---
+- name: Update apt cache for Debian/Ubuntu
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  when: ansible_os_family == "Debian"
+  tags: ['system-update']
@@ -0,0 +1,11 @@
+---
+- name: Configure SSH daemon
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    backup: yes
+    mode: '0600'
+    owner: root
+    group: root
+  notify: restart sshd
+  tags: ['ssh-config']
@@ -0,0 +1,6 @@
+---
+- name: Install UFW firewall
+  package:
+    name: ufw
+    state: present
+  tags: ['firewall-install']
@@ -0,0 +1,7 @@
+--
+- name: Install fail2ban
+  package:
+    name: fail2ban
+    state: present
+  when: fail2ban_enabled
+  tags: ['fail2ban-install']
@@ -0,0 +1,11 @@
+---
+- name: Disable unused services
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  loop:
+    - bluetooth
+    - cups
+  ignore_errors: yes
+  tags: ['disable-services']
@@ -0,0 +1,20 @@
+---
+- name: Include system update tasks
+  include_tasks: 01-update-system.yml
+  tags: ['hardening', 'system-update']
+
+- name: Include SSH configuration tasks
+  include_tasks: 02-configure-ssh.yml
+  tags: ['hardening', 'ssh']
+
+- name: Include firewall configuration tasks
+  include_tasks: 03-configure-firewall.yml
+  tags: ['hardening', 'firewall']
+
+- name: Include fail2ban installation tasks
+  include_tasks: 04-install-fail2ban.yml
+  tags: ['hardening', 'fail2ban']
+
+- name: Include additional hardening tasks
+  include_tasks: 05-additional-hardening.yml
+  tags: ['hardening', 'additional']
@@ -0,0 +1,26 @@
+[DEFAULT]
+# Fail2ban configuration for Minecraft server
+bantime = {{ fail2ban_bantime }}
+findtime = {{ fail2ban_findtime }}
+maxretry = {{ fail2ban_maxretry }}
+
+# Email notifications (optional)
+# destemail = admin@example.com
+# sendername = Fail2Ban
+# sender = fail2ban@example.com
+# action = %(action_mwl)s
+
+[sshd]
+enabled = true
+port = {{ ssh_port }}
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = {{ fail2ban_maxretry }}
+
+[minecraft]
+enabled = true
+port = {{ minecraft_port }}
+filter = minecraft
+logpath = {{ minecraft_server_dir }}/logs/latest.log
+maxretry = 5
+bantime = 7200
@@ -0,0 +1,47 @@
+# SSH configuration for Minecraft server
+Port {{ ssh_port }}
+Protocol {{ ssh_protocol }}
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication
+LoginGraceTime 60
+PermitRootLogin {{ ssh_permit_root_login }}
+StrictModes yes
+MaxAuthTries {{ ssh_max_auth_tries }}
+MaxSessions 10
+
+PubkeyAuthentication {{ ssh_pub_key_authentication }}
+AuthorizedKeysFile .ssh/authorized_keys
+
+PasswordAuthentication {{ ssh_password_authentication }}
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+KerberosAuthentication no
+GSSAPIAuthentication no
+
+UsePAM yes
+
+AllowUsers {{ ssh_allow_users | join(' ') }}
+
+X11Forwarding no
+PrintMotd no
+AcceptEnv LANG LC_*
+
+# Connection settings
+ClientAliveInterval {{ ssh_client_alive_interval }}
+ClientAliveCountMax {{ ssh_client_alive_count_max }}
+TCPKeepAlive yes
+
+# Restrict to specific users
+Match User {{ ssh_allow_users | join(',') }}
+    AllowTcpForwarding no
+    X11Forwarding no
+    PermitTunnel no
+    GatewayPorts no
+    AllowAgentForwarding no
@@ -0,0 +1,14 @@
+# UFW rules for Minecraft server
+
+# Default policies
+ufw --force reset
+ufw default {{ ufw_default_incoming }}
+ufw default {{ ufw_default_outgoing }}
+
+# Allow specific ports
+{% for port in ufw_allowed_ports %}
+ufw allow {{ port }}
+{% endfor %}
+
+# Enable UFW
+ufw --force enable
@@ -0,0 +1,4 @@
+---
+java_version: 21
+java_package: "openjdk-{{ java_version }}-jdk"
+java_home: "/usr/lib/jvm/java-{{ java_version }}-openjdk-amd64"
@@ -0,0 +1,7 @@
+---
+- name: Check if Java is already installed
+  command: java -version
+  register: java_check
+  failed_when: false
+  changed_when: false
+  tags: ['java-check']
@@ -0,0 +1,6 @@
+---
+- name: Install OpenJDK
+  package:
+    name: "{{ java_package }}"
+    state: present
+  tags: ['java-install']
@@ -0,0 +1,6 @@
+--
+- name: Verify Java installation
+  command: java -version
+  register: java_verify
+  changed_when: false
+  tags: ['java-verify']
@@ -0,0 +1,7 @@
+---
+- name: Set Java home environment variable
+  lineinfile:
+    path: /etc/environment
+    line: "JAVA_HOME={{ java_home }}"
+    state: present
+  tags: ['java-validate']
@@ -0,0 +1,17 @@
+---
+- name: Include Java check tasks
+  include_tasks: 01-check-java.yml
+  tags: ['java', 'check']
+
+- name: Include Java installation tasks
+  include_tasks: 02-install-java.yml
+  when: java_installed is not defined or not java_installed
+  tags: ['java', 'install']
+
+- name: Include Java verification tasks
+  include_tasks: 03-verify-java.yml
+  tags: ['java', 'verify']
+
+- name: Include Java validation tasks
+  include_tasks: 04-validate-installation.yml
+  tags: ['java', 'validate']
@@ -1,10 +0,0 @@
---
- name: Recharger systemd
-  ansible.builtin.systemd:
-    daemon_reload: yes
-
- name: Démarrer le service Minecraft
-  ansible.builtin.systemd:
-    name: minecraft
-    state: started
-    enabled: yes
@@ -1,5 +0,0 @@
---
- name: Créer le groupe et l'utilisateur Minecraft
-  ansible.builtin.group:
-    name: "{{ minecraft_group }}"
-    state: present
@@ -1,8 +0,0 @@
---
- name: Créer l'utilisateur Minecraft
-  ansible.builtin.user:
-    name: "{{ minecraft_user }}"
-    group: "{{ minecraft_group }}"
-    shell: "/bin/false"
-    home: "{{ minecraft_dir }}"
-    state: present
@@ -1,8 +0,0 @@
---
- name: Créer le répertoire du serveur Minecraft
-  ansible.builtin.file:
-    path: "{{ minecraft_dir }}"
-    state: directory
-    owner: "{{ minecraft_user }}"
-    group: "{{ minecraft_group }}"
-    mode: '0755'
@@ -1,9 +0,0 @@
---
- name: Télécharger BuildTools.jar
-  ansible.builtin.get_url:
-    url: "{{ spigot_download_url }}"
-    dest: "{{ minecraft_dir }}/BuildTools.jar"
-    mode: '0755'
-    owner: "{{ minecraft_user }}"
-    group: "{{ minecraft_group }}"
-  register: buildtools_download
@@ -1,8 +0,0 @@
---
- name: Construire le fichier Spigot.jar
-  ansible.builtin.shell: "java -jar BuildTools.jar --rev {{ minecraft_version }}"
-  args:
-    chdir: "{{ minecraft_dir }}"
-  become_user: "{{ minecraft_user }}"
-  when: buildtools_download is changed
-  register: build_result
@@ -1,5 +0,0 @@
---
- name: Vérifier que le fichier Spigot a été créé
-  ansible.builtin.stat:
-    path: "{{ minecraft_dir }}/{{ spigot_jar_name }}"
-  register: spigot_stat
@@ -1,10 +0,0 @@
---
- name: Copier le fichier spigot.jar au nom standardisé
-  ansible.builtin.copy:
-    src: "{{ minecraft_dir }}/spigot-{{ minecraft_version }}.jar"
-    dest: "{{ minecraft_dir }}/server.jar"
-    remote_src: true
-    owner: "{{ minecraft_user }}"
-    group: "{{ minecraft_group }}"
-    mode: '0644'
-  when: spigot_stat.stat.exists
@@ -1,8 +0,0 @@
---
- name: Créer le fichier eula.txt
-  ansible.builtin.template:
-    src: eula.txt.j2
-    dest: "{{ minecraft_dir }}/eula.txt"
-    owner: "{{ minecraft_user }}"
-    group: "{{ minecraft_group }}"
-    mode: '0644'
@@ -1,7 +0,0 @@
---
-  ansible.builtin.template:
-    src: server.properties.j2
-    dest: "{{ minecraft_dir }}/server.properties"
-    owner: "{{ minecraft_user }}"
-    group: "{{ minecraft_group }}"
-    mode: '0644'
@@ -1,11 +0,0 @@
---
- name: Copier le service systemd
-  ansible.builtin.template:
-    src: minecraft.service.j2
-    dest: /etc/systemd/system/minecraft.service
-    owner: root
-    group: root
-    mode: '0644'
-  notify: 
-    - Recharger systemd
-    - Démarrer le service Minecraft
@@ -1,7 +0,0 @@
---
- name: Vérifier l'état du service Minecraft
-  ansible.builtin.systemd:
-    name: minecraft
-    state: started
-    enabled: true
-    
@@ -1,33 +0,0 @@
---
- name: Inclure la tâche pour création de group local
-  ansible.builtin.import_tasks: 01-create-minecraft-group.yml
-
- name: Inclure la tâche pour création d'un compte utilisateur
-  ansible.builtin.import_tasks: 02-create-minecraft-user.yml
-
- name: Inclure la tâche pour création du dossier par defaut
-  ansible.builtin.import_tasks: 03-create-minecraft-home.yml
-
- name: Inclure la tâche pour télécharger la source
-  ansible.builtin.import_tasks: 04-download.yml
-
- name: Inclure la tâche de compilation
-  ansible.builtin.import_tasks: 05-build.yml
-
- name: Inclure la tâche de vérification
-  ansible.builtin.import_tasks: 06-check.yml
-
- name: Inclure la tâche pour copie des fichiers
-  ansible.builtin.import_tasks: 07-copy-file.yml
-
- name: Inclure la tâche pour accepter la licence
-  ansible.builtin.import_tasks: 08-minecraft-eula.yml
-
- name: Inclure la tâche pour création du fichier server.properties
-  ansible.builtin.import_tasks: 09-minecraft-properties.yml
-
- name: Inclure la tâche création du service
-  ansible.builtin.import_tasks: 10-service.yml
-
- name: Inclure la tâche de vérification
-  ansible.builtin.import_tasks: 11-check.yml
@@ -1 +0,0 @@
-eula={{ server_properties_content.eula }}
@@ -1,40 +0,0 @@
-# [Service]
-Environment=SHELL=/bin/bash
-# Environment=TMUX_SESSION=minecraft
-# Environment=TMUX_WINDOW=spigot
-# Environment=JVM_OPTS="-server -XX:+UseConcMarkSweepGC -XX:MaxGCPauseMillis=50 -Xmx3G"
-# WorkingDirectory={{ minecraft_home }}
-# ExecStart=/bin/bash {{ minecraft_home }}/minecraft-server-start.sh
-# ExecStop=/bin/bash {{ minecraft_home }}/minecraft-server-stop.sh
-
-[Install]
-WantedBy=multi-user.target
-
-[Unit]
-Description=Minecraft Server
-Wants=network.target
-After=network.target
-
-[Service]
-User=minecraft
-Group=minecraft
-UMask=0027
-
-Restart=on-failure
-Type=forking
-Nice=1
-KillMode=none
-SuccessExitStatus=0 1 255
-StartLimitBurst=5
-
-NoNewPrivileges=true
-PrivateDevices=true
-ProtectHome=true
-ProtectSystem=full
-
-WorkingDirectory=/opt/minecraft/server
-ExecStart=/usr/bin/java -Xmx2048M -Xms2048M -jar spigot-1.21.8.jar nogui
-ExecStop=/opt/minecraft/tools/mcrcon/mcrcon -H 127.0.0.1 -P 25575 -p ${]Password} stop
-
-[Install]
-WantedBy=multi-user.target
@@ -1,4 +0,0 @@
-# Fichier généré par Ansible
-{% for key, value in server_properties_content.items() %}
-{{ key }}={{ value }}
-{% endfor %}
@@ -0,0 +1,14 @@
+---
+minecraft_version: "1.21.6"
+minecraft_user: minecraft
+minecraft_group: minecraft
+minecraft_home: /opt/minecraft
+minecraft_memory_min: "1G"
+minecraft_memory_max: "4G"
+minecraft_port: 25565
+minecraft_rcon_port: 25575
+minecraft_rcon_password: "changeme"
+
+spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
+mcrcon_version: "0.7.2"
+mcrcon_url: "https://github.com/Tiiffi/mcrcon/releases/download/v{{ mcrcon_version }}/mcrcon-{{ mcrcon_version }}-linux-x86-64.tar.gz"
@@ -0,0 +1,21 @@
+---
+- name: reload systemd
+  systemd:
+    daemon_reload: yes
+
+- name: enable minecraft service
+  systemd:
+    name: minecraft
+    enabled: yes
+
+- name: restart minecraft
+  systemd:
+    name: minecraft
+    state: restarted
+    enabled: yes
+
+- name: start minecraft
+  systemd:
+    name: minecraft
+    state: started
+    enabled: yes
@@ -0,0 +1,5 @@
+ name: Create minecraft group
+  group:
+    name: "{{ minecraft_group }}"
+    state: present
+  tags: ['minecraft-user']
@@ -0,0 +1,15 @@
+---
+- name: Create minecraft directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  loop:
+    - "{{ minecraft_home }}"
+    - "{{ minecraft_sources_dir }}"
+    - "{{ minecraft_server_dir }}"
+    - "{{ minecraft_tools_dir }}"
+    - "{{ minecraft_backups_dir }}"
+  tags: ['minecraft-directories']
@@ -0,0 +1,9 @@
+---
+- name: Download BuildTools.jar
+  get_url:
+    url: "{{ spigot_build_tools_url }}"
+    dest: "{{ minecraft_sources_dir }}/BuildTools.jar"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  tags: ['spigot-download']
@@ -0,0 +1,17 @@
+---
+- name: Download mcrcon
+  get_url:
+    url: "{{ mcrcon_url }}"
+    dest: "{{ minecraft_tools_dir }}/mcrcon.tar.gz"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+  tags: ['mcrcon-install']
+
+- name: Extract mcrcon
+  unarchive:
+    src: "{{ minecraft_tools_dir }}/mcrcon.tar.gz"
+    dest: "{{ minecraft_tools_dir }}"
+    remote_src: yes
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+  tags: ['mcrcon-install']
@@ -0,0 +1,19 @@
+---
+- name: Compile Spigot server
+  shell: |
+    cd {{ minecraft_sources_dir }}
+    java -jar BuildTools.jar --rev {{ minecraft_version }}
+  become_user: "{{ minecraft_user }}"
+  args:
+    creates: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar"
+  tags: ['spigot-compile']
+
+- name: Copy compiled Spigot to server directory
+  copy:
+    src: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar"
+    dest: "{{ minecraft_server_dir }}/spigot.jar"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+    remote_src: yes
+  tags: ['spigot-compile']
@@ -0,0 +1,37 @@
+---
+- name: Generate server.properties
+  template:
+    src: server.properties.j2
+    dest: "{{ minecraft_server_dir }}/server.properties"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  tags: ['minecraft-config']
+
+- name: Generate spigot.yml
+  template:
+    src: spigot.yml.j2
+    dest: "{{ minecraft_server_dir }}/spigot.yml"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  tags: ['minecraft-config']
+
+- name: Generate bukkit.yml
+  template:
+    src: bukkit.yml.j2
+    dest: "{{ minecraft_server_dir }}/bukkit.yml"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  tags: ['minecraft-config']
+
+- name: Accept EULA
+  lineinfile:
+    path: "{{ minecraft_server_dir }}/eula.txt"
+    line: "eula=true"
+    create: yes
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  tags: ['minecraft-config']
@@ -0,0 +1,10 @@
+---
+- name: Create systemd service file
+  template:
+    src: minecraft.service.j2
+    dest: /etc/systemd/system/minecraft.service
+    mode: '0644'
+  notify: 
+    - reload systemd
+    - enable minecraft service
+  tags: ['minecraft-service']
@@ -0,0 +1,7 @@
+---
+- name: Setup log rotation for Minecraft
+  template:
+    src: logrotate-minecraft.j2
+    dest: /etc/logrotate.d/minecraft
+    mode: '0644'
+  tags: ['minecraft-logs']
@@ -0,0 +1,9 @@
+---
+- name: Configure ops.json
+  template:
+    src: ops.json.j2
+    dest: "{{ minecraft_server_dir }}/ops.json"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  tags: ['minecraft-ops']
@@ -0,0 +1,20 @@
+---
+- name: Create plugins directory
+  file:
+    path: "{{ minecraft_server_dir }}/plugins"
+    state: directory
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  tags: ['minecraft-plugins']
+
+- name: Download plugins if specified
+  get_url:
+    url: "{{ item.url }}"
+    dest: "{{ minecraft_server_dir }}/plugins/{{ item.name }}"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+  loop: "{{ minecraft_plugins | default([]) }}"
+  when: minecraft_plugins is defined
+  tags: ['minecraft-plugins']
@@ -0,0 +1,40 @@
+---
+- name: Include user and group creation tasks
+  include_tasks: 01-create-user-group.yml
+  tags: ['minecraft', 'user']
+
+- name: Include directory creation tasks
+  include_tasks: 02-create-directories.yml
+  tags: ['minecraft', 'directories']
+
+- name: Include Spigot download tasks
+  include_tasks: 03-download-spigot.yml
+  tags: ['minecraft', 'download']
+
+- name: Include mcrcon installation tasks
+  include_tasks: 04-install-mcrcon.yml
+  tags: ['minecraft', 'mcrcon']
+
+- name: Include Spigot compilation tasks
+  include_tasks: 05-compile-spigot.yml
+  tags: ['minecraft', 'compile']
+
+- name: Include server configuration tasks
+  include_tasks: 06-configure-server.yml
+  tags: ['minecraft', 'configure']
+
+- name: Include service creation tasks
+  include_tasks: 07-create-service.yml
+  tags: ['minecraft', 'service']
+
+- name: Include log rotation setup tasks
+  include_tasks: 08-setup-log-rotation.yml
+  tags: ['minecraft', 'logs']
+
+- name: Include ops configuration tasks
+  include_tasks: 09-configure-ops.yml
+  tags: ['minecraft', 'ops']
+
+- name: Include plugins setup tasks
+  include_tasks: 10-setup-plugins.yml
+  tags: ['minecraft', 'plugins']
@@ -0,0 +1,12 @@
+{{ minecraft_server_dir }}/logs/*.log {
+    daily
+    missingok
+    rotate 52
+    compress
+    delaycompress
+    notifempty
+    create 644 {{ minecraft_user }} {{ minecraft_group }}
+    postrotate
+        systemctl reload minecraft
+    endscript
+}
@@ -0,0 +1,17 @@
+[Unit]
+Description=Minecraft Spigot Server
+After=network.target
+
+[Service]
+Type=forking
+User={{ minecraft_user }}
+Group={{ minecraft_group }}
+WorkingDirectory={{ minecraft_server_dir }}
+ExecStart=/usr/bin/java -Xms{{ minecraft_memory_min }} -Xmx{{ minecraft_memory_max }} -jar {{ minecraft_server_dir }}/spigot.jar nogui
+ExecStop={{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} stop
+RemainAfterExit=yes
+RestartSec=15
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,10 @@
+[
+{% for op in minecraft_ops | default([]) %}
+  {
+    "uuid": "{{ op.uuid }}",
+    "name": "{{ op.name }}",
+    "level": {{ op.level | default(4) }},
+    "bypassesPlayerLimit": {{ op.bypass_limit | default(false) | lower }}
+  }{% if not loop.last %},{% endif %}
+{% endfor %}
+]
@@ -0,0 +1,24 @@
+#Minecraft server properties
+server-name=Spigot Server
+server-port={{ minecraft_port }}
+max-players=20
+gamemode=survival
+difficulty=normal
+hardcore=false
+white-list=false
+enforce-whitelist=false
+pvp=true
+spawn-protection=16
+op-permission-level=4
+allow-flight=false
+enable-rcon=true
+rcon.port={{ minecraft_rcon_port }}
+rcon.password={{ minecraft_rcon_password }}
+motd=Minecraft Spigot Server managed by Ansible
+online-mode=true
+spawn-monsters=true
+generate-structures=true
+view-distance=10
+level-seed=
+level-name=world
+level-type=default
@@ -0,0 +1,8 @@
+---
+backup_retention_daily: 7
+backup_retention_weekly: 4
+backup_retention_monthly: 6
+backup_compression: true
+backup_remote_host: ""
+backup_remote_user: ""
+backup_remote_path: ""
@@ -0,0 +1,14 @@
+---
+- name: Create backup directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  loop:
+    - "{{ minecraft_backups_dir }}/daily"
+    - "{{ minecraft_backups_dir }}/weekly"
+    - "{{ minecraft_backups_dir }}/monthly"
+    - "{{ minecraft_backups_dir }}/scripts"
+  tags: ['backup-structure']
@@ -0,0 +1,27 @@
+---
+- name: Create daily backup script
+  template:
+    src: backup-daily.sh.j2
+    dest: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  tags: ['backup-scripts']
+
+- name: Create weekly backup script
+  template:
+    src: backup-weekly.sh.j2
+    dest: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  tags: ['backup-scripts']
+
+- name: Create monthly backup script
+  template:
+    src: backup-monthly.sh.j2
+    dest: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  tags: ['backup-scripts']
@@ -0,0 +1,29 @@
+---
+- name: Setup daily backup cron job
+  cron:
+    name: "Minecraft daily backup"
+    user: "{{ minecraft_user }}"
+    minute: "0"
+    hour: "2"
+    job: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh"
+  tags: ['backup-cron']
+
+- name: Setup weekly backup cron job
+  cron:
+    name: "Minecraft weekly backup"
+    user: "{{ minecraft_user }}"
+    minute: "0"
+    hour: "3"
+    weekday: "0"
+    job: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh"
+  tags: ['backup-cron']
+
+- name: Setup monthly backup cron job
+  cron:
+    name: "Minecraft monthly backup"
+    user: "{{ minecraft_user }}"
+    minute: "0"
+    hour: "4"
+    day: "1"
+    job: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh"
+  tags: ['backup-cron']
@@ -0,0 +1,9 @@
+---
+- name: Create restore script
+  template:
+    src: restore.sh.j2
+    dest: "{{ minecraft_backups_dir }}/scripts/restore.sh"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  tags: ['backup-restore']
@@ -0,0 +1,16 @@
+---
+- name: Include backup structure setup tasks
+  include_tasks: 01-setup-backup-structure.yml
+  tags: ['backup', 'setup']
+
+- name: Include backup scripts creation tasks
+  include_tasks: 02-create-backup-scripts.yml
+  tags: ['backup', 'scripts']
+
+- name: Include cron jobs setup tasks
+  include_tasks: 03-setup-cron-jobs.yml
+  tags: ['backup', 'cron']
+
+- name: Include restore script setup tasks
+  include_tasks: 04-setup-restore-script.yml
+  tags: ['backup', 'restore']
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+BACKUP_DIR="{{ minecraft_backups_dir }}/daily"
+SERVER_DIR="{{ minecraft_server_dir }}"
+DATE=$(date +%Y%m%d_%H%M%S)
+BACKUP_NAME="minecraft_daily_${DATE}"
+RETENTION={{ backup_retention_daily }}
+
+# Stop server for consistent backup
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
+sleep 5
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
+
+# Create backup
+rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
+
+# Re-enable saving
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
+
+# Compress backup if enabled
+{% if backup_compression %}
+tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
+rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
+{% endif %}
+
+# Clean old backups
+find "${BACKUP_DIR}" -name "minecraft_daily_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +${RETENTION} -delete
+
+echo "Daily backup completed: ${BACKUP_NAME}"
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+BACKUP_DIR="{{ minecraft_backups_dir }}/monthly"
+SERVER_DIR="{{ minecraft_server_dir }}"
+DATE=$(date +%Y%m%d_%H%M%S)
+BACKUP_NAME="minecraft_monthly_${DATE}"
+RETENTION={{ backup_retention_monthly }}
+
+# Stop server for consistent backup
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
+sleep 5
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
+
+# Create backup
+rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
+
+# Re-enable saving
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
+
+# Compress backup if enabled
+{% if backup_compression %}
+tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
+rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
+{% endif %}
+
+# Clean old backups
+find "${BACKUP_DIR}" -name "minecraft_monthly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 30)) -delete
+
+echo "Monthly backup completed: ${BACKUP_NAME}"
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+BACKUP_DIR="{{ minecraft_backups_dir }}/weekly"
+SERVER_DIR="{{ minecraft_server_dir }}"
+DATE=$(date +%Y%m%d_%H%M%S)
+BACKUP_NAME="minecraft_weekly_${DATE}"
+RETENTION={{ backup_retention_weekly }}
+
+# Stop server for consistent backup
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
+sleep 5
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
+
+# Create backup
+rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
+
+# Re-enable saving
+{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
+
+# Compress backup if enabled
+{% if backup_compression %}
+tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
+rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
+{% endif %}
+
+# Clean old backups
+find "${BACKUP_DIR}" -name "minecraft_weekly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 7)) -delete
+
+echo "Weekly backup completed: ${BACKUP_NAME}"
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+BACKUP_TYPE="$1"  # daily, weekly, monthly
+BACKUP_DATE="$2"  # YYYYMMDD_HHMMSS format
+SERVER_DIR="{{ minecraft_server_dir }}"
+BACKUP_BASE_DIR="{{ minecraft_backups_dir }}"
+
+if [ $# -ne 2 ]; then
+    echo "Usage: $0 <backup_type> <backup_date>"
+    echo "Example: $0 daily 20241201_020000"
+    echo "Available backups:"
+    echo "Daily:"
+    ls -1 "${BACKUP_BASE_DIR}/daily/" | grep minecraft_daily
+    echo "Weekly:"
+    ls -1 "${BACKUP_BASE_DIR}/weekly/" | grep minecraft_weekly
+    echo "Monthly:"
+    ls -1 "${BACKUP_BASE_DIR}/monthly/" | grep minecraft_monthly
+    exit 1
+fi
+
+BACKUP_NAME="minecraft_${BACKUP_TYPE}_${BACKUP_DATE}"
+BACKUP_DIR="${BACKUP_BASE_DIR}/${BACKUP_TYPE}"
+
+{% if backup_compression %}
+BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}.tar.gz"
+{% else %}
+BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}"
+{% endif %}
+
+if [ ! -e "${BACKUP_FILE}" ]; then
+    echo "Backup not found: ${BACKUP_FILE}"
+    exit 1
+fi
+
+# Stop Minecraft server
+systemctl stop minecraft
+
+# Backup current server (just in case)
+RESTORE_BACKUP_DIR="${BACKUP_BASE_DIR}/restore_backup"
+mkdir -p "${RESTORE_BACKUP_DIR}"
+mv "${SERVER_DIR}" "${RESTORE_BACKUP_DIR}/server_before_restore_$(date +%Y%m%d_%H%M%S)"
+
+# Restore from backup
+{% if backup_compression %}
+mkdir -p "${SERVER_DIR}"
+tar -xzf "${BACKUP_FILE}" -C "${BACKUP_DIR}"
+rsync -av "${BACKUP_DIR}/${BACKUP_NAME}/" "${SERVER_DIR}/"
+rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
+{% else %}
+rsync -av "${BACKUP_FILE}/" "${SERVER_DIR}/"
+{% endif %}
+
+# Fix permissions
+chown -R {{ minecraft_user }}:{{ minecraft_group }} "${SERVER_DIR}"
+
+# Start Minecraft server
+systemctl start minecraft
+
+echo "Restore completed from: ${BACKUP_FILE}"
@@ -0,0 +1,5 @@
+---
+update_check_interval: daily
+ssh_keys_check_enabled: true
+system_update_check_enabled: true
+spigot_update_check_enabled: true
@@ -0,0 +1,7 @@
+---
+- name: reboot if needed
+  reboot:
+    reboot_timeout: 300
+  when: 
+    - ansible_kernel != ansible_kernel_before_update | default(ansible_kernel)
+    - reboot_required | default(false)
@@ -0,0 +1,14 @@
+---
+- name: Check for new SSH keys in authorized_keys
+  stat:
+    path: /home/{{ ansible_user }}/.ssh/authorized_keys
+  register: ssh_keys_stat
+
+- name: Update SSH keys if changed
+  authorized_key:
+    user: "{{ ansible_user }}"
+    key: "{{ item }}"
+    state: present
+  loop: "{{ ssh_public_keys | default([]) }}"
+  when: ssh_public_keys is defined
+  tags: ['ssh-keys-update']
@@ -0,0 +1,23 @@
+---
+- name: Check for system updates (Debian/Ubuntu)
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  register: apt_cache_update
+  when: ansible_os_family == "Debian"
+
+- name: Check available upgrades
+  shell: apt list --upgradable 2>/dev/null | grep -v WARNING | wc -l
+  register: available_upgrades
+  changed_when: false
+  when: ansible_os_family == "Debian"
+
+- name: Apply system updates if available
+  apt:
+    upgrade: yes
+    autoremove: yes
+    autoclean: yes
+  when: 
+    - ansible_os_family == "Debian"
+    - available_upgrades.stdout | int > 1
+  notify: reboot if needed
@@ -0,0 +1,26 @@
+---
+- name: Get current Spigot version
+  stat:
+    path: "{{ minecraft_server_dir }}/spigot.jar"
+  register: current_spigot
+
+- name: Check latest Spigot version available
+  uri:
+    url: "https://api.papermc.io/v2/projects/paper/versions"
+    method: GET
+    return_content: yes
+  register: spigot_versions_api
+  failed_when: false
+
+- name: Parse latest version
+  set_fact:
+    latest_spigot_version: "{{ (spigot_versions_api.json.versions | last) if spigot_versions_api.json is defined else minecraft_version }}"
+
+- name: Compare versions
+  set_fact:
+    new_spigot_available: "{{ latest_spigot_version != minecraft_version }}"
+  when: latest_spigot_version is defined
+
+- name: Display version information
+  debug:
+    msg: "Current: {{ minecraft_version }}, Latest: {{ latest_spigot_version | default('Unknown') }}, Update available: {{ new_spigot_available | default(false) }}"
@@ -0,0 +1,16 @@
+---
+- name: Create temporary build directory
+  file:
+    path: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}"
+    state: directory
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+
+- name: Download BuildTools for new version
+  get_url:
+    url: "{{ spigot_build_tools_url }}"
+    dest: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/BuildTools.jar"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
@@ -0,0 +1,38 @@
+---
+- name: Compile new Spigot version
+  shell: |
+    cd {{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}
+    java -jar BuildTools.jar --rev {{ latest_spigot_version }}
+  become_user: "{{ minecraft_user }}"
+  args:
+    creates: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar"
+  register: spigot_compile_result
+
+- name: Set compilation success flag
+  set_fact:
+    new_spigot_compiled: "{{ spigot_compile_result.rc == 0 }}"
+
+- name: Create new server directory
+  file:
+    path: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}"
+    state: directory
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+  when: new_spigot_compiled
+
+- name: Copy new Spigot jar to new server directory
+  copy:
+    src: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar"
+    dest: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}/spigot.jar"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0644'
+    remote_src: yes
+  when: new_spigot_compiled
+
+- name: Copy configuration files to new server directory
+  shell: |
+    cp -r {{ minecraft_server_dir }}/* {{ minecraft_server_dir }}_{{ latest_spigot_version }}/
+    chown -R {{ minecraft_user }}:{{ minecraft_group }} {{ minecraft_server_dir }}_{{ latest_spigot_version }}
+  when: new_spigot_compiled
@@ -0,0 +1,29 @@
+---
+- name: Stop Minecraft service
+  systemd:
+    name: minecraft
+    state: stopped
+
+- name: Create version switch script
+  template:
+    src: version-switch.sh.j2
+    dest: "{{ minecraft_tools_dir }}/version-switch.sh"
+    owner: "{{ minecraft_user }}"
+    group: "{{ minecraft_group }}"
+    mode: '0755'
+
+- name: Execute version switch
+  shell: "{{ minecraft_tools_dir }}/version-switch.sh {{ minecraft_version }} {{ latest_spigot_version }}"
+  become_user: "{{ minecraft_user }}"
+  register: version_switch_result
+
+- name: Update minecraft_version variable
+  set_fact:
+    minecraft_version: "{{ latest_spigot_version }}"
+  when: version_switch_result.rc == 0
+
+- name: Start Minecraft service
+  systemd:
+    name: minecraft
+    state: started
+  when: version_switch_result.rc == 0
--- a/Show More
+++ b/Show More