From 31711c7627e92d49e01bb33dd24a4ec65257782d Mon Sep 17 00:00:00 2001 From: hcornet Date: Tue, 26 Aug 2025 14:28:09 +0200 Subject: [PATCH] update --- .gitea/workflows/ci.yml | 51 ---- .gitea/workflows/deploy.yml | 54 +++++ .gitea/workflows/lint.yml | 33 +++ .gitignore | 37 ++- README.md | 229 +++++++++++++++--- ansible.cfg | 15 ++ files/eula.txt | 1 - files/minecraft.service | 26 -- group_vars/all.yml | 19 -- host_vars/tmp.txt | 1 - inventories/production/group_vars/all.yml | 17 ++ .../group_vars/minecraft_servers.yml | 27 +++ inventories/production/hosts.yml | 13 + inventories/staging/group_vars/all.yml | 17 ++ .../staging/group_vars/minecraft_servers.yml | 27 +++ inventories/staging/hosts.yml | 9 + inventory/production/hosts | 2 - inventory/staging/hosts | 2 - playbook.yml | 9 - roles/01-java/tasks/01-check-java.yml | 5 - roles/01-java/tasks/02-install-java.yml | 6 - roles/01-java/tasks/03-check-java-install.yml | 5 - roles/01-java/tasks/04-display-version.yml | 4 - roles/01-java/tasks/main.yml | 12 - roles/01-server_hardening/defaults/main.yml | 25 ++ roles/01-server_hardening/handlers/main.yml | 0 .../tasks/01-update-system.yml | 7 + .../tasks/02-configure-ssh.yml | 11 + .../tasks/03-configure-firewall.yml | 6 + .../tasks/04-install-fail2ban.yml | 7 + .../tasks/05-additional-hardening.yml | 11 + roles/01-server_hardening/tasks/main.yml | 20 ++ .../templates/fail2ban.local.j2 | 26 ++ .../templates/sshd_config.j2 | 47 ++++ .../templates/ufw_rules.j2 | 14 ++ roles/01-server_hardening/vars/main.yml | 0 roles/02-installation-java/defaults/main.yml | 4 + roles/02-installation-java/handlers/main.yml | 0 .../tasks/01-check-java.yml | 7 + .../tasks/02-install-java.yml | 6 + .../tasks/03-verify-java.yml | 6 + .../tasks/04-validate-installation.yml | 7 + roles/02-installation-java/tasks/main.yml | 17 ++ roles/02-installation-java/vars/main.yml | 0 roles/02-minecraft_server/handlers/main.yml | 10 - .../tasks/01-create-minecraft-group.yml | 5 - .../tasks/02-create-minecraft-user.yml | 8 - .../tasks/03-create-minecraft-home.yml | 8 - .../02-minecraft_server/tasks/04-download.yml | 9 - roles/02-minecraft_server/tasks/05-build.yml | 8 - roles/02-minecraft_server/tasks/06-check.yml | 5 - .../tasks/07-copy-file.yml | 10 - .../tasks/08-minecraft-eula.yml | 8 - .../tasks/09-minecraft-properties.yml | 7 - .../02-minecraft_server/tasks/10-service.yml | 11 - roles/02-minecraft_server/tasks/11-check.yml | 7 - roles/02-minecraft_server/tasks/main.yml | 33 --- .../02-minecraft_server/templates/eula.txt.j2 | 1 - .../templates/minecraft.service.j2 | 40 --- .../templates/server.properties.j2 | 4 - .../defaults/main.yml | 14 ++ .../handlers/main.yml | 21 ++ .../tasks/01-create-user-group.yml | 5 + .../tasks/02-create-directories.yml | 15 ++ .../tasks/03-download-spigot.yml | 9 + .../tasks/04-install-mcrcon.yml | 17 ++ .../tasks/05-compile-spigotyml | 19 ++ .../tasks/06-configure-server.yml | 37 +++ .../tasks/07-create-service.yml | 10 + .../tasks/08-setup-log-rotation.yml | 7 + .../tasks/09-configure-ops.yml | 9 + .../tasks/10-setup-plugins.yml | 20 ++ .../03-installation-minecraft/tasks/main.yml | 40 +++ .../templates/bukkit.yml.j2 | 0 .../templates/logrotate-minecraft.j2 | 12 + .../templates/minecraft.service.j2 | 17 ++ .../templates/ops.json.j2 | 10 + .../templates/server.properties.j2 | 24 ++ .../templates/spigot.yml.j2 | 0 roles/03-installation-minecraft/vars/main.yml | 0 roles/04-backups/defaults/main.yml | 8 + roles/04-backups/handlers/main.yml | 0 .../tasks/01-setup-backup-structure.yml | 14 ++ .../tasks/02-create-backup-scripts.yml | 27 +++ roles/04-backups/tasks/03-setup-cron-jobs.yml | 29 +++ .../tasks/04-setup-restore-script.yml | 9 + roles/04-backups/tasks/main.yml | 16 ++ roles/04-backups/templates/backup-daily.sh.j2 | 29 +++ .../04-backups/templates/backup-monthly.sh.j2 | 29 +++ .../04-backups/templates/backup-weekly.sh.j2 | 29 +++ roles/04-backups/templates/restore.sh.j2 | 59 +++++ roles/04-backups/vars/main.yml | 0 roles/05-update/defaults/main.yml | 5 + roles/05-update/handlers/main.yml | 7 + roles/05-update/tasks/01-check-ssh-keys.yml | 14 ++ .../tasks/02-check-system-updates.yml | 23 ++ .../tasks/03-check-spigot-version.yml | 26 ++ .../tasks/04-download-new-spigot.yml | 16 ++ .../tasks/05-compile-new-version.yml | 38 +++ roles/05-update/tasks/06-switch-versions.yml | 29 +++ roles/05-update/tasks/07-cleanup.yml | 13 + roles/05-update/tasks/main.yml | 34 +++ .../05-update/templates/version-switch.sh.j2 | 18 ++ roles/05-update/vars/main.yml | 0 site.yml | 11 + 105 files changed, 1419 insertions(+), 366 deletions(-) delete mode 100644 .gitea/workflows/ci.yml create mode 100644 .gitea/workflows/deploy.yml create mode 100644 .gitea/workflows/lint.yml create mode 100644 ansible.cfg delete mode 100644 files/eula.txt delete mode 100644 files/minecraft.service delete mode 100644 group_vars/all.yml delete mode 100644 host_vars/tmp.txt create mode 100644 inventories/production/group_vars/all.yml create mode 100644 inventories/production/group_vars/minecraft_servers.yml create mode 100644 inventories/production/hosts.yml create mode 100644 inventories/staging/group_vars/all.yml create mode 100644 inventories/staging/group_vars/minecraft_servers.yml create mode 100644 inventories/staging/hosts.yml delete mode 100644 inventory/production/hosts delete mode 100644 inventory/staging/hosts delete mode 100644 playbook.yml delete mode 100644 roles/01-java/tasks/01-check-java.yml delete mode 100644 roles/01-java/tasks/02-install-java.yml delete mode 100644 roles/01-java/tasks/03-check-java-install.yml delete mode 100644 roles/01-java/tasks/04-display-version.yml delete mode 100644 roles/01-java/tasks/main.yml create mode 100644 roles/01-server_hardening/defaults/main.yml create mode 100644 roles/01-server_hardening/handlers/main.yml create mode 100644 roles/01-server_hardening/tasks/01-update-system.yml create mode 100644 roles/01-server_hardening/tasks/02-configure-ssh.yml create mode 100644 roles/01-server_hardening/tasks/03-configure-firewall.yml create mode 100644 roles/01-server_hardening/tasks/04-install-fail2ban.yml create mode 100644 roles/01-server_hardening/tasks/05-additional-hardening.yml create mode 100644 roles/01-server_hardening/tasks/main.yml create mode 100644 roles/01-server_hardening/templates/fail2ban.local.j2 create mode 100644 roles/01-server_hardening/templates/sshd_config.j2 create mode 100644 roles/01-server_hardening/templates/ufw_rules.j2 create mode 100644 roles/01-server_hardening/vars/main.yml create mode 100644 roles/02-installation-java/defaults/main.yml create mode 100644 roles/02-installation-java/handlers/main.yml create mode 100644 roles/02-installation-java/tasks/01-check-java.yml create mode 100644 roles/02-installation-java/tasks/02-install-java.yml create mode 100644 roles/02-installation-java/tasks/03-verify-java.yml create mode 100644 roles/02-installation-java/tasks/04-validate-installation.yml create mode 100644 roles/02-installation-java/tasks/main.yml create mode 100644 roles/02-installation-java/vars/main.yml delete mode 100644 roles/02-minecraft_server/handlers/main.yml delete mode 100644 roles/02-minecraft_server/tasks/01-create-minecraft-group.yml delete mode 100644 roles/02-minecraft_server/tasks/02-create-minecraft-user.yml delete mode 100644 roles/02-minecraft_server/tasks/03-create-minecraft-home.yml delete mode 100644 roles/02-minecraft_server/tasks/04-download.yml delete mode 100644 roles/02-minecraft_server/tasks/05-build.yml delete mode 100644 roles/02-minecraft_server/tasks/06-check.yml delete mode 100644 roles/02-minecraft_server/tasks/07-copy-file.yml delete mode 100644 roles/02-minecraft_server/tasks/08-minecraft-eula.yml delete mode 100644 roles/02-minecraft_server/tasks/09-minecraft-properties.yml delete mode 100644 roles/02-minecraft_server/tasks/10-service.yml delete mode 100644 roles/02-minecraft_server/tasks/11-check.yml delete mode 100644 roles/02-minecraft_server/tasks/main.yml delete mode 100644 roles/02-minecraft_server/templates/eula.txt.j2 delete mode 100644 roles/02-minecraft_server/templates/minecraft.service.j2 delete mode 100644 roles/02-minecraft_server/templates/server.properties.j2 create mode 100644 roles/03-installation-minecraft/defaults/main.yml create mode 100644 roles/03-installation-minecraft/handlers/main.yml create mode 100644 roles/03-installation-minecraft/tasks/01-create-user-group.yml create mode 100644 roles/03-installation-minecraft/tasks/02-create-directories.yml create mode 100644 roles/03-installation-minecraft/tasks/03-download-spigot.yml create mode 100644 roles/03-installation-minecraft/tasks/04-install-mcrcon.yml create mode 100644 roles/03-installation-minecraft/tasks/05-compile-spigotyml create mode 100644 roles/03-installation-minecraft/tasks/06-configure-server.yml create mode 100644 roles/03-installation-minecraft/tasks/07-create-service.yml create mode 100644 roles/03-installation-minecraft/tasks/08-setup-log-rotation.yml create mode 100644 roles/03-installation-minecraft/tasks/09-configure-ops.yml create mode 100644 roles/03-installation-minecraft/tasks/10-setup-plugins.yml create mode 100644 roles/03-installation-minecraft/tasks/main.yml create mode 100644 roles/03-installation-minecraft/templates/bukkit.yml.j2 create mode 100644 roles/03-installation-minecraft/templates/logrotate-minecraft.j2 create mode 100644 roles/03-installation-minecraft/templates/minecraft.service.j2 create mode 100644 roles/03-installation-minecraft/templates/ops.json.j2 create mode 100644 roles/03-installation-minecraft/templates/server.properties.j2 create mode 100644 roles/03-installation-minecraft/templates/spigot.yml.j2 create mode 100644 roles/03-installation-minecraft/vars/main.yml create mode 100644 roles/04-backups/defaults/main.yml create mode 100644 roles/04-backups/handlers/main.yml create mode 100644 roles/04-backups/tasks/01-setup-backup-structure.yml create mode 100644 roles/04-backups/tasks/02-create-backup-scripts.yml create mode 100644 roles/04-backups/tasks/03-setup-cron-jobs.yml create mode 100644 roles/04-backups/tasks/04-setup-restore-script.yml create mode 100644 roles/04-backups/tasks/main.yml create mode 100644 roles/04-backups/templates/backup-daily.sh.j2 create mode 100644 roles/04-backups/templates/backup-monthly.sh.j2 create mode 100644 roles/04-backups/templates/backup-weekly.sh.j2 create mode 100644 roles/04-backups/templates/restore.sh.j2 create mode 100644 roles/04-backups/vars/main.yml create mode 100644 roles/05-update/defaults/main.yml create mode 100644 roles/05-update/handlers/main.yml create mode 100644 roles/05-update/tasks/01-check-ssh-keys.yml create mode 100644 roles/05-update/tasks/02-check-system-updates.yml create mode 100644 roles/05-update/tasks/03-check-spigot-version.yml create mode 100644 roles/05-update/tasks/04-download-new-spigot.yml create mode 100644 roles/05-update/tasks/05-compile-new-version.yml create mode 100644 roles/05-update/tasks/06-switch-versions.yml create mode 100644 roles/05-update/tasks/07-cleanup.yml create mode 100644 roles/05-update/tasks/main.yml create mode 100644 roles/05-update/templates/version-switch.sh.j2 create mode 100644 roles/05-update/vars/main.yml create mode 100644 site.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml deleted file mode 100644 index 5c0b08f..0000000 --- a/.gitea/workflows/ci.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Run ansible -on: - push: - schedule: - - cron: "0 */12 * * *" - -jobs: - ansible_lint_and_syntax_check: - runs-on: ubuntu-latest - steps: - - name: Check out repository code - uses: actions/checkout@v4 - - - name: Install ansible - run: | - apt update && apt upgrade -y - - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: Install Ansible and dependencies - run: | - pip install ansible ansible-lint - - - name: Run Ansible Lint - run: ansible-lint - continue-on-error: true - - - name: Run playbook "Minecraft" - run: | - ansible-playbook -i inventories/hosts playbook.yml - - run-ansible-playbook: - needs: ansible_lint_and_syntax_check # Ce job dépend du succès du précédent - runs-on: ubuntu-latest - if: gitea.ref == 'refs/heads/main' # Ce job ne s'exécute que pour les push sur la branche 'main' - - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: Install Ansible and dependencies - run: | - pip install ansible \ No newline at end of file diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..13a49ca --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,54 @@ +name: Deploy Minecraft Server + +on: + push: + branches: [ main ] + workflow_dispatch: + inputs: + environment: + description: 'Environment to deploy' + required: true + default: 'staging' + type: choice + options: + - staging + - production + +jobs: + deploy: + runs-on: ubuntu-latest + environment: ${{ github.event.inputs.environment || 'staging' }} + steps: + - uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Install Ansible + run: pip install ansible + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.ANSIBLE_SSH_KEY }}" > ~/.ssh/ansible_key + chmod 600 ~/.ssh/ansible_key + ssh-keyscan -H ${{ secrets.ANSIBLE_HOST }} >> ~/.ssh/known_hosts + + - name: Create vault password file + run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.ansible_vault_pass + + - name: Deploy to staging + if: ${{ github.event.inputs.environment == 'staging' || github.ref == 'refs/heads/develop' }} + run: | + ansible-playbook -i inventories/staging/hosts.yml site.yml \ + --vault-password-file ~/.ansible_vault_pass \ + --private-key ~/.ssh/ansible_key + + - name: Deploy to production + if: ${{ github.event.inputs.environment == 'production' || github.ref == 'refs/heads/main' }} + run: | + ansible-playbook -i inventories/production/hosts.yml site.yml \ + --vault-password-file ~/.ansible_vault_pass \ + --private-key ~/.ssh/ansible_key \ No newline at end of file diff --git a/.gitea/workflows/lint.yml b/.gitea/workflows/lint.yml new file mode 100644 index 0000000..ed77302 --- /dev/null +++ b/.gitea/workflows/lint.yml @@ -0,0 +1,33 @@ +name: Ansible Lint + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main ] + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Install dependencies + run: | + pip install ansible ansible-lint yamllint + + - name: Run yamllint + run: yamllint . + + - name: Run ansible-lint + run: ansible-lint + + - name: Validate inventory files + run: | + ansible-inventory --list -i inventories/production/hosts.yml + ansible-inventory --list -i inventories/staging/hosts.yml \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8c2b884..c93c5f5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,29 @@ -# ---> VisualStudioCode -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json -!.vscode/*.code-snippets +# Ansible +*.retry +.vault_pass +.ansible_vault_pass -# Local History for Visual Studio Code -.history/ +# SSH keys +*.pem +*.key +id_rsa* +ansible_key* -# Built Visual Studio Code Extensions -*.vsix +# Temporary files +*.tmp +*.temp +.DS_Store +Thumbs.db +# IDE +.vscode/ +.idea/ +*.swp +*.swo + +# Logs +*.log + +# Backups +*.bak +*.backup \ No newline at end of file diff --git a/README.md b/README.md index 6c4e9df..45b6dc7 100644 --- a/README.md +++ b/README.md @@ -1,62 +1,215 @@ -# Mincraft Ansible +# Minecraft Spigot Server - Ansible Deployment -Simplifier la gestion de Minecraft sur votre serveur Debian à l'aide d'Ansible. +Ce projet Ansible permet de déployer automatiquement un serveur Minecraft Spigot complet avec hardening de sécurité, sauvegarde automatisée et gestion des mises à jour. -Les instructions suivantes sont destinées à la mise en place d'un serveur Minecraft à partir de zéro en utilisant debian comme système d'exploitation. -Cela peut se faire sur une machine physique ou une machine virtuelle. -Cependant, les bases de ce projet pourraient facilement être réutilisées pour gérer un serveur existant ou même plusieurs serveurs. +## 🚀 Fonctionnalités -## Préconisation +### ✅ Rôles disponibles +- **01-server_hardening** : Durcissement sécuritaire du serveur +- **02-installation-java** : Installation automatique de Java OpenJDK +- **03-installation-minecraft** : Déploiement complet du serveur Spigot +- **04-backups** : Système de sauvegarde automatisé +- **05-update** : Gestion des mises à jour automatisées -1. Installer l'édition du serveur Debian 12. ou 13. , en sélectionnant l'option serveur SSH lorsque cela est demandé pour un logiciel d'ajout à installer. -2. Copiez votre clé SSH dans le nouveau serveur à l'aide de «ssh-copy-id». +### 🔧 Composants installés +- **Spigot 1.21.6** : Serveur Minecraft optimisé +- **mcrcon** : Administration à distance via RCON +- **Java 21** : Version optimale pour Spigot +- **Fail2Ban** : Protection contre les attaques par force brute +- **UFW** : Pare-feu simplifié +- **Logrotate** : Rotation automatique des logs -## Mise en place +## 📁 Structure du projet -1. Installer Ansible -2. Ajoutez votre serveur Minecraft à l'adresse suivante: +``` +minecraft-spigot-ansible/ +├── README.md # Documentation principale +├── site.yml # Playbook principal +├── ansible.cfg # Configuration Ansible +├── inventories/ # Inventaires des serveurs +│ ├── production/ # Environnement de production +│ └── staging/ # Environnement de test +├── roles/ # Rôles Ansible +│ ├── 01-server_hardening/ # Sécurisation du serveur +│ ├── 02-installation-java/ # Installation Java +│ ├── 03-installation-minecraft/ # Déploiement Minecraft +│ ├── 04-backups/ # Système de sauvegarde +│ └── 05-update/ # Gestion des mises à jour +└── .gitea/workflows/ # CI/CD Gitea + ├── lint.yml # Tests et validation + └── deploy.yml # Déploiement automatique +``` - [minecraft] - your.hostname.or.ip.address +## ⚙️ Configuration requise -3. Installer les forfaits nécessaires à Ansible pour travailler en exécutant: +### Serveur cible +- **OS** : Debian 10/11/12/13 ou Ubuntu LTS +- **RAM** : Minimum 2GB (4GB recommandés) +- **Stockage** : 20GB minimum +- **Réseau** : Accès Internet pour téléchargements - ansible-playbook -K -l minecraft playbooks/main.yml +### Serveur de contrôle +- **Ansible** : Version 2.9 ou supérieure +- **Python** : 3.8 ou supérieure +- **SSH** : Accès par clé aux serveurs cibles -## Installation +## 🛠️ Installation et configuration -### Spigot +### 1. Préparation de l'environnement -1. Ajoutez une variable définissant l'endroit où trouver votre exemplaire de la version 1649 du bocal Spigot à "/etc/ansible/hôtes": +```bash +# Cloner le repository +git clone https://your-gitea-instance.com/your-repo/minecraft-spigot-ansible.git +cd minecraft-spigot-ansible - [minecraft:vars] - spigot1649-path/path/to/spigot1649.jar +# Installer Ansible (si nécessaire) +pip install ansible ansible-lint yamllint -2. Exécuter ce qui suit pour configurer le serveur pour exécuter Spigot: +# Configurer les clés SSH +ssh-keygen -t ed25519 -f ~/.ssh/ansible_key +ssh-copy-id -i ~/.ssh/ansible_key.pub ansible@your-server-ip +``` - ansible-playbook -K-l minecraft playbooks/01-install-server.yml +### 2. Configuration des inventaires -## Mise à jour Spigot +#### Production (`inventories/production/hosts.yml`) +```yaml +all: + children: + minecraft_servers: + hosts: + minecraft-prod-01: + ansible_host: YOUR_PROD_IP + ansible_user: ansible +``` -Pour mettre à jour le patch appliqué à Spigot, soit mettre à jour les valeurs dans 'roles/spigot-server/defaults/main..yml', soit ajouter -les versions mises à jour des variables suivantes dans la section `[minecraft:vars]` de votre `/etc/ansible/hosts` : +#### Variables globales (`inventories/production/group_vars/minecraft_servers.yml`) +```yaml +minecraft_version: "1.21.6" +minecraft_memory_min: "1G" +minecraft_memory_max: "4G" +minecraft_rcon_password: "your-secure-password" +``` - - Quelle version du patch Spigot appliquer - spigot-patch-version: '20141113a' - (addition de contrôle MD5 du dispositif transdermique appliqué) - '12ace759005798adf91d9fe4675fff48' - (en anglais) - spigot-patched-jar-md5: '870c9021be261bd285c966c642b23c32' +### 3. Configuration des secrets -Puis re-réparer: +Créer un fichier vault pour les mots de passe : +```bash +ansible-vault create inventories/production/group_vars/vault.yml +``` - ansible-playbook -K -l minecraft playbooks/02-update-server.yml +Contenu du vault : +```yaml +vault_minecraft_rcon_password: "your-secure-rcon-password" +vault_mysql_password: "your-mysql-password" +``` -## Consosole de serveur Minecraft +## 🚀 Déploiement -Pour se connecter à la console du serveur Minecraft: +### Déploiement manuel -1. SSH à votre serveur. -2. Execution : +```bash +# Test de connectivité +ansible all -i inventories/production/hosts.yml -m ping - sudo -u minecraft tmux joint-session -t minecraft +# Déploiement complet +ansible-playbook -i inventories/production/hosts.yml site.yml --ask-vault-pass + +# Déploiement par rôle spécifique +ansible-playbook -i inventories/production/hosts.yml site.yml --tags "minecraft" --ask-vault-pass +``` + +### Déploiement par tags + +```bash +# Sécurisation uniquement +ansible-playbook site.yml --tags "hardening" + +# Installation Java uniquement +ansible-playbook site.yml --tags "java" + +# Configuration Minecraft uniquement +ansible-playbook site.yml --tags "minecraft" + +# Configuration des sauvegardes uniquement +ansible-playbook site.yml --tags "backup" + +# Mises à jour uniquement +ansible-playbook site.yml --tags "update" +``` + +## 🔐 Sécurité + +### Hardening automatique inclus +- **SSH** : Configuration sécurisée (clés uniquement, port personnalisable) +- **Firewall** : UFW avec règles restrictives +- **Fail2Ban** : Protection anti-bruteforce +- **Permissions** : Utilisateur dédié minecraft +- **Logs** : Rotation automatique et surveillance + +### Ports ouverts par défaut +- **22/tcp** : SSH (configurable) +- **25565/tcp** : Minecraft +- **25575/tcp** : RCON (localhost uniquement) + +## 💾 Système de sauvegarde + +### Types de sauvegardes +- **Quotidienne** : 2h00, rétention 7 jours +- **Hebdomadaire** : Dimanche 3h00, rétention 4 semaines +- **Mensuelle** : 1er du mois 4h00, rétention 6 mois + +### Localisation des sauvegardes +``` +/opt/minecraft/backups/ +├── daily/ # Sauvegardes quotidiennes +├── weekly/ # Sauvegardes hebdomadaires +├── monthly/ # Sauvegardes mensuelles +└── scripts/ # Scripts de sauvegarde +``` + +### Restauration +```bash +# Lister les sauvegardes disponibles +sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh + +# Restaurer une sauvegarde spécifique +sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh daily 20241201_020000 +``` + +## 🔄 Gestion des mises à jour + +### Mises à jour automatiques +Le rôle `05-update` vérifie et applique automatiquement : +- **Clés SSH** : Nouvelles clés autorisées +- **Système** : Paquets Debian/Ubuntu +- **Spigot** : Nouvelles versions disponibles + +### Processus de mise à jour Spigot +1. Détection nouvelle version +2. Téléchargement BuildTools +3. Compilation en parallèle +4. Tests de la nouvelle version +5. Basculement sans interruption +6. Nettoyage des anciennes versions + +## 🎮 Administration du serveur + +### Commandes utiles + +```bash +# Statut du service +systemctl status minecraft + +# Logs en temps réel +journalctl -u minecraft -f + +# Console RCON +/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password + +# Commandes RCON utiles +/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "say Serveur en maintenance" +/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "stop" +``` + +### Structure des fichiers Minecraft diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..50bc86f --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,15 @@ +[defaults] +host_key_checking = False +inventory = inventories/production/hosts.yml +remote_user = ansible +private_key_file = ~/.ssh/ansible_key +roles_path = roles +stdout_callback = yaml +gathering = smart +fact_caching = memory +forks = 5 +timeout = 30 + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no +pipelining = True \ No newline at end of file diff --git a/files/eula.txt b/files/eula.txt deleted file mode 100644 index ac74b96..0000000 --- a/files/eula.txt +++ /dev/null @@ -1 +0,0 @@ -eula=true \ No newline at end of file diff --git a/files/minecraft.service b/files/minecraft.service deleted file mode 100644 index 2778f23..0000000 --- a/files/minecraft.service +++ /dev/null @@ -1,26 +0,0 @@ - -[Unit] -Description=Minecraft Server -Wants=network.target -After=network.target - -[Service] -User=minecraft -Group=minecraft -UMask=0027 - -Nice=1 -KillMode=none -SuccessExitStatus=0 1 255 - -NoNewPrivileges=true -PrivateDevices=true -ProtectHome=true -ProtectSystem=full - -WorkingDirectory=/opt/minecraft/server -ExecStart=/usr/bin/java -Xmx2048M -Xms2048M -jar spigot-1.21.8.jar nogui -ExecStop=/opt/minecraft/tools/mcrcon/mcrcon -H 127.0.0.1 -P 25575 -p ${]Password} stop - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/group_vars/all.yml b/group_vars/all.yml deleted file mode 100644 index ec2c243..0000000 --- a/group_vars/all.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Variables pour le rôle Java -java_version: 17 -java_package: openjdk-{{ java_version }}-jdk - -# Variables pour le rôle du serveur Minecraft -minecraft_user: minecraft -minecraft_group: minecraft -minecraft_dir: /opt/minecraft -spigot_download_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar" -spigot_jar_name: spigot-{{ minecraft_version }}.jar -minecraft_version: 1.20.4 -server_properties_content: - eula: "true" - server-port: "25565" - max-players: "20" - motd: "Bienvenue sur notre serveur Minecraft !" - online-mode: "true" - # Ajoutez d'autres options si nécessaire \ No newline at end of file diff --git a/host_vars/tmp.txt b/host_vars/tmp.txt deleted file mode 100644 index aaf3f73..0000000 --- a/host_vars/tmp.txt +++ /dev/null @@ -1 +0,0 @@ -# tmp \ No newline at end of file diff --git a/inventories/production/group_vars/all.yml b/inventories/production/group_vars/all.yml new file mode 100644 index 0000000..1ef110e --- /dev/null +++ b/inventories/production/group_vars/all.yml @@ -0,0 +1,17 @@ +--- +# Configuration globale pour la production +environment: production +timezone: Europe/Paris + +# Utilisateur Ansible +ansible_user: ansible +ansible_become: yes +ansible_become_method: sudo + +# Configuration SSH +ssh_port: 22 +ssh_allow_users: ["ansible", "minecraft"] + +# Configuration Firewall +firewall_enabled: true +firewall_default_policy: deny \ No newline at end of file diff --git a/inventories/production/group_vars/minecraft_servers.yml b/inventories/production/group_vars/minecraft_servers.yml new file mode 100644 index 0000000..35ec2ef --- /dev/null +++ b/inventories/production/group_vars/minecraft_servers.yml @@ -0,0 +1,27 @@ +--- +# Configuration spécifique aux serveurs Minecraft +minecraft_version: "1.21.6" +minecraft_user: minecraft +minecraft_group: minecraft +minecraft_home: /opt/minecraft + +# Chemins +minecraft_sources_dir: "{{ minecraft_home }}/sources" +minecraft_server_dir: "{{ minecraft_home }}/server" +minecraft_tools_dir: "{{ minecraft_home }}/tools" +minecraft_backups_dir: "{{ minecraft_home }}/backups" + +# Configuration serveur +minecraft_memory_min: "1G" +minecraft_memory_max: "4G" +minecraft_port: 25565 +minecraft_rcon_port: 25575 +minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}" + +# Java +java_version: 21 + +# Backups +backup_retention_daily: 7 +backup_retention_weekly: 4 +backup_retention_monthly: 6 \ No newline at end of file diff --git a/inventories/production/hosts.yml b/inventories/production/hosts.yml new file mode 100644 index 0000000..8a90e13 --- /dev/null +++ b/inventories/production/hosts.yml @@ -0,0 +1,13 @@ +--- +all: + children: + minecraft_servers: + hosts: + minecraft-prod-01: + ansible_host: 192.168.1.100 + ansible_user: ansible + ansible_ssh_private_key_file: ~/.ssh/ansible_key + minecraft-prod-02: + ansible_host: 192.168.1.101 + ansible_user: ansible + ansible_ssh_private_key_file: ~/.ssh/ansible_key \ No newline at end of file diff --git a/inventories/staging/group_vars/all.yml b/inventories/staging/group_vars/all.yml new file mode 100644 index 0000000..1d22fa1 --- /dev/null +++ b/inventories/staging/group_vars/all.yml @@ -0,0 +1,17 @@ +--- +# Configuration globale pour le staging +environment: staging +timezone: Europe/Paris + +# Utilisateur Ansible +ansible_user: ansible +ansible_become: yes +ansible_become_method: sudo + +# Configuration SSH +ssh_port: 22 +ssh_allow_users: ["ansible", "minecraft"] + +# Configuration Firewall +firewall_enabled: true +firewall_default_policy: deny \ No newline at end of file diff --git a/inventories/staging/group_vars/minecraft_servers.yml b/inventories/staging/group_vars/minecraft_servers.yml new file mode 100644 index 0000000..31480ac --- /dev/null +++ b/inventories/staging/group_vars/minecraft_servers.yml @@ -0,0 +1,27 @@ +--- +# Configuration spécifique aux serveurs Minecraft de staging +minecraft_version: "1.21.6" +minecraft_user: minecraft +minecraft_group: minecraft +minecraft_home: /opt/minecraft + +# Chemins +minecraft_sources_dir: "{{ minecraft_home }}/sources" +minecraft_server_dir: "{{ minecraft_home }}/server" +minecraft_tools_dir: "{{ minecraft_home }}/tools" +minecraft_backups_dir: "{{ minecraft_home }}/backups" + +# Configuration serveur (plus petite pour staging) +minecraft_memory_min: "512M" +minecraft_memory_max: "2G" +minecraft_port: 25565 +minecraft_rcon_port: 25575 +minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}" + +# Java +java_version: 21 + +# Backups (retention plus courte en staging) +backup_retention_daily: 3 +backup_retention_weekly: 2 +backup_retention_monthly: 1 diff --git a/inventories/staging/hosts.yml b/inventories/staging/hosts.yml new file mode 100644 index 0000000..5473f8d --- /dev/null +++ b/inventories/staging/hosts.yml @@ -0,0 +1,9 @@ +--- +all: + children: + minecraft_servers: + hosts: + minecraft-staging-01: + ansible_host: 192.168.1.200 + ansible_user: ansible + ansible_ssh_private_key_file: ~/.ssh/ansible_key \ No newline at end of file diff --git a/inventory/production/hosts b/inventory/production/hosts deleted file mode 100644 index 29b8ec5..0000000 --- a/inventory/production/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[minecraft_servers_prd] -minecraft-prd.tips-of-mine.local ansible_user=ansible \ No newline at end of file diff --git a/inventory/staging/hosts b/inventory/staging/hosts deleted file mode 100644 index 4835445..0000000 --- a/inventory/staging/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[minecraft_servers_uat] -minecraft-uat.tips-of-mine.local ansible_user=ansible \ No newline at end of file diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index 6c47308..0000000 --- a/playbook.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Installer un serveur Minecraft Spigot - hosts: minecraft_servers - become: yes - vars_files: - - group_vars/all.yml - roles: - - 01-java - - 02-minecraft_server \ No newline at end of file diff --git a/roles/01-java/tasks/01-check-java.yml b/roles/01-java/tasks/01-check-java.yml deleted file mode 100644 index ec525f5..0000000 --- a/roles/01-java/tasks/01-check-java.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Vérifier si Java est déjà installé - ansible.builtin.shell: "java -version" - register: java_check - ignore_errors: yes \ No newline at end of file diff --git a/roles/01-java/tasks/02-install-java.yml b/roles/01-java/tasks/02-install-java.yml deleted file mode 100644 index 3d7ec79..0000000 --- a/roles/01-java/tasks/02-install-java.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Installer Java {{ java_version }} - ansible.builtin.package: - name: "{{ java_package }}" - state: present - when: java_check.rc != 0 \ No newline at end of file diff --git a/roles/01-java/tasks/03-check-java-install.yml b/roles/01-java/tasks/03-check-java-install.yml deleted file mode 100644 index ea2cd74..0000000 --- a/roles/01-java/tasks/03-check-java-install.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Vérifier la version de Java installée - ansible.builtin.shell: "java -version" - register: java_version_output - changed_when: false diff --git a/roles/01-java/tasks/04-display-version.yml b/roles/01-java/tasks/04-display-version.yml deleted file mode 100644 index 6f54017..0000000 --- a/roles/01-java/tasks/04-display-version.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Afficher la version de Java - ansible.builtin.debug: - msg: "{{ java_version_output.stderr }}" \ No newline at end of file diff --git a/roles/01-java/tasks/main.yml b/roles/01-java/tasks/main.yml deleted file mode 100644 index b40470f..0000000 --- a/roles/01-java/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Inclure la tâche de vérification - ansible.builtin.import_tasks: 01-check-java.yml - -- name: Inclure la tâche d'installation - ansible.builtin.import_tasks: 02-install-java.yml - -- name: Inclure la tâche de vérification d'installation - ansible.builtin.import_tasks: 03-check-java-install.yml - -- name: Inclure la tâche d'affichage de la version installé - ansible.builtin.import_tasks: 04-display-version.yml \ No newline at end of file diff --git a/roles/01-server_hardening/defaults/main.yml b/roles/01-server_hardening/defaults/main.yml new file mode 100644 index 0000000..c2fadde --- /dev/null +++ b/roles/01-server_hardening/defaults/main.yml @@ -0,0 +1,25 @@ +--- +# Configuration par défaut pour le hardening +ssh_port: 22 +ssh_protocol: 2 +ssh_permit_root_login: "no" +ssh_password_authentication: "no" +ssh_pub_key_authentication: "yes" +ssh_allow_users: ["ansible"] +ssh_max_auth_tries: 3 +ssh_client_alive_interval: 300 +ssh_client_alive_count_max: 2 + +# Firewall +ufw_default_incoming: deny +ufw_default_outgoing: allow +ufw_allowed_ports: + - 22/tcp + - 25565/tcp + - 25575/tcp + +# Fail2ban +fail2ban_enabled: true +fail2ban_bantime: 3600 +fail2ban_findtime: 600 +fail2ban_maxretry: 3 \ No newline at end of file diff --git a/roles/01-server_hardening/handlers/main.yml b/roles/01-server_hardening/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/01-server_hardening/tasks/01-update-system.yml b/roles/01-server_hardening/tasks/01-update-system.yml new file mode 100644 index 0000000..1e859bf --- /dev/null +++ b/roles/01-server_hardening/tasks/01-update-system.yml @@ -0,0 +1,7 @@ +--- +- name: Update apt cache for Debian/Ubuntu + apt: + update_cache: yes + cache_valid_time: 3600 + when: ansible_os_family == "Debian" + tags: ['system-update'] \ No newline at end of file diff --git a/roles/01-server_hardening/tasks/02-configure-ssh.yml b/roles/01-server_hardening/tasks/02-configure-ssh.yml new file mode 100644 index 0000000..d438975 --- /dev/null +++ b/roles/01-server_hardening/tasks/02-configure-ssh.yml @@ -0,0 +1,11 @@ +--- +- name: Configure SSH daemon + template: + src: sshd_config.j2 + dest: /etc/ssh/sshd_config + backup: yes + mode: '0600' + owner: root + group: root + notify: restart sshd + tags: ['ssh-config'] \ No newline at end of file diff --git a/roles/01-server_hardening/tasks/03-configure-firewall.yml b/roles/01-server_hardening/tasks/03-configure-firewall.yml new file mode 100644 index 0000000..66c8bd4 --- /dev/null +++ b/roles/01-server_hardening/tasks/03-configure-firewall.yml @@ -0,0 +1,6 @@ +--- +- name: Install UFW firewall + package: + name: ufw + state: present + tags: ['firewall-install'] \ No newline at end of file diff --git a/roles/01-server_hardening/tasks/04-install-fail2ban.yml b/roles/01-server_hardening/tasks/04-install-fail2ban.yml new file mode 100644 index 0000000..1296f39 --- /dev/null +++ b/roles/01-server_hardening/tasks/04-install-fail2ban.yml @@ -0,0 +1,7 @@ +-- +- name: Install fail2ban + package: + name: fail2ban + state: present + when: fail2ban_enabled + tags: ['fail2ban-install'] \ No newline at end of file diff --git a/roles/01-server_hardening/tasks/05-additional-hardening.yml b/roles/01-server_hardening/tasks/05-additional-hardening.yml new file mode 100644 index 0000000..163005e --- /dev/null +++ b/roles/01-server_hardening/tasks/05-additional-hardening.yml @@ -0,0 +1,11 @@ +--- +- name: Disable unused services + systemd: + name: "{{ item }}" + state: stopped + enabled: no + loop: + - bluetooth + - cups + ignore_errors: yes + tags: ['disable-services'] \ No newline at end of file diff --git a/roles/01-server_hardening/tasks/main.yml b/roles/01-server_hardening/tasks/main.yml new file mode 100644 index 0000000..9e6af4b --- /dev/null +++ b/roles/01-server_hardening/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Include system update tasks + include_tasks: 01-update-system.yml + tags: ['hardening', 'system-update'] + +- name: Include SSH configuration tasks + include_tasks: 02-configure-ssh.yml + tags: ['hardening', 'ssh'] + +- name: Include firewall configuration tasks + include_tasks: 03-configure-firewall.yml + tags: ['hardening', 'firewall'] + +- name: Include fail2ban installation tasks + include_tasks: 04-install-fail2ban.yml + tags: ['hardening', 'fail2ban'] + +- name: Include additional hardening tasks + include_tasks: 05-additional-hardening.yml + tags: ['hardening', 'additional'] \ No newline at end of file diff --git a/roles/01-server_hardening/templates/fail2ban.local.j2 b/roles/01-server_hardening/templates/fail2ban.local.j2 new file mode 100644 index 0000000..94ca35a --- /dev/null +++ b/roles/01-server_hardening/templates/fail2ban.local.j2 @@ -0,0 +1,26 @@ +[DEFAULT] +# Fail2ban configuration for Minecraft server +bantime = {{ fail2ban_bantime }} +findtime = {{ fail2ban_findtime }} +maxretry = {{ fail2ban_maxretry }} + +# Email notifications (optional) +# destemail = admin@example.com +# sendername = Fail2Ban +# sender = fail2ban@example.com +# action = %(action_mwl)s + +[sshd] +enabled = true +port = {{ ssh_port }} +filter = sshd +logpath = /var/log/auth.log +maxretry = {{ fail2ban_maxretry }} + +[minecraft] +enabled = true +port = {{ minecraft_port }} +filter = minecraft +logpath = {{ minecraft_server_dir }}/logs/latest.log +maxretry = 5 +bantime = 7200 \ No newline at end of file diff --git a/roles/01-server_hardening/templates/sshd_config.j2 b/roles/01-server_hardening/templates/sshd_config.j2 new file mode 100644 index 0000000..393859b --- /dev/null +++ b/roles/01-server_hardening/templates/sshd_config.j2 @@ -0,0 +1,47 @@ +# SSH configuration for Minecraft server +Port {{ ssh_port }} +Protocol {{ ssh_protocol }} +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication +LoginGraceTime 60 +PermitRootLogin {{ ssh_permit_root_login }} +StrictModes yes +MaxAuthTries {{ ssh_max_auth_tries }} +MaxSessions 10 + +PubkeyAuthentication {{ ssh_pub_key_authentication }} +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication {{ ssh_password_authentication }} +PermitEmptyPasswords no +ChallengeResponseAuthentication no +KerberosAuthentication no +GSSAPIAuthentication no + +UsePAM yes + +AllowUsers {{ ssh_allow_users | join(' ') }} + +X11Forwarding no +PrintMotd no +AcceptEnv LANG LC_* + +# Connection settings +ClientAliveInterval {{ ssh_client_alive_interval }} +ClientAliveCountMax {{ ssh_client_alive_count_max }} +TCPKeepAlive yes + +# Restrict to specific users +Match User {{ ssh_allow_users | join(',') }} + AllowTcpForwarding no + X11Forwarding no + PermitTunnel no + GatewayPorts no + AllowAgentForwarding no \ No newline at end of file diff --git a/roles/01-server_hardening/templates/ufw_rules.j2 b/roles/01-server_hardening/templates/ufw_rules.j2 new file mode 100644 index 0000000..2303b79 --- /dev/null +++ b/roles/01-server_hardening/templates/ufw_rules.j2 @@ -0,0 +1,14 @@ +# UFW rules for Minecraft server + +# Default policies +ufw --force reset +ufw default {{ ufw_default_incoming }} +ufw default {{ ufw_default_outgoing }} + +# Allow specific ports +{% for port in ufw_allowed_ports %} +ufw allow {{ port }} +{% endfor %} + +# Enable UFW +ufw --force enable diff --git a/roles/01-server_hardening/vars/main.yml b/roles/01-server_hardening/vars/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/02-installation-java/defaults/main.yml b/roles/02-installation-java/defaults/main.yml new file mode 100644 index 0000000..2aa11ad --- /dev/null +++ b/roles/02-installation-java/defaults/main.yml @@ -0,0 +1,4 @@ +--- +java_version: 21 +java_package: "openjdk-{{ java_version }}-jdk" +java_home: "/usr/lib/jvm/java-{{ java_version }}-openjdk-amd64" \ No newline at end of file diff --git a/roles/02-installation-java/handlers/main.yml b/roles/02-installation-java/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/02-installation-java/tasks/01-check-java.yml b/roles/02-installation-java/tasks/01-check-java.yml new file mode 100644 index 0000000..8c3807f --- /dev/null +++ b/roles/02-installation-java/tasks/01-check-java.yml @@ -0,0 +1,7 @@ +--- +- name: Check if Java is already installed + command: java -version + register: java_check + failed_when: false + changed_when: false + tags: ['java-check'] \ No newline at end of file diff --git a/roles/02-installation-java/tasks/02-install-java.yml b/roles/02-installation-java/tasks/02-install-java.yml new file mode 100644 index 0000000..bcf1b56 --- /dev/null +++ b/roles/02-installation-java/tasks/02-install-java.yml @@ -0,0 +1,6 @@ +--- +- name: Install OpenJDK + package: + name: "{{ java_package }}" + state: present + tags: ['java-install'] \ No newline at end of file diff --git a/roles/02-installation-java/tasks/03-verify-java.yml b/roles/02-installation-java/tasks/03-verify-java.yml new file mode 100644 index 0000000..80ba195 --- /dev/null +++ b/roles/02-installation-java/tasks/03-verify-java.yml @@ -0,0 +1,6 @@ +-- +- name: Verify Java installation + command: java -version + register: java_verify + changed_when: false + tags: ['java-verify'] \ No newline at end of file diff --git a/roles/02-installation-java/tasks/04-validate-installation.yml b/roles/02-installation-java/tasks/04-validate-installation.yml new file mode 100644 index 0000000..4e1bd86 --- /dev/null +++ b/roles/02-installation-java/tasks/04-validate-installation.yml @@ -0,0 +1,7 @@ +--- +- name: Set Java home environment variable + lineinfile: + path: /etc/environment + line: "JAVA_HOME={{ java_home }}" + state: present + tags: ['java-validate'] \ No newline at end of file diff --git a/roles/02-installation-java/tasks/main.yml b/roles/02-installation-java/tasks/main.yml new file mode 100644 index 0000000..e9e95d1 --- /dev/null +++ b/roles/02-installation-java/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Include Java check tasks + include_tasks: 01-check-java.yml + tags: ['java', 'check'] + +- name: Include Java installation tasks + include_tasks: 02-install-java.yml + when: java_installed is not defined or not java_installed + tags: ['java', 'install'] + +- name: Include Java verification tasks + include_tasks: 03-verify-java.yml + tags: ['java', 'verify'] + +- name: Include Java validation tasks + include_tasks: 04-validate-installation.yml + tags: ['java', 'validate'] \ No newline at end of file diff --git a/roles/02-installation-java/vars/main.yml b/roles/02-installation-java/vars/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/02-minecraft_server/handlers/main.yml b/roles/02-minecraft_server/handlers/main.yml deleted file mode 100644 index bb6ae57..0000000 --- a/roles/02-minecraft_server/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Recharger systemd - ansible.builtin.systemd: - daemon_reload: yes - -- name: Démarrer le service Minecraft - ansible.builtin.systemd: - name: minecraft - state: started - enabled: yes \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/01-create-minecraft-group.yml b/roles/02-minecraft_server/tasks/01-create-minecraft-group.yml deleted file mode 100644 index ddec1ba..0000000 --- a/roles/02-minecraft_server/tasks/01-create-minecraft-group.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Créer le groupe et l'utilisateur Minecraft - ansible.builtin.group: - name: "{{ minecraft_group }}" - state: present \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/02-create-minecraft-user.yml b/roles/02-minecraft_server/tasks/02-create-minecraft-user.yml deleted file mode 100644 index b3f1cea..0000000 --- a/roles/02-minecraft_server/tasks/02-create-minecraft-user.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Créer l'utilisateur Minecraft - ansible.builtin.user: - name: "{{ minecraft_user }}" - group: "{{ minecraft_group }}" - shell: "/bin/false" - home: "{{ minecraft_dir }}" - state: present \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/03-create-minecraft-home.yml b/roles/02-minecraft_server/tasks/03-create-minecraft-home.yml deleted file mode 100644 index 0e3b2b9..0000000 --- a/roles/02-minecraft_server/tasks/03-create-minecraft-home.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Créer le répertoire du serveur Minecraft - ansible.builtin.file: - path: "{{ minecraft_dir }}" - state: directory - owner: "{{ minecraft_user }}" - group: "{{ minecraft_group }}" - mode: '0755' \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/04-download.yml b/roles/02-minecraft_server/tasks/04-download.yml deleted file mode 100644 index e4069b5..0000000 --- a/roles/02-minecraft_server/tasks/04-download.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Télécharger BuildTools.jar - ansible.builtin.get_url: - url: "{{ spigot_download_url }}" - dest: "{{ minecraft_dir }}/BuildTools.jar" - mode: '0755' - owner: "{{ minecraft_user }}" - group: "{{ minecraft_group }}" - register: buildtools_download \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/05-build.yml b/roles/02-minecraft_server/tasks/05-build.yml deleted file mode 100644 index 59e1f64..0000000 --- a/roles/02-minecraft_server/tasks/05-build.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Construire le fichier Spigot.jar - ansible.builtin.shell: "java -jar BuildTools.jar --rev {{ minecraft_version }}" - args: - chdir: "{{ minecraft_dir }}" - become_user: "{{ minecraft_user }}" - when: buildtools_download is changed - register: build_result \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/06-check.yml b/roles/02-minecraft_server/tasks/06-check.yml deleted file mode 100644 index 3c55729..0000000 --- a/roles/02-minecraft_server/tasks/06-check.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Vérifier que le fichier Spigot a été créé - ansible.builtin.stat: - path: "{{ minecraft_dir }}/{{ spigot_jar_name }}" - register: spigot_stat \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/07-copy-file.yml b/roles/02-minecraft_server/tasks/07-copy-file.yml deleted file mode 100644 index 0a26400..0000000 --- a/roles/02-minecraft_server/tasks/07-copy-file.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Copier le fichier spigot.jar au nom standardisé - ansible.builtin.copy: - src: "{{ minecraft_dir }}/spigot-{{ minecraft_version }}.jar" - dest: "{{ minecraft_dir }}/server.jar" - remote_src: true - owner: "{{ minecraft_user }}" - group: "{{ minecraft_group }}" - mode: '0644' - when: spigot_stat.stat.exists \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/08-minecraft-eula.yml b/roles/02-minecraft_server/tasks/08-minecraft-eula.yml deleted file mode 100644 index ad500d1..0000000 --- a/roles/02-minecraft_server/tasks/08-minecraft-eula.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Créer le fichier eula.txt - ansible.builtin.template: - src: eula.txt.j2 - dest: "{{ minecraft_dir }}/eula.txt" - owner: "{{ minecraft_user }}" - group: "{{ minecraft_group }}" - mode: '0644' \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/09-minecraft-properties.yml b/roles/02-minecraft_server/tasks/09-minecraft-properties.yml deleted file mode 100644 index 552dfd9..0000000 --- a/roles/02-minecraft_server/tasks/09-minecraft-properties.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - ansible.builtin.template: - src: server.properties.j2 - dest: "{{ minecraft_dir }}/server.properties" - owner: "{{ minecraft_user }}" - group: "{{ minecraft_group }}" - mode: '0644' \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/10-service.yml b/roles/02-minecraft_server/tasks/10-service.yml deleted file mode 100644 index 649c50b..0000000 --- a/roles/02-minecraft_server/tasks/10-service.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Copier le service systemd - ansible.builtin.template: - src: minecraft.service.j2 - dest: /etc/systemd/system/minecraft.service - owner: root - group: root - mode: '0644' - notify: - - Recharger systemd - - Démarrer le service Minecraft \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/11-check.yml b/roles/02-minecraft_server/tasks/11-check.yml deleted file mode 100644 index ded9b57..0000000 --- a/roles/02-minecraft_server/tasks/11-check.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Vérifier l'état du service Minecraft - ansible.builtin.systemd: - name: minecraft - state: started - enabled: true - \ No newline at end of file diff --git a/roles/02-minecraft_server/tasks/main.yml b/roles/02-minecraft_server/tasks/main.yml deleted file mode 100644 index 3e2c893..0000000 --- a/roles/02-minecraft_server/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Inclure la tâche pour création de group local - ansible.builtin.import_tasks: 01-create-minecraft-group.yml - -- name: Inclure la tâche pour création d'un compte utilisateur - ansible.builtin.import_tasks: 02-create-minecraft-user.yml - -- name: Inclure la tâche pour création du dossier par defaut - ansible.builtin.import_tasks: 03-create-minecraft-home.yml - -- name: Inclure la tâche pour télécharger la source - ansible.builtin.import_tasks: 04-download.yml - -- name: Inclure la tâche de compilation - ansible.builtin.import_tasks: 05-build.yml - -- name: Inclure la tâche de vérification - ansible.builtin.import_tasks: 06-check.yml - -- name: Inclure la tâche pour copie des fichiers - ansible.builtin.import_tasks: 07-copy-file.yml - -- name: Inclure la tâche pour accepter la licence - ansible.builtin.import_tasks: 08-minecraft-eula.yml - -- name: Inclure la tâche pour création du fichier server.properties - ansible.builtin.import_tasks: 09-minecraft-properties.yml - -- name: Inclure la tâche création du service - ansible.builtin.import_tasks: 10-service.yml - -- name: Inclure la tâche de vérification - ansible.builtin.import_tasks: 11-check.yml diff --git a/roles/02-minecraft_server/templates/eula.txt.j2 b/roles/02-minecraft_server/templates/eula.txt.j2 deleted file mode 100644 index 7f0e216..0000000 --- a/roles/02-minecraft_server/templates/eula.txt.j2 +++ /dev/null @@ -1 +0,0 @@ -eula={{ server_properties_content.eula }} \ No newline at end of file diff --git a/roles/02-minecraft_server/templates/minecraft.service.j2 b/roles/02-minecraft_server/templates/minecraft.service.j2 deleted file mode 100644 index 62a5ca9..0000000 --- a/roles/02-minecraft_server/templates/minecraft.service.j2 +++ /dev/null @@ -1,40 +0,0 @@ -# [Service] -Environment=SHELL=/bin/bash -# Environment=TMUX_SESSION=minecraft -# Environment=TMUX_WINDOW=spigot -# Environment=JVM_OPTS="-server -XX:+UseConcMarkSweepGC -XX:MaxGCPauseMillis=50 -Xmx3G" -# WorkingDirectory={{ minecraft_home }} -# ExecStart=/bin/bash {{ minecraft_home }}/minecraft-server-start.sh -# ExecStop=/bin/bash {{ minecraft_home }}/minecraft-server-stop.sh - -[Install] -WantedBy=multi-user.target - -[Unit] -Description=Minecraft Server -Wants=network.target -After=network.target - -[Service] -User=minecraft -Group=minecraft -UMask=0027 - -Restart=on-failure -Type=forking -Nice=1 -KillMode=none -SuccessExitStatus=0 1 255 -StartLimitBurst=5 - -NoNewPrivileges=true -PrivateDevices=true -ProtectHome=true -ProtectSystem=full - -WorkingDirectory=/opt/minecraft/server -ExecStart=/usr/bin/java -Xmx2048M -Xms2048M -jar spigot-1.21.8.jar nogui -ExecStop=/opt/minecraft/tools/mcrcon/mcrcon -H 127.0.0.1 -P 25575 -p ${]Password} stop - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/02-minecraft_server/templates/server.properties.j2 b/roles/02-minecraft_server/templates/server.properties.j2 deleted file mode 100644 index 41e247e..0000000 --- a/roles/02-minecraft_server/templates/server.properties.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# Fichier généré par Ansible -{% for key, value in server_properties_content.items() %} -{{ key }}={{ value }} -{% endfor %} \ No newline at end of file diff --git a/roles/03-installation-minecraft/defaults/main.yml b/roles/03-installation-minecraft/defaults/main.yml new file mode 100644 index 0000000..b2778d5 --- /dev/null +++ b/roles/03-installation-minecraft/defaults/main.yml @@ -0,0 +1,14 @@ +--- +minecraft_version: "1.21.6" +minecraft_user: minecraft +minecraft_group: minecraft +minecraft_home: /opt/minecraft +minecraft_memory_min: "1G" +minecraft_memory_max: "4G" +minecraft_port: 25565 +minecraft_rcon_port: 25575 +minecraft_rcon_password: "changeme" + +spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar" +mcrcon_version: "0.7.2" +mcrcon_url: "https://github.com/Tiiffi/mcrcon/releases/download/v{{ mcrcon_version }}/mcrcon-{{ mcrcon_version }}-linux-x86-64.tar.gz" diff --git a/roles/03-installation-minecraft/handlers/main.yml b/roles/03-installation-minecraft/handlers/main.yml new file mode 100644 index 0000000..94e1b42 --- /dev/null +++ b/roles/03-installation-minecraft/handlers/main.yml @@ -0,0 +1,21 @@ +--- +- name: reload systemd + systemd: + daemon_reload: yes + +- name: enable minecraft service + systemd: + name: minecraft + enabled: yes + +- name: restart minecraft + systemd: + name: minecraft + state: restarted + enabled: yes + +- name: start minecraft + systemd: + name: minecraft + state: started + enabled: yes \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/01-create-user-group.yml b/roles/03-installation-minecraft/tasks/01-create-user-group.yml new file mode 100644 index 0000000..347807f --- /dev/null +++ b/roles/03-installation-minecraft/tasks/01-create-user-group.yml @@ -0,0 +1,5 @@ + name: Create minecraft group + group: + name: "{{ minecraft_group }}" + state: present + tags: ['minecraft-user'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/02-create-directories.yml b/roles/03-installation-minecraft/tasks/02-create-directories.yml new file mode 100644 index 0000000..6a3f718 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/02-create-directories.yml @@ -0,0 +1,15 @@ +--- +- name: Create minecraft directories + file: + path: "{{ item }}" + state: directory + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + loop: + - "{{ minecraft_home }}" + - "{{ minecraft_sources_dir }}" + - "{{ minecraft_server_dir }}" + - "{{ minecraft_tools_dir }}" + - "{{ minecraft_backups_dir }}" + tags: ['minecraft-directories'] diff --git a/roles/03-installation-minecraft/tasks/03-download-spigot.yml b/roles/03-installation-minecraft/tasks/03-download-spigot.yml new file mode 100644 index 0000000..3d973cf --- /dev/null +++ b/roles/03-installation-minecraft/tasks/03-download-spigot.yml @@ -0,0 +1,9 @@ +--- +- name: Download BuildTools.jar + get_url: + url: "{{ spigot_build_tools_url }}" + dest: "{{ minecraft_sources_dir }}/BuildTools.jar" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + tags: ['spigot-download'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/04-install-mcrcon.yml b/roles/03-installation-minecraft/tasks/04-install-mcrcon.yml new file mode 100644 index 0000000..6a1f667 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/04-install-mcrcon.yml @@ -0,0 +1,17 @@ +--- +- name: Download mcrcon + get_url: + url: "{{ mcrcon_url }}" + dest: "{{ minecraft_tools_dir }}/mcrcon.tar.gz" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + tags: ['mcrcon-install'] + +- name: Extract mcrcon + unarchive: + src: "{{ minecraft_tools_dir }}/mcrcon.tar.gz" + dest: "{{ minecraft_tools_dir }}" + remote_src: yes + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + tags: ['mcrcon-install'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/05-compile-spigotyml b/roles/03-installation-minecraft/tasks/05-compile-spigotyml new file mode 100644 index 0000000..4796fd7 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/05-compile-spigotyml @@ -0,0 +1,19 @@ +--- +- name: Compile Spigot server + shell: | + cd {{ minecraft_sources_dir }} + java -jar BuildTools.jar --rev {{ minecraft_version }} + become_user: "{{ minecraft_user }}" + args: + creates: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar" + tags: ['spigot-compile'] + +- name: Copy compiled Spigot to server directory + copy: + src: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar" + dest: "{{ minecraft_server_dir }}/spigot.jar" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + remote_src: yes + tags: ['spigot-compile'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/06-configure-server.yml b/roles/03-installation-minecraft/tasks/06-configure-server.yml new file mode 100644 index 0000000..70a5987 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/06-configure-server.yml @@ -0,0 +1,37 @@ +--- +- name: Generate server.properties + template: + src: server.properties.j2 + dest: "{{ minecraft_server_dir }}/server.properties" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + tags: ['minecraft-config'] + +- name: Generate spigot.yml + template: + src: spigot.yml.j2 + dest: "{{ minecraft_server_dir }}/spigot.yml" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + tags: ['minecraft-config'] + +- name: Generate bukkit.yml + template: + src: bukkit.yml.j2 + dest: "{{ minecraft_server_dir }}/bukkit.yml" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + tags: ['minecraft-config'] + +- name: Accept EULA + lineinfile: + path: "{{ minecraft_server_dir }}/eula.txt" + line: "eula=true" + create: yes + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + tags: ['minecraft-config'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/07-create-service.yml b/roles/03-installation-minecraft/tasks/07-create-service.yml new file mode 100644 index 0000000..345878d --- /dev/null +++ b/roles/03-installation-minecraft/tasks/07-create-service.yml @@ -0,0 +1,10 @@ +--- +- name: Create systemd service file + template: + src: minecraft.service.j2 + dest: /etc/systemd/system/minecraft.service + mode: '0644' + notify: + - reload systemd + - enable minecraft service + tags: ['minecraft-service'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/08-setup-log-rotation.yml b/roles/03-installation-minecraft/tasks/08-setup-log-rotation.yml new file mode 100644 index 0000000..c3da376 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/08-setup-log-rotation.yml @@ -0,0 +1,7 @@ +--- +- name: Setup log rotation for Minecraft + template: + src: logrotate-minecraft.j2 + dest: /etc/logrotate.d/minecraft + mode: '0644' + tags: ['minecraft-logs'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/09-configure-ops.yml b/roles/03-installation-minecraft/tasks/09-configure-ops.yml new file mode 100644 index 0000000..f375218 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/09-configure-ops.yml @@ -0,0 +1,9 @@ +--- +- name: Configure ops.json + template: + src: ops.json.j2 + dest: "{{ minecraft_server_dir }}/ops.json" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + tags: ['minecraft-ops'] diff --git a/roles/03-installation-minecraft/tasks/10-setup-plugins.yml b/roles/03-installation-minecraft/tasks/10-setup-plugins.yml new file mode 100644 index 0000000..7afd565 --- /dev/null +++ b/roles/03-installation-minecraft/tasks/10-setup-plugins.yml @@ -0,0 +1,20 @@ +--- +- name: Create plugins directory + file: + path: "{{ minecraft_server_dir }}/plugins" + state: directory + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + tags: ['minecraft-plugins'] + +- name: Download plugins if specified + get_url: + url: "{{ item.url }}" + dest: "{{ minecraft_server_dir }}/plugins/{{ item.name }}" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + loop: "{{ minecraft_plugins | default([]) }}" + when: minecraft_plugins is defined + tags: ['minecraft-plugins'] \ No newline at end of file diff --git a/roles/03-installation-minecraft/tasks/main.yml b/roles/03-installation-minecraft/tasks/main.yml new file mode 100644 index 0000000..8e2e92b --- /dev/null +++ b/roles/03-installation-minecraft/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Include user and group creation tasks + include_tasks: 01-create-user-group.yml + tags: ['minecraft', 'user'] + +- name: Include directory creation tasks + include_tasks: 02-create-directories.yml + tags: ['minecraft', 'directories'] + +- name: Include Spigot download tasks + include_tasks: 03-download-spigot.yml + tags: ['minecraft', 'download'] + +- name: Include mcrcon installation tasks + include_tasks: 04-install-mcrcon.yml + tags: ['minecraft', 'mcrcon'] + +- name: Include Spigot compilation tasks + include_tasks: 05-compile-spigot.yml + tags: ['minecraft', 'compile'] + +- name: Include server configuration tasks + include_tasks: 06-configure-server.yml + tags: ['minecraft', 'configure'] + +- name: Include service creation tasks + include_tasks: 07-create-service.yml + tags: ['minecraft', 'service'] + +- name: Include log rotation setup tasks + include_tasks: 08-setup-log-rotation.yml + tags: ['minecraft', 'logs'] + +- name: Include ops configuration tasks + include_tasks: 09-configure-ops.yml + tags: ['minecraft', 'ops'] + +- name: Include plugins setup tasks + include_tasks: 10-setup-plugins.yml + tags: ['minecraft', 'plugins'] diff --git a/roles/03-installation-minecraft/templates/bukkit.yml.j2 b/roles/03-installation-minecraft/templates/bukkit.yml.j2 new file mode 100644 index 0000000..e69de29 diff --git a/roles/03-installation-minecraft/templates/logrotate-minecraft.j2 b/roles/03-installation-minecraft/templates/logrotate-minecraft.j2 new file mode 100644 index 0000000..0d57577 --- /dev/null +++ b/roles/03-installation-minecraft/templates/logrotate-minecraft.j2 @@ -0,0 +1,12 @@ +{{ minecraft_server_dir }}/logs/*.log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 644 {{ minecraft_user }} {{ minecraft_group }} + postrotate + systemctl reload minecraft + endscript +} \ No newline at end of file diff --git a/roles/03-installation-minecraft/templates/minecraft.service.j2 b/roles/03-installation-minecraft/templates/minecraft.service.j2 new file mode 100644 index 0000000..8e13b98 --- /dev/null +++ b/roles/03-installation-minecraft/templates/minecraft.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Minecraft Spigot Server +After=network.target + +[Service] +Type=forking +User={{ minecraft_user }} +Group={{ minecraft_group }} +WorkingDirectory={{ minecraft_server_dir }} +ExecStart=/usr/bin/java -Xms{{ minecraft_memory_min }} -Xmx{{ minecraft_memory_max }} -jar {{ minecraft_server_dir }}/spigot.jar nogui +ExecStop={{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} stop +RemainAfterExit=yes +RestartSec=15 +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/03-installation-minecraft/templates/ops.json.j2 b/roles/03-installation-minecraft/templates/ops.json.j2 new file mode 100644 index 0000000..a642319 --- /dev/null +++ b/roles/03-installation-minecraft/templates/ops.json.j2 @@ -0,0 +1,10 @@ +[ +{% for op in minecraft_ops | default([]) %} + { + "uuid": "{{ op.uuid }}", + "name": "{{ op.name }}", + "level": {{ op.level | default(4) }}, + "bypassesPlayerLimit": {{ op.bypass_limit | default(false) | lower }} + }{% if not loop.last %},{% endif %} +{% endfor %} +] \ No newline at end of file diff --git a/roles/03-installation-minecraft/templates/server.properties.j2 b/roles/03-installation-minecraft/templates/server.properties.j2 new file mode 100644 index 0000000..1f5cb60 --- /dev/null +++ b/roles/03-installation-minecraft/templates/server.properties.j2 @@ -0,0 +1,24 @@ +#Minecraft server properties +server-name=Spigot Server +server-port={{ minecraft_port }} +max-players=20 +gamemode=survival +difficulty=normal +hardcore=false +white-list=false +enforce-whitelist=false +pvp=true +spawn-protection=16 +op-permission-level=4 +allow-flight=false +enable-rcon=true +rcon.port={{ minecraft_rcon_port }} +rcon.password={{ minecraft_rcon_password }} +motd=Minecraft Spigot Server managed by Ansible +online-mode=true +spawn-monsters=true +generate-structures=true +view-distance=10 +level-seed= +level-name=world +level-type=default \ No newline at end of file diff --git a/roles/03-installation-minecraft/templates/spigot.yml.j2 b/roles/03-installation-minecraft/templates/spigot.yml.j2 new file mode 100644 index 0000000..e69de29 diff --git a/roles/03-installation-minecraft/vars/main.yml b/roles/03-installation-minecraft/vars/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/04-backups/defaults/main.yml b/roles/04-backups/defaults/main.yml new file mode 100644 index 0000000..888a944 --- /dev/null +++ b/roles/04-backups/defaults/main.yml @@ -0,0 +1,8 @@ +--- +backup_retention_daily: 7 +backup_retention_weekly: 4 +backup_retention_monthly: 6 +backup_compression: true +backup_remote_host: "" +backup_remote_user: "" +backup_remote_path: "" \ No newline at end of file diff --git a/roles/04-backups/handlers/main.yml b/roles/04-backups/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/04-backups/tasks/01-setup-backup-structure.yml b/roles/04-backups/tasks/01-setup-backup-structure.yml new file mode 100644 index 0000000..e0feeaf --- /dev/null +++ b/roles/04-backups/tasks/01-setup-backup-structure.yml @@ -0,0 +1,14 @@ +--- +- name: Create backup directories + file: + path: "{{ item }}" + state: directory + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + loop: + - "{{ minecraft_backups_dir }}/daily" + - "{{ minecraft_backups_dir }}/weekly" + - "{{ minecraft_backups_dir }}/monthly" + - "{{ minecraft_backups_dir }}/scripts" + tags: ['backup-structure'] \ No newline at end of file diff --git a/roles/04-backups/tasks/02-create-backup-scripts.yml b/roles/04-backups/tasks/02-create-backup-scripts.yml new file mode 100644 index 0000000..0364ee1 --- /dev/null +++ b/roles/04-backups/tasks/02-create-backup-scripts.yml @@ -0,0 +1,27 @@ +--- +- name: Create daily backup script + template: + src: backup-daily.sh.j2 + dest: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + tags: ['backup-scripts'] + +- name: Create weekly backup script + template: + src: backup-weekly.sh.j2 + dest: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + tags: ['backup-scripts'] + +- name: Create monthly backup script + template: + src: backup-monthly.sh.j2 + dest: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + tags: ['backup-scripts'] \ No newline at end of file diff --git a/roles/04-backups/tasks/03-setup-cron-jobs.yml b/roles/04-backups/tasks/03-setup-cron-jobs.yml new file mode 100644 index 0000000..be1f9e9 --- /dev/null +++ b/roles/04-backups/tasks/03-setup-cron-jobs.yml @@ -0,0 +1,29 @@ +--- +- name: Setup daily backup cron job + cron: + name: "Minecraft daily backup" + user: "{{ minecraft_user }}" + minute: "0" + hour: "2" + job: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh" + tags: ['backup-cron'] + +- name: Setup weekly backup cron job + cron: + name: "Minecraft weekly backup" + user: "{{ minecraft_user }}" + minute: "0" + hour: "3" + weekday: "0" + job: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh" + tags: ['backup-cron'] + +- name: Setup monthly backup cron job + cron: + name: "Minecraft monthly backup" + user: "{{ minecraft_user }}" + minute: "0" + hour: "4" + day: "1" + job: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh" + tags: ['backup-cron'] \ No newline at end of file diff --git a/roles/04-backups/tasks/04-setup-restore-script.yml b/roles/04-backups/tasks/04-setup-restore-script.yml new file mode 100644 index 0000000..eb04d6b --- /dev/null +++ b/roles/04-backups/tasks/04-setup-restore-script.yml @@ -0,0 +1,9 @@ +--- +- name: Create restore script + template: + src: restore.sh.j2 + dest: "{{ minecraft_backups_dir }}/scripts/restore.sh" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + tags: ['backup-restore'] \ No newline at end of file diff --git a/roles/04-backups/tasks/main.yml b/roles/04-backups/tasks/main.yml new file mode 100644 index 0000000..3a08817 --- /dev/null +++ b/roles/04-backups/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Include backup structure setup tasks + include_tasks: 01-setup-backup-structure.yml + tags: ['backup', 'setup'] + +- name: Include backup scripts creation tasks + include_tasks: 02-create-backup-scripts.yml + tags: ['backup', 'scripts'] + +- name: Include cron jobs setup tasks + include_tasks: 03-setup-cron-jobs.yml + tags: ['backup', 'cron'] + +- name: Include restore script setup tasks + include_tasks: 04-setup-restore-script.yml + tags: ['backup', 'restore'] \ No newline at end of file diff --git a/roles/04-backups/templates/backup-daily.sh.j2 b/roles/04-backups/templates/backup-daily.sh.j2 new file mode 100644 index 0000000..e4176fb --- /dev/null +++ b/roles/04-backups/templates/backup-daily.sh.j2 @@ -0,0 +1,29 @@ +#!/bin/bash + +BACKUP_DIR="{{ minecraft_backups_dir }}/daily" +SERVER_DIR="{{ minecraft_server_dir }}" +DATE=$(date +%Y%m%d_%H%M%S) +BACKUP_NAME="minecraft_daily_${DATE}" +RETENTION={{ backup_retention_daily }} + +# Stop server for consistent backup +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all +sleep 5 +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off + +# Create backup +rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/" + +# Re-enable saving +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on + +# Compress backup if enabled +{% if backup_compression %} +tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}" +rm -rf "${BACKUP_DIR}/${BACKUP_NAME}" +{% endif %} + +# Clean old backups +find "${BACKUP_DIR}" -name "minecraft_daily_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +${RETENTION} -delete + +echo "Daily backup completed: ${BACKUP_NAME}" \ No newline at end of file diff --git a/roles/04-backups/templates/backup-monthly.sh.j2 b/roles/04-backups/templates/backup-monthly.sh.j2 new file mode 100644 index 0000000..1574f4e --- /dev/null +++ b/roles/04-backups/templates/backup-monthly.sh.j2 @@ -0,0 +1,29 @@ +#!/bin/bash + +BACKUP_DIR="{{ minecraft_backups_dir }}/monthly" +SERVER_DIR="{{ minecraft_server_dir }}" +DATE=$(date +%Y%m%d_%H%M%S) +BACKUP_NAME="minecraft_monthly_${DATE}" +RETENTION={{ backup_retention_monthly }} + +# Stop server for consistent backup +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all +sleep 5 +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off + +# Create backup +rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/" + +# Re-enable saving +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on + +# Compress backup if enabled +{% if backup_compression %} +tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}" +rm -rf "${BACKUP_DIR}/${BACKUP_NAME}" +{% endif %} + +# Clean old backups +find "${BACKUP_DIR}" -name "minecraft_monthly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 30)) -delete + +echo "Monthly backup completed: ${BACKUP_NAME}" \ No newline at end of file diff --git a/roles/04-backups/templates/backup-weekly.sh.j2 b/roles/04-backups/templates/backup-weekly.sh.j2 new file mode 100644 index 0000000..bd74fad --- /dev/null +++ b/roles/04-backups/templates/backup-weekly.sh.j2 @@ -0,0 +1,29 @@ +#!/bin/bash + +BACKUP_DIR="{{ minecraft_backups_dir }}/weekly" +SERVER_DIR="{{ minecraft_server_dir }}" +DATE=$(date +%Y%m%d_%H%M%S) +BACKUP_NAME="minecraft_weekly_${DATE}" +RETENTION={{ backup_retention_weekly }} + +# Stop server for consistent backup +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all +sleep 5 +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off + +# Create backup +rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/" + +# Re-enable saving +{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on + +# Compress backup if enabled +{% if backup_compression %} +tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}" +rm -rf "${BACKUP_DIR}/${BACKUP_NAME}" +{% endif %} + +# Clean old backups +find "${BACKUP_DIR}" -name "minecraft_weekly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 7)) -delete + +echo "Weekly backup completed: ${BACKUP_NAME}" \ No newline at end of file diff --git a/roles/04-backups/templates/restore.sh.j2 b/roles/04-backups/templates/restore.sh.j2 new file mode 100644 index 0000000..cd7ec03 --- /dev/null +++ b/roles/04-backups/templates/restore.sh.j2 @@ -0,0 +1,59 @@ +#!/bin/bash + +BACKUP_TYPE="$1" # daily, weekly, monthly +BACKUP_DATE="$2" # YYYYMMDD_HHMMSS format +SERVER_DIR="{{ minecraft_server_dir }}" +BACKUP_BASE_DIR="{{ minecraft_backups_dir }}" + +if [ $# -ne 2 ]; then + echo "Usage: $0 " + echo "Example: $0 daily 20241201_020000" + echo "Available backups:" + echo "Daily:" + ls -1 "${BACKUP_BASE_DIR}/daily/" | grep minecraft_daily + echo "Weekly:" + ls -1 "${BACKUP_BASE_DIR}/weekly/" | grep minecraft_weekly + echo "Monthly:" + ls -1 "${BACKUP_BASE_DIR}/monthly/" | grep minecraft_monthly + exit 1 +fi + +BACKUP_NAME="minecraft_${BACKUP_TYPE}_${BACKUP_DATE}" +BACKUP_DIR="${BACKUP_BASE_DIR}/${BACKUP_TYPE}" + +{% if backup_compression %} +BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" +{% else %} +BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}" +{% endif %} + +if [ ! -e "${BACKUP_FILE}" ]; then + echo "Backup not found: ${BACKUP_FILE}" + exit 1 +fi + +# Stop Minecraft server +systemctl stop minecraft + +# Backup current server (just in case) +RESTORE_BACKUP_DIR="${BACKUP_BASE_DIR}/restore_backup" +mkdir -p "${RESTORE_BACKUP_DIR}" +mv "${SERVER_DIR}" "${RESTORE_BACKUP_DIR}/server_before_restore_$(date +%Y%m%d_%H%M%S)" + +# Restore from backup +{% if backup_compression %} +mkdir -p "${SERVER_DIR}" +tar -xzf "${BACKUP_FILE}" -C "${BACKUP_DIR}" +rsync -av "${BACKUP_DIR}/${BACKUP_NAME}/" "${SERVER_DIR}/" +rm -rf "${BACKUP_DIR}/${BACKUP_NAME}" +{% else %} +rsync -av "${BACKUP_FILE}/" "${SERVER_DIR}/" +{% endif %} + +# Fix permissions +chown -R {{ minecraft_user }}:{{ minecraft_group }} "${SERVER_DIR}" + +# Start Minecraft server +systemctl start minecraft + +echo "Restore completed from: ${BACKUP_FILE}" diff --git a/roles/04-backups/vars/main.yml b/roles/04-backups/vars/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/05-update/defaults/main.yml b/roles/05-update/defaults/main.yml new file mode 100644 index 0000000..93cc8dd --- /dev/null +++ b/roles/05-update/defaults/main.yml @@ -0,0 +1,5 @@ +--- +update_check_interval: daily +ssh_keys_check_enabled: true +system_update_check_enabled: true +spigot_update_check_enabled: true \ No newline at end of file diff --git a/roles/05-update/handlers/main.yml b/roles/05-update/handlers/main.yml new file mode 100644 index 0000000..5796c86 --- /dev/null +++ b/roles/05-update/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: reboot if needed + reboot: + reboot_timeout: 300 + when: + - ansible_kernel != ansible_kernel_before_update | default(ansible_kernel) + - reboot_required | default(false) \ No newline at end of file diff --git a/roles/05-update/tasks/01-check-ssh-keys.yml b/roles/05-update/tasks/01-check-ssh-keys.yml new file mode 100644 index 0000000..54ac1ca --- /dev/null +++ b/roles/05-update/tasks/01-check-ssh-keys.yml @@ -0,0 +1,14 @@ +--- +- name: Check for new SSH keys in authorized_keys + stat: + path: /home/{{ ansible_user }}/.ssh/authorized_keys + register: ssh_keys_stat + +- name: Update SSH keys if changed + authorized_key: + user: "{{ ansible_user }}" + key: "{{ item }}" + state: present + loop: "{{ ssh_public_keys | default([]) }}" + when: ssh_public_keys is defined + tags: ['ssh-keys-update'] \ No newline at end of file diff --git a/roles/05-update/tasks/02-check-system-updates.yml b/roles/05-update/tasks/02-check-system-updates.yml new file mode 100644 index 0000000..2f1d809 --- /dev/null +++ b/roles/05-update/tasks/02-check-system-updates.yml @@ -0,0 +1,23 @@ +--- +- name: Check for system updates (Debian/Ubuntu) + apt: + update_cache: yes + cache_valid_time: 3600 + register: apt_cache_update + when: ansible_os_family == "Debian" + +- name: Check available upgrades + shell: apt list --upgradable 2>/dev/null | grep -v WARNING | wc -l + register: available_upgrades + changed_when: false + when: ansible_os_family == "Debian" + +- name: Apply system updates if available + apt: + upgrade: yes + autoremove: yes + autoclean: yes + when: + - ansible_os_family == "Debian" + - available_upgrades.stdout | int > 1 + notify: reboot if needed \ No newline at end of file diff --git a/roles/05-update/tasks/03-check-spigot-version.yml b/roles/05-update/tasks/03-check-spigot-version.yml new file mode 100644 index 0000000..3bfc299 --- /dev/null +++ b/roles/05-update/tasks/03-check-spigot-version.yml @@ -0,0 +1,26 @@ +--- +- name: Get current Spigot version + stat: + path: "{{ minecraft_server_dir }}/spigot.jar" + register: current_spigot + +- name: Check latest Spigot version available + uri: + url: "https://api.papermc.io/v2/projects/paper/versions" + method: GET + return_content: yes + register: spigot_versions_api + failed_when: false + +- name: Parse latest version + set_fact: + latest_spigot_version: "{{ (spigot_versions_api.json.versions | last) if spigot_versions_api.json is defined else minecraft_version }}" + +- name: Compare versions + set_fact: + new_spigot_available: "{{ latest_spigot_version != minecraft_version }}" + when: latest_spigot_version is defined + +- name: Display version information + debug: + msg: "Current: {{ minecraft_version }}, Latest: {{ latest_spigot_version | default('Unknown') }}, Update available: {{ new_spigot_available | default(false) }}" diff --git a/roles/05-update/tasks/04-download-new-spigot.yml b/roles/05-update/tasks/04-download-new-spigot.yml new file mode 100644 index 0000000..a395388 --- /dev/null +++ b/roles/05-update/tasks/04-download-new-spigot.yml @@ -0,0 +1,16 @@ +--- +- name: Create temporary build directory + file: + path: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}" + state: directory + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + +- name: Download BuildTools for new version + get_url: + url: "{{ spigot_build_tools_url }}" + dest: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/BuildTools.jar" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' \ No newline at end of file diff --git a/roles/05-update/tasks/05-compile-new-version.yml b/roles/05-update/tasks/05-compile-new-version.yml new file mode 100644 index 0000000..63b34e7 --- /dev/null +++ b/roles/05-update/tasks/05-compile-new-version.yml @@ -0,0 +1,38 @@ +--- +- name: Compile new Spigot version + shell: | + cd {{ minecraft_sources_dir }}/build_{{ latest_spigot_version }} + java -jar BuildTools.jar --rev {{ latest_spigot_version }} + become_user: "{{ minecraft_user }}" + args: + creates: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar" + register: spigot_compile_result + +- name: Set compilation success flag + set_fact: + new_spigot_compiled: "{{ spigot_compile_result.rc == 0 }}" + +- name: Create new server directory + file: + path: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}" + state: directory + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + when: new_spigot_compiled + +- name: Copy new Spigot jar to new server directory + copy: + src: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar" + dest: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}/spigot.jar" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0644' + remote_src: yes + when: new_spigot_compiled + +- name: Copy configuration files to new server directory + shell: | + cp -r {{ minecraft_server_dir }}/* {{ minecraft_server_dir }}_{{ latest_spigot_version }}/ + chown -R {{ minecraft_user }}:{{ minecraft_group }} {{ minecraft_server_dir }}_{{ latest_spigot_version }} + when: new_spigot_compiled \ No newline at end of file diff --git a/roles/05-update/tasks/06-switch-versions.yml b/roles/05-update/tasks/06-switch-versions.yml new file mode 100644 index 0000000..e1632af --- /dev/null +++ b/roles/05-update/tasks/06-switch-versions.yml @@ -0,0 +1,29 @@ +--- +- name: Stop Minecraft service + systemd: + name: minecraft + state: stopped + +- name: Create version switch script + template: + src: version-switch.sh.j2 + dest: "{{ minecraft_tools_dir }}/version-switch.sh" + owner: "{{ minecraft_user }}" + group: "{{ minecraft_group }}" + mode: '0755' + +- name: Execute version switch + shell: "{{ minecraft_tools_dir }}/version-switch.sh {{ minecraft_version }} {{ latest_spigot_version }}" + become_user: "{{ minecraft_user }}" + register: version_switch_result + +- name: Update minecraft_version variable + set_fact: + minecraft_version: "{{ latest_spigot_version }}" + when: version_switch_result.rc == 0 + +- name: Start Minecraft service + systemd: + name: minecraft + state: started + when: version_switch_result.rc == 0 \ No newline at end of file diff --git a/roles/05-update/tasks/07-cleanup.yml b/roles/05-update/tasks/07-cleanup.yml new file mode 100644 index 0000000..d2bfbe9 --- /dev/null +++ b/roles/05-update/tasks/07-cleanup.yml @@ -0,0 +1,13 @@ +--- +- name: Clean up old build directories + file: + path: "{{ minecraft_sources_dir }}/build_{{ item }}" + state: absent + loop: "{{ old_versions | default([]) }}" + +- name: Clean up old server directories + file: + path: "{{ minecraft_server_dir }}_{{ item }}" + state: absent + loop: "{{ old_versions | default([]) }}" + when: cleanup_old_versions | default(true) \ No newline at end of file diff --git a/roles/05-update/tasks/main.yml b/roles/05-update/tasks/main.yml new file mode 100644 index 0000000..5329a46 --- /dev/null +++ b/roles/05-update/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: Include SSH keys check tasks + include_tasks: 01-check-ssh-keys.yml + when: ssh_keys_check_enabled + tags: ['update', 'ssh-keys'] + +- name: Include system updates check tasks + include_tasks: 02-check-system-updates.yml + when: system_update_check_enabled + tags: ['update', 'system'] + +- name: Include Spigot version check tasks + include_tasks: 03-check-spigot-version.yml + when: spigot_update_check_enabled + tags: ['update', 'spigot'] + +- name: Include new Spigot download tasks + include_tasks: 04-download-new-spigot.yml + when: new_spigot_available | default(false) + tags: ['update', 'download'] + +- name: Include new version compilation tasks + include_tasks: 05-compile-new-version.yml + when: new_spigot_available | default(false) + tags: ['update', 'compile'] + +- name: Include version switch tasks + include_tasks: 06-switch-versions.yml + when: new_spigot_compiled | default(false) + tags: ['update', 'switch'] + +- name: Include cleanup tasks + include_tasks: 07-cleanup.yml + tags: ['update', 'cleanup'] diff --git a/roles/05-update/templates/version-switch.sh.j2 b/roles/05-update/templates/version-switch.sh.j2 new file mode 100644 index 0000000..70a9a3c --- /dev/null +++ b/roles/05-update/templates/version-switch.sh.j2 @@ -0,0 +1,18 @@ +#!/bin/bash + +OLD_VERSION="$1" +NEW_VERSION="$2" +SERVER_DIR="{{ minecraft_server_dir }}" +BACKUP_DIR="{{ minecraft_backups_dir }}/version_backup" + +# Create backup directory +mkdir -p "${BACKUP_DIR}" + +# Backup current version +mv "${SERVER_DIR}" "${BACKUP_DIR}/server_${OLD_VERSION}_$(date +%Y%m%d_%H%M%S)" + +# Switch to new version +mv "${SERVER_DIR}_${NEW_VERSION}" "${SERVER_DIR}" + +echo "Version switched from ${OLD_VERSION} to ${NEW_VERSION}" +exit 0 \ No newline at end of file diff --git a/roles/05-update/vars/main.yml b/roles/05-update/vars/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..3ac39f1 --- /dev/null +++ b/site.yml @@ -0,0 +1,11 @@ +--- +- name: Deploy Minecraft Spigot Server + hosts: minecraft_servers + become: yes + serial: 1 + roles: + - 01-server_hardening + - 02-installation-java + - 03-installation-minecraft + - 04-backups + - 05-update \ No newline at end of file