From 7ce8cf16623ee4cfae46359a0152380d0bcca8cf Mon Sep 17 00:00:00 2001 From: hcornet Date: Wed, 27 Aug 2025 13:15:16 +0200 Subject: [PATCH] change --- .ansible-lint | 16 ++++- .gitignore | 67 +++++++++++++++---- .yamllint.yml | 22 +++++- ansible.cfg | 6 +- inventories/production/group_vars/all.yml | 51 +++++++++++++- .../group_vars/minecraft_servers.yml | 27 -------- inventories/production/hosts.yml | 5 +- inventories/staging/group_vars/all.yml | 57 ++++++++++++++-- .../staging/group_vars/minecraft_servers.yml | 27 -------- inventories/staging/hosts.yml | 2 +- requirements.yml | 4 +- scripts/test-connection.sh | 23 +++++++ site.yml | 22 ++++-- 13 files changed, 234 insertions(+), 95 deletions(-) delete mode 100644 inventories/production/group_vars/minecraft_servers.yml delete mode 100644 inventories/staging/group_vars/minecraft_servers.yml create mode 100644 scripts/test-connection.sh diff --git a/.ansible-lint b/.ansible-lint index 6978a5a..dd0a306 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,17 +1,24 @@ --- exclude_paths: - .gitea/ + - .github/ - .git/ + - .cache/ + - test/ + - tests/ + - molecule/ skip_list: - yaml[line-length] - name[casing] - no-changed-when - command-instead-of-module + - risky-file-permissions warn_list: - experimental - role-name[path] + - var-naming[no-role-prefix] enable_list: - fqcn-builtins @@ -23,4 +30,11 @@ kinds: - vars: "**/vars/*.yml" - defaults: "**/defaults/*.yml" - handlers: "**/handlers/*.yml" - - meta: "**/meta/*.yml" \ No newline at end of file + - meta: "**/meta/*.yml" + - yaml: "*.yaml" + - yml: "*.yml" + +use_default_rules: true +parseable: true +quiet: false +verbosity: 1 \ No newline at end of file diff --git a/.gitignore b/.gitignore index c93c5f5..13b71ba 100644 --- a/.gitignore +++ b/.gitignore @@ -1,29 +1,70 @@ # Ansible *.retry +*.log .vault_pass -.ansible_vault_pass +vault.yml +secrets +secrets.yml +*.vault -# SSH keys +# SSH Keys *.pem *.key +*.pub id_rsa* -ansible_key* +id_ed25519* +authorized_keys -# Temporary files -*.tmp -*.temp +# Backup files +*.bak +*.backup +*.old +*~ +*.swp +*.swo + +# Python +__pycache__/ +*.py[cod] +*$py.class +.Python +env/ +venv/ +.env +.venv + +# OS .DS_Store Thumbs.db +desktop.ini # IDE .vscode/ .idea/ -*.swp -*.swo +*.iml +.project +.settings/ -# Logs -*.log +# Ansible +.ansible/ +/tmp/ansible_facts/ +ansible-facts/ -# Backups -*.bak -*.backup \ No newline at end of file +# Test +test/ +tests/ +molecule/ +.molecule/ +.cache/ +.pytest_cache/ + +# Local +local/ +*.local +*.local.yml +.vagrant/ + +# Terraform (si utilisé) +*.tfstate +*.tfstate.* +.terraform/ \ No newline at end of file diff --git a/.yamllint.yml b/.yamllint.yml index 3d4df66..5edd260 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -7,12 +7,32 @@ rules: level: warning truthy: allowed-values: ['true', 'false', 'yes', 'no'] + check-keys: false comments: min-spaces-from-content: 1 + comments-indentation: disable indentation: spaces: 2 indent-sequences: true + brackets: + max-spaces-inside: 1 + braces: + max-spaces-inside: 1 + colons: + max-spaces-after: -1 + commas: + max-spaces-after: -1 + document-start: + present: true + empty-lines: + max: 2 + key-duplicates: enable + new-line-at-end-of-file: enable + trailing-spaces: enable ignore: | .gitea/ - *.md \ No newline at end of file + .github/ + *.md + .vault_pass + vault.yml \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg index e14300d..2e8a0cf 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,6 @@ host_key_checking = False inventory = ./inventories/production/hosts.yml remote_user = ansible -private_key_file = ~/.ssh/ansible_key roles_path = ./roles collections_path = ./collections retry_files_enabled = False @@ -11,11 +10,12 @@ fact_caching = jsonfile fact_caching_connection = /tmp/ansible_facts fact_caching_timeout = 86400 stdout_callback = yaml -callback_whitelist = profile_tasks deprecation_warnings = False command_warnings = False ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} +interpreter_python = /usr/bin/python3 [ssh_connection] pipelining = True -control_path = /tmp/ansible-ssh-%%h-%%p-%%r \ No newline at end of file +control_path = /tmp/ansible-ssh-%%h-%%p-%%r +ssh_args = -o ControlMaster=auto -o ControlPersist=60s \ No newline at end of file diff --git a/inventories/production/group_vars/all.yml b/inventories/production/group_vars/all.yml index 65193ac..7c8714b 100644 --- a/inventories/production/group_vars/all.yml +++ b/inventories/production/group_vars/all.yml @@ -1,7 +1,6 @@ --- -# Variables globales pour la production +# Configuration Ansible ansible_user: ansible -ansible_ssh_private_key_file: ~/.ssh/ansible_key ansible_become: true ansible_become_method: sudo @@ -16,6 +15,10 @@ minecraft_sources_dir: /opt/minecraft/sources minecraft_tools_dir: /opt/minecraft/tools minecraft_backup_dir: /opt/minecraft/backups +# Configuration mémoire +minecraft_memory_min: 2048 +minecraft_memory_max: 4096 + # Configuration Java java_version: 21 java_vendor: openjdk @@ -24,8 +27,50 @@ java_vendor: openjdk server_port: 25565 rcon_port: 25575 enable_rcon: true +rcon_password: "{{ vault_rcon_password | default('ChangeMe123!') }}" + +# Configuration serveur +server_name: "Production Minecraft Server" +max_players: 20 +view_distance: 10 +gamemode: survival +difficulty: normal +enable_command_block: false +online_mode: true +pvp: true +white_list: false # Configuration Backup backup_retention_daily: 7 backup_retention_weekly: 4 -backup_retention_monthly: 3 \ No newline at end of file +backup_retention_monthly: 3 +backup_time_daily: "03:00" +backup_time_weekly: "04:00" +backup_time_monthly: "05:00" + +# Configuration sécurité +ssh_port: 22 +firewall_allowed_tcp_ports: + - 22 + - 25565 + - 25575 +firewall_allowed_udp_ports: [] + +# Administrateurs SSH (à remplir avec vos clés) +admin_ssh_keys: [] +# - name: admin1 +# key: "ssh-rsa AAAAB3..." + +# Opérateurs Minecraft (à remplir) +minecraft_ops: [] +# - name: "PlayerName" +# uuid: "uuid-here" +# level: 4 +# bypassesPlayerLimit: true + +# Plugins à installer +minecraft_plugins_list: + - name: "EssentialsX" + url: "https://github.com/EssentialsX/Essentials/releases/latest/download/EssentialsX.jar" + - name: "Vault" + url: "https://github.com/MilkBowl/Vault/releases/latest/download/Vault.jar" \ No newline at end of file diff --git a/inventories/production/group_vars/minecraft_servers.yml b/inventories/production/group_vars/minecraft_servers.yml deleted file mode 100644 index 35ec2ef..0000000 --- a/inventories/production/group_vars/minecraft_servers.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Configuration spécifique aux serveurs Minecraft -minecraft_version: "1.21.6" -minecraft_user: minecraft -minecraft_group: minecraft -minecraft_home: /opt/minecraft - -# Chemins -minecraft_sources_dir: "{{ minecraft_home }}/sources" -minecraft_server_dir: "{{ minecraft_home }}/server" -minecraft_tools_dir: "{{ minecraft_home }}/tools" -minecraft_backups_dir: "{{ minecraft_home }}/backups" - -# Configuration serveur -minecraft_memory_min: "1G" -minecraft_memory_max: "4G" -minecraft_port: 25565 -minecraft_rcon_port: 25575 -minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}" - -# Java -java_version: 21 - -# Backups -backup_retention_daily: 7 -backup_retention_weekly: 4 -backup_retention_monthly: 6 \ No newline at end of file diff --git a/inventories/production/hosts.yml b/inventories/production/hosts.yml index 764cca8..6c17036 100644 --- a/inventories/production/hosts.yml +++ b/inventories/production/hosts.yml @@ -5,11 +5,8 @@ all: hosts: minecraft-prod-01: ansible_host: 192.168.1.10 - ansible_user: ansible - minecraft-prod-02: - ansible_host: 192.168.1.11 - ansible_user: ansible vars: + ansible_user: ansible environment: production minecraft_memory: 4096 minecraft_port: 25565 \ No newline at end of file diff --git a/inventories/staging/group_vars/all.yml b/inventories/staging/group_vars/all.yml index 7152ffc..7c8714b 100644 --- a/inventories/staging/group_vars/all.yml +++ b/inventories/staging/group_vars/all.yml @@ -1,11 +1,10 @@ --- -# Variables globales pour le staging +# Configuration Ansible ansible_user: ansible -ansible_ssh_private_key_file: ~/.ssh/ansible_key ansible_become: true ansible_become_method: sudo -# Configuration Minecraft (staging) +# Configuration Minecraft minecraft_version: "1.21.6" minecraft_type: "spigot" minecraft_user: minecraft @@ -16,6 +15,10 @@ minecraft_sources_dir: /opt/minecraft/sources minecraft_tools_dir: /opt/minecraft/tools minecraft_backup_dir: /opt/minecraft/backups +# Configuration mémoire +minecraft_memory_min: 2048 +minecraft_memory_max: 4096 + # Configuration Java java_version: 21 java_vendor: openjdk @@ -24,8 +27,50 @@ java_vendor: openjdk server_port: 25565 rcon_port: 25575 enable_rcon: true +rcon_password: "{{ vault_rcon_password | default('ChangeMe123!') }}" + +# Configuration serveur +server_name: "Production Minecraft Server" +max_players: 20 +view_distance: 10 +gamemode: survival +difficulty: normal +enable_command_block: false +online_mode: true +pvp: true +white_list: false # Configuration Backup -backup_retention_daily: 3 -backup_retention_weekly: 2 -backup_retention_monthly: 1 \ No newline at end of file +backup_retention_daily: 7 +backup_retention_weekly: 4 +backup_retention_monthly: 3 +backup_time_daily: "03:00" +backup_time_weekly: "04:00" +backup_time_monthly: "05:00" + +# Configuration sécurité +ssh_port: 22 +firewall_allowed_tcp_ports: + - 22 + - 25565 + - 25575 +firewall_allowed_udp_ports: [] + +# Administrateurs SSH (à remplir avec vos clés) +admin_ssh_keys: [] +# - name: admin1 +# key: "ssh-rsa AAAAB3..." + +# Opérateurs Minecraft (à remplir) +minecraft_ops: [] +# - name: "PlayerName" +# uuid: "uuid-here" +# level: 4 +# bypassesPlayerLimit: true + +# Plugins à installer +minecraft_plugins_list: + - name: "EssentialsX" + url: "https://github.com/EssentialsX/Essentials/releases/latest/download/EssentialsX.jar" + - name: "Vault" + url: "https://github.com/MilkBowl/Vault/releases/latest/download/Vault.jar" \ No newline at end of file diff --git a/inventories/staging/group_vars/minecraft_servers.yml b/inventories/staging/group_vars/minecraft_servers.yml deleted file mode 100644 index 31480ac..0000000 --- a/inventories/staging/group_vars/minecraft_servers.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Configuration spécifique aux serveurs Minecraft de staging -minecraft_version: "1.21.6" -minecraft_user: minecraft -minecraft_group: minecraft -minecraft_home: /opt/minecraft - -# Chemins -minecraft_sources_dir: "{{ minecraft_home }}/sources" -minecraft_server_dir: "{{ minecraft_home }}/server" -minecraft_tools_dir: "{{ minecraft_home }}/tools" -minecraft_backups_dir: "{{ minecraft_home }}/backups" - -# Configuration serveur (plus petite pour staging) -minecraft_memory_min: "512M" -minecraft_memory_max: "2G" -minecraft_port: 25565 -minecraft_rcon_port: 25575 -minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}" - -# Java -java_version: 21 - -# Backups (retention plus courte en staging) -backup_retention_daily: 3 -backup_retention_weekly: 2 -backup_retention_monthly: 1 diff --git a/inventories/staging/hosts.yml b/inventories/staging/hosts.yml index 5fe5c91..dddacca 100644 --- a/inventories/staging/hosts.yml +++ b/inventories/staging/hosts.yml @@ -5,8 +5,8 @@ all: hosts: minecraft-staging-01: ansible_host: 192.168.2.10 - ansible_user: ansible vars: + ansible_user: ansible environment: staging minecraft_memory: 2048 minecraft_port: 25565 \ No newline at end of file diff --git a/requirements.yml b/requirements.yml index 45ea735..0fc1e56 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,6 +3,4 @@ collections: - name: ansible.posix version: ">=1.5.4" - name: community.general - version: ">=8.0.0" - -roles: [] \ No newline at end of file + version: ">=8.0.0" \ No newline at end of file diff --git a/scripts/test-connection.sh b/scripts/test-connection.sh new file mode 100644 index 0000000..2a5b4d7 --- /dev/null +++ b/scripts/test-connection.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Test de connexion aux serveurs + +echo "=== Test de connexion aux serveurs ===" + +# Test staging +echo "Test de connexion à staging..." +ansible -i inventories/staging/hosts.yml minecraft_servers -m ping + +# Test production +echo "Test de connexion à production..." +ansible -i inventories/production/hosts.yml minecraft_servers -m ping + +echo "" +echo "=== Test de privilèges sudo ===" + +# Test sudo staging +echo "Test sudo sur staging..." +ansible -i inventories/staging/hosts.yml minecraft_servers -b -m command -a "whoami" + +# Test sudo production +echo "Test sudo sur production..." +ansible -i inventories/production/hosts.yml minecraft_servers -b -m command -a "whoami" \ No newline at end of file diff --git a/site.yml b/site.yml index 8782075..0e38486 100644 --- a/site.yml +++ b/site.yml @@ -14,17 +14,27 @@ roles: - role: 01-server_hardening - tags: ['hardening', 'security'] + tags: + - hardening + - security - role: 02-installation-java - tags: ['java', 'prerequisites'] + tags: + - java + - prerequisites - - role: 03-installation-Minecraft - tags: ['minecraft', 'installation'] + - role: 03-Installation-Minecraft + tags: + - minecraft + - installation - role: 04-backups - tags: ['backup', 'maintenance'] + tags: + - backup + - maintenance - role: 05-Update - tags: ['update', 'maintenance'] + tags: + - update + - maintenance when: update_check | default(false) \ No newline at end of file