Tips-Of-Mine/Ansible-Minecraft-Server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Tips-Of-Mine:b2459a2dc0ea711e6b7cd24393418acdb82d3f8e
Branches Tags
Tips-Of-Mine:main
..
compare: Tips-Of-Mine:main
Branches Tags
Tips-Of-Mine:main

12 Commits
b2459a2dc0 ... main

Author SHA1 Message Date
hcornet
2c8263fe62 v2
Some checks failed
Ansible Minecraft CI/CD / Ansible Lint (push) Successful in 14s
Details
Ansible Minecraft CI/CD / Syntax Check (push) Successful in 8s
Details
Ansible Minecraft CI/CD / Deploy to Staging (push) Has been skipped
Details
Ansible Minecraft CI/CD / Deploy to Production (push) Failing after 7s
Details
2025-08-27 16:38:30 +02:00
hcornet
93b26fdc09 remove error ansible-lint 2025-08-27 16:37:48 +02:00
hcornet
880d463cb0 update ReadMe file
Some checks failed
Ansible Minecraft CI/CD / Ansible Lint (push) Successful in 8s
Details
Ansible Minecraft CI/CD / Syntax Check (push) Successful in 8s
Details
Ansible Minecraft CI/CD / Deploy to Staging (push) Has been skipped
Details
Ansible Minecraft CI/CD / Deploy to Production (push) Failing after 7s
Details
2025-08-27 16:26:19 +02:00
hcornet
952b544b0a correction fichier : 02-install-java.yml
Some checks failed
Ansible Minecraft CI/CD / Ansible Lint (push) Successful in 9s
Details
Ansible Minecraft CI/CD / Syntax Check (push) Successful in 8s
Details
Ansible Minecraft CI/CD / Deploy to Staging (push) Failing after 7s
Details
Ansible Minecraft CI/CD / Deploy to Production (push) Has been skipped
Details
2025-08-27 15:18:52 +02:00
hcornet
dd29876793 good test cases
Some checks failed
Ansible Minecraft CI/CD / Ansible Lint (push) Successful in 7s
Details
Ansible Minecraft CI/CD / Syntax Check (push) Failing after 7s
Details
Ansible Minecraft CI/CD / Deploy to Staging (push) Has been skipped
Details
Ansible Minecraft CI/CD / Deploy to Production (push) Has been skipped
Details
2025-08-27 15:16:45 +02:00
hcornet
dbf77e80d5 test cases
Some checks failed
Ansible Minecraft CI/CD / Deploy to Staging (push) Has been skipped
Details
Ansible Minecraft CI/CD / Deploy to Production (push) Has been skipped
Details
Ansible Minecraft CI/CD / Ansible Lint (push) Successful in 7s
Details
Ansible Minecraft CI/CD / Syntax Check (push) Failing after 7s
Details
2025-08-27 15:15:29 +02:00
hcornet
8f0877cd53 new version
Some checks failed
Ansible Minecraft CI/CD / Ansible Lint (push) Successful in 8s
Details
Ansible Minecraft CI/CD / Syntax Check (push) Failing after 7s
Details
Ansible Minecraft CI/CD / Deploy to Staging (push) Has been skipped
Details
Ansible Minecraft CI/CD / Deploy to Production (push) Has been skipped
Details
2025-08-27 15:11:08 +02:00
hcornet
3e64946953 change cases
Some checks failed
Ansible Minecraft Server CI/CD / lint (push) Failing after 11s
Details
Ansible Minecraft Server CI/CD / test (push) Has been skipped
Details
Ansible Minecraft Server CI/CD / deploy (push) Has been skipped
Details
2025-08-27 13:21:12 +02:00
hcornet
7ce8cf1662 change
Some checks failed
Ansible Minecraft Server CI/CD / lint (push) Failing after 12s
Details
Ansible Minecraft Server CI/CD / test (push) Has been skipped
Details
Ansible Minecraft Server CI/CD / deploy (push) Has been skipped
Details
2025-08-27 13:15:16 +02:00
hcornet
e67cc93516 cases
Some checks failed
Ansible Minecraft Server CI/CD / lint (push) Failing after 12s
Details
Ansible Minecraft Server CI/CD / test (push) Has been skipped
Details
Ansible Minecraft Server CI/CD / deploy (push) Has been skipped
Details
2025-08-27 08:02:13 +02:00
hcornet
9ea9ac7254 check new version
Some checks failed
Ansible Minecraft Server CI/CD / lint (push) Failing after 21s
Details
Ansible Minecraft Server CI/CD / test (push) Has been skipped
Details
Ansible Minecraft Server CI/CD / deploy (push) Has been skipped
Details
2025-08-27 07:59:19 +02:00
hcornet
7a2ccb537b test other version
Some checks failed
Ansible Minecraft CI/CD Pipeline / Ansible Lint Check (push) Successful in 58s
Details
Ansible Minecraft CI/CD Pipeline / Project Structure Validation (push) Failing after 3s
Details
Ansible Minecraft CI/CD Pipeline / Security Scan (push) Successful in 4s
Details
Ansible Minecraft CI/CD Pipeline / Deploy to Staging (push) Has been skipped
Details
Ansible Minecraft CI/CD Pipeline / Deploy to Production (push) Has been skipped
Details
Ansible Minecraft CI/CD Pipeline / Backup System Check (push) Has been skipped
Details
2025-08-26 21:59:21 +02:00
99 changed files with 1534 additions and 1432 deletions
Expand all files Collapse all files

40
.ansible-lint Normal file
View File

@@ -0,0 +1,40 @@
---
exclude_paths:
- .gitea/
- .github/
- .git/
- .cache/
- test/
- tests/
- molecule/
skip_list:
- yaml[line-length]
- name[casing]
- no-changed-when
- command-instead-of-module
- risky-file-permissions
warn_list:
- experimental
- role-name[path]
- var-naming[no-role-prefix]
enable_list:
- fqcn-builtins
- no-log-password
- no-same-owner
kinds:
- tasks: "**/tasks/*.yml"
- vars: "**/vars/*.yml"
- defaults: "**/defaults/*.yml"
- handlers: "**/handlers/*.yml"
- meta: "**/meta/*.yml"
- yaml: "*.yaml"
- yml: "*.yml"
use_default_rules: true
parseable: true
quiet: false
verbosity: 1

145
.gitea/workflows/ci-cd.yml
View File

@@ -1,83 +1,140 @@
name: Ansible Lint
name: Ansible Minecraft CI/CD
on:
push:
branches: [ main, develop ]
workflow_dispatch:
inputs:
environment:
description: 'Environment to deploy'
required: true
default: 'staging'
type: choice
options:
- staging
- production
pull_request:
branches: [ main ]
jobs:
ansible_lint_and_syntax_check:
lint:
runs-on: ubuntu-latest
name: Ansible Lint
steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install ansible ansible-lint yamllint
- name: Run yamllint
run: yamllint .
continue-on-error: true
- name: Run ansible-lint
run: ansible-lint
continue-on-error: true
- name: Validate inventory files
- name: Lint YAML files
run: |
ansible-inventory --list -i inventories/production/hosts.yml
ansible-inventory --list -i inventories/staging/hosts.yml
yamllint .
continue-on-error: true
deploy:
- name: Lint Ansible playbooks
run: |
ansible-lint site.yml roles/
continue-on-error: true
syntax-check:
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment || 'staging' }}
name: Syntax Check
needs: lint
steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
python-version: '3.11'
- name: Install Ansible
run: pip install ansible
run: |
python -m pip install --upgrade pip
pip install ansible
- name: Install collections
run: |
ansible-galaxy collection install -r requirements.yml
- name: Check syntax
run: |
ansible-playbook --syntax-check site.yml -i inventories/staging/hosts.yml
deploy-staging:
runs-on: ubuntu-latest
name: Deploy to Staging
needs: [lint, syntax-check]
if: github.ref == 'refs/heads/develop'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Ansible
run: |
python -m pip install --upgrade pip
pip install ansible
- name: Install collections
run: |
ansible-galaxy collection install -r requirements.yml
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.ANSIBLE_SSH_KEY }}" > ~/.ssh/ansible_key
chmod 600 ~/.ssh/ansible_key
ssh-keyscan -H ${{ secrets.ANSIBLE_HOST }} >> ~/.ssh/known_hosts
- name: Create vault password file
run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.ansible_vault_pass
echo "${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}" | base64 -d > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts
- name: Deploy to staging
if: ${{ github.event.inputs.environment == 'staging' || github.ref == 'refs/heads/develop' }}
run: |
ansible-playbook -i inventories/staging/hosts.yml site.yml \
--vault-password-file ~/.ansible_vault_pass \
--private-key ~/.ssh/ansible_key
ansible-playbook site.yml -i inventories/staging/hosts.yml --check --diff
env:
MINECRAFT_RCON_PASSWORD: ${{ secrets.MINECRAFT_RCON_PASSWORD }}
ANSIBLE_HOST_KEY_CHECKING: 'false'
deploy-production:
runs-on: ubuntu-latest
name: Deploy to Production
needs: [lint, syntax-check]
if: github.ref == 'refs/heads/main'
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Ansible
run: |
python -m pip install --upgrade pip
pip install ansible
- name: Install collections
run: |
ansible-galaxy collection install -r requirements.yml
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}" | base64 -d > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts
- name: Deploy to production
if: ${{ github.event.inputs.environment == 'production' || github.ref == 'refs/heads/main' }}
run: |
ansible-playbook -i inventories/production/hosts.yml site.yml \
--vault-password-file ~/.ansible_vault_pass \
--private-key ~/.ssh/ansible_key
ansible-playbook site.yml -i inventories/production/hosts.yml
env:
MINECRAFT_RCON_PASSWORD: ${{ secrets.MINECRAFT_RCON_PASSWORD }}
ANSIBLE_HOST_KEY_CHECKING: 'false'

67
.gitignore vendored
View File

@@ -1,29 +1,70 @@
# Ansible
*.retry
*.log
.vault_pass
.ansible_vault_pass
vault.yml
secrets
secrets.yml
*.vault
# SSH keys
# SSH Keys
*.pem
*.key
*.pub
id_rsa*
ansible_key*
id_ed25519*
authorized_keys
# Temporary files
*.tmp
*.temp
# Backup files
*.bak
*.backup
*.old
*~
*.swp
*.swo
# Python
__pycache__/
*.py[cod]
*$py.class
.Python
env/
venv/
.env
.venv
# OS
.DS_Store
Thumbs.db
desktop.ini
# IDE
.vscode/
.idea/
*.swp
*.swo
*.iml
.project
.settings/
# Logs
*.log
# Ansible
.ansible/
/tmp/ansible_facts/
ansible-facts/
# Backups
*.bak
*.backup
# Test
test/
tests/
molecule/
.molecule/
.cache/
.pytest_cache/
# Local
local/
*.local
*.local.yml
.vagrant/
# Terraform (si utilisé)
*.tfstate
*.tfstate.*
.terraform/

38
.yamllint.yml Normal file
View File

@@ -0,0 +1,38 @@
---
extends: default
rules:
line-length:
max: 150
level: warning
truthy:
allowed-values: ['true', 'false', 'yes', 'no']
check-keys: false
comments:
min-spaces-from-content: 1
comments-indentation: disable
indentation:
spaces: 2
indent-sequences: true
brackets:
max-spaces-inside: 1
braces:
max-spaces-inside: 1
colons:
max-spaces-after: -1
commas:
max-spaces-after: -1
document-start:
present: true
empty-lines:
max: 2
key-duplicates: enable
new-line-at-end-of-file: enable
trailing-spaces: enable
ignore: |
.gitea/
.github/
*.md
.vault_pass
vault.yml

672
README.md
View File

@@ -1,530 +1,266 @@
# Minecraft Spigot Server - Ansible Deployment
# Ansible Minecraft Spigot Server
Ce projet Ansible permet de déployer automatiquement un serveur Minecraft Spigot complet avec hardening de sécurité, sauvegarde automatisée et gestion des mises à jour.
Ce projet Ansible permet d'installer et de gérer automatiquement un serveur Minecraft Spigot avec toutes les fonctionnalités nécessaires pour un environnement de production.
## 🚀 Fonctionnalités
### ✅ Rôles disponibles
- **01-server_hardening** : Durcissement sécuritaire du serveur
- **02-installation-java** : Installation automatique de Java OpenJDK
- **03-installation-minecraft** : Déploiement complet du serveur Spigot
- **04-backups** : Système de sauvegarde automatisé
- **05-update** : Gestion des mises à jour automatisées
- **Installation automatisée** de Minecraft Spigot version 1.21.6
- **Durcissement de sécurité** du serveur (SSH, Firewall, Fail2ban)
- **Installation Java** automatique et optimisée
- **Système de sauvegarde** complet (quotidien, hebdomadaire, mensuel)
- **Mises à jour automatiques** de Spigot
- **Gestion des plugins** et des administrateurs
- **Surveillance et logs** avec rotation automatique
- **CI/CD intégré** avec Gitea Actions
### 🔧 Composants installés
- **Spigot 1.21.6** : Serveur Minecraft optimisé
- **mcrcon** : Administration à distance via RCON
- **Java 21** : Version optimale pour Spigot
- **Fail2Ban** : Protection contre les attaques par force brute
- **UFW** : Pare-feu simplifié
- **Logrotate** : Rotation automatique des logs
## 📋 Prérequis
## 📁 Structure du projet
### Serveurs cibles
- **OS supportés** : Debian 10/11/12/13 ou Ubuntu LTS
- **Accès SSH** configuré avec l'utilisateur `ansible`
- **Privilèges sudo** pour l'utilisateur ansible
- **Python 3.8+** installé sur les cibles
### Machine de contrôle
- **Ansible 2.10+**
- **Python 3.8+**
- **Collections Ansible** (installées via requirements.yml)
## 🛠️ Installation
### 1. Cloner le repository
```bash
git clone https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur.git
cd Ansible-Minecraft-Serveur
```
### 2. Installer les dépendances
```bash
# Installation des collections Ansible
ansible-galaxy collection install -r requirements.yml
# Installation de Python (si nécessaire)
python3 -m pip install ansible
```
### 3. Configuration des inventaires
#### Staging
Éditer `inventories/staging/hosts.yml` et `inventories/staging/group_vars/all.yml`
#### Production
Éditer `inventories/production/hosts.yml` et `inventories/production/group_vars/all.yml`
### 4. Configuration des secrets
#### Pour Gitea CI/CD
Configurer ces secrets dans Gitea :
- `ANSIBLE_SSH_PRIVATE_KEY` : Clé SSH privée (base64)
- `MINECRAFT_RCON_PASSWORD` : Mot de passe RCON
- `STAGING_HOST` : Adresse du serveur staging
- `PRODUCTION_HOST` : Adresse du serveur production
## 📚 Structure du projet
```
minecraft-spigot-ansible/
├── README.md # Documentation principale
Ansible-Minecraft-Serveur/
├── README.md # Ce fichier
├── requirements.yml # Collections Ansible requises
├── secrets # Template des secrets
├── site.yml # Playbook principal
├── ansible.cfg # Configuration Ansible
├── inventories/ # Inventaires des serveurs
│ ├── production/ # Environnement de production
│ └── staging/ # Environnement de test
── roles/ # Rôles Ansible
├── 01-server_hardening/ # Sécurisation du serveur
├── 02-installation-java/ # Installation Java
├── 03-installation-minecraft/ # Déploiement Minecraft
├── 04-backups/ # Système de sauvegarde
└── 05-update/ # Gestion des mises à jour
└── .gitea/workflows/ # CI/CD Gitea
├── lint.yml # Tests et validation
└── deploy.yml # Déploiement automatique
├── .gitea/workflows/ci.yml # Pipeline CI/CD
├── inventories/ # Inventaires par environnement
│ ├── production/ # Configuration production
│ └── staging/ # Configuration staging
── roles/ # Rôles Ansible
├── 01-server_hardening/ # Durcissement serveur
├── 02-installation-java/ # Installation Java
├── 03-Installation-minecraft/ # Installation Minecraft
├── 04-backups/ # Système de sauvegarde
└── 05-Update/ # Gestion des mises à jour
```
## ⚙️ Configuration requise
## 🚀 Utilisation
### Serveur cible
- **OS** : Debian 10/11/12/13 ou Ubuntu LTS
- **RAM** : Minimum 2GB (4GB recommandés)
- **Stockage** : 20GB minimum
- **Réseau** : Accès Internet pour téléchargements
### Serveur de contrôle
- **Ansible** : Version 2.9 ou supérieure
- **Python** : 3.8 ou supérieure
- **SSH** : Accès par clé aux serveurs cibles
## 🛠️ Installation et configuration
### 1. Préparation de l'environnement
### Déploiement complet
#### Environnement Staging
```bash
# Cloner le repository
git clone https://your-gitea-instance.com/your-repo/minecraft-spigot-ansible.git
cd minecraft-spigot-ansible
# Vérification de la syntaxe
ansible-playbook --syntax-check site.yml -i inventories/staging/hosts.yml
# Installer Ansible (si nécessaire)
pip install ansible ansible-lint yamllint
# Mode dry-run
ansible-playbook site.yml -i inventories/staging/hosts.yml --check --diff
# Configurer les clés SSH
ssh-keygen -t ed25519 -f ~/.ssh/ansible_key
ssh-copy-id -i ~/.ssh/ansible_key.pub ansible@your-server-ip
# Déploiement réel
ansible-playbook site.yml -i inventories/staging/hosts.yml
```
### 2. Configuration des inventaires
#### Environnement Production
```bash
# Mode dry-run obligatoire en production
ansible-playbook site.yml -i inventories/production/hosts.yml --check --diff
#### Production (`inventories/production/hosts.yml`)
# Déploiement réel (après validation)
ansible-playbook site.yml -i inventories/production/hosts.yml
```
### Déploiement par rôle
#### Durcissement uniquement
```bash
ansible-playbook site.yml -i inventories/staging/hosts.yml --tags hardening
```
#### Installation/Mise à jour Minecraft
```bash
ansible-playbook site.yml -i inventories/staging/hosts.yml --tags minecraft
```
#### Configuration sauvegardes
```bash
ansible-playbook site.yml -i inventories/staging/hosts.yml --tags backup
```
## 🔧 Configuration avancée
### Variables importantes
#### Minecraft
```yaml
all:
children:
minecraft_servers:
hosts:
minecraft-prod-01:
ansible_host: YOUR_PROD_IP
ansible_user: ansible
minecraft_version: "1.21.6" # Version Spigot
minecraft_max_memory: "4G" # RAM maximum
minecraft_min_memory: "2G" # RAM minimum
minecraft_port: 25565 # Port serveur
minecraft_rcon_port: 25575 # Port RCON
```
#### Variables globales (`inventories/production/group_vars/minecraft_servers.yml`)
#### Sécurité
```yaml
minecraft_version: "1.21.6"
minecraft_memory_min: "1G"
minecraft_memory_max: "4G"
minecraft_rcon_password: "your-secure-password"
firewall_enabled: true # Activation UFW
fail2ban_enabled: true # Activation Fail2ban
hardening_enabled: true # Durcissement complet
ssh_port: 22 # Port SSH
```
### 3. Configuration des secrets
Créer un fichier vault pour les mots de passe :
```bash
ansible-vault create inventories/production/group_vars/vault.yml
```
Contenu du vault :
#### Sauvegardes
```yaml
vault_minecraft_rcon_password: "your-secure-rcon-password"
vault_mysql_password: "your-mysql-password"
backup_enabled: true # Activation sauvegardes
backup_retention_daily: 7 # Rétention quotidienne
backup_retention_weekly: 4 # Rétention hebdomadaire
backup_retention_monthly: 6 # Rétention mensuelle
```
## 🚀 Déploiement
### Déploiement manuel
```bash
# Test de connectivité
ansible all -i inventories/production/hosts.yml -m ping
# Déploiement complet
ansible-playbook -i inventories/production/hosts.yml site.yml --ask-vault-pass
# Déploiement par rôle spécifique
ansible-playbook -i inventories/production/hosts.yml site.yml --tags "minecraft" --ask-vault-pass
```
### Déploiement par tags
```bash
# Sécurisation uniquement
ansible-playbook site.yml --tags "hardening"
# Installation Java uniquement
ansible-playbook site.yml --tags "java"
# Configuration Minecraft uniquement
ansible-playbook site.yml --tags "minecraft"
# Configuration des sauvegardes uniquement
ansible-playbook site.yml --tags "backup"
# Mises à jour uniquement
ansible-playbook site.yml --tags "update"
```
## 🔐 Sécurité
### Hardening automatique inclus
- **SSH** : Configuration sécurisée (clés uniquement, port personnalisable)
- **Firewall** : UFW avec règles restrictives
- **Fail2Ban** : Protection anti-bruteforce
- **Permissions** : Utilisateur dédié minecraft
- **Logs** : Rotation automatique et surveillance
### Ports ouverts par défaut
- **22/tcp** : SSH (configurable)
- **25565/tcp** : Minecraft
- **25575/tcp** : RCON (localhost uniquement)
## 💾 Système de sauvegarde
### Types de sauvegardes
- **Quotidienne** : 2h00, rétention 7 jours
- **Hebdomadaire** : Dimanche 3h00, rétention 4 semaines
- **Mensuelle** : 1er du mois 4h00, rétention 6 mois
### Localisation des sauvegardes
```
/opt/minecraft/backups/
├── daily/ # Sauvegardes quotidiennes
├── weekly/ # Sauvegardes hebdomadaires
├── monthly/ # Sauvegardes mensuelles
└── scripts/ # Scripts de sauvegarde
```
### Restauration
```bash
# Lister les sauvegardes disponibles
sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh
# Restaurer une sauvegarde spécifique
sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh daily 20241201_020000
```
## 🔄 Gestion des mises à jour
### Mises à jour automatiques
Le rôle `05-update` vérifie et applique automatiquement :
- **Clés SSH** : Nouvelles clés autorisées
- **Système** : Paquets Debian/Ubuntu
- **Spigot** : Nouvelles versions disponibles
### Processus de mise à jour Spigot
1. Détection nouvelle version
2. Téléchargement BuildTools
3. Compilation en parallèle
4. Tests de la nouvelle version
5. Basculement sans interruption
6. Nettoyage des anciennes versions
## 🎮 Administration du serveur
### Commandes utiles
```bash
# Statut du service
systemctl status minecraft
# Logs en temps réel
journalctl -u minecraft -f
# Console RCON
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password
# Commandes RCON utiles
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "say Serveur en maintenance"
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "stop"
```
### Structure des fichiers Minecraft
```
/opt/minecraft/
├── server/ # Serveur actif
│ ├── spigot.jar # Exécutable Spigot
│ ├── plugins/ # Plugins installés
│ ├── worlds/ # Mondes Minecraft
│ ├── logs/ # Logs du serveur
│ └── ops.json # Administrateurs
├── sources/ # Sources et BuildTools
├── tools/ # Outils (mcrcon, scripts)
└── backups/ # Sauvegardes automatiques
```
### Configuration des administrateurs
Éditer le fichier `inventories/production/group_vars/minecraft_servers.yml` :
### Ajout d'administrateurs Minecraft
Dans `group_vars/all.yml` :
```yaml
minecraft_ops:
- name: "admin_username"
uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
minecraft_admins:
- name: "PlayerName"
uuid: "player-uuid-here"
level: 4
bypass_limit: true
- name: "moderator_username"
uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
level: 3
bypass_limit: false
```
## 🔧 CI/CD avec Gitea
### Installation de plugins
### Configuration des secrets Gitea
Dans les paramètres de votre repository Gitea, configurez ces secrets :
- `ANSIBLE_SSH_KEY` : Clé privée SSH pour l'utilisateur ansible
- `ANSIBLE_VAULT_PASSWORD` : Mot de passe du vault Ansible
- `ANSIBLE_HOST` : IP du serveur pour ssh-keyscan
### Workflows disponibles
#### Lint et validation (`.gitea/workflows/lint.yml`)
- **Déclenchement** : Push sur main/develop, Pull Requests
- **Actions** :
- Validation YAML avec yamllint
- Validation Ansible avec ansible-lint
- Test des inventaires
#### Déploiement automatique (`.gitea/workflows/deploy.yml`)
- **Déclenchement** : Push sur main, déclenchement manuel
- **Environnements** : staging, production
- **Actions** :
- Déploiement automatique selon la branche
- Utilisation des secrets sécurisés
### Stratégie de déploiement
```
develop branch → staging environment
main branch → production environment
manual trigger → choice of environment
```yaml
minecraft_plugins:
- name: "WorldEdit"
url: "https://example.com/worldedit.jar"
- name: "Vault"
url: "https://example.com/vault.jar"
```
## 📊 Monitoring et logs
## 🔍 Monitoring et maintenance
### Logs système
### Logs importants
- **Serveur Minecraft** : `/opt/minecraft/server/logs/`
- **Système** : `/var/log/syslog`
- **SSH** : `/var/log/auth.log`
- **Fail2ban** : `/var/log/fail2ban.log`
### Commandes utiles
#### Status du serveur
```bash
# Logs du service Minecraft
journalctl -u minecraft -f --since "1 hour ago"
# Logs de sécurité
tail -f /var/log/auth.log
# Logs Fail2Ban
tail -f /var/log/fail2ban.log
# Logs UFW
tail -f /var/log/ufw.log
systemctl status minecraft
```
### Logs Minecraft
#### Connexion RCON
```bash
# Log actuel du serveur
tail -f /opt/minecraft/server/logs/latest.log
# Logs archivés
ls -la /opt/minecraft/server/logs/
# Recherche dans les logs
grep "ERROR" /opt/minecraft/server/logs/latest.log
/opt/minecraft/tools/mcrcon/mcrcon -H localhost -P 25575 -p votre_mot_de_passe
```
### Métriques système
#### Sauvegarde manuelle
```bash
# Utilisation mémoire Java
ps aux | grep java
# Espace disque
df -h /opt/minecraft
# Processus réseau
netstat -tlnp | grep :25565
/usr/local/bin/minecraft-backup-daily.sh
```
## 🔍 Dépannage
#### Restauration
```bash
/usr/local/bin/minecraft-restore.sh daily minecraft-daily-20240127_020000
```
## 🔄 Mises à jour
### Automatiques
Les mises à jour sont vérifiées selon la planification définie dans les crons.
### Manuelles
```bash
ansible-playbook site.yml -i inventories/production/hosts.yml --tags update
```
## 🐛 Dépannage
### Problèmes courants
#### Le serveur ne démarre pas
1. Vérifier les logs : `journalctl -u minecraft -f`
2. Vérifier l'EULA : `/opt/minecraft/server/eula.txt`
3. Vérifier la RAM disponible : `free -h`
#### Compilation Spigot échoue
1. Vérifier Java : `java -version`
2. Vérifier l'espace disque : `df -h`
3. Vérifier les logs de compilation
#### Connexion SSH échoue
1. Vérifier le pare-feu : `ufw status`
2. Vérifier les clés SSH
3. Vérifier Fail2ban : `fail2ban-client status sshd`
### Logs de debug
```bash
# Vérifier le statut
systemctl status minecraft
# Vérifier les logs
journalctl -u minecraft -n 50
# Vérifier la configuration
sudo -u minecraft java -jar /opt/minecraft/server/spigot.jar --help
# Activation du mode verbose
ansible-playbook site.yml -i inventories/staging/hosts.yml -vvv
```
#### Problèmes de mémoire
```bash
# Ajuster dans group_vars/minecraft_servers.yml
minecraft_memory_min: "2G"
minecraft_memory_max: "6G"
# Redéployer
ansible-playbook site.yml --tags "minecraft"
```
#### Problèmes de connectivité
```bash
# Vérifier le pare-feu
ufw status verbose
# Tester la connectivité
telnet server-ip 25565
# Vérifier RCON
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p password "list"
```
#### Erreurs de compilation Spigot
```bash
# Nettoyer le cache de compilation
rm -rf /opt/minecraft/sources/build_*
# Relancer la compilation
ansible-playbook site.yml --tags "compile" -v
```
### Mode debug
Pour activer le mode debug lors du déploiement :
```bash
ansible-playbook site.yml -vvv
```
## 🔄 Maintenance
### Maintenance programmée
```bash
# Script de maintenance (à créer)
#!/bin/bash
# Arrêter le serveur
systemctl stop minecraft
# Effectuer la maintenance
# ...
# Redémarrer le serveur
systemctl start minecraft
```
### Mise à jour manuelle
```bash
# Mise à jour du système uniquement
ansible-playbook site.yml --tags "system-update"
# Mise à jour Spigot uniquement
ansible-playbook site.yml --tags "spigot-update"
# Mise à jour complète
ansible-playbook site.yml --tags "update"
```
### Nettoyage
```bash
# Nettoyer les anciens logs
find /opt/minecraft/server/logs/ -name "*.log.gz" -mtime +30 -delete
# Nettoyer les anciennes sauvegardes (automatique via scripts)
# Les scripts de sauvegarde incluent le nettoyage automatique
# Nettoyer les anciennes versions compilées
rm -rf /opt/minecraft/sources/build_*
```
## 📝 Personnalisation
### Ajout de plugins
Éditer `inventories/production/group_vars/minecraft_servers.yml` :
```yaml
minecraft_plugins:
- name: "EssentialsX-2.21.0.jar"
url: "https://github.com/EssentialsX/Essentials/releases/download/2.21.0/EssentialsX-2.21.0.jar"
- name: "WorldEdit-7.3.0.jar"
url: "https://dev.bukkit.org/projects/worldedit/files/latest"
```
### Configuration serveur personnalisée
Éditer les templates dans `roles/03-installation-minecraft/templates/` :
- `server.properties.j2` : Propriétés principales
- `spigot.yml.j2` : Configuration Spigot
- `bukkit.yml.j2` : Configuration Bukkit
### Ajout de nouveaux environnements
1. Créer le répertoire d'inventaire :
```bash
mkdir -p inventories/preprod/{group_vars}
```
2. Créer les fichiers de configuration :
```bash
cp inventories/staging/* inventories/preprod/
```
3. Adapter la configuration dans `group_vars/`
## 🤝 Contribution
### Développement local
1. Fork le projet
2. Créer une branche feature (`git checkout -b feature/amazing-feature`)
3. Commit les changements (`git commit -m 'Add amazing feature'`)
4. Push vers la branche (`git push origin feature/amazing-feature`)
5. Créer une Pull Request
```bash
# Cloner le projet
git clone https://your-gitea-instance.com/your-repo/minecraft-spigot-ansible.git
cd minecraft-spigot-ansible
# Installer les dépendances de développement
pip install ansible ansible-lint yamllint pre-commit
# Installer les hooks pre-commit
pre-commit install
# Tester les modifications
ansible-lint
yamllint .
```
### Standards de code
- **YAML** : Indentation 2 espaces
- **Ansible** : Utilisation des modules officiels
- **Templates** : Variables Jinja2 documentées
- **Tags** : Cohérence dans le nommage
- **Idempotence** : Tous les tasks doivent être idempotents
### Processus de contribution
1. **Fork** du projet
2. **Branche** de fonctionnalité : `feature/nouvelle-fonctionnalite`
3. **Commits** descriptifs et atomiques
4. **Tests** : Validation avec ansible-lint
5. **Pull Request** avec description détaillée
## 📚 Ressources
### Documentation Ansible
- [Ansible Documentation](https://docs.ansible.com/)
- [Ansible Best Practices](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html)
### Documentation Minecraft
- [Spigot Documentation](https://www.spigotmc.org/wiki/)
- [Paper Documentation](https://docs.papermc.io/)
### Sécurité
- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)
- [ANSSI Hardening Guide](https://www.ssi.gouv.fr/)
## 📞 Support
### Rapporter un problème
Utilisez le système d'issues de Gitea avec :
- **Titre** descriptif
- **Environnement** (OS, version Ansible, etc.)
- **Logs** d'erreur
- **Steps to reproduce**
### Contact
- **Issues** : Système d'issues Gitea
- **Discussions** : Forum interne de l'équipe
- **Documentation** : Wiki du projet
## 📄 Licence
## 📝 Licence
Ce projet est sous licence MIT. Voir le fichier `LICENSE` pour plus de détails.
## 🆘 Support
- **Issues** : [Gitea Issues](https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur/issues)
- **Wiki** : [Documentation détaillée](https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur/wiki)
- **Discussions** : [Forum du projet](https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur/discussions)
## 🙏 Remerciements
- Équipe Ansible pour l'excellente plateforme
- Communauté Spigot pour le serveur
- Contributeurs du projet
---
**Version du playbook** : 1.0.0
**Compatible avec** : Debian 10/11/12/13, Ubuntu 18.04/20.04/22.04
**Version Minecraft supportée** : 1.21.6
**Dernière mise à jour** : Décembre 2024
**Made with ❤️ for Minecraft communities**

22
ansible.cfg
View File

@@ -1,15 +1,21 @@
[defaults]
host_key_checking = False
inventory = inventories/production/hosts.yml
inventory = ./inventories/production/hosts.yml
remote_user = ansible
private_key_file = ~/.ssh/ansible_key
roles_path = roles
stdout_callback = yaml
roles_path = ./roles
collections_path = ./collections
retry_files_enabled = False
gathering = smart
fact_caching = memory
forks = 5
timeout = 30
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_facts
fact_caching_timeout = 86400
stdout_callback = yaml
deprecation_warnings = False
command_warnings = False
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
interpreter_python = /usr/bin/python3
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
pipelining = True
control_path = /tmp/ansible-ssh-%%h-%%p-%%r
ssh_args = -o ControlMaster=auto -o ControlPersist=60s

35
inventories/production/group_vars/all.yml
View File

@@ -1,17 +1,30 @@
---
# Configuration globale pour la production
# Configuration globale Production
environment: production
timezone: Europe/Paris
python_interpreter: /usr/bin/python3
# Utilisateur Ansible
ansible_user: ansible
ansible_become: yes
ansible_become_method: sudo
# Configuration SSH
# Configuration réseau
ssh_port: 22
ssh_allow_users: ["ansible", "minecraft"]
allowed_ssh_users: ["ansible", "minecraft"]
fail2ban_enabled: true
# Configuration Firewall
# Configuration Java
java_version: "17"
java_package: "openjdk-17-jdk"
# Configuration Minecraft
minecraft_version: "1.21.6"
spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
minecraft_max_memory: "4G"
minecraft_min_memory: "2G"
# Configuration backups
backup_enabled: true
backup_remote_host: "backup.example.com"
backup_local_path: "/opt/minecraft/backups"
backup_remote_path: "/backups/minecraft"
# Configuration sécurité
firewall_enabled: true
firewall_default_policy: deny
automatic_updates: false
hardening_enabled: true

27
inventories/production/group_vars/minecraft_servers.yml
View File

@@ -1,27 +0,0 @@
---
# Configuration spécifique aux serveurs Minecraft
minecraft_version: "1.21.6"
minecraft_user: minecraft
minecraft_group: minecraft
minecraft_home: /opt/minecraft
# Chemins
minecraft_sources_dir: "{{ minecraft_home }}/sources"
minecraft_server_dir: "{{ minecraft_home }}/server"
minecraft_tools_dir: "{{ minecraft_home }}/tools"
minecraft_backups_dir: "{{ minecraft_home }}/backups"
# Configuration serveur
minecraft_memory_min: "1G"
minecraft_memory_max: "4G"
minecraft_port: 25565
minecraft_rcon_port: 25575
minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
# Java
java_version: 21
# Backups
backup_retention_daily: 7
backup_retention_weekly: 4
backup_retention_monthly: 6

18
inventories/production/hosts.yml
View File

@@ -1,13 +1,19 @@
---
all:
children:
minecraft_servers:
hosts:
minecraft-prod-01:
ansible_host: 192.168.1.100
ansible_host: 10.0.1.10
ansible_user: ansible
ansible_ssh_private_key_file: ~/.ssh/ansible_key
minecraft_server_name: "Production Server 01"
minecraft_port: 25565
minecraft_rcon_port: 25575
minecraft-prod-02:
ansible_host: 192.168.1.101
ansible_host: 10.0.1.11
ansible_user: ansible
ansible_ssh_private_key_file: ~/.ssh/ansible_key
minecraft_server_name: "Production Server 02"
minecraft_port: 25565
minecraft_rcon_port: 25575
vars:
environment: production
backup_retention_days: 90
update_schedule: "0 3 * * 0" # Dimanche 3h

35
inventories/staging/group_vars/all.yml
View File

@@ -1,17 +1,28 @@
---
# Configuration globale pour le staging
# Configuration globale Staging
environment: staging
timezone: Europe/Paris
python_interpreter: /usr/bin/python3
# Utilisateur Ansible
ansible_user: ansible
ansible_become: yes
ansible_become_method: sudo
# Configuration SSH
# Configuration réseau
ssh_port: 22
ssh_allow_users: ["ansible", "minecraft"]
allowed_ssh_users: ["ansible", "minecraft", "developer"]
fail2ban_enabled: false
# Configuration Firewall
firewall_enabled: true
firewall_default_policy: deny
# Configuration Java
java_version: "17"
java_package: "openjdk-17-jdk"
# Configuration Minecraft
minecraft_version: "1.21.6"
spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
minecraft_max_memory: "2G"
minecraft_min_memory: "1G"
# Configuration backups
backup_enabled: true
backup_local_path: "/opt/minecraft/backups"
# Configuration sécurité
firewall_enabled: false
automatic_updates: true
hardening_enabled: false

27
inventories/staging/group_vars/minecraft_servers.yml
View File

@@ -1,27 +0,0 @@
---
# Configuration spécifique aux serveurs Minecraft de staging
minecraft_version: "1.21.6"
minecraft_user: minecraft
minecraft_group: minecraft
minecraft_home: /opt/minecraft
# Chemins
minecraft_sources_dir: "{{ minecraft_home }}/sources"
minecraft_server_dir: "{{ minecraft_home }}/server"
minecraft_tools_dir: "{{ minecraft_home }}/tools"
minecraft_backups_dir: "{{ minecraft_home }}/backups"
# Configuration serveur (plus petite pour staging)
minecraft_memory_min: "512M"
minecraft_memory_max: "2G"
minecraft_port: 25565
minecraft_rcon_port: 25575
minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
# Java
java_version: 21
# Backups (retention plus courte en staging)
backup_retention_daily: 3
backup_retention_weekly: 2
backup_retention_monthly: 1

12
inventories/staging/hosts.yml
View File

@@ -1,9 +1,13 @@
---
all:
children:
minecraft_servers:
hosts:
minecraft-staging-01:
ansible_host: 192.168.1.200
ansible_host: 10.0.2.10
ansible_user: ansible
ansible_ssh_private_key_file: ~/.ssh/ansible_key
minecraft_server_name: "Staging Server 01"
minecraft_port: 25565
minecraft_rcon_port: 25575
vars:
environment: staging
backup_retention_days: 30
update_schedule: "0 2 * * *" # Tous les jours 2h

8
requirements.yml Normal file
View File

@@ -0,0 +1,8 @@
---
collections:
- name: community.general
version: ">=7.0.0"
- name: ansible.posix
version: ">=1.5.0"
- name: community.crypto
version: ">=2.15.0"

27
roles/01-server_hardening/defaults/main.yml
View File

@@ -1,25 +1,22 @@
---
# Configuration par défaut pour le hardening
# Configuration par défaut du durcissement serveur
hardening_packages:
- fail2ban
- ufw
- unattended-upgrades
- logrotate
- rsync
ssh_port: 22
ssh_protocol: 2
ssh_permit_root_login: "no"
ssh_password_authentication: "no"
ssh_pub_key_authentication: "yes"
ssh_allow_users: ["ansible"]
ssh_max_auth_tries: 3
ssh_client_alive_interval: 300
ssh_client_alive_count_max: 2
# Firewall
fail2ban_jail_ssh_enabled: true
fail2ban_jail_ssh_maxretry: 3
fail2ban_jail_ssh_bantime: 3600
ufw_default_incoming: deny
ufw_default_outgoing: allow
ufw_allowed_ports:
- 22/tcp
- 25565/tcp
- 25575/tcp
# Fail2ban
fail2ban_enabled: true
fail2ban_bantime: 3600
fail2ban_findtime: 600
fail2ban_maxretry: 3

14
roles/01-server_hardening/handlers/main.yml
View File

@@ -0,0 +1,14 @@
---
- name: restart ssh
ansible.builtin.service:
name: ssh
state: restarted
- name: restart fail2ban
ansible.builtin.service:
name: fail2ban
state: restarted
- name: enable ufw
community.general.ufw:
state: enabled

7
roles/01-server_hardening/tasks/01-update-system.yml
View File

@@ -1,8 +1,7 @@
---
- name: Update apt cache for Debian/Ubuntu
apt:
- name: Mise à jour du cache des paquets (Debian/Ubuntu)
ansible.builtin.apt:
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
tags:
- system-update
tags: [system-update]

12
roles/01-server_hardening/tasks/02-configure-ssh.yml
View File

@@ -1,12 +0,0 @@
---
- name: Configure SSH daemon
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
backup: yes
mode: "0600"
owner: root
group: root
notify: restart sshd
tags:
- ssh-config

7
roles/01-server_hardening/tasks/02-install-security-packages.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- name: Installation des paquets de sécurité
ansible.builtin.apt:
name: "{{ hardening_packages }}"
state: present
when: ansible_os_family == "Debian"
notify: restart fail2ban

7
roles/01-server_hardening/tasks/03-configure-firewall.yml
View File

@@ -1,7 +0,0 @@
---
- name: Install UFW firewall
package:
name: ufw
state: present
tags:
- firewall-install

10
roles/01-server_hardening/tasks/03-configure-ssh.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Configuration SSH sécurisée
ansible.builtin.template:
src: sshd_config.j2
dest: "{{ ssh_config_path }}"
owner: root
group: root
mode: '0644'
backup: yes
notify: restart ssh

9
roles/01-server_hardening/tasks/04-configure-firewall.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Configuration UFW - politique par défaut
community.general.ufw:
direction: "{{ item.direction }}"
policy: "{{ item.policy }}"
with_items:
- { direction: 'incoming', policy: "{{ ufw_default_incoming }}" }
- { direction: 'outgoing', policy: "{{ ufw_default_outgoing }}" }
notify: enable ufw

8
roles/01-server_hardening/tasks/04-install-fail2ban.yml
View File

@@ -1,8 +0,0 @@
---
- name: Install fail2ban
package:
name: fail2ban
state: present
when: fail2ban_enabled
tags:
- fail2ban-install

12
roles/01-server_hardening/tasks/05-additional-hardening.yml
View File

@@ -1,12 +0,0 @@
---
- name: Disable unused services
systemd:
name: "{{ item }}"
state: stopped
enabled: no
loop:
- bluetooth
- cups
ignore_errors: yes
tags:
- disable-services

9
roles/01-server_hardening/tasks/05-configure-fail2ban.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Configuration Fail2Ban
ansible.builtin.template:
src: fail2ban-jail.local.j2
dest: "{{ fail2ban_config_path }}"
owner: root
group: root
mode: '0644'
notify: restart fail2ban

8
roles/01-server_hardening/tasks/06-manage-ssh-keys.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Ajout des clés SSH pour les administrateurs
ansible.posix.authorized_key:
user: "{{ item.user }}"
state: present
key: "{{ item.key }}"
comment: "{{ item.comment | default('Admin key') }}"
with_items: "{{ admin_ssh_keys | default([]) }}"

41
roles/01-server_hardening/tasks/main.yml
View File

@@ -1,30 +1,21 @@
---
- name: Include system update tasks
include_tasks: 01-update-system.yml
tags:
- hardening
- system-update
# Tâches principales du durcissement serveur
- import_tasks: 01-update-system.yml
tags: [hardening, system-update]
- name: Include SSH configuration tasks
include_tasks: 02-configure-ssh.yml
tags:
- hardening
- ssh
- import_tasks: 02-install-security-packages.yml
tags: [hardening, packages]
- name: Include firewall configuration tasks
include_tasks: 03-configure-firewall.yml
tags:
- hardening
- firewall
- import_tasks: 03-configure-ssh.yml
tags: [hardening, ssh]
- name: Include fail2ban installation tasks
include_tasks: 04-install-fail2ban.yml
tags:
- hardening
- fail2ban
- import_tasks: 04-configure-firewall.yml
tags: [hardening, firewall]
when: firewall_enabled | default(true)
- name: Include additional hardening tasks
include_tasks: 05-additional-hardening.yml
tags:
- hardening
- additional
- import_tasks: 05-configure-fail2ban.yml
tags: [hardening, fail2ban]
when: fail2ban_enabled | default(true)
- import_tasks: 06-manage-ssh-keys.yml
tags: [hardening, ssh-keys]

12
roles/01-server_hardening/templates/fail2ban-jail.local.j2 Normal file
View File

@@ -0,0 +1,12 @@
# Configuration Fail2Ban générée par Ansible
[DEFAULT]
bantime = {{ fail2ban_jail_ssh_bantime }}
findtime = 600
maxretry = {{ fail2ban_jail_ssh_maxretry }}
[sshd]
enabled = {{ fail2ban_jail_ssh_enabled | lower }}
port = {{ ssh_port }}
filter = sshd
logpath = /var/log/auth.log

26
roles/01-server_hardening/templates/fail2ban.local.j2
View File

@@ -1,26 +0,0 @@
[DEFAULT]
# Fail2ban configuration for Minecraft server
bantime = {{ fail2ban_bantime }}
findtime = {{ fail2ban_findtime }}
maxretry = {{ fail2ban_maxretry }}
# Email notifications (optional)
# destemail = admin@example.com
# sendername = Fail2Ban
# sender = fail2ban@example.com
# action = %(action_mwl)s
[sshd]
enabled = true
port = {{ ssh_port }}
filter = sshd
logpath = /var/log/auth.log
maxretry = {{ fail2ban_maxretry }}
[minecraft]
enabled = true
port = {{ minecraft_port }}
filter = minecraft
logpath = {{ minecraft_server_dir }}/logs/latest.log
maxretry = 5
bantime = 7200

50
roles/01-server_hardening/templates/sshd_config.j2
View File

@@ -1,47 +1,21 @@
# SSH configuration for Minecraft server
# Configuration SSH sécurisée générée par Ansible
Port {{ ssh_port }}
Protocol {{ ssh_protocol }}
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Protocol 2
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication
LoginGraceTime 60
# Authentification
PermitRootLogin {{ ssh_permit_root_login }}
StrictModes yes
MaxAuthTries {{ ssh_max_auth_tries }}
MaxSessions 10
PubkeyAuthentication {{ ssh_pub_key_authentication }}
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication {{ ssh_password_authentication }}
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
MaxAuthTries {{ ssh_max_auth_tries }}
PubkeyAuthentication yes
UsePAM yes
AllowUsers {{ ssh_allow_users | join(' ') }}
X11Forwarding no
PrintMotd no
AcceptEnv LANG LC_*
# Connection settings
# Sessions
ClientAliveInterval {{ ssh_client_alive_interval }}
ClientAliveCountMax {{ ssh_client_alive_count_max }}
TCPKeepAlive yes
# Restrict to specific users
Match User {{ ssh_allow_users | join(',') }}
AllowTcpForwarding no
# Sécurité
X11Forwarding no
PermitTunnel no
GatewayPorts no
AllowAgentForwarding no
UsePAM yes
UseDNS no
# Utilisateurs autorisés
AllowUsers {{ allowed_ssh_users | join(' ') }}

14
roles/01-server_hardening/templates/ufw_rules.j2
View File

@@ -1,14 +0,0 @@
# UFW rules for Minecraft server
# Default policies
ufw --force reset
ufw default {{ ufw_default_incoming }}
ufw default {{ ufw_default_outgoing }}
# Allow specific ports
{% for port in ufw_allowed_ports %}
ufw allow {{ port }}
{% endfor %}
# Enable UFW
ufw --force enable

14
roles/01-server_hardening/vars/main.yml
View File

@@ -0,0 +1,14 @@
---
# Variables spécifiques au hardening
required_packages_debian:
- curl
- wget
- git
- unzip
- htop
- vim
- sudo
- systemd
ssh_config_path: /etc/ssh/sshd_config
fail2ban_config_path: /etc/fail2ban/jail.local

10
roles/02-installation-java/defaults/main.yml
View File

@@ -1,4 +1,8 @@
---
java_version: 21
java_package: "openjdk-{{ java_version }}-jdk"
java_home: "/usr/lib/jvm/java-{{ java_version }}-openjdk-amd64"
# Configuration par défaut Java
java_version: "17"
java_packages:
- openjdk-17-jdk
- openjdk-17-jre
java_home_path: "/usr/lib/jvm/java-17-openjdk-amd64"

4
roles/02-installation-java/handlers/main.yml
View File

@@ -0,0 +1,4 @@
---
- name: update java alternatives
ansible.builtin.command: update-java-alternatives --set java-1.{{ java_version }}.0-openjdk-amd64
failed_when: false

5
roles/02-installation-java/tasks/01-check-java.yml
View File

@@ -1,7 +1,6 @@
---
- name: Check if Java is already installed
command: java -version
- name: Vérification de la présence de Java
ansible.builtin.command: "{{ java_version_check_command }}"
register: java_check
failed_when: false
changed_when: false
tags: ['java-check']

9
roles/02-installation-java/tasks/02-install-java.yml
View File

@@ -1,6 +1,7 @@
---
- name: Install OpenJDK
package:
name: "{{ java_package }}"
- name: Installation des paquets Java
ansible.builtin.apt:
name: "{{ java_packages }}"
state: present
tags: ['java-install']
update_cache: yes
when: ansible_os_family == "Debian"

6
roles/02-installation-java/tasks/03-validate-java.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Validation de l'installation Java
ansible.builtin.command: java -version
register: java_validation
changed_when: false
failed_when: "'openjdk version' not in java_validation.stderr"

6
roles/02-installation-java/tasks/03-verify-java.yml
View File

@@ -1,6 +0,0 @@
---
- name: Verify Java installation
command: java -version
register: java_verify
changed_when: false
tags: ['java-verify']

7
roles/02-installation-java/tasks/04-validate-installation.yml
View File

@@ -1,7 +0,0 @@
---
- name: Set Java home environment variable
lineinfile:
path: /etc/environment
line: "JAVA_HOME={{ java_home }}"
state: present
tags: ['java-validate']

20
roles/02-installation-java/tasks/main.yml
View File

@@ -1,17 +1,11 @@
---
- name: Include Java check tasks
include_tasks: 01-check-java.yml
tags: ['java', 'check']
# Tâches principales installation Java
- import_tasks: 01-check-java.yml
tags: [java, check]
- name: Include Java installation tasks
include_tasks: 02-install-java.yml
- import_tasks: 02-install-java.yml
tags: [java, install]
when: java_installed is not defined or not java_installed
tags: ['java', 'install']
- name: Include Java verification tasks
include_tasks: 03-verify-java.yml
tags: ['java', 'verify']
- name: Include Java validation tasks
include_tasks: 04-validate-installation.yml
tags: ['java', 'validate']
- import_tasks: 03-validate-java.yml
tags: [java, validate]

4
roles/02-installation-java/vars/main.yml
View File

@@ -0,0 +1,4 @@
---
# Variables Java
java_version_check_command: "java -version"
java_required_version: "17"

32
roles/03-installation-minecraft/defaults/main.yml
View File

@@ -1,14 +1,34 @@
---
minecraft_version: "1.21.6"
# Configuration par défaut Minecraft
minecraft_user: minecraft
minecraft_group: minecraft
minecraft_home: /opt/minecraft
minecraft_memory_min: "1G"
minecraft_memory_max: "4G"
minecraft_version: "1.21.6"
minecraft_port: 25565
minecraft_rcon_port: 25575
minecraft_rcon_password: "changeme"
minecraft_max_memory: "4G"
minecraft_min_memory: "2G"
# Répertoires
minecraft_sources_dir: "{{ minecraft_home }}/sources"
minecraft_server_dir: "{{ minecraft_home }}/server"
minecraft_tools_dir: "{{ minecraft_home }}/tools"
minecraft_backups_dir: "{{ minecraft_home }}/backups"
minecraft_logs_dir: "{{ minecraft_home }}/logs"
# URLs
spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
mcrcon_version: "0.7.2"
mcrcon_url: "https://github.com/Tiiffi/mcrcon/releases/download/v{{ mcrcon_version }}/mcrcon-{{ mcrcon_version }}-linux-x86-64.tar.gz"
mcrcon_url: "https://github.com/Tiiffi/mcrcon/archive/refs/heads/master.zip"
# Configuration serveur
server_properties:
server-port: "{{ minecraft_port }}"
enable-rcon: "true"
rcon.port: "{{ minecraft_rcon_port }}"
rcon.password: "{{ minecraft_rcon_password | default('changeme') }}"
max-players: "20"
difficulty: "normal"
gamemode: "survival"
pvp: "true"
spawn-protection: "16"
white-list: "false"

13
roles/03-installation-minecraft/handlers/main.yml
View File

@@ -1,21 +1,14 @@
---
- name: reload systemd
systemd:
ansible.builtin.systemd:
daemon_reload: yes
- name: enable minecraft service
systemd:
ansible.builtin.service:
name: minecraft
enabled: yes
- name: restart minecraft
systemd:
ansible.builtin.service:
name: minecraft
state: restarted
enabled: yes
- name: start minecraft
systemd:
name: minecraft
state: started
enabled: yes

14
roles/03-installation-minecraft/tasks/01-create-user-group.yml
View File

@@ -1,6 +1,14 @@
---
- name: Create minecraft group
group:
- name: Création du groupe minecraft
ansible.builtin.group:
name: "{{ minecraft_group }}"
state: present
tags: ['minecraft-user']
- name: Création de l'utilisateur minecraft
ansible.builtin.user:
name: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
home: "{{ minecraft_home }}"
shell: /bin/bash
create_home: yes
state: present

10
roles/03-installation-minecraft/tasks/02-create-directories.yml
View File

@@ -1,15 +1,15 @@
---
- name: Create minecraft directories
file:
- name: Création des répertoires Minecraft
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
loop:
- "{{ minecraft_home }}"
with_items:
- "{{ minecraft_sources_dir }}"
- "{{ minecraft_server_dir }}"
- "{{ minecraft_tools_dir }}"
- "{{ minecraft_backups_dir }}"
tags: ['minecraft-directories']
- "{{ minecraft_logs_dir }}"
- "{{ minecraft_server_dir }}/plugins"

7
roles/03-installation-minecraft/tasks/03-download-spigot.yml
View File

@@ -1,9 +1,8 @@
---
- name: Download BuildTools.jar
get_url:
- name: Téléchargement de BuildTools
ansible.builtin.get_url:
url: "{{ spigot_build_tools_url }}"
dest: "{{ minecraft_sources_dir }}/BuildTools.jar"
dest: "{{ minecraft_sources_dir }}/{{ build_tools_jar }}"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
tags: ['spigot-download']

33
roles/03-installation-minecraft/tasks/04-install-mcrcon.yml
View File

@@ -1,17 +1,20 @@
---
- name: Download mcrcon
get_url:
url: "{{ mcrcon_url }}"
dest: "{{ minecraft_tools_dir }}/mcrcon.tar.gz"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
tags: ['mcrcon-install']
- name: Installation des dépendances pour mcrcon
ansible.builtin.apt:
name:
- build-essential
- git
state: present
- name: Extract mcrcon
unarchive:
src: "{{ minecraft_tools_dir }}/mcrcon.tar.gz"
dest: "{{ minecraft_tools_dir }}"
remote_src: yes
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
tags: ['mcrcon-install']
- name: Clone du repository mcrcon
ansible.builtin.git:
repo: https://github.com/Tiiffi/mcrcon.git
dest: "{{ minecraft_tools_dir }}/mcrcon"
version: master
become_user: "{{ minecraft_user }}"
- name: Compilation de mcrcon
ansible.builtin.command:
cmd: make
chdir: "{{ minecraft_tools_dir }}/mcrcon"
become_user: "{{ minecraft_user }}"

18
roles/03-installation-minecraft/tasks/05-compile-spigot.yml
View File

@@ -1,19 +1,17 @@
---
- name: Compile Spigot server
shell: |
cd {{ minecraft_sources_dir }}
java -jar BuildTools.jar --rev {{ minecraft_version }}
become_user: "{{ minecraft_user }}"
args:
- name: Compilation de Spigot
ansible.builtin.command:
cmd: "java -jar {{ build_tools_jar }} --rev {{ minecraft_version }}"
chdir: "{{ minecraft_sources_dir }}"
creates: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar"
tags: ['spigot-compile']
become_user: "{{ minecraft_user }}"
timeout: 1800
- name: Copy compiled Spigot to server directory
copy:
- name: Copie du JAR Spigot compilé
ansible.builtin.copy:
src: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar"
dest: "{{ minecraft_server_dir }}/spigot.jar"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
remote_src: yes
tags: ['spigot-compile']

18
roles/03-installation-minecraft/tasks/06-configure-minecraft.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Génération de la configuration server.properties
ansible.builtin.template:
src: server.properties.j2
dest: "{{ minecraft_server_dir }}/server.properties"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
notify: restart minecraft
- name: Acceptation de l'EULA
ansible.builtin.lineinfile:
path: "{{ minecraft_server_dir }}/eula.txt"
line: "eula=true"
create: yes
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'

37
roles/03-installation-minecraft/tasks/06-configure-server.yml
View File

@@ -1,37 +0,0 @@
---
- name: Generate server.properties
template:
src: server.properties.j2
dest: "{{ minecraft_server_dir }}/server.properties"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
tags: ['minecraft-config']
- name: Generate spigot.yml
template:
src: spigot.yml.j2
dest: "{{ minecraft_server_dir }}/spigot.yml"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
tags: ['minecraft-config']
- name: Generate bukkit.yml
template:
src: bukkit.yml.j2
dest: "{{ minecraft_server_dir }}/bukkit.yml"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
tags: ['minecraft-config']
- name: Accept EULA
lineinfile:
path: "{{ minecraft_server_dir }}/eula.txt"
line: "eula=true"
create: yes
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
tags: ['minecraft-config']

7
roles/03-installation-minecraft/tasks/07-create-service.yml
View File

@@ -1,10 +1,11 @@
---
- name: Create systemd service file
template:
- name: Création du service systemd Minecraft
ansible.builtin.template:
src: minecraft.service.j2
dest: /etc/systemd/system/minecraft.service
owner: root
group: root
mode: '0644'
notify:
- reload systemd
- enable minecraft service
tags: ['minecraft-service']

8
roles/03-installation-minecraft/tasks/08-configure-logrotate.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Configuration de la rotation des logs
ansible.builtin.template:
src: minecraft-logrotate.j2
dest: /etc/logrotate.d/minecraft
owner: root
group: root
mode: '0644'

7
roles/03-installation-minecraft/tasks/08-setup-log-rotation.yml
View File

@@ -1,7 +0,0 @@
---
- name: Setup log rotation for Minecraft
template:
src: logrotate-minecraft.j2
dest: /etc/logrotate.d/minecraft
mode: '0644'
tags: ['minecraft-logs']

6
roles/03-installation-minecraft/tasks/09-configure-ops.yml → roles/03-installation-minecraft/tasks/09-manage-ops.yml
View File

@@ -1,9 +1,9 @@
---
- name: Configure ops.json
template:
- name: Génération du fichier ops.json
ansible.builtin.template:
src: ops.json.j2
dest: "{{ minecraft_server_dir }}/ops.json"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
tags: ['minecraft-ops']
notify: restart minecraft

10
roles/03-installation-minecraft/tasks/10-install-plugins.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Installation des plugins par défaut
ansible.builtin.get_url:
url: "{{ item.url }}"
dest: "{{ minecraft_server_dir }}/plugins/{{ item.name }}.jar"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
with_items: "{{ minecraft_plugins | default([]) }}"
when: minecraft_plugins is defined

20
roles/03-installation-minecraft/tasks/10-setup-plugins.yml
View File

@@ -1,20 +0,0 @@
---
- name: Create plugins directory
file:
path: "{{ minecraft_server_dir }}/plugins"
state: directory
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
tags: ['minecraft-plugins']
- name: Download plugins if specified
get_url:
url: "{{ item.url }}"
dest: "{{ minecraft_server_dir }}/plugins/{{ item.name }}"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
loop: "{{ minecraft_plugins | default([]) }}"
when: minecraft_plugins is defined
tags: ['minecraft-plugins']

51
roles/03-installation-minecraft/tasks/main.yml
View File

@@ -1,40 +1,31 @@
---
- name: Include user and group creation tasks
include_tasks: 01-create-user-group.yml
tags: ['minecraft', 'user']
# Tâches principales installation Minecraft
- import_tasks: 01-create-user-group.yml
tags: [minecraft, user]
- name: Include directory creation tasks
include_tasks: 02-create-directories.yml
tags: ['minecraft', 'directories']
- import_tasks: 02-create-directories.yml
tags: [minecraft, directories]
- name: Include Spigot download tasks
include_tasks: 03-download-spigot.yml
tags: ['minecraft', 'download']
- import_tasks: 03-download-spigot.yml
tags: [minecraft, download]
- name: Include mcrcon installation tasks
include_tasks: 04-install-mcrcon.yml
tags: ['minecraft', 'mcrcon']
- import_tasks: 04-install-mcrcon.yml
tags: [minecraft, mcrcon]
- name: Include Spigot compilation tasks
include_tasks: 05-compile-spigot.yml
tags: ['minecraft', 'compile']
- import_tasks: 05-compile-spigot.yml
tags: [minecraft, compile]
- name: Include server configuration tasks
include_tasks: 06-configure-server.yml
tags: ['minecraft', 'configure']
- import_tasks: 06-configure-minecraft.yml
tags: [minecraft, configure]
- name: Include service creation tasks
include_tasks: 07-create-service.yml
tags: ['minecraft', 'service']
- import_tasks: 07-create-service.yml
tags: [minecraft, service]
- name: Include log rotation setup tasks
include_tasks: 08-setup-log-rotation.yml
tags: ['minecraft', 'logs']
- import_tasks: 08-configure-logrotate.yml
tags: [minecraft, logrotate]
- name: Include ops configuration tasks
include_tasks: 09-configure-ops.yml
tags: ['minecraft', 'ops']
- import_tasks: 09-manage-ops.yml
tags: [minecraft, ops]
- name: Include plugins setup tasks
include_tasks: 10-setup-plugins.yml
tags: ['minecraft', 'plugins']
- import_tasks: 10-install-plugins.yml
tags: [minecraft, plugins]

0
roles/03-installation-minecraft/templates/bukkit.yml.j2
View File

4
roles/03-installation-minecraft/templates/eula.txt.j2 Normal file
View File

@@ -0,0 +1,4 @@
# {{ ansible_managed }}
# By changing the setting below to TRUE you are indicating your agreement to our EULA (https://aka.ms/MinecraftEULA).
# Generated on {{ ansible_date_time.iso8601 }}
eula=true

12
roles/03-installation-minecraft/templates/logrotate-minecraft.j2
View File

@@ -1,12 +0,0 @@
{{ minecraft_server_dir }}/logs/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 644 {{ minecraft_user }} {{ minecraft_group }}
postrotate
systemctl reload minecraft
endscript
}

194
roles/03-installation-minecraft/templates/minecraft-commands.sh.j2 Normal file
View File

@@ -0,0 +1,194 @@
#!/bin/bash
# {{ ansible_managed }}
# Script de commandes utiles pour Minecraft
MCRCON="{{ minecraft_tools_dir }}/mcrcon"
RCON_HOST="localhost"
RCON_PORT="{{ rcon_port }}"
RCON_PASS="{{ rcon_password }}"
# Fonction d'exécution RCON
rcon() {
$MCRCON -H $RCON_HOST -P $RCON_PORT -p "$RCON_PASS" "$@"
}
# Commandes disponibles
case "$1" in
say)
shift
rcon "say $@"
;;
list)
rcon "list"
;;
save)
echo "Sauvegarde du monde..."
rcon "save-all flush"
echo "Sauvegarde terminée"
;;
whitelist-add)
if [ -z "$2" ]; then
echo "Usage: $0 whitelist-add <joueur>"
exit 1
fi
rcon "whitelist add $2"
;;
whitelist-remove)
if [ -z "$2" ]; then
echo "Usage: $0 whitelist-remove <joueur>"
exit 1
fi
rcon "whitelist remove $2"
;;
whitelist-list)
rcon "whitelist list"
;;
ban)
if [ -z "$2" ]; then
echo "Usage: $0 ban <joueur> [raison]"
exit 1
fi
shift
rcon "ban $@"
;;
unban)
if [ -z "$2" ]; then
echo "Usage: $0 unban <joueur>"
exit 1
fi
rcon "pardon $2"
;;
kick)
if [ -z "$2" ]; then
echo "Usage: $0 kick <joueur> [raison]"
exit 1
fi
shift
rcon "kick $@"
;;
op)
if [ -z "$2" ]; then
echo "Usage: $0 op <joueur>"
exit 1
fi
rcon "op $2"
;;
deop)
if [ -z "$2" ]; then
echo "Usage: $0 deop <joueur>"
exit 1
fi
rcon "deop $2"
;;
tp)
if [ -z "$3" ]; then
echo "Usage: $0 tp <joueur1> <joueur2>"
exit 1
fi
rcon "tp $2 $3"
;;
gamemode)
if [ -z "$3" ]; then
echo "Usage: $0 gamemode <mode> <joueur>"
echo "Modes: survival, creative, adventure, spectator"
exit 1
fi
rcon "gamemode $2 $3"
;;
time)
if [ -z "$2" ]; then
echo "Usage: $0 time <set|add> <valeur>"
exit 1
fi
shift
rcon "time $@"
;;
weather)
if [ -z "$2" ]; then
echo "Usage: $0 weather <clear|rain|thunder> [durée]"
exit 1
fi
shift
rcon "weather $@"
;;
difficulty)
if [ -z "$2" ]; then
echo "Usage: $0 difficulty <peaceful|easy|normal|hard>"
exit 1
fi
rcon "difficulty $2"
;;
give)
if [ -z "$3" ]; then
echo "Usage: $0 give <joueur> <item> [quantité]"
exit 1
fi
shift
rcon "give $@"
;;
reload)
echo "Rechargement de la configuration..."
rcon "reload"
echo "Configuration rechargée"
;;
stop)
echo "Arrêt du serveur..."
rcon "stop"
;;
console)
# Mode console interactif
echo "Mode console RCON (tapez 'exit' pour quitter)"
while true; do
read -p "minecraft> " cmd
if [ "$cmd" = "exit" ]; then
break
fi
rcon "$cmd"
done
;;
*)
echo "Commandes Minecraft disponibles:"
echo ""
echo " $0 say <message> - Envoyer un message à tous"
echo " $0 list - Liste des joueurs connectés"
echo " $0 save - Sauvegarder le monde"
echo " $0 whitelist-add <joueur> - Ajouter à la whitelist"
echo " $0 whitelist-remove <joueur> - Retirer de la whitelist"
echo " $0 whitelist-list - Afficher la whitelist"
echo " $0 ban <joueur> [raison] - Bannir un joueur"
echo " $0 unban <joueur> - Débannir un joueur"
echo " $0 kick <joueur> [raison] - Expulser un joueur"
echo " $0 op <joueur> - Donner les droits OP"
echo " $0 deop <joueur> - Retirer les droits OP"
echo " $0 tp <joueur1> <joueur2> - Téléporter un joueur"
echo " $0 gamemode <mode> <joueur> - Changer le mode de jeu"
echo " $0 time <set|add> <valeur> - Gérer le temps"
echo " $0 weather <type> [durée] - Changer la météo"
echo " $0 difficulty <niveau> - Changer la difficulté"
echo " $0 give <joueur> <item> [qty] - Donner des objets"
echo " $0 reload - Recharger la configuration"
echo " $0 stop - Arrêter le serveur"
echo " $0 console - Mode console interactif"
exit 1
;;
esac

13
roles/03-installation-minecraft/templates/minecraft-logrotate.j2 Normal file
View File

@@ -0,0 +1,13 @@
{{ minecraft_server_dir }}/logs/*.log {
daily
rotate {{ logrotate_config.rotate }}
size {{ logrotate_config.size }}
{% if logrotate_config.compress %}compress{% endif %}
{% if logrotate_config.delaycompress %}delaycompress{% endif %}
missingok
notifempty
create 644 {{ minecraft_user }} {{ minecraft_group }}
postrotate
systemctl reload minecraft || true
endscript
}

10
roles/03-installation-minecraft/templates/minecraft.service.j2
View File

@@ -7,11 +7,11 @@ Type=forking
User={{ minecraft_user }}
Group={{ minecraft_group }}
WorkingDirectory={{ minecraft_server_dir }}
ExecStart=/usr/bin/java -Xms{{ minecraft_memory_min }} -Xmx{{ minecraft_memory_max }} -jar {{ minecraft_server_dir }}/spigot.jar nogui
ExecStop={{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} stop
RemainAfterExit=yes
RestartSec=15
Restart=always
ExecStart=/usr/bin/java -Xmx{{ minecraft_max_memory }} -Xms{{ minecraft_min_memory }} -jar spigot.jar nogui
ExecStop={{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} stop
KillMode=none
TimeoutStopSec=120
Restart=on-failure
[Install]
WantedBy=multi-user.target

10
roles/03-installation-minecraft/templates/ops.json.j2
View File

@@ -1,10 +1,10 @@
[
{% for op in minecraft_ops | default([]) %}
{% for admin in minecraft_admins | default([]) %}
{
"uuid": "{{ op.uuid }}",
"name": "{{ op.name }}",
"level": {{ op.level | default(4) }},
"bypassesPlayerLimit": {{ op.bypass_limit | default(false) | lower }}
"uuid": "{{ admin.uuid }}",
"name": "{{ admin.name }}",
"level": {{ admin.level | default(4) }},
"bypassesPlayerLimit": {{ admin.bypass_limit | default(false) | lower }}
}{% if not loop.last %},{% endif %}
{% endfor %}
]

56
roles/03-installation-minecraft/templates/server.properties.j2
View File

@@ -1,24 +1,38 @@
#Minecraft server properties
server-name=Spigot Server
server-port={{ minecraft_port }}
max-players=20
gamemode=survival
difficulty=normal
hardcore=false
white-list=false
enforce-whitelist=false
pvp=true
spawn-protection=16
#Minecraft server properties généré par Ansible
generator-settings=
op-permission-level=4
allow-flight=false
enable-rcon=true
rcon.port={{ minecraft_rcon_port }}
rcon.password={{ minecraft_rcon_password }}
motd=Minecraft Spigot Server managed by Ansible
online-mode=true
spawn-monsters=true
generate-structures=true
view-distance=10
level-seed=
allow-nether=true
level-name=world
enable-query=false
allow-flight=false
announce-player-achievements=true
server-port={{ minecraft_port }}
max-world-size=29999984
level-type=default
enable-rcon={{ server_properties['enable-rcon'] }}
level-seed=
force-gamemode=false
server-ip=
max-build-height=256
spawn-npcs=true
white-list={{ server_properties['white-list'] }}
spawn-animals=true
hardcore=false
snooper-enabled=true
resource-pack-sha1=
online-mode=true
resource-pack=
pvp={{ server_properties['pvp'] }}
difficulty={{ server_properties['difficulty'] }}
enable-command-block=false
gamemode={{ server_properties['gamemode'] }}
player-idle-timeout=0
max-players={{ server_properties['max-players'] }}
max-tick-time=60000
spawn-monsters=true
view-distance=10
generate-structures=true
spawn-protection={{ server_properties['spawn-protection'] }}
motd=Un serveur Minecraft avec Spigot
rcon.port={{ minecraft_rcon_port }}
rcon.password={{ minecraft_rcon_password | default('changeme') }}

0
roles/03-installation-minecraft/templates/spigot.yml.j2
View File

19
roles/03-installation-minecraft/vars/main.yml
View File

@@ -0,0 +1,19 @@
---
# Variables Minecraft
minecraft_service_name: minecraft
spigot_jar_name: "spigot-{{ minecraft_version }}.jar"
build_tools_jar: "BuildTools.jar"
# Plugins par défaut
default_plugins:
- name: "WorldEdit"
url: "https://dev.bukkit.org/projects/worldedit/files/latest"
- name: "Vault"
url: "https://dev.bukkit.org/projects/vault/files/latest"
# Configuration logs
logrotate_config:
rotate: 30
size: "100M"
compress: true
delaycompress: true

8
roles/04-backups/defaults/main.yml
View File

@@ -1,8 +0,0 @@
---
backup_retention_daily: 7
backup_retention_weekly: 4
backup_retention_monthly: 6
backup_compression: true
backup_remote_host: ""
backup_remote_user: ""
backup_remote_path: ""

5
roles/04-backups/handlers/main.yml
View File

@@ -0,0 +1,5 @@
---
- name: reload cron
ansible.builtin.service:
name: cron
state: reloaded

12
roles/04-backups/tasks/01-create-backup-structure.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Création de la structure des sauvegardes
ansible.builtin.file:
path: "{{ minecraft_backups_dir }}/{{ item }}"
state: directory
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
with_items:
- daily
- weekly
- monthly

14
roles/04-backups/tasks/01-setup-backup-structure.yml
View File

@@ -1,14 +0,0 @@
---
- name: Create backup directories
file:
path: "{{ item }}"
state: directory
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
loop:
- "{{ minecraft_backups_dir }}/daily"
- "{{ minecraft_backups_dir }}/weekly"
- "{{ minecraft_backups_dir }}/monthly"
- "{{ minecraft_backups_dir }}/scripts"
tags: ['backup-structure']

27
roles/04-backups/tasks/02-create-backup-scripts.yml
View File

@@ -1,27 +0,0 @@
---
- name: Create daily backup script
template:
src: backup-daily.sh.j2
dest: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
tags: ['backup-scripts']
- name: Create weekly backup script
template:
src: backup-weekly.sh.j2
dest: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
tags: ['backup-scripts']
- name: Create monthly backup script
template:
src: backup-monthly.sh.j2
dest: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
tags: ['backup-scripts']

17
roles/04-backups/tasks/02-setup-daily-backup.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Création du script de sauvegarde quotidienne
ansible.builtin.template:
src: backup-daily.sh.j2
dest: "{{ backup_script_path }}/minecraft-backup-daily.sh"
owner: root
group: root
mode: '0755'
- name: Configuration cron pour sauvegarde quotidienne
ansible.builtin.cron:
name: "Minecraft Daily Backup"
minute: "0"
hour: "2"
job: "{{ backup_script_path }}/minecraft-backup-daily.sh"
user: "{{ minecraft_user }}"
state: present

29
roles/04-backups/tasks/03-setup-cron-jobs.yml
View File

@@ -1,29 +0,0 @@
---
- name: Setup daily backup cron job
cron:
name: "Minecraft daily backup"
user: "{{ minecraft_user }}"
minute: "0"
hour: "2"
job: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh"
tags: ['backup-cron']
- name: Setup weekly backup cron job
cron:
name: "Minecraft weekly backup"
user: "{{ minecraft_user }}"
minute: "0"
hour: "3"
weekday: "0"
job: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh"
tags: ['backup-cron']
- name: Setup monthly backup cron job
cron:
name: "Minecraft monthly backup"
user: "{{ minecraft_user }}"
minute: "0"
hour: "4"
day: "1"
job: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh"
tags: ['backup-cron']

18
roles/04-backups/tasks/03-setup-weekly-backup.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Création du script de sauvegarde hebdomadaire
ansible.builtin.template:
src: backup-weekly.sh.j2
dest: "{{ backup_script_path }}/minecraft-backup-weekly.sh"
owner: root
group: root
mode: '0755'
- name: Configuration cron pour sauvegarde hebdomadaire
ansible.builtin.cron:
name: "Minecraft Weekly Backup"
minute: "0"
hour: "3"
weekday: "0"
job: "{{ backup_script_path }}/minecraft-backup-weekly.sh"
user: "{{ minecraft_user }}"
state: present

18
roles/04-backups/tasks/04-setup-monthly-backup.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Création du script de sauvegarde mensuelle
ansible.builtin.template:
src: backup-monthly.sh.j2
dest: "{{ backup_script_path }}/minecraft-backup-monthly.sh"
owner: root
group: root
mode: '0755'
- name: Configuration cron pour sauvegarde mensuelle
ansible.builtin.cron:
name: "Minecraft Monthly Backup"
minute: "0"
hour: "4"
day: "1"
job: "{{ backup_script_path }}/minecraft-backup-monthly.sh"
user: "{{ minecraft_user }}"
state: present

9
roles/04-backups/tasks/04-setup-restore-script.yml
View File

@@ -1,9 +0,0 @@
---
- name: Create restore script
template:
src: restore.sh.j2
dest: "{{ minecraft_backups_dir }}/scripts/restore.sh"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
tags: ['backup-restore']

8
roles/04-backups/tasks/05-setup-restore-script.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Création du script de restauration
ansible.builtin.template:
src: restore.sh.j2
dest: "{{ backup_script_path }}/minecraft-restore.sh"
owner: root
group: root
mode: '0755'

24
roles/04-backups/tasks/main.yml
View File

@@ -1,16 +1,16 @@
---
- name: Include backup structure setup tasks
include_tasks: 01-setup-backup-structure.yml
tags: ['backup', 'setup']
# Tâches principales sauvegardes
- import_tasks: 01-create-backup-structure.yml
tags: [backup, structure]
- name: Include backup scripts creation tasks
include_tasks: 02-create-backup-scripts.yml
tags: ['backup', 'scripts']
- import_tasks: 02-setup-daily-backup.yml
tags: [backup, daily]
- name: Include cron jobs setup tasks
include_tasks: 03-setup-cron-jobs.yml
tags: ['backup', 'cron']
- import_tasks: 03-setup-weekly-backup.yml
tags: [backup, weekly]
- name: Include restore script setup tasks
include_tasks: 04-setup-restore-script.yml
tags: ['backup', 'restore']
- import_tasks: 04-setup-monthly-backup.yml
tags: [backup, monthly]
- import_tasks: 05-setup-restore-script.yml
tags: [backup, restore]

34
roles/04-backups/templates/backup-daily.sh.j2
View File

@@ -1,29 +1,25 @@
#!/bin/bash
# Script de sauvegarde quotidienne Minecraft
set -e
BACKUP_DIR="{{ minecraft_backups_dir }}/daily"
SERVER_DIR="{{ minecraft_server_dir }}"
SOURCE_DIR="{{ minecraft_server_dir }}"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_NAME="minecraft_daily_${DATE}"
BACKUP_NAME="minecraft-daily-${DATE}"
RETENTION={{ backup_retention_daily }}
# Stop server for consistent backup
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
# Notification du début de sauvegarde
echo "$(date): Début de la sauvegarde quotidienne"
# Commande save-all via rcon si le serveur est en cours
{{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} save-all || true
sleep 5
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
# Create backup
rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
# Création de la sauvegarde
rsync {{ rsync_options }} --exclude 'logs' "${SOURCE_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
# Re-enable saving
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
# Nettoyage des anciennes sauvegardes
find "${BACKUP_DIR}" -type d -name "minecraft-daily-*" -mtime +${RETENTION} -exec rm -rf {} + 2>/dev/null || true
# Compress backup if enabled
{% if backup_compression %}
tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
{% endif %}
# Clean old backups
find "${BACKUP_DIR}" -name "minecraft_daily_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +${RETENTION} -delete
echo "Daily backup completed: ${BACKUP_NAME}"
echo "$(date): Sauvegarde quotidienne terminée: ${BACKUP_NAME}"

33
roles/04-backups/templates/backup-monthly.sh.j2
View File

@@ -1,29 +1,24 @@
#!/bin/bash
# Script de sauvegarde mensuelle Minecraft
set -e
BACKUP_DIR="{{ minecraft_backups_dir }}/monthly"
SERVER_DIR="{{ minecraft_server_dir }}"
SOURCE_DIR="{{ minecraft_server_dir }}"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_NAME="minecraft_monthly_${DATE}"
BACKUP_NAME="minecraft-monthly-${DATE}"
RETENTION={{ backup_retention_monthly }}
# Stop server for consistent backup
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
sleep 5
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
echo "$(date): Début de la sauvegarde mensuelle"
# Create backup
rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
# Commande save-all via rcon
{{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} save-all || true
sleep 10
# Re-enable saving
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
# Création de la sauvegarde
rsync {{ rsync_options }} "${SOURCE_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
# Compress backup if enabled
{% if backup_compression %}
tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
{% endif %}
# Nettoyage des anciennes sauvegardes (mois)
find "${BACKUP_DIR}" -type d -name "minecraft-monthly-*" -mtime +$((${RETENTION} * 30)) -exec rm -rf {} + 2>/dev/null || true
# Clean old backups
find "${BACKUP_DIR}" -name "minecraft_monthly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 30)) -delete
echo "Monthly backup completed: ${BACKUP_NAME}"
echo "$(date): Sauvegarde mensuelle terminée: ${BACKUP_NAME}"

33
roles/04-backups/templates/backup-weekly.sh.j2
View File

@@ -1,29 +1,24 @@
#!/bin/bash
# Script de sauvegarde hebdomadaire Minecraft
set -e
BACKUP_DIR="{{ minecraft_backups_dir }}/weekly"
SERVER_DIR="{{ minecraft_server_dir }}"
SOURCE_DIR="{{ minecraft_server_dir }}"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_NAME="minecraft_weekly_${DATE}"
BACKUP_NAME="minecraft-weekly-${DATE}"
RETENTION={{ backup_retention_weekly }}
# Stop server for consistent backup
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
echo "$(date): Début de la sauvegarde hebdomadaire"
# Commande save-all via rcon
{{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} save-all || true
sleep 5
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
# Create backup
rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
# Création de la sauvegarde
rsync {{ rsync_options }} "${SOURCE_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
# Re-enable saving
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
# Nettoyage des anciennes sauvegardes (semaines)
find "${BACKUP_DIR}" -type d -name "minecraft-weekly-*" -mtime +$((${RETENTION} * 7)) -exec rm -rf {} + 2>/dev/null || true
# Compress backup if enabled
{% if backup_compression %}
tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
{% endif %}
# Clean old backups
find "${BACKUP_DIR}" -name "minecraft_weekly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 7)) -delete
echo "Weekly backup completed: ${BACKUP_NAME}"
echo "$(date): Sauvegarde hebdomadaire terminée: ${BACKUP_NAME}"

78
roles/04-backups/templates/restore.sh.j2
View File

@@ -1,59 +1,53 @@
#!/bin/bash
# Script de restauration Minecraft
BACKUP_TYPE="$1" # daily, weekly, monthly
BACKUP_DATE="$2" # YYYYMMDD_HHMMSS format
SERVER_DIR="{{ minecraft_server_dir }}"
BACKUP_BASE_DIR="{{ minecraft_backups_dir }}"
set -e
if [ $# -ne 2 ]; then
echo "Usage: $0 <backup_type> <backup_date>"
echo "Example: $0 daily 20241201_020000"
echo "Available backups:"
echo "Daily:"
ls -1 "${BACKUP_BASE_DIR}/daily/" | grep minecraft_daily
echo "Weekly:"
ls -1 "${BACKUP_BASE_DIR}/weekly/" | grep minecraft_weekly
echo "Monthly:"
ls -1 "${BACKUP_BASE_DIR}/monthly/" | grep minecraft_monthly
echo "Usage: $0 <type> <backup_name>"
echo "Types: daily, weekly, monthly"
echo "Exemple: $0 daily minecraft-daily-20240127_020000"
exit 1
fi
BACKUP_NAME="minecraft_${BACKUP_TYPE}_${BACKUP_DATE}"
BACKUP_DIR="${BACKUP_BASE_DIR}/${BACKUP_TYPE}"
TYPE=$1
BACKUP_NAME=$2
BACKUP_DIR="{{ minecraft_backups_dir }}/${TYPE}"
TARGET_DIR="{{ minecraft_server_dir }}"
{% if backup_compression %}
BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}.tar.gz"
{% else %}
BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}"
{% endif %}
if [ ! -e "${BACKUP_FILE}" ]; then
echo "Backup not found: ${BACKUP_FILE}"
if [ ! -d "${BACKUP_DIR}/${BACKUP_NAME}" ]; then
echo "Erreur: Sauvegarde ${BACKUP_NAME} introuvable dans ${BACKUP_DIR}"
exit 1
fi
# Stop Minecraft server
systemctl stop minecraft
echo "ATTENTION: Cette opération va remplacer les données actuelles du serveur."
read -p "Voulez-vous continuer? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Restauration annulée."
exit 1
fi
# Backup current server (just in case)
RESTORE_BACKUP_DIR="${BACKUP_BASE_DIR}/restore_backup"
mkdir -p "${RESTORE_BACKUP_DIR}"
mv "${SERVER_DIR}" "${RESTORE_BACKUP_DIR}/server_before_restore_$(date +%Y%m%d_%H%M%S)"
# Arrêt du serveur
echo "Arrêt du serveur Minecraft..."
systemctl stop minecraft || true
sleep 5
# Restore from backup
{% if backup_compression %}
mkdir -p "${SERVER_DIR}"
tar -xzf "${BACKUP_FILE}" -C "${BACKUP_DIR}"
rsync -av "${BACKUP_DIR}/${BACKUP_NAME}/" "${SERVER_DIR}/"
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
{% else %}
rsync -av "${BACKUP_FILE}/" "${SERVER_DIR}/"
{% endif %}
# Sauvegarde du répertoire actuel
CURRENT_BACKUP="${TARGET_DIR}.backup-$(date +%Y%m%d_%H%M%S)"
echo "Sauvegarde du répertoire actuel vers ${CURRENT_BACKUP}"
cp -r "${TARGET_DIR}" "${CURRENT_BACKUP}"
# Fix permissions
chown -R {{ minecraft_user }}:{{ minecraft_group }} "${SERVER_DIR}"
# Restauration
echo "Restauration de ${BACKUP_NAME}..."
rsync {{ rsync_options }} "${BACKUP_DIR}/${BACKUP_NAME}/" "${TARGET_DIR}/"
# Start Minecraft server
# Correction des permissions
chown -R {{ minecraft_user }}:{{ minecraft_group }} "${TARGET_DIR}"
# Redémarrage du serveur
echo "Redémarrage du serveur Minecraft..."
systemctl start minecraft
echo "Restore completed from: ${BACKUP_FILE}"
echo "Restauration terminée avec succès."
echo "Sauvegarde de l'ancienne version disponible dans: ${CURRENT_BACKUP}"

10
roles/04-backups/vars/main.yml
View File

@@ -0,0 +1,10 @@
---
# Variables sauvegardes
backup_script_path: /usr/local/bin
minecraft_backup_source: "{{ minecraft_server_dir }}"
minecraft_backup_dest: "{{ minecraft_backups_dir }}"
backup_types:
- daily
- weekly
- monthly

9
roles/05-update/defaults/main.yml
View File

@@ -1,5 +1,6 @@
---
update_check_interval: daily
ssh_keys_check_enabled: true
system_update_check_enabled: true
spigot_update_check_enabled: true
# Configuration par défaut des mises à jour
update_check_enabled: true
update_system_packages: false
spigot_update_check_url: "https://hub.spigotmc.org/versions/"
update_backup_before: true

10
roles/05-update/handlers/main.yml
View File

@@ -1,7 +1,5 @@
---
- name: reboot if needed
reboot:
reboot_timeout: 300
when:
- ansible_kernel != ansible_kernel_before_update | default(ansible_kernel)
- reboot_required | default(false)
- name: restart minecraft
ansible.builtin.service:
name: minecraft
state: restarted

19
roles/05-update/tasks/01-check-ssh-keys.yml
View File

@@ -1,14 +1,9 @@
---
- name: Check for new SSH keys in authorized_keys
stat:
path: /home/{{ ansible_user }}/.ssh/authorized_keys
register: ssh_keys_stat
- name: Update SSH keys if changed
authorized_key:
user: "{{ ansible_user }}"
key: "{{ item }}"
- name: Vérification des nouvelles clés SSH
ansible.posix.authorized_key:
user: "{{ item.user }}"
state: present
loop: "{{ ssh_public_keys | default([]) }}"
when: ssh_public_keys is defined
tags: ['ssh-keys-update']
key: "{{ item.key }}"
comment: "{{ item.comment | default('Admin key') }}"
with_items: "{{ admin_ssh_keys | default([]) }}"
when: admin_ssh_keys is defined

24
roles/05-update/tasks/02-check-system-updates.yml
View File

@@ -1,23 +1,23 @@
---
- name: Check for system updates (Debian/Ubuntu)
apt:
- name: Vérification des mises à jour système disponibles
ansible.builtin.apt:
update_cache: yes
cache_valid_time: 3600
register: apt_cache_update
when: ansible_os_family == "Debian"
- name: Check available upgrades
shell: apt list --upgradable 2>/dev/null | grep -v WARNING | wc -l
register: available_upgrades
changed_when: false
- name: Liste des paquets à mettre à jour
ansible.builtin.apt:
upgrade: dist
dry_run: yes
register: system_updates_check
when: ansible_os_family == "Debian"
- name: Apply system updates if available
apt:
upgrade: yes
- name: Application des mises à jour système si nécessaire
ansible.builtin.apt:
upgrade: dist
autoremove: yes
autoclean: yes
when:
- ansible_os_family == "Debian"
- available_upgrades.stdout | int > 1
notify: reboot if needed
- update_system_packages | default(false)
- system_updates_check.changed

36
roles/05-update/tasks/03-check-spigot-version.yml
View File

@@ -1,26 +1,22 @@
---
- name: Get current Spigot version
stat:
path: "{{ minecraft_server_dir }}/spigot.jar"
register: current_spigot
- name: Check latest Spigot version available
uri:
url: "https://api.papermc.io/v2/projects/paper/versions"
method: GET
return_content: yes
register: spigot_versions_api
- name: Lecture de la version actuelle
ansible.builtin.slurp:
src: "{{ current_version_file }}"
register: current_version_content
failed_when: false
- name: Parse latest version
- name: Définition de la version actuelle
set_fact:
latest_spigot_version: "{{ (spigot_versions_api.json.versions | last) if spigot_versions_api.json is defined else minecraft_version }}"
current_spigot_version: "{{ (current_version_content.content | b64decode).strip() if current_version_content.content is defined else 'unknown' }}"
- name: Compare versions
- name: Vérification de la dernière version Spigot disponible
ansible.builtin.uri:
url: "{{ spigot_update_check_url }}{{ minecraft_version }}.json"
method: GET
return_content: yes
register: spigot_version_check
failed_when: false
- name: Détermination si une mise à jour est disponible
set_fact:
new_spigot_available: "{{ latest_spigot_version != minecraft_version }}"
when: latest_spigot_version is defined
- name: Display version information
debug:
msg: "Current: {{ minecraft_version }}, Latest: {{ latest_spigot_version | default('Unknown') }}, Update available: {{ new_spigot_available | default(false) }}"
spigot_update_available: "{{ minecraft_version != current_spigot_version }}"

12
roles/05-update/tasks/04-download-new-spigot.yml
View File

@@ -1,16 +1,16 @@
---
- name: Create temporary build directory
file:
path: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}"
- name: Création du répertoire de build temporaire
ansible.builtin.file:
path: "{{ temp_build_dir }}"
state: directory
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
- name: Download BuildTools for new version
get_url:
- name: Téléchargement de BuildTools pour la nouvelle version
ansible.builtin.get_url:
url: "{{ spigot_build_tools_url }}"
dest: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/BuildTools.jar"
dest: "{{ temp_build_dir }}/BuildTools.jar"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'

13
roles/05-update/tasks/05-compile-new-spigot.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Compilation de la nouvelle version Spigot
ansible.builtin.command:
cmd: "java -jar BuildTools.jar --rev {{ minecraft_version }}"
chdir: "{{ temp_build_dir }}"
creates: "{{ temp_build_dir }}/spigot-{{ minecraft_version }}.jar"
become_user: "{{ minecraft_user }}"
timeout: 1800
register: spigot_compile_result
- name: Marquage du succès de compilation
set_fact:
spigot_compilation_success: "{{ spigot_compile_result.rc == 0 }}"

38
roles/05-update/tasks/05-compile-new-version.yml
View File

@@ -1,38 +0,0 @@
---
- name: Compile new Spigot version
shell: |
cd {{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}
java -jar BuildTools.jar --rev {{ latest_spigot_version }}
become_user: "{{ minecraft_user }}"
args:
creates: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar"
register: spigot_compile_result
- name: Set compilation success flag
set_fact:
new_spigot_compiled: "{{ spigot_compile_result.rc == 0 }}"
- name: Create new server directory
file:
path: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}"
state: directory
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0755'
when: new_spigot_compiled
- name: Copy new Spigot jar to new server directory
copy:
src: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar"
dest: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}/spigot.jar"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
remote_src: yes
when: new_spigot_compiled
- name: Copy configuration files to new server directory
shell: |
cp -r {{ minecraft_server_dir }}/* {{ minecraft_server_dir }}_{{ latest_spigot_version }}/
chown -R {{ minecraft_user }}:{{ minecraft_group }} {{ minecraft_server_dir }}_{{ latest_spigot_version }}
when: new_spigot_compiled

46
roles/05-update/tasks/06-switch-versions.yml
View File

@@ -1,29 +1,31 @@
---
- name: Stop Minecraft service
systemd:
name: minecraft
state: stopped
- name: Sauvegarde avant mise à jour
ansible.builtin.command:
cmd: "{{ backup_script_path }}/minecraft-backup-daily.sh"
when: update_backup_before | default(true)
- name: Create version switch script
template:
- name: Génération du script de changement de version
ansible.builtin.template:
src: version-switch.sh.j2
dest: "{{ minecraft_tools_dir }}/version-switch.sh"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
dest: "{{ update_script_path }}/minecraft-version-switch.sh"
owner: root
group: root
mode: '0755'
- name: Execute version switch
shell: "{{ minecraft_tools_dir }}/version-switch.sh {{ minecraft_version }} {{ latest_spigot_version }}"
become_user: "{{ minecraft_user }}"
register: version_switch_result
- name: Exécution du changement de version
ansible.builtin.command:
cmd: "{{ update_script_path }}/minecraft-version-switch.sh {{ minecraft_version }}"
notify: restart minecraft
- name: Update minecraft_version variable
set_fact:
minecraft_version: "{{ latest_spigot_version }}"
when: version_switch_result.rc == 0
- name: Mise à jour du fichier de version
ansible.builtin.copy:
content: "{{ minecraft_version }}"
dest: "{{ current_version_file }}"
owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}"
mode: '0644'
- name: Start Minecraft service
systemd:
name: minecraft
state: started
when: version_switch_result.rc == 0
- name: Nettoyage du répertoire temporaire
ansible.builtin.file:
path: "{{ temp_build_dir }}"
state: absent

13
roles/05-update/tasks/07-cleanup.yml
View File

@@ -1,13 +0,0 @@
---
- name: Clean up old build directories
file:
path: "{{ minecraft_sources_dir }}/build_{{ item }}"
state: absent
loop: "{{ old_versions | default([]) }}"
- name: Clean up old server directories
file:
path: "{{ minecraft_server_dir }}_{{ item }}"
state: absent
loop: "{{ old_versions | default([]) }}"
when: cleanup_old_versions | default(true)

45
roles/05-update/tasks/main.yml
View File

@@ -1,34 +1,23 @@
---
- name: Include SSH keys check tasks
include_tasks: 01-check-ssh-keys.yml
when: ssh_keys_check_enabled
tags: ['update', 'ssh-keys']
# Tâches principales mises à jour
- import_tasks: 01-check-ssh-keys.yml
tags: [update, ssh-keys]
- name: Include system updates check tasks
include_tasks: 02-check-system-updates.yml
when: system_update_check_enabled
tags: ['update', 'system']
- import_tasks: 02-check-system-updates.yml
tags: [update, system]
when: update_system_packages | default(false)
- name: Include Spigot version check tasks
include_tasks: 03-check-spigot-version.yml
when: spigot_update_check_enabled
tags: ['update', 'spigot']
- import_tasks: 03-check-spigot-version.yml
tags: [update, spigot-version]
- name: Include new Spigot download tasks
include_tasks: 04-download-new-spigot.yml
when: new_spigot_available | default(false)
tags: ['update', 'download']
- import_tasks: 04-download-new-spigot.yml
tags: [update, spigot-download]
when: spigot_update_available | default(false)
- name: Include new version compilation tasks
include_tasks: 05-compile-new-version.yml
when: new_spigot_available | default(false)
tags: ['update', 'compile']
- import_tasks: 05-compile-new-spigot.yml
tags: [update, spigot-compile]
when: spigot_update_available | default(false)
- name: Include version switch tasks
include_tasks: 06-switch-versions.yml
when: new_spigot_compiled | default(false)
tags: ['update', 'switch']
- name: Include cleanup tasks
include_tasks: 07-cleanup.yml
tags: ['update', 'cleanup']
- import_tasks: 06-switch-versions.yml
tags: [update, spigot-switch]
when: spigot_update_available | default(false) and spigot_compilation_success | default(false)

59
roles/05-update/templates/version-switch.sh.j2
View File

@@ -1,18 +1,55 @@
#!/bin/bash
# Script de changement de version Minecraft
OLD_VERSION="$1"
NEW_VERSION="$2"
SERVER_DIR="{{ minecraft_server_dir }}"
BACKUP_DIR="{{ minecraft_backups_dir }}/version_backup"
set -e
# Create backup directory
if [ $# -ne 1 ]; then
echo "Usage: $0 <version>"
exit 1
fi
NEW_VERSION=$1
MINECRAFT_DIR="{{ minecraft_server_dir }}"
TEMP_BUILD_DIR="{{ temp_build_dir }}"
BACKUP_DIR="${MINECRAFT_DIR}/backup-$(date +%Y%m%d_%H%M%S)"
echo "Changement vers la version ${NEW_VERSION}"
# Vérification que le nouveau JAR existe
if [ ! -f "${TEMP_BUILD_DIR}/spigot-${NEW_VERSION}.jar" ]; then
echo "Erreur: Fichier spigot-${NEW_VERSION}.jar introuvable"
exit 1
fi
# Arrêt du serveur
echo "Arrêt du serveur Minecraft..."
systemctl stop minecraft || true
sleep 10
# Sauvegarde de l'ancienne version
echo "Sauvegarde de l'ancienne version..."
mkdir -p "${BACKUP_DIR}"
cp "${MINECRAFT_DIR}/spigot.jar" "${BACKUP_DIR}/spigot-old.jar" 2>/dev/null || true
# Backup current version
mv "${SERVER_DIR}" "${BACKUP_DIR}/server_${OLD_VERSION}_$(date +%Y%m%d_%H%M%S)"
# Copie de la nouvelle version
echo "Installation de la nouvelle version..."
cp "${TEMP_BUILD_DIR}/spigot-${NEW_VERSION}.jar" "${MINECRAFT_DIR}/spigot.jar"
chown {{ minecraft_user }}:{{ minecraft_group }} "${MINECRAFT_DIR}/spigot.jar"
# Switch to new version
mv "${SERVER_DIR}_${NEW_VERSION}" "${SERVER_DIR}"
# Test de démarrage
echo "Test de la nouvelle version..."
systemctl start minecraft
echo "Version switched from ${OLD_VERSION} to ${NEW_VERSION}"
exit 0
# Vérification que le serveur démarre correctement
sleep 30
if systemctl is-active --quiet minecraft; then
echo "Mise à jour réussie vers la version ${NEW_VERSION}"
echo "Ancienne version sauvegardée dans: ${BACKUP_DIR}"
else
echo "Erreur: La nouvelle version ne démarre pas correctement"
echo "Restauration de l'ancienne version..."
systemctl stop minecraft || true
cp "${BACKUP_DIR}/spigot-old.jar" "${MINECRAFT_DIR}/spigot.jar" 2>/dev/null || true
systemctl start minecraft
exit 1
fi

5
roles/05-update/vars/main.yml
View File

@@ -0,0 +1,5 @@
---
# Variables mises à jour
update_script_path: /usr/local/bin
temp_build_dir: "/tmp/minecraft-build"
current_version_file: "{{ minecraft_server_dir }}/.version"

23
scripts/test-connection.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
# Test de connexion aux serveurs
echo "=== Test de connexion aux serveurs ==="
# Test staging
echo "Test de connexion à staging..."
ansible -i inventories/staging/hosts.yml minecraft_servers -m ping
# Test production
echo "Test de connexion à production..."
ansible -i inventories/production/hosts.yml minecraft_servers -m ping
echo ""
echo "=== Test de privilèges sudo ==="
# Test sudo staging
echo "Test sudo sur staging..."
ansible -i inventories/staging/hosts.yml minecraft_servers -b -m command -a "whoami"
# Test sudo production
echo "Test sudo sur production..."
ansible -i inventories/production/hosts.yml minecraft_servers -b -m command -a "whoami"

21
secrets.example Normal file
View File

@@ -0,0 +1,21 @@
# Fichier des secrets à configurer dans Gitea
# Copier ces variables dans les secrets de votre repository Gitea
# Variables SSH
ANSIBLE_SSH_PRIVATE_KEY=<votre_clé_ssh_privée_base64>
ANSIBLE_SSH_PUBLIC_KEY=<votre_clé_ssh_publique>
# Variables serveur
MINECRAFT_ADMIN_PASSWORD=<mot_de_passe_admin_minecraft>
BACKUP_SSH_KEY=<clé_ssh_pour_backups_distants>
# Variables réseau
ALLOWED_SSH_IPS=<liste_des_ips_autorisées_ssh>
MINECRAFT_RCON_PASSWORD=<mot_de_passe_rcon>
# Variables base de données (si nécessaire)
DB_PASSWORD=<mot_de_passe_base_de_données>
# Variables notification
DISCORD_WEBHOOK=<webhook_discord_pour_notifications>
SLACK_TOKEN=<token_slack_pour_notifications>

9
site.yml
View File

@@ -1,11 +1,16 @@
---
- name: Deploy Minecraft Spigot Server
- name: Installation complète serveur Minecraft Spigot
hosts: minecraft_servers
remote_user: ansible
become: yes
serial: 1
gather_facts: yes
roles:
- 01-server_hardening
- 02-installation-java
- 03-installation-minecraft
- 04-backups
- 05-update
vars_files:
- "inventories/{{ inventory_dir | basename }}/group_vars/all.yml"