coppy of mc-perfect

README.md

@@ -1,3 +1,10 @@
-- [ ] Copy base from mc-perfect
-- [ ] Test it
-- [ ] Move to Velocity proxy
+To switch user use: 
+`su minecraft -s /bin/bash`
+
+# To DO
+- [ ] Update mc-perfect to mc-paper needs
+- [ ] test it
+- [ ] move to Velocity proxy
+
+- [ ] manual set up of min/max RAM
+- [ ] Update server.properties (whitelist, online-mode, name, ...)

data/eula.txt

@@ -0,0 +1,3 @@
+#By changing the setting below to TRUE you are indicating your agreement to our EULA (https://aka.ms/MinecraftEULA).
+#Mon Jun 24 20:33:09 UTC 2024
+eula=true

data/mc-forge.service

@@ -0,0 +1,42 @@
+[Unit]
+Description=Minecraft Server
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecReload=/usr/bin/screen -S minecraft -X stuff \"reload^M\"
+
+ExecStart=/usr/bin/screen -DmS minecraft ./run.sh
+
+#ExecStartPre=/bin/sh -c '/usr/bin/screen -dmS mc-perfect'
+#ExecStart=/bin/sh -c '/opt/minecraft/run.sh'
+
+#ExecStop=/usr/bin/screen -S minecraft -X stuff \"save-all^M\"
+#ExecStop=/bin/sleep 5
+#ExecStop=/usr/bin/screen -S minecraft -X stuff \"stop^M\"
+#ExecStop=/bin/sleep 5
+
+ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "say SERVER SHUTTING DOWN. Saving map..."\\015'
+ExecStop=/bin/sh -c '/bin/sleep 5'
+ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "save-all"\\015'
+ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "stop"\\015'
+ExecStop=/bin/sh -c '/bin/sleep 10'
+
+#Restart=on-failure
+#RestartSec=60s
+
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=full
+
+PrivateDevices=true
+PrivateUsers=true
+
+User=minecraft
+Group=minecraft
+
+WorkingDirectory=/opt/minecraft/

data/mc-perfect.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO0AQPMAMrXKDqMNkJdO65wwkYmx/EnEjZjaR/c/6Yb MC Perfect

data/server.properties

@@ -0,0 +1,58 @@
+#Minecraft server properties
+#Sat Jun 29 14:29:55 UTC 2024
+allow-flight=false
+allow-nether=true
+broadcast-console-to-ops=true
+broadcast-rcon-to-ops=true
+difficulty=easy
+enable-command-block=false
+enable-jmx-monitoring=false
+enable-query=false
+enable-rcon=false
+enable-status=true
+enforce-secure-profile=false
+enforce-whitelist=false
+entity-broadcast-range-percentage=100
+force-gamemode=false
+function-permission-level=2
+gamemode=survival
+generate-structures=true
+generator-settings={}
+hardcore=false
+hide-online-players=false
+initial-disabled-packs=
+initial-enabled-packs=vanilla
+level-name=world
+level-seed=3390523434318704240
+level-type=minecraft\:normal
+max-chained-neighbor-updates=1000000
+max-players=20
+max-tick-time=60000
+max-world-size=29999984
+motd=A Minecraft Server
+network-compression-threshold=256
+online-mode=true
+op-permission-level=4
+player-idle-timeout=0
+prevent-proxy-connections=false
+pvp=true
+query.port=25565
+rate-limit=0
+rcon.password=
+rcon.port=25575
+require-resource-pack=false
+resource-pack=
+resource-pack-prompt=
+resource-pack-sha1=
+server-ip=
+server-port=25565
+simulation-distance=10
+spawn-animals=true
+spawn-monsters=true
+spawn-npcs=true
+spawn-protection=16
+sync-chunk-writes=true
+text-filtering-config=
+use-native-transport=true
+view-distance=10
+white-list=false

data/user_jvm_args.txt

@@ -0,0 +1,9 @@
+# Xmx and Xms set the maximum and minimum RAM usage, respectively.
+# They can take any number, followed by an M or a G.
+# M means Megabyte, G means Gigabyte.
+# For example, to set the maximum to 3GB: -Xmx3G
+# To set the minimum to 2.5GB: -Xms2500M
+
+# A good default for a modded server is 4GB.
+# Uncomment the next line to set it.
+# -Xmx4G

script.sh

@@ -0,0 +1,151 @@
+#!/bin/bash
+
+printf "Better to run as root, because of permisions handeling.\n"
+
+sleep 2
+
+printf "Do you want to set up firewall rules by iptables? [Y/n]: \n"
+read ansFirewallSetup
+
+
+
+if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then
+
+	printf "+ Thanks, working on next bit\n"
+
+else
+	
+	printf "Do you want to block non-LAN ssh connections? [Y/n/castom]: "
+	read sshBlockRange
+
+
+	if [[ $sshBlockRange =~ ("n"|"N") ]]; then
+	
+		printf "+ OK, working on next bit\n"
+		ipList=""
+
+	elif [[ $sshBlockRange =~ ("y"|"Y") || -z $sshBlockRange ]]; then
+	
+		#Pipes all informations about ip interfaces
+		ipList=$(ip -o -4 a show scope global)
+
+		#Founds data in pattern
+		ipList=$(echo $ipList | grep -Eo "([0-9]*\.){3}[0-9]*/[0-9]*")
+
+		#substitues space for coma
+		ipList=$(echo $ipList | tr " " ",") 
+
+		printf "+ Accepting SSH connections only on these ip's: $ipList\n"
+
+
+	else
+			printf "\nHope you know what you are doing, I am not checking these :]"
+			
+			printf "\nSubmit your IP range to acces SSH in format 192.168.1.1/24 
+				\nYour IP range: "
+			read ipList
+			printf "\n+ Allowing SSH on this range: $ipList \n"
+	fi
+fi
+
+sleep 2
+
+# Just to be shure
+printf "\n+ Starting to upgrade base system\n\n"
+
+sudo apt update
+sudo apt upgrade -y
+
+# Installing depandencies
+printf "\n+ Installing depandencies \n\n" 
+sudo apt install openjdk-17-jre-headless screen p7zip-full iptables -y
+
+# User and groupe managment
+printf "\n+ Creating user minecraft and basic file structure"
+groupadd minecraft
+
+useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraft
+
+# File strukture and basic install
+mkdir /opt/minecraft 
+
+mv data/Forge-1.20.1.jar /opt/minecraft/
+
+cd /opt/minecraft/
+
+# Installing server
+printf "+ Installing Forge 1.20.1 \n \n"
+
+java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer
+
+cd -
+
+cd data/
+mv eula.txt server-icon.png server.properties run.sh user_jvm_args.txt /opt/minecraft/
+cd ..
+
+mkdir /opt/minecraft/mods
+
+printf "\n+ Unpacking mods \n \n"
+
+cd data
+7z x Mods.zip -o/opt/minecraft/mods/
+cd ..
+
+# Permision handeling 
+printf "\n+ Permision handeling\n"
+chown -R minecraft:minecraft /opt/minecraft
+
+# SystemD service
+printf "+ Preparign systemD service\n"
+mv data/mc-forge.service /etc/systemd/system/
+
+systemctl daemon-reload
+systemctl start mc-forge.service
+systemctl enable mc-forge
+
+
+# integration of Maxopoly's instructions on firewall
+
+if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then
+	
+		printf "+ Executing firewall setup"
+
+		iptables -P INPUT ACCEPT #Clears existing rules
+
+		iptables -A INPUT -i lo -j ACCEPT #Allow loopback
+
+		iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections
+
+		iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT #Allow ssh from set network
+
+		iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port
+
+		iptables -L ### Good place to paste a manual check to not lock yourself out 
+
+		printf "\n Does it looks right? [Y/n]: "
+			read ansFirewallOK
+
+		if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then	
+		
+			iptables -P INPUT DROP #Disallow everythink else
+
+			iptables -P FORWARD DROP #Block all forwarding
+
+			iptables -P OUTPUT ACCEPT #Allow all outgouing
+		
+		else
+			
+			printf "\nOK it is time for manual configuration"
+			printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart"
+
+		fi
+
+		apt install iptables-persistent -y
+
+fi
+
+printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:"
+printf "\nsystemctl status mc-forge"
+printf "\nsu minecraft -s /bin/bash"
+printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user"