diff --git a/README.md b/README.md index e680b75..b28da50 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ -- [ ] Copy base from mc-perfect -- [ ] Test it -- [ ] Move to Velocity proxy +To switch user use: +`su minecraft -s /bin/bash` + +# To DO +- [ ] Update mc-perfect to mc-paper needs +- [ ] test it +- [ ] move to Velocity proxy + +- [ ] manual set up of min/max RAM +- [ ] Update server.properties (whitelist, online-mode, name, ...) diff --git a/data/eula.txt b/data/eula.txt new file mode 100644 index 0000000..1adc2fe --- /dev/null +++ b/data/eula.txt @@ -0,0 +1,3 @@ +#By changing the setting below to TRUE you are indicating your agreement to our EULA (https://aka.ms/MinecraftEULA). +#Mon Jun 24 20:33:09 UTC 2024 +eula=true diff --git a/data/mc-forge.service b/data/mc-forge.service new file mode 100644 index 0000000..e330547 --- /dev/null +++ b/data/mc-forge.service @@ -0,0 +1,42 @@ +[Unit] +Description=Minecraft Server +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +ExecReload=/usr/bin/screen -S minecraft -X stuff \"reload^M\" + +ExecStart=/usr/bin/screen -DmS minecraft ./run.sh + +#ExecStartPre=/bin/sh -c '/usr/bin/screen -dmS mc-perfect' +#ExecStart=/bin/sh -c '/opt/minecraft/run.sh' + +#ExecStop=/usr/bin/screen -S minecraft -X stuff \"save-all^M\" +#ExecStop=/bin/sleep 5 +#ExecStop=/usr/bin/screen -S minecraft -X stuff \"stop^M\" +#ExecStop=/bin/sleep 5 + +ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "say SERVER SHUTTING DOWN. Saving map..."\\015' +ExecStop=/bin/sh -c '/bin/sleep 5' +ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "save-all"\\015' +ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "stop"\\015' +ExecStop=/bin/sh -c '/bin/sleep 10' + +#Restart=on-failure +#RestartSec=60s + +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full + +PrivateDevices=true +PrivateUsers=true + +User=minecraft +Group=minecraft + +WorkingDirectory=/opt/minecraft/ diff --git a/data/mc-perfect.pub b/data/mc-perfect.pub new file mode 100644 index 0000000..075164b --- /dev/null +++ b/data/mc-perfect.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO0AQPMAMrXKDqMNkJdO65wwkYmx/EnEjZjaR/c/6Yb MC Perfect diff --git a/data/server-icon.png b/data/server-icon.png new file mode 100644 index 0000000..c00f0bc Binary files /dev/null and b/data/server-icon.png differ diff --git a/data/server.properties b/data/server.properties new file mode 100644 index 0000000..6f3b4d3 --- /dev/null +++ b/data/server.properties @@ -0,0 +1,58 @@ +#Minecraft server properties +#Sat Jun 29 14:29:55 UTC 2024 +allow-flight=false +allow-nether=true +broadcast-console-to-ops=true +broadcast-rcon-to-ops=true +difficulty=easy +enable-command-block=false +enable-jmx-monitoring=false +enable-query=false +enable-rcon=false +enable-status=true +enforce-secure-profile=false +enforce-whitelist=false +entity-broadcast-range-percentage=100 +force-gamemode=false +function-permission-level=2 +gamemode=survival +generate-structures=true +generator-settings={} +hardcore=false +hide-online-players=false +initial-disabled-packs= +initial-enabled-packs=vanilla +level-name=world +level-seed=3390523434318704240 +level-type=minecraft\:normal +max-chained-neighbor-updates=1000000 +max-players=20 +max-tick-time=60000 +max-world-size=29999984 +motd=A Minecraft Server +network-compression-threshold=256 +online-mode=true +op-permission-level=4 +player-idle-timeout=0 +prevent-proxy-connections=false +pvp=true +query.port=25565 +rate-limit=0 +rcon.password= +rcon.port=25575 +require-resource-pack=false +resource-pack= +resource-pack-prompt= +resource-pack-sha1= +server-ip= +server-port=25565 +simulation-distance=10 +spawn-animals=true +spawn-monsters=true +spawn-npcs=true +spawn-protection=16 +sync-chunk-writes=true +text-filtering-config= +use-native-transport=true +view-distance=10 +white-list=false diff --git a/data/user_jvm_args.txt b/data/user_jvm_args.txt new file mode 100644 index 0000000..c1fcdc5 --- /dev/null +++ b/data/user_jvm_args.txt @@ -0,0 +1,9 @@ +# Xmx and Xms set the maximum and minimum RAM usage, respectively. +# They can take any number, followed by an M or a G. +# M means Megabyte, G means Gigabyte. +# For example, to set the maximum to 3GB: -Xmx3G +# To set the minimum to 2.5GB: -Xms2500M + +# A good default for a modded server is 4GB. +# Uncomment the next line to set it. +# -Xmx4G diff --git a/script.sh b/script.sh new file mode 100755 index 0000000..890e592 --- /dev/null +++ b/script.sh @@ -0,0 +1,151 @@ +#!/bin/bash + +printf "Better to run as root, because of permisions handeling.\n" + +sleep 2 + +printf "Do you want to set up firewall rules by iptables? [Y/n]: \n" +read ansFirewallSetup + + + +if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then + + printf "+ Thanks, working on next bit\n" + +else + + printf "Do you want to block non-LAN ssh connections? [Y/n/castom]: " + read sshBlockRange + + + if [[ $sshBlockRange =~ ("n"|"N") ]]; then + + printf "+ OK, working on next bit\n" + ipList="" + + elif [[ $sshBlockRange =~ ("y"|"Y") || -z $sshBlockRange ]]; then + + #Pipes all informations about ip interfaces + ipList=$(ip -o -4 a show scope global) + + #Founds data in pattern + ipList=$(echo $ipList | grep -Eo "([0-9]*\.){3}[0-9]*/[0-9]*") + + #substitues space for coma + ipList=$(echo $ipList | tr " " ",") + + printf "+ Accepting SSH connections only on these ip's: $ipList\n" + + + else + printf "\nHope you know what you are doing, I am not checking these :]" + + printf "\nSubmit your IP range to acces SSH in format 192.168.1.1/24 + \nYour IP range: " + read ipList + printf "\n+ Allowing SSH on this range: $ipList \n" + fi +fi + +sleep 2 + +# Just to be shure +printf "\n+ Starting to upgrade base system\n\n" + +sudo apt update +sudo apt upgrade -y + +# Installing depandencies +printf "\n+ Installing depandencies \n\n" +sudo apt install openjdk-17-jre-headless screen p7zip-full iptables -y + +# User and groupe managment +printf "\n+ Creating user minecraft and basic file structure" +groupadd minecraft + +useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraft + +# File strukture and basic install +mkdir /opt/minecraft + +mv data/Forge-1.20.1.jar /opt/minecraft/ + +cd /opt/minecraft/ + +# Installing server +printf "+ Installing Forge 1.20.1 \n \n" + +java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer + +cd - + +cd data/ +mv eula.txt server-icon.png server.properties run.sh user_jvm_args.txt /opt/minecraft/ +cd .. + +mkdir /opt/minecraft/mods + +printf "\n+ Unpacking mods \n \n" + +cd data +7z x Mods.zip -o/opt/minecraft/mods/ +cd .. + +# Permision handeling +printf "\n+ Permision handeling\n" +chown -R minecraft:minecraft /opt/minecraft + +# SystemD service +printf "+ Preparign systemD service\n" +mv data/mc-forge.service /etc/systemd/system/ + +systemctl daemon-reload +systemctl start mc-forge.service +systemctl enable mc-forge + + +# integration of Maxopoly's instructions on firewall + +if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then + + printf "+ Executing firewall setup" + + iptables -P INPUT ACCEPT #Clears existing rules + + iptables -A INPUT -i lo -j ACCEPT #Allow loopback + + iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections + + iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT #Allow ssh from set network + + iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port + + iptables -L ### Good place to paste a manual check to not lock yourself out + + printf "\n Does it looks right? [Y/n]: " + read ansFirewallOK + + if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then + + iptables -P INPUT DROP #Disallow everythink else + + iptables -P FORWARD DROP #Block all forwarding + + iptables -P OUTPUT ACCEPT #Allow all outgouing + + else + + printf "\nOK it is time for manual configuration" + printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart" + + fi + + apt install iptables-persistent -y + +fi + +printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:" +printf "\nsystemctl status mc-forge" +printf "\nsu minecraft -s /bin/bash" +printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user"