From 6ccf4dd9c628410cdf8189aa1aa0d975596f1126 Mon Sep 17 00:00:00 2001 From: godot Date: Wed, 17 Jul 2024 09:46:56 +0200 Subject: [PATCH] coppy of mc-perfect --- README.md | 13 +++- data/eula.txt | 3 + data/mc-forge.service | 42 ++++++++++++ data/mc-perfect.pub | 1 + data/server-icon.png | Bin 0 -> 714 bytes data/server.properties | 58 ++++++++++++++++ data/user_jvm_args.txt | 9 +++ script.sh | 151 +++++++++++++++++++++++++++++++++++++++++ 8 files changed, 274 insertions(+), 3 deletions(-) create mode 100644 data/eula.txt create mode 100644 data/mc-forge.service create mode 100644 data/mc-perfect.pub create mode 100644 data/server-icon.png create mode 100644 data/server.properties create mode 100644 data/user_jvm_args.txt create mode 100755 script.sh diff --git a/README.md b/README.md index e680b75..b28da50 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ -- [ ] Copy base from mc-perfect -- [ ] Test it -- [ ] Move to Velocity proxy +To switch user use: +`su minecraft -s /bin/bash` + +# To DO +- [ ] Update mc-perfect to mc-paper needs +- [ ] test it +- [ ] move to Velocity proxy + +- [ ] manual set up of min/max RAM +- [ ] Update server.properties (whitelist, online-mode, name, ...) diff --git a/data/eula.txt b/data/eula.txt new file mode 100644 index 0000000..1adc2fe --- /dev/null +++ b/data/eula.txt @@ -0,0 +1,3 @@ +#By changing the setting below to TRUE you are indicating your agreement to our EULA (https://aka.ms/MinecraftEULA). +#Mon Jun 24 20:33:09 UTC 2024 +eula=true diff --git a/data/mc-forge.service b/data/mc-forge.service new file mode 100644 index 0000000..e330547 --- /dev/null +++ b/data/mc-forge.service @@ -0,0 +1,42 @@ +[Unit] +Description=Minecraft Server +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +ExecReload=/usr/bin/screen -S minecraft -X stuff \"reload^M\" + +ExecStart=/usr/bin/screen -DmS minecraft ./run.sh + +#ExecStartPre=/bin/sh -c '/usr/bin/screen -dmS mc-perfect' +#ExecStart=/bin/sh -c '/opt/minecraft/run.sh' + +#ExecStop=/usr/bin/screen -S minecraft -X stuff \"save-all^M\" +#ExecStop=/bin/sleep 5 +#ExecStop=/usr/bin/screen -S minecraft -X stuff \"stop^M\" +#ExecStop=/bin/sleep 5 + +ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "say SERVER SHUTTING DOWN. Saving map..."\\015' +ExecStop=/bin/sh -c '/bin/sleep 5' +ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "save-all"\\015' +ExecStop=/usr/bin/screen -p 0 -S minecraft -X eval 'stuff "stop"\\015' +ExecStop=/bin/sh -c '/bin/sleep 10' + +#Restart=on-failure +#RestartSec=60s + +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full + +PrivateDevices=true +PrivateUsers=true + +User=minecraft +Group=minecraft + +WorkingDirectory=/opt/minecraft/ diff --git a/data/mc-perfect.pub b/data/mc-perfect.pub new file mode 100644 index 0000000..075164b --- /dev/null +++ b/data/mc-perfect.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO0AQPMAMrXKDqMNkJdO65wwkYmx/EnEjZjaR/c/6Yb MC Perfect diff --git a/data/server-icon.png b/data/server-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..c00f0bce4032324886001b11bc2cb39e13acc6ac GIT binary patch literal 714 zcmV;*0yX`KP)Px#1ZP1_K>z@;j|==^1poj5Ay7VGd00J0EL_t(Y$JLX+j@vK{#&w0A z!K0txKoy0PDZ}B0OlgsH=;Rh~=XA+4bj~ENp4u%5I`JthlKMkOL9=u@4w5YW{P80# zn|ZVV)|9c^X&^tP^X&tLY9}(gAp+H{$bOKyjtVn^5>&nNP*~Xat)F_zqC6}t3DMg_ z{}JAA3zP5QCDr4%InzM{s-7nR_&~)TfukCF5&&2S5B@chs6P4W=jey$+Vn&Qi6aBg z{8H!K6xR`094G}q{ml=~IhLq6*V<&05?+8MB;|>ep^%G!Cm58T% zz&d;e?Lq_AG-p0*l!W%MHVra>dsBb^QC2|!OVC(<4S7Q!C|(URAXu9lk%~AXA_Ms4 zoLiLyz#;*Sp$RW=CsuqUK%06qEDo)fD1iR>`3{gWy!H$AWi|!CzeJrJ3(#g)7XKJL z_`3Ao960;#Zt))gMe_*2{{#Gf0CeL6z@0KMYg80)u!ORc-6UHVT8%S6Z2PNX!^7B} z%CAYr1Xxa#W75C{)c-)M(GMF1c!^w@e;vACE;vqr5;*ZN2QH$}iI?T%SDPDvC0NEy zJQaYiOnh{sg92!y{bT}W9zrWaAz|L!G)i?s7Ui{HrcRu)gvkO$*a(OKUh~lklZ1%^ z{#U)`b6MK}@Fvay)BqjGzYdX=&6tArr7M^lgvz9+S0!-OS1t-@0QHT+djP%_0P!#M wzE*}3uj@Vl000hUSV?A0O#mtY000O800000007cclK=n!07*qoM6N<$f={9)-~a#s literal 0 HcmV?d00001 diff --git a/data/server.properties b/data/server.properties new file mode 100644 index 0000000..6f3b4d3 --- /dev/null +++ b/data/server.properties @@ -0,0 +1,58 @@ +#Minecraft server properties +#Sat Jun 29 14:29:55 UTC 2024 +allow-flight=false +allow-nether=true +broadcast-console-to-ops=true +broadcast-rcon-to-ops=true +difficulty=easy +enable-command-block=false +enable-jmx-monitoring=false +enable-query=false +enable-rcon=false +enable-status=true +enforce-secure-profile=false +enforce-whitelist=false +entity-broadcast-range-percentage=100 +force-gamemode=false +function-permission-level=2 +gamemode=survival +generate-structures=true +generator-settings={} +hardcore=false +hide-online-players=false +initial-disabled-packs= +initial-enabled-packs=vanilla +level-name=world +level-seed=3390523434318704240 +level-type=minecraft\:normal +max-chained-neighbor-updates=1000000 +max-players=20 +max-tick-time=60000 +max-world-size=29999984 +motd=A Minecraft Server +network-compression-threshold=256 +online-mode=true +op-permission-level=4 +player-idle-timeout=0 +prevent-proxy-connections=false +pvp=true +query.port=25565 +rate-limit=0 +rcon.password= +rcon.port=25575 +require-resource-pack=false +resource-pack= +resource-pack-prompt= +resource-pack-sha1= +server-ip= +server-port=25565 +simulation-distance=10 +spawn-animals=true +spawn-monsters=true +spawn-npcs=true +spawn-protection=16 +sync-chunk-writes=true +text-filtering-config= +use-native-transport=true +view-distance=10 +white-list=false diff --git a/data/user_jvm_args.txt b/data/user_jvm_args.txt new file mode 100644 index 0000000..c1fcdc5 --- /dev/null +++ b/data/user_jvm_args.txt @@ -0,0 +1,9 @@ +# Xmx and Xms set the maximum and minimum RAM usage, respectively. +# They can take any number, followed by an M or a G. +# M means Megabyte, G means Gigabyte. +# For example, to set the maximum to 3GB: -Xmx3G +# To set the minimum to 2.5GB: -Xms2500M + +# A good default for a modded server is 4GB. +# Uncomment the next line to set it. +# -Xmx4G diff --git a/script.sh b/script.sh new file mode 100755 index 0000000..890e592 --- /dev/null +++ b/script.sh @@ -0,0 +1,151 @@ +#!/bin/bash + +printf "Better to run as root, because of permisions handeling.\n" + +sleep 2 + +printf "Do you want to set up firewall rules by iptables? [Y/n]: \n" +read ansFirewallSetup + + + +if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then + + printf "+ Thanks, working on next bit\n" + +else + + printf "Do you want to block non-LAN ssh connections? [Y/n/castom]: " + read sshBlockRange + + + if [[ $sshBlockRange =~ ("n"|"N") ]]; then + + printf "+ OK, working on next bit\n" + ipList="" + + elif [[ $sshBlockRange =~ ("y"|"Y") || -z $sshBlockRange ]]; then + + #Pipes all informations about ip interfaces + ipList=$(ip -o -4 a show scope global) + + #Founds data in pattern + ipList=$(echo $ipList | grep -Eo "([0-9]*\.){3}[0-9]*/[0-9]*") + + #substitues space for coma + ipList=$(echo $ipList | tr " " ",") + + printf "+ Accepting SSH connections only on these ip's: $ipList\n" + + + else + printf "\nHope you know what you are doing, I am not checking these :]" + + printf "\nSubmit your IP range to acces SSH in format 192.168.1.1/24 + \nYour IP range: " + read ipList + printf "\n+ Allowing SSH on this range: $ipList \n" + fi +fi + +sleep 2 + +# Just to be shure +printf "\n+ Starting to upgrade base system\n\n" + +sudo apt update +sudo apt upgrade -y + +# Installing depandencies +printf "\n+ Installing depandencies \n\n" +sudo apt install openjdk-17-jre-headless screen p7zip-full iptables -y + +# User and groupe managment +printf "\n+ Creating user minecraft and basic file structure" +groupadd minecraft + +useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraft + +# File strukture and basic install +mkdir /opt/minecraft + +mv data/Forge-1.20.1.jar /opt/minecraft/ + +cd /opt/minecraft/ + +# Installing server +printf "+ Installing Forge 1.20.1 \n \n" + +java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer + +cd - + +cd data/ +mv eula.txt server-icon.png server.properties run.sh user_jvm_args.txt /opt/minecraft/ +cd .. + +mkdir /opt/minecraft/mods + +printf "\n+ Unpacking mods \n \n" + +cd data +7z x Mods.zip -o/opt/minecraft/mods/ +cd .. + +# Permision handeling +printf "\n+ Permision handeling\n" +chown -R minecraft:minecraft /opt/minecraft + +# SystemD service +printf "+ Preparign systemD service\n" +mv data/mc-forge.service /etc/systemd/system/ + +systemctl daemon-reload +systemctl start mc-forge.service +systemctl enable mc-forge + + +# integration of Maxopoly's instructions on firewall + +if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then + + printf "+ Executing firewall setup" + + iptables -P INPUT ACCEPT #Clears existing rules + + iptables -A INPUT -i lo -j ACCEPT #Allow loopback + + iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections + + iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT #Allow ssh from set network + + iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port + + iptables -L ### Good place to paste a manual check to not lock yourself out + + printf "\n Does it looks right? [Y/n]: " + read ansFirewallOK + + if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then + + iptables -P INPUT DROP #Disallow everythink else + + iptables -P FORWARD DROP #Block all forwarding + + iptables -P OUTPUT ACCEPT #Allow all outgouing + + else + + printf "\nOK it is time for manual configuration" + printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart" + + fi + + apt install iptables-persistent -y + +fi + +printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:" +printf "\nsystemctl status mc-forge" +printf "\nsu minecraft -s /bin/bash" +printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user"