diff --git a/README.md b/README.md index 8ef46c7..7856b2e 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,15 @@ To switch user use: - [x] Remaking log coments to make sense - [ ] Better handeling farwarding secrets - [ ] Research new modpack +- [ ] Configuration fo playersync + +## Proxmox level up +- [ ] Tailscale config +- [ ] Building container up +- [ ] Firewall managed by Proxmox + - 22 ssh accept + - 25565 mc accept + - 3306 db accept # Changes @@ -13,6 +22,7 @@ To switch user use: - [ ] Remove ftb stack - [x] [Proxy-compatible-forge](https://cdn.modrinth.com/data/vDyrHl8l/versions/K43ePlgq/proxy-compatible-forge-1.20-1.1.4.jar) - [x] [SkinRestorer](https://modrinth.com/mod/skinrestorer) +- [x] [PlayerSync](https://github.com/mlus-asuka/PlayerSync) - [ ] [Prometheus permmisions](https://modrinth.com/mod/prometheus) - [ ] [Open parties and chunks](https://modrinth.com/mod/open-parties-and-claims) - [ ] Disable ~/world/serverconfig/open*.serer.toml chunkProtectClaim = true > false diff --git a/db-install.sh b/db-install.sh new file mode 100644 index 0000000..77b1af4 --- /dev/null +++ b/db-install.sh @@ -0,0 +1,184 @@ +#!/bin/bash + +printf "Better to run as root, because of permisions handeling.\n" + +sleep 2 + +### Deb12 > Deb13 ### + +printf "Do you want to update from Debian 12 into Debian 13? [Y/n]: \n" +read ansDebUpdate + + +### LXC SSH configuration ### + +printf "Are you using LXC and want to set up full SSH server? [Y/n]: \n" +read ansLxcSshServer + +if [[ "$ansLxcSshServer" =~ ("N"|"n") ]]; then + printf "+ Thanks, working on next bit\n" + +elif [[ "$ansLxcSshServer" =~ ("Y"|"y") || -z $ansLxcSshServer ]]; then + printf "+ Setting up full ssh server\n" + + systemctl disable ssh.socket + systemctl enable ssh + + sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config + +else + printf "\nHope you know what you are doing, I am not able to check your answer." +fi + + +### Firewall ### + +printf "Do you want to set up firewall rules by iptables? [Y/n]: \n" +read ansFirewallSetup + + +if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then + + printf "+ Thanks, working on next bit\n" + + +elif [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then + + printf "Do you want to block non-LAN ssh connections? [Y/n/castom]: " + read sshBlockRange + + + if [[ $sshBlockRange =~ ("n"|"N") ]]; then + + printf "+ OK, working on next bit\n" + ipList="" + + elif [[ $sshBlockRange =~ ("y"|"Y") || -z $sshBlockRange ]]; then + + #Pipes all informations about ip interfaces + ipList=$(ip -o -4 a show scope global) + + #Founds data in pattern + ipList=$(echo $ipList | grep -Eo "([0-9]*\.){3}[0-9]*/[0-9]*") + + #substitues space for coma + ipList=$(echo $ipList | tr " " ",") + + printf "+ Accepting SSH connections only on these ip's: $ipList\n" + + + else + printf "\nHope you know what you are doing, I am not checking these :]" + + printf "\nSubmit your IP range to acces SSH in format 192.168.1.1/24 + \nYour IP range: " + read ipList + printf "\n+ Allowing SSH on this range: $ipList \n" + fi +fi + +### Update ### + +printf "\n+ Starting to upgrade base system\n\n" + +apt update +apt upgrade -y +apt autoremove --purge -y + +if [[ "$ansDebUpdate" =~ ("N"|"n") ]]; then + printf "+ Not upgrading to Debian 13, may cause problems with java versions. Hope you know what you are doing.\n" + +elif [[ "$ansDebUpdate" =~ ("Y"|"y") || -z $ansDebUpdate ]]; then + printf "+ Working on updating Debian 12 Bookworm into Debian 13 Trixie" + + # changes every bookworm int trixie + sed -i 's/bookworm/trixie/g' /etc/apt/sources.list + + apt update + apt full-upgrade -y + +else + printf "\nHope you know what you are doing, I am not able to check your answer." +fi + + +### Installing depandencies ### + +#TODO Tailscale tunel? + +printf "\n+ Installing depandencies \n\n" + apt install openjdk-21-jre-headless screen p7zip-full -y #TODO update this shit + +if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then + + apt install iptables -y + +fi + +### User and groupe managment ### TODO update this shit +printf "\n+ Creating user minecraft and basic file structure" +groupadd minecraft + +useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraft + +### File strukture ### +mkdir /opt/minecraft + +cd /opt/minecraft/ + + +### Permisions ### +printf "\n+ Permision handeling\n" +chown -R minecraft:minecraft /opt/minecraft + +### SystemD service ### +printf "+ Preparign systemD service\n" +mv data/mc-forge.service /etc/systemd/system/ + +systemctl daemon-reload + +### integration of Maxopoly's instructions on firewall ### + +if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then + + printf "+ Executing firewall setup" + + iptables -P INPUT ACCEPT #Clears existing rules + + iptables -A INPUT -i lo -j ACCEPT #Allow loopback + + iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections + + iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT #Allow ssh from set network + + iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port + + iptables -L ### Good place to paste a manual check to not lock yourself out + + printf "\n Does it looks right? [Y/n]: " + read ansFirewallOK + + if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then + + iptables -P INPUT DROP #Disallow everythink else + + iptables -P FORWARD DROP #Block all forwarding + + iptables -P OUTPUT ACCEPT #Allow all outgouing + + apt install iptables-persistent -y + + else + + printf "\nOK it is time for manual configuration" + printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart" + + fi +fi + +systemctl enable mc-forge + +printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:" +printf "\nsystemctl status mc-forge" +printf "\nsu minecraft -s /bin/bash" +printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user" diff --git a/script.sh b/mc-install.sh similarity index 99% rename from script.sh rename to mc-install.sh index 4a80968..3f7d745 100755 --- a/script.sh +++ b/mc-install.sh @@ -246,6 +246,7 @@ if [[ "$ansPlayerSync" =~ ["y"|"Y"] || -z $ansPlayerSync ]]; then # Not using wget because of castom modification to this mod mv data/playersync-1.21.1.jar /opt/minecraft/mods cd /opt/minecarft/ + # TODO what abou configuration of this? fi