godot/mc-perfect
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

big clean up after big update

Browse Source
This commit is contained in:
godot 2024-07-15 22:08:53 +02:00
parent 66c5bd587a
commit 6f44c33eb9
14 changed files with 8 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -10,7 +10,7 @@ To switch user use:
- [x] modification of run.sh
- [x] screen usege
- [x] SSH keys
- [ ] Full test under VM
- [X] Full test under VM
- [ ] Can it run under LXC container???

0
Forge-1.20.1.jar → data/Forge-1.20.1.jar
View File

0
Mods.zip → data/Mods.zip
View File

0
eula.txt → data/eula.txt
View File

0
mc-forge.service → data/mc-forge.service
View File

0
mc-perfect.pub → data/mc-perfect.pub
View File

0
run.sh → data/run.sh
View File

0
server-icon.png → data/server-icon.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 714 B

After

Width:  |  Height:  |  Size: 714 B

0
server.properties → data/server.properties
View File

0
user_jvm_args.txt → data/user_jvm_args.txt
View File

123
fandom.service
View File

@ -1,123 +0,0 @@
[Unit]
Description=Minecraft Server %i
After=network.target
[Service]
WorkingDirectory=/opt/minecraft/%i
# Solves the issue where the minecraft server will endlessly restart itself
# See https://askubuntu.com/questions/953920/systemctl-service-timed-out-during-start for more info
Type=simple
PrivateUsers=true
# Users Database is not available from within the unit, only root and minecraft is available, everybody else is nobody
User=minecraft
Group=minecraft
ProtectSystem=full
# Read only mapping of /usr /boot and /etc
ProtectHome=true
# /home, /root and /run/user seem to be empty from within the unit. It is recommended to enable this setting for all long-running services (in particular network-facing ones).
ProtectKernelTunables=true
# /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be read-only within the unit. It is recommended to turn this on for most services.
# Implies MountFlags=slave
ProtectKernelModules=true
# Block module system calls, also /usr/lib/modules. It is recommended to turn this on for most services that do not need special file systems or extra kernel modules to work
# Implies NoNewPrivileges=yes
ProtectControlGroups=true
# It is hence recommended to turn this on for most services.
# Implies MountAPIVFS=yes
# Set default memory values
Environment="MCMINMEM=512M" "MCMAXMEM=1024M" "SHUTDOWN_DELAY=5" "POST_SHUTDOWN_DELAY=10"
# Change memory values in environment file
EnvironmentFile=-/opt/minecraft/%i/server.conf
# Uncomment this to fix screen on RHEL 8
#ExecStartPre=+/bin/sh -c 'chmod 777 /run/screen'
ExecStart=/bin/sh -c \
'find -L . \
-maxdepth 1 \
-type f \
-iregex ".*/\\(FTBServer\\|craftbukkit\\|spigot\\|paper\\|forge\\|minecraft_server\\).*jar" \
-print0 \
-quit \
| xargs -0 -I{} \
/usr/bin/screen -DmS mc-%i \
/usr/bin/java \
-server \
-Xms${MCMINMEM} \
-Xmx${MCMAXMEM} \
-XX:+UseG1GC \
-XX:ParallelGCThreads=2 \
-XX:MinHeapFreeRatio=5 \
-XX:MaxHeapFreeRatio=10 \
-jar {} \
--nogui'
# Alternative to the above ExecStart. Found to work better as this creates the screen session prior to invoking java to run the server.
# Solves the problem many encountered when starting the service where it would fail with the error 'no screen session found'.
ExecStartPre=/bin/sh -c \
'find -L . \
-maxdepth 1 \
-type f \
-iregex ".*/\\(FTBServer\\|craftbukkit\\|spigot\\|paper\\|forge\\|minecraft_server\\).*jar" \
-print0 \
-quit \
| xargs -0 -I{} \
/usr/bin/screen -DmS mc-%i'
ExecStart=/bin/sh -c \
'/usr/bin/java \
-server \
-Xms${MCMINMEM} \
-Xmx${MCMAXMEM} \
-XX:+UseG1GC \
-XX:ParallelGCThreads=2 \
-XX:MinHeapFreeRatio=5 \
-XX:MaxHeapFreeRatio=10 \
-jar {} \ # insert server jar name. i.e. 'server.jar'
--nogui'
# Simplified of alternative
ExecStartPre=/bin/sh -c '/usr/bin/screen -dmS mc-%i'
ExecStart=/bin/sh -c '/usr/bin/java -server -Xmx${MCMAXMEM} -Xms${MCMINMEM} -jar server.jar --nogui'
ExecReload=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "reload"\\015'
ExecStop=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "say SERVER SHUTTING DOWN. Saving map..."\\015'
ExecStop=/bin/sh -c '/bin/sleep ${SHUTDOWN_DELAY}'
ExecStop=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "save-all"\\015'
ExecStop=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "stop"\\015'
ExecStop=/bin/sh -c '/bin/sleep ${POST_SHUTDOWN_DELAY}'
Restart=on-failure
RestartSec=60s
[Install]
WantedBy=multi-user.target
#########
# HowTo
#########
#
# Create a directory in /opt/minecraft/XX where XX is a name like 'survival'
# Add minecraft_server.jar into dir with other conf files for minecraft server
#
# Enable/Start systemd service
# systemctl enable minecraft@survival
# systemctl start minecraft@survival
#
# To run multiple servers simply create a new dir structure and enable/start it
# systemctl enable minecraft@creative
# systemctl start minecraft@creative
#
# To change specific server memory assignment, create file /opt/minecraft/XX/server.conf (where XX is your server name) and add below lines:
# MCMINMEM=512M
# MCMAXMEM=2048M

60
iptables
View File

@ -1,60 +0,0 @@
# by Maxopoly on github.com/Maxopoly/iptables.rule
#You probably want to do this in root to reduce the amount of sudos required
su -
#Install iptables if you haven't already
#Alternatively use packet manager of your choice
apt-get install iptables
#Allow all incoming traffic to begin with
iptables -P INPUT ACCEPT
#Clean out any existing input rules. You may also remove the "INPUT" argument and run only "iptables -F" to clear all chains. When doing so, make sure there are no rules in other chains that you still need (list via "iptables -L"), for example Oracle cloud servers will have preset rules, which should not be removed.
iptables -F INPUT
#Allow all internal connections
iptables -A INPUT -i lo -j ACCEPT
#Allow continuing setup connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow ssh, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 22 --source 172.18.42.0/24 -j ACCEPT
#Allow minecraft, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT
#Disallow all input not whitelisted
#DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT
iptables -P INPUT DROP
#Block all forwarding
iptables -P FORWARD DROP
#Allow all outgoing
iptables -P OUTPUT ACCEPT
#Save rules, they won't be persisted past restart of the machine otherwise
apt-get install iptables-persistent
#iptables-persistent will load from this file automatically
iptables-save > /etc/iptables/rules.v4
#Optional stuff from here on:
#If you have other internal servers for backups etc. you can use this to allow any connections from them
iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
#Whitelist mumble
iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp --dport 64738 -j ACCEPT
#Whitelist Jenkins
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
#Whitelist Votifier
iptables -A INPUT -p tcp --dport 8192 -j ACCEPT
iptables -A INPUT -p udp --dport 8192 -j ACCEPT
#Allow ICMP, this also makes server health check tools from various hosting providers happier
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

49
podklady.md
View File

@ -1,49 +0,0 @@
# Best to run on sudo su - because of permisions
# Just to be shure
sudo apt update
sudo apt upgrade -y
# SSH keys
ssh-copy-id -f -i mc-perfect.pub godot@localhost
# Dependencies
sudo apt install qemu-guest-agent neofetch btop vim tmux -y # I like these
sudo apt install openjdk-17-jre-headless screen p7zip-full -y # Realy needed
#User and groupe managment
groupadd minecraft
useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraf
# File strukture and basic install
mkdir /opt/minecraft # it may exist
cp Mods.zip Forge-1.20.1.jar eula.txt server.properties run.sh mc-forge.service /opt/
mv Forge-1.20.1.jar minecraft/
cd /opt/minecraft/
java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer
./run.sh # wait antil proces is stoped
rm eula.txt
mv ../eula.txt .
^C
rm -rf world/
rm server.properties
mv ../server.properties .
rm run.sh
mv ../run.sh .
7z x ../Mods.zip -omods
# SystemD service
cp mc-forge.service /etc/systemd/system/
systemctl enable mc-forge
# Permision handeling
chown -R minecraft:minecraft /opt/minecraft
# ipTable script integration
# **Integration of script**
# CloudFlare integration
# **TODO!**
# Start server thruw systemD
systemctl start mc-forge.service

12
script.sh
View File

@ -1,10 +1,10 @@
#!/bin/bash
printf "Better to run as root, because of permisions handeling."
printf "Better to run as root, because of permisions handeling.\n"
sleep 2
printf "Do you want to set up firewall rules by iptables? [Y/n]: "
printf "Do you want to set up firewall rules by iptables? [Y/n]: \n"
read ansFirewallSetup
@ -69,7 +69,7 @@ useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft mi
# File strukture and basic install
mkdir /opt/minecraft
mv Forge-1.20.1.jar /opt/minecraft/
mv data/Forge-1.20.1.jar /opt/minecraft/
cd /opt/minecraft/
@ -80,7 +80,9 @@ java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer
cd -
mv eula.txt server-icon.png server.properties run.sh user_jm_args.txt /opt/minecraft/
cd data/
mv eula.txt server-icon.png server.properties run.sh user_jvm_args.txt /opt/minecraft/
cd ..
mkdir /opt/minecraft/mods
@ -143,5 +145,5 @@ fi
printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:"
printf "\nsystemctl status mc-forge"
printf "\nu minecraft -s /bin/bash"
printf "\nsu minecraft -s /bin/bash"
printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user"