diff --git a/README.md b/README.md index 549cb55..6d11664 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,13 @@ To switch user use: `su minecraft -s /bin/bash` # To DO -- [ ] Do not stack mods in this repo - - [ ] https://github.com/FeatherPanel/mrpack-install/blob/main/mrpack-install.sh +- [x] Do not stack mods in this repo - [x] Remaking log coments to make sense - [x] Update linnks for download - [ ] Better handeling farwarding secrets - [x] Research new modpack - [ ] Configuration of playersync +- [ ] server.properties sed -i ## Proxmox level up - [ ] Tailscale config @@ -18,19 +18,6 @@ To switch user use: - 25565 mc accept - 3306 db accept -# Changes -- [ ] firewall by prox - -## Server side -- [x] [Proxy-compatible-forge](https://cdn.modrinth.com/data/vDyrHl8l/versions/K43ePlgq/proxy-compatible-forge-1.20-1.1.4.jar) -- [x] [SkinRestorer](https://modrinth.com/mod/skinrestorer) -- [x] [PlayerSync](https://github.com/mlus-asuka/PlayerSync) -- [x] [Open parties and chunks](https://modrinth.com/mod/open-parties-and-claims) - - [ ] Disable ~/world/serverconfig/open*.serer.toml chunkProtectClaim = true > false - -## Client side -- [ ] Clean it up and make it rain - ### World gen dilema - [ ] [Tectonic world gen](https://modrinth.com/datapack/tectonic) - [ ] https://modrinth.com/mod/custom-world-generation/version/2.0.0 diff --git a/db-install.sh b/db-install.sh index 77b1af4..0003f59 100644 --- a/db-install.sh +++ b/db-install.sh @@ -1,184 +1,34 @@ #!/bin/bash -printf "Better to run as root, because of permisions handeling.\n" +# DATABASE +# using 2 interfaces +# out {DHCP} only for install and update +# in {db} static -sleep 2 +# Ask for $db_user $internla_ip $StrongPswd -### Deb12 > Deb13 ### - -printf "Do you want to update from Debian 12 into Debian 13? [Y/n]: \n" -read ansDebUpdate - - -### LXC SSH configuration ### - -printf "Are you using LXC and want to set up full SSH server? [Y/n]: \n" -read ansLxcSshServer - -if [[ "$ansLxcSshServer" =~ ("N"|"n") ]]; then - printf "+ Thanks, working on next bit\n" - -elif [[ "$ansLxcSshServer" =~ ("Y"|"y") || -z $ansLxcSshServer ]]; then - printf "+ Setting up full ssh server\n" - - systemctl disable ssh.socket - systemctl enable ssh - - sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config - -else - printf "\nHope you know what you are doing, I am not able to check your answer." -fi - - -### Firewall ### - -printf "Do you want to set up firewall rules by iptables? [Y/n]: \n" -read ansFirewallSetup - - -if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then - - printf "+ Thanks, working on next bit\n" - - -elif [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then - - printf "Do you want to block non-LAN ssh connections? [Y/n/castom]: " - read sshBlockRange - - - if [[ $sshBlockRange =~ ("n"|"N") ]]; then - - printf "+ OK, working on next bit\n" - ipList="" - - elif [[ $sshBlockRange =~ ("y"|"Y") || -z $sshBlockRange ]]; then - - #Pipes all informations about ip interfaces - ipList=$(ip -o -4 a show scope global) - - #Founds data in pattern - ipList=$(echo $ipList | grep -Eo "([0-9]*\.){3}[0-9]*/[0-9]*") - - #substitues space for coma - ipList=$(echo $ipList | tr " " ",") - - printf "+ Accepting SSH connections only on these ip's: $ipList\n" - - - else - printf "\nHope you know what you are doing, I am not checking these :]" - - printf "\nSubmit your IP range to acces SSH in format 192.168.1.1/24 - \nYour IP range: " - read ipList - printf "\n+ Allowing SSH on this range: $ipList \n" - fi -fi - -### Update ### - -printf "\n+ Starting to upgrade base system\n\n" - -apt update +apt update -y apt upgrade -y -apt autoremove --purge -y -if [[ "$ansDebUpdate" =~ ("N"|"n") ]]; then - printf "+ Not upgrading to Debian 13, may cause problems with java versions. Hope you know what you are doing.\n" - -elif [[ "$ansDebUpdate" =~ ("Y"|"y") || -z $ansDebUpdate ]]; then - printf "+ Working on updating Debian 12 Bookworm into Debian 13 Trixie" +apt install mariadb-server - # changes every bookworm int trixie - sed -i 's/bookworm/trixie/g' /etc/apt/sources.list +systemctl start mariadb +systemctl enable mariadb - apt update - apt full-upgrade -y +mariadb-secure-installation -else - printf "\nHope you know what you are doing, I am not able to check your answer." -fi +mysql -u root -p + +CREATE DATABASE playersync; +CREATE USER $db_user@$internal_ip IDENTIFIED BY $StrongPswd; +GRANT ALL ON playersync.* TO $db_user@$internal_ip WITH GRANT OPTION; +FLUSH PRIVILEGES; +EXIT; -### Installing depandencies ### - -#TODO Tailscale tunel? - -printf "\n+ Installing depandencies \n\n" - apt install openjdk-21-jre-headless screen p7zip-full -y #TODO update this shit - -if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then - - apt install iptables -y - -fi - -### User and groupe managment ### TODO update this shit -printf "\n+ Creating user minecraft and basic file structure" -groupadd minecraft - -useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraft - -### File strukture ### -mkdir /opt/minecraft - -cd /opt/minecraft/ - - -### Permisions ### -printf "\n+ Permision handeling\n" -chown -R minecraft:minecraft /opt/minecraft - -### SystemD service ### -printf "+ Preparign systemD service\n" -mv data/mc-forge.service /etc/systemd/system/ - -systemctl daemon-reload - -### integration of Maxopoly's instructions on firewall ### - -if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then - - printf "+ Executing firewall setup" - - iptables -P INPUT ACCEPT #Clears existing rules - - iptables -A INPUT -i lo -j ACCEPT #Allow loopback - - iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections - - iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT #Allow ssh from set network - - iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port - - iptables -L ### Good place to paste a manual check to not lock yourself out - - printf "\n Does it looks right? [Y/n]: " - read ansFirewallOK - - if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then - - iptables -P INPUT DROP #Disallow everythink else - - iptables -P FORWARD DROP #Block all forwarding - - iptables -P OUTPUT ACCEPT #Allow all outgouing - - apt install iptables-persistent -y - - else - - printf "\nOK it is time for manual configuration" - printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart" - - fi -fi - -systemctl enable mc-forge - -printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:" -printf "\nsystemctl status mc-forge" -printf "\nsu minecraft -s /bin/bash" -printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user" +# SERVER +# using 3 interfaces +# out {DHCP} only for install and update +# in {db} static +# tailscale tunel to velocity {must edit conf file} +# echo lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file > /etc/pve/lxc/$server_id.conf