From e83b4c771f84bd6f2060e952d7cb27663bef7c38 Mon Sep 17 00:00:00 2001 From: godot Date: Mon, 8 Jul 2024 14:58:56 +0200 Subject: [PATCH] first try on scritp.sh --- script.sh | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100755 script.sh diff --git a/script.sh b/script.sh new file mode 100755 index 0000000..ee91610 --- /dev/null +++ b/script.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# better to run as root + +# Just to be shure +sudo apt update +sudo apt upgrade -y + +# Installing depandencies +sudo apt install openjdk-17-jre-headless screen p7zip-full iptables -y + +# User and groupe managment +groupadd minecraft + +useradd --system --shell /usr/sbin/nologin --home /opt/minecraft -g minecraft minecraf + +# File strukture and basic install +mkdir /opt/minecraft + +mv Forge-1.20.1.jar /opt/minecraft/ + +### cd /opt/minecraft/ + +java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer + +# /opt/minecraft/run.sh # it may needs to run before copying eula. But I dont want to mess with timing + +# rm eula.txt # I hope this is not needed + +mv eula.txt /opt/minecraft/ + +# it may need to run run.sh but i dont want to >]^C + +# rm -rf world/ + +# rm server.properties + +mv server.properties /opt/minecraft/ + +rm run.sh + +mv run.sh /opt/minecraft + +mkdir /opt/minecraft/mods + +7z x Mods.zip -o/opt/minecraft/mods/ + +# Permision handeling +chown -R minecraft:minecraft /opt/minecraft + +# SystemD service +cp mc-forge.service /etc/systemd/system/ + +systemctl enable mc-forge + +systemctl start mc-forge.service + +# ipTable script integration +iptables -P INPUT ACCEPT #Clears existing rules +iptables -A INPUT -i lo -j ACCEPT #Allow loopback + +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections + +iptables -A INPUT -p tcp --dport 22 --source 172.18.42.0/24 -j ACCEPT #Allow ssh from set network + +iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port + +# iptables -L ### Good place to paste a manual check to not lock yourself out + +iptables -P INPUT DROP #Disallow everythink else + +iptables -P FORWARD DROP #Block all forwarding + +iptables -P OUTPUT ACCEPT #Allow all outgouing + +#### Intervention needed, after install it runs something and i dont know how to set it here + +apt install iptables-persistent + +iptables-save > /etc/iptables/rules.v4 +