godot/mc-velocity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

startig to feel big

Browse Source
This commit is contained in:
godot 2024-08-08 18:44:44 +02:00
parent 68205edf75
commit 5a79e325b7
8 changed files with 225 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -1,8 +1,21 @@
## Configuration
- [ ] Branching
- [x] Branching
- [ ] Config requriments
- [ ] StacOverflow theft
- [ ] Owner and permisions
## Modularity
- [ ] Break into separate files
- [ ] Firewall update
- [ ] Base update
- [ ]
- [ ] Test owner of master script (source/run .)
- [ ] Version control
## Eye candy
- [ ] Comments
- [ ] Updates on start
## Nice
- [ ] do NOT store everything in repo

42
install/base.sh Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
printf "+ Installing depandencies \n"
apt install openjdk-17-jre-headless screen
if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then
apt install iptables -y
fi
### User managment
printf "+ creating group and user for proxy \n"
groupadd velocity
useradd --system --shell /usr/sbin/nologin --home /opt/velocity -g velocity velocity
### File structure
printf "+ creating file structure in /opt/velocity/ \n"
mkdir /opt/velocity
cp data/velocity*.jar start.sh /opt/velocity/
mkdir /opt/velocity/plugins
cp data/velocity.toml /opt/velocity/
cp data/forwarding.secret /opt/velocity/
cp data/start.sh /opt/velocity/
cp data/server-icon.png /opt/velocity/
### Permisions
printf "+ handeling permisions \n"
chown -R velocity:velocity /opt/velocity/

87
install/firewall.sh Normal file
View File

@ -0,0 +1,87 @@
#!/bin/bash
### Firewall get info
printf "Do you want to set up firewall rules by iptables? [Y/n]: \n"
read ansFirewallSetup
if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then
printf "+ Thanks, working on next bit\n"
elif [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then
printf "Do you want to block non-Tailscale ssh connections? [Y/n]: "
read sshBlockRange
if [[ "$sshBlockRange" =~ ("n"|"N") ]]; then
printf "If you want, input your own IP range [N/range]\n"
read sshRange
if [[ "$sshRange" =~ ("n"|"N") || -z $sshRange ]]; then
printf "+ Making your SSH connections wide and open. After we are done, do somethink with it. /n"
ipList="*"
else
printf "+ Accepting SSH connections only on these ip's: $sshRange\n"
ipList="$sshRange"
fi
fi
fi
### integration of Maxopoly's instructions on firewall
if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then
printf "+ Executing firewall setup"
iptables -P INPUT ACCEPT #Clears existing rules
iptables -A INPUT -i lo -j ACCEPT #Allow loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections
iptables -A INPUT -p tcp --dport 25577 -j ACCEPT #Allow Velocity port
if [[ "$ipList" = "*" ]]; then
### Wide and open
iiptables -A INPUT -p tcp --dport 22 j ACCEPT # Allow wide and open ssh on port 22
elif [[! "$ipList" -z ]]; then
### Manual IP range
iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT # Allow limited ssh port 22
fi
iptables -L ### Good place to paste a manual check to not lock yourself out
printf "\n Does it looks right? [Y/n]: "
read ansFirewallOK
if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then
iptables -P INPUT DROP #Disallow everythink else
iptables -P FORWARD DROP #Block all forwarding
iptables -P OUTPUT ACCEPT #Allow all outgouing
apt install iptables-persistent -y
else
printf "\nOK it is time for manual configuration"
printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart"
fi
fi

29
install/mods.sh Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
printf "Do you want to run Velocity with Forge server? [Y/n]: \n"
read ansForge
if [[ "$ansForge" =~ ("Y"|"y") || -z $ansForge ]]; then
printf "+ adding reqired plugin \n"
cp data/Ambassador*.jar /opt/velocity/plugins
fi
printf "Do you want to run it with whitelist plugin? [Y/n]: \n"
read ansWhite
if [[ "$ansWhite" =~ ("Y"|"y") || -z $ansWhite ]]; then
printf "+ adding reqired plugin \n"
cp data/ReWhitelist*.jar /opt/velocity/plugins
mkdir /opt/velocity/whitelists
cp data/whitelists/* /opt/velocity/whitelists/
fi
printf "Do you want to run it with SkinRestorer? [Y/n]: \n"
read ansSkin
if [[ "$ansSkin" =~ ("Y"|"y") || -z $ansSkin ]]; then
printf "+ adding reqired plugin \n"
cp data/SkinsRestorer.jar /opt/velocity/plugins
fi

9
req.md → install/req.md
View File

@ -1,20 +1,19 @@
update, stop service,
- Depandencies install (+ iptables for firewall)
- Creating files + users
- Firewall
- nonTailscale block "foo: [Tail/own/none]"
- own ssh range
- Creating files + users
- cp of mods and base
- for Forge
- for WhiteListing
- for Skins
- chown to velocity
- systemD (version chack???)
- systemD (stupid update everytime rm + cp new)
- Tailscale install
- chown to velocity

22
install/service.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
### SystemD service
printf "+ Preparign systemD service\n"
cp data/mc-velocity.service /etc/systemd/system/
systemctl daemon-reload
### Start service
printf "Do you want to start velocity proxy right now? [Y/n]: \n"
read startServer
if [[ "$startServer" =~ ("y"|"Y") || -z $startServer ]]; then
systemctl start mc-velocity
fi
systemctl enable mc-velocity

21
install/tailscale.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
### tailsclae install
printf "Do you want to install Tailscale now? [Y/n]: \n"
read ansTail
if [[ "$ansTail" =~ ("y"|"Y") || -z $ansTail ]]; then
curl -fsSL https://tailscale.com/install.sh | sh
if [[ "$sshBlockRange" =~ ("y"|"Y") || -z $sshBlockRange ]]; then
tailscale up --ssh
else
tailscale up
fi
fi

192
script.sh
View File

@ -1,200 +1,20 @@
#!/bin/bash
printf "Better to run as root, because of permisions handeling.\n"
# Git pull
# Differencies betwen install.cfg a install-old.cfg
sleep 2
# Stop systemD service
### Firewall
printf "Do you want to set up firewall rules by iptables? [Y/n]: \n"
read ansFirewallSetup
if [[ "$ansFirewallSetup" =~ ("N"|"n") ]]; then
printf "+ Thanks, working on next bit\n"
elif [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then
printf "Do you want to block non-Tailscale ssh connections? [Y/n]: "
read sshBlockRange
if [[ "$sshBlockRange" =~ ("n"|"N") ]]; then
printf "If you want, input your own IP range [N/range]\n"
read sshRange
if [[ "$sshRange" =~ ("n"|"N") || -z $sshRange ]]; then
printf "+ Making your SSH connections wide and open. After we are done, do somethink with it. /n"
ipList="*"
else
printf "+ Accepting SSH connections only on these ip's: $sshRange\n"
ipList="$sshRange"
fi
fi
fi
### Update
sleep 2
# Update or Upgrade ((idk))
printf "+ Updating your base system\n"
apt update && apt upgrade -y
printf "+ Installing depandencies \n"
apt install openjdk-17-jre-headless screen
if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z $ansFirewallSetup ]]; then
apt install iptables -y
fi
### User managment
printf "+ creating group and user for proxy \n"
groupadd velocity
useradd --system --shell /usr/sbin/nologin --home /opt/velocity -g velocity velocity
### File structure
printf "+ creating file structure in /opt/velocity/ \n"
mkdir /opt/velocity
cp data/velocity*.jar start.sh /opt/velocity/
mkdir /opt/velocity/plugins
cp data/velocity.toml /opt/velocity/
cp data/forwarding.secret /opt/velocity/
cp data/start.sh /opt/velocity/
cp data/server-icon.png /opt/velocity/
### Permisions
printf "+ handeling permisions \n"
chown -R velocity:velocity /opt/velocity/
### SystemD service
printf "+ Preparign systemD service\n"
cp data/mc-velocity.service /etc/systemd/system/
systemctl daemon-reload
### integration of Maxopoly's instructions on firewall
if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then
printf "+ Executing firewall setup"
iptables -P INPUT ACCEPT #Clears existing rules
iptables -A INPUT -i lo -j ACCEPT #Allow loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections
iptables -A INPUT -p tcp --dport 25577 -j ACCEPT #Allow Velocity port
if [[ "$ipList" = "*" ]]; then
### Wide and open
iiptables -A INPUT -p tcp --dport 22 j ACCEPT # Allow wide and open ssh on port 22
elif [[! "$ipList" -z ]]; then
### Manual IP range
iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT # Allow limited ssh port 22
fi
iptables -L ### Good place to paste a manual check to not lock yourself out
printf "\n Does it looks right? [Y/n]: "
read ansFirewallOK
if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then
iptables -P INPUT DROP #Disallow everythink else
iptables -P FORWARD DROP #Block all forwarding
iptables -P OUTPUT ACCEPT #Allow all outgouing
apt install iptables-persistent -y
else
printf "\nOK it is time for manual configuration"
printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart"
fi
fi
### tailsclae install
printf "Do you want to install Tailscale now? [Y/n]: \n"
read ansTail
if [[ "$ansTail" =~ ("y"|"Y") || -z $ansTail ]]; then
curl -fsSL https://tailscale.com/install.sh | sh
if [[ "$sshBlockRange" =~ ("y"|"Y") || -z $sshBlockRange ]]; then
tailscale up --ssh
else
tailscale up
fi
fi
printf "Do you want to run Velocity with Forge server? [Y/n]: \n"
read ansForge
if [[ "$ansForge" =~ ("Y"|"y") || -z $ansForge ]]; then
printf "+ adding reqired plugin \n"
cp data/Ambassador*.jar /opt/velocity/plugins
fi
printf "Do you want to run it with whitelist plugin? [Y/n]: \n"
read ansWhite
if [[ "$ansWhite" =~ ("Y"|"y") || -z $ansWhite ]]; then
printf "+ adding reqired plugin \n"
cp data/ReWhitelist*.jar /opt/velocity/plugins
mkdir /opt/velocity/whitelists
cp data/whitelists/* /opt/velocity/whitelists/
fi
printf "Do you want to run it with SkinRestorer? [Y/n]: \n"
read ansSkin
if [[ "$ansSkin" =~ ("Y"|"y") || -z $ansSkin ]]; then
printf "+ adding reqired plugin \n"
cp data/SkinsRestorer.jar /opt/velocity/plugins
fi
### Start service
printf "Do you want to start velocity proxy right now? [Y/n]: \n"
read startServer
if [[ "$startServer" =~ ("y"|"Y") || -z $startServer ]]; then
systemctl start mc-velocity
fi
systemctl enable mc-velocity
printf "\n Everythink is now set up. It is good idea to check these:"
printf "\n systemctl status mc-velocity"
printf "\n su velocity -s /bin/bash \n"
# Update install-old.cfg (date as version number)