New Minecraft Role

roles/minecraft/tasks/backups.yml

@@ -0,0 +1,24 @@
+---
+- name: Create a backup directory
+  ansible.builtin.file:
+    path: "/home/{{ server_user }}/backups"
+    state: directory
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0755'
+
+- name: Generate backup script
+  ansible.builtin.template:
+    src: backup_server.j2
+    dest: "/home/{{ server_user }}/backup_server.sh"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0755'
+
+- name: Creates a cron file for backup
+  ansible.builtin.cron:
+    name: Backup Minecraft server
+    minute: "0"
+    hour: "1"
+    user: "{{ server_user }}"
+    job: "/home/{{ server_user }}/backup_server.sh"

roles/minecraft/tasks/basic.yml

@@ -0,0 +1,54 @@
+---
+- name: Rename host
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: Change hosts
+  ansible.builtin.template:
+    src: hosts.j2
+    dest: /etc/hosts
+    backup: true
+
+- name: Change MOTD file
+  ansible.builtin.template:
+    src: motd.j2
+    dest: /etc/motd
+    owner: root
+    group: root
+    mode: '0644'
+    backup: true
+
+- name: Set timezone to Europe/Moscow
+  community.general.timezone:
+    name: Europe/Moscow
+
+- name: Modify chronyd init.d args
+  ansible.builtin.lineinfile:
+    path: /etc/conf.d/chronyd
+    regexp: 'ARGS=""'
+    line:   'ARGS="-x"'
+
+- name: Add Chrony to boot
+  ansible.builtin.service:
+    name: chronyd
+    runlevel: default
+    enabled: True
+    use: openrc
+  when: not ansible_check_mode
+  notify: Restart chronyd
+
+- name: Create sshd.conf
+  ansible.builtin.template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    validate: /usr/sbin/sshd -t -f %s
+    backup: true
+  notify: Restart ssh server
+
+- name: Add sshd to boot
+  ansible.builtin.service:
+    name: sshd
+    runlevel: default
+    enabled: True
+    use: openrc
+  when: not ansible_check_mode

roles/minecraft/tasks/main.yml

@@ -0,0 +1,108 @@
+---
+- name: Update and install packets
+  ansible.builtin.include_tasks:
+    file: packets.yml
+    apply:
+      tags:
+        - run_update
+  tags:
+    - always
+
+- name: Make basic configure
+  ansible.builtin.include_tasks:
+    file: basic.yml
+    apply:
+      tags:
+        - run_basic
+  tags:
+    - always
+
+- name: Create users
+  ansible.builtin.include_tasks:
+    file: users.yml
+    apply:
+      tags:
+        - run_users
+  tags:
+    - always
+
+- name: Deploy Initd server daemon
+  ansible.builtin.include_tasks:
+    file: service.yml
+    apply:
+      tags:
+        - run_service
+  tags:
+    - always
+
+- name: Deploy Server
+  ansible.builtin.include_tasks:
+    file: server.yml
+    apply:
+      tags:
+        - run_server
+  tags:
+    - always
+
+- name: Make backuping
+  ansible.builtin.include_tasks:
+    file: backups.yml
+    apply:
+      tags:
+        - run_backups
+  tags:
+    - always
+
+- name: Install plugins
+  ansible.builtin.include_tasks:
+    file: plugins.yml
+    apply:
+      tags:
+        - run_plugins
+  tags:
+    - always
+
+- name: Config OPs
+  ansible.builtin.include_tasks:
+    file: ops.yml
+    apply:
+      tags:
+        - run_ops
+  tags:
+    - always
+
+- name: Configure MariaDB server
+  ansible.builtin.include_tasks:
+    file: mariadb.yml
+    apply:
+      tags:
+        - run_mariadb
+  tags:
+    - always
+
+- name: Configure php-fpm
+  ansible.builtin.include_tasks:
+    file: php.yml
+    apply:
+      tags:
+        - run_php
+  tags:
+    - always
+
+- name: Configure nginx
+  ansible.builtin.include_tasks:
+    file: nginx.yml
+    apply:
+      tags:
+        - run_nginx
+  tags:
+    - always
+
+- name: Tuning server and plugins
+  ansible.builtin.include_tasks:
+    file: tuning.yml
+    apply:
+      tags:
+        - run_tuning
+  tags:
+    - always

roles/minecraft/tasks/mariadb.yml

@@ -0,0 +1,101 @@
+---
+- name: Update repositories
+  community.general.apk:
+    update_cache: true
+
+- name: Install ext packages
+  community.general.apk:
+    name: "{{ ext_pkgs }}"
+    state: present
+  when: not ansible_check_mode
+
+- name: Check that the mysql dir exists
+  ansible.builtin.stat :
+    path: /var/lib/mysql
+  register: stat_result
+
+- name: Init Mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: stopped
+    args: setup
+  when: not stat_result.stat.exists
+
+- name: Deploy mariadb config
+  copy:
+    src: "files/mariadb/mariadb-server.cnf"
+    dest: "/etc/my.cnf.d/mariadb-server.cnf"
+    mode: '0644'
+  notify: Restart MariaDB
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- name: mysql_secure_installation
+  when: not stat_result.stat.exists
+  block:
+    - name: Removes all anonymous user accounts
+      community.mysql.mysql_user:
+        login_user: root
+        login_unix_socket: /run/mysqld/mysqld.sock
+        name: ''
+        host_all: true
+        state: absent
+
+    - name: Delete Hostname based MySQL user
+      community.mysql.mysql_user:
+        login_user: root
+        login_unix_socket: /run/mysqld/mysqld.sock
+        name: root
+        host: "{{ansible_nodename}}"
+        state: absent
+
+    - name: Remove MySQL test database
+      community.mysql.mysql_db:
+        login_user: root
+        login_unix_socket: /run/mysqld/mysqld.sock
+        name: test
+        state: absent
+
+    - name: Reload privilege tables
+      ansible.builtin.command: 'mysql -ne "{{ item }}"'
+      with_items:
+        - FLUSH PRIVILEGES
+      changed_when: False
+
+- name: Add MariaDB to boot
+  ansible.builtin.service:
+    name: mariadb
+    runlevel: default
+    enabled: True
+    use: openrc
+  when: not ansible_check_mode
+
+# Minecraft Role Tasks
+- name: Config Mysql Users And DB for Minecraft
+  tags: mine_db
+  block:
+    - name: Create a Dynmap Database
+      community.mysql.mysql_db:
+        login_user: root
+        login_unix_socket: /run/mysqld/mysqld.sock
+        name: "{{ minecraft_db }}"
+        state: present
+
+    - name: Create user and priv db
+      community.mysql.mysql_user:
+        login_user: root
+        login_unix_socket: /run/mysqld/mysqld.sock
+        name: "{{ sql_user }}"
+        password: "{{ sql_pass }}"
+        priv:
+          "{{ item }}.*:ALL"
+        state: present
+        append_privs: True
+      with_items: "{{ minecraft_db }}"
+
+    - name: Reload privilege tables
+      ansible.builtin.command: 'mysql -ne "{{ item }}"'
+      with_items:
+        - FLUSH PRIVILEGES
+      changed_when: False

roles/minecraft/tasks/nginx.yml

@@ -0,0 +1,24 @@
+---
+- name: Update repositories
+  community.general.apk:
+    update_cache: true
+
+- name: Install ext packages
+  community.general.apk:
+    name: "{{ ext_pkgs }}"
+    state: present
+  when: not ansible_check_mode
+
+- name: Add nginx to boot
+  ansible.builtin.service:
+    name: nginx
+    runlevel: default
+    enabled: True
+    use: openrc
+  when: not ansible_check_mode
+
+- name: Deploy nginx.conf
+  template:
+    src: templates/nginx.j2
+    dest: /etc/nginx/nginx.conf
+  notify: Restart nginx

roles/minecraft/tasks/ops.yml

@@ -0,0 +1,25 @@
+---
+- name: Initiate Op List
+  ansible.builtin.set_fact:
+    op_list: []
+
+- name: Add new JSON Objects to List
+  ansible.builtin.set_fact:
+    op_list: "{{ op_list +
+                [{ 'uuid': ops[item].uuid,
+                   'name': item,
+                   'level': ops[item].level,
+                   'bypassesPlayerLimit': ops[item].bypassesPlayerLimit}] }}"
+  with_items: "{{ ops }}"
+
+- name: Debug
+  ansible.builtin.debug:
+    var: op_list
+
+- name: Write output json file
+  ansible.builtin.copy:
+    dest: "/home/{{ server_user }}/minecraft/ops.json"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0644'
+    content: "{{ op_list | to_nice_json(sort_keys=False, indent=2) }}"

roles/minecraft/tasks/packets.yml

@@ -0,0 +1,29 @@
+---
+- name: Config repos
+  ansible.builtin.copy:
+    src: repositories
+    dest: /etc/apk/
+    owner: root
+    group: root
+    mode: '0644'
+    backup: true
+
+- name: Update repositories
+  community.general.apk:
+    update_cache: true
+
+- name: Update all installed packages to the latest versions
+  community.general.apk:
+    upgrade: yes
+
+- name: Install system packages
+  community.general.apk:
+    name: "{{ system_pkgs }}"
+    state: present
+  when: not ansible_check_mode
+
+- name: Install minecraft packages
+  community.general.apk:
+    name: "{{ mine_pkgs }}"
+    state: present
+  when: not ansible_check_mode

roles/minecraft/tasks/php.yml

@@ -0,0 +1,28 @@
+---
+- name: Update repositories
+  community.general.apk:
+    update_cache: true
+
+- name: Install ext packages
+  community.general.apk:
+    name: "{{ ext_pkgs }}"
+    state: present
+  when: not ansible_check_mode
+
+- name: Add php-fpm to boot
+  ansible.builtin.service:
+    name: "{{ phpfpm_init }}"
+    runlevel: default
+    enabled: True
+    use: openrc
+  when: not ansible_check_mode
+
+- name: Configure php-fpm
+  lineinfile:
+    dest: "{{ phpfpm_path}}/php-fpm.d/www.conf"
+    regexp: "^{{ item.property | regex_escape() }} = "
+    line: "{{ item.property }} = {{ item.value }}"
+  with_items:
+    - { property: 'user', value: 'nginx' }
+    - { property: 'group', value: 'nginx' }
+  notify: Restart php-fpm

roles/minecraft/tasks/plugins.yml

@@ -0,0 +1,9 @@
+---
+- name: Deploy plugins
+  copy:
+    src: "files/plugins/"
+    dest: "/home/{{ server_user }}/minecraft/plugins/"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0644'
+  notify: Restart minecraft Server

roles/minecraft/tasks/server.yml

@@ -0,0 +1,38 @@
+---
+- name: Create a server directory
+  ansible.builtin.file:
+    path: "/home/{{ server_user }}/minecraft"
+    state: directory
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0755'
+
+- name: Deploy server files
+  copy:
+    src: "files/server/"
+    dest: "/home/{{ server_user }}/minecraft/"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0644'
+  notify: Restart minecraft Server
+  tags: update_server
+
+- name: Deploy server icon
+  ansible.builtin.copy:
+    src: server-icon.png
+    dest: "/home/{{ server_user }}/minecraft/"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    mode: '0644'
+    backup: true
+  notify: Restart minecraft Server
+  tags: icon_deploy
+
+- name: Generate server config
+  ansible.builtin.template:
+    src: server.properties.j2
+    dest: "/home/{{ server_user }}/minecraft/server.properties"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+  notify: Restart minecraft Server
+  tags: config_deploy

roles/minecraft/tasks/service.yml

@@ -0,0 +1,26 @@
+---
+- name: Deploy openrc service params
+  ansible.builtin.template:
+    src: minecraft-rc.j2
+    dest: /etc/conf.d/minecraftd
+    mode: '0644'
+
+- name: Deploy base openrc service
+  ansible.builtin.template:
+    src: minecraft.j2
+    dest: /etc/init.d/minecraft
+    mode: '0755'
+
+- name: Create a symbolic link to openrc service
+  ansible.builtin.file:
+    src: /etc/init.d/minecraft
+    dest: /etc/init.d/minecraftd
+    state: link
+    mode: '0755'
+
+- name: Add minecraft server to boot
+  ansible.builtin.service:
+    name: minecraftd
+    runlevel: default
+    enabled: True
+    use: openrc

roles/minecraft/tasks/tuning.yml

@@ -0,0 +1,2 @@
+---
+# Disable plugin list

roles/minecraft/tasks/users.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensure group "{{ userdb[item].user_group }}" exists
+  ansible.builtin.group:
+    name: "{{ userdb[item].user_group }}"
+    state: present
+  with_items: "{{ userdb }}"
+
+- name: Add user "{{ item }}"
+  ansible.builtin.user:
+    name: "{{ item }}"
+    # shell: /bin/bash
+    group: "{{ userdb[item].user_group }}"
+    password: "{{ userdb[item].user_pass }}"
+    comment: "My Default user"
+  with_items: "{{ userdb }}"
+
+- name: Deploy authorized key for users
+  ansible.posix.authorized_key:
+    user: "{{ item }}"
+    key: "{{ userdb[item].key }}"
+  with_items: "{{ userdb }}"
+  when: not ansible_check_mode