-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscpsl.yaml
141 lines (133 loc) · 4.24 KB
/
scpsl.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
- name: "Install steamcmd and SCP: Secret Laboratory"
become_user: "{{ user }}"
hosts: scpsl
vars:
user: scpsl
home: "/srv/{{ user }}"
server: "{{ home }}/server"
steam_dir: "{{ home }}/steamcmd"
ufw_apps:
- { file: scpsl, app: "SCP Secret Laboratory" }
tasks:
- name: Privileged tasks
become_user: root
become: yes
block:
- name: Create user
ansible.builtin.user:
name: "{{ user }}"
system: yes
home: "{{ home }}"
shell: /bin/bash
# UFW
# TODO: move into a role
- name: Install UFW apps
ansible.builtin.copy:
src: "files/ufw/applications.d/{{ item.file }}"
dest: "/etc/ufw/applications.d/{{ item.file }}"
loop: "{{ ufw_apps }}"
- name: Enable UFW rules
community.general.ufw:
rule: allow
name: "{{ item.app }}"
loop: "{{ ufw_apps }}"
- name: Install steamcmd
import_role:
name: lutangar.steamcmd
vars:
# FIXME: this doesn't actually override the variable as expected, had to
# truncate vars/Debian.yml in the role for this to apply
steamcmd_packages:
- lib32gcc-s1
steamcmd_create_user: no
steamcmd_user: "{{ user }}"
steamcmd_user_home: "{{ home }}/"
steamcmd_directory: "{{ steam_dir }}/"
steamcmd_steam:
username: anonymous
- name: Install gpg
ansible.builtin.apt:
name: gpg
update_cache: yes
- name: Install mono
block:
- name: Add mono key
ansible.builtin.get_url:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef
dest: /usr/share/keyrings/mono-official-archive-keyring.asc
checksum: sha256:22df74b7583791f5e4f2233e4c9e9707fcf8dfeeb90ccea4f0a194b82b00890f
- name: Add mono repo
ansible.builtin.apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.asc] https://download.mono-project.com/repo/ubuntu stable-jessie main"
state: present
- name: Install mono
ansible.builtin.apt:
name: mono-devel
update_cache: yes
- name: Non-privileged tasks
become: yes
become_user: "{{ user }}"
block:
- name: Install SCP:SL server
ansible.builtin.command:
cmd: "{{ steam_dir }}/steamcmd.sh +force_install_dir {{ server }} +login anonymous +app_update 996560 +quit"
creates: "{{ server }}/SCPSL.x86_64"
- name: Add update script
ansible.builtin.template:
src: files/scpsl/update-server.sh.j2
dest: "{{ home }}/update-server.sh"
mode: +x
- name: Add tmux script
ansible.builtin.template:
src: files/scpsl/tmux_start.sh.j2
dest: "{{ home }}/tmux_start.sh"
mode: +x
- name: Create reboot tmux task
ansible.builtin.cron:
name: Start tmux on boot
special_time: reboot
user: "{{ user }}"
job: "SHELL=/usr/bin/bash $HOME/tmux_start.sh"
disabled: false
- name: cron | Stop server before ops
ansible.builtin.cron:
name: Stop server before ops
minute: 30
hour: 16
weekday: "5,6,7"
user: "{{ user }}"
job: "tmux send-keys -t scpsl:server stop ENTER"
disabled: false
- name: cron | Start server after ops
ansible.builtin.cron:
name: Start server after ops
minute: 5
hour: 19
weekday: "5,6,7"
user: "{{ user }}"
job: "tmux send-keys -t scpsl:server 'cd ~/server; ./LocalAdmin 7777' ENTER"
disabled: false
#- name: Privileged tasks
# block:
# - name: Create systemd service
# ansible.builtin.template:
# src: files/arma/systemd.service.j2
# dest: "/etc/systemd/system/{{ user }}.service"
# vars:
# bin: "{{ repodir }}/bin"
# group: "{{ user }}"
# workdir: "{{ server }}/base-installation"
# notify:
# - Reload systemd
# - name: Enable systemd service
# ansible.builtin.service:
# #state: started
# enabled: yes
# name: "{{ user }}.service"
handlers:
- name: Reload systemd
become: yes
become_user: root
ansible.builtin.systemd:
daemon_reload: yes