From cd7ee191d944807a20bb30114eaa0126b24f5f34 Mon Sep 17 00:00:00 2001 From: idprism Date: Fri, 22 Nov 2024 01:27:29 -0800 Subject: [PATCH] smoother starts, and use my own init repo --- factorio_headless/tasks/do_installer.yml | 71 ++++++++++++++------- factorio_headless/tasks/do_systemconfig.yml | 54 ++++++++++++++++ factorio_headless/tasks/main.yml | 4 ++ 3 files changed, 107 insertions(+), 22 deletions(-) create mode 100644 factorio_headless/tasks/do_systemconfig.yml diff --git a/factorio_headless/tasks/do_installer.yml b/factorio_headless/tasks/do_installer.yml index 8feec74..19afed5 100644 --- a/factorio_headless/tasks/do_installer.yml +++ b/factorio_headless/tasks/do_installer.yml @@ -8,6 +8,13 @@ update: yes version: master +- name: Factorio-init repo owner should be factorio + ansible.builtin.file: + dest: "{{ base_directory }}/{{ factorio_installer_folder }}" + owner: "factorio" + group: "factorio" + recurse: true + # let's follow the readme..., but run actual factorio program last instead of first. # steps in readme: @@ -34,13 +41,22 @@ # I think the defaults are fine, but just in case you # wanted to use this role to modify the file, i've copied it # over to the files directory. -#- name: deploy systemd unit changes +#- name: Deploy systemd unit changes # copy: # src: factorio.service # dst: "{{ base_directory }}/{{ factorio_installer_folder }}/extras/factorio.service" -# owner: factorio -# group: factorio -# mode: 644 +# owner: "factorio" +# group: "factorio" +# mode: "0644" +# +- name: Copy Example factorio.service file + ansible.builtin.copy: + owner: "factorio" + group: "factorio" + mode: "0644" + src: "{{ base_directory }}/{{ factorio_installer_folder }}/extras/factorio.service.example" + dest: "{{ base_directory }}/{{ factorio_installer_folder }}/extras/factorio.service" + remote_src: true # I made a variable to gate this statement, cause someone may not be using systemd @@ -57,6 +73,16 @@ daemon_reload: yes when: service_file_created is success +# I was originally going to do this block step by step but decided to import a template from a recent +# build of factorio-init -- If the diff between config/config.example is too great, update this role +- name: Create config file for factorio-init. + template: + src: config.j2 + dest: "{{ base_directory }}/{{ factorio_installer_folder }}/config" + owner: factorio + group: factorio + mode: '0664' + notify: restart factorio systemd # install the headless server as factorio user to make sure nothing is owned by root that we have to change later. - name: get cracking -- install headless server as factorio user, using factorio-init @@ -69,28 +95,29 @@ - name: start, stop factorio after initial install, to create savegame file block: - - name: start factorio once - command: - cmd: /usr/local/bin/factorio start - - name: stop factorio once - command: - cmd: /usr/local/bin/factorio stop + - name: Stop factorio once + ansible.builtin.service: + service: factorio + state: "stopped" + - name: Start factorio once + ansible.builtin.service: + service: factorio + state: "started" + - name: Stop factorio once + ansible.builtin.service: + service: factorio + state: "stopped" + #- name: start factorio once + # command: + # cmd: /usr/local/bin/factorio start + #- name: stop factorio once + # command: + # cmd: /usr/local/bin/factorio stop when: factorio_initial_install.changed -# I was originally going to do this block step by step but decided to import a template from a recent -# build of factorio-init -- If the diff between config/config.example is too great, update this role -- name: Create config file for factorio-init. - template: - src: config.j2 - dest: "{{ base_directory }}/{{ factorio_installer_folder }}/config" - owner: factorio - group: factorio - mode: '0664' - notify: restart factorio systemd - # start the systemd service - name: enable factorio systemd unit service: name: factorio - enabled: yes + enabled: true diff --git a/factorio_headless/tasks/do_systemconfig.yml b/factorio_headless/tasks/do_systemconfig.yml new file mode 100644 index 0000000..b92d2b5 --- /dev/null +++ b/factorio_headless/tasks/do_systemconfig.yml @@ -0,0 +1,54 @@ +--- +# Do all the stuff that's not the other repos +- name: Ensure firewalld configfile service:factorio + ansible.builtin.copy: + owner: "root" + mode: "644" + dest: /etc/firewalld/services/factorio.xml + content: | + + + + + register: create_firewalld_factorio_service + +- name: Hard reload firwalld if new service is installed + when: create_firewalld_factorio_service.changed is true + ansible.builtin.command: + cmd: firewall-cmd --reload + +- name: Ensure factorio firewalld allowance (defaultzone) + ansible.posix.firewalld: + state: enabled + service: factorio + permanent: true + immediate: true + +- name: Limit ssh attempts + ansible.posix.firewalld: + state: enabled + rich_rule: rule service name="ssh" audit limit value="5/h" accept + permanent: true + immediate: true + +- name: Install a fail2ban on fedora + ansible.builtin.package: + pkg: fail2ban + state: present + +- name: Config sshd fail2ban on fedora + ansible.builtin.copy: + owner: "root" + mode: "0644" + dest: /etc/fail2ban/jail.d/01-sshd.conf + content: | + [sshd] + enable = true + bantime = 90d + +- name: Ensure fail2ban service is started/enabled + ansible.builtin.service: + name: fail2ban + state: started + enabled: true + diff --git a/factorio_headless/tasks/main.yml b/factorio_headless/tasks/main.yml index 1494e7c..54a77b8 100644 --- a/factorio_headless/tasks/main.yml +++ b/factorio_headless/tasks/main.yml @@ -21,3 +21,7 @@ - name: Configure the primary configurator tool include_tasks: do_installer.yml + +- name: Configure anything else + include_tasks: do_systemconfig.yml +