Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/game_server
2 files changed, 294 insertions, 0 deletions
diff --git a/roles/services/game_server/handlers/main.yml b/roles/services/game_server/handlers/main.yml
new file mode 100644
index 0000000..8e221e1
--- /dev/null
+++ b/roles/services/game_server/handlers/main.yml
@@ -0,0 +1,71 @@
+- name: create sunshine build dir
+  become: yes
+  become_user: "{{ games_user }}"
+  file:
+    path: "/home/{{ games_user }}/sunshine/build"
+    state: directory
+    owner: "{{ games_user }}"
+    group: "{{ games_user }}"
+    mode: "0755"
+- name: run npm install
+  become: yes
+  become_user: "{{ games_user }}"
+  command:
+    cmd: "npm install"
+    chdir: "/home/{{ games_user }}/sunshine/build"
+- name: build sunshine - cmake
+  become: yes
+  become_user: "{{ games_user }}"
+  command:
+    cmd: "cmake -DCMAKE_C_COMPILER=gcc-10 -DCMAKE_CXX_COMPILER=g++-10 .."
+    chdir: "/home/{{ games_user }}/sunshine/build"
+- name: build sunshine - make
+  become: yes
+  become_user: "{{ games_user }}"
+  command:
+    cmd: "make"
+    chdir: "/home/{{ games_user }}/sunshine/build"
+- name: build sunshine deb package
+  become: yes
+  become_user: "{{ games_user }}"
+  command:
+    cmd: "cpack -G DEB"
+    chdir: "/home/{{ games_user }}/sunshine/build"
+- name: install sunshine from deb
+  apt:
+    deb: "/home/{{ games_user }}/sunshine/build/cpack_artifacts/Sunshine.deb"
+- name: restart sunshine
+  become: yes
+  become_user: "{{ games_user }}"
+  systemd:
+    scope: user
+    name: sunshine
+    state: restarted
+- name: decompress and extract firmware
+  unarchive:
+    src: "/tmp/linux-firmware-20221109.tar.gz"
+    dest: "/tmp/"
+    remote_src: yes
+- name: copy all files from amdgpu to /lib/firmware/amdgpu/
+  copy:
+    src: /tmp/linux-firmware-20221109/amdgpu
+    dest: /lib/firmware
+    remote_src: yes
+    owner: root
+    group: root
+    mode: "0644"
+- name: update initramfs
+  command:
+    cmd: "update-initramfs -u"
+- name: reboot system
+  reboot:
diff --git a/roles/services/game_server/tasks/main.yml b/roles/services/game_server/tasks/main.yml
new file mode 100644
index 0000000..f2b12bd
--- /dev/null
+++ b/roles/services/game_server/tasks/main.yml
@@ -0,0 +1,223 @@
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://deb.debian.org/debian bookworm main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://security.debian.org/debian-security bookworm-security main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://deb.debian.org/debian bookworm-updates main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://deb.debian.org/debian bookworm-backports main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://deb.debian.org/debian bookworm main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://deb.debian.org/debian bookworm-backports main contrib non-free
+- name: update repos
+  apt:
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+- name: install packages
+  package:
+    name: "{{ game_server_packages }}"
+    state: latest
+- name: create games user
+  user:
+    name: "{{ games_user }}"
+    create_home: yes
+- name: add user to sudo group
+  user:
+    name: "{{ games_user }}"
+    groups: sudo
+    append: yes
+- name: add user to ssl-cert group
+  user:
+    name: "{{ games_user }}"
+    groups: ssl-cert
+    append: yes
+- name: set authorized ssh key
+  authorized_key:
+    user: "{{ games_user }}"
+    state: present
+    key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"
+- name: clone sunshine repo
+  become: yes
+  become_user: "{{ games_user }}"
+  git:
+    repo: "{{ sunshine_repo }}"
+    dest: "/home/{{ games_user }}/sunshine"
+    version: "{{ sunshine_version }}"
+    recursive: yes
+    force: yes
+  register: sunshine_repo
+  notify:
+    - create sunshine build dir
+    - run npm install
+    - build sunshine - cmake
+    - build sunshine - make
+    - build sunshine deb package
+    - install sunshine from deb
+    - restart sunshine
+- name: install sunshine packages
+  package:
+    name: "{{ sunshine_packages }}"
+    state: latest
+- meta: flush_handlers
+- name: add user to input group
+  user:
+    name: "{{ games_user }}"
+    groups: input
+    append: yes
+- name: set sunshine udev rules
+  lineinfile:
+    path: /etc/udev/rules.d/85-sunshine-input.rules
+    insertbefore: EOF
+    line: KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
+    owner: root
+    group: root
+    mode: "0644"
+    create: yes
+- name: install backports kernel
+  apt:
+    name: linux-image-amd64
+    state: latest
+    update_cache: yes
+- name: update-pciids
+  changed_when: false
+  command:
+    cmd: "update-pciids"
+- name: check if needed firmware has alredy been installed
+  stat: path=/lib/firmware/amdgpu/dimgrey_cavefish_sos.bin
+  register: bin
+- name: manually download latest firmware for amdgpu from kernel source tree
+  when: not bin.stat.exists
+  get_url:
+    url: "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-20221109.tar.gz"
+    dest: "/tmp/linux-firmware-20221109.tar.gz"
+  register: firmware
+  notify:
+    - decompress and extract firmware
+    - copy all files from amdgpu to /lib/firmware/amdgpu/
+    - update initramfs
+    - reboot system
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+    port: 47984
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+    port: 47989
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+    port: 47990
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 47998
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 47999
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 48000
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 48002
+- name: check if i386 architecture is already enabled
+  args:
+    executable: /bin/bash
+  shell: |
+    set -eo pipefail
+    dpkg --print-foreign-architectures | grep i386
+  register: i386_check
+  changed_when: false
+- name: add i386 architecture
+  when: i386_check.rc == 1
+  command:
+    cmd: "dpkg --add-architecture i386"
+- name: update repos
+  when: i386_check.rc == 1
+  apt:
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+- name: install steam and related packages
+  package:
+    name: "{{ steam_packages }}"
+- name: copy lightdm config
+  copy:
+    src: "{{ lightdm_config }}"
+    dest: /etc/lightdm/lightdm.conf
+    owner: root
+    group: root
+    mode: "0644"
+- name: copy xfce xinit config
+  copy:
+    src: "{{ xfce_xinit }}"
+    dest: /etc/xdg/xfce4/xinitrc
+    owner: root
+    group: root
+    mode: "0755"
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/game_server

diff --git a/roles/services/game_server/handlers/main.yml b/roles/services/game_server/handlers/main.yml new file mode 100644 index 0000000..8e221e1 --- /dev/null +++ b/roles/services/game_server/handlers/main.yml
@@ -0,0 +1,71 @@
	1	- name: create sunshine build dir
	2	become: yes
	3	become_user: "{{ games_user }}"
	4	file:
	5	path: "/home/{{ games_user }}/sunshine/build"
	6	state: directory
	7	owner: "{{ games_user }}"
	8	group: "{{ games_user }}"
	9	mode: "0755"
	10
	11	- name: run npm install
	12	become: yes
	13	become_user: "{{ games_user }}"
	14	command:
	15	cmd: "npm install"
	16	chdir: "/home/{{ games_user }}/sunshine/build"
	17
	18	- name: build sunshine - cmake
	19	become: yes
	20	become_user: "{{ games_user }}"
	21	command:
	22	cmd: "cmake -DCMAKE_C_COMPILER=gcc-10 -DCMAKE_CXX_COMPILER=g++-10 .."
	23	chdir: "/home/{{ games_user }}/sunshine/build"
	24
	25	- name: build sunshine - make
	26	become: yes
	27	become_user: "{{ games_user }}"
	28	command:
	29	cmd: "make"
	30	chdir: "/home/{{ games_user }}/sunshine/build"
	31
	32	- name: build sunshine deb package
	33	become: yes
	34	become_user: "{{ games_user }}"
	35	command:
	36	cmd: "cpack -G DEB"
	37	chdir: "/home/{{ games_user }}/sunshine/build"
	38
	39	- name: install sunshine from deb
	40	apt:
	41	deb: "/home/{{ games_user }}/sunshine/build/cpack_artifacts/Sunshine.deb"
	42
	43	- name: restart sunshine
	44	become: yes
	45	become_user: "{{ games_user }}"
	46	systemd:
	47	scope: user
	48	name: sunshine
	49	state: restarted
	50
	51	- name: decompress and extract firmware
	52	unarchive:
	53	src: "/tmp/linux-firmware-20221109.tar.gz"
	54	dest: "/tmp/"
	55	remote_src: yes
	56
	57	- name: copy all files from amdgpu to /lib/firmware/amdgpu/
	58	copy:
	59	src: /tmp/linux-firmware-20221109/amdgpu
	60	dest: /lib/firmware
	61	remote_src: yes
	62	owner: root
	63	group: root
	64	mode: "0644"
	65
	66	- name: update initramfs
	67	command:
	68	cmd: "update-initramfs -u"
	69
	70	- name: reboot system
	71	reboot:


diff --git a/roles/services/game_server/tasks/main.yml b/roles/services/game_server/tasks/main.yml new file mode 100644 index 0000000..f2b12bd --- /dev/null +++ b/roles/services/game_server/tasks/main.yml
@@ -0,0 +1,223 @@
	1	- name: enable contrib and non-free repos
	2	apt_repository:
	3	repo: deb https://deb.debian.org/debian bookworm main contrib non-free
	4
	5	- name: enable contrib and non-free repos
	6	apt_repository:
	7	repo: deb https://security.debian.org/debian-security bookworm-security main contrib non-free
	8
	9	- name: enable contrib and non-free repos
	10	apt_repository:
	11	repo: deb https://deb.debian.org/debian bookworm-updates main contrib non-free
	12
	13	- name: enable contrib and non-free repos
	14	apt_repository:
	15	repo: deb https://deb.debian.org/debian bookworm-backports main contrib non-free
	16
	17	- name: enable contrib and non-free repos
	18	apt_repository:
	19	repo: deb-src https://deb.debian.org/debian bookworm main contrib non-free
	20
	21	- name: enable contrib and non-free repos
	22	apt_repository:
	23	repo: deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free
	24	- name: enable contrib and non-free repos
	25	apt_repository:
	26	repo: deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free
	27
	28	- name: enable contrib and non-free repos
	29	apt_repository:
	30	repo: deb-src https://deb.debian.org/debian bookworm-backports main contrib non-free
	31
	32	- name: update repos
	33	apt:
	34	update_cache: yes
	35	register: apt_upgrade
	36	retries: 100
	37	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	38
	39	- name: install packages
	40	package:
	41	name: "{{ game_server_packages }}"
	42	state: latest
	43
	44	- name: create games user
	45	user:
	46	name: "{{ games_user }}"
	47	create_home: yes
	48
	49	- name: add user to sudo group
	50	user:
	51	name: "{{ games_user }}"
	52	groups: sudo
	53	append: yes
	54
	55	- name: add user to ssl-cert group
	56	user:
	57	name: "{{ games_user }}"
	58	groups: ssl-cert
	59	append: yes
	60
	61	- name: set authorized ssh key
	62	authorized_key:
	63	user: "{{ games_user }}"
	64	state: present
	65	key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"
	66
	67	- name: clone sunshine repo
	68	become: yes
	69	become_user: "{{ games_user }}"
	70	git:
	71	repo: "{{ sunshine_repo }}"
	72	dest: "/home/{{ games_user }}/sunshine"
	73	version: "{{ sunshine_version }}"
	74	recursive: yes
	75	force: yes
	76	register: sunshine_repo
	77	notify:
	78	- create sunshine build dir
	79	- run npm install
	80	- build sunshine - cmake
	81	- build sunshine - make
	82	- build sunshine deb package
	83	- install sunshine from deb
	84	- restart sunshine
	85
	86	- name: install sunshine packages
	87	package:
	88	name: "{{ sunshine_packages }}"
	89	state: latest
	90
	91	- meta: flush_handlers
	92
	93	- name: add user to input group
	94	user:
	95	name: "{{ games_user }}"
	96	groups: input
	97	append: yes
	98
	99	- name: set sunshine udev rules
	100	lineinfile:
	101	path: /etc/udev/rules.d/85-sunshine-input.rules
	102	insertbefore: EOF
	103	line: KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
	104	owner: root
	105	group: root
	106	mode: "0644"
	107	create: yes
	108
	109	- name: install backports kernel
	110	apt:
	111	name: linux-image-amd64
	112	state: latest
	113	update_cache: yes
	114
	115	- name: update-pciids
	116	changed_when: false
	117	command:
	118	cmd: "update-pciids"
	119
	120	- name: check if needed firmware has alredy been installed
	121	stat: path=/lib/firmware/amdgpu/dimgrey_cavefish_sos.bin
	122	register: bin
	123
	124	- name: manually download latest firmware for amdgpu from kernel source tree
	125	when: not bin.stat.exists
	126	get_url:
	127	url: "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-20221109.tar.gz"
	128	dest: "/tmp/linux-firmware-20221109.tar.gz"
	129	register: firmware
	130	notify:
	131	- decompress and extract firmware
	132	- copy all files from amdgpu to /lib/firmware/amdgpu/
	133	- update initramfs
	134	- reboot system
	135
	136	- name: allow sunshine ports
	137	ufw:
	138	rule: allow
	139	proto: tcp
	140	port: 47984
	141
	142	- name: allow sunshine ports
	143	ufw:
	144	rule: allow
	145	proto: tcp
	146	port: 47989
	147
	148	- name: allow sunshine ports
	149	ufw:
	150	rule: allow
	151	proto: tcp
	152	port: 47990
	153
	154	- name: allow sunshine ports
	155	ufw:
	156	rule: allow
	157	proto: udp
	158	port: 47998
	159
	160	- name: allow sunshine ports
	161	ufw:
	162	rule: allow
	163	proto: udp
	164	port: 47999
	165
	166	- name: allow sunshine ports
	167	ufw:
	168	rule: allow
	169	proto: tcp
	170
	171	- name: allow sunshine ports
	172	ufw:
	173	rule: allow
	174	proto: udp
	175	port: 48000
	176
	177	- name: allow sunshine ports
	178	ufw:
	179	rule: allow
	180	proto: udp
	181	port: 48002
	182
	183	- name: check if i386 architecture is already enabled
	184	args:
	185	executable: /bin/bash
	186	shell: \|
	187	set -eo pipefail
	188	dpkg --print-foreign-architectures \| grep i386
	189	register: i386_check
	190	changed_when: false
	191
	192	- name: add i386 architecture
	193	when: i386_check.rc == 1
	194	command:
	195	cmd: "dpkg --add-architecture i386"
	196
	197	- name: update repos
	198	when: i386_check.rc == 1
	199	apt:
	200	update_cache: yes
	201	register: apt_upgrade
	202	retries: 100
	203	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	204
	205	- name: install steam and related packages
	206	package:
	207	name: "{{ steam_packages }}"
	208
	209	- name: copy lightdm config
	210	copy:
	211	src: "{{ lightdm_config }}"
	212	dest: /etc/lightdm/lightdm.conf
	213	owner: root
	214	group: root
	215	mode: "0644"
	216
	217	- name: copy xfce xinit config
	218	copy:
	219	src: "{{ xfce_xinit }}"
	220	dest: /etc/xdg/xfce4/xinitrc
	221	owner: root
	222	group: root
	223	mode: "0755"