1 files changed, 223 insertions, 0 deletions
diff --git a/roles/services/game_server/tasks/main.yml b/roles/services/game_server/tasks/main.yml
new file mode 100644
index 0000000..f2b12bd
--- /dev/null
+++ b/roles/services/game_server/tasks/main.yml
@@ -0,0 +1,223 @@
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://deb.debian.org/debian bookworm main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://security.debian.org/debian-security bookworm-security main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://deb.debian.org/debian bookworm-updates main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb https://deb.debian.org/debian bookworm-backports main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://deb.debian.org/debian bookworm main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free
+- name: enable contrib and non-free repos
+  apt_repository:
+    repo: deb-src https://deb.debian.org/debian bookworm-backports main contrib non-free
+- name: update repos
+  apt:
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+- name: install packages
+  package:
+    name: "{{ game_server_packages }}"
+    state: latest
+- name: create games user
+  user:
+    name: "{{ games_user }}"
+    create_home: yes
+- name: add user to sudo group
+  user:
+    name: "{{ games_user }}"
+    groups: sudo
+    append: yes
+- name: add user to ssl-cert group
+  user:
+    name: "{{ games_user }}"
+    groups: ssl-cert
+    append: yes
+- name: set authorized ssh key
+  authorized_key:
+    user: "{{ games_user }}"
+    state: present
+    key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"
+- name: clone sunshine repo
+  become: yes
+  become_user: "{{ games_user }}"
+  git:
+    repo: "{{ sunshine_repo }}"
+    dest: "/home/{{ games_user }}/sunshine"
+    version: "{{ sunshine_version }}"
+    recursive: yes
+    force: yes
+  register: sunshine_repo
+  notify:
+    - create sunshine build dir
+    - run npm install
+    - build sunshine - cmake
+    - build sunshine - make
+    - build sunshine deb package
+    - install sunshine from deb
+    - restart sunshine
+- name: install sunshine packages
+  package:
+    name: "{{ sunshine_packages }}"
+    state: latest
+- meta: flush_handlers
+- name: add user to input group
+  user:
+    name: "{{ games_user }}"
+    groups: input
+    append: yes
+- name: set sunshine udev rules
+  lineinfile:
+    path: /etc/udev/rules.d/85-sunshine-input.rules
+    insertbefore: EOF
+    line: KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
+    owner: root
+    group: root
+    mode: "0644"
+    create: yes
+- name: install backports kernel
+  apt:
+    name: linux-image-amd64
+    state: latest
+    update_cache: yes
+- name: update-pciids
+  changed_when: false
+  command:
+    cmd: "update-pciids"
+- name: check if needed firmware has alredy been installed
+  stat: path=/lib/firmware/amdgpu/dimgrey_cavefish_sos.bin
+  register: bin
+- name: manually download latest firmware for amdgpu from kernel source tree
+  when: not bin.stat.exists
+  get_url:
+    url: "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-20221109.tar.gz"
+    dest: "/tmp/linux-firmware-20221109.tar.gz"
+  register: firmware
+  notify:
+    - decompress and extract firmware
+    - copy all files from amdgpu to /lib/firmware/amdgpu/
+    - update initramfs
+    - reboot system
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+    port: 47984
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+    port: 47989
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+    port: 47990
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 47998
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 47999
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: tcp
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 48000
+- name: allow sunshine ports
+  ufw:
+    rule: allow
+    proto: udp
+    port: 48002
+- name: check if i386 architecture is already enabled
+  args:
+    executable: /bin/bash
+  shell: |
+    set -eo pipefail
+    dpkg --print-foreign-architectures | grep i386
+  register: i386_check
+  changed_when: false
+- name: add i386 architecture
+  when: i386_check.rc == 1
+  command:
+    cmd: "dpkg --add-architecture i386"
+- name: update repos
+  when: i386_check.rc == 1
+  apt:
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+- name: install steam and related packages
+  package:
+    name: "{{ steam_packages }}"
+- name: copy lightdm config
+  copy:
+    src: "{{ lightdm_config }}"
+    dest: /etc/lightdm/lightdm.conf
+    owner: root
+    group: root
+    mode: "0644"
+- name: copy xfce xinit config
+  copy:
+    src: "{{ xfce_xinit }}"
+    dest: /etc/xdg/xfce4/xinitrc
+    owner: root
+    group: root
+    mode: "0755"

diff --git a/roles/services/game_server/tasks/main.yml b/roles/services/game_server/tasks/main.yml new file mode 100644 index 0000000..f2b12bd --- /dev/null +++ b/roles/services/game_server/tasks/main.yml
@@ -0,0 +1,223 @@
	1	- name: enable contrib and non-free repos
	2	apt_repository:
	3	repo: deb https://deb.debian.org/debian bookworm main contrib non-free
	4
	5	- name: enable contrib and non-free repos
	6	apt_repository:
	7	repo: deb https://security.debian.org/debian-security bookworm-security main contrib non-free
	8
	9	- name: enable contrib and non-free repos
	10	apt_repository:
	11	repo: deb https://deb.debian.org/debian bookworm-updates main contrib non-free
	12
	13	- name: enable contrib and non-free repos
	14	apt_repository:
	15	repo: deb https://deb.debian.org/debian bookworm-backports main contrib non-free
	16
	17	- name: enable contrib and non-free repos
	18	apt_repository:
	19	repo: deb-src https://deb.debian.org/debian bookworm main contrib non-free
	20
	21	- name: enable contrib and non-free repos
	22	apt_repository:
	23	repo: deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free
	24	- name: enable contrib and non-free repos
	25	apt_repository:
	26	repo: deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free
	27
	28	- name: enable contrib and non-free repos
	29	apt_repository:
	30	repo: deb-src https://deb.debian.org/debian bookworm-backports main contrib non-free
	31
	32	- name: update repos
	33	apt:
	34	update_cache: yes
	35	register: apt_upgrade
	36	retries: 100
	37	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	38
	39	- name: install packages
	40	package:
	41	name: "{{ game_server_packages }}"
	42	state: latest
	43
	44	- name: create games user
	45	user:
	46	name: "{{ games_user }}"
	47	create_home: yes
	48
	49	- name: add user to sudo group
	50	user:
	51	name: "{{ games_user }}"
	52	groups: sudo
	53	append: yes
	54
	55	- name: add user to ssl-cert group
	56	user:
	57	name: "{{ games_user }}"
	58	groups: ssl-cert
	59	append: yes
	60
	61	- name: set authorized ssh key
	62	authorized_key:
	63	user: "{{ games_user }}"
	64	state: present
	65	key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"
	66
	67	- name: clone sunshine repo
	68	become: yes
	69	become_user: "{{ games_user }}"
	70	git:
	71	repo: "{{ sunshine_repo }}"
	72	dest: "/home/{{ games_user }}/sunshine"
	73	version: "{{ sunshine_version }}"
	74	recursive: yes
	75	force: yes
	76	register: sunshine_repo
	77	notify:
	78	- create sunshine build dir
	79	- run npm install
	80	- build sunshine - cmake
	81	- build sunshine - make
	82	- build sunshine deb package
	83	- install sunshine from deb
	84	- restart sunshine
	85
	86	- name: install sunshine packages
	87	package:
	88	name: "{{ sunshine_packages }}"
	89	state: latest
	90
	91	- meta: flush_handlers
	92
	93	- name: add user to input group
	94	user:
	95	name: "{{ games_user }}"
	96	groups: input
	97	append: yes
	98
	99	- name: set sunshine udev rules
	100	lineinfile:
	101	path: /etc/udev/rules.d/85-sunshine-input.rules
	102	insertbefore: EOF
	103	line: KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
	104	owner: root
	105	group: root
	106	mode: "0644"
	107	create: yes
	108
	109	- name: install backports kernel
	110	apt:
	111	name: linux-image-amd64
	112	state: latest
	113	update_cache: yes
	114
	115	- name: update-pciids
	116	changed_when: false
	117	command:
	118	cmd: "update-pciids"
	119
	120	- name: check if needed firmware has alredy been installed
	121	stat: path=/lib/firmware/amdgpu/dimgrey_cavefish_sos.bin
	122	register: bin
	123
	124	- name: manually download latest firmware for amdgpu from kernel source tree
	125	when: not bin.stat.exists
	126	get_url:
	127	url: "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-20221109.tar.gz"
	128	dest: "/tmp/linux-firmware-20221109.tar.gz"
	129	register: firmware
	130	notify:
	131	- decompress and extract firmware
	132	- copy all files from amdgpu to /lib/firmware/amdgpu/
	133	- update initramfs
	134	- reboot system
	135
	136	- name: allow sunshine ports
	137	ufw:
	138	rule: allow
	139	proto: tcp
	140	port: 47984
	141
	142	- name: allow sunshine ports
	143	ufw:
	144	rule: allow
	145	proto: tcp
	146	port: 47989
	147
	148	- name: allow sunshine ports
	149	ufw:
	150	rule: allow
	151	proto: tcp
	152	port: 47990
	153
	154	- name: allow sunshine ports
	155	ufw:
	156	rule: allow
	157	proto: udp
	158	port: 47998
	159
	160	- name: allow sunshine ports
	161	ufw:
	162	rule: allow
	163	proto: udp
	164	port: 47999
	165
	166	- name: allow sunshine ports
	167	ufw:
	168	rule: allow
	169	proto: tcp
	170
	171	- name: allow sunshine ports
	172	ufw:
	173	rule: allow
	174	proto: udp
	175	port: 48000
	176
	177	- name: allow sunshine ports
	178	ufw:
	179	rule: allow
	180	proto: udp
	181	port: 48002
	182
	183	- name: check if i386 architecture is already enabled
	184	args:
	185	executable: /bin/bash
	186	shell: \|
	187	set -eo pipefail
	188	dpkg --print-foreign-architectures \| grep i386
	189	register: i386_check
	190	changed_when: false
	191
	192	- name: add i386 architecture
	193	when: i386_check.rc == 1
	194	command:
	195	cmd: "dpkg --add-architecture i386"
	196
	197	- name: update repos
	198	when: i386_check.rc == 1
	199	apt:
	200	update_cache: yes
	201	register: apt_upgrade
	202	retries: 100
	203	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	204
	205	- name: install steam and related packages
	206	package:
	207	name: "{{ steam_packages }}"
	208
	209	- name: copy lightdm config
	210	copy:
	211	src: "{{ lightdm_config }}"
	212	dest: /etc/lightdm/lightdm.conf
	213	owner: root
	214	group: root
	215	mode: "0644"
	216
	217	- name: copy xfce xinit config
	218	copy:
	219	src: "{{ xfce_xinit }}"
	220	dest: /etc/xdg/xfce4/xinitrc
	221	owner: root
	222	group: root
	223	mode: "0755"