This repo contains Ansible playbooks and roles for configuring and administering the uncletopia server cluster.
The caddy role configured the frontend http server that exposes all the internal services such as the gbans website and grafana.
The gbans roles downloads and configures the gbans (and postgres) docker instances. gbans is a tools that provides centralized bans, appeals and other simple community components.
The metrics role is responsible for configuring the grafana & prometheus stacks.
The sourcemod role is responsible for configuring the metamod and sourcemod installation used in the srcds role. It will automatically download the latest metamod and source versions and fully rebuild the entire plugin tree to ensure compatibility.
Note that all plugins which to not comply with sourcemods newer syntax newdecls
have had their source updated with #pragma newdecls required
and all subsequent
required changes.
There is no pre-existing compiled plugins, you will need to compile anything you need yourself if you use any of these. We compile all plugins during the deployment stage.
srcds is responsible for downloading and configuring each games docker instance. We do not use steamcmd nor its auto update mechanics. Containers should not auto update themselves, so instead we use depot downloader to download the latest build, then rebuild the images. To save on download/rebuild times, the base tf2 image is cached untouched so subsequent updates only pull deltas.
These are largely in the order they should be executed in with the exception of adduser.yml, which must be run first.
Creates the user used for running the services. This only should be ran once. A new user will be created and will be used for future playbooks instead as root logins over ssh will be disabled.
Setups a P2P wireguard based vpn network. These playbooks and services are designed to listen and otherwise use internal vpn network traffic everywhere possible. This is not strictly required, but not using a vpn is 100% untested/unsupported and will required fixing things yourself.
Note: This required the python3-netaddr
package to be installed on the ansible controller host.
Installs base OS runtime requirements and services.
- Set timezone
- Enable i386 arch for steam_cmd/srcds
- Installs apt repos and install .net, docker, rsyslog
- Install DepotDownloader
- Enable firewall in deny mode
Installs the baseline SRCDS instance using steamcmd (dd will work too, but it was disabled temporarily due to a auth problem and needs to be re-enabled).
These do not currently run under docker containers due to some painful ergonomics at the time and dealing with some other external problems. But they may again in the future as things have improved.
- Downloads and installs metamod and sourcemod.
- Builds all sourcemod plugins from source. This is done to help reduce bitrot and ensure correctness.
- Configures the services specific plugins and extensions.
Installs all web functionality, includes all backend monitoring tooling as well. All services run under docker containers
- Install and configure caddy web server
- Setup backend metrics services
- node_exporter
- srcds_watch
- promtail
- loki
- prometheus
- grafana w/dashboards
- Install and configure gbans and required services
- bd-api w/timescaledb - Not really a ut service, but is currently hosted here. You dont want this unless you know you need it.
- postgres
A helper playbook that will update all systems and reboot them if required.
A optional playbook that contains tasks that will tune the underlying OS. You must not run this without understanding the reprocussions of the changes. You should also adjust them accordingly to your hardware specs & needs.
If you are on a 64bit machine you will want 32bit libs for spcomp.
sudo apt get install libc6:i386 lib32stdc++6
There is a few steps that are not entirely automated as of yet. These are generally going to be one time setup type of steps.
These will eventually get automated, but are quite low priority.