This repo contains Ansible playbooks and roles for configuring and administering the uncletopia server cluster.
There is several roles that can be installed. Some are just additional tools that are hosted by us (bd-api, tf2bdd, uncledane) and are not required at all.
Installs the bd-api service.
The caddy role configures the frontend http proxy that exposes all the internal services such as the gbans website, grafana and sentry.
The demostats role handles configuring the demostats docker container web service for processing incoming demos.
The gbans roles downloads and configures the gbans (and postgres) docker instances. gbans is a tools that provides centralized bans, appeals and other simple community components. This role expects the demostats role as well.
The metrics role is responsible for configuring the grafana monitoring stack. Installs the grafana web service and associated backend agents loki, prometheus and promtail.
This role is responsible for setting up the [sentry.io self-hosted] error tracking/tracing/instrumentation. This is fairly high resource usage, so be careful if you are going to use this. You can attempt to try running this in errors only mode if you wanted to attempt to use it on a lower capacity machine. If you are small scale you should probably just stick to the free hosted tier at sentry.io, it should be more than sufficient.
The sourcemod role is responsible for configuring the metamod and sourcemod installation used in the srcds role. It will automatically download the latest metamod and source versions and fully rebuild the entire plugin tree to ensure compatibility.
Note that all plugins which to not comply with sourcemods newer syntax newdecls have had their source updated with #pragma newdecls required and all subsequent
required changes.
There is no pre-existing compiled plugins, you will need to compile anything you need yourself if you use any of these. We compile all plugins during the deployment stage.
Installs the baseline SRCDS instance using steamcmd (dd will work too, but it was disabled temporarily due to an auth problem and needs to be re-enabled).
These do not currently run under docker containers due to some painful ergonomics at the time and dealing with some other external problems. But they may again in the future as things have improved.
- Downloads and installs metamod and sourcemod.
- Builds all sourcemod plugins from source. This is done to help reduce bitrot and ensure correctness.
- Configures the services specific plugins and extensions.
Installs an instance of tf2bdd, which is used to manage bot a detector list via discord.
Handles building and running the uncledane.com src website.
These are largely in the order they should be executed in except for, adduser.yml, which must be run first.
Creates the user used for running the services. This only should be run once. A new user will be created and will be used for future p 8000 laybooks instead as root logins over ssh will be disabled.
Setups a P2P wireguard based vpn network. These playbooks and services are designed to listen and otherwise use internal vpn network traffic everywhere possible. This is not strictly required, but not using a vpn is 100% untested/unsupported and will require fixing things yourself.
Note: This required the python3-netaddr package to be installed on the ansible controller host.
Installs base OS runtime requirements and services.
- Set timezone
- Enable i386 arch for steam_cmd/srcds
- Installs apt repos and install docker, rsyslog
- Enable firewall in deny mode
A helper playbook that will update all systems and reboot them if required.
An optional playbook that contains tasks that will tune the underlying OS. You must not run this without understanding the repercussions of the changes. You should also adjust them accordingly to your hardware specs & needs.
To install the required additional collections and roles you can use the provided requirements.yml file.
ansible-galaxy install -r requirements.yml
If you are on a 64bit machine you will want 32bit libs for spcomp.
sudo apt get install libc6:i386 lib32stdc++6
There is a few steps that are not entirely automated yet. These are generally going to be one time setup type of steps.
These will eventually get automated, but are quite low priority.
- (One time) Create sentry admin user
- ssh {{ caddy.hosts.sentry.dns }} -C "cd ~/sentry && docker compose run --rm web createuser"