fixup! add icmp and outbound rules

previously icmp was not on either inbound or outbound. there were
also no outbound rules whatsoever. this may have been causing issues
when creating a vm in a team with no base-firewall rules.

README.md

@@ -1,37 +1,15 @@
-# auto-mc
+## ever wanted to:
-automate automation for minecraft servers.
+- play minecraft but the server was too expensive to host 
+for just a little play session?
+- have a minecraft world you wanted to play with your friends as a 
+one off thing?
 
-this is an installer for the minecraft server (paper), with a few systemd units and a backup script. the server runs inside a gnu `screen` session controlled by the user `mc`.
+## introducing: auto-mc-redux! 
-it works best on ubuntu 20.04+ because of java versioning, but any distro with `apt` (and a version of openjdk >=16 for 1.17+ installs, or >=21 for 1.21+) should work fine.
-
-# installation
-to install, do:
-```bash
-sudo apt install git
-git clone https://git.skeh.site/ida/auto-mc ~/auto-mc 
-cd ~/auto-mc && sudo bash automate.sh
-```
-# usage notes
-by default the server tries to allocate 3G of ram, to change this, just edit mc-server.service's ExecStart 
-## structure
-`/srv/minecraft/server`: server files 
-
-`/srv/minecraft/backups`: backups of `../server` (taken daily, retained for 14 days)
-
-`/etc/systemd/system/mc-*`: services and timers
-
-## commands
-### ran as `root`*:
-`systemctl start mc-server`: starts the minecraft server 
-
-`systemctl stop mc-server`: stops the minecraft server 
-
-`systemctl restart mc-server`: restarts the minecraft server 
-
-(* = either by logging into `root`, or prefixing any command with `sudo`)
-
-### ran as `mc`
-`screen -r mc-server`: connects to the server console
-
-`mc-backup`: manually runs a backup 
 
+this is a modified version of the [script](https://git.skeh.site/ida/auto-mc) i maintain for automatically 
+installing minecraft (on `apt` based distrobutions) and intigrating it 
+with systemd. this aims to create a virtual machine, create the 
+appropriate firewall rules, and install minecraft with a world that's 
+kept in an s3 bucket, until you give it the command to un-deploy it, 
+where it'll back up the world to the s3 bucket, and then unprovision the 
+server!

automate.sh

@@ -11,32 +11,6 @@ fi
 echo "fetching..."
 apt install -y screen tar xz-utils curl jq #FIXME: this wont probably work on a system that has not run apt update for the first time
 
-# find the latest version of paper
-LATEST=`curl -s https://papermc.io/api/v2/projects/paper/ | jq -r .versions[-1]`
-printf "\n\n\n"
-function versionprompt {
-	# ask the user which version of minecraft they would like to install
-	echo "which version of minecraft would you like to serve?"
-	echo -n "version [$LATEST]:"
-	if ! read -t 30 VERSION; then  # have a timeout for user input handy for unattented installs
-		VERSION=$LATEST
-		echo "timed out, defaulting to $LATEST..."
-		return 0
-	fi
-	if [ -n "$VERSION" ]; then # check if the user wrote anything
-		echo "probing..."
-		#validate user input
-		if ! curl -s https://papermc.io/api/v2/projects/paper/ | jq -r .versions | grep -q \"$VERSION\"; then
-			echo "we cant find that version! either its not supported or you made an error, trying again..."
-			versionprompt
-		fi
-	else
-		VERSION=$LATEST
-		echo "defaulting to $LATEST..."
-	fi
-}
-versionprompt
-
 # this has to be seperate from the first run of apt since java versions before 16 is deprecated for minecraft 1.17 and before 17 for 1.18, and java versions before 21 for 1.21
 echo "installing java..."
 if printf '%s\n' 1.20.6 $VERSION | sort -VC; then # check if $VERSION is above 1.20.6
@@ -49,8 +23,8 @@ fi
 
 # find the latest release of the requested version and download it
 echo "downloading minecraft $VERSION..."
-RELEASE=`curl -s https://papermc.io/api/v2/projects/paper/versions/$VERSION/ | jq -r .builds[-1]`
+RELEASE=`curl -s https://api.papermc.io/v2/projects/paper/versions/$VERSION/ | jq -r .builds[-1]`
-curl https://papermc.io/api/v2/projects/paper/versions/$VERSION/builds/$RELEASE/downloads/paper-$VERSION-$RELEASE.jar -o paperclip.jar
+curl https://api.papermc.io/v2/projects/paper/versions/$VERSION/builds/$RELEASE/downloads/paper-$VERSION-$RELEASE.jar -o paperclip.jar
 
 echo "preparing..." # making sure things have the right owners
 adduser --disabled-password --gecos "" mc

deploy.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# required for the complex pipes in the machine function
+shopt -s lastpipe
+install_dir="$(dirname "$(readlink -f "$0")")" # find the install directory
+source "$install_dir/functions.sh"
+
+#TODO: add these to config create, probably with a select menu or something
+size="s-2vcpu-4gb"
+reigon="sfo3"
+
+
+config get
+keys check
+machine create
+machine show ipv4 | jq .ip_address | read ipv4_address
+echo "Machine created at $ipv4_address!"
+if ! firewall check; then
+	firewall create
+else
+	echo "Firewall rule already exists"
+fi
+
+latest=`curl -s https://api.papermc.io/v2/projects/paper/ | jq -r .versions[-1]`
+versionprompt
+echo "Waiting for machine to respond"
+# send pings every second, waiting for 1 second
+until ping -w 1 -c 1 $ip_address >/dev/null 2>&1; do
+	echo -n '.'
+	sleep 1
+done
+
+cat <(cat <(echo VERSION=$version) ./automate.sh)
+
+#machine destroy

functions.sh

@@ -0,0 +1,248 @@
+config() {
+	local command="$1"; shift
+
+	case $command in
+		get)
+			echo 'Checking config...'
+			if [ -a "${XDG_CONFIG_HOME}/auto-mc-redux/conf" ]; then
+				source "${XDG_CONFIG_HOME}/auto-mc-redux/conf"
+			elif [ -a "$HOME/.config/auto-mc-redux/conf" ]; then
+				source "${HOME}/.config/auto-mc-redux/conf"
+			else
+				echo 'No config found!'
+				config create
+			fi
+		;;
+		create)
+			read -p "Enter your DigialOcean API token: " TOKEN
+			# this parameter expands to nothing if unset, or x if it is.
+			if [ -z ${XDG_CONFIG_HOME+x} ]; then
+				mkdir -p "${HOME}/.config/auto-mc-redux"
+				echo export TOKEN="${TOKEN}" > "${HOME}/.config/auto-mc-redux/conf"
+				chmod 600 "${HOME}/.config/auto-mc-redux/conf"
+			else
+				mkdir -p "${XDG_CONFIG_HOME}/auto-mc-redux"
+				echo export TOKEN="${TOKEN}" > "${XDG_CONFIG_HOME}/auto-mc-redux/conf"
+				chmod 600 "${XDG_CONFIG_HOME}/auto-mc-redux/conf"
+			fi
+		;;
+	esac
+}
+
+firewall(){
+	local command="$1"; shift
+
+	case $command in
+		# exits 0 if firewall with tag auto-mc exists, 1 if it does not
+		check)
+			echo 'Querying firewall rules...'
+			curl -s -X GET \
+				-H "Content-Type: application/json" \
+				-H "Authorization: Bearer $TOKEN" \
+				https://api.digitalocean.com/v2/firewalls |\
+				jq -r .firewalls[].name | grep -q "^auto-mc$"
+		;;
+		create)
+			echo 'Creating firewall rule'
+			curl -s -X POST \
+				-H "Content-Type: application/json" \
+				-H "Authorization: Bearer $TOKEN" \
+				-d @- \
+				"https://api.digitalocean.com/v2/firewalls" <<-json
+			{
+			  "name": "auto-mc",
+			  "tags":["auto-mc"],
+			  "inbound_rules": [
+			    {
+			      "protocol": "icmp",
+			      "ports": "0",
+			      "sources": {
+			        "addresses": [
+			          "0.0.0.0/0",
+			          "::/0"
+			        ]
+			      }
+			    },
+			    {
+			      "protocol": "tcp",
+			      "ports": "25565",
+			      "sources": {
+			        "addresses": [
+			          "0.0.0.0/0",
+			          "::/0"
+			        ]
+			      }
+			    },
+			    {
+			      "protocol": "udp",
+			      "ports": "25565",
+			      "sources": {
+			        "addresses": [
+			          "0.0.0.0/0",
+			          "::/0"
+			        ]
+			      }
+			    }
+			  ],
+			  "outbound_rules": [
+			    {
+			      "protocol": "icmp",
+			      "ports": "0",
+			      "destinations": {
+			        "addresses": [
+			          "0.0.0.0/0",
+			          "::/0"
+			        ]
+			      }
+			    },
+			    {
+			      "protocol": "tcp",
+			      "ports": "0",
+			      "destinations": {
+			        "addresses": [
+			          "0.0.0.0/0",
+			          "::/0"
+			        ]
+			      }
+			    },
+			    {
+			      "protocol": "udp",
+			      "ports": "0",
+			      "destinations": {
+			        "addresses": [
+			          "0.0.0.0/0",
+			          "::/0"
+			        ]
+			      }
+			    }
+			  ]
+			}
+			json
+		;;
+	esac
+}
+
+keys(){
+	local command="$1"; shift
+
+	case $command in
+		check)
+			echo "Checking DigitalOcean's keystore..."
+			curl -s -X GET \
+				-H "Content-Type: application/json"	\
+				-H "Authorization: Bearer $TOKEN"	\
+				"https://api.digitalocean.com/v2/account/keys" |\
+			jq -r .ssh_keys[].public_key |\
+			while read remote_key; do
+				if grep -q "^$remote_key$" "$HOME/.ssh/"*.pub; then
+					authed_key="$remote_key"
+				fi
+			done
+
+			if [ "$authed_key" ]; then
+				echo "Local key already installed..."
+				ssh-keygen -l -E md5 -f <(echo "$authed_key") |\
+				cut -d':' -f 2- | cut -d' ' -f 1 | read fingerprint
+				export fingerprint
+			else
+				keys copy
+			fi
+		;;
+		copy)
+			key_file="$(find "$HOME/.ssh/"*.pub | sort | head -1)"
+			cat "$key_file" | read key
+			key_name=$(echo "$key" | cut --complement -d'@' -f 1)
+			echo "Copying key..."
+			curl -s -X POST \
+				-H "Content-Type: application/json" \
+				-H "Authorization: Bearer $TOKEN" \
+				-d '{"name":"'"$key_name"'","public_key":"'"$key"'"}' \
+				"https://api.digitalocean.com/v2/account/keys" |
+			jq -r .ssh_key.fingerprint | read fingerprint
+			export fingerprint
+			echo "Key copied!"
+		;;
+	esac
+}
+
+machine(){
+	local command="$1"; shift
+	local arg="$1"; shift
+
+	case $command in
+		create)
+			# read isn't used in these pipelines because of job control shinanigans
+			echo 'Creating Droplet...'
+			curl -s -X POST \
+					-H 'Content-Type: application/json' \
+					-H "Authorization: Bearer $TOKEN" \
+					-d '{"name":"auto-mc",
+			        "size":"'$size'",
+			        "region":"'$reigon'",
+			        "image":"ubuntu-24-10-x64",
+			        "ssh_keys":["'$fingerprint'"],
+			        "tags":["auto-mc"]}' \
+			    "https://api.digitalocean.com/v2/droplets" |\
+					jq .droplet.id | read droplet
+
+			export droplet
+			echo 'Waiting for droplet to be active...'
+			while sleep 5; do
+					machine show status
+					if [ "$status" = 'active' ]; then
+						echo 'Droplet ready!'
+						break
+					fi
+			done
+		;;
+		destroy)
+			curl -s -X DELETE \
+				-H "Content-Type: application/json" \
+				-H "Authorization: Bearer $TOKEN" \
+				"https://api.digitalocean.com/v2/droplets?tag_name=auto-mc"
+		;;
+		show)
+			case $arg in
+				ipv4)
+					curl -s -X GET \
+						-H "Content-Type: application/json" \
+						-H "Authorization: Bearer $TOKEN" \
+						"https://api.digitalocean.com/v2/droplets/$droplet" |\
+						jq '.droplet.networks.v4[] | select(.type == "public")'
+				;;
+				status)
+					curl -s -X GET \
+						-H "Content-Type: application/json" \
+						-H "Authorization: Bearer $TOKEN" \
+						"https://api.digitalocean.com/v2/droplets/$droplet" |\
+						jq -r .droplet.status | read status
+					export status
+				;;
+			esac
+	esac
+}
+
+versionprompt() {
+	# ask the user which version of minecraft they would like to install
+	echo "Which version of minecraft would you like to serve?"
+	echo -n "Version [$latest]:"
+	# have a timeout for user input handy for unattented installs
+	if ! read -t 30 version; then
+		version=$latest
+		echo "Timed out, defaulting to $latest..."
+		return 0
+	fi
+	if [ -n "$version" ]; then # check if the user wrote anything
+		echo "Probing..."
+		#validate user input
+		if ! curl -s https://api.papermc.io/v2/projects/paper/ |\
+				 jq -r .versions | grep -q \"$version\"; then
+			echo "We cant find that version!"
+			echo "Either its not supported yet or you made an error, trying again..."
+			versionprompt
+		fi
+	else
+		version=$latest
+		echo "Defaulting to $latest..."
+	fi
+}