-
-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathgame-node-server-setup.sh
More file actions
executable file
·161 lines (132 loc) · 4.95 KB
/
game-node-server-setup.sh
File metadata and controls
executable file
·161 lines (132 loc) · 4.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/bin/bash
source setup-env.sh "$@"
check_sudo
if ! command -v jq &> /dev/null; then
echo "Error: jq is not installed. Please install it first."
exit 1
fi
FRESH_REQUIRED_GB=120
EXISTING_REQUIRED_GB=60
if [ -d "/opt/5stack/serverfiles/game/csgo" ]; then
REQUIRED_GB=$EXISTING_REQUIRED_GB
else
REQUIRED_GB=$FRESH_REQUIRED_GB
fi
if [ "$REQUIRED_GB" -gt 0 ]; then
AVAILABLE_GB=$(df -BG / | awk 'NR==2 {print $4}' | tr -d 'G')
if [ "$AVAILABLE_GB" -lt "$REQUIRED_GB" ]; then
echo "Error: Insufficient disk space. Required: ${REQUIRED_GB}GB, Available: ${AVAILABLE_GB}GB"
exit 1
fi
echo "Disk space check passed: ${AVAILABLE_GB}GB available (minimum: ${REQUIRED_GB}GB)"
fi
echo "Installing Game Node Server dependencies..."
curl -sfL https://tailscale.com/install.sh | sh
echo ""
echo "=========================================="
echo "Tailscale OAuth Setup Required"
echo "=========================================="
echo ""
echo "This script automates Tailscale configuration using OAuth API."
echo ""
echo "Create Access Control Tag at:"
echo " https://login.tailscale.com/admin/acls/visual/tags/add"
echo " - fivestack"
echo ""
echo "Create an OAuth Client at:"
echo " https://login.tailscale.com/admin/settings/trust-credentials/add"
echo ""
echo "OAuth scopes:"
echo " Keys : Auth Keys (write)"
echo " General: Policy File (write)"
echo ""
echo "Required tag:"
echo " - fivestack"
echo ""
echo "After creating the OAuth client, you'll receive:"
echo " - Client ID"
echo " - Client Secret (shown only once!)"
echo ""
echo "=========================================="
echo ""
echo -e "\033[1;36mEnter your Tailscale OAuth Client ID:\033[0m"
read TAILSCALE_CLIENT_ID
while [ -z "$TAILSCALE_CLIENT_ID" ]; do
echo "Client ID cannot be empty. Please enter your OAuth Client ID:"
read TAILSCALE_CLIENT_ID
done
echo -e "\033[1;36mEnter your Tailscale OAuth Client Secret:\033[0m"
read -s TAILSCALE_CLIENT_SECRET
echo ""
while [ -z "$TAILSCALE_CLIENT_SECRET" ]; do
echo "Client Secret cannot be empty. Please enter your OAuth Client Secret (when pasting it will not show for security reasons):"
read -s TAILSCALE_CLIENT_SECRET
echo ""
done
echo ""
echo "Authenticating with Tailscale API..."
ACCESS_TOKEN=$(get_oauth_token "$TAILSCALE_CLIENT_ID" "$TAILSCALE_CLIENT_SECRET")
if [ -z "$ACCESS_TOKEN" ]; then
echo "Failed to authenticate with Tailscale. Please check your OAuth credentials."
exit 1
fi
echo "Authentication successful"
update_env_var "overlays/config/api-config.env" "TAILSCALE_CLIENT_ID" "$TAILSCALE_CLIENT_ID"
update_env_var "overlays/local-secrets/tailscale-secrets.env" "TAILSCALE_SECRET_ID" "$TAILSCALE_CLIENT_SECRET"
echo ""
echo "Configuring ACL rules for fivestack tag..."
update_acl_for_fivestack "$ACCESS_TOKEN"
if [ $? -eq 0 ]; then
echo "ACL configured (10.42.0.0/16 subnet with auto-approvers)"
else
echo "Warning: ACL configuration failed. You may need to configure ACL manually."
fi
echo ""
echo "Generating pre-approved auth key..."
TAILSCALE_AUTH_KEY=$(create_auth_key "$ACCESS_TOKEN")
if [ -z "$TAILSCALE_AUTH_KEY" ]; then
echo "Failed to generate auth key."
exit 1
fi
echo "Auth key generated"
echo ""
echo "Installing K3S with Tailscale VPN integration..."
curl -sfL https://get.k3s.io | sh -s - --disable=traefik --vpn-auth="name=tailscale,joinKey=${TAILSCALE_AUTH_KEY}"
echo ""
echo "Waiting for node to come online in Tailscale network..."
for i in {1..30}; do
TAILSCALE_NODE_IP=$(tailscale ip -4 2>/dev/null | head -n 1)
if [ -n "$TAILSCALE_NODE_IP" ]; then
break
fi
sleep 2
done
if [ -z "$TAILSCALE_NODE_IP" ]; then
echo "Timeout waiting for node to appear."
echo "Please check the Tailscale dashboard and manually enter the node IP."
echo "https://login.tailscale.com/admin/machines"
echo -e "\033[1;36mEnter the Tailscale node IP address:\033[0m"
read TAILSCALE_NODE_IP
while [ -z "$TAILSCALE_NODE_IP" ]; do
echo "Node IP cannot be empty. Please enter the Tailscale node IP:"
read TAILSCALE_NODE_IP
done
else
echo "Node online with IP: $TAILSCALE_NODE_IP"
fi
update_env_var "overlays/config/api-config.env" "TAILSCALE_NODE_IP" "$TAILSCALE_NODE_IP"
cat <<-EOF >/etc/rancher/k3s/config.yaml
node-ip: $TAILSCALE_NODE_IP
EOF
# TODO - right now there is a bug where k3s will not join the tailscale network if the vpn-auth line is not present.
# gamde nodes seem to be ok, yet to be verified.
# sed -i '/vpn-auth/d' /etc/systemd/system/k3s.service
mkdir -p /etc/systemd/system/k3s.service.d
cat <<-'DROPIN' >/etc/systemd/system/k3s.service.d/update-tailscale-ip.conf
[Service]
ExecStartPre=/bin/bash -c 'TSIP=$(tailscale ip -4 2>/dev/null | head -n 1); if [ -n "$TSIP" ] && [ -f /etc/rancher/k3s/config.yaml ]; then sed -i "s/^node-ip:.*/node-ip: $TSIP/" /etc/rancher/k3s/config.yaml; echo "[5stack] Updated k3s node-ip to $TSIP"; fi'
DROPIN
systemctl daemon-reload
systemctl restart k3s
source update.sh "$@"
echo "Game node server setup complete"