Opting for an example minio setup over filebrowser

Configuration needed at this point however

ansible/inventory.yaml

@@ -0,0 +1,3 @@
+nigel:
+  hosts:
+    nigel.local:

ansible/linter.yaml

@@ -0,0 +1,4 @@
+---
+skip_list:
+    - role-name
+    - var-naming[no-role-prefix]

ansible/local-setup-admin-user.yaml

@@ -0,0 +1,27 @@
+# This playbook is meant to be a oneshot to be ran manually on the dev box
+# The rest of the role stuff is meant to be ran as the admin user that
+# this playbook creates for us
+---
+- hosts: nigel.local
+  remote_user: nigel
+  vars:
+    admin:
+      username: nigel
+  tasks:
+    - name: Copy the nigel admin key
+      ansible.builtin.authorized_key:
+        user: "{{ admin.username }}"
+        state: present
+        key: "{{ lookup('file', '~/.ssh/nigel/admin.pub') }}"
+    - name: Prevent password based logins
+      become: true
+      ansible.builtin.lineinfile:
+        dest: /etc/ssh/sshd_config
+        line: PasswordAuthentication no
+        state: present
+        backup: true
+    - name: Restart SSH Daemon
+      become: true
+      ansible.builtin.service:
+        name: ssh
+        state: restarted

ansible/nuc.yaml

@@ -0,0 +1,21 @@
+---
+- hosts: nigel.local
+  remote_user: nigel
+  tasks:
+    - name: Setup basic role on nigel
+      tags:
+        - setup
+      ansible.builtin.include_role:
+        name: local-server-head
+        apply:
+          tags:
+            - setup
+    - name: Setup Docker services on nigel
+      tags:
+        - services
+      ansible.builtin.include_role:
+        name: services
+        apply:
+          become: true
+          tags:
+            - services

ansible/roles/local-server-head/files/docker.list

@@ -0,0 +1 @@
+deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu noble stable

ansible/roles/local-server-head/tasks/ensure-docker-basic.yaml

@@ -0,0 +1,41 @@
+- name: Ensure we have basic updated packages setting up docker
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    update_cache: true
+  loop:
+    - ca-certificates
+    - curl
+- name: Running install on the keyrings directory
+  ansible.builtin.command:
+    cmd: install -m 0755 -d /etc/apt/keyrings
+  register: install
+  changed_when: install.rc == 0
+- name: Fetch Docker GPG Key
+  vars:
+    keylink: https://download.docker.com/linux/ubuntu/gpg
+  ansible.builtin.get_url:
+    url: "{{ keylink }}"
+    dest: /etc/apt/keyrings/docker.asc
+    mode: "0644"
+- name: Add repo to apt sources
+  ansible.builtin.copy:
+    src: docker.list
+    dest: /etc/apt/sources.list.d/docker.list
+    mode: "0644"
+- name: Update Apt cache with latest docker.list packages
+  ansible.builtin.apt:
+    update_cache: true
+- name: Ensure all docker packages are updated to the latest versions
+  ansible.builtin.apt:
+    name: "{{ item }}"
+  loop:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+- name: Verify that the docker components are installed properly
+  ansible.builtin.command:
+    cmd: docker run hello-world
+  register: docker
+  changed_when: docker.rc == 0

ansible/roles/local-server-head/tasks/main.yaml

@@ -0,0 +1,18 @@
+- name: Ensure docker components are installed
+  tags:
+    - setup
+  ansible.builtin.include_tasks:
+    file: ensure-docker-basic.yaml
+    apply:
+      become: true
+      tags:
+        - setup
+- name: Ensure docker services are present and ready for configuration/usage
+  tags:
+    - services
+  ansible.builtin.include_tasks:
+    file: ensure-docker-services.yaml
+    apply:
+      become: true
+      tags:
+        - services

ansible/roles/services/tasks/main.yaml

@@ -0,0 +1,32 @@
+- name: Ensure docker dir is present
+  ansible.builtin.file:
+    path: "{{ services.compose_dir }}"
+    state: directory
+    mode: "0755"
+- name: Collect id -u result
+  ansible.builtin.command:
+    cmd: id -u
+  register: id_u
+  changed_when: false
+- name: Collect id -g result
+  ansible.builtin.command:
+    cmd: id -g
+  register: id_g
+  changed_when: false
+- name: Ensure compose.yaml is present
+  vars:
+    puid: "{{ id_u.stdout }}"
+    pgid: "{{ id_g.stdout }}"
+    health_port: "{{ services.health.port }}"
+  ansible.builtin.template:
+    src: compose.yaml
+    dest: "{{ services.compose_dir }}/compose.yaml"
+    mode: "0644"
+- name: Apply docker compose with services
+  community.docker.docker_compose_v2:
+    project_src: "{{ services.compose_dir }}"
+    remove_orphans: true
+  register: compose_output
+- name: Show output of docker compose apply
+  ansible.builtin.debug:
+    var: compose_output

ansible/roles/services/templates/compose.yaml

@@ -0,0 +1,19 @@
+services:
+  health:
+    container_name: health
+    image: nginx:latest
+    restart: always
+    ports:
+      - "{{ health_port }}:80"
+  minio:
+    container_name: minio
+    image: quay.io/minio/minio
+    command: server /data --console-address ":9001"
+    volumes:
+      - "/opt/minio/data:/data"
+    environment:
+      MINIO_ROOT_USER: admin
+      MINIO_ROOT_PASSWORD: admin123
+    ports:
+      - "9000:9000"
+      - "9001:9001"

ansible/roles/services/vars/main.yaml

@@ -0,0 +1,4 @@
+services:
+  compose_dir: /home/nigel/compose
+  health:
+    port: 8080

ansible/scripts/pull-down-s3.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -e
-
-bucket="$1"
-s3env=/opt/nginx/s3.env
-
-[[ -z "$bucket" ]] && echo "No bucket selected" && exit 1
-
-[[ ! -f $s3env ]] && echo "No credentials to source!" && exit 1
-source $s3env
-
-pull() {
-	aws s3 sync s3://$bucket /opt/nginx/$bucket
-}
-
-
-case $bucket in 
-	resume.shockrah.xyz|shockrah.xyz|temper.tv) pull;;
-	*) echo "Invalid bucket name" && exit 1 ;;
-esac
-
-

infra/vultr-kubernetes/admin-services.tf

@@ -17,7 +17,7 @@ resource kubernetes_pod admin {
     }
     spec {
         node_selector = {
-            NodeType = var.admin_services.namespace
+            "vke.vultr.com/node-pool" = var.admin_services.namespace
         }
         container {
             image = each.value.image

infra/vultr-kubernetes/cluster.tf

@@ -22,7 +22,7 @@ resource vultr_kubernetes_node_pools games {
   label     = var.game_servers.namespace
   min_nodes = var.cluster.pools["games"].min
   max_nodes = var.cluster.pools["games"].max
-  tag       = var.admin_services.namespace
+  tag       = var.game_servers.namespace
 }
 
 output k8s_config {

infra/vultr-kubernetes/dev/find-server.py

@@ -8,7 +8,7 @@ def get_args() -> Namespace:
         prog="Cluster Search Thing",
         description="General utility for finding resources for game server bot"
     )
-    games = {"reflex", "minecraft"}
+    games = {"health", "reflex", "minecraft"}
     parser.add_argument('-g', '--game', required=False, choices=games)
 
     admin = {"health"}
@@ -21,11 +21,19 @@ def k8s_api(config_path: str) -> client.api.core_v1_api.CoreV1Api:
 
 def get_admin_service_details(args: ArgumentParser, api: client.api.core_v1_api.CoreV1Api):
     print('admin thing requested', args.admin)
+    services = api.list_service_for_all_namespaces(label_selector=f'app={args.admin}')
+    if len(services.items) == 0:
+        print(f'Unable to find {args.admin} amongst the admin-services')
+        return
+    
+    port = services.items[0].spec.ports[0].port
+    node_ips = list(filter(lambda a: a.type == 'ExternalIP', api.list_node().items[0].status.addresses))
+    ipv4 = list(filter(lambda item: not re.match('[\d\.]{3}\d', item.address), node_ips))[0].address
+    ipv6 = list(filter(lambda item: re.match('[\d\.]{3}\d', item.address), node_ips))[0].address
+    
+    print(f'{args.admin} --> {ipv4}:{port} ~~> {ipv6}:{port}')
 
 def get_game_server_ip(args: ArgumentParser, api: client.api.core_v1_api.CoreV1Api):
-    pods = api.list_pod_for_all_namespaces(label_selector=f'app={args.game}')
-    node_name = pods.items[0].spec.node_name
-
     services = api.list_service_for_all_namespaces(label_selector=f'app={args.game}')
     port = services.items[0].spec.ports[0].port
 

infra/vultr-kubernetes/firewall.tf

@@ -29,4 +29,3 @@ resource vultr_firewall_rule admin-service-inbound {
   notes = each.value.port.notes
   port = each.value.port.expose
 }
-

infra/vultr-kubernetes/variables.tfvars

@@ -21,31 +21,22 @@ cluster = {
 game_servers = {
   namespace = "games"
   configs = {
-    # minecraft = {
-    #   image = "itzg/minecraft-server"
-    #   cpu   = "1000m"
-    #   mem   = "2048Mi"
-    #   port  = {
-    #     expose = 30808
-    #     internal = 80
-    #   }
-    # }
   }
 }
 
 admin_services = {
   namespace = "admin-services"
   configs = {
-    # health = {
+    health = {
-    #   image = "nginx:latest"
+      image = "nginx:latest"
-    #   name  = "health"
+      name  = "health"
-    #   cpu   = "200m"
+      cpu   = "200m"
-    #   mem   = "64Mi"
+      mem   = "64Mi"
-    #   port  = {
+      port  = {
-    #     notes    = "Basic nginx sanity check service"
+        notes    = "Basic nginx sanity check service"
-    #     expose   = 30800
+        expose   = 30800
-    #     internal = 80
+        internal = 80
-    #   }
+      }
-    # }
+    }
   }
 }