Generally applicable Ansible playbooks for administering a small to medium server network for Team Fortress 2.
These playbooks are currently made to support a separately-hosted SourceBans++ ban system.
Ansible requires Linux. If you're running Windows, you'll need to set up WSL.
- Assuming you're using Ubuntu, install Python, Ansible, and Docker in WSL using
sudo apt-get install python3 ansible docker.io - On all server "hosts":
-
sudo apt-get install docker.io- Install Docker
-
sudo useradd -Um tf2server- Create thetf2serveruser
-
sudo usermod -aG docker tf2server- Grant them thedockerrole
- Build your Ansible inventory and global/host variables using the samples:
inventory.yml.samplegroup_vars/tf2.secret.yml.samplehost_vars/host.secret.yml.sample
make base- Build the base Team Fortress 2 server Docker imagemake sm- Distribute and build SourceModmake srcds- Build instance imagesmake deploy- Start containers & setup crontabmake relay- Build and start the Discord -> Server relay/RCON bot (if configured)
You can perform all of these in order with simply
make
You can update your admins/reserved slots at any time withmake admins
ansible-tf2network uses Ansible to provide a user-friendly and extensive configuration interface, and Docker to make your deploys consistent regardless of host. If you upgrade or move hosts, all you need to do is point your host record in inventory.yml at the new IP.
Since the playbooks keep their activity contained within the tf2server user folder with no actions performed as root, cleaning up a host after using ansible-tf2network can be done with these commands:
userdel -r tf2server- Delete their userdocker stop [...]- Stop the containers (do this for all servers)docker container prune- Remove the containersdocker image prune -a- Remove all unused Docker images
ansible-tf2network server configuration has 3 scopes: default, ruleset, and instance. Overriding configuration from outer scopes is possible within inner scopes, e.g., ruleset config overrides default config, and instance config overrides both.
Mapcycle configurations are separate from these scopes, and the mapcycle to be used is defined in the instance scope.
Default, ruleset, and mapcycle configuration is defined in group_vars/tf2.yml, and instance config is defined per-host in host_vars.
Some plugin configuration use Valve's KeyValues format (referred to in these playbooks as 'VDF'), and some use Valve's CFG format.
ansible-tf2network supports an unlimited amount of both formats by defining a default in the global scope (group_vars/tf2.yml, default_cfgs, default_vdfs), which can be further tweaked in the ruleset and instance scopes. Note that a configuration must exist in the global scope in order for it to be included in the server.
KeyValues configurations can vary wildly, and as such, the entire configuration must be redefined in the inner scope. CFG overriding works as they usually contain all convars set by a plugin.
Only the secrets are encrypted! This makes it possible for users to view your server configuration if they're curious, as well as propose changes.
Using the discord_relay plugin (depends on discord plugin, uses a webhook in host_vars/{host}.secret.yml) facilitates a Server to Discord relay, and correctly configuring your Discord bot (in group_vars/tf2.secret.yml and host_vars/{host}.yml) facilitates a Discord to Server relay between a specified Discord channel and Team Fortress 2 server. You can also allow specific Discord user IDs access to the /rcon command, which allows remote control of the server network.
- Set up SB++ automatically on a 'metrics' host
- Have
relaytarget a 'metrics' host as they do not rely on being on thetf2hosts - Configuration standardization pass to hopefully reduce confusion
There is a pre-commit hook that you should enable to ensure you don't commit any unencrypted secret:
ln .hooks/pre-commit .git/hooks/pre-commit