From 62ba507c934aa5aa12758998579c7a3461a3e46d Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Sun, 18 Apr 2021 11:09:56 +0200
Subject: [PATCH] saving uncommitted changes in /etc prior to apt run

---
 .etckeeper                       |  1 +
 motd                             |  9 ++++--
 passwd                           |  2 +-
 passwd-                          |  1 +
 systemd/system/minecraft.service | 54 ++++++++++++++++++++++++++++++++
 5 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 systemd/system/minecraft.service

diff --git a/.etckeeper b/.etckeeper
index 72e548a..350183e 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -1317,6 +1317,7 @@ maybe chmod 0755 'systemd/system/cloud-init.target.wants'
 maybe chmod 0755 'systemd/system/getty.target.wants'
 maybe chmod 0755 'systemd/system/mariadb.service.d'
 maybe chmod 0644 'systemd/system/mariadb.service.d/override.conf'
+maybe chmod 0644 'systemd/system/minecraft.service'
 maybe chmod 0755 'systemd/system/multi-user.target.wants'
 maybe chmod 0755 'systemd/system/netdata.service.d'
 maybe chmod 0644 'systemd/system/netdata.service.d/limits.conf'
diff --git a/motd b/motd
index 3e83904..34a2924 100644
--- a/motd
+++ b/motd
@@ -6,8 +6,13 @@ Debian GNU/Linux 10 (buster)
 |_| |_|\___|_|\__, |\__,_|
               |___/       
 
-Was dem Herzen widerstrebt, lÃ¤Ãt der Kopf nicht ein.
-		-- Arthur Schopenhauer
+Ein Ostfriese sah in einem GeschÃ¤ft einen Handspiegel und sagte:
+"Potzblitz, das ist ja mein verstorbener Vater." So kaufte er den
+Spiegel und guckte ihn sich jeden Morgen an. Als seine Frau ihn dabei
+einmal beobachtete, holte sie, sobald er den Raum verlassen hatte, den
+Spiegel hervor und betrachtete ihn lange und ausfÃ¼hrlich, dann begann
+sie zu schluchzen und sagte: "Ich dachte mir schon, daÃ er mich
+betrÃ¼gt.  Aber muÃ sie so hÃ¤Ãlich sein?"
 
 Today is Pungenday, the 35th day of Discord in the YOLD 3187
 
diff --git a/passwd b/passwd
index 79d8be1..e970e09 100644
--- a/passwd
+++ b/passwd
@@ -41,4 +41,4 @@ netdata:x:2004:2004::/home/netdata:/usr/sbin/nologin
 ulog:x:115:124::/var/log/ulog:/bin/false
 nagios:x:116:125::/var/lib/nagios:/usr/sbin/nologin
 taurec:x:1000:100:Joern Valentin:/home/taurec:/bin/sh
-minecraft:x:1222:100:Minecraft server user:/home/minecraft:/bin/sh
+minecraft:x:1222:100:Minecraft server user:/home/minecraft:/bin/bash
diff --git a/passwd- b/passwd-
index 27dd188..79d8be1 100644
--- a/passwd-
+++ b/passwd-
@@ -41,3 +41,4 @@ netdata:x:2004:2004::/home/netdata:/usr/sbin/nologin
 ulog:x:115:124::/var/log/ulog:/bin/false
 nagios:x:116:125::/var/lib/nagios:/usr/sbin/nologin
 taurec:x:1000:100:Joern Valentin:/home/taurec:/bin/sh
+minecraft:x:1222:100:Minecraft server user:/home/minecraft:/bin/sh
diff --git a/systemd/system/minecraft.service b/systemd/system/minecraft.service
new file mode 100644
index 0000000..931d5bc
--- /dev/null
+++ b/systemd/system/minecraft.service
@@ -0,0 +1,54 @@
+[Unit]
+Description=Franks Minecraft Server
+
+Wants=network.target
+After=network.target
+
+[Service]
+WorkingDirectory=/home/minecraft/server
+Environment=SCREENDIR=/home/minecraft/.screen
+
+# Users Database is not available for within the unit, only root and minecraft is available, everybody else is nobody
+PrivateUsers=true
+
+User=minecraft
+Group=users
+
+# Read only mapping of /usr /boot and /etc
+#ProtectSystem=full 
+
+# /home, /root and /run/user seem to be empty from within the unit. It is recommended to enable this setting for all long-running services (in particular network-facing ones).
+#ProtectHome=true
+
+# /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be read-only within the unit.
+# It is recommended to turn this on for most services.
+# Implies MountFlags=slave
+ProtectKernelTunables=true
+
+# Block module system calls, also /usr/lib/modules. It is recommended to turn this on for most services that do not need special file systems or extra kernel modules to work
+# Implies NoNewPrivileges=yes
+ProtectKernelModules=true
+
+# It is hence recommended to turn this on for most services.
+# Implies MountAPIVFS=yes
+ProtectControlGroups=true
+
+#ExecStart=/usr/bin/screen -DmS mc-server /usr/bin/java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui
+
+ExecStart=/bin/bash -c '/usr/bin/screen -D -m -S mc-server /usr/bin/java -server -Xms1024M -Xmx1024M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -jar minecraft_server.jar nogui'
+
+ExecReload=/usr/bin/screen -p 0 -S mc-server -X eval 'stuff "reload"\\015'
+
+ExecStop=/usr/bin/screen -p 0 -S mc-server -X eval 'stuff "say SERVER SHUTTING DOWN IN 5 SECONDS. SAVING ALL MAPS..."\015'
+ExecStop=/bin/sleep 5
+ExecStop=/usr/bin/screen -p 0 -S mc-server -X eval 'stuff "save-all"\015'
+ExecStop=/usr/bin/screen -p 0 -S mc-server -X eval 'stuff "stop"\015'
+ExecStop=/bin/sleep 10
+
+Restart=on-failure
+RestartSec=60s
+
+
+[Install]
+WantedBy=multi-user.target
+
-- 
2.39.5