Skip to content

Instantly share code, notes, and snippets.

@meseta
Last active December 28, 2023 05:44
Show Gist options
  • Save meseta/53bac1a27c4ab48065c49f509a18e55b to your computer and use it in GitHub Desktop.
Save meseta/53bac1a27c4ab48065c49f509a18e55b to your computer and use it in GitHub Desktop.
Initialization script for a quick SKGM-controlled server on DigitalOcean, Ubuntu 22.04
#!/bin/bash
apt-get update
apt-get install --no-install-recommends --yes \
curl \
ca-certificates \
gpg \
gpg-agent \
dirmngr
# Check if deb is in sources.list
echo "deb http://security.ubuntu.com/ubuntu xenial-security main" > /etc/apt/sources.list.d/xenial-security.list
echo "deb http://security.ubuntu.com/ubuntu focal-security main" > /etc/apt/sources.list.d/focal-security.list
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 40976EAF437D05B5 3B4FE6ACC0B21F32
gpg --export 40976EAF437D05B5 3B4FE6ACC0B21F32 >/etc/apt/trusted.gpg.d/security.ubuntu.com.gpg
apt-get update
apt-get install --no-install-recommends --yes \
libxxf86vm1 \
libgl1 \
libssl1.1 \
libxrandr2 \
libglu1-mesa \
libcurl4 \
libopenal1 \
xvfb \
libssl1.0.0 \
libcurl3-gnutls \
lsb-release \
nginx
# downlaod SKGM
mkdir -p /usr/local/bin
curl -L https://github.com/meseta/skgm/releases/download/v1.0.0/skgm.AppImage -o /usr/local/bin/skgm.AppImage
chmod +x /usr/local/bin/skgm.AppImage
# add unpriviledged user
adduser --disabled-password --gecos "" skgm
usermod -L skgm
# install the fake display startup scripts
cat >/etc/systemd/system/gamemaker-fake-display.service <<EOF
[Unit]
Description=GameMaker Fake Display
[Service]
Restart=on-failure
ExecStart=Xvfb :0 -screen 0 400x400x24
[Install]
WantedBy=default.target
EOF
# SKGM
cat >/etc/systemd/system/skgm.service <<EOF
[Unit]
Description=SeverKit GameMaker
Requires=gamemaker-fake-display
StartLimitBurst=5
StartLimitIntervalSec=30
[Service]
Restart=on-failure
Environment="DISPLAY=:0"
Environment="SKGM_PORT=5001"
ExecStart=/usr/local/bin/skgm.AppImage --appimage-extract-and-run
User=skgm
Group=skgm
[Install]
WantedBy=default.target
EOF
chmod 664 /etc/systemd/system/gamemaker-fake-display.service
chmod 664 /etc/systemd/system/skgm.service
systemctl daemon-reload
systemctl enable gamemaker-fake-display
systemctl enable skgm
systemctl start gamemaker-fake-display
systemctl start skgm
# self-signed certificate and nginx reverse proxy
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj "/C=US/ST=New York/L=New York City/O=Internet/OU=./CN=./emailAddress=."
cat >/etc/nginx/sites-enabled/gamemaker-5000.conf <<'EOF'
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:5000;
}
}
server {
listen 8443 ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:5001;
}
}
EOF
rm /etc/nginx/sites-enabled/default
systemctl restart nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment