Skip to content

Instantly share code, notes, and snippets.

@soccermitchy

soccermitchy/README.md

Last active January 2, 2018 18:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save soccermitchy/e9403f129d9dc8f5c8de5697e4b93e9b to your computer and use it in GitHub Desktop.
Save soccermitchy/e9403f129d9dc8f5c8de5697e4b93e9b to your computer and use it in GitHub Desktop.
Download ZIP
SystemD service file for GT-MP
Raw
README.md

Something I threw together in a few minutes. Assumes you have mono installed (i mean, it's kinda required to run the server on linux)

Installation

  1. Throw the .service file into /etc/systemd/system/
  2. Run systemctl enable gtmp-server to enable running the server on startup
  3. Run systemctl start gtmp-server to start the server.

Usage

You can view logs of the running server with journalctl -u gtmp-server. Additionally, you can add filters like...

  • --since: Show logs since the certain time (ie. --since today)
    • Also works with dates/times in the format: YYYY-MM-DD HH:MM:SS (--since 2017-12-31 02:13:00)
  • -n: Show last n lines (ie. -n 50 to show last 50 lines)
  • -f: Show last few lines, and monitor for new lines (kind of like tail -f)
  • -b: Show logs since last system boot
    • You can use journalctl --list-boots to list boots, then do -b [boot number] to show a logs on that specific boot of the server. For example, for boot number -1, I would do: journalctl -u gtmp-server -b -1.

Advantages vs screen, tmux

  • Does not require using external services
  • Works with systemd's VM management system (machinectl, systemctl --machine)
  • Uses less disk space due to less dependencies (but not that much, really)

Security Config

I also included a second configuration that sandboxes the server a bit more from the rest of the system. This is done using systemd dynamic users, introduced in systemd 235 (released October 2017). Enabling dynamic users has the following side effects from the options it implies:

  • ProtectSystem=strict - mounts /usr and /boot read only for the service
  • ProtectHome=read-only - mounts /home, /root, and /run/user read-only for the service
    • Set this to true to completely block reads on these directories
  • PrivateTmp=true - Gives the service it's own /tmp and /var/tmp directories, separate from the rest of the system
  • RemoveIPC=true - Removes IPC objects after the service dies (Shared memory, message queues, and semaphores)

You will need to make sure to set the StateDirectory value to the path to the server, or else the server will not be able to write to it's own directory. For more information on DynamicUser, take a look at this article.

Raw
gtmp-server-secure.service
[Unit]
Description=Grand Theft Multiplayer Server
After=network.target
[Service]
ExecStart=/usr/bin/env mono GrandTheftMultiplayer.Server.exe
WorkingDirectory=/opt/gt-mp_server
DynamicUser=yes
StateDirectory=/opt/gt-mp_server
[Install]
WantedBy=multi-user.target
Raw
gtmp-server.service
[Unit]
Description=Grand Theft Multiplayer Server
After=network.target
[Service]
ExecStart=/usr/bin/env mono GrandTheftMultiplayer.Server.exe
WorkingDirectory=/opt/gt-mp_server
User=gtmp-server
[Install]
WantedBy=multi-user.target
@Omeryl
Copy link

Omeryl commented Jan 2, 2018

👍 for not requiring something as obscure as PHP, and using the built in init.d!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment