s8n/minecraft-server

Fork 0

Commit graph

Author	SHA1	Message	Date
s8n	3336f52142	redact: scrub leaked Minecraft secrets from public repo Replaced literal values with env-var placeholders (${RCON_PASSWORD}, ${MGMT_SECRET}, ${MC_RCON_PASSWORD}) across server.properties, .rcon-cli.env, docker-compose.yml(s), backup scripts, and AUDIT-2026-05-07.md. Affected secrets: - Paper management-server-secret (HIGH; mitigated by management-server-enabled=false) - RCON password 'redacted' (MEDIUM; bound to 127.0.0.1) - MC_RCON_PASSWORD backup-pipeline default fallback (MEDIUM; same blast radius) WARNING: HEAD redaction only — values remain in git history. Treat as compromised and rotate (closes F-17 audit-finding's deferred TODO). Originals backed up to private s8n/secrets/minecraft-server/.	2026-05-08 15:36:20 +01:00
s8n	4c16cebb2b	backup: phase 1 + phase 2 scripts; daily script repaired and deployed Repairs the orphaned synapse-signing-key block at scripts/backup.sh lines 119-122 that was exiting the script under set -e before the Minecraft block could run, leaving 5 of the last 7 days without a world backup and zero usable snapshots after 7-day retention. Phase 1 (deployed today to /opt/docker/backup.sh on nullstone): - Repaired script — orphan block removed, MC arm wrapped so failures in one tar don't kill the run - tar exit code 1 ("file changed as we read it") now treated as success on the live MC world; spark profiler tmp file noise silenced via --ignore-failed-read --warning=no-file-changed - Plugin DBs (homestead, AuthMe, CoreProtect, LuckPerms) and configs now backed up alongside the world - Sentinel /opt/backups/.last-success stamped only when the world arm succeeds — gives outside monitors a single mtime to alert on - Manually verified end-to-end: 12G world tarball, 492M plugins, 279M dbs, 14 config files, sentinel updated. Pre-fix script saved at /opt/docker/backup.sh.bak-20260507-pre-phase1. Phase 2 (scripts in repo, deployment pending operator sudo): - scripts/restic-backup-playerdata.sh — Class A 5-min restic snapshots of playerdata/, stats/, advancements/, plugin DBs, LuckPerms; rcon save-all flush before snapshot; tag-scoped retention - scripts/restic-init.sh — one-time bootstrap (root-only) for /etc/mc-backup.{env,pw} + repo init at /home/user/restic/ - scripts/systemd/mc-backup-playerdata.{service,timer} — 5-min timer with hardening (ProtectSystem=strict, ReadOnlyPaths, etc) - docs/RUNBOOK-BACKUP-RESTORE.md updated with both phases' deployment steps and the operator-action checklist Off-host mirror to onyx (Phase 4) and class B/C/D world snapshots (Phase 3) are still TODO — see BACKUP-STRATEGY.md §11 phase plan.	2026-05-07 18:29:30 +01:00

Author

SHA1

Message

Date

s8n

3336f52142

redact: scrub leaked Minecraft secrets from public repo

Replaced literal values with env-var placeholders (${RCON_PASSWORD},
${MGMT_SECRET}, ${MC_RCON_PASSWORD}) across server.properties,
.rcon-cli.env, docker-compose.yml(s), backup scripts, and AUDIT-2026-05-07.md.

Affected secrets:
- Paper management-server-secret (HIGH; mitigated by management-server-enabled=false)
- RCON password '*redacted*' (MEDIUM; bound to 127.0.0.1)
- MC_RCON_PASSWORD backup-pipeline default fallback (MEDIUM; same blast radius)

WARNING: HEAD redaction only — values remain in git history. Treat as
compromised and rotate (closes F-17 audit-finding's deferred TODO).
Originals backed up to private s8n/secrets/minecraft-server/.

2026-05-08 15:36:20 +01:00

s8n

4c16cebb2b

backup: phase 1 + phase 2 scripts; daily script repaired and deployed

Repairs the orphaned synapse-signing-key block at scripts/backup.sh
lines 119-122 that was exiting the script under set -e before the
Minecraft block could run, leaving 5 of the last 7 days without a
world backup and zero usable snapshots after 7-day retention.

Phase 1 (deployed today to /opt/docker/backup.sh on nullstone):
- Repaired script — orphan block removed, MC arm wrapped so failures
  in one tar don't kill the run
- tar exit code 1 ("file changed as we read it") now treated as
  success on the live MC world; spark profiler tmp file noise
  silenced via --ignore-failed-read --warning=no-file-changed
- Plugin DBs (homestead, AuthMe, CoreProtect, LuckPerms) and configs
  now backed up alongside the world
- Sentinel /opt/backups/.last-success stamped only when the world
  arm succeeds — gives outside monitors a single mtime to alert on
- Manually verified end-to-end: 12G world tarball, 492M plugins,
  279M dbs, 14 config files, sentinel updated. Pre-fix script saved
  at /opt/docker/backup.sh.bak-20260507-pre-phase1.

Phase 2 (scripts in repo, deployment pending operator sudo):
- scripts/restic-backup-playerdata.sh — Class A 5-min restic snapshots
  of playerdata/, stats/, advancements/, plugin DBs, LuckPerms;
  rcon save-all flush before snapshot; tag-scoped retention
- scripts/restic-init.sh — one-time bootstrap (root-only) for
  /etc/mc-backup.{env,pw} + repo init at /home/user/restic/
- scripts/systemd/mc-backup-playerdata.{service,timer} — 5-min timer
  with hardening (ProtectSystem=strict, ReadOnlyPaths, etc)
- docs/RUNBOOK-BACKUP-RESTORE.md updated with both phases'
  deployment steps and the operator-action checklist

Off-host mirror to onyx (Phase 4) and class B/C/D world snapshots
(Phase 3) are still TODO — see BACKUP-STRATEGY.md §11 phase plan.

2026-05-07 18:29:30 +01:00

2 commits