Game Servers
Game servers running on dedicated DMZ VMs as Docker Compose workloads. Provisioned by Terraform, configured by Ansible, deployed through GitHub Actions.
Hosts#
| Host | VM Specs | Ansible Role |
|---|---|---|
| dmz-cs16 | 2 cores, 2GB RAM | cs16-server |
| dmz-minecraft | 2 cores, default RAM | minecraft-server |
| dmz-minecraft-java | 4 cores, 16GB RAM | minecraft-java-server |
| dmz-ut2k4 | 2 cores, 4GB RAM | ut2k4-server |
Each VM runs on Proxmox, sits on VLAN 3 (DMZ), and ships logs to Loki via Promtail.
Public Servers#
Accessible from the internet via FortiGate VIP NAT.
| Game | Address | Port | Protocol |
|---|---|---|---|
| Counter-Strike 1.6 | cs16.heezy.info | 27015 | UDP/TCP |
| CS 1.6 Fast Download | cs16.heezy.info | 80 | TCP |
| Minecraft Bedrock (Creative) | mc.heezy.info | 19132 | UDP |
| Minecraft Bedrock (Survival) | mc.heezy.info | 19133 | UDP |
| Unreal Tournament 2004 | ut2k4.heezy.info | 7777, 7778, 7787, 28902, 80 | UDP/TCP |
Counter-Strike 1.6#
Image: archont94/counter-strike1.6. AMX Mod X enabled, 16 player max, de_dust2 default. Fast download on port 80. Config, map cycle, AMX config, and ban lists managed in the cs16-server Ansible role.
Map rotation: de_dust2, de_dust, de_inferno, de_nuke, de_train, cs_office, cs_italy, cs_assault, de_aztec, de_cbble, de_prodigy, cs_militia.
Minecraft Bedrock#
Two itzg/minecraft-bedrock-server containers on dmz-minecraft. Creative on 19132, Survival on 19133. Both require Xbox Live auth (ONLINE_MODE: true). Weekly backups via cron, pulled to NFS by the minecraft-backup-manager role, rotated at 28 days.
Unreal Tournament 2004#
Image: phasecorex/ut2004-server:latest. Deathmatch and Capture the Flag modes, 12 player max. Config and map cycle managed in the ut2k4-server Ansible role. GameSpy query port 7787, web admin on 80.
LAN-Only Servers#
Three itzg/minecraft-server containers on dmz-minecraft-java. An external VIP exists but the firewall policy is set to deny. These run with online-mode=false (no Mojang auth). Clients connect using offline profiles via Prism Launcher. See Minecraft, Modding, and Java.
| Server | Loader | Version | Port | Memory |
|---|---|---|---|---|
| Vanilla | None | Latest | 25565 | 2GB |
| Adventure | Forge | 1.20.1 | 25566 | 6GB |
| Cobblemon | Fabric | 1.21.1 | 25567 | 2GB |
Adventure server mods (auto-resolved from Modrinth with dependencies):
- Cataclysm
- Deeper and Darker
- Dungeons and Taverns
- Alex’s Mobs
- YUNG’s Better Dungeons
- YUNG’s Better Nether Fortresses
- YUNG’s Better Ocean Monuments
- YUNG’s Better Strongholds
- YUNG’s Better Mineshafts
- YUNG’s Better Desert Temples
- YUNG’s Better Jungle Temples
- YUNG’s Better Witch Huts
- YUNG’s Better End Island
- Knight Quest
- Combat Nouveau
- Expanded Combat
- When Dungeons Arise
- Simply Swords
- Mowzie’s Mobs
- Blue Skies
Cobblemon server runs the Cobblemon mod via Modrinth with required dependencies auto-downloaded.
Deployment#
Each game server is a dedicated DMZ VM provisioned by Terraform and configured by Ansible. The general flow for any server:
- Terraform creates the VM on Proxmox, assigns it to VLAN 3 (DMZ), and triggers the baseline Ansible playbook via GitHub Actions
- The VM gets a DHCP lease, the IP gets hardcoded as a DHCP reservation so it never shuffles on reboot
- Firewall objects and VIP NAT rules are added to terraform-heezy: an address object for the VM’s IP, a VIP for each public port, and policies for inbound game traffic and Ansible SSH access from the runner
- The Ansible role deploys a Docker Compose stack with the game server image, a systemd service to manage it, and UFW rules for the exposed ports
- The
docker-compose-updaterrole schedules weekly image pulls every Sunday at 5am Eastern
Pushing to the relevant Ansible role paths triggers the workflow automatically. All four servers follow this same pattern.