fix: replace fabrictailor with skin restorer

configs/easyauth-extended.conf

@@ -0,0 +1,67 @@
+##                          ##
+##         EasyAuth         ##
+##  Extended Configuration  ##
+##                          ##
+
+# Block everything for unauthenticated players
+allow-chat = false
+allow-commands = false
+allowed-commands = []
+allow-movement = false
+allow-block-interaction = false
+allow-entity-interaction = false
+allow-block-breaking = false
+allow-entity-attacking = false
+allow-item-dropping = false
+allow-item-moving = false
+allow-item-using = false
+
+# Hide inventory while not logged in
+hide-inventory = true
+
+# Unauthenticated players are invulnerable and ignored by mobs
+player-invulnerable = true
+player-ignored = true
+
+# Rate limit teleportation for unauthed players
+teleportation-timeout-ms = 20
+
+# Command aliases
+aliases {
+    # /l for /login
+    login = true
+    # /reg for /register
+    register = true
+}
+
+# Try to rescue players stuck in portals
+try-portal-rescue = true
+
+# Password length limits
+min-password-length = 6
+max-password-length = 128
+
+# Username validation
+username-regexp = "^[a-zA-Z]{1,16}$"
+
+# No Floodgate
+floodgate-bypass-regex = false
+
+# Prevent same-name kicks
+prevent-another-location-kick = true
+
+# Don't force offline UUIDs (already in offline mode)
+forced-offline-uuid = false
+
+# Don't skip auth
+skip-all-auth-checks = false
+
+# Disallow case-insensitive duplicate usernames
+allow-case-insensitive-username = false
+
+# Prompt to authenticate every 10 seconds
+authentication-prompt-interval = 10
+
+# Log registration and login events
+log-player-registration = true
+log-player-login = true

configs/easyauth-main.conf

@@ -0,0 +1,51 @@
+##                          ##
+##         EasyAuth         ##
+##    Main Configuration    ##
+##                          ##
+
+# Don't auto-login players with Microsoft accounts — treat everyone the same
+premium-auto-login = false
+
+# All players are offline players
+offline-by-default = true
+
+# No Bedrock auto-login
+floodgate-auto-login = false
+
+# Session timeout: 24 hours (if they reconnect within this time, no re-login needed)
+session-timeout = 86400
+
+# Max login attempts before kick
+max-login-tries = 3
+
+# 5 minutes to authenticate before being kicked
+kick-timeout = 300
+
+# 2 minutes before they can rejoin after being kicked for failed attempts
+reset-login-attempts-timeout = 120
+
+# Registration is disabled for players — admin-only via `auth register <user> <pass>`
+# With enable-global-password=true and single-use-global-password=false,
+# the /register command is disabled. Players can only /login with a password set by admin.
+enable-global-password = true
+single-use-global-password = false
+
+# Hide player coordinates during auth (teleport to spawn)
+hide-player-coords = true
+
+# Hide unauthenticated players from everyone (requires Vanish mod)
+vanish-until-auth = true
+
+# Auth spawn location — players teleported here until authenticated
+world-spawn {
+    dimension = "minecraft:overworld"
+    x = -1965
+    y = 167
+    z = 1109
+    yaw = 0
+    pitch = 0
+}
+
+debug = false
+
+config-version = 2

configs/skinrestorer-config.json

@@ -0,0 +1,42 @@
+{
+  "language": "en_us",
+  "refreshSkinOnJoin": true,
+  "skinApplyDelayOnJoin": 0,
+  "fetchSkinOnFirstJoin": false,
+  "forceFirstJoinSkinFetch": false,
+  "firstJoinSkinProvider": "mojang",
+  "proxy": "",
+  "requestTimeout": 10,
+  "providers": {
+    "mojang": {
+      "enabled": true,
+      "cache": {
+        "enabled": true,
+        "expireAfterWrite": 86400
+      }
+    },
+    "ely_by": {
+      "enabled": true,
+      "cache": {
+        "enabled": true,
+        "expireAfterWrite": 86400
+      }
+    },
+    "mineskin": {
+      "enabled": true,
+      "cache": {
+        "enabled": true,
+        "expireAfterWrite": 86400
+      }
+    },
+    "collection": {
+      "enabled": false,
+      "cache": {
+        "enabled": true,
+        "expireAfterWrite": 604800
+      },
+      "sources": []
+    },
+    "custom": []
+  }
+}

flake.nix

@@ -23,6 +23,18 @@
       mcLogs = pkgs.writeShellScriptBin "mc-logs" ''
         ssh root@compsigh-minecraft "docker logs --tail ''${1:-100} -f minecraft"
       '';
+      mcRegister = pkgs.writeShellScriptBin "mc-register" ''
+        set -euo pipefail
+        USERNAME="''${1:?Usage: mc-register <username> <password>}"
+        PASSWORD="''${2:?Usage: mc-register <username> <password>}"
+        ssh root@compsigh-minecraft "docker exec minecraft rcon-cli auth register $USERNAME $PASSWORD"
+      '';
+      mcUpdatePassword = pkgs.writeShellScriptBin "mc-update-password" ''
+        set -euo pipefail
+        USERNAME="''${1:?Usage: mc-update-password <username> <password>}"
+        PASSWORD="''${2:?Usage: mc-update-password <username> <password>}"
+        ssh root@compsigh-minecraft "docker exec minecraft rcon-cli auth update $USERNAME $PASSWORD"
+      '';
       bootstrap = pkgs.writeShellScriptBin "mc-bootstrap" ''
         set -euo pipefail
         IP="''${1:?Usage: mc-bootstrap <server-ip>}"
@@ -70,17 +82,12 @@
           deploy
           bootstrap
           mcLogs
+          mcRegister
+          mcUpdatePassword
           pkgs.nh
           inputs.agenix.packages.${system}.default
         ];
 
-        shellHook = ''
-          echo "compsigh minecraft server"
-          echo "  mc-bootstrap — first-time install (mc-bootstrap <ip>)"
-          echo "  nhs          — deploy to server"
-          echo "  mc-logs      — tail server logs"
-          echo "  agenix       — manage secrets"
-        '';
       };
     };
 }

modules/minecraft.nix

@@ -16,6 +16,11 @@ let
     "threadtweak"
     "crashexploitfixer"
 
+    # Authentication & skins
+    "easyauth"
+    "skinrestorer"
+    "vanish"
+
     # Anti-cheat
     "anti-xray"
     "grimac"
@@ -109,10 +114,9 @@ in
       SIMULATION_DISTANCE = "10";
       SPAWN_PROTECTION = "0";
       ALLOW_FLIGHT = "TRUE";
-      ENABLE_WHITELIST = "TRUE";
+      ENABLE_WHITELIST = "FALSE";
-      ENFORCE_WHITELIST = "TRUE";
+      ENFORCE_WHITELIST = "FALSE";
-      WHITELIST = "jetpham";
+      ONLINE_MODE = "FALSE";
-      OPS = "jetpham";
       MOTD = "meet cool people \\u00A76\\u0026\\u0026\\u00A7r build cool things";
       OVERRIDE_ICON = "TRUE";
       REMOVE_OLD_MODS = "TRUE";
@@ -151,6 +155,11 @@ in
         cp ${../server-icon.png} ${mcDataDir}/server-icon.png
         mkdir -p ${mcDataDir}/config
         cp ${../configs/anti-xray.toml} ${mcDataDir}/config/anti-xray.toml
+        mkdir -p ${mcDataDir}/config/skinrestorer
+        cp ${../configs/skinrestorer-config.json} ${mcDataDir}/config/skinrestorer/config.json
+        mkdir -p ${mcDataDir}/config/EasyAuth
+        cp ${../configs/easyauth-main.conf} ${mcDataDir}/config/EasyAuth/main.conf
+        cp ${../configs/easyauth-extended.conf} ${mcDataDir}/config/EasyAuth/extended.conf
       '';
     };
   };