diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix
index 1195b7f..9c87b27 100644
--- a/hosts/hainich/configuration.nix
+++ b/hosts/hainich/configuration.nix
@@ -20,12 +20,16 @@
     ./services/syncthing.nix
     ./services/monitoring.nix
     ./services/workadventure.nix
+    ./services/minecraft.nix
   ];
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
   boot.loader.grub.device = "/dev/sda";
   boot.supportedFilesystems = [ "zfs" ];
 
+  # stop presumably docker form loading ip_tables and breaking nftables
+  boot.blacklistedKernelModules = [ "ip_tables" "ip6_tables" ]; 
+
   # networking
   networking.hostName = "hainich";
   networking.hostId = "8a58cb2f";
diff --git a/hosts/hainich/services/minecraft.nix b/hosts/hainich/services/minecraft.nix
new file mode 100644
index 0000000..2e2c712
--- /dev/null
+++ b/hosts/hainich/services/minecraft.nix
@@ -0,0 +1,49 @@
+{pkgs, lib, config, ...}:
+{
+  nixpkgs.config.allowUnfree = true;
+  networking.firewall.allowedTCPPorts = [ 25565 ];
+  services.minecraft-server = {
+    enable = true;
+    eula = true;
+    declarative = true;
+    jvmOpts = "-Xmx1536M -Xms512M";
+
+    serverProperties = {
+      server-port = "25565";
+      gamemode = "survival";
+      motd = "NixCraft4future";
+      max-players = "20";
+      whitelist = true;
+      force-gamemode = true;
+      difficulty = "easy";
+      allow-flight= false;
+      pvp = false;
+      enable-rcon = false;
+    };
+
+    whitelist = {
+      AaronPirt = "bbb8a319-a0fe-4b7a-bdcc-d7941a7fcfa8";
+      ACY2003 = "e6caedfb-95de-44b6-bea7-962e765f2b74";
+      Hexchen = "137ad280-856c-4f27-b258-b263d4e6863b";
+      laXDer = "98043845-8bac-4d38-a479-d116eea90356";
+      Naigh = "96dd9a77-2a65-415b-8d48-1f00e146dc42";
+      Schweby = "a5680c67-1a85-4a9b-81b6-a3a0b7b52467";
+      wolkenzebratopf = "34f47e5b-3f81-4639-ab6b-97be5e358054";
+      yan_min = "a2d1b6f2-1b58-4433-be67-f9872c4332f1";
+      Zauberberg = "4c59c4c3-f16b-4b7e-b707-9a176958e7cf";
+    };
+
+    package = let 
+      version = "16.5-562";
+      url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/562/downloads/paper-1.16.5-562.jar";
+      sha256 = "6c9110cb096cf8015382c112c1cfaf61093fd41c807410b0f744bee5317a05fd";
+    in (pkgs.minecraft-server.overrideAttrs (old: rec {
+      name = "minecraft-server-${version}";
+      inherit version;
+
+      src = pkgs.fetchurl {
+        inherit url sha256;
+      };      
+    }));
+  };
+}
diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix
index ad7f0ba..56cf029 100644
--- a/hosts/hainich/services/nginx.nix
+++ b/hosts/hainich/services/nginx.nix
@@ -11,23 +11,17 @@
 # services.nginx.recommendedProxySettings = true;
 
   services.nginx.virtualHosts = let
-    rc3clustersite = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".proxyPass = "https://stuebinm.4future.dev/about-future-website/";
-    };
   in {
+    # let all empty subdomains pointing to hainich return 404
     "hainich.hacc.space" = {
+      default = true;
+      locations."/".return = "404";
+    };
+    "hacc.space" = {
       enableACME = true;
       forceSSL = true;
-      locations = {
-        "/" = {
-          return = "404";
-        };
-      };
+      locations."/".return = "301 https://hacc.earth";
     };
-    "freedom.rc3.io" = rc3clustersite;
-    "future.rc3.io" = rc3clustersite;
   };
 
   networking.firewall.allowedTCPPorts = [ 1935 ];