So, while I'm back at working out daily to try and shave off some unnecessary weight, I also took a hack at some new containerization + VPN wizardry and set my kids up on Minecraft.

They play it a lot already, but only in local mode. We'd had their accounts disabled to open servers because I can't control the actions of other kids, so I built a local server, but they run bedrock edition (Amazon Kindle tablets their grandparents bought them), so I had to figure something out. Turned out it wasn't trivial:

  1. Setup a Minecraft server in a container. I use traefik and docker compose, so that wasn't too difficult.
  2. Add the geyser and floodgate tools to allow for bedrock users. I added in the ViaVersion, ViaBackwards and ViaRewind so I can support Java editions without version control issues too.
  3. Add the routing on my UniFi from outside to my container server, including the rules for the right ports in both TCP (Java) and UDP (Bedrock). Also had to remember to do ufw for the ports on the linux box itself.
  4. Create a VPN server for my kids on my UniFi router. Static IP assignment from inside my network, that then restricts their ability to access the UDP port for Bedrock to any IP in the world other than my server. So, they can see other servers in their server list, but they all fail to connect.
  5. ADB sideload Wireguard onto their tablets and set the VPN persistence to always on and always enforced. Fun to get the keys to match up when it's hard to tell the difference between a capital I and a lowercase l on a tiny Kindle screen.
  6. This VPN has an added benefit: when I eventually allow them to use Silk (web browser) on their tablets, I'll have way more granular control over their browsing than just normal tools.
  7. Create the right whitelisting scripts for the Minecraft server itself.
  8. Boom. They can play Minecraft together, and only with each other, me, and the cousins I've whitelisted.

Now, the next fun thing for me to work on is going to be a heck of a lot crazier, and for me, not for the kids... In fact, it'll be the third transition of this blog to yet a newer infrastructure. Here's wishing me luck!