s8n/minecraft-server

Author SHA1 Message Date

Author	SHA1	Message	Date
s8n	3336f52142	redact: scrub leaked Minecraft secrets from public repo Replaced literal values with env-var placeholders (${RCON_PASSWORD}, ${MGMT_SECRET}, ${MC_RCON_PASSWORD}) across server.properties, .rcon-cli.env, docker-compose.yml(s), backup scripts, and AUDIT-2026-05-07.md. Affected secrets: - Paper management-server-secret (HIGH; mitigated by management-server-enabled=false) - RCON password 'redacted' (MEDIUM; bound to 127.0.0.1) - MC_RCON_PASSWORD backup-pipeline default fallback (MEDIUM; same blast radius) WARNING: HEAD redaction only — values remain in git history. Treat as compromised and rotate (closes F-17 audit-finding's deferred TODO). Originals backed up to private s8n/secrets/minecraft-server/.	2026-05-08 15:36:20 +01:00
s8n	4116d67eaf	feat(shop): stage ExcellentShop+CoinsEngine migration bundle Replaces EZShop 1.0-SNAPSHOT (bespoke, sell-only, 27-slot) and Kiranhart AuctionHouse 1.4.6 (ARR no-LICENSE, dupe history) with a single GPL-3 stack: ExcellentShop 5.0.1 + CoinsEngine 2.7.0 + nightcore 2.15.3. Per SHOP-SYSTEM-DECISION.md (commit `9565f0b`), Stack A wins on three counts: GPL-3 source (vs ARR/proprietary), unified theme across shop and AH, single-vendor support story under NightExpress. Jars sourced from upstream Reposilite repo.nightexpressdev.com — same artefacts a local mvn package would produce, just reproducible without the alex9849 integration that breaks on TLS handshake. SHA256SUMS committed for receipt; never re-fetched at swap time. Bundle: build/ — three jars + SHA256SUMS (~2.1MB total) configs/ — post-first-run overrides (chest module off, /shop alias, AH 1% tax + BIN+bid + 10 listings matches Kiranhart) scripts/ — swap.sh, rollback.sh, lp-shop-migration.sh, lp-shop-rollback.sh, docker-compose.patch.yml itzg integration: COPY_PLUGINS_SRC=/plugins-custom mount per ITZG-CUSTOM-JAR-PERSISTENCE.md, plus REMOVE_OLD_MODS_EXCLUDE expanded with the three new globs. LP migration grants default-tier excellentshop.* + coinsengine.* nodes; staff tier gets *.admin equivalents to legacy auctionhouse.moderator. Group prefixes/suffixes untouched per feedback_lp_prefixes_locked.md. DOES NOT touch live /data/plugins/EZShop or /data/plugins/AuctionHouse — staging only. Operator runs swap.sh in scheduled maintenance window. Refs: SHOP-SYSTEM-DECISION.md, AUDIT-2026-05-07.md F-11, ITZG-CUSTOM-JAR-PERSISTENCE.md, MIGRATION-PLAN-EXCELLENTSHOP.md.	2026-05-08 00:01:53 +01:00
s8n	41ae6f90ef	feat(chat): stage ChatChat migration bundle (jar + configs + swap scripts) Replaces CarbonChat 3.0.0-beta.36 — viewer-context bug on <luckperms_prefix>. ChatChat (HelpChat fork) renders per-recipient with sender-context PAPI + built-in Kyorifier (& -> MM). Built from upstream main HEAD via podman/temurin 21. Staged only — operator runs scripts/swap.sh during a quiet window. Rollback plan + smoke checklist in docs/MIGRATION-PLAN-CHATCHAT.md. JAR gitignored; rebuild via staging/chatchat/build/build.sh.	2026-05-07 22:23:11 +01:00

s8n

3336f52142

redact: scrub leaked Minecraft secrets from public repo

Replaced literal values with env-var placeholders (${RCON_PASSWORD},
${MGMT_SECRET}, ${MC_RCON_PASSWORD}) across server.properties,
.rcon-cli.env, docker-compose.yml(s), backup scripts, and AUDIT-2026-05-07.md.

Affected secrets:
- Paper management-server-secret (HIGH; mitigated by management-server-enabled=false)
- RCON password '*redacted*' (MEDIUM; bound to 127.0.0.1)
- MC_RCON_PASSWORD backup-pipeline default fallback (MEDIUM; same blast radius)

WARNING: HEAD redaction only — values remain in git history. Treat as
compromised and rotate (closes F-17 audit-finding's deferred TODO).
Originals backed up to private s8n/secrets/minecraft-server/.

2026-05-08 15:36:20 +01:00

s8n

4116d67eaf

feat(shop): stage ExcellentShop+CoinsEngine migration bundle

Replaces EZShop 1.0-SNAPSHOT (bespoke, sell-only, 27-slot) and Kiranhart
AuctionHouse 1.4.6 (ARR no-LICENSE, dupe history) with a single GPL-3
stack: ExcellentShop 5.0.1 + CoinsEngine 2.7.0 + nightcore 2.15.3.

Per SHOP-SYSTEM-DECISION.md (commit 9565f0b), Stack A wins on three
counts: GPL-3 source (vs ARR/proprietary), unified theme across shop
and AH, single-vendor support story under NightExpress.

Jars sourced from upstream Reposilite repo.nightexpressdev.com — same
artefacts a local mvn package would produce, just reproducible without
the alex9849 integration that breaks on TLS handshake. SHA256SUMS
committed for receipt; never re-fetched at swap time.

Bundle:
  build/    — three jars + SHA256SUMS (~2.1MB total)
  configs/  — post-first-run overrides (chest module off, /shop alias,
              AH 1% tax + BIN+bid + 10 listings matches Kiranhart)
  scripts/  — swap.sh, rollback.sh, lp-shop-migration.sh,
              lp-shop-rollback.sh, docker-compose.patch.yml

itzg integration: COPY_PLUGINS_SRC=/plugins-custom mount per
ITZG-CUSTOM-JAR-PERSISTENCE.md, plus REMOVE_OLD_MODS_EXCLUDE expanded
with the three new globs.

LP migration grants default-tier excellentshop.* + coinsengine.*
nodes; staff tier gets *.admin equivalents to legacy
auctionhouse.moderator. Group prefixes/suffixes untouched per
feedback_lp_prefixes_locked.md.

DOES NOT touch live /data/plugins/EZShop or /data/plugins/AuctionHouse
— staging only. Operator runs swap.sh in scheduled maintenance window.

Refs: SHOP-SYSTEM-DECISION.md, AUDIT-2026-05-07.md F-11,
ITZG-CUSTOM-JAR-PERSISTENCE.md, MIGRATION-PLAN-EXCELLENTSHOP.md.

2026-05-08 00:01:53 +01:00

s8n

41ae6f90ef

feat(chat): stage ChatChat migration bundle (jar + configs + swap scripts)

Replaces CarbonChat 3.0.0-beta.36 — viewer-context bug on <luckperms_prefix>.
ChatChat (HelpChat fork) renders per-recipient with sender-context PAPI +
built-in Kyorifier (& -> MM). Built from upstream main HEAD via podman/temurin 21.

Staged only — operator runs scripts/swap.sh during a quiet window. Rollback
plan + smoke checklist in docs/MIGRATION-PLAN-CHATCHAT.md. JAR gitignored;
rebuild via staging/chatchat/build/build.sh.

2026-05-07 22:23:11 +01:00

3 commits