diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix
index 67731ea..ed09283 100644
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@@ -98,8 +98,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
             path = "/var/lib/jland/jland.env";
             # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
             mode = "0440";
-            owner = config.users.users.jland.name;
-            group = config.users.groups.jland.name;
+            owner = config.users.users.daniel.name;
+            group = config.users.groups.daniel.name;
+          };
+
+          "dawncraft.env" = {
+            path = "/var/lib/dawncraft/dawncraft.env";
+            # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
+            mode = "0440";
+            owner = config.users.users.daniel.name;
+            group = config.users.groups.daniel.name;
           };
 
           plausible-admin-password = {
@@ -478,7 +486,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
           "caddy" # write access to /storage/files.lyte.dev
           "users" # general users group
           "jellyfin" # write access to /storage/jellyfin
-          "jland"
           "flanilla"
         ];
       };
@@ -890,6 +897,58 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         26965
       ];
     }
+    {
+      # dawncraft minecraft server
+      systemd.tmpfiles.rules = [
+        "d /storage/dawncraft/ 0770 1000 1000 -"
+        "d /storage/dawncraft/data/ 0770 1000 1000 -"
+        "d /storage/dawncraft/worlds/ 0770 1000 1000 -"
+        "d /storage/dawncraft/downloads/ 0770 1000 1000 -"
+      ];
+      virtualisation.oci-containers.containers.minecraft-dawncraft = {
+        autoStart = true;
+
+        # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/
+        image = "docker.io/itzg/minecraft-server";
+        extraOptions = [
+          "--tty"
+          "--interactive"
+        ];
+        environment = {
+          EULA = "true";
+
+          STOP_SERVER_ANNOUNCE_DELAY = "20";
+          TZ = "America/Chicago";
+          VERSION = "1.18.2";
+          MEMORY = "8G";
+          MAX_MEMORY = "16G";
+
+          ALLOW_FLIGHT = "true";
+          ENABLE_QUERY = "true";
+          SERVER_PORT = "26968";
+          QUERY_PORT = "26968";
+
+          TYPE = "AUTO_CURSEFORGE";
+          CF_SLUG = "dawn-craft";
+
+          CF_EXCLUDE_MODS = "368398";
+          CF_FORCE_SYNCHRONIZE = "true";
+          # CF_FILE_ID = "5247696"; # 2.0.7 server
+        };
+        environmentFiles = [
+          config.sops.secrets."dawncraft.env".path
+        ];
+        ports = ["26968:26968/tcp" "26968:26968/udp"];
+        volumes = [
+          "/storage/dawncraft/data:/data"
+          "/storage/dawncraft/worlds:/worlds"
+          "/storage/dawncraft/downloads:/downloads"
+        ];
+      };
+      networking.firewall.allowedTCPPorts = [
+        26968
+      ];
+    }
     {
       virtualisation.oci-containers.containers.minecraft-flanilla = {
         autoStart = true;
diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml
index e30bc51..74273da 100644
--- a/secrets/beefcake/secrets.yml
+++ b/secrets/beefcake/secrets.yml
@@ -13,6 +13,7 @@ plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBz
 plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
 nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
 jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
+dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str]
 api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
 sops:
     kms: []
@@ -38,8 +39,8 @@ sops:
             b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
             nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-02T19:02:54Z"
-    mac: ENC[AES256_GCM,data:NcJuWZUho49dKGoDgIUkbuTVv34xLsl/JLYxLVkr1CndckPqsKpcYgjbgvmkB1zfy9x3KLbpLKpJ7DtsmjgY1UhL44TDLQg3CoItmWlna+kQgcgyrmmGE/8S/er+zWruPdnY8233ikLRzVBrcwwXm6V5sYMJO4S33LFW/G28HQ8=,iv:kudZwEq8rroOxRiH+Qhao/rhJI49HrMgdElkgSPmjXE=,tag:my5PQ4OZO7KnqtPAWZ3vMQ==,type:str]
+    lastmodified: "2024-05-07T04:00:34Z"
+    mac: ENC[AES256_GCM,data:e7v7J2QM6p4ljrdEX6uM7PHWb0/DKt1aWIro+YkQct1ym772WKtWFzzm+mV2wqBLLXCAKy7MJ7Y89iTysFO3pdGX1zdw3wMbNfmTCCXCKAUcIih4O0hLHqrfwcoVOuQ0SALESshDmUew/Gqu6NSrL6Wo+jNo7LEAHZ7kFtkP8rQ=,iv:0fmHOKlBzIhKQ4G6DDwlIW2WpLjIS/OAWLexND+/HAQ=,tag:FSqO8/14JwhobpIKaHk77w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1