diff --git a/flake.nix b/flake.nix
index 3293983..641b74a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -367,6 +367,41 @@
         ];
       };
 
+      musicbox = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = with nixosModules; [
+          {
+            _module.args = {
+              disks = ["/dev/sda"];
+              # swapSize = "8G";
+            };
+          }
+          outputs.diskoConfigurations.unencrypted
+          hardware.nixosModules.common-pc-laptop-ssd
+
+          music-production
+          common
+          graphical-workstation
+          wifi
+
+          # ./nixos/musicbox.nix
+
+          {
+            boot.loader.systemd-boot.enable = true;
+            boot.loader.efi.canTouchEfiVariables = true;
+            hardware.bluetooth.enable = true;
+            networking.networkmanager.enable = true;
+
+            home-manager.users.daniel = {
+              imports = with homeManagerModules; [
+                firefox-no-tabs
+                linux-desktop-environment-config
+              ];
+            };
+          }
+        ];
+      };
+
       rascal = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = with nixosModules; [
diff --git a/nixos/router.nix b/nixos/router.nix
index c98400c..794bb7c 100644
--- a/nixos/router.nix
+++ b/nixos/router.nix
@@ -35,6 +35,12 @@
     dragon = {
       ip = "192.168.0.10";
     };
+    bald = {
+      ip = "192.168.0.11";
+      additionalHosts = [
+        "ourcraft.lyte.dev"
+      ];
+    };
     beefcake = {
       ip = "192.168.0.9";
       additionalHosts = [
@@ -174,6 +180,7 @@ in {
             tcp dport { 80, 443 } accept comment "Allow HTTP/HTTPS to server (see nat prerouting)"
             udp dport { 80, 443 } accept comment "Allow QUIC to server (see nat prerouting)"
             tcp dport { 22 } accept comment "Allow SSH to server (see nat prerouting)"
+            tcp dport { 25565 } accept comment "Allow Minecraft server connections (see nat prerouting)"
 
             iifname "${lan}" accept comment "Allow local network to access the router"
             iifname "tailscale0" accept comment "Allow local network to access the router"
@@ -213,7 +220,9 @@ in {
             iifname ${wan} tcp dport {22} dnat to ${hosts.beefcake.ip}
             iifname ${wan} tcp dport {80, 443} dnat to ${hosts.beefcake.ip}
             iifname ${wan} udp dport {80, 443} dnat to ${hosts.beefcake.ip}
-            iifname ${wan} tcp dport {25565, 26966} dnat to ${hosts.beefcake.ip}
+            iifname ${wan} tcp dport {26966} dnat to ${hosts.beefcake.ip}
+            iifname ${wan} tcp dport {25565} dnat to ${hosts.bald.ip}
+            iifname ${wan} udp dport {25565} dnat to ${hosts.bald.ip}
           }
 
           chain postrouting {