How does this shit works

Whitelist

The whitelist is managed by a plugin in the hub

ON/OFF automatically

The automatic on/off of the server is managed by the Pterodactyl Power Action plugin on Velocity throu the Pelican API. The Pelican API can befound in Profile >> API Keys

Auth a.k.a. passwords

The authentication is managed by various plugin that work together (and that cannot work if one is missing) including: - AuthMeVelocity on Velocity - AuthMeVelocity-Paper on the hub - AuthMe on the hub

Why is bStats active

Because of the greater good! you capitalist bastard! And also to support the plugin creators (especially Pterodactyl Power Action!)

How are the permission managed

The permissions are managed by LuckPerms, but in smaller servers where you don't need such control the permission are set with the vanilla Op command

How are permission set up with the server selector in the hub

The permissions for the server selector in the hub are managed by LuckPerms, by default a user must have the menuconn.use permission and it also needs a server-specific permission in the form of menuconn.server.<server-name>, usually all of this is set in some pre-written permissions groups

Why is LuckPerms context set to server and not to world like the docs say to

Bacause the docs are wrong! and the correct way to do this is to set server for server and world for actual fucking worlds!

My forced hosts are not working

The forced hosts work! it's just that AuthMeVelocity has a whitelist of auth servers and thus you can access only that list (hub), you can modify the list in the plugin config file

# plugins/authmevelocity/config.conf

auth-servers=[
    hub,
    add_server_here
]

That is VeloCity-Security / why am i getting banned / kicked

VeloCity-Security is a Velocity plugin that helps containing threads like bot nets pinging or DDoS attacks