# Productivity Stack GitLab, Vaultwarden, FreshRSS, Linkwarden, and Prosody. ## Services | Service | Port | Description | |---------|------|-------------| | gitlab | 8929:80, 2222:22 | Git repository | | vaultwarden | 4743:80 | Password manager | | freshrss | 8054:80 | RSS reader | | linkwarden | 3030:3000 | Bookmark manager | | prosody | 5222, 5269, 5280, 5281 | XMPP server | ## GitLab ### Initial Setup GitLab runs migrations on first start - takes 15-20 minutes. Be patient. ### Get Root Password ```bash docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password ``` ### NGINX Proxy Manager Create HTTPS proxy for `git.rishighan.com` pointing to `192.168.1.75:8929` GitLab recommends SSL, so use HTTPS. ## Vaultwarden ### NGINX Proxy Manager Create HTTPS proxy for `vault.rishighan.com` pointing to `192.168.1.75:4743` ### Admin Panel Access at `https://vault.rishighan.com/admin` with the `ADMIN_TOKEN` from stack.env ## FreshRSS ### NGINX Proxy Manager Create HTTPS proxy for `rss.rishighan.com` pointing to `192.168.1.75:8054` ### Import Feeds 1. Copy `feeds.opml` to `/mnt/user/appdata/freshrss/` 2. In FreshRSS: Settings → Import/Export → Import OPML 3. Enable `af_readability` extension to bypass paywalls The OPML contains curated feeds for Gaming, Tech, Politics, Weather, and World News - free from paywalled bullshit. ## Linkwarden ### NGINX Proxy Manager Create HTTPS proxy for `links.rishighan.com` pointing to `192.168.1.75:3030` ## Prosody Self-hosted XMPP server for `rishighan.com`. Image: `prosodyim/prosody:13.0`. ### Ports | Port | Purpose | |------|---------| | 5222 | Client-to-server (c2s) | | 5269 | Server-to-server / federation (s2s) | | 5280 | HTTP file uploads (proxied via NPM) | | 5281 | HTTPS/BOSH (direct) | Both 5222 and 5269 must be forwarded on the UDM Pro to Flook (192.168.1.75). File uploads: NPM proxies `xmpp.rishighan.com` → `192.168.1.75:5280`. ### TLS Cert Issued manually via certbot DNS challenge covering `rishighan.com` and `xmpp.rishighan.com`. Certs stored at `./certs/privkey.pem` and `./certs/fullchain.pem` (copied from appdata archive, not symlinked). **Cert expires: 2026-05-24. Renew before then:** ```bash certbot certonly --manual --preferred-challenges dns \ --config-dir /mnt/user/appdata/prosody/certs \ --work-dir /mnt/user/appdata/prosody/certs/work \ --logs-dir /mnt/user/appdata/prosody/certs/logs \ -d rishighan.com -d xmpp.rishighan.com # Copy new certs (increment N to match new archive version): cp /mnt/user/appdata/prosody/certs/archive/xmpp.rishighan.com/privkeyN.pem \ /mnt/user/flook-stacks/stacks/productivity/certs/privkey.pem cp /mnt/user/appdata/prosody/certs/archive/xmpp.rishighan.com/fullchainN.pem \ /mnt/user/flook-stacks/stacks/productivity/certs/fullchain.pem chmod 644 /mnt/user/flook-stacks/stacks/productivity/certs/*.pem docker restart prosody ``` ### DNS Records (GoDaddy) | Type | Service | Protocol | Name | Value | Port | |------|---------|----------|------|-------|------| | SRV | `_xmpp-client` | `_tcp` | `@` | `xmpp.rishighan.com` | 5222 | | SRV | `_xmpp-server` | `_tcp` | `@` | `xmpp.rishighan.com` | 5269 | | A | — | — | `xmpp` | Flook's public IP | — | ### User Management ```bash docker exec -it prosody prosodyctl adduser user@rishighan.com docker exec -it prosody prosodyctl passwd user@rishighan.com docker exec -it prosody prosodyctl deluser user@rishighan.com ``` ### Data Directory Permissions The `./data` directory must be owned by UID 999: ```bash chown -R 999:999 /mnt/user/flook-stacks/stacks/productivity/data ```