frishi/flook-stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
flook-stacks/stacks/productivity
History
Rishi Ghan ce85bed2ab seafile suckage fixes
2026-03-27 23:43:00 -04:00
..
certs
Added prosody
2026-02-23 03:06:05 -05:00
community-modules
Added prosody
2026-02-23 03:06:05 -05:00
config
Added tor proxy and removed vikunja
2026-03-26 11:57:10 -04:00
data
seafile suckage fixes
2026-03-27 23:43:00 -04:00
docker-compose.yml
Updated README, removed memos
2026-02-23 14:56:45 -05:00
feeds.opml
🌛 First commit
2025-12-29 17:55:42 -05:00
prosody-init.sh
Added prosody
2026-02-23 03:06:05 -05:00
README.md
Updated README
2026-02-23 15:01:46 -05:00
stack.env
Added linkwarden bookmarks manager
2026-01-26 21:15:39 -05:00

README.md

Productivity Stack

GitLab, Vaultwarden, FreshRSS, Linkwarden, and Prosody.

Services

Service Port Description
gitlab 8929:80, 2222:22 Git repository
vaultwarden 4743:80 Password manager
freshrss 8054:80 RSS reader
linkwarden 3030:3000 Bookmark manager
prosody 5222, 5269, 5280, 5281 XMPP server

GitLab

Initial Setup

GitLab runs migrations on first start - takes 15-20 minutes. Be patient.

Get Root Password

docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password

NGINX Proxy Manager

Create HTTPS proxy for git.rishighan.com pointing to 192.168.1.75:8929 GitLab recommends SSL, so use HTTPS.

Vaultwarden

NGINX Proxy Manager

Create HTTPS proxy for vault.rishighan.com pointing to 192.168.1.75:4743

Admin Panel

Access at https://vault.rishighan.com/admin with the ADMIN_TOKEN from stack.env

FreshRSS

NGINX Proxy Manager

Create HTTPS proxy for rss.rishighan.com pointing to 192.168.1.75:8054

Import Feeds

  1. Copy feeds.opml to /mnt/user/appdata/freshrss/
  2. In FreshRSS: Settings → Import/Export → Import OPML
  3. Enable af_readability extension to bypass paywalls

The OPML contains curated feeds for Gaming, Tech, Politics, Weather, and World News - free from paywalled bullshit.

Linkwarden

NGINX Proxy Manager

Create HTTPS proxy for links.rishighan.com pointing to 192.168.1.75:3030

Prosody

Self-hosted XMPP server for rishighan.com. Image: prosodyim/prosody:13.0.

Ports

Port Purpose
5222 Client-to-server (c2s)
5269 Server-to-server / federation (s2s)
5280 HTTP file uploads (proxied via NPM)
5281 HTTPS/BOSH (direct)

Both 5222 and 5269 must be forwarded on the UDM Pro to Flook (192.168.1.75). File uploads: NPM proxies xmpp.rishighan.com192.168.1.75:5280.

TLS Cert

Issued manually via certbot DNS challenge covering rishighan.com and xmpp.rishighan.com. Certs stored at ./certs/privkey.pem and ./certs/fullchain.pem (copied from appdata archive, not symlinked).

Cert expires: 2026-05-24. Renew before then:

certbot certonly --manual --preferred-challenges dns \
  --config-dir /mnt/user/appdata/prosody/certs \
  --work-dir /mnt/user/appdata/prosody/certs/work \
  --logs-dir /mnt/user/appdata/prosody/certs/logs \
  -d rishighan.com -d xmpp.rishighan.com

# Copy new certs (increment N to match new archive version):
cp /mnt/user/appdata/prosody/certs/archive/xmpp.rishighan.com/privkeyN.pem \
   /mnt/user/flook-stacks/stacks/productivity/certs/privkey.pem
cp /mnt/user/appdata/prosody/certs/archive/xmpp.rishighan.com/fullchainN.pem \
   /mnt/user/flook-stacks/stacks/productivity/certs/fullchain.pem
chmod 644 /mnt/user/flook-stacks/stacks/productivity/certs/*.pem
docker restart prosody

DNS Records (GoDaddy)

Type Service Protocol Name Value Port
SRV _xmpp-client _tcp @ xmpp.rishighan.com 5222
SRV _xmpp-server _tcp @ xmpp.rishighan.com 5269
A xmpp Flook's public IP

User Management

docker exec -it prosody prosodyctl adduser user@rishighan.com
docker exec -it prosody prosodyctl passwd user@rishighan.com
docker exec -it prosody prosodyctl deluser user@rishighan.com

Data Directory Permissions

The ./data directory must be owned by UID 999:

chown -R 999:999 /mnt/user/flook-stacks/stacks/productivity/data
Reference in New Issue View Git Blame Copy Permalink