frishi/flook-stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
de0d0916583e5e315cb38bc45c7db182981c116a
flook-stacks/stacks/productivity
History
Rishi Ghan de0d091658 Added push, image support to prosody
2026-02-23 14:47:57 -05:00
..
certs
Added prosody
2026-02-23 03:06:05 -05:00
community-modules
Added prosody
2026-02-23 03:06:05 -05:00
config
Added push, image support to prosody
2026-02-23 14:47:57 -05:00
data
Added push, image support to prosody
2026-02-23 14:47:57 -05:00
docker-compose.yml
Added prosody
2026-02-23 03:06:05 -05:00
feeds.opml
🌛 First commit
2025-12-29 17:55:42 -05:00
prosody-init.sh
Added prosody
2026-02-23 03:06:05 -05:00
README.md
Added prosody
2026-02-23 03:06:05 -05:00
stack.env
Added linkwarden bookmarks manager
2026-01-26 21:15:39 -05:00

README.md

Productivity Stack

GitLab, Vaultwarden, Memos, Mortis, FreshRSS, and Prosody.

Services

Service Port Description
gitlab 8929:80, 2222:22 Git repository
vaultwarden 4743:80 Password manager
memos 5230:5230 Note-taking
mortis 5231:5231 Memos iOS companion
freshrss 8054:80 RSS reader
prosody 5222, 5269, 5280, 5281 XMPP server

GitLab

Initial Setup

GitLab runs migrations on first start - takes 15-20 minutes. Be patient.

Get Root Password

docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password

NGINX Proxy Manager

Create HTTPS proxy for git.rishighan.com pointing to 192.168.1.75:8929 GitLab recommends SSL, so use HTTPS.

Vaultwarden

NGINX Proxy Manager

Create HTTPS proxy for vault.rishighan.com pointing to 192.168.1.75:4743

Admin Panel

Access at https://vault.rishighan.com/admin with the ADMIN_TOKEN from stack.env

Memos + Mortis

Mortis is the iOS companion for Memos. It connects via gRPC to memos:5230.

NGINX Proxy Manager

Create HTTPS proxy for memos.rishighan.com pointing to 192.168.1.75:5230

FreshRSS

NGINX Proxy Manager

Create HTTPS proxy for rss.rishighan.com pointing to 192.168.1.75:8054

Import Feeds

  1. Copy feeds.opml to /mnt/user/appdata/freshrss/
  2. In FreshRSS: Settings → Import/Export → Import OPML
  3. Enable af_readability extension to bypass paywalls

The OPML contains curated feeds for Gaming, Tech, Politics, Weather, and World News - free from paywalled bullshit.

Prosody

Self-hosted XMPP server for rishighan.com. Image: prosodyim/prosody:13.0.

Ports

Port Purpose
5222 Client-to-server (c2s)
5269 Server-to-server / federation (s2s)
5280 HTTP/BOSH
5281 HTTPS/BOSH

Both 5222 and 5269 must be forwarded on the UDM Pro to Flook (192.168.x.75).

TLS Cert

Issued manually via certbot DNS challenge covering rishighan.com and xmpp.rishighan.com. Certs stored at ./certs/privkey.pem and ./certs/fullchain.pem (copied from appdata archive, not symlinked).

Cert expires: 2026-05-24. Renew before then:

certbot certonly --manual --preferred-challenges dns \
  --config-dir /mnt/user/appdata/prosody/certs \
  --work-dir /mnt/user/appdata/prosody/certs/work \
  --logs-dir /mnt/user/appdata/prosody/certs/logs \
  -d rishighan.com -d xmpp.rishighan.com

# Copy new certs (increment N to match new archive version):
cp /mnt/user/appdata/prosody/certs/archive/xmpp.rishighan.com/privkeyN.pem \
   /mnt/user/flook-stacks/stacks/productivity/certs/privkey.pem
cp /mnt/user/appdata/prosody/certs/archive/xmpp.rishighan.com/fullchainN.pem \
   /mnt/user/flook-stacks/stacks/productivity/certs/fullchain.pem
chmod 644 /mnt/user/flook-stacks/stacks/productivity/certs/*.pem
docker restart prosody

DNS Records (GoDaddy)

Type Service Protocol Name Value Port
SRV _xmpp-client _tcp @ xmpp.rishighan.com 5222
SRV _xmpp-server _tcp @ xmpp.rishighan.com 5269
A xmpp Flook's public IP

User Management

docker exec -it prosody prosodyctl adduser user@rishighan.com
docker exec -it prosody prosodyctl passwd user@rishighan.com
docker exec -it prosody prosodyctl deluser user@rishighan.com

Data Directory Permissions

The ./data directory must be owned by UID 999:

chown -R 999:999 /mnt/user/flook-stacks/stacks/productivity/data
Reference in New Issue View Git Blame Copy Permalink