First commit

.gitignore

@@ -0,0 +1,8 @@
+vaultwarden/data
+vaultwarden/.env
+vaultwarden/config
+vaultwarden/dataOld
+forgejo/forgejo
+rss-bridge/config
+freshrss/config
+nginx/configs/certbot

forgejo/docker-compose.yaml

@@ -0,0 +1,18 @@
+networks:
+  net:
+    external: true
+
+services:
+  server:
+    image: codeberg.org/forgejo/forgejo:9 
+    container_name: forgejo
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    networks:
+      - net
+    volumes:
+      - ./forgejo:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro

freshrss/docker-compose.yaml

@@ -0,0 +1,17 @@
+services:
+  freshrss:
+    image: lscr.io/linuxserver/freshrss:latest
+    container_name: freshrss
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ./config:/config
+    restart: unless-stopped
+    networks:
+      - net
+
+networks: 
+  net:
+    external: true 

nginx/configs/nginx/conf.d/forgejo.conf

@@ -0,0 +1,35 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name git.fakeowl1.com;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$server_name:443$request_uri;
+    }
+}
+
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name git.fakeowl1.com;
+
+    ssl_certificate      /etc/letsencrypt/live/git.fakeowl1.com/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/git.fakeowl1.com/privkey.pem;
+
+    location / {
+        client_max_body_size 512M;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_pass http://forgejo:3000;	
+    }
+}

nginx/configs/nginx/conf.d/freshrss.conf

@@ -0,0 +1,42 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name freshrss.fakeowl1.com;
+
+	location /.well-known/acme-challenge/ {
+        	root /var/www/certbot/;
+    	}
+
+	location / {
+        	return 301 https://freshrss.fakeowl1.com$request_uri;
+    	}
+}
+
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+        
+        server_name freshrss.fakeowl1.com;
+
+	ssl_certificate     /etc/letsencrypt/live/freshrss.fakeowl1.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/freshrss.fakeowl1.com/privkey.pem;
+	
+	location / {
+		proxy_pass http://freshrss/;
+		add_header X-Frame-Options SAMEORIGIN;
+		add_header X-XSS-Protection "1; mode=block";
+		proxy_redirect off;
+		proxy_buffering off;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Port $server_port;
+		proxy_read_timeout 90;
+	
+		# Forward the Authorization header for the Google Reader API.
+		proxy_set_header Authorization $http_authorization;
+		proxy_pass_header Authorization;
+	}
+}

nginx/configs/nginx/conf.d/rssbridge.conf

@@ -0,0 +1,34 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+        server_name rss.fakeowl1.com;
+
+	location /.well-known/acme-challenge/ {
+        	root /var/www/certbot/;
+    	}
+
+	location / {
+        	return 301 https://rss.fakeowl1.com$request_uri;
+    	}
+}
+
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	server_name rss.fakeowl1.com;
+
+	ssl_certificate     /etc/letsencrypt/live/rss.fakeowl1.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/rss.fakeowl1.com/privkey.pem;
+
+        location / {
+                proxy_pass http://rssbridge:80; 
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                # Enable gzip compression
+                gzip on;
+                gzip_types text/plain text/css application/json application/javascript;   
+        }
+}

nginx/configs/nginx/conf.d/vaultwarden.conf

@@ -0,0 +1,45 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name vaultwarden.fakeowl1.com;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+	return 301 https://$server_name:443$request_uri;
+    }
+}
+
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name vaultwarden.fakeowl1.com;
+
+    ssl_certificate      /etc/letsencrypt/live/vaultwarden.fakeowl1.com/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/vaultwarden.fakeowl1.com/privkey.pem;
+
+    # Allow large attachments
+    client_max_body_size 128M;
+
+    location / {
+	proxy_pass http://vaultwarden:80;
+	proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /notifications/hub {
+        proxy_pass http://vaultwarden:3012;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location /notifications/hub/negotiate {
+        proxy_pass http://vaultwarden:80;
+    }
+}

nginx/docker-compose.yaml

@@ -0,0 +1,20 @@
+services:
+  nginx:
+    image: nginx:latest
+    restart: unless-stopped
+    command: "/bin/sh -c 'while :; do sleep 8h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"   
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./configs/nginx/conf.d:/etc/nginx/conf.d:rw
+      - ./configs/certbot/letsencrypt:/etc/letsencrypt
+      - ./configs/certbot/www:/var/www/certbot
+      - ./configs/nginx/certbot:/etc/nginx/certbot:ro
+    build: .
+    networks:
+      - net
+   
+networks:
+  net:
+    external: true

rss-bridge/docker-compose.yml

@@ -0,0 +1,13 @@
+services:
+  rss-bridge:
+    image: rssbridge/rss-bridge:latest
+    restart: unless-stopped
+    container_name: rssbridge
+    volumes:
+      - ./config:/config
+    networks:
+      - net 
+
+networks:
+  net:
+    external: true

vaultwarden/.env.dist

@@ -0,0 +1,18 @@
+ADMIN_TOKEN=''
+
+RCLONE_REMOTE_NAME="BitwardenBackup"
+RCLONE_REMOTE_DIR="/BitwardenBackup/"
+CRON="0 */12 * * *"
+
+# ZIP_ENABLE="TRUE"
+ZIP_PASSWORD="YOURSTRONGPASSWORD"
+# ZIP_TYPE="zip"
+BACKUP_FILE_SUFFIX="%Y%m%d"
+# BACKUP_KEEP_DAYS="0"
+# PING_URL=""
+# MAIL_SMTP_ENABLE="FALSE"
+# MAIL_SMTP_VARIABLES=""
+# MAIL_TO=""
+# MAIL_WHEN_SUCCESS="TRUE"
+# MAIL_WHEN_FAILURE="TRUE"
+# TIMEZONE="UTC"

vaultwarden/docker-compose.yaml

@@ -0,0 +1,42 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    container_name: vaultwarden
+    volumes:
+      - ./data:/data/
+    networks:
+      - net
+    environment:
+      - WEBSOCKET_ENABLED:true
+      - ADMIN_TOKEN=${ADMIN_TOKEN}
+      - SIGNUPS_ALLOWED:false
+      #- DATABASE_URL=postgresql://postgres:5E3AXNS6STP7F8dGcMU4psHpz753EdoND6h4Q6jgp4SkAKZN@134.249.242.132/bitwarden
+      #- DATABASE_URL=./data/db.sqlite3
+
+  backup:
+    image: ttionya/vaultwarden-backup:latest
+    restart: always
+    volumes:
+      - ./data:/bitwarden/data/
+      - ./config:/config/
+      - ./.env:/.env
+
+volumes:
+  vaultwarden-data:
+    # Specify the name of the volume where you save the vaultwarden data,
+    # use vaultwarden-data for new users
+    # and bitwardenrs-data for migrated users
+    name: vaultwarden-data
+    # name: bitwardenrs-data
+  vaultwarden-rclone-data:
+    external: true
+    # Specify the name of the volume where you save the rclone configuration,
+    # use vaultwarden-rclone-data for new users
+    # and bitwardenrs-rclone-data for migrated users
+    name: vaultwarden-rclone-data
+    # name: bitwardenrs-rclone-data
+
+networks:
+  net:
+    external: true