15 changed files with 6 additions and 255 deletions
--- a/.gitignore
+++ b/.gitignore
@ -42,7 +42,5 @@ convertx-data/*
 answer-data/*
 !answer-data/.gitkeep
 # vw-data
 vw-data/*
 .vscode
--- a/README.md
+++ b/README.md
@ -77,9 +77,12 @@ cd changemaker
 For local development, cloudflare credentials can be ignored. 
-See [Setting Up Cloudflare Credentials](#setting-up-cloudflare-credentials) for how to get cloudflare credentials for config.sh. For local development, cloudflare credentials can be ignored. 
+See [Setting Up Cloudflare Credentials](#setting-up-cloudflare-credentials) for how to get cloudflare credentials for config.sh.
 ```bash
 chmod +x config.sh
 # Then run the configuration script. You will need your Cloudflare details.
 ./config.sh
 ```
@ -129,7 +132,6 @@ When running Changemaker locally, you can access the services at the following p
 | n8n          | 5678       | [http://localhost:5678](http://localhost:5678)       |
 | ConvertX     | 3100       | [http://localhost:3100](http://localhost:3100)         |
 | Rocket.Chat  | 3004       | [http://localhost:3004](http://localhost:3004)         |
 | Vaultwarden  | 8200       | [http://localhost:8200](http://localhost:8200)         |
 ### Ubuntu OS & Build Outs
@ -323,7 +325,6 @@ After installation and cloudflare deployment you can also access individual serv
 - n8n: https://n8n.yourdomain.com
 - ConvertX: https://convertx.yourdomain.com
 - Rocket.Chat: https://rocket.yourdomain.com
 - Vaultwarden: https://vw.yourdomain.com
 ## Troubleshooting
--- a/add-cname-records.sh
+++ b/add-cname-records.sh
@ -72,7 +72,6 @@ SUBDOMAINS=(
  "convertx"
  "rocket"
  "live"
  "vw"
 )
 # First, remove existing DNS records for these subdomains
@ -152,64 +151,6 @@ echo "Creating Cloudflare Access applications..."
 # Create access applications only for specific services
 PROTECTED_SERVICES=("homepage" "live" "ferdium" "convertx" "mini-qr" "ollama")
 # Services that should have bypass policies (no authentication)
 BYPASS_SERVICES=("excalidraw" "rocket" "listmonk" "vw" "docs")
 # Function to create bypass policy for a service
 create_bypass_policy() {
  local service=$1
  echo "Creating access application for $service.$CF_DOMAIN with bypass policy..."
  SERVICE_APP_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps" \
    -H "Authorization: Bearer $CF_API_TOKEN" \
    -H "Content-Type: application/json" \
    --data "{
      \"name\": \"$service $CF_DOMAIN\",
      \"domain\": \"$service.$CF_DOMAIN\",
      \"type\": \"self_hosted\",
      \"session_duration\": \"24h\",
      \"app_launcher_visible\": true,
      \"skip_interstitial\": true
    }")
  # Extract the application ID from the response
  SERVICE_APP_ID=$(echo $SERVICE_APP_RESPONSE | jq -r '.result.id')
  if [ -z "$SERVICE_APP_ID" ] || [ "$SERVICE_APP_ID" == "null" ]; then
    echo "Error creating $service access application. Response: $SERVICE_APP_RESPONSE"
  else
    echo "Successfully created $service access application with ID: $SERVICE_APP_ID"
    # Create bypass policy for everyone
    echo "Creating bypass policy for $service application..."
    POLICY_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps/$SERVICE_APP_ID/policies" \
      -H "Authorization: Bearer $CF_API_TOKEN" \
      -H "Content-Type: application/json" \
      --data "{
        \"name\": \"Bypass for Everyone\",
        \"decision\": \"bypass\",
        \"include\": [{
          \"everyone\": {}
        }],
        \"require\": [],
        \"exclude\": []
      }")
    # Check if policy creation was successful
    POLICY_SUCCESS=$(echo $POLICY_RESPONSE | jq -r '.success')
    if [ "$POLICY_SUCCESS" == "true" ]; then
      POLICY_ID=$(echo $POLICY_RESPONSE | jq -r '.result.id')
      echo "Bypass policy for $service created successfully with ID: $POLICY_ID"
    else
      ERROR_MSG=$(echo $POLICY_RESPONSE | jq -r '.errors[0].message')
      echo "Error creating bypass policy for $service: $ERROR_MSG"
      echo "Full response: $POLICY_RESPONSE"
    fi
  fi
 }
 for service in "${PROTECTED_SERVICES[@]}"; do
  echo "Creating access application for $service.$CF_DOMAIN..."
@ -267,11 +208,6 @@ for service in "${PROTECTED_SERVICES[@]}"; do
  fi
 done
 # Create bypass policies for specified services
 for service in "${BYPASS_SERVICES[@]}"; do
  create_bypass_policy "$service"
 done
 # 2. Create specific access application for Gitea
 echo "Creating access application for gitea.$CF_DOMAIN..."
 GITEA_APP_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps" \
--- a/config.sh
+++ b/config.sh
@ -295,12 +295,6 @@ ROCKETCHAT_MONGODB_REPLICA_SET=rs0
 ROCKETCHAT_MONGODB_ENABLE_JOURNAL=true
 ROCKETCHAT_MONGODB_ALLOW_EMPTY_PASSWORD=yes
 # Vaultwarden Configuration
 VAULTWARDEN_PORT=8200
 VAULTWARDEN_DOMAIN=https://vw.changeme.org
 VAULTWARDEN_SIGNUPS_ALLOWED=false
 VAULTWARDEN_ADMIN_TOKEN=$(generate_password 48)
 # Additional Configuration
 EOL
@ -628,39 +622,6 @@ update_env_var "CF_DOMAIN" "$domain_name"
 echo "Cloudflare credentials have been updated."
 # Vaultwarden Configuration
 echo -e "\n---- Vaultwarden Configuration ----"
 read -p "Enter Vaultwarden domain URL [default: https://vw.$domain_name]: " vaultwarden_domain
 read -p "Enter Vaultwarden port [default: 8200]: " vaultwarden_port
 read -p "Allow new user signups? [y/N]: " vaultwarden_signups
 if [ -z "$vaultwarden_domain" ]; then
  echo "Using default Vaultwarden domain: https://vw.$domain_name"
  vaultwarden_domain="https://vw.$domain_name"
 fi
 if [ -z "$vaultwarden_port" ]; then
  echo "Using default Vaultwarden port: 8200"
  vaultwarden_port="8200"
 fi
 vaultwarden_signups_allowed="false"
 if [[ "$vaultwarden_signups" =~ ^[Yy]$ ]]; then
  echo "Enabling user signups for Vaultwarden"
  vaultwarden_signups_allowed="true"
 fi
 # Generate a secure admin token
 vaultwarden_admin_token=$(generate_password 48)
 # Update Vaultwarden settings
 update_env_var "VAULTWARDEN_PORT" "$vaultwarden_port"
 update_env_var "VAULTWARDEN_DOMAIN" "$vaultwarden_domain"
 update_env_var "VAULTWARDEN_SIGNUPS_ALLOWED" "$vaultwarden_signups_allowed"
 update_env_var "VAULTWARDEN_ADMIN_TOKEN" "$vaultwarden_admin_token"
 echo "Vaultwarden configuration updated."
 echo -e "\n---- Generating Random Strong Passwords ----"
 echo "Generating and updating passwords for all other services..."
@ -797,13 +758,9 @@ EOL
  grep -E "^ROCKETCHAT_" "$temp_env" >> "$ENV_FILE.new"
  echo "" >> "$ENV_FILE.new"
  echo "# Vaultwarden Configuration" >> "$ENV_FILE.new"
  grep -E "^VAULTWARDEN_" "$temp_env" >> "$ENV_FILE.new"
  echo "" >> "$ENV_FILE.new"
  # Any variables that didn't fit in the above categories
  echo "# Additional Configuration" >> "$ENV_FILE.new"
-  grep -v -E "^DOMAIN=|^BASE_DOMAIN=|^LISTMONK_|^POSTGRES_|^MONICA_|^USER_ID=|^GROUP_ID=|^MKDOCS_|^FLATNOTES_|^GITEA_|^ANSWER_|^EXCALIDRAW_|^CODE_SERVER_|^USER_NAME=|^CF_|^NOCODB_|^OPEN_WEBUI_|^N8N_|^GENERIC_TIMEZONE=|^CONVERTX_|^ROCKETCHAT_|^VAULTWARDEN_" "$temp_env" >> "$ENV_FILE.new"
+  grep -v -E "^DOMAIN=|^BASE_DOMAIN=|^LISTMONK_|^POSTGRES_|^MONICA_|^USER_ID=|^GROUP_ID=|^MKDOCS_|^FLATNOTES_|^GITEA_|^ANSWER_|^EXCALIDRAW_|^CODE_SERVER_|^USER_NAME=|^CF_|^NOCODB_|^OPEN_WEBUI_|^N8N_|^GENERIC_TIMEZONE=|^CONVERTX_|^ROCKETCHAT_" "$temp_env" >> "$ENV_FILE.new"
  # Replace the current .env with the new one
  mv "$ENV_FILE.new" "$ENV_FILE"
--- a/configs/homepage-local/bookmarks.yaml
+++ b/configs/homepage-local/bookmarks.yaml
@ -63,8 +63,3 @@
    - Github:
        - abbr: GH
          href: https://github.com/
 - Security & Management:
    - Vaultwarden:
        - abbr: VW
          href: https://github.com/dani-garcia/vaultwarden
--- a/configs/homepage-local/services.yaml
+++ b/configs/homepage-local/services.yaml
@ -77,9 +77,3 @@
        href: http://localhost:5678
        description: Workflow automation
        icon: n8n
 - Security & Management:
    - Vaultwarden:
        href: http://localhost:8200
        description: Self-hosted password manager
        icon: mdi-shield-key
--- a/configs/homepage/bookmarks.yaml
+++ b/configs/homepage/bookmarks.yaml
@ -63,8 +63,3 @@
    - Github:
        - abbr: GH
          href: https://github.com/
 - Security & Management:
    - Vaultwarden:
        - abbr: VW
          href: https://github.com/dani-garcia/vaultwarden
--- a/configs/homepage/services.yaml
+++ b/configs/homepage/services.yaml
@ -75,9 +75,3 @@
        href: https://n8n.test.com
        description: Workflow automation
        icon: n8n
 - Security & Management:
    - Vaultwarden:
        href: https://vw.test.com
        description: Self-hosted password manager
        icon: mdi-shield-key
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -160,23 +160,6 @@ services:
    volumes:
      - ./assets/uploads:/listmonk/uploads:rw
  # Vaultwarden - Password Manager
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden-changemaker
    restart: unless-stopped
    environment:
      - DOMAIN=${VAULTWARDEN_DOMAIN:-https://vw.${DOMAIN}}
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=${VAULTWARDEN_SIGNUPS_ALLOWED:-false}
      - ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN:-}
    volumes:
      - ./vw-data/:/data/
    ports:
      - "${VAULTWARDEN_PORT:-8200}:80"
    networks:
      - changemaker
  # Postgres database
  listmonk-db:
    image: postgres:17-alpine
--- a/example.cloudflare.config.yml
+++ b/example.cloudflare.config.yml
@ -32,9 +32,6 @@ ingress:
  - hostname: open-webui.betteredmonton.org
    service: http://localhost:3005
  - hostname: vw.betteredmonton.org
    service: http://localhost:8200
  - hostname: gitea.betteredmonton.org
    service: http://localhost:3030
--- a/mkdocs/docs/apps/index.md
+++ b/mkdocs/docs/apps/index.md
@ -88,14 +88,6 @@ This document provides an overview of all the applications and services included
 - **Local Access**: http://localhost:3004/
 - **Details**: Rocket.Chat provides a complete communication platform for your team or community. Features include real-time chat, channels, direct messaging, file sharing, video calls, and integrations with other services. It's perfect for creating private discussion spaces, coordinating campaigns, or building community engagement. Unlike commercial platforms, you maintain full data sovereignty and control over user privacy.
 ## Security & Management
 ### Vaultwarden
 - **Description**: Self-hosted password manager (Bitwarden API compatible)
 - **Documentation**: [Vaultwarden Docs](https://github.com/dani-garcia/vaultwarden/wiki)
 - **Local Access**: http://localhost:8200/
 - **Details**: Vaultwarden provides a secure, self-hosted solution for storing and managing passwords, notes, credit cards, and other sensitive information across all your devices. Compatible with all official Bitwarden clients, it features strong encryption, two-factor authentication, and secure sharing capabilities while maintaining complete control over your data. Perfect for teams needing to securely manage and share access credentials or individuals seeking privacy-focused password management.
 ## Development
 ### Ollama
@ -150,4 +142,3 @@ When configured with Cloudflare Tunnels, you can access these services remotely
 - n8n: https://n8n.yourdomain.com
 - ConvertX: https://convertx.yourdomain.com
 - Rocket.Chat: https://rocket.yourdomain.com
 - Vaultwarden: https://vw.yourdomain.com
--- a/mkdocs/docs/apps/vaultwarden.md
+++ b/mkdocs/docs/apps/vaultwarden.md
@ -1,80 +0,0 @@
 # Vaultwarden: Self-Hosted Password Manager
 Vaultwarden is an unofficial, lightweight Bitwarden server implementation written in Rust. It provides a secure, self-hosted solution for storing and managing passwords, notes, credit cards, and other sensitive information across all your devices.
 ## Key Features
 *   **Cross-Platform Compatibility**: Works with all official Bitwarden clients (mobile, desktop, browser extensions)
 *   **Password Generator**: Create strong, unique passwords for each service
 *   **Secure Notes & Cards**: Store sensitive information beyond just passwords
 *   **Vault Health Reports**: Identify weak, reused, or compromised passwords
 *   **Two-Factor Authentication**: Add an extra layer of security to your vault
 *   **End-to-End Encryption**: Your data is encrypted on your device before being sent to the server
 *   **Self-Hosted**: Complete control over your data with no third-party involvement
 *   **Organization Support**: Share selected passwords with family members or team members
 ## Documentation
 For comprehensive documentation about Vaultwarden, visit the [official GitHub repository](https://github.com/dani-garcia/vaultwarden).
 ## Getting Started with Vaultwarden
 ### Accessing Vaultwarden
 1.  **URL**: Access Vaultwarden locally via `http://localhost:8200/` (or your configured external URL).
 2.  **First Use**: On first access, you'll need to create a master account. This will be your main admin account.
 ### Basic Usage
 1.  **Creating Your Account**:
    *   Visit your Vaultwarden instance and click "Create Account"
    *   Set up a strong master password (this is your encryption key - if you forget it, your data cannot be recovered)
    *   Consider setting up email verification if you've configured SMTP
 2.  **Installing Clients**:
    *   Download the Bitwarden client for your devices (mobile, desktop, browser extensions)
    *   When configuring the client, select "Self-hosted" and enter your Vaultwarden server URL
 3.  **Adding Passwords**:
    *   Use the "+" button to add new entries to your vault
    *   Create separate items for logins, secure notes, cards, or identities
    *   Use the password generator to create strong, unique passwords
 4.  **Organizing Your Vault**:
    *   Create folders to organize your entries
    *   Use custom fields for additional information
    *   Add attachments when needed
 5.  **Administrative Tasks** (with Admin Token):
    *   Access the admin panel at `/admin` with your configured admin token
    *   Manage users, organizations, and server settings
    *   Monitor usage statistics and perform database backups
 ## Use Cases within Changemaker
 *   **Team Password Management**: Securely share access credentials among campaign team members.
 *   **Secure Credential Storage**: Store API keys, tokens, and other sensitive information needed for integrations.
 *   **Enhance Security Posture**: Encourage strong, unique passwords for all campaign services and tools.
 *   **Campaign Continuity**: Ensure critical access information is safely stored and available to authorized team members.
 *   **Volunteer Management**: Temporarily share limited access to certain resources with volunteers.
 ## Administration
 Vaultwarden includes an admin panel that can be accessed at `/admin` from your instance. This requires the admin token that was generated during setup. The admin panel allows you to:
 * Manage user accounts
 * Configure server settings
 * Control user invitations and registrations
 * Monitor system usage
 * Perform database operations
 To enhance security, consider these best practices:
 * Keep your Vaultwarden instance updated
 * Enable 2FA for all accounts
 * Regularly backup your vault data
 * Review vault access logs periodically
 ## Further Information
 *   **Vaultwarden GitHub**: [https://github.com/dani-garcia/vaultwarden](https://github.com/dani-garcia/vaultwarden)
 *   **Bitwarden Documentation**: [https://bitwarden.com/help/](https://bitwarden.com/help/)
 *   **Vaultwarden Wiki**: [https://github.com/dani-garcia/vaultwarden/wiki](https://github.com/dani-garcia/vaultwarden/wiki)
--- a/mkdocs/docs/overrides/home.html
+++ b/mkdocs/docs/overrides/home.html
@ -191,14 +191,6 @@ docker compose up -d</code></pre>
      <a href="{{ 'apps/portainer/' | url }}" class="button">Learn More</a>
    </div>
    <div class="app-card">
      <div>
        <h3><span class="material-icons" style="vertical-align: bottom; margin-right: 8px;">password</span>Vaultwarden</h3>
        <p>Self-hosted password manager that securely stores and syncs credentials across all devices.</p>
      </div>
      <a href="{{ 'apps/vaultwarden/' | url }}" class="button">Learn More</a>
    </div>
    <div class="app-card">
      <div>
        <h3><span class="material-icons" style="vertical-align: bottom; margin-right: 8px;">forum</span>Rocket.Chat</h3>
--- a/mkdocs/docs/readme.md
+++ b/mkdocs/docs/readme.md
@ -135,7 +135,6 @@ When running Changemaker locally, you can access the services at the following p
 | n8n          | 5678       | [http://localhost:5678](http://localhost:5678)       |
 | ConvertX     | 3100       | [http://localhost:3100](http://localhost:3100)         |
 | Rocket.Chat  | 3004       | [http://localhost:3004](http://localhost:3004)         |
 | Vaultwarden  | 8200       | [http://localhost:8200](http://localhost:8200)         |
 ### Ubuntu OS & Build Outs
@ -347,7 +346,6 @@ After installation and cloudflare deployment you can also access individual serv
 - n8n: https://n8n.yourdomain.com
 - ConvertX: https://convertx.yourdomain.com
 - Rocket.Chat: https://rocket.yourdomain.com
 - Vaultwarden: https://vw.yourdomain.com
 ## Troubleshooting
--- a/mkdocs/mkdocs.yml
+++ b/mkdocs/mkdocs.yml
@ -1,6 +1,6 @@
 site_name: Changemaker Documentation
 site_description: Demo site for Changemaker
-site_url: https://test.com
+site_url: http://betteredmonton.org
 site_author: Bunker Ops
 docs_dir: docs
 site_dir: site