TubeArchivist requires nginx to serve the frontend SPA and proxy API
requests to Django. Without nginx, only API routes work.
Changes:
- Add nginx with config matching Docker's nginx.conf (port 8000)
- Add TA_APP_DIR, TA_CACHE_DIR, TA_MEDIA_DIR env vars for bare-metal paths
- Run Django migrate, collectstatic, ta_envcheck, ta_connection, ta_startup
- Add celery worker + beat scheduler as separate systemd services
- Fix interface port from 8080 to 8000 (nginx)
- Add migrations step to update script
PG_DB_PASS is auto-generated by setup_postgresql_db and stored in
.env. No user-facing credentials are generated - accounts are
created via the web UI.
bench setup production generates supervisor.conf but doesn't
symlink it into /etc/supervisor/conf.d/. Without the link,
supervisord has no programs and gunicorn never starts (502).
Add: symlink + supervisorctl reread/update after bench setup.
bench setup role spawns a subprocess that checks for ansible on
PATH. The binaries are inside the uv venv and not discoverable.
Symlink ansible* to /usr/local/bin/ to make them available.
bench setup production internally runs:
sudo <uv-venv-python> -m pip install ansible
but uv tool environments don't include pip by default.
Fix: run ensurepip + pip install ansible before bench setup
production to satisfy the dependency.
The build creates /opt/teable/static/ as a real directory.
ln -sf on an existing directory creates the symlink INSIDE it
instead of replacing it. Must rm -rf first.
Build process reorganizes apps/nestjs-backend/static/ creating a
nested static/static/{plugin,system} structure. The code resolves
paths like 'static/system/automation-robot.png' relative to cwd,
so the symlink must point to the inner static/ directory.
Adds fallback: checks for nested structure first, falls back to
direct path if not present.
- NestJS backend expects /opt/teable/static/ at workspace root
- Actual files live in apps/nestjs-backend/static/
- Fixes ENOENT on automation-robot.png during startup
- bench init internally invokes sudo for system operations
- frappe user has no password, causing 'Sorry, try again' hang
- Add /etc/sudoers.d/frappe with NOPASSWD:ALL
- cp -r creates nested dirs when target already exists (sqlite/sqlite/)
- cp -rT merges source contents INTO the target directory
- mkdir -p ensures target dirs exist before merge
- Fixes uuid.c.so not being found in standalone/web/sqlite/
- NestJS backend serves both API and Next.js frontend on port 3000
- PostgreSQL 16 with Prisma ORM for database management
- pnpm monorepo build with NODE_OPTIONS=8192MB heap
- Symlink /app -> /opt/teable for upstream compatibility
- 4 CPU / 10GB RAM / 25GB disk (heavy build process)
- net.core.rmem_max and netdev_max_backlog are kernel params
- Unprivileged LXC containers cannot modify /proc/sys/net/core/*
- These are optional performance tunings, not required for Jitsi
- bench setup production requires root (is_root check) - was failing as frappe user
- Add nginx and supervisor as apt dependencies for production setup
- Remove custom erpnext.service - bench manages gunicorn+workers via supervisor
- Port 8000 → 80 (nginx reverse proxy)
- Fix bench update in CT to run as frappe user with proper PATH
- cp migrations/ and sqlite/ (dlopen needs real files, not symlinks)
- symlink .env into standalone working directory
- Fixes standalone mode missing database and config files
- MariaDB uses unix_socket auth - frappe user can't connect as MySQL root
- Set proper password and pass via --db-root-password to bench new-site
- Store DB_ROOT_PASSWORD in .env for reference
- NODE_OPTIONS=--max-old-space-size=4096 to cap V8 heap during yarn install/build
- Restore \ prefixes removed by formatter
- RAM 8192 -> 10240 in JSON
- yarn install --network-timeout 600000 for large monorepo fetch
Prosody 13.x from prosody.im requires Lua 5.2+ but Debian 12 only has
Lua 5.1. Debian's own prosody (0.12.x) is compatible and satisfies
jitsi-meet's >= 0.12.0 dependency.
Create a dedicated 'frappe' user and run all bench/uv commands as that user. Chown /opt, install frappe-bench and perform bench init, get-app and new-site via sudo -u frappe (preserving PATH), and run 'bench setup production frappe --yes'. Update the systemd service to User=frappe so Gunicorn and bench processes do not run as root, improving security and isolation.
- WorkingDirectory: web/.next/standalone/web (not .next/standalone/web)
- CI=1 to prevent interactive prompts during yarn build
- Copy .next/static and public into standalone output
- tubearchivist: backend on 8100 behind nginx on 8000 (was both 8000)
- jitsi: URI=download.jitsi.org suite=stable/ component=empty for flat repo
- erpnext: use CI=1 and FRAPPE_ALLOW_SUPERUSER=1 (not BENCH_ALLOW_SUPERUSER)
Align defaults to Debian 12 and remove the explicit Java setup call from the installer. Updated ct/jitsi-meet.sh to default var_version to 12, json/jitsi.json to reflect version "12", and removed the `JAVA_VERSION=17 setup_java` line from install/jitsi-meet-install.sh so Java is no longer forced by the installer.
Small fixes and improvements to installer scripts:
- storybook-install.sh: make npx non-interactive (add -y) and cd into the detected project path before writing .projectpath to ensure generated files land in the project directory.
- storyteller-install.sh: replace manual Readium curl/chmod flow with fetch_and_deploy_gh_release helper for consistent deployment; keep symlink to /usr/local/bin/readium.
- tubearchivist-install.sh: set ES_JAVA_OPTS during elasticsearch install to limit heap (-Xms1g -Xmx1g) and explicitly disable xpack transport/http SSL in the config to avoid local SSL requirements.
These changes improve automation reliability and resource/config defaults during automated installs.
uv tool install frappe-bench places the bench executable in
~/.local/bin which is not on PATH by default, causing 'command
not found' (exit 127) when running bench init.
Add ffmpeg to the apt packages installed by install/birdnet-install.sh and remove the now-unnecessary setup_ffmpeg invocation. Also apply a minor whitespace change to json/birdnet.json (remove trailing newline).
Add container templates, install scripts and metadata for six applications: BirdNET-Go, ERPNext, Jitsi Meet, Storybook, Storyteller and Tube Archivist. New files include ct/* scripts (container templates and update handlers), install/* scripts (installation and systemd service setup, dependency installation and build steps) and json/* metadata entries (app catalog data, default resources, ports and notes). Each install script configures required dependencies, creates services, and prepares runtime configuration (e.g. DB, ElasticSearch, Node/Python environments, ffmpeg/Readium). This commit enables automated LXC provisioning and update flows for these apps.
Create a /data symlink to /opt/matter-server/data (remove existing symlink if present) and update the matter-server systemd ExecStart to use /data and /data/credentials so storage can be mounted externally. Also clean up step-ca install script formatting: fix sed -i spacing, collapse the while loop header, and normalize indentation for whiptail and step-ca command lines (no functional behavior changes).
