Create a dedicated 'frappe' user and run all bench/uv commands as that user. Chown /opt, install frappe-bench and perform bench init, get-app and new-site via sudo -u frappe (preserving PATH), and run 'bench setup production frappe --yes'. Update the systemd service to User=frappe so Gunicorn and bench processes do not run as root, improving security and isolation.
- tubearchivist: backend on 8100 behind nginx on 8000 (was both 8000)
- jitsi: URI=download.jitsi.org suite=stable/ component=empty for flat repo
- erpnext: use CI=1 and FRAPPE_ALLOW_SUPERUSER=1 (not BENCH_ALLOW_SUPERUSER)
uv tool install frappe-bench places the bench executable in
~/.local/bin which is not on PATH by default, causing 'command
not found' (exit 127) when running bench init.
Add container templates, install scripts and metadata for six applications: BirdNET-Go, ERPNext, Jitsi Meet, Storybook, Storyteller and Tube Archivist. New files include ct/* scripts (container templates and update handlers), install/* scripts (installation and systemd service setup, dependency installation and build steps) and json/* metadata entries (app catalog data, default resources, ports and notes). Each install script configures required dependencies, creates services, and prepares runtime configuration (e.g. DB, ElasticSearch, Node/Python environments, ffmpeg/Readium). This commit enables automated LXC provisioning and update flows for these apps.
