Refactor mirror logic in misc/build.func and misc/install.func to prefer regional Debian mirrors (detected from /etc/timezone), shuffle mirror lists, and include additional AP region hosts. Add quick TCP reachability checks, limit consecutive mirror failures, and surface clearer status messages. On repeated failures, prompt interactively for a custom mirror (with validation) and handle pct exec exit codes to present more informative errors and retry behavior.
When apt-get update fails, switch from disabling hash verification/insecure repos to trying a list of alternate Debian mirrors. Updated misc/build.func to iterate a curated mirror list, rewrite /etc/apt/sources.list* to point to each mirror, and attempt apt-get update/install until one succeeds (exiting with failure if all mirrors fail). Updated misc/install.func to perform a similar mirror-rotation loop and return an error if no mirror succeeds. Also adjusted warning/error messages to reflect the new behavior. This improves resilience against repo desyncs without enabling insecure apt settings.
Replace the previous multi-step APT retry sequence (mirror swaps, sleeps, multiple retries) with a simpler fallback: on apt-get update failure disable Acquire::By-Hash, enable Acquire::AllowInsecureRepositories and attempt updates/installs using --allow-insecure-repositories/--allow-unauthenticated where needed. Restore secure settings and refresh lists afterwards, and preserve/propagate the original command exit status. Apply the same simplification in misc/build.func, misc/install.func and the Proxmox LXC cron updater (tools/pve/update-lxcs-cron.sh) to handle Debian repo desyncs more reliably and reduce complex retry logic.
Display an installation summary (including downloaded script SHA256, source, install path, config, log file, and cron schedule) and make script review optional before install. Add an interactive View menu to inspect the installed worker script, cron configuration, or both; implement view_worker_script, view_cron_config (shows cron entry, human-readable schedule, config contents and excluded patterns, and log file size), and cron_to_human helper. Also update prompt wording and the View option description.
Add robust retry logic for APT operations in misc/build.func and misc/install.func. Introduces an apt_retry helper and multiple fallback steps: disable by-hash, switch to a country mirror (ftp.de.debian.org), wait and retry to allow mirror sync, and as a last resort temporarily relax APT verification to allow insecure repositories to complete updates. Ensures cleanup and restores secure settings where possible, with clearer failure handling and messages to increase resilience of package installation during container builds and installs.
tools/pve/cron-update-lxcs.sh: add show_status, run_now and rotate_log functions; expose new menu options (Status, Run, Rotate) and enlarge menu. Consolidate license line formatting.
tools/pve/update-lxcs-cron.sh: tighten variable scoping, improve ostype detection and logging, add fallback for hostname, handle unknown OS types, harden apt workflow (retry with By-Hash workaround and refresh lists), skip template containers correctly, add error reporting on container updates, and use a timed shutdown. Update author/license header.
Overall: adds manual control and status/log rotation to the cron manager and makes the container updater more robust and safer for Debian/Ubuntu-based containers.
Improve APT retry logic to handle failures caused by by-hash/CDN issues. Both misc/build.func and misc/install.func now write an apt config to disable Acquire::By-Hash, remove /var/lib/apt/lists/* and retry apt-get update/install; if that still fails they substitute deb.debian.org with ftp.debian.org as a fallback. This makes container builds and package updates more robust against CDN/hash-related apt failures.
Set PYTHONPATH and run manage.py migrate for Baserow so backend, premium, and enterprise source packages are discovered during migrations. In the LobeHub installer, copy all files from scripts/migrateServerDB into the .next/standalone directory (instead of only docker.cjs) so required migration and helper files are included.
Add container templates, install scripts, and metadata for Baserow, LabCA, and LobeHub. New ct/*.sh scripts provide container build and update logic (fetching GitHub releases, backup/restore, build steps). New install/*.sh scripts install dependencies, configure PostgreSQL/Node/uv/PNPM as needed, run migrations, and create systemd services for each app. Corresponding json/*.json entries add metadata (ports, resource defaults, docs, and notes) for UI/registry integration.
Debian auto-starts nginx on install with default config (port 80).
'enable --now' is a no-op if already running. Use explicit restart
to pick up our port 8000 config.
ES snapshot repo defaults to Docker path /usr/share/elasticsearch/data/snapshot
but our elasticsearch.yml uses path.repo: /var/lib/elasticsearch/snapshot.
Add ES_SNAPSHOT_DIR=/var/lib/elasticsearch/snapshot to match.
run.sh needs env vars (TA_CACHE_DIR etc) before Django starts.
- Add set -a/source .env in run.sh so vars are available
- Symlink .env to backend/ so Django's load_dotenv('.env') finds it
- Fixes 'unable to open database file' (CACHE_DIR defaulting to /cache)
Move Django management commands (migrate, collectstatic, ta_envcheck,
ta_connection, ta_startup) into run.sh startup wrapper that:
- Waits up to 60s for ElasticSearch to be healthy
- Runs all init commands before starting uvicorn
- Matches Docker's run.sh approach
This fixes ta_startup failing during install because ES wasn't ready.
The commands now run at every service start with ES readiness check.
TubeArchivist requires nginx to serve the frontend SPA and proxy API
requests to Django. Without nginx, only API routes work.
Changes:
- Add nginx with config matching Docker's nginx.conf (port 8000)
- Add TA_APP_DIR, TA_CACHE_DIR, TA_MEDIA_DIR env vars for bare-metal paths
- Run Django migrate, collectstatic, ta_envcheck, ta_connection, ta_startup
- Add celery worker + beat scheduler as separate systemd services
- Fix interface port from 8080 to 8000 (nginx)
- Add migrations step to update script
PG_DB_PASS is auto-generated by setup_postgresql_db and stored in
.env. No user-facing credentials are generated - accounts are
created via the web UI.
bench setup production generates supervisor.conf but doesn't
symlink it into /etc/supervisor/conf.d/. Without the link,
supervisord has no programs and gunicorn never starts (502).
Add: symlink + supervisorctl reread/update after bench setup.
bench setup role spawns a subprocess that checks for ansible on
PATH. The binaries are inside the uv venv and not discoverable.
Symlink ansible* to /usr/local/bin/ to make them available.
