Fleet requires Redis for live queries, async jobs, and distributed
locking. Without it the fleet serve process fails on startup.
- Install redis-server package
- Add FLEET_REDIS_ADDRESS=127.0.0.1:6379 to .env
- Add redis-server.service to systemd After/Requires
- Enable redis-server alongside fleet service
Puter: protocol was missing from config.json, causing origin to be
computed as 'undefined://IP:4100'. All API/WebSocket URLs inherited
this broken value, making the frontend unable to load.
Fleet: MySQL APT repo requires Debian 12 (Bookworm), not 13.
Puter requires services.database.engine in config.json. When the
config file is auto-generated it includes this, but our custom config
was missing it, causing: 'Must specify engine for service database'
and cascade failure of all services depending on the DB.
Next.js pre-renders pages during build. With POSTGRES_URL exported,
Server Components try to query DB tables that don't exist yet
(migrations run after build), causing the build to hang indefinitely.
Docker build does NOT set POSTGRES_URL and sets CI=true to skip env
validation. Match that behavior.
MariaDB fails on migration 20240905200000_UninstallPackages due to
SQL syntax incompatibility (MODIFY COLUMN ... NULL). Use real MySQL
with manual DB setup instead of setup_mariadb_db.
- Fix event_store.yaml migration path for LXC environment
- Add doctrine:database:create for both connections
- Run separate migrations for read_model and event_store entity managers
- Add messenger:setup-transports to create messenger_messages table
- Use $STD for all console commands
- Fix admin email in creds file
The single quotes around the spinel+hdlc+forkpty URL in the comment
example become part of the value when users copy it into the
double-quoted OTBR_AGENT_OPTS string, causing 'spinel interface name
is not supported' error.
- slink: APP_ENV and APP_SECRET not present in .env.example, sed patterns
never matched → Symfony defaulted to dev mode → WebProfilerBundle crash
(not installed with --no-dev). Now appends APP_ENV=prod + APP_SECRET.
- fleet: use setup_mariadb_db helper instead of manual SQL, reference
MARIADB_DB_PASS, depend on mariadb.service
Lychee's .env.example has '#DB_DATABASE=' (commented out). The sed
pattern '^DB_DATABASE=' didn't match, so Laravel fell back to the
default database name 'forge'. Use '^#\?DB_DATABASE=' to match both
commented and uncommented lines.
- fleet: use setup_mariadb instead of setup_mysql (MariaDB works fine for
Fleet and avoids MySQL repo complexity on trixie)
- tools.func: add missing mysql) case block to manage_tool_repository
(was causing 'Unknown tool repository: mysql' error)
- kan: write .env before build, source it + export for build-time validation
instead of inline exports (cleaner, consistent with codebase pattern)
- puter: set domain to container IP + experimental_no_subdomain so Puter
accepts Host header when accessed via raw IP (default puter.localhost
rejects all non-matching hosts)
- openthread-br: add socat dep for TCP adapters, add --vendor-name/--model-name
(mandatory), bind REST API to 0.0.0.0:8081, configure otbr-web to listen on
all interfaces, update TCP example with socat forkpty pattern
- kan: export BETTER_AUTH_SECRET and POSTGRES_URL before build (required by
@t3-oss/env-nextjs zod validation at build time)
- mysql: remove MariaDB-on-trixie workaround (MySQL repo now has trixie packages),
update GPG key from RPM-GPG-KEY-mysql-2023 to RPM-GPG-KEY-mysql-2025
puter: create config.json with allow_nipio_domains to fix 'Invalid Host Header' on LAN
slink: replace $STD with plain redirects on fallible console commands (silent() hard-exits before || true)
slink: add ORIGIN env var via EnvironmentFile for SvelteKit CSRF to allow LAN login
- Set ADMIN_EMAIL/ADMIN_PASSWORD so admin user is created on first boot
- Generate JWT keypair for authentication to work
- Run doctrine:migrations:migrate for DB schema
- Save credentials to ~/slink.creds
- nginx: add exact-match location for /uploads (no trailing slash)
to handle S3 presigned POST URLs from Plane's storage backend
- ct: fix curl -s to curl -fsSL for consistency with other scripts
TubeArchivist uses TA_CACHE_DIR and TA_MEDIA_DIR directly as URL paths.
In Docker these are /cache and /youtube, matching nginx locations.
Our paths (/opt/tubearchivist/cache, /opt/tubearchivist/media) broke
video playback URLs and file downloads.
Create symlinks /cache and /youtube pointing to data dirs, set env vars
to match Docker defaults. Aligns nginx alias paths with official config.
The auth_request subrequest to /api/ping/ through the generic /api
location block doesn't properly forward cookies to the Django backend,
causing 403 for all /cache/ and /media/ requests.
Use a dedicated internal /_auth location that explicitly proxies to
/api/ping/ with Cookie header forwarding.
