Add container templates, install scripts, and metadata for Baserow, LabCA, and LobeHub. New ct/*.sh scripts provide container build and update logic (fetching GitHub releases, backup/restore, build steps). New install/*.sh scripts install dependencies, configure PostgreSQL/Node/uv/PNPM as needed, run migrations, and create systemd services for each app. Corresponding json/*.json entries add metadata (ports, resource defaults, docs, and notes) for UI/registry integration.
Debian auto-starts nginx on install with default config (port 80).
'enable --now' is a no-op if already running. Use explicit restart
to pick up our port 8000 config.
ES snapshot repo defaults to Docker path /usr/share/elasticsearch/data/snapshot
but our elasticsearch.yml uses path.repo: /var/lib/elasticsearch/snapshot.
Add ES_SNAPSHOT_DIR=/var/lib/elasticsearch/snapshot to match.
run.sh needs env vars (TA_CACHE_DIR etc) before Django starts.
- Add set -a/source .env in run.sh so vars are available
- Symlink .env to backend/ so Django's load_dotenv('.env') finds it
- Fixes 'unable to open database file' (CACHE_DIR defaulting to /cache)
Move Django management commands (migrate, collectstatic, ta_envcheck,
ta_connection, ta_startup) into run.sh startup wrapper that:
- Waits up to 60s for ElasticSearch to be healthy
- Runs all init commands before starting uvicorn
- Matches Docker's run.sh approach
This fixes ta_startup failing during install because ES wasn't ready.
The commands now run at every service start with ES readiness check.
TubeArchivist requires nginx to serve the frontend SPA and proxy API
requests to Django. Without nginx, only API routes work.
Changes:
- Add nginx with config matching Docker's nginx.conf (port 8000)
- Add TA_APP_DIR, TA_CACHE_DIR, TA_MEDIA_DIR env vars for bare-metal paths
- Run Django migrate, collectstatic, ta_envcheck, ta_connection, ta_startup
- Add celery worker + beat scheduler as separate systemd services
- Fix interface port from 8080 to 8000 (nginx)
- Add migrations step to update script
PG_DB_PASS is auto-generated by setup_postgresql_db and stored in
.env. No user-facing credentials are generated - accounts are
created via the web UI.
bench setup production generates supervisor.conf but doesn't
symlink it into /etc/supervisor/conf.d/. Without the link,
supervisord has no programs and gunicorn never starts (502).
Add: symlink + supervisorctl reread/update after bench setup.
bench setup role spawns a subprocess that checks for ansible on
PATH. The binaries are inside the uv venv and not discoverable.
Symlink ansible* to /usr/local/bin/ to make them available.
bench setup production internally runs:
sudo <uv-venv-python> -m pip install ansible
but uv tool environments don't include pip by default.
Fix: run ensurepip + pip install ansible before bench setup
production to satisfy the dependency.
The build creates /opt/teable/static/ as a real directory.
ln -sf on an existing directory creates the symlink INSIDE it
instead of replacing it. Must rm -rf first.
Build process reorganizes apps/nestjs-backend/static/ creating a
nested static/static/{plugin,system} structure. The code resolves
paths like 'static/system/automation-robot.png' relative to cwd,
so the symlink must point to the inner static/ directory.
Adds fallback: checks for nested structure first, falls back to
direct path if not present.
- NestJS backend expects /opt/teable/static/ at workspace root
- Actual files live in apps/nestjs-backend/static/
- Fixes ENOENT on automation-robot.png during startup
- bench init internally invokes sudo for system operations
- frappe user has no password, causing 'Sorry, try again' hang
- Add /etc/sudoers.d/frappe with NOPASSWD:ALL
- cp -r creates nested dirs when target already exists (sqlite/sqlite/)
- cp -rT merges source contents INTO the target directory
- mkdir -p ensures target dirs exist before merge
- Fixes uuid.c.so not being found in standalone/web/sqlite/
- NestJS backend serves both API and Next.js frontend on port 3000
- PostgreSQL 16 with Prisma ORM for database management
- pnpm monorepo build with NODE_OPTIONS=8192MB heap
- Symlink /app -> /opt/teable for upstream compatibility
- 4 CPU / 10GB RAM / 25GB disk (heavy build process)
- net.core.rmem_max and netdev_max_backlog are kernel params
- Unprivileged LXC containers cannot modify /proc/sys/net/core/*
- These are optional performance tunings, not required for Jitsi
- bench setup production requires root (is_root check) - was failing as frappe user
- Add nginx and supervisor as apt dependencies for production setup
- Remove custom erpnext.service - bench manages gunicorn+workers via supervisor
- Port 8000 → 80 (nginx reverse proxy)
- Fix bench update in CT to run as frappe user with proper PATH
- cp migrations/ and sqlite/ (dlopen needs real files, not symlinks)
- symlink .env into standalone working directory
- Fixes standalone mode missing database and config files
- MariaDB uses unix_socket auth - frappe user can't connect as MySQL root
- Set proper password and pass via --db-root-password to bench new-site
- Store DB_ROOT_PASSWORD in .env for reference
- NODE_OPTIONS=--max-old-space-size=4096 to cap V8 heap during yarn install/build
- Restore \ prefixes removed by formatter
- RAM 8192 -> 10240 in JSON
- yarn install --network-timeout 600000 for large monorepo fetch
Prosody 13.x from prosody.im requires Lua 5.2+ but Debian 12 only has
Lua 5.1. Debian's own prosody (0.12.x) is compatible and satisfies
jitsi-meet's >= 0.12.0 dependency.
Create a dedicated 'frappe' user and run all bench/uv commands as that user. Chown /opt, install frappe-bench and perform bench init, get-app and new-site via sudo -u frappe (preserving PATH), and run 'bench setup production frappe --yes'. Update the systemd service to User=frappe so Gunicorn and bench processes do not run as root, improving security and isolation.
- WorkingDirectory: web/.next/standalone/web (not .next/standalone/web)
- CI=1 to prevent interactive prompts during yarn build
- Copy .next/static and public into standalone output
- tubearchivist: backend on 8100 behind nginx on 8000 (was both 8000)
- jitsi: URI=download.jitsi.org suite=stable/ component=empty for flat repo
- erpnext: use CI=1 and FRAPPE_ALLOW_SUPERUSER=1 (not BENCH_ALLOW_SUPERUSER)
Align defaults to Debian 12 and remove the explicit Java setup call from the installer. Updated ct/jitsi-meet.sh to default var_version to 12, json/jitsi.json to reflect version "12", and removed the `JAVA_VERSION=17 setup_java` line from install/jitsi-meet-install.sh so Java is no longer forced by the installer.
Small fixes and improvements to installer scripts:
- storybook-install.sh: make npx non-interactive (add -y) and cd into the detected project path before writing .projectpath to ensure generated files land in the project directory.
- storyteller-install.sh: replace manual Readium curl/chmod flow with fetch_and_deploy_gh_release helper for consistent deployment; keep symlink to /usr/local/bin/readium.
- tubearchivist-install.sh: set ES_JAVA_OPTS during elasticsearch install to limit heap (-Xms1g -Xmx1g) and explicitly disable xpack transport/http SSL in the config to avoid local SSL requirements.
These changes improve automation reliability and resource/config defaults during automated installs.
uv tool install frappe-bench places the bench executable in
~/.local/bin which is not on PATH by default, causing 'command
not found' (exit 127) when running bench init.
Add ffmpeg to the apt packages installed by install/birdnet-install.sh and remove the now-unnecessary setup_ffmpeg invocation. Also apply a minor whitespace change to json/birdnet.json (remove trailing newline).
Add container templates, install scripts and metadata for six applications: BirdNET-Go, ERPNext, Jitsi Meet, Storybook, Storyteller and Tube Archivist. New files include ct/* scripts (container templates and update handlers), install/* scripts (installation and systemd service setup, dependency installation and build steps) and json/* metadata entries (app catalog data, default resources, ports and notes). Each install script configures required dependencies, creates services, and prepares runtime configuration (e.g. DB, ElasticSearch, Node/Python environments, ffmpeg/Readium). This commit enables automated LXC provisioning and update flows for these apps.
Create a /data symlink to /opt/matter-server/data (remove existing symlink if present) and update the matter-server systemd ExecStart to use /data and /data/credentials so storage can be mounted externally. Also clean up step-ca install script formatting: fix sed -i spacing, collapse the while loop header, and normalize indentation for whiptail and step-ca command lines (no functional behavior changes).
