bench setup production generates supervisor.conf but doesn't
symlink it into /etc/supervisor/conf.d/. Without the link,
supervisord has no programs and gunicorn never starts (502).
Add: symlink + supervisorctl reread/update after bench setup.
bench setup role spawns a subprocess that checks for ansible on
PATH. The binaries are inside the uv venv and not discoverable.
Symlink ansible* to /usr/local/bin/ to make them available.
bench setup production internally runs:
sudo <uv-venv-python> -m pip install ansible
but uv tool environments don't include pip by default.
Fix: run ensurepip + pip install ansible before bench setup
production to satisfy the dependency.
- bench init internally invokes sudo for system operations
- frappe user has no password, causing 'Sorry, try again' hang
- Add /etc/sudoers.d/frappe with NOPASSWD:ALL
- bench setup production requires root (is_root check) - was failing as frappe user
- Add nginx and supervisor as apt dependencies for production setup
- Remove custom erpnext.service - bench manages gunicorn+workers via supervisor
- Port 8000 → 80 (nginx reverse proxy)
- Fix bench update in CT to run as frappe user with proper PATH
- MariaDB uses unix_socket auth - frappe user can't connect as MySQL root
- Set proper password and pass via --db-root-password to bench new-site
- Store DB_ROOT_PASSWORD in .env for reference
Create a dedicated 'frappe' user and run all bench/uv commands as that user. Chown /opt, install frappe-bench and perform bench init, get-app and new-site via sudo -u frappe (preserving PATH), and run 'bench setup production frappe --yes'. Update the systemd service to User=frappe so Gunicorn and bench processes do not run as root, improving security and isolation.
- tubearchivist: backend on 8100 behind nginx on 8000 (was both 8000)
- jitsi: URI=download.jitsi.org suite=stable/ component=empty for flat repo
- erpnext: use CI=1 and FRAPPE_ALLOW_SUPERUSER=1 (not BENCH_ALLOW_SUPERUSER)
uv tool install frappe-bench places the bench executable in
~/.local/bin which is not on PATH by default, causing 'command
not found' (exit 127) when running bench init.
Add container templates, install scripts and metadata for six applications: BirdNET-Go, ERPNext, Jitsi Meet, Storybook, Storyteller and Tube Archivist. New files include ct/* scripts (container templates and update handlers), install/* scripts (installation and systemd service setup, dependency installation and build steps) and json/* metadata entries (app catalog data, default resources, ports and notes). Each install script configures required dependencies, creates services, and prepares runtime configuration (e.g. DB, ElasticSearch, Node/Python environments, ffmpeg/Readium). This commit enables automated LXC provisioning and update flows for these apps.
