From c9dfaaf7d81fb9397a3dbee0dc1edbbff37d8efc Mon Sep 17 00:00:00 2001 From: Christian Heimlich Date: Fri, 4 Jul 2025 07:11:27 -0400 Subject: [PATCH 1/3] fix: Country/language code mixup for subtitles A couple sections in the documentation erroneously refer to a subtitle related parameter needing to be an ISO 3166 country code, when they actually are supposed to be an ISO 639 language code. --- mkdocs/docs/search.md | 2 +- mkdocs/docs/settings/actions.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mkdocs/docs/search.md b/mkdocs/docs/search.md index 65bf0b0..55fea12 100644 --- a/mkdocs/docs/search.md +++ b/mkdocs/docs/search.md @@ -65,7 +65,7 @@ Clicking the play button on the thumbnail will open the in-place player at the t Narrow down your search with these secondary keywords: -- `lang`: Search for matches only within a language. Use the same two letter ISO country code as you have set on the settings page. +- `lang`: Search for matches only within a language. Use the same two letter ISO 639 language code as you have set on the settings page. - `source`: Can either be *auto* to search through auto generated subtitles only or *user* to search through user uploaded subtitles only. **Example**: diff --git a/mkdocs/docs/settings/actions.md b/mkdocs/docs/settings/actions.md index 161c268..3726a4d 100644 --- a/mkdocs/docs/settings/actions.md +++ b/mkdocs/docs/settings/actions.md @@ -71,7 +71,7 @@ If the video you are trying to import is not available on YouTube any more, **Tu - The file `.info.json` is required to extract the required information. - Add the thumbnail as `.`, where valid file extensions are *.jpg*, *.png* or *.webp*. If there is no thumbnail file, **Tube Archivist** will try to extract the embedded cover from the media file or will fallback to a default thumbnail. -- Add subtitles as `..vtt` where *lang* is the two letter ISO country code. This will archive all subtitle files you add to the import folder, independent from your configurations. Subtitles can be archived and used in the player, but they can't be indexed or made searchable due to the fact, that they have a very different structure than the subtitles as **Tube Archivist** needs them. +- Add subtitles as `..vtt` where *lang* is the appropriate two letter ISO 639 language code. This will archive all subtitle files you add to the import folder, independent from your configurations. Subtitles can be archived and used in the player, but they can't be indexed or made searchable due to the fact, that they have a very different structure than the subtitles as **Tube Archivist** needs them. - For videos, where the whole channel is not available any more, you can add the `.info.json` file as generated by *youtube-dl/yt-dlp* to get the full metadata. Alternatively **Tube Archivist** will extract as much info as possible from the video info.json file. ### Some notes: From f9776a2c4a915c74f8f3994dc2990ed5cc110c73 Mon Sep 17 00:00:00 2001 From: Craig Alexander Date: Thu, 31 Jul 2025 10:53:30 -0400 Subject: [PATCH 2/3] Add docs for TA_AUTO_UPDATE_YTDLP (#64) * Add docs for TA_AUTO_UPDATE_YTDLP * Remove old update instructions * fix relative link --------- Co-authored-by: Simon --- mkdocs/docs/advanced.md | 22 +--------------------- mkdocs/docs/installation/env-vars.md | 8 ++++++++ 2 files changed, 9 insertions(+), 21 deletions(-) diff --git a/mkdocs/docs/advanced.md b/mkdocs/docs/advanced.md index 24d8fbc..a85f6f0 100644 --- a/mkdocs/docs/advanced.md +++ b/mkdocs/docs/advanced.md @@ -126,27 +126,7 @@ Then you can restart the container and the migration will run again. If your err This project strives for timely updates when yt-dlp makes a new release, but sometimes ideals meet reality. Also, sometimes yt-dlp has a fix published, but not yet released. -**Build your own image**: Update the version in `requirements.txt` and rebuild the image from `Dockerfile`. This will use your own image, even on container rebuild. - -**Update yt-dlp on its own**: You can also update the yt-dlp library alone in the container. - -- Restart your container for changes to take effect. -- These changes won't persist a container rebuild from image. - -Update to newest regular yt-dlp release: - -```bash -pip install --upgrade yt-dlp -``` - -To update to nightly you'll have to specify the correct `--target` folder: -```bash -pip install \ - --upgrade \ - --target=/root/.local/bin \ - https://github.com/yt-dlp/yt-dlp/archive/master.tar.gz -``` -This is obviously particularly likely to create problems. Also note that the `--version` command will only show the latest regular release, not a nightly version mentioned. +To update, set the [TA_AUTO_UPDATE_YTDLP](installation/env-vars.md#ta_auto_update_ytdlp) environment variable and restart your container. If this makes things worse and you wish to undo the update, unset the variable and recreate your container. ## Erase errors from download queue Sometimes videos will fail to download. That can be because of expected errors: diff --git a/mkdocs/docs/installation/env-vars.md b/mkdocs/docs/installation/env-vars.md index ae58a0a..decb1af 100644 --- a/mkdocs/docs/installation/env-vars.md +++ b/mkdocs/docs/installation/env-vars.md @@ -81,6 +81,14 @@ Configure TA to authenticate with a auth proxy. See [configuration/forward-auth] Type: Boolean Configure TA to use LDAP for authentication. See [configuration/ldap](../configuration/ldap.md) for more details. +## TA_AUTO_UPDATE_YTDLP +Optional +Type: String +Configure TA to automatically install the latest yt-dlp on container start. Enable by setting to `release` or `nightly` depending on which version you would like to install. + +!!! warning "Potential Incompatibility" + Future versions of yt-dlp may not be compatible with your current Tube Archivist version. If you encounter errors while downloading, remove the value and recreate your container to restore the default version. + ## DISABLE_STATIC_AUTH Optional Type: Boolean From 29bc7e896783cb6f90545bc4b6f0d6481ab16a9f Mon Sep 17 00:00:00 2001 From: joshrivers Date: Thu, 31 Jul 2025 07:59:53 -0700 Subject: [PATCH 3/3] LDAP automatic user privilege promotion (#66) * LDAP automatic lazy user privilege promotion: TA_LDAP_PROMOTE_USERNAMES_* * clarification of default value in fwd auth --------- Co-authored-by: Simon --- mkdocs/docs/configuration/forward-auth.md | 10 +++++----- mkdocs/docs/configuration/ldap.md | 8 +++++++- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/mkdocs/docs/configuration/forward-auth.md b/mkdocs/docs/configuration/forward-auth.md index 936de89..d167dc7 100644 --- a/mkdocs/docs/configuration/forward-auth.md +++ b/mkdocs/docs/configuration/forward-auth.md @@ -14,7 +14,7 @@ Note that this automatically creates new users in the database if they do not al | :-------------------- | :-------- | :-------- | :------------ | | `TA_LOGIN_AUTH_MODE` | `single` | `forwardauth` | Selects authentication backends. See potential values below. Overrides `TA_LDAP`/`TA_ENABLE_AUTH_PROXY`. | | `TA_ENABLE_AUTH_PROXY` | `null` | `true` | *deprecated* (see below) Set to anything besides empty string to use forward proxy authentication. | -| `TA_AUTH_PROXY_USERNAME_HEADER`| `null` | `HTTP_REMOTE_USER` | The name of the request header that the auth proxy passes to the proxied application (**Tube Archivist** in this case), so that the application can identify the user. The format of this variable's value can vary depending on the specific header and version of Tube Archivist used.[^1] Check the documentation of your auth proxy for how to configure the forwarding of header.[^2] | +| `TA_AUTH_PROXY_USERNAME_HEADER`| `HTTP_REMOTE_USER` | `X-MYPROXY-USER` | The name of the request header that the auth proxy passes to the proxied application (**Tube Archivist** in this case), so that the application can identify the user. The format of this variable's value can vary depending on the specific header and version of Tube Archivist used.[^1] Check the documentation of your auth proxy for how to configure the forwarding of header.[^2] | | `TA_AUTH_PROXY_LOGOUT_URL` | `null` | | The URL that **Tube Archivist** should redirect to after a logout. By default, the logout redirects to the login URL, which means the user will be automatically authenticated again. Instead, you might want to configure the logout URL of the auth proxy here. | [^1]: @@ -24,18 +24,18 @@ Note that this automatically creates new users in the database if they do not al [^2]: For Authentik behind NPM Proxy Manager: - + 1. Set the 'TA_AUTH_PROXY_USERNAME_HEADER' TO: - `TA_AUTH_PROXY_USERNAME_HEADER=X_AUTHENTIK_USERNAME` (without the HTTP_ prefix, unless using an older version of Tube Archivist, see above) - 2. In NPM Proxy Manager in the advance tab of your Proxy host modify the default sections of the setup script that was pulled from your proxy provider that starts with: '# This section should be uncommented when the "Send HTTP Basic authentication" option is + 2. In NPM Proxy Manager in the advance tab of your Proxy host modify the default sections of the setup script that was pulled from your proxy provider that starts with: '# This section should be uncommented when the "Send HTTP Basic authentication" option is enabled in the proxy provider' with the following: THIS: # auth_request_set $authentik_auth $upstream_http_authorization; # proxy_set_header Authorization $authentik_auth; - - BECOMES THIS: + + BECOMES THIS: # auth_request_set $authentik_username $upstream_http_x_authentik_username; # proxy_set_header X-Authentik-Username $authentik_username; diff --git a/mkdocs/docs/configuration/ldap.md b/mkdocs/docs/configuration/ldap.md index 2120158..7507ea5 100644 --- a/mkdocs/docs/configuration/ldap.md +++ b/mkdocs/docs/configuration/ldap.md @@ -14,6 +14,8 @@ You can enable and configure LDAP with the following environment variables: | `TA_LDAP_USER_ATTR_MAP_EMAIL` | `mail` |`mail` | Bind attribute used to match LDAP user's EMail address | | `TA_LDAP_USER_BASE` | `null` | `ou=users,dc=your-server` | Search base for user filter. | | `TA_LDAP_USER_FILTER` | `null` | `(objectClass=user)` | Filter for valid users. Login usernames are matched using the attribute specified in `TA_LDAP_USER_ATTR_MAP_USERNAME` and should not be specified in this filter. | +| `TA_LDAP_PROMOTE_USERNAMES_TO_SUPERUSER` | `null` | `alice,bob` | Comma separated list of users (matched based on TA_LDAP_USER_ATTR_MAP_USERNAME) which will automatically be promoted to superuser when they login. Users given superuser access will also be given staff permissions. | +| `TA_LDAP_PROMOTE_USERNAMES_TO_STAFF` | `null` | `lisa,tom` | Comma separated list of users (matched based on TA_LDAP_USER_ATTR_MAP_USERNAME) which will automatically be promoted to staff when they login. | ## Auth Login Modes @@ -37,7 +39,11 @@ For installations which require secure enforcement of LDAP-only credentials, use LDAP modes automatically create new users in the database if they do not already exist. -If those accounts are successfully authenticated using this method, they will not have administrative rights to the Dashboard (including ability to add downloads). To fix this, the preferred method is to switch to `ldap_local` and add privileges as described in the next section. +If those accounts are successfully authenticated using this method, they will not have administrative rights to the Dashboard (including ability to add downloads). There are two options for providing LDAP users permissions for downloading videos or performing user administration: +- Use `ldap_local` mode and add privileges as described in the next section. +- Use `TA_LDAP_PROMOTE_USERNAMES_TO_SUPERUSER` and `TA_LDAP_PROMOTE_USERNAMES_TO_STAFF` to configure TA to promote known usernames to have additional privileges when they first login. + +The `TA_LDAP_PROMOTE_USERNAMES_*` settings are based on the username matched in the `TA_LDAP_USER_ATTR_MAP_USERNAME` setting. Some configurations may allow a user to login with multiple alternative "usernames" based on LDAP attributes, but only the matched username will be promoted. ### LDAP + Local Considerations