TubeArchivist uses TA_CACHE_DIR and TA_MEDIA_DIR directly as URL paths.
In Docker these are /cache and /youtube, matching nginx locations.
Our paths (/opt/tubearchivist/cache, /opt/tubearchivist/media) broke
video playback URLs and file downloads.
Create symlinks /cache and /youtube pointing to data dirs, set env vars
to match Docker defaults. Aligns nginx alias paths with official config.
The auth_request subrequest to /api/ping/ through the generic /api
location block doesn't properly forward cookies to the Django backend,
causing 403 for all /cache/ and /media/ requests.
Use a dedicated internal /_auth location that explicitly proxies to
/api/ping/ with Cookie header forwarding.
Beat service starts before manage.py migrate creates the
django_celery_beat tables, causing 'no such table' error.
Add ExecStartPre that waits for migration to complete by
polling the SQLite DB for the crontab table.
ExecStartPre runs Xvfb as a blocking foreground process, preventing
systemd from ever reaching ExecStart (timeout/failure).
Use xvfb-run wrapper to properly manage the virtual display.
Docker copies backend to /app, so APP_DIR=/app maps static/img/ correctly.
Our bare-metal install has backend at /opt/tubearchivist/backend/,
so TA_APP_DIR must point there for fallback thumbnails to resolve.
Fixes missing thumbnails, default-channel-banner.jpg not found error.
Update script migrates existing installs to the corrected path.
Next.js standalone output requires .next/static and public/ to be
copied manually into .next/standalone/ for CSS/JS to be served.
Also source .env before prisma generate in update script.
- Replace Caddy with Nginx (matches upstream Dockerfile)
- Add crypto.randomUUID polyfill in index.html for non-HTTPS access
(browsers only expose crypto.randomUUID in secure contexts)
- Apply polyfill also in update script
- Transmute: replace manual curl with fetch_and_deploy_gh_release prebuild
- Nametag: pass DATABASE_URL to prisma generate (config needs it at load time)
- OTBR: use apt nodejs/npm instead of setup_nodejs (only needed for cmake web build)
- Build from source via git clone + cmake/ninja
- Privileged container for network admin (iptables/ipset/tun)
- Web GUI on port 80, REST API, mDNS service discovery
- Configurable RCP device path in /etc/default/otbr-agent
- Git-based update with shallow fetch + rebuild
Raise default resources for DrawDB container: update ct/drawdb.sh to set var_ram from 2048 to 6144 and var_disk from 4 to 5 to allocate more memory and disk. Also adjust json/homelable.json formatting by expanding the categories array to multiple lines for readability; no functional metadata changes.
Browser uploads fail with ERR_CONNECTION_REFUSED because Museum returns
presigned S3 URLs with localhost:3200 — unreachable from the user's PC.
Changed all three S3 bucket endpoints to use LOCAL_IP:3200.
Museum encrypts emails before storing (encrypted_email column).
Cannot query by plaintext email. Instead select the first user_id
which is the admin user created during first-start setup.
Peer authentication fails when running as root but connecting as
user 'ente'. Use PGPASSWORD with -h 127.0.0.1 to force TCP/password
authentication instead of Unix socket peer auth.
Museum requires an S3-compatible object storage backend for file
uploads. The install script had dummy S3 credentials pointing to
localhost:3200 but no service was running there, causing HTTP 500
on /files/upload-url.
- Install MinIO binary with random password
- Create required buckets (b2-eu-cen, wasabi-eu-central-2-v3, scw-eu-fr-v3)
- Configure museum.yaml with proper S3 credentials and bucket names
- MinIO runs on port 3200 (API) and 3201 (console)
