feat(media): Configure Authelia OIDC for Immich and update Jellyfin

- Add Authelia OIDC configuration to Immich (.env) - Remove Tinyauth middleware comment from Immich compose - Update Jellyfin SSO comment to reference Authelia instead of Tinyauth - Enable NVIDIA GPU transcoding for Jellyfin
2025-12-12 23:17:04 +00:00 · 2025-12-12 23:17:04 +00:00 · 75bdad695f
commit 75bdad695f
parent a1824a4043
3 changed files with 25 additions and 14 deletions
--- a/compose/media/frontend/immich/.env
+++ b/compose/media/frontend/immich/.env
@ -10,7 +10,7 @@ DB_DATA_LOCATION=./postgres
 TZ=America/Los_Angeles

 # The Immich version to use. You can pin this to a specific version like "v1.71.0"
-IMMICH_VERSION=V2.1.0
+IMMICH_VERSION=V2.3.1

 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
@ -18,6 +18,17 @@ IMMICH_VERSION=V2.1.0
 # Example format: aB3dEf7HiJ9kLmN2oPqR5sTuV8wXyZ1
 DB_PASSWORD=changeme_please_set_secure_password

+# OAuth/OIDC Configuration (Authelia)
+# Docs: https://immich.app/docs/administration/oauth
+OAUTH_ENABLED=true
+OAUTH_ISSUER_URL=https://auth.fig.systems
+OAUTH_CLIENT_ID=immich
+OAUTH_CLIENT_SECRET=UXmLznRcvsyZexV0GUeJcJren7FwW8cr
+OAUTH_SCOPE=openid profile email
+OAUTH_BUTTON_TEXT=Login with Authelia
+OAUTH_AUTO_REGISTER=true
+OAUTH_AUTO_LAUNCH=false
+
 # The values below this line do not need to be changed
 ###################################################################################
 DB_USERNAME=postgres
--- a/compose/media/frontend/immich/compose.yaml
+++ b/compose/media/frontend/immich/compose.yaml
@ -45,7 +45,6 @@ services:
      traefik.http.routers.immich.tls.certresolver: letsencrypt
      traefik.http.services.immich.loadbalancer.server.port: 2283
      # Optional: Enable SSO (note: Immich has its own user management)
-      # traefik.http.routers.immich.middlewares: tinyauth

  immich-machine-learning:
    container_name: immich_machine_learning
--- a/compose/media/frontend/jellyfin/compose.yaml
+++ b/compose/media/frontend/jellyfin/compose.yaml
@ -8,6 +8,9 @@ services:
    image: lscr.io/linuxserver/jellyfin:latest
    env_file:
      - .env
+    environment:
+      - NVIDIA_VISIBLE_DEVICES=all
+      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
    volumes:
      - ./config:/config
      - ./cache:/cache
@ -37,19 +40,17 @@ services:
      homarr.icon: simple-icons:jellyfin

      # Note: Jellyfin has its own auth system, SSO middleware disabled by default
-      # Uncomment the line below to enable SSO (requires users to auth via tinyauth first)
-      # traefik.http.routers.jellyfin.middlewares: tinyauth
+      # Uncomment the line below to enable SSO (requires users to auth via Authelia first)

-    # Uncomment for NVIDIA GPU transcoding (GTX 1070)
-    # Requires NVIDIA Container Toolkit installed on host
-    # runtime: nvidia
-    # deploy:
-    #   resources:
-    #     reservations:
-    #       devices:
-    #         - driver: nvidia
-    #           count: all
-    #           capabilities: [gpu]
+    # NVIDIA GPU transcoding (GTX 1070)
+    runtime: nvidia
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: all
+              capabilities: [gpu]

 networks:
  homelab: