From 75bdad695fe27316a87f55bc019523ec041081ed Mon Sep 17 00:00:00 2001 From: Eduardo Figueroa Date: Fri, 12 Dec 2025 23:17:04 +0000 Subject: [PATCH] feat(media): Configure Authelia OIDC for Immich and update Jellyfin - Add Authelia OIDC configuration to Immich (.env) - Remove Tinyauth middleware comment from Immich compose - Update Jellyfin SSO comment to reference Authelia instead of Tinyauth - Enable NVIDIA GPU transcoding for Jellyfin --- compose/media/frontend/immich/.env | 13 +++++++++- compose/media/frontend/immich/compose.yaml | 1 - compose/media/frontend/jellyfin/compose.yaml | 25 ++++++++++---------- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/compose/media/frontend/immich/.env b/compose/media/frontend/immich/.env index 9ceb713..6ab8cd2 100644 --- a/compose/media/frontend/immich/.env +++ b/compose/media/frontend/immich/.env @@ -10,7 +10,7 @@ DB_DATA_LOCATION=./postgres TZ=America/Los_Angeles # The Immich version to use. You can pin this to a specific version like "v1.71.0" -IMMICH_VERSION=V2.1.0 +IMMICH_VERSION=V2.3.1 # Connection secret for postgres. You should change it to a random password # Please use only the characters `A-Za-z0-9`, without special characters or spaces @@ -18,6 +18,17 @@ IMMICH_VERSION=V2.1.0 # Example format: aB3dEf7HiJ9kLmN2oPqR5sTuV8wXyZ1 DB_PASSWORD=changeme_please_set_secure_password +# OAuth/OIDC Configuration (Authelia) +# Docs: https://immich.app/docs/administration/oauth +OAUTH_ENABLED=true +OAUTH_ISSUER_URL=https://auth.fig.systems +OAUTH_CLIENT_ID=immich +OAUTH_CLIENT_SECRET=UXmLznRcvsyZexV0GUeJcJren7FwW8cr +OAUTH_SCOPE=openid profile email +OAUTH_BUTTON_TEXT=Login with Authelia +OAUTH_AUTO_REGISTER=true +OAUTH_AUTO_LAUNCH=false + # The values below this line do not need to be changed ################################################################################### DB_USERNAME=postgres diff --git a/compose/media/frontend/immich/compose.yaml b/compose/media/frontend/immich/compose.yaml index 523cedb..d51c941 100644 --- a/compose/media/frontend/immich/compose.yaml +++ b/compose/media/frontend/immich/compose.yaml @@ -45,7 +45,6 @@ services: traefik.http.routers.immich.tls.certresolver: letsencrypt traefik.http.services.immich.loadbalancer.server.port: 2283 # Optional: Enable SSO (note: Immich has its own user management) - # traefik.http.routers.immich.middlewares: tinyauth immich-machine-learning: container_name: immich_machine_learning diff --git a/compose/media/frontend/jellyfin/compose.yaml b/compose/media/frontend/jellyfin/compose.yaml index ea83ce5..2af80a5 100644 --- a/compose/media/frontend/jellyfin/compose.yaml +++ b/compose/media/frontend/jellyfin/compose.yaml @@ -8,6 +8,9 @@ services: image: lscr.io/linuxserver/jellyfin:latest env_file: - .env + environment: + - NVIDIA_VISIBLE_DEVICES=all + - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility volumes: - ./config:/config - ./cache:/cache @@ -37,19 +40,17 @@ services: homarr.icon: simple-icons:jellyfin # Note: Jellyfin has its own auth system, SSO middleware disabled by default - # Uncomment the line below to enable SSO (requires users to auth via tinyauth first) - # traefik.http.routers.jellyfin.middlewares: tinyauth + # Uncomment the line below to enable SSO (requires users to auth via Authelia first) - # Uncomment for NVIDIA GPU transcoding (GTX 1070) - # Requires NVIDIA Container Toolkit installed on host - # runtime: nvidia - # deploy: - # resources: - # reservations: - # devices: - # - driver: nvidia - # count: all - # capabilities: [gpu] + # NVIDIA GPU transcoding (GTX 1070) + runtime: nvidia + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: all + capabilities: [gpu] networks: homelab: