feat(media): Configure Authelia OIDC for Immich and update Jellyfin

- Add Authelia OIDC configuration to Immich (.env)
- Remove Tinyauth middleware comment from Immich compose
- Update Jellyfin SSO comment to reference Authelia instead of Tinyauth
- Enable NVIDIA GPU transcoding for Jellyfin

compose/media/frontend/immich/.env

@@ -10,7 +10,7 @@ DB_DATA_LOCATION=./postgres
 TZ=America/Los_Angeles
 
 # The Immich version to use. You can pin this to a specific version like "v1.71.0"
-IMMICH_VERSION=V2.1.0
+IMMICH_VERSION=V2.3.1
 
 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
@@ -18,6 +18,17 @@ IMMICH_VERSION=V2.1.0
 # Example format: aB3dEf7HiJ9kLmN2oPqR5sTuV8wXyZ1
 DB_PASSWORD=changeme_please_set_secure_password
 
+# OAuth/OIDC Configuration (Authelia)
+# Docs: https://immich.app/docs/administration/oauth
+OAUTH_ENABLED=true
+OAUTH_ISSUER_URL=https://auth.fig.systems
+OAUTH_CLIENT_ID=immich
+OAUTH_CLIENT_SECRET=UXmLznRcvsyZexV0GUeJcJren7FwW8cr
+OAUTH_SCOPE=openid profile email
+OAUTH_BUTTON_TEXT=Login with Authelia
+OAUTH_AUTO_REGISTER=true
+OAUTH_AUTO_LAUNCH=false
+
 # The values below this line do not need to be changed
 ###################################################################################
 DB_USERNAME=postgres

compose/media/frontend/immich/compose.yaml

@@ -45,7 +45,6 @@ services:
       traefik.http.routers.immich.tls.certresolver: letsencrypt
       traefik.http.services.immich.loadbalancer.server.port: 2283
       # Optional: Enable SSO (note: Immich has its own user management)
-      # traefik.http.routers.immich.middlewares: tinyauth
 
   immich-machine-learning:
     container_name: immich_machine_learning

compose/media/frontend/jellyfin/compose.yaml

@@ -8,6 +8,9 @@ services:
     image: lscr.io/linuxserver/jellyfin:latest
     env_file:
       - .env
+    environment:
+      - NVIDIA_VISIBLE_DEVICES=all
+      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
     volumes:
       - ./config:/config
       - ./cache:/cache
@@ -37,19 +40,17 @@ services:
       homarr.icon: simple-icons:jellyfin
 
       # Note: Jellyfin has its own auth system, SSO middleware disabled by default
-      # Uncomment the line below to enable SSO (requires users to auth via tinyauth first)
+      # Uncomment the line below to enable SSO (requires users to auth via Authelia first)
-      # traefik.http.routers.jellyfin.middlewares: tinyauth
 
-    # Uncomment for NVIDIA GPU transcoding (GTX 1070)
+    # NVIDIA GPU transcoding (GTX 1070)
-    # Requires NVIDIA Container Toolkit installed on host
+    runtime: nvidia
-    # runtime: nvidia
+    deploy:
-    # deploy:
+      resources:
-    #   resources:
+        reservations:
-    #     reservations:
+          devices:
-    #       devices:
+            - driver: nvidia
-    #         - driver: nvidia
+              count: all
-    #           count: all
+              capabilities: [gpu]
-    #           capabilities: [gpu]
 
 networks:
   homelab: