mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 01:23:24 +00:00 
			
		
		
		
	Compare commits
	
		
			204 Commits
		
	
	
		
			b2024fa7c1
			...
			element-ca
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | d5c24fcafe | ||
|  | 4d61cc571b | ||
|  | 9c24064fb6 | ||
|  | a757b515fb | ||
|  | ba9cedbeda | ||
|  | 4a638c2df3 | ||
|  | 155d5dad38 | ||
|  | 6b8a3fc891 | ||
|  | 3ea1ea2f34 | ||
|  | d3913a015e | ||
|  | ac7f96806d | ||
|  | b8d800f6ef | ||
|  | 2c1c49444a | ||
|  | 6bc0185d50 | ||
|  | a0470fe248 | ||
|  | d4ceebc6a9 | ||
|  | 6a86de958f | ||
|  | d9df022d55 | ||
|  | 676f9dd9ad | ||
|  | 251561ff81 | ||
|  | 1e60f41a59 | ||
|  | f8e84c4b2f | ||
|  | 3f5e8f656b | ||
|  | 72118f2f03 | ||
|  | 585377975b | ||
|  | 22ef579444 | ||
|  | 32f8c6de6e | ||
|  | 370feb740f | ||
|  | 9a11e5e1fe | ||
|  | 8291b2f99d | ||
|  | 890f10f765 | ||
|  | 031cf68cbb | ||
|  | 5961841e52 | ||
|  | 2be4923aef | ||
|  | 23efad9cb7 | ||
|  | 6b55ba29ab | ||
|  | 0d1112638d | ||
|  | c3c2ba34b4 | ||
|  | 0215708f79 | ||
|  | e1b57f3d45 | ||
|  | de2a8f11d2 | ||
|  | 2a69ca35be | ||
|  | 72d64cfa6b | ||
|  | f161c7c58f | ||
|  | 6c6b44dc25 | ||
|  | 8eb1c57e2b | ||
|  | 61069d6313 | ||
|  | 74d6a99b1e | ||
|  | 81a30f17ac | ||
|  | 413d591562 | ||
|  | 7572522820 | ||
|  | 0b9389fd64 | ||
|  | 9a8a569431 | ||
|  | bb403e1aee | ||
|  | 74fbacbd9f | ||
|  | 5642755273 | ||
|  | bb925f4782 | ||
|  | c57d0d192d | ||
|  | 006920882c | ||
|  | 69d702643f | ||
|  | 252ca52f60 | ||
|  | 3f52cec25c | ||
|  | 7a6fcaa402 | ||
|  | 394fdca066 | ||
|  | f0466d5a99 | ||
|  | be7271760e | ||
|  | 8b84eb6390 | ||
|  | 3e86adac0d | ||
|  | 721fb39aa2 | ||
|  | 783d4a23f8 | ||
|  | fa4ebd2a64 | ||
|  | 79ae704a24 | ||
|  | c07b093902 | ||
|  | c321ca160e | ||
|  | 164be875b0 | ||
|  | 0f23e36e12 | ||
|  | 83bb546c64 | ||
|  | 3783922275 | ||
|  | 66cc36466c | ||
|  | ec41c1aba5 | ||
|  | df6ef106d1 | ||
|  | eb048da8a1 | ||
|  | ccb29beb30 | ||
|  | 32ea60fdc5 | ||
|  | 25a8cb3b4a | ||
|  | 55da5c3213 | ||
|  | 925ebfbd4b | ||
|  | 88d4668450 | ||
|  | 1838a541ae | ||
|  | 1e82530080 | ||
|  | 82127830b3 | ||
|  | 85c0ffa9e1 | ||
|  | b691f39d39 | ||
|  | 10df145101 | ||
|  | fa2a913d39 | ||
|  | e18b28136c | ||
|  | 1906d61c39 | ||
|  | b7e0a41134 | ||
|  | a03f5985a5 | ||
|  | 1e6698cb99 | ||
|  | f684719b2a | ||
|  | a6e3203398 | ||
|  | 2b4fdea70f | ||
|  | 6c8923ae28 | ||
|  | 9691577b22 | ||
|  | 46109565e1 | ||
|  | 4acb025130 | ||
|  | e421852af5 | ||
|  | 5507fb3bab | ||
|  | 9864996aad | ||
|  | dbbaae4fbe | ||
|  | d53c2428b8 | ||
|  | f98a505df8 | ||
|  | d5aabc85be | ||
|  | 7cdec5f251 | ||
|  | fd2f505b34 | ||
|  | 812b57cfaa | ||
|  | b7b8ed573b | ||
|  | 97f93ebd76 | ||
|  | 8cb7deff15 | ||
|  | 71dff50a65 | ||
|  | 58a9642e8c | ||
|  | 3de399025f | ||
|  | e952ba1c3a | ||
|  | 8cb3e33bbf | ||
|  | b907777ae5 | ||
|  | cb41fb02ae | ||
|  | 31a138a6ba | ||
|  | 6143ad7ffa | ||
|  | f762048a8d | ||
|  | 93650cf20e | ||
|  | 9dbee212d8 | ||
|  | 1167e1ec13 | ||
|  | f036e18789 | ||
|  | a274d32c6d | ||
|  | 5db9a5c061 | ||
|  | 2492672025 | ||
|  | a0917fa283 | ||
|  | 8b172cc194 | ||
|  | 63133d6599 | ||
|  | 5b8dcf32d5 | ||
|  | 14614cb211 | ||
|  | 3c084e17d2 | ||
|  | 089c5f14c8 | ||
|  | b6571fc4fd | ||
|  | 6d6f9ab853 | ||
|  | 5730dbfc6e | ||
|  | c14f9cdcb5 | ||
|  | 805b726c6d | ||
|  | 5f49433f6c | ||
|  | 510cfb2dac | ||
|  | 1721e85195 | ||
|  | 25909b1029 | ||
|  | 3264408758 | ||
|  | dd96b93d89 | ||
|  | df4bf4a0c9 | ||
|  | 2f2cb8962e | ||
|  | d2e2781d3b | ||
|  | 80763804f9 | ||
|  | 1d7a60055c | ||
|  | 2cf471075d | ||
|  | 6a519bb053 | ||
|  | f0632b20eb | ||
|  | 5cc9c70ba6 | ||
|  | e34e5da9a4 | ||
|  | 656d4275bc | ||
|  | 6ef304b118 | ||
|  | 85be68946c | ||
|  | 3f6c327da2 | ||
|  | ba54e549c4 | ||
|  | f2acc7430d | ||
|  | 9cb236da30 | ||
|  | f38d6a0d88 | ||
|  | ac1295ac45 | ||
|  | bc2ed60762 | ||
|  | f7621283fd | ||
|  | e31e688a41 | ||
|  | a533ec4204 | ||
|  | f16ca24408 | ||
|  | e910d09ff1 | ||
|  | bc9658c06b | ||
|  | 45c8a61f04 | ||
|  | 954d46cfd7 | ||
|  | dfeca192ab | ||
|  | f306a47b83 | ||
|  | becdb0810c | ||
|  | 37fd2e701d | ||
|  | 68cc1f4b2b | ||
|  | 5efc189293 | ||
|  | 02479e8bec | ||
|  | 0eef094f2b | ||
|  | 16ed788b3f | ||
|  | 6364101410 | ||
|  | 81735503f8 | ||
|  | 8644a7383e | ||
|  | ce827e7953 | ||
|  | c93d30bcb8 | ||
|  | 90ea758c3b | ||
|  | 350d4d4bcd | ||
|  | fc6357a089 | ||
|  | 60f34cd7af | ||
|  | d1ba784dde | ||
|  | 434157eb98 | ||
|  | 6594cce570 | 
							
								
								
									
										13
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,3 +1,16 @@ | |||||||
|  | # 2025-03-15 | ||||||
|  |  | ||||||
|  | ## Element Call support | ||||||
|  |  | ||||||
|  | The playbook now supports [Element Call](https://github.com/element-hq/element-call) as an optional feature. Thanks to [wjbeckett](https://github.com/wjbeckett) for getting us started via [PR#3562](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562). | ||||||
|  |  | ||||||
|  | Element Call is a native Matrix video conferencing application developed by [Element](https://element.io/) that has the goal of replacing [Jitsi](./docs/configuring-playbook-jitsi.md) and the old WebRTC stack used in previous Element versions. | ||||||
|  |  | ||||||
|  | 💡 For now, Element Call is only supported with the [Synapse](docs/configuring-playbook-synapse.md) homeserver (with [federation](docs/configuring-playbook-federation.md) enabled) and [Element Web](docs/configuring-playbook-client-element-web.md) and Element X mobile clients. See the [Prerequisites](docs/configuring-playbook-element-call.md#prerequisites) section of the [Element Call documentation](docs/configuring-playbook-element-call.md) for more details. | ||||||
|  |  | ||||||
|  | To get started, see the [Configuring Element Call](docs/configuring-playbook-element-call.md) documentation page. | ||||||
|  |  | ||||||
|  |  | ||||||
| # 2025-03-08 | # 2025-03-08 | ||||||
|  |  | ||||||
| ## 6️⃣ IPv6 support enablement recommended by default | ## 6️⃣ IPv6 support enablement recommended by default | ||||||
|   | |||||||
| @@ -80,6 +80,8 @@ Services that run on the server to make the various parts of your installation w | |||||||
| | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) | | | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) | | ||||||
| | [ma1sd](https://github.com/ma1uta/ma1sd) | ❌ | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md) | | [ma1sd](https://github.com/ma1uta/ma1sd) | ❌ | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md) | ||||||
| | [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) | | | [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) | | ||||||
|  | | [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) | | ||||||
|  | | [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) | | ||||||
|  |  | ||||||
| ### Authentication | ### Authentication | ||||||
|  |  | ||||||
| @@ -185,6 +187,7 @@ Various services that don't fit any other categories. | |||||||
| | [Pantalaimon](https://github.com/matrix-org/pantalaimon) | ❌ | E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) | | | [Pantalaimon](https://github.com/matrix-org/pantalaimon) | ❌ | E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) | | ||||||
| | [Sygnal](https://github.com/matrix-org/sygnal) | ❌ | Push gateway | [Link](docs/configuring-playbook-sygnal.md) | | | [Sygnal](https://github.com/matrix-org/sygnal) | ❌ | Push gateway | [Link](docs/configuring-playbook-sygnal.md) | | ||||||
| | [ntfy](https://ntfy.sh) | ❌ | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) | | | [ntfy](https://ntfy.sh) | ❌ | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) | | ||||||
|  | | [Element Call](https://github.com/element-hq/element-call) | ❌ | A native Matrix video conferencing application | [Link](docs/configuring-playbook-element-call.md) | | ||||||
|  |  | ||||||
| ## 🆕 Changes | ## 🆕 Changes | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										82
									
								
								docs/configuring-playbook-element-call.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										82
									
								
								docs/configuring-playbook-element-call.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,82 @@ | |||||||
|  | <!-- | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | --> | ||||||
|  |  | ||||||
|  | # Setting up Element Call (optional) | ||||||
|  |  | ||||||
|  | The playbook can install and configure [Element Call](https://github.com/element-hq/element-call) for you. | ||||||
|  |  | ||||||
|  | Element Call is a native Matrix video conferencing application developed by [Element](https://element.io), designed for secure, scalable, privacy-respecting, and decentralized video and voice calls over the Matrix protocol. Built on MatrixRTC ([MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)), it utilizes [MSC4195](https://github.com/hughns/matrix-spec-proposals/blob/hughns/matrixrtc-livekit/proposals/4195-matrixrtc-livekit.md) with [LiveKit Server](configuring-playbook-livekit-server.md) as its backend. | ||||||
|  |  | ||||||
|  | See the project's [documentation](https://github.com/element-hq/element-call) to learn more. | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below) | ||||||
|  | - [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146)) | ||||||
|  | - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled) | ||||||
|  | - A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when Element Call is enabled) | ||||||
|  | - The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when Element Call is enabled) | ||||||
|  | - A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android). | ||||||
|  |  | ||||||
|  | > [!WARNING] | ||||||
|  | >  Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**. | ||||||
|  |  | ||||||
|  | ## Decide on a domain and path | ||||||
|  |  | ||||||
|  | By default, Element Call is configured to be served on the `call.element.example.com` domain. | ||||||
|  |  | ||||||
|  | If you'd like to run Element Call on another hostname, see the [Adjusting the Element Call URL](#adjusting-the-element-call-url-optional) section below. | ||||||
|  |  | ||||||
|  | ## Adjusting DNS records | ||||||
|  |  | ||||||
|  | By default, this playbook installs Element Call on the `call.element.` subdomain (`call.element.example.com`) and requires you to create a `CNAME` record for `call.element`, which targets `matrix.example.com`. | ||||||
|  |  | ||||||
|  | When setting these values, replace `example.com` with your own. | ||||||
|  |  | ||||||
|  | All dependency services for Element Call ([LiveKit Server](configuring-playbook-livekit-server.md) and [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md)) are installed and configured automatically by the playbook. By default, these services are installed on subpaths on the `matrix.` domain (e.g. `/livekit-server`, `/livekit-jwt-service`), so no DNS record adjustments are required for them. | ||||||
|  |  | ||||||
|  | ## Adjusting firewall rules | ||||||
|  |  | ||||||
|  | In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section. | ||||||
|  |  | ||||||
|  | ## Adjusting the playbook configuration | ||||||
|  |  | ||||||
|  | Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | matrix_element_call_enabled: true | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Adjusting the Element Call URL (optional) | ||||||
|  |  | ||||||
|  | By tweaking the `matrix_element_call_hostname` variable, you can easily make the service available at a **different hostname** than the default one. | ||||||
|  |  | ||||||
|  | Example additional configuration for your `vars.yml` file: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | matrix_element_call_hostname: element-call.example.com | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | > [!WARNING] | ||||||
|  | > A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084). | ||||||
|  |  | ||||||
|  | ## Installing | ||||||
|  |  | ||||||
|  | After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below: | ||||||
|  |  | ||||||
|  | <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. --> | ||||||
|  | ```sh | ||||||
|  | ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all` | ||||||
|  |  | ||||||
|  | `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too. | ||||||
|  |  | ||||||
|  | ## Usage | ||||||
|  |  | ||||||
|  | Once installed, Element Call integrates seamlessly with Matrix clients like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android). | ||||||
| @@ -20,6 +20,8 @@ The playbook can install and configure the [Jitsi](https://jitsi.org/) video-con | |||||||
|  |  | ||||||
| Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app. | Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app. | ||||||
|  |  | ||||||
|  | 💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application. | ||||||
|  |  | ||||||
| The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via: | The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via: | ||||||
| - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online | - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online | ||||||
| - 📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) | - 📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) | ||||||
|   | |||||||
							
								
								
									
										47
									
								
								docs/configuring-playbook-jwt-service.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								docs/configuring-playbook-jwt-service.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,47 @@ | |||||||
|  | <!-- | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | --> | ||||||
|  |  | ||||||
|  | # Setting up JWT Service (optional) | ||||||
|  |  | ||||||
|  | The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service) for you. | ||||||
|  |  | ||||||
|  | LK-JWT-Service is currently used for a single reason: generate JWT tokens with a given identity for a given room, so that users can use them to authenticate against LiveKit SFU. | ||||||
|  |  | ||||||
|  | See the project's [documentation](https://github.com/element-hq/lk-jwt-service/) to learn more. | ||||||
|  |  | ||||||
|  | ## Decide on a domain and path | ||||||
|  |  | ||||||
|  | By default, JWT Service is configured to be served: | ||||||
|  |  | ||||||
|  | - on the Matrix domain (`matrix.example.com`), configurable via `matrix_livekit_jwt_service_hostname` | ||||||
|  | - under a `/livekit-jwt-service` path prefix, configurable via `matrix_livekit_jwt_service_path_prefix` | ||||||
|  |  | ||||||
|  | This makes it easy to set it up, **without** having to adjust your DNS records manually. | ||||||
|  |  | ||||||
|  | ## Adjusting DNS records | ||||||
|  |  | ||||||
|  | If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. | ||||||
|  |  | ||||||
|  | ## Adjusting the playbook configuration | ||||||
|  |  | ||||||
|  | Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | matrix_livekit_jwt_service_enabled: true | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Installing | ||||||
|  |  | ||||||
|  | After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all` | ||||||
|  |  | ||||||
|  | ## Usage | ||||||
|  |  | ||||||
|  | Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the Element Web client to point to your JWT service URL (e.g., `https://matrix.example.com/livekit-jwt-service`). | ||||||
|  |  | ||||||
|  | ## Additional Information | ||||||
|  |  | ||||||
|  | Refer to the LiveKit JWT-Service documentation for more details on configuring and using JWT Service. | ||||||
							
								
								
									
										18
									
								
								docs/configuring-playbook-livekit-jwt-service.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								docs/configuring-playbook-livekit-jwt-service.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | |||||||
|  | <!-- | ||||||
|  | SPDX-FileCopyrightText: 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | --> | ||||||
|  |  | ||||||
|  | # Setting up LiveKit JWT Service (optional) | ||||||
|  |  | ||||||
|  | The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service/) for you. | ||||||
|  |  | ||||||
|  | This is a helper component that allows [Element Call](configuring-playbook-element-call.md) to integrate with [LiveKit Server](configuring-playbook-livekit-server.md). | ||||||
|  |  | ||||||
|  | 💡 LiveKit JWT Service is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra. | ||||||
|  |  | ||||||
|  | Take a look at: | ||||||
|  |  | ||||||
|  | - `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file | ||||||
|  | - `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration. | ||||||
							
								
								
									
										28
									
								
								docs/configuring-playbook-livekit-server.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								docs/configuring-playbook-livekit-server.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | |||||||
|  | <!-- | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | --> | ||||||
|  |  | ||||||
|  | # Setting up LiveKit Server (optional) | ||||||
|  |  | ||||||
|  | The playbook can install and configure [LiveKit Server](https://github.com/livekit/livekit) for you. | ||||||
|  |  | ||||||
|  | LiveKit Server is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications. | ||||||
|  |  | ||||||
|  | 💡 LiveKit Server is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra. | ||||||
|  |  | ||||||
|  | The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via: | ||||||
|  | - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online | ||||||
|  | - 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) | ||||||
|  |  | ||||||
|  | ## Adjusting firewall rules | ||||||
|  |  | ||||||
|  | To ensure LiveKit Server functions correctly, the following firewall rules and port forwarding settings are required: | ||||||
|  |  | ||||||
|  | - `7881/tcp`: ICE/TCP | ||||||
|  |  | ||||||
|  | - `7882/udp`: ICE/UDP Mux | ||||||
|  |  | ||||||
|  | 💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly. | ||||||
| @@ -237,6 +237,12 @@ Services that help you in administrating and monitoring your Matrix installation | |||||||
|  |  | ||||||
| Various services that don't fit any other categories. | Various services that don't fit any other categories. | ||||||
|  |  | ||||||
|  | - [Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application (optional) | ||||||
|  |  | ||||||
|  | - [Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (optional) | ||||||
|  |  | ||||||
|  | - [Setting up LiveKit Server](configuring-playbook-livekit-server.md) (optional) | ||||||
|  |  | ||||||
| - [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) | - [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) | ||||||
|  |  | ||||||
| - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers | - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers | ||||||
|   | |||||||
| @@ -54,6 +54,8 @@ Services that run on the server to make the various parts of your installation w | |||||||
| | [Exim](configuring-playbook-email.md) | [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | | | [Exim](configuring-playbook-email.md) | [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | | ||||||
| | [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server | | | [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server | | ||||||
| | [ddclient](configuring-playbook-dynamic-dns.md) | [linuxserver/ddclient](https://hub.docker.com/r/linuxserver/ddclient) | ❌ | Update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider | | | [ddclient](configuring-playbook-dynamic-dns.md) | [linuxserver/ddclient](https://hub.docker.com/r/linuxserver/ddclient) | ❌ | Update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider | | ||||||
|  | | [LiveKit Server](configuring-playbook-livekit-server.md) | [livekit/livekit-server](https://hub.docker.com/r/livekit/livekit-server/) | ❌ | WebRTC server for audio/video calls | | ||||||
|  | | [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md) | [element-hq/lk-jwt-service](https://ghcr.io/element-hq/lk-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | | ||||||
|  |  | ||||||
| ## Authentication | ## Authentication | ||||||
|  |  | ||||||
| @@ -167,6 +169,7 @@ Various services that don't fit any other categories. | |||||||
| | [Pantalaimon](configuring-playbook-pantalaimon.md) | [matrixdotorg/pantalaimon](https://hub.docker.com/r/matrixdotorg/pantalaimon) | ❌ | E2EE aware proxy daemon | | | [Pantalaimon](configuring-playbook-pantalaimon.md) | [matrixdotorg/pantalaimon](https://hub.docker.com/r/matrixdotorg/pantalaimon) | ❌ | E2EE aware proxy daemon | | ||||||
| | [Sygnal](configuring-playbook-sygnal.md) | [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) | ❌ | Reference Push Gateway for Matrix | | | [Sygnal](configuring-playbook-sygnal.md) | [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) | ❌ | Reference Push Gateway for Matrix | | ||||||
| | [ntfy](configuring-playbook-ntfy.md) | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) | ❌ | Self-hosted, UnifiedPush-compatible push notifications server | | | [ntfy](configuring-playbook-ntfy.md) | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) | ❌ | Self-hosted, UnifiedPush-compatible push notifications server | | ||||||
|  | | [Element Call](configuring-playbook-element-call.md) | [element-hq/element-call](https://ghcr.io/element-hq/element-call) | ❌ | A native Matrix video conferencing application | | ||||||
|  |  | ||||||
| ## Container images of deprecated / unmaintained services | ## Container images of deprecated / unmaintained services | ||||||
|  |  | ||||||
|   | |||||||
| @@ -447,6 +447,12 @@ devture_systemd_service_manager_services_list_auto: | | |||||||
|     + |     + | ||||||
|     ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) |     ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) | ||||||
|     + |     + | ||||||
|  |     ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else []) | ||||||
|  |     + | ||||||
|  |     ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else []) | ||||||
|  |     + | ||||||
|  |     ([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else []) | ||||||
|  |     + | ||||||
|     ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) |     ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) | ||||||
|     + |     + | ||||||
|     ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) |     ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) | ||||||
| @@ -4533,7 +4539,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | | |||||||
| # | # | ||||||
| ###################################################################### | ###################################################################### | ||||||
|  |  | ||||||
| valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) }}" | valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) or matrix_element_call_enabled }}" | ||||||
|  |  | ||||||
| valkey_identifier: matrix-valkey | valkey_identifier: matrix-valkey | ||||||
|  |  | ||||||
| @@ -4605,6 +4611,14 @@ matrix_client_element_enable_presence_by_hs_url: |- | |||||||
|  |  | ||||||
| matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" | matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" | ||||||
|  |  | ||||||
|  | matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}" | ||||||
|  | matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}" | ||||||
|  | matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}" | ||||||
|  | matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}" | ||||||
|  |  | ||||||
|  | matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}" | ||||||
|  | matrix_client_element_element_call_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}" | ||||||
|  |  | ||||||
| ###################################################################### | ###################################################################### | ||||||
| # | # | ||||||
| # /matrix-client-element | # /matrix-client-element | ||||||
| @@ -4920,6 +4934,8 @@ matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}" | |||||||
| matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}" | matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}" | ||||||
| matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}" | matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}" | ||||||
|  |  | ||||||
|  | matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_element_call_enabled }}" | ||||||
|  |  | ||||||
| matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" | matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" | ||||||
| matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}" | matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}" | ||||||
| matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}" | matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}" | ||||||
| @@ -4928,6 +4944,10 @@ matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_ | |||||||
|  |  | ||||||
| matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" | matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" | ||||||
|  |  | ||||||
|  | matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_element_call_enabled }}" | ||||||
|  |  | ||||||
|  | matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_element_call_enabled }}" | ||||||
|  |  | ||||||
| # Disable password authentication when delegating authentication to Matrix Authentication Service. | # Disable password authentication when delegating authentication to Matrix Authentication Service. | ||||||
| # Unless this is done, Synapse fails on startup with: | # Unless this is done, Synapse fails on startup with: | ||||||
| # > Error in configuration at 'password_config.enabled': | # > Error in configuration at 'password_config.enabled': | ||||||
| @@ -6117,8 +6137,18 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ | |||||||
| # See: https://github.com/etkecc/synapse-admin/pull/126 | # See: https://github.com/etkecc/synapse-admin/pull/126 | ||||||
| matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}" | matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}" | ||||||
|  |  | ||||||
|  | matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}" | ||||||
|  | matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |- | ||||||
|  |   {{ | ||||||
|  |     ( | ||||||
|  |       [{'type': 'livekit', 'livekit_service_url': matrix_livekit_jwt_service_public_url}] if matrix_livekit_jwt_service_enabled else [] | ||||||
|  |     ) | ||||||
|  |   }} | ||||||
|  |  | ||||||
| matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" | matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" | ||||||
|  |  | ||||||
|  | matrix_static_files_file_element_element_json_property_call_widget_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}" | ||||||
|  |  | ||||||
| matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" | matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" | ||||||
|  |  | ||||||
| matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}" | matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}" | ||||||
| @@ -6231,3 +6261,124 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai | |||||||
| # /traefik_certs_dumper                                                # | # /traefik_certs_dumper                                                # | ||||||
| #                                                                      # | #                                                                      # | ||||||
| ######################################################################## | ######################################################################## | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # matrix-element-call                                                  # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  | matrix_element_call_enabled: false | ||||||
|  |  | ||||||
|  | matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" | ||||||
|  |  | ||||||
|  | matrix_element_call_container_network: "{{ matrix_addons_container_network }}" | ||||||
|  |  | ||||||
|  | matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" | ||||||
|  |  | ||||||
|  | matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" | ||||||
|  | matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" | ||||||
|  | matrix_element_call_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" | ||||||
|  | matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" | ||||||
|  |  | ||||||
|  | matrix_element_call_config_livekit_livekit_service_url: "{{ matrix_livekit_jwt_service_public_url if matrix_livekit_jwt_service_enabled else '' }}" | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # /matrix-element-call                                                 # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # livekit-server                                                       # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  | livekit_server_enabled: "{{ matrix_element_call_enabled }}" | ||||||
|  |  | ||||||
|  | livekit_server_identifier: matrix-livekit-server | ||||||
|  |  | ||||||
|  | livekit_server_uid: "{{ matrix_user_uid }}" | ||||||
|  | livekit_server_gid: "{{ matrix_user_gid }}" | ||||||
|  |  | ||||||
|  | livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" | ||||||
|  |  | ||||||
|  | livekit_server_hostname: "{{ matrix_server_fqn_matrix }}" | ||||||
|  | livekit_server_path_prefix: "/livekit-server" | ||||||
|  |  | ||||||
|  | livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" | ||||||
|  |  | ||||||
|  | livekit_server_container_network: "{{ matrix_addons_container_network }}" | ||||||
|  | livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" | ||||||
|  |  | ||||||
|  | livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" | ||||||
|  | livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" | ||||||
|  | livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" | ||||||
|  | livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" | ||||||
|  |  | ||||||
|  | livekit_server_config_keys_auto: |- | ||||||
|  |   {{ | ||||||
|  |     {} | ||||||
|  |     | combine( | ||||||
|  |       {matrix_livekit_jwt_service_environment_variable_livekit_key: matrix_livekit_jwt_service_environment_variable_livekit_secret} | ||||||
|  |       if matrix_livekit_jwt_service_enabled else {} | ||||||
|  |     ) | ||||||
|  |   }} | ||||||
|  |  | ||||||
|  | # The playbook intentionally uses a non-standard port than the default used by the role (5349), | ||||||
|  | # because Coturn is already using that port. | ||||||
|  | # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`. | ||||||
|  | livekit_server_config_turn_tls_port: 5350 | ||||||
|  |  | ||||||
|  | # The playbook intentionally uses a non-standard port than the default used by the role (3478), | ||||||
|  | # because Coturn is already using that port. | ||||||
|  | # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`. | ||||||
|  | livekit_server_config_turn_udp_port: 3479 | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # /livekit-server                                                      # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # matrix-livekit-jwt-service                                           # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_enabled: "{{ matrix_element_call_enabled and livekit_server_enabled }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_hostname: "{{ matrix_server_fqn_matrix }}" | ||||||
|  | matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_additional_networks_auto: | | ||||||
|  |   {{ | ||||||
|  |     ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_jwt_service_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else []) | ||||||
|  |   }} | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_url: "{{ livekit_server_websocket_public_url }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.key', rounds=655555) | to_uuid }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}" | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # /matrix-livekit-jwt-service                                          # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|   | |||||||
| @@ -27,6 +27,9 @@ | |||||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git | - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git | ||||||
|   version: v10078-1-0 |   version: v10078-1-0 | ||||||
|   name: jitsi |   name: jitsi | ||||||
|  | - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git | ||||||
|  |   version: v1.8.4-2 | ||||||
|  |   name: livekit_server | ||||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git | - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git | ||||||
|   version: v2.11.0-4 |   version: v2.11.0-4 | ||||||
|   name: ntfy |   name: ntfy | ||||||
|   | |||||||
| @@ -215,6 +215,67 @@ matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_w | |||||||
| # URL to Wallpaper, shown in background of welcome page | # URL to Wallpaper, shown in background of welcome page | ||||||
| matrix_client_element_branding_welcome_background_url: ~  # noqa var-naming | matrix_client_element_branding_welcome_background_url: ~  # noqa var-naming | ||||||
|  |  | ||||||
|  | # Controls the `features` section of the Element Web configuration. | ||||||
|  | matrix_client_element_features: "{{ matrix_client_element_features_default | combine(matrix_client_element_features_auto, recursive=True) | combine(matrix_client_element_features_custom, recursive=True) }}" | ||||||
|  | matrix_client_element_features_default: |- | ||||||
|  |   {{ | ||||||
|  |     {} | ||||||
|  |  | ||||||
|  |     | combine( | ||||||
|  |       {'feature_video_rooms': true} if matrix_client_element_features_feature_video_rooms else {} | ||||||
|  |     ) | ||||||
|  |     | combine( | ||||||
|  |       {'feature_group_calls': true} if matrix_client_element_features_feature_group_calls else {} | ||||||
|  |     ) | ||||||
|  |     | combine( | ||||||
|  |       {'feature_element_call_video_rooms': true} if matrix_client_element_features_feature_element_call_video_rooms else {} | ||||||
|  |     ) | ||||||
|  |     | combine( | ||||||
|  |       {'feature_oidc_native_flow': true} if matrix_client_element_features_feature_oidc_native_flow else {} | ||||||
|  |     ) | ||||||
|  |   }} | ||||||
|  |  | ||||||
|  | matrix_client_element_features_auto: {} | ||||||
|  | matrix_client_element_features_custom: {} | ||||||
|  |  | ||||||
|  | matrix_client_element_features_feature_video_rooms: false | ||||||
|  | matrix_client_element_features_feature_group_calls: false | ||||||
|  | matrix_client_element_features_feature_element_call_video_rooms: false | ||||||
|  | matrix_client_element_features_feature_oidc_native_flow: false | ||||||
|  |  | ||||||
|  | matrix_client_element_element_call_enabled: false | ||||||
|  | matrix_client_element_element_call: "{{ matrix_client_element_element_call_default | combine(matrix_client_element_element_call_auto, recursive=True) | combine(matrix_client_element_element_call_custom, recursive=True) }}" | ||||||
|  | matrix_client_element_element_call_default: |- | ||||||
|  |   {{ | ||||||
|  |     {} | ||||||
|  |     | combine( | ||||||
|  |       {'url': matrix_client_element_element_call_url} if matrix_client_element_element_call_url else {} | ||||||
|  |     ) | ||||||
|  |     | combine( | ||||||
|  |       {'participant_limit': matrix_client_element_element_call_participant_limit} if matrix_client_element_element_call_participant_limit else {} | ||||||
|  |     ) | ||||||
|  |     | combine( | ||||||
|  |       {'brand': matrix_client_element_element_call_brand} if matrix_client_element_element_call_brand else {} | ||||||
|  |     ) | ||||||
|  |     | combine( | ||||||
|  |       {'use_exclusively': matrix_client_element_element_call_use_exclusively} if matrix_client_element_element_call_use_exclusively else {} | ||||||
|  |     ) | ||||||
|  |   }} | ||||||
|  | matrix_client_element_element_call_auto: {} | ||||||
|  | matrix_client_element_element_call_custom: {} | ||||||
|  |  | ||||||
|  | # Controls the `element_call.url` setting in the Element Web configuration. | ||||||
|  | matrix_client_element_element_call_url: '' | ||||||
|  |  | ||||||
|  | # Controls the `element_call.participant_limit` setting in the Element Web configuration. | ||||||
|  | matrix_client_element_element_call_participant_limit: 8 | ||||||
|  |  | ||||||
|  | # Controls the `element_call.brand` setting in the Element Web configuration. | ||||||
|  | matrix_client_element_element_call_brand: "Element Call" | ||||||
|  |  | ||||||
|  | # Controls the `element_call.use_exclusively` setting in the Element Web configuration. | ||||||
|  | matrix_client_element_element_call_use_exclusively: true | ||||||
|  |  | ||||||
| matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" | matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" | ||||||
|  |  | ||||||
| # By default, there's no Element Web homepage (when logged in). If you wish to have one, | # By default, there's no Element Web homepage (when logged in). If you wish to have one, | ||||||
|   | |||||||
| @@ -45,5 +45,7 @@ | |||||||
| 		"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, | 		"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, | ||||||
| 		"auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, | 		"auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, | ||||||
| 		"welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} | 		"welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} | ||||||
| 	} | 	}, | ||||||
|  | 	"features": {{ matrix_client_element_features | to_json }}, | ||||||
|  | 	"element_call": {{ (matrix_client_element_element_call if matrix_client_element_element_call_enabled else {}) | to_json }} | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										145
									
								
								roles/custom/matrix-element-call/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										145
									
								
								roles/custom/matrix-element-call/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,145 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | # Element Call is a native Matrix video conferencing application developed by Element. | ||||||
|  | # Project source code URL: https://github.com/element-hq/element-call | ||||||
|  |  | ||||||
|  | matrix_element_call_enabled: false | ||||||
|  |  | ||||||
|  | matrix_element_call_version: v0.7.2 | ||||||
|  |  | ||||||
|  | matrix_element_call_scheme: https | ||||||
|  |  | ||||||
|  | matrix_element_call_hostname: "call.{{ matrix_server_fqn_element }}" | ||||||
|  | matrix_element_call_path_prefix: / | ||||||
|  |  | ||||||
|  | matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" | ||||||
|  |  | ||||||
|  | # The architecture for Element Call container images. | ||||||
|  | # Recognized values by us are 'amd64', 'arm32' and 'arm64'. | ||||||
|  | matrix_element_call_architecture: "{{ matrix_architecture }}" | ||||||
|  |  | ||||||
|  | matrix_element_call_container_image: "{{ matrix_element_call_container_image_registry_prefix }}element-hq/element-call:{{ matrix_element_call_container_image_tag }}" | ||||||
|  | matrix_element_call_container_image_registry_prefix: "{{ matrix_element_call_container_image_registry_prefix_upstream }}" | ||||||
|  | matrix_element_call_container_image_registry_prefix_upstream: "{{ matrix_element_call_container_image_registry_prefix_upstream_default }}" | ||||||
|  | matrix_element_call_container_image_registry_prefix_upstream_default: ghcr.io/ | ||||||
|  | matrix_element_call_container_image_tag: "{{ matrix_element_call_version }}" | ||||||
|  | matrix_element_call_container_image_force_pull: "{{ matrix_element_call_container_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
|  | matrix_element_call_container_network: matrix-element-call | ||||||
|  |  | ||||||
|  | matrix_element_call_container_http_host_bind_port: '' | ||||||
|  |  | ||||||
|  | matrix_element_call_container_additional_networks: "{{ matrix_element_call_container_additional_networks_auto + matrix_element_call_container_additional_networks_custom }}" | ||||||
|  | matrix_element_call_container_additional_networks_auto: [] | ||||||
|  | matrix_element_call_container_additional_networks_custom: [] | ||||||
|  |  | ||||||
|  | # Traefik Configuration for Element Call | ||||||
|  | matrix_element_call_container_labels_traefik_enabled: true | ||||||
|  | matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}" | ||||||
|  | matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" | ||||||
|  | # The path prefix must either be `/` or not end with a slash (e.g. `/element`). | ||||||
|  | matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" | ||||||
|  | matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}" | ||||||
|  | matrix_element_call_container_labels_traefik_priority: 0 | ||||||
|  | matrix_element_call_container_labels_traefik_entrypoints: web-secure | ||||||
|  | matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}" | ||||||
|  | matrix_element_call_container_labels_traefik_tls_certResolver: default  # noqa var-naming | ||||||
|  |  | ||||||
|  | # Controls which additional headers to attach to all HTTP responses. | ||||||
|  | # To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom` | ||||||
|  | matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" | ||||||
|  | matrix_element_call_container_labels_traefik_additional_response_headers_auto: | | ||||||
|  |   {{ | ||||||
|  |     {} | ||||||
|  |     | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) | ||||||
|  |     | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) | ||||||
|  |     | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) | ||||||
|  |     | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) | ||||||
|  |     | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) | ||||||
|  |     | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) | ||||||
|  |   }} | ||||||
|  | matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} | ||||||
|  |  | ||||||
|  | # matrix_element_call_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | ||||||
|  | # See `../templates/labels.j2` for details. | ||||||
|  | # | ||||||
|  | # Example: | ||||||
|  | # matrix_element_call_container_labels_additional_labels: | | ||||||
|  | #   my.label=1 | ||||||
|  | #   another.label="here" | ||||||
|  | matrix_element_call_container_labels_additional_labels: '' | ||||||
|  |  | ||||||
|  | # A list of extra arguments to pass to the container | ||||||
|  | matrix_element_call_container_extra_arguments: [] | ||||||
|  |  | ||||||
|  | # List of systemd services that matrix-element-call.service depends on | ||||||
|  | matrix_element_call_systemd_required_services_list: "{{ matrix_element_call_systemd_required_services_list_default + matrix_element_call_systemd_required_services_list_auto + matrix_element_call_systemd_required_services_list_custom }}" | ||||||
|  | matrix_element_call_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | ||||||
|  | matrix_element_call_systemd_required_services_list_auto: [] | ||||||
|  | matrix_element_call_systemd_required_services_list_custom: [] | ||||||
|  |  | ||||||
|  | # Specifies the value of the `X-XSS-Protection` header | ||||||
|  | # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. | ||||||
|  | # | ||||||
|  | # Learn more about it is here: | ||||||
|  | # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection | ||||||
|  | # - https://portswigger.net/web-security/cross-site-scripting/reflected | ||||||
|  | matrix_element_call_http_header_xss_protection: "1; mode=block" | ||||||
|  |  | ||||||
|  | # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. | ||||||
|  | # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||||||
|  | matrix_element_call_http_header_frame_options: '' | ||||||
|  |  | ||||||
|  | # Specifies the value of the `X-Content-Type-Options` header. | ||||||
|  | # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | ||||||
|  | matrix_element_call_http_header_content_type_options: nosniff | ||||||
|  |  | ||||||
|  | # Specifies the value of the `Content-Security-Policy` header. | ||||||
|  | # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy | ||||||
|  | matrix_element_call_http_header_content_security_policy: frame-ancestors * | ||||||
|  |  | ||||||
|  | # Specifies the value of the `Permission-Policy` header. | ||||||
|  | # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy | ||||||
|  | matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" | ||||||
|  |  | ||||||
|  | # Specifies the value of the `Strict-Transport-Security` header. | ||||||
|  | # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security | ||||||
|  | matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" | ||||||
|  |  | ||||||
|  | # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses | ||||||
|  | # | ||||||
|  | # Learn more about what it is here: | ||||||
|  | # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea | ||||||
|  | # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network | ||||||
|  | # - https://amifloced.org/ | ||||||
|  | # | ||||||
|  | # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. | ||||||
|  | # See: `matrix_element_call_content_permission_policy` | ||||||
|  | matrix_element_call_floc_optout_enabled: true | ||||||
|  |  | ||||||
|  | # Controls if HSTS preloading is enabled | ||||||
|  | # | ||||||
|  | # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and | ||||||
|  | # indicates a willingness to be "preloaded" into browsers: | ||||||
|  | # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` | ||||||
|  | # For more information visit: | ||||||
|  | # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security | ||||||
|  | # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security | ||||||
|  | # - https://hstspreload.org/#opt-in | ||||||
|  | # See: `matrix_element_call_http_header_strict_transport_security` | ||||||
|  | matrix_element_call_hsts_preload_enabled: false | ||||||
|  |  | ||||||
|  | # Controls the default_server_config/m.homeserver/base_url property in the config.json file. | ||||||
|  | matrix_element_call_config_default_server_config_m_homeserver_base_url: "{{ matrix_homeserver_url }}" | ||||||
|  |  | ||||||
|  | # Controls the default_server_config/m.homeserver/server_name property in the config.json file. | ||||||
|  | matrix_element_call_config_default_server_config_m_homeserver_server_name: "{{ matrix_domain }}" | ||||||
|  |  | ||||||
|  | # Controls the livekit/livekit_service_url property in the config.json file. | ||||||
|  | matrix_element_call_config_livekit_livekit_service_url: "" | ||||||
							
								
								
									
										56
									
								
								roles/custom/matrix-element-call/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										56
									
								
								roles/custom/matrix-element-call/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,56 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Ensure Element Call paths exist | ||||||
|  |   ansible.builtin.file: | ||||||
|  |     path: "{{ item.path }}" | ||||||
|  |     state: directory | ||||||
|  |     mode: 0750 | ||||||
|  |     owner: "{{ matrix_user_username }}" | ||||||
|  |     group: "{{ matrix_user_groupname }}" | ||||||
|  |   with_items: | ||||||
|  |     - path: "{{ matrix_element_call_base_path }}" | ||||||
|  |  | ||||||
|  | - name: Ensure Element Call config.json is in place | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "{{ role_path }}/templates/config.json.j2" | ||||||
|  |     dest: "{{ matrix_element_call_base_path }}/config.json" | ||||||
|  |     mode: 0640 | ||||||
|  |     owner: "{{ matrix_user_username }}" | ||||||
|  |     group: "{{ matrix_user_groupname }}" | ||||||
|  |  | ||||||
|  | - name: Ensure Element Call container labels file is in place | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "{{ role_path }}/templates/labels.j2" | ||||||
|  |     dest: "{{ matrix_element_call_base_path }}/labels" | ||||||
|  |     mode: 0640 | ||||||
|  |     owner: "{{ matrix_user_username }}" | ||||||
|  |     group: "{{ matrix_user_groupname }}" | ||||||
|  |  | ||||||
|  | - name: Ensure Element Call container image is pulled | ||||||
|  |   community.docker.docker_image: | ||||||
|  |     name: "{{ matrix_element_call_container_image }}" | ||||||
|  |     source: pull | ||||||
|  |     force_source: "{{ matrix_element_call_container_image_force_pull }}" | ||||||
|  |   register: element_call_image_result | ||||||
|  |   retries: "{{ devture_playbook_help_container_retries_count }}" | ||||||
|  |   delay: "{{ devture_playbook_help_container_retries_delay }}" | ||||||
|  |   until: element_call_image_result is not failed | ||||||
|  |  | ||||||
|  | - name: Ensure Element Call container network is created | ||||||
|  |   community.general.docker_network: | ||||||
|  |     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" | ||||||
|  |     name: "{{ matrix_element_call_container_network }}" | ||||||
|  |     driver: bridge | ||||||
|  |     driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" | ||||||
|  |  | ||||||
|  | - name: Ensure Element Call systemd service is installed | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2" | ||||||
|  |     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" | ||||||
|  |     mode: 0644 | ||||||
							
								
								
									
										26
									
								
								roles/custom/matrix-element-call/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								roles/custom/matrix-element-call/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - tags: | ||||||
|  |     - setup-all | ||||||
|  |     - setup-element-call | ||||||
|  |     - install-all | ||||||
|  |     - install-element-call | ||||||
|  |   block: | ||||||
|  |     - when: matrix_element_call_enabled | bool | ||||||
|  |       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||||||
|  |  | ||||||
|  |     - when: matrix_element_call_enabled | bool | ||||||
|  |       ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" | ||||||
|  |  | ||||||
|  | - tags: | ||||||
|  |     - setup-all | ||||||
|  |     - setup-element-call | ||||||
|  |   block: | ||||||
|  |     - when: not matrix_element_call_enabled | bool | ||||||
|  |       ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" | ||||||
							
								
								
									
										31
									
								
								roles/custom/matrix-element-call/tasks/uninstall.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								roles/custom/matrix-element-call/tasks/uninstall.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,31 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Check existence of matrix-element-call service | ||||||
|  |   ansible.builtin.stat: | ||||||
|  |     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" | ||||||
|  |   register: matrix_element_call_service_stat | ||||||
|  |  | ||||||
|  | - when: matrix_element_call_service_stat.stat.exists | bool | ||||||
|  |   block: | ||||||
|  |     - name: Ensure matrix-element-call is stopped | ||||||
|  |       ansible.builtin.service: | ||||||
|  |         name: matrix-element-call | ||||||
|  |         state: stopped | ||||||
|  |         enabled: false | ||||||
|  |         daemon_reload: true | ||||||
|  |  | ||||||
|  |     - name: Ensure matrix-element-call.service doesn't exist | ||||||
|  |       ansible.builtin.file: | ||||||
|  |         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" | ||||||
|  |         state: absent | ||||||
|  |  | ||||||
|  |     - name: Ensure Element Call paths don't exist | ||||||
|  |       ansible.builtin.file: | ||||||
|  |         path: "{{ matrix_element_call_base_path }}" | ||||||
|  |         state: absent | ||||||
							
								
								
									
										34
									
								
								roles/custom/matrix-element-call/tasks/validate_config.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								roles/custom/matrix-element-call/tasks/validate_config.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Fail if Element Call architecture is not supported | ||||||
|  |   ansible.builtin.fail: | ||||||
|  |     msg: > | ||||||
|  |       Element Call is only supported on amd64 and arm64 architectures. | ||||||
|  |       Your architecture is configured as '{{ matrix_element_call_architecture }}'. | ||||||
|  |   when: "matrix_element_call_architecture not in ['amd64', 'arm64']" | ||||||
|  |  | ||||||
|  | - name: Fail if required Element Call settings are not defined | ||||||
|  |   ansible.builtin.fail: | ||||||
|  |     msg: > | ||||||
|  |       You need to define a required configuration setting (`{{ item.name }}`). | ||||||
|  |   when: "item.when | bool and vars[item.name] | length == 0" | ||||||
|  |   with_items: | ||||||
|  |     - {'name': 'matrix_element_call_container_network', when: true} | ||||||
|  |     - {'name': 'matrix_element_call_hostname', when: true} | ||||||
|  |     - {'name': 'matrix_element_call_config_livekit_livekit_service_url', when: true} | ||||||
|  |  | ||||||
|  | # Element Call appears to hardcode all paths to `/` (e.g. `/config.json`, `/assets/...`). | ||||||
|  | # While we can properly serve the homepage and handle stripping the path prefix on our side, | ||||||
|  | # the hardcoded URLs in the Element Call are pointing people to the wrong place, which is a problem. | ||||||
|  | - name: Fail if Element Call path prefix is different than / | ||||||
|  |   ansible.builtin.fail: | ||||||
|  |     msg: > | ||||||
|  |       Element Call with a path prefix other than '/' is not supported yet. | ||||||
|  |       You have configured matrix_element_call_path_prefix to '{{ matrix_element_call_path_prefix }}'. | ||||||
|  |   when: "matrix_element_call_path_prefix != '/'" | ||||||
							
								
								
									
										11
									
								
								roles/custom/matrix-element-call/templates/config.json.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								roles/custom/matrix-element-call/templates/config.json.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | |||||||
|  | { | ||||||
|  |   "default_server_config": { | ||||||
|  |     "m.homeserver": { | ||||||
|  |       "base_url": {{ matrix_element_call_config_default_server_config_m_homeserver_base_url | to_json }}, | ||||||
|  |       "server_name": {{ matrix_element_call_config_default_server_config_m_homeserver_server_name | to_json}} | ||||||
|  |     } | ||||||
|  |   }, | ||||||
|  |   "livekit": { | ||||||
|  |     "livekit_service_url": {{ matrix_element_call_config_livekit_livekit_service_url | to_json }} | ||||||
|  |   } | ||||||
|  | } | ||||||
| @@ -0,0 +1,5 @@ | |||||||
|  | SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
							
								
								
									
										51
									
								
								roles/custom/matrix-element-call/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								roles/custom/matrix-element-call/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | |||||||
|  | {# | ||||||
|  | SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | #} | ||||||
|  |  | ||||||
|  | {% if matrix_element_call_container_labels_traefik_enabled %} | ||||||
|  | traefik.enable=true | ||||||
|  |  | ||||||
|  | {% if matrix_element_call_container_labels_traefik_docker_network %} | ||||||
|  | traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | traefik.http.services.matrix-element-call.loadbalancer.server.port=8080 | ||||||
|  |  | ||||||
|  | {% set middlewares = [] %} | ||||||
|  |  | ||||||
|  | {% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} | ||||||
|  | traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ | ||||||
|  | traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/ | ||||||
|  | {% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %} | ||||||
|  |  | ||||||
|  | traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} | ||||||
|  | {% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} | ||||||
|  | {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} | ||||||
|  | traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} | ||||||
|  | {% endfor %} | ||||||
|  | {% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} | ||||||
|  | {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} | ||||||
|  | traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} | ||||||
|  | {% endif %} | ||||||
|  | traefik.http.routers.matrix-element-call.service=matrix-element-call | ||||||
|  | {% if middlewares | length > 0 %} | ||||||
|  | traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} | ||||||
|  | {% endif %} | ||||||
|  | traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} | ||||||
|  | traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} | ||||||
|  | {% if matrix_element_call_container_labels_traefik_tls %} | ||||||
|  | traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {{ matrix_element_call_container_labels_additional_labels }} | ||||||
| @@ -0,0 +1,46 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | [Unit] | ||||||
|  | Description=Element Call | ||||||
|  | {% for service in matrix_element_call_systemd_required_services_list %} | ||||||
|  | Requires={{ service }} | ||||||
|  | After={{ service }} | ||||||
|  | {% endfor %} | ||||||
|  | DefaultDependencies=no | ||||||
|  |  | ||||||
|  | [Service] | ||||||
|  | Type=simple | ||||||
|  | Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" | ||||||
|  | ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' | ||||||
|  | ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' | ||||||
|  |  | ||||||
|  | ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | ||||||
|  |     --rm \ | ||||||
|  |     --name=matrix-element-call \ | ||||||
|  |     --log-driver=none \ | ||||||
|  |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
|  |     --cap-drop=ALL \ | ||||||
|  |     --network={{ matrix_element_call_container_network }} \ | ||||||
|  |     --mount type=bind,src={{ matrix_element_call_base_path }}/config.json,dst=/app/config.json,ro \ | ||||||
|  |     {% if matrix_element_call_container_http_host_bind_port %} | ||||||
|  |     -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ | ||||||
|  |     {% endif %} | ||||||
|  |     --label-file={{ matrix_element_call_base_path }}/labels \ | ||||||
|  |     {% for arg in matrix_element_call_container_extra_arguments %} | ||||||
|  |     {{ arg }} \ | ||||||
|  |     {% endfor %} | ||||||
|  |     {{ matrix_element_call_container_image }} | ||||||
|  |  | ||||||
|  | {% for network in matrix_element_call_container_additional_networks %} | ||||||
|  | ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call | ||||||
|  | {% endfor %} | ||||||
|  |  | ||||||
|  | ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call | ||||||
|  |  | ||||||
|  | ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' | ||||||
|  | ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' | ||||||
|  | Restart=always | ||||||
|  | RestartSec=30 | ||||||
|  | SyslogIdentifier=matrix-element-call | ||||||
|  |  | ||||||
|  | [Install] | ||||||
|  | WantedBy=multi-user.target | ||||||
| @@ -0,0 +1,5 @@ | |||||||
|  | SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
							
								
								
									
										8
									
								
								roles/custom/matrix-element-call/vars/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/custom/matrix-element-call/vars/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | matrix_element_call_public_url: "{{ matrix_element_call_scheme }}://{{ matrix_element_call_hostname }}" | ||||||
							
								
								
									
										96
									
								
								roles/custom/matrix-livekit-jwt-service/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										96
									
								
								roles/custom/matrix-livekit-jwt-service/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,96 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | # Project source code URL: https://github.com/element-hq/lk-jwt-service | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_enabled: false | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_scheme: https | ||||||
|  | matrix_livekit_jwt_service_hostname: "" | ||||||
|  | matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_base_path: "{{ matrix_base_data_path }}/livekit-jwt-service" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_network: '' | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_http_host_bind_port: '' | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_additional_networks: "{{ (matrix_livekit_jwt_service_container_additional_networks_auto + matrix_livekit_jwt_service_container_additional_networks_custom) | unique }}" | ||||||
|  | matrix_livekit_jwt_service_container_additional_networks_auto: [] | ||||||
|  | matrix_livekit_jwt_service_container_additional_networks_custom: [] | ||||||
|  |  | ||||||
|  | # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service | ||||||
|  | matrix_livekit_jwt_service_version: 0.2.0 | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_image_self_build: false | ||||||
|  | matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git" | ||||||
|  | matrix_livekit_jwt_service_container_repo_version: "{{ 'main' if matrix_livekit_jwt_service_version == 'latest' else ('v' + livekit_server_version) }}" | ||||||
|  | matrix_livekit_jwt_service_container_src_files_path: "{{ matrix_livekit_jwt_service_base_path }}/container-src" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_image: "{{ matrix_livekit_jwt_service_container_image_registry_prefix }}element-hq/lk-jwt-service:{{ matrix_livekit_jwt_service_container_image_tag }}" | ||||||
|  | matrix_livekit_jwt_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_livekit_jwt_service_container_image_self_build else matrix_livekit_jwt_service_container_image_registry_prefix_upstream }}" | ||||||
|  | matrix_livekit_jwt_service_container_image_registry_prefix_upstream: "{{ matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default }}" | ||||||
|  | matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default: ghcr.io/ | ||||||
|  | matrix_livekit_jwt_service_container_image_tag: "{{ matrix_livekit_jwt_service_version }}" | ||||||
|  | matrix_livekit_jwt_service_container_image_force_pull: "{{ matrix_livekit_jwt_service_container_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_enabled: true | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_livekit_jwt_service_container_network }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_hostname: "{{ matrix_livekit_jwt_service_hostname }}" | ||||||
|  | # The path prefix must either be `/` or not end with a slash (e.g. `/livekit-jwt-service`). | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_path_prefix: "{{ matrix_livekit_jwt_service_path_prefix }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_rule: "Host(`{{ matrix_livekit_jwt_service_container_labels_traefik_hostname }}`){% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }}`){% endif %}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_priority: 0 | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_entrypoints: web-secure | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_tls: "{{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints != 'web' }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: default  # noqa var-naming | ||||||
|  |  | ||||||
|  | # Controls which additional headers to attach to all HTTP responses. | ||||||
|  | # To add your own headers, use `matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom` | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto: {} | ||||||
|  | matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom: {} | ||||||
|  |  | ||||||
|  | # matrix_livekit_jwt_service_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | ||||||
|  | # See `../templates/labels.j2` for details. | ||||||
|  | # | ||||||
|  | # Example: | ||||||
|  | # matrix_livekit_jwt_service_container_labels_additional_labels: | | ||||||
|  | #   my.label=1 | ||||||
|  | #   another.label="here" | ||||||
|  | matrix_livekit_jwt_service_container_labels_additional_labels: '' | ||||||
|  |  | ||||||
|  | # A list of extra arguments to pass to the container | ||||||
|  | matrix_livekit_jwt_service_container_extra_arguments: [] | ||||||
|  |  | ||||||
|  | # Controls the LK_JWT_PORT environment variable | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_jwt_port: 8080 | ||||||
|  |  | ||||||
|  | # Controls the LIVEKIT_KEY environment variable | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_key: "" | ||||||
|  |  | ||||||
|  | # Controls the LIVEKIT_URL environment variable | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_url: "" | ||||||
|  |  | ||||||
|  | # Controls the LIVEKIT_SECRET environment variable | ||||||
|  | matrix_livekit_jwt_service_environment_variable_livekit_secret: "" | ||||||
|  |  | ||||||
|  | # Additional environment variables to pass to the container. | ||||||
|  | # | ||||||
|  | # Environment variables take priority over settings in the configuration file. | ||||||
|  | # | ||||||
|  | # Example: | ||||||
|  | # matrix_livekit_jwt_service_environment_variables_extension: | | ||||||
|  | #   KEY=value | ||||||
|  | matrix_livekit_jwt_service_environment_variables_extension: '' | ||||||
|  |  | ||||||
|  | # List of systemd services that LiveKit JWT Service service depends on | ||||||
|  | matrix_livekit_jwt_service_systemd_required_services_list: "{{ matrix_livekit_jwt_service_systemd_required_services_list_default + matrix_livekit_jwt_service_systemd_required_services_list_auto + matrix_livekit_jwt_service_systemd_required_services_list_custom }}" | ||||||
|  | matrix_livekit_jwt_service_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | ||||||
|  | matrix_livekit_jwt_service_systemd_required_services_list_auto: [] | ||||||
|  | matrix_livekit_jwt_service_systemd_required_services_list_custom: [] | ||||||
							
								
								
									
										76
									
								
								roles/custom/matrix-livekit-jwt-service/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										76
									
								
								roles/custom/matrix-livekit-jwt-service/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,76 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Ensure LiveKit JWT Service paths exist | ||||||
|  |   ansible.builtin.file: | ||||||
|  |     path: "{{ item.path }}" | ||||||
|  |     state: directory | ||||||
|  |     mode: 0750 | ||||||
|  |     owner: "{{ matrix_user_username }}" | ||||||
|  |     group: "{{ matrix_user_groupname }}" | ||||||
|  |   with_items: | ||||||
|  |     - path: "{{ matrix_livekit_jwt_service_base_path }}" | ||||||
|  |  | ||||||
|  | - name: Ensure LiveKit JWT Service support files installed | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "{{ role_path }}/templates/{{ item }}.j2" | ||||||
|  |     dest: "{{ matrix_livekit_jwt_service_base_path }}/{{ item }}" | ||||||
|  |     mode: 0640 | ||||||
|  |     owner: "{{ matrix_user_username }}" | ||||||
|  |     group: "{{ matrix_user_groupname }}" | ||||||
|  |   with_items: | ||||||
|  |     - env | ||||||
|  |     - labels | ||||||
|  |  | ||||||
|  | - name: Ensure LiveKit JWT Service container image is pulled | ||||||
|  |   community.docker.docker_image: | ||||||
|  |     name: "{{ matrix_livekit_jwt_service_container_image }}" | ||||||
|  |     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||||||
|  |     force_source: "{{ matrix_livekit_jwt_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||||
|  |     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_container_image_force_pull }}" | ||||||
|  |   when: "not matrix_livekit_jwt_service_container_image_self_build | bool" | ||||||
|  |   register: result | ||||||
|  |   retries: "{{ devture_playbook_help_container_retries_count }}" | ||||||
|  |   delay: "{{ devture_playbook_help_container_retries_delay }}" | ||||||
|  |   until: result is not failed | ||||||
|  |  | ||||||
|  | - when: "matrix_livekit_jwt_service_container_image_self_build | bool" | ||||||
|  |   block: | ||||||
|  |     - name: Ensure LiveKit JWT Service repository is present on self-build | ||||||
|  |       ansible.builtin.git: | ||||||
|  |         repo: "{{ matrix_livekit_jwt_service_container_repo }}" | ||||||
|  |         version: "{{ matrix_livekit_jwt_service_container_repo_version }}" | ||||||
|  |         dest: "{{ matrix_livekit_jwt_service_container_src_files_path }}" | ||||||
|  |         force: "yes" | ||||||
|  |       become: true | ||||||
|  |       become_user: "{{ matrix_user_username }}" | ||||||
|  |       register: matrix_livekit_jwt_service_git_pull_results | ||||||
|  |  | ||||||
|  |     - name: Ensure LiveKit JWT Service container image is built | ||||||
|  |       community.docker.docker_image: | ||||||
|  |         name: "{{ matrix_livekit_jwt_service_container_image }}" | ||||||
|  |         source: build | ||||||
|  |         force_source: "{{ matrix_livekit_jwt_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||||
|  |         force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_git_pull_results.changed }}" | ||||||
|  |         build: | ||||||
|  |           dockerfile: Dockerfile | ||||||
|  |           path: "{{ matrix_livekit_jwt_service_container_src_files_path }}" | ||||||
|  |           pull: true | ||||||
|  |  | ||||||
|  | - name: Ensure LiveKit JWT Service container network is created | ||||||
|  |   community.general.docker_network: | ||||||
|  |     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" | ||||||
|  |     name: "{{ matrix_livekit_jwt_service_container_network }}" | ||||||
|  |     driver: bridge | ||||||
|  |     driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" | ||||||
|  |  | ||||||
|  | - name: Ensure LiveKit JWT Service systemd service is installed | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "{{ role_path }}/templates/systemd/matrix-livekit-jwt-service.service.j2" | ||||||
|  |     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service" | ||||||
|  |     mode: 0644 | ||||||
							
								
								
									
										26
									
								
								roles/custom/matrix-livekit-jwt-service/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								roles/custom/matrix-livekit-jwt-service/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - tags: | ||||||
|  |     - setup-all | ||||||
|  |     - setup-jwt-service | ||||||
|  |     - install-all | ||||||
|  |     - install-livekit-jwt-service | ||||||
|  |   block: | ||||||
|  |     - when: matrix_livekit_jwt_service_enabled | bool | ||||||
|  |       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||||||
|  |  | ||||||
|  |     - when: matrix_livekit_jwt_service_enabled | bool | ||||||
|  |       ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" | ||||||
|  |  | ||||||
|  | - tags: | ||||||
|  |     - setup-all | ||||||
|  |     - setup-livekit-jwt-service | ||||||
|  |   block: | ||||||
|  |     - when: not matrix_livekit_jwt_service_enabled | bool | ||||||
|  |       ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" | ||||||
							
								
								
									
										31
									
								
								roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,31 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Check existence of LiveKit JWT Service systemd service | ||||||
|  |   ansible.builtin.stat: | ||||||
|  |     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service" | ||||||
|  |   register: matrix_livekit_jwt_service_service_stat | ||||||
|  |  | ||||||
|  | - when: matrix_livekit_jwt_service_service_stat.stat.exists | bool | ||||||
|  |   block: | ||||||
|  |     - name: Ensure LiveKit JWT Service systemd service is stopped | ||||||
|  |       ansible.builtin.service: | ||||||
|  |         name: matrix-livekit-jwt-service | ||||||
|  |         state: stopped | ||||||
|  |         enabled: false | ||||||
|  |         daemon_reload: true | ||||||
|  |  | ||||||
|  |     - name: Ensure LiveKit JWT Service systemd service doesn't exist | ||||||
|  |       ansible.builtin.file: | ||||||
|  |         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service" | ||||||
|  |         state: absent | ||||||
|  |  | ||||||
|  |     - name: Ensure LiveKit JWT Service paths don't exist | ||||||
|  |       ansible.builtin.file: | ||||||
|  |         path: "{{ matrix_livekit_jwt_service_base_path }}" | ||||||
|  |         state: absent | ||||||
| @@ -0,0 +1,19 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | # SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Fail if required LiveKit JWT Service settings are not defined | ||||||
|  |   ansible.builtin.fail: | ||||||
|  |     msg: > | ||||||
|  |       You need to define a required configuration setting (`{{ item.name }}`). | ||||||
|  |   when: "item.when | bool and vars[item.name] | length == 0" | ||||||
|  |   with_items: | ||||||
|  |     - {'name': 'matrix_livekit_jwt_service_hostname', when: true} | ||||||
|  |     - {'name': 'matrix_livekit_jwt_service_container_network', when: true} | ||||||
|  |     - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_key', when: true} | ||||||
|  |     - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_url', when: true} | ||||||
|  |     - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_secret', when: true} | ||||||
							
								
								
									
										14
									
								
								roles/custom/matrix-livekit-jwt-service/templates/env.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								roles/custom/matrix-livekit-jwt-service/templates/env.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | |||||||
|  | {# | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | #} | ||||||
|  |  | ||||||
|  | LIVEKIT_JWT_PORT={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port | int | to_json }} | ||||||
|  |  | ||||||
|  | LIVEKIT_KEY={{ matrix_livekit_jwt_service_environment_variable_livekit_key }} | ||||||
|  | LIVEKIT_URL={{ matrix_livekit_jwt_service_environment_variable_livekit_url }} | ||||||
|  | LIVEKIT_SECRET={{ matrix_livekit_jwt_service_environment_variable_livekit_secret }} | ||||||
|  |  | ||||||
|  | {{ matrix_livekit_jwt_service_environment_variables_extension }} | ||||||
							
								
								
									
										55
									
								
								roles/custom/matrix-livekit-jwt-service/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								roles/custom/matrix-livekit-jwt-service/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | |||||||
|  | {# | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  | #} | ||||||
|  |  | ||||||
|  | {% if matrix_livekit_jwt_service_container_labels_traefik_enabled %} | ||||||
|  | traefik.enable=true | ||||||
|  |  | ||||||
|  | traefik.docker.network={{ matrix_livekit_jwt_service_container_labels_traefik_docker_network }} | ||||||
|  |  | ||||||
|  | traefik.http.services.matrix-livekit-jwt-service.loadbalancer.server.port={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} | ||||||
|  |  | ||||||
|  | {% set middlewares = [] %} | ||||||
|  |  | ||||||
|  | {% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %} | ||||||
|  | traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.regex=({{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix | quote }})$ | ||||||
|  | traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.replacement=${1}/ | ||||||
|  | {% set middlewares = middlewares + ['matrix-livekit-jwt-service-slashless-redirect'] %} | ||||||
|  |  | ||||||
|  | traefik.http.middlewares.matrix-livekit-jwt-service-strip-prefix.stripprefix.prefixes={{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }} | ||||||
|  | {% set middlewares = middlewares + ['matrix-livekit-jwt-service-strip-prefix'] %} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {% if matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} | ||||||
|  | {% for name, value in matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.items() %} | ||||||
|  | traefik.http.middlewares.matrix-livekit-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} | ||||||
|  | {% endfor %} | ||||||
|  | {% set middlewares = middlewares + ['matrix-livekit-jwt-service-add-headers'] %} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.rule={{ matrix_livekit_jwt_service_container_labels_traefik_rule }} | ||||||
|  |  | ||||||
|  | {% if matrix_livekit_jwt_service_container_labels_traefik_priority | int > 0 %} | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.priority={{ matrix_livekit_jwt_service_container_labels_traefik_priority }} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.service=matrix-livekit-jwt-service | ||||||
|  |  | ||||||
|  | {% if middlewares | length > 0 %} | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.middlewares={{ middlewares | join(',') }} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.entrypoints={{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints }} | ||||||
|  |  | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.tls={{ matrix_livekit_jwt_service_container_labels_traefik_tls | to_json }} | ||||||
|  |  | ||||||
|  | {% if matrix_livekit_jwt_service_container_labels_traefik_tls %} | ||||||
|  | traefik.http.routers.matrix-livekit-jwt-service.tls.certResolver={{ matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver }} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {{ matrix_livekit_jwt_service_container_labels_additional_labels }} | ||||||
| @@ -0,0 +1,42 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | [Unit] | ||||||
|  | Description=Matrix LiveKit JWT Service | ||||||
|  | {% for service in matrix_livekit_jwt_service_systemd_required_services_list %} | ||||||
|  | After={{ service }} | ||||||
|  | Requires={{ service }} | ||||||
|  | {% endfor %} | ||||||
|  |  | ||||||
|  | [Service] | ||||||
|  | Type=simple | ||||||
|  | Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" | ||||||
|  | ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true' | ||||||
|  | ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-jwt-service 2>/dev/null || true' | ||||||
|  |  | ||||||
|  | ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | ||||||
|  |     --rm \ | ||||||
|  |     --name=matrix-livekit-jwt-service \ | ||||||
|  |     --log-driver=none \ | ||||||
|  |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
|  |     --cap-drop=ALL \ | ||||||
|  |     --network={{ matrix_livekit_jwt_service_container_network }} \ | ||||||
|  |     {% if matrix_livekit_jwt_service_container_http_host_bind_port %} | ||||||
|  |     -p {{ matrix_livekit_jwt_service_container_http_host_bind_port }}:{{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} \ | ||||||
|  |     {% endif %} | ||||||
|  |     --env-file={{ matrix_livekit_jwt_service_base_path }}/env \ | ||||||
|  |     --label-file={{ matrix_livekit_jwt_service_base_path }}/labels \ | ||||||
|  |     {{ matrix_livekit_jwt_service_container_image }} | ||||||
|  |  | ||||||
|  | {% for network in matrix_livekit_jwt_service_container_additional_networks %} | ||||||
|  | ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-livekit-jwt-service | ||||||
|  | {% endfor %} | ||||||
|  |  | ||||||
|  | ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-jwt-service | ||||||
|  |  | ||||||
|  | ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true' | ||||||
|  | ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jwt-service 2>/dev/null || true' | ||||||
|  | Restart=always | ||||||
|  | RestartSec=30 | ||||||
|  | SyslogIdentifier=matrix-livekit-jwt-service | ||||||
|  |  | ||||||
|  | [Install] | ||||||
|  | WantedBy=multi-user.target | ||||||
| @@ -0,0 +1,5 @@ | |||||||
|  | SPDX-FileCopyrightText: 2022 MDAD project contributors | ||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
							
								
								
									
										7
									
								
								roles/custom/matrix-livekit-jwt-service/vars/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								roles/custom/matrix-livekit-jwt-service/vars/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  | # | ||||||
|  | # SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | matrix_livekit_jwt_service_public_url: "{{ matrix_livekit_jwt_service_scheme }}://{{ matrix_livekit_jwt_service_hostname }}{{ matrix_livekit_jwt_service_path_prefix }}" | ||||||
| @@ -20,6 +20,7 @@ matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" | |||||||
| matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public" | matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public" | ||||||
| matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known" | matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known" | ||||||
| matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix" | matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix" | ||||||
|  | matrix_static_files_public_well_known_element_path: "{{ matrix_static_files_public_well_known_path }}/element" | ||||||
|  |  | ||||||
| # List of systemd services that matrix-static-files.service depends on | # List of systemd services that matrix-static-files.service depends on | ||||||
| matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | ||||||
| @@ -211,6 +212,16 @@ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin: "{{ matri | |||||||
| matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {} | matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {} | ||||||
| matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {} | matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {} | ||||||
|  |  | ||||||
|  | # Controls whether `org.matrix.msc4143.rtc_foci`-related entries should be added to the client well-known. | ||||||
|  | # By default, if there are entries in `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci`, we show them (by enabling this). | ||||||
|  | matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | default({}) | dict2items | length > 0 }}" | ||||||
|  |  | ||||||
|  | # Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file. | ||||||
|  | # See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled` | ||||||
|  | matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto | combine(matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom, recursive=True) }}" | ||||||
|  | matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: {} | ||||||
|  | matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: {} | ||||||
|  |  | ||||||
| # Default /.well-known/matrix/client configuration template which covers the generic use case. | # Default /.well-known/matrix/client configuration template which covers the generic use case. | ||||||
| # You can customize it by controlling the various variables inside it. | # You can customize it by controlling the various variables inside it. | ||||||
| # | # | ||||||
| @@ -358,6 +369,56 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f | |||||||
| ######################################################################## | ######################################################################## | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # Related to /.well-known/element/element.json                         # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  | # Controls whether a `/.well-known/element/element.json` file is generated and used at all. | ||||||
|  | matrix_static_files_file_element_element_json_enabled: true | ||||||
|  |  | ||||||
|  | # Controls the call.widget_url property in the /.well-known/element/element.json file | ||||||
|  | matrix_static_files_file_element_element_json_property_call_widget_url: '' | ||||||
|  |  | ||||||
|  | # Default /.well-known/element/element.json configuration template which covers the generic use case. | ||||||
|  | # You can customize it by controlling the various variables inside it. | ||||||
|  | # | ||||||
|  | # For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`) | ||||||
|  | # or completely replace this variable with your own template. | ||||||
|  | matrix_static_files_file_element_element_json_configuration_json: "{{ lookup('template', 'templates/public/.well-known/element/element.json.j2') }}" | ||||||
|  |  | ||||||
|  | # Your custom JSON configuration for /.well-known/element/element.json should go to `matrix_static_files_file_element_element_json_configuration_extension_json`. | ||||||
|  | # This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`). | ||||||
|  | # | ||||||
|  | # You can override individual variables from the default configuration, or introduce new ones. | ||||||
|  | # | ||||||
|  | # If you need something more special, you can take full control by | ||||||
|  | # completely redefining `matrix_static_files_file_matrix_support_configuration_json`. | ||||||
|  | # | ||||||
|  | # Example configuration extension follows: | ||||||
|  | # | ||||||
|  | # matrix_static_files_file_element_element_json_configuration_extension_json: | | ||||||
|  | #   { | ||||||
|  | #     "call": { | ||||||
|  | #       "url": "value" | ||||||
|  | #     } | ||||||
|  | #   } | ||||||
|  | matrix_static_files_file_element_element_json_configuration_extension_json: '{}' | ||||||
|  |  | ||||||
|  | matrix_static_files_file_element_element_json_configuration_extension: "{{ matrix_static_files_file_element_element_json_configuration_extension_json | from_json if matrix_static_files_file_element_element_json_configuration_extension_json | from_json is mapping else {} }}" | ||||||
|  |  | ||||||
|  | # Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension). | ||||||
|  | # You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_element_element_json_configuration_json` or `matrix_static_files_file_element_element_json_configuration_extension_json`. | ||||||
|  | matrix_static_files_file_element_element_json_configuration: "{{ matrix_static_files_file_element_element_json_configuration_json | combine(matrix_static_files_file_element_element_json_configuration_extension, recursive=True) }}" | ||||||
|  |  | ||||||
|  | ######################################################################## | ||||||
|  | #                                                                      # | ||||||
|  | # /Related to /.well-known/element/element.json                        # | ||||||
|  | #                                                                      # | ||||||
|  | ######################################################################## | ||||||
|  |  | ||||||
|  |  | ||||||
| ######################################################################## | ######################################################################## | ||||||
| #                                                                      # | #                                                                      # | ||||||
| # Related to index.html                                                # | # Related to index.html                                                # | ||||||
|   | |||||||
| @@ -7,17 +7,19 @@ | |||||||
|  |  | ||||||
| - name: Ensure matrix-static-files paths exist | - name: Ensure matrix-static-files paths exist | ||||||
|   ansible.builtin.file: |   ansible.builtin.file: | ||||||
|     path: "{{ item }}" |     path: "{{ item.path }}" | ||||||
|     state: directory |     state: directory | ||||||
|     mode: 0750 |     mode: 0750 | ||||||
|     owner: "{{ matrix_user_username }}" |     owner: "{{ matrix_user_username }}" | ||||||
|     group: "{{ matrix_user_groupname }}" |     group: "{{ matrix_user_groupname }}" | ||||||
|   with_items: |   with_items: | ||||||
|     - "{{ matrix_static_files_base_path }}" |     - {path: "{{ matrix_static_files_base_path }}", when: true} | ||||||
|     - "{{ matrix_static_files_config_path }}" |     - {path: "{{ matrix_static_files_config_path }}", when: true} | ||||||
|     - "{{ matrix_static_files_public_path }}" |     - {path: "{{ matrix_static_files_public_path }}", when: true} | ||||||
|     - "{{ matrix_static_files_public_well_known_path }}" |     - {path: "{{ matrix_static_files_public_well_known_path }}", when: true} | ||||||
|     - "{{ matrix_static_files_public_well_known_matrix_path }}" |     - {path: "{{ matrix_static_files_public_well_known_matrix_path }}", when: true} | ||||||
|  |     - {path: "{{ matrix_static_files_public_well_known_element_path }}", when: true} | ||||||
|  |   when: "item.when | bool" | ||||||
|  |  | ||||||
| - name: Ensure matrix-static-files is configured | - name: Ensure matrix-static-files is configured | ||||||
|   ansible.builtin.template: |   ansible.builtin.template: | ||||||
| @@ -57,6 +59,10 @@ | |||||||
|       dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support" |       dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support" | ||||||
|       when: "{{ matrix_static_files_file_matrix_support_enabled }}" |       when: "{{ matrix_static_files_file_matrix_support_enabled }}" | ||||||
|  |  | ||||||
|  |     - content: "{{ matrix_static_files_file_element_element_json_configuration | to_nice_json }}" | ||||||
|  |       dest: "{{ matrix_static_files_public_well_known_element_path }}/element.json" | ||||||
|  |       when: "{{ matrix_static_files_file_element_element_json_enabled }}" | ||||||
|  |  | ||||||
|     # This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`. |     # This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`. | ||||||
|     # See the comment for `matrix_static_files_file_index_html_enabled` to learn why. |     # See the comment for `matrix_static_files_file_index_html_enabled` to learn why. | ||||||
|     - content: "{{ matrix_static_files_file_index_html_template }}" |     - content: "{{ matrix_static_files_file_index_html_template }}" | ||||||
| @@ -75,6 +81,12 @@ | |||||||
|     state: absent |     state: absent | ||||||
|   when: "not matrix_static_files_file_matrix_support_enabled | bool" |   when: "not matrix_static_files_file_matrix_support_enabled | bool" | ||||||
|  |  | ||||||
|  | - name: Ensure /.well-known/element/element.json file deleted if not enabled | ||||||
|  |   ansible.builtin.file: | ||||||
|  |     path: "{{ matrix_static_files_public_well_known_element_path }}/element.json" | ||||||
|  |     state: absent | ||||||
|  |   when: "not matrix_static_files_file_element_element_json_enabled | bool" | ||||||
|  |  | ||||||
| - name: Ensure matrix-static-files container image is pulled | - name: Ensure matrix-static-files container image is pulled | ||||||
|   community.docker.docker_image: |   community.docker.docker_image: | ||||||
|     name: "{{ matrix_static_files_container_image }}" |     name: "{{ matrix_static_files_container_image }}" | ||||||
|   | |||||||
| @@ -0,0 +1,7 @@ | |||||||
|  | { | ||||||
|  | 	{% if matrix_static_files_file_element_element_json_property_call_widget_url %} | ||||||
|  | 	"call": { | ||||||
|  | 		"widget_url": {{ matrix_static_files_file_element_element_json_property_call_widget_url | to_json }} | ||||||
|  | 	} | ||||||
|  | 	{% endif %} | ||||||
|  | } | ||||||
| @@ -0,0 +1,4 @@ | |||||||
|  | SPDX-FileCopyrightText: 2024 wjbeckett | ||||||
|  | SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||||
|  |  | ||||||
|  | SPDX-License-Identifier: AGPL-3.0-or-later | ||||||
| @@ -57,4 +57,7 @@ | |||||||
| 	{% if matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled %}, | 	{% if matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled %}, | ||||||
| 	"cc.etke.synapse-admin": {{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | to_json }} | 	"cc.etke.synapse-admin": {{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | to_json }} | ||||||
| 	{% endif %} | 	{% endif %} | ||||||
|  | 	{% if matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled %}, | ||||||
|  | 	"org.matrix.msc4143.rtc_foci": {{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | to_json }} | ||||||
|  | 	{% endif %} | ||||||
| } | } | ||||||
|   | |||||||
| @@ -133,6 +133,10 @@ | |||||||
|     - custom/matrix-media-repo |     - custom/matrix-media-repo | ||||||
|     - custom/matrix-pantalaimon |     - custom/matrix-pantalaimon | ||||||
|  |  | ||||||
|  |     - custom/matrix-element-call | ||||||
|  |     - galaxy/livekit_server | ||||||
|  |     - custom/matrix-livekit-jwt-service | ||||||
|  |  | ||||||
|     - role: galaxy/postgres_backup |     - role: galaxy/postgres_backup | ||||||
|  |  | ||||||
|     - role: galaxy/backup_borg |     - role: galaxy/backup_borg | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user