3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-25 17:43:23 +00:00

204 Commits

Author SHA1 Message Date
Slavi Pantaleev
d5c24fcafe Upgrade LiveKit Server (v1.8.4-1 -> v1.8.4-2) 2025-03-15 08:31:48 +02:00
Slavi Pantaleev
4d61cc571b Merge branch 'master' into element-call-integration 2025-03-15 08:19:05 +02:00
Slavi Pantaleev
9c24064fb6 Make Element Call fail during validation if on an unsupported architecture (like arm32) 2025-03-15 08:14:49 +02:00
Slavi Pantaleev
a757b515fb Merge branch 'master' into element-call-integration 2025-03-15 08:11:16 +02:00
Slavi Pantaleev
ba9cedbeda Merge branch 'master' into element-call-integration 2025-03-15 08:03:03 +02:00
Slavi Pantaleev
4a638c2df3 Prepare Element Call announcement text on the changelog 2025-03-15 07:52:04 +02:00
Slavi Pantaleev
155d5dad38 Mention the compatible clients on Element Call docs, more cross-linking & consistency fixes 2025-03-15 07:49:49 +02:00
Slavi Pantaleev
6b8a3fc891 Merge branch 'master' into element-call-integration 2025-03-15 07:38:02 +02:00
Slavi Pantaleev
3ea1ea2f34 Merge branch 'master' into element-call-integration 2025-03-14 22:29:14 +02:00
Slavi Pantaleev
d3913a015e Upgrade LiveKit Server (v1.8.4-0 -> v1.8.4-1) 2025-03-14 20:04:18 +02:00
Slavi Pantaleev
ac7f96806d Relocate the livekit-server Ansible role to its own repository in the MASH organization 2025-03-14 19:58:09 +02:00
Slavi Pantaleev
b8d800f6ef Add "Federation" as a prerequisite for Element Call (indirect, via LiveKit JWT Service)
Ref:
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554
- f5f5374c4b/main.go (L135-L146)
2025-03-14 19:37:29 +02:00
Slavi Pantaleev
2c1c49444a Merge branch 'master' into element-call-integration 2025-03-14 19:32:48 +02:00
Slavi Pantaleev
6bc0185d50 Add Element Call, LiveKit Server and LiveKit JWT Service to README.md
Ref: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2720039742
2025-03-13 09:43:22 +02:00
Slavi Pantaleev
a0470fe248 Minor rewording in LiveKit Server docs 2025-03-12 19:12:30 +02:00
Slavi Pantaleev
d4ceebc6a9 Add Element Call, LiveKit Server and LiveKit JWT Service to docs/container-images.md 2025-03-12 19:12:22 +02:00
Slavi Pantaleev
6a86de958f Apply suggestions from code review
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2025-03-12 19:05:51 +02:00
Slavi Pantaleev
d9df022d55 Merge branch 'master' into element-call-integration 2025-03-12 18:40:31 +02:00
Slavi Pantaleev
676f9dd9ad Merge branch 'master' into element-call-integration 2025-03-12 18:00:45 +02:00
Slavi Pantaleev
251561ff81 Simplify LiveKit Server role by removing unused/untested HTTP middleware variables 2025-03-12 17:47:01 +02:00
Slavi Pantaleev
1e60f41a59 Restore Element Call HTTP headers to more secure/privacy-respecting values 2025-03-12 17:44:00 +02:00
Slavi Pantaleev
f8e84c4b2f Remove useless matrix_element_call_port variable 2025-03-12 17:43:34 +02:00
Slavi Pantaleev
3f5e8f656b Switch default LiveKit server endpoint to one under the matrix. domain and polish-up docs 2025-03-12 17:35:30 +02:00
Slavi Pantaleev
72118f2f03 Fix LiveKitServer middlware name (matrix-livekit-server-server-slashless-redirect -> matrix-livekit-server-slashless-redirect) 2025-03-12 16:56:06 +02:00
Slavi Pantaleev
585377975b Adjust LiveKit Server ports and exposure 2025-03-12 16:51:10 +02:00
Slavi Pantaleev
22ef579444 Make livekit-jwt-service communicate with livekit-server via public URLs
Communicating via container URLs works, but the URL provided to
livekit-jwt-service as `LIVEKIT_URL` is also passed to the user later
and it must be a public one at that point.

It'd be great if livekit-jwt-service can be given 2 different URLs
(e.g. `LIVEKIT_URL` and `LIVEKIT_URL_PUBLIC`) and only announce the
public one to the user, but there's no support for this yet.
2025-03-12 15:44:31 +02:00
Slavi Pantaleev
32f8c6de6e Merge branch 'master' into element-call-integration 2025-03-12 15:27:42 +02:00
Slavi Pantaleev
370feb740f Merge branch 'master' into element-call-integration 2025-03-12 10:04:19 +02:00
Slavi Pantaleev
9a11e5e1fe Auto-enable experimental Synapse features required by Element Call when Element Call is enabled 2025-03-12 09:19:03 +02:00
Slavi Pantaleev
8291b2f99d Merge branch 'master' into element-call-integration 2025-03-12 09:14:50 +02:00
Slavi Pantaleev
890f10f765 Make matrix_livekit_jwt_service_public_url respect matrix_livekit_jwt_service_path_prefix 2025-03-12 09:01:35 +02:00
Slavi Pantaleev
031cf68cbb Remove unused matrix_element_call_metrics_* variables 2025-03-12 08:59:50 +02:00
Slavi Pantaleev
5961841e52 Make matrix-livekit-jwt-service role not reference foreign variables (except the matrix-base ones) 2025-03-12 08:59:05 +02:00
Slavi Pantaleev
2be4923aef Make Element Call role not reference foreign variables (except the matrix-base ones) 2025-03-12 08:56:15 +02:00
Slavi Pantaleev
23efad9cb7 Rework Element Call config.json templating 2025-03-12 08:51:52 +02:00
Slavi Pantaleev
6b55ba29ab Make Element Call refuse a path prefix other than / 2025-03-12 08:46:11 +02:00
Slavi Pantaleev
0d1112638d Update LiveKit JWT service path prefix (/lk-jwt-service -> /livekit-jwt-service) 2025-03-12 08:07:56 +02:00
Slavi Pantaleev
c3c2ba34b4 Split matrix_element_call_systemd_required_services_list into _default, _auto and _custom 2025-03-12 08:02:29 +02:00
Slavi Pantaleev
0215708f79 Remove some useless variables and rework environment variables variable for livekit-jwt-service 2025-03-12 08:00:28 +02:00
Slavi Pantaleev
e1b57f3d45 Pin livekit-jwt-service to released (v0.2.0) and adapt configuration 2025-03-12 07:56:47 +02:00
Slavi Pantaleev
de2a8f11d2 _name_prefix -> _registry_prefix changes for LiveKit roles 2025-03-12 07:47:07 +02:00
Slavi Pantaleev
2a69ca35be Clean up Element Call group vars vs defaults/main.yml mixup and make some minor LiveKit updates 2025-03-12 07:42:40 +02:00
Slavi Pantaleev
72d64cfa6b Merge branch 'master' into element-call-integration 2025-03-12 07:03:53 +02:00
Slavi Pantaleev
f161c7c58f Add newlines at end of files 2025-03-12 07:03:00 +02:00
Slavi Pantaleev
6c6b44dc25 Add license information to Element Call and LiveKit roles 2025-03-12 06:58:00 +02:00
Slavi Pantaleev
8eb1c57e2b Merge branch 'master' into element-call-integration 2025-03-12 06:36:48 +02:00
Slavi Pantaleev
61069d6313 Merge branch 'element-call-integration' of github.com:wjbeckett/matrix-docker-ansible-deploy into element-call-integration 2025-03-12 06:34:00 +02:00
Slavi Pantaleev
74d6a99b1e Adjust names for Element Call tasks and make uninstallation more consistent with other roles 2025-03-12 06:32:22 +02:00
Slavi Pantaleev
81a30f17ac Remove some superficial comments 2025-03-12 06:29:39 +02:00
Slavi Pantaleev
413d591562 Bring container-network-creation tasks up-to-date for Element Call and LiveKit-related services 2025-03-12 06:27:11 +02:00
Slavi Pantaleev
7572522820 Merge branch 'master' into element-call-integration 2025-03-12 06:24:34 +02:00
Slavi Pantaleev
0b9389fd64 Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-23 17:43:52 +02:00
Slavi Pantaleev
9a8a569431 Update docs/configuring-playbook-element-call.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-23 17:43:29 +02:00
Slavi Pantaleev
bb403e1aee Update docs/configuring-playbook-jwt-service.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-23 17:43:15 +02:00
Slavi Pantaleev
74fbacbd9f Update docs/configuring-playbook-element-call.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-23 17:42:54 +02:00
Slavi Pantaleev
5642755273 Rework LiveKit JWT Service role 2024-11-23 16:40:50 +02:00
Slavi Pantaleev
bb925f4782 Merge branch 'master' into element-call-integration 2024-11-23 14:45:20 +02:00
Slavi Pantaleev
c57d0d192d Eliminate remaining matrix references from LiveKit Server role 2024-11-21 19:45:07 +02:00
Slavi Pantaleev
006920882c Rename file (element-call-labels -> labels) 2024-11-21 19:38:23 +02:00
Slavi Pantaleev
69d702643f Remove homeserver.yaml patching from Element Call role 2024-11-21 19:36:55 +02:00
Slavi Pantaleev
252ca52f60 Relocate /.well-known/element/element.json setup to matrix-static-files, instead of ugly patching from the Element Call role 2024-11-21 19:32:15 +02:00
Slavi Pantaleev
3f52cec25c Relocate Element Web features & element_call configuration to Element role, instead of ugly patching from the Element Call role 2024-11-21 19:17:30 +02:00
Slavi Pantaleev
7a6fcaa402 Fix typo 2024-11-21 18:59:11 +02:00
Slavi Pantaleev
394fdca066 Relocate org.matrix.msc4143.rtc_foci setup to /.well-known/matrix/client to matrix-static-files instead of ugly patching 2024-11-21 18:54:29 +02:00
Slavi Pantaleev
f0466d5a99 Make LiveKit Server configuration extensible 2024-11-21 18:19:36 +02:00
Slavi Pantaleev
be7271760e Make LiveKit Server logging config configurable 2024-11-21 18:13:07 +02:00
Slavi Pantaleev
8b84eb6390 Default LiveKit Server to a smaller RTC range for faster startup on non-host networks 2024-11-21 18:04:53 +02:00
Slavi Pantaleev
3e86adac0d Fix port exposure for LiveKit Server 2024-11-21 18:00:43 +02:00
Slavi Pantaleev
721fb39aa2 More progress on the LiveKit role 2024-11-21 17:28:06 +02:00
Slavi Pantaleev
783d4a23f8 Add livekit_server_identifier 2024-11-21 16:54:45 +02:00
Slavi Pantaleev
fa4ebd2a64 Cleanups 2024-11-21 16:37:01 +02:00
Slavi Pantaleev
79ae704a24 Merge branch 'element-call-integration' of github.com:wjbeckett/matrix-docker-ansible-deploy into element-call-integration 2024-11-21 16:31:50 +02:00
Slavi Pantaleev
c07b093902 Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:24:34 +02:00
Slavi Pantaleev
c321ca160e Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:24:26 +02:00
Slavi Pantaleev
164be875b0 Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:24:15 +02:00
Slavi Pantaleev
0f23e36e12 Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:24:05 +02:00
Slavi Pantaleev
83bb546c64 Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:23:55 +02:00
Slavi Pantaleev
3783922275 Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:23:47 +02:00
Slavi Pantaleev
66cc36466c Update docs/configuring-playbook-livekit-server.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:23:36 +02:00
Slavi Pantaleev
ec41c1aba5 Update docs/configuring-playbook-jwt-service.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:23:28 +02:00
Slavi Pantaleev
df6ef106d1 Update docs/configuring-playbook-jwt-service.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:23:18 +02:00
Slavi Pantaleev
eb048da8a1 Update docs/configuring-playbook-jwt-service.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:23:06 +02:00
Slavi Pantaleev
ccb29beb30 Update docs/configuring-playbook-jwt-service.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:22:56 +02:00
Slavi Pantaleev
32ea60fdc5 Update docs/configuring-playbook-element-call.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:22:44 +02:00
Slavi Pantaleev
25a8cb3b4a Update docs/configuring-playbook-element-call.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:22:17 +02:00
Slavi Pantaleev
55da5c3213 Update docs/configuring-playbook-element-call.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:21:55 +02:00
Slavi Pantaleev
925ebfbd4b Update docs/configuring-playbook-element-call.md
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 16:21:42 +02:00
Slavi Pantaleev
88d4668450 Variable rename (livekit_server_image -> livekit_server_container_image) for consistency with other roles 2024-11-21 16:16:43 +02:00
Slavi Pantaleev
1838a541ae Variables rename (matrix_livekit_server_ -> livekit_server_) to prepare for role extraction 2024-11-21 16:15:54 +02:00
Slavi Pantaleev
1e82530080 Merge branch 'master' into element-call-integration 2024-11-21 15:59:56 +02:00
Slavi Pantaleev
82127830b3 Update roles/custom/matrix-livekit-server/tasks/uninstall.yml
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 15:58:01 +02:00
Slavi Pantaleev
85c0ffa9e1 Update roles/custom/matrix-livekit-server/tasks/uninstall.yml
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 15:57:51 +02:00
Slavi Pantaleev
b691f39d39 Update roles/custom/matrix-livekit-server/tasks/install.yml
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 15:57:44 +02:00
Slavi Pantaleev
10df145101 Update roles/custom/matrix-livekit-server/tasks/install.yml
Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
2024-11-21 15:57:31 +02:00
wjbeckett
fa2a913d39 fixing issue with element call domain not being expanded when writing the element web config.json. 2024-10-03 16:20:54 +10:00
wjbeckett
e18b28136c Updated Element call docs with dependent services and fixed typo. 2024-10-03 15:28:56 +10:00
wjbeckett
1906d61c39 updated traefik label to be in line with the latest change from devture_traefik_ to traefik_ 2024-10-03 13:25:40 +10:00
Backslash
b7e0a41134 Merge branch 'spantaleev:master' into element-call-integration 2024-10-03 13:20:02 +10:00
wjbeckett
a03f5985a5 removed trailing whitespaces 2024-10-03 12:38:34 +10:00
wjbeckett
1e6698cb99 updated documentation or the new roles. 2024-10-02 13:27:02 +10:00
wjbeckett
f684719b2a fixed error with element client update task 2024-10-01 22:30:09 +10:00
wjbeckett
a6e3203398 updated docs, broke the well-known and element client modifications out to separate tasks. 2024-10-01 22:20:50 +10:00
wjbeckett
2b4fdea70f added header flags back in. 2024-10-01 17:04:11 +10:00
wjbeckett
6c8923ae28 removed headers. 2024-10-01 16:51:06 +10:00
wjbeckett
9691577b22 removed additinoal headers 2024-10-01 16:45:07 +10:00
wjbeckett
46109565e1 updated headers for each of the call services. 2024-10-01 16:33:48 +10:00
wjbeckett
4acb025130 testing livekit configuration 2024-10-01 13:35:53 +10:00
wjbeckett
e421852af5 updated jwt bind port 2024-10-01 13:09:00 +10:00
wjbeckett
5507fb3bab added element-call config.json to systemd file 2024-10-01 13:08:21 +10:00
wjbeckett
9864996aad adjusted jwt service ports for traefik 2024-10-01 12:46:37 +10:00
wjbeckett
dbbaae4fbe stopping the recursive loop 2024-10-01 12:34:25 +10:00
wjbeckett
d53c2428b8 updated jwt hostname. 2024-10-01 12:29:35 +10:00
wjbeckett
f98a505df8 changed jwt-service port label. 2024-10-01 11:00:56 +10:00
wjbeckett
d5aabc85be removed redis images in favor of the inbuilt keyDB 2024-10-01 10:41:30 +10:00
wjbeckett
7cdec5f251 fixed type in livekit image 2024-10-01 10:17:34 +10:00
wjbeckett
fd2f505b34 Fixed typo in livekit server hostname 2024-10-01 10:00:30 +10:00
wjbeckett
812b57cfaa resolved missing key. 2024-10-01 09:54:02 +10:00
wjbeckett
b7b8ed573b typo in livekit-server validate. 2024-10-01 09:48:44 +10:00
wjbeckett
97f93ebd76 renamed the livekit role and added livekit-server and jwt-service roles to the setup file. 2024-10-01 09:31:42 +10:00
wjbeckett
8cb7deff15 cleaned up old services again 2024-09-30 23:04:10 +10:00
wjbeckett
71dff50a65 fixed livekit service name 2024-09-30 22:53:21 +10:00
wjbeckett
58a9642e8c fixed config file placement. 2024-09-30 22:45:56 +10:00
wjbeckett
3de399025f hard coded redis port. 2024-09-30 22:41:36 +10:00
wjbeckett
e952ba1c3a removed duplicate tasks. 2024-09-30 22:35:59 +10:00
wjbeckett
8cb3e33bbf separated livekit and jwt to separate roles 2024-09-30 22:20:46 +10:00
wjbeckett
b907777ae5 fixing labels again. 2024-09-30 13:13:29 +10:00
wjbeckett
cb41fb02ae testing traefik labels again. 2024-09-30 13:00:10 +10:00
wjbeckett
31a138a6ba fixed traefik router issues. 2024-09-30 12:47:42 +10:00
wjbeckett
6143ad7ffa fix: removed the read-only tag from the element-call systemd file. 2024-09-30 12:27:04 +10:00
wjbeckett
f762048a8d fix: added missing labels to main. 2024-09-30 12:15:27 +10:00
wjbeckett
93650cf20e fix: Type in the element-call main.yml 2024-09-30 12:02:45 +10:00
wjbeckett
9dbee212d8 fix: removed duplicate keys. 2024-09-30 11:37:08 +10:00
wjbeckett
1167e1ec13 fix: changed matrix server name to matrix domain in element-call config. 2024-09-30 11:17:34 +10:00
wjbeckett
f036e18789 Fix: Restructured Element call configuration files. 2024-09-30 11:05:11 +10:00
Backslash
a274d32c6d Removed serve function 2024-09-27 12:50:31 +10:00
Backslash
5db9a5c061 Removed env file 2024-09-27 12:40:37 +10:00
Backslash
2492672025 Update env.j2 2024-09-27 12:39:39 +10:00
Backslash
a0917fa283 Update main.yml 2024-09-27 12:37:36 +10:00
Backslash
8b172cc194 Update env.j2 2024-09-27 12:35:38 +10:00
Backslash
63133d6599 Added serve command back in. 2024-09-27 11:53:26 +10:00
Backslash
5b8dcf32d5 Added element-call systemd services to the service manager. 2024-09-27 11:42:34 +10:00
Backslash
14614cb211 Update matrix-element-call.service.j2 2024-09-27 10:26:01 +10:00
Backslash
3c084e17d2 Update element-call-labels.j2-new 2024-09-27 10:15:51 +10:00
Backslash
089c5f14c8 Update jwt-service-labels.j2 2024-09-27 10:00:40 +10:00
Backslash
b6571fc4fd Update livekit-labels.j2 2024-09-27 09:59:54 +10:00
Backslash
6d6f9ab853 Added hostnames for livekit and jwt labels 2024-09-27 09:59:13 +10:00
Backslash
5730dbfc6e Added hostname label 2024-09-27 09:54:01 +10:00
Backslash
c14f9cdcb5 Update matrix_servers 2024-09-27 09:25:48 +10:00
Backslash
805b726c6d Update element-call-labels.j2 2024-09-27 09:25:01 +10:00
Backslash
5f49433f6c Handle empty labels correctly. 2024-09-27 09:15:21 +10:00
Backslash
510cfb2dac Update matrix_servers 2024-09-27 09:14:29 +10:00
Backslash
1721e85195 Corrected element call labels file name 2024-09-27 09:00:03 +10:00
Backslash
25909b1029 Update and rename labels.j2 to element-call-labels.j2 2024-09-27 08:51:27 +10:00
Backslash
3264408758 Rename element-call-labels.j2 to element-call-labels.j2-new 2024-09-27 08:49:55 +10:00
Backslash
dd96b93d89 Update matrix-element-call.service.j2 2024-09-27 08:34:01 +10:00
Backslash
df4bf4a0c9 Added tasks for moving the new labels files into place 2024-09-27 08:23:24 +10:00
Backslash
2f2cb8962e Updated livekit labels 2024-09-27 08:19:26 +10:00
Backslash
d2e2781d3b Updated label file 2024-09-27 08:18:27 +10:00
Backslash
80763804f9 Updated label file 2024-09-27 08:16:56 +10:00
Backslash
1d7a60055c Create jwt-service-labels.j2 2024-09-27 08:10:06 +10:00
Backslash
2cf471075d Created livekit-labels.j2 2024-09-27 08:09:32 +10:00
Backslash
6a519bb053 Created element-call-labels to separate the labels for each container 2024-09-27 08:08:42 +10:00
Backslash
f0632b20eb Added missing labels for sfu and jwt 2024-09-26 21:24:43 +10:00
Backslash
5cc9c70ba6 Remove serve command from matrix-element-call.service.j2 2024-09-26 20:57:47 +10:00
Backslash
e34e5da9a4 Update matrix-redis.service.j2 2024-09-26 19:57:39 +10:00
Backslash
656d4275bc Update install.yml 2024-09-26 19:48:06 +10:00
Backslash
6ef304b118 Update validate_config.yml 2024-09-26 19:43:22 +10:00
Backslash
85be68946c Migrated from matrix_redis to redis_ 2024-09-26 19:30:15 +10:00
Backslash
3f6c327da2 Update main.yml 2024-09-26 19:18:47 +10:00
Backslash
ba54e549c4 Added well-known element directory 2024-09-26 19:08:09 +10:00
Backslash
f2acc7430d Create well_known_element.json.j2 2024-09-26 18:53:49 +10:00
Backslash
9cb236da30 Update install.yml 2024-09-26 18:50:48 +10:00
Backslash
f38d6a0d88 Update main.yml 2024-09-26 18:39:03 +10:00
Backslash
ac1295ac45 Create matrix-jwt-service.service.j2 2024-09-26 18:33:22 +10:00
Backslash
bc2ed60762 Update main.yml 2024-09-26 17:23:03 +10:00
Backslash
f7621283fd Update labels.j2 2024-09-26 16:31:23 +10:00
Backslash
e31e688a41 Update main.yml 2024-09-26 15:42:05 +10:00
Backslash
a533ec4204 Update matrix_servers 2024-09-26 15:38:12 +10:00
Backslash
f16ca24408 Update install.yml 2024-09-26 15:17:15 +10:00
Backslash
e910d09ff1 Create matrix-redis.service.j2 2024-09-26 14:52:30 +10:00
Backslash
bc9658c06b Create matrix-livekit.service.j2 2024-09-26 13:40:38 +10:00
Backslash
45c8a61f04 Migrating to systemd for container management 2024-09-26 11:39:33 +10:00
Backslash
954d46cfd7 Update labels.j2 2024-09-26 09:25:49 +10:00
Backslash
dfeca192ab Update redis.conf.j2 2024-09-26 09:23:26 +10:00
Backslash
f306a47b83 Update livekit.yaml.j2 2024-09-26 09:22:29 +10:00
Backslash
becdb0810c Update config.json.j2 2024-09-26 09:18:55 +10:00
Backslash
37fd2e701d Update env.j2 to support the new configuration 2024-09-26 09:15:07 +10:00
Backslash
68cc1f4b2b Simplified the validation step. 2024-09-26 08:29:16 +10:00
Backslash
5efc189293 Updated to support new structure 2024-09-26 08:12:06 +10:00
Backslash
02479e8bec Updated with new structure. 2024-09-26 07:59:09 +10:00
Backslash
0eef094f2b Restructure install.yml to follow other roles more closely 2024-09-26 06:51:36 +10:00
Backslash
16ed788b3f Update main.yml 2024-09-25 21:07:22 +10:00
Backslash
6364101410 Adding another debug task for testing the labels file. 2024-09-25 20:20:20 +10:00
Backslash
81735503f8 Added debug task to test labels configuration 2024-09-25 20:06:27 +10:00
Backslash
8644a7383e Removed additional label loop 2024-09-25 19:22:21 +10:00
Backslash
ce827e7953 Changed matrix_base_domain to matrix_domain 2024-09-25 19:09:13 +10:00
Backslash
c93d30bcb8 Added matrix_server_name to the defaults 2024-09-25 19:07:03 +10:00
Backslash
90ea758c3b Fixed regex for checking the hostname. 2024-09-25 18:39:26 +10:00
Backslash
350d4d4bcd Fixed assertion block to remove jinja2 delimiters 2024-09-25 18:35:09 +10:00
Backslash
fc6357a089 Update main.yml 2024-09-25 18:05:34 +10:00
wjbeckett
60f34cd7af fixed matrix_redis for migration 2024-09-25 16:13:29 +10:00
wjbeckett
d1ba784dde added doc for setting up element call. 2024-09-25 15:01:53 +10:00
Backslash
434157eb98 Merge branch 'spantaleev:master' into element-call-integration 2024-09-25 14:55:42 +10:00
wjbeckett
6594cce570 Feat: Added element call setup and configuration. 2024-09-25 14:53:48 +10:00
40 changed files with 1307 additions and 8 deletions

View File

@@ -1,3 +1,16 @@
# 2025-03-15
## Element Call support
The playbook now supports [Element Call](https://github.com/element-hq/element-call) as an optional feature. Thanks to [wjbeckett](https://github.com/wjbeckett) for getting us started via [PR#3562](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562).
Element Call is a native Matrix video conferencing application developed by [Element](https://element.io/) that has the goal of replacing [Jitsi](./docs/configuring-playbook-jitsi.md) and the old WebRTC stack used in previous Element versions.
💡 For now, Element Call is only supported with the [Synapse](docs/configuring-playbook-synapse.md) homeserver (with [federation](docs/configuring-playbook-federation.md) enabled) and [Element Web](docs/configuring-playbook-client-element-web.md) and Element X mobile clients. See the [Prerequisites](docs/configuring-playbook-element-call.md#prerequisites) section of the [Element Call documentation](docs/configuring-playbook-element-call.md) for more details.
To get started, see the [Configuring Element Call](docs/configuring-playbook-element-call.md) documentation page.
# 2025-03-08
## 6⃣ IPv6 support enablement recommended by default

View File

@@ -80,6 +80,8 @@ Services that run on the server to make the various parts of your installation w
| [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) |
| [ma1sd](https://github.com/ma1uta/ma1sd) | ❌ | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md)
| [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) |
| [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) |
| [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) |
### Authentication
@@ -185,6 +187,7 @@ Various services that don't fit any other categories.
| [Pantalaimon](https://github.com/matrix-org/pantalaimon) | ❌ | E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) |
| [Sygnal](https://github.com/matrix-org/sygnal) | ❌ | Push gateway | [Link](docs/configuring-playbook-sygnal.md) |
| [ntfy](https://ntfy.sh) | ❌ | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) |
| [Element Call](https://github.com/element-hq/element-call) | ❌ | A native Matrix video conferencing application | [Link](docs/configuring-playbook-element-call.md) |
## 🆕 Changes

View File

@@ -0,0 +1,82 @@
<!--
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Element Call (optional)
The playbook can install and configure [Element Call](https://github.com/element-hq/element-call) for you.
Element Call is a native Matrix video conferencing application developed by [Element](https://element.io), designed for secure, scalable, privacy-respecting, and decentralized video and voice calls over the Matrix protocol. Built on MatrixRTC ([MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)), it utilizes [MSC4195](https://github.com/hughns/matrix-spec-proposals/blob/hughns/matrixrtc-livekit/proposals/4195-matrixrtc-livekit.md) with [LiveKit Server](configuring-playbook-livekit-server.md) as its backend.
See the project's [documentation](https://github.com/element-hq/element-call) to learn more.
## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when Element Call is enabled)
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when Element Call is enabled)
- A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
> [!WARNING]
> Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**.
## Decide on a domain and path
By default, Element Call is configured to be served on the `call.element.example.com` domain.
If you'd like to run Element Call on another hostname, see the [Adjusting the Element Call URL](#adjusting-the-element-call-url-optional) section below.
## Adjusting DNS records
By default, this playbook installs Element Call on the `call.element.` subdomain (`call.element.example.com`) and requires you to create a `CNAME` record for `call.element`, which targets `matrix.example.com`.
When setting these values, replace `example.com` with your own.
All dependency services for Element Call ([LiveKit Server](configuring-playbook-livekit-server.md) and [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md)) are installed and configured automatically by the playbook. By default, these services are installed on subpaths on the `matrix.` domain (e.g. `/livekit-server`, `/livekit-jwt-service`), so no DNS record adjustments are required for them.
## Adjusting firewall rules
In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_element_call_enabled: true
```
### Adjusting the Element Call URL (optional)
By tweaking the `matrix_element_call_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
Example additional configuration for your `vars.yml` file:
```yaml
matrix_element_call_hostname: element-call.example.com
```
> [!WARNING]
> A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084).
## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
## Usage
Once installed, Element Call integrates seamlessly with Matrix clients like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android).

View File

@@ -20,6 +20,8 @@ The playbook can install and configure the [Jitsi](https://jitsi.org/) video-con
Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app.
💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application.
The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via:
- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online
- 📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)

View File

@@ -0,0 +1,47 @@
<!--
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up JWT Service (optional)
The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service) for you.
LK-JWT-Service is currently used for a single reason: generate JWT tokens with a given identity for a given room, so that users can use them to authenticate against LiveKit SFU.
See the project's [documentation](https://github.com/element-hq/lk-jwt-service/) to learn more.
## Decide on a domain and path
By default, JWT Service is configured to be served:
- on the Matrix domain (`matrix.example.com`), configurable via `matrix_livekit_jwt_service_hostname`
- under a `/livekit-jwt-service` path prefix, configurable via `matrix_livekit_jwt_service_path_prefix`
This makes it easy to set it up, **without** having to adjust your DNS records manually.
## Adjusting DNS records
If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_livekit_jwt_service_enabled: true
```
## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all`
## Usage
Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the Element Web client to point to your JWT service URL (e.g., `https://matrix.example.com/livekit-jwt-service`).
## Additional Information
Refer to the LiveKit JWT-Service documentation for more details on configuring and using JWT Service.

View File

@@ -0,0 +1,18 @@
<!--
SPDX-FileCopyrightText: 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up LiveKit JWT Service (optional)
The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service/) for you.
This is a helper component that allows [Element Call](configuring-playbook-element-call.md) to integrate with [LiveKit Server](configuring-playbook-livekit-server.md).
💡 LiveKit JWT Service is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra.
Take a look at:
- `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration.

View File

@@ -0,0 +1,28 @@
<!--
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up LiveKit Server (optional)
The playbook can install and configure [LiveKit Server](https://github.com/livekit/livekit) for you.
LiveKit Server is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications.
💡 LiveKit Server is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra.
The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:
- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online
- 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
## Adjusting firewall rules
To ensure LiveKit Server functions correctly, the following firewall rules and port forwarding settings are required:
- `7881/tcp`: ICE/TCP
- `7882/udp`: ICE/UDP Mux
💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.

View File

@@ -237,6 +237,12 @@ Services that help you in administrating and monitoring your Matrix installation
Various services that don't fit any other categories.
- [Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application (optional)
- [Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (optional)
- [Setting up LiveKit Server](configuring-playbook-livekit-server.md) (optional)
- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)
- [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers

View File

@@ -54,6 +54,8 @@ Services that run on the server to make the various parts of your installation w
| [Exim](configuring-playbook-email.md) | [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) |
| [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server |
| [ddclient](configuring-playbook-dynamic-dns.md) | [linuxserver/ddclient](https://hub.docker.com/r/linuxserver/ddclient) | ❌ | Update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider |
| [LiveKit Server](configuring-playbook-livekit-server.md) | [livekit/livekit-server](https://hub.docker.com/r/livekit/livekit-server/) | ❌ | WebRTC server for audio/video calls |
| [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md) | [element-hq/lk-jwt-service](https://ghcr.io/element-hq/lk-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) |
## Authentication
@@ -167,6 +169,7 @@ Various services that don't fit any other categories.
| [Pantalaimon](configuring-playbook-pantalaimon.md) | [matrixdotorg/pantalaimon](https://hub.docker.com/r/matrixdotorg/pantalaimon) | ❌ | E2EE aware proxy daemon |
| [Sygnal](configuring-playbook-sygnal.md) | [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) | ❌ | Reference Push Gateway for Matrix |
| [ntfy](configuring-playbook-ntfy.md) | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) | ❌ | Self-hosted, UnifiedPush-compatible push notifications server |
| [Element Call](configuring-playbook-element-call.md) | [element-hq/element-call](https://ghcr.io/element-hq/element-call) | ❌ | A native Matrix video conferencing application |
## Container images of deprecated / unmaintained services

View File

@@ -447,6 +447,12 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
+
([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else [])
+
([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else [])
+
([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else [])
+
([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
+
([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
@@ -4533,7 +4539,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
#
######################################################################
valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) }}"
valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) or matrix_element_call_enabled }}"
valkey_identifier: matrix-valkey
@@ -4605,6 +4611,14 @@ matrix_client_element_enable_presence_by_hs_url: |-
matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}"
matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}"
matrix_client_element_element_call_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}"
######################################################################
#
# /matrix-client-element
@@ -4920,6 +4934,8 @@ matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"
matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_element_call_enabled }}"
matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}"
@@ -4928,6 +4944,10 @@ matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_
matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_element_call_enabled }}"
matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_element_call_enabled }}"
# Disable password authentication when delegating authentication to Matrix Authentication Service.
# Unless this is done, Synapse fails on startup with:
# > Error in configuration at 'password_config.enabled':
@@ -6117,8 +6137,18 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{
# See: https://github.com/etkecc/synapse-admin/pull/126
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |-
{{
(
[{'type': 'livekit', 'livekit_service_url': matrix_livekit_jwt_service_public_url}] if matrix_livekit_jwt_service_enabled else []
)
}}
matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
matrix_static_files_file_element_element_json_property_call_widget_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}"
matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
@@ -6231,3 +6261,124 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai
# /traefik_certs_dumper #
# #
########################################################################
########################################################################
# #
# matrix-element-call #
# #
########################################################################
matrix_element_call_enabled: false
matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_element_call_container_network: "{{ matrix_addons_container_network }}"
matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_element_call_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_element_call_config_livekit_livekit_service_url: "{{ matrix_livekit_jwt_service_public_url if matrix_livekit_jwt_service_enabled else '' }}"
########################################################################
# #
# /matrix-element-call #
# #
########################################################################
########################################################################
# #
# livekit-server #
# #
########################################################################
livekit_server_enabled: "{{ matrix_element_call_enabled }}"
livekit_server_identifier: matrix-livekit-server
livekit_server_uid: "{{ matrix_user_uid }}"
livekit_server_gid: "{{ matrix_user_gid }}"
livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server"
livekit_server_hostname: "{{ matrix_server_fqn_matrix }}"
livekit_server_path_prefix: "/livekit-server"
livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
livekit_server_container_network: "{{ matrix_addons_container_network }}"
livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
livekit_server_config_keys_auto: |-
{{
{}
| combine(
{matrix_livekit_jwt_service_environment_variable_livekit_key: matrix_livekit_jwt_service_environment_variable_livekit_secret}
if matrix_livekit_jwt_service_enabled else {}
)
}}
# The playbook intentionally uses a non-standard port than the default used by the role (5349),
# because Coturn is already using that port.
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
livekit_server_config_turn_tls_port: 5350
# The playbook intentionally uses a non-standard port than the default used by the role (3478),
# because Coturn is already using that port.
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
livekit_server_config_turn_udp_port: 3479
########################################################################
# #
# /livekit-server #
# #
########################################################################
########################################################################
# #
# matrix-livekit-jwt-service #
# #
########################################################################
matrix_livekit_jwt_service_enabled: "{{ matrix_element_call_enabled and livekit_server_enabled }}"
matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_livekit_jwt_service_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"
matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}"
matrix_livekit_jwt_service_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_jwt_service_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [])
}}
matrix_livekit_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_livekit_jwt_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_livekit_jwt_service_environment_variable_livekit_url: "{{ livekit_server_websocket_public_url }}"
matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.key', rounds=655555) | to_uuid }}"
matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}"
########################################################################
# #
# /matrix-livekit-jwt-service #
# #
########################################################################

View File

@@ -27,6 +27,9 @@
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10078-1-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.8.4-2
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.11.0-4
name: ntfy

View File

@@ -215,6 +215,67 @@ matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_w
# URL to Wallpaper, shown in background of welcome page
matrix_client_element_branding_welcome_background_url: ~ # noqa var-naming
# Controls the `features` section of the Element Web configuration.
matrix_client_element_features: "{{ matrix_client_element_features_default | combine(matrix_client_element_features_auto, recursive=True) | combine(matrix_client_element_features_custom, recursive=True) }}"
matrix_client_element_features_default: |-
{{
{}
| combine(
{'feature_video_rooms': true} if matrix_client_element_features_feature_video_rooms else {}
)
| combine(
{'feature_group_calls': true} if matrix_client_element_features_feature_group_calls else {}
)
| combine(
{'feature_element_call_video_rooms': true} if matrix_client_element_features_feature_element_call_video_rooms else {}
)
| combine(
{'feature_oidc_native_flow': true} if matrix_client_element_features_feature_oidc_native_flow else {}
)
}}
matrix_client_element_features_auto: {}
matrix_client_element_features_custom: {}
matrix_client_element_features_feature_video_rooms: false
matrix_client_element_features_feature_group_calls: false
matrix_client_element_features_feature_element_call_video_rooms: false
matrix_client_element_features_feature_oidc_native_flow: false
matrix_client_element_element_call_enabled: false
matrix_client_element_element_call: "{{ matrix_client_element_element_call_default | combine(matrix_client_element_element_call_auto, recursive=True) | combine(matrix_client_element_element_call_custom, recursive=True) }}"
matrix_client_element_element_call_default: |-
{{
{}
| combine(
{'url': matrix_client_element_element_call_url} if matrix_client_element_element_call_url else {}
)
| combine(
{'participant_limit': matrix_client_element_element_call_participant_limit} if matrix_client_element_element_call_participant_limit else {}
)
| combine(
{'brand': matrix_client_element_element_call_brand} if matrix_client_element_element_call_brand else {}
)
| combine(
{'use_exclusively': matrix_client_element_element_call_use_exclusively} if matrix_client_element_element_call_use_exclusively else {}
)
}}
matrix_client_element_element_call_auto: {}
matrix_client_element_element_call_custom: {}
# Controls the `element_call.url` setting in the Element Web configuration.
matrix_client_element_element_call_url: ''
# Controls the `element_call.participant_limit` setting in the Element Web configuration.
matrix_client_element_element_call_participant_limit: 8
# Controls the `element_call.brand` setting in the Element Web configuration.
matrix_client_element_element_call_brand: "Element Call"
# Controls the `element_call.use_exclusively` setting in the Element Web configuration.
matrix_client_element_element_call_use_exclusively: true
matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"
# By default, there's no Element Web homepage (when logged in). If you wish to have one,

View File

@@ -45,5 +45,7 @@
"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }},
"auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }},
"welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }}
}
},
"features": {{ matrix_client_element_features | to_json }},
"element_call": {{ (matrix_client_element_element_call if matrix_client_element_element_call_enabled else {}) | to_json }}
}

View File

@@ -0,0 +1,145 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# Element Call is a native Matrix video conferencing application developed by Element.
# Project source code URL: https://github.com/element-hq/element-call
matrix_element_call_enabled: false
matrix_element_call_version: v0.7.2
matrix_element_call_scheme: https
matrix_element_call_hostname: "call.{{ matrix_server_fqn_element }}"
matrix_element_call_path_prefix: /
matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call"
# The architecture for Element Call container images.
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
matrix_element_call_architecture: "{{ matrix_architecture }}"
matrix_element_call_container_image: "{{ matrix_element_call_container_image_registry_prefix }}element-hq/element-call:{{ matrix_element_call_container_image_tag }}"
matrix_element_call_container_image_registry_prefix: "{{ matrix_element_call_container_image_registry_prefix_upstream }}"
matrix_element_call_container_image_registry_prefix_upstream: "{{ matrix_element_call_container_image_registry_prefix_upstream_default }}"
matrix_element_call_container_image_registry_prefix_upstream_default: ghcr.io/
matrix_element_call_container_image_tag: "{{ matrix_element_call_version }}"
matrix_element_call_container_image_force_pull: "{{ matrix_element_call_container_image.endswith(':latest') }}"
matrix_element_call_container_network: matrix-element-call
matrix_element_call_container_http_host_bind_port: ''
matrix_element_call_container_additional_networks: "{{ matrix_element_call_container_additional_networks_auto + matrix_element_call_container_additional_networks_custom }}"
matrix_element_call_container_additional_networks_auto: []
matrix_element_call_container_additional_networks_custom: []
# Traefik Configuration for Element Call
matrix_element_call_container_labels_traefik_enabled: true
matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}"
matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/element`).
matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}"
matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}"
matrix_element_call_container_labels_traefik_priority: 0
matrix_element_call_container_labels_traefik_entrypoints: web-secure
matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}"
matrix_element_call_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom`
matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}"
matrix_element_call_container_labels_traefik_additional_response_headers_auto: |
{{
{}
| combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {})
| combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {})
| combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {})
}}
matrix_element_call_container_labels_traefik_additional_response_headers_custom: {}
# matrix_element_call_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_element_call_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_element_call_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_element_call_container_extra_arguments: []
# List of systemd services that matrix-element-call.service depends on
matrix_element_call_systemd_required_services_list: "{{ matrix_element_call_systemd_required_services_list_default + matrix_element_call_systemd_required_services_list_auto + matrix_element_call_systemd_required_services_list_custom }}"
matrix_element_call_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_element_call_systemd_required_services_list_auto: []
matrix_element_call_systemd_required_services_list_custom: []
# Specifies the value of the `X-XSS-Protection` header
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
#
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
matrix_element_call_http_header_xss_protection: "1; mode=block"
# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
matrix_element_call_http_header_frame_options: ''
# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
matrix_element_call_http_header_content_type_options: nosniff
# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
matrix_element_call_http_header_content_security_policy: frame-ancestors *
# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}"
# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}"
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
# Learn more about what it is here:
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
# - https://amifloced.org/
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `matrix_element_call_content_permission_policy`
matrix_element_call_floc_optout_enabled: true
# Controls if HSTS preloading is enabled
#
# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
# indicates a willingness to be "preloaded" into browsers:
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
# For more information visit:
# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `matrix_element_call_http_header_strict_transport_security`
matrix_element_call_hsts_preload_enabled: false
# Controls the default_server_config/m.homeserver/base_url property in the config.json file.
matrix_element_call_config_default_server_config_m_homeserver_base_url: "{{ matrix_homeserver_url }}"
# Controls the default_server_config/m.homeserver/server_name property in the config.json file.
matrix_element_call_config_default_server_config_m_homeserver_server_name: "{{ matrix_domain }}"
# Controls the livekit/livekit_service_url property in the config.json file.
matrix_element_call_config_livekit_livekit_service_url: ""

View File

@@ -0,0 +1,56 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure Element Call paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- path: "{{ matrix_element_call_base_path }}"
- name: Ensure Element Call config.json is in place
ansible.builtin.template:
src: "{{ role_path }}/templates/config.json.j2"
dest: "{{ matrix_element_call_base_path }}/config.json"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Element Call container labels file is in place
ansible.builtin.template:
src: "{{ role_path }}/templates/labels.j2"
dest: "{{ matrix_element_call_base_path }}/labels"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Element Call container image is pulled
community.docker.docker_image:
name: "{{ matrix_element_call_container_image }}"
source: pull
force_source: "{{ matrix_element_call_container_image_force_pull }}"
register: element_call_image_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: element_call_image_result is not failed
- name: Ensure Element Call container network is created
community.general.docker_network:
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_element_call_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure Element Call systemd service is installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
mode: 0644

View File

@@ -0,0 +1,26 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- tags:
- setup-all
- setup-element-call
- install-all
- install-element-call
block:
- when: matrix_element_call_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_element_call_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
- tags:
- setup-all
- setup-element-call
block:
- when: not matrix_element_call_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"

View File

@@ -0,0 +1,31 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Check existence of matrix-element-call service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
register: matrix_element_call_service_stat
- when: matrix_element_call_service_stat.stat.exists | bool
block:
- name: Ensure matrix-element-call is stopped
ansible.builtin.service:
name: matrix-element-call
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-element-call.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
state: absent
- name: Ensure Element Call paths don't exist
ansible.builtin.file:
path: "{{ matrix_element_call_base_path }}"
state: absent

View File

@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if Element Call architecture is not supported
ansible.builtin.fail:
msg: >
Element Call is only supported on amd64 and arm64 architectures.
Your architecture is configured as '{{ matrix_element_call_architecture }}'.
when: "matrix_element_call_architecture not in ['amd64', 'arm64']"
- name: Fail if required Element Call settings are not defined
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] | length == 0"
with_items:
- {'name': 'matrix_element_call_container_network', when: true}
- {'name': 'matrix_element_call_hostname', when: true}
- {'name': 'matrix_element_call_config_livekit_livekit_service_url', when: true}
# Element Call appears to hardcode all paths to `/` (e.g. `/config.json`, `/assets/...`).
# While we can properly serve the homepage and handle stripping the path prefix on our side,
# the hardcoded URLs in the Element Call are pointing people to the wrong place, which is a problem.
- name: Fail if Element Call path prefix is different than /
ansible.builtin.fail:
msg: >
Element Call with a path prefix other than '/' is not supported yet.
You have configured matrix_element_call_path_prefix to '{{ matrix_element_call_path_prefix }}'.
when: "matrix_element_call_path_prefix != '/'"

View File

@@ -0,0 +1,11 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": {{ matrix_element_call_config_default_server_config_m_homeserver_base_url | to_json }},
"server_name": {{ matrix_element_call_config_default_server_config_m_homeserver_server_name | to_json}}
}
},
"livekit": {
"livekit_service_url": {{ matrix_element_call_config_livekit_livekit_service_url | to_json }}
}
}

View File

@@ -0,0 +1,5 @@
SPDX-FileCopyrightText: 2022 MDAD project contributors
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later

View File

@@ -0,0 +1,51 @@
{#
SPDX-FileCopyrightText: 2022 MDAD project contributors
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if matrix_element_call_container_labels_traefik_enabled %}
traefik.enable=true
{% if matrix_element_call_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }}
{% endif %}
traefik.http.services.matrix-element-call.loadbalancer.server.port=8080
{% set middlewares = [] %}
{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$
traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/
{% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %}
traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }}
{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %}
{% endif %}
{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %}
{% endif %}
traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }}
{% if matrix_element_call_container_labels_traefik_priority | int > 0 %}
traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-element-call.service=matrix-element-call
{% if middlewares | length > 0 %}
traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }}
{% endif %}
traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }}
traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }}
{% if matrix_element_call_container_labels_traefik_tls %}
traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }}
{% endif %}
{% endif %}
{{ matrix_element_call_container_labels_additional_labels }}

View File

@@ -0,0 +1,46 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Element Call
{% for service in matrix_element_call_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-element-call \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_element_call_container_network }} \
--mount type=bind,src={{ matrix_element_call_base_path }}/config.json,dst=/app/config.json,ro \
{% if matrix_element_call_container_http_host_bind_port %}
-p {{ matrix_element_call_container_http_host_bind_port }}:8080 \
{% endif %}
--label-file={{ matrix_element_call_base_path }}/labels \
{% for arg in matrix_element_call_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_element_call_container_image }}
{% for network in matrix_element_call_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-element-call
[Install]
WantedBy=multi-user.target

View File

@@ -0,0 +1,5 @@
SPDX-FileCopyrightText: 2022 MDAD project contributors
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later

View File

@@ -0,0 +1,8 @@
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
matrix_element_call_public_url: "{{ matrix_element_call_scheme }}://{{ matrix_element_call_hostname }}"

View File

@@ -0,0 +1,96 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# Project source code URL: https://github.com/element-hq/lk-jwt-service
matrix_livekit_jwt_service_enabled: false
matrix_livekit_jwt_service_scheme: https
matrix_livekit_jwt_service_hostname: ""
matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"
matrix_livekit_jwt_service_base_path: "{{ matrix_base_data_path }}/livekit-jwt-service"
matrix_livekit_jwt_service_container_network: ''
matrix_livekit_jwt_service_container_http_host_bind_port: ''
matrix_livekit_jwt_service_container_additional_networks: "{{ (matrix_livekit_jwt_service_container_additional_networks_auto + matrix_livekit_jwt_service_container_additional_networks_custom) | unique }}"
matrix_livekit_jwt_service_container_additional_networks_auto: []
matrix_livekit_jwt_service_container_additional_networks_custom: []
# renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
matrix_livekit_jwt_service_version: 0.2.0
matrix_livekit_jwt_service_container_image_self_build: false
matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
matrix_livekit_jwt_service_container_repo_version: "{{ 'main' if matrix_livekit_jwt_service_version == 'latest' else ('v' + livekit_server_version) }}"
matrix_livekit_jwt_service_container_src_files_path: "{{ matrix_livekit_jwt_service_base_path }}/container-src"
matrix_livekit_jwt_service_container_image: "{{ matrix_livekit_jwt_service_container_image_registry_prefix }}element-hq/lk-jwt-service:{{ matrix_livekit_jwt_service_container_image_tag }}"
matrix_livekit_jwt_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_livekit_jwt_service_container_image_self_build else matrix_livekit_jwt_service_container_image_registry_prefix_upstream }}"
matrix_livekit_jwt_service_container_image_registry_prefix_upstream: "{{ matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default }}"
matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default: ghcr.io/
matrix_livekit_jwt_service_container_image_tag: "{{ matrix_livekit_jwt_service_version }}"
matrix_livekit_jwt_service_container_image_force_pull: "{{ matrix_livekit_jwt_service_container_image.endswith(':latest') }}"
matrix_livekit_jwt_service_container_labels_traefik_enabled: true
matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_livekit_jwt_service_container_network }}"
matrix_livekit_jwt_service_container_labels_traefik_hostname: "{{ matrix_livekit_jwt_service_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/livekit-jwt-service`).
matrix_livekit_jwt_service_container_labels_traefik_path_prefix: "{{ matrix_livekit_jwt_service_path_prefix }}"
matrix_livekit_jwt_service_container_labels_traefik_rule: "Host(`{{ matrix_livekit_jwt_service_container_labels_traefik_hostname }}`){% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }}`){% endif %}"
matrix_livekit_jwt_service_container_labels_traefik_priority: 0
matrix_livekit_jwt_service_container_labels_traefik_entrypoints: web-secure
matrix_livekit_jwt_service_container_labels_traefik_tls: "{{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints != 'web' }}"
matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom`
matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom) }}"
matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto: {}
matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom: {}
# matrix_livekit_jwt_service_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_livekit_jwt_service_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_livekit_jwt_service_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_livekit_jwt_service_container_extra_arguments: []
# Controls the LK_JWT_PORT environment variable
matrix_livekit_jwt_service_environment_variable_livekit_jwt_port: 8080
# Controls the LIVEKIT_KEY environment variable
matrix_livekit_jwt_service_environment_variable_livekit_key: ""
# Controls the LIVEKIT_URL environment variable
matrix_livekit_jwt_service_environment_variable_livekit_url: ""
# Controls the LIVEKIT_SECRET environment variable
matrix_livekit_jwt_service_environment_variable_livekit_secret: ""
# Additional environment variables to pass to the container.
#
# Environment variables take priority over settings in the configuration file.
#
# Example:
# matrix_livekit_jwt_service_environment_variables_extension: |
# KEY=value
matrix_livekit_jwt_service_environment_variables_extension: ''
# List of systemd services that LiveKit JWT Service service depends on
matrix_livekit_jwt_service_systemd_required_services_list: "{{ matrix_livekit_jwt_service_systemd_required_services_list_default + matrix_livekit_jwt_service_systemd_required_services_list_auto + matrix_livekit_jwt_service_systemd_required_services_list_custom }}"
matrix_livekit_jwt_service_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_livekit_jwt_service_systemd_required_services_list_auto: []
matrix_livekit_jwt_service_systemd_required_services_list_custom: []

View File

@@ -0,0 +1,76 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure LiveKit JWT Service paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- path: "{{ matrix_livekit_jwt_service_base_path }}"
- name: Ensure LiveKit JWT Service support files installed
ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_livekit_jwt_service_base_path }}/{{ item }}"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- env
- labels
- name: Ensure LiveKit JWT Service container image is pulled
community.docker.docker_image:
name: "{{ matrix_livekit_jwt_service_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_livekit_jwt_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_container_image_force_pull }}"
when: "not matrix_livekit_jwt_service_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- when: "matrix_livekit_jwt_service_container_image_self_build | bool"
block:
- name: Ensure LiveKit JWT Service repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_livekit_jwt_service_container_repo }}"
version: "{{ matrix_livekit_jwt_service_container_repo_version }}"
dest: "{{ matrix_livekit_jwt_service_container_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_livekit_jwt_service_git_pull_results
- name: Ensure LiveKit JWT Service container image is built
community.docker.docker_image:
name: "{{ matrix_livekit_jwt_service_container_image }}"
source: build
force_source: "{{ matrix_livekit_jwt_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_livekit_jwt_service_container_src_files_path }}"
pull: true
- name: Ensure LiveKit JWT Service container network is created
community.general.docker_network:
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_livekit_jwt_service_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure LiveKit JWT Service systemd service is installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-livekit-jwt-service.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service"
mode: 0644

View File

@@ -0,0 +1,26 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- tags:
- setup-all
- setup-jwt-service
- install-all
- install-livekit-jwt-service
block:
- when: matrix_livekit_jwt_service_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_livekit_jwt_service_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
- tags:
- setup-all
- setup-livekit-jwt-service
block:
- when: not matrix_livekit_jwt_service_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"

View File

@@ -0,0 +1,31 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Check existence of LiveKit JWT Service systemd service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service"
register: matrix_livekit_jwt_service_service_stat
- when: matrix_livekit_jwt_service_service_stat.stat.exists | bool
block:
- name: Ensure LiveKit JWT Service systemd service is stopped
ansible.builtin.service:
name: matrix-livekit-jwt-service
state: stopped
enabled: false
daemon_reload: true
- name: Ensure LiveKit JWT Service systemd service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service"
state: absent
- name: Ensure LiveKit JWT Service paths don't exist
ansible.builtin.file:
path: "{{ matrix_livekit_jwt_service_base_path }}"
state: absent

View File

@@ -0,0 +1,19 @@
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if required LiveKit JWT Service settings are not defined
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] | length == 0"
with_items:
- {'name': 'matrix_livekit_jwt_service_hostname', when: true}
- {'name': 'matrix_livekit_jwt_service_container_network', when: true}
- {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_key', when: true}
- {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_url', when: true}
- {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_secret', when: true}

View File

@@ -0,0 +1,14 @@
{#
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
#}
LIVEKIT_JWT_PORT={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port | int | to_json }}
LIVEKIT_KEY={{ matrix_livekit_jwt_service_environment_variable_livekit_key }}
LIVEKIT_URL={{ matrix_livekit_jwt_service_environment_variable_livekit_url }}
LIVEKIT_SECRET={{ matrix_livekit_jwt_service_environment_variable_livekit_secret }}
{{ matrix_livekit_jwt_service_environment_variables_extension }}

View File

@@ -0,0 +1,55 @@
{#
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if matrix_livekit_jwt_service_container_labels_traefik_enabled %}
traefik.enable=true
traefik.docker.network={{ matrix_livekit_jwt_service_container_labels_traefik_docker_network }}
traefik.http.services.matrix-livekit-jwt-service.loadbalancer.server.port={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }}
{% set middlewares = [] %}
{% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.regex=({{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix | quote }})$
traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.replacement=${1}/
{% set middlewares = middlewares + ['matrix-livekit-jwt-service-slashless-redirect'] %}
traefik.http.middlewares.matrix-livekit-jwt-service-strip-prefix.stripprefix.prefixes={{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }}
{% set middlewares = middlewares + ['matrix-livekit-jwt-service-strip-prefix'] %}
{% endif %}
{% if matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-livekit-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-livekit-jwt-service-add-headers'] %}
{% endif %}
traefik.http.routers.matrix-livekit-jwt-service.rule={{ matrix_livekit_jwt_service_container_labels_traefik_rule }}
{% if matrix_livekit_jwt_service_container_labels_traefik_priority | int > 0 %}
traefik.http.routers.matrix-livekit-jwt-service.priority={{ matrix_livekit_jwt_service_container_labels_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-livekit-jwt-service.service=matrix-livekit-jwt-service
{% if middlewares | length > 0 %}
traefik.http.routers.matrix-livekit-jwt-service.middlewares={{ middlewares | join(',') }}
{% endif %}
traefik.http.routers.matrix-livekit-jwt-service.entrypoints={{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints }}
traefik.http.routers.matrix-livekit-jwt-service.tls={{ matrix_livekit_jwt_service_container_labels_traefik_tls | to_json }}
{% if matrix_livekit_jwt_service_container_labels_traefik_tls %}
traefik.http.routers.matrix-livekit-jwt-service.tls.certResolver={{ matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver }}
{% endif %}
{% endif %}
{{ matrix_livekit_jwt_service_container_labels_additional_labels }}

View File

@@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix LiveKit JWT Service
{% for service in matrix_livekit_jwt_service_systemd_required_services_list %}
After={{ service }}
Requires={{ service }}
{% endfor %}
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-jwt-service 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-livekit-jwt-service \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_livekit_jwt_service_container_network }} \
{% if matrix_livekit_jwt_service_container_http_host_bind_port %}
-p {{ matrix_livekit_jwt_service_container_http_host_bind_port }}:{{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} \
{% endif %}
--env-file={{ matrix_livekit_jwt_service_base_path }}/env \
--label-file={{ matrix_livekit_jwt_service_base_path }}/labels \
{{ matrix_livekit_jwt_service_container_image }}
{% for network in matrix_livekit_jwt_service_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-livekit-jwt-service
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-jwt-service
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jwt-service 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-livekit-jwt-service
[Install]
WantedBy=multi-user.target

View File

@@ -0,0 +1,5 @@
SPDX-FileCopyrightText: 2022 MDAD project contributors
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later

View File

@@ -0,0 +1,7 @@
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
matrix_livekit_jwt_service_public_url: "{{ matrix_livekit_jwt_service_scheme }}://{{ matrix_livekit_jwt_service_hostname }}{{ matrix_livekit_jwt_service_path_prefix }}"

View File

@@ -20,6 +20,7 @@ matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"
matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public"
matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known"
matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix"
matrix_static_files_public_well_known_element_path: "{{ matrix_static_files_public_well_known_path }}/element"
# List of systemd services that matrix-static-files.service depends on
matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
@@ -211,6 +212,16 @@ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin: "{{ matri
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {}
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {}
# Controls whether `org.matrix.msc4143.rtc_foci`-related entries should be added to the client well-known.
# By default, if there are entries in `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci`, we show them (by enabling this).
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | default({}) | dict2items | length > 0 }}"
# Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file.
# See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled`
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto | combine(matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom, recursive=True) }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: {}
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: {}
# Default /.well-known/matrix/client configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@@ -358,6 +369,56 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f
########################################################################
########################################################################
# #
# Related to /.well-known/element/element.json #
# #
########################################################################
# Controls whether a `/.well-known/element/element.json` file is generated and used at all.
matrix_static_files_file_element_element_json_enabled: true
# Controls the call.widget_url property in the /.well-known/element/element.json file
matrix_static_files_file_element_element_json_property_call_widget_url: ''
# Default /.well-known/element/element.json configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`)
# or completely replace this variable with your own template.
matrix_static_files_file_element_element_json_configuration_json: "{{ lookup('template', 'templates/public/.well-known/element/element.json.j2') }}"
# Your custom JSON configuration for /.well-known/element/element.json should go to `matrix_static_files_file_element_element_json_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_static_files_file_matrix_support_configuration_json`.
#
# Example configuration extension follows:
#
# matrix_static_files_file_element_element_json_configuration_extension_json: |
# {
# "call": {
# "url": "value"
# }
# }
matrix_static_files_file_element_element_json_configuration_extension_json: '{}'
matrix_static_files_file_element_element_json_configuration_extension: "{{ matrix_static_files_file_element_element_json_configuration_extension_json | from_json if matrix_static_files_file_element_element_json_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_element_element_json_configuration_json` or `matrix_static_files_file_element_element_json_configuration_extension_json`.
matrix_static_files_file_element_element_json_configuration: "{{ matrix_static_files_file_element_element_json_configuration_json | combine(matrix_static_files_file_element_element_json_configuration_extension, recursive=True) }}"
########################################################################
# #
# /Related to /.well-known/element/element.json #
# #
########################################################################
########################################################################
# #
# Related to index.html #

View File

@@ -7,17 +7,19 @@
- name: Ensure matrix-static-files paths exist
ansible.builtin.file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_static_files_base_path }}"
- "{{ matrix_static_files_config_path }}"
- "{{ matrix_static_files_public_path }}"
- "{{ matrix_static_files_public_well_known_path }}"
- "{{ matrix_static_files_public_well_known_matrix_path }}"
- {path: "{{ matrix_static_files_base_path }}", when: true}
- {path: "{{ matrix_static_files_config_path }}", when: true}
- {path: "{{ matrix_static_files_public_path }}", when: true}
- {path: "{{ matrix_static_files_public_well_known_path }}", when: true}
- {path: "{{ matrix_static_files_public_well_known_matrix_path }}", when: true}
- {path: "{{ matrix_static_files_public_well_known_element_path }}", when: true}
when: "item.when | bool"
- name: Ensure matrix-static-files is configured
ansible.builtin.template:
@@ -57,6 +59,10 @@
dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support"
when: "{{ matrix_static_files_file_matrix_support_enabled }}"
- content: "{{ matrix_static_files_file_element_element_json_configuration | to_nice_json }}"
dest: "{{ matrix_static_files_public_well_known_element_path }}/element.json"
when: "{{ matrix_static_files_file_element_element_json_enabled }}"
# This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`.
# See the comment for `matrix_static_files_file_index_html_enabled` to learn why.
- content: "{{ matrix_static_files_file_index_html_template }}"
@@ -75,6 +81,12 @@
state: absent
when: "not matrix_static_files_file_matrix_support_enabled | bool"
- name: Ensure /.well-known/element/element.json file deleted if not enabled
ansible.builtin.file:
path: "{{ matrix_static_files_public_well_known_element_path }}/element.json"
state: absent
when: "not matrix_static_files_file_element_element_json_enabled | bool"
- name: Ensure matrix-static-files container image is pulled
community.docker.docker_image:
name: "{{ matrix_static_files_container_image }}"

View File

@@ -0,0 +1,7 @@
{
{% if matrix_static_files_file_element_element_json_property_call_widget_url %}
"call": {
"widget_url": {{ matrix_static_files_file_element_element_json_property_call_widget_url | to_json }}
}
{% endif %}
}

View File

@@ -0,0 +1,4 @@
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later

View File

@@ -57,4 +57,7 @@
{% if matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled %},
"cc.etke.synapse-admin": {{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | to_json }}
{% endif %}
{% if matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled %},
"org.matrix.msc4143.rtc_foci": {{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | to_json }}
{% endif %}
}

View File

@@ -133,6 +133,10 @@
- custom/matrix-media-repo
- custom/matrix-pantalaimon
- custom/matrix-element-call
- galaxy/livekit_server
- custom/matrix-livekit-jwt-service
- role: galaxy/postgres_backup
- role: galaxy/backup_borg