From 3e86adac0d76123c5558cc627b58ca9e8fbc7cca Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 21 Nov 2024 18:00:43 +0200
Subject: [PATCH] Fix port exposure for LiveKit Server

---
 .../custom/matrix-livekit-server/defaults/main.yml  | 13 +++++++++++++
 .../templates/systemd/livekit-server.service.j2     |  6 ++++++
 2 files changed, 19 insertions(+)

diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml
index 3350ecdd3..9d1314683 100644
--- a/roles/custom/matrix-livekit-server/defaults/main.yml
+++ b/roles/custom/matrix-livekit-server/defaults/main.yml
@@ -24,6 +24,19 @@ livekit_server_container_additional_networks: "{{ livekit_server_container_addit
 livekit_server_container_additional_networks_auto: []
 livekit_server_container_additional_networks_custom: []
 
+# Controls whether the LiveKit Server container exposes its RCT TCP port (`livekit_server_config_rtc_tcp_port`)
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
+livekit_server_container_rtc_tcp_host_bind_port: "{{ livekit_server_config_rtc_tcp_port if livekit_server_container_network != 'host' else '' }}"
+
+# Controls whether the LiveKit Server container exposes its RTC UDP port range and which interface to do it on.
+#
+# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
+# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.
+#
+# The UDP port-range itself is specified using `livekit_server_config_rtc_port_range_start` and `livekit_server_config_rtc_port_range_end`.
+livekit_server_container_rtc_range_listen_interface: "{{ '' if livekit_server_container_network != 'host' else 'none' }}"
+
 livekit_server_container_image_self_build: false
 livekit_server_container_repo: "https://github.com/livekit/livekit.git"
 livekit_server_container_repo_version: "{{ 'main' if livekit_server_version == 'latest' else livekit_server_version }}"
diff --git a/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2
index 9cf263a8c..cb56801ff 100644
--- a/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2
+++ b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2
@@ -17,6 +17,12 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 	--user={{ livekit_server_uid }}:{{ livekit_server_gid }} \
 	--cap-drop=ALL \
 	--network={{ livekit_server_container_network }} \
+	{% if livekit_server_container_rtc_tcp_host_bind_port != '' %}
+	-p {{ livekit_server_container_rtc_tcp_host_bind_port }}:{{ livekit_server_config_rtc_tcp_port }} \
+	{% endif %}
+	{% if livekit_server_container_rtc_range_listen_interface is not in [none, 'none'] %}
+	-p {{ livekit_server_container_rtc_range_listen_interface }}{{ ':' if livekit_server_container_rtc_range_listen_interface else '' }}{{ livekit_server_config_rtc_port_range_start }}-{{ livekit_server_config_rtc_port_range_end }}:{{ livekit_server_config_rtc_port_range_start }}-{{ livekit_server_config_rtc_port_range_end }}/udp \
+	{% endif %}
 	--mount type=bind,src={{ livekit_server_config_path }}/config.yaml,dst=/livekit-config.yaml,ro \
 	--label-file={{ livekit_server_base_path }}/labels \
 	{{ livekit_server_container_image }} \