More progress on the LiveKit role

group_vars/matrix_servers

@@ -6066,6 +6066,9 @@ livekit_server_enabled: "{{ matrix_element_call_enabled }}"
 
 livekit_server_identifier: matrix-livekit-server
 
+livekit_server_uid: "{{ matrix_user_uid }}"
+livekit_server_gid: "{{ matrix_user_gid }}"
+
 livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server"
 
 livekit_server_hostname: "sfu.{{ matrix_domain }}"

roles/custom/matrix-livekit-server/defaults/main.yml

@@ -6,7 +6,11 @@ livekit_server_enabled: false
 
 livekit_server_identifier: livekit-server
 
+livekit_server_uid: ''
+livekit_server_gid: ''
+
 livekit_server_base_path: "/{{ livekit_server_identifier }}"
+livekit_server_config_path: "{{ livekit_server_base_path }}/config"
 
 # renovate: datasource=docker depName=livekit/livekit-server
 livekit_server_version: v1.8.0
@@ -124,4 +128,22 @@ livekit_server_floc_optout_enabled: false
 # See: `livekit_server_http_header_strict_transport_security`
 livekit_server_hsts_preload_enabled: true
 
-livekit_server_config_keys_devkey: ""
+# Controls the `port` configuration property.
+livekit_server_config_port: 7880
+
+# Controls the `rtc.tcp_port` configuration property
+livekit_server_config_rtc_tcp_port: 7881
+
+# Controls the `rtc.port_range_start` configuration property
+livekit_server_config_rtc_port_range_start: 50100
+
+# Controls the `rtc.port_range_end` configuration property
+livekit_server_config_rtc_port_range_end: 50200
+
+# Controls the `rtc.use_external_ip` configuration property
+livekit_server_config_rtc_use_external_ip: true
+
+# Controls the `keys` configuration property.
+livekit_server_config_keys: "{{ livekit_server_config_keys_auto | combine(livekit_server_config_keys_custom, recursive=True) }}"
+livekit_server_config_keys_auto: {}
+livekit_server_config_keys_custom: {}

roles/custom/matrix-livekit-server/tasks/install.yml

@@ -5,34 +5,37 @@
     path: "{{ item.path }}"
     state: directory
     mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ livekit_server_uid }}"
+    group: "{{ livekit_server_gid }}"
   with_items:
-    - path: "{{ livekit_server_base_path }}"
+    - {path: "{{ livekit_server_base_path }}", when: true}
+    - {path: "{{ livekit_server_config_path }}", when: true}
+    - {path: "{{ livekit_server_container_src_files_path }}", when: "{{ livekit_server_container_image_self_build }}"}
+  when: "item.when | bool"
 
-- name: Ensure LiveKit Server livekit.yaml is in place
+- name: Ensure LiveKit Server configuration is in place
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/livekit.yaml.j2"
-    dest: "{{ livekit_server_base_path }}/livekit.yaml"
+    src: "{{ role_path }}/templates/config.yaml.j2"
+    dest: "{{ livekit_server_config_path }}/config.yaml"
     mode: 0640
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ livekit_server_uid }}"
+    group: "{{ livekit_server_gid }}"
 
 - name: Ensure LiveKit Server labels file is in place
   ansible.builtin.template:
     src: "{{ role_path }}/templates/labels.j2"
     dest: "{{ livekit_server_base_path }}/labels"
     mode: 0640
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ livekit_server_uid }}"
+    group: "{{ livekit_server_gid }}"
 
 - name: Ensure LiveKit Server container image is pulled
   community.docker.docker_image:
     name: "{{ livekit_server_container_image }}"
     source: pull
   register: livekit_image_result
-  retries: 3
-  delay: 10
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
   until: livekit_image_result is not failed
 
 - name: Ensure LiveKit Server systemd service is installed

roles/custom/matrix-livekit-server/tasks/validate_config.yml

@@ -7,7 +7,6 @@
   when: "item.when | bool and vars[item.name] | length == 0"
   with_items:
     - {'name': 'livekit_server_hostname', when: true}
-    - {'name': 'livekit_server_base_path', when: true}
-    - {'name': 'livekit_server_container_network', when: true}
-    - {'name': 'livekit_server_container_image', when: true}
-    - {'name': 'livekit_server_config_keys_devkey', when: true}
+    - {'name': 'livekit_server_identifier', when: true}
+    - {'name': 'livekit_server_uid', when: true}
+    - {'name': 'livekit_server_gid', when: true}

roles/custom/matrix-livekit-server/templates/config.yaml.j2

@@ -0,0 +1,21 @@
+port: {{ livekit_server_config_port | int | to_json }}
+
+bind_addresses:
+  - "0.0.0.0"
+
+rtc:
+  tcp_port: {{ livekit_server_config_rtc_tcp_port | int | to_json }}
+  port_range_start: {{ livekit_server_config_rtc_port_range_start | int | to_json }}
+  port_range_end: {{ livekit_server_config_rtc_port_range_end | int | to_json }}
+  use_external_ip: {{ livekit_server_config_rtc_use_external_ip | to_json }}
+
+turn:
+  enabled: false
+  domain: localhost
+  cert_file: ""
+  key_file: ""
+  tls_port: 5349
+  udp_port: 443
+  external_tls: true
+
+keys: {{ livekit_server_config_keys | to_json }}

roles/custom/matrix-livekit-server/templates/labels.j2

@@ -6,11 +6,10 @@ traefik.enable=true
 traefik.docker.network={{ livekit_server_container_labels_traefik_docker_network }}
 {% endif %}
 
-traefik.http.services.matrix-livekit-server.loadbalancer.server.port=7880
+traefik.http.services.matrix-livekit-server.loadbalancer.server.port={{ livekit_server_config_port }}
 
 {% set middlewares = [] %}
 
-# Path prefix handling for Livekit
 {% if livekit_server_container_labels_traefik_path_prefix != '/' %}
 traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.regex=({{ livekit_server_container_labels_traefik_path_prefix | quote }})$
 traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.replacement=${1}/

roles/custom/matrix-livekit-server/templates/livekit.yaml.j2

@@ -1,20 +0,0 @@
-port: 7880
-bind_addresses:
-  - "0.0.0.0"
-rtc:
-  tcp_port: 7881
-  port_range_start: 50100
-  port_range_end: 50200
-  use_external_ip: true
-
-turn:
-  enabled: false
-  domain: localhost
-  cert_file: ""
-  key_file: ""
-  tls_port: 5349
-  udp_port: 443
-  external_tls: true
-
-keys:
-  devkey: {{ livekit_server_config_keys_devkey | to_json }}

roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2

@@ -1,34 +1,38 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix LiveKit Server
+Description=LiveKit Server
 After=docker.service
 Requires=docker.service
 
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-server 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-server 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ livekit_server_identifier }} 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ livekit_server_identifier }} 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
-    --rm \
-    --name=matrix-livekit-server \
-    --log-driver=none \
-    --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-    --cap-drop=ALL \
-    --network=host \
-    --mount type=bind,src={{ livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \
+	--rm \
+	--name={{ livekit_server_identifier }} \
+	--log-driver=none \
+	--user={{ livekit_server_uid }}:{{ livekit_server_gid }} \
+	--cap-drop=ALL \
+	--network={{ livekit_server_container_network }} \
+	--mount type=bind,src={{ livekit_server_config_path }}/config.yaml,dst=/livekit-config.yaml,ro \
 	--label-file={{ livekit_server_base_path }}/labels \
-    {{ livekit_server_container_image }} \
-    --dev --config /etc/livekit.yaml
+	{{ livekit_server_container_image }} \
+	--dev --config /livekit-config.yaml
 
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-server
+{% for network in livekit_server_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ livekit_server_identifier }}
+{% endfor %}
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-server 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-server 2>/dev/null || true'
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ livekit_server_identifier }}
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ livekit_server_identifier }} 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ livekit_server_identifier }} 2>/dev/null || true'
 Restart=always
 RestartSec=30
-SyslogIdentifier=matrix-livekit-server
+SyslogIdentifier={{ livekit_server_identifier }}
 
 [Install]
 WantedBy=multi-user.target