From 6594cce57038c5118e9b056f2b2c0b4ec9451b93 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Wed, 25 Sep 2024 14:53:48 +1000 Subject: [PATCH 001/142] Feat: Added element call setup and configuration. --- docs/configuring-playbook-element-call.md | 74 ++++++++ group_vars/matrix_servers | 58 +++++++ .../matrix-element-call/defaults/main.yml | 34 ++++ .../tasks/create_element_json.yml | 22 +++ .../matrix-element-call/tasks/install.yml | 17 ++ .../tasks/install_docker_containers.yml | 158 ++++++++++++++++++ .../custom/matrix-element-call/tasks/main.yml | 14 ++ .../matrix-element-call/tasks/uninstall.yml | 51 ++++++ .../tasks/update_element_web_config.yml | 29 ++++ .../tasks/update_homeserver_config.yml | 36 ++++ .../tasks/update_well_known_client.yml | 24 +++ .../tasks/validate_config.yml | 79 +++++++++ .../templates/config.json.j2 | 11 ++ .../matrix-element-call/templates/env.j2 | 9 + .../matrix-element-call/templates/labels.j2 | 11 ++ .../templates/livekit.yaml.j2 | 21 +++ .../templates/redis.conf.j2 | 5 + .../systemd/matrix-element-call.service.j2 | 17 ++ .../custom/matrix-element-call/vars/main.yml | 5 + setup.yml | 1 + 20 files changed, 676 insertions(+) create mode 100644 docs/configuring-playbook-element-call.md create mode 100644 roles/custom/matrix-element-call/defaults/main.yml create mode 100644 roles/custom/matrix-element-call/tasks/create_element_json.yml create mode 100644 roles/custom/matrix-element-call/tasks/install.yml create mode 100644 roles/custom/matrix-element-call/tasks/install_docker_containers.yml create mode 100644 roles/custom/matrix-element-call/tasks/main.yml create mode 100644 roles/custom/matrix-element-call/tasks/uninstall.yml create mode 100644 roles/custom/matrix-element-call/tasks/update_element_web_config.yml create mode 100644 roles/custom/matrix-element-call/tasks/update_homeserver_config.yml create mode 100644 roles/custom/matrix-element-call/tasks/update_well_known_client.yml create mode 100644 roles/custom/matrix-element-call/tasks/validate_config.yml create mode 100644 roles/custom/matrix-element-call/templates/config.json.j2 create mode 100644 roles/custom/matrix-element-call/templates/env.j2 create mode 100644 roles/custom/matrix-element-call/templates/labels.j2 create mode 100644 roles/custom/matrix-element-call/templates/livekit.yaml.j2 create mode 100644 roles/custom/matrix-element-call/templates/redis.conf.j2 create mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 create mode 100644 roles/custom/matrix-element-call/vars/main.yml diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md new file mode 100644 index 000000000..bd36357ab --- /dev/null +++ b/docs/configuring-playbook-element-call.md @@ -0,0 +1,74 @@ +# Setting up Element Call (optional) + +The playbook can install and configure [Element Call](https://github.com/vector-im/element-call) for you. + +Element Call is a WebRTC-based video and voice calling platform that integrates with Matrix clients such as Element Web. It provides secure, decentralized communication with support for video calls, audio calls, and screen sharing. + +See the project's [documentation](https://github.com/vector-im/element-call) to learn more. + +## Decide on a domain and path + +By default, Element Call is configured to be served on the Matrix domain (`call.DOMAIN`, controlled by the `matrix_element_call_hostname` variable). + +This makes it easy to set it up, **without** having to adjust your DNS records manually. + +If you'd like to run Element Call on another hostname or path, use the `matrix_element_call_hostname` and `matrix_element_call_path_prefix` variables. + +## Adjusting DNS records + +If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. + +Ensure that the following DNS names have a public IP/FQDN: +- `call.DOMAIN` +- `sfu.DOMAIN` +- `sfu-jwt.DOMAIN` + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_element_call_enabled: true +# Set a secure key for LiveKit authentication +matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' +``` + +## External databases + +If your setup utilizes an external database, you may need to adjust the default configuration for Redis used by Element Call. Modify the defaults in group_vars/matrix_servers.yml or host_vars to suit your setup: + +```yaml +matrix_element_call_redis_hostname: 'localhost' +matrix_element_call_redis_port: 6379 +matrix_element_call_redis_password: '' +``` + +## Installing +After potentially adjusting DNS records and configuring the playbook, run the installation command again: +```yaml +ansible-playbook -i inventory setup.yml +``` + +## Usage +Once installed, Element Call integrates seamlessly with Matrix clients like Element Web. When the Element Call service is installed, the `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc4143.rtc_foci` section is added to point to your JWT service URL (e.g., `https://sfu-jwt.DOMAIN`). + +Additionally, the `/.well-known/element/element.json` file is created to help Element clients discover the Element Call URL (e.g., `https://call.DOMAIN`). + +## Required Firewall and Port Forwarding Rules + +To ensure the services function correctly, the following firewall rules and port forwarding settings are required: + +LiveKit: + + • Forward UDP ports 50100:50200 to the Docker instance running LiveKit. + • Forward TCP port 7881 to the Docker instance running LiveKit. + +Element Call: + + • Forward TCP port 443 to the server running Traefik (for Element Call). + +Ensure these ports are open and forwarded appropriately to allow traffic to flow correctly between the services. + +## Additional Information + +Refer to the Element Call documentation for more details on configuring and using Element Call. \ No newline at end of file diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c6682be41..58e93c7b2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5690,3 +5690,61 @@ devture_traefik_certs_dumper_ssl_dir_path: "{{ devture_traefik_ssl_dir_path if d # /com.devture.ansible.role.traefik_certs_dumper # # # ######################################################################## + + +######################################################################## +# # +# matrix-element-call # +# # +######################################################################## + +# Matrix Element Call Configuration +matrix_element_call_enabled: false # Default is false; should be enabled in host_vars as needed +matrix_element_call_version: "latest" # Default version; can be overridden in host_vars +matrix_element_call_scheme: "https" # Scheme for Element Call (e.g., https) +matrix_element_call_hostname: "call.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different +matrix_element_call_path_prefix: "/" # Path prefix for Element Call +matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" # Base path for storing Element Call-related files +matrix_element_call_container_image: "ghcr.io/element-hq/element-call:{{ matrix_element_call_version }}" +matrix_element_call_container_image_name_prefix: ghcr.io/ +matrix_element_call_container_image_registry_prefix: ghcr.io/ +matrix_element_call_container_image_force_pull: true + +# Docker network configuration for Element Call +matrix_element_call_container_network: "{{ matrix_homeserver_container_network }}" # Use the homeserver network by default + +# Traefik Configuration for Element Call +matrix_element_call_container_labels_traefik_enabled: true +matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" +matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" +matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" +matrix_element_call_container_labels_traefik_entrypoints: "websecure" +matrix_element_call_container_labels_traefik_tls_certResolver: "default" + +# JWT Service Configuration +matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed + +# LiveKit Service Configuration +matrix_element_call_livekit_service_url: "https://sfu.{{ matrix_domain }}" # Default LiveKit service URL; adjust as needed +matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # LiveKit dev key + +# Redis Configuration for Element Call +matrix_element_call_redis_hostname: "localhost" # Default Redis hostname; can be overridden +matrix_element_call_redis_port: 6379 # Default Redis port; can be overridden +matrix_element_call_redis_password: "" # Redis password; should be set in host_vars if needed + +# Additional environment variables for the container +matrix_element_call_environment_variables_additional: {} + +# Additional arguments or configuration options for the Docker container +matrix_element_call_container_extra_arguments: [] + +# Enable or disable metrics collection +matrix_element_call_metrics_enabled: false +matrix_element_call_metrics_port: 2112 + +######################################################################## +# # +# /matrix-element-call # +# # +######################################################################## \ No newline at end of file diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml new file mode 100644 index 000000000..38b175532 --- /dev/null +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -0,0 +1,34 @@ +--- +# roles/custom/matrix-element-call/defaults/main.yml + +# Enable or disable matrix-element-call deployment +matrix_element_call_enabled: false + +# Base path configuration +matrix_element_call_base_path: "/home/{{ matrix_user_username }}/dockerdata/volumes/elementcall" +matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config" +matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" + +# Docker network configuration +matrix_element_call_container_network: "matrix_element_call_network" + +# Docker images +matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" +matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" +matrix_livekit_image: "livekit/livekit-server:latest" +matrix_redis_image: "redis:6-alpine" + +# Ports +matrix_element_call_port: "8093" +matrix_jwt_service_port: "8881" +matrix_redis_port: "6379" + +# LiveKit configuration (should be set in host_vars or globally) +matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key | default('unset-livekit-key') }}" +matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_base_domain }}:443" + +# Well-known paths and domains (derived from matrix_base_domain) +matrix_element_call_domain: "call.{{ matrix_base_domain }}" +matrix_element_call_well_known_client_path: "/var/www/.well-known/matrix/client" +matrix_element_call_well_known_element_path: "/var/www/.well-known/element/element.json" +matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/create_element_json.yml b/roles/custom/matrix-element-call/tasks/create_element_json.yml new file mode 100644 index 000000000..7fe689183 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/create_element_json.yml @@ -0,0 +1,22 @@ +--- +--- +# Create the element.json file to point to Element Call + +- name: Ensure .well-known/element directory exists + ansible.builtin.file: + path: "{{ matrix_element_call_well_known_element_path | dirname }}" + state: directory + mode: 0755 + +- name: Create or update the element.json file with Element Call config + ansible.builtin.copy: + dest: "{{ matrix_element_call_well_known_element_path }}" + content: | + { + "call": { + "widget_url": "{{ matrix_element_call_base_url }}" + } + } + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml new file mode 100644 index 000000000..250f8c093 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -0,0 +1,17 @@ +--- +# Main install task for matrix-element-call + +- name: Install Docker containers for Element Call + include_tasks: install_docker_containers.yml + +- name: Update .well-known/matrix/client + include_tasks: update_well_known_client.yml + +- name: Create .well-known/element/element.json + include_tasks: create_element_json.yml + +- name: Update homeserver.yaml for Element Call + include_tasks: update_homeserver_config.yml + +- name: Update Element-Web config.json for Element Call + include_tasks: update_element_web_config.yml \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml new file mode 100644 index 000000000..38dfbbd70 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml @@ -0,0 +1,158 @@ +--- +# Ensure Required Directories Exist +- name: Ensure matrix-element-call paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + loop: + - path: "{{ matrix_element_call_base_path }}" + - path: "{{ matrix_element_call_base_path }}/data" + - path: "{{ matrix_element_call_base_path }}/config" + - path: "{{ matrix_element_call_base_path }}/backend" # For LiveKit and Redis config + +# Ensure Configuration Files are in Place +- name: Ensure Element Call config.json is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/config.json.j2" + dest: "{{ matrix_element_call_base_path }}/config/config.json" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure LiveKit livekit.yaml is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/livekit.yaml.j2" + dest: "{{ matrix_element_call_base_path }}/backend/livekit.yaml" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure Redis redis.conf is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/redis.conf.j2" + dest: "{{ matrix_element_call_base_path }}/backend/redis.conf" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-element-call environment file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_element_call_base_path }}/config/env" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-element-call Docker labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_element_call_base_path }}/config/labels" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +# Ensure Docker Images are Pulled +- name: Ensure matrix-element-call Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_element_call_image }}" + source: pull + force_source: "{{ matrix_element_call_container_image_force_pull }}" + register: element_call_image_result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: element_call_image_result is not failed + +- name: Ensure jwt-service Docker image is pulled + community.docker.docker_image: + name: "ghcr.io/element-hq/lk-jwt-service:latest-ci" + source: pull + register: jwt_image_result + retries: 3 + delay: 10 + until: jwt_image_result is not failed + +- name: Ensure livekit Docker image is pulled + community.docker.docker_image: + name: "livekit/livekit-server:latest" + source: pull + register: livekit_image_result + retries: 3 + delay: 10 + until: livekit_image_result is not failed + +- name: Ensure redis Docker image is pulled + community.docker.docker_image: + name: "redis:6-alpine" + source: pull + register: redis_image_result + retries: 3 + delay: 10 + until: redis_image_result is not failed + +# Ensure Docker Containers are Running +- name: Run matrix-element-call Docker container + community.docker.docker_container: + name: "matrix-element-call" + image: "{{ matrix_element_call_image }}" + state: started + restart_policy: unless-stopped + env_file: "{{ matrix_element_call_base_path }}/config/env" + labels: "{{ lookup('file', matrix_element_call_base_path ~ '/config/labels') | from_yaml }}" + networks: + - name: "{{ matrix_element_call_container_network }}" + volumes: + - "{{ matrix_element_call_base_path }}/config/config.json:/app/config.json" + - "{{ matrix_element_call_base_path }}/data:/data" + +- name: Run jwt-service Docker container + community.docker.docker_container: + name: "matrix-jwt-service" + image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" + state: started + restart_policy: unless-stopped + environment: + LIVEKIT_SECRET: "{{ matrix_element_call_livekit_dev_key }}" # User-specified key + LIVEKIT_URL: "{{ matrix_element_call_livekit_service_url }}" + LIVEKIT_KEY: "devkey" + networks: + - name: "{{ matrix_element_call_container_network }}" + +- name: Run livekit Docker container + community.docker.docker_container: + name: "matrix-livekit" + image: "livekit/livekit-server:latest" + state: started + restart_policy: unless-stopped + command: "--dev --config /etc/livekit.yaml" + volumes: + - "{{ matrix_element_call_base_path }}/backend/livekit.yaml:/etc/livekit.yaml" + network_mode: "host" + +- name: Run redis Docker container + community.docker.docker_container: + name: "matrix-redis" + image: "redis:6-alpine" + state: started + restart_policy: unless-stopped + command: redis-server /etc/redis.conf + volumes: + - "{{ matrix_element_call_base_path }}/backend/redis.conf:/etc/redis.conf" + networks: + - name: "{{ matrix_element_call_container_network }}" + +# Ensure Systemd Services are Set Up +- name: Ensure matrix-element-call systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/element-call.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" + mode: 0644 + +- name: Ensure matrix-element-call systemd service is enabled and started + ansible.builtin.systemd: + name: matrix-element-call + enabled: true + state: started + daemon_reload: true \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/main.yml b/roles/custom/matrix-element-call/tasks/main.yml new file mode 100644 index 000000000..ae0f7ce68 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# roles/custom/matrix-element-call/tasks/main.yml + +- name: Ensure Element Call dependencies are valid and present + when: matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + +- name: Install Element Call and its related services + when: matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- name: Uninstall Element Call and clean up resources + when: not matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/uninstall.yml b/roles/custom/matrix-element-call/tasks/uninstall.yml new file mode 100644 index 000000000..f863c25be --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/uninstall.yml @@ -0,0 +1,51 @@ +--- +--- +# roles/custom/matrix-element-call/tasks/uninstall.yml + +# Stop and remove Docker containers +- name: Stop and remove matrix-element-call Docker container + community.docker.docker_container: + name: "matrix-element-call" + state: absent + when: matrix_element_call_enabled | bool == false + +- name: Stop and remove jwt-service Docker container + community.docker.docker_container: + name: "matrix-jwt-service" + state: absent + when: matrix_element_call_enabled | bool == false + +- name: Stop and remove livekit Docker container + community.docker.docker_container: + name: "matrix-livekit" + state: absent + when: matrix_element_call_enabled | bool == false + +- name: Stop and remove redis Docker container + community.docker.docker_container: + name: "matrix-redis" + state: absent + when: matrix_element_call_enabled | bool == false + +# Remove matrix-element-call directories +- name: Remove matrix-element-call directories + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - "{{ matrix_element_call_base_path }}" + when: matrix_element_call_enabled | bool == false + +# Disable and remove systemd service for matrix-element-call +- name: Stop and disable matrix-element-call systemd service + ansible.builtin.systemd: + name: matrix-element-call + state: stopped + enabled: false + when: matrix_element_call_enabled | bool == false + +- name: Remove matrix-element-call systemd service file + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" + state: absent + when: matrix_element_call_enabled | bool == false \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml new file mode 100644 index 000000000..0fa227172 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml @@ -0,0 +1,29 @@ +--- +# Update Element-Web config.json with Element Call features + +- name: Ensure Element-Web config.json exists + ansible.builtin.file: + path: "{{ matrix_element_web_config_path }}" + state: file + mode: 0644 + +- name: Update Element-Web config.json with Element Call features + ansible.builtin.blockinfile: + path: "{{ matrix_element_web_config_path }}" + block: | + "features": { + "feature_video_rooms": true, + "feature_new_room_decoration_ui": true, + "feature_group_calls": true, + "feature_element_call_video_rooms": true + }, + "element_call": { + "url": "{{ matrix_element_call_base_url }}", + "participant_limit": 8, + "brand": "Element Call", + "use_exclusively": true + } + marker: "# ANSIBLE MANAGED BLOCK - Element Call features" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_homeserver_config.yml b/roles/custom/matrix-element-call/tasks/update_homeserver_config.yml new file mode 100644 index 000000000..46e4f5a09 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/update_homeserver_config.yml @@ -0,0 +1,36 @@ +--- +# Update the homeserver.yaml file with Element Call config + +- name: Ensure homeserver.yaml exists + ansible.builtin.file: + path: "{{ matrix_homeserver_config_path }}" + state: file + mode: 0644 + +- name: Add listeners section for Element Call to homeserver.yaml + ansible.builtin.blockinfile: + path: "{{ matrix_homeserver_config_path }}" + block: | + listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + + resources: + - names: [client, federation, openid] + compress: false + marker: "# ANSIBLE MANAGED BLOCK - Element Call listeners" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure serve_server_wellknown is enabled in homeserver.yaml + ansible.builtin.lineinfile: + path: "{{ matrix_homeserver_config_path }}" + line: "serve_server_wellknown: true" + insertafter: EOF + state: present + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml new file mode 100644 index 000000000..b02269f1c --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml @@ -0,0 +1,24 @@ +--- +--- +# Update the .well-known/matrix/client file with Element Call config + +- name: Ensure .well-known directory exists + ansible.builtin.file: + path: "{{ matrix_element_call_well_known_client_path | dirname }}" + state: directory + mode: 0755 + +- name: Update .well-known/matrix/client file with Element Call config + ansible.builtin.blockinfile: + path: "{{ matrix_element_call_well_known_client_path }}" + block: | + "org.matrix.msc4143.rtc_foci": [ + { + "type": "livekit", + "livekit_service_url": "{{ matrix_element_call_jwt_service_url }}" + } + ] + create: yes + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml new file mode 100644 index 000000000..c4a55e0df --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -0,0 +1,79 @@ +--- +# roles/custom/matrix-element-call/tasks/validate_config.yml + +- name: Ensure required variables for Element Call are defined + ansible.builtin.fail: + msg: "The variable '{{ item }}' is required and must be set." + when: vars[item] is not defined or vars[item] == '' + loop: + - matrix_element_call_enabled + - matrix_element_call_version + - matrix_element_call_hostname + - matrix_element_call_path_prefix + - matrix_element_call_base_path + - matrix_element_call_container_image + - matrix_element_call_container_network + - matrix_element_call_container_labels_traefik_hostname + - matrix_element_call_jwt_service_url + - matrix_element_call_livekit_service_url + - matrix_element_call_livekit_dev_key + +- name: Validate that the Element Call hostname is properly formatted + ansible.builtin.assert: + that: + - "'{{ matrix_element_call_hostname }}' is match('^([a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9])$')" + fail_msg: "The hostname '{{ matrix_element_call_hostname }}' is not valid. It should be a valid domain or subdomain." + success_msg: "The hostname '{{ matrix_element_call_hostname }}' is valid." + +- name: Validate that the Element Call version is specified correctly + ansible.builtin.assert: + that: + - matrix_element_call_version is string + - matrix_element_call_version != '' + fail_msg: "The Element Call version must be a non-empty string." + success_msg: "The Element Call version is set correctly." + +- name: Ensure LiveKit dev key is set + ansible.builtin.assert: + that: + - matrix_element_call_livekit_dev_key is string + - matrix_element_call_livekit_dev_key != '' + fail_msg: "The LiveKit dev key (matrix_element_call_livekit_dev_key) must be a non-empty string." + success_msg: "The LiveKit dev key is set correctly." + +- name: Ensure JWT service URL is valid + ansible.builtin.assert: + that: + - matrix_element_call_jwt_service_url is match('^https?://[a-zA-Z0-9.-]+$') + fail_msg: "The JWT service URL '{{ matrix_element_call_jwt_service_url }}' is not valid." + success_msg: "The JWT service URL is valid." + +- name: Ensure LiveKit service URL is valid + ansible.builtin.assert: + that: + - matrix_element_call_livekit_service_url is match('^https?://[a-zA-Z0-9.-]+$') + fail_msg: "The LiveKit service URL '{{ matrix_element_call_livekit_service_url }}' is not valid." + success_msg: "The LiveKit service URL is valid." + +- name: Ensure matrix-element-call base path is set and exists + ansible.builtin.assert: + that: + - matrix_element_call_base_path is string + - matrix_element_call_base_path != '' + fail_msg: "The base path for Element Call (matrix_element_call_base_path) must be a non-empty string." + success_msg: "The base path for Element Call is set correctly." + +- name: Ensure required paths for configurations are accessible + ansible.builtin.file: + path: "{{ item }}" + state: directory + with_items: + - "{{ matrix_element_call_base_path }}/config" + - "{{ matrix_element_call_base_path }}/backend" + register: config_paths_check + +- name: Fail if any required paths for configurations are not accessible + ansible.builtin.fail: + msg: "The required configuration path '{{ item.path }}' does not exist or is not accessible." + when: config_paths_check.results is defined and config_paths_check.results | selectattr('failed', 'eq', True) | list | length > 0 + loop: "{{ config_paths_check.results | selectattr('failed', 'eq', True) | list }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/config.json.j2 b/roles/custom/matrix-element-call/templates/config.json.j2 new file mode 100644 index 000000000..1ce2f57c5 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/config.json.j2 @@ -0,0 +1,11 @@ +{ + "default_server_config": { + "m.homeserver": { + "base_url": "{{ matrix_homeserver_url }}", + "server_name": "{{ matrix_server_name }}" + } + }, + "livekit": { + "livekit_service_url": "{{ matrix_element_call_livekit_service_url }}" + } +} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/env.j2 b/roles/custom/matrix-element-call/templates/env.j2 new file mode 100644 index 000000000..db25ed81b --- /dev/null +++ b/roles/custom/matrix-element-call/templates/env.j2 @@ -0,0 +1,9 @@ +# Environment variables for Element Call +ELEMENT_CALL_SERVER_URL=https://{{ matrix_element_call_domain }} +LIVEKIT_SERVICE_URL={{ matrix_element_call_livekit_service_url }} +JWT_SERVICE_URL={{ matrix_element_call_jwt_service_url }} + +# Optional additional environment variables provided by the user +{% for key, value in matrix_element_call_environment_variables_additional.items() %} +{{ key }}={{ value }} +{% endfor %} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 new file mode 100644 index 000000000..988bfba1c --- /dev/null +++ b/roles/custom/matrix-element-call/templates/labels.j2 @@ -0,0 +1,11 @@ +# Docker labels for Traefik or other routing +traefik.enable: "true" +traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.rule: "Host(`{{ matrix_element_call_hostname }}`)" +traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.entrypoints: "{{ matrix_element_call_container_labels_traefik_entrypoints }}" +traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.tls.certresolver: "{{ matrix_element_call_container_labels_traefik_tls_certResolver }}" +traefik.http.services.{{ matrix_element_call_hostname | replace('.', '_') }}-service.loadbalancer.server.port: "8080" + +# Additional labels (if any) specified by the user +{% for key, value in matrix_element_call_container_extra_arguments.items() %} +{{ key }}: "{{ value }}" +{% endfor %} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/livekit.yaml.j2 b/roles/custom/matrix-element-call/templates/livekit.yaml.j2 new file mode 100644 index 000000000..a53c0896a --- /dev/null +++ b/roles/custom/matrix-element-call/templates/livekit.yaml.j2 @@ -0,0 +1,21 @@ +port: 7880 +bind_addresses: + - "0.0.0.0" +rtc: + tcp_port: 7881 + port_range_start: 50100 + port_range_end: 50200 + use_external_ip: false + +turn: + enabled: false + domain: localhost + cert_file: "" + key_file: "" + tls_port: 5349 + udp_port: 443 + external_tls: true + +keys: + devkey: "{{ matrix_element_call_livekit_dev_key }}" +logging: \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/redis.conf.j2 b/roles/custom/matrix-element-call/templates/redis.conf.j2 new file mode 100644 index 000000000..da19af05a --- /dev/null +++ b/roles/custom/matrix-element-call/templates/redis.conf.j2 @@ -0,0 +1,5 @@ +bind 0.0.0.0 +protected-mode yes +port 6379 +timeout 0 +tcp-keepalive 300 \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 new file mode 100644 index 000000000..8caad624f --- /dev/null +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Matrix Element Call Service +After=docker.service +Requires=docker.service + +[Service] +Type=simple +ExecStart=/usr/bin/docker start -a matrix-element-call +ExecStop=/usr/bin/docker stop matrix-element-call +Restart=always +User={{ matrix_user_username }} +Group={{ matrix_user_groupname }} +TimeoutStartSec=0 +RestartSec=10 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/custom/matrix-element-call/vars/main.yml b/roles/custom/matrix-element-call/vars/main.yml new file mode 100644 index 000000000..1f224472a --- /dev/null +++ b/roles/custom/matrix-element-call/vars/main.yml @@ -0,0 +1,5 @@ +--- +# roles/custom/matrix-element-call/vars/main.yml + +# Variables specific to matrix-element-call, like service configurations, can go here. +# Any environment-specific values can be overridden here. \ No newline at end of file diff --git a/setup.yml b/setup.yml index 3cff6dbb1..cbc3e1673 100644 --- a/setup.yml +++ b/setup.yml @@ -130,6 +130,7 @@ - custom/matrix-coturn - custom/matrix-media-repo - custom/matrix-pantalaimon + - custom/matrix-element-call - role: galaxy/postgres_backup From d1ba784dde736a72dac55a2575a11dedfa0fcc42 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Wed, 25 Sep 2024 15:01:53 +1000 Subject: [PATCH 002/142] added doc for setting up element call. --- docs/configuring-playbook.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 4b4a3366b..fb0704e08 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -232,3 +232,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Rageshake bug report server](configuring-playbook-rageshake.md) (optional) - [Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver](configuring-playbook-alertmanager-receiver.md) (optional) + +- [Setting up the Element Call server](configuring-playbook-element-call.md) (optional) From 60f34cd7af6e752542ace17c61a77122777dd370 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Wed, 25 Sep 2024 16:13:29 +1000 Subject: [PATCH 003/142] fixed matrix_redis for migration --- roles/custom/matrix-element-call/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 38b175532..68217d37f 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -16,12 +16,12 @@ matrix_element_call_container_network: "matrix_element_call_network" matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" matrix_livekit_image: "livekit/livekit-server:latest" -matrix_redis_image: "redis:6-alpine" +redis_image: "redis:6-alpine" # Ports matrix_element_call_port: "8093" matrix_jwt_service_port: "8881" -matrix_redis_port: "6379" +redis_port: "6379" # LiveKit configuration (should be set in host_vars or globally) matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key | default('unset-livekit-key') }}" From fc6357a089f57a16f5117f6940a25fad2ca0f9ec Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 18:05:34 +1000 Subject: [PATCH 004/142] Update main.yml --- .../custom/matrix-element-call/tasks/main.yml | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/main.yml b/roles/custom/matrix-element-call/tasks/main.yml index ae0f7ce68..5727957ff 100644 --- a/roles/custom/matrix-element-call/tasks/main.yml +++ b/roles/custom/matrix-element-call/tasks/main.yml @@ -1,14 +1,20 @@ --- -# roles/custom/matrix-element-call/tasks/main.yml -- name: Ensure Element Call dependencies are valid and present - when: matrix_element_call_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" +- tags: + - setup-all + - setup-element-call + - install-all + - install-element-call + block: + - when: matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- name: Install Element Call and its related services - when: matrix_element_call_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + - when: matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" -- name: Uninstall Element Call and clean up resources - when: not matrix_element_call_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" \ No newline at end of file +- tags: + - setup-all + - setup-element-call + block: + - when: not matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" From 350d4d4bcd0361ca0dfa5806c0a76b2bdc781df7 Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 18:35:09 +1000 Subject: [PATCH 005/142] Fixed assertion block to remove jinja2 delimiters --- roles/custom/matrix-element-call/tasks/validate_config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index c4a55e0df..d6e10c930 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -21,7 +21,7 @@ - name: Validate that the Element Call hostname is properly formatted ansible.builtin.assert: that: - - "'{{ matrix_element_call_hostname }}' is match('^([a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9])$')" + - matrix_element_call_hostname is match('^([a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9])$') fail_msg: "The hostname '{{ matrix_element_call_hostname }}' is not valid. It should be a valid domain or subdomain." success_msg: "The hostname '{{ matrix_element_call_hostname }}' is valid." @@ -76,4 +76,4 @@ ansible.builtin.fail: msg: "The required configuration path '{{ item.path }}' does not exist or is not accessible." when: config_paths_check.results is defined and config_paths_check.results | selectattr('failed', 'eq', True) | list | length > 0 - loop: "{{ config_paths_check.results | selectattr('failed', 'eq', True) | list }}" \ No newline at end of file + loop: "{{ config_paths_check.results | selectattr('failed', 'eq', True) | list }}" From 90ea758c3bd2ac5cfe03dd946021fb1be668da87 Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 18:39:26 +1000 Subject: [PATCH 006/142] Fixed regex for checking the hostname. --- roles/custom/matrix-element-call/tasks/validate_config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index d6e10c930..e61973fdd 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -21,10 +21,10 @@ - name: Validate that the Element Call hostname is properly formatted ansible.builtin.assert: that: - - matrix_element_call_hostname is match('^([a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9])$') + - matrix_element_call_hostname is match('^([a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$') fail_msg: "The hostname '{{ matrix_element_call_hostname }}' is not valid. It should be a valid domain or subdomain." success_msg: "The hostname '{{ matrix_element_call_hostname }}' is valid." - + - name: Validate that the Element Call version is specified correctly ansible.builtin.assert: that: From c93d30bcb8bffdea4d995fb6fba3c267d36a695f Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 19:07:03 +1000 Subject: [PATCH 007/142] Added matrix_server_name to the defaults --- roles/custom/matrix-element-call/defaults/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 68217d37f..3fe77edde 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -4,6 +4,9 @@ # Enable or disable matrix-element-call deployment matrix_element_call_enabled: false +# Default Matrix server name (can be overridden in host_vars if needed) +matrix_server_name: "{{ matrix_base_domain }}" + # Base path configuration matrix_element_call_base_path: "/home/{{ matrix_user_username }}/dockerdata/volumes/elementcall" matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config" @@ -31,4 +34,4 @@ matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_base_domain }}:443 matrix_element_call_domain: "call.{{ matrix_base_domain }}" matrix_element_call_well_known_client_path: "/var/www/.well-known/matrix/client" matrix_element_call_well_known_element_path: "/var/www/.well-known/element/element.json" -matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" \ No newline at end of file +matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" From ce827e7953a2ee9d5471f96dd7effb3f00691303 Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 19:09:13 +1000 Subject: [PATCH 008/142] Changed matrix_base_domain to matrix_domain --- roles/custom/matrix-element-call/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 3fe77edde..d6aaf02e0 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -5,7 +5,7 @@ matrix_element_call_enabled: false # Default Matrix server name (can be overridden in host_vars if needed) -matrix_server_name: "{{ matrix_base_domain }}" +matrix_server_name: "{{ matrix_domain }}" # Base path configuration matrix_element_call_base_path: "/home/{{ matrix_user_username }}/dockerdata/volumes/elementcall" @@ -28,10 +28,10 @@ redis_port: "6379" # LiveKit configuration (should be set in host_vars or globally) matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key | default('unset-livekit-key') }}" -matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_base_domain }}:443" +matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443" # Well-known paths and domains (derived from matrix_base_domain) -matrix_element_call_domain: "call.{{ matrix_base_domain }}" +matrix_element_call_domain: "call.{{ matrix_domain }}" matrix_element_call_well_known_client_path: "/var/www/.well-known/matrix/client" matrix_element_call_well_known_element_path: "/var/www/.well-known/element/element.json" matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" From 8644a7383e3a1a882f70bf3b33b71307cda2c2ab Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 19:22:21 +1000 Subject: [PATCH 009/142] Removed additional label loop --- roles/custom/matrix-element-call/templates/labels.j2 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 index 988bfba1c..ccfbdbf93 100644 --- a/roles/custom/matrix-element-call/templates/labels.j2 +++ b/roles/custom/matrix-element-call/templates/labels.j2 @@ -4,8 +4,3 @@ traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-rout traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.entrypoints: "{{ matrix_element_call_container_labels_traefik_entrypoints }}" traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.tls.certresolver: "{{ matrix_element_call_container_labels_traefik_tls_certResolver }}" traefik.http.services.{{ matrix_element_call_hostname | replace('.', '_') }}-service.loadbalancer.server.port: "8080" - -# Additional labels (if any) specified by the user -{% for key, value in matrix_element_call_container_extra_arguments.items() %} -{{ key }}: "{{ value }}" -{% endfor %} \ No newline at end of file From 81735503f8985359c7b0cc9e8674e0e6ed7aa36f Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 20:06:27 +1000 Subject: [PATCH 010/142] Added debug task to test labels configuration --- .../matrix-element-call/tasks/install_docker_containers.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml index 38dfbbd70..dbf1a9433 100644 --- a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml +++ b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml @@ -92,6 +92,10 @@ delay: 10 until: redis_image_result is not failed +- name: Debug labels file content + ansible.builtin.debug: + msg: "{{ lookup('file', matrix_element_call_base_path ~ '/config/labels') | from_yaml }}" + # Ensure Docker Containers are Running - name: Run matrix-element-call Docker container community.docker.docker_container: @@ -155,4 +159,4 @@ name: matrix-element-call enabled: true state: started - daemon_reload: true \ No newline at end of file + daemon_reload: true From 63641014101b947e43207f591ec56a3f56d8acc9 Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 20:20:20 +1000 Subject: [PATCH 011/142] Adding another debug task for testing the labels file. --- .../matrix-element-call/tasks/install_docker_containers.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml index dbf1a9433..a9d55ff85 100644 --- a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml +++ b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml @@ -92,6 +92,10 @@ delay: 10 until: redis_image_result is not failed +- name: Debug matrix_element_call_base_path + ansible.builtin.debug: + var: matrix_element_call_base_path + - name: Debug labels file content ansible.builtin.debug: msg: "{{ lookup('file', matrix_element_call_base_path ~ '/config/labels') | from_yaml }}" From 16ed788b3f8a94298bcb688306a08a688cb42e59 Mon Sep 17 00:00:00 2001 From: Backslash Date: Wed, 25 Sep 2024 21:07:22 +1000 Subject: [PATCH 012/142] Update main.yml --- .../matrix-element-call/defaults/main.yml | 41 +++++++++++++------ 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index d6aaf02e0..972941d91 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -1,14 +1,9 @@ --- -# roles/custom/matrix-element-call/defaults/main.yml - # Enable or disable matrix-element-call deployment matrix_element_call_enabled: false -# Default Matrix server name (can be overridden in host_vars if needed) -matrix_server_name: "{{ matrix_domain }}" - # Base path configuration -matrix_element_call_base_path: "/home/{{ matrix_user_username }}/dockerdata/volumes/elementcall" +matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config" matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" @@ -19,19 +14,39 @@ matrix_element_call_container_network: "matrix_element_call_network" matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" matrix_livekit_image: "livekit/livekit-server:latest" -redis_image: "redis:6-alpine" +matrix_redis_image: "redis:6-alpine" # Ports matrix_element_call_port: "8093" matrix_jwt_service_port: "8881" -redis_port: "6379" +matrix_redis_port: "6379" -# LiveKit configuration (should be set in host_vars or globally) -matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key | default('unset-livekit-key') }}" +# LiveKit configuration +matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # Must be defined in host_vars matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443" -# Well-known paths and domains (derived from matrix_base_domain) +# Well-known paths and domains (derived from matrix_domain) matrix_element_call_domain: "call.{{ matrix_domain }}" -matrix_element_call_well_known_client_path: "/var/www/.well-known/matrix/client" -matrix_element_call_well_known_element_path: "/var/www/.well-known/element/element.json" +matrix_element_call_well_known_client_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" +matrix_element_call_well_known_element_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json" matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" + +# Redis Configuration for Element Call +redis_hostname: "localhost" +redis_port: 6379 +redis_password: "" + +# Traefik Configuration for Element Call +matrix_element_call_container_labels_traefik_enabled: true +matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}" +matrix_element_call_container_labels_traefik_path_prefix: "/" +matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" +matrix_element_call_container_labels_traefik_entrypoints: "websecure" +matrix_element_call_container_labels_traefik_tls_certResolver: "default" + +# Additional environment variables for the container +matrix_element_call_environment_variables_additional: {} + +# Enable or disable metrics collection +matrix_element_call_metrics_enabled: false +matrix_element_call_metrics_port: 2112 From 0eef094f2bf8717c1bdbc7ae7e6ba05eb68c15b0 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 06:51:36 +1000 Subject: [PATCH 013/142] Restructure install.yml to follow other roles more closely --- .../matrix-element-call/tasks/install.yml | 119 ++++++++++++++++-- 1 file changed, 108 insertions(+), 11 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 250f8c093..18b525e4a 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -1,17 +1,114 @@ --- -# Main install task for matrix-element-call +# Main installation tasks for matrix-element-call -- name: Install Docker containers for Element Call - include_tasks: install_docker_containers.yml +# Ensure Required Directories Exist +- name: Ensure matrix-element-call paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_element_call_base_path }}" + - path: "{{ matrix_element_call_config_path }}" + - path: "{{ matrix_element_call_backend_path }}" -- name: Update .well-known/matrix/client - include_tasks: update_well_known_client.yml +# Ensure Configuration Files are in Place +- name: Ensure matrix-element-call support files installed + ansible.builtin.template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_element_call_base_path }}/{{ item }}" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - config.json + - env + - labels -- name: Create .well-known/element/element.json - include_tasks: create_element_json.yml +- name: Ensure livekit.yaml is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/livekit.yaml.j2" + dest: "{{ matrix_element_call_backend_path }}/livekit.yaml" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" -- name: Update homeserver.yaml for Element Call - include_tasks: update_homeserver_config.yml +- name: Ensure redis.conf is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/redis.conf.j2" + dest: "{{ matrix_element_call_backend_path }}/redis.conf" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" -- name: Update Element-Web config.json for Element Call - include_tasks: update_element_web_config.yml \ No newline at end of file +# Ensure Docker Images are Pulled +- name: Ensure matrix-element-call container image is pulled + community.docker.docker_image: + name: "{{ matrix_element_call_image }}" + source: pull + register: element_call_image_result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: element_call_image_result is not failed + +- name: Ensure jwt-service container image is pulled + community.docker.docker_image: + name: "{{ matrix_jwt_service_image }}" + source: pull + register: jwt_image_result + retries: 3 + delay: 10 + until: jwt_image_result is not failed + +- name: Ensure livekit container image is pulled + community.docker.docker_image: + name: "{{ matrix_livekit_image }}" + source: pull + register: livekit_image_result + retries: 3 + delay: 10 + until: livekit_image_result is not failed + +- name: Ensure redis container image is pulled + community.docker.docker_image: + name: "{{ matrix_redis_image }}" + source: pull + register: redis_image_result + retries: 3 + delay: 10 + until: redis_image_result is not failed + +# Ensure Docker Networks are Created +- name: Ensure matrix-element-call container network is created + community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" + name: "{{ matrix_element_call_container_network }}" + driver: bridge + driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" + +# Deploy Systemd Services for Containers +- name: Ensure matrix-element-call systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" + mode: 0644 + +- name: Ensure jwt-service systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-jwt-service.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jwt-service.service" + mode: 0644 + +- name: Ensure livekit systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-livekit.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit.service" + mode: 0644 + +- name: Ensure redis systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" + mode: 0644 From 02479e8becc9e1db7617f789db94387b19492f1d Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 07:59:09 +1000 Subject: [PATCH 014/142] Updated with new structure. --- .../matrix-element-call/tasks/uninstall.yml | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/uninstall.yml b/roles/custom/matrix-element-call/tasks/uninstall.yml index f863c25be..d9a77415f 100644 --- a/roles/custom/matrix-element-call/tasks/uninstall.yml +++ b/roles/custom/matrix-element-call/tasks/uninstall.yml @@ -1,51 +1,51 @@ --- ---- -# roles/custom/matrix-element-call/tasks/uninstall.yml +# Uninstall tasks for matrix-element-call -# Stop and remove Docker containers -- name: Stop and remove matrix-element-call Docker container +- name: Stop and remove matrix-element-call container community.docker.docker_container: name: "matrix-element-call" state: absent - when: matrix_element_call_enabled | bool == false -- name: Stop and remove jwt-service Docker container +- name: Stop and remove jwt-service container community.docker.docker_container: name: "matrix-jwt-service" state: absent - when: matrix_element_call_enabled | bool == false -- name: Stop and remove livekit Docker container +- name: Stop and remove livekit container community.docker.docker_container: name: "matrix-livekit" state: absent - when: matrix_element_call_enabled | bool == false -- name: Stop and remove redis Docker container +- name: Stop and remove redis container community.docker.docker_container: name: "matrix-redis" state: absent - when: matrix_element_call_enabled | bool == false -# Remove matrix-element-call directories -- name: Remove matrix-element-call directories - ansible.builtin.file: - path: "{{ item }}" - state: absent - loop: - - "{{ matrix_element_call_base_path }}" - when: matrix_element_call_enabled | bool == false - -# Disable and remove systemd service for matrix-element-call -- name: Stop and disable matrix-element-call systemd service - ansible.builtin.systemd: - name: matrix-element-call - state: stopped - enabled: false - when: matrix_element_call_enabled | bool == false - -- name: Remove matrix-element-call systemd service file +- name: Remove matrix-element-call systemd service ansible.builtin.file: path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" state: absent - when: matrix_element_call_enabled | bool == false \ No newline at end of file + +- name: Remove jwt-service systemd service + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jwt-service.service" + state: absent + +- name: Remove livekit systemd service + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit.service" + state: absent + +- name: Remove redis systemd service + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" + state: absent + +- name: Remove matrix-element-call configuration files + ansible.builtin.file: + path: "{{ matrix_element_call_base_path }}" + state: absent + +- name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true From 5efc1892935a3e0cfc323f5b3f950bcd037ab434 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 08:12:06 +1000 Subject: [PATCH 015/142] Updated to support new structure --- roles/custom/matrix-element-call/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/tasks/main.yml b/roles/custom/matrix-element-call/tasks/main.yml index 5727957ff..ad50c2d96 100644 --- a/roles/custom/matrix-element-call/tasks/main.yml +++ b/roles/custom/matrix-element-call/tasks/main.yml @@ -1,4 +1,5 @@ --- +# Main task file for matrix-element-call - tags: - setup-all From 68cc1f4b2bff23d2c190fb18d6e638eb57c73a4d Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 08:29:16 +1000 Subject: [PATCH 016/142] Simplified the validation step. --- .../tasks/validate_config.yml | 88 +++---------------- 1 file changed, 13 insertions(+), 75 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index e61973fdd..1feccecb8 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -1,79 +1,17 @@ --- -# roles/custom/matrix-element-call/tasks/validate_config.yml +# Validate configuration for matrix-element-call -- name: Ensure required variables for Element Call are defined +- name: Fail if required matrix-element-call settings are not defined ansible.builtin.fail: - msg: "The variable '{{ item }}' is required and must be set." - when: vars[item] is not defined or vars[item] == '' - loop: - - matrix_element_call_enabled - - matrix_element_call_version - - matrix_element_call_hostname - - matrix_element_call_path_prefix - - matrix_element_call_base_path - - matrix_element_call_container_image - - matrix_element_call_container_network - - matrix_element_call_container_labels_traefik_hostname - - matrix_element_call_jwt_service_url - - matrix_element_call_livekit_service_url - - matrix_element_call_livekit_dev_key - -- name: Validate that the Element Call hostname is properly formatted - ansible.builtin.assert: - that: - - matrix_element_call_hostname is match('^([a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$') - fail_msg: "The hostname '{{ matrix_element_call_hostname }}' is not valid. It should be a valid domain or subdomain." - success_msg: "The hostname '{{ matrix_element_call_hostname }}' is valid." - -- name: Validate that the Element Call version is specified correctly - ansible.builtin.assert: - that: - - matrix_element_call_version is string - - matrix_element_call_version != '' - fail_msg: "The Element Call version must be a non-empty string." - success_msg: "The Element Call version is set correctly." - -- name: Ensure LiveKit dev key is set - ansible.builtin.assert: - that: - - matrix_element_call_livekit_dev_key is string - - matrix_element_call_livekit_dev_key != '' - fail_msg: "The LiveKit dev key (matrix_element_call_livekit_dev_key) must be a non-empty string." - success_msg: "The LiveKit dev key is set correctly." - -- name: Ensure JWT service URL is valid - ansible.builtin.assert: - that: - - matrix_element_call_jwt_service_url is match('^https?://[a-zA-Z0-9.-]+$') - fail_msg: "The JWT service URL '{{ matrix_element_call_jwt_service_url }}' is not valid." - success_msg: "The JWT service URL is valid." - -- name: Ensure LiveKit service URL is valid - ansible.builtin.assert: - that: - - matrix_element_call_livekit_service_url is match('^https?://[a-zA-Z0-9.-]+$') - fail_msg: "The LiveKit service URL '{{ matrix_element_call_livekit_service_url }}' is not valid." - success_msg: "The LiveKit service URL is valid." - -- name: Ensure matrix-element-call base path is set and exists - ansible.builtin.assert: - that: - - matrix_element_call_base_path is string - - matrix_element_call_base_path != '' - fail_msg: "The base path for Element Call (matrix_element_call_base_path) must be a non-empty string." - success_msg: "The base path for Element Call is set correctly." - -- name: Ensure required paths for configurations are accessible - ansible.builtin.file: - path: "{{ item }}" - state: directory + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "{{ matrix_element_call_base_path }}/config" - - "{{ matrix_element_call_base_path }}/backend" - register: config_paths_check - -- name: Fail if any required paths for configurations are not accessible - ansible.builtin.fail: - msg: "The required configuration path '{{ item.path }}' does not exist or is not accessible." - when: config_paths_check.results is defined and config_paths_check.results | selectattr('failed', 'eq', True) | list | length > 0 - loop: "{{ config_paths_check.results | selectattr('failed', 'eq', True) | list }}" + - {'name': 'matrix_element_call_base_path', when: true} + - {'name': 'matrix_element_call_container_network', when: true} + - {'name': 'matrix_element_call_image', when: true} + - {'name': 'matrix_jwt_service_image', when: true} + - {'name': 'matrix_livekit_image', when: true} + - {'name': 'matrix_redis_image', when: true} + - {'name': 'matrix_element_call_livekit_dev_key', when: true} + - {'name': 'matrix_element_call_livekit_service_url', when: true} From 37fd2e701d7e7c30f58602b589325f0c7c766b6f Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 09:15:07 +1000 Subject: [PATCH 017/142] Update env.j2 to support the new configuration --- roles/custom/matrix-element-call/templates/env.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/env.j2 b/roles/custom/matrix-element-call/templates/env.j2 index db25ed81b..71e9a0693 100644 --- a/roles/custom/matrix-element-call/templates/env.j2 +++ b/roles/custom/matrix-element-call/templates/env.j2 @@ -1,9 +1,10 @@ # Environment variables for Element Call ELEMENT_CALL_SERVER_URL=https://{{ matrix_element_call_domain }} LIVEKIT_SERVICE_URL={{ matrix_element_call_livekit_service_url }} +LIVEKIT_SECRET={{ matrix_element_call_livekit_dev_key }} JWT_SERVICE_URL={{ matrix_element_call_jwt_service_url }} # Optional additional environment variables provided by the user {% for key, value in matrix_element_call_environment_variables_additional.items() %} {{ key }}={{ value }} -{% endfor %} \ No newline at end of file +{% endfor %} From becdb0810c6522ede3d3bf17a6ef3099a95cb99d Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 09:18:55 +1000 Subject: [PATCH 018/142] Update config.json.j2 --- roles/custom/matrix-element-call/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/config.json.j2 b/roles/custom/matrix-element-call/templates/config.json.j2 index 1ce2f57c5..7c75144e3 100644 --- a/roles/custom/matrix-element-call/templates/config.json.j2 +++ b/roles/custom/matrix-element-call/templates/config.json.j2 @@ -8,4 +8,4 @@ "livekit": { "livekit_service_url": "{{ matrix_element_call_livekit_service_url }}" } -} \ No newline at end of file +} From f306a47b830e262d22f426d75f91a544f4719b41 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 09:22:29 +1000 Subject: [PATCH 019/142] Update livekit.yaml.j2 --- roles/custom/matrix-element-call/templates/livekit.yaml.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/livekit.yaml.j2 b/roles/custom/matrix-element-call/templates/livekit.yaml.j2 index a53c0896a..384cf3722 100644 --- a/roles/custom/matrix-element-call/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-element-call/templates/livekit.yaml.j2 @@ -18,4 +18,3 @@ turn: keys: devkey: "{{ matrix_element_call_livekit_dev_key }}" -logging: \ No newline at end of file From dfeca192abe6b319985e6bfccde8d3841d59a003 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 09:23:26 +1000 Subject: [PATCH 020/142] Update redis.conf.j2 --- roles/custom/matrix-element-call/templates/redis.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/redis.conf.j2 b/roles/custom/matrix-element-call/templates/redis.conf.j2 index da19af05a..993572096 100644 --- a/roles/custom/matrix-element-call/templates/redis.conf.j2 +++ b/roles/custom/matrix-element-call/templates/redis.conf.j2 @@ -1,5 +1,5 @@ bind 0.0.0.0 protected-mode yes -port 6379 +port {{ matrix_element_call_redis_port }} timeout 0 -tcp-keepalive 300 \ No newline at end of file +tcp-keepalive 300 From 954d46cfd7bb8b3a960fd4f147be1597ccc401a0 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 09:25:49 +1000 Subject: [PATCH 021/142] Update labels.j2 --- .../matrix-element-call/templates/labels.j2 | 52 ++++++++++++++++--- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 index ccfbdbf93..7e2ea810d 100644 --- a/roles/custom/matrix-element-call/templates/labels.j2 +++ b/roles/custom/matrix-element-call/templates/labels.j2 @@ -1,6 +1,46 @@ -# Docker labels for Traefik or other routing -traefik.enable: "true" -traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.rule: "Host(`{{ matrix_element_call_hostname }}`)" -traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.entrypoints: "{{ matrix_element_call_container_labels_traefik_entrypoints }}" -traefik.http.routers.{{ matrix_element_call_hostname | replace('.', '_') }}-router.tls.certresolver: "{{ matrix_element_call_container_labels_traefik_tls_certResolver }}" -traefik.http.services.{{ matrix_element_call_hostname | replace('.', '_') }}-service.loadbalancer.server.port: "8080" +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_element_call_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} +{% endif %} + +traefik.http.services.matrix-element-call.loadbalancer.server.port=8080 + +{% set middlewares = [] %} + +{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %} +{% endif %} + +{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} +{% endif %} + +{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} +{% if matrix_element_call_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-element-call.service=matrix-element-call +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} +{% if matrix_element_call_container_labels_traefik_tls %} +traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +{% endif %} + +{% endif %} + +{{ matrix_element_call_container_extra_arguments }} From 45c8a61f043bce8548da17831438527dba9a5b09 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 11:39:33 +1000 Subject: [PATCH 022/142] Migrating to systemd for container management --- .../systemd/matrix-element-call.service.j2 | 35 +++++++++++++++---- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index 8caad624f..ff08ff9fd 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -5,13 +5,34 @@ Requires=docker.service [Service] Type=simple -ExecStart=/usr/bin/docker start -a matrix-element-call -ExecStop=/usr/bin/docker stop matrix-element-call +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-element-call \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_element_call_container_network }} \ + -p {{ matrix_element_call_port }}:8080 \ + --env-file={{ matrix_element_call_base_path }}/config/env \ + --label-file={{ matrix_element_call_base_path }}/config/labels \ + {{ matrix_element_call_image }} \ + serve + +{% for network in matrix_element_call_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' Restart=always -User={{ matrix_user_username }} -Group={{ matrix_user_groupname }} -TimeoutStartSec=0 -RestartSec=10 +RestartSec=30 +SyslogIdentifier=matrix-element-call [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target From bc9658c06b38f2a647154eb29720ddca33afe645 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 13:40:38 +1000 Subject: [PATCH 023/142] Create matrix-livekit.service.j2 --- .../systemd/matrix-livekit.service.j2 | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 new file mode 100644 index 000000000..0b28522a5 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 @@ -0,0 +1,32 @@ +[Unit] +Description=Matrix LiveKit Service +After=docker.service +Requires=docker.service + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-livekit \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network=host \ + --mount type=bind,src={{ matrix_element_call_backend_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ + {{ matrix_livekit_image }} \ + --dev --config /etc/livekit.yaml + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-livekit + +[Install] +WantedBy=multi-user.target From e910d09ff142d6e931e4d4d238f14b2ad08817a3 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 14:52:30 +1000 Subject: [PATCH 024/142] Create matrix-redis.service.j2 --- .../templates/systemd/matrix-redis.service.j2 | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 new file mode 100644 index 000000000..17adad1b4 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 @@ -0,0 +1,32 @@ +[Unit] +Description=Matrix Redis Service +After=docker.service +Requires=docker.service + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-redis 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-redis 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-redis \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_element_call_container_network }} \ + --mount type=bind,src={{ matrix_element_call_backend_path }}/redis.conf,dst=/etc/redis.conf,ro \ + {{ matrix_redis_image }} \ + redis-server /etc/redis.conf + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-redis + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-redis 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-redis 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-redis + +[Install] +WantedBy=multi-user.target From f16ca24408e622650e257e9a99f485278f6a5b23 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 15:17:15 +1000 Subject: [PATCH 025/142] Update install.yml --- .../matrix-element-call/tasks/install.yml | 133 ++++++++++++++---- 1 file changed, 105 insertions(+), 28 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 18b525e4a..c0e16456b 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -1,5 +1,5 @@ --- -# Main installation tasks for matrix-element-call +# roles/custom/matrix-element-call/tasks/install.yml # Ensure Required Directories Exist - name: Ensure matrix-element-call paths exist @@ -9,51 +9,65 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: + loop: - path: "{{ matrix_element_call_base_path }}" - - path: "{{ matrix_element_call_config_path }}" - - path: "{{ matrix_element_call_backend_path }}" + - path: "{{ matrix_element_call_base_path }}/data" + - path: "{{ matrix_element_call_base_path }}/config" + - path: "{{ matrix_element_call_base_path }}/backend" # For LiveKit and Redis config # Ensure Configuration Files are in Place -- name: Ensure matrix-element-call support files installed +- name: Ensure Element Call config.json is in place ansible.builtin.template: - src: "{{ role_path }}/templates/{{ item }}.j2" - dest: "{{ matrix_element_call_base_path }}/{{ item }}" + src: "{{ role_path }}/templates/config.json.j2" + dest: "{{ matrix_element_call_base_path }}/config/config.json" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: - - config.json - - env - - labels -- name: Ensure livekit.yaml is installed +- name: Ensure LiveKit livekit.yaml is in place ansible.builtin.template: src: "{{ role_path }}/templates/livekit.yaml.j2" - dest: "{{ matrix_element_call_backend_path }}/livekit.yaml" + dest: "{{ matrix_element_call_base_path }}/backend/livekit.yaml" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure redis.conf is installed +- name: Ensure Redis redis.conf is in place ansible.builtin.template: src: "{{ role_path }}/templates/redis.conf.j2" - dest: "{{ matrix_element_call_backend_path }}/redis.conf" + dest: "{{ matrix_element_call_base_path }}/backend/redis.conf" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-element-call environment file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_element_call_base_path }}/config/env" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-element-call Docker labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_element_call_base_path }}/config/labels" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" # Ensure Docker Images are Pulled -- name: Ensure matrix-element-call container image is pulled +- name: Ensure matrix-element-call Docker image is pulled community.docker.docker_image: - name: "{{ matrix_element_call_image }}" + name: "{{ matrix_element_call_container_image }}" source: pull + force_source: "{{ matrix_element_call_container_image_force_pull }}" register: element_call_image_result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: element_call_image_result is not failed -- name: Ensure jwt-service container image is pulled +- name: Ensure jwt-service Docker image is pulled community.docker.docker_image: name: "{{ matrix_jwt_service_image }}" source: pull @@ -62,7 +76,7 @@ delay: 10 until: jwt_image_result is not failed -- name: Ensure livekit container image is pulled +- name: Ensure livekit Docker image is pulled community.docker.docker_image: name: "{{ matrix_livekit_image }}" source: pull @@ -71,7 +85,7 @@ delay: 10 until: livekit_image_result is not failed -- name: Ensure redis container image is pulled +- name: Ensure redis Docker image is pulled community.docker.docker_image: name: "{{ matrix_redis_image }}" source: pull @@ -80,15 +94,8 @@ delay: 10 until: redis_image_result is not failed -# Ensure Docker Networks are Created -- name: Ensure matrix-element-call container network is created - community.general.docker_network: - enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" - name: "{{ matrix_element_call_container_network }}" - driver: bridge - driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" +# Systemd Services for Element Call, JWT Service, LiveKit, and Redis -# Deploy Systemd Services for Containers - name: Ensure matrix-element-call systemd service is installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2" @@ -112,3 +119,73 @@ src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" mode: 0644 + +# Update homeserver.yaml for Element Call +- name: Add listeners section for Element Call to homeserver.yaml + ansible.builtin.blockinfile: + path: "{{ matrix_homeserver_config_path }}" + block: | + listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + resources: + - names: [client, federation, openid] + compress: false + marker: "# ANSIBLE MANAGED BLOCK - Element Call listeners" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_element_call_enabled | bool + +- name: Ensure serve_server_wellknown is enabled in homeserver.yaml + ansible.builtin.lineinfile: + path: "{{ matrix_homeserver_config_path }}" + line: "serve_server_wellknown: true" + insertafter: EOF + state: present + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_element_call_enabled | bool + +# Update the .well-known/matrix/client file +- name: Update the well-known client file + ansible.builtin.template: + src: "{{ role_path }}/templates/well_known_client.json.j2" + dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +# Create .well-known/element/element.json for Element Call +- name: Create the well-known element.json file + ansible.builtin.template: + src: "{{ role_path }}/templates/well_known_element.json.j2" + dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +# Update Element Web config.json with Element Call settings +- name: Update Element Web config.json + ansible.builtin.blockinfile: + path: "{{ element_web_config_path }}" + block: | + "features": { + "feature_video_rooms": true, + "feature_new_room_decoration_ui": true, + "feature_group_calls": true, + "feature_element_call_video_rooms": true + }, + "element_call": { + "url": "https://{{ matrix_element_call_domain }}", + "participant_limit": 8, + "brand": "Element Call", + "use_exclusively": true + } + marker: "# ANSIBLE MANAGED BLOCK - Element Call settings" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" From a533ec4204343de6469b80d0bd5ebba4b412ffdb Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 15:38:12 +1000 Subject: [PATCH 026/142] Update matrix_servers --- group_vars/matrix_servers | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c36c348e0..ff107af21 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5890,6 +5890,7 @@ matrix_element_call_container_network: "{{ matrix_homeserver_container_network } # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: true +matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" @@ -5922,4 +5923,4 @@ matrix_element_call_metrics_port: 2112 # # # /matrix-element-call # # # -######################################################################## \ No newline at end of file +######################################################################## From e31e688a416ffad0d9c9aa4f9d8187ef3faf2755 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 15:42:05 +1000 Subject: [PATCH 027/142] Update main.yml --- roles/custom/matrix-element-call/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 972941d91..de507b704 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -9,6 +9,7 @@ matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" # Docker network configuration matrix_element_call_container_network: "matrix_element_call_network" +matrix_element_call_container_labels_traefik_additional_response_headers: {} # Docker images matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" From f7621283fdb4690e65709f9f649d01419b06c373 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 16:31:23 +1000 Subject: [PATCH 028/142] Update labels.j2 --- .../matrix-element-call/templates/labels.j2 | 41 ++++++++----------- 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 index 7e2ea810d..a31c6ea6b 100644 --- a/roles/custom/matrix-element-call/templates/labels.j2 +++ b/roles/custom/matrix-element-call/templates/labels.j2 @@ -5,42 +5,35 @@ traefik.enable=true traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.matrix-element-call.loadbalancer.server.port=8080 +# Define the Traefik router rule +traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} +traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.services.element-call-service.loadbalancer.server.port=8080 {% set middlewares = [] %} +# Define any path prefix redirection or stripping middleware {% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} -traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ -traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/ -{% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %} -{% endif %} - -{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} -traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} -{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} +traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['element-call-slashless-redirect'] %} + +traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['element-call-strip-prefix'] %} {% endif %} +# Apply any additional response headers if provided {% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} -{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} +{% set middlewares = middlewares + ['element-call-add-headers'] %} {% endif %} -traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} -{% if matrix_element_call_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} -{% endif %} -traefik.http.routers.matrix-element-call.service=matrix-element-call +# Add middlewares to the router {% if middlewares | length > 0 %} -traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} -{% endif %} -traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} -{% if matrix_element_call_container_labels_traefik_tls %} -traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} {% endif %} {% endif %} - -{{ matrix_element_call_container_extra_arguments }} From bc2ed6076260e2720ec230b49d245f4f0173c1dc Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 17:23:03 +1000 Subject: [PATCH 029/142] Update main.yml --- roles/custom/matrix-element-call/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index de507b704..1fa2c57d9 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -10,6 +10,7 @@ matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" # Docker network configuration matrix_element_call_container_network: "matrix_element_call_network" matrix_element_call_container_labels_traefik_additional_response_headers: {} +matrix_element_call_container_additional_networks: [] # No additional networks by default # Docker images matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" From ac1295ac455ce82731c6a8ea9c42db0d2c48eeb3 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 18:33:22 +1000 Subject: [PATCH 030/142] Create matrix-jwt-service.service.j2 --- .../systemd/matrix-jwt-service.service.j2 | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 new file mode 100644 index 000000000..1df21478d --- /dev/null +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 @@ -0,0 +1,38 @@ +[Unit] +Description=Matrix JWT Service +After=docker.service +Requires=docker.service + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-jwt-service 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jwt-service 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-jwt-service \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_element_call_container_network }} \ + -p {{ matrix_jwt_service_port }}:8080 \ + --env-file={{ matrix_element_call_base_path }}/config/env \ + --label-file={{ matrix_element_call_base_path }}/config/labels \ + {{ matrix_jwt_service_image }} \ + serve + +{% for network in matrix_element_call_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-jwt-service +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-jwt-service + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-jwt-service 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jwt-service 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jwt-service + +[Install] +WantedBy=multi-user.target From f38d6a0d88067cb64c9a266ab7963fbe57b16482 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 18:39:03 +1000 Subject: [PATCH 031/142] Update main.yml --- roles/custom/matrix-element-call/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 1fa2c57d9..33525303d 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -6,6 +6,7 @@ matrix_element_call_enabled: false matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config" matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" +matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" # Docker network configuration matrix_element_call_container_network: "matrix_element_call_network" From 9cb236da30795dd3071e4a7ee1e531d830fb99b7 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 18:50:48 +1000 Subject: [PATCH 032/142] Update install.yml --- .../matrix-element-call/tasks/install.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index c0e16456b..ccf2d4121 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -150,11 +150,18 @@ group: "{{ matrix_user_groupname }}" when: matrix_element_call_enabled | bool -# Update the .well-known/matrix/client file -- name: Update the well-known client file - ansible.builtin.template: - src: "{{ role_path }}/templates/well_known_client.json.j2" - dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" +# Update the well-known client file for Element Call (adding RTC FOCI) +- name: Update the existing well-known client file for Element Call (RTC FOCI) + ansible.builtin.blockinfile: + path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" + block: | + "org.matrix.msc4143.rtc_foci": [ + { + "type": "livekit", + "livekit_service_url": "{{ matrix_element_call_jwt_service_url }}" + } + ] + marker: "# ANSIBLE MANAGED BLOCK - Element Call RTC FOCI" mode: '0644' owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" From f2acc7430dc6865ec6ac847339a8c6c8b69962b8 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 18:53:49 +1000 Subject: [PATCH 033/142] Create well_known_element.json.j2 --- .../matrix-element-call/templates/well_known_element.json.j2 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/well_known_element.json.j2 diff --git a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 new file mode 100644 index 000000000..eae63cf83 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 @@ -0,0 +1,5 @@ +{ + "call": { + "widget_url": "https://{{ matrix_element_call_domain }}" + } +} From ba54e549c47927951490088b1ef962a36a063306 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 19:08:09 +1000 Subject: [PATCH 034/142] Added well-known element directory --- roles/custom/matrix-element-call/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index ccf2d4121..93fbeba95 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -14,6 +14,7 @@ - path: "{{ matrix_element_call_base_path }}/data" - path: "{{ matrix_element_call_base_path }}/config" - path: "{{ matrix_element_call_base_path }}/backend" # For LiveKit and Redis config + - path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element" # Directory for element.json # Ensure Configuration Files are in Place - name: Ensure Element Call config.json is in place From 3f6c327da288c00e1cfc24d27fa15d142d26e74a Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 19:18:47 +1000 Subject: [PATCH 035/142] Update main.yml --- roles/custom/matrix-element-call/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 33525303d..5de1b8f94 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -7,6 +7,7 @@ matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config" matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" +element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" # Docker network configuration matrix_element_call_container_network: "matrix_element_call_network" From 85be68946cbac0a21302a1746b3a61d6ab3a6953 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 19:30:15 +1000 Subject: [PATCH 036/142] Migrated from matrix_redis to redis_ --- roles/custom/matrix-element-call/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 5de1b8f94..35c3d90ed 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -18,12 +18,12 @@ matrix_element_call_container_additional_networks: [] # No additional networks matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" matrix_livekit_image: "livekit/livekit-server:latest" -matrix_redis_image: "redis:6-alpine" +redis_image: "redis:6-alpine" # Ports matrix_element_call_port: "8093" matrix_jwt_service_port: "8881" -matrix_redis_port: "6379" +redis_port: "6379" # LiveKit configuration matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # Must be defined in host_vars @@ -37,7 +37,7 @@ matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" # Redis Configuration for Element Call redis_hostname: "localhost" -redis_port: 6379 +#redis_port: 6379 redis_password: "" # Traefik Configuration for Element Call From 6ef304b118e9d1bd58943ac2f8c34f2ed342357c Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 19:43:22 +1000 Subject: [PATCH 037/142] Update validate_config.yml --- roles/custom/matrix-element-call/tasks/validate_config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index 1feccecb8..c0e0ef940 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -12,6 +12,6 @@ - {'name': 'matrix_element_call_image', when: true} - {'name': 'matrix_jwt_service_image', when: true} - {'name': 'matrix_livekit_image', when: true} - - {'name': 'matrix_redis_image', when: true} + - {'name': 'redis_image', when: true} - {'name': 'matrix_element_call_livekit_dev_key', when: true} - {'name': 'matrix_element_call_livekit_service_url', when: true} From 656d4275bcab2a638f18a1442ce4b6dad9e79af4 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 19:48:06 +1000 Subject: [PATCH 038/142] Update install.yml --- roles/custom/matrix-element-call/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 93fbeba95..5e3c716d3 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -88,7 +88,7 @@ - name: Ensure redis Docker image is pulled community.docker.docker_image: - name: "{{ matrix_redis_image }}" + name: "{{ redis_image }}" source: pull register: redis_image_result retries: 3 From e34e5da9a4d27d3d656dd48fe3409f7d2b769300 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 19:57:39 +1000 Subject: [PATCH 039/142] Update matrix-redis.service.j2 --- .../templates/systemd/matrix-redis.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 index 17adad1b4..5cccced16 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 @@ -17,7 +17,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --cap-drop=ALL \ --network={{ matrix_element_call_container_network }} \ --mount type=bind,src={{ matrix_element_call_backend_path }}/redis.conf,dst=/etc/redis.conf,ro \ - {{ matrix_redis_image }} \ + {{ redis_image }} \ redis-server /etc/redis.conf ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-redis From 5cc9c70ba6fc95a575b380fa55ab9f058fd59766 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 20:57:47 +1000 Subject: [PATCH 040/142] Remove serve command from matrix-element-call.service.j2 --- .../templates/systemd/matrix-element-call.service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index ff08ff9fd..21ddd54f3 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -19,8 +19,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ -p {{ matrix_element_call_port }}:8080 \ --env-file={{ matrix_element_call_base_path }}/config/env \ --label-file={{ matrix_element_call_base_path }}/config/labels \ - {{ matrix_element_call_image }} \ - serve + {{ matrix_element_call_image }} {% for network in matrix_element_call_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call From f0632b20ebed7611373b690fe8483960b2d36230 Mon Sep 17 00:00:00 2001 From: Backslash Date: Thu, 26 Sep 2024 21:24:43 +1000 Subject: [PATCH 041/142] Added missing labels for sfu and jwt --- .../matrix-element-call/templates/labels.j2 | 33 ++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 index a31c6ea6b..a13a75ef0 100644 --- a/roles/custom/matrix-element-call/templates/labels.j2 +++ b/roles/custom/matrix-element-call/templates/labels.j2 @@ -5,7 +5,7 @@ traefik.enable=true traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} {% endif %} -# Define the Traefik router rule +# Element Call Labels traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} @@ -13,7 +13,7 @@ traefik.http.services.element-call-service.loadbalancer.server.port=8080 {% set middlewares = [] %} -# Define any path prefix redirection or stripping middleware +# Path prefix handling for Element Call {% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ @@ -23,7 +23,7 @@ traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matri {% set middlewares = middlewares + ['element-call-strip-prefix'] %} {% endif %} -# Apply any additional response headers if provided +# Additional response headers for Element Call {% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} @@ -31,9 +31,34 @@ traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders. {% set middlewares = middlewares + ['element-call-add-headers'] %} {% endif %} -# Add middlewares to the router +# Add middlewares to the Element Call router {% if middlewares | length > 0 %} traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} {% endif %} +# LiveKit Labels +traefik.http.routers.sfu-router.rule=Host(`{{ matrix_element_call_livekit_service_url | regex_replace('^https?://', '') }}`) +traefik.http.routers.sfu-router.entrypoints=websecure +traefik.http.routers.sfu-router.tls.certresolver=default +traefik.http.services.sfu-service.loadbalancer.server.port=7880 +traefik.http.middlewares.sfu-headers.headers.customFrameOptionsValue=SAMEORIGIN +traefik.http.middlewares.sfu-headers.headers.customResponseHeaders.X-Content-Type-Options=nosniff +traefik.http.middlewares.sfu-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload +traefik.http.routers.sfu-router.middlewares=sfu-headers + +# JWT Labels +traefik.http.routers.jwt-router.rule=Host(`{{ matrix_element_call_jwt_service_url | regex_replace('^https?://', '') }}`) +traefik.http.routers.jwt-router.entrypoints=websecure +traefik.http.routers.jwt-router.tls.certresolver=default +traefik.http.services.jwt-service.loadbalancer.server.port=8881 +traefik.http.middlewares.jwt-headers.headers.customFrameOptionsValue=SAMEORIGIN +traefik.http.middlewares.jwt-headers.headers.customResponseHeaders.X-Content-Type-Options=nosniff +traefik.http.middlewares.jwt-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload +traefik.http.routers.jwt-router.middlewares=jwt-headers + {% endif %} + +# Additional labels (if any) specified by the user +{% for key, value in matrix_element_call_container_extra_arguments.items() %} +{{ key }}={{ value }} +{% endfor %} From 6a519bb05332940f6b19c70345a1d3eb8671731f Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:08:42 +1000 Subject: [PATCH 042/142] Created element-call-labels to separate the labels for each container --- .../templates/element-call-labels.j2 | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/element-call-labels.j2 diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 new file mode 100644 index 000000000..a31c6ea6b --- /dev/null +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -0,0 +1,39 @@ +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_element_call_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} +{% endif %} + +# Define the Traefik router rule +traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} +traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.services.element-call-service.loadbalancer.server.port=8080 + +{% set middlewares = [] %} + +# Define any path prefix redirection or stripping middleware +{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['element-call-slashless-redirect'] %} + +traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['element-call-strip-prefix'] %} +{% endif %} + +# Apply any additional response headers if provided +{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['element-call-add-headers'] %} +{% endif %} + +# Add middlewares to the router +{% if middlewares | length > 0 %} +traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} +{% endif %} + +{% endif %} From 2cf471075db355f6df66ffb188424425be1c8981 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:09:32 +1000 Subject: [PATCH 043/142] Created livekit-labels.j2 --- .../matrix-element-call/templates/livekit-labels.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/livekit-labels.j2 diff --git a/roles/custom/matrix-element-call/templates/livekit-labels.j2 b/roles/custom/matrix-element-call/templates/livekit-labels.j2 new file mode 100644 index 000000000..df680b2a7 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/livekit-labels.j2 @@ -0,0 +1,13 @@ +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_element_call_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} +{% endif %} + +# Define the Traefik router rule for LiveKit +traefik.http.routers.livekit-router.rule=Host(`{{ matrix_element_call_sfu_hostname }}`) +traefik.http.routers.livekit-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.livekit-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.services.livekit-service.loadbalancer.server.port=7880 +{% endif %} From 1d7a60055c2114c35ab64e18157a79f86fbcf33b Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:10:06 +1000 Subject: [PATCH 044/142] Create jwt-service-labels.j2 --- .../templates/jwt-service-labels.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/custom/matrix-element-call/templates/jwt-service-labels.j2 diff --git a/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 b/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 new file mode 100644 index 000000000..86b314cf4 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 @@ -0,0 +1,13 @@ +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_element_call_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} +{% endif %} + +# Define the Traefik router rule for JWT Service +traefik.http.routers.jwt-router.rule=Host(`{{ matrix_element_call_jwt_service_hostname }}`) +traefik.http.routers.jwt-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.jwt-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.services.jwt-service.loadbalancer.server.port=8881 +{% endif %} From 80763804f914506b119f4b90fdd2013901d91648 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:16:56 +1000 Subject: [PATCH 045/142] Updated label file --- .../templates/systemd/matrix-element-call.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index 21ddd54f3..eded8dc6a 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -18,7 +18,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --network={{ matrix_element_call_container_network }} \ -p {{ matrix_element_call_port }}:8080 \ --env-file={{ matrix_element_call_base_path }}/config/env \ - --label-file={{ matrix_element_call_base_path }}/config/labels \ + --label-file={{ matrix_element_call_base_path }}/config/element-call-labels \ {{ matrix_element_call_image }} {% for network in matrix_element_call_container_additional_networks %} From d2e2781d3b715ea3872c60fe5a2290a6d55c30ef Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:18:27 +1000 Subject: [PATCH 046/142] Updated label file --- .../templates/systemd/matrix-jwt-service.service.j2 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 index 1df21478d..7d2ac8fd8 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 @@ -18,9 +18,8 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --network={{ matrix_element_call_container_network }} \ -p {{ matrix_jwt_service_port }}:8080 \ --env-file={{ matrix_element_call_base_path }}/config/env \ - --label-file={{ matrix_element_call_base_path }}/config/labels \ - {{ matrix_jwt_service_image }} \ - serve + --label-file={{ matrix_element_call_base_path }}/config/jwt-service-labels \ + {{ matrix_jwt_service_image }} {% for network in matrix_element_call_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-jwt-service From 2f2cb8962e64984f5c62acbe176a54c5a6d96591 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:19:26 +1000 Subject: [PATCH 047/142] Updated livekit labels --- .../templates/systemd/matrix-livekit.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 index 0b28522a5..4b7f3ea8a 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 @@ -17,6 +17,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --cap-drop=ALL \ --network=host \ --mount type=bind,src={{ matrix_element_call_backend_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ + --label-file={{ matrix_element_call_base_path }}/config/livekit-labels \ {{ matrix_livekit_image }} \ --dev --config /etc/livekit.yaml From df4bf4a0c930b549316180a1880dc55f00fbbf71 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:23:24 +1000 Subject: [PATCH 048/142] Added tasks for moving the new labels files into place --- .../matrix-element-call/tasks/install.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 5e3c716d3..fdb607871 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -52,7 +52,23 @@ - name: Ensure matrix-element-call Docker labels file is in place ansible.builtin.template: src: "{{ role_path }}/templates/labels.j2" - dest: "{{ matrix_element_call_base_path }}/config/labels" + dest: "{{ matrix_element_call_base_path }}/config/element-call-labels" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure LiveKit labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/livekit-labels.j2" + dest: "{{ matrix_element_call_base_path }}/config/livekit-labels" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure JWT Service labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/jwt-service-labels.j2" + dest: "{{ matrix_element_call_base_path }}/config/jwt-service-labels" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" From dd96b93d899b7ba6c46cef8e93b86d5068b55ac8 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:34:01 +1000 Subject: [PATCH 049/142] Update matrix-element-call.service.j2 --- .../systemd/matrix-element-call.service.j2 | 56 +++++++++---------- 1 file changed, 25 insertions(+), 31 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index eded8dc6a..488b1f400 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -1,37 +1,31 @@ -[Unit] -Description=Matrix Element Call Service -After=docker.service -Requires=docker.service +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' +{% if matrix_element_call_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} +{% endif %} -ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ - --rm \ - --name=matrix-element-call \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_element_call_container_network }} \ - -p {{ matrix_element_call_port }}:8080 \ - --env-file={{ matrix_element_call_base_path }}/config/env \ - --label-file={{ matrix_element_call_base_path }}/config/element-call-labels \ - {{ matrix_element_call_image }} +# Define the Traefik router rule +traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} +traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.services.element-call-service.loadbalancer.server.port=8080 -{% for network in matrix_element_call_container_additional_networks %} -ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call -{% endfor %} +{% set middlewares = [] %} -ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call +# Define any path prefix redirection or stripping middleware +{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['element-call-slashless-redirect'] %} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-element-call +traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['element-call-strip-prefix'] %} +{% endif %} -[Install] -WantedBy=multi-user.target +# Add middlewares to the router +{% if middlewares | length > 0 %} +traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} +{% endif %} + +{% endif %} From 3264408758bf162dfba2724f20a6cc0b015df227 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:49:55 +1000 Subject: [PATCH 050/142] Rename element-call-labels.j2 to element-call-labels.j2-new --- .../{element-call-labels.j2 => element-call-labels.j2-new} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/custom/matrix-element-call/templates/{element-call-labels.j2 => element-call-labels.j2-new} (100%) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2-new similarity index 100% rename from roles/custom/matrix-element-call/templates/element-call-labels.j2 rename to roles/custom/matrix-element-call/templates/element-call-labels.j2-new From 25909b102945fbd030466fcc04b4f861d1418587 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 08:51:27 +1000 Subject: [PATCH 051/142] Update and rename labels.j2 to element-call-labels.j2 --- .../{labels.j2 => element-call-labels.j2} | 20 ------------------- 1 file changed, 20 deletions(-) rename roles/custom/matrix-element-call/templates/{labels.j2 => element-call-labels.j2} (61%) diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 similarity index 61% rename from roles/custom/matrix-element-call/templates/labels.j2 rename to roles/custom/matrix-element-call/templates/element-call-labels.j2 index a13a75ef0..7ec9aa164 100644 --- a/roles/custom/matrix-element-call/templates/labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -36,26 +36,6 @@ traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders. traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} {% endif %} -# LiveKit Labels -traefik.http.routers.sfu-router.rule=Host(`{{ matrix_element_call_livekit_service_url | regex_replace('^https?://', '') }}`) -traefik.http.routers.sfu-router.entrypoints=websecure -traefik.http.routers.sfu-router.tls.certresolver=default -traefik.http.services.sfu-service.loadbalancer.server.port=7880 -traefik.http.middlewares.sfu-headers.headers.customFrameOptionsValue=SAMEORIGIN -traefik.http.middlewares.sfu-headers.headers.customResponseHeaders.X-Content-Type-Options=nosniff -traefik.http.middlewares.sfu-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload -traefik.http.routers.sfu-router.middlewares=sfu-headers - -# JWT Labels -traefik.http.routers.jwt-router.rule=Host(`{{ matrix_element_call_jwt_service_url | regex_replace('^https?://', '') }}`) -traefik.http.routers.jwt-router.entrypoints=websecure -traefik.http.routers.jwt-router.tls.certresolver=default -traefik.http.services.jwt-service.loadbalancer.server.port=8881 -traefik.http.middlewares.jwt-headers.headers.customFrameOptionsValue=SAMEORIGIN -traefik.http.middlewares.jwt-headers.headers.customResponseHeaders.X-Content-Type-Options=nosniff -traefik.http.middlewares.jwt-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload -traefik.http.routers.jwt-router.middlewares=jwt-headers - {% endif %} # Additional labels (if any) specified by the user From 1721e85195e2aa6fcd3ce53ffa3a302cb0af6d22 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:00:03 +1000 Subject: [PATCH 052/142] Corrected element call labels file name --- roles/custom/matrix-element-call/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index fdb607871..ba3a8704d 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -51,7 +51,7 @@ - name: Ensure matrix-element-call Docker labels file is in place ansible.builtin.template: - src: "{{ role_path }}/templates/labels.j2" + src: "{{ role_path }}/templates/element-call-labels.j2" dest: "{{ matrix_element_call_base_path }}/config/element-call-labels" mode: 0640 owner: "{{ matrix_user_username }}" From 510cfb2dace4bb23332dc4596fcff0395053885f Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:14:29 +1000 Subject: [PATCH 053/142] Update matrix_servers --- group_vars/matrix_servers | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ff107af21..6c80b0884 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5896,6 +5896,7 @@ matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_cal matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" matrix_element_call_container_labels_traefik_entrypoints: "websecure" matrix_element_call_container_labels_traefik_tls_certResolver: "default" +matrix_element_call_container_labels_traefik_additional_response_headers: {} # JWT Service Configuration matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed From 5f49433f6c93e45f1e253d9981d4b23a098c9478 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:15:21 +1000 Subject: [PATCH 054/142] Handle empty labels correctly. --- .../custom/matrix-element-call/templates/element-call-labels.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 7ec9aa164..915ab6e25 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -39,6 +39,8 @@ traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') {% endif %} # Additional labels (if any) specified by the user +{% if matrix_element_call_container_extra_arguments.keys() | length > 0 %} {% for key, value in matrix_element_call_container_extra_arguments.items() %} {{ key }}={{ value }} {% endfor %} +{% endif %} From 805b726c6d8132516197d29c941044d361d3a6ce Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:25:01 +1000 Subject: [PATCH 055/142] Update element-call-labels.j2 --- .../matrix-element-call/templates/element-call-labels.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 915ab6e25..e721c93cc 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -24,7 +24,7 @@ traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matri {% endif %} # Additional response headers for Element Call -{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% if matrix_element_call_container_labels_traefik_additional_response_headers is mapping and matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} @@ -39,7 +39,7 @@ traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') {% endif %} # Additional labels (if any) specified by the user -{% if matrix_element_call_container_extra_arguments.keys() | length > 0 %} +{% if matrix_element_call_container_extra_arguments is mapping and matrix_element_call_container_extra_arguments.keys() | length > 0 %} {% for key, value in matrix_element_call_container_extra_arguments.items() %} {{ key }}={{ value }} {% endfor %} From c14f9cdcb59e9fd92f5ba7465abc2042ed4e8a43 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:25:48 +1000 Subject: [PATCH 056/142] Update matrix_servers --- group_vars/matrix_servers | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6c80b0884..008eba6dc 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5897,6 +5897,7 @@ matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call matrix_element_call_container_labels_traefik_entrypoints: "websecure" matrix_element_call_container_labels_traefik_tls_certResolver: "default" matrix_element_call_container_labels_traefik_additional_response_headers: {} +matrix_element_call_container_extra_arguments: {} # JWT Service Configuration matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed From 5730dbfc6e0928b1b4defa6e4fe734759feb3ae8 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:54:01 +1000 Subject: [PATCH 057/142] Added hostname label --- .../templates/element-call-labels.j2 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index e721c93cc..0428d056a 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -1,12 +1,13 @@ {% if matrix_element_call_container_labels_traefik_enabled %} traefik.enable=true +# Network configuration for Traefik {% if matrix_element_call_container_labels_traefik_docker_network %} traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} {% endif %} -# Element Call Labels -traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} +# Traefik Router and Service configuration for Element Call +traefik.http.routers.element-call-router.rule=Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`) traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} traefik.http.services.element-call-service.loadbalancer.server.port=8080 @@ -24,14 +25,14 @@ traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matri {% endif %} # Additional response headers for Element Call -{% if matrix_element_call_container_labels_traefik_additional_response_headers is mapping and matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% if matrix_element_call_container_labels_traefik_additional_response_headers is defined and matrix_element_call_container_labels_traefik_additional_response_headers | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} {% set middlewares = middlewares + ['element-call-add-headers'] %} {% endif %} -# Add middlewares to the Element Call router +# Apply middlewares to the Element Call router {% if middlewares | length > 0 %} traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} {% endif %} @@ -39,7 +40,7 @@ traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') {% endif %} # Additional labels (if any) specified by the user -{% if matrix_element_call_container_extra_arguments is mapping and matrix_element_call_container_extra_arguments.keys() | length > 0 %} +{% if matrix_element_call_container_extra_arguments is defined and matrix_element_call_container_extra_arguments | length > 0 %} {% for key, value in matrix_element_call_container_extra_arguments.items() %} {{ key }}={{ value }} {% endfor %} From 6d6f9ab853104213f7e6cc5d8db3381a298713dc Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:59:13 +1000 Subject: [PATCH 058/142] Added hostnames for livekit and jwt labels --- roles/custom/matrix-element-call/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 35c3d90ed..8d04028e4 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -28,6 +28,10 @@ redis_port: "6379" # LiveKit configuration matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # Must be defined in host_vars matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443" +matrix_element_call_livekit_hostname: "sfu.{{ matrix_domain }}" + +# jwt configuration +matrix_element_call_jwt_hostname: "sfu-jwt.{{ matrix_domain }}" # Well-known paths and domains (derived from matrix_domain) matrix_element_call_domain: "call.{{ matrix_domain }}" From b6571fc4fdfffd60cc5d11e63e13dd6077fbba93 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 09:59:54 +1000 Subject: [PATCH 059/142] Update livekit-labels.j2 --- roles/custom/matrix-element-call/templates/livekit-labels.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/livekit-labels.j2 b/roles/custom/matrix-element-call/templates/livekit-labels.j2 index df680b2a7..5fa0c51ad 100644 --- a/roles/custom/matrix-element-call/templates/livekit-labels.j2 +++ b/roles/custom/matrix-element-call/templates/livekit-labels.j2 @@ -6,7 +6,7 @@ traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_ne {% endif %} # Define the Traefik router rule for LiveKit -traefik.http.routers.livekit-router.rule=Host(`{{ matrix_element_call_sfu_hostname }}`) +traefik.http.routers.livekit-router.rule=Host(`{{ matrix_element_call_livekit_hostname }}`) traefik.http.routers.livekit-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} traefik.http.routers.livekit-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} traefik.http.services.livekit-service.loadbalancer.server.port=7880 From 089c5f14c8e9ee57fb8da0f48a8c221e1d67b1a1 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 10:00:40 +1000 Subject: [PATCH 060/142] Update jwt-service-labels.j2 --- .../custom/matrix-element-call/templates/jwt-service-labels.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 b/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 index 86b314cf4..603ced758 100644 --- a/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 +++ b/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 @@ -6,7 +6,7 @@ traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_ne {% endif %} # Define the Traefik router rule for JWT Service -traefik.http.routers.jwt-router.rule=Host(`{{ matrix_element_call_jwt_service_hostname }}`) +traefik.http.routers.jwt-router.rule=Host(`{{ matrix_element_call_jwt_hostname }}`) traefik.http.routers.jwt-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} traefik.http.routers.jwt-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} traefik.http.services.jwt-service.loadbalancer.server.port=8881 From 3c084e17d266892ea10e51188d70508e5ab6a64e Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 10:15:51 +1000 Subject: [PATCH 061/142] Update element-call-labels.j2-new --- .../templates/element-call-labels.j2-new | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2-new b/roles/custom/matrix-element-call/templates/element-call-labels.j2-new index a31c6ea6b..0428d056a 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2-new +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2-new @@ -1,19 +1,20 @@ {% if matrix_element_call_container_labels_traefik_enabled %} traefik.enable=true +# Network configuration for Traefik {% if matrix_element_call_container_labels_traefik_docker_network %} traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} {% endif %} -# Define the Traefik router rule -traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} +# Traefik Router and Service configuration for Element Call +traefik.http.routers.element-call-router.rule=Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`) traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} traefik.http.services.element-call-service.loadbalancer.server.port=8080 {% set middlewares = [] %} -# Define any path prefix redirection or stripping middleware +# Path prefix handling for Element Call {% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ @@ -23,17 +24,24 @@ traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matri {% set middlewares = middlewares + ['element-call-strip-prefix'] %} {% endif %} -# Apply any additional response headers if provided -{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +# Additional response headers for Element Call +{% if matrix_element_call_container_labels_traefik_additional_response_headers is defined and matrix_element_call_container_labels_traefik_additional_response_headers | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} {% set middlewares = middlewares + ['element-call-add-headers'] %} {% endif %} -# Add middlewares to the router +# Apply middlewares to the Element Call router {% if middlewares | length > 0 %} traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} {% endif %} {% endif %} + +# Additional labels (if any) specified by the user +{% if matrix_element_call_container_extra_arguments is defined and matrix_element_call_container_extra_arguments | length > 0 %} +{% for key, value in matrix_element_call_container_extra_arguments.items() %} +{{ key }}={{ value }} +{% endfor %} +{% endif %} From 14614cb21102dfc6c645d05ca8e38156add079d7 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 10:26:01 +1000 Subject: [PATCH 062/142] Update matrix-element-call.service.j2 --- .../systemd/matrix-element-call.service.j2 | 56 ++++++++++--------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index 488b1f400..eded8dc6a 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -1,31 +1,37 @@ -{% if matrix_element_call_container_labels_traefik_enabled %} -traefik.enable=true +[Unit] +Description=Matrix Element Call Service +After=docker.service +Requires=docker.service -{% if matrix_element_call_container_labels_traefik_docker_network %} -traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} -{% endif %} +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' -# Define the Traefik router rule -traefik.http.routers.element-call-router.rule={{ matrix_element_call_container_labels_traefik_rule }} -traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} -traefik.http.services.element-call-service.loadbalancer.server.port=8080 +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-element-call \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_element_call_container_network }} \ + -p {{ matrix_element_call_port }}:8080 \ + --env-file={{ matrix_element_call_base_path }}/config/env \ + --label-file={{ matrix_element_call_base_path }}/config/element-call-labels \ + {{ matrix_element_call_image }} -{% set middlewares = [] %} +{% for network in matrix_element_call_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call +{% endfor %} -# Define any path prefix redirection or stripping middleware -{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} -traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ -traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ -{% set middlewares = middlewares + ['element-call-slashless-redirect'] %} +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call -traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} -{% set middlewares = middlewares + ['element-call-strip-prefix'] %} -{% endif %} +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-element-call -# Add middlewares to the router -{% if middlewares | length > 0 %} -traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} -{% endif %} - -{% endif %} +[Install] +WantedBy=multi-user.target From 5b8dcf32d5fa47d0cbb5777b66138c47db0b41d0 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 11:42:34 +1000 Subject: [PATCH 063/142] Added element-call systemd services to the service manager. --- group_vars/matrix_servers | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 008eba6dc..9da357c88 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -433,6 +433,14 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) + + ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else []) + + + ([{'name': 'matrix-jwt-service.service', 'priority': 3000, 'groups': ['matrix', 'jwt-service']}] if matrix_element_call_enabled else []) + + + ([{'name': 'matrix-livekit.service', 'priority': 3000, 'groups': ['matrix', 'livekit']}] if matrix_element_call_enabled else []) + + + ([{'name': 'matrix-redis.service', 'priority': 450, 'groups': ['matrix', 'redis']}] if matrix_element_call_enabled else []) + + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) From 63133d659972342b825782ed678ce356c1541acf Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 11:53:26 +1000 Subject: [PATCH 064/142] Added serve command back in. --- .../templates/systemd/matrix-jwt-service.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 index 7d2ac8fd8..cdcac8b40 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 @@ -19,7 +19,8 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ -p {{ matrix_jwt_service_port }}:8080 \ --env-file={{ matrix_element_call_base_path }}/config/env \ --label-file={{ matrix_element_call_base_path }}/config/jwt-service-labels \ - {{ matrix_jwt_service_image }} + {{ matrix_jwt_service_image }} \ + serve {% for network in matrix_element_call_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-jwt-service From 8b172cc19447be51a17fd94db46246b29a961086 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 12:35:38 +1000 Subject: [PATCH 065/142] Update env.j2 --- roles/custom/matrix-element-call/templates/env.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/env.j2 b/roles/custom/matrix-element-call/templates/env.j2 index 71e9a0693..1a1eb953d 100644 --- a/roles/custom/matrix-element-call/templates/env.j2 +++ b/roles/custom/matrix-element-call/templates/env.j2 @@ -1,7 +1,8 @@ # Environment variables for Element Call ELEMENT_CALL_SERVER_URL=https://{{ matrix_element_call_domain }} +LIVEKIT_KEY=devkey LIVEKIT_SERVICE_URL={{ matrix_element_call_livekit_service_url }} -LIVEKIT_SECRET={{ matrix_element_call_livekit_dev_key }} +LIVEKIT_SECRET={{ matrix_element_call_jwt_secret }} JWT_SERVICE_URL={{ matrix_element_call_jwt_service_url }} # Optional additional environment variables provided by the user From a0917fa2833ec3ee0b42bd5a2b61396dc535bcb2 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 12:37:36 +1000 Subject: [PATCH 066/142] Update main.yml --- roles/custom/matrix-element-call/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 8d04028e4..c9e9aeaba 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -27,6 +27,7 @@ redis_port: "6379" # LiveKit configuration matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # Must be defined in host_vars +matrix_element_call_jwt_secret: "{{ matrix_jwt_secret }}" # Must be defined in host_vars matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443" matrix_element_call_livekit_hostname: "sfu.{{ matrix_domain }}" From 24926720252b0eb5d9d8344514a6eb3ab445304d Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 12:39:39 +1000 Subject: [PATCH 067/142] Update env.j2 --- roles/custom/matrix-element-call/templates/env.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/env.j2 b/roles/custom/matrix-element-call/templates/env.j2 index 1a1eb953d..b5a5d4be4 100644 --- a/roles/custom/matrix-element-call/templates/env.j2 +++ b/roles/custom/matrix-element-call/templates/env.j2 @@ -1,7 +1,7 @@ # Environment variables for Element Call ELEMENT_CALL_SERVER_URL=https://{{ matrix_element_call_domain }} LIVEKIT_KEY=devkey -LIVEKIT_SERVICE_URL={{ matrix_element_call_livekit_service_url }} +LIVEKIT_URL={{ matrix_element_call_livekit_service_url }} LIVEKIT_SECRET={{ matrix_element_call_jwt_secret }} JWT_SERVICE_URL={{ matrix_element_call_jwt_service_url }} From 5db9a5c061efb8c8806b0fdf9ffcc968e4fea2d3 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 12:40:37 +1000 Subject: [PATCH 068/142] Removed env file --- .../templates/systemd/matrix-element-call.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index eded8dc6a..b64e3fbe8 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -17,7 +17,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --cap-drop=ALL \ --network={{ matrix_element_call_container_network }} \ -p {{ matrix_element_call_port }}:8080 \ - --env-file={{ matrix_element_call_base_path }}/config/env \ --label-file={{ matrix_element_call_base_path }}/config/element-call-labels \ {{ matrix_element_call_image }} From a274d32c6d800379d2241449b68cea8bc4778042 Mon Sep 17 00:00:00 2001 From: Backslash Date: Fri, 27 Sep 2024 12:50:31 +1000 Subject: [PATCH 069/142] Removed serve function --- .../templates/systemd/matrix-jwt-service.service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 index cdcac8b40..7d2ac8fd8 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 @@ -19,8 +19,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ -p {{ matrix_jwt_service_port }}:8080 \ --env-file={{ matrix_element_call_base_path }}/config/env \ --label-file={{ matrix_element_call_base_path }}/config/jwt-service-labels \ - {{ matrix_jwt_service_image }} \ - serve + {{ matrix_jwt_service_image }} {% for network in matrix_element_call_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-jwt-service From f036e18789ffd332c40d296bc4744a1dc508586a Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 11:05:11 +1000 Subject: [PATCH 070/142] Fix: Restructured Element call configuration files. --- group_vars/matrix_servers | 24 ++---- .../matrix-element-call/defaults/main.yml | 84 +++++++++++++++++-- .../matrix-element-call/tasks/install.yml | 2 +- .../templates/element-call-labels.j2 | 31 ++++--- .../systemd/matrix-element-call.service.j2 | 16 +++- 5 files changed, 117 insertions(+), 40 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9da357c88..4ba3e6eb2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5894,18 +5894,22 @@ matrix_element_call_container_image_registry_prefix: ghcr.io/ matrix_element_call_container_image_force_pull: true # Docker network configuration for Element Call -matrix_element_call_container_network: "{{ matrix_homeserver_container_network }}" # Use the homeserver network by default +matrix_element_call_container_network: "{{ matrix_addons_container_network }}" +matrix_element_call_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" + # Traefik Configuration for Element Call +matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_element_call_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_element_call_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + + matrix_element_call_container_labels_traefik_enabled: true matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" -matrix_element_call_container_labels_traefik_entrypoints: "websecure" -matrix_element_call_container_labels_traefik_tls_certResolver: "default" -matrix_element_call_container_labels_traefik_additional_response_headers: {} -matrix_element_call_container_extra_arguments: {} # JWT Service Configuration matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed @@ -5919,16 +5923,6 @@ matrix_element_call_redis_hostname: "localhost" # Default Redis hostname; can b matrix_element_call_redis_port: 6379 # Default Redis port; can be overridden matrix_element_call_redis_password: "" # Redis password; should be set in host_vars if needed -# Additional environment variables for the container -matrix_element_call_environment_variables_additional: {} - -# Additional arguments or configuration options for the Docker container -matrix_element_call_container_extra_arguments: [] - -# Enable or disable metrics collection -matrix_element_call_metrics_enabled: false -matrix_element_call_metrics_port: 2112 - ######################################################################## # # # /matrix-element-call # diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index c9e9aeaba..d5a9dbb2f 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -10,7 +10,8 @@ matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homes element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" # Docker network configuration -matrix_element_call_container_network: "matrix_element_call_network" +matrix_element_call_container_network: '' +matrix_element_call_container_http_host_bind_port: '' matrix_element_call_container_labels_traefik_additional_response_headers: {} matrix_element_call_container_additional_networks: [] # No additional networks by default @@ -47,15 +48,88 @@ redis_password: "" # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: true +matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_callcontainer_network }}" matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}" -matrix_element_call_container_labels_traefik_path_prefix: "/" -matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" -matrix_element_call_container_labels_traefik_entrypoints: "websecure" -matrix_element_call_container_labels_traefik_tls_certResolver: "default" +# The path prefix must either be `/` or not end with a slash (e.g. `/element`). +matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_callpath_prefix }}" +matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_element_call_container_labels_traefik_priority: 0 +matrix_element_call_container_labels_traefik_entrypoints: web-secure +matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}" +matrix_element_call_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom` +matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" +matrix_element_call_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) + }} +matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} # Additional environment variables for the container matrix_element_call_environment_variables_additional: {} +# List of systemd services that matrix-client-element.service depends on +matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" + +# Specifies the value of the `X-XSS-Protection` header +# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. +# +# Learn more about it is here: +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection +# - https://portswigger.net/web-security/cross-site-scripting/reflected +matrix_element_call_http_header_xss_protection: "1; mode=block" + +# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +matrix_element_call_http_header_frame_options: SAMEORIGIN + +# Specifies the value of the `X-Content-Type-Options` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options +matrix_element_call_http_header_content_type_options: nosniff + +# Specifies the value of the `Content-Security-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' + +# Specifies the value of the `Permission-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy +matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_callfloc_optout_enabled else '' }}" + +# Specifies the value of the `Strict-Transport-Security` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_callhsts_preload_enabled else '' }}" + +# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses +# +# Learn more about what it is here: +# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea +# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network +# - https://amifloced.org/ +# +# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. +# See: `matrix_element_callcontent_permission_policy` +matrix_element_callfloc_optout_enabled: true + +# Controls if HSTS preloading is enabled +# +# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and +# indicates a willingness to be "preloaded" into browsers: +# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` +# For more information visit: +# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +# - https://hstspreload.org/#opt-in +# See: `matrix_element_call_http_header_strict_transport_security` +matrix_element_callhsts_preload_enabled: false + # Enable or disable metrics collection matrix_element_call_metrics_enabled: false matrix_element_call_metrics_port: 2112 diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index ba3a8704d..f036fa2f9 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -9,7 +9,7 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - loop: + with_items: - path: "{{ matrix_element_call_base_path }}" - path: "{{ matrix_element_call_base_path }}/data" - path: "{{ matrix_element_call_base_path }}/config" diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 0428d056a..feeeb2c65 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -6,10 +6,6 @@ traefik.enable=true traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} {% endif %} -# Traefik Router and Service configuration for Element Call -traefik.http.routers.element-call-router.rule=Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`) -traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} traefik.http.services.element-call-service.loadbalancer.server.port=8080 {% set middlewares = [] %} @@ -24,24 +20,27 @@ traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matri {% set middlewares = middlewares + ['element-call-strip-prefix'] %} {% endif %} -# Additional response headers for Element Call -{% if matrix_element_call_container_labels_traefik_additional_response_headers is defined and matrix_element_call_container_labels_traefik_additional_response_headers | length > 0 %} +{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} -{% set middlewares = middlewares + ['element-call-add-headers'] %} +{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} {% endif %} -# Apply middlewares to the Element Call router +traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} +{% if matrix_element_call_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-element-call.service=matrix-element-call {% if middlewares | length > 0 %} -traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} +traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} +{% if matrix_element_call_container_labels_traefik_tls %} +traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} {% endif %} {% endif %} -# Additional labels (if any) specified by the user -{% if matrix_element_call_container_extra_arguments is defined and matrix_element_call_container_extra_arguments | length > 0 %} -{% for key, value in matrix_element_call_container_extra_arguments.items() %} -{{ key }}={{ value }} -{% endfor %} -{% endif %} +{{ matrix_element_call_container_labels_additional_labels }} diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index b64e3fbe8..b4bb602d0 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -1,7 +1,11 @@ +#jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Element Call Service -After=docker.service -Requires=docker.service +{% for service in matrix_client_element_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +DefaultDependencies=no [Service] Type=simple @@ -15,9 +19,15 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ + --read-only \ --network={{ matrix_element_call_container_network }} \ - -p {{ matrix_element_call_port }}:8080 \ + {% if matrix_element_call_container_http_host_bind_port %} + -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ + {% endif %} --label-file={{ matrix_element_call_base_path }}/config/element-call-labels \ + {% for arg in matrix_element_call_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_element_call_image }} {% for network in matrix_element_call_container_additional_networks %} From 1167e1ec13ab3f9e64a1ac35eabb0a392551baf4 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 11:17:34 +1000 Subject: [PATCH 071/142] fix: changed matrix server name to matrix domain in element-call config. --- roles/custom/matrix-element-call/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/config.json.j2 b/roles/custom/matrix-element-call/templates/config.json.j2 index 7c75144e3..3dc7f0e8a 100644 --- a/roles/custom/matrix-element-call/templates/config.json.j2 +++ b/roles/custom/matrix-element-call/templates/config.json.j2 @@ -2,7 +2,7 @@ "default_server_config": { "m.homeserver": { "base_url": "{{ matrix_homeserver_url }}", - "server_name": "{{ matrix_server_name }}" + "server_name": "{{ matrix_domain }}" } }, "livekit": { From 9dbee212d81f7584089ae0e77d69e2de52b04ff8 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 11:37:08 +1000 Subject: [PATCH 072/142] fix: removed duplicate keys. --- group_vars/matrix_servers | 7 --- .../matrix-element-call/defaults/main.yml | 1 - .../templates/element-call-labels.j2-new | 47 ------------------- 3 files changed, 55 deletions(-) delete mode 100644 roles/custom/matrix-element-call/templates/element-call-labels.j2-new diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4ba3e6eb2..bf55b9a43 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5904,13 +5904,6 @@ matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook matrix_element_call_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_element_call_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" - -matrix_element_call_container_labels_traefik_enabled: true -matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" -matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" -matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)" - # JWT Service Configuration matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index d5a9dbb2f..1b72ca0a1 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -12,7 +12,6 @@ element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well- # Docker network configuration matrix_element_call_container_network: '' matrix_element_call_container_http_host_bind_port: '' -matrix_element_call_container_labels_traefik_additional_response_headers: {} matrix_element_call_container_additional_networks: [] # No additional networks by default # Docker images diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2-new b/roles/custom/matrix-element-call/templates/element-call-labels.j2-new deleted file mode 100644 index 0428d056a..000000000 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2-new +++ /dev/null @@ -1,47 +0,0 @@ -{% if matrix_element_call_container_labels_traefik_enabled %} -traefik.enable=true - -# Network configuration for Traefik -{% if matrix_element_call_container_labels_traefik_docker_network %} -traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} -{% endif %} - -# Traefik Router and Service configuration for Element Call -traefik.http.routers.element-call-router.rule=Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`) -traefik.http.routers.element-call-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.element-call-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} -traefik.http.services.element-call-service.loadbalancer.server.port=8080 - -{% set middlewares = [] %} - -# Path prefix handling for Element Call -{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} -traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ -traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ -{% set middlewares = middlewares + ['element-call-slashless-redirect'] %} - -traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} -{% set middlewares = middlewares + ['element-call-strip-prefix'] %} -{% endif %} - -# Additional response headers for Element Call -{% if matrix_element_call_container_labels_traefik_additional_response_headers is defined and matrix_element_call_container_labels_traefik_additional_response_headers | length > 0 %} -{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -{% endfor %} -{% set middlewares = middlewares + ['element-call-add-headers'] %} -{% endif %} - -# Apply middlewares to the Element Call router -{% if middlewares | length > 0 %} -traefik.http.routers.element-call-router.middlewares={{ middlewares | join(',') }} -{% endif %} - -{% endif %} - -# Additional labels (if any) specified by the user -{% if matrix_element_call_container_extra_arguments is defined and matrix_element_call_container_extra_arguments | length > 0 %} -{% for key, value in matrix_element_call_container_extra_arguments.items() %} -{{ key }}={{ value }} -{% endfor %} -{% endif %} From 93650cf20ea9b72a4ced744380d57132cc417313 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 12:02:45 +1000 Subject: [PATCH 073/142] fix: Type in the element-call main.yml --- roles/custom/matrix-element-call/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 1b72ca0a1..f1ab26261 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -50,7 +50,7 @@ matrix_element_call_container_labels_traefik_enabled: true matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_callcontainer_network }}" matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}" # The path prefix must either be `/` or not end with a slash (e.g. `/element`). -matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_callpath_prefix }}" +matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}" matrix_element_call_container_labels_traefik_priority: 0 matrix_element_call_container_labels_traefik_entrypoints: web-secure From f762048a8dcaa691d183fee147f621c031cdd25d Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 12:15:27 +1000 Subject: [PATCH 074/142] fix: added missing labels to main. --- roles/custom/matrix-element-call/defaults/main.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index f1ab26261..787acf0a1 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -72,6 +72,18 @@ matrix_element_call_container_labels_traefik_additional_response_headers_auto: | }} matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} +# matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_client_element_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_element_call_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_element_call_container_extra_arguments: [] + # Additional environment variables for the container matrix_element_call_environment_variables_additional: {} From 6143ad7ffa04d98714eb51acf5675921a1d96b86 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 12:27:04 +1000 Subject: [PATCH 075/142] fix: removed the read-only tag from the element-call systemd file. --- .../templates/systemd/matrix-element-call.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index b4bb602d0..6048f9e4d 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -19,7 +19,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ - --read-only \ --network={{ matrix_element_call_container_network }} \ {% if matrix_element_call_container_http_host_bind_port %} -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ From 31a138a6ba7570b7bb9cd8ebc60c28d284c74302 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 12:47:42 +1000 Subject: [PATCH 076/142] fixed traefik router issues. --- .../templates/element-call-labels.j2 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index feeeb2c65..5287ab98c 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -22,23 +22,23 @@ traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matri {% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} -{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} +{% set middlewares = middlewares + ['element-call-add-headers'] %} {% endif %} -traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} +traefik.http.routers.element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} +traefik.http.routers.element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} {% endif %} -traefik.http.routers.matrix-element-call.service=matrix-element-call +traefik.http.routers.element-call.service=matrix-element-call {% if middlewares | length > 0 %} -traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} +traefik.http.routers.element-call.middlewares={{ middlewares | join(',') }} {% endif %} -traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} +traefik.http.routers.element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} {% if matrix_element_call_container_labels_traefik_tls %} -traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.routers.element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} {% endif %} {% endif %} From cb41fb02ae3611ae1211c73e044cb07b35d416e1 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 13:00:10 +1000 Subject: [PATCH 077/142] testing traefik labels again. --- .../custom/matrix-element-call/templates/element-call-labels.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 5287ab98c..2a023b28e 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -31,7 +31,7 @@ traefik.http.routers.element-call.rule={{ matrix_element_call_container_labels_t {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} traefik.http.routers.element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} {% endif %} -traefik.http.routers.element-call.service=matrix-element-call +traefik.http.routers.element-call.service=element-call {% if middlewares | length > 0 %} traefik.http.routers.element-call.middlewares={{ middlewares | join(',') }} {% endif %} From b907777ae53475ee93aefcd827b08a47e0b44824 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 13:13:29 +1000 Subject: [PATCH 078/142] fixing labels again. --- .../matrix-element-call/defaults/main.yml | 2 +- .../templates/element-call-labels.j2 | 30 +++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 787acf0a1..d2660e7e3 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -87,7 +87,7 @@ matrix_element_call_container_extra_arguments: [] # Additional environment variables for the container matrix_element_call_environment_variables_additional: {} -# List of systemd services that matrix-client-element.service depends on +# List of systemd services that matrix-element-call.service depends on matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Specifies the value of the `X-XSS-Protection` header diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 2a023b28e..10a84751b 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -6,39 +6,39 @@ traefik.enable=true traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.element-call-service.loadbalancer.server.port=8080 +traefik.http.services.matrix-element-call.loadbalancer.server.port=8080 {% set middlewares = [] %} # Path prefix handling for Element Call {% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} -traefik.http.middlewares.element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ -traefik.http.middlewares.element-call-slashless-redirect.redirectregex.replacement=${1}/ -{% set middlewares = middlewares + ['element-call-slashless-redirect'] %} +traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %} -traefik.http.middlewares.element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} -{% set middlewares = middlewares + ['element-call-strip-prefix'] %} +traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} {% endif %} {% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} -{% set middlewares = middlewares + ['element-call-add-headers'] %} +{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} {% endif %} -traefik.http.routers.element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} +traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} +traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} {% endif %} -traefik.http.routers.element-call.service=element-call +traefik.http.routers.matrix-element-call.service=matrix-element-call {% if middlewares | length > 0 %} -traefik.http.routers.element-call.middlewares={{ middlewares | join(',') }} +traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} {% endif %} -traefik.http.routers.element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} +traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} {% if matrix_element_call_container_labels_traefik_tls %} -traefik.http.routers.element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} {% endif %} {% endif %} From 8cb3e33bbfddaa50b7370e65d1668e6e1333b606 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 22:20:46 +1000 Subject: [PATCH 079/142] separated livekit and jwt to separate roles --- group_vars/matrix_servers | 88 ++++++++-- .../matrix-element-call/defaults/main.yml | 26 +-- .../tasks/create_element_json.yml | 22 --- .../matrix-element-call/tasks/install.yml | 2 +- .../tasks/install_docker_containers.yml | 166 ------------------ .../tasks/update_element_web_config.yml | 29 --- .../tasks/update_homeserver_config.yml | 36 ---- .../tasks/update_well_known_client.yml | 24 --- .../tasks/validate_config.yml | 2 +- .../templates/config.json.j2 | 2 +- .../matrix-element-call/templates/env.j2 | 11 -- .../templates/jwt-service-labels.j2 | 13 -- .../templates/livekit-labels.j2 | 13 -- .../matrix-jwt-service/defaults/main.yml | 118 +++++++++++++ .../matrix-jwt-service/tasks/install.yml | 46 +++++ .../custom/matrix-jwt-service/tasks/main.yml | 21 +++ .../matrix-jwt-service/tasks/uninstall.yml | 22 +++ .../tasks/validate_config.yml | 12 ++ .../matrix-jwt-service/templates/env.j2 | 4 + .../matrix-jwt-service/templates/labels.j2 | 46 +++++ .../systemd/matrix-jwt-service.service.j2 | 8 +- roles/custom/matrix-livekit/defaults/main.yml | 119 +++++++++++++ roles/custom/matrix-livekit/tasks/install.yml | 47 +++++ roles/custom/matrix-livekit/tasks/main.yml | 21 +++ .../custom/matrix-livekit/tasks/uninstall.yml | 21 +++ .../matrix-livekit/tasks/validate_config.yml | 13 ++ .../custom/matrix-livekit/templates/labels.j2 | 46 +++++ .../templates/livekit.yaml.j2 | 2 +- .../systemd/matrix-livekit-server.service.j2} | 20 +-- 29 files changed, 634 insertions(+), 366 deletions(-) delete mode 100644 roles/custom/matrix-element-call/tasks/create_element_json.yml delete mode 100644 roles/custom/matrix-element-call/tasks/install_docker_containers.yml delete mode 100644 roles/custom/matrix-element-call/tasks/update_element_web_config.yml delete mode 100644 roles/custom/matrix-element-call/tasks/update_homeserver_config.yml delete mode 100644 roles/custom/matrix-element-call/tasks/update_well_known_client.yml delete mode 100644 roles/custom/matrix-element-call/templates/env.j2 delete mode 100644 roles/custom/matrix-element-call/templates/jwt-service-labels.j2 delete mode 100644 roles/custom/matrix-element-call/templates/livekit-labels.j2 create mode 100644 roles/custom/matrix-jwt-service/defaults/main.yml create mode 100644 roles/custom/matrix-jwt-service/tasks/install.yml create mode 100644 roles/custom/matrix-jwt-service/tasks/main.yml create mode 100644 roles/custom/matrix-jwt-service/tasks/uninstall.yml create mode 100644 roles/custom/matrix-jwt-service/tasks/validate_config.yml create mode 100644 roles/custom/matrix-jwt-service/templates/env.j2 create mode 100644 roles/custom/matrix-jwt-service/templates/labels.j2 rename roles/custom/{matrix-element-call => matrix-jwt-service}/templates/systemd/matrix-jwt-service.service.j2 (85%) create mode 100644 roles/custom/matrix-livekit/defaults/main.yml create mode 100644 roles/custom/matrix-livekit/tasks/install.yml create mode 100644 roles/custom/matrix-livekit/tasks/main.yml create mode 100644 roles/custom/matrix-livekit/tasks/uninstall.yml create mode 100644 roles/custom/matrix-livekit/tasks/validate_config.yml create mode 100644 roles/custom/matrix-livekit/templates/labels.j2 rename roles/custom/{matrix-element-call => matrix-livekit}/templates/livekit.yaml.j2 (83%) rename roles/custom/{matrix-element-call/templates/systemd/matrix-livekit.service.j2 => matrix-livekit/templates/systemd/matrix-livekit-server.service.j2} (71%) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bf55b9a43..1739f54dd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -435,9 +435,9 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else []) + - ([{'name': 'matrix-jwt-service.service', 'priority': 3000, 'groups': ['matrix', 'jwt-service']}] if matrix_element_call_enabled else []) + ([{'name': 'matrix-jwt-service.service', 'priority': 3000, 'groups': ['matrix', 'jwt-service']}] if matrix_jwt_service_enabled else []) + - ([{'name': 'matrix-livekit.service', 'priority': 3000, 'groups': ['matrix', 'livekit']}] if matrix_element_call_enabled else []) + ([{'name': 'matrix-livekit-server.service', 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if matrix_livekit_server_enabled else []) + ([{'name': 'matrix-redis.service', 'priority': 450, 'groups': ['matrix', 'redis']}] if matrix_element_call_enabled else []) + @@ -5897,27 +5897,87 @@ matrix_element_call_container_image_force_pull: true matrix_element_call_container_network: "{{ matrix_addons_container_network }}" matrix_element_call_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" - # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" matrix_element_call_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_element_call_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" -# JWT Service Configuration -matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed - -# LiveKit Service Configuration -matrix_element_call_livekit_service_url: "https://sfu.{{ matrix_domain }}" # Default LiveKit service URL; adjust as needed -matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # LiveKit dev key - -# Redis Configuration for Element Call -matrix_element_call_redis_hostname: "localhost" # Default Redis hostname; can be overridden -matrix_element_call_redis_port: 6379 # Default Redis port; can be overridden -matrix_element_call_redis_password: "" # Redis password; should be set in host_vars if needed ######################################################################## # # # /matrix-element-call # # # ######################################################################## + +######################################################################## +# # +# matrix-livekit-server # +# # +######################################################################## + +# Matrix Livekit Server Configuration +matrix_livekit_server_enabled: false # Default is false; should be enabled in host_vars as needed +matrix_livekit_server_version: "latest" # Default version; can be overridden in host_vars +matrix_livekit_server_scheme: "https" +matrix_livekit_server_hostname: "sfu.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different +matrix_livekit_server_path_prefix: "/" +matrix_livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" +matrix_livekit_server_container_image: "livekit/livekit-server:{{ matrix_livekit_server_version }}" +matrix_livekit_server_container_image_force_pull: true + +# Docker network configuration for Livekit +matrix_livekit_server_container_network: "{{ matrix_addons_container_network }}" +matrix_livekit_server_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" + +# Traefik Configuration for Livekit +matrix_livekit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_livekit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_livekit_server_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_livekit_server_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +# LiveKit Service Configuration +matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # LiveKit dev key + +######################################################################## +# # +# /matrix-livekit-server # +# # +######################################################################## + +######################################################################## +# # +# matrix-jwt-service # +# # +######################################################################## + +# Matrix JWT Service Configuration +matrix_jwt_service_enabled: false # Default is false; should be enabled in host_vars as needed +matrix_jwt_service_version: "latest-ci" # Default version; can be overridden in host_vars +matrix_jwt_service_scheme: "https" # Scheme for Element Call (e.g., https) +matrix_jwt_service_hostname: "lk-jwt-service" # Default hostname; should be overridden in host_vars if different +matrix_jwt_service_path_prefix: "/" # Path prefix for Element Call +matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/jwt-service" # Base path for storing Element Call-related files +matrix_jwt_service_container_image: "ghcr.io/element-hq/lk-jwt-service:{{ matrix_jwt_service_version }}" +matrix_jwt_service_container_image_name_prefix: ghcr.io/ +matrix_jwt_service_container_image_registry_prefix: ghcr.io/ +matrix_jwt_service_container_image_force_pull: true + +# Docker network configuration for JWT Service +matrix_jwt_service_container_network: "{{ matrix_addons_container_network }}" +matrix_jwt_service_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_jwt_service_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" + +# Traefik Configuration for JWT Service +matrix_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_jwt_service_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_jwt_service_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +# JWT Service Configuration +matrix_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed + +######################################################################## +# # +# /matrix-jwt-service # +# # +######################################################################## \ No newline at end of file diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index d2660e7e3..eb7652b1a 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -4,8 +4,6 @@ matrix_element_call_enabled: false # Base path configuration matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" -matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config" -matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend" matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" @@ -16,24 +14,12 @@ matrix_element_call_container_additional_networks: [] # No additional networks # Docker images matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" -matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" -matrix_livekit_image: "livekit/livekit-server:latest" redis_image: "redis:6-alpine" # Ports matrix_element_call_port: "8093" -matrix_jwt_service_port: "8881" redis_port: "6379" -# LiveKit configuration -matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # Must be defined in host_vars -matrix_element_call_jwt_secret: "{{ matrix_jwt_secret }}" # Must be defined in host_vars -matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443" -matrix_element_call_livekit_hostname: "sfu.{{ matrix_domain }}" - -# jwt configuration -matrix_element_call_jwt_hostname: "sfu-jwt.{{ matrix_domain }}" - # Well-known paths and domains (derived from matrix_domain) matrix_element_call_domain: "call.{{ matrix_domain }}" matrix_element_call_well_known_client_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" @@ -47,7 +33,7 @@ redis_password: "" # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: true -matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_callcontainer_network }}" +matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}" matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}" # The path prefix must either be `/` or not end with a slash (e.g. `/element`). matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" @@ -112,11 +98,11 @@ matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_callfloc_optout_enabled else '' }}" +matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_callhsts_preload_enabled else '' }}" +matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -126,8 +112,8 @@ matrix_element_call_http_header_strict_transport_security: "max-age=31536000; in # - https://amifloced.org/ # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. -# See: `matrix_element_callcontent_permission_policy` -matrix_element_callfloc_optout_enabled: true +# See: `matrix_element_call_content_permission_policy` +matrix_element_call_floc_optout_enabled: true # Controls if HSTS preloading is enabled # @@ -139,7 +125,7 @@ matrix_element_callfloc_optout_enabled: true # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_element_call_http_header_strict_transport_security` -matrix_element_callhsts_preload_enabled: false +matrix_element_call_hsts_preload_enabled: false # Enable or disable metrics collection matrix_element_call_metrics_enabled: false diff --git a/roles/custom/matrix-element-call/tasks/create_element_json.yml b/roles/custom/matrix-element-call/tasks/create_element_json.yml deleted file mode 100644 index 7fe689183..000000000 --- a/roles/custom/matrix-element-call/tasks/create_element_json.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- ---- -# Create the element.json file to point to Element Call - -- name: Ensure .well-known/element directory exists - ansible.builtin.file: - path: "{{ matrix_element_call_well_known_element_path | dirname }}" - state: directory - mode: 0755 - -- name: Create or update the element.json file with Element Call config - ansible.builtin.copy: - dest: "{{ matrix_element_call_well_known_element_path }}" - content: | - { - "call": { - "widget_url": "{{ matrix_element_call_base_url }}" - } - } - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index f036fa2f9..48719f413 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -175,7 +175,7 @@ "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", - "livekit_service_url": "{{ matrix_element_call_jwt_service_url }}" + "livekit_service_url": "{{ matrix_jwt_service_url }}" } ] marker: "# ANSIBLE MANAGED BLOCK - Element Call RTC FOCI" diff --git a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml b/roles/custom/matrix-element-call/tasks/install_docker_containers.yml deleted file mode 100644 index a9d55ff85..000000000 --- a/roles/custom/matrix-element-call/tasks/install_docker_containers.yml +++ /dev/null @@ -1,166 +0,0 @@ ---- -# Ensure Required Directories Exist -- name: Ensure matrix-element-call paths exist - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - loop: - - path: "{{ matrix_element_call_base_path }}" - - path: "{{ matrix_element_call_base_path }}/data" - - path: "{{ matrix_element_call_base_path }}/config" - - path: "{{ matrix_element_call_base_path }}/backend" # For LiveKit and Redis config - -# Ensure Configuration Files are in Place -- name: Ensure Element Call config.json is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/config.json.j2" - dest: "{{ matrix_element_call_base_path }}/config/config.json" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure LiveKit livekit.yaml is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/livekit.yaml.j2" - dest: "{{ matrix_element_call_base_path }}/backend/livekit.yaml" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure Redis redis.conf is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/redis.conf.j2" - dest: "{{ matrix_element_call_base_path }}/backend/redis.conf" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-element-call environment file is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/env.j2" - dest: "{{ matrix_element_call_base_path }}/config/env" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-element-call Docker labels file is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/labels.j2" - dest: "{{ matrix_element_call_base_path }}/config/labels" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -# Ensure Docker Images are Pulled -- name: Ensure matrix-element-call Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_element_call_image }}" - source: pull - force_source: "{{ matrix_element_call_container_image_force_pull }}" - register: element_call_image_result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: element_call_image_result is not failed - -- name: Ensure jwt-service Docker image is pulled - community.docker.docker_image: - name: "ghcr.io/element-hq/lk-jwt-service:latest-ci" - source: pull - register: jwt_image_result - retries: 3 - delay: 10 - until: jwt_image_result is not failed - -- name: Ensure livekit Docker image is pulled - community.docker.docker_image: - name: "livekit/livekit-server:latest" - source: pull - register: livekit_image_result - retries: 3 - delay: 10 - until: livekit_image_result is not failed - -- name: Ensure redis Docker image is pulled - community.docker.docker_image: - name: "redis:6-alpine" - source: pull - register: redis_image_result - retries: 3 - delay: 10 - until: redis_image_result is not failed - -- name: Debug matrix_element_call_base_path - ansible.builtin.debug: - var: matrix_element_call_base_path - -- name: Debug labels file content - ansible.builtin.debug: - msg: "{{ lookup('file', matrix_element_call_base_path ~ '/config/labels') | from_yaml }}" - -# Ensure Docker Containers are Running -- name: Run matrix-element-call Docker container - community.docker.docker_container: - name: "matrix-element-call" - image: "{{ matrix_element_call_image }}" - state: started - restart_policy: unless-stopped - env_file: "{{ matrix_element_call_base_path }}/config/env" - labels: "{{ lookup('file', matrix_element_call_base_path ~ '/config/labels') | from_yaml }}" - networks: - - name: "{{ matrix_element_call_container_network }}" - volumes: - - "{{ matrix_element_call_base_path }}/config/config.json:/app/config.json" - - "{{ matrix_element_call_base_path }}/data:/data" - -- name: Run jwt-service Docker container - community.docker.docker_container: - name: "matrix-jwt-service" - image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" - state: started - restart_policy: unless-stopped - environment: - LIVEKIT_SECRET: "{{ matrix_element_call_livekit_dev_key }}" # User-specified key - LIVEKIT_URL: "{{ matrix_element_call_livekit_service_url }}" - LIVEKIT_KEY: "devkey" - networks: - - name: "{{ matrix_element_call_container_network }}" - -- name: Run livekit Docker container - community.docker.docker_container: - name: "matrix-livekit" - image: "livekit/livekit-server:latest" - state: started - restart_policy: unless-stopped - command: "--dev --config /etc/livekit.yaml" - volumes: - - "{{ matrix_element_call_base_path }}/backend/livekit.yaml:/etc/livekit.yaml" - network_mode: "host" - -- name: Run redis Docker container - community.docker.docker_container: - name: "matrix-redis" - image: "redis:6-alpine" - state: started - restart_policy: unless-stopped - command: redis-server /etc/redis.conf - volumes: - - "{{ matrix_element_call_base_path }}/backend/redis.conf:/etc/redis.conf" - networks: - - name: "{{ matrix_element_call_container_network }}" - -# Ensure Systemd Services are Set Up -- name: Ensure matrix-element-call systemd service is installed - ansible.builtin.template: - src: "{{ role_path }}/templates/element-call.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" - mode: 0644 - -- name: Ensure matrix-element-call systemd service is enabled and started - ansible.builtin.systemd: - name: matrix-element-call - enabled: true - state: started - daemon_reload: true diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml deleted file mode 100644 index 0fa227172..000000000 --- a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Update Element-Web config.json with Element Call features - -- name: Ensure Element-Web config.json exists - ansible.builtin.file: - path: "{{ matrix_element_web_config_path }}" - state: file - mode: 0644 - -- name: Update Element-Web config.json with Element Call features - ansible.builtin.blockinfile: - path: "{{ matrix_element_web_config_path }}" - block: | - "features": { - "feature_video_rooms": true, - "feature_new_room_decoration_ui": true, - "feature_group_calls": true, - "feature_element_call_video_rooms": true - }, - "element_call": { - "url": "{{ matrix_element_call_base_url }}", - "participant_limit": 8, - "brand": "Element Call", - "use_exclusively": true - } - marker: "# ANSIBLE MANAGED BLOCK - Element Call features" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_homeserver_config.yml b/roles/custom/matrix-element-call/tasks/update_homeserver_config.yml deleted file mode 100644 index 46e4f5a09..000000000 --- a/roles/custom/matrix-element-call/tasks/update_homeserver_config.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Update the homeserver.yaml file with Element Call config - -- name: Ensure homeserver.yaml exists - ansible.builtin.file: - path: "{{ matrix_homeserver_config_path }}" - state: file - mode: 0644 - -- name: Add listeners section for Element Call to homeserver.yaml - ansible.builtin.blockinfile: - path: "{{ matrix_homeserver_config_path }}" - block: | - listeners: - - port: 8008 - tls: false - type: http - x_forwarded: true - - resources: - - names: [client, federation, openid] - compress: false - marker: "# ANSIBLE MANAGED BLOCK - Element Call listeners" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure serve_server_wellknown is enabled in homeserver.yaml - ansible.builtin.lineinfile: - path: "{{ matrix_homeserver_config_path }}" - line: "serve_server_wellknown: true" - insertafter: EOF - state: present - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml deleted file mode 100644 index b02269f1c..000000000 --- a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- ---- -# Update the .well-known/matrix/client file with Element Call config - -- name: Ensure .well-known directory exists - ansible.builtin.file: - path: "{{ matrix_element_call_well_known_client_path | dirname }}" - state: directory - mode: 0755 - -- name: Update .well-known/matrix/client file with Element Call config - ansible.builtin.blockinfile: - path: "{{ matrix_element_call_well_known_client_path }}" - block: | - "org.matrix.msc4143.rtc_foci": [ - { - "type": "livekit", - "livekit_service_url": "{{ matrix_element_call_jwt_service_url }}" - } - ] - create: yes - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index c0e0ef940..7760cb94e 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -14,4 +14,4 @@ - {'name': 'matrix_livekit_image', when: true} - {'name': 'redis_image', when: true} - {'name': 'matrix_element_call_livekit_dev_key', when: true} - - {'name': 'matrix_element_call_livekit_service_url', when: true} + - {'name': 'matrix_jwt_service_url', when: true} diff --git a/roles/custom/matrix-element-call/templates/config.json.j2 b/roles/custom/matrix-element-call/templates/config.json.j2 index 3dc7f0e8a..e58648e50 100644 --- a/roles/custom/matrix-element-call/templates/config.json.j2 +++ b/roles/custom/matrix-element-call/templates/config.json.j2 @@ -6,6 +6,6 @@ } }, "livekit": { - "livekit_service_url": "{{ matrix_element_call_livekit_service_url }}" + "livekit_service_url": "{{ matrix_jwt_service_url }}" } } diff --git a/roles/custom/matrix-element-call/templates/env.j2 b/roles/custom/matrix-element-call/templates/env.j2 deleted file mode 100644 index b5a5d4be4..000000000 --- a/roles/custom/matrix-element-call/templates/env.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# Environment variables for Element Call -ELEMENT_CALL_SERVER_URL=https://{{ matrix_element_call_domain }} -LIVEKIT_KEY=devkey -LIVEKIT_URL={{ matrix_element_call_livekit_service_url }} -LIVEKIT_SECRET={{ matrix_element_call_jwt_secret }} -JWT_SERVICE_URL={{ matrix_element_call_jwt_service_url }} - -# Optional additional environment variables provided by the user -{% for key, value in matrix_element_call_environment_variables_additional.items() %} -{{ key }}={{ value }} -{% endfor %} diff --git a/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 b/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 deleted file mode 100644 index 603ced758..000000000 --- a/roles/custom/matrix-element-call/templates/jwt-service-labels.j2 +++ /dev/null @@ -1,13 +0,0 @@ -{% if matrix_element_call_container_labels_traefik_enabled %} -traefik.enable=true - -{% if matrix_element_call_container_labels_traefik_docker_network %} -traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} -{% endif %} - -# Define the Traefik router rule for JWT Service -traefik.http.routers.jwt-router.rule=Host(`{{ matrix_element_call_jwt_hostname }}`) -traefik.http.routers.jwt-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.jwt-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} -traefik.http.services.jwt-service.loadbalancer.server.port=8881 -{% endif %} diff --git a/roles/custom/matrix-element-call/templates/livekit-labels.j2 b/roles/custom/matrix-element-call/templates/livekit-labels.j2 deleted file mode 100644 index 5fa0c51ad..000000000 --- a/roles/custom/matrix-element-call/templates/livekit-labels.j2 +++ /dev/null @@ -1,13 +0,0 @@ -{% if matrix_element_call_container_labels_traefik_enabled %} -traefik.enable=true - -{% if matrix_element_call_container_labels_traefik_docker_network %} -traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} -{% endif %} - -# Define the Traefik router rule for LiveKit -traefik.http.routers.livekit-router.rule=Host(`{{ matrix_element_call_livekit_hostname }}`) -traefik.http.routers.livekit-router.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} -traefik.http.routers.livekit-router.tls.certresolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} -traefik.http.services.livekit-service.loadbalancer.server.port=7880 -{% endif %} diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml new file mode 100644 index 000000000..cf087da87 --- /dev/null +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -0,0 +1,118 @@ +--- +# Enable or disable matrix-element-call deployment +matrix_jwt_service_enabled: false + +# Base path configuration +matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/jwt-service" +matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" + +# Docker network configuration +matrix_jwt_service_container_network: '' +matrix_jwt_service_container_http_host_bind_port: '' +matrix_jwt_service_container_additional_networks: [] # No additional networks by default + +# Docker images +matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" + +# Ports +matrix_jwt_service_port: "8881" + +# jwt configuration +matrix_jwt_service_hostname: "sfu-jwt.{{ matrix_domain }}" +matrix_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" + +# Traefik Configuration for JWT Service +matrix_jwt_service_container_labels_traefik_enabled: true +matrix_jwt_service_container_labels_traefik_docker_network: "{{ matrix_jwt_service_container_network }}" +matrix_jwt_service_container_labels_traefik_hostname: "{{ matrix_jwt_service_hostname }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/element`). +matrix_jwt_service_container_labels_traefik_path_prefix: "{{ matrix_jwt_service_path_prefix }}" +matrix_jwt_service_container_labels_traefik_rule: "Host(`{{ matrix_jwt_service_container_labels_traefik_hostname }}`){% if matrix_jwt_service_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_jwt_service_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_jwt_service_container_labels_traefik_priority: 0 +matrix_jwt_service_container_labels_traefik_entrypoints: web-secure +matrix_jwt_service_container_labels_traefik_tls: "{{ matrix_jwt_service_container_labels_traefik_entrypoints != 'web' }}" +matrix_jwt_service_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_jwt_service_container_labels_traefik_additional_response_headers_custom` +matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" +matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {}) + }} +matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {} + +# matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_client_element_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_jwt_service_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_jwt_service_container_extra_arguments: [] + +# Additional environment variables for the container +matrix_jwt_service_environment_variables_additional: {} + +# List of systemd services that matrix-element-call.service depends on +matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" + +# Specifies the value of the `X-XSS-Protection` header +# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. +# +# Learn more about it is here: +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection +# - https://portswigger.net/web-security/cross-site-scripting/reflected +matrix_jwt_service_http_header_xss_protection: "1; mode=block" + +# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +matrix_jwt_service_http_header_frame_options: SAMEORIGIN + +# Specifies the value of the `X-Content-Type-Options` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options +matrix_jwt_service_http_header_content_type_options: nosniff + +# Specifies the value of the `Content-Security-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self' + +# Specifies the value of the `Permission-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy +matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}" + +# Specifies the value of the `Strict-Transport-Security` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}" + +# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses +# +# Learn more about what it is here: +# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea +# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network +# - https://amifloced.org/ +# +# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. +# See: `matrix_jwt_service_content_permission_policy` +matrix_jwt_service_floc_optout_enabled: true + +# Controls if HSTS preloading is enabled +# +# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and +# indicates a willingness to be "preloaded" into browsers: +# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` +# For more information visit: +# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +# - https://hstspreload.org/#opt-in +# See: `matrix_jwt_service_http_header_strict_transport_security` +matrix_jwt_service_hsts_preload_enabled: false \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/tasks/install.yml b/roles/custom/matrix-jwt-service/tasks/install.yml new file mode 100644 index 000000000..9a51bdfd3 --- /dev/null +++ b/roles/custom/matrix-jwt-service/tasks/install.yml @@ -0,0 +1,46 @@ +--- +# roles/custom/matrix-jwt-service/tasks/install.yml + +# Ensure Required Directories Exist +- name: Ensure matrix-jwt-service paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_jwt_service_base_path }}" + +- name: Ensure matrix-jwt-service environment file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_jwt_service_base_path }}/env" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure JWT Service labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_jwt_service_base_path }}/labels" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +# Ensure Docker Images are Pulled +- name: Ensure jwt-service Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_jwt_service_image }}" + source: pull + register: jwt_image_result + retries: 3 + delay: 10 + until: jwt_image_result is not failed + +# Systemd Services for JWT Service +- name: Ensure jwt-service systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-jwt-service.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jwt-service.service" + mode: 0644 \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/tasks/main.yml b/roles/custom/matrix-jwt-service/tasks/main.yml new file mode 100644 index 000000000..ee74a8967 --- /dev/null +++ b/roles/custom/matrix-jwt-service/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# Main task file for matrix-element-call + +- tags: + - setup-all + - setup-jwt-service + - install-all + - install-wt-service + block: + - when: matrix_jwt_service_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_jwt_service_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-jwt-service + block: + - when: not matrix_jwt_service_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-jwt-service/tasks/uninstall.yml b/roles/custom/matrix-jwt-service/tasks/uninstall.yml new file mode 100644 index 000000000..550c82951 --- /dev/null +++ b/roles/custom/matrix-jwt-service/tasks/uninstall.yml @@ -0,0 +1,22 @@ +--- +# Uninstall tasks for matrix-jwt-service + + +- name: Stop and remove jwt-service container + community.docker.docker_container: + name: "matrix-jwt-service" + state: absent + +- name: Remove jwt-service systemd service + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jwt-service.service" + state: absent + +- name: Remove matrix-jwt-service configuration files + ansible.builtin.file: + path: "{{ matrix_jwt_service_base_path }}" + state: absent + +- name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true diff --git a/roles/custom/matrix-jwt-service/tasks/validate_config.yml b/roles/custom/matrix-jwt-service/tasks/validate_config.yml new file mode 100644 index 000000000..a0105e940 --- /dev/null +++ b/roles/custom/matrix-jwt-service/tasks/validate_config.yml @@ -0,0 +1,12 @@ +--- +# Validate configuration for matrix-jwt-service + +- name: Fail if required matrix-jwt-service settings are not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_jwt_service_base_path', when: true} + - {'name': 'matrix_jwt_service_container_network', when: true} + - {'name': 'matrix_jwt_service_image', when: true} diff --git a/roles/custom/matrix-jwt-service/templates/env.j2 b/roles/custom/matrix-jwt-service/templates/env.j2 new file mode 100644 index 000000000..8034a9b33 --- /dev/null +++ b/roles/custom/matrix-jwt-service/templates/env.j2 @@ -0,0 +1,4 @@ +# Environment variables for JWT Service +LIVEKIT_KEY=devkey +LIVEKIT_URL=wss://{{ matrix_livekit_server_hostname }}:443 +LIVEKIT_SECRET={{ matrix_element_call_jwt_secret }} \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/templates/labels.j2 b/roles/custom/matrix-jwt-service/templates/labels.j2 new file mode 100644 index 000000000..b547e1952 --- /dev/null +++ b/roles/custom/matrix-jwt-service/templates/labels.j2 @@ -0,0 +1,46 @@ +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true + +# Network configuration for Traefik +{% if matrix_jwt_service_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_jwt_service_container_labels_traefik_docker_network }} +{% endif %} + +traefik.http.services.matrix-jwt-service.loadbalancer.server.port=8080 + +{% set middlewares = [] %} + +# Path prefix handling for JWT +{% if matrix_jwt_service_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-jwt-service-slashless-redirect.redirectregex.regex=({{ matrix_jwt_service_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-jwt-service-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-jwt-service-slashless-redirect'] %} + +traefik.http.middlewares.matrix-jwt-service-strip-prefix.stripprefix.prefixes={{ matrix_jwt_service_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-jwt-service-strip-prefix'] %} +{% endif %} + +{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-jwt-service.rule={{ matrix_jwt_service_container_labels_traefik_rule }} +{% if matrix_jwt_service_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-jwt-service.priority={{ matrix_jwt_service_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-jwt-service.service=matrix-jwt-service +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-jwt-service.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-jwt-service.entrypoints={{ matrix_jwt_service_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-jwt-service.tls={{ matrix_jwt_service_container_labels_traefik_tls | to_json }} +{% if matrix_jwt_service_container_labels_traefik_tls %} +traefik.http.routers.matrix-jwt-service.tls.certResolver={{ matrix_jwt_service_container_labels_traefik_tls_certResolver }} +{% endif %} + +{% endif %} + +{{ matrix_jwt_service_container_labels_additional_labels }} diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 similarity index 85% rename from roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 rename to roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 index 7d2ac8fd8..07c8ef1ed 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-jwt-service.service.j2 +++ b/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 @@ -15,13 +15,13 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ - --network={{ matrix_element_call_container_network }} \ + --network={{ matrix_jwt_service_container_network }} \ -p {{ matrix_jwt_service_port }}:8080 \ - --env-file={{ matrix_element_call_base_path }}/config/env \ - --label-file={{ matrix_element_call_base_path }}/config/jwt-service-labels \ + --env-file={{ matrix_jwt_service_base_path }}/env \ + --label-file={{ matrix_jwt_service_base_path }}/labels \ {{ matrix_jwt_service_image }} -{% for network in matrix_element_call_container_additional_networks %} +{% for network in matrix_jwt_service_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-jwt-service {% endfor %} diff --git a/roles/custom/matrix-livekit/defaults/main.yml b/roles/custom/matrix-livekit/defaults/main.yml new file mode 100644 index 000000000..73ee72f6b --- /dev/null +++ b/roles/custom/matrix-livekit/defaults/main.yml @@ -0,0 +1,119 @@ +--- +# Enable or disable matrix-livekit-server deployment +matrix_livekit_server_enabled: false + +# Base path configuration +matrix_livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" +matrix_livekit_server_config_path: "{{ matrix_livekit_server_base_path }}/config" +matrix_livekit_server_backend_path: "{{ matrix_livekit_server_base_path }}/backend" +matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" +element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" + +# Docker network configuration +matrix_livekit_server_container_network: '' +matrix_livekit_server_container_http_host_bind_port: '' +matrix_livekit_server_container_additional_networks: [] # No additional networks by default + +# Docker images +matrix_livekit_server_image: "livekit/livekit-server:latest" + +# LiveKit configuration +matrix_livekit_server_livekit_server_dev_key: "{{ matrix_livekit_server_dev_key }}" # Must be defined in host_vars +matrix_livekit_server_jwt_secret: "{{ matrix_element_call_jwt_secret }}" # Must be defined in host_vars +matrix_livekit_server_hostname: "sfu.{{ matrix_domain }}" + +# Traefik Configuration for Element Call +matrix_livekit_server_container_labels_traefik_enabled: true +matrix_livekit_server_container_labels_traefik_docker_network: "{{ matrix_livekit_server_container_network }}" +matrix_livekit_server_container_labels_traefik_hostname: "{{ matrix_livekit_server_domain }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/element`). +matrix_livekit_server_container_labels_traefik_path_prefix: "{{ matrix_livekit_server_path_prefix }}" +matrix_livekit_server_container_labels_traefik_rule: "Host(`{{ matrix_livekit_server_container_labels_traefik_hostname }}`){% if matrix_livekit_server_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_server_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_livekit_server_container_labels_traefik_priority: 0 +matrix_livekit_server_container_labels_traefik_entrypoints: web-secure +matrix_livekit_server_container_labels_traefik_tls: "{{ matrix_livekit_server_container_labels_traefik_entrypoints != 'web' }}" +matrix_livekit_server_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_livekit_server_container_labels_traefik_additional_response_headers_custom` +matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}" +matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {}) + }} +matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {} + +# matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_client_element_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_livekit_server_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_livekit_server_container_extra_arguments: [] + +# Additional environment variables for the container +matrix_livekit_server_environment_variables_additional: {} + +# List of systemd services that matrix-element-call.service depends on +matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" + +# Specifies the value of the `X-XSS-Protection` header +# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. +# +# Learn more about it is here: +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection +# - https://portswigger.net/web-security/cross-site-scripting/reflected +matrix_livekit_server_http_header_xss_protection: "1; mode=block" + +# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +matrix_livekit_server_http_header_frame_options: SAMEORIGIN + +# Specifies the value of the `X-Content-Type-Options` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options +matrix_livekit_server_http_header_content_type_options: nosniff + +# Specifies the value of the `Content-Security-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self' + +# Specifies the value of the `Permission-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy +matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}" + +# Specifies the value of the `Strict-Transport-Security` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}" + +# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses +# +# Learn more about what it is here: +# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea +# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network +# - https://amifloced.org/ +# +# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. +# See: `matrix_livekit_server_content_permission_policy` +matrix_livekit_server_floc_optout_enabled: true + +# Controls if HSTS preloading is enabled +# +# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and +# indicates a willingness to be "preloaded" into browsers: +# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` +# For more information visit: +# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +# - https://hstspreload.org/#opt-in +# See: `matrix_livekit_server_http_header_strict_transport_security` +matrix_livekit_server_hsts_preload_enabled: false \ No newline at end of file diff --git a/roles/custom/matrix-livekit/tasks/install.yml b/roles/custom/matrix-livekit/tasks/install.yml new file mode 100644 index 000000000..cccb89deb --- /dev/null +++ b/roles/custom/matrix-livekit/tasks/install.yml @@ -0,0 +1,47 @@ +--- +# roles/custom/matrix-livekit-server/tasks/install.yml + +# Ensure Required Directories Exist +- name: Ensure matrix-livekit-server paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_livekit_server_base_path }}" + +# Ensure Configuration Files are in Place +- name: Ensure LiveKit livekit.yaml is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/livekit.yaml.j2" + dest: "{{ matrix_livekit_server_base_path }}/livekit.yaml" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure LiveKit labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_livekit_server_base_path }}/labels" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +# Ensure Docker Images are Pulled +- name: Ensure livekit Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_livekit_server_image }}" + source: pull + register: livekit_image_result + retries: 3 + delay: 10 + until: livekit_image_result is not failed + +# Systemd Services for LiveKit +- name: Ensure livekit systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-livekit-server.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit.service" + mode: 0644 \ No newline at end of file diff --git a/roles/custom/matrix-livekit/tasks/main.yml b/roles/custom/matrix-livekit/tasks/main.yml new file mode 100644 index 000000000..255906c75 --- /dev/null +++ b/roles/custom/matrix-livekit/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# Main task file for matrix-livekit-server + +- tags: + - setup-all + - setup-livekit-server + - install-all + - install-livekit-server + block: + - when: matrix_livekit_server_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_livekit_server_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-livekit-server + block: + - when: not matrix_livekit_server_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-livekit/tasks/uninstall.yml b/roles/custom/matrix-livekit/tasks/uninstall.yml new file mode 100644 index 000000000..371db5c83 --- /dev/null +++ b/roles/custom/matrix-livekit/tasks/uninstall.yml @@ -0,0 +1,21 @@ +--- +# Uninstall tasks for matrix-livekit-server + +- name: Stop and remove livekit container + community.docker.docker_container: + name: "matrix-livekit-server" + state: absent + +- name: Remove livekit systemd service + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" + state: absent + +- name: Remove matrix-livekit-server configuration files + ansible.builtin.file: + path: "{{ matrix_livekit_serverbase_path }}" + state: absent + +- name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true diff --git a/roles/custom/matrix-livekit/tasks/validate_config.yml b/roles/custom/matrix-livekit/tasks/validate_config.yml new file mode 100644 index 000000000..552524318 --- /dev/null +++ b/roles/custom/matrix-livekit/tasks/validate_config.yml @@ -0,0 +1,13 @@ +--- +# Validate configuration for matrix-livekit-server + +- name: Fail if required matrix-livekit-server settings are not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_livekit_server_base_path', when: true} + - {'name': 'matrix_livekit_server_container_network', when: true} + - {'name': 'matrix_livekit_server_image', when: true} + - {'name': 'matrix_livekit_image', when: true} diff --git a/roles/custom/matrix-livekit/templates/labels.j2 b/roles/custom/matrix-livekit/templates/labels.j2 new file mode 100644 index 000000000..c41b7ed01 --- /dev/null +++ b/roles/custom/matrix-livekit/templates/labels.j2 @@ -0,0 +1,46 @@ +{% if matrix_livekit_server_container_labels_traefik_enabled %} +traefik.enable=true + +# Network configuration for Traefik +{% if matrix_livekit_server_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_livekit_server_container_labels_traefik_docker_network }} +{% endif %} + +traefik.http.services.matrix-livekit-server.loadbalancer.server.port=7880 + +{% set middlewares = [] %} + +# Path prefix handling for Livekit +{% if matrix_livekit_server_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.regex=({{ matrix_livekit_server_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-livekit-server-slashless-redirect'] %} + +traefik.http.middlewares.matrix-livekit-server-strip-prefix.stripprefix.prefixes={{ matrix_livekit_server_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-livekit-server-strip-prefix'] %} +{% endif %} + +{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-livekit-server.rule={{ matrix_livekit_server_container_labels_traefik_rule }} +{% if matrix_livekit_server_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-livekit-server.priority={{ matrix_livekit_server_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-livekit-server.service=matrix-livekit-server +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-livekit-server.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-livekit-server.entrypoints={{ matrix_livekit_server_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-livekit-server.tls={{ matrix_livekit_server_container_labels_traefik_tls | to_json }} +{% if matrix_livekit_server_container_labels_traefik_tls %} +traefik.http.routers.matrix-livekit-server.tls.certResolver={{ matrix_livekit_server_container_labels_traefik_tls_certResolver }} +{% endif %} + +{% endif %} + +{{ matrix_livekit_server_container_labels_additional_labels }} diff --git a/roles/custom/matrix-element-call/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit/templates/livekit.yaml.j2 similarity index 83% rename from roles/custom/matrix-element-call/templates/livekit.yaml.j2 rename to roles/custom/matrix-livekit/templates/livekit.yaml.j2 index 384cf3722..f8e2ad0c2 100644 --- a/roles/custom/matrix-element-call/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-livekit/templates/livekit.yaml.j2 @@ -17,4 +17,4 @@ turn: external_tls: true keys: - devkey: "{{ matrix_element_call_livekit_dev_key }}" + devkey: "{{ matrix_livekit_server_livekit_dev_key }}" diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 b/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 similarity index 71% rename from roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 rename to roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 index 4b7f3ea8a..0f416c82d 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-livekit.service.j2 +++ b/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 @@ -1,33 +1,33 @@ [Unit] -Description=Matrix LiveKit Service +Description=Matrix LiveKit Server After=docker.service Requires=docker.service [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-server 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-server 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ - --name=matrix-livekit \ + --name=matrix-livekit-server \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network=host \ - --mount type=bind,src={{ matrix_element_call_backend_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ - --label-file={{ matrix_element_call_base_path }}/config/livekit-labels \ + --mount type=bind,src={{ matrix_livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ + --label-file={{ matrix_livekit_server_base_path }}/labels \ {{ matrix_livekit_image }} \ --dev --config /etc/livekit.yaml -ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-server -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-server 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-server 2>/dev/null || true' Restart=always RestartSec=30 -SyslogIdentifier=matrix-livekit +SyslogIdentifier=matrix-livekit-server [Install] WantedBy=multi-user.target From e952ba1c3a0c4db903a1b595c5ce1804ae2db636 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 22:35:59 +1000 Subject: [PATCH 080/142] removed duplicate tasks. --- .../matrix-element-call/tasks/install.yml | 69 +------------------ .../matrix-element-call/tasks/uninstall.yml | 20 ------ .../tasks/validate_config.yml | 4 -- .../systemd/matrix-element-call.service.j2 | 2 +- 4 files changed, 3 insertions(+), 92 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 48719f413..cd0612fce 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -11,24 +11,13 @@ group: "{{ matrix_user_groupname }}" with_items: - path: "{{ matrix_element_call_base_path }}" - - path: "{{ matrix_element_call_base_path }}/data" - - path: "{{ matrix_element_call_base_path }}/config" - - path: "{{ matrix_element_call_base_path }}/backend" # For LiveKit and Redis config - path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element" # Directory for element.json # Ensure Configuration Files are in Place - name: Ensure Element Call config.json is in place ansible.builtin.template: src: "{{ role_path }}/templates/config.json.j2" - dest: "{{ matrix_element_call_base_path }}/config/config.json" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure LiveKit livekit.yaml is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/livekit.yaml.j2" - dest: "{{ matrix_element_call_base_path }}/backend/livekit.yaml" + dest: "{{ matrix_element_call_base_path }}/config.json" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -41,34 +30,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure matrix-element-call environment file is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/env.j2" - dest: "{{ matrix_element_call_base_path }}/config/env" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - - name: Ensure matrix-element-call Docker labels file is in place ansible.builtin.template: src: "{{ role_path }}/templates/element-call-labels.j2" - dest: "{{ matrix_element_call_base_path }}/config/element-call-labels" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure LiveKit labels file is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/livekit-labels.j2" - dest: "{{ matrix_element_call_base_path }}/config/livekit-labels" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure JWT Service labels file is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/jwt-service-labels.j2" - dest: "{{ matrix_element_call_base_path }}/config/jwt-service-labels" + dest: "{{ matrix_element_call_base_path }}/element-call-labels" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -84,24 +49,6 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: element_call_image_result is not failed -- name: Ensure jwt-service Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_jwt_service_image }}" - source: pull - register: jwt_image_result - retries: 3 - delay: 10 - until: jwt_image_result is not failed - -- name: Ensure livekit Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_livekit_image }}" - source: pull - register: livekit_image_result - retries: 3 - delay: 10 - until: livekit_image_result is not failed - - name: Ensure redis Docker image is pulled community.docker.docker_image: name: "{{ redis_image }}" @@ -119,18 +66,6 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" mode: 0644 -- name: Ensure jwt-service systemd service is installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-jwt-service.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jwt-service.service" - mode: 0644 - -- name: Ensure livekit systemd service is installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-livekit.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit.service" - mode: 0644 - - name: Ensure redis systemd service is installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" diff --git a/roles/custom/matrix-element-call/tasks/uninstall.yml b/roles/custom/matrix-element-call/tasks/uninstall.yml index d9a77415f..d137136c2 100644 --- a/roles/custom/matrix-element-call/tasks/uninstall.yml +++ b/roles/custom/matrix-element-call/tasks/uninstall.yml @@ -6,16 +6,6 @@ name: "matrix-element-call" state: absent -- name: Stop and remove jwt-service container - community.docker.docker_container: - name: "matrix-jwt-service" - state: absent - -- name: Stop and remove livekit container - community.docker.docker_container: - name: "matrix-livekit" - state: absent - - name: Stop and remove redis container community.docker.docker_container: name: "matrix-redis" @@ -26,16 +16,6 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" state: absent -- name: Remove jwt-service systemd service - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jwt-service.service" - state: absent - -- name: Remove livekit systemd service - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit.service" - state: absent - - name: Remove redis systemd service ansible.builtin.file: path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index 7760cb94e..5c00dcc92 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -10,8 +10,4 @@ - {'name': 'matrix_element_call_base_path', when: true} - {'name': 'matrix_element_call_container_network', when: true} - {'name': 'matrix_element_call_image', when: true} - - {'name': 'matrix_jwt_service_image', when: true} - - {'name': 'matrix_livekit_image', when: true} - {'name': 'redis_image', when: true} - - {'name': 'matrix_element_call_livekit_dev_key', when: true} - - {'name': 'matrix_jwt_service_url', when: true} diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index 6048f9e4d..b9e2c315b 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -23,7 +23,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ {% if matrix_element_call_container_http_host_bind_port %} -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ {% endif %} - --label-file={{ matrix_element_call_base_path }}/config/element-call-labels \ + --label-file={{ matrix_element_call_base_path }}/element-call-labels \ {% for arg in matrix_element_call_container_extra_arguments %} {{ arg }} \ {% endfor %} From 3de399025f550973b04baeb6b66d062a16e1b884 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 22:41:36 +1000 Subject: [PATCH 081/142] hard coded redis port. --- roles/custom/matrix-element-call/templates/redis.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/redis.conf.j2 b/roles/custom/matrix-element-call/templates/redis.conf.j2 index 993572096..32a39f7be 100644 --- a/roles/custom/matrix-element-call/templates/redis.conf.j2 +++ b/roles/custom/matrix-element-call/templates/redis.conf.j2 @@ -1,5 +1,5 @@ bind 0.0.0.0 protected-mode yes -port {{ matrix_element_call_redis_port }} +port 6379 timeout 0 tcp-keepalive 300 From 58a9642e8c33fe87da03bd4db911d5569e22523b Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 22:45:56 +1000 Subject: [PATCH 082/142] fixed config file placement. --- .../templates/systemd/matrix-redis.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 index 5cccced16..f65b0c766 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 @@ -16,7 +16,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_element_call_container_network }} \ - --mount type=bind,src={{ matrix_element_call_backend_path }}/redis.conf,dst=/etc/redis.conf,ro \ + --mount type=bind,src={{ matrix_element_call_base_path }}/redis.conf,dst=/etc/redis.conf,ro \ {{ redis_image }} \ redis-server /etc/redis.conf From 71dff50a65ccd00a328f1f6f068889bb2d6bc205 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 22:53:21 +1000 Subject: [PATCH 083/142] fixed livekit service name --- roles/custom/matrix-livekit/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit/tasks/install.yml b/roles/custom/matrix-livekit/tasks/install.yml index cccb89deb..8e859565b 100644 --- a/roles/custom/matrix-livekit/tasks/install.yml +++ b/roles/custom/matrix-livekit/tasks/install.yml @@ -43,5 +43,5 @@ - name: Ensure livekit systemd service is installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-livekit-server.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" mode: 0644 \ No newline at end of file From 8cb7deff15e585571f69dfc3e7de63ce96b9c9c8 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Mon, 30 Sep 2024 23:04:10 +1000 Subject: [PATCH 084/142] cleaned up old services again --- roles/custom/matrix-livekit/defaults/main.yml | 4 ---- .../templates/systemd/matrix-livekit-server.service.j2 | 1 + 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/custom/matrix-livekit/defaults/main.yml b/roles/custom/matrix-livekit/defaults/main.yml index 73ee72f6b..2a549df76 100644 --- a/roles/custom/matrix-livekit/defaults/main.yml +++ b/roles/custom/matrix-livekit/defaults/main.yml @@ -4,10 +4,6 @@ matrix_livekit_server_enabled: false # Base path configuration matrix_livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" -matrix_livekit_server_config_path: "{{ matrix_livekit_server_base_path }}/config" -matrix_livekit_server_backend_path: "{{ matrix_livekit_server_base_path }}/backend" -matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" -element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" # Docker network configuration matrix_livekit_server_container_network: '' diff --git a/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 index 0f416c82d..b28739ac4 100644 --- a/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 +++ b/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 @@ -1,3 +1,4 @@ +#jinja2: lstrip_blocks: "True" [Unit] Description=Matrix LiveKit Server After=docker.service From 97f93ebd76d984e80c398161335d036f40e1e280 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 09:31:42 +1000 Subject: [PATCH 085/142] renamed the livekit role and added livekit-server and jwt-service roles to the setup file. --- .../{matrix-livekit => matrix-livekit-server}/defaults/main.yml | 0 .../{matrix-livekit => matrix-livekit-server}/tasks/install.yml | 0 .../{matrix-livekit => matrix-livekit-server}/tasks/main.yml | 0 .../tasks/uninstall.yml | 0 .../tasks/validate_config.yml | 0 .../templates/labels.j2 | 0 .../templates/livekit.yaml.j2 | 0 .../templates/systemd/matrix-livekit-server.service.j2 | 0 setup.yml | 2 ++ 9 files changed, 2 insertions(+) rename roles/custom/{matrix-livekit => matrix-livekit-server}/defaults/main.yml (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/tasks/install.yml (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/tasks/main.yml (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/tasks/uninstall.yml (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/tasks/validate_config.yml (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/templates/labels.j2 (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/templates/livekit.yaml.j2 (100%) rename roles/custom/{matrix-livekit => matrix-livekit-server}/templates/systemd/matrix-livekit-server.service.j2 (100%) diff --git a/roles/custom/matrix-livekit/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml similarity index 100% rename from roles/custom/matrix-livekit/defaults/main.yml rename to roles/custom/matrix-livekit-server/defaults/main.yml diff --git a/roles/custom/matrix-livekit/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml similarity index 100% rename from roles/custom/matrix-livekit/tasks/install.yml rename to roles/custom/matrix-livekit-server/tasks/install.yml diff --git a/roles/custom/matrix-livekit/tasks/main.yml b/roles/custom/matrix-livekit-server/tasks/main.yml similarity index 100% rename from roles/custom/matrix-livekit/tasks/main.yml rename to roles/custom/matrix-livekit-server/tasks/main.yml diff --git a/roles/custom/matrix-livekit/tasks/uninstall.yml b/roles/custom/matrix-livekit-server/tasks/uninstall.yml similarity index 100% rename from roles/custom/matrix-livekit/tasks/uninstall.yml rename to roles/custom/matrix-livekit-server/tasks/uninstall.yml diff --git a/roles/custom/matrix-livekit/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml similarity index 100% rename from roles/custom/matrix-livekit/tasks/validate_config.yml rename to roles/custom/matrix-livekit-server/tasks/validate_config.yml diff --git a/roles/custom/matrix-livekit/templates/labels.j2 b/roles/custom/matrix-livekit-server/templates/labels.j2 similarity index 100% rename from roles/custom/matrix-livekit/templates/labels.j2 rename to roles/custom/matrix-livekit-server/templates/labels.j2 diff --git a/roles/custom/matrix-livekit/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 similarity index 100% rename from roles/custom/matrix-livekit/templates/livekit.yaml.j2 rename to roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 diff --git a/roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 similarity index 100% rename from roles/custom/matrix-livekit/templates/systemd/matrix-livekit-server.service.j2 rename to roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 diff --git a/setup.yml b/setup.yml index cbc3e1673..8055b46ba 100644 --- a/setup.yml +++ b/setup.yml @@ -131,6 +131,8 @@ - custom/matrix-media-repo - custom/matrix-pantalaimon - custom/matrix-element-call + - custom/matrix-livekit-server + - custom/matrix-jwt-service - role: galaxy/postgres_backup From b7b8ed573b9a56034785e17f232c707524fe4f16 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 09:48:44 +1000 Subject: [PATCH 086/142] typo in livekit-server validate. --- roles/custom/matrix-livekit-server/tasks/validate_config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index 552524318..7fdfa0511 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -10,4 +10,4 @@ - {'name': 'matrix_livekit_server_base_path', when: true} - {'name': 'matrix_livekit_server_container_network', when: true} - {'name': 'matrix_livekit_server_image', when: true} - - {'name': 'matrix_livekit_image', when: true} + - {'name': 'matrix_livekit_server_image', when: true} From 812b57cfaa81d19b959bc13919abcba4c88b5336 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 09:54:02 +1000 Subject: [PATCH 087/142] resolved missing key. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1739f54dd..c97697011 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5937,7 +5937,7 @@ matrix_livekit_server_container_labels_traefik_entrypoints: "{{ devture_traefik_ matrix_livekit_server_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # LiveKit Service Configuration -matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # LiveKit dev key +matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_server_dev_key }}" # LiveKit dev key ######################################################################## # # From fd2f505b34092a8f0267023b9f6ac9c41308f1f9 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 10:00:30 +1000 Subject: [PATCH 088/142] Fixed typo in livekit server hostname --- roles/custom/matrix-livekit-server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 2a549df76..5b8edc5c2 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -21,7 +21,7 @@ matrix_livekit_server_hostname: "sfu.{{ matrix_domain }}" # Traefik Configuration for Element Call matrix_livekit_server_container_labels_traefik_enabled: true matrix_livekit_server_container_labels_traefik_docker_network: "{{ matrix_livekit_server_container_network }}" -matrix_livekit_server_container_labels_traefik_hostname: "{{ matrix_livekit_server_domain }}" +matrix_livekit_server_container_labels_traefik_hostname: "{{ matrix_livekit_server_hostname }}" # The path prefix must either be `/` or not end with a slash (e.g. `/element`). matrix_livekit_server_container_labels_traefik_path_prefix: "{{ matrix_livekit_server_path_prefix }}" matrix_livekit_server_container_labels_traefik_rule: "Host(`{{ matrix_livekit_server_container_labels_traefik_hostname }}`){% if matrix_livekit_server_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_server_container_labels_traefik_path_prefix }}`){% endif %}" From 7cdec5f2513c5c31d018c41468065f766fdbea57 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 10:17:34 +1000 Subject: [PATCH 089/142] fixed type in livekit image --- .../templates/systemd/matrix-livekit-server.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 index b28739ac4..30505a2dc 100644 --- a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 +++ b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 @@ -19,7 +19,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --network=host \ --mount type=bind,src={{ matrix_livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ --label-file={{ matrix_livekit_server_base_path }}/labels \ - {{ matrix_livekit_image }} \ + {{ matrix_livekit_server_image }} \ --dev --config /etc/livekit.yaml ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-server From d5aabc85be569354dc99f967ba3c397e371880ac Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 10:41:30 +1000 Subject: [PATCH 090/142] removed redis images in favor of the inbuilt keyDB --- group_vars/matrix_servers | 2 -- .../matrix-element-call/defaults/main.yml | 7 ---- .../matrix-element-call/tasks/install.yml | 26 +-------------- .../matrix-element-call/tasks/uninstall.yml | 10 ------ .../tasks/validate_config.yml | 1 - .../templates/redis.conf.j2 | 5 --- .../templates/systemd/matrix-redis.service.j2 | 32 ------------------- 7 files changed, 1 insertion(+), 82 deletions(-) delete mode 100644 roles/custom/matrix-element-call/templates/redis.conf.j2 delete mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c97697011..6728825fa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -439,8 +439,6 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-livekit-server.service', 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if matrix_livekit_server_enabled else []) + - ([{'name': 'matrix-redis.service', 'priority': 450, 'groups': ['matrix', 'redis']}] if matrix_element_call_enabled else []) - + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index eb7652b1a..393863ad5 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -14,11 +14,9 @@ matrix_element_call_container_additional_networks: [] # No additional networks # Docker images matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" -redis_image: "redis:6-alpine" # Ports matrix_element_call_port: "8093" -redis_port: "6379" # Well-known paths and domains (derived from matrix_domain) matrix_element_call_domain: "call.{{ matrix_domain }}" @@ -26,11 +24,6 @@ matrix_element_call_well_known_client_path: "{{ matrix_base_data_path }}/static- matrix_element_call_well_known_element_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json" matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" -# Redis Configuration for Element Call -redis_hostname: "localhost" -#redis_port: 6379 -redis_password: "" - # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: true matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}" diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index cd0612fce..266a9407b 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -22,14 +22,6 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure Redis redis.conf is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/redis.conf.j2" - dest: "{{ matrix_element_call_base_path }}/backend/redis.conf" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - - name: Ensure matrix-element-call Docker labels file is in place ansible.builtin.template: src: "{{ role_path }}/templates/element-call-labels.j2" @@ -49,29 +41,13 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: element_call_image_result is not failed -- name: Ensure redis Docker image is pulled - community.docker.docker_image: - name: "{{ redis_image }}" - source: pull - register: redis_image_result - retries: 3 - delay: 10 - until: redis_image_result is not failed - -# Systemd Services for Element Call, JWT Service, LiveKit, and Redis - +# Systemd Services for Element Call - name: Ensure matrix-element-call systemd service is installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" mode: 0644 -- name: Ensure redis systemd service is installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" - mode: 0644 - # Update homeserver.yaml for Element Call - name: Add listeners section for Element Call to homeserver.yaml ansible.builtin.blockinfile: diff --git a/roles/custom/matrix-element-call/tasks/uninstall.yml b/roles/custom/matrix-element-call/tasks/uninstall.yml index d137136c2..184f88ac2 100644 --- a/roles/custom/matrix-element-call/tasks/uninstall.yml +++ b/roles/custom/matrix-element-call/tasks/uninstall.yml @@ -6,21 +6,11 @@ name: "matrix-element-call" state: absent -- name: Stop and remove redis container - community.docker.docker_container: - name: "matrix-redis" - state: absent - - name: Remove matrix-element-call systemd service ansible.builtin.file: path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" state: absent -- name: Remove redis systemd service - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" - state: absent - - name: Remove matrix-element-call configuration files ansible.builtin.file: path: "{{ matrix_element_call_base_path }}" diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index 5c00dcc92..084e510d6 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -10,4 +10,3 @@ - {'name': 'matrix_element_call_base_path', when: true} - {'name': 'matrix_element_call_container_network', when: true} - {'name': 'matrix_element_call_image', when: true} - - {'name': 'redis_image', when: true} diff --git a/roles/custom/matrix-element-call/templates/redis.conf.j2 b/roles/custom/matrix-element-call/templates/redis.conf.j2 deleted file mode 100644 index 32a39f7be..000000000 --- a/roles/custom/matrix-element-call/templates/redis.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -bind 0.0.0.0 -protected-mode yes -port 6379 -timeout 0 -tcp-keepalive 300 diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 deleted file mode 100644 index f65b0c766..000000000 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-redis.service.j2 +++ /dev/null @@ -1,32 +0,0 @@ -[Unit] -Description=Matrix Redis Service -After=docker.service -Requires=docker.service - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-redis 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-redis 2>/dev/null || true' - -ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ - --rm \ - --name=matrix-redis \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_element_call_container_network }} \ - --mount type=bind,src={{ matrix_element_call_base_path }}/redis.conf,dst=/etc/redis.conf,ro \ - {{ redis_image }} \ - redis-server /etc/redis.conf - -ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-redis - -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-redis 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-redis 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-redis - -[Install] -WantedBy=multi-user.target From f98a505df82526e8acc4460eea45a41fd9293382 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 11:00:56 +1000 Subject: [PATCH 091/142] changed jwt-service port label. --- roles/custom/matrix-jwt-service/templates/labels.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-jwt-service/templates/labels.j2 b/roles/custom/matrix-jwt-service/templates/labels.j2 index b547e1952..62e2755ce 100644 --- a/roles/custom/matrix-jwt-service/templates/labels.j2 +++ b/roles/custom/matrix-jwt-service/templates/labels.j2 @@ -6,7 +6,7 @@ traefik.enable=true traefik.docker.network={{ matrix_jwt_service_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.matrix-jwt-service.loadbalancer.server.port=8080 +traefik.http.services.matrix-jwt-service.loadbalancer.server.port=8881 {% set middlewares = [] %} From d53c2428b8cfb9da1a7e668802716fc4f2caaf6c Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 12:29:35 +1000 Subject: [PATCH 092/142] updated jwt hostname. --- group_vars/matrix_servers | 4 ++-- roles/custom/matrix-jwt-service/defaults/main.yml | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6728825fa..ef138b1fe 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5953,9 +5953,9 @@ matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_server_dev_key }}" # matrix_jwt_service_enabled: false # Default is false; should be enabled in host_vars as needed matrix_jwt_service_version: "latest-ci" # Default version; can be overridden in host_vars matrix_jwt_service_scheme: "https" # Scheme for Element Call (e.g., https) -matrix_jwt_service_hostname: "lk-jwt-service" # Default hostname; should be overridden in host_vars if different +matrix_jwt_service_hostname: "{{ matrix_jwt_service_hostname }}" # Default hostname; should be overridden in host_vars if different matrix_jwt_service_path_prefix: "/" # Path prefix for Element Call -matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/jwt-service" # Base path for storing Element Call-related files +matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/matrix-jwt-service" # Base path for storing Element Call-related files matrix_jwt_service_container_image: "ghcr.io/element-hq/lk-jwt-service:{{ matrix_jwt_service_version }}" matrix_jwt_service_container_image_name_prefix: ghcr.io/ matrix_jwt_service_container_image_registry_prefix: ghcr.io/ diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index cf087da87..eef19f621 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -4,11 +4,10 @@ matrix_jwt_service_enabled: false # Base path configuration matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/jwt-service" -matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" # Docker network configuration matrix_jwt_service_container_network: '' -matrix_jwt_service_container_http_host_bind_port: '' +matrix_jwt_service_container_http_host_bind_port: '8881' matrix_jwt_service_container_additional_networks: [] # No additional networks by default # Docker images @@ -115,4 +114,4 @@ matrix_jwt_service_floc_optout_enabled: true # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_jwt_service_http_header_strict_transport_security` -matrix_jwt_service_hsts_preload_enabled: false \ No newline at end of file +matrix_jwt_service_hsts_preload_enabled: true \ No newline at end of file From dbbaae4fbebd1bdd06d20d7ddf6325aa347918a2 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 12:34:25 +1000 Subject: [PATCH 093/142] stopping the recursive loop --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ef138b1fe..97c5e3b41 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5953,7 +5953,7 @@ matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_server_dev_key }}" # matrix_jwt_service_enabled: false # Default is false; should be enabled in host_vars as needed matrix_jwt_service_version: "latest-ci" # Default version; can be overridden in host_vars matrix_jwt_service_scheme: "https" # Scheme for Element Call (e.g., https) -matrix_jwt_service_hostname: "{{ matrix_jwt_service_hostname }}" # Default hostname; should be overridden in host_vars if different +matrix_jwt_service_hostname: "sfu-jwt.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different matrix_jwt_service_path_prefix: "/" # Path prefix for Element Call matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/matrix-jwt-service" # Base path for storing Element Call-related files matrix_jwt_service_container_image: "ghcr.io/element-hq/lk-jwt-service:{{ matrix_jwt_service_version }}" From 9864996aad36de6350c66095a4bb224ba022648b Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 12:46:37 +1000 Subject: [PATCH 094/142] adjusted jwt service ports for traefik --- roles/custom/matrix-jwt-service/defaults/main.yml | 2 +- roles/custom/matrix-jwt-service/templates/labels.j2 | 2 +- .../templates/systemd/matrix-jwt-service.service.j2 | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index eef19f621..3496e55db 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -7,7 +7,7 @@ matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/jwt-service" # Docker network configuration matrix_jwt_service_container_network: '' -matrix_jwt_service_container_http_host_bind_port: '8881' +matrix_jwt_service_container_http_host_bind_port: '' matrix_jwt_service_container_additional_networks: [] # No additional networks by default # Docker images diff --git a/roles/custom/matrix-jwt-service/templates/labels.j2 b/roles/custom/matrix-jwt-service/templates/labels.j2 index 62e2755ce..b547e1952 100644 --- a/roles/custom/matrix-jwt-service/templates/labels.j2 +++ b/roles/custom/matrix-jwt-service/templates/labels.j2 @@ -6,7 +6,7 @@ traefik.enable=true traefik.docker.network={{ matrix_jwt_service_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.matrix-jwt-service.loadbalancer.server.port=8881 +traefik.http.services.matrix-jwt-service.loadbalancer.server.port=8080 {% set middlewares = [] %} diff --git a/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 index 07c8ef1ed..bdf36635a 100644 --- a/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 +++ b/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 @@ -16,7 +16,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_jwt_service_container_network }} \ - -p {{ matrix_jwt_service_port }}:8080 \ + {% if matrix_jwt_service_container_http_host_bind_port %} + -p {{ matrix_jwt_service_container_http_host_bind_port }}:8080 \ + {% endif %} --env-file={{ matrix_jwt_service_base_path }}/env \ --label-file={{ matrix_jwt_service_base_path }}/labels \ {{ matrix_jwt_service_image }} From 5507fb3bab5fb89733f82715dfac67ff1457f99a Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 13:08:21 +1000 Subject: [PATCH 095/142] added element-call config.json to systemd file --- .../templates/systemd/matrix-element-call.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index b9e2c315b..791c62ddc 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -20,6 +20,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_element_call_container_network }} \ + --mount type=bind,src={{ matrix_element_call_base_path }}/config.json,dst=/app/config.json,ro \ {% if matrix_element_call_container_http_host_bind_port %} -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ {% endif %} From e421852af5a0d571c9ef74e8c3cade58111d67ad Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 13:09:00 +1000 Subject: [PATCH 096/142] updated jwt bind port --- roles/custom/matrix-jwt-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index 3496e55db..eef19f621 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -7,7 +7,7 @@ matrix_jwt_service_base_path: "{{ matrix_base_data_path }}/jwt-service" # Docker network configuration matrix_jwt_service_container_network: '' -matrix_jwt_service_container_http_host_bind_port: '' +matrix_jwt_service_container_http_host_bind_port: '8881' matrix_jwt_service_container_additional_networks: [] # No additional networks by default # Docker images From 4acb025130278f2a8426b41f2ec4920f9d409ed4 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 13:35:53 +1000 Subject: [PATCH 097/142] testing livekit configuration --- roles/custom/matrix-jwt-service/templates/env.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-jwt-service/templates/env.j2 b/roles/custom/matrix-jwt-service/templates/env.j2 index 8034a9b33..4bb12aaf5 100644 --- a/roles/custom/matrix-jwt-service/templates/env.j2 +++ b/roles/custom/matrix-jwt-service/templates/env.j2 @@ -1,4 +1,4 @@ # Environment variables for JWT Service LIVEKIT_KEY=devkey LIVEKIT_URL=wss://{{ matrix_livekit_server_hostname }}:443 -LIVEKIT_SECRET={{ matrix_element_call_jwt_secret }} \ No newline at end of file +LIVEKIT_SECRET={{ matrix_livekit_server_dev_key }} \ No newline at end of file From 46109565e1235be5203df505d4a1455acd8be4a3 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 16:33:48 +1000 Subject: [PATCH 098/142] updated headers for each of the call services. --- .../custom/matrix-element-call/defaults/main.yml | 16 ++++++++-------- .../custom/matrix-jwt-service/defaults/main.yml | 14 +++++++------- .../matrix-livekit-server/defaults/main.yml | 16 ++++++++-------- .../templates/livekit.yaml.j2 | 2 +- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 393863ad5..e62703271 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -75,27 +75,27 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_ # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_element_call_http_header_xss_protection: "1; mode=block" +#matrix_element_call_http_header_xss_protection: "1; mode=block" # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_element_call_http_header_frame_options: SAMEORIGIN +#matrix_element_call_http_header_frame_options: SAMEORIGIN # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_element_call_http_header_content_type_options: nosniff +#matrix_element_call_http_header_content_type_options: nosniff # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' +#matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" +#matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" +#matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -106,7 +106,7 @@ matrix_element_call_http_header_strict_transport_security: "max-age=31536000; in # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_element_call_content_permission_policy` -matrix_element_call_floc_optout_enabled: true +#matrix_element_call_floc_optout_enabled: true # Controls if HSTS preloading is enabled # @@ -118,7 +118,7 @@ matrix_element_call_floc_optout_enabled: true # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_element_call_http_header_strict_transport_security` -matrix_element_call_hsts_preload_enabled: false +matrix_element_call_hsts_preload_enabled: true # Enable or disable metrics collection matrix_element_call_metrics_enabled: false diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index eef19f621..2d5fd9013 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -71,27 +71,27 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_jwt_service_http_header_xss_protection: "1; mode=block" +#matrix_jwt_service_http_header_xss_protection: "1; mode=block" # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_jwt_service_http_header_frame_options: SAMEORIGIN +#matrix_jwt_service_http_header_frame_options: SAMEORIGIN # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_jwt_service_http_header_content_type_options: nosniff +#matrix_jwt_service_http_header_content_type_options: nosniff # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self' +#matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}" +#matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}" +#matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -102,7 +102,7 @@ matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; inc # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_jwt_service_content_permission_policy` -matrix_jwt_service_floc_optout_enabled: true +#matrix_jwt_service_floc_optout_enabled: true # Controls if HSTS preloading is enabled # diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 5b8edc5c2..662bc4e81 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -69,27 +69,27 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_livekit_server_http_header_xss_protection: "1; mode=block" +#matrix_livekit_server_http_header_xss_protection: "1; mode=block" # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_livekit_server_http_header_frame_options: SAMEORIGIN +#matrix_livekit_server_http_header_frame_options: SAMEORIGIN # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_livekit_server_http_header_content_type_options: nosniff +#matrix_livekit_server_http_header_content_type_options: nosniff # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self' +#matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}" +#matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}" +#matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -100,7 +100,7 @@ matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_livekit_server_content_permission_policy` -matrix_livekit_server_floc_optout_enabled: true +#matrix_livekit_server_floc_optout_enabled: true # Controls if HSTS preloading is enabled # @@ -112,4 +112,4 @@ matrix_livekit_server_floc_optout_enabled: true # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_livekit_server_http_header_strict_transport_security` -matrix_livekit_server_hsts_preload_enabled: false \ No newline at end of file +matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 index f8e2ad0c2..492a12214 100644 --- a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 @@ -5,7 +5,7 @@ rtc: tcp_port: 7881 port_range_start: 50100 port_range_end: 50200 - use_external_ip: false + use_external_ip: true turn: enabled: false From 9691577b2239e894f9c8c1ae52f38b3c29802b80 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 16:45:07 +1000 Subject: [PATCH 099/142] removed additinoal headers --- .../matrix-element-call/defaults/main.yml | 26 +++++++++---------- .../matrix-jwt-service/defaults/main.yml | 26 +++++++++---------- .../matrix-livekit-server/defaults/main.yml | 26 +++++++++---------- 3 files changed, 39 insertions(+), 39 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index e62703271..d445e7ab4 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -38,18 +38,18 @@ matrix_element_call_container_labels_traefik_tls_certResolver: default # noqa v # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom` -matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" -matrix_element_call_container_labels_traefik_additional_response_headers_auto: | - {{ - {} - | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) - | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) - | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) - | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) - | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) - | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) - }} -matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} +#matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" +#matrix_element_call_container_labels_traefik_additional_response_headers_auto: | +# {{ +# {} +# | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) +# | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) +# | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) +# | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) +# | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) +# | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) +# }} +#matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -118,7 +118,7 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_ # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_element_call_http_header_strict_transport_security` -matrix_element_call_hsts_preload_enabled: true +#matrix_element_call_hsts_preload_enabled: true # Enable or disable metrics collection matrix_element_call_metrics_enabled: false diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index 2d5fd9013..e688556f3 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -34,18 +34,18 @@ matrix_jwt_service_container_labels_traefik_tls_certResolver: default # noqa va # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_jwt_service_container_labels_traefik_additional_response_headers_custom` -matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" -matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: | - {{ - {} - | combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {}) - | combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {}) - | combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {}) - | combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {}) - | combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {}) - | combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {}) - }} -matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {} +#matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" +#matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: | +# {{ +# {} +# | combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {}) +# | combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {}) +# | combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {}) +# | combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {}) +## | combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {}) +# | combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {}) +# }} +#matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -114,4 +114,4 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_jwt_service_http_header_strict_transport_security` -matrix_jwt_service_hsts_preload_enabled: true \ No newline at end of file +#matrix_jwt_service_hsts_preload_enabled: true \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 662bc4e81..b392aefe6 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -32,18 +32,18 @@ matrix_livekit_server_container_labels_traefik_tls_certResolver: default # noqa # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_livekit_server_container_labels_traefik_additional_response_headers_custom` -matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}" -matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: | - {{ - {} - | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {}) - | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {}) - | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {}) - | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {}) - | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {}) - | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {}) - }} -matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {} +#matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}" +#matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: | +# {{ +# {} +# | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {}) +# | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {}) +# | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {}) +# | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {}) +# | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {}) +# | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {}) +# }} +#matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -112,4 +112,4 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_livekit_server_http_header_strict_transport_security` -matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file +#matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file From 6c8923ae2879948fbdaa794bdb5992aee1a13e3c Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 16:51:06 +1000 Subject: [PATCH 100/142] removed headers. --- .../templates/element-call-labels.j2 | 12 ++++++------ roles/custom/matrix-jwt-service/templates/labels.j2 | 12 ++++++------ .../custom/matrix-livekit-server/templates/labels.j2 | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 10a84751b..28d7d714a 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={ {% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} {% endif %} -{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -{% endfor %} -{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} -{% endif %} +#{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +#{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} +#traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +#{% endfor %} +#{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} +#{% endif %} traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-jwt-service/templates/labels.j2 b/roles/custom/matrix-jwt-service/templates/labels.j2 index b547e1952..939c8d4d3 100644 --- a/roles/custom/matrix-jwt-service/templates/labels.j2 +++ b/roles/custom/matrix-jwt-service/templates/labels.j2 @@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-jwt-service-strip-prefix.stripprefix.prefixes={{ {% set middlewares = middlewares + ['matrix-jwt-service-strip-prefix'] %} {% endif %} -{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -{% endfor %} -{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %} -{% endif %} +#{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +#{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %} +#traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +#{% endfor %} +#{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %} +#{% endif %} traefik.http.routers.matrix-jwt-service.rule={{ matrix_jwt_service_container_labels_traefik_rule }} {% if matrix_jwt_service_container_labels_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-livekit-server/templates/labels.j2 b/roles/custom/matrix-livekit-server/templates/labels.j2 index c41b7ed01..141045f2f 100644 --- a/roles/custom/matrix-livekit-server/templates/labels.j2 +++ b/roles/custom/matrix-livekit-server/templates/labels.j2 @@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-livekit-server-strip-prefix.stripprefix.prefixes {% set middlewares = middlewares + ['matrix-livekit-server-strip-prefix'] %} {% endif %} -{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %} -traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -{% endfor %} -{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %} -{% endif %} +#{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +#{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %} +#traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +#{% endfor %} +#{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %} +#{% endif %} traefik.http.routers.matrix-livekit-server.rule={{ matrix_livekit_server_container_labels_traefik_rule }} {% if matrix_livekit_server_container_labels_traefik_priority | int > 0 %} From 2b4fdea70fd8572cc1074bd5f7eaff84ed1247de Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 17:04:11 +1000 Subject: [PATCH 101/142] added header flags back in. --- .../matrix-element-call/defaults/main.yml | 40 +++++++++---------- .../templates/element-call-labels.j2 | 12 +++--- .../matrix-jwt-service/defaults/main.yml | 40 +++++++++---------- .../matrix-jwt-service/templates/labels.j2 | 12 +++--- .../matrix-livekit-server/defaults/main.yml | 40 +++++++++---------- .../matrix-livekit-server/templates/labels.j2 | 12 +++--- 6 files changed, 78 insertions(+), 78 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index d445e7ab4..0a227a1bc 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -38,18 +38,18 @@ matrix_element_call_container_labels_traefik_tls_certResolver: default # noqa v # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom` -#matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" -#matrix_element_call_container_labels_traefik_additional_response_headers_auto: | -# {{ -# {} -# | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) -# | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) -# | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) -# | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) -# | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) -# | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) -# }} -#matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} +matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" +matrix_element_call_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) + }} +matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -75,27 +75,27 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_ # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -#matrix_element_call_http_header_xss_protection: "1; mode=block" +matrix_element_call_http_header_xss_protection: '' # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -#matrix_element_call_http_header_frame_options: SAMEORIGIN +matrix_element_call_http_header_frame_options: '' # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -#matrix_element_call_http_header_content_type_options: nosniff +matrix_element_call_http_header_content_type_options: '' # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -#matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' +matrix_element_call_http_header_content_security_policy: '' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -#matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" +matrix_element_call_http_header_content_permission_policy: '' # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -#matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" +matrix_element_call_http_header_strict_transport_security: '' # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -106,7 +106,7 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_ # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_element_call_content_permission_policy` -#matrix_element_call_floc_optout_enabled: true +matrix_element_call_floc_optout_enabled: false # Controls if HSTS preloading is enabled # @@ -118,7 +118,7 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_ # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_element_call_http_header_strict_transport_security` -#matrix_element_call_hsts_preload_enabled: true +matrix_element_call_hsts_preload_enabled: false # Enable or disable metrics collection matrix_element_call_metrics_enabled: false diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 28d7d714a..cfc5c72f7 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={ {% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} {% endif %} -#{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -#{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} -#traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -#{% endfor %} -#{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} -#{% endif %} +{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} + {% endif %} traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index e688556f3..97d58a273 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -34,18 +34,18 @@ matrix_jwt_service_container_labels_traefik_tls_certResolver: default # noqa va # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_jwt_service_container_labels_traefik_additional_response_headers_custom` -#matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" -#matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: | -# {{ -# {} -# | combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {}) -# | combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {}) -# | combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {}) -# | combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {}) -## | combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {}) -# | combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {}) -# }} -#matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {} +matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" +matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {}) + }} +matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -71,27 +71,27 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -#matrix_jwt_service_http_header_xss_protection: "1; mode=block" +matrix_jwt_service_http_header_xss_protection: '' # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -#matrix_jwt_service_http_header_frame_options: SAMEORIGIN +matrix_jwt_service_http_header_frame_options: '' # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -#matrix_jwt_service_http_header_content_type_options: nosniff +matrix_jwt_service_http_header_content_type_options: '' # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -#matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self' +matrix_jwt_service_http_header_content_security_policy: '' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -#matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}" +matrix_jwt_service_http_header_content_permission_policy: '' # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -#matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}" +matrix_jwt_service_http_header_strict_transport_security: '' # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -102,7 +102,7 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_jwt_service_content_permission_policy` -#matrix_jwt_service_floc_optout_enabled: true +matrix_jwt_service_floc_optout_enabled: false # Controls if HSTS preloading is enabled # @@ -114,4 +114,4 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_jwt_service_http_header_strict_transport_security` -#matrix_jwt_service_hsts_preload_enabled: true \ No newline at end of file +matrix_jwt_service_hsts_preload_enabled: true \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/templates/labels.j2 b/roles/custom/matrix-jwt-service/templates/labels.j2 index 939c8d4d3..b547e1952 100644 --- a/roles/custom/matrix-jwt-service/templates/labels.j2 +++ b/roles/custom/matrix-jwt-service/templates/labels.j2 @@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-jwt-service-strip-prefix.stripprefix.prefixes={{ {% set middlewares = middlewares + ['matrix-jwt-service-strip-prefix'] %} {% endif %} -#{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -#{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %} -#traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -#{% endfor %} -#{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %} -#{% endif %} +{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %} +{% endif %} traefik.http.routers.matrix-jwt-service.rule={{ matrix_jwt_service_container_labels_traefik_rule }} {% if matrix_jwt_service_container_labels_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index b392aefe6..8175af0ea 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -32,18 +32,18 @@ matrix_livekit_server_container_labels_traefik_tls_certResolver: default # noqa # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_livekit_server_container_labels_traefik_additional_response_headers_custom` -#matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}" -#matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: | -# {{ -# {} -# | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {}) -# | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {}) -# | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {}) -# | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {}) -# | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {}) -# | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {}) -# }} -#matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {} +matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}" +matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {}) + }} +matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -69,27 +69,27 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -#matrix_livekit_server_http_header_xss_protection: "1; mode=block" +matrix_livekit_server_http_header_xss_protection: '' # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -#matrix_livekit_server_http_header_frame_options: SAMEORIGIN +matrix_livekit_server_http_header_frame_options: '' # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -#matrix_livekit_server_http_header_content_type_options: nosniff +matrix_livekit_server_http_header_content_type_options: '' # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -#matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self' +matrix_livekit_server_http_header_content_security_policy: '' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -#matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}" +matrix_livekit_server_http_header_content_permission_policy: '' # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -#matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}" +matrix_livekit_server_http_header_strict_transport_security: '' # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -100,7 +100,7 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_livekit_server_content_permission_policy` -#matrix_livekit_server_floc_optout_enabled: true +matrix_livekit_server_floc_optout_enabled: false # Controls if HSTS preloading is enabled # @@ -112,4 +112,4 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_livekit_server_http_header_strict_transport_security` -#matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file +matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/templates/labels.j2 b/roles/custom/matrix-livekit-server/templates/labels.j2 index 141045f2f..c41b7ed01 100644 --- a/roles/custom/matrix-livekit-server/templates/labels.j2 +++ b/roles/custom/matrix-livekit-server/templates/labels.j2 @@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-livekit-server-strip-prefix.stripprefix.prefixes {% set middlewares = middlewares + ['matrix-livekit-server-strip-prefix'] %} {% endif %} -#{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -#{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %} -#traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }} -#{% endfor %} -#{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %} -#{% endif %} +{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %} +{% endif %} traefik.http.routers.matrix-livekit-server.rule={{ matrix_livekit_server_container_labels_traefik_rule }} {% if matrix_livekit_server_container_labels_traefik_priority | int > 0 %} From a6e3203398fbb6c28a98127ca59ed8ad112ca68c Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 22:20:50 +1000 Subject: [PATCH 102/142] updated docs, broke the well-known and element client modifications out to separate tasks. --- docs/configuring-playbook-element-call.md | 14 ++----- .../matrix-element-call/defaults/main.yml | 2 +- .../matrix-element-call/tasks/install.yml | 40 ++++--------------- .../tasks/update_element_web_config.yml | 27 +++++++++++++ .../tasks/update_well_known_client.yml | 21 ++++++++++ 5 files changed, 60 insertions(+), 44 deletions(-) create mode 100644 roles/custom/matrix-element-call/tasks/update_element_web_config.yml create mode 100644 roles/custom/matrix-element-call/tasks/update_well_known_client.yml diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index bd36357ab..188b06d5e 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -28,21 +28,15 @@ Ensure that the following DNS names have a public IP/FQDN: Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: ```yaml +# Enable dependent services +keydb_enabled: true matrix_element_call_enabled: true +matrix_livekit_server_enabled: true +matrix_jwt_service_enabled: true # Set a secure key for LiveKit authentication matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' ``` -## External databases - -If your setup utilizes an external database, you may need to adjust the default configuration for Redis used by Element Call. Modify the defaults in group_vars/matrix_servers.yml or host_vars to suit your setup: - -```yaml -matrix_element_call_redis_hostname: 'localhost' -matrix_element_call_redis_port: 6379 -matrix_element_call_redis_password: '' -``` - ## Installing After potentially adjusting DNS records and configuring the playbook, run the installation command again: ```yaml diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 0a227a1bc..02c910734 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -5,7 +5,7 @@ matrix_element_call_enabled: false # Base path configuration matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" -element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" +element_web_config_path: "{{ matrix_base_data_path }}/client-element/config.json" # Docker network configuration matrix_element_call_container_network: '' diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 266a9407b..2c7aebf38 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -79,20 +79,10 @@ when: matrix_element_call_enabled | bool # Update the well-known client file for Element Call (adding RTC FOCI) -- name: Update the existing well-known client file for Element Call (RTC FOCI) - ansible.builtin.blockinfile: - path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" - block: | - "org.matrix.msc4143.rtc_foci": [ - { - "type": "livekit", - "livekit_service_url": "{{ matrix_jwt_service_url }}" - } - ] - marker: "# ANSIBLE MANAGED BLOCK - Element Call RTC FOCI" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" +- name: Update the well-known client file for Element Call + ansible.builtin.include_tasks: update_well_known_client.yml + when: matrix_element_call_enabled | bool + # Create .well-known/element/element.json for Element Call - name: Create the well-known element.json file @@ -105,22 +95,6 @@ # Update Element Web config.json with Element Call settings - name: Update Element Web config.json - ansible.builtin.blockinfile: - path: "{{ element_web_config_path }}" - block: | - "features": { - "feature_video_rooms": true, - "feature_new_room_decoration_ui": true, - "feature_group_calls": true, - "feature_element_call_video_rooms": true - }, - "element_call": { - "url": "https://{{ matrix_element_call_domain }}", - "participant_limit": 8, - "brand": "Element Call", - "use_exclusively": true - } - marker: "# ANSIBLE MANAGED BLOCK - Element Call settings" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + ansible.builtin.include_tasks: "tasks/update_element_web_config.yml" + when: matrix_element_call_enabled | bool + diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml new file mode 100644 index 000000000..3025b432e --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml @@ -0,0 +1,27 @@ +- name: Update Element Web config.json settings + vars: + additional_settings: | + { + "features": { + "feature_video_rooms": true, + "feature_new_room_decoration_ui": true, + "feature_group_calls": true, + "feature_element_call_video_rooms": true + }, + "element_call": { + "url": "https://{{ matrix_element_call_domain }}", + "participant_limit": 8, + "brand": "Element Call", + "use_exclusively": true + } + } + set_fact: + updated_element_web_config: "{{ (element_web_config_content.content | b64decode | from_json) | combine(additional_settings | from_json, recursive=True) }}" + +- name: Write updated Element Web config.json + copy: + content: "{{ updated_element_web_config | to_nice_json }}" + dest: "{{ element_web_config_path }}" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" diff --git a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml new file mode 100644 index 000000000..96d568c4c --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml @@ -0,0 +1,21 @@ +--- +- name: Read the existing well-known client file + ansible.builtin.slurp: + path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" + register: client_file_content + +- name: Load the existing JSON content + ansible.builtin.set_fact: + client_json: "{{ client_file_content['content'] | b64decode | from_json }}" + +- name: Update the existing well-known client file for Element Call (RTC FOCI) + ansible.builtin.set_fact: + updated_client_json: "{{ client_json | combine({'org.matrix.msc4143.rtc_foci': [{'type': 'livekit', 'livekit_service_url': matrix_jwt_service_url}]}, recursive=True) }}" + +- name: Write the updated well-known client file + ansible.builtin.copy: + content: "{{ updated_client_json | to_nice_json }}" + dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" + mode: '0644' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" From f684719b2a732d846aa5f6d145aed6d8a45596c3 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Tue, 1 Oct 2024 22:30:09 +1000 Subject: [PATCH 103/142] fixed error with element client update task --- .../matrix-element-call/tasks/install.yml | 3 +- .../tasks/update_element_web_config.yml | 55 +++++++++++-------- 2 files changed, 35 insertions(+), 23 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 2c7aebf38..dd401e89c 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -80,7 +80,7 @@ # Update the well-known client file for Element Call (adding RTC FOCI) - name: Update the well-known client file for Element Call - ansible.builtin.include_tasks: update_well_known_client.yml + ansible.builtin.include_tasks: "tasks/update_well_known_client.yml" when: matrix_element_call_enabled | bool @@ -98,3 +98,4 @@ ansible.builtin.include_tasks: "tasks/update_element_web_config.yml" when: matrix_element_call_enabled | bool + diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml index 3025b432e..6dd318c24 100644 --- a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml +++ b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml @@ -1,27 +1,38 @@ +- name: Load Element Web config.json content + ansible.builtin.slurp: + src: "{{ element_web_config_path }}" + register: element_web_config_content_raw + ignore_errors: no + +- name: Parse Element Web config.json content + ansible.builtin.set_fact: + element_web_config_content: "{{ element_web_config_content_raw['content'] | b64decode | from_json }}" + when: element_web_config_content_raw is defined and element_web_config_content_raw['content'] is defined + - name: Update Element Web config.json settings - vars: - additional_settings: | - { - "features": { - "feature_video_rooms": true, - "feature_new_room_decoration_ui": true, - "feature_group_calls": true, - "feature_element_call_video_rooms": true - }, - "element_call": { - "url": "https://{{ matrix_element_call_domain }}", - "participant_limit": 8, - "brand": "Element Call", - "use_exclusively": true - } - } - set_fact: - updated_element_web_config: "{{ (element_web_config_content.content | b64decode | from_json) | combine(additional_settings | from_json, recursive=True) }}" - -- name: Write updated Element Web config.json - copy: - content: "{{ updated_element_web_config | to_nice_json }}" + ansible.builtin.set_fact: + element_web_config_content: + "{{ element_web_config_content | combine({ + 'features': { + 'feature_video_rooms': true, + 'feature_new_room_decoration_ui': true, + 'feature_group_calls': true, + 'feature_element_call_video_rooms': true + }, + 'element_call': { + 'url': 'https://{{ matrix_element_call_domain }}', + 'participant_limit': 8, + 'brand': 'Element Call', + 'use_exclusively': true + } + }, recursive=True) }}" + when: element_web_config_content is defined + +- name: Write updated Element Web config.json back to disk + ansible.builtin.copy: + content: "{{ element_web_config_content | to_nice_json }}" dest: "{{ element_web_config_path }}" mode: '0644' owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + when: element_web_config_content is defined From 1e6698cb994b360b06b4d101bad4412cace6f3cc Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Wed, 2 Oct 2024 13:27:02 +1000 Subject: [PATCH 104/142] updated documentation or the new roles. --- docs/configuring-playbook-jwt-service.md | 45 +++++++++++++++++ docs/configuring-playbook-livekit-server.md | 56 +++++++++++++++++++++ docs/configuring-playbook.md | 4 ++ 3 files changed, 105 insertions(+) create mode 100644 docs/configuring-playbook-jwt-service.md create mode 100644 docs/configuring-playbook-livekit-server.md diff --git a/docs/configuring-playbook-jwt-service.md b/docs/configuring-playbook-jwt-service.md new file mode 100644 index 000000000..7910c0920 --- /dev/null +++ b/docs/configuring-playbook-jwt-service.md @@ -0,0 +1,45 @@ +# Setting up JWT Service (optional) + +The playbook can install and configure [JWT Service](https://github.com/element-hq/lk-jwt-service) for you. + +LK-JWT-Service is currently used for a single reason: generate JWT tokens with a given identity for a given room, so that users can use them to authenticate against LiveKit SFU. + +See the project's [documentation](https://github.com/element-hq/lk-jwt-service/) to learn more. + +## Decide on a domain and path + +By default, JWT Service is configured to be served on the Matrix domain (`sfu-jwt.DOMAIN`, controlled by the `matrix_jwt-service_hostname` variable). + +This makes it easy to set it up, **without** having to adjust your DNS records manually. + +If you'd like to run JWT Service on another hostname or path, use the `matrix_jwt-service_hostname` variable. + +## Adjusting DNS records + +If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. + +Ensure that the following DNS names have a public IP/FQDN: +- `sfu-jwt.DOMAIN` + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_jwt_service_enabled: true +# Set a secure key for LiveKit authentication +matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' +``` + +## Installing +After potentially adjusting DNS records and configuring the playbook, run the installation command again: +```yaml +ansible-playbook -i inventory setup.yml +``` + +## Usage +Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the element web client to point to your JWT service URL (e.g., `https://sfu-jwt.DOMAIN`). + +## Additional Information + +Refer to the JWT-Service documentation for more details on configuring and using JWT Service. \ No newline at end of file diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md new file mode 100644 index 000000000..dd1b4b229 --- /dev/null +++ b/docs/configuring-playbook-livekit-server.md @@ -0,0 +1,56 @@ +# Setting up Livekit (optional) + +The playbook can install and configure [Livekit](https://github.com/livekit/livekit) for you. + +LiveKit is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications. + +See the project's [documentation](https://github.com/livekit/livekit) to learn more. + +## Decide on a domain and path + +By default, Livekit is configured to be served on the Matrix domain (`sfu.DOMAIN`, controlled by the `matrix_livekit_server_hostname` variable). + +This makes it easy to set it up, **without** having to adjust your DNS records manually. + +If you'd like to run Livekit on another hostname or path, use the `matrix_livekit_server_hostname` variable. + +## Adjusting DNS records + +If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. + +Ensure that the following DNS names have a public IP/FQDN: +- `sfu.DOMAIN` + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_livekit_server_enabled: true +# Set a secure key for LiveKit authentication +matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' +``` + +## Installing +After potentially adjusting DNS records and configuring the playbook, run the installation command again: +```yaml +ansible-playbook -i inventory setup.yml +``` + +## Usage +Once installed, and in conjunction with Element Call and JWT Service, Livekit will become the WebRTC backend for all Element client calls. + +## Required Firewall and Port Forwarding Rules + +To ensure the services function correctly, the following firewall rules and port forwarding settings are required: + +LiveKit: + + • Forward UDP ports 50100:50200 to the Docker instance running LiveKit. + • Forward TCP port 7881 to the Docker instance running LiveKit. + +Ensure these ports are open and forwarded appropriately to allow traffic to flow correctly between the services. + +## Additional Information + +Refer to the Livekit documentation for more details on configuring and using Livekit. \ No newline at end of file diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fb0704e08..fc75ceaa6 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -234,3 +234,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver](configuring-playbook-alertmanager-receiver.md) (optional) - [Setting up the Element Call server](configuring-playbook-element-call.md) (optional) + +- [Setting up the JWT Service](configuring-playbook-jwt-service.md) (optional) + +- [Setting up the Livekit server](configuring-playbook-livekit-server.md) (optional) From a03f5985a536e461653bfc30dc6ccc8372180d25 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Thu, 3 Oct 2024 12:38:34 +1000 Subject: [PATCH 105/142] removed trailing whitespaces --- docs/configuring-playbook-livekit-server.md | 2 +- group_vars/matrix_servers | 3 +-- roles/custom/matrix-element-call/defaults/main.yml | 2 +- roles/custom/matrix-element-call/tasks/install.yml | 4 +--- roles/custom/matrix-element-call/tasks/main.yml | 2 +- roles/custom/matrix-element-call/tasks/uninstall.yml | 2 +- .../matrix-element-call/tasks/update_element_web_config.yml | 5 +++-- .../matrix-element-call/tasks/update_well_known_client.yml | 2 +- roles/custom/matrix-element-call/tasks/validate_config.yml | 2 +- roles/custom/matrix-element-call/templates/config.json.j2 | 2 +- .../matrix-element-call/templates/element-call-labels.j2 | 2 +- .../templates/systemd/matrix-element-call.service.j2 | 2 +- .../matrix-element-call/templates/well_known_element.json.j2 | 2 +- roles/custom/matrix-jwt-service/defaults/main.yml | 2 +- roles/custom/matrix-jwt-service/tasks/main.yml | 2 +- roles/custom/matrix-jwt-service/tasks/uninstall.yml | 2 +- roles/custom/matrix-jwt-service/tasks/validate_config.yml | 2 +- roles/custom/matrix-jwt-service/templates/labels.j2 | 2 +- .../templates/systemd/matrix-jwt-service.service.j2 | 3 ++- roles/custom/matrix-livekit-server/tasks/main.yml | 2 +- roles/custom/matrix-livekit-server/tasks/uninstall.yml | 2 +- roles/custom/matrix-livekit-server/tasks/validate_config.yml | 2 +- roles/custom/matrix-livekit-server/templates/labels.j2 | 2 +- roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 | 2 +- .../templates/systemd/matrix-livekit-server.service.j2 | 2 +- 25 files changed, 28 insertions(+), 29 deletions(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index dd1b4b229..309d9ecf3 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -38,7 +38,7 @@ ansible-playbook -i inventory setup.yml ``` ## Usage -Once installed, and in conjunction with Element Call and JWT Service, Livekit will become the WebRTC backend for all Element client calls. +Once installed, and in conjunction with Element Call and JWT Service, Livekit will become the WebRTC backend for all Element client calls. ## Required Firewall and Port Forwarding Rules diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 97c5e3b41..3df71e737 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5901,7 +5901,6 @@ matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook matrix_element_call_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_element_call_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" - ######################################################################## # # # /matrix-element-call # @@ -5919,7 +5918,7 @@ matrix_livekit_server_enabled: false # Default is false; should be enabled in h matrix_livekit_server_version: "latest" # Default version; can be overridden in host_vars matrix_livekit_server_scheme: "https" matrix_livekit_server_hostname: "sfu.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different -matrix_livekit_server_path_prefix: "/" +matrix_livekit_server_path_prefix: "/" matrix_livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" matrix_livekit_server_container_image: "livekit/livekit-server:{{ matrix_livekit_server_version }}" matrix_livekit_server_container_image_force_pull: true diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 02c910734..567553179 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -122,4 +122,4 @@ matrix_element_call_hsts_preload_enabled: false # Enable or disable metrics collection matrix_element_call_metrics_enabled: false -matrix_element_call_metrics_port: 2112 +matrix_element_call_metrics_port: 2112 \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index dd401e89c..ca6b5903b 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -96,6 +96,4 @@ # Update Element Web config.json with Element Call settings - name: Update Element Web config.json ansible.builtin.include_tasks: "tasks/update_element_web_config.yml" - when: matrix_element_call_enabled | bool - - + when: matrix_element_call_enabled | bool \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/main.yml b/roles/custom/matrix-element-call/tasks/main.yml index ad50c2d96..183c0c6ed 100644 --- a/roles/custom/matrix-element-call/tasks/main.yml +++ b/roles/custom/matrix-element-call/tasks/main.yml @@ -18,4 +18,4 @@ - setup-element-call block: - when: not matrix_element_call_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/uninstall.yml b/roles/custom/matrix-element-call/tasks/uninstall.yml index 184f88ac2..c93837b63 100644 --- a/roles/custom/matrix-element-call/tasks/uninstall.yml +++ b/roles/custom/matrix-element-call/tasks/uninstall.yml @@ -18,4 +18,4 @@ - name: Reload systemd daemon ansible.builtin.systemd: - daemon_reload: true + daemon_reload: true \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml index 6dd318c24..d4471e7e4 100644 --- a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml +++ b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml @@ -1,8 +1,9 @@ +--- - name: Load Element Web config.json content ansible.builtin.slurp: src: "{{ element_web_config_path }}" register: element_web_config_content_raw - ignore_errors: no + ignore_errors: false - name: Parse Element Web config.json content ansible.builtin.set_fact: @@ -35,4 +36,4 @@ mode: '0644' owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: element_web_config_content is defined + when: element_web_config_content is defined \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml index 96d568c4c..bcf3f726b 100644 --- a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml +++ b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml @@ -18,4 +18,4 @@ dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" mode: '0644' owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml index 084e510d6..3b6712727 100644 --- a/roles/custom/matrix-element-call/tasks/validate_config.yml +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -9,4 +9,4 @@ with_items: - {'name': 'matrix_element_call_base_path', when: true} - {'name': 'matrix_element_call_container_network', when: true} - - {'name': 'matrix_element_call_image', when: true} + - {'name': 'matrix_element_call_image', when: true} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/config.json.j2 b/roles/custom/matrix-element-call/templates/config.json.j2 index e58648e50..e10fc4f61 100644 --- a/roles/custom/matrix-element-call/templates/config.json.j2 +++ b/roles/custom/matrix-element-call/templates/config.json.j2 @@ -8,4 +8,4 @@ "livekit": { "livekit_service_url": "{{ matrix_jwt_service_url }}" } -} +} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index cfc5c72f7..685a56294 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -43,4 +43,4 @@ traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call {% endif %} -{{ matrix_element_call_container_labels_additional_labels }} +{{ matrix_element_call_container_labels_additional_labels }} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index 791c62ddc..dcb3fa7c2 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -43,4 +43,4 @@ RestartSec=30 SyslogIdentifier=matrix-element-call [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 index eae63cf83..01146e656 100644 --- a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 +++ b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 @@ -2,4 +2,4 @@ "call": { "widget_url": "https://{{ matrix_element_call_domain }}" } -} +} \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index 97d58a273..ee95afefd 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -16,7 +16,7 @@ matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci" # Ports matrix_jwt_service_port: "8881" -# jwt configuration +# jwt configuration matrix_jwt_service_hostname: "sfu-jwt.{{ matrix_domain }}" matrix_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" diff --git a/roles/custom/matrix-jwt-service/tasks/main.yml b/roles/custom/matrix-jwt-service/tasks/main.yml index ee74a8967..8fbe41d58 100644 --- a/roles/custom/matrix-jwt-service/tasks/main.yml +++ b/roles/custom/matrix-jwt-service/tasks/main.yml @@ -18,4 +18,4 @@ - setup-jwt-service block: - when: not matrix_jwt_service_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/tasks/uninstall.yml b/roles/custom/matrix-jwt-service/tasks/uninstall.yml index 550c82951..7338d5b95 100644 --- a/roles/custom/matrix-jwt-service/tasks/uninstall.yml +++ b/roles/custom/matrix-jwt-service/tasks/uninstall.yml @@ -19,4 +19,4 @@ - name: Reload systemd daemon ansible.builtin.systemd: - daemon_reload: true + daemon_reload: true \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/tasks/validate_config.yml b/roles/custom/matrix-jwt-service/tasks/validate_config.yml index a0105e940..38e39ad60 100644 --- a/roles/custom/matrix-jwt-service/tasks/validate_config.yml +++ b/roles/custom/matrix-jwt-service/tasks/validate_config.yml @@ -9,4 +9,4 @@ with_items: - {'name': 'matrix_jwt_service_base_path', when: true} - {'name': 'matrix_jwt_service_container_network', when: true} - - {'name': 'matrix_jwt_service_image', when: true} + - {'name': 'matrix_jwt_service_image', when: true} \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/templates/labels.j2 b/roles/custom/matrix-jwt-service/templates/labels.j2 index b547e1952..6db772236 100644 --- a/roles/custom/matrix-jwt-service/templates/labels.j2 +++ b/roles/custom/matrix-jwt-service/templates/labels.j2 @@ -43,4 +43,4 @@ traefik.http.routers.matrix-jwt-service.tls.certResolver={{ matrix_jwt_service_c {% endif %} -{{ matrix_jwt_service_container_labels_additional_labels }} +{{ matrix_jwt_service_container_labels_additional_labels }} \ No newline at end of file diff --git a/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 b/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 index bdf36635a..b940e75a2 100644 --- a/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 +++ b/roles/custom/matrix-jwt-service/templates/systemd/matrix-jwt-service.service.j2 @@ -1,3 +1,4 @@ +#jinja2: lstrip_blocks: "True" [Unit] Description=Matrix JWT Service After=docker.service @@ -36,4 +37,4 @@ RestartSec=30 SyslogIdentifier=matrix-jwt-service [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/tasks/main.yml b/roles/custom/matrix-livekit-server/tasks/main.yml index 255906c75..1884596b8 100644 --- a/roles/custom/matrix-livekit-server/tasks/main.yml +++ b/roles/custom/matrix-livekit-server/tasks/main.yml @@ -18,4 +18,4 @@ - setup-livekit-server block: - when: not matrix_livekit_server_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/tasks/uninstall.yml b/roles/custom/matrix-livekit-server/tasks/uninstall.yml index 371db5c83..0709dca12 100644 --- a/roles/custom/matrix-livekit-server/tasks/uninstall.yml +++ b/roles/custom/matrix-livekit-server/tasks/uninstall.yml @@ -18,4 +18,4 @@ - name: Reload systemd daemon ansible.builtin.systemd: - daemon_reload: true + daemon_reload: true \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index 7fdfa0511..ddf750b9b 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -10,4 +10,4 @@ - {'name': 'matrix_livekit_server_base_path', when: true} - {'name': 'matrix_livekit_server_container_network', when: true} - {'name': 'matrix_livekit_server_image', when: true} - - {'name': 'matrix_livekit_server_image', when: true} + - {'name': 'matrix_livekit_server_image', when: true} \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/templates/labels.j2 b/roles/custom/matrix-livekit-server/templates/labels.j2 index c41b7ed01..77a3ce426 100644 --- a/roles/custom/matrix-livekit-server/templates/labels.j2 +++ b/roles/custom/matrix-livekit-server/templates/labels.j2 @@ -43,4 +43,4 @@ traefik.http.routers.matrix-livekit-server.tls.certResolver={{ matrix_livekit_se {% endif %} -{{ matrix_livekit_server_container_labels_additional_labels }} +{{ matrix_livekit_server_container_labels_additional_labels }} \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 index 492a12214..77ac841a8 100644 --- a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 @@ -17,4 +17,4 @@ turn: external_tls: true keys: - devkey: "{{ matrix_livekit_server_livekit_dev_key }}" + devkey: "{{ matrix_livekit_server_livekit_dev_key }}" \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 index 30505a2dc..ddaa35181 100644 --- a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 +++ b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 @@ -31,4 +31,4 @@ RestartSec=30 SyslogIdentifier=matrix-livekit-server [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file From 1906d61c39eae8b8be44722a857b7a90d494bb4f Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Thu, 3 Oct 2024 13:25:40 +1000 Subject: [PATCH 106/142] updated traefik label to be in line with the latest change from devture_traefik_ to traefik_ --- group_vars/matrix_servers | 12 ++++++------ .../templates/element-call-labels.j2 | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 62d3b3407..d4f0cc07f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5898,8 +5898,8 @@ matrix_element_call_container_additional_networks: "{{ [matrix_playbook_reverse_ # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_element_call_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_element_call_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_element_call_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -5930,8 +5930,8 @@ matrix_livekit_server_container_additional_networks: "{{ [matrix_playbook_revers # Traefik Configuration for Livekit matrix_livekit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_livekit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_livekit_server_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_livekit_server_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # LiveKit Service Configuration matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_server_dev_key }}" # LiveKit dev key @@ -5967,8 +5967,8 @@ matrix_jwt_service_container_additional_networks: "{{ [matrix_playbook_reverse_p # Traefik Configuration for JWT Service matrix_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_jwt_service_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_jwt_service_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_jwt_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_jwt_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # JWT Service Configuration matrix_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/element-call-labels.j2 index 685a56294..014add79a 100644 --- a/roles/custom/matrix-element-call/templates/element-call-labels.j2 +++ b/roles/custom/matrix-element-call/templates/element-call-labels.j2 @@ -25,7 +25,7 @@ traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={ traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} {% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} - {% endif %} +{% endif %} traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} {% if matrix_element_call_container_labels_traefik_priority | int > 0 %} From e18b28136cb8055574cc2f1367c7d6a784afb770 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Thu, 3 Oct 2024 15:28:56 +1000 Subject: [PATCH 107/142] Updated Element call docs with dependent services and fixed typo. --- docs/configuring-playbook-element-call.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index 188b06d5e..6a6b5a496 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -25,6 +25,9 @@ Ensure that the following DNS names have a public IP/FQDN: ## Adjusting the playbook configuration +NOTE: Element call is dependent on two other services for it to function as intended. In orter to utilise Element Call you need to also enable the [JWT Service](configuring-playbook-jwt-service.md) and [Livekit Server](configuring-playbook-livekit-server.md). + + Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: ```yaml @@ -34,7 +37,7 @@ matrix_element_call_enabled: true matrix_livekit_server_enabled: true matrix_jwt_service_enabled: true # Set a secure key for LiveKit authentication -matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' +matrix_livekit_server_dev_key: 'your-secure-livekit-key' ``` ## Installing From fa2a913d39fb5f89dfc2f1017a266878aa5825b0 Mon Sep 17 00:00:00 2001 From: wjbeckett Date: Thu, 3 Oct 2024 16:20:54 +1000 Subject: [PATCH 108/142] fixing issue with element call domain not being expanded when writing the element web config.json. --- .../tasks/update_element_web_config.yml | 53 ++++++++++--------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml index d4471e7e4..2dead411e 100644 --- a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml +++ b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml @@ -1,39 +1,40 @@ ---- -- name: Load Element Web config.json content +- name: Read Element Web config.json ansible.builtin.slurp: src: "{{ element_web_config_path }}" - register: element_web_config_content_raw - ignore_errors: false + register: element_web_config_content -- name: Parse Element Web config.json content +- name: Load JSON data from config.json ansible.builtin.set_fact: - element_web_config_content: "{{ element_web_config_content_raw['content'] | b64decode | from_json }}" - when: element_web_config_content_raw is defined and element_web_config_content_raw['content'] is defined + element_web_config: "{{ element_web_config_content['content'] | b64decode | from_json }}" -- name: Update Element Web config.json settings +- name: Update Element Call configuration in config.json ansible.builtin.set_fact: - element_web_config_content: - "{{ element_web_config_content | combine({ - 'features': { - 'feature_video_rooms': true, - 'feature_new_room_decoration_ui': true, - 'feature_group_calls': true, - 'feature_element_call_video_rooms': true - }, - 'element_call': { - 'url': 'https://{{ matrix_element_call_domain }}', - 'participant_limit': 8, - 'brand': 'Element Call', - 'use_exclusively': true + updated_element_call_config: > + {{ + { + "element_call": { + "url": "https://{{ matrix_element_call_domain }}", + "participant_limit": 8, + "brand": "Element Call", + "use_exclusively": true + }, + "features": { + "feature_video_rooms": true, + "feature_new_room_decoration_ui": true, + "feature_group_calls": true, + "feature_element_call_video_rooms": true + } } - }, recursive=True) }}" - when: element_web_config_content is defined + }} + +- name: Merge updated Element Call configuration with existing config.json + ansible.builtin.set_fact: + element_web_config: "{{ element_web_config | combine(updated_element_call_config, recursive=True) }}" -- name: Write updated Element Web config.json back to disk +- name: Write updated Element Web config.json ansible.builtin.copy: - content: "{{ element_web_config_content | to_nice_json }}" + content: "{{ element_web_config | to_nice_json }}" dest: "{{ element_web_config_path }}" mode: '0644' owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: element_web_config_content is defined \ No newline at end of file From 10df1451015e48739fc7589012aa6c10de9bb472 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 15:57:31 +0200 Subject: [PATCH 109/142] Update roles/custom/matrix-livekit-server/tasks/install.yml Co-authored-by: Suguru Hirahara --- roles/custom/matrix-livekit-server/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index 8e859565b..b24c4a23b 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -30,7 +30,7 @@ group: "{{ matrix_user_groupname }}" # Ensure Docker Images are Pulled -- name: Ensure livekit Docker image is pulled +- name: Ensure LiveKit Docker image is pulled community.docker.docker_image: name: "{{ matrix_livekit_server_image }}" source: pull From b691f39d392c42b8286896a4c04d78f0f5a9e711 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 15:57:44 +0200 Subject: [PATCH 110/142] Update roles/custom/matrix-livekit-server/tasks/install.yml Co-authored-by: Suguru Hirahara --- roles/custom/matrix-livekit-server/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index b24c4a23b..8f348b472 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -40,7 +40,7 @@ until: livekit_image_result is not failed # Systemd Services for LiveKit -- name: Ensure livekit systemd service is installed +- name: Ensure LiveKit systemd service is installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-livekit-server.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" From 85c0ffa9e1d84e3d85083634db00b22a785db9c7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 15:57:51 +0200 Subject: [PATCH 111/142] Update roles/custom/matrix-livekit-server/tasks/uninstall.yml Co-authored-by: Suguru Hirahara --- roles/custom/matrix-livekit-server/tasks/uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/tasks/uninstall.yml b/roles/custom/matrix-livekit-server/tasks/uninstall.yml index 0709dca12..692545cdb 100644 --- a/roles/custom/matrix-livekit-server/tasks/uninstall.yml +++ b/roles/custom/matrix-livekit-server/tasks/uninstall.yml @@ -6,7 +6,7 @@ name: "matrix-livekit-server" state: absent -- name: Remove livekit systemd service +- name: Remove LiveKit systemd service ansible.builtin.file: path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" state: absent From 82127830b39995cb74fff5393fd3b945d65aefdc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 15:58:01 +0200 Subject: [PATCH 112/142] Update roles/custom/matrix-livekit-server/tasks/uninstall.yml Co-authored-by: Suguru Hirahara --- roles/custom/matrix-livekit-server/tasks/uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/tasks/uninstall.yml b/roles/custom/matrix-livekit-server/tasks/uninstall.yml index 692545cdb..fdedf475a 100644 --- a/roles/custom/matrix-livekit-server/tasks/uninstall.yml +++ b/roles/custom/matrix-livekit-server/tasks/uninstall.yml @@ -1,7 +1,7 @@ --- # Uninstall tasks for matrix-livekit-server -- name: Stop and remove livekit container +- name: Stop and remove LiveKit container community.docker.docker_container: name: "matrix-livekit-server" state: absent From 1838a541aef4fba960ffdedd47010311ea58b31f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:15:54 +0200 Subject: [PATCH 113/142] Variables rename (matrix_livekit_server_ -> livekit_server_) to prepare for role extraction --- docs/configuring-playbook-element-call.md | 6 +- docs/configuring-playbook-livekit-server.md | 8 +- group_vars/matrix_servers | 30 +++---- .../matrix-jwt-service/templates/env.j2 | 4 +- .../matrix-livekit-server/defaults/main.yml | 84 +++++++++---------- .../matrix-livekit-server/tasks/install.yml | 10 +-- .../matrix-livekit-server/tasks/main.yml | 8 +- .../tasks/validate_config.yml | 8 +- .../matrix-livekit-server/templates/labels.j2 | 32 +++---- .../templates/livekit.yaml.j2 | 2 +- .../systemd/matrix-livekit-server.service.j2 | 8 +- 11 files changed, 100 insertions(+), 100 deletions(-) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index 6a6b5a496..d94357f55 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -34,10 +34,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. # Enable dependent services keydb_enabled: true matrix_element_call_enabled: true -matrix_livekit_server_enabled: true +livekit_server_enabled: true matrix_jwt_service_enabled: true # Set a secure key for LiveKit authentication -matrix_livekit_server_dev_key: 'your-secure-livekit-key' +livekit_server_dev_key: 'your-secure-livekit-key' ``` ## Installing @@ -68,4 +68,4 @@ Ensure these ports are open and forwarded appropriately to allow traffic to flow ## Additional Information -Refer to the Element Call documentation for more details on configuring and using Element Call. \ No newline at end of file +Refer to the Element Call documentation for more details on configuring and using Element Call. diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index 309d9ecf3..91a75f80c 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -8,11 +8,11 @@ See the project's [documentation](https://github.com/livekit/livekit) to learn m ## Decide on a domain and path -By default, Livekit is configured to be served on the Matrix domain (`sfu.DOMAIN`, controlled by the `matrix_livekit_server_hostname` variable). +By default, Livekit is configured to be served on the Matrix domain (`sfu.DOMAIN`, controlled by the `livekit_server_hostname` variable). This makes it easy to set it up, **without** having to adjust your DNS records manually. -If you'd like to run Livekit on another hostname or path, use the `matrix_livekit_server_hostname` variable. +If you'd like to run Livekit on another hostname or path, use the `livekit_server_hostname` variable. ## Adjusting DNS records @@ -26,7 +26,7 @@ Ensure that the following DNS names have a public IP/FQDN: Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: ```yaml -matrix_livekit_server_enabled: true +livekit_server_enabled: true # Set a secure key for LiveKit authentication matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' ``` @@ -53,4 +53,4 @@ Ensure these ports are open and forwarded appropriately to allow traffic to flow ## Additional Information -Refer to the Livekit documentation for more details on configuring and using Livekit. \ No newline at end of file +Refer to the Livekit documentation for more details on configuring and using Livekit. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f60b2a041..6b5b6d53c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -442,7 +442,7 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-jwt-service.service', 'priority': 3000, 'groups': ['matrix', 'jwt-service']}] if matrix_jwt_service_enabled else []) + - ([{'name': 'matrix-livekit-server.service', 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if matrix_livekit_server_enabled else []) + ([{'name': 'matrix-livekit-server.service', 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else []) + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + @@ -6063,27 +6063,27 @@ matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certR ######################################################################## # Matrix Livekit Server Configuration -matrix_livekit_server_enabled: false # Default is false; should be enabled in host_vars as needed -matrix_livekit_server_version: "latest" # Default version; can be overridden in host_vars -matrix_livekit_server_scheme: "https" -matrix_livekit_server_hostname: "sfu.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different -matrix_livekit_server_path_prefix: "/" -matrix_livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" -matrix_livekit_server_container_image: "livekit/livekit-server:{{ matrix_livekit_server_version }}" -matrix_livekit_server_container_image_force_pull: true +livekit_server_enabled: false # Default is false; should be enabled in host_vars as needed +livekit_server_version: "latest" # Default version; can be overridden in host_vars +livekit_server_scheme: "https" +livekit_server_hostname: "sfu.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different +livekit_server_path_prefix: "/" +livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" +livekit_server_container_image: "livekit/livekit-server:{{ livekit_server_version }}" +livekit_server_container_image_force_pull: true # Docker network configuration for Livekit -matrix_livekit_server_container_network: "{{ matrix_addons_container_network }}" -matrix_livekit_server_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" +livekit_server_container_network: "{{ matrix_addons_container_network }}" +livekit_server_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" # Traefik Configuration for Livekit matrix_livekit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_livekit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" -matrix_livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" +livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # LiveKit Service Configuration -matrix_livekit_server_livekit_dev_key: "{{ matrix_livekit_server_dev_key }}" # LiveKit dev key +livekit_server_livekit_dev_key: "{{ livekit_server_dev_key }}" # LiveKit dev key ######################################################################## # # @@ -6126,4 +6126,4 @@ matrix_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT ser # # # /matrix-jwt-service # # # -######################################################################## \ No newline at end of file +######################################################################## diff --git a/roles/custom/matrix-jwt-service/templates/env.j2 b/roles/custom/matrix-jwt-service/templates/env.j2 index 4bb12aaf5..7135bb087 100644 --- a/roles/custom/matrix-jwt-service/templates/env.j2 +++ b/roles/custom/matrix-jwt-service/templates/env.j2 @@ -1,4 +1,4 @@ # Environment variables for JWT Service LIVEKIT_KEY=devkey -LIVEKIT_URL=wss://{{ matrix_livekit_server_hostname }}:443 -LIVEKIT_SECRET={{ matrix_livekit_server_dev_key }} \ No newline at end of file +LIVEKIT_URL=wss://{{ livekit_server_hostname }}:443 +LIVEKIT_SECRET={{ livekit_server_dev_key }} diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 8175af0ea..c20f7247f 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -1,49 +1,49 @@ --- # Enable or disable matrix-livekit-server deployment -matrix_livekit_server_enabled: false +livekit_server_enabled: false # Base path configuration -matrix_livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" +livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" # Docker network configuration -matrix_livekit_server_container_network: '' -matrix_livekit_server_container_http_host_bind_port: '' -matrix_livekit_server_container_additional_networks: [] # No additional networks by default +livekit_server_container_network: '' +livekit_server_container_http_host_bind_port: '' +livekit_server_container_additional_networks: [] # No additional networks by default # Docker images -matrix_livekit_server_image: "livekit/livekit-server:latest" +livekit_server_image: "livekit/livekit-server:latest" # LiveKit configuration -matrix_livekit_server_livekit_server_dev_key: "{{ matrix_livekit_server_dev_key }}" # Must be defined in host_vars -matrix_livekit_server_jwt_secret: "{{ matrix_element_call_jwt_secret }}" # Must be defined in host_vars -matrix_livekit_server_hostname: "sfu.{{ matrix_domain }}" +livekit_server_livekit_server_dev_key: "{{ livekit_server_dev_key }}" # Must be defined in host_vars +livekit_server_jwt_secret: "{{ matrix_element_call_jwt_secret }}" # Must be defined in host_vars +livekit_server_hostname: "sfu.{{ matrix_domain }}" # Traefik Configuration for Element Call -matrix_livekit_server_container_labels_traefik_enabled: true -matrix_livekit_server_container_labels_traefik_docker_network: "{{ matrix_livekit_server_container_network }}" -matrix_livekit_server_container_labels_traefik_hostname: "{{ matrix_livekit_server_hostname }}" +livekit_server_container_labels_traefik_enabled: true +livekit_server_container_labels_traefik_docker_network: "{{ livekit_server_container_network }}" +livekit_server_container_labels_traefik_hostname: "{{ livekit_server_hostname }}" # The path prefix must either be `/` or not end with a slash (e.g. `/element`). -matrix_livekit_server_container_labels_traefik_path_prefix: "{{ matrix_livekit_server_path_prefix }}" -matrix_livekit_server_container_labels_traefik_rule: "Host(`{{ matrix_livekit_server_container_labels_traefik_hostname }}`){% if matrix_livekit_server_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_server_container_labels_traefik_path_prefix }}`){% endif %}" -matrix_livekit_server_container_labels_traefik_priority: 0 -matrix_livekit_server_container_labels_traefik_entrypoints: web-secure -matrix_livekit_server_container_labels_traefik_tls: "{{ matrix_livekit_server_container_labels_traefik_entrypoints != 'web' }}" -matrix_livekit_server_container_labels_traefik_tls_certResolver: default # noqa var-naming +livekit_server_container_labels_traefik_path_prefix: "{{ livekit_server_path_prefix }}" +livekit_server_container_labels_traefik_rule: "Host(`{{ livekit_server_container_labels_traefik_hostname }}`){% if livekit_server_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ livekit_server_container_labels_traefik_path_prefix }}`){% endif %}" +livekit_server_container_labels_traefik_priority: 0 +livekit_server_container_labels_traefik_entrypoints: web-secure +livekit_server_container_labels_traefik_tls: "{{ livekit_server_container_labels_traefik_entrypoints != 'web' }}" +livekit_server_container_labels_traefik_tls_certResolver: default # noqa var-naming # Controls which additional headers to attach to all HTTP responses. -# To add your own headers, use `matrix_livekit_server_container_labels_traefik_additional_response_headers_custom` -matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}" -matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: | +# To add your own headers, use `livekit_server_container_labels_traefik_additional_response_headers_custom` +livekit_server_container_labels_traefik_additional_response_headers: "{{ livekit_server_container_labels_traefik_additional_response_headers_auto | combine(livekit_server_container_labels_traefik_additional_response_headers_custom) }}" +livekit_server_container_labels_traefik_additional_response_headers_auto: | {{ {} - | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {}) - | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {}) - | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {}) - | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {}) - | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {}) - | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {}) + | combine ({'X-XSS-Protection': livekit_server_http_header_xss_protection} if livekit_server_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': livekit_server_http_header_frame_options} if livekit_server_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': livekit_server_http_header_content_type_options} if livekit_server_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': livekit_server_http_header_content_security_policy} if livekit_server_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': livekit_server_http_header_content_permission_policy} if livekit_server_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': livekit_server_http_header_strict_transport_security} if livekit_server_http_header_strict_transport_security and livekit_server_container_labels_traefik_tls else {}) }} -matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {} +livekit_server_container_labels_traefik_additional_response_headers_custom: {} # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. @@ -52,16 +52,16 @@ matrix_livekit_server_container_labels_traefik_additional_response_headers_custo # matrix_client_element_container_labels_additional_labels: | # my.label=1 # another.label="here" -matrix_livekit_server_container_labels_additional_labels: '' +livekit_server_container_labels_additional_labels: '' # A list of extra arguments to pass to the container -matrix_livekit_server_container_extra_arguments: [] +livekit_server_container_extra_arguments: [] # Additional environment variables for the container -matrix_livekit_server_environment_variables_additional: {} +livekit_server_environment_variables_additional: {} # List of systemd services that matrix-element-call.service depends on -matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" +livekit_server_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Specifies the value of the `X-XSS-Protection` header # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. @@ -69,27 +69,27 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_livekit_server_http_header_xss_protection: '' +livekit_server_http_header_xss_protection: '' # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_livekit_server_http_header_frame_options: '' +livekit_server_http_header_frame_options: '' # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_livekit_server_http_header_content_type_options: '' +livekit_server_http_header_content_type_options: '' # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_livekit_server_http_header_content_security_policy: '' +livekit_server_http_header_content_security_policy: '' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_livekit_server_http_header_content_permission_policy: '' +livekit_server_http_header_content_permission_policy: '' # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_livekit_server_http_header_strict_transport_security: '' +livekit_server_http_header_strict_transport_security: '' # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -99,8 +99,8 @@ matrix_livekit_server_http_header_strict_transport_security: '' # - https://amifloced.org/ # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. -# See: `matrix_livekit_server_content_permission_policy` -matrix_livekit_server_floc_optout_enabled: false +# See: `livekit_server_content_permission_policy` +livekit_server_floc_optout_enabled: false # Controls if HSTS preloading is enabled # @@ -111,5 +111,5 @@ matrix_livekit_server_floc_optout_enabled: false # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in -# See: `matrix_livekit_server_http_header_strict_transport_security` -matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file +# See: `livekit_server_http_header_strict_transport_security` +livekit_server_hsts_preload_enabled: true diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index 8f348b472..35aec98c2 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -10,13 +10,13 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - path: "{{ matrix_livekit_server_base_path }}" + - path: "{{ livekit_server_base_path }}" # Ensure Configuration Files are in Place - name: Ensure LiveKit livekit.yaml is in place ansible.builtin.template: src: "{{ role_path }}/templates/livekit.yaml.j2" - dest: "{{ matrix_livekit_server_base_path }}/livekit.yaml" + dest: "{{ livekit_server_base_path }}/livekit.yaml" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -24,7 +24,7 @@ - name: Ensure LiveKit labels file is in place ansible.builtin.template: src: "{{ role_path }}/templates/labels.j2" - dest: "{{ matrix_livekit_server_base_path }}/labels" + dest: "{{ livekit_server_base_path }}/labels" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -32,7 +32,7 @@ # Ensure Docker Images are Pulled - name: Ensure LiveKit Docker image is pulled community.docker.docker_image: - name: "{{ matrix_livekit_server_image }}" + name: "{{ livekit_server_image }}" source: pull register: livekit_image_result retries: 3 @@ -44,4 +44,4 @@ ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-livekit-server.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" - mode: 0644 \ No newline at end of file + mode: 0644 diff --git a/roles/custom/matrix-livekit-server/tasks/main.yml b/roles/custom/matrix-livekit-server/tasks/main.yml index 1884596b8..349d63be6 100644 --- a/roles/custom/matrix-livekit-server/tasks/main.yml +++ b/roles/custom/matrix-livekit-server/tasks/main.yml @@ -7,15 +7,15 @@ - install-all - install-livekit-server block: - - when: matrix_livekit_server_enabled | bool + - when: livekit_server_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" - - when: matrix_livekit_server_enabled | bool + - when: livekit_server_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" - tags: - setup-all - setup-livekit-server block: - - when: not matrix_livekit_server_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" \ No newline at end of file + - when: not livekit_server_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index ddf750b9b..0694efed8 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -7,7 +7,7 @@ You need to define a required configuration setting (`{{ item.name }}`). when: "item.when | bool and vars[item.name] == ''" with_items: - - {'name': 'matrix_livekit_server_base_path', when: true} - - {'name': 'matrix_livekit_server_container_network', when: true} - - {'name': 'matrix_livekit_server_image', when: true} - - {'name': 'matrix_livekit_server_image', when: true} \ No newline at end of file + - {'name': 'livekit_server_base_path', when: true} + - {'name': 'livekit_server_container_network', when: true} + - {'name': 'livekit_server_image', when: true} + - {'name': 'livekit_server_image', when: true} diff --git a/roles/custom/matrix-livekit-server/templates/labels.j2 b/roles/custom/matrix-livekit-server/templates/labels.j2 index 77a3ce426..2200c41ac 100644 --- a/roles/custom/matrix-livekit-server/templates/labels.j2 +++ b/roles/custom/matrix-livekit-server/templates/labels.j2 @@ -1,9 +1,9 @@ -{% if matrix_livekit_server_container_labels_traefik_enabled %} +{% if livekit_server_container_labels_traefik_enabled %} traefik.enable=true # Network configuration for Traefik -{% if matrix_livekit_server_container_labels_traefik_docker_network %} -traefik.docker.network={{ matrix_livekit_server_container_labels_traefik_docker_network }} +{% if livekit_server_container_labels_traefik_docker_network %} +traefik.docker.network={{ livekit_server_container_labels_traefik_docker_network }} {% endif %} traefik.http.services.matrix-livekit-server.loadbalancer.server.port=7880 @@ -11,36 +11,36 @@ traefik.http.services.matrix-livekit-server.loadbalancer.server.port=7880 {% set middlewares = [] %} # Path prefix handling for Livekit -{% if matrix_livekit_server_container_labels_traefik_path_prefix != '/' %} -traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.regex=({{ matrix_livekit_server_container_labels_traefik_path_prefix | quote }})$ +{% if livekit_server_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.regex=({{ livekit_server_container_labels_traefik_path_prefix | quote }})$ traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.replacement=${1}/ {% set middlewares = middlewares + ['matrix-livekit-server-slashless-redirect'] %} -traefik.http.middlewares.matrix-livekit-server-strip-prefix.stripprefix.prefixes={{ matrix_livekit_server_container_labels_traefik_path_prefix }} +traefik.http.middlewares.matrix-livekit-server-strip-prefix.stripprefix.prefixes={{ livekit_server_container_labels_traefik_path_prefix }} {% set middlewares = middlewares + ['matrix-livekit-server-strip-prefix'] %} {% endif %} -{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} -{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %} +{% if livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in livekit_server_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }} {% endfor %} {% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %} {% endif %} -traefik.http.routers.matrix-livekit-server.rule={{ matrix_livekit_server_container_labels_traefik_rule }} -{% if matrix_livekit_server_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-livekit-server.priority={{ matrix_livekit_server_container_labels_traefik_priority }} +traefik.http.routers.matrix-livekit-server.rule={{ livekit_server_container_labels_traefik_rule }} +{% if livekit_server_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-livekit-server.priority={{ livekit_server_container_labels_traefik_priority }} {% endif %} traefik.http.routers.matrix-livekit-server.service=matrix-livekit-server {% if middlewares | length > 0 %} traefik.http.routers.matrix-livekit-server.middlewares={{ middlewares | join(',') }} {% endif %} -traefik.http.routers.matrix-livekit-server.entrypoints={{ matrix_livekit_server_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-livekit-server.tls={{ matrix_livekit_server_container_labels_traefik_tls | to_json }} -{% if matrix_livekit_server_container_labels_traefik_tls %} -traefik.http.routers.matrix-livekit-server.tls.certResolver={{ matrix_livekit_server_container_labels_traefik_tls_certResolver }} +traefik.http.routers.matrix-livekit-server.entrypoints={{ livekit_server_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-livekit-server.tls={{ livekit_server_container_labels_traefik_tls | to_json }} +{% if livekit_server_container_labels_traefik_tls %} +traefik.http.routers.matrix-livekit-server.tls.certResolver={{ livekit_server_container_labels_traefik_tls_certResolver }} {% endif %} {% endif %} -{{ matrix_livekit_server_container_labels_additional_labels }} \ No newline at end of file +{{ livekit_server_container_labels_additional_labels }} diff --git a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 index 77ac841a8..04fcb1170 100644 --- a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 @@ -17,4 +17,4 @@ turn: external_tls: true keys: - devkey: "{{ matrix_livekit_server_livekit_dev_key }}" \ No newline at end of file + devkey: "{{ livekit_server_livekit_dev_key }}" diff --git a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 index ddaa35181..98c19e4dc 100644 --- a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 +++ b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 @@ -17,9 +17,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network=host \ - --mount type=bind,src={{ matrix_livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ - --label-file={{ matrix_livekit_server_base_path }}/labels \ - {{ matrix_livekit_server_image }} \ + --mount type=bind,src={{ livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ + --label-file={{ livekit_server_base_path }}/labels \ + {{ livekit_server_image }} \ --dev --config /etc/livekit.yaml ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-server @@ -31,4 +31,4 @@ RestartSec=30 SyslogIdentifier=matrix-livekit-server [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target From 88d4668450c9eea6bf53432dd20fcd3c5424b2b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:16:43 +0200 Subject: [PATCH 114/142] Variable rename (livekit_server_image -> livekit_server_container_image) for consistency with other roles --- roles/custom/matrix-livekit-server/defaults/main.yml | 2 +- roles/custom/matrix-livekit-server/tasks/install.yml | 2 +- roles/custom/matrix-livekit-server/tasks/validate_config.yml | 4 ++-- .../templates/systemd/matrix-livekit-server.service.j2 | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index c20f7247f..a71c955cc 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -11,7 +11,7 @@ livekit_server_container_http_host_bind_port: '' livekit_server_container_additional_networks: [] # No additional networks by default # Docker images -livekit_server_image: "livekit/livekit-server:latest" +livekit_server_container_image: "livekit/livekit-server:latest" # LiveKit configuration livekit_server_livekit_server_dev_key: "{{ livekit_server_dev_key }}" # Must be defined in host_vars diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index 35aec98c2..30c2e87cd 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -32,7 +32,7 @@ # Ensure Docker Images are Pulled - name: Ensure LiveKit Docker image is pulled community.docker.docker_image: - name: "{{ livekit_server_image }}" + name: "{{ livekit_server_container_image }}" source: pull register: livekit_image_result retries: 3 diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index 0694efed8..6340ed26a 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -9,5 +9,5 @@ with_items: - {'name': 'livekit_server_base_path', when: true} - {'name': 'livekit_server_container_network', when: true} - - {'name': 'livekit_server_image', when: true} - - {'name': 'livekit_server_image', when: true} + - {'name': 'livekit_server_container_image', when: true} + - {'name': 'livekit_server_container_image', when: true} diff --git a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 index 98c19e4dc..e078a898f 100644 --- a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 +++ b/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 @@ -19,7 +19,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --network=host \ --mount type=bind,src={{ livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ --label-file={{ livekit_server_base_path }}/labels \ - {{ livekit_server_image }} \ + {{ livekit_server_container_image }} \ --dev --config /etc/livekit.yaml ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-server From 925ebfbd4bc2302ca282ef2f576a738781a6157a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:21:42 +0200 Subject: [PATCH 115/142] Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-element-call.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index 6a6b5a496..4754722be 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -19,9 +19,9 @@ If you'd like to run Element Call on another hostname or path, use the `matrix_e If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. Ensure that the following DNS names have a public IP/FQDN: -- `call.DOMAIN` -- `sfu.DOMAIN` -- `sfu-jwt.DOMAIN` +- `call.example.com` +- `sfu.example.com` +- `sfu-jwt.example.com` ## Adjusting the playbook configuration From 55da5c3213ce9581654b128d0ff66a7b6a1d38ad Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:21:55 +0200 Subject: [PATCH 116/142] Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-element-call.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index 4754722be..c600b3fb9 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -36,6 +36,7 @@ keydb_enabled: true matrix_element_call_enabled: true matrix_livekit_server_enabled: true matrix_jwt_service_enabled: true + # Set a secure key for LiveKit authentication matrix_livekit_server_dev_key: 'your-secure-livekit-key' ``` From 25a8cb3b4a3a43f592a894a2170da5d9c164cd34 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:22:17 +0200 Subject: [PATCH 117/142] Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-element-call.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index c600b3fb9..4ec65d0ec 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -42,10 +42,8 @@ matrix_livekit_server_dev_key: 'your-secure-livekit-key' ``` ## Installing -After potentially adjusting DNS records and configuring the playbook, run the installation command again: -```yaml -ansible-playbook -i inventory setup.yml -``` + +After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all` ## Usage Once installed, Element Call integrates seamlessly with Matrix clients like Element Web. When the Element Call service is installed, the `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc4143.rtc_foci` section is added to point to your JWT service URL (e.g., `https://sfu-jwt.DOMAIN`). From 32ea60fdc5547d931b0797ce9e04b570b0c71255 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:22:44 +0200 Subject: [PATCH 118/142] Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-element-call.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index 4ec65d0ec..6ed90320d 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -46,9 +46,10 @@ matrix_livekit_server_dev_key: 'your-secure-livekit-key' After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all` ## Usage -Once installed, Element Call integrates seamlessly with Matrix clients like Element Web. When the Element Call service is installed, the `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc4143.rtc_foci` section is added to point to your JWT service URL (e.g., `https://sfu-jwt.DOMAIN`). -Additionally, the `/.well-known/element/element.json` file is created to help Element clients discover the Element Call URL (e.g., `https://call.DOMAIN`). +Once installed, Element Call integrates seamlessly with Matrix clients like Element Web. When the Element Call service is installed, the `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc4143.rtc_foci` section is added to point to your JWT service URL (e.g., `https://sfu-jwt.example.com`). + +Additionally, the `/.well-known/element/element.json` file is created to help Element clients discover the Element Call URL (e.g., `https://call.example.com`). ## Required Firewall and Port Forwarding Rules From ccb29beb303a56f3b52ed48d3631859ca5d36eaa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:22:56 +0200 Subject: [PATCH 119/142] Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-jwt-service.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-jwt-service.md b/docs/configuring-playbook-jwt-service.md index 7910c0920..f64a86d49 100644 --- a/docs/configuring-playbook-jwt-service.md +++ b/docs/configuring-playbook-jwt-service.md @@ -27,6 +27,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_jwt_service_enabled: true + # Set a secure key for LiveKit authentication matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' ``` From eb048da8a1e374aca5f1dc04c46a3245933b22c4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:23:06 +0200 Subject: [PATCH 120/142] Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-jwt-service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-jwt-service.md b/docs/configuring-playbook-jwt-service.md index f64a86d49..664b4d492 100644 --- a/docs/configuring-playbook-jwt-service.md +++ b/docs/configuring-playbook-jwt-service.md @@ -23,7 +23,7 @@ Ensure that the following DNS names have a public IP/FQDN: ## Adjusting the playbook configuration -Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: ```yaml matrix_jwt_service_enabled: true From df6ef106d1cf9e062ec38fed60374c4724ad0630 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:23:18 +0200 Subject: [PATCH 121/142] Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-jwt-service.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-jwt-service.md b/docs/configuring-playbook-jwt-service.md index 664b4d492..5b84ffb16 100644 --- a/docs/configuring-playbook-jwt-service.md +++ b/docs/configuring-playbook-jwt-service.md @@ -39,7 +39,8 @@ ansible-playbook -i inventory setup.yml ``` ## Usage -Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the element web client to point to your JWT service URL (e.g., `https://sfu-jwt.DOMAIN`). + +Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the element web client to point to your JWT service URL (e.g., `https://sfu-jwt.example.com`). ## Additional Information From ec41c1aba5746e23b2696e6968e8744478d7e889 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:23:28 +0200 Subject: [PATCH 122/142] Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-jwt-service.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-jwt-service.md b/docs/configuring-playbook-jwt-service.md index 5b84ffb16..85f142da5 100644 --- a/docs/configuring-playbook-jwt-service.md +++ b/docs/configuring-playbook-jwt-service.md @@ -33,10 +33,8 @@ matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' ``` ## Installing -After potentially adjusting DNS records and configuring the playbook, run the installation command again: -```yaml -ansible-playbook -i inventory setup.yml -``` + +After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all` ## Usage From 66cc36466c0e72bff5ecc5452ab7d4ebd8244889 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:23:36 +0200 Subject: [PATCH 123/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index 309d9ecf3..5656abc51 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -32,10 +32,8 @@ matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' ``` ## Installing -After potentially adjusting DNS records and configuring the playbook, run the installation command again: -```yaml -ansible-playbook -i inventory setup.yml -``` + +After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all` ## Usage Once installed, and in conjunction with Element Call and JWT Service, Livekit will become the WebRTC backend for all Element client calls. From 378392227563f90b664754d283b03fddbedd15f8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:23:47 +0200 Subject: [PATCH 124/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index 5656abc51..2b533bbca 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -27,9 +27,9 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_livekit_server_enabled: true + # Set a secure key for LiveKit authentication matrix_element_call_livekit_dev_key: 'your-secure-livekit-key' -``` ## Installing From 83bb546c643d3d7a4c9f6271084d221a0de98a1f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:23:55 +0200 Subject: [PATCH 125/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index 2b533bbca..c3abbdc4f 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -1,4 +1,4 @@ -# Setting up Livekit (optional) +# Setting up LiveKit (optional) The playbook can install and configure [Livekit](https://github.com/livekit/livekit) for you. From 0f23e36e12a652965552424b5547cdd7e04035d8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:24:05 +0200 Subject: [PATCH 126/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index c3abbdc4f..7882aae8e 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -1,6 +1,6 @@ # Setting up LiveKit (optional) -The playbook can install and configure [Livekit](https://github.com/livekit/livekit) for you. +The playbook can install and configure [LiveKit](https://github.com/livekit/livekit) for you. LiveKit is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications. From 164be875b0e3305191135784e1183b94143ff7c1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:24:15 +0200 Subject: [PATCH 127/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index 7882aae8e..fa5264954 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/livekit/livekit) to learn m ## Decide on a domain and path -By default, Livekit is configured to be served on the Matrix domain (`sfu.DOMAIN`, controlled by the `matrix_livekit_server_hostname` variable). +By default, LiveKit is configured to be served on the Matrix domain (`sfu.example.com`, controlled by the `matrix_livekit_server_hostname` variable). This makes it easy to set it up, **without** having to adjust your DNS records manually. From c321ca160ecbeec8f3ed9a96802aa436510779f8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:24:26 +0200 Subject: [PATCH 128/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index fa5264954..561d8f7fe 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -19,7 +19,7 @@ If you'd like to run Livekit on another hostname or path, use the `matrix_liveki If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. Ensure that the following DNS names have a public IP/FQDN: -- `sfu.DOMAIN` +- `sfu.example.com` ## Adjusting the playbook configuration From c07b0939022dcbc8667d37d987ca7a5137bf7cea Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:24:34 +0200 Subject: [PATCH 129/142] Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara --- docs/configuring-playbook-livekit-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index 561d8f7fe..34008ffa3 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -23,7 +23,7 @@ Ensure that the following DNS names have a public IP/FQDN: ## Adjusting the playbook configuration -Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: ```yaml matrix_livekit_server_enabled: true From fa4ebd2a64af5900eda1399cefe5f6b9b9b7334a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:37:01 +0200 Subject: [PATCH 130/142] Cleanups --- group_vars/matrix_servers | 12 +++--------- roles/custom/matrix-livekit-server/defaults/main.yml | 5 ++++- .../matrix-livekit-server/tasks/validate_config.yml | 1 + 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8fc11fbe4..0b1707b7f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -6064,14 +6064,10 @@ matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certR livekit_server_enabled: "{{ matrix_element_call_enabled }}" -livekit_server_scheme: "https" -livekit_server_hostname: "sfu.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different -livekit_server_path_prefix: "/" -livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" -livekit_server_container_image: "livekit/livekit-server:{{ livekit_server_version }}" -livekit_server_container_image_force_pull: true +livekit_server_hostname: "sfu.{{ matrix_domain }}" + +livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" -# Docker network configuration for Livekit livekit_server_container_network: "{{ matrix_addons_container_network }}" livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" @@ -6081,8 +6077,6 @@ matrix_livekit_container_labels_traefik_docker_network: "{{ matrix_playbook_reve livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -# LiveKit Service Configuration -livekit_server_livekit_dev_key: "{{ livekit_server_dev_key }}" # LiveKit dev key ######################################################################## # # diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 17a894e2e..b080f1022 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -10,6 +10,9 @@ livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" # renovate: datasource=docker depName=livekit/livekit-server livekit_server_version: v1.8.0 +livekit_server_hostname: "" +livekit_server_path_prefix: "/" + # Docker network configuration livekit_server_container_network: '' livekit_server_container_http_host_bind_port: '' @@ -23,7 +26,7 @@ livekit_server_container_repo: "https://github.com/livekit/livekit.git" livekit_server_container_repo_version: "{{ 'main' if livekit_server_version == 'latest' else livekit_server_version }}" livekit_server_container_src_files_path: "{{ livekit_server_base_path }}/container-src" -livekit_server_container_image: "livekit/livekit-server:latest" +livekit_server_container_image: "{{ livekit_server_container_image_name_prefix }}livekit/livekit-server:{{ livekit_server_version }}" livekit_server_container_image_name_prefix: "{{ 'localhost/' if livekit_server_container_image_self_build else 'docker.io/' }}" livekit_server_container_image_force_pull: "{{ livekit_server_container_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index 6340ed26a..9d55b3733 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -7,6 +7,7 @@ You need to define a required configuration setting (`{{ item.name }}`). when: "item.when | bool and vars[item.name] == ''" with_items: + - {'name': 'livekit_server_hostname', when: true} - {'name': 'livekit_server_base_path', when: true} - {'name': 'livekit_server_container_network', when: true} - {'name': 'livekit_server_container_image', when: true} From 783d4a23f82cfb65143991f9266c89dd4034d87d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 16:54:45 +0200 Subject: [PATCH 131/142] Add livekit_server_identifier --- docs/configuring-playbook-element-call.md | 2 +- group_vars/matrix_servers | 12 ++++--- .../matrix-livekit-server/defaults/main.yml | 19 ++++------ .../matrix-livekit-server/tasks/install.yml | 19 ++++------ .../matrix-livekit-server/tasks/main.yml | 1 - .../matrix-livekit-server/tasks/uninstall.yml | 36 ++++++++++--------- .../tasks/validate_config.yml | 7 ++-- .../templates/livekit.yaml.j2 | 2 +- ...r.service.j2 => livekit-server.service.j2} | 0 9 files changed, 46 insertions(+), 52 deletions(-) rename roles/custom/matrix-livekit-server/templates/systemd/{matrix-livekit-server.service.j2 => livekit-server.service.j2} (100%) diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index 19ce11d6b..663a07038 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -34,7 +34,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. matrix_element_call_enabled: true # Set a secure key for LiveKit authentication -livekit_server_dev_key: 'your-secure-livekit-key' +livekit_server_config_keys_devkey: 'your-secure-livekit-key' ``` ## Installing diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0b1707b7f..b1948b0a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -442,7 +442,7 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-jwt-service.service', 'priority': 3000, 'groups': ['matrix', 'jwt-service']}] if matrix_jwt_service_enabled else []) + - ([{'name': 'matrix-livekit-server.service', 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else []) + ([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else []) + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + @@ -6064,6 +6064,10 @@ matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certR livekit_server_enabled: "{{ matrix_element_call_enabled }}" +livekit_server_identifier: matrix-livekit-server + +livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" + livekit_server_hostname: "sfu.{{ matrix_domain }}" livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" @@ -6071,13 +6075,11 @@ livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm6 livekit_server_container_network: "{{ matrix_addons_container_network }}" livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" -# Traefik Configuration for Livekit -matrix_livekit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" -matrix_livekit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" - ######################################################################## # # # /livekit-server # diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index b080f1022..bd918011f 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -4,18 +4,17 @@ livekit_server_enabled: false -# Base path configuration -livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" +livekit_server_identifier: livekit-server + +livekit_server_base_path: "/{{ livekit_server_identifier }}" # renovate: datasource=docker depName=livekit/livekit-server livekit_server_version: v1.8.0 livekit_server_hostname: "" -livekit_server_path_prefix: "/" +livekit_server_path_prefix: / -# Docker network configuration -livekit_server_container_network: '' -livekit_server_container_http_host_bind_port: '' +livekit_server_container_network: "{{ livekit_server_identifier }}" livekit_server_container_additional_networks: "{{ livekit_server_container_additional_networks_auto + livekit_server_container_additional_networks_custom }}" livekit_server_container_additional_networks_auto: [] @@ -30,12 +29,6 @@ livekit_server_container_image: "{{ livekit_server_container_image_name_prefix } livekit_server_container_image_name_prefix: "{{ 'localhost/' if livekit_server_container_image_self_build else 'docker.io/' }}" livekit_server_container_image_force_pull: "{{ livekit_server_container_image.endswith(':latest') }}" -# LiveKit configuration -livekit_server_livekit_server_dev_key: "{{ livekit_server_dev_key }}" # Must be defined in host_vars -livekit_server_jwt_secret: "{{ matrix_element_call_jwt_secret }}" # Must be defined in host_vars -livekit_server_hostname: "sfu.{{ matrix_domain }}" - -# Traefik Configuration for Element Call livekit_server_container_labels_traefik_enabled: true livekit_server_container_labels_traefik_docker_network: "{{ livekit_server_container_network }}" livekit_server_container_labels_traefik_hostname: "{{ livekit_server_hostname }}" @@ -130,3 +123,5 @@ livekit_server_floc_optout_enabled: false # - https://hstspreload.org/#opt-in # See: `livekit_server_http_header_strict_transport_security` livekit_server_hsts_preload_enabled: true + +livekit_server_config_keys_devkey: "" diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index 30c2e87cd..70b2b39a1 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -1,8 +1,6 @@ --- -# roles/custom/matrix-livekit-server/tasks/install.yml -# Ensure Required Directories Exist -- name: Ensure matrix-livekit-server paths exist +- name: Ensure LiveKit Server paths exist ansible.builtin.file: path: "{{ item.path }}" state: directory @@ -12,8 +10,7 @@ with_items: - path: "{{ livekit_server_base_path }}" -# Ensure Configuration Files are in Place -- name: Ensure LiveKit livekit.yaml is in place +- name: Ensure LiveKit Server livekit.yaml is in place ansible.builtin.template: src: "{{ role_path }}/templates/livekit.yaml.j2" dest: "{{ livekit_server_base_path }}/livekit.yaml" @@ -21,7 +18,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure LiveKit labels file is in place +- name: Ensure LiveKit Server labels file is in place ansible.builtin.template: src: "{{ role_path }}/templates/labels.j2" dest: "{{ livekit_server_base_path }}/labels" @@ -29,8 +26,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -# Ensure Docker Images are Pulled -- name: Ensure LiveKit Docker image is pulled +- name: Ensure LiveKit Server container image is pulled community.docker.docker_image: name: "{{ livekit_server_container_image }}" source: pull @@ -39,9 +35,8 @@ delay: 10 until: livekit_image_result is not failed -# Systemd Services for LiveKit -- name: Ensure LiveKit systemd service is installed +- name: Ensure LiveKit Server systemd service is installed ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-livekit-server.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" + src: "{{ role_path }}/templates/systemd/livekit-server.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ livekit_server_identifier }}.service" mode: 0644 diff --git a/roles/custom/matrix-livekit-server/tasks/main.yml b/roles/custom/matrix-livekit-server/tasks/main.yml index 349d63be6..2929a2917 100644 --- a/roles/custom/matrix-livekit-server/tasks/main.yml +++ b/roles/custom/matrix-livekit-server/tasks/main.yml @@ -1,5 +1,4 @@ --- -# Main task file for matrix-livekit-server - tags: - setup-all diff --git a/roles/custom/matrix-livekit-server/tasks/uninstall.yml b/roles/custom/matrix-livekit-server/tasks/uninstall.yml index fdedf475a..141fe0c21 100644 --- a/roles/custom/matrix-livekit-server/tasks/uninstall.yml +++ b/roles/custom/matrix-livekit-server/tasks/uninstall.yml @@ -1,21 +1,25 @@ --- -# Uninstall tasks for matrix-livekit-server -- name: Stop and remove LiveKit container - community.docker.docker_container: - name: "matrix-livekit-server" - state: absent +- name: Check existence of LiveKit Server service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ livekit_server_identifier }}.service" + register: livekit_server_service_stat -- name: Remove LiveKit systemd service - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-server.service" - state: absent +- when: livekit_server_service_stat.stat.exists | bool + block: + - name: Ensure LiveKit Server is stopped + ansible.builtin.service: + name: "{{ livekit_server_identifier }}" + state: stopped + enabled: false + daemon_reload: true -- name: Remove matrix-livekit-server configuration files - ansible.builtin.file: - path: "{{ matrix_livekit_serverbase_path }}" - state: absent + - name: Ensure LiveKit Server systemd service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ livekit_server_identifier }}.service" + state: absent -- name: Reload systemd daemon - ansible.builtin.systemd: - daemon_reload: true \ No newline at end of file + - name: Ensure LiveKit Server paths don't exist + ansible.builtin.file: + path: "{{ livekit_server_base_path }}" + state: absent diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index 9d55b3733..54532668e 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -1,14 +1,13 @@ --- -# Validate configuration for matrix-livekit-server -- name: Fail if required matrix-livekit-server settings are not defined +- name: Fail if required LiveKit Server settings are not defined ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and vars[item.name] | length == 0" with_items: - {'name': 'livekit_server_hostname', when: true} - {'name': 'livekit_server_base_path', when: true} - {'name': 'livekit_server_container_network', when: true} - {'name': 'livekit_server_container_image', when: true} - - {'name': 'livekit_server_container_image', when: true} + - {'name': 'livekit_server_config_keys_devkey', when: true} diff --git a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 index 04fcb1170..f6b2f716f 100644 --- a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 @@ -17,4 +17,4 @@ turn: external_tls: true keys: - devkey: "{{ livekit_server_livekit_dev_key }}" + devkey: {{ livekit_server_config_keys_devkey | to_json }} diff --git a/roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 similarity index 100% rename from roles/custom/matrix-livekit-server/templates/systemd/matrix-livekit-server.service.j2 rename to roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 From 721fb39aa28ae275c4924a15fde62438b215a1ac Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 17:28:06 +0200 Subject: [PATCH 132/142] More progress on the LiveKit role --- group_vars/matrix_servers | 3 ++ .../matrix-livekit-server/defaults/main.yml | 24 ++++++++++++- .../matrix-livekit-server/tasks/install.yml | 27 +++++++------- .../tasks/validate_config.yml | 7 ++-- .../templates/config.yaml.j2 | 21 +++++++++++ .../matrix-livekit-server/templates/labels.j2 | 3 +- .../templates/livekit.yaml.j2 | 20 ----------- .../systemd/livekit-server.service.j2 | 36 ++++++++++--------- 8 files changed, 86 insertions(+), 55 deletions(-) create mode 100644 roles/custom/matrix-livekit-server/templates/config.yaml.j2 delete mode 100644 roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b1948b0a6..d88305467 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -6066,6 +6066,9 @@ livekit_server_enabled: "{{ matrix_element_call_enabled }}" livekit_server_identifier: matrix-livekit-server +livekit_server_uid: "{{ matrix_user_uid }}" +livekit_server_gid: "{{ matrix_user_gid }}" + livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" livekit_server_hostname: "sfu.{{ matrix_domain }}" diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index bd918011f..3350ecdd3 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -6,7 +6,11 @@ livekit_server_enabled: false livekit_server_identifier: livekit-server +livekit_server_uid: '' +livekit_server_gid: '' + livekit_server_base_path: "/{{ livekit_server_identifier }}" +livekit_server_config_path: "{{ livekit_server_base_path }}/config" # renovate: datasource=docker depName=livekit/livekit-server livekit_server_version: v1.8.0 @@ -124,4 +128,22 @@ livekit_server_floc_optout_enabled: false # See: `livekit_server_http_header_strict_transport_security` livekit_server_hsts_preload_enabled: true -livekit_server_config_keys_devkey: "" +# Controls the `port` configuration property. +livekit_server_config_port: 7880 + +# Controls the `rtc.tcp_port` configuration property +livekit_server_config_rtc_tcp_port: 7881 + +# Controls the `rtc.port_range_start` configuration property +livekit_server_config_rtc_port_range_start: 50100 + +# Controls the `rtc.port_range_end` configuration property +livekit_server_config_rtc_port_range_end: 50200 + +# Controls the `rtc.use_external_ip` configuration property +livekit_server_config_rtc_use_external_ip: true + +# Controls the `keys` configuration property. +livekit_server_config_keys: "{{ livekit_server_config_keys_auto | combine(livekit_server_config_keys_custom, recursive=True) }}" +livekit_server_config_keys_auto: {} +livekit_server_config_keys_custom: {} diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index 70b2b39a1..934897d9f 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -5,34 +5,37 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ livekit_server_uid }}" + group: "{{ livekit_server_gid }}" with_items: - - path: "{{ livekit_server_base_path }}" + - {path: "{{ livekit_server_base_path }}", when: true} + - {path: "{{ livekit_server_config_path }}", when: true} + - {path: "{{ livekit_server_container_src_files_path }}", when: "{{ livekit_server_container_image_self_build }}"} + when: "item.when | bool" -- name: Ensure LiveKit Server livekit.yaml is in place +- name: Ensure LiveKit Server configuration is in place ansible.builtin.template: - src: "{{ role_path }}/templates/livekit.yaml.j2" - dest: "{{ livekit_server_base_path }}/livekit.yaml" + src: "{{ role_path }}/templates/config.yaml.j2" + dest: "{{ livekit_server_config_path }}/config.yaml" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ livekit_server_uid }}" + group: "{{ livekit_server_gid }}" - name: Ensure LiveKit Server labels file is in place ansible.builtin.template: src: "{{ role_path }}/templates/labels.j2" dest: "{{ livekit_server_base_path }}/labels" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ livekit_server_uid }}" + group: "{{ livekit_server_gid }}" - name: Ensure LiveKit Server container image is pulled community.docker.docker_image: name: "{{ livekit_server_container_image }}" source: pull register: livekit_image_result - retries: 3 - delay: 10 + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: livekit_image_result is not failed - name: Ensure LiveKit Server systemd service is installed diff --git a/roles/custom/matrix-livekit-server/tasks/validate_config.yml b/roles/custom/matrix-livekit-server/tasks/validate_config.yml index 54532668e..1b7139d10 100644 --- a/roles/custom/matrix-livekit-server/tasks/validate_config.yml +++ b/roles/custom/matrix-livekit-server/tasks/validate_config.yml @@ -7,7 +7,6 @@ when: "item.when | bool and vars[item.name] | length == 0" with_items: - {'name': 'livekit_server_hostname', when: true} - - {'name': 'livekit_server_base_path', when: true} - - {'name': 'livekit_server_container_network', when: true} - - {'name': 'livekit_server_container_image', when: true} - - {'name': 'livekit_server_config_keys_devkey', when: true} + - {'name': 'livekit_server_identifier', when: true} + - {'name': 'livekit_server_uid', when: true} + - {'name': 'livekit_server_gid', when: true} diff --git a/roles/custom/matrix-livekit-server/templates/config.yaml.j2 b/roles/custom/matrix-livekit-server/templates/config.yaml.j2 new file mode 100644 index 000000000..560dba32d --- /dev/null +++ b/roles/custom/matrix-livekit-server/templates/config.yaml.j2 @@ -0,0 +1,21 @@ +port: {{ livekit_server_config_port | int | to_json }} + +bind_addresses: + - "0.0.0.0" + +rtc: + tcp_port: {{ livekit_server_config_rtc_tcp_port | int | to_json }} + port_range_start: {{ livekit_server_config_rtc_port_range_start | int | to_json }} + port_range_end: {{ livekit_server_config_rtc_port_range_end | int | to_json }} + use_external_ip: {{ livekit_server_config_rtc_use_external_ip | to_json }} + +turn: + enabled: false + domain: localhost + cert_file: "" + key_file: "" + tls_port: 5349 + udp_port: 443 + external_tls: true + +keys: {{ livekit_server_config_keys | to_json }} diff --git a/roles/custom/matrix-livekit-server/templates/labels.j2 b/roles/custom/matrix-livekit-server/templates/labels.j2 index 2200c41ac..d1aad0121 100644 --- a/roles/custom/matrix-livekit-server/templates/labels.j2 +++ b/roles/custom/matrix-livekit-server/templates/labels.j2 @@ -6,11 +6,10 @@ traefik.enable=true traefik.docker.network={{ livekit_server_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.matrix-livekit-server.loadbalancer.server.port=7880 +traefik.http.services.matrix-livekit-server.loadbalancer.server.port={{ livekit_server_config_port }} {% set middlewares = [] %} -# Path prefix handling for Livekit {% if livekit_server_container_labels_traefik_path_prefix != '/' %} traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.regex=({{ livekit_server_container_labels_traefik_path_prefix | quote }})$ traefik.http.middlewares.matrix-livekit-server-slashless-redirect.redirectregex.replacement=${1}/ diff --git a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 deleted file mode 100644 index f6b2f716f..000000000 --- a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -port: 7880 -bind_addresses: - - "0.0.0.0" -rtc: - tcp_port: 7881 - port_range_start: 50100 - port_range_end: 50200 - use_external_ip: true - -turn: - enabled: false - domain: localhost - cert_file: "" - key_file: "" - tls_port: 5349 - udp_port: 443 - external_tls: true - -keys: - devkey: {{ livekit_server_config_keys_devkey | to_json }} diff --git a/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 index e078a898f..9cf263a8c 100644 --- a/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 +++ b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 @@ -1,34 +1,38 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix LiveKit Server +Description=LiveKit Server After=docker.service Requires=docker.service [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-server 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-server 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ livekit_server_identifier }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ livekit_server_identifier }} 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ - --rm \ - --name=matrix-livekit-server \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network=host \ - --mount type=bind,src={{ livekit_server_base_path }}/livekit.yaml,dst=/etc/livekit.yaml,ro \ + --rm \ + --name={{ livekit_server_identifier }} \ + --log-driver=none \ + --user={{ livekit_server_uid }}:{{ livekit_server_gid }} \ + --cap-drop=ALL \ + --network={{ livekit_server_container_network }} \ + --mount type=bind,src={{ livekit_server_config_path }}/config.yaml,dst=/livekit-config.yaml,ro \ --label-file={{ livekit_server_base_path }}/labels \ - {{ livekit_server_container_image }} \ - --dev --config /etc/livekit.yaml + {{ livekit_server_container_image }} \ + --dev --config /livekit-config.yaml -ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-server +{% for network in livekit_server_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ livekit_server_identifier }} +{% endfor %} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-server 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-server 2>/dev/null || true' +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ livekit_server_identifier }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ livekit_server_identifier }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ livekit_server_identifier }} 2>/dev/null || true' Restart=always RestartSec=30 -SyslogIdentifier=matrix-livekit-server +SyslogIdentifier={{ livekit_server_identifier }} [Install] WantedBy=multi-user.target From 3e86adac0d76123c5558cc627b58ca9e8fbc7cca Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 18:00:43 +0200 Subject: [PATCH 133/142] Fix port exposure for LiveKit Server --- .../custom/matrix-livekit-server/defaults/main.yml | 13 +++++++++++++ .../templates/systemd/livekit-server.service.j2 | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 3350ecdd3..9d1314683 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -24,6 +24,19 @@ livekit_server_container_additional_networks: "{{ livekit_server_container_addit livekit_server_container_additional_networks_auto: [] livekit_server_container_additional_networks_custom: [] +# Controls whether the LiveKit Server container exposes its RCT TCP port (`livekit_server_config_rtc_tcp_port`) +# +# Takes an ":" or "" value (e.g. "127.0.0.1:5349"), or empty string to not expose. +livekit_server_container_rtc_tcp_host_bind_port: "{{ livekit_server_config_rtc_tcp_port if livekit_server_container_network != 'host' else '' }}" + +# Controls whether the LiveKit Server container exposes its RTC UDP port range and which interface to do it on. +# +# Takes an interface "" (e.g. "127.0.0.1"), or empty string to listen on all interfaces. +# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening. +# +# The UDP port-range itself is specified using `livekit_server_config_rtc_port_range_start` and `livekit_server_config_rtc_port_range_end`. +livekit_server_container_rtc_range_listen_interface: "{{ '' if livekit_server_container_network != 'host' else 'none' }}" + livekit_server_container_image_self_build: false livekit_server_container_repo: "https://github.com/livekit/livekit.git" livekit_server_container_repo_version: "{{ 'main' if livekit_server_version == 'latest' else livekit_server_version }}" diff --git a/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 index 9cf263a8c..cb56801ff 100644 --- a/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 +++ b/roles/custom/matrix-livekit-server/templates/systemd/livekit-server.service.j2 @@ -17,6 +17,12 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ livekit_server_uid }}:{{ livekit_server_gid }} \ --cap-drop=ALL \ --network={{ livekit_server_container_network }} \ + {% if livekit_server_container_rtc_tcp_host_bind_port != '' %} + -p {{ livekit_server_container_rtc_tcp_host_bind_port }}:{{ livekit_server_config_rtc_tcp_port }} \ + {% endif %} + {% if livekit_server_container_rtc_range_listen_interface is not in [none, 'none'] %} + -p {{ livekit_server_container_rtc_range_listen_interface }}{{ ':' if livekit_server_container_rtc_range_listen_interface else '' }}{{ livekit_server_config_rtc_port_range_start }}-{{ livekit_server_config_rtc_port_range_end }}:{{ livekit_server_config_rtc_port_range_start }}-{{ livekit_server_config_rtc_port_range_end }}/udp \ + {% endif %} --mount type=bind,src={{ livekit_server_config_path }}/config.yaml,dst=/livekit-config.yaml,ro \ --label-file={{ livekit_server_base_path }}/labels \ {{ livekit_server_container_image }} \ From 8b84eb639096e9bf5be51e9ed5c337cedcb89d44 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 18:04:53 +0200 Subject: [PATCH 134/142] Default LiveKit Server to a smaller RTC range for faster startup on non-host networks --- roles/custom/matrix-livekit-server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 9d1314683..5789566dd 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -151,7 +151,7 @@ livekit_server_config_rtc_tcp_port: 7881 livekit_server_config_rtc_port_range_start: 50100 # Controls the `rtc.port_range_end` configuration property -livekit_server_config_rtc_port_range_end: 50200 +livekit_server_config_rtc_port_range_end: 50120 # Controls the `rtc.use_external_ip` configuration property livekit_server_config_rtc_use_external_ip: true From be7271760e465c898572746a764b1db373266431 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 18:13:07 +0200 Subject: [PATCH 135/142] Make LiveKit Server logging config configurable --- .../matrix-livekit-server/defaults/main.yml | 16 ++++++++++++++++ .../templates/config.yaml.j2 | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 5789566dd..38a630a5a 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -160,3 +160,19 @@ livekit_server_config_rtc_use_external_ip: true livekit_server_config_keys: "{{ livekit_server_config_keys_auto | combine(livekit_server_config_keys_custom, recursive=True) }}" livekit_server_config_keys_auto: {} livekit_server_config_keys_custom: {} + +# Controls the `logging.level` configuration property. +# Known values: debug, info, warn, error +livekit_server_config_logging_level: info + +# Controls the `logging.pion_level` configuration property +livekit_server_config_logging_pion_level: error + +# Controls the `logging.json` configuration property. +# When set to true, emits json fields. +livekit_server_config_logging_json: false + +# Controls the `logging.sample` configuration property. +# For production setups, enables sampling algorithm. +# See: https://github.com/uber-go/zap/blob/master/FAQ.md#why-sample-application-logs +livekit_server_config_logging_sample: false diff --git a/roles/custom/matrix-livekit-server/templates/config.yaml.j2 b/roles/custom/matrix-livekit-server/templates/config.yaml.j2 index 560dba32d..a9317735c 100644 --- a/roles/custom/matrix-livekit-server/templates/config.yaml.j2 +++ b/roles/custom/matrix-livekit-server/templates/config.yaml.j2 @@ -19,3 +19,9 @@ turn: external_tls: true keys: {{ livekit_server_config_keys | to_json }} + +logging: + level: {{ livekit_server_config_logging_level | to_json }} + pion_level: {{ livekit_server_config_logging_pion_level | to_json }} + json: {{ livekit_server_config_logging_json | to_json }} + sample: {{ livekit_server_config_logging_sample | to_json }} From f0466d5a996d609abeacd7edc3c682c0073d165a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 18:19:36 +0200 Subject: [PATCH 136/142] Make LiveKit Server configuration extensible --- .../matrix-livekit-server/defaults/main.yml | 31 ++++++++++++++++++- .../matrix-livekit-server/tasks/install.yml | 8 ++--- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 38a630a5a..cd11a6732 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -141,6 +141,33 @@ livekit_server_floc_optout_enabled: false # See: `livekit_server_http_header_strict_transport_security` livekit_server_hsts_preload_enabled: true +# Holds the final LiveKit Server configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `livekit_server_configuration_yaml` or `livekit_server_configuration_extension_yaml`. +livekit_server_configuration: "{{ livekit_server_configuration_yaml | from_yaml | combine(livekit_server_configuration_extension, recursive=True) }}" + +# Default LiveKit Server configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `livekit_server_configuration_extension_yaml`) +# or completely replace this variable with your own template. +livekit_server_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +livekit_server_configuration_extension_yaml: | + # Your custom YAML configuration for baibot goes here. + # This configuration extends the default starting configuration (`livekit_server_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `livekit_server_configuration_yaml`. + # + # Example configuration extension follows: + # + # logging: + # level: debug + +livekit_server_configuration_extension: "{{ livekit_server_configuration_extension_yaml | from_yaml if livekit_server_configuration_extension_yaml | from_yaml is mapping else {} }}" + # Controls the `port` configuration property. livekit_server_config_port: 7880 @@ -153,7 +180,9 @@ livekit_server_config_rtc_port_range_start: 50100 # Controls the `rtc.port_range_end` configuration property livekit_server_config_rtc_port_range_end: 50120 -# Controls the `rtc.use_external_ip` configuration property +# Controls the `rtc.use_external_ip` configuration property. +# When set to true, attempts to discover the host's public IP via STUN. +# This is useful for cloud environments such as AWS & Google where hosts have an internal IP that maps to an external one. livekit_server_config_rtc_use_external_ip: true # Controls the `keys` configuration property. diff --git a/roles/custom/matrix-livekit-server/tasks/install.yml b/roles/custom/matrix-livekit-server/tasks/install.yml index 934897d9f..7f6217969 100644 --- a/roles/custom/matrix-livekit-server/tasks/install.yml +++ b/roles/custom/matrix-livekit-server/tasks/install.yml @@ -13,15 +13,15 @@ - {path: "{{ livekit_server_container_src_files_path }}", when: "{{ livekit_server_container_image_self_build }}"} when: "item.when | bool" -- name: Ensure LiveKit Server configuration is in place - ansible.builtin.template: - src: "{{ role_path }}/templates/config.yaml.j2" +- name: Ensure LiveKit Server configuration installed + ansible.builtin.copy: + content: "{{ livekit_server_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ livekit_server_config_path }}/config.yaml" mode: 0640 owner: "{{ livekit_server_uid }}" group: "{{ livekit_server_gid }}" -- name: Ensure LiveKit Server labels file is in place +- name: Ensure LiveKit Server labels file installed ansible.builtin.template: src: "{{ role_path }}/templates/labels.j2" dest: "{{ livekit_server_base_path }}/labels" From 394fdca0660714f09406f6c9b8649f2495318614 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 18:54:29 +0200 Subject: [PATCH 137/142] Relocate org.matrix.msc4143.rtc_foci setup to /.well-known/matrix/client to matrix-static-files instead of ugly patching --- group_vars/matrix_servers | 8 +++++++ .../matrix-element-call/tasks/install.yml | 8 +------ .../tasks/update_well_known_client.yml | 21 ------------------- .../matrix-livekit-server/defaults/main.yml | 1 + .../matrix-livekit-server/vars/main.yml | 1 + .../matrix-static-files/defaults/main.yml | 10 +++++++++ .../public/.well-known/matrix/client.j2 | 3 +++ 7 files changed, 24 insertions(+), 28 deletions(-) delete mode 100644 roles/custom/matrix-element-call/tasks/update_well_known_client.yml create mode 100644 roles/custom/matrix-livekit-server/vars/main.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d88305467..dad4e29d4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5912,6 +5912,14 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ # See: https://github.com/etkecc/synapse-admin/pull/126 matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |- + {{ + ( + [{'type': 'livekit', 'livekit_service_url': matrix_jwt_service_url}] if matrix_jwt_service_enabled else [] + ) + }} + matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index ca6b5903b..f11d002e3 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -78,12 +78,6 @@ group: "{{ matrix_user_groupname }}" when: matrix_element_call_enabled | bool -# Update the well-known client file for Element Call (adding RTC FOCI) -- name: Update the well-known client file for Element Call - ansible.builtin.include_tasks: "tasks/update_well_known_client.yml" - when: matrix_element_call_enabled | bool - - # Create .well-known/element/element.json for Element Call - name: Create the well-known element.json file ansible.builtin.template: @@ -96,4 +90,4 @@ # Update Element Web config.json with Element Call settings - name: Update Element Web config.json ansible.builtin.include_tasks: "tasks/update_element_web_config.yml" - when: matrix_element_call_enabled | bool \ No newline at end of file + when: matrix_element_call_enabled | bool diff --git a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml b/roles/custom/matrix-element-call/tasks/update_well_known_client.yml deleted file mode 100644 index bcf3f726b..000000000 --- a/roles/custom/matrix-element-call/tasks/update_well_known_client.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Read the existing well-known client file - ansible.builtin.slurp: - path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" - register: client_file_content - -- name: Load the existing JSON content - ansible.builtin.set_fact: - client_json: "{{ client_file_content['content'] | b64decode | from_json }}" - -- name: Update the existing well-known client file for Element Call (RTC FOCI) - ansible.builtin.set_fact: - updated_client_json: "{{ client_json | combine({'org.matrix.msc4143.rtc_foci': [{'type': 'livekit', 'livekit_service_url': matrix_jwt_service_url}]}, recursive=True) }}" - -- name: Write the updated well-known client file - ansible.builtin.copy: - content: "{{ updated_client_json | to_nice_json }}" - dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index cd11a6732..c52e91736 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -15,6 +15,7 @@ livekit_server_config_path: "{{ livekit_server_base_path }}/config" # renovate: datasource=docker depName=livekit/livekit-server livekit_server_version: v1.8.0 +livekit_server_scheme: https livekit_server_hostname: "" livekit_server_path_prefix: / diff --git a/roles/custom/matrix-livekit-server/vars/main.yml b/roles/custom/matrix-livekit-server/vars/main.yml new file mode 100644 index 000000000..e2f8c0ee7 --- /dev/null +++ b/roles/custom/matrix-livekit-server/vars/main.yml @@ -0,0 +1 @@ +livekit_server_public_url: "{{ livekit_server_scheme }}://{{ livekit_server_hostname }}{{ livekit_server_path_prefix }}" diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 7e3abf2f5..06a3af624 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -203,6 +203,16 @@ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin: "{{ matri matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {} matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {} +# Controls whether `org.matrix.msc4143.rtc_foci`-related entries should be added to the client well-known. +# By default, if there are entries in `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci`, we show them (by enabling this). +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | default({}) | dict2items | length > 0 }}" + +# Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file. +# See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled` +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto | combine(matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom, recursive=True) }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: {} +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: {} + # Default /.well-known/matrix/client configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 index 86882893a..600e8f4c7 100644 --- a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 @@ -57,4 +57,7 @@ {% if matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled %}, "cc.etke.synapse-admin": {{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | to_json }} {% endif %} + {% if matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled %}, + "org.matrix.msc4143.rtc_foci": {{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | to_json }} + {% endif %} } From 7a6fcaa4020fbaf5f2db13edf1e9a9dbeac6b449 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 18:59:11 +0200 Subject: [PATCH 138/142] Fix typo --- roles/custom/matrix-livekit-server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index c52e91736..a0976d70a 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -154,7 +154,7 @@ livekit_server_configuration: "{{ livekit_server_configuration_yaml | from_yaml livekit_server_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" livekit_server_configuration_extension_yaml: | - # Your custom YAML configuration for baibot goes here. + # Your custom YAML configuration for LiveKit Server goes here. # This configuration extends the default starting configuration (`livekit_server_configuration_yaml`). # # You can override individual variables from the default configuration, or introduce new ones. From 3f52cec25c971ece0082a39d75e1c81c8733302b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 19:17:30 +0200 Subject: [PATCH 139/142] Relocate Element Web features & element_call configuration to Element role, instead of ugly patching from the Element Call role --- group_vars/matrix_servers | 8 +++ .../matrix-client-element/defaults/main.yml | 61 +++++++++++++++++++ .../templates/config.json.j2 | 4 +- .../matrix-element-call/defaults/main.yml | 14 ++--- .../matrix-element-call/tasks/install.yml | 5 -- .../tasks/update_element_web_config.yml | 40 ------------ .../templates/well_known_element.json.j2 | 4 +- .../custom/matrix-element-call/vars/main.yml | 4 +- 8 files changed, 80 insertions(+), 60 deletions(-) delete mode 100644 roles/custom/matrix-element-call/tasks/update_element_web_config.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index dad4e29d4..614ccea80 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4498,6 +4498,14 @@ matrix_client_element_enable_presence_by_hs_url: |- matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" +matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}" +matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}" +matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}" +matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}" + +matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}" +matrix_client_element_element_call_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}" + ###################################################################### # # /matrix-client-element diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 4cea592b2..50f62fb22 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -180,6 +180,67 @@ matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_w # URL to Wallpaper, shown in background of welcome page matrix_client_element_branding_welcome_background_url: ~ # noqa var-naming +# Controls the `features` section of the Element Web configuration. +matrix_client_element_features: "{{ matrix_client_element_features_default | combine(matrix_client_element_features_auto, recursive=True) | combine(matrix_client_element_features_custom, recursive=True) }}" +matrix_client_element_features_default: |- + {{ + {} + + | combine( + {'feature_video_rooms': true} if matrix_client_element_features_feature_video_rooms else {} + ) + | combine( + {'feature_group_calls': true} if matrix_client_element_features_feature_group_calls else {} + ) + | combine( + {'feature_element_call_video_rooms': true} if matrix_client_element_features_feature_element_call_video_rooms else {} + ) + | combine( + {'feature_oidc_native_flow': true} if matrix_client_element_features_feature_oidc_native_flow else {} + ) + }} + +matrix_client_element_features_auto: {} +matrix_client_element_features_custom: {} + +matrix_client_element_features_feature_video_rooms: false +matrix_client_element_features_feature_group_calls: false +matrix_client_element_features_feature_element_call_video_rooms: false +matrix_client_element_features_feature_oidc_native_flow: false + +matrix_client_element_element_call_enabled: false +matrix_client_element_element_call: "{{ matrix_client_element_element_call_default | combine(matrix_client_element_element_call_auto, recursive=True) | combine(matrix_client_element_element_call_custom, recursive=True) }}" +matrix_client_element_element_call_default: |- + {{ + {} + | combine( + {'url': matrix_client_element_element_call_url} if matrix_client_element_element_call_url else {} + ) + | combine( + {'participant_limit': matrix_client_element_element_call_participant_limit} if matrix_client_element_element_call_participant_limit else {} + ) + | combine( + {'brand': matrix_client_element_element_call_brand} if matrix_client_element_element_call_brand else {} + ) + | combine( + {'use_exclusively': matrix_client_element_element_call_use_exclusively} if matrix_client_element_element_call_use_exclusively else {} + ) + }} +matrix_client_element_element_call_auto: {} +matrix_client_element_element_call_custom: {} + +# Controls the `element_call.url` setting in the Element Web configuration. +matrix_client_element_element_call_url: '' + +# Controls the `element_call.participant_limit` setting in the Element Web configuration. +matrix_client_element_element_call_participant_limit: 8 + +# Controls the `element_call.brand` setting in the Element Web configuration. +matrix_client_element_element_call_brand: "Element Call" + +# Controls the `element_call.use_exclusively` setting in the Element Web configuration. +matrix_client_element_element_call_use_exclusively: true + matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" # By default, there's no Element Web homepage (when logged in). If you wish to have one, diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index e45e68065..8dba3e2df 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -44,5 +44,7 @@ "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, "welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} - } + }, + "features": {{ matrix_client_element_features | to_json }}, + "element_call": {{ (matrix_client_element_element_call if matrix_client_element_element_call_enabled else {}) | to_json }} } diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 567553179..c65c6d078 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -2,10 +2,12 @@ # Enable or disable matrix-element-call deployment matrix_element_call_enabled: false +matrix_element_call_scheme: https +matrix_element_call_hostname: "call.{{ matrix_domain }}" + # Base path configuration matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" -element_web_config_path: "{{ matrix_base_data_path }}/client-element/config.json" # Docker network configuration matrix_element_call_container_network: '' @@ -18,16 +20,10 @@ matrix_element_call_image: "ghcr.io/element-hq/element-call:latest" # Ports matrix_element_call_port: "8093" -# Well-known paths and domains (derived from matrix_domain) -matrix_element_call_domain: "call.{{ matrix_domain }}" -matrix_element_call_well_known_client_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client" -matrix_element_call_well_known_element_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json" -matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}" - # Traefik Configuration for Element Call matrix_element_call_container_labels_traefik_enabled: true matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}" -matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}" +matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" # The path prefix must either be `/` or not end with a slash (e.g. `/element`). matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}" @@ -122,4 +118,4 @@ matrix_element_call_hsts_preload_enabled: false # Enable or disable metrics collection matrix_element_call_metrics_enabled: false -matrix_element_call_metrics_port: 2112 \ No newline at end of file +matrix_element_call_metrics_port: 2112 diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index f11d002e3..f35f2a670 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -86,8 +86,3 @@ mode: '0644' owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - -# Update Element Web config.json with Element Call settings -- name: Update Element Web config.json - ansible.builtin.include_tasks: "tasks/update_element_web_config.yml" - when: matrix_element_call_enabled | bool diff --git a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml b/roles/custom/matrix-element-call/tasks/update_element_web_config.yml deleted file mode 100644 index 2dead411e..000000000 --- a/roles/custom/matrix-element-call/tasks/update_element_web_config.yml +++ /dev/null @@ -1,40 +0,0 @@ -- name: Read Element Web config.json - ansible.builtin.slurp: - src: "{{ element_web_config_path }}" - register: element_web_config_content - -- name: Load JSON data from config.json - ansible.builtin.set_fact: - element_web_config: "{{ element_web_config_content['content'] | b64decode | from_json }}" - -- name: Update Element Call configuration in config.json - ansible.builtin.set_fact: - updated_element_call_config: > - {{ - { - "element_call": { - "url": "https://{{ matrix_element_call_domain }}", - "participant_limit": 8, - "brand": "Element Call", - "use_exclusively": true - }, - "features": { - "feature_video_rooms": true, - "feature_new_room_decoration_ui": true, - "feature_group_calls": true, - "feature_element_call_video_rooms": true - } - } - }} - -- name: Merge updated Element Call configuration with existing config.json - ansible.builtin.set_fact: - element_web_config: "{{ element_web_config | combine(updated_element_call_config, recursive=True) }}" - -- name: Write updated Element Web config.json - ansible.builtin.copy: - content: "{{ element_web_config | to_nice_json }}" - dest: "{{ element_web_config_path }}" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" diff --git a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 index 01146e656..f7a7838b2 100644 --- a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 +++ b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 @@ -1,5 +1,5 @@ { "call": { - "widget_url": "https://{{ matrix_element_call_domain }}" + "widget_url": "https://{{ matrix_element_call_hostname }}" } -} \ No newline at end of file +} diff --git a/roles/custom/matrix-element-call/vars/main.yml b/roles/custom/matrix-element-call/vars/main.yml index 1f224472a..cb65e277c 100644 --- a/roles/custom/matrix-element-call/vars/main.yml +++ b/roles/custom/matrix-element-call/vars/main.yml @@ -1,5 +1,3 @@ --- -# roles/custom/matrix-element-call/vars/main.yml -# Variables specific to matrix-element-call, like service configurations, can go here. -# Any environment-specific values can be overridden here. \ No newline at end of file +matrix_element_call_public_url: "{{ matrix_element_call_scheme }}://{{ matrix_element_call_hostname }}" From 252ca52f60d79b16345802cb2980dfd8e0258881 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 19:32:15 +0200 Subject: [PATCH 140/142] Relocate /.well-known/element/element.json setup to matrix-static-files, instead of ugly patching from the Element Call role --- group_vars/matrix_servers | 10 ++-- .../matrix-element-call/tasks/install.yml | 9 ---- .../templates/well_known_element.json.j2 | 5 -- .../matrix-static-files/defaults/main.yml | 51 +++++++++++++++++++ .../matrix-static-files/tasks/install.yml | 24 ++++++--- .../.well-known/element/element.json.j2 | 7 +++ 6 files changed, 83 insertions(+), 23 deletions(-) delete mode 100644 roles/custom/matrix-element-call/templates/well_known_element.json.j2 create mode 100644 roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 614ccea80..48609fc02 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5930,6 +5930,8 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" +matrix_static_files_file_element_element_json_property_call_widget_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}" + matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}" @@ -6044,10 +6046,12 @@ traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled e # # ######################################################################## -# Matrix Element Call Configuration -matrix_element_call_enabled: false # Default is false; should be enabled in host_vars as needed +matrix_element_call_enabled: false + +matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_element_call_version: "latest" # Default version; can be overridden in host_vars -matrix_element_call_scheme: "https" # Scheme for Element Call (e.g., https) + matrix_element_call_hostname: "call.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different matrix_element_call_path_prefix: "/" # Path prefix for Element Call matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" # Base path for storing Element Call-related files diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index f35f2a670..23b1879a7 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -77,12 +77,3 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: matrix_element_call_enabled | bool - -# Create .well-known/element/element.json for Element Call -- name: Create the well-known element.json file - ansible.builtin.template: - src: "{{ role_path }}/templates/well_known_element.json.j2" - dest: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" diff --git a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 b/roles/custom/matrix-element-call/templates/well_known_element.json.j2 deleted file mode 100644 index f7a7838b2..000000000 --- a/roles/custom/matrix-element-call/templates/well_known_element.json.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "call": { - "widget_url": "https://{{ matrix_element_call_hostname }}" - } -} diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 06a3af624..a107d36af 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -15,6 +15,7 @@ matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public" matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known" matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix" +matrix_static_files_public_well_known_element_path: "{{ matrix_static_files_public_well_known_path }}/element" # List of systemd services that matrix-static-files.service depends on matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" @@ -360,6 +361,56 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f ######################################################################## +######################################################################## +# # +# Related to /.well-known/element/element.json # +# # +######################################################################## + +# Controls whether a `/.well-known/element/element.json` file is generated and used at all. +matrix_static_files_file_element_element_json_enabled: true + +# Controls the call.widget_url property in the /.well-known/element/element.json file +matrix_static_files_file_element_element_json_property_call_widget_url: '' + +# Default /.well-known/element/element.json configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`) +# or completely replace this variable with your own template. +matrix_static_files_file_element_element_json_configuration_json: "{{ lookup('template', 'templates/public/.well-known/element/element.json.j2') }}" + +# Your custom JSON configuration for /.well-known/element/element.json should go to `matrix_static_files_file_element_element_json_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_static_files_file_matrix_support_configuration_json`. +# +# Example configuration extension follows: +# +# matrix_static_files_file_element_element_json_configuration_extension_json: | +# { +# "call": { +# "url": "value" +# } +# } +matrix_static_files_file_element_element_json_configuration_extension_json: '{}' + +matrix_static_files_file_element_element_json_configuration_extension: "{{ matrix_static_files_file_element_element_json_configuration_extension_json | from_json if matrix_static_files_file_element_element_json_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_element_element_json_configuration_json` or `matrix_static_files_file_element_element_json_configuration_extension_json`. +matrix_static_files_file_element_element_json_configuration: "{{ matrix_static_files_file_element_element_json_configuration_json | combine(matrix_static_files_file_element_element_json_configuration_extension, recursive=True) }}" + +######################################################################## +# # +# /Related to /.well-known/element/element.json # +# # +######################################################################## + + ######################################################################## # # # Related to index.html # diff --git a/roles/custom/matrix-static-files/tasks/install.yml b/roles/custom/matrix-static-files/tasks/install.yml index 3cbd9d4c6..b70079434 100644 --- a/roles/custom/matrix-static-files/tasks/install.yml +++ b/roles/custom/matrix-static-files/tasks/install.yml @@ -2,17 +2,19 @@ - name: Ensure matrix-static-files paths exist ansible.builtin.file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_static_files_base_path }}" - - "{{ matrix_static_files_config_path }}" - - "{{ matrix_static_files_public_path }}" - - "{{ matrix_static_files_public_well_known_path }}" - - "{{ matrix_static_files_public_well_known_matrix_path }}" + - {path: "{{ matrix_static_files_base_path }}", when: true} + - {path: "{{ matrix_static_files_config_path }}", when: true} + - {path: "{{ matrix_static_files_public_path }}", when: true} + - {path: "{{ matrix_static_files_public_well_known_path }}", when: true} + - {path: "{{ matrix_static_files_public_well_known_matrix_path }}", when: true} + - {path: "{{ matrix_static_files_public_well_known_element_path }}", when: true} + when: "item.when | bool" - name: Ensure matrix-static-files is configured ansible.builtin.template: @@ -52,6 +54,10 @@ dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support" when: "{{ matrix_static_files_file_matrix_support_enabled }}" + - content: "{{ matrix_static_files_file_element_element_json_configuration | to_nice_json }}" + dest: "{{ matrix_static_files_public_well_known_element_path }}/element.json" + when: "{{ matrix_static_files_file_element_element_json_enabled }}" + # This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`. # See the comment for `matrix_static_files_file_index_html_enabled` to learn why. - content: "{{ matrix_static_files_file_index_html_template }}" @@ -70,6 +76,12 @@ state: absent when: "not matrix_static_files_file_matrix_support_enabled | bool" +- name: Ensure /.well-known/element/element.json file deleted if not enabled + ansible.builtin.file: + path: "{{ matrix_static_files_public_well_known_element_path }}/element.json" + state: absent + when: "not matrix_static_files_file_element_element_json_enabled | bool" + - name: Ensure matrix-static-files container image is pulled community.docker.docker_image: name: "{{ matrix_static_files_container_image }}" diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 new file mode 100644 index 000000000..68d13f098 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 @@ -0,0 +1,7 @@ +{ + {% if matrix_static_files_file_element_element_json_property_call_widget_url %} + "call": { + "widget_url": {{ matrix_static_files_file_element_element_json_property_call_widget_url | to_json }} + } + {% endif %} +} From 69d702643f850354ba0afe35596f8e8c53967399 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 19:36:55 +0200 Subject: [PATCH 141/142] Remove homeserver.yaml patching from Element Call role --- .../matrix-element-call/defaults/main.yml | 1 - .../matrix-element-call/tasks/install.yml | 30 ------------------- 2 files changed, 31 deletions(-) diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index c65c6d078..dd8bb98cb 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -7,7 +7,6 @@ matrix_element_call_hostname: "call.{{ matrix_domain }}" # Base path configuration matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" -matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml" # Docker network configuration matrix_element_call_container_network: '' diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index 23b1879a7..bc2238ae7 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -47,33 +47,3 @@ src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" mode: 0644 - -# Update homeserver.yaml for Element Call -- name: Add listeners section for Element Call to homeserver.yaml - ansible.builtin.blockinfile: - path: "{{ matrix_homeserver_config_path }}" - block: | - listeners: - - port: 8008 - tls: false - type: http - x_forwarded: true - resources: - - names: [client, federation, openid] - compress: false - marker: "# ANSIBLE MANAGED BLOCK - Element Call listeners" - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_element_call_enabled | bool - -- name: Ensure serve_server_wellknown is enabled in homeserver.yaml - ansible.builtin.lineinfile: - path: "{{ matrix_homeserver_config_path }}" - line: "serve_server_wellknown: true" - insertafter: EOF - state: present - mode: '0644' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_element_call_enabled | bool From 006920882c54408e77b70cbd2719602fe63bab69 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Nov 2024 19:38:23 +0200 Subject: [PATCH 142/142] Rename file (element-call-labels -> labels) --- roles/custom/matrix-element-call/tasks/install.yml | 4 ++-- .../templates/{element-call-labels.j2 => labels.j2} | 0 .../templates/systemd/matrix-element-call.service.j2 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename roles/custom/matrix-element-call/templates/{element-call-labels.j2 => labels.j2} (100%) diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml index bc2238ae7..21f1808fc 100644 --- a/roles/custom/matrix-element-call/tasks/install.yml +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -24,8 +24,8 @@ - name: Ensure matrix-element-call Docker labels file is in place ansible.builtin.template: - src: "{{ role_path }}/templates/element-call-labels.j2" - dest: "{{ matrix_element_call_base_path }}/element-call-labels" + src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_element_call_base_path }}/labels" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" diff --git a/roles/custom/matrix-element-call/templates/element-call-labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 similarity index 100% rename from roles/custom/matrix-element-call/templates/element-call-labels.j2 rename to roles/custom/matrix-element-call/templates/labels.j2 diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 index dcb3fa7c2..a22ff17f1 100644 --- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -24,7 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ {% if matrix_element_call_container_http_host_bind_port %} -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ {% endif %} - --label-file={{ matrix_element_call_base_path }}/element-call-labels \ + --label-file={{ matrix_element_call_base_path }}/labels \ {% for arg in matrix_element_call_container_extra_arguments %} {{ arg }} \ {% endfor %} @@ -43,4 +43,4 @@ RestartSec=30 SyslogIdentifier=matrix-element-call [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target