From 9970603f153f44c1ee3368275ce3e58c2a0586b8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 15 Mar 2025 08:34:48 +0200 Subject: [PATCH] Add Element Call support This is an initial implementaton that's hasn't been battle-tested much. Our LiveKit Server setup by default doesn't enable TURN, so connectivity for NAT-ed clients may be subpar. Squashed commit of the following: commit d5c24fcafe45588437e7a5b415e86a2ca48fdc46 Author: Slavi Pantaleev Date: Sat Mar 15 08:31:48 2025 +0200 Upgrade LiveKit Server (v1.8.4-1 -> v1.8.4-2) commit 4d61cc571b98024a3af876524c008225d7028e66 Merge: 9c24064fb 9a231a815 Author: Slavi Pantaleev Date: Sat Mar 15 08:19:05 2025 +0200 Merge branch 'master' into element-call-integration commit 9c24064fb606d34451ec2b16e8b934528e123cdd Author: Slavi Pantaleev Date: Sat Mar 15 08:14:49 2025 +0200 Make Element Call fail during validation if on an unsupported architecture (like arm32) commit a757b515fb22365928965f5fbd6ed5390c72077d Merge: ba9cedbed 2a6b746ac Author: Slavi Pantaleev Date: Sat Mar 15 08:11:16 2025 +0200 Merge branch 'master' into element-call-integration commit ba9cedbedae75bbf65af18663555264ffc471db4 Merge: 4a638c2df f8f7ffc7d Author: Slavi Pantaleev Date: Sat Mar 15 08:03:03 2025 +0200 Merge branch 'master' into element-call-integration commit 4a638c2df3535a375eeca0bd22bb5e07b0a59170 Author: Slavi Pantaleev Date: Sat Mar 15 07:52:04 2025 +0200 Prepare Element Call announcement text on the changelog commit 155d5dad388a5026d61115b3af6c8a58560c6f28 Author: Slavi Pantaleev Date: Sat Mar 15 07:49:49 2025 +0200 Mention the compatible clients on Element Call docs, more cross-linking & consistency fixes commit 6b8a3fc8913c108ef42a71eae0ee49b0062b0fde Merge: 3ea1ea2f3 95dcaf6e2 Author: Slavi Pantaleev Date: Sat Mar 15 07:38:02 2025 +0200 Merge branch 'master' into element-call-integration commit 3ea1ea2f34eff32fc13f5f5e4f8e2e28cc296c24 Merge: d3913a015 60e2e035a Author: Slavi Pantaleev Date: Fri Mar 14 22:29:14 2025 +0200 Merge branch 'master' into element-call-integration commit d3913a015ef7501d4843671a4293558a8d2afd21 Author: Slavi Pantaleev Date: Fri Mar 14 20:04:18 2025 +0200 Upgrade LiveKit Server (v1.8.4-0 -> v1.8.4-1) commit ac7f96806d32665c7df2757b8c4ed8ac9ce5fc2b Author: Slavi Pantaleev Date: Fri Mar 14 19:58:09 2025 +0200 Relocate the livekit-server Ansible role to its own repository in the MASH organization commit b8d800f6eff5dd48a387831277a9ad5dd0a9cd44 Author: Slavi Pantaleev Date: Fri Mar 14 19:37:29 2025 +0200 Add "Federation" as a prerequisite for Element Call (indirect, via LiveKit JWT Service) Ref: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554 - https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146 commit 2c1c49444a6729ff54b224955f2736cf791ab2ca Merge: 6bc0185d5 8e883a555 Author: Slavi Pantaleev Date: Fri Mar 14 19:32:48 2025 +0200 Merge branch 'master' into element-call-integration commit 6bc0185d506a446396a811cc01c1ea43759cf121 Author: Slavi Pantaleev Date: Thu Mar 13 09:43:22 2025 +0200 Add Element Call, LiveKit Server and LiveKit JWT Service to `README.md` Ref: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2720039742 commit a0470fe24879f2b2c0a827ccdcecd65a47af6895 Author: Slavi Pantaleev Date: Wed Mar 12 19:12:30 2025 +0200 Minor rewording in LiveKit Server docs commit d4ceebc6a9c03278b7d81c5c1bd2a9a1df31f3bb Author: Slavi Pantaleev Date: Wed Mar 12 19:12:22 2025 +0200 Add Element Call, LiveKit Server and LiveKit JWT Service to `docs/container-images.md` commit 6a86de958f0d2cb37ec7adc1831e6845b9e2379b Author: Slavi Pantaleev Date: Wed Mar 12 19:05:51 2025 +0200 Apply suggestions from code review Co-authored-by: Suguru Hirahara commit d9df022d559c8b5d57e42c579fe4dac3ceb7bd86 Merge: 676f9dd9a 2f30886b1 Author: Slavi Pantaleev Date: Wed Mar 12 18:40:31 2025 +0200 Merge branch 'master' into element-call-integration commit 676f9dd9ad0de00a3a661c0b67157e7b4b2cea1f Merge: 251561ff8 2be709e2c Author: Slavi Pantaleev Date: Wed Mar 12 18:00:45 2025 +0200 Merge branch 'master' into element-call-integration commit 251561ff8169f347e11820d414adb17c19ea4b00 Author: Slavi Pantaleev Date: Wed Mar 12 17:47:01 2025 +0200 Simplify LiveKit Server role by removing unused/untested HTTP middleware variables commit 1e60f41a59eb55cccb36bc9aa15e19cb4d26d2fa Author: Slavi Pantaleev Date: Wed Mar 12 17:44:00 2025 +0200 Restore Element Call HTTP headers to more secure/privacy-respecting values commit f8e84c4b2f19bcb067edf81792c80051dbaebfa1 Author: Slavi Pantaleev Date: Wed Mar 12 17:43:34 2025 +0200 Remove useless `matrix_element_call_port` variable commit 3f5e8f656b61535b76f30fdd105fd16351db8530 Author: Slavi Pantaleev Date: Wed Mar 12 17:35:30 2025 +0200 Switch default LiveKit server endpoint to one under the `matrix.` domain and polish-up docs commit 72118f2f035508ca8a08a44521628d31ce935471 Author: Slavi Pantaleev Date: Wed Mar 12 16:56:06 2025 +0200 Fix LiveKitServer middlware name (`matrix-livekit-server-server-slashless-redirect` -> `matrix-livekit-server-slashless-redirect`) commit 585377975b81d490d581820cc04c774216f1381e Author: Slavi Pantaleev Date: Wed Mar 12 16:51:10 2025 +0200 Adjust LiveKit Server ports and exposure commit 22ef57944465c971a074de1d1f83bc18bdf187a7 Author: Slavi Pantaleev Date: Wed Mar 12 15:44:31 2025 +0200 Make livekit-jwt-service communicate with livekit-server via public URLs Communicating via container URLs works, but the URL provided to livekit-jwt-service as `LIVEKIT_URL` is also passed to the user later and it must be a public one at that point. It'd be great if livekit-jwt-service can be given 2 different URLs (e.g. `LIVEKIT_URL` and `LIVEKIT_URL_PUBLIC`) and only announce the public one to the user, but there's no support for this yet. commit 32f8c6de6e405356d9862b45a2117a2a709e9649 Merge: 370feb740 79cc333be Author: Slavi Pantaleev Date: Wed Mar 12 15:27:42 2025 +0200 Merge branch 'master' into element-call-integration commit 370feb740f37e33f57507337ea835ab35d9b9e39 Merge: 9a11e5e1f a9ee537f8 Author: Slavi Pantaleev Date: Wed Mar 12 10:04:19 2025 +0200 Merge branch 'master' into element-call-integration commit 9a11e5e1fe602d4562b3f9b7f88f531c3d06e2ed Author: Slavi Pantaleev Date: Wed Mar 12 09:19:03 2025 +0200 Auto-enable experimental Synapse features required by Element Call when Element Call is enabled commit 8291b2f99d4e3fb91a0cba2349bcf2993cd26e52 Merge: 890f10f76 c5a03efdf Author: Slavi Pantaleev Date: Wed Mar 12 09:14:50 2025 +0200 Merge branch 'master' into element-call-integration commit 890f10f76511438ead08f8de178b1a3001de9a9f Author: Slavi Pantaleev Date: Wed Mar 12 09:01:35 2025 +0200 Make `matrix_livekit_jwt_service_public_url` respect `matrix_livekit_jwt_service_path_prefix` commit 031cf68cbb0167cf89cfa5297c29bbe1866e29eb Author: Slavi Pantaleev Date: Wed Mar 12 08:59:50 2025 +0200 Remove unused `matrix_element_call_metrics_*` variables commit 5961841e52841015bb1ce065bd3bcb5c669cca36 Author: Slavi Pantaleev Date: Wed Mar 12 08:59:05 2025 +0200 Make matrix-livekit-jwt-service role not reference foreign variables (except the matrix-base ones) commit 2be4923aef392fbac4e2c703201b76e895f64387 Author: Slavi Pantaleev Date: Wed Mar 12 08:56:15 2025 +0200 Make Element Call role not reference foreign variables (except the matrix-base ones) commit 23efad9cb7808040a7a666c11997789164a1ac9d Author: Slavi Pantaleev Date: Wed Mar 12 08:51:52 2025 +0200 Rework Element Call config.json templating commit 6b55ba29abb23085b9a93d9e591c2970764e5314 Author: Slavi Pantaleev Date: Wed Mar 12 08:46:11 2025 +0200 Make Element Call refuse a path prefix other than `/` commit 0d1112638d8de9ea3edaf155160c999bfe0e8b76 Author: Slavi Pantaleev Date: Wed Mar 12 08:05:42 2025 +0200 Update LiveKit JWT service path prefix (`/lk-jwt-service` -> `/livekit-jwt-service`) commit c3c2ba34b449616bb634427e6a746c62dfb9d91d Author: Slavi Pantaleev Date: Wed Mar 12 08:02:29 2025 +0200 Split `matrix_element_call_systemd_required_services_list` into `_default`, `_auto` and `_custom` commit 0215708f79edfaa6d4a528f10847faaf243ca450 Author: Slavi Pantaleev Date: Wed Mar 12 08:00:28 2025 +0200 Remove some useless variables and rework environment variables variable for livekit-jwt-service commit e1b57f3d450e2a55c23fe8558525842139d856ce Author: Slavi Pantaleev Date: Wed Mar 12 07:56:47 2025 +0200 Pin livekit-jwt-service to released (v0.2.0) and adapt configuration commit de2a8f11d2f85f48153d60b58cfd4b0b46d69bed Author: Slavi Pantaleev Date: Wed Mar 12 07:46:51 2025 +0200 `_name_prefix` -> `_registry_prefix` changes for LiveKit roles commit 2a69ca35be70fddca3d069d9512fa6e842659a1d Author: Slavi Pantaleev Date: Wed Mar 12 07:42:40 2025 +0200 Clean up Element Call group vars vs defaults/main.yml mixup and make some minor LiveKit updates commit 72d64cfa6b4dd2a82cb208ed1116a2f9f34018dc Merge: f161c7c58 5dfbefd64 Author: Slavi Pantaleev Date: Wed Mar 12 07:03:53 2025 +0200 Merge branch 'master' into element-call-integration commit f161c7c58f86826dcd91ee59240abb3d2d62f5da Author: Slavi Pantaleev Date: Wed Mar 12 07:03:00 2025 +0200 Add newlines at end of files commit 6c6b44dc255918691e1f7c4490ed7c83998d6420 Author: Slavi Pantaleev Date: Wed Mar 12 06:58:00 2025 +0200 Add license information to Element Call and LiveKit roles commit 8eb1c57e2b4388cf5658803bc12c9d45f209f6b9 Merge: 61069d631 aa36acdef Author: Slavi Pantaleev Date: Wed Mar 12 06:36:48 2025 +0200 Merge branch 'master' into element-call-integration commit 61069d63131c368feadd478f63d10e3b1d432ca2 Merge: 74d6a99b1 0b9389fd6 Author: Slavi Pantaleev Date: Wed Mar 12 06:34:00 2025 +0200 Merge branch 'element-call-integration' of github.com:wjbeckett/matrix-docker-ansible-deploy into element-call-integration commit 74d6a99b1e19fc020da6c713d0fe81eedac3ac16 Author: Slavi Pantaleev Date: Wed Mar 12 06:32:22 2025 +0200 Adjust names for Element Call tasks and make uninstallation more consistent with other roles commit 81a30f17ac0441852bb10aa3d00d0e0ac4dd010e Author: Slavi Pantaleev Date: Wed Mar 12 06:29:39 2025 +0200 Remove some superficial comments commit 413d5915623486001a3067280a475226d83d5d51 Author: Slavi Pantaleev Date: Wed Mar 12 06:27:11 2025 +0200 Bring container-network-creation tasks up-to-date for Element Call and LiveKit-related services commit 7572522820766e47cf295cb327913c9eecf5bdba Merge: 564275527 5ece1fea5 Author: Slavi Pantaleev Date: Wed Mar 12 06:24:34 2025 +0200 Merge branch 'master' into element-call-integration commit 0b9389fd6492d0c26c5ed16ba17d51d36c378016 Author: Slavi Pantaleev Date: Sat Nov 23 17:43:52 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit 9a8a56943187b24ecf721e8f0aeeda578cbc9a48 Author: Slavi Pantaleev Date: Sat Nov 23 17:43:29 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara commit bb403e1aee1106d19af57f1f78c24fadd51172f6 Author: Slavi Pantaleev Date: Sat Nov 23 17:43:15 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara commit 74fbacbd9f161e568c82de86dd07698bc1ede13c Author: Slavi Pantaleev Date: Sat Nov 23 17:42:54 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara commit 5642755273614e1bdd1f8cf89750874c5ecf3fd7 Author: Slavi Pantaleev Date: Sat Nov 23 16:40:50 2024 +0200 Rework LiveKit JWT Service role commit bb925f4782c2304c6d6e9b42ee29f2e1caaef649 Merge: c57d0d192 ca8c1cf2b Author: Slavi Pantaleev Date: Sat Nov 23 14:45:20 2024 +0200 Merge branch 'master' into element-call-integration commit c57d0d192d281e6bcfa921ad737d157a86f7359f Author: Slavi Pantaleev Date: Thu Nov 21 19:45:07 2024 +0200 Eliminate remaining matrix references from LiveKit Server role commit 006920882c54408e77b70cbd2719602fe63bab69 Author: Slavi Pantaleev Date: Thu Nov 21 19:38:23 2024 +0200 Rename file (element-call-labels -> labels) commit 69d702643f850354ba0afe35596f8e8c53967399 Author: Slavi Pantaleev Date: Thu Nov 21 19:36:55 2024 +0200 Remove homeserver.yaml patching from Element Call role commit 252ca52f60d79b16345802cb2980dfd8e0258881 Author: Slavi Pantaleev Date: Thu Nov 21 19:32:15 2024 +0200 Relocate /.well-known/element/element.json setup to matrix-static-files, instead of ugly patching from the Element Call role commit 3f52cec25c971ece0082a39d75e1c81c8733302b Author: Slavi Pantaleev Date: Thu Nov 21 19:17:30 2024 +0200 Relocate Element Web features & element_call configuration to Element role, instead of ugly patching from the Element Call role commit 7a6fcaa4020fbaf5f2db13edf1e9a9dbeac6b449 Author: Slavi Pantaleev Date: Thu Nov 21 18:59:11 2024 +0200 Fix typo commit 394fdca0660714f09406f6c9b8649f2495318614 Author: Slavi Pantaleev Date: Thu Nov 21 18:54:29 2024 +0200 Relocate org.matrix.msc4143.rtc_foci setup to /.well-known/matrix/client to matrix-static-files instead of ugly patching commit f0466d5a996d609abeacd7edc3c682c0073d165a Author: Slavi Pantaleev Date: Thu Nov 21 18:19:36 2024 +0200 Make LiveKit Server configuration extensible commit be7271760e465c898572746a764b1db373266431 Author: Slavi Pantaleev Date: Thu Nov 21 18:13:07 2024 +0200 Make LiveKit Server logging config configurable commit 8b84eb639096e9bf5be51e9ed5c337cedcb89d44 Author: Slavi Pantaleev Date: Thu Nov 21 18:04:53 2024 +0200 Default LiveKit Server to a smaller RTC range for faster startup on non-host networks commit 3e86adac0d76123c5558cc627b58ca9e8fbc7cca Author: Slavi Pantaleev Date: Thu Nov 21 18:00:43 2024 +0200 Fix port exposure for LiveKit Server commit 721fb39aa28ae275c4924a15fde62438b215a1ac Author: Slavi Pantaleev Date: Thu Nov 21 17:28:06 2024 +0200 More progress on the LiveKit role commit 783d4a23f82cfb65143991f9266c89dd4034d87d Author: Slavi Pantaleev Date: Thu Nov 21 16:54:45 2024 +0200 Add livekit_server_identifier commit fa4ebd2a64af5900eda1399cefe5f6b9b9b7334a Author: Slavi Pantaleev Date: Thu Nov 21 16:37:01 2024 +0200 Cleanups commit 79ae704a245bc2d68e7968f38ef5ea39aa64b833 Merge: 88d466845 c07b09390 Author: Slavi Pantaleev Date: Thu Nov 21 16:31:50 2024 +0200 Merge branch 'element-call-integration' of github.com:wjbeckett/matrix-docker-ansible-deploy into element-call-integration commit c07b0939022dcbc8667d37d987ca7a5137bf7cea Author: Slavi Pantaleev Date: Thu Nov 21 16:24:34 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit c321ca160ecbeec8f3ed9a96802aa436510779f8 Author: Slavi Pantaleev Date: Thu Nov 21 16:24:26 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit 164be875b0e3305191135784e1183b94143ff7c1 Author: Slavi Pantaleev Date: Thu Nov 21 16:24:15 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit 0f23e36e12a652965552424b5547cdd7e04035d8 Author: Slavi Pantaleev Date: Thu Nov 21 16:24:05 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit 83bb546c643d3d7a4c9f6271084d221a0de98a1f Author: Slavi Pantaleev Date: Thu Nov 21 16:23:55 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit 378392227563f90b664754d283b03fddbedd15f8 Author: Slavi Pantaleev Date: Thu Nov 21 16:23:47 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit 66cc36466c0e72bff5ecc5452ab7d4ebd8244889 Author: Slavi Pantaleev Date: Thu Nov 21 16:23:36 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara commit ec41c1aba5746e23b2696e6968e8744478d7e889 Author: Slavi Pantaleev Date: Thu Nov 21 16:23:28 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara commit df6ef106d1cf9e062ec38fed60374c4724ad0630 Author: Slavi Pantaleev Date: Thu Nov 21 16:23:18 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara commit eb048da8a1e374aca5f1dc04c46a3245933b22c4 Author: Slavi Pantaleev Date: Thu Nov 21 16:23:06 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara commit ccb29beb303a56f3b52ed48d3631859ca5d36eaa Author: Slavi Pantaleev Date: Thu Nov 21 16:22:56 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara commit 32ea60fdc5547d931b0797ce9e04b570b0c71255 Author: Slavi Pantaleev Date: Thu Nov 21 16:22:44 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara commit 25a8cb3b4a3a43f592a894a2170da5d9c164cd34 Author: Slavi Pantaleev Date: Thu Nov 21 16:22:17 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara commit 55da5c3213ce9581654b128d0ff66a7b6a1d38ad Author: Slavi Pantaleev Date: Thu Nov 21 16:21:55 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara commit 925ebfbd4bc2302ca282ef2f576a738781a6157a Author: Slavi Pantaleev Date: Thu Nov 21 16:21:42 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara commit 88d4668450c9eea6bf53432dd20fcd3c5424b2b2 Author: Slavi Pantaleev Date: Thu Nov 21 16:16:43 2024 +0200 Variable rename (livekit_server_image -> livekit_server_container_image) for consistency with other roles commit 1838a541aef4fba960ffdedd47010311ea58b31f Author: Slavi Pantaleev Date: Thu Nov 21 16:15:54 2024 +0200 Variables rename (matrix_livekit_server_ -> livekit_server_) to prepare for role extraction commit 1e82530080cb3387d0bad5136cee5c7f421e8c4a Merge: 82127830b 0c9fc4358 Author: Slavi Pantaleev Date: Thu Nov 21 15:59:56 2024 +0200 Merge branch 'master' into element-call-integration commit 82127830b39995cb74fff5393fd3b945d65aefdc Author: Slavi Pantaleev Date: Thu Nov 21 15:58:01 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/uninstall.yml Co-authored-by: Suguru Hirahara commit 85c0ffa9e1d84e3d85083634db00b22a785db9c7 Author: Slavi Pantaleev Date: Thu Nov 21 15:57:51 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/uninstall.yml Co-authored-by: Suguru Hirahara commit b691f39d392c42b8286896a4c04d78f0f5a9e711 Author: Slavi Pantaleev Date: Thu Nov 21 15:57:44 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/install.yml Co-authored-by: Suguru Hirahara commit 10df1451015e48739fc7589012aa6c10de9bb472 Author: Slavi Pantaleev Date: Thu Nov 21 15:57:31 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/install.yml Co-authored-by: Suguru Hirahara commit fa2a913d39fb5f89dfc2f1017a266878aa5825b0 Author: wjbeckett Date: Thu Oct 3 16:20:54 2024 +1000 fixing issue with element call domain not being expanded when writing the element web config.json. commit e18b28136cb8055574cc2f1367c7d6a784afb770 Author: wjbeckett Date: Thu Oct 3 15:28:56 2024 +1000 Updated Element call docs with dependent services and fixed typo. commit 1906d61c39eae8b8be44722a857b7a90d494bb4f Author: wjbeckett Date: Thu Oct 3 13:25:40 2024 +1000 updated traefik label to be in line with the latest change from devture_traefik_ to traefik_ commit b7e0a41134ea656391d51e44e1247f054e9452e4 Merge: a03f5985a d9a919a4b Author: Backslash Date: Thu Oct 3 13:20:02 2024 +1000 Merge branch 'spantaleev:master' into element-call-integration commit a03f5985a536e461653bfc30dc6ccc8372180d25 Author: wjbeckett Date: Thu Oct 3 12:38:34 2024 +1000 removed trailing whitespaces commit 1e6698cb994b360b06b4d101bad4412cace6f3cc Author: wjbeckett Date: Wed Oct 2 13:27:02 2024 +1000 updated documentation or the new roles. commit f684719b2a732d846aa5f6d145aed6d8a45596c3 Author: wjbeckett Date: Tue Oct 1 22:30:09 2024 +1000 fixed error with element client update task commit a6e3203398fbb6c28a98127ca59ed8ad112ca68c Author: wjbeckett Date: Tue Oct 1 22:20:50 2024 +1000 updated docs, broke the well-known and element client modifications out to separate tasks. commit 2b4fdea70fd8572cc1074bd5f7eaff84ed1247de Author: wjbeckett Date: Tue Oct 1 17:04:11 2024 +1000 added header flags back in. commit 6c8923ae2879948fbdaa794bdb5992aee1a13e3c Author: wjbeckett Date: Tue Oct 1 16:51:06 2024 +1000 removed headers. commit 9691577b2239e894f9c8c1ae52f38b3c29802b80 Author: wjbeckett Date: Tue Oct 1 16:45:07 2024 +1000 removed additinoal headers commit 46109565e1235be5203df505d4a1455acd8be4a3 Author: wjbeckett Date: Tue Oct 1 16:33:48 2024 +1000 updated headers for each of the call services. commit 4acb025130278f2a8426b41f2ec4920f9d409ed4 Author: wjbeckett Date: Tue Oct 1 13:35:53 2024 +1000 testing livekit configuration commit e421852af5a0d571c9ef74e8c3cade58111d67ad Author: wjbeckett Date: Tue Oct 1 13:09:00 2024 +1000 updated jwt bind port commit 5507fb3bab5fb89733f82715dfac67ff1457f99a Author: wjbeckett Date: Tue Oct 1 13:08:21 2024 +1000 added element-call config.json to systemd file commit 9864996aad36de6350c66095a4bb224ba022648b Author: wjbeckett Date: Tue Oct 1 12:46:37 2024 +1000 adjusted jwt service ports for traefik commit dbbaae4fbebd1bdd06d20d7ddf6325aa347918a2 Author: wjbeckett Date: Tue Oct 1 12:34:25 2024 +1000 stopping the recursive loop commit d53c2428b8cfb9da1a7e668802716fc4f2caaf6c Author: wjbeckett Date: Tue Oct 1 12:29:35 2024 +1000 updated jwt hostname. commit f98a505df82526e8acc4460eea45a41fd9293382 Author: wjbeckett Date: Tue Oct 1 11:00:56 2024 +1000 changed jwt-service port label. commit d5aabc85be569354dc99f967ba3c397e371880ac Author: wjbeckett Date: Tue Oct 1 10:41:30 2024 +1000 removed redis images in favor of the inbuilt keyDB commit 7cdec5f2513c5c31d018c41468065f766fdbea57 Author: wjbeckett Date: Tue Oct 1 10:17:34 2024 +1000 fixed type in livekit image commit fd2f505b34092a8f0267023b9f6ac9c41308f1f9 Author: wjbeckett Date: Tue Oct 1 10:00:30 2024 +1000 Fixed typo in livekit server hostname commit 812b57cfaa81d19b959bc13919abcba4c88b5336 Author: wjbeckett Date: Tue Oct 1 09:54:02 2024 +1000 resolved missing key. commit b7b8ed573b9a56034785e17f232c707524fe4f16 Author: wjbeckett Date: Tue Oct 1 09:48:44 2024 +1000 typo in livekit-server validate. commit 97f93ebd76d984e80c398161335d036f40e1e280 Author: wjbeckett Date: Tue Oct 1 09:31:42 2024 +1000 renamed the livekit role and added livekit-server and jwt-service roles to the setup file. commit 8cb7deff15e585571f69dfc3e7de63ce96b9c9c8 Author: wjbeckett Date: Mon Sep 30 23:04:10 2024 +1000 cleaned up old services again commit 71dff50a65ccd00a328f1f6f068889bb2d6bc205 Author: wjbeckett Date: Mon Sep 30 22:53:21 2024 +1000 fixed livekit service name commit 58a9642e8c33fe87da03bd4db911d5569e22523b Author: wjbeckett Date: Mon Sep 30 22:45:56 2024 +1000 fixed config file placement. commit 3de399025f550973b04baeb6b66d062a16e1b884 Author: wjbeckett Date: Mon Sep 30 22:41:36 2024 +1000 hard coded redis port. commit e952ba1c3a0c4db903a1b595c5ce1804ae2db636 Author: wjbeckett Date: Mon Sep 30 22:35:59 2024 +1000 removed duplicate tasks. commit 8cb3e33bbfddaa50b7370e65d1668e6e1333b606 Author: wjbeckett Date: Mon Sep 30 22:20:46 2024 +1000 separated livekit and jwt to separate roles commit b907777ae53475ee93aefcd827b08a47e0b44824 Author: wjbeckett Date: Mon Sep 30 13:13:29 2024 +1000 fixing labels again. commit cb41fb02ae3611ae1211c73e044cb07b35d416e1 Author: wjbeckett Date: Mon Sep 30 13:00:10 2024 +1000 testing traefik labels again. commit 31a138a6ba7570b7bb9cd8ebc60c28d284c74302 Author: wjbeckett Date: Mon Sep 30 12:47:42 2024 +1000 fixed traefik router issues. commit 6143ad7ffa04d98714eb51acf5675921a1d96b86 Author: wjbeckett Date: Mon Sep 30 12:27:04 2024 +1000 fix: removed the read-only tag from the element-call systemd file. commit f762048a8dcaa691d183fee147f621c031cdd25d Author: wjbeckett Date: Mon Sep 30 12:15:27 2024 +1000 fix: added missing labels to main. commit 93650cf20ea9b72a4ced744380d57132cc417313 Author: wjbeckett Date: Mon Sep 30 12:02:45 2024 +1000 fix: Type in the element-call main.yml commit 9dbee212d81f7584089ae0e77d69e2de52b04ff8 Author: wjbeckett Date: Mon Sep 30 11:37:08 2024 +1000 fix: removed duplicate keys. commit 1167e1ec13ab3f9e64a1ac35eabb0a392551baf4 Author: wjbeckett Date: Mon Sep 30 11:17:34 2024 +1000 fix: changed matrix server name to matrix domain in element-call config. commit f036e18789ffd332c40d296bc4744a1dc508586a Author: wjbeckett Date: Mon Sep 30 11:05:11 2024 +1000 Fix: Restructured Element call configuration files. commit a274d32c6d800379d2241449b68cea8bc4778042 Author: Backslash Date: Fri Sep 27 12:50:31 2024 +1000 Removed serve function commit 5db9a5c061efb8c8806b0fdf9ffcc968e4fea2d3 Author: Backslash Date: Fri Sep 27 12:40:37 2024 +1000 Removed env file commit 24926720252b0eb5d9d8344514a6eb3ab445304d Author: Backslash Date: Fri Sep 27 12:39:39 2024 +1000 Update env.j2 commit a0917fa2833ec3ee0b42bd5a2b61396dc535bcb2 Author: Backslash Date: Fri Sep 27 12:37:36 2024 +1000 Update main.yml commit 8b172cc19447be51a17fd94db46246b29a961086 Author: Backslash Date: Fri Sep 27 12:35:38 2024 +1000 Update env.j2 commit 63133d659972342b825782ed678ce356c1541acf Author: Backslash Date: Fri Sep 27 11:53:26 2024 +1000 Added serve command back in. commit 5b8dcf32d5fa47d0cbb5777b66138c47db0b41d0 Author: Backslash Date: Fri Sep 27 11:42:34 2024 +1000 Added element-call systemd services to the service manager. commit 14614cb21102dfc6c645d05ca8e38156add079d7 Author: Backslash Date: Fri Sep 27 10:26:01 2024 +1000 Update matrix-element-call.service.j2 commit 3c084e17d266892ea10e51188d70508e5ab6a64e Author: Backslash Date: Fri Sep 27 10:15:51 2024 +1000 Update element-call-labels.j2-new commit 089c5f14c8e9ee57fb8da0f48a8c221e1d67b1a1 Author: Backslash Date: Fri Sep 27 10:00:40 2024 +1000 Update jwt-service-labels.j2 commit b6571fc4fdfffd60cc5d11e63e13dd6077fbba93 Author: Backslash Date: Fri Sep 27 09:59:54 2024 +1000 Update livekit-labels.j2 commit 6d6f9ab853104213f7e6cc5d8db3381a298713dc Author: Backslash Date: Fri Sep 27 09:59:13 2024 +1000 Added hostnames for livekit and jwt labels commit 5730dbfc6e0928b1b4defa6e4fe734759feb3ae8 Author: Backslash Date: Fri Sep 27 09:54:01 2024 +1000 Added hostname label commit c14f9cdcb59e9fd92f5ba7465abc2042ed4e8a43 Author: Backslash Date: Fri Sep 27 09:25:48 2024 +1000 Update matrix_servers commit 805b726c6d8132516197d29c941044d361d3a6ce Author: Backslash Date: Fri Sep 27 09:25:01 2024 +1000 Update element-call-labels.j2 commit 5f49433f6c93e45f1e253d9981d4b23a098c9478 Author: Backslash Date: Fri Sep 27 09:15:21 2024 +1000 Handle empty labels correctly. commit 510cfb2dace4bb23332dc4596fcff0395053885f Author: Backslash Date: Fri Sep 27 09:14:29 2024 +1000 Update matrix_servers commit 1721e85195e2aa6fcd3ce53ffa3a302cb0af6d22 Author: Backslash Date: Fri Sep 27 09:00:03 2024 +1000 Corrected element call labels file name commit 25909b102945fbd030466fcc04b4f861d1418587 Author: Backslash Date: Fri Sep 27 08:51:27 2024 +1000 Update and rename labels.j2 to element-call-labels.j2 commit 3264408758bf162dfba2724f20a6cc0b015df227 Author: Backslash Date: Fri Sep 27 08:49:55 2024 +1000 Rename element-call-labels.j2 to element-call-labels.j2-new commit dd96b93d899b7ba6c46cef8e93b86d5068b55ac8 Author: Backslash Date: Fri Sep 27 08:34:01 2024 +1000 Update matrix-element-call.service.j2 commit df4bf4a0c930b549316180a1880dc55f00fbbf71 Author: Backslash Date: Fri Sep 27 08:23:24 2024 +1000 Added tasks for moving the new labels files into place commit 2f2cb8962e64984f5c62acbe176a54c5a6d96591 Author: Backslash Date: Fri Sep 27 08:19:26 2024 +1000 Updated livekit labels commit d2e2781d3b715ea3872c60fe5a2290a6d55c30ef Author: Backslash Date: Fri Sep 27 08:18:27 2024 +1000 Updated label file commit 80763804f914506b119f4b90fdd2013901d91648 Author: Backslash Date: Fri Sep 27 08:16:56 2024 +1000 Updated label file commit 1d7a60055c2114c35ab64e18157a79f86fbcf33b Author: Backslash Date: Fri Sep 27 08:10:06 2024 +1000 Create jwt-service-labels.j2 commit 2cf471075db355f6df66ffb188424425be1c8981 Author: Backslash Date: Fri Sep 27 08:09:32 2024 +1000 Created livekit-labels.j2 commit 6a519bb05332940f6b19c70345a1d3eb8671731f Author: Backslash Date: Fri Sep 27 08:08:42 2024 +1000 Created element-call-labels to separate the labels for each container commit f0632b20ebed7611373b690fe8483960b2d36230 Author: Backslash Date: Thu Sep 26 21:24:43 2024 +1000 Added missing labels for sfu and jwt commit 5cc9c70ba6fc95a575b380fa55ab9f058fd59766 Author: Backslash Date: Thu Sep 26 20:57:47 2024 +1000 Remove serve command from matrix-element-call.service.j2 commit e34e5da9a4d27d3d656dd48fe3409f7d2b769300 Author: Backslash Date: Thu Sep 26 19:57:39 2024 +1000 Update matrix-redis.service.j2 commit 656d4275bcab2a638f18a1442ce4b6dad9e79af4 Author: Backslash Date: Thu Sep 26 19:48:06 2024 +1000 Update install.yml commit 6ef304b118e9d1bd58943ac2f8c34f2ed342357c Author: Backslash Date: Thu Sep 26 19:43:22 2024 +1000 Update validate_config.yml commit 85be68946cbac0a21302a1746b3a61d6ab3a6953 Author: Backslash Date: Thu Sep 26 19:30:15 2024 +1000 Migrated from matrix_redis to redis_ commit 3f6c327da288c00e1cfc24d27fa15d142d26e74a Author: Backslash Date: Thu Sep 26 19:18:47 2024 +1000 Update main.yml commit ba54e549c47927951490088b1ef962a36a063306 Author: Backslash Date: Thu Sep 26 19:08:09 2024 +1000 Added well-known element directory commit f2acc7430dc6865ec6ac847339a8c6c8b69962b8 Author: Backslash Date: Thu Sep 26 18:53:49 2024 +1000 Create well_known_element.json.j2 commit 9cb236da30795dd3071e4a7ee1e531d830fb99b7 Author: Backslash Date: Thu Sep 26 18:50:48 2024 +1000 Update install.yml commit f38d6a0d88067cb64c9a266ab7963fbe57b16482 Author: Backslash Date: Thu Sep 26 18:39:03 2024 +1000 Update main.yml commit ac1295ac455ce82731c6a8ea9c42db0d2c48eeb3 Author: Backslash Date: Thu Sep 26 18:33:22 2024 +1000 Create matrix-jwt-service.service.j2 commit bc2ed6076260e2720ec230b49d245f4f0173c1dc Author: Backslash Date: Thu Sep 26 17:23:03 2024 +1000 Update main.yml commit f7621283fdb4690e65709f9f649d01419b06c373 Author: Backslash Date: Thu Sep 26 16:31:23 2024 +1000 Update labels.j2 commit e31e688a416ffad0d9c9aa4f9d8187ef3faf2755 Author: Backslash Date: Thu Sep 26 15:42:05 2024 +1000 Update main.yml commit a533ec4204343de6469b80d0bd5ebba4b412ffdb Author: Backslash Date: Thu Sep 26 15:38:12 2024 +1000 Update matrix_servers commit f16ca24408e622650e257e9a99f485278f6a5b23 Author: Backslash Date: Thu Sep 26 15:17:15 2024 +1000 Update install.yml commit e910d09ff142d6e931e4d4d238f14b2ad08817a3 Author: Backslash Date: Thu Sep 26 14:52:30 2024 +1000 Create matrix-redis.service.j2 commit bc9658c06b38f2a647154eb29720ddca33afe645 Author: Backslash Date: Thu Sep 26 13:40:38 2024 +1000 Create matrix-livekit.service.j2 commit 45c8a61f043bce8548da17831438527dba9a5b09 Author: Backslash Date: Thu Sep 26 11:39:33 2024 +1000 Migrating to systemd for container management commit 954d46cfd7bb8b3a960fd4f147be1597ccc401a0 Author: Backslash Date: Thu Sep 26 09:25:49 2024 +1000 Update labels.j2 commit dfeca192abe6b319985e6bfccde8d3841d59a003 Author: Backslash Date: Thu Sep 26 09:23:26 2024 +1000 Update redis.conf.j2 commit f306a47b830e262d22f426d75f91a544f4719b41 Author: Backslash Date: Thu Sep 26 09:22:29 2024 +1000 Update livekit.yaml.j2 commit becdb0810c6522ede3d3bf17a6ef3099a95cb99d Author: Backslash Date: Thu Sep 26 09:18:55 2024 +1000 Update config.json.j2 commit 37fd2e701d7e7c30f58602b589325f0c7c766b6f Author: Backslash Date: Thu Sep 26 09:15:07 2024 +1000 Update env.j2 to support the new configuration commit 68cc1f4b2bff23d2c190fb18d6e638eb57c73a4d Author: Backslash Date: Thu Sep 26 08:29:16 2024 +1000 Simplified the validation step. commit 5efc1892935a3e0cfc323f5b3f950bcd037ab434 Author: Backslash Date: Thu Sep 26 08:12:06 2024 +1000 Updated to support new structure commit 02479e8becc9e1db7617f789db94387b19492f1d Author: Backslash Date: Thu Sep 26 07:59:09 2024 +1000 Updated with new structure. commit 0eef094f2bf8717c1bdbc7ae7e6ba05eb68c15b0 Author: Backslash Date: Thu Sep 26 06:51:36 2024 +1000 Restructure install.yml to follow other roles more closely commit 16ed788b3f8a94298bcb688306a08a688cb42e59 Author: Backslash Date: Wed Sep 25 21:07:22 2024 +1000 Update main.yml commit 63641014101b947e43207f591ec56a3f56d8acc9 Author: Backslash Date: Wed Sep 25 20:20:20 2024 +1000 Adding another debug task for testing the labels file. commit 81735503f8985359c7b0cc9e8674e0e6ed7aa36f Author: Backslash Date: Wed Sep 25 20:06:27 2024 +1000 Added debug task to test labels configuration commit 8644a7383e3a1a882f70bf3b33b71307cda2c2ab Author: Backslash Date: Wed Sep 25 19:22:21 2024 +1000 Removed additional label loop commit ce827e7953a2ee9d5471f96dd7effb3f00691303 Author: Backslash Date: Wed Sep 25 19:09:13 2024 +1000 Changed matrix_base_domain to matrix_domain commit c93d30bcb8bffdea4d995fb6fba3c267d36a695f Author: Backslash Date: Wed Sep 25 19:07:03 2024 +1000 Added matrix_server_name to the defaults commit 90ea758c3bd2ac5cfe03dd946021fb1be668da87 Author: Backslash Date: Wed Sep 25 18:39:26 2024 +1000 Fixed regex for checking the hostname. commit 350d4d4bcd0361ca0dfa5806c0a76b2bdc781df7 Author: Backslash Date: Wed Sep 25 18:35:09 2024 +1000 Fixed assertion block to remove jinja2 delimiters commit fc6357a089f57a16f5117f6940a25fad2ca0f9ec Author: Backslash Date: Wed Sep 25 18:05:34 2024 +1000 Update main.yml commit 60f34cd7af6e752542ace17c61a77122777dd370 Author: wjbeckett Date: Wed Sep 25 16:13:29 2024 +1000 fixed matrix_redis for migration commit d1ba784dde736a72dac55a2575a11dedfa0fcc42 Author: wjbeckett Date: Wed Sep 25 15:01:53 2024 +1000 added doc for setting up element call. commit 434157eb9837b1ce82a19cca50eea8b135038531 Merge: 6594cce57 f657273cc Author: Backslash Date: Wed Sep 25 14:55:42 2024 +1000 Merge branch 'spantaleev:master' into element-call-integration commit 6594cce57038c5118e9b056f2b2c0b4ec9451b93 Author: wjbeckett Date: Wed Sep 25 14:53:48 2024 +1000 Feat: Added element call setup and configuration. --- CHANGELOG.md | 13 ++ README.md | 3 + docs/configuring-playbook-element-call.md | 82 ++++++++++ docs/configuring-playbook-jitsi.md | 2 + docs/configuring-playbook-jwt-service.md | 47 ++++++ ...onfiguring-playbook-livekit-jwt-service.md | 18 +++ docs/configuring-playbook-livekit-server.md | 28 ++++ docs/configuring-playbook.md | 6 + docs/container-images.md | 3 + group_vars/matrix_servers | 153 +++++++++++++++++- requirements.yml | 3 + .../matrix-client-element/defaults/main.yml | 61 +++++++ .../templates/config.json.j2 | 4 +- .../matrix-element-call/defaults/main.yml | 145 +++++++++++++++++ .../matrix-element-call/tasks/install.yml | 56 +++++++ .../custom/matrix-element-call/tasks/main.yml | 26 +++ .../matrix-element-call/tasks/uninstall.yml | 31 ++++ .../tasks/validate_config.yml | 34 ++++ .../templates/config.json.j2 | 11 ++ .../templates/config.json.j2.license | 5 + .../matrix-element-call/templates/labels.j2 | 51 ++++++ .../systemd/matrix-element-call.service.j2 | 46 ++++++ .../matrix-element-call.service.j2.license | 5 + .../custom/matrix-element-call/vars/main.yml | 8 + .../defaults/main.yml | 96 +++++++++++ .../tasks/install.yml | 76 +++++++++ .../matrix-livekit-jwt-service/tasks/main.yml | 26 +++ .../tasks/uninstall.yml | 31 ++++ .../tasks/validate_config.yml | 19 +++ .../templates/env.j2 | 14 ++ .../templates/labels.j2 | 55 +++++++ .../matrix-livekit-jwt-service.service.j2 | 42 +++++ ...rix-livekit-jwt-service.service.j2.license | 5 + .../matrix-livekit-jwt-service/vars/main.yml | 7 + .../matrix-static-files/defaults/main.yml | 61 +++++++ .../matrix-static-files/tasks/install.yml | 24 ++- .../.well-known/element/element.json.j2 | 7 + .../element/element.json.j2.license | 4 + .../public/.well-known/matrix/client.j2 | 3 + setup.yml | 4 + 40 files changed, 1307 insertions(+), 8 deletions(-) create mode 100644 docs/configuring-playbook-element-call.md create mode 100644 docs/configuring-playbook-jwt-service.md create mode 100644 docs/configuring-playbook-livekit-jwt-service.md create mode 100644 docs/configuring-playbook-livekit-server.md create mode 100644 roles/custom/matrix-element-call/defaults/main.yml create mode 100644 roles/custom/matrix-element-call/tasks/install.yml create mode 100644 roles/custom/matrix-element-call/tasks/main.yml create mode 100644 roles/custom/matrix-element-call/tasks/uninstall.yml create mode 100644 roles/custom/matrix-element-call/tasks/validate_config.yml create mode 100644 roles/custom/matrix-element-call/templates/config.json.j2 create mode 100644 roles/custom/matrix-element-call/templates/config.json.j2.license create mode 100644 roles/custom/matrix-element-call/templates/labels.j2 create mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 create mode 100644 roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2.license create mode 100644 roles/custom/matrix-element-call/vars/main.yml create mode 100644 roles/custom/matrix-livekit-jwt-service/defaults/main.yml create mode 100644 roles/custom/matrix-livekit-jwt-service/tasks/install.yml create mode 100644 roles/custom/matrix-livekit-jwt-service/tasks/main.yml create mode 100644 roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml create mode 100644 roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml create mode 100644 roles/custom/matrix-livekit-jwt-service/templates/env.j2 create mode 100644 roles/custom/matrix-livekit-jwt-service/templates/labels.j2 create mode 100644 roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2 create mode 100644 roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2.license create mode 100644 roles/custom/matrix-livekit-jwt-service/vars/main.yml create mode 100644 roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 create mode 100644 roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2.license diff --git a/CHANGELOG.md b/CHANGELOG.md index 9857f468b..efe68fa44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2025-03-15 + +## Element Call support + +The playbook now supports [Element Call](https://github.com/element-hq/element-call) as an optional feature. Thanks to [wjbeckett](https://github.com/wjbeckett) for getting us started via [PR#3562](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562). + +Element Call is a native Matrix video conferencing application developed by [Element](https://element.io/) that has the goal of replacing [Jitsi](./docs/configuring-playbook-jitsi.md) and the old WebRTC stack used in previous Element versions. + +💡 For now, Element Call is only supported with the [Synapse](docs/configuring-playbook-synapse.md) homeserver (with [federation](docs/configuring-playbook-federation.md) enabled) and [Element Web](docs/configuring-playbook-client-element-web.md) and Element X mobile clients. See the [Prerequisites](docs/configuring-playbook-element-call.md#prerequisites) section of the [Element Call documentation](docs/configuring-playbook-element-call.md) for more details. + +To get started, see the [Configuring Element Call](docs/configuring-playbook-element-call.md) documentation page. + + # 2025-03-08 ## 6️⃣ IPv6 support enablement recommended by default diff --git a/README.md b/README.md index 72ca57855..47b4074c4 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,8 @@ Services that run on the server to make the various parts of your installation w | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) | | [ma1sd](https://github.com/ma1uta/ma1sd) | ❌ | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md) | [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) | +| [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) | +| [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) | ### Authentication @@ -185,6 +187,7 @@ Various services that don't fit any other categories. | [Pantalaimon](https://github.com/matrix-org/pantalaimon) | ❌ | E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) | | [Sygnal](https://github.com/matrix-org/sygnal) | ❌ | Push gateway | [Link](docs/configuring-playbook-sygnal.md) | | [ntfy](https://ntfy.sh) | ❌ | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) | +| [Element Call](https://github.com/element-hq/element-call) | ❌ | A native Matrix video conferencing application | [Link](docs/configuring-playbook-element-call.md) | ## 🆕 Changes diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md new file mode 100644 index 000000000..87677b546 --- /dev/null +++ b/docs/configuring-playbook-element-call.md @@ -0,0 +1,82 @@ + + +# Setting up Element Call (optional) + +The playbook can install and configure [Element Call](https://github.com/element-hq/element-call) for you. + +Element Call is a native Matrix video conferencing application developed by [Element](https://element.io), designed for secure, scalable, privacy-respecting, and decentralized video and voice calls over the Matrix protocol. Built on MatrixRTC ([MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)), it utilizes [MSC4195](https://github.com/hughns/matrix-spec-proposals/blob/hughns/matrixrtc-livekit/proposals/4195-matrixrtc-livekit.md) with [LiveKit Server](configuring-playbook-livekit-server.md) as its backend. + +See the project's [documentation](https://github.com/element-hq/element-call) to learn more. + +## Prerequisites + +- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below) +- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146)) +- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled) +- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when Element Call is enabled) +- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when Element Call is enabled) +- A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android). + +> [!WARNING] +> Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**. + +## Decide on a domain and path + +By default, Element Call is configured to be served on the `call.element.example.com` domain. + +If you'd like to run Element Call on another hostname, see the [Adjusting the Element Call URL](#adjusting-the-element-call-url-optional) section below. + +## Adjusting DNS records + +By default, this playbook installs Element Call on the `call.element.` subdomain (`call.element.example.com`) and requires you to create a `CNAME` record for `call.element`, which targets `matrix.example.com`. + +When setting these values, replace `example.com` with your own. + +All dependency services for Element Call ([LiveKit Server](configuring-playbook-livekit-server.md) and [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md)) are installed and configured automatically by the playbook. By default, these services are installed on subpaths on the `matrix.` domain (e.g. `/livekit-server`, `/livekit-jwt-service`), so no DNS record adjustments are required for them. + +## Adjusting firewall rules + +In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: + +```yaml +matrix_element_call_enabled: true +``` + +### Adjusting the Element Call URL (optional) + +By tweaking the `matrix_element_call_hostname` variable, you can easily make the service available at a **different hostname** than the default one. + +Example additional configuration for your `vars.yml` file: + +```yaml +matrix_element_call_hostname: element-call.example.com +``` + +> [!WARNING] +> A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084). + +## Installing + +After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below: + + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + +The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all` + +`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too. + +## Usage + +Once installed, Element Call integrates seamlessly with Matrix clients like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android). diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 59fd6b6c4..3a494d083 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -20,6 +20,8 @@ The playbook can install and configure the [Jitsi](https://jitsi.org/) video-con Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app. +💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application. + The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via: - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online - 📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) diff --git a/docs/configuring-playbook-jwt-service.md b/docs/configuring-playbook-jwt-service.md new file mode 100644 index 000000000..22fe30e8f --- /dev/null +++ b/docs/configuring-playbook-jwt-service.md @@ -0,0 +1,47 @@ + + +# Setting up JWT Service (optional) + +The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service) for you. + +LK-JWT-Service is currently used for a single reason: generate JWT tokens with a given identity for a given room, so that users can use them to authenticate against LiveKit SFU. + +See the project's [documentation](https://github.com/element-hq/lk-jwt-service/) to learn more. + +## Decide on a domain and path + +By default, JWT Service is configured to be served: + +- on the Matrix domain (`matrix.example.com`), configurable via `matrix_livekit_jwt_service_hostname` +- under a `/livekit-jwt-service` path prefix, configurable via `matrix_livekit_jwt_service_path_prefix` + +This makes it easy to set it up, **without** having to adjust your DNS records manually. + +## Adjusting DNS records + +If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: + +```yaml +matrix_livekit_jwt_service_enabled: true +``` + +## Installing + +After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all` + +## Usage + +Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the Element Web client to point to your JWT service URL (e.g., `https://matrix.example.com/livekit-jwt-service`). + +## Additional Information + +Refer to the LiveKit JWT-Service documentation for more details on configuring and using JWT Service. diff --git a/docs/configuring-playbook-livekit-jwt-service.md b/docs/configuring-playbook-livekit-jwt-service.md new file mode 100644 index 000000000..55bf3682f --- /dev/null +++ b/docs/configuring-playbook-livekit-jwt-service.md @@ -0,0 +1,18 @@ + + +# Setting up LiveKit JWT Service (optional) + +The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service/) for you. + +This is a helper component that allows [Element Call](configuring-playbook-element-call.md) to integrate with [LiveKit Server](configuring-playbook-livekit-server.md). + +💡 LiveKit JWT Service is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra. + +Take a look at: + +- `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration. \ No newline at end of file diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md new file mode 100644 index 000000000..95f86f3ad --- /dev/null +++ b/docs/configuring-playbook-livekit-server.md @@ -0,0 +1,28 @@ + + +# Setting up LiveKit Server (optional) + +The playbook can install and configure [LiveKit Server](https://github.com/livekit/livekit) for you. + +LiveKit Server is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications. + +💡 LiveKit Server is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra. + +The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via: +- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online +- 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) + +## Adjusting firewall rules + +To ensure LiveKit Server functions correctly, the following firewall rules and port forwarding settings are required: + +- `7881/tcp`: ICE/TCP + +- `7882/udp`: ICE/UDP Mux + +💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fe1184ebd..3a105cb0c 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -237,6 +237,12 @@ Services that help you in administrating and monitoring your Matrix installation Various services that don't fit any other categories. +- [Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application (optional) + +- [Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (optional) + +- [Setting up LiveKit Server](configuring-playbook-livekit-server.md) (optional) + - [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers diff --git a/docs/container-images.md b/docs/container-images.md index 844cce810..b445cc001 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -54,6 +54,8 @@ Services that run on the server to make the various parts of your installation w | [Exim](configuring-playbook-email.md) | [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | | [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server | | [ddclient](configuring-playbook-dynamic-dns.md) | [linuxserver/ddclient](https://hub.docker.com/r/linuxserver/ddclient) | ❌ | Update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider | +| [LiveKit Server](configuring-playbook-livekit-server.md) | [livekit/livekit-server](https://hub.docker.com/r/livekit/livekit-server/) | ❌ | WebRTC server for audio/video calls | +| [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md) | [element-hq/lk-jwt-service](https://ghcr.io/element-hq/lk-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | ## Authentication @@ -167,6 +169,7 @@ Various services that don't fit any other categories. | [Pantalaimon](configuring-playbook-pantalaimon.md) | [matrixdotorg/pantalaimon](https://hub.docker.com/r/matrixdotorg/pantalaimon) | ❌ | E2EE aware proxy daemon | | [Sygnal](configuring-playbook-sygnal.md) | [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) | ❌ | Reference Push Gateway for Matrix | | [ntfy](configuring-playbook-ntfy.md) | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) | ❌ | Self-hosted, UnifiedPush-compatible push notifications server | +| [Element Call](configuring-playbook-element-call.md) | [element-hq/element-call](https://ghcr.io/element-hq/element-call) | ❌ | A native Matrix video conferencing application | ## Container images of deprecated / unmaintained services diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f7c8c9537..59fa442b2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -447,6 +447,12 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) + + ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else []) + + + ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else []) + + + ([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else []) + + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) @@ -4533,7 +4539,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | # ###################################################################### -valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) }}" +valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) or matrix_element_call_enabled }}" valkey_identifier: matrix-valkey @@ -4605,6 +4611,14 @@ matrix_client_element_enable_presence_by_hs_url: |- matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" +matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}" +matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}" +matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}" +matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}" + +matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}" +matrix_client_element_element_call_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}" + ###################################################################### # # /matrix-client-element @@ -4920,6 +4934,8 @@ matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}" matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}" matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}" +matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_element_call_enabled }}" + matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}" matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}" @@ -4928,6 +4944,10 @@ matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_ matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" +matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_element_call_enabled }}" + +matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_element_call_enabled }}" + # Disable password authentication when delegating authentication to Matrix Authentication Service. # Unless this is done, Synapse fails on startup with: # > Error in configuration at 'password_config.enabled': @@ -6117,8 +6137,18 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ # See: https://github.com/etkecc/synapse-admin/pull/126 matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |- + {{ + ( + [{'type': 'livekit', 'livekit_service_url': matrix_livekit_jwt_service_public_url}] if matrix_livekit_jwt_service_enabled else [] + ) + }} + matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" +matrix_static_files_file_element_element_json_property_call_widget_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}" + matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}" @@ -6231,3 +6261,124 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai # /traefik_certs_dumper # # # ######################################################################## + + +######################################################################## +# # +# matrix-element-call # +# # +######################################################################## + +matrix_element_call_enabled: false + +matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + +matrix_element_call_container_network: "{{ matrix_addons_container_network }}" + +matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" + +matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_element_call_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" + +matrix_element_call_config_livekit_livekit_service_url: "{{ matrix_livekit_jwt_service_public_url if matrix_livekit_jwt_service_enabled else '' }}" + +######################################################################## +# # +# /matrix-element-call # +# # +######################################################################## + +######################################################################## +# # +# livekit-server # +# # +######################################################################## + +livekit_server_enabled: "{{ matrix_element_call_enabled }}" + +livekit_server_identifier: matrix-livekit-server + +livekit_server_uid: "{{ matrix_user_uid }}" +livekit_server_gid: "{{ matrix_user_gid }}" + +livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server" + +livekit_server_hostname: "{{ matrix_server_fqn_matrix }}" +livekit_server_path_prefix: "/livekit-server" + +livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +livekit_server_container_network: "{{ matrix_addons_container_network }}" +livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" + +livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" + +livekit_server_config_keys_auto: |- + {{ + {} + | combine( + {matrix_livekit_jwt_service_environment_variable_livekit_key: matrix_livekit_jwt_service_environment_variable_livekit_secret} + if matrix_livekit_jwt_service_enabled else {} + ) + }} + +# The playbook intentionally uses a non-standard port than the default used by the role (5349), +# because Coturn is already using that port. +# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`. +livekit_server_config_turn_tls_port: 5350 + +# The playbook intentionally uses a non-standard port than the default used by the role (3478), +# because Coturn is already using that port. +# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`. +livekit_server_config_turn_udp_port: 3479 + +######################################################################## +# # +# /livekit-server # +# # +######################################################################## + + +######################################################################## +# # +# matrix-livekit-jwt-service # +# # +######################################################################## + +matrix_livekit_jwt_service_enabled: "{{ matrix_element_call_enabled and livekit_server_enabled }}" + +matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + +matrix_livekit_jwt_service_hostname: "{{ matrix_server_fqn_matrix }}" +matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service" + +matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}" + +matrix_livekit_jwt_service_container_additional_networks_auto: | + {{ + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_jwt_service_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else []) + }} + +matrix_livekit_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_livekit_jwt_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" + +matrix_livekit_jwt_service_environment_variable_livekit_url: "{{ livekit_server_websocket_public_url }}" + +matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.key', rounds=655555) | to_uuid }}" + +matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}" + +######################################################################## +# # +# /matrix-livekit-jwt-service # +# # +######################################################################## diff --git a/requirements.yml b/requirements.yml index 556634277..76efb2363 100644 --- a/requirements.yml +++ b/requirements.yml @@ -27,6 +27,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v10078-1-0 name: jitsi +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git + version: v1.8.4-2 + name: livekit_server - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git version: v2.11.0-4 name: ntfy diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 763ba1c97..5360ea1bf 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -215,6 +215,67 @@ matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_w # URL to Wallpaper, shown in background of welcome page matrix_client_element_branding_welcome_background_url: ~ # noqa var-naming +# Controls the `features` section of the Element Web configuration. +matrix_client_element_features: "{{ matrix_client_element_features_default | combine(matrix_client_element_features_auto, recursive=True) | combine(matrix_client_element_features_custom, recursive=True) }}" +matrix_client_element_features_default: |- + {{ + {} + + | combine( + {'feature_video_rooms': true} if matrix_client_element_features_feature_video_rooms else {} + ) + | combine( + {'feature_group_calls': true} if matrix_client_element_features_feature_group_calls else {} + ) + | combine( + {'feature_element_call_video_rooms': true} if matrix_client_element_features_feature_element_call_video_rooms else {} + ) + | combine( + {'feature_oidc_native_flow': true} if matrix_client_element_features_feature_oidc_native_flow else {} + ) + }} + +matrix_client_element_features_auto: {} +matrix_client_element_features_custom: {} + +matrix_client_element_features_feature_video_rooms: false +matrix_client_element_features_feature_group_calls: false +matrix_client_element_features_feature_element_call_video_rooms: false +matrix_client_element_features_feature_oidc_native_flow: false + +matrix_client_element_element_call_enabled: false +matrix_client_element_element_call: "{{ matrix_client_element_element_call_default | combine(matrix_client_element_element_call_auto, recursive=True) | combine(matrix_client_element_element_call_custom, recursive=True) }}" +matrix_client_element_element_call_default: |- + {{ + {} + | combine( + {'url': matrix_client_element_element_call_url} if matrix_client_element_element_call_url else {} + ) + | combine( + {'participant_limit': matrix_client_element_element_call_participant_limit} if matrix_client_element_element_call_participant_limit else {} + ) + | combine( + {'brand': matrix_client_element_element_call_brand} if matrix_client_element_element_call_brand else {} + ) + | combine( + {'use_exclusively': matrix_client_element_element_call_use_exclusively} if matrix_client_element_element_call_use_exclusively else {} + ) + }} +matrix_client_element_element_call_auto: {} +matrix_client_element_element_call_custom: {} + +# Controls the `element_call.url` setting in the Element Web configuration. +matrix_client_element_element_call_url: '' + +# Controls the `element_call.participant_limit` setting in the Element Web configuration. +matrix_client_element_element_call_participant_limit: 8 + +# Controls the `element_call.brand` setting in the Element Web configuration. +matrix_client_element_element_call_brand: "Element Call" + +# Controls the `element_call.use_exclusively` setting in the Element Web configuration. +matrix_client_element_element_call_use_exclusively: true + matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" # By default, there's no Element Web homepage (when logged in). If you wish to have one, diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 9d354a3c2..7516abe48 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -45,5 +45,7 @@ "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, "welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} - } + }, + "features": {{ matrix_client_element_features | to_json }}, + "element_call": {{ (matrix_client_element_element_call if matrix_client_element_element_call_enabled else {}) | to_json }} } diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml new file mode 100644 index 000000000..c69c0a682 --- /dev/null +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -0,0 +1,145 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +# Element Call is a native Matrix video conferencing application developed by Element. +# Project source code URL: https://github.com/element-hq/element-call + +matrix_element_call_enabled: false + +matrix_element_call_version: v0.7.2 + +matrix_element_call_scheme: https + +matrix_element_call_hostname: "call.{{ matrix_server_fqn_element }}" +matrix_element_call_path_prefix: / + +matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" + +# The architecture for Element Call container images. +# Recognized values by us are 'amd64', 'arm32' and 'arm64'. +matrix_element_call_architecture: "{{ matrix_architecture }}" + +matrix_element_call_container_image: "{{ matrix_element_call_container_image_registry_prefix }}element-hq/element-call:{{ matrix_element_call_container_image_tag }}" +matrix_element_call_container_image_registry_prefix: "{{ matrix_element_call_container_image_registry_prefix_upstream }}" +matrix_element_call_container_image_registry_prefix_upstream: "{{ matrix_element_call_container_image_registry_prefix_upstream_default }}" +matrix_element_call_container_image_registry_prefix_upstream_default: ghcr.io/ +matrix_element_call_container_image_tag: "{{ matrix_element_call_version }}" +matrix_element_call_container_image_force_pull: "{{ matrix_element_call_container_image.endswith(':latest') }}" + +matrix_element_call_container_network: matrix-element-call + +matrix_element_call_container_http_host_bind_port: '' + +matrix_element_call_container_additional_networks: "{{ matrix_element_call_container_additional_networks_auto + matrix_element_call_container_additional_networks_custom }}" +matrix_element_call_container_additional_networks_auto: [] +matrix_element_call_container_additional_networks_custom: [] + +# Traefik Configuration for Element Call +matrix_element_call_container_labels_traefik_enabled: true +matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}" +matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/element`). +matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}" +matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_element_call_container_labels_traefik_priority: 0 +matrix_element_call_container_labels_traefik_entrypoints: web-secure +matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}" +matrix_element_call_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom` +matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}" +matrix_element_call_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {}) + }} +matrix_element_call_container_labels_traefik_additional_response_headers_custom: {} + +# matrix_element_call_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_element_call_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_element_call_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_element_call_container_extra_arguments: [] + +# List of systemd services that matrix-element-call.service depends on +matrix_element_call_systemd_required_services_list: "{{ matrix_element_call_systemd_required_services_list_default + matrix_element_call_systemd_required_services_list_auto + matrix_element_call_systemd_required_services_list_custom }}" +matrix_element_call_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" +matrix_element_call_systemd_required_services_list_auto: [] +matrix_element_call_systemd_required_services_list_custom: [] + +# Specifies the value of the `X-XSS-Protection` header +# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. +# +# Learn more about it is here: +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection +# - https://portswigger.net/web-security/cross-site-scripting/reflected +matrix_element_call_http_header_xss_protection: "1; mode=block" + +# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +matrix_element_call_http_header_frame_options: '' + +# Specifies the value of the `X-Content-Type-Options` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options +matrix_element_call_http_header_content_type_options: nosniff + +# Specifies the value of the `Content-Security-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +matrix_element_call_http_header_content_security_policy: frame-ancestors * + +# Specifies the value of the `Permission-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy +matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" + +# Specifies the value of the `Strict-Transport-Security` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" + +# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses +# +# Learn more about what it is here: +# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea +# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network +# - https://amifloced.org/ +# +# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. +# See: `matrix_element_call_content_permission_policy` +matrix_element_call_floc_optout_enabled: true + +# Controls if HSTS preloading is enabled +# +# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and +# indicates a willingness to be "preloaded" into browsers: +# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` +# For more information visit: +# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +# - https://hstspreload.org/#opt-in +# See: `matrix_element_call_http_header_strict_transport_security` +matrix_element_call_hsts_preload_enabled: false + +# Controls the default_server_config/m.homeserver/base_url property in the config.json file. +matrix_element_call_config_default_server_config_m_homeserver_base_url: "{{ matrix_homeserver_url }}" + +# Controls the default_server_config/m.homeserver/server_name property in the config.json file. +matrix_element_call_config_default_server_config_m_homeserver_server_name: "{{ matrix_domain }}" + +# Controls the livekit/livekit_service_url property in the config.json file. +matrix_element_call_config_livekit_livekit_service_url: "" diff --git a/roles/custom/matrix-element-call/tasks/install.yml b/roles/custom/matrix-element-call/tasks/install.yml new file mode 100644 index 000000000..49c3078f8 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/install.yml @@ -0,0 +1,56 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- name: Ensure Element Call paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_element_call_base_path }}" + +- name: Ensure Element Call config.json is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/config.json.j2" + dest: "{{ matrix_element_call_base_path }}/config.json" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure Element Call container labels file is in place + ansible.builtin.template: + src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_element_call_base_path }}/labels" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure Element Call container image is pulled + community.docker.docker_image: + name: "{{ matrix_element_call_container_image }}" + source: pull + force_source: "{{ matrix_element_call_container_image_force_pull }}" + register: element_call_image_result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: element_call_image_result is not failed + +- name: Ensure Element Call container network is created + community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" + name: "{{ matrix_element_call_container_network }}" + driver: bridge + driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" + +- name: Ensure Element Call systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" + mode: 0644 diff --git a/roles/custom/matrix-element-call/tasks/main.yml b/roles/custom/matrix-element-call/tasks/main.yml new file mode 100644 index 000000000..c0b771877 --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/main.yml @@ -0,0 +1,26 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- tags: + - setup-all + - setup-element-call + - install-all + - install-element-call + block: + - when: matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-element-call + block: + - when: not matrix_element_call_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-element-call/tasks/uninstall.yml b/roles/custom/matrix-element-call/tasks/uninstall.yml new file mode 100644 index 000000000..26ae5303d --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/uninstall.yml @@ -0,0 +1,31 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- name: Check existence of matrix-element-call service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" + register: matrix_element_call_service_stat + +- when: matrix_element_call_service_stat.stat.exists | bool + block: + - name: Ensure matrix-element-call is stopped + ansible.builtin.service: + name: matrix-element-call + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-element-call.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service" + state: absent + + - name: Ensure Element Call paths don't exist + ansible.builtin.file: + path: "{{ matrix_element_call_base_path }}" + state: absent diff --git a/roles/custom/matrix-element-call/tasks/validate_config.yml b/roles/custom/matrix-element-call/tasks/validate_config.yml new file mode 100644 index 000000000..738b2de3c --- /dev/null +++ b/roles/custom/matrix-element-call/tasks/validate_config.yml @@ -0,0 +1,34 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- name: Fail if Element Call architecture is not supported + ansible.builtin.fail: + msg: > + Element Call is only supported on amd64 and arm64 architectures. + Your architecture is configured as '{{ matrix_element_call_architecture }}'. + when: "matrix_element_call_architecture not in ['amd64', 'arm64']" + +- name: Fail if required Element Call settings are not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] | length == 0" + with_items: + - {'name': 'matrix_element_call_container_network', when: true} + - {'name': 'matrix_element_call_hostname', when: true} + - {'name': 'matrix_element_call_config_livekit_livekit_service_url', when: true} + +# Element Call appears to hardcode all paths to `/` (e.g. `/config.json`, `/assets/...`). +# While we can properly serve the homepage and handle stripping the path prefix on our side, +# the hardcoded URLs in the Element Call are pointing people to the wrong place, which is a problem. +- name: Fail if Element Call path prefix is different than / + ansible.builtin.fail: + msg: > + Element Call with a path prefix other than '/' is not supported yet. + You have configured matrix_element_call_path_prefix to '{{ matrix_element_call_path_prefix }}'. + when: "matrix_element_call_path_prefix != '/'" diff --git a/roles/custom/matrix-element-call/templates/config.json.j2 b/roles/custom/matrix-element-call/templates/config.json.j2 new file mode 100644 index 000000000..1ef5adb9f --- /dev/null +++ b/roles/custom/matrix-element-call/templates/config.json.j2 @@ -0,0 +1,11 @@ +{ + "default_server_config": { + "m.homeserver": { + "base_url": {{ matrix_element_call_config_default_server_config_m_homeserver_base_url | to_json }}, + "server_name": {{ matrix_element_call_config_default_server_config_m_homeserver_server_name | to_json}} + } + }, + "livekit": { + "livekit_service_url": {{ matrix_element_call_config_livekit_livekit_service_url | to_json }} + } +} diff --git a/roles/custom/matrix-element-call/templates/config.json.j2.license b/roles/custom/matrix-element-call/templates/config.json.j2.license new file mode 100644 index 000000000..085b430a3 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/config.json.j2.license @@ -0,0 +1,5 @@ +SPDX-FileCopyrightText: 2022 MDAD project contributors +SPDX-FileCopyrightText: 2024 wjbeckett +SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev + +SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/roles/custom/matrix-element-call/templates/labels.j2 b/roles/custom/matrix-element-call/templates/labels.j2 new file mode 100644 index 000000000..436c13882 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/labels.j2 @@ -0,0 +1,51 @@ +{# +SPDX-FileCopyrightText: 2022 MDAD project contributors +SPDX-FileCopyrightText: 2024 wjbeckett + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if matrix_element_call_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_element_call_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }} +{% endif %} + +traefik.http.services.matrix-element-call.loadbalancer.server.port=8080 + +{% set middlewares = [] %} + +{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %} + +traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %} +{% endif %} + +{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }} +{% if matrix_element_call_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-element-call.service=matrix-element-call +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }} +{% if matrix_element_call_container_labels_traefik_tls %} +traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }} +{% endif %} + +{% endif %} + +{{ matrix_element_call_container_labels_additional_labels }} \ No newline at end of file diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 new file mode 100644 index 000000000..f9cc7cd2b --- /dev/null +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Element Call +{% for service in matrix_element_call_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-element-call \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_element_call_container_network }} \ + --mount type=bind,src={{ matrix_element_call_base_path }}/config.json,dst=/app/config.json,ro \ + {% if matrix_element_call_container_http_host_bind_port %} + -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \ + {% endif %} + --label-file={{ matrix_element_call_base_path }}/labels \ + {% for arg in matrix_element_call_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_element_call_container_image }} + +{% for network in matrix_element_call_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-element-call + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2.license b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2.license new file mode 100644 index 000000000..085b430a3 --- /dev/null +++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2.license @@ -0,0 +1,5 @@ +SPDX-FileCopyrightText: 2022 MDAD project contributors +SPDX-FileCopyrightText: 2024 wjbeckett +SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev + +SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/roles/custom/matrix-element-call/vars/main.yml b/roles/custom/matrix-element-call/vars/main.yml new file mode 100644 index 000000000..b07bb4c89 --- /dev/null +++ b/roles/custom/matrix-element-call/vars/main.yml @@ -0,0 +1,8 @@ +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +matrix_element_call_public_url: "{{ matrix_element_call_scheme }}://{{ matrix_element_call_hostname }}" diff --git a/roles/custom/matrix-livekit-jwt-service/defaults/main.yml b/roles/custom/matrix-livekit-jwt-service/defaults/main.yml new file mode 100644 index 000000000..cdba27bf1 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/defaults/main.yml @@ -0,0 +1,96 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +# Project source code URL: https://github.com/element-hq/lk-jwt-service + +matrix_livekit_jwt_service_enabled: false + +matrix_livekit_jwt_service_scheme: https +matrix_livekit_jwt_service_hostname: "" +matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service" + +matrix_livekit_jwt_service_base_path: "{{ matrix_base_data_path }}/livekit-jwt-service" + +matrix_livekit_jwt_service_container_network: '' + +matrix_livekit_jwt_service_container_http_host_bind_port: '' + +matrix_livekit_jwt_service_container_additional_networks: "{{ (matrix_livekit_jwt_service_container_additional_networks_auto + matrix_livekit_jwt_service_container_additional_networks_custom) | unique }}" +matrix_livekit_jwt_service_container_additional_networks_auto: [] +matrix_livekit_jwt_service_container_additional_networks_custom: [] + +# renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service +matrix_livekit_jwt_service_version: 0.2.0 + +matrix_livekit_jwt_service_container_image_self_build: false +matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git" +matrix_livekit_jwt_service_container_repo_version: "{{ 'main' if matrix_livekit_jwt_service_version == 'latest' else ('v' + livekit_server_version) }}" +matrix_livekit_jwt_service_container_src_files_path: "{{ matrix_livekit_jwt_service_base_path }}/container-src" + +matrix_livekit_jwt_service_container_image: "{{ matrix_livekit_jwt_service_container_image_registry_prefix }}element-hq/lk-jwt-service:{{ matrix_livekit_jwt_service_container_image_tag }}" +matrix_livekit_jwt_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_livekit_jwt_service_container_image_self_build else matrix_livekit_jwt_service_container_image_registry_prefix_upstream }}" +matrix_livekit_jwt_service_container_image_registry_prefix_upstream: "{{ matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default }}" +matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default: ghcr.io/ +matrix_livekit_jwt_service_container_image_tag: "{{ matrix_livekit_jwt_service_version }}" +matrix_livekit_jwt_service_container_image_force_pull: "{{ matrix_livekit_jwt_service_container_image.endswith(':latest') }}" + +matrix_livekit_jwt_service_container_labels_traefik_enabled: true +matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_livekit_jwt_service_container_network }}" +matrix_livekit_jwt_service_container_labels_traefik_hostname: "{{ matrix_livekit_jwt_service_hostname }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/livekit-jwt-service`). +matrix_livekit_jwt_service_container_labels_traefik_path_prefix: "{{ matrix_livekit_jwt_service_path_prefix }}" +matrix_livekit_jwt_service_container_labels_traefik_rule: "Host(`{{ matrix_livekit_jwt_service_container_labels_traefik_hostname }}`){% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_livekit_jwt_service_container_labels_traefik_priority: 0 +matrix_livekit_jwt_service_container_labels_traefik_entrypoints: web-secure +matrix_livekit_jwt_service_container_labels_traefik_tls: "{{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints != 'web' }}" +matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom` +matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom) }}" +matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto: {} +matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom: {} + +# matrix_livekit_jwt_service_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_livekit_jwt_service_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_livekit_jwt_service_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_livekit_jwt_service_container_extra_arguments: [] + +# Controls the LK_JWT_PORT environment variable +matrix_livekit_jwt_service_environment_variable_livekit_jwt_port: 8080 + +# Controls the LIVEKIT_KEY environment variable +matrix_livekit_jwt_service_environment_variable_livekit_key: "" + +# Controls the LIVEKIT_URL environment variable +matrix_livekit_jwt_service_environment_variable_livekit_url: "" + +# Controls the LIVEKIT_SECRET environment variable +matrix_livekit_jwt_service_environment_variable_livekit_secret: "" + +# Additional environment variables to pass to the container. +# +# Environment variables take priority over settings in the configuration file. +# +# Example: +# matrix_livekit_jwt_service_environment_variables_extension: | +# KEY=value +matrix_livekit_jwt_service_environment_variables_extension: '' + +# List of systemd services that LiveKit JWT Service service depends on +matrix_livekit_jwt_service_systemd_required_services_list: "{{ matrix_livekit_jwt_service_systemd_required_services_list_default + matrix_livekit_jwt_service_systemd_required_services_list_auto + matrix_livekit_jwt_service_systemd_required_services_list_custom }}" +matrix_livekit_jwt_service_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" +matrix_livekit_jwt_service_systemd_required_services_list_auto: [] +matrix_livekit_jwt_service_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-livekit-jwt-service/tasks/install.yml b/roles/custom/matrix-livekit-jwt-service/tasks/install.yml new file mode 100644 index 000000000..9193d6679 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/tasks/install.yml @@ -0,0 +1,76 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- name: Ensure LiveKit JWT Service paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_livekit_jwt_service_base_path }}" + +- name: Ensure LiveKit JWT Service support files installed + ansible.builtin.template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_livekit_jwt_service_base_path }}/{{ item }}" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - env + - labels + +- name: Ensure LiveKit JWT Service container image is pulled + community.docker.docker_image: + name: "{{ matrix_livekit_jwt_service_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_livekit_jwt_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_container_image_force_pull }}" + when: "not matrix_livekit_jwt_service_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- when: "matrix_livekit_jwt_service_container_image_self_build | bool" + block: + - name: Ensure LiveKit JWT Service repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_livekit_jwt_service_container_repo }}" + version: "{{ matrix_livekit_jwt_service_container_repo_version }}" + dest: "{{ matrix_livekit_jwt_service_container_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_livekit_jwt_service_git_pull_results + + - name: Ensure LiveKit JWT Service container image is built + community.docker.docker_image: + name: "{{ matrix_livekit_jwt_service_container_image }}" + source: build + force_source: "{{ matrix_livekit_jwt_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_livekit_jwt_service_container_src_files_path }}" + pull: true + +- name: Ensure LiveKit JWT Service container network is created + community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" + name: "{{ matrix_livekit_jwt_service_container_network }}" + driver: bridge + driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" + +- name: Ensure LiveKit JWT Service systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-livekit-jwt-service.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service" + mode: 0644 diff --git a/roles/custom/matrix-livekit-jwt-service/tasks/main.yml b/roles/custom/matrix-livekit-jwt-service/tasks/main.yml new file mode 100644 index 000000000..29b49dde6 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/tasks/main.yml @@ -0,0 +1,26 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- tags: + - setup-all + - setup-jwt-service + - install-all + - install-livekit-jwt-service + block: + - when: matrix_livekit_jwt_service_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_livekit_jwt_service_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-livekit-jwt-service + block: + - when: not matrix_livekit_jwt_service_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml b/roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml new file mode 100644 index 000000000..d33c35760 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml @@ -0,0 +1,31 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- name: Check existence of LiveKit JWT Service systemd service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service" + register: matrix_livekit_jwt_service_service_stat + +- when: matrix_livekit_jwt_service_service_stat.stat.exists | bool + block: + - name: Ensure LiveKit JWT Service systemd service is stopped + ansible.builtin.service: + name: matrix-livekit-jwt-service + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure LiveKit JWT Service systemd service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service" + state: absent + + - name: Ensure LiveKit JWT Service paths don't exist + ansible.builtin.file: + path: "{{ matrix_livekit_jwt_service_base_path }}" + state: absent diff --git a/roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml b/roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml new file mode 100644 index 000000000..f731898f2 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml @@ -0,0 +1,19 @@ +# SPDX-FileCopyrightText: 2022 MDAD project contributors +# SPDX-FileCopyrightText: 2024 wjbeckett +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +- name: Fail if required LiveKit JWT Service settings are not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] | length == 0" + with_items: + - {'name': 'matrix_livekit_jwt_service_hostname', when: true} + - {'name': 'matrix_livekit_jwt_service_container_network', when: true} + - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_key', when: true} + - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_url', when: true} + - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_secret', when: true} diff --git a/roles/custom/matrix-livekit-jwt-service/templates/env.j2 b/roles/custom/matrix-livekit-jwt-service/templates/env.j2 new file mode 100644 index 000000000..c32da08ef --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/templates/env.j2 @@ -0,0 +1,14 @@ +{# +SPDX-FileCopyrightText: 2024 wjbeckett +SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +LIVEKIT_JWT_PORT={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port | int | to_json }} + +LIVEKIT_KEY={{ matrix_livekit_jwt_service_environment_variable_livekit_key }} +LIVEKIT_URL={{ matrix_livekit_jwt_service_environment_variable_livekit_url }} +LIVEKIT_SECRET={{ matrix_livekit_jwt_service_environment_variable_livekit_secret }} + +{{ matrix_livekit_jwt_service_environment_variables_extension }} diff --git a/roles/custom/matrix-livekit-jwt-service/templates/labels.j2 b/roles/custom/matrix-livekit-jwt-service/templates/labels.j2 new file mode 100644 index 000000000..c372cbb78 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/templates/labels.j2 @@ -0,0 +1,55 @@ +{# +SPDX-FileCopyrightText: 2024 wjbeckett +SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if matrix_livekit_jwt_service_container_labels_traefik_enabled %} +traefik.enable=true + +traefik.docker.network={{ matrix_livekit_jwt_service_container_labels_traefik_docker_network }} + +traefik.http.services.matrix-livekit-jwt-service.loadbalancer.server.port={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} + +{% set middlewares = [] %} + +{% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.regex=({{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-livekit-jwt-service-slashless-redirect'] %} + +traefik.http.middlewares.matrix-livekit-jwt-service-strip-prefix.stripprefix.prefixes={{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-livekit-jwt-service-strip-prefix'] %} +{% endif %} + +{% if matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-livekit-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-livekit-jwt-service-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-livekit-jwt-service.rule={{ matrix_livekit_jwt_service_container_labels_traefik_rule }} + +{% if matrix_livekit_jwt_service_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-livekit-jwt-service.priority={{ matrix_livekit_jwt_service_container_labels_traefik_priority }} +{% endif %} + +traefik.http.routers.matrix-livekit-jwt-service.service=matrix-livekit-jwt-service + +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-livekit-jwt-service.middlewares={{ middlewares | join(',') }} +{% endif %} + +traefik.http.routers.matrix-livekit-jwt-service.entrypoints={{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints }} + +traefik.http.routers.matrix-livekit-jwt-service.tls={{ matrix_livekit_jwt_service_container_labels_traefik_tls | to_json }} + +{% if matrix_livekit_jwt_service_container_labels_traefik_tls %} +traefik.http.routers.matrix-livekit-jwt-service.tls.certResolver={{ matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver }} +{% endif %} + +{% endif %} + +{{ matrix_livekit_jwt_service_container_labels_additional_labels }} diff --git a/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2 b/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2 new file mode 100644 index 000000000..073d27e36 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix LiveKit JWT Service +{% for service in matrix_livekit_jwt_service_systemd_required_services_list %} +After={{ service }} +Requires={{ service }} +{% endfor %} + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-jwt-service 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-livekit-jwt-service \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_livekit_jwt_service_container_network }} \ + {% if matrix_livekit_jwt_service_container_http_host_bind_port %} + -p {{ matrix_livekit_jwt_service_container_http_host_bind_port }}:{{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} \ + {% endif %} + --env-file={{ matrix_livekit_jwt_service_base_path }}/env \ + --label-file={{ matrix_livekit_jwt_service_base_path }}/labels \ + {{ matrix_livekit_jwt_service_container_image }} + +{% for network in matrix_livekit_jwt_service_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-livekit-jwt-service +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-jwt-service + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jwt-service 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-livekit-jwt-service + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2.license b/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2.license new file mode 100644 index 000000000..085b430a3 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2.license @@ -0,0 +1,5 @@ +SPDX-FileCopyrightText: 2022 MDAD project contributors +SPDX-FileCopyrightText: 2024 wjbeckett +SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev + +SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/roles/custom/matrix-livekit-jwt-service/vars/main.yml b/roles/custom/matrix-livekit-jwt-service/vars/main.yml new file mode 100644 index 000000000..a6070f646 --- /dev/null +++ b/roles/custom/matrix-livekit-jwt-service/vars/main.yml @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2024 Slavi Pantaleev +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- + +matrix_livekit_jwt_service_public_url: "{{ matrix_livekit_jwt_service_scheme }}://{{ matrix_livekit_jwt_service_hostname }}{{ matrix_livekit_jwt_service_path_prefix }}" diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 2f51588a6..77340c7b9 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -20,6 +20,7 @@ matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public" matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known" matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix" +matrix_static_files_public_well_known_element_path: "{{ matrix_static_files_public_well_known_path }}/element" # List of systemd services that matrix-static-files.service depends on matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" @@ -211,6 +212,16 @@ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin: "{{ matri matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {} matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {} +# Controls whether `org.matrix.msc4143.rtc_foci`-related entries should be added to the client well-known. +# By default, if there are entries in `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci`, we show them (by enabling this). +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | default({}) | dict2items | length > 0 }}" + +# Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file. +# See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled` +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto | combine(matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom, recursive=True) }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: {} +matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: {} + # Default /.well-known/matrix/client configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -358,6 +369,56 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f ######################################################################## +######################################################################## +# # +# Related to /.well-known/element/element.json # +# # +######################################################################## + +# Controls whether a `/.well-known/element/element.json` file is generated and used at all. +matrix_static_files_file_element_element_json_enabled: true + +# Controls the call.widget_url property in the /.well-known/element/element.json file +matrix_static_files_file_element_element_json_property_call_widget_url: '' + +# Default /.well-known/element/element.json configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`) +# or completely replace this variable with your own template. +matrix_static_files_file_element_element_json_configuration_json: "{{ lookup('template', 'templates/public/.well-known/element/element.json.j2') }}" + +# Your custom JSON configuration for /.well-known/element/element.json should go to `matrix_static_files_file_element_element_json_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_static_files_file_matrix_support_configuration_json`. +# +# Example configuration extension follows: +# +# matrix_static_files_file_element_element_json_configuration_extension_json: | +# { +# "call": { +# "url": "value" +# } +# } +matrix_static_files_file_element_element_json_configuration_extension_json: '{}' + +matrix_static_files_file_element_element_json_configuration_extension: "{{ matrix_static_files_file_element_element_json_configuration_extension_json | from_json if matrix_static_files_file_element_element_json_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_element_element_json_configuration_json` or `matrix_static_files_file_element_element_json_configuration_extension_json`. +matrix_static_files_file_element_element_json_configuration: "{{ matrix_static_files_file_element_element_json_configuration_json | combine(matrix_static_files_file_element_element_json_configuration_extension, recursive=True) }}" + +######################################################################## +# # +# /Related to /.well-known/element/element.json # +# # +######################################################################## + + ######################################################################## # # # Related to index.html # diff --git a/roles/custom/matrix-static-files/tasks/install.yml b/roles/custom/matrix-static-files/tasks/install.yml index f23592644..5b8609011 100644 --- a/roles/custom/matrix-static-files/tasks/install.yml +++ b/roles/custom/matrix-static-files/tasks/install.yml @@ -7,17 +7,19 @@ - name: Ensure matrix-static-files paths exist ansible.builtin.file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_static_files_base_path }}" - - "{{ matrix_static_files_config_path }}" - - "{{ matrix_static_files_public_path }}" - - "{{ matrix_static_files_public_well_known_path }}" - - "{{ matrix_static_files_public_well_known_matrix_path }}" + - {path: "{{ matrix_static_files_base_path }}", when: true} + - {path: "{{ matrix_static_files_config_path }}", when: true} + - {path: "{{ matrix_static_files_public_path }}", when: true} + - {path: "{{ matrix_static_files_public_well_known_path }}", when: true} + - {path: "{{ matrix_static_files_public_well_known_matrix_path }}", when: true} + - {path: "{{ matrix_static_files_public_well_known_element_path }}", when: true} + when: "item.when | bool" - name: Ensure matrix-static-files is configured ansible.builtin.template: @@ -57,6 +59,10 @@ dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support" when: "{{ matrix_static_files_file_matrix_support_enabled }}" + - content: "{{ matrix_static_files_file_element_element_json_configuration | to_nice_json }}" + dest: "{{ matrix_static_files_public_well_known_element_path }}/element.json" + when: "{{ matrix_static_files_file_element_element_json_enabled }}" + # This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`. # See the comment for `matrix_static_files_file_index_html_enabled` to learn why. - content: "{{ matrix_static_files_file_index_html_template }}" @@ -75,6 +81,12 @@ state: absent when: "not matrix_static_files_file_matrix_support_enabled | bool" +- name: Ensure /.well-known/element/element.json file deleted if not enabled + ansible.builtin.file: + path: "{{ matrix_static_files_public_well_known_element_path }}/element.json" + state: absent + when: "not matrix_static_files_file_element_element_json_enabled | bool" + - name: Ensure matrix-static-files container image is pulled community.docker.docker_image: name: "{{ matrix_static_files_container_image }}" diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 new file mode 100644 index 000000000..68d13f098 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2 @@ -0,0 +1,7 @@ +{ + {% if matrix_static_files_file_element_element_json_property_call_widget_url %} + "call": { + "widget_url": {{ matrix_static_files_file_element_element_json_property_call_widget_url | to_json }} + } + {% endif %} +} diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2.license b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2.license new file mode 100644 index 000000000..3d67f3cc5 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2.license @@ -0,0 +1,4 @@ +SPDX-FileCopyrightText: 2024 wjbeckett +SPDX-FileCopyrightText: 2024 Slavi Pantaleev + +SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 index 86882893a..600e8f4c7 100644 --- a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 @@ -57,4 +57,7 @@ {% if matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled %}, "cc.etke.synapse-admin": {{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | to_json }} {% endif %} + {% if matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled %}, + "org.matrix.msc4143.rtc_foci": {{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | to_json }} + {% endif %} } diff --git a/setup.yml b/setup.yml index 7149b3cdf..b5aa83412 100644 --- a/setup.yml +++ b/setup.yml @@ -133,6 +133,10 @@ - custom/matrix-media-repo - custom/matrix-pantalaimon + - custom/matrix-element-call + - galaxy/livekit_server + - custom/matrix-livekit-jwt-service + - role: galaxy/postgres_backup - role: galaxy/backup_borg