Add Element Call support

This is an initial implementaton that's hasn't been battle-tested much. Our LiveKit Server setup by default doesn't enable TURN, so connectivity for NAT-ed clients may be subpar. Squashed commit of the following: commit d5c24fcafe Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 08:31:48 2025 +0200 Upgrade LiveKit Server (v1.8.4-1 -> v1.8.4-2) commit 4d61cc571b Merge: 9c24064fb 9a231a815 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 08:19:05 2025 +0200 Merge branch 'master' into element-call-integration commit 9c24064fb6 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 08:14:49 2025 +0200 Make Element Call fail during validation if on an unsupported architecture (like arm32) commit a757b515fb Merge: ba9cedbed 2a6b746ac Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 08:11:16 2025 +0200 Merge branch 'master' into element-call-integration commit ba9cedbeda Merge: 4a638c2df f8f7ffc7d Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 08:03:03 2025 +0200 Merge branch 'master' into element-call-integration commit 4a638c2df3 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 07:52:04 2025 +0200 Prepare Element Call announcement text on the changelog commit 155d5dad38 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 07:49:49 2025 +0200 Mention the compatible clients on Element Call docs, more cross-linking & consistency fixes commit 6b8a3fc891 Merge: 3ea1ea2f3 95dcaf6e2 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Mar 15 07:38:02 2025 +0200 Merge branch 'master' into element-call-integration commit 3ea1ea2f34 Merge: d3913a015 60e2e035a Author: Slavi Pantaleev <slavi@devture.com> Date: Fri Mar 14 22:29:14 2025 +0200 Merge branch 'master' into element-call-integration commit d3913a015e Author: Slavi Pantaleev <slavi@devture.com> Date: Fri Mar 14 20:04:18 2025 +0200 Upgrade LiveKit Server (v1.8.4-0 -> v1.8.4-1) commit ac7f96806d Author: Slavi Pantaleev <slavi@devture.com> Date: Fri Mar 14 19:58:09 2025 +0200 Relocate the livekit-server Ansible role to its own repository in the MASH organization commit b8d800f6ef Author: Slavi Pantaleev <slavi@devture.com> Date: Fri Mar 14 19:37:29 2025 +0200 Add "Federation" as a prerequisite for Element Call (indirect, via LiveKit JWT Service) Ref: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554 - f5f5374c4b/main.go (L135-L146) commit 2c1c49444a Merge: 6bc0185d5 8e883a555 Author: Slavi Pantaleev <slavi@devture.com> Date: Fri Mar 14 19:32:48 2025 +0200 Merge branch 'master' into element-call-integration commit 6bc0185d50 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Mar 13 09:43:22 2025 +0200 Add Element Call, LiveKit Server and LiveKit JWT Service to `README.md` Ref: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2720039742 commit a0470fe248 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 19:12:30 2025 +0200 Minor rewording in LiveKit Server docs commit d4ceebc6a9 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 19:12:22 2025 +0200 Add Element Call, LiveKit Server and LiveKit JWT Service to `docs/container-images.md` commit 6a86de958f Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 19:05:51 2025 +0200 Apply suggestions from code review Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit d9df022d55 Merge: 676f9dd9a 2f30886b1 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 18:40:31 2025 +0200 Merge branch 'master' into element-call-integration commit 676f9dd9ad Merge: 251561ff8 2be709e2c Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 18:00:45 2025 +0200 Merge branch 'master' into element-call-integration commit 251561ff81 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 17:47:01 2025 +0200 Simplify LiveKit Server role by removing unused/untested HTTP middleware variables commit 1e60f41a59 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 17:44:00 2025 +0200 Restore Element Call HTTP headers to more secure/privacy-respecting values commit f8e84c4b2f Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 17:43:34 2025 +0200 Remove useless `matrix_element_call_port` variable commit 3f5e8f656b Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 17:35:30 2025 +0200 Switch default LiveKit server endpoint to one under the `matrix.` domain and polish-up docs commit 72118f2f03 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 16:56:06 2025 +0200 Fix LiveKitServer middlware name (`matrix-livekit-server-server-slashless-redirect` -> `matrix-livekit-server-slashless-redirect`) commit 585377975b Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 16:51:10 2025 +0200 Adjust LiveKit Server ports and exposure commit 22ef579444 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 15:44:31 2025 +0200 Make livekit-jwt-service communicate with livekit-server via public URLs Communicating via container URLs works, but the URL provided to livekit-jwt-service as `LIVEKIT_URL` is also passed to the user later and it must be a public one at that point. It'd be great if livekit-jwt-service can be given 2 different URLs (e.g. `LIVEKIT_URL` and `LIVEKIT_URL_PUBLIC`) and only announce the public one to the user, but there's no support for this yet. commit 32f8c6de6e Merge: 370feb740 79cc333be Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 15:27:42 2025 +0200 Merge branch 'master' into element-call-integration commit 370feb740f Merge: 9a11e5e1f a9ee537f8 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 10:04:19 2025 +0200 Merge branch 'master' into element-call-integration commit 9a11e5e1fe Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 09:19:03 2025 +0200 Auto-enable experimental Synapse features required by Element Call when Element Call is enabled commit 8291b2f99d Merge: 890f10f76 c5a03efdf Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 09:14:50 2025 +0200 Merge branch 'master' into element-call-integration commit 890f10f765 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 09:01:35 2025 +0200 Make `matrix_livekit_jwt_service_public_url` respect `matrix_livekit_jwt_service_path_prefix` commit 031cf68cbb Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:59:50 2025 +0200 Remove unused `matrix_element_call_metrics_*` variables commit 5961841e52 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:59:05 2025 +0200 Make matrix-livekit-jwt-service role not reference foreign variables (except the matrix-base ones) commit 2be4923aef Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:56:15 2025 +0200 Make Element Call role not reference foreign variables (except the matrix-base ones) commit 23efad9cb7 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:51:52 2025 +0200 Rework Element Call config.json templating commit 6b55ba29ab Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:46:11 2025 +0200 Make Element Call refuse a path prefix other than `/` commit 0d1112638d Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:05:42 2025 +0200 Update LiveKit JWT service path prefix (`/lk-jwt-service` -> `/livekit-jwt-service`) commit c3c2ba34b4 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:02:29 2025 +0200 Split `matrix_element_call_systemd_required_services_list` into `_default`, `_auto` and `_custom` commit 0215708f79 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 08:00:28 2025 +0200 Remove some useless variables and rework environment variables variable for livekit-jwt-service commit e1b57f3d45 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 07:56:47 2025 +0200 Pin livekit-jwt-service to released (v0.2.0) and adapt configuration commit de2a8f11d2 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 07:46:51 2025 +0200 `_name_prefix` -> `_registry_prefix` changes for LiveKit roles commit 2a69ca35be Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 07:42:40 2025 +0200 Clean up Element Call group vars vs defaults/main.yml mixup and make some minor LiveKit updates commit 72d64cfa6b Merge: f161c7c58 5dfbefd64 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 07:03:53 2025 +0200 Merge branch 'master' into element-call-integration commit f161c7c58f Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 07:03:00 2025 +0200 Add newlines at end of files commit 6c6b44dc25 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:58:00 2025 +0200 Add license information to Element Call and LiveKit roles commit 8eb1c57e2b Merge: 61069d631 aa36acdef Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:36:48 2025 +0200 Merge branch 'master' into element-call-integration commit 61069d6313 Merge: 74d6a99b1 0b9389fd6 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:34:00 2025 +0200 Merge branch 'element-call-integration' of github.com:wjbeckett/matrix-docker-ansible-deploy into element-call-integration commit 74d6a99b1e Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:32:22 2025 +0200 Adjust names for Element Call tasks and make uninstallation more consistent with other roles commit 81a30f17ac Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:29:39 2025 +0200 Remove some superficial comments commit 413d591562 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:27:11 2025 +0200 Bring container-network-creation tasks up-to-date for Element Call and LiveKit-related services commit 7572522820 Merge: 564275527 5ece1fea5 Author: Slavi Pantaleev <slavi@devture.com> Date: Wed Mar 12 06:24:34 2025 +0200 Merge branch 'master' into element-call-integration commit 0b9389fd64 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Nov 23 17:43:52 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 9a8a569431 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Nov 23 17:43:29 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit bb403e1aee Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Nov 23 17:43:15 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 74fbacbd9f Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Nov 23 17:42:54 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 5642755273 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Nov 23 16:40:50 2024 +0200 Rework LiveKit JWT Service role commit bb925f4782 Merge: c57d0d192 ca8c1cf2b Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Nov 23 14:45:20 2024 +0200 Merge branch 'master' into element-call-integration commit c57d0d192d Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 19:45:07 2024 +0200 Eliminate remaining matrix references from LiveKit Server role commit 006920882c Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 19:38:23 2024 +0200 Rename file (element-call-labels -> labels) commit 69d702643f Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 19:36:55 2024 +0200 Remove homeserver.yaml patching from Element Call role commit 252ca52f60 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 19:32:15 2024 +0200 Relocate /.well-known/element/element.json setup to matrix-static-files, instead of ugly patching from the Element Call role commit 3f52cec25c Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 19:17:30 2024 +0200 Relocate Element Web features & element_call configuration to Element role, instead of ugly patching from the Element Call role commit 7a6fcaa402 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 18:59:11 2024 +0200 Fix typo commit 394fdca066 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 18:54:29 2024 +0200 Relocate org.matrix.msc4143.rtc_foci setup to /.well-known/matrix/client to matrix-static-files instead of ugly patching commit f0466d5a99 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 18:19:36 2024 +0200 Make LiveKit Server configuration extensible commit be7271760e Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 18:13:07 2024 +0200 Make LiveKit Server logging config configurable commit 8b84eb6390 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 18:04:53 2024 +0200 Default LiveKit Server to a smaller RTC range for faster startup on non-host networks commit 3e86adac0d Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 18:00:43 2024 +0200 Fix port exposure for LiveKit Server commit 721fb39aa2 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 17:28:06 2024 +0200 More progress on the LiveKit role commit 783d4a23f8 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:54:45 2024 +0200 Add livekit_server_identifier commit fa4ebd2a64 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:37:01 2024 +0200 Cleanups commit 79ae704a24 Merge: 88d466845 c07b09390 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:31:50 2024 +0200 Merge branch 'element-call-integration' of github.com:wjbeckett/matrix-docker-ansible-deploy into element-call-integration commit c07b093902 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:24:34 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit c321ca160e Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:24:26 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 164be875b0 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:24:15 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 0f23e36e12 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:24:05 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 83bb546c64 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:23:55 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 3783922275 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:23:47 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 66cc36466c Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:23:36 2024 +0200 Update docs/configuring-playbook-livekit-server.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit ec41c1aba5 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:23:28 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit df6ef106d1 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:23:18 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit eb048da8a1 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:23:06 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit ccb29beb30 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:22:56 2024 +0200 Update docs/configuring-playbook-jwt-service.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 32ea60fdc5 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:22:44 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 25a8cb3b4a Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:22:17 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 55da5c3213 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:21:55 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 925ebfbd4b Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:21:42 2024 +0200 Update docs/configuring-playbook-element-call.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 88d4668450 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:16:43 2024 +0200 Variable rename (livekit_server_image -> livekit_server_container_image) for consistency with other roles commit 1838a541ae Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 16:15:54 2024 +0200 Variables rename (matrix_livekit_server_ -> livekit_server_) to prepare for role extraction commit 1e82530080 Merge: 82127830b 0c9fc4358 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 15:59:56 2024 +0200 Merge branch 'master' into element-call-integration commit 82127830b3 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 15:58:01 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/uninstall.yml Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 85c0ffa9e1 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 15:57:51 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/uninstall.yml Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit b691f39d39 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 15:57:44 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/install.yml Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit 10df145101 Author: Slavi Pantaleev <slavi@devture.com> Date: Thu Nov 21 15:57:31 2024 +0200 Update roles/custom/matrix-livekit-server/tasks/install.yml Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> commit fa2a913d39 Author: wjbeckett <wjbeckett@gmail.com> Date: Thu Oct 3 16:20:54 2024 +1000 fixing issue with element call domain not being expanded when writing the element web config.json. commit e18b28136c Author: wjbeckett <wjbeckett@gmail.com> Date: Thu Oct 3 15:28:56 2024 +1000 Updated Element call docs with dependent services and fixed typo. commit 1906d61c39 Author: wjbeckett <wjbeckett@gmail.com> Date: Thu Oct 3 13:25:40 2024 +1000 updated traefik label to be in line with the latest change from devture_traefik_ to traefik_ commit b7e0a41134 Merge: a03f5985a d9a919a4b Author: Backslash <wjbeckett@gmail.com> Date: Thu Oct 3 13:20:02 2024 +1000 Merge branch 'spantaleev:master' into element-call-integration commit a03f5985a5 Author: wjbeckett <wjbeckett@gmail.com> Date: Thu Oct 3 12:38:34 2024 +1000 removed trailing whitespaces commit 1e6698cb99 Author: wjbeckett <wjbeckett@gmail.com> Date: Wed Oct 2 13:27:02 2024 +1000 updated documentation or the new roles. commit f684719b2a Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 22:30:09 2024 +1000 fixed error with element client update task commit a6e3203398 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 22:20:50 2024 +1000 updated docs, broke the well-known and element client modifications out to separate tasks. commit 2b4fdea70f Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 17:04:11 2024 +1000 added header flags back in. commit 6c8923ae28 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 16:51:06 2024 +1000 removed headers. commit 9691577b22 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 16:45:07 2024 +1000 removed additinoal headers commit 46109565e1 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 16:33:48 2024 +1000 updated headers for each of the call services. commit 4acb025130 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 13:35:53 2024 +1000 testing livekit configuration commit e421852af5 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 13:09:00 2024 +1000 updated jwt bind port commit 5507fb3bab Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 13:08:21 2024 +1000 added element-call config.json to systemd file commit 9864996aad Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 12:46:37 2024 +1000 adjusted jwt service ports for traefik commit dbbaae4fbe Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 12:34:25 2024 +1000 stopping the recursive loop commit d53c2428b8 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 12:29:35 2024 +1000 updated jwt hostname. commit f98a505df8 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 11:00:56 2024 +1000 changed jwt-service port label. commit d5aabc85be Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 10:41:30 2024 +1000 removed redis images in favor of the inbuilt keyDB commit 7cdec5f251 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 10:17:34 2024 +1000 fixed type in livekit image commit fd2f505b34 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 10:00:30 2024 +1000 Fixed typo in livekit server hostname commit 812b57cfaa Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 09:54:02 2024 +1000 resolved missing key. commit b7b8ed573b Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 09:48:44 2024 +1000 typo in livekit-server validate. commit 97f93ebd76 Author: wjbeckett <wjbeckett@gmail.com> Date: Tue Oct 1 09:31:42 2024 +1000 renamed the livekit role and added livekit-server and jwt-service roles to the setup file. commit 8cb7deff15 Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 23:04:10 2024 +1000 cleaned up old services again commit 71dff50a65 Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 22:53:21 2024 +1000 fixed livekit service name commit 58a9642e8c Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 22:45:56 2024 +1000 fixed config file placement. commit 3de399025f Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 22:41:36 2024 +1000 hard coded redis port. commit e952ba1c3a Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 22:35:59 2024 +1000 removed duplicate tasks. commit 8cb3e33bbf Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 22:20:46 2024 +1000 separated livekit and jwt to separate roles commit b907777ae5 Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 13:13:29 2024 +1000 fixing labels again. commit cb41fb02ae Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 13:00:10 2024 +1000 testing traefik labels again. commit 31a138a6ba Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 12:47:42 2024 +1000 fixed traefik router issues. commit 6143ad7ffa Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 12:27:04 2024 +1000 fix: removed the read-only tag from the element-call systemd file. commit f762048a8d Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 12:15:27 2024 +1000 fix: added missing labels to main. commit 93650cf20e Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 12:02:45 2024 +1000 fix: Type in the element-call main.yml commit 9dbee212d8 Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 11:37:08 2024 +1000 fix: removed duplicate keys. commit 1167e1ec13 Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 11:17:34 2024 +1000 fix: changed matrix server name to matrix domain in element-call config. commit f036e18789 Author: wjbeckett <wjbeckett@gmail.com> Date: Mon Sep 30 11:05:11 2024 +1000 Fix: Restructured Element call configuration files. commit a274d32c6d Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 12:50:31 2024 +1000 Removed serve function commit 5db9a5c061 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 12:40:37 2024 +1000 Removed env file commit 2492672025 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 12:39:39 2024 +1000 Update env.j2 commit a0917fa283 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 12:37:36 2024 +1000 Update main.yml commit 8b172cc194 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 12:35:38 2024 +1000 Update env.j2 commit 63133d6599 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 11:53:26 2024 +1000 Added serve command back in. commit 5b8dcf32d5 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 11:42:34 2024 +1000 Added element-call systemd services to the service manager. commit 14614cb211 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 10:26:01 2024 +1000 Update matrix-element-call.service.j2 commit 3c084e17d2 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 10:15:51 2024 +1000 Update element-call-labels.j2-new commit 089c5f14c8 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 10:00:40 2024 +1000 Update jwt-service-labels.j2 commit b6571fc4fd Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:59:54 2024 +1000 Update livekit-labels.j2 commit 6d6f9ab853 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:59:13 2024 +1000 Added hostnames for livekit and jwt labels commit 5730dbfc6e Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:54:01 2024 +1000 Added hostname label commit c14f9cdcb5 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:25:48 2024 +1000 Update matrix_servers commit 805b726c6d Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:25:01 2024 +1000 Update element-call-labels.j2 commit 5f49433f6c Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:15:21 2024 +1000 Handle empty labels correctly. commit 510cfb2dac Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:14:29 2024 +1000 Update matrix_servers commit 1721e85195 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 09:00:03 2024 +1000 Corrected element call labels file name commit 25909b1029 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:51:27 2024 +1000 Update and rename labels.j2 to element-call-labels.j2 commit 3264408758 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:49:55 2024 +1000 Rename element-call-labels.j2 to element-call-labels.j2-new commit dd96b93d89 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:34:01 2024 +1000 Update matrix-element-call.service.j2 commit df4bf4a0c9 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:23:24 2024 +1000 Added tasks for moving the new labels files into place commit 2f2cb8962e Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:19:26 2024 +1000 Updated livekit labels commit d2e2781d3b Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:18:27 2024 +1000 Updated label file commit 80763804f9 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:16:56 2024 +1000 Updated label file commit 1d7a60055c Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:10:06 2024 +1000 Create jwt-service-labels.j2 commit 2cf471075d Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:09:32 2024 +1000 Created livekit-labels.j2 commit 6a519bb053 Author: Backslash <wjbeckett@gmail.com> Date: Fri Sep 27 08:08:42 2024 +1000 Created element-call-labels to separate the labels for each container commit f0632b20eb Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 21:24:43 2024 +1000 Added missing labels for sfu and jwt commit 5cc9c70ba6 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 20:57:47 2024 +1000 Remove serve command from matrix-element-call.service.j2 commit e34e5da9a4 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 19:57:39 2024 +1000 Update matrix-redis.service.j2 commit 656d4275bc Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 19:48:06 2024 +1000 Update install.yml commit 6ef304b118 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 19:43:22 2024 +1000 Update validate_config.yml commit 85be68946c Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 19:30:15 2024 +1000 Migrated from matrix_redis to redis_ commit 3f6c327da2 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 19:18:47 2024 +1000 Update main.yml commit ba54e549c4 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 19:08:09 2024 +1000 Added well-known element directory commit f2acc7430d Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 18:53:49 2024 +1000 Create well_known_element.json.j2 commit 9cb236da30 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 18:50:48 2024 +1000 Update install.yml commit f38d6a0d88 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 18:39:03 2024 +1000 Update main.yml commit ac1295ac45 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 18:33:22 2024 +1000 Create matrix-jwt-service.service.j2 commit bc2ed60762 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 17:23:03 2024 +1000 Update main.yml commit f7621283fd Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 16:31:23 2024 +1000 Update labels.j2 commit e31e688a41 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 15:42:05 2024 +1000 Update main.yml commit a533ec4204 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 15:38:12 2024 +1000 Update matrix_servers commit f16ca24408 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 15:17:15 2024 +1000 Update install.yml commit e910d09ff1 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 14:52:30 2024 +1000 Create matrix-redis.service.j2 commit bc9658c06b Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 13:40:38 2024 +1000 Create matrix-livekit.service.j2 commit 45c8a61f04 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 11:39:33 2024 +1000 Migrating to systemd for container management commit 954d46cfd7 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 09:25:49 2024 +1000 Update labels.j2 commit dfeca192ab Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 09:23:26 2024 +1000 Update redis.conf.j2 commit f306a47b83 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 09:22:29 2024 +1000 Update livekit.yaml.j2 commit becdb0810c Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 09:18:55 2024 +1000 Update config.json.j2 commit 37fd2e701d Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 09:15:07 2024 +1000 Update env.j2 to support the new configuration commit 68cc1f4b2b Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 08:29:16 2024 +1000 Simplified the validation step. commit 5efc189293 Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 08:12:06 2024 +1000 Updated to support new structure commit 02479e8bec Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 07:59:09 2024 +1000 Updated with new structure. commit 0eef094f2b Author: Backslash <wjbeckett@gmail.com> Date: Thu Sep 26 06:51:36 2024 +1000 Restructure install.yml to follow other roles more closely commit 16ed788b3f Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 21:07:22 2024 +1000 Update main.yml commit 6364101410 Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 20:20:20 2024 +1000 Adding another debug task for testing the labels file. commit 81735503f8 Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 20:06:27 2024 +1000 Added debug task to test labels configuration commit 8644a7383e Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 19:22:21 2024 +1000 Removed additional label loop commit ce827e7953 Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 19:09:13 2024 +1000 Changed matrix_base_domain to matrix_domain commit c93d30bcb8 Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 19:07:03 2024 +1000 Added matrix_server_name to the defaults commit 90ea758c3b Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 18:39:26 2024 +1000 Fixed regex for checking the hostname. commit 350d4d4bcd Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 18:35:09 2024 +1000 Fixed assertion block to remove jinja2 delimiters commit fc6357a089 Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 18:05:34 2024 +1000 Update main.yml commit 60f34cd7af Author: wjbeckett <wjbeckett@gmail.com> Date: Wed Sep 25 16:13:29 2024 +1000 fixed matrix_redis for migration commit d1ba784dde Author: wjbeckett <wjbeckett@gmail.com> Date: Wed Sep 25 15:01:53 2024 +1000 added doc for setting up element call. commit 434157eb98 Merge: 6594cce57 f657273cc Author: Backslash <wjbeckett@gmail.com> Date: Wed Sep 25 14:55:42 2024 +1000 Merge branch 'spantaleev:master' into element-call-integration commit 6594cce570 Author: wjbeckett <wjbeckett@gmail.com> Date: Wed Sep 25 14:53:48 2024 +1000 Feat: Added element call setup and configuration.
2025-06-25 18:57:50 +02:00 · 2025-03-15 08:34:48 +02:00
parent 9a231a815d
commit 9970603f15
40 changed files with 1307 additions and 8 deletions
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@ -215,6 +215,67 @@ matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_w
 # URL to Wallpaper, shown in background of welcome page
 matrix_client_element_branding_welcome_background_url: ~  # noqa var-naming

+# Controls the `features` section of the Element Web configuration.
+matrix_client_element_features: "{{ matrix_client_element_features_default | combine(matrix_client_element_features_auto, recursive=True) | combine(matrix_client_element_features_custom, recursive=True) }}"
+matrix_client_element_features_default: |-
+  {{
+    {}
+
+    | combine(
+      {'feature_video_rooms': true} if matrix_client_element_features_feature_video_rooms else {}
+    )
+    | combine(
+      {'feature_group_calls': true} if matrix_client_element_features_feature_group_calls else {}
+    )
+    | combine(
+      {'feature_element_call_video_rooms': true} if matrix_client_element_features_feature_element_call_video_rooms else {}
+    )
+    | combine(
+      {'feature_oidc_native_flow': true} if matrix_client_element_features_feature_oidc_native_flow else {}
+    )
+  }}
+
+matrix_client_element_features_auto: {}
+matrix_client_element_features_custom: {}
+
+matrix_client_element_features_feature_video_rooms: false
+matrix_client_element_features_feature_group_calls: false
+matrix_client_element_features_feature_element_call_video_rooms: false
+matrix_client_element_features_feature_oidc_native_flow: false
+
+matrix_client_element_element_call_enabled: false
+matrix_client_element_element_call: "{{ matrix_client_element_element_call_default | combine(matrix_client_element_element_call_auto, recursive=True) | combine(matrix_client_element_element_call_custom, recursive=True) }}"
+matrix_client_element_element_call_default: |-
+  {{
+    {}
+    | combine(
+      {'url': matrix_client_element_element_call_url} if matrix_client_element_element_call_url else {}
+    )
+    | combine(
+      {'participant_limit': matrix_client_element_element_call_participant_limit} if matrix_client_element_element_call_participant_limit else {}
+    )
+    | combine(
+      {'brand': matrix_client_element_element_call_brand} if matrix_client_element_element_call_brand else {}
+    )
+    | combine(
+      {'use_exclusively': matrix_client_element_element_call_use_exclusively} if matrix_client_element_element_call_use_exclusively else {}
+    )
+  }}
+matrix_client_element_element_call_auto: {}
+matrix_client_element_element_call_custom: {}
+
+# Controls the `element_call.url` setting in the Element Web configuration.
+matrix_client_element_element_call_url: ''
+
+# Controls the `element_call.participant_limit` setting in the Element Web configuration.
+matrix_client_element_element_call_participant_limit: 8
+
+# Controls the `element_call.brand` setting in the Element Web configuration.
+matrix_client_element_element_call_brand: "Element Call"
+
+# Controls the `element_call.use_exclusively` setting in the Element Web configuration.
+matrix_client_element_element_call_use_exclusively: true
+
 matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"

 # By default, there's no Element Web homepage (when logged in). If you wish to have one,
--- a/roles/custom/matrix-client-element/templates/config.json.j2
+++ b/roles/custom/matrix-client-element/templates/config.json.j2
@ -45,5 +45,7 @@
 		"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }},
 		"auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }},
 		"welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }}
-	}
+	},
+	"features": {{ matrix_client_element_features | to_json }},
+	"element_call": {{ (matrix_client_element_element_call if matrix_client_element_element_call_enabled else {}) | to_json }}
 }
--- a/roles/custom/matrix-element-call/defaults/main.yml
+++ b/roles/custom/matrix-element-call/defaults/main.yml
@ -0,0 +1,145 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+# Element Call is a native Matrix video conferencing application developed by Element.
+# Project source code URL: https://github.com/element-hq/element-call
+
+matrix_element_call_enabled: false
+
+matrix_element_call_version: v0.7.2
+
+matrix_element_call_scheme: https
+
+matrix_element_call_hostname: "call.{{ matrix_server_fqn_element }}"
+matrix_element_call_path_prefix: /
+
+matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call"
+
+# The architecture for Element Call container images.
+# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
+matrix_element_call_architecture: "{{ matrix_architecture }}"
+
+matrix_element_call_container_image: "{{ matrix_element_call_container_image_registry_prefix }}element-hq/element-call:{{ matrix_element_call_container_image_tag }}"
+matrix_element_call_container_image_registry_prefix: "{{ matrix_element_call_container_image_registry_prefix_upstream }}"
+matrix_element_call_container_image_registry_prefix_upstream: "{{ matrix_element_call_container_image_registry_prefix_upstream_default }}"
+matrix_element_call_container_image_registry_prefix_upstream_default: ghcr.io/
+matrix_element_call_container_image_tag: "{{ matrix_element_call_version }}"
+matrix_element_call_container_image_force_pull: "{{ matrix_element_call_container_image.endswith(':latest') }}"
+
+matrix_element_call_container_network: matrix-element-call
+
+matrix_element_call_container_http_host_bind_port: ''
+
+matrix_element_call_container_additional_networks: "{{ matrix_element_call_container_additional_networks_auto + matrix_element_call_container_additional_networks_custom }}"
+matrix_element_call_container_additional_networks_auto: []
+matrix_element_call_container_additional_networks_custom: []
+
+# Traefik Configuration for Element Call
+matrix_element_call_container_labels_traefik_enabled: true
+matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_call_container_network }}"
+matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}"
+# The path prefix must either be `/` or not end with a slash (e.g. `/element`).
+matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}"
+matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}"
+matrix_element_call_container_labels_traefik_priority: 0
+matrix_element_call_container_labels_traefik_entrypoints: web-secure
+matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}"
+matrix_element_call_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls which additional headers to attach to all HTTP responses.
+# To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom`
+matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}"
+matrix_element_call_container_labels_traefik_additional_response_headers_auto: |
+  {{
+    {}
+    | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {})
+    | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {})
+    | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {})
+    | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {})
+    | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {})
+    | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {})
+  }}
+matrix_element_call_container_labels_traefik_additional_response_headers_custom: {}
+
+# matrix_element_call_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_element_call_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_element_call_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_element_call_container_extra_arguments: []
+
+# List of systemd services that matrix-element-call.service depends on
+matrix_element_call_systemd_required_services_list: "{{ matrix_element_call_systemd_required_services_list_default + matrix_element_call_systemd_required_services_list_auto + matrix_element_call_systemd_required_services_list_custom }}"
+matrix_element_call_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_element_call_systemd_required_services_list_auto: []
+matrix_element_call_systemd_required_services_list_custom: []
+
+# Specifies the value of the `X-XSS-Protection` header
+# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
+#
+# Learn more about it is here:
+# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+# - https://portswigger.net/web-security/cross-site-scripting/reflected
+matrix_element_call_http_header_xss_protection: "1; mode=block"
+
+# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+matrix_element_call_http_header_frame_options: ''
+
+# Specifies the value of the `X-Content-Type-Options` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+matrix_element_call_http_header_content_type_options: nosniff
+
+# Specifies the value of the `Content-Security-Policy` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+matrix_element_call_http_header_content_security_policy: frame-ancestors *
+
+# Specifies the value of the `Permission-Policy` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
+matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}"
+
+# Specifies the value of the `Strict-Transport-Security` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}"
+
+# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
+#
+# Learn more about what it is here:
+# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
+# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
+# - https://amifloced.org/
+#
+# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
+# See: `matrix_element_call_content_permission_policy`
+matrix_element_call_floc_optout_enabled: true
+
+# Controls if HSTS preloading is enabled
+#
+# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
+# indicates a willingness to be "preloaded" into browsers:
+# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
+# For more information visit:
+# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
+# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+# - https://hstspreload.org/#opt-in
+# See: `matrix_element_call_http_header_strict_transport_security`
+matrix_element_call_hsts_preload_enabled: false
+
+# Controls the default_server_config/m.homeserver/base_url property in the config.json file.
+matrix_element_call_config_default_server_config_m_homeserver_base_url: "{{ matrix_homeserver_url }}"
+
+# Controls the default_server_config/m.homeserver/server_name property in the config.json file.
+matrix_element_call_config_default_server_config_m_homeserver_server_name: "{{ matrix_domain }}"
+
+# Controls the livekit/livekit_service_url property in the config.json file.
+matrix_element_call_config_livekit_livekit_service_url: ""
--- a/roles/custom/matrix-element-call/tasks/install.yml
+++ b/roles/custom/matrix-element-call/tasks/install.yml
@ -0,0 +1,56 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Ensure Element Call paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - path: "{{ matrix_element_call_base_path }}"
+
+- name: Ensure Element Call config.json is in place
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/config.json.j2"
+    dest: "{{ matrix_element_call_base_path }}/config.json"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure Element Call container labels file is in place
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/labels.j2"
+    dest: "{{ matrix_element_call_base_path }}/labels"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure Element Call container image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_element_call_container_image }}"
+    source: pull
+    force_source: "{{ matrix_element_call_container_image_force_pull }}"
+  register: element_call_image_result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: element_call_image_result is not failed
+
+- name: Ensure Element Call container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_element_call_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure Element Call systemd service is installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
+    mode: 0644
--- a/roles/custom/matrix-element-call/tasks/main.yml
+++ b/roles/custom/matrix-element-call/tasks/main.yml
@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- tags:
+    - setup-all
+    - setup-element-call
+    - install-all
+    - install-element-call
+  block:
+    - when: matrix_element_call_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_element_call_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
+
+- tags:
+    - setup-all
+    - setup-element-call
+  block:
+    - when: not matrix_element_call_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
--- a/roles/custom/matrix-element-call/tasks/uninstall.yml
+++ b/roles/custom/matrix-element-call/tasks/uninstall.yml
@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of matrix-element-call service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
+  register: matrix_element_call_service_stat
+
+- when: matrix_element_call_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-element-call is stopped
+      ansible.builtin.service:
+        name: matrix-element-call
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-element-call.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
+        state: absent
+
+    - name: Ensure Element Call paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_element_call_base_path }}"
+        state: absent
--- a/roles/custom/matrix-element-call/tasks/validate_config.yml
+++ b/roles/custom/matrix-element-call/tasks/validate_config.yml
@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Fail if Element Call architecture is not supported
+  ansible.builtin.fail:
+    msg: >
+      Element Call is only supported on amd64 and arm64 architectures.
+      Your architecture is configured as '{{ matrix_element_call_architecture }}'.
+  when: "matrix_element_call_architecture not in ['amd64', 'arm64']"
+
+- name: Fail if required Element Call settings are not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] | length == 0"
+  with_items:
+    - {'name': 'matrix_element_call_container_network', when: true}
+    - {'name': 'matrix_element_call_hostname', when: true}
+    - {'name': 'matrix_element_call_config_livekit_livekit_service_url', when: true}
+
+# Element Call appears to hardcode all paths to `/` (e.g. `/config.json`, `/assets/...`).
+# While we can properly serve the homepage and handle stripping the path prefix on our side,
+# the hardcoded URLs in the Element Call are pointing people to the wrong place, which is a problem.
+- name: Fail if Element Call path prefix is different than /
+  ansible.builtin.fail:
+    msg: >
+      Element Call with a path prefix other than '/' is not supported yet.
+      You have configured matrix_element_call_path_prefix to '{{ matrix_element_call_path_prefix }}'.
+  when: "matrix_element_call_path_prefix != '/'"
--- a/roles/custom/matrix-element-call/templates/config.json.j2
+++ b/roles/custom/matrix-element-call/templates/config.json.j2
@ -0,0 +1,11 @@
+{
+  "default_server_config": {
+    "m.homeserver": {
+      "base_url": {{ matrix_element_call_config_default_server_config_m_homeserver_base_url | to_json }},
+      "server_name": {{ matrix_element_call_config_default_server_config_m_homeserver_server_name | to_json}}
+    }
+  },
+  "livekit": {
+    "livekit_service_url": {{ matrix_element_call_config_livekit_livekit_service_url | to_json }}
+  }
+}
--- a/roles/custom/matrix-element-call/templates/config.json.j2.license
+++ b/roles/custom/matrix-element-call/templates/config.json.j2.license
@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-element-call/templates/labels.j2
+++ b/roles/custom/matrix-element-call/templates/labels.j2
@ -0,0 +1,51 @@
+{#
+SPDX-FileCopyrightText: 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2024 wjbeckett
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if matrix_element_call_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_element_call_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_element_call_container_labels_traefik_docker_network }}
+{% endif %}
+
+traefik.http.services.matrix-element-call.loadbalancer.server.port=8080
+
+{% set middlewares = [] %}
+
+{% if matrix_element_call_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.regex=({{ matrix_element_call_container_labels_traefik_path_prefix | quote }})$
+traefik.http.middlewares.matrix-element-call-slashless-redirect.redirectregex.replacement=${1}/
+{% set middlewares = middlewares + ['matrix-element-call-slashless-redirect'] %}
+
+traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={{ matrix_element_call_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
+{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %}
+traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
+{% endfor %}
+{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %}
+{% endif %}
+
+traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }}
+{% if matrix_element_call_container_labels_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-element-call.priority={{ matrix_element_call_container_labels_traefik_priority }}
+{% endif %}
+traefik.http.routers.matrix-element-call.service=matrix-element-call
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-element-call.middlewares={{ middlewares | join(',') }}
+{% endif %}
+traefik.http.routers.matrix-element-call.entrypoints={{ matrix_element_call_container_labels_traefik_entrypoints }}
+traefik.http.routers.matrix-element-call.tls={{ matrix_element_call_container_labels_traefik_tls | to_json }}
+{% if matrix_element_call_container_labels_traefik_tls %}
+traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+{% endif %}
+
+{{ matrix_element_call_container_labels_additional_labels }}
--- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2
+++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2
@ -0,0 +1,46 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Element Call
+{% for service in matrix_element_call_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+    --rm \
+    --name=matrix-element-call \
+    --log-driver=none \
+    --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+    --cap-drop=ALL \
+    --network={{ matrix_element_call_container_network }} \
+    --mount type=bind,src={{ matrix_element_call_base_path }}/config.json,dst=/app/config.json,ro \
+    {% if matrix_element_call_container_http_host_bind_port %}
+    -p {{ matrix_element_call_container_http_host_bind_port }}:8080 \
+    {% endif %}
+    --label-file={{ matrix_element_call_base_path }}/labels \
+    {% for arg in matrix_element_call_container_extra_arguments %}
+    {{ arg }} \
+    {% endfor %}
+    {{ matrix_element_call_container_image }}
+
+{% for network in matrix_element_call_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-call
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-call
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-call 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-call 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-element-call
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2.license
+++ b/roles/custom/matrix-element-call/templates/systemd/matrix-element-call.service.j2.license
@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-element-call/vars/main.yml
+++ b/roles/custom/matrix-element-call/vars/main.yml
@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+matrix_element_call_public_url: "{{ matrix_element_call_scheme }}://{{ matrix_element_call_hostname }}"
--- a/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
+++ b/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
@ -0,0 +1,96 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+# Project source code URL: https://github.com/element-hq/lk-jwt-service
+
+matrix_livekit_jwt_service_enabled: false
+
+matrix_livekit_jwt_service_scheme: https
+matrix_livekit_jwt_service_hostname: ""
+matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"
+
+matrix_livekit_jwt_service_base_path: "{{ matrix_base_data_path }}/livekit-jwt-service"
+
+matrix_livekit_jwt_service_container_network: ''
+
+matrix_livekit_jwt_service_container_http_host_bind_port: ''
+
+matrix_livekit_jwt_service_container_additional_networks: "{{ (matrix_livekit_jwt_service_container_additional_networks_auto + matrix_livekit_jwt_service_container_additional_networks_custom) | unique }}"
+matrix_livekit_jwt_service_container_additional_networks_auto: []
+matrix_livekit_jwt_service_container_additional_networks_custom: []
+
+# renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
+matrix_livekit_jwt_service_version: 0.2.0
+
+matrix_livekit_jwt_service_container_image_self_build: false
+matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
+matrix_livekit_jwt_service_container_repo_version: "{{ 'main' if matrix_livekit_jwt_service_version == 'latest' else ('v' + livekit_server_version) }}"
+matrix_livekit_jwt_service_container_src_files_path: "{{ matrix_livekit_jwt_service_base_path }}/container-src"
+
+matrix_livekit_jwt_service_container_image: "{{ matrix_livekit_jwt_service_container_image_registry_prefix }}element-hq/lk-jwt-service:{{ matrix_livekit_jwt_service_container_image_tag }}"
+matrix_livekit_jwt_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_livekit_jwt_service_container_image_self_build else matrix_livekit_jwt_service_container_image_registry_prefix_upstream }}"
+matrix_livekit_jwt_service_container_image_registry_prefix_upstream: "{{ matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default }}"
+matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default: ghcr.io/
+matrix_livekit_jwt_service_container_image_tag: "{{ matrix_livekit_jwt_service_version }}"
+matrix_livekit_jwt_service_container_image_force_pull: "{{ matrix_livekit_jwt_service_container_image.endswith(':latest') }}"
+
+matrix_livekit_jwt_service_container_labels_traefik_enabled: true
+matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_livekit_jwt_service_container_network }}"
+matrix_livekit_jwt_service_container_labels_traefik_hostname: "{{ matrix_livekit_jwt_service_hostname }}"
+# The path prefix must either be `/` or not end with a slash (e.g. `/livekit-jwt-service`).
+matrix_livekit_jwt_service_container_labels_traefik_path_prefix: "{{ matrix_livekit_jwt_service_path_prefix }}"
+matrix_livekit_jwt_service_container_labels_traefik_rule: "Host(`{{ matrix_livekit_jwt_service_container_labels_traefik_hostname }}`){% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }}`){% endif %}"
+matrix_livekit_jwt_service_container_labels_traefik_priority: 0
+matrix_livekit_jwt_service_container_labels_traefik_entrypoints: web-secure
+matrix_livekit_jwt_service_container_labels_traefik_tls: "{{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints != 'web' }}"
+matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls which additional headers to attach to all HTTP responses.
+# To add your own headers, use `matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom`
+matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom) }}"
+matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_auto: {}
+matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers_custom: {}
+
+# matrix_livekit_jwt_service_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_livekit_jwt_service_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_livekit_jwt_service_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_livekit_jwt_service_container_extra_arguments: []
+
+# Controls the LK_JWT_PORT environment variable
+matrix_livekit_jwt_service_environment_variable_livekit_jwt_port: 8080
+
+# Controls the LIVEKIT_KEY environment variable
+matrix_livekit_jwt_service_environment_variable_livekit_key: ""
+
+# Controls the LIVEKIT_URL environment variable
+matrix_livekit_jwt_service_environment_variable_livekit_url: ""
+
+# Controls the LIVEKIT_SECRET environment variable
+matrix_livekit_jwt_service_environment_variable_livekit_secret: ""
+
+# Additional environment variables to pass to the container.
+#
+# Environment variables take priority over settings in the configuration file.
+#
+# Example:
+# matrix_livekit_jwt_service_environment_variables_extension: |
+#   KEY=value
+matrix_livekit_jwt_service_environment_variables_extension: ''
+
+# List of systemd services that LiveKit JWT Service service depends on
+matrix_livekit_jwt_service_systemd_required_services_list: "{{ matrix_livekit_jwt_service_systemd_required_services_list_default + matrix_livekit_jwt_service_systemd_required_services_list_auto + matrix_livekit_jwt_service_systemd_required_services_list_custom }}"
+matrix_livekit_jwt_service_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_livekit_jwt_service_systemd_required_services_list_auto: []
+matrix_livekit_jwt_service_systemd_required_services_list_custom: []
--- a/roles/custom/matrix-livekit-jwt-service/tasks/install.yml
+++ b/roles/custom/matrix-livekit-jwt-service/tasks/install.yml
@ -0,0 +1,76 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Ensure LiveKit JWT Service paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - path: "{{ matrix_livekit_jwt_service_base_path }}"
+
+- name: Ensure LiveKit JWT Service support files installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_livekit_jwt_service_base_path }}/{{ item }}"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - env
+    - labels
+
+- name: Ensure LiveKit JWT Service container image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_livekit_jwt_service_container_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_livekit_jwt_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_container_image_force_pull }}"
+  when: "not matrix_livekit_jwt_service_container_image_self_build | bool"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- when: "matrix_livekit_jwt_service_container_image_self_build | bool"
+  block:
+    - name: Ensure LiveKit JWT Service repository is present on self-build
+      ansible.builtin.git:
+        repo: "{{ matrix_livekit_jwt_service_container_repo }}"
+        version: "{{ matrix_livekit_jwt_service_container_repo_version }}"
+        dest: "{{ matrix_livekit_jwt_service_container_src_files_path }}"
+        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
+      register: matrix_livekit_jwt_service_git_pull_results
+
+    - name: Ensure LiveKit JWT Service container image is built
+      community.docker.docker_image:
+        name: "{{ matrix_livekit_jwt_service_container_image }}"
+        source: build
+        force_source: "{{ matrix_livekit_jwt_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_livekit_jwt_service_git_pull_results.changed }}"
+        build:
+          dockerfile: Dockerfile
+          path: "{{ matrix_livekit_jwt_service_container_src_files_path }}"
+          pull: true
+
+- name: Ensure LiveKit JWT Service container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_livekit_jwt_service_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure LiveKit JWT Service systemd service is installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-livekit-jwt-service.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service"
+    mode: 0644
--- a/roles/custom/matrix-livekit-jwt-service/tasks/main.yml
+++ b/roles/custom/matrix-livekit-jwt-service/tasks/main.yml
@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- tags:
+    - setup-all
+    - setup-jwt-service
+    - install-all
+    - install-livekit-jwt-service
+  block:
+    - when: matrix_livekit_jwt_service_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_livekit_jwt_service_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
+
+- tags:
+    - setup-all
+    - setup-livekit-jwt-service
+  block:
+    - when: not matrix_livekit_jwt_service_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
--- a/roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml
+++ b/roles/custom/matrix-livekit-jwt-service/tasks/uninstall.yml
@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of LiveKit JWT Service systemd service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service"
+  register: matrix_livekit_jwt_service_service_stat
+
+- when: matrix_livekit_jwt_service_service_stat.stat.exists | bool
+  block:
+    - name: Ensure LiveKit JWT Service systemd service is stopped
+      ansible.builtin.service:
+        name: matrix-livekit-jwt-service
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure LiveKit JWT Service systemd service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-livekit-jwt-service.service"
+        state: absent
+
+    - name: Ensure LiveKit JWT Service paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_livekit_jwt_service_base_path }}"
+        state: absent
--- a/roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml
+++ b/roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml
@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 wjbeckett
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Fail if required LiveKit JWT Service settings are not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] | length == 0"
+  with_items:
+    - {'name': 'matrix_livekit_jwt_service_hostname', when: true}
+    - {'name': 'matrix_livekit_jwt_service_container_network', when: true}
+    - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_key', when: true}
+    - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_url', when: true}
+    - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_secret', when: true}
--- a/roles/custom/matrix-livekit-jwt-service/templates/env.j2
+++ b/roles/custom/matrix-livekit-jwt-service/templates/env.j2
@ -0,0 +1,14 @@
+{#
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+LIVEKIT_JWT_PORT={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port | int | to_json }}
+
+LIVEKIT_KEY={{ matrix_livekit_jwt_service_environment_variable_livekit_key }}
+LIVEKIT_URL={{ matrix_livekit_jwt_service_environment_variable_livekit_url }}
+LIVEKIT_SECRET={{ matrix_livekit_jwt_service_environment_variable_livekit_secret }}
+
+{{ matrix_livekit_jwt_service_environment_variables_extension }}
--- a/roles/custom/matrix-livekit-jwt-service/templates/labels.j2
+++ b/roles/custom/matrix-livekit-jwt-service/templates/labels.j2
@ -0,0 +1,55 @@
+{#
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if matrix_livekit_jwt_service_container_labels_traefik_enabled %}
+traefik.enable=true
+
+traefik.docker.network={{ matrix_livekit_jwt_service_container_labels_traefik_docker_network }}
+
+traefik.http.services.matrix-livekit-jwt-service.loadbalancer.server.port={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }}
+
+{% set middlewares = [] %}
+
+{% if matrix_livekit_jwt_service_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.regex=({{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix | quote }})$
+traefik.http.middlewares.matrix-livekit-jwt-service-slashless-redirect.redirectregex.replacement=${1}/
+{% set middlewares = middlewares + ['matrix-livekit-jwt-service-slashless-redirect'] %}
+
+traefik.http.middlewares.matrix-livekit-jwt-service-strip-prefix.stripprefix.prefixes={{ matrix_livekit_jwt_service_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-livekit-jwt-service-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
+{% for name, value in matrix_livekit_jwt_service_container_labels_traefik_additional_response_headers.items() %}
+traefik.http.middlewares.matrix-livekit-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
+{% endfor %}
+{% set middlewares = middlewares + ['matrix-livekit-jwt-service-add-headers'] %}
+{% endif %}
+
+traefik.http.routers.matrix-livekit-jwt-service.rule={{ matrix_livekit_jwt_service_container_labels_traefik_rule }}
+
+{% if matrix_livekit_jwt_service_container_labels_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-livekit-jwt-service.priority={{ matrix_livekit_jwt_service_container_labels_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-livekit-jwt-service.service=matrix-livekit-jwt-service
+
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-livekit-jwt-service.middlewares={{ middlewares | join(',') }}
+{% endif %}
+
+traefik.http.routers.matrix-livekit-jwt-service.entrypoints={{ matrix_livekit_jwt_service_container_labels_traefik_entrypoints }}
+
+traefik.http.routers.matrix-livekit-jwt-service.tls={{ matrix_livekit_jwt_service_container_labels_traefik_tls | to_json }}
+
+{% if matrix_livekit_jwt_service_container_labels_traefik_tls %}
+traefik.http.routers.matrix-livekit-jwt-service.tls.certResolver={{ matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+{% endif %}
+
+{{ matrix_livekit_jwt_service_container_labels_additional_labels }}
--- a/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2
+++ b/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2
@ -0,0 +1,42 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix LiveKit JWT Service
+{% for service in matrix_livekit_jwt_service_systemd_required_services_list %}
+After={{ service }}
+Requires={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-livekit-jwt-service 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+    --rm \
+    --name=matrix-livekit-jwt-service \
+    --log-driver=none \
+    --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+    --cap-drop=ALL \
+    --network={{ matrix_livekit_jwt_service_container_network }} \
+    {% if matrix_livekit_jwt_service_container_http_host_bind_port %}
+    -p {{ matrix_livekit_jwt_service_container_http_host_bind_port }}:{{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} \
+    {% endif %}
+    --env-file={{ matrix_livekit_jwt_service_base_path }}/env \
+    --label-file={{ matrix_livekit_jwt_service_base_path }}/labels \
+    {{ matrix_livekit_jwt_service_container_image }}
+
+{% for network in matrix_livekit_jwt_service_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-livekit-jwt-service
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-livekit-jwt-service
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-livekit-jwt-service 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jwt-service 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-livekit-jwt-service
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2.license
+++ b/roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2.license
@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-livekit-jwt-service/vars/main.yml
+++ b/roles/custom/matrix-livekit-jwt-service/vars/main.yml
@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+matrix_livekit_jwt_service_public_url: "{{ matrix_livekit_jwt_service_scheme }}://{{ matrix_livekit_jwt_service_hostname }}{{ matrix_livekit_jwt_service_path_prefix }}"
--- a/roles/custom/matrix-static-files/defaults/main.yml
+++ b/roles/custom/matrix-static-files/defaults/main.yml
@ -20,6 +20,7 @@ matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"
 matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public"
 matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known"
 matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix"
+matrix_static_files_public_well_known_element_path: "{{ matrix_static_files_public_well_known_path }}/element"

 # List of systemd services that matrix-static-files.service depends on
 matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
@ -211,6 +212,16 @@ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin: "{{ matri
 matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {}
 matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {}

+# Controls whether `org.matrix.msc4143.rtc_foci`-related entries should be added to the client well-known.
+# By default, if there are entries in `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci`, we show them (by enabling this).
+matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | default({}) | dict2items | length > 0 }}"
+
+# Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file.
+# See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled`
+matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto | combine(matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom, recursive=True) }}"
+matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: {}
+matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: {}
+
 # Default /.well-known/matrix/client configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
@ -358,6 +369,56 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f
 ########################################################################


+########################################################################
+#                                                                      #
+# Related to /.well-known/element/element.json                         #
+#                                                                      #
+########################################################################
+
+# Controls whether a `/.well-known/element/element.json` file is generated and used at all.
+matrix_static_files_file_element_element_json_enabled: true
+
+# Controls the call.widget_url property in the /.well-known/element/element.json file
+matrix_static_files_file_element_element_json_property_call_widget_url: ''
+
+# Default /.well-known/element/element.json configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`)
+# or completely replace this variable with your own template.
+matrix_static_files_file_element_element_json_configuration_json: "{{ lookup('template', 'templates/public/.well-known/element/element.json.j2') }}"
+
+# Your custom JSON configuration for /.well-known/element/element.json should go to `matrix_static_files_file_element_element_json_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_static_files_file_matrix_support_configuration_json`.
+#
+# Example configuration extension follows:
+#
+# matrix_static_files_file_element_element_json_configuration_extension_json: |
+#   {
+#     "call": {
+#       "url": "value"
+#     }
+#   }
+matrix_static_files_file_element_element_json_configuration_extension_json: '{}'
+
+matrix_static_files_file_element_element_json_configuration_extension: "{{ matrix_static_files_file_element_element_json_configuration_extension_json | from_json if matrix_static_files_file_element_element_json_configuration_extension_json | from_json is mapping else {} }}"
+
+# Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_element_element_json_configuration_json` or `matrix_static_files_file_element_element_json_configuration_extension_json`.
+matrix_static_files_file_element_element_json_configuration: "{{ matrix_static_files_file_element_element_json_configuration_json | combine(matrix_static_files_file_element_element_json_configuration_extension, recursive=True) }}"
+
+########################################################################
+#                                                                      #
+# /Related to /.well-known/element/element.json                        #
+#                                                                      #
+########################################################################
+
+
 ########################################################################
 #                                                                      #
 # Related to index.html                                                #
--- a/roles/custom/matrix-static-files/tasks/install.yml
+++ b/roles/custom/matrix-static-files/tasks/install.yml
@ -7,17 +7,19 @@

 - name: Ensure matrix-static-files paths exist
  ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
-    - "{{ matrix_static_files_base_path }}"
-    - "{{ matrix_static_files_config_path }}"
-    - "{{ matrix_static_files_public_path }}"
-    - "{{ matrix_static_files_public_well_known_path }}"
-    - "{{ matrix_static_files_public_well_known_matrix_path }}"
+    - {path: "{{ matrix_static_files_base_path }}", when: true}
+    - {path: "{{ matrix_static_files_config_path }}", when: true}
+    - {path: "{{ matrix_static_files_public_path }}", when: true}
+    - {path: "{{ matrix_static_files_public_well_known_path }}", when: true}
+    - {path: "{{ matrix_static_files_public_well_known_matrix_path }}", when: true}
+    - {path: "{{ matrix_static_files_public_well_known_element_path }}", when: true}
+  when: "item.when | bool"

 - name: Ensure matrix-static-files is configured
  ansible.builtin.template:
@ -57,6 +59,10 @@
      dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support"
      when: "{{ matrix_static_files_file_matrix_support_enabled }}"

+    - content: "{{ matrix_static_files_file_element_element_json_configuration | to_nice_json }}"
+      dest: "{{ matrix_static_files_public_well_known_element_path }}/element.json"
+      when: "{{ matrix_static_files_file_element_element_json_enabled }}"
+
    # This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`.
    # See the comment for `matrix_static_files_file_index_html_enabled` to learn why.
    - content: "{{ matrix_static_files_file_index_html_template }}"
@ -75,6 +81,12 @@
    state: absent
  when: "not matrix_static_files_file_matrix_support_enabled | bool"

+- name: Ensure /.well-known/element/element.json file deleted if not enabled
+  ansible.builtin.file:
+    path: "{{ matrix_static_files_public_well_known_element_path }}/element.json"
+    state: absent
+  when: "not matrix_static_files_file_element_element_json_enabled | bool"
+
 - name: Ensure matrix-static-files container image is pulled
  community.docker.docker_image:
    name: "{{ matrix_static_files_container_image }}"
--- a/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2
+++ b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2
@ -0,0 +1,7 @@
+{
+	{% if matrix_static_files_file_element_element_json_property_call_widget_url %}
+	"call": {
+		"widget_url": {{ matrix_static_files_file_element_element_json_property_call_widget_url | to_json }}
+	}
+	{% endif %}
+}
--- a/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2.license
+++ b/roles/custom/matrix-static-files/templates/public/.well-known/element/element.json.j2.license
@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2
+++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2
@ -57,4 +57,7 @@
 	{% if matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled %},
 	"cc.etke.synapse-admin": {{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | to_json }}
 	{% endif %}
+	{% if matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled %},
+	"org.matrix.msc4143.rtc_foci": {{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci | to_json }}
+	{% endif %}
 }