make livekit almost work

2026-01-25 06:26:58 +03:00 · 2024-11-05 10:16:14 +00:00
parent b17f81a6e3
commit 01b3f9f435
8 changed files with 63 additions and 21 deletions
--- a/.env-sample
+++ b/.env-sample
@@ -12,6 +12,7 @@ DOMAIN=example.com
 HOMESERVER_FQDN=matrix.$DOMAIN
 ELEMENT_WEB_FQDN=element.$DOMAIN
 ELEMENT_CALL_FQDN=call.$DOMAIN
+LIVEKIT_FQDN=livekit.$DOMAIN
 MAS_FQDN=auth.$DOMAIN

 REPORT_STATS=yes
@@ -26,6 +27,8 @@ MAS_CLIENT_ID="0000000000000000000SYNAPSE"
 MAS_EMAIL_FROM='"Matrix Authentication Service" <support@${DOMAIN}>'
 MAS_EMAIL_REPLY_TO='"Matrix Authentication Service" <support@${DOMAIN}>'

+LIVEKIT_NODE_IP=127.0.0.1
+
 COUNTRY=GB

 # as a convenience for creating /etc/hosts
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ cp "$(mkcert -CAROOT)"/rootCA.pem data/nginx/ssl

 # make an .env to configure your environment
 cp .env-sample .env
-sed -ie s/example.com/$DOMAIN/ .env
+sed -ir s/example.com/$DOMAIN/ .env

 docker compose up
 ```
--- a/compose.yml
+++ b/compose.yml
@@ -29,7 +29,6 @@ services:
    image: ghcr.io/element-hq/matrix-authentication-service:latest
    volumes:
      - ${VOLUME_PATH}/data/mas:/data:rw
-    env_file: .env
    # FIXME: stop this regenerating a spurious default config every time
    # We can't do the same approach as synapse (unless use a debug image of MAS) as MAS is distroless and has no bash.
    command: "config generate -o /data/config.yaml.default"
@@ -78,18 +77,8 @@ services:
    depends_on:
      init:
        condition: service_completed_successfully
-      # synapse:
-      #   condition: service_started
-      # synapse-generic-worker-1:
-      #   condition: service_started
-      # synapse-federation-sender-1:
-      #   condition: service_started
-      # matrix-authentication-service:
-      #   condition: service_started
-      # element-web:
-      #   condition: service_started
-      # element-call:
-      #   condition: service_started
+      synapse:
+        condition: service_started

  # certbot:
  #   image: certbot/certbot:latest
@@ -129,6 +118,11 @@ services:
  redis:
    image: redis:latest
    restart: unless-stopped
+    # healthcheck:
+    #   test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+    #   interval: 1s
+    #   timeout: 3s
+    #   retries: 5
    networks:
      - backend

@@ -148,6 +142,8 @@ services:
    secrets:
      - synapse_signing_key
    depends_on:
+      redis:
+        condition: service_started
      postgres:
        condition: service_healthy
      init:
@@ -257,11 +253,14 @@ services:
      init:
        condition: service_completed_successfully

-  livekit-server:
+  livekit:
    image: livekit/livekit-server:latest
    restart: unless-stopped
+    volumes:
+      - ${VOLUME_PATH}/data/livekit/config.yaml:/etc/livekit.yaml
+    command: --config /etc/livekit.yaml --node-ip ${LIVEKIT_NODE_IP}
    ports:
-      - 7880:7880 # HTTP API
+      # - 7880:7880 # HTTP listener
      - 7881:7881 # WS signalling
      # - 50000-60000:50000-60000/tcp # TCP media
      # - 50000-60000:50000-60000/udp # UDP media
@@ -270,3 +269,5 @@ services:
    depends_on:
      init:
        condition: service_completed_successfully
+      redis:
+        condition: service_started
--- a/data-template/element-web/config.json
+++ b/data-template/element-web/config.json
@@ -17,7 +17,11 @@
    "default_widget_container_height": 280,
    "default_country_code": "${COUNTRY}",
    "show_labs_settings": false,
-    "features": {},
+    "features": {
+        "feature_video_rooms": true,
+        "feature_group_calls": true,
+        "feature_element_call_video_rooms": true
+    },
    "default_federate": true,
    "default_theme": "light",
    "room_directory": {
@@ -27,8 +31,7 @@
        "breadcrumbs": true
    },
    "element_call": {
-        "url": "https://${ELEMENT_CALL_FQDN}",
-        "brand": "Element Call"
+        "url": "https://${ELEMENT_CALL_FQDN}"
    },
    "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
 }
--- a/data-template/mas/config.yaml
+++ b/data-template/mas/config.yaml
@@ -86,6 +86,9 @@ policy:
    admin_users:
        - admin

+account:
+  password_registration_enabled: false
+
 branding:
  service_name: null
  policy_uri: null
--- a/data-template/nginx/conf.d/app.conf
+++ b/data-template/nginx/conf.d/app.conf
@@ -66,7 +66,7 @@ server {
    include /etc/nginx/conf.d/include/ssl.conf;

    location / {
-        proxy_pass http://element-call;
+        proxy_pass http://element-call:8080;
        proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
    }
 }
@@ -84,6 +84,18 @@ server {
    }
 }

+server {
+    server_name ${LIVEKIT_FQDN};
+    server_tokens off;
+
+    include /etc/nginx/conf.d/include/ssl.conf;
+
+    location / {
+        proxy_pass http://livekit:7880;
+        proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
+    }
+}
+
 server {
    server_name ${HOMESERVER_FQDN};
    server_tokens off;
@@ -106,21 +118,25 @@ server {
    location ~ ^/_matrix/client/(r0|v3)/sync${DOLLAR} {
        proxy_pass http://synapse-generic-worker-1:8081;
        proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
+        proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
    }

    location ~ ^/_matrix/client/(api/v1|r0|v3)/events${DOLLAR} {
        proxy_pass http://synapse-generic-worker-1:8081;
        proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
+        proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
    }

    location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync${DOLLAR} {
        proxy_pass http://synapse-generic-worker-1:8081;
        proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
+        proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
    }

    location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync${DOLLAR} {
        proxy_pass http://synapse-generic-worker-1:8081;
        proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
+        proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
    }

    location / {
--- a/data-template/nginx/www/.well-known/matrix/client
+++ b/data-template/nginx/www/.well-known/matrix/client
@@ -12,7 +12,7 @@
    "org.matrix.msc4143.rtc_foci": [
        {
            "type": "livekit",
-            "livekit_service_url": "https://${ELEMENT_CALL_FQDN}"
+            "livekit_service_url": "https://${LIVEKIT_FQDN}"
        }
    ]
 }
--- a/init/init.sh
+++ b/init/init.sh
@@ -42,6 +42,16 @@ then
 	head -c16 /dev/urandom | base64 | tr -d '=' > /secrets/postgres/postgres_password
 fi

+mkdir -p /secrets/livekit
+if [[ ! -f /secrets/livekit/livekit_api_key ]]
+then
+	(echo -n API; (head -c8 /dev/urandom | base64)) | tr -d '=' > /secrets/livekit/livekit_api_key
+fi
+if [[ ! -f /secrets/livekit/livekit_secret_key ]]
+then
+	head -c28 /dev/urandom | base64 | tr -d '=' > /secrets/livekit/livekit_secret_key
+fi
+
 # TODO: compare the default generated config with our templates to see if our templates are stale
 # we'd have to strip out the secrets from the generated configs to be able to diff them sensibly

@@ -78,6 +88,12 @@ export DOLLAR='$' # evil hack to escape dollars in config files
 	template "/data-template/mas"
 )

+(
+	export SECRETS_LIVEKIT_API_KEY=$(</secrets/livekit/livekit_api_key)
+	export SECRETS_LIVEKIT_SECRET_KEY=$(</secrets/livekit/livekit_secret_key)
+	template "/data-template/livekit"
+)
+
 template "/data-template/element-web"
 template "/data-template/element-call"
 template "/data-template/nginx"