mirror of
https://github.com/famedly/ansible-collection-matrix
synced 2024-09-20 05:51:57 +00:00
chore(livekit): add option to disable jwt-service and make HS_ALLOWLIST optional
This commit is contained in:
Tobias Zenk
parent
5da9c9f24f
commit
c68b5ba7de
3 changed files with 56 additions and 8 deletions
|
|
@ -18,6 +18,8 @@ The following mandatory variables have to be declared in the inventory on a per-
|
|||
enable_livekit: true
|
||||
livekit_turnserver_domain: # the fqdn for the livekit TURN server
|
||||
livekit_redis_enabled: # boolean value, defining if a redis database shall be created for livekit
|
||||
livekit_jwt_service_container_enabled: # boolean value, for toggling the lk-jwt-service on / off
|
||||
livekit_jwt_service_homeserver_allowlist: # optional list of domains or wildcard domains allowed to generate JWT tokens for livekit
|
||||
```
|
||||
|
||||
A second domain record for the TURN server is needed,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
livekit_version: "v1.7"
|
||||
livekit_jwt_service_version: "latest"
|
||||
livekit_version: "1.7"
|
||||
livekit_jwt_service_version: ""
|
||||
livekit_jwt_service_container_image_tag: "latest"
|
||||
livekit_jwt_service_container_enabled: false
|
||||
livekit_domain: "{{ famedly_instance_domain }}"
|
||||
livekit_turnserver_domain: ~
|
||||
livekit_log_level: "info"
|
||||
|
|
@ -15,7 +17,25 @@ livekit_turn_port: 3478
|
|||
livekit_redis_port: 6379
|
||||
livekit_jwt_service_external_port: 8888
|
||||
livekit_user: "livekit"
|
||||
livekit_container_image_reference: "livekit/livekit-server:{{ livekit_version }}"
|
||||
livekit_container_image_reference: >-
|
||||
{{
|
||||
livekit_container_image_repository
|
||||
+ ':'
|
||||
+ livekit_container_image_tag | default('v' + livekit_version)
|
||||
}}
|
||||
livekit_container_image_repository: >-
|
||||
{{
|
||||
(
|
||||
container_registries[livekit_container_image_registry]
|
||||
| default(livekit_container_image_registry)
|
||||
)
|
||||
+ '/'
|
||||
+ livekit_container_image_namespace | default('')
|
||||
+ livekit_container_image_name
|
||||
}}
|
||||
livekit_container_image_registry: "docker.io"
|
||||
livekit_container_image_namespace: "livekit/"
|
||||
livekit_container_image_name: "livekit-server"
|
||||
livekit_config_path: "/opt/livekit"
|
||||
livekit_config_file: "livekit.yaml"
|
||||
livekit_container_config: "/etc/livekit.yaml"
|
||||
|
|
@ -75,11 +95,35 @@ livekit_container_combined_volumes: >-
|
|||
{{ livekit_container_preset_volumes + livekit_container_volumes }}
|
||||
livekit_container_network_mode: "host"
|
||||
livekit_jwt_service_container_name: "jwt-service"
|
||||
livekit_jwt_service_container_image_reference: "docker-oss.nexus.famedly.de/lk-jwt-service:{{ livekit_jwt_service_version }}"
|
||||
livekit_jwt_service_container_env:
|
||||
livekit_jwt_service_container_image_reference: >-
|
||||
{{
|
||||
livekit_jwt_service_container_image_repository
|
||||
+ ':'
|
||||
+ livekit_jwt_service_container_image_tag | default('v' + livekit_jwt_service_version)
|
||||
}}
|
||||
livekit_jwt_service_container_image_repository: >-
|
||||
{{
|
||||
(
|
||||
container_registries[livekit_jwt_service_container_image_registry]
|
||||
| default(livekit_jwt_service_container_image_registry)
|
||||
)
|
||||
+ '/'
|
||||
+ livekit_jwt_service_container_image_namespace | default('')
|
||||
+ livekit_jwt_service_container_image_name
|
||||
}}
|
||||
livekit_jwt_service_container_image_registry: "docker-oss.nexus.famedly.de"
|
||||
livekit_jwt_service_container_image_name: "lk-jwt-service"
|
||||
livekit_jwt_service_container_env_base:
|
||||
LIVEKIT_KEY: "secret"
|
||||
LIVEKIT_SECRET: "{{ livekit_secret_key }}"
|
||||
LIVEKIT_URL: "wss://{{ livekit_domain }}"
|
||||
HS_ALLOWLIST: "*.famedly.de, *.famedly.care"
|
||||
livekit_jwt_service_homeserver_allowlist: []
|
||||
livekit_jwt_service_container_hs_allowlist:
|
||||
HS_ALLOWLIST: "{{ livekit_jwt_service_homeserver_allowlist | join(',') }}"
|
||||
livekit_jwt_service_container_env: >-
|
||||
{{ livekit_jwt_service_container_env_base
|
||||
| combine(livekit_jwt_service_container_hs_allowlist
|
||||
if (livekit_jwt_service_homeserver_allowlist != []) else {}, recursive=True)
|
||||
}}
|
||||
livekit_jwt_service_container_ports:
|
||||
- "127.0.0.1:{{ livekit_jwt_service_external_port }}:8080"
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
state: present
|
||||
source: pull
|
||||
force_source: true
|
||||
when: livekit_jwt_service_container_enabled
|
||||
|
||||
- name: Ensure livekit config directory exists
|
||||
file:
|
||||
|
|
@ -49,12 +50,13 @@
|
|||
restart_policy: unless-stopped
|
||||
image_name_mismatch: recreate
|
||||
|
||||
- name: 'Ensure lk-jwt-service container is running: {{ livekit_jwt_service_container_name }}'
|
||||
- name: 'Set state of lk-jwt-service container: {{ livekit_jwt_service_container_name }}'
|
||||
community.docker.docker_container:
|
||||
name: "{{ livekit_jwt_service_container_name }}"
|
||||
image: "{{ livekit_jwt_service_container_image_reference }}"
|
||||
env: "{{ livekit_jwt_service_container_env | default(omit, true) }}"
|
||||
env: "{{ livekit_jwt_service_container_env }}"
|
||||
ports: "{{ livekit_jwt_service_container_ports | default(omit, true) }}"
|
||||
network_mode: "{{ livekit_jwt_service_container_network_mode | default(omit, true) }}"
|
||||
restart_policy: unless-stopped
|
||||
state: "{{ livekit_jwt_service_container_enabled | ternary('started', 'absent') }}"
|
||||
image_name_mismatch: recreate
|
||||
|
|
|
|||
Loading…
Reference in a new issue