mirror of
https://github.com/famedly/ansible-collection-matrix
synced 2024-11-10 05:34:16 +00:00
chore(livekit): add option to disable jwt-service and make HS_ALLOWLIST optional
This commit is contained in:
Tobias Zenk
parent
5da9c9f24f
commit
c68b5ba7de
3 changed files with 56 additions and 8 deletions
|
|
@ -18,6 +18,8 @@ The following mandatory variables have to be declared in the inventory on a per-
|
||||||
enable_livekit: true
|
enable_livekit: true
|
||||||
livekit_turnserver_domain: # the fqdn for the livekit TURN server
|
livekit_turnserver_domain: # the fqdn for the livekit TURN server
|
||||||
livekit_redis_enabled: # boolean value, defining if a redis database shall be created for livekit
|
livekit_redis_enabled: # boolean value, defining if a redis database shall be created for livekit
|
||||||
|
livekit_jwt_service_container_enabled: # boolean value, for toggling the lk-jwt-service on / off
|
||||||
|
livekit_jwt_service_homeserver_allowlist: # optional list of domains or wildcard domains allowed to generate JWT tokens for livekit
|
||||||
```
|
```
|
||||||
|
|
||||||
A second domain record for the TURN server is needed,
|
A second domain record for the TURN server is needed,
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
---
|
---
|
||||||
livekit_version: "v1.7"
|
livekit_version: "1.7"
|
||||||
livekit_jwt_service_version: "latest"
|
livekit_jwt_service_version: ""
|
||||||
|
livekit_jwt_service_container_image_tag: "latest"
|
||||||
|
livekit_jwt_service_container_enabled: false
|
||||||
livekit_domain: "{{ famedly_instance_domain }}"
|
livekit_domain: "{{ famedly_instance_domain }}"
|
||||||
livekit_turnserver_domain: ~
|
livekit_turnserver_domain: ~
|
||||||
livekit_log_level: "info"
|
livekit_log_level: "info"
|
||||||
|
|
@ -15,7 +17,25 @@ livekit_turn_port: 3478
|
||||||
livekit_redis_port: 6379
|
livekit_redis_port: 6379
|
||||||
livekit_jwt_service_external_port: 8888
|
livekit_jwt_service_external_port: 8888
|
||||||
livekit_user: "livekit"
|
livekit_user: "livekit"
|
||||||
livekit_container_image_reference: "livekit/livekit-server:{{ livekit_version }}"
|
livekit_container_image_reference: >-
|
||||||
|
{{
|
||||||
|
livekit_container_image_repository
|
||||||
|
+ ':'
|
||||||
|
+ livekit_container_image_tag | default('v' + livekit_version)
|
||||||
|
}}
|
||||||
|
livekit_container_image_repository: >-
|
||||||
|
{{
|
||||||
|
(
|
||||||
|
container_registries[livekit_container_image_registry]
|
||||||
|
| default(livekit_container_image_registry)
|
||||||
|
)
|
||||||
|
+ '/'
|
||||||
|
+ livekit_container_image_namespace | default('')
|
||||||
|
+ livekit_container_image_name
|
||||||
|
}}
|
||||||
|
livekit_container_image_registry: "docker.io"
|
||||||
|
livekit_container_image_namespace: "livekit/"
|
||||||
|
livekit_container_image_name: "livekit-server"
|
||||||
livekit_config_path: "/opt/livekit"
|
livekit_config_path: "/opt/livekit"
|
||||||
livekit_config_file: "livekit.yaml"
|
livekit_config_file: "livekit.yaml"
|
||||||
livekit_container_config: "/etc/livekit.yaml"
|
livekit_container_config: "/etc/livekit.yaml"
|
||||||
|
|
@ -75,11 +95,35 @@ livekit_container_combined_volumes: >-
|
||||||
{{ livekit_container_preset_volumes + livekit_container_volumes }}
|
{{ livekit_container_preset_volumes + livekit_container_volumes }}
|
||||||
livekit_container_network_mode: "host"
|
livekit_container_network_mode: "host"
|
||||||
livekit_jwt_service_container_name: "jwt-service"
|
livekit_jwt_service_container_name: "jwt-service"
|
||||||
livekit_jwt_service_container_image_reference: "docker-oss.nexus.famedly.de/lk-jwt-service:{{ livekit_jwt_service_version }}"
|
livekit_jwt_service_container_image_reference: >-
|
||||||
livekit_jwt_service_container_env:
|
{{
|
||||||
|
livekit_jwt_service_container_image_repository
|
||||||
|
+ ':'
|
||||||
|
+ livekit_jwt_service_container_image_tag | default('v' + livekit_jwt_service_version)
|
||||||
|
}}
|
||||||
|
livekit_jwt_service_container_image_repository: >-
|
||||||
|
{{
|
||||||
|
(
|
||||||
|
container_registries[livekit_jwt_service_container_image_registry]
|
||||||
|
| default(livekit_jwt_service_container_image_registry)
|
||||||
|
)
|
||||||
|
+ '/'
|
||||||
|
+ livekit_jwt_service_container_image_namespace | default('')
|
||||||
|
+ livekit_jwt_service_container_image_name
|
||||||
|
}}
|
||||||
|
livekit_jwt_service_container_image_registry: "docker-oss.nexus.famedly.de"
|
||||||
|
livekit_jwt_service_container_image_name: "lk-jwt-service"
|
||||||
|
livekit_jwt_service_container_env_base:
|
||||||
LIVEKIT_KEY: "secret"
|
LIVEKIT_KEY: "secret"
|
||||||
LIVEKIT_SECRET: "{{ livekit_secret_key }}"
|
LIVEKIT_SECRET: "{{ livekit_secret_key }}"
|
||||||
LIVEKIT_URL: "wss://{{ livekit_domain }}"
|
LIVEKIT_URL: "wss://{{ livekit_domain }}"
|
||||||
HS_ALLOWLIST: "*.famedly.de, *.famedly.care"
|
livekit_jwt_service_homeserver_allowlist: []
|
||||||
|
livekit_jwt_service_container_hs_allowlist:
|
||||||
|
HS_ALLOWLIST: "{{ livekit_jwt_service_homeserver_allowlist | join(',') }}"
|
||||||
|
livekit_jwt_service_container_env: >-
|
||||||
|
{{ livekit_jwt_service_container_env_base
|
||||||
|
| combine(livekit_jwt_service_container_hs_allowlist
|
||||||
|
if (livekit_jwt_service_homeserver_allowlist != []) else {}, recursive=True)
|
||||||
|
}}
|
||||||
livekit_jwt_service_container_ports:
|
livekit_jwt_service_container_ports:
|
||||||
- "127.0.0.1:{{ livekit_jwt_service_external_port }}:8080"
|
- "127.0.0.1:{{ livekit_jwt_service_external_port }}:8080"
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@
|
||||||
state: present
|
state: present
|
||||||
source: pull
|
source: pull
|
||||||
force_source: true
|
force_source: true
|
||||||
|
when: livekit_jwt_service_container_enabled
|
||||||
|
|
||||||
- name: Ensure livekit config directory exists
|
- name: Ensure livekit config directory exists
|
||||||
file:
|
file:
|
||||||
|
|
@ -49,12 +50,13 @@
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
image_name_mismatch: recreate
|
image_name_mismatch: recreate
|
||||||
|
|
||||||
- name: 'Ensure lk-jwt-service container is running: {{ livekit_jwt_service_container_name }}'
|
- name: 'Set state of lk-jwt-service container: {{ livekit_jwt_service_container_name }}'
|
||||||
community.docker.docker_container:
|
community.docker.docker_container:
|
||||||
name: "{{ livekit_jwt_service_container_name }}"
|
name: "{{ livekit_jwt_service_container_name }}"
|
||||||
image: "{{ livekit_jwt_service_container_image_reference }}"
|
image: "{{ livekit_jwt_service_container_image_reference }}"
|
||||||
env: "{{ livekit_jwt_service_container_env | default(omit, true) }}"
|
env: "{{ livekit_jwt_service_container_env }}"
|
||||||
ports: "{{ livekit_jwt_service_container_ports | default(omit, true) }}"
|
ports: "{{ livekit_jwt_service_container_ports | default(omit, true) }}"
|
||||||
network_mode: "{{ livekit_jwt_service_container_network_mode | default(omit, true) }}"
|
network_mode: "{{ livekit_jwt_service_container_network_mode | default(omit, true) }}"
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
|
state: "{{ livekit_jwt_service_container_enabled | ternary('started', 'absent') }}"
|
||||||
image_name_mismatch: recreate
|
image_name_mismatch: recreate
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue