# SPDX-FileCopyrightText: 2022 MDAD project contributors # SPDX-FileCopyrightText: 2024 wjbeckett # SPDX-FileCopyrightText: 2024, 2025 Slavi Pantaleev # SPDX-FileCopyrightText: 2025, 2026 Suguru Hirahara # # SPDX-License-Identifier: AGPL-3.0-or-later --- # Project source code URL: https://github.com/livekit/livekit livekit_server_enabled: false livekit_server_identifier: livekit-server livekit_server_base_path: "/{{ livekit_server_identifier }}" livekit_server_config_path: "{{ livekit_server_base_path }}/config" # renovate: datasource=docker depName=docker.io/livekit/livekit-server livekit_server_version: v1.9.11 livekit_server_uid: "" livekit_server_gid: "" # The scheme used for serving LiveKit Server. livekit_server_scheme: https # The hostname at which LiveKit Server is served. livekit_server_hostname: "" # The path at which LiveKit Server is served. livekit_server_path_prefix: / livekit_server_container_image: "{{ livekit_server_container_image_registry_prefix }}livekit/livekit-server:{{ livekit_server_version }}" livekit_server_container_image_registry_prefix: "{{ 'localhost/' if livekit_server_container_image_self_build else livekit_server_container_image_registry_prefix_upstream }}" livekit_server_container_image_registry_prefix_upstream: "{{ livekit_server_container_image_registry_prefix_upstream_default }}" livekit_server_container_image_registry_prefix_upstream_default: docker.io/ livekit_server_container_image_force_pull: "{{ livekit_server_container_image.endswith(':latest') }}" livekit_server_container_image_self_build: false livekit_server_container_image_self_build_name: "livekit/livekit:{{ livekit_server_container_image_self_build_repo_version }}" livekit_server_container_image_self_build_repo: "https://github.com/livekit/livekit.git" livekit_server_container_image_self_build_repo_version: "{{ livekit_server_version if livekit_server_version != 'latest' else 'main' }}" livekit_server_container_image_self_build_src_files_path: "{{ livekit_server_base_path }}/docker-src" # The base container network. It will be auto-created by this role if it doesn't exist already. livekit_server_container_network: "{{ livekit_server_identifier }}" # Controls whether to publish the HTTP port (livekit_server_config_port / 7880) on the host. # Useful when a reverse proxy (e.g. nginx) runs on the host rather than in a container network. # Accepts: ":" (e.g. "192.168.90.83:7880"), "" (e.g. "7880"), # or empty string "" to skip publishing this port. livekit_server_container_http_host_bind_port: "" # Specify how the container publishes its RTC port and which interface to do it on. # # Takes an interface "" (e.g. "127.0.0.1"), or empty string to listen on all interfaces. # Takes a null/none value (`~`) or 'none' (as a string) to prevent listening. livekit_server_container_rtc_listen_interface: "{{ '' if livekit_server_container_network != 'host' else 'none' }}" # Specify how the container publishes its TURN port and which interface to do it on. # # Takes an interface "" (e.g. "127.0.0.1"), or empty string to listen on all interfaces. # Takes a null/none value (`~`) or 'none' (as a string) to prevent listening. livekit_server_container_turn_listen_interface: "{{ '' if livekit_server_container_network != 'host' else 'none' }}" # Specify how the container publishes its metrics and which interface to do it on. # # Takes an interface "" (e.g. "127.0.0.1"), or empty string to listen on all interfaces. # Takes a null/none value (`~`) or 'none' (as a string) to prevent listening. # See `livekit_server_config_prometheus_port`. livekit_server_container_metrics_listen_interface: ~ # A list of additional container networks that the container would be connected to. # The role does not create these networks, so make sure they already exist. # Use this to expose this container to another reverse proxy, which runs in a different container network. livekit_server_container_additional_networks: "{{ livekit_server_container_additional_networks_auto + livekit_server_container_additional_networks_custom }}" livekit_server_container_additional_networks_auto: [] livekit_server_container_additional_networks_custom: [] # A list of additional "volumes" to mount in the container. # This list gets populated dynamically at runtime. You can provide a different default value, # if you wish to mount your own files into the container. # Contains definition objects like this: `{"type": "bind", "src": "/outside", "dst": "/inside", "options": "readonly"}. # See the `--mount` documentation for the `docker run` command. livekit_server_container_additional_volumes: "{{ livekit_server_container_additional_volumes_auto + livekit_server_container_additional_volumes_custom }}" livekit_server_container_additional_volumes_auto: [] livekit_server_container_additional_volumes_custom: [] # livekit_server_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. # # To inject your own other container labels, see `livekit_server_container_labels_additional_labels_custom`. livekit_server_container_labels_traefik_enabled: true livekit_server_container_labels_traefik_docker_network: "{{ livekit_server_container_network }}" livekit_server_container_labels_traefik_hostname: "{{ livekit_server_hostname }}" # The path prefix must either be `/` or not end with a slash (e.g. `/element`). livekit_server_container_labels_traefik_path_prefix: "{{ livekit_server_path_prefix }}" livekit_server_container_labels_traefik_rule: "Host(`{{ livekit_server_container_labels_traefik_hostname }}`){% if livekit_server_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ livekit_server_container_labels_traefik_path_prefix }}`){% endif %}" livekit_server_container_labels_traefik_priority: 0 livekit_server_container_labels_traefik_entrypoints: web-secure livekit_server_container_labels_traefik_tls: "{{ livekit_server_container_labels_traefik_entrypoints != 'web' }}" livekit_server_container_labels_traefik_tls_certResolver: default # noqa var-naming # Controls whether labels will be added that expose metrics (see `livekit_server_metrics_proxying_enabled`) livekit_server_container_labels_public_metrics_enabled: "{{ livekit_server_config_prometheus_enabled and livekit_server_metrics_proxying_enabled }}" livekit_server_container_labels_public_metrics_traefik_path: "{{ livekit_server_metrics_proxying_path }}" livekit_server_container_labels_public_metrics_traefik_rule: "Host(`{{ livekit_server_metrics_proxying_hostname }}`) && Path(`{{ livekit_server_container_labels_public_metrics_traefik_path }}`)" livekit_server_container_labels_public_metrics_traefik_priority: 0 livekit_server_container_labels_public_metrics_traefik_entrypoints: "{{ livekit_server_container_labels_traefik_entrypoints }}" livekit_server_container_labels_public_metrics_traefik_tls: "{{ livekit_server_container_labels_traefik_tls }}" livekit_server_container_labels_public_metrics_traefik_tls_certResolver: "{{ livekit_server_container_labels_traefik_tls_certResolver }}" # noqa var-naming livekit_server_container_labels_public_metrics_middleware_basic_auth_enabled: false # See: https://doc.traefik.io/traefik/reference/routing-configuration/http/middlewares/basicauth/ livekit_server_container_labels_public_metrics_middleware_basic_auth_users: "" # livekit_server_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. # To add your own custom labels, use `livekit_server_container_labels_additional_labels_custom` # # Example: # livekit_server_container_labels_additional_labels_custom: # - my.label=1 # - another.label="here" livekit_server_container_labels_additional_labels: "{{ livekit_server_container_labels_additional_labels_auto + livekit_server_container_labels_additional_labels_custom }}" livekit_server_container_labels_additional_labels_auto: [] livekit_server_container_labels_additional_labels_custom: [] # A list of extra arguments to pass to the container (`docker create` command) livekit_server_container_extra_arguments: "{{ livekit_server_container_extra_arguments_auto + livekit_server_container_extra_arguments_custom }}" livekit_server_container_extra_arguments_auto: [] livekit_server_container_extra_arguments_custom: [] # Specifies the maximum size of the socket receive buffer (`net.core.rmem_max`) kernel parameter on the host (which will cascade into the container) to at least this value. # If the host uses a larger value, this will be ignored. # # We intentionally increase these buffers to 7.5MB, to LiveKit Server happy. # It may otherwise report something like: # > rtcconfig/rtc_unix.go:31 UDP receive buffer is too small for a production set-up {"current": 425984, "suggested": 5000000} # # # The reason we apply this at the host level, not via `docker run --sysctl` is that # the `docker run --sysctl` option doesn't seem to work here (likely because it's Alpine in the container or something): # > Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/core/rmem_max: permission denied # This same error is produced even if the container is started as root, with all capabilities, and `--privileged`, etc. # # If this is blank, no sysctl changes will be made. livekit_server_host_sysctl_minimum_net_core_rmem_max: 7500000 # Specifies the maximum size of the socket send buffer (`net.core.wmem_max`) kernel parameter on the host (which will cascade into the container) to at least this value. # If the host uses a larger value, this will be ignored. # # See the comment for `livekit_server_host_sysctl_minimum_net_core_rmem_max` for more details # about why we need to increase these buffers. # # If this is blank, no sysctl changes will be made. livekit_server_host_sysctl_minimum_net_core_wmem_max: 7500000 # List of systemd services that the LiveKit Server service depends on livekit_server_systemd_required_services_list: "{{ livekit_server_systemd_required_services_list_default + livekit_server_systemd_required_services_list_auto + livekit_server_systemd_required_services_list_custom }}" livekit_server_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" livekit_server_systemd_required_services_list_auto: [] livekit_server_systemd_required_services_list_custom: [] # List of systemd services that the LiveKit Server systemd service wants livekit_server_systemd_wanted_services_list: "{{ livekit_server_systemd_wanted_services_list_default + livekit_server_systemd_wanted_services_list_auto + livekit_server_systemd_wanted_services_list_custom }}" livekit_server_systemd_wanted_services_list_default: [] livekit_server_systemd_wanted_services_list_auto: [] livekit_server_systemd_wanted_services_list_custom: [] # Holds the final LiveKit Server configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `livekit_server_configuration_yaml` or `livekit_server_configuration_extension_yaml`. livekit_server_configuration: "{{ livekit_server_configuration_yaml | from_yaml | combine(livekit_server_configuration_extension, recursive=True) }}" # Default LiveKit Server configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # # For a more advanced customization, you can extend the default (see `livekit_server_configuration_extension_yaml`) # or completely replace this variable with your own template. livekit_server_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" livekit_server_configuration_extension_yaml: | # Your custom YAML configuration for LiveKit Server goes here. # This configuration extends the default starting configuration (`livekit_server_configuration_yaml`). # # You can override individual variables from the default configuration, or introduce new ones. # # If you need something more special, you can take full control by # completely redefining `livekit_server_configuration_yaml`. # # Example configuration extension follows: # # logging: # level: debug livekit_server_configuration_extension: "{{ livekit_server_configuration_extension_yaml | from_yaml if livekit_server_configuration_extension_yaml | from_yaml is mapping else {} }}" # Controls the `port` configuration property. # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_port: 7880 # Controls the `bind_addresses` configuration property. livekit_server_config_bind_addresses: ["::"] # Specify the timezone livekit_server_environment_variables_tz: UTC # Additional environment variables. livekit_server_environment_variables_additional_variables: "" ######################################################################################## # # # Room # # # ######################################################################################## # Controls the `room.auto_create` configuration property. # (Allow rooms to be automatically created when participants join). # # This defaults to true based on upstream defaults. # Ref: https://github.com/livekit/livekit/blob/5e483e7554e5afbf254acf84e3ec0aa6e108e758/config-sample.yaml#L168-L170 livekit_server_config_room_auto_create: true ######################################################################################## # # # /Room # # # ######################################################################################## ######################################################################################## # # # RTC # # # ######################################################################################## # Controls the `rtc.tcp_port` configuration property # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_rtc_tcp_port: 7881 # Controls the `rtc.port_range_start` configuration property. # This must be defined together with `livekit_server_config_rtc_port_range_end`, # or alternatively `livekit_server_config_rtc_udp_port` can be defined as a single port that handles all traffic. # Example: 50100 # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_rtc_port_range_start: "" # Controls the `rtc.port_range_end` configuration property. # This must be defined together with `livekit_server_config_rtc_port_range_start`, # or alternatively `livekit_server_config_rtc_udp_port` can be defined as a single port that handles all traffic. # Example: 50200 # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_rtc_port_range_end: "" # Controls the `rtc.udp_port` configuration property. # As an alternative to this, one may define both `livekit_server_config_rtc_port_range_start` and `livekit_server_config_rtc_port_range_end`. # Example: 7882 # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_rtc_udp_port: 7882 # Controls the `rtc.use_external_ip` configuration property. # When set to true, attempts to discover the host's public IP via STUN. # This is useful for cloud environments such as AWS & Google where hosts have an internal IP that maps to an external one. # Related to: `livekit_server_config_rtc_node_ip` livekit_server_config_rtc_use_external_ip: true # Controls the `rtc.node_ip` configuration property. # This is the IP address sent to the client in case you cannot rely on external IP auto-detection. # Related to `livekit_server_config_rtc_use_external_ip` # See: https://github.com/livekit/livekit/issues/3747 livekit_server_config_rtc_node_ip: "" ######################################################################################## # # # /RTC # # # ######################################################################################## ######################################################################################## # # # TURN # # # ######################################################################################## # Controls the `turn.enabled` configuration property. # When set to true, enables TURN server. livekit_server_config_turn_enabled: false # Controls the `turn.domain` configuration property. # Example: livekit.example.com livekit_server_config_turn_domain: "{{ livekit_server_hostname }}" # Controls the `turn.cert_file` configuration property. # Path to the TLS certificate file in the container. # Files on the host can be mounted into the container using `livekit_server_container_additional_volumes`. livekit_server_config_turn_cert_file: "" # Controls the `turn.key_file` configuration property. # Path to the TLS key file in the container. # Files on the host can be mounted into the container using `livekit_server_container_additional_volumes`. livekit_server_config_turn_key_file: "" # Controls the `turn.external_tls` configuration property. livekit_server_config_turn_external_tls: false # Controls the `turn.tls_port` configuration property. # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_turn_tls_port: 5349 # Controls the `turn.udp_port` configuration property. # See: https://docs.livekit.io/home/self-hosting/ports-firewall/ livekit_server_config_turn_udp_port: 3478 ######################################################################################## # # # /TURN # # # ######################################################################################## ######################################################################################## # # # Prometheus # # # ######################################################################################## # When set to true, enables Prometheus metrics. livekit_server_config_prometheus_enabled: false # Controls the `prometheus.port` configuration property, which affects the metrics port (in the container) that LiveKit Server exposes. livekit_server_config_prometheus_port: 8081 # Controls the `prometheus.username` configuration property. # As an alternative, can configure authentication via `livekit_server_container_labels_public_metrics_middleware_basic_auth_users` as well. livekit_server_config_prometheus_username: "" # Controls the `prometheus.password` configuration property. # As an alternative, can configure authentication via `livekit_server_container_labels_public_metrics_middleware_basic_auth_users` as well. livekit_server_config_prometheus_password: "" ######################################################################################## # # # /Prometheus # # # ######################################################################################## # Controls the `keys` configuration property. livekit_server_config_keys: "{{ livekit_server_config_keys_auto | combine(livekit_server_config_keys_custom, recursive=True) }}" livekit_server_config_keys_auto: {} livekit_server_config_keys_custom: {} ######################################################################################## # # # Limits # # # ######################################################################################## # Ref: # - https://github.com/livekit/livekit/blob/46651c1978c8ae29d9b2d544b8b089c0960c9314/config-sample.yaml#L311-L330 # - https://github.com/livekit/livekit/blob/46651c1978c8ae29d9b2d544b8b089c0960c9314/pkg/config/config.go#L395-L401 # - for `num_tracks` and `bytes_per_sec`, the config-sample-yaml comments seem to be misleading. Defaults seem to be `0` in LiveKit code. # Controls the `limit.num_tracks` configuration property. # Set to -1 or 0 to disable the limit. livekit_server_config_limit_num_tracks: 0 # Controls the `limit.bytes_per_sec` configuration property. # Set to 0 to disable the limit. livekit_server_config_limit_bytes_per_sec: 0 # Controls the `limit.subscription_limit_video` configuration property. # How many video tracks a single participant can subscribe to at the same time. # 0 means no limit. livekit_server_config_limit_subscription_limit_video: 0 # Controls the `limit.subscription_limit_audio` configuration property. # How many audio tracks a single participant can subscribe to at the same time. # 0 means no limit. livekit_server_config_limit_subscription_limit_audio: 0 # Controls the `limit.max_metadata_size` configuration property. # Limit size of room and participant's metadata. 0 means no limit. livekit_server_config_limit_max_metadata_size: 64000 # Controls the `limit.max_attributes_size` configuration property. # Limit total size of all attributes on a participant. 0 means no limit. livekit_server_config_limit_max_attributes_size: 64000 # Controls the `limit.max_room_name_length` configuration property. # Limit length of room names. 0 means no limit. livekit_server_config_limit_max_room_name_length: 256 # Controls the `limit.max_participant_identity_length` configuration property. # Limit length of participant identity. 0 means no limit. livekit_server_config_limit_max_participant_identity_length: 256 # Controls the `limit.max_participant_name_length` configuration property. # Limit length of participant names. 0 means no limit. livekit_server_config_limit_max_participant_name_length: 256 ######################################################################################## # # # /Limits # # # ######################################################################################## ######################################################################################## # # # Logging # # # ######################################################################################## # Controls the `logging.level` configuration property. # Valid values: debug, info, warn, error livekit_server_config_logging_level: info # Controls the `logging.pion_level` configuration property livekit_server_config_logging_pion_level: error # Controls the `logging.json` configuration property. # When set to true, emits json fields. livekit_server_config_logging_json: false # Controls the `logging.sample` configuration property. # For production setups, enables sampling algorithm. # See: https://github.com/uber-go/zap/blob/master/FAQ.md#why-sample-application-logs livekit_server_config_logging_sample: false ######################################################################################## # # # /Logging # # # ######################################################################################## # Controls whether LiveKitServer's metrics should be proxied (exposed) publicly via Traefik. livekit_server_metrics_proxying_enabled: false livekit_server_metrics_proxying_hostname: "" livekit_server_metrics_proxying_path: /metrics/livekit-server # livekit_server_restart_necessary controls whether the LiveKit Server systemd # service will be restarted (when true) or merely started (when false) by the # systemd service manager role (when conditional restart is enabled). # # This value is automatically computed during installation based on whether # any configuration files, the systemd service file, or the container image changed. # The default of `false` means "no restart needed" — appropriate when the role's # installation tasks haven't run (e.g., due to --tags skipping them). livekit_server_restart_necessary: false