matrix-docker-ansible-deploy/roles/custom/matrix-livekit-server/defaults/main.yml

# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2024 wjbeckett
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later

---

# Project source code URL: https://github.com/livekit/livekit

livekit_server_enabled: false

livekit_server_identifier: livekit-server

livekit_server_uid: ''
livekit_server_gid: ''

livekit_server_base_path: "/{{ livekit_server_identifier }}"
livekit_server_config_path: "{{ livekit_server_base_path }}/config"

# renovate: datasource=docker depName=docker.io/livekit/livekit-server
livekit_server_version: v1.8.4

livekit_server_scheme: https
livekit_server_hostname: ""
livekit_server_path_prefix: /

livekit_server_container_network: "{{ livekit_server_identifier }}"

livekit_server_container_additional_networks: "{{ livekit_server_container_additional_networks_auto + livekit_server_container_additional_networks_custom }}"
livekit_server_container_additional_networks_auto: []
livekit_server_container_additional_networks_custom: []

# Controls whether the LiveKit Server container exposes its RTC ports and which interface to do it on.
#
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.
livekit_server_container_rtc_listen_interface: "{{ '' if livekit_server_container_network != 'host' else 'none' }}"

# Controls whether the LiveKit Server container exposes its TURN ports and which interface to do it on.
#
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.
livekit_server_container_turn_listen_interface: "{{ '' if livekit_server_container_network != 'host' else 'none' }}"

livekit_server_container_image_self_build: false
livekit_server_container_repo: "https://github.com/livekit/livekit.git"
livekit_server_container_repo_version: "{{ 'main' if livekit_server_version == 'latest' else livekit_server_version }}"
livekit_server_container_src_files_path: "{{ livekit_server_base_path }}/container-src"

livekit_server_container_image: "{{ livekit_server_container_image_registry_prefix }}livekit/livekit-server:{{ livekit_server_version }}"
livekit_server_container_image_registry_prefix: "{{ 'localhost/' if livekit_server_container_image_self_build else livekit_server_container_image_registry_prefix_upstream }}"
livekit_server_container_image_registry_prefix_upstream: "{{ livekit_server_container_image_registry_prefix_upstream_default }}"
livekit_server_container_image_registry_prefix_upstream_default: docker.io/
livekit_server_container_image_force_pull: "{{ livekit_server_container_image.endswith(':latest') }}"

livekit_server_container_labels_traefik_enabled: true
livekit_server_container_labels_traefik_docker_network: "{{ livekit_server_container_network }}"
livekit_server_container_labels_traefik_hostname: "{{ livekit_server_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/element`).
livekit_server_container_labels_traefik_path_prefix: "{{ livekit_server_path_prefix }}"
livekit_server_container_labels_traefik_rule: "Host(`{{ livekit_server_container_labels_traefik_hostname }}`){% if livekit_server_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ livekit_server_container_labels_traefik_path_prefix }}`){% endif %}"
livekit_server_container_labels_traefik_priority: 0
livekit_server_container_labels_traefik_entrypoints: web-secure
livekit_server_container_labels_traefik_tls: "{{ livekit_server_container_labels_traefik_entrypoints != 'web' }}"
livekit_server_container_labels_traefik_tls_certResolver: default  # noqa var-naming

# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `livekit_server_container_labels_traefik_additional_response_headers_custom`
livekit_server_container_labels_traefik_additional_response_headers: "{{ livekit_server_container_labels_traefik_additional_response_headers_auto | combine(livekit_server_container_labels_traefik_additional_response_headers_custom) }}"
livekit_server_container_labels_traefik_additional_response_headers_auto: |
  {{
    {}
    | combine ({'X-XSS-Protection': livekit_server_http_header_xss_protection} if livekit_server_http_header_xss_protection else {})
    | combine ({'X-Frame-Options': livekit_server_http_header_frame_options} if livekit_server_http_header_frame_options else {})
    | combine ({'X-Content-Type-Options': livekit_server_http_header_content_type_options} if livekit_server_http_header_content_type_options else {})
    | combine ({'Content-Security-Policy': livekit_server_http_header_content_security_policy} if livekit_server_http_header_content_security_policy else {})
    | combine ({'Permission-Policy': livekit_server_http_header_content_permission_policy} if livekit_server_http_header_content_permission_policy else {})
    | combine ({'Strict-Transport-Security': livekit_server_http_header_strict_transport_security} if livekit_server_http_header_strict_transport_security and livekit_server_container_labels_traefik_tls else {})
  }}
livekit_server_container_labels_traefik_additional_response_headers_custom: {}

# livekit_server_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# livekit_server_container_labels_additional_labels: |
#   my.label=1
#   another.label="here"
livekit_server_container_labels_additional_labels: ''

# A list of extra arguments to pass to the container
livekit_server_container_extra_arguments: []

# List of systemd services that LiveKit Server service depends on
livekit_server_systemd_required_services_list: "{{ livekit_server_systemd_required_services_list_default + livekit_server_systemd_required_services_list_auto + livekit_server_systemd_required_services_list_custom }}"
livekit_server_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
livekit_server_systemd_required_services_list_auto: []
livekit_server_systemd_required_services_list_custom: []

# Specifies the value of the `X-XSS-Protection` header
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
#
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
livekit_server_http_header_xss_protection: ''

# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
livekit_server_http_header_frame_options: ''

# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
livekit_server_http_header_content_type_options: ''

# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
livekit_server_http_header_content_security_policy: ''

# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
livekit_server_http_header_content_permission_policy: ''

# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
livekit_server_http_header_strict_transport_security: ''

# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
# Learn more about what it is here:
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
# - https://amifloced.org/
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `livekit_server_content_permission_policy`
livekit_server_floc_optout_enabled: false

# Controls if HSTS preloading is enabled
#
# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
# indicates a willingness to be "preloaded" into browsers:
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
# For more information visit:
# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `livekit_server_http_header_strict_transport_security`
livekit_server_hsts_preload_enabled: true

# Holds the final LiveKit Server configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `livekit_server_configuration_yaml` or `livekit_server_configuration_extension_yaml`.
livekit_server_configuration: "{{ livekit_server_configuration_yaml | from_yaml | combine(livekit_server_configuration_extension, recursive=True) }}"

# Default LiveKit Server configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `livekit_server_configuration_extension_yaml`)
# or completely replace this variable with your own template.
livekit_server_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

livekit_server_configuration_extension_yaml: |
  # Your custom YAML configuration for LiveKit Server goes here.
  # This configuration extends the default starting configuration (`livekit_server_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `livekit_server_configuration_yaml`.
  #
  # Example configuration extension follows:
  #
  # logging:
  #   level: debug

livekit_server_configuration_extension: "{{ livekit_server_configuration_extension_yaml | from_yaml if livekit_server_configuration_extension_yaml | from_yaml is mapping else {} }}"

# Controls the `port` configuration property.
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_port: 7880

########################################################################################
#                                                                                      #
# RTC                                                                                  #
#                                                                                      #
########################################################################################

# Controls the `rtc.tcp_port` configuration property
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_rtc_tcp_port: 7881

# Controls the `rtc.port_range_start` configuration property.
# This must be defined together with `livekit_server_config_rtc_port_range_end`,
# or alternatively `livekit_server_config_rtc_udp_port` can be defined as a single port that handles all traffic.
# Example: 50100
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_rtc_port_range_start: ''

# Controls the `rtc.port_range_end` configuration property.
# This must be defined together with `livekit_server_config_rtc_port_range_start`,
# or alternatively `livekit_server_config_rtc_udp_port` can be defined as a single port that handles all traffic.
# Example: 50200
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_rtc_port_range_end: ''

# Controls the `rtc.udp_port` configuration property.
# As an alternative to this, one may define both `livekit_server_config_rtc_port_range_start` and `livekit_server_config_rtc_port_range_end`.
# Example: 7882
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_rtc_udp_port: 7882

# Controls the `rtc.use_external_ip` configuration property.
# When set to true, attempts to discover the host's public IP via STUN.
# This is useful for cloud environments such as AWS & Google where hosts have an internal IP that maps to an external one.
livekit_server_config_rtc_use_external_ip: true

########################################################################################
#                                                                                      #
# /RTC                                                                                 #
#                                                                                      #
########################################################################################

########################################################################################
#                                                                                      #
# TURN                                                                                 #
#                                                                                      #
########################################################################################

# Controls the `turn.enabled` configuration property.
# When set to true, enables TURN server.
livekit_server_config_turn_enabled: false

# Controls the `turn.domain` configuration property.
# Example: livekit.example.com
livekit_server_config_turn_domain: "{{ livekit_server_hostname }}"

# Controls the `turn.cert_file` configuration property.
# Path to the TLS certificate file.
livekit_server_config_turn_cert_file: ''

# Controls the `turn.key_file` configuration property.
# Path to the TLS key file.
livekit_server_config_turn_key_file: ''

# Controls the `turn.external_tls` configuration property.
livekit_server_config_turn_external_tls: false

# Controls the `turn.tls_port` configuration property.
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_turn_tls_port: 5349

# Controls the `turn.udp_port` configuration property.
# See: https://docs.livekit.io/home/self-hosting/ports-firewall/
livekit_server_config_turn_udp_port: 3478

########################################################################################
#                                                                                      #
# /TURN                                                                                #
#                                                                                      #
########################################################################################

# Controls the `keys` configuration property.
livekit_server_config_keys: "{{ livekit_server_config_keys_auto | combine(livekit_server_config_keys_custom, recursive=True) }}"
livekit_server_config_keys_auto: {}
livekit_server_config_keys_custom: {}

# Controls the `logging.level` configuration property.
# Known values: debug, info, warn, error
livekit_server_config_logging_level: info

# Controls the `logging.pion_level` configuration property
livekit_server_config_logging_pion_level: error

# Controls the `logging.json` configuration property.
# When set to true, emits json fields.
livekit_server_config_logging_json: false

# Controls the `logging.sample` configuration property.
# For production setups, enables sampling algorithm.
# See: https://github.com/uber-go/zap/blob/master/FAQ.md#why-sample-application-logs
livekit_server_config_logging_sample: false