Add Element Call, LiveKit Server and JWT Service integrations for Element Call functionality

[wjbeckett]

This Pull Request adds support for deploying Element Call, JWT Service, and Livekit Server as part of the Matrix stack. The changes introduce new roles and corresponding tasks, systemd services, configuration files, and updates to existing configurations to support these new components.

Summary of Changes:

1. New Roles Added:

   • Element Call: Handles the setup, configuration, and deployment of the Element Call container.
   • JWT Service: Deploys the JWT Service for managing Livekit authentication.
   • Livekit Server: Configures and runs the Livekit server for video conferencing.

2. Key Additions:

   • Systemd Services: Added systemd files for each service to manage the Docker containers for Element Call, JWT Service, and Livekit.
   • Configuration Updates:
     • Updated homeserver.yaml to include listener settings for Element Call.
     • Modified the well-known client JSON to support the RTC FOCI needed for Element Call and Livekit.
     • Updated the Element Web config.json to include configuration settings for using Element Call.
     • Added well-known configuration for Element X to point to Element Call.

3. Traefik Configuration:

   • Added appropriate Traefik labels for Element Call, JWT Service, and Livekit Server containers to ensure that requests are correctly proxied to the appropriate service.
   • Created separate labels files for each service for better organization and maintainability.

4. Tasks and Templates:

   • Refactored common tasks into reusable components where possible.
   • Added validation tasks to ensure all required configurations are present before deployment.
   • Created and updated necessary templates (config.json, element.json, livekit.yaml.j2, etc.) to provide the correct settings for each service.

Testing Performed:

• Each role was tested independently, and the full deployment was validated to ensure that:
  • Containers start successfully with the correct configurations.
  • Systemd services are set up and managed properly.
  • Element Call integrates seamlessly with the Matrix ecosystem, allowing users to initiate video calls through Element.
  • Traefik correctly routes requests for each service based on defined hostnames.

Documentation:

• Updated documentation in the docs directory to include setup and configuration details for:
  • Element Call: Including required DNS changes and settings for the well-known client.
  • JWT Service and Livekit Server: Configuration steps, default variables, and examples of customization.

Limitations:

• Standalone Element Call: While Element Call works within the Element apps, the standalone call.DOMAIN website for ad-hoc calls will not function correctly until the Matrix Authentication Service (MAS) is implemented. This is due to the requirement of an OIDC header from MAS, which is currently not in place.

Checklist:

• Roles for Element Call, JWT Service, and Livekit Server created and tested.
• Systemd files for service management added.
• Traefik labels set correctly for each container.
• Configuration files updated or created as required.
• Documentation updated with detailed setup instructions.
• Group Vars and Setup Playbook modified to accommodate new roles.
• Testing performed to ensure no regression and correctness of new additions.

Notes for Reviewers:

• The changes involve significant updates to the configuration and introduction of multiple new roles. Please verify that all group variables and systemd services have been defined as required.
• Special attention should be given to the well-known client configuration and the integration of Traefik labels to ensure that requests are correctly proxied.
• Please note the current limitation regarding the standalone Element Call website until MAS integration is complete.

Closes #1764

[saket424]

@spantaleev
I attempted this new updated pull request and ran into an error 401 invalid jwt token error when attempting to launch an element-video-call

Is this pull request nearly ready or still have to wait ? Do I have these values roughly right? I do not understand why I need the devkey in so many places as repeats. Please enlighten me if I have something wrong

matrix_element_call_enabled: true
matrix_livekit_server_enabled: true
matrix_jwt_service_enabled: true

# Set a secure key for LiveKit authentication
matrix_element_call_livekit_dev_key: APInL8K4YVYV4ar

# Set a secure key for LiveKit authentication
livekit_server_dev_key: APInL8K4YVYV4ar
livekit_server_jwt_secret: 7le91R7gbaPjPdWeuhOvGzNOxnwnROYVFXlLB5eSehjB
matrix_element_call_dev_key: APInL8K4YVYV4ar
matrix_element_call_jwt_secret: 7le91R7gbaPjPdWeuhOvGzNOxnwnROYVFXlLB5eSehjB
matrix_element_call_enabled: true

# Set a secure key for LiveKit authentication
livekit_server_config_keys_devkey: APInL8K4YVYV4ar

matrix_authentication_service_enabled: true

# Generate this encryption secret with: `openssl rand -hex 32`
matrix_authentication_service_config_secrets_encryption: 'c5812e5dedb5302ae1314eb8c2e41449f7cec6d11495782652c1a5ed8d1c60f3'

[spantaleev]

It's quite far from being ready. It still requires extensive reworking.

I'll post here when it's operational and ready to be tested.

[luixxiul]

An entry for this image should be added to docs/container-images.md.

[saket424]

@spantaleev
Any success with element-call integration?

[joolsr]

I love your script and appreciate the heard work that's gone into developing this. My company really needs Element Call before we can roll out Matrix and replace our dependence on Skype.

I appreciate getting Element Call integrated properly may take some time. But as do not have to have Call hosted inhouse to start with, can we easily point to a Element call hosted elsewhere eg call.element.io maybe and then once Element Call is integrated in this script upgrade and use this internally?

[rriemann]

I love your script and appreciate the heard work that's gone into developing this. My company really needs Element Call before we can roll out Matrix and replace our dependence on Skype.

I appreciate getting Element Call integrated properly may take some time. But as do not have to have Call hosted inhouse to start with, can we easily point to a Element call hosted elsewhere eg call.element.io maybe and then once Element Call is integrated in this script upgrade and use this internally?

I have configured my setup with an external livekit (actually livekit.io). This was super easy:

The livekit-jwt service needs 3 env variables. That's it:

LIVEKIT_URL=wss://your-account-subdomain.livekit.cloud
LIVEKIT_KEY=APIblablabla
LIVEKIT_SECRET=verylongsecret

[plui29989]

I love your script and appreciate the heard work that's gone into developing this. My company really needs Element Call before we can roll out Matrix and replace our dependence on Skype.
I appreciate getting Element Call integrated properly may take some time. But as do not have to have Call hosted inhouse to start with, can we easily point to a Element call hosted elsewhere eg call.element.io maybe and then once Element Call is integrated in this script upgrade and use this internally?

I have configured my setup with an external livekit (actually livekit.io). This was super easy:

The livekit-jwt service needs 3 env variables. That's it:

LIVEKIT_URL=wss://your-account-subdomain.livekit.cloud
LIVEKIT_KEY=APIblablabla
LIVEKIT_SECRET=verylongsecret

Is MAS necessary for this to work?
I would like to get EC running (even if not self-hosted) but without MAS - at least for now...

[joolsr]

I love your script and appreciate the heard work that's gone into developing this. My company really needs Element Call before we can roll out Matrix and replace our dependence on Skype.
I appreciate getting Element Call integrated properly may take some time. But as do not have to have Call hosted inhouse to start with, can we easily point to a Element call hosted elsewhere eg call.element.io maybe and then once Element Call is integrated in this script upgrade and use this internally?

I have configured my setup with an external livekit (actually livekit.io). This was super easy:

The livekit-jwt service needs 3 env variables. That's it:

LIVEKIT_URL=wss://your-account-subdomain.livekit.cloud
LIVEKIT_KEY=APIblablabla
LIVEKIT_SECRET=verylongsecret

Many thanks !