2024-11-12 15:38:05 +01:00
|
|
|
---
|
|
|
|
gitea: none
|
|
|
|
include_toc: true
|
|
|
|
---
|
|
|
|
|
|
|
|
# Element Call
|
|
|
|
|
|
|
|
Element Call enables users to have audio and videocalls with groups, while
|
|
|
|
maintaining full E2E encryption.
|
|
|
|
|
|
|
|
It requires several bits of software and entries in .well-known/matrix/client
|
|
|
|
|
|
|
|
This bit is for later, but here's a nice bit of documentation to start:
|
|
|
|
|
|
|
|
https://sspaeth.de/2024/11/sfu/
|
|
|
|
|
2024-11-18 17:31:38 +01:00
|
|
|
|
|
|
|
# Install prerequisites
|
|
|
|
|
|
|
|
Define an entry in DNS for Livekit and Call, e.g. `livekit.matrixdev.example.com`
|
|
|
|
and `call.matrixdev.example.com`. Get certificates for them.
|
|
|
|
|
|
|
|
Expand `.well-known/matrix/client` to contain the pointer to the SFU:
|
|
|
|
|
|
|
|
```
|
|
|
|
"org.matrix.msc4143.rtc_foci": [
|
|
|
|
{
|
|
|
|
"type": "livekit",
|
|
|
|
"livekit_service_url": "https://livekit.matrixdev.example.com"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
```
|
|
|
|
|
|
|
|
Create `.well-known/element/element.json`, which is opened by Element-web and
|
|
|
|
ElementX to find the Element Call widget. It should contain something like
|
|
|
|
this:
|
|
|
|
|
|
|
|
```
|
|
|
|
{
|
|
|
|
"call": {
|
|
|
|
"widget_url": "https://call.matrixdev.example.com"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Make sure it is served as `application/json`, just like the other .well-known
|
|
|
|
files.
|
|
|
|
|
|
|
|
|
2024-11-18 18:36:24 +01:00
|
|
|
lk-jwt-service is a small Go program that handles authorization tokens. You'll need a
|
2024-11-18 17:31:38 +01:00
|
|
|
Go compiler, so install that:
|
|
|
|
|
|
|
|
```
|
|
|
|
apt install golang
|
|
|
|
```
|
|
|
|
|
|
|
|
|
2024-11-18 18:36:24 +01:00
|
|
|
# lk-jwt-service {#livekit}
|
|
|
|
|
|
|
|
Get the latest source code and comile it (preferably *NOT* as root):
|
|
|
|
|
|
|
|
```
|
|
|
|
git clone https://github.com/element-hq/lk-jwt-service.git
|
|
|
|
cd lk-jwt-service
|
|
|
|
go build -o lk-jwt-service
|
|
|
|
```
|
|
|
|
|
|
|
|
You'll then notice that you need a newer compiler, so we'll download that and add it to
|
|
|
|
our PATH (again not as root):
|
|
|
|
|
|
|
|
```
|
|
|
|
wget https://go.dev/dl/go1.23.3.linux-amd64.tar.gz
|
|
|
|
tar xvfz go1.23.3.linux-amd64.tar.gz
|
|
|
|
cd go/bin
|
|
|
|
export PATH=`pwd`:$PATH
|
|
|
|
cd
|
|
|
|
```
|
|
|
|
|
|
|
|
Now, compile:
|
|
|
|
|
|
|
|
```
|
|
|
|
cd lk-jwt-service
|
|
|
|
go build -o lk-jwt-service
|
|
|
|
```
|
|
|
|
|
|
|
|
Copy and chown the binary to `/usr/local/sbin` (yes: as root):
|
|
|
|
|
|
|
|
```
|
|
|
|
cp ~user/lk-jwt-service/lk-jwt-service /usr/local/sbin
|
|
|
|
chown root:root /usr/local/sbin/lk-jwt-service
|
|
|
|
```
|
|
|
|
|
|
|
|
Create a service file for systemd, something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
# This thing does authorization for Element Call
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
Description=LiveKit JWT Service
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
Restart=always
|
|
|
|
User=www-data
|
|
|
|
Group=www-data
|
|
|
|
#WorkingDirectory=/opt/lk-jwt-service
|
|
|
|
EnvironmentFile=/etc/lk-jwt-service/config
|
|
|
|
ExecStart=/usr/local/sbin/lk-jwt-service
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
```
|
|
|
|
|
|
|
|
Not sure about the `WorkingDirectory`, so it's commented out until it turns
|
|
|
|
out to be necessary. We read the options from `/etc/lk-jwt-service/config`,
|
|
|
|
which we make read-only for group `www-data` and non-accessible by anyone
|
|
|
|
else.
|
|
|
|
|
|
|
|
```
|
|
|
|
mkdir /etc/lk-jwt-service
|
|
|
|
vi /etc/lk-jwt-service/config
|
|
|
|
chgrp -R www-data /etc/lk-jwt-service
|
|
|
|
chmod -R o-rwx /etc/lk-jwt-service
|
|
|
|
```
|
|
|
|
|
|
|
|
The contents of `/etc/lk-jwt-service/config` are not fully known yet (see
|
|
|
|
further, installation of the actual LiveKit, the SFU), but for now it's enough
|
|
|
|
to fill it with this:
|
|
|
|
|
|
|
|
```
|
|
|
|
LIVEKIT_URL=wss://livekit.matrixdev.example.com
|
|
|
|
LIVEKIT_SECRET=xxx
|
|
|
|
LIVEKIT_KEY=xxx
|
|
|
|
LK_JWT_PORT=8080
|
|
|
|
```
|
|
|
|
|
|
|
|
Now enable and start this thing:
|
|
|
|
|
|
|
|
```
|
|
|
|
systemctl enable --now lk-jwt-service
|
|
|
|
```
|
|
|
|
|
|
|
|
|