--- gitea: none include_toc: true --- # Element Call Element Call enables users to have audio and videocalls with groups, while maintaining full E2E encryption. It requires several bits of software and entries in .well-known/matrix/client This bit is for later, but here's a nice bit of documentation to start: https://sspaeth.de/2024/11/sfu/ # Install prerequisites Define an entry in DNS for Livekit and Call, e.g. `livekit.matrixdev.example.com` and `call.matrixdev.example.com`. Get certificates for them. Expand `.well-known/matrix/client` to contain the pointer to the SFU: ``` "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", "livekit_service_url": "https://livekit.matrixdev.example.com" } ] ``` Create `.well-known/element/element.json`, which is opened by Element-web and ElementX to find the Element Call widget. It should contain something like this: ``` { "call": { "widget_url": "https://call.matrixdev.example.com" } } ``` Make sure it is served as `application/json`, just like the other .well-known files. lk-jwt-service is a small Go program that handles authorization tokens. You'll need a Go compiler, so install that: ``` apt install golang ``` # lk-jwt-service {#livekit} Get the latest source code and comile it (preferably *NOT* as root): ``` git clone https://github.com/element-hq/lk-jwt-service.git cd lk-jwt-service go build -o lk-jwt-service ``` You'll then notice that you need a newer compiler, so we'll download that and add it to our PATH (again not as root): ``` wget https://go.dev/dl/go1.23.3.linux-amd64.tar.gz tar xvfz go1.23.3.linux-amd64.tar.gz cd go/bin export PATH=`pwd`:$PATH cd ``` Now, compile: ``` cd lk-jwt-service go build -o lk-jwt-service ``` Copy and chown the binary to `/usr/local/sbin` (yes: as root): ``` cp ~user/lk-jwt-service/lk-jwt-service /usr/local/sbin chown root:root /usr/local/sbin/lk-jwt-service ``` Create a service file for systemd, something like this: ``` # This thing does authorization for Element Call [Unit] Description=LiveKit JWT Service After=network.target [Service] Restart=always User=www-data Group=www-data #WorkingDirectory=/opt/lk-jwt-service EnvironmentFile=/etc/lk-jwt-service/config ExecStart=/usr/local/sbin/lk-jwt-service [Install] WantedBy=multi-user.target ``` Not sure about the `WorkingDirectory`, so it's commented out until it turns out to be necessary. We read the options from `/etc/lk-jwt-service/config`, which we make read-only for group `www-data` and non-accessible by anyone else. ``` mkdir /etc/lk-jwt-service vi /etc/lk-jwt-service/config chgrp -R www-data /etc/lk-jwt-service chmod -R o-rwx /etc/lk-jwt-service ``` The contents of `/etc/lk-jwt-service/config` are not fully known yet (see further, installation of the actual LiveKit, the SFU), but for now it's enough to fill it with this: ``` LIVEKIT_URL=wss://livekit.matrixdev.example.com LIVEKIT_SECRET=xxx LIVEKIT_KEY=xxx LK_JWT_PORT=8080 ``` Now enable and start this thing: ``` systemctl enable --now lk-jwt-service ```