# LiveKit SFU + JWT service for MatrixRTC (Element X / Element Call)
# Host: matrix-ubuntu (192.168.0.154 / 100.85.21.51)
# Deploy path: /opt/livekit/
#
# Public endpoints (via NPM on Calypso -> livekit.mx.vish.gg):
#   LiveKit SFU:    https://livekit.mx.vish.gg/livekit/sfu/
#   JWT service:    https://livekit.mx.vish.gg/livekit/jwt/
#   Healthcheck:    https://livekit.mx.vish.gg/livekit/jwt/healthz
#
# Announced via .well-known/matrix/client on mx.vish.gg:
#   "org.matrix.msc4143.rtc_foci": [{"type":"livekit","livekit_service_url":"https://livekit.mx.vish.gg/livekit/jwt"}]
#
# NOTE: This compose file lives at /opt/livekit/docker-compose.yml on matrix-ubuntu
# It is NOT deployed via Portainer GitOps — managed manually on the host.
# Config file: /opt/livekit/livekit.yaml

services:
  livekit:
    image: livekit/livekit-server:latest
    container_name: livekit
    command: --config /etc/livekit/livekit.yaml
    volumes:
      - /opt/livekit/livekit.yaml:/etc/livekit/livekit.yaml:ro
    # network_mode: host — uses host networking for WebRTC NAT traversal
    # Ports: 7880 (HTTP/WS), 7881 (RTC TCP), 50000-60000/udp (WebRTC media)
    network_mode: host
    restart: unless-stopped

  lk-jwt-service:
    image: ghcr.io/element-hq/lk-jwt-service:latest-ci
    container_name: lk-jwt-service
    environment:
      - LIVEKIT_URL=wss://livekit.mx.vish.gg
      - LIVEKIT_KEY=livekit_key
      - LIVEKIT_SECRET=800649495d6b00e27fbafc71REDACTED_GITEA_TOKEN # pragma: allowlist secret
      - LIVEKIT_FULL_ACCESS_HOMESERVERS=mx.vish.gg
    ports:
      - "8089:8080"
    restart: unless-stopped