diff --git a/README.md b/README.md
index de2420598c8901fea2370ee468a99d3fb00b2fc1..8e73c686c5aed8423eb80c8738da79838e2bf993 100644
--- a/README.md
+++ b/README.md
@@ -44,11 +44,11 @@ In the current state, the configuration that is ready to use out-of-the-box, cov
| postgresql | X |
| autoheal | X |
| rabbitmq | X |
-| redis | X |
+| redis | |
| web-frontend | X |
| controller | X |
| minio | X |
-| janus-gateway| X |
+| livekit | X |
| obelisk | |
| smtp-mailer | |
| spacedeck | |
@@ -69,6 +69,8 @@ If your domain is for example `example.com`, you have to create the following DN
- example.com (OpenTalk Web-UI)
- accounts.example.com (Keycloak instance)
- controller.example.com (OpenTalk controller service)
+- livekit.example.com (LiveKit server)
+- optional: turn.example.com (if you plan to use the TURN support in LiveKit server)
### Reverse-Proxy and SSL certificates
@@ -80,6 +82,7 @@ When you use the default ports, the services listen on the following ports on th
- frontend: localhost:8080
- controller: localhost:8090
- keycloak: localhost:8087
+- livekit: localhost:7880
We recommend using nginx as reverse-proxy. Please refer the [official nginx documentation](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) for further information.
@@ -94,7 +97,7 @@ Clone the git repository to a location of your choice. Since we are using direct
Specify a release tag when you clone the git repository. Pick the current stable version from our [release page](https://docs.opentalk.eu/releases).
```bash
-git clone --branch v24.10.0 https://gitlab.opencode.de/opentalk/ot-setup.git /opt/opentalk
+git clone --branch v24.20.0 https://gitlab.opencode.de/opentalk/ot-setup.git /opt/opentalk
```
Change to the root of this repository, and use it as base directory for the next steps.
@@ -123,7 +126,7 @@ cp extras/opentalk-samples/controller.toml.sample config/controller.toml
Customize the variables in `.env` according to your needs. In most cases, it is sufficient to adjust the values listed under `common variables`. You should always leave the `docker-compose.yaml` file unchanged to have an easier update process in future.
-You absolutely *have to* set `OT_DOMAIN` yourself to a domain you or your organization control.
+You absolutely _have to_ set `OT_DOMAIN` yourself to a domain you or your organization control.
You can generate the secrets with the `gen-secrets.sh` helper script and simply copy + paste the secrets into the `.env` file.
@@ -147,6 +150,7 @@ KEYCLOAK_CLIENT_SECRET_RECORDER=itoo2pieyohh6Aighiebietee7iefae7
SPACEDECK_API_TOKEN=ohP2AeBirineimohS6Pha1oaphoapoM2
SPACEDECK_INVITE_CODE=eij9weipaxohYiexoh1loo5zae8ic2ah
ETHERPAD_API_KEY=iethae9aulo0ung6Tida6uquahmahphi
+LIVEKIT_KEYS_API_SECRET=QEHNPlkZ4sIWecuB4rZQVtTWMire3ZbI
```
#### Add the secretes to the `config/controller.toml`
@@ -157,8 +161,9 @@ Use the following sed snippets or as an alternative you can also edit the `confi
```bash
source .env; sed -i "s/postgrespw/$POSTGRES_PASSWORD/g" config/controller.toml
source .env; sed -i "s/keycloakclientsecretforcontroller/$KEYCLOAK_CLIENT_SECRET_CONTROLLER/g" config/controller.toml
+source .env; sed -i "s/livekitapisecret/$LIVEKIT_KEYS_API_SECRET/g" config/controller.toml
source .env; sed -i "s/spacedeckapitoken/$SPACEDECK_API_TOKEN/g" config/controller.toml
-source .env; sed -i "s/etherpadapikey/$ETHERPAD_API_KEY/g" config/controller.toml
+source .env; sed -i "s/etherpadapikey/$ETHERPAD_API_KEY/g" config/controller.toml
```
#### Final adjustments to the `config/controller.toml`
@@ -171,12 +176,21 @@ vi config/controller.toml
Change the following values to fit your needs:
-```txt
+```toml
[http]
-cors.allowed_origin = ["https://example.org"]
+cors.allowed_origin = ["https://example.com"]
[keycloak]
-base_url = "https://accounts.example.org/auth"
+base_url = "https://accounts.example.com/auth"
+
+[livekit]
+public_url = "https://livekit.example.com"
+```
+
+If your domain is set with the variable OT_DOMAIN in the .env file, you can replace it with the following snippet, or edit it manually.
+
+```bash
+source .env; sed -i "s/example.com/$OT_DOMAIN/g" config/controller.toml
```
#### Optional: Advanced configuration method using environment variables
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 94499038c2afca6b643850e8cbd35b2dcaaf22e3..6cd7cfcaa4f4bc8a72d4e28ab09754258c8f4910 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -32,7 +32,6 @@ services:
WAITING_ROOM_DEFAULT_VALUE: ${WAITING_ROOM_DEFAULT_VALUE:-false}
PRODUCT_VERSION: "v24.20.0-rc.1"
-
# *** controller ***
controller:
image: ${OPENTALK_CONTROLLER_IMAGE_SRC:-registry.opencode.de/opentalk/controller}:${OPENTALK_CONTROLLER_IMAGE_TAG:-v0.25.0}
@@ -40,6 +39,8 @@ services:
restart: always
ports:
- ${OPENTALK_CONTROLLER_EXP_PORT:-8090}:11311
+ extra_hosts:
+ - host.docker.internal:host-gateway
environment:
RUST_LOG: info,k3k=debug,janus_client=info,k3k_janus_media::mcu=OFF
OPENTALK_CTRL_DATABASE__URL: "postgres://${POSTGRES_USER:-ot}:${POSTGRES_PASSWORD}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-opentalk}"
@@ -58,7 +59,6 @@ services:
OPENTALK_CTRL_RABBIT_MQ__URL: "${OPENTALK_CTRL_RABBIT_MQ__URL:-amqp://guest:guest@rabbit/%2F}"
OPENTALK_CTRL_RABBIT_MQ__MAIL_TASK_QUEUE: "${OPENTALK_CTRL_RABBIT_MQ__MAIL_TASK_QUEUE:-opentalk_mailer}"
OPENTALK_CTRL_RABBIT_MQ__RECORDING_TASK_QUEUE: "${OPENTALK_CTRL_RABBIT_MQ__RECORDING_TASK_QUEUE:-opentalk_recorder}"
- OPENTALK_CTRL_REDIS__URL: "${OPENTALK_CTRL_REDIS__URL:-redis://redis:6379/}"
OPENTALK_CTRL_MINIO__URI: "${OPENTALK_CTRL_MINIO__URI:-http://minio:9000}"
OPENTALK_CTRL_MINIO__BUCKET: "${OPENTALK_CTRL_MINIO__BUCKET:-s3_bucket}"
OPENTALK_CTRL_MINIO__ACCESS_KEY: "${OPENTALK_CTRL_MINIO__ACCESS_KEY:-minioadmin}"
@@ -81,6 +81,8 @@ services:
image: ${OT_OBELISK_IMAGE_SRC:-registry.opencode.de/opentalk/obelisk}:${OT_OBELISK_IMAGE_TAG:-v0.15.0}
profiles: ["obelisk"]
network_mode: host
+ extra_hosts:
+ - host.docker.internal:host-gateway
restart: always
environment:
RUST_LOG: ${RUST_LOG:-info}
@@ -101,6 +103,8 @@ services:
recorder:
image: ${RECORDER_IMAGE_SRC:-registry.opencode.de/opentalk/recorder}:${RECORDER_IMAGE_TAG:-v0.10.1}
profiles: ["recorder"]
+ extra_hosts:
+ - host.docker.internal:host-gateway
restart: always
network_mode: host
environment:
@@ -116,7 +120,7 @@ services:
# *** livekit ***
livekit:
- image: livekit/livekit-server:v1.8
+ image: livekit/livekit-server:v1.7.2
profiles: ["core", "livekit"]
network_mode: host
restart: always
@@ -125,8 +129,8 @@ services:
LIVEKIT_HTTP_PORT: "${LIVEKIT_HTTP_PORT:-7880}"
LIVEKIT_HTTP_BIND_ADDRESS: "${LIVEKIT_HTTP_BIND_ADDRESS:-}"
LIVEKIT_TCP_PORT: "${LIVEKIT_TCP_PORT:-7881}"
- LIVEKIT_RTC_PORT_RANGE_START: "${LIVEKIT_RTC_PORT_RANGE_START:-50000}"
- LIVEKIT_RTC_PORT_RANGE_END: "${LIVEKIT_RTC_PORT_RANGE_END:-60000}"
+ LIVEKIT_RTC_PORT_RANGE_START: "${LIVEKIT_RTC_PORT_RANGE_START:-20000}"
+ LIVEKIT_RTC_PORT_RANGE_END: "${LIVEKIT_RTC_PORT_RANGE_END:-39999}"
LIVEKIT_RTC_USE_EXTERNAL_IP: "${LIVEKIT_RTC_USE_EXTERNAL_IP:-true}"
LIVEKIT_RTC_ENABLE_LOOPBACK_CANDIDATE: "${LIVEKIT_RTC_ENABLE_LOOPBACK_CANDIDATE:-false}"
LIVEKIT_TURN_ENABLED: "${LIVEKIT_TURN_ENABLED:-false}"
@@ -134,8 +138,8 @@ services:
LIVEKIT_TURN_TLS_PORT: "${LIVEKIT_TURN_TLS_PORT:-5349}"
LIVEKIT_TURN_UDP_PORT: "${LIVEKIT_TURN_UDP_PORT:-3478}"
LIVEKIT_TURN_EXTERNAL_TLS: "${LIVEKIT_TURN_EXTERNAL_TLS:-true}"
- LIVEKIT_KEYS_API_KEY: "${LIVEKIT_KEYS_API_KEY:-opentalk}"
- LIVEKIT_KEYS_API_SECRET: "${LIVEKIT_KEYS_API_SECRET:-secret}"
+ LIVEKIT_KEYS_API_KEY: "${LIVEKIT_KEYS_API_KEY:-controller}"
+ LIVEKIT_KEYS_API_SECRET: "${LIVEKIT_KEYS_API_SECRET:-}"
LIVEKIT_LOGGING_JSON: "${LIVEKIT_LOGGING_JSON:-false}"
LIVEKIT_LOGGING_LEVEL: "${LIVEKIT_LOGGING_LEVEL:-info}"
command:
@@ -143,8 +147,6 @@ services:
volumes:
- ./init/livekit-init.sh:/livekit-init.sh
-
-
# *** spacedeck ***
whiteboard:
image: ${SD_IMAGE_SRC:-registry.opencode.de/opentalk/spacedeck}:${SD_IMAGE_TAG:-v1.0.2}
@@ -257,15 +259,15 @@ services:
interval: 10s
timeout: 15s
retries: 5
-
+
# *** Redis ***
redis:
image: redis:${REDIS_IMAGE_TAG:-7-alpine}
- profiles: ["core", "redis"]
+ profiles: ["redis"]
restart: always
ports:
- ${REDIS_EXP_PORT:-127.0.0.1:6379}:${REDIS_EXP_PORT:-6379}
-
+
# *** minio ***
minio:
image: minio/minio:${MINIO_IMAGE_TAG:-RELEASE.2023-07-21T21-12-44Z}
diff --git a/env.sample b/env.sample
index d11438471fb22a302ba0ad39d59630b04fc0971d..651fda9cc89bc7516933b669955a3bb76467b247 100644
--- a/env.sample
+++ b/env.sample
@@ -114,7 +114,7 @@ OPENTALK_CTRL_KEYCLOAK__CLIENT_SECRET="$KEYCLOAK_CLIENT_SECRET_CONTROLLER"
# OPENTALK_CTRL_SPACEDECK__URL="http://localhost:9666"
# OPENTALK_CTRL_SPACEDECK__API_KEY="secret"
# OPENTALK_CTRL_SHARED_FOLDER__PROVIDER="nextcloud"
-# OPENTALK_CTRL_SHARED_FOLDER__URL="https://nextcloud.example.org/"
+# OPENTALK_CTRL_SHARED_FOLDER__URL="https://nextcloud.example.com/"
# OPENTALK_CTRL_SHARED_FOLDER__USERNAME="ncuser"
# OPENTALK_CTRL_SHARED_FOLDER__PASSWORD="v3rys3cr3t"
# OPENTALK_CTRL_SHARED_FOLDER__DIRECTORY="opentalk/meetings"
diff --git a/extras/nginx-samples/livekit.conf.sample b/extras/nginx-samples/livekit.conf.sample
new file mode 100644
index 0000000000000000000000000000000000000000..3b6d12581dca814190d34fc4fedf9a32fcef4820
--- /dev/null
+++ b/extras/nginx-samples/livekit.conf.sample
@@ -0,0 +1,53 @@
+upstream livekit_backend {
+ server localhost:7880;
+}
+
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name livekit.example.com;
+
+ # include snippets/letsencrypt.conf;
+
+ location / {
+ access_log off;
+ return 301 https://$server_name$request_uri;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name livekit.example.com;
+
+ ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+
+ root livekit.example.com;
+
+ include snippets/sslsettings.conf;
+
+ access_log /var/log/nginx/https-access_livekit.example.com.log;
+ error_log /var/log/nginx/https-error_livekit.example.com.log;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+
+ client_max_body_size 100M;
+ proxy_read_timeout 300;
+ proxy_buffers 8 8k;
+ proxy_buffer_size 8k;
+
+ proxy_pass http://livekit_backend;
+ }
+}
diff --git a/extras/opentalk-samples/controller.toml.sample b/extras/opentalk-samples/controller.toml.sample
index 91dc952c32e8b06f0b9f9b1ce410da832bb392f3..baac5995269dd176a663f705848febc2d0522944 100644
--- a/extras/opentalk-samples/controller.toml.sample
+++ b/extras/opentalk-samples/controller.toml.sample
@@ -38,13 +38,13 @@ url = "postgres://ot:postgrespw@postgres:5432/opentalk"
# The port to bind the HTTP Server to (defaults to 11311).
port = 11311
# URLs that requests are allowed from. Leave empty to allow all.
-cors.allowed_origin = ["https://example.org"]
+cors.allowed_origin = ["https://example.com"]
# Settings for the keycloak which is the user provider
# and allows authentication via OIDC
[keycloak]
# URL to the keycloak
-base_url = "https://accounts.example.org/auth"
+base_url = "https://accounts.example.com/auth"
# Name of the keycloak realm
realm = "opentalk"
# Client ID
@@ -52,34 +52,11 @@ client_id = "OtBackend"
# Client secret (application requires confidential client).
client_secret = "keycloakclientsecretforcontroller"
-[room_server]
-# Maximum bitrate allowed for media sessions that will be used to transmit webcam video/audio
-max_video_bitrate = "800000"
-
-# Maximum bitrate allowed for media sessions used for screen share
-max_screen_bitrate = "1200000"
-
-# Number of packets with with given `speaker_focus_level`
-# needed to detect a speaking participant.
-#
-# Default: 50 packets (1 second of audio)
-#speaker_focus_packets = "50"
-
-# Average value of audio level needed per packet.
-#
-# min: 127 (muted)
-# max: 0 (loud)
-# default: 50
-#speaker_focus_level = "50"
-
-# Connection settings for the channel used to talk to the room server.
-# Currently these should be equal to the settings in janus.transport.rabbitmq.jcfg
-# of the respective janus instance.
-[[room_server.connections]]
-to_routing_key = "to-janus"
-exchange = "janus-exchange"
-from_routing_key = "from-janus"
-
+[livekit]
+public_url = "https://livekit.example.com"
+service_url = "http://host.docker.internal:7880"
+api_key = "controller"
+api_secret = "livekitapisecret"
[rabbit_mq]
# The URL to use to connect to the rabbit mq broker
@@ -102,9 +79,7 @@ url = "amqp://rabbit/%2F"
mail_task_queue = "opentalk_mailer"
recording_task_queue = "opentalk_recorder"
-[redis]
-# Redis URL used to connect the redis server
-url = "redis://redis:6379/"
+
#[turn]
# Lifetime of the generated credentials (in seconds)
@@ -189,3 +164,4 @@ secret_key = "minioadmin"
#
# Example: Allow all traffic from localhost
#allowlist = ["127.0.0.0/24", "::ffff:0:0/96"]
+
diff --git a/extras/opentalk-samples/controller_oidc.toml.sample b/extras/opentalk-samples/controller_oidc.toml.sample
new file mode 100644
index 0000000000000000000000000000000000000000..98b3b4d0fae6a4b2e24bf1f788401571318d3e2f
--- /dev/null
+++ b/extras/opentalk-samples/controller_oidc.toml.sample
@@ -0,0 +1,228 @@
+# SPDX-FileCopyrightText: OpenTalk GmbH <mail@opentalk.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+[logging]
+# Default tracing directives that will always be applied after RUST_LOG's directives.
+# Each array entry may contain a single directive.
+# Below are some example directives which are used by default to reduce the amount of spamming some crates do by default.
+# The defaults will always apply, but they can be explicitly overwritten with this config or the RUST_LOG environment
+# variable. The priority of the different configuration options is: RUST_LOG > config file > defaults
+#default_directives = [
+# "ERROR",
+# "opentalk=INFO",
+# "pinky_swear=OFF",
+# "rustls=WARN",
+# "mio=ERROR",
+# "lapin=WARN",
+# "execution_id=trace"
+#]
+
+# Specify an optional OTLP tracing endpoint to export traces to
+#otlp_tracing_endpoint = "http://localhost:4317"
+
+# Service name when using opentelemetry
+#service_name = "controller"
+# Service namespace when using opentelemetry
+#service_namespace = "opentalk"
+# Service instance id when using opentelemetry. A random UUID will be generated at runtime if not set here.
+#service_instance_id = "627cc493-f310-47de-96bd-71410b7dec09"
+
+[database]
+# URL used to connect to a postgres.
+url = "postgres://ot:postgrespw@postgres:5432/opentalk"
+
+# Maximum number of connections allowed to the server.
+# Defaults to 100 which is the default of postgres.
+#max_connections = 100
+
+[http]
+# The port to bind the HTTP Server to (defaults to 11311).
+port = 11311
+# URLs that requests are allowed from. Leave empty to allow all.
+#cors.allowed_origin = ["https://example.com"]
+
+# Settings for the keycloak which is the user provider and allows authentication via OIDC.
+# This is deprecated, replace with [oidc] and [user_search] sections.
+#[keycloak]
+# URL to the keycloak
+#base_url = "http://accounts.example.com/auth"
+# Name of the keycloak realm
+#realm = "opentalk"
+# Client ID
+#client_id = "OtBackend"
+# Client secret (application requires confidential client).
+#client_secret = "keycloakclientsecretforcontroller"
+
+# Configure how Keycloak users resulting from a search and registered Opentalk users are assigned to each other
+# The following assignment strategies are available:
+# - by Keycloak id (default): Keycloak users are assigned to Opentalk users using Keycloak's id field.
+# - by user attribute: Keycloak must provide a user attribute holding the user IDs. The name of this user
+# attribute must be set here in external_id_user_attribute_name.
+#external_id_user_attribute_name = "my_user_attribute_name"
+
+# OIDC configuration.
+# Currently only Keycloak is supported. Full compliance with other OIDC providers is not guaranteed.
+[oidc]
+# URL to the keycloak
+authority = "https://accounts.example.com/auth/realms/opentalk"
+
+[oidc.frontend]
+# OIDC authority base url for the frontend.
+# Optional, if not set, the value from `oidc.authority` is used.
+# Will be made available to the frontend via the `GET /v1/auth/login` endpoint.
+authority = "https://accounts.example.com/auth/realms/opentalk"
+
+# Client id that will be used by the frontend when connecting to the oidc provider.
+client_id = "OtFrontend"
+
+[oidc.controller]
+# OIDC authority base url for the controller.
+# Optional, if not set, the value from `oidc.authority` is used.
+#authority = "https://accounts.example.com/auth/realms/opentalk"
+
+# Client id that will be used by the controller when connecting to the oidc provider.
+client_id = "OtBackend"
+
+# Client secret that will be used by the controller when connecting to the oidc provider.
+client_secret = "keycloakclientsecretforcontroller"
+
+[user_search]
+# Defines which backend to use for user search. Only `keycloak_webapi` is currently available.
+backend = "keycloak_webapi"
+
+# Base URL of the Keycloak web api.
+api_base_url = "https://accounts.example.com/auth/realms/opentalk"
+
+# Client id that is used to authenticate against the user search API.
+# Optional, if not set, the value from `oidc.controller.client_id` is used.
+client_id = "OtBackend"
+
+# Client secret that is used to authenticate against the user search API.
+# Optional, if not set, the value from `oidc.controller.client_secret` is used.
+client_secret = "keycloakclientsecretforcontroller"
+
+# Configure how Keycloak users resulting from a search and registered Opentalk users are assigned to each other
+# The following assignment strategies are available:
+# - by Keycloak id (default): Keycloak users are assigned to Opentalk users using Keycloak's id field.
+# - by user attribute: Keycloak must provide a user attribute holding the user IDs. The name of this user
+# attribute must be set here in external_id_user_attribute_name.
+#external_id_user_attribute_name = "my_user_attribute_name"
+
+# Set the behaviour of the `/users/find` endpoint.
+# This allows searching for users who have not yet logged into the controller.
+# You can choose where to search for users or disable the endpoint completely for performance or privacy reasons.
+# Possible values are "disabled", "from_database" and "from_user_search_backend".
+#users_find_behavior = "from_user_search_backend"
+users_find_behavior = "from_user_search_backend"
+
+[livekit]
+public_url = "https://livekit.example.com"
+service_url = "http://host.docker.internal:7880"
+api_key = "controller"
+api_secret = "livekitapisecret"
+
+[rabbit_mq]
+# The URL to use to connect to the rabbit mq broker
+#url = "amqp://username:password@host/%2F"
+
+# The rabbitmq queue name for the mail worker,
+# mailing is disabled when this is not set.
+#mail_task_queue = "opentalk_mailer"
+
+# The rabbitmq queue name for the recorder,
+# recording is disabled when this is not set.
+#recording_task_queue = "opentalk_recorder"
+
+# Minimum amount of connections to retain when removing stale connections
+#min_connections = 10
+
+# Maximum number of amqp channels per connection
+#max_channels_per_connection = 100
+url = "amqp://rabbit/%2F"
+mail_task_queue = "opentalk_mailer"
+recording_task_queue = "opentalk_recorder"
+
+#[turn]
+# Lifetime of the generated credentials (in seconds)
+#lifetime = 86400
+
+#[[turn.servers]]
+# URIS of this Turn Server following rfc7065
+#uris = [
+# "turn:127.0.0.1:3478?transport=udp",
+# "turn:127.0.0.1:3478?transport=tcp",
+# "turns:127.0.0.1:5349?transport=tcp"
+#]
+# The Pre Shared Key set with --static-auth-secret=...
+#pre_shared_key = "MyS3cr37"
+
+#[stun]
+#uris = ["stun:127.0.0.1:3478"]
+
+#[authz]
+# The reload interval of the permissions in seconds.
+# Used to propagate updates from one controller to the other.
+# reload_interval = 10
+
+#[call_in]
+# Set a phone number which will be displayed to the user
+# for the call-in service
+#tel="03012345678"
+# Enable the mapping of user names to their phone number. This requires
+# the OIDC provider to have a phone number field configured for their users.
+#enable_phone_mapping=false
+# The default country code for call in numbers. Notated in Alpha-2 code (ISO 3166)
+# Phone numbers that do not fall in the category of the default country must be notated
+# in the international format.
+#default_country_code="DE"
+
+# MinIO configuration
+[minio]
+# The URI to the MinIO instance
+uri = "http://minio:9000"
+# Name of the bucket
+bucket = "s3_bucket"
+# Access key for the MinIO bucket
+access_key = "minioadmin"
+# Secret key for the MinIO bucket
+secret_key = "minioadmin"
+
+# The etherpad configuration for the protocol module
+#[etherpad]
+#url = "http://etherpad:9001"
+# Etherpads api key
+#api_key = "etherpadapikey"
+
+# Spacedeck configuration
+#[spacedeck]
+#url = "http://spacedeck:9666"
+#api_key = "spacedeckapitoken"
+
+# Default/fallback values
+#[defaults]
+# Default language of a new user
+#user_language = "en-US"
+# Default presenter role for all users (defaults to false if not set)
+#participants_have_presenter_role = true
+
+# Settings for endpoints
+[endpoints]
+# Disable the /users/find endpoint for performance or privacy reasons
+disable_users_find = false
+
+# Enable user-searching using keycloak's admin API
+# This allows for finding users which have not yet
+# logged into the controller
+users_find_use_kc = false
+
+# Allow inviting any unchecked email address.
+# Not recommended without proper outgoing anti-spam protection
+event_invite_external_email_address = true
+
+# Configuration for the /metric HTTP endpoint
+#[metrics]
+# Allowlist for the /metrics endpoint
+#
+# Example: Allow all traffic from localhost
+#allowlist = ["127.0.0.0/24", "::ffff:0:0/96"]
\ No newline at end of file
diff --git a/extras/opentalk-samples/obelisk.toml.sample b/extras/opentalk-samples/obelisk.toml.sample
index 269ae826c144d95e0d12c5f261213b8893dc8b4e..e72513402ea37ca5ccf06e671324d2b3461f0bd5 100644
--- a/extras/opentalk-samples/obelisk.toml.sample
+++ b/extras/opentalk-samples/obelisk.toml.sample
@@ -31,7 +31,7 @@ port = 5060
# ID of this SIP endpoint
# When not set, it is generated as sip:<username>@<addr> where `addr` may be replaced by the
# public address discovered using the stun-server
-#id = "sip:alice@example.org"
+#id = "sip:alice@example.com"
# Username/Password pair.
# Usually provided by the SIP provider
@@ -39,16 +39,16 @@ username = "alice"
password = "mysecurepassword"
# Realm of the given username/password pair
-realm = "example.org"
+realm = "example.com"
# SIP URI of the registrar
-registrar = "sip:example.org"
+registrar = "sip:example.com"
# Seconds between ping/pong to keep NAT binding alive
#nat_ping_delta = 30
# Host-port of the stun server used for SIP
-stun_server = "stun.example.org:3478"
+stun_server = "stun.example.com:3478"
# Enforce quality of protection on SIP authentication
# (reuse of nonce + nonce-count instead of
diff --git a/extras/opentalk-samples/recorder.toml.sample b/extras/opentalk-samples/recorder.toml.sample
index 30bfe882e6e7e26941e38eaf8f7441ca8c138127..861ccc5ddb2ac9ef24163553fbb6d0975ecc628e 100644
--- a/extras/opentalk-samples/recorder.toml.sample
+++ b/extras/opentalk-samples/recorder.toml.sample
@@ -1,12 +1,12 @@
+[controller]
+domain = "controller.example.com"
+insecure = false
+
[auth]
-issuer = "https://accounts.example.org/auth/realms/MyRealm"
+issuer = "https://accounts.example.com/auth/realms/MyRealm"
client_id = "Recorder"
client_secret = "INSERT_KEY"
-[controller]
-domain = "controller.example.org"
-insecure = false
-
[rabbitmq]
uri = "amqp://guest:guest@localhost/%2F"
queue = "opentalk_recorder"
diff --git a/extras/opentalk-samples/smtp-mailer.toml.sample b/extras/opentalk-samples/smtp-mailer.toml.sample
index 5a815b8ac07ff24a7df4ddbd3d455140ac5bb05d..8595b873496e7e8e63227213420213e30e1d76a0 100644
--- a/extras/opentalk-samples/smtp-mailer.toml.sample
+++ b/extras/opentalk-samples/smtp-mailer.toml.sample
@@ -12,7 +12,7 @@ mail_task_queue = "opentalk_mailer"
#smtp_server = "smtp://localhost:1025?disable_starttls=true"
# Set the From email address according to the requirements of your SMTP server.
#from_name = "OpenTalk"
-#from_email = "no-reply@example.org"
+#from_email = "no-reply@example.com"
[template_builder]
# Link builder templates. `base_url` and `x_id` will be replaced. Need when the frontend uses different paths.
@@ -21,8 +21,8 @@ mail_task_queue = "opentalk_mailer"
#dashboard_event_link_builder = "{base_url}/dashboard/meetings/{event_id}"
[frontend]
-#base_url = "https://opentalk.example.org"
-#data_protection_url = "https://opentalk.example.org/dataprotection"
+#base_url = "https://opentalk.example.com"
+#data_protection_url = "https://opentalk.example.com/dataprotection"
[templates]
# Path to templates. These are loaded at runtime and are not compiled in.
diff --git a/init/livekit-init.sh b/init/livekit-init.sh
new file mode 100755
index 0000000000000000000000000000000000000000..2d6f17297e0a243ff8b354712d48b38441114606
--- /dev/null
+++ b/init/livekit-init.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+if [ -f /livekit.yaml ]; then
+ echo "[INIT] livekit.yaml config present. Skip writing config."
+else
+ echo "[INIT] Write livekit.yaml."
+cat << EOF > /livekit.yaml
+---
+port: $LIVEKIT_HTTP_PORT
+rtc:
+ tcp_port: $LIVEKIT_TCP_PORT
+ port_range_start: $LIVEKIT_RTC_PORT_RANGE_START
+ port_range_end: $LIVEKIT_RTC_PORT_RANGE_END
+ use_external_ip: $LIVEKIT_RTC_USE_EXTERNAL_IP
+ enable_loopback_candidate: $LIVEKIT_RTC_ENABLE_LOOPBACK_CANDIDATE
+turn:
+ enabled: $LIVEKIT_TURN_ENABLED
+# domain: "$LIVEKIT_TURN_DOMAIN"
+# tls_port: $LIVEKIT_TURN_TLS_PORT
+# udp_port: $LIVEKIT_TURN_UDP_PORT
+# external_tls: $LIVEKIT_TURN_EXTERNAL_TLS
+keys:
+ $LIVEKIT_KEYS_API_KEY: $LIVEKIT_KEYS_API_SECRET
+logging:
+ json: $LIVEKIT_LOGGING_JSON
+ level: $LIVEKIT_LOGGING_LEVEL
+EOF
+fi
+
+echo "Print /livekit.yaml"
+cat /livekit.yaml
+
+
+/livekit-server --config /livekit.yaml
\ No newline at end of file