From e7d4bd4e28c842be755f659ca7393c0c0b60bc74 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Jul 2025 06:46:24 +0300
Subject: [PATCH] Upgrade livekit-jwt-servie (0.2.3 -> 0.3.0) and make use of
 the new `LIVEKIT_FULL_ACCESS_HOMESERVERS` environment variable

Ref: https://github.com/element-hq/lk-jwt-service/releases/tag/v0.3.0
---
 group_vars/matrix_servers                                | 2 ++
 .../custom/matrix-livekit-jwt-service/defaults/main.yml  | 9 ++++++++-
 roles/custom/matrix-livekit-jwt-service/templates/env.j2 | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index b694ca1fa..4d8f351a1 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -6501,6 +6501,8 @@ matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(m
 
 matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}"
 
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["{{ matrix_domain }}"]
+
 ########################################################################
 #                                                                      #
 # /matrix-livekit-jwt-service                                          #
diff --git a/roles/custom/matrix-livekit-jwt-service/defaults/main.yml b/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
index f35ff576c..13beb7d2d 100644
--- a/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
+++ b/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
 matrix_livekit_jwt_service_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
-matrix_livekit_jwt_service_version: 0.2.3
+matrix_livekit_jwt_service_version: 0.3.0
 
 matrix_livekit_jwt_service_container_image_self_build: false
 matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
@@ -80,6 +80,13 @@ matrix_livekit_jwt_service_environment_variable_livekit_url: ""
 # Controls the LIVEKIT_SECRET environment variable
 matrix_livekit_jwt_service_environment_variable_livekit_secret: ""
 
+# Controls the LIVEKIT_FULL_ACCESS_HOMESERVERS environment variable
+# Comma-separated list of Matrix homeservers whose users are authorized with full access to LiveKit SFU features
+# (supports * as a wildcard to allow all homeservers).
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers: "{{ matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list | join(',') }}"
+
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["*"]
+
 # Additional environment variables to pass to the container.
 #
 # Environment variables take priority over settings in the configuration file.
diff --git a/roles/custom/matrix-livekit-jwt-service/templates/env.j2 b/roles/custom/matrix-livekit-jwt-service/templates/env.j2
index c32da08ef..56a5496a7 100644
--- a/roles/custom/matrix-livekit-jwt-service/templates/env.j2
+++ b/roles/custom/matrix-livekit-jwt-service/templates/env.j2
@@ -11,4 +11,6 @@ LIVEKIT_KEY={{ matrix_livekit_jwt_service_environment_variable_livekit_key }}
 LIVEKIT_URL={{ matrix_livekit_jwt_service_environment_variable_livekit_url }}
 LIVEKIT_SECRET={{ matrix_livekit_jwt_service_environment_variable_livekit_secret }}
 
+LIVEKIT_FULL_ACCESS_HOMESERVERS={{ matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers }}
+
 {{ matrix_livekit_jwt_service_environment_variables_extension }}