Sienna Meridian Satterwhite
fdcc15080f
Element Call expects livekit_service_url to be an HTTPS endpoint (lk-jwt-service), not a WebSocket URL. The client connects to LiveKit via WSS separately after getting a JWT.
45 lines
1.5 KiB
YAML
45 lines
1.5 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: tuwunel-config
|
|
namespace: matrix
|
|
data:
|
|
tuwunel.toml: |
|
|
[global]
|
|
server_name = "sunbeam.pt"
|
|
database_path = "/data"
|
|
address = "0.0.0.0"
|
|
port = 6167
|
|
max_request_size = 104857600
|
|
allow_registration = false
|
|
allow_guest_registration = false
|
|
login_with_password = false
|
|
single_sso = true
|
|
allow_encryption = true
|
|
|
|
# Search — OpenSearch with hybrid neural search
|
|
search_backend = "opensearch"
|
|
search_opensearch_url = "http://opensearch.data.svc.cluster.local:9200"
|
|
search_opensearch_index = "tuwunel_messages"
|
|
search_opensearch_hybrid = true
|
|
# model_id is injected via TUWUNEL_SEARCH_OPENSEARCH_MODEL_ID env var
|
|
# (set by sunbeam CLI post-apply hook from OpenSearch ML state)
|
|
search_opensearch_embedding_dim = 768
|
|
search_opensearch_pipeline = "tuwunel_embedding_pipeline"
|
|
search_opensearch_batch_size = 100
|
|
search_opensearch_flush_interval_ms = 1000
|
|
|
|
# TURN via LiveKit's built-in TURN server
|
|
turn_uris = ["turn:meet.DOMAIN_SUFFIX:3478?transport=udp", "turns:meet.DOMAIN_SUFFIX:5349?transport=tcp"]
|
|
turn_secret = ""
|
|
|
|
# Well-known delegation
|
|
[global.well_known]
|
|
client = "https://messages.DOMAIN_SUFFIX"
|
|
server = "messages.DOMAIN_SUFFIX:443"
|
|
livekit_url = "https://livekit.DOMAIN_SUFFIX"
|
|
|
|
# OIDC via Ory Hydra — identity_provider is configured entirely
|
|
# via env vars because client_id/client_secret are injected from
|
|
# the hydra-maester-managed oidc-tuwunel Secret.
|