Merge pull request #7928 from nextcloud/copilot/add-hardware-transcoding-talk-recording

talk-recording: allow to enable hardware transcoding for the container

Containers/mastercontainer/start.sh

@@ -312,6 +312,26 @@ if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
     print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
 The community containers get managed via the AIO interface now."
 fi
+if [ -n "$NEXTCLOUD_ENABLE_DRI_DEVICE" ]; then
+    print_red "The environmental variable NEXTCLOUD_ENABLE_DRI_DEVICE is deprecated. Please mount the /dev/dri device into the mastercontainer instead and remove NEXTCLOUD_ENABLE_DRI_DEVICE. It will then be set automatically."
+fi
+
+# Automatically enable the /dev/dri device if it is mounted into the mastercontainer
+if [ -d "/dev/dri" ]; then
+    export NEXTCLOUD_ENABLE_DRI_DEVICE="true"
+    if [ -e "/dev/dri/renderD128" ]; then
+        NEXTCLOUD_DRI_GID="$(stat -c '%g' /dev/dri/renderD128)"
+        export NEXTCLOUD_DRI_GID
+    else
+        export NEXTCLOUD_DRI_GID=""
+    fi
+else
+    if [ -z "$NEXTCLOUD_ENABLE_DRI_DEVICE" ]; then
+        # Force the unset of the env if it was not externally overwritten already
+        export NEXTCLOUD_ENABLE_DRI_DEVICE="false"
+    fi
+    export NEXTCLOUD_DRI_GID=""
+fi
 
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268

Containers/talk-recording/Dockerfile

@@ -19,6 +19,7 @@ RUN set -ex; \
         bash \
         xvfb \
         ffmpeg \
+        mesa-va-gallium \
         firefox \
         font-noto-all \
         font-noto-cjk \

Containers/talk-recording/start.sh

@@ -19,6 +19,33 @@ fi
 # Delete all contents on startup to start fresh
 rm -fr /tmp/{*,.*}
 
+# Detect available hardware for transcoding and build the [ffmpeg] config section accordingly
+FFMPEG_SECTION="[ffmpeg]
+# common = ffmpeg -loglevel level+warning -n
+# outputaudio = -c:a libopus
+# outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
+extensionaudio = .ogg
+extensionvideo = .webm"
+
+# Check for NVIDIA GPU hardware encoding (NVENC)
+if [ -e "/dev/nvidia0" ] && ffmpeg -hide_banner -encoders 2>/dev/null | grep -q "h264_nvenc"; then
+    echo "NVIDIA GPU detected, enabling h264_nvenc hardware transcoding"
+    FFMPEG_SECTION="[ffmpeg]
+outputvideo = -c:v h264_nvenc -preset p4
+outputaudio = -c:a aac
+extensionaudio = .m4a
+extensionvideo = .mp4"
+# Check for VA-API render node (Intel/AMD open source drivers)
+elif [ -r "/dev/dri/renderD128" ] && ffmpeg -hide_banner -encoders 2>/dev/null | grep -q "h264_vaapi"; then
+    echo "DRI device detected, enabling h264_vaapi hardware transcoding"
+    FFMPEG_SECTION="[ffmpeg]
+common = ffmpeg -loglevel level+warning -n -vaapi_device /dev/dri/renderD128
+outputvideo = -vf format=nv12,hwupload -c:v h264_vaapi
+outputaudio = -c:a aac
+extensionaudio = .m4a
+extensionvideo = .mp4"
+fi
+
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
@@ -50,12 +77,7 @@ signalings = signaling-1
 url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}
 
-[ffmpeg]
-# common = ffmpeg -loglevel level+warning -n
-# outputaudio = -c:a libopus
-# outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
-extensionaudio = .ogg
-extensionvideo = .webm
+${FFMPEG_SECTION}
 
 [recording]
 browser = firefox

compose.yaml

@@ -8,6 +8,7 @@ services:
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+    # devices: ["/dev/dri"] # Uncomment to enable hardware acceleration. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't add this as otherwise the mastercontainer will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
     network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network
     # networks: ["nextcloud-aio"]
     ports:
@@ -33,7 +34,6 @@ services:
       # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
-      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
       # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
       # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation

php/src/Data/ConfigurationManager.php

@@ -279,6 +279,10 @@ class ConfigurationManager
         set { $this->set('nextcloud_enable_dri_device', $value); }
     }
 
+    public string $driDeviceGid {
+        get => getenv('NEXTCLOUD_DRI_GID') ?: '';
+    }
+
     public bool $enableNvidiaGpu {
         get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
         set { $this->set('enable_nvidia_gpu', $value); }

php/src/Docker/DockerActionManager.php

@@ -311,17 +311,31 @@ readonly class DockerActionManager {
         }
 
         $devices = [];
+        $groupAdd = [];
         foreach ($container->devices as $device) {
             if ($device === '/dev/dri' && !$this->configurationManager->nextcloudEnableDriDevice) {
                 continue;
             }
             $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
+            if ($device === '/dev/dri') {
+                // Add the render device's group as a supplemental group so that non-root
+                // containers (e.g. nextcloud-aio-talk-recording) can access the device.
+                // The GID is detected during mastercontainer startup when /dev/dri is bind-mounted.
+                $gid = $this->configurationManager->driDeviceGid;
+                if ($gid !== '' && !in_array($gid, $groupAdd, true)) {
+                    $groupAdd[] = $gid;
+                }
+            }
         }
 
         if (count($devices) > 0) {
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        if (count($groupAdd) > 0) {
+            $requestBody['HostConfig']['GroupAdd'] = $groupAdd;
+        }
+
         if ($container->enableNvidiaGpu && $this->configurationManager->enableNvidiaGpu) {
             $requestBody['HostConfig']['Runtime'] = 'nvidia';
             $requestBody['HostConfig']['DeviceRequests'] = [

readme.md

@@ -564,14 +564,15 @@ Some container can use GPU acceleration to increase performance like [memories a
 #### With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia
 
 > [!WARNING]  
-> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host.
+> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the mastercontainer will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host.
 
 A list of supported device can be fond in [MESA 3D documentation](https://docs.mesa3d.org/systems.html).
 
 This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device.
 
-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
+In order to use that, you need to pass the `/dev/dri` device into the mastercontainer by adding `--device=/dev/dri` to the docker run command (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The `/dev/dri` device gets mounted into the containers that benefit from it.
 
+With this device in place, the AIO mastercontainer automatically detects the `/dev/dri` device, enables hardware acceleration for the relevant containers and passes the correct render device group to the talk-recording container so that VA-API hardware transcoding (`h264_vaapi`) is used when recording calls.
 
 #### With proprietary drivers for Nvidia :warning: BETA
 
@@ -584,6 +585,8 @@ This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacente
 
 In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
 
+The talk-recording container automatically detects the NVIDIA GPU at startup and uses `h264_nvenc` hardware encoding when available. No additional steps are required beyond enabling the NVIDIA runtime.
+
 If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).
 
 ### How to keep disabled apps?

tests/QA/060-environmental-variables.md

@@ -22,7 +22,7 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts notes`.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
-- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
+- [ ] When mounting `/dev/dri` into the mastercontainer with `--device=/dev/dri`, the /dev/dri device mounted into all sibling containers that require it like talk-recording. (Only works if a `/dev/dri` device is present on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.