{ config, pkgs, lib, ... }: {
  imports = [
    ./turn.nix
  ];
  # Shared between lk-jwt-service and livekit
  # TODO: Generate it
  sops.secrets.lk-jwt = {};
  services.lk-jwt-service = {
    enable = true;
    port = 7374;
    livekitUrl = "wss://matrix-rtc.glia.club";
    keyFile = config.sops.secrets.lk-jwt.path;
  };
  services.livekit = {
    enable  = true;
    keyFile = config.sops.secrets.lk-jwt.path;
    # Ingress of other video streams
    # for RTC usage, e.g. RTMP, WHIP, etc.
    ingress = { enable = false; };
    # Redis is used if we were to use ingress
    redis = { createLocally = false; };
    settings = {
      port = 7375;
      bind_addresses = [""];
      rtc = {
        port = 7376;
        port_range_end   = 50100;
        port_range_start = 50200;
        use_external_ip  = true;
        enable_loopback_candidate = false;
      };
    };
  };
  services.matrix-tuwunel.settings = {
    global.well_known = {
      rtc_transports = [{
        type = "livekit";
        livekit_service_url = "https://matrix-rtc.glia.club";
      }];
    };
  };
  services.caddy.virtualHosts = {
    "matrix-rtc.glia.club" = {
      extraConfig = ''
        # This is matrix-rtc-jwt
        @jwt_service {
          path /sfu/get* /healthz*
        }
        handle @jwt_service {
          reverse_proxy localhost:${toString config.services.lk-jwt-service.port}
        }
        # This is livekit
        handle {
          reverse_proxy localhost:${toString config.services.livekit.settings.port} {
            header_up Connection "upgrade"
            header_up Upgrade {http.request.header.Upgrade}
          }
        }
      '';
    };
  };
}