diff --git a/justfile b/justfile
index 44b9a63..b42fbed 100644
--- a/justfile
+++ b/justfile
@@ -42,5 +42,5 @@ setup:
 push:
     git pull
     git add *
-    read -p "Commit message: " -r message && git commit -m "$message"
+    read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message && echo "$message" > .commit-message && git commit -m "$message" && rm -f .commit-message
     git push
diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml
index c0edc61..28fc80b 100644
--- a/nixos/hosts/queen/secrets/sops.yaml
+++ b/nixos/hosts/queen/secrets/sops.yaml
@@ -16,6 +16,7 @@ writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv
 writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
 ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
 mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str]
+livekit-secret: ENC[AES256_GCM,data:fsYuxQ00Ikp18NyyxZoOGqBrz+vBbEVoYfWUKN57jRveYDpPIV53VoYypQCp54oKsn3AN6A4cMZFQCJqOEsvhnniB+K3,iv:pvXqP8OTKFVUhebUWq2m8tBqvvI2FrXe+mDQYiq/gvQ=,tag:bLA1s922qEMVju5LxlGzJA==,type:str]
 sops:
     age:
         - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
@@ -27,7 +28,7 @@ sops:
             KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
             NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-04T13:04:56Z"
-    mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str]
+    lastmodified: "2026-03-17T15:28:18Z"
+    mac: ENC[AES256_GCM,data:/ziw/6iAMzPjtwP19IEZuEumQ6qQxE0pr6qhtRxccAzqsQjcZnsHVjrz5wCVlt1TVBsbFnveAY+MbO7pj2Vah0rka5DNs1mV+xfo+POuArboFOsyOOtw1wNXSlRhW/jMhjq7/MMBmPgMlWoals1r7X+wZzGHvBMKMOECfd4B4dY=,iv:KQUC8AfEn0TQxKZ9+PrD/bSaOz0HjifvluDQFwXcGIk=,tag:n788ZvgcnvU63ue3TOYWAw==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.12.1
diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix
index 09268ee..b4e36cb 100644
--- a/nixos/server/package-configs/conduit/default.nix
+++ b/nixos/server/package-configs/conduit/default.nix
@@ -19,6 +19,11 @@
     }
   '';
 
+  livekit-port = 64485;
+  livekit-rtc-start = 63400;
+  livekit-rtc-end = 63600;
+  livekit-url = "livekit.gladtherescake.eu";
+
   # Build a dervation that stores the content of `${server_name}/.well-known/matrix/client`
   well_known_client = pkgs.writeText "well-known-matrix-client" ''
     {
@@ -28,6 +33,27 @@
     }
   '';
 in {
+  sops.secrets = {
+    "livekit-secret" = {
+      mode = "0440";
+      owner = "nginx";
+    };
+  };
+
+  services.livekit = {
+    enable = true;
+    keyFile = config.sops.secrets."livekit-secret".path;
+    openFirewall = true;
+    redis.port = 64484;
+    settings = {
+      port = livekit-port;
+      rtc = {
+        port_range_start = livekit-rtc-start;
+        port_range_end = livekit-rtc-end;
+        use_external_ip = true;
+      };
+    };
+  };
   # Configure continuwuity itself
   services.matrix-continuwuity = {
     enable = true;
@@ -37,7 +63,12 @@ in {
       allow_registration = false;
       # emergency_password = "testpassword";
       turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"];
-      turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
+      matrix_rtc = {
+        foci = [
+          ''{type = "livekit", livekit_service_url = "https://${livekit-url}"},''
+        ];
+      };
+      turn-secret-file = config.sops.secrets."coturn-auth-secret".path;
       well_known = {
         server = "matrix.gladtherescake.eu:443";
         client = "https://matrix.gladtherescake.eu";
@@ -63,7 +94,7 @@ in {
     enable = true;
 
     virtualHosts = {
-      "${server_name}" = {
+      "${livekit-url}" = {
         forceSSL = true;
         enableACME = true;
 
@@ -90,6 +121,59 @@ in {
           }
         ];
 
+        locations."~ ^/(sfu/get|healthz|get_token)" = {
+          proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri";
+          extraConfig = ''
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $http_host;
+            proxy_buffering off;
+          '';
+        };
+
+        # for livekit
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri;";
+          extraConfig = ''
+            X-Forwarded-For $remote_addr;"
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $http_host;
+            proxy_buffering off;
+
+            # websocket
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+          '';
+        };
+      };
+      "${server_name}" = {
+        forceSSL = true;
+        enableACME = true;
+
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "[::]";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "0.0.0.0";
+            port = livekit-port;
+            ssl = true;
+          }
+          {
+            addr = "[::]";
+            port = livekit-port;
+            ssl = true;
+          }
+        ];
+
         locations."/_matrix/" = {
           proxyPass = "http://backend_continuwuity";
           proxyWebsockets = true;
diff --git a/nixos/server/package-configs/nextcloud/default.nix b/nixos/server/package-configs/nextcloud/default.nix
index 8afd0e5..b6fd5e6 100644
--- a/nixos/server/package-configs/nextcloud/default.nix
+++ b/nixos/server/package-configs/nextcloud/default.nix
@@ -3,10 +3,16 @@
   pkgs,
   ...
 }: {
-  sops.secrets."nextcloudadmin".mode = "0440";
-  sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
-  sops.secrets."nextclouddb".mode = "0440";
-  sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
+  sops.secrets = {
+    "nextcloudadmin" = {
+      mode = "0440";
+      owner = config.users.users.nextcloud.name;
+    };
+    "nextclouddb" = {
+      mode = "0440";
+      owner = config.users.users.nextcloud.name;
+    };
+  };
   # sops.secrets."local.json".mode = "0440";
   # sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
 
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..8b62478
--- /dev/null
+++ b/test.sh
@@ -0,0 +1 @@
+read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message