diff --git a/clients/quadraticserver/element-call.nix b/clients/quadraticserver/element-call.nix
index 53f2fa4..bcf8376 100644
--- a/clients/quadraticserver/element-call.nix
+++ b/clients/quadraticserver/element-call.nix
@@ -10,13 +10,13 @@
       enable = true;
       livekit = {
         url = "wss://${domain}/livekit/sfu";
-        keyFile = config.age.secrets."livekitKeys.age".path;
+        environmentFile = config.age.secrets."livekitKeys.age".path;
       };
     };
 
     livekit = {
       enable = true;
-      keyFile = config.age.secrets."livekitKeys.age".path;
+      environmentFile = config.age.secrets."livekitKeys.age".path;
     };
 
     caddy.virtualHosts."${domain}".extraConfig = ''
diff --git a/clients/quadraticserver/grapevine.nix b/clients/quadraticserver/grapevine.nix
index e31e50c..412ea14 100644
--- a/clients/quadraticserver/grapevine.nix
+++ b/clients/quadraticserver/grapevine.nix
@@ -11,7 +11,10 @@
       settings = {
         server_name = "henryhiles.com";
         database.backend = "rocksdb";
-        federation.max_concurrent_requests = 10000;
+        federation = {
+          max_concurrent_requests = 10000;
+          self_test = false;
+        };
 
         server_discovery = {
           server.authority = "${domain}:443";
diff --git a/modules/common/services/livekit.nix b/modules/common/services/livekit.nix
index bd06cfa..7f2c05b 100644
--- a/modules/common/services/livekit.nix
+++ b/modules/common/services/livekit.nix
@@ -5,13 +5,14 @@
   ...
 }: let
   cfg = config.services.livekit;
+  format = pkgs.formats.json {};
 in {
   meta.maintainers = with lib.maintainers; [quadradical];
   options.services.livekit = {
     enable = lib.mkEnableOption "Enable the livekit server";
     package = lib.mkPackageOption pkgs "livekit" {};
 
-    keyFile = lib.mkOption {
+    environmentFile = lib.mkOption {
       type = lib.types.path;
       description = ''
         LiveKit key file, with syntax `LIVEKIT_KEYS=\"key: secret\"`
@@ -34,24 +35,38 @@ in {
       '';
     };
 
-    port = lib.mkOption {
-      type = lib.types.port;
-      default = 7880;
-      description = "Main TCP port for RoomService and RTC endpoint.";
-    };
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = format.type;
+        options = {
+          port = lib.mkOption {
+            type = lib.types.port;
+            default = 7880;
+            description = "Main TCP port for RoomService and RTC endpoint.";
+          };
 
-    rtc = {
-      portRangeStart = lib.mkOption {
-        type = lib.types.int;
-        default = 50000;
-        description = "Start of UDP port range for WebRTC";
-      };
+          rtc = {
+            port_range_start = lib.mkOption {
+              type = lib.types.int;
+              default = 50000;
+              description = "Start of UDP port range for WebRTC";
+            };
 
-      portRangeEnd = lib.mkOption {
-        type = lib.types.int;
-        default = 51000;
-        description = "End of UDP port range for WebRTC";
+            port_range_end = lib.mkOption {
+              type = lib.types.int;
+              default = 51000;
+              description = "End of UDP port range for WebRTC";
+            };
+          };
+        };
       };
+      default = {};
+      description = ''
+        LiveKit configuration file expressed in nix.
+
+        For an example configuration, see <https://docs.livekit.io/home/self-hosting/deployment/#configuration>.
+        For all possible values, see <https://github.com/livekit/livekit/blob/master/config-sample.yaml>.
+      '';
     };
   };
 
@@ -76,7 +91,7 @@ in {
       after = ["network-online.target"];
 
       serviceConfig = {
-        EnvironmentFile = cfg.keyFile;
+        EnvironmentFile = cfg.environmentFile;
         DynamicUser = true;
         LockPersonality = true;
         MemoryDenyWriteExecute = true;
@@ -103,18 +118,7 @@ in {
           "~@privileged"
           "~@resources"
         ];
-        ExecStart = "${lib.getExe cfg.package} --config-body=${
-          builtins.toJSON (
-            builtins.toJSON {
-              port = cfg.port;
-              rtc = {
-                port_range_start = cfg.rtc.portRangeStart;
-                port_range_end = cfg.rtc.portRangeEnd;
-                use_external_ip = cfg.useExternalIP;
-              };
-            }
-          )
-        }";
+        ExecStart = "${lib.getExe cfg.package} --config ${format.generate "livekit.json" cfg.settings}";
         Restart = "on-failure";
         RestartSec = 5;
         UMask = "077";
diff --git a/modules/common/services/lk-jwt-service.nix b/modules/common/services/lk-jwt-service.nix
index a91a6bf..c4bfdd4 100644
--- a/modules/common/services/lk-jwt-service.nix
+++ b/modules/common/services/lk-jwt-service.nix
@@ -20,10 +20,10 @@ in {
         '';
       };
 
-      keyFile = lib.mkOption {
+      environmentFile = lib.mkOption {
         type = lib.types.path;
         description = ''
-          Path to a file showing LiveKit keys, where you must declare some of: `LIVEKIT_KEY`, `LIVEKIT_SECRET`, `LIVEKIT_KEY_FROM_FILE`, `LIVEKIT_SECRET_FROM_FILE`, and/or `LIVEKIT_KEY_FILE`.
+          Path to a file of environment variables, where you must declare some of: `LIVEKIT_KEY`, `LIVEKIT_SECRET`, `LIVEKIT_KEY_FROM_FILE`, `LIVEKIT_SECRET_FROM_FILE`, and/or `LIVEKIT_KEY_FILE`.
           For more information, see <https://github.com/element-hq/lk-jwt-service#configuration>.
         '';
       };
@@ -46,7 +46,7 @@ in {
       environment.LIVEKIT_URL = cfg.livekit.url;
 
       serviceConfig = {
-        EnvironmentFile = cfg.livekit.keyFile;
+        EnvironmentFile = cfg.livekit.environmentFile;
         DynamicUser = true;
         LockPersonality = true;
         MemoryDenyWriteExecute = true;