diff --git a/modules/machine/yshtola/configuration.nix b/modules/machine/yshtola/configuration.nix
index 2a042a3..187f301 100644
--- a/modules/machine/yshtola/configuration.nix
+++ b/modules/machine/yshtola/configuration.nix
@@ -2,7 +2,12 @@
   pkgs,
   userName,
   ...
-}:let
+}: let
+  # INFO: set these to your liking
+  matrixFqdn = "chat.wyattjmiller.com";
+  rtcFqdn = "rtc.wyattjmiller.com";
+
+  supportEmail = "wyatt@wyattjmiller.com";
   livekitKeyFile = "/var/lib/livekit/livekit.key";
   matrixRegistrationTokenFile = "/var/lib/matrix.key";
 in {
@@ -19,8 +24,6 @@ in {
 
   # Custom kernel/boot stuff
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  #  boot.loader.systemd-boot.enable = true; # TODO: check on this
-  #  boot.loader.efi.canTouchEfiVariables = true;
 
   # Set your timezone
   time.timeZone = "America/Detroit";
@@ -117,14 +120,13 @@ in {
     package = pkgs.matrix-tuwunel;
     settings = {
       global = {
-        server_name = "chat.wyattjmiller.com";
+        server_name = matrixFqdn;
         allow_encryption = true;
         allow_federation = true;
         allow_registration = true;
         registration_token = matrixRegistrationTokenFile;
         allow_unstable_room_versions = false;
         allow_experimental_room_versions = false;
-        # encryption_enabled_by_default_for_room_type = false;
         zstd_compression = true;
         new_user_displayname_suffix = "✨";
         max_request_size = 1048575600; # 100MB in bytes, for file uploads
@@ -138,36 +140,20 @@ in {
         port = [ 8008 ];
 
         well_known = {
-          client = "https://chat.wyattjmiller.com";
-          server = "chat.wyattjmiller.com:443";
-          support_email = "wyatt@wyattjmiller.com";
-          support_mxid = "@wymiller:chat.wyattjmiller.com";
+          client = "https://${matrixFqdn}";
+          server = "${matrixFqdn}:443";
+          support_email = supportEmail;
+          support_mxid = "@wymiller:${matrixFqdn}";
           
           rtc_transports = [{
             type = "livekit";
-            livekit_service_url = "https://rtc.wyattjmiller.com";
+            livekit_service_url = "https://${rtcFqdn}";
           }];
         };
       };
     };
   };
 
-  # TURN/STUN server
-  services.coturn = {
-    enable = true;
-    no-cli = false;
-    no-tcp-relay = false;
-    realm = "turn.wyattjmiller.com";
-    min-port = 49000;
-    max-port = 50000;
-
-    # TODO: fill out this extraConfig option a bit more with denial of private IP addresses
-    extraConfig = ''
-      verbose
-      no-multicast-peers
-    '';
-  };
-
   # LiveKit (Matrix RTC)
   services.livekit = {
     enable = true;
@@ -188,19 +174,19 @@ in {
     enable = true;
     package = pkgs.caddy;
     virtualHosts = {
-      "chat.wyattjmiller.com" = {
+      "${matrixFqdn}" = {
         extraConfig = ''
           encode zstd gzip
           reverse_proxy localhost:8008
         '';
       };
-      "chat.wyattjmiller.com:8448" = {
+      "${matrixFqdn}:8448" = {
         extraConfig = ''
           encode zstd gzip
           reverse_proxy localhost:8008
         '';
       };
-      "rtc.wyattjmiller.com" = {
+      "${rtcFqdn}" = {
         extraConfig = ''
           @jwt_service {
             path /sfu/get* /healthz*
@@ -230,30 +216,54 @@ in {
   };
 
   # Generate LiveKit key if it doesn't exist
-  systemd.services.livekit-key = {
-    before = [ "lk-jwt-service.service" "livekit.service" ];
-    wantedBy = [ "multi-user.target" ];
-    path = with pkgs; [ coreutils openssl ];
-    script = ''
-      set -eu
+  systemd.services = {
+    matrix-registration-token-gen = {
+      before = [ "tuwunel.service" ];
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ coreutils openssl ];
+      script = ''
+        set -eu
 
-      if [ -f "${livekitKeyFile}" ]; then
-        exit 0
-      fi
+        if [ -f "${matrixRegistrationTokenFile}" ]; then
+          exit 0
+        fi
 
-      install -d -m 0700 "$(dirname "${livekitKeyFile}")"
+        install -d -m 0700 "$(dirname "${matrixRegistrationTokenFile}")"
 
-      API_KEY="$(openssl rand -hex 8)"
-      API_SECRET="$(openssl rand -hex 32)"
+        TOKEN="$(openssl rand -hex 32)"
 
-      # keyFile format for nixpkgs services.livekit.keyFile:
-      # a YAML map of apiKey -> apiSecret (no surrounding "keys:" key)
-      umask 077
-      printf '%s: %s\n' "$API_KEY" "$API_SECRET" > "${livekitKeyFile}"
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
+        umask 077
+        printf '%s\n' "$TOKEN" > "${matrixRegistrationTokenFile}"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
+    };
+
+    livekit-key-gen = {
+      before = [ "lk-jwt-service.service" "livekit.service" ];
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ coreutils openssl ];
+      script = ''
+        set -eu
+
+        if [ -f "${livekitKeyFile}" ]; then
+          exit 0
+        fi
+
+        install -d -m 0700 "$(dirname "${livekitKeyFile}")"
+
+        API_KEY="$(openssl rand -hex 8)"
+        API_SECRET="$(openssl rand -hex 32)"
+
+        umask 077
+        printf '%s: %s\n' "$API_KEY" "$API_SECRET" > "${livekitKeyFile}"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
     };
   };