From 89836b967407985d2193ffd79f4d6739a59746e9 Mon Sep 17 00:00:00 2001
From: eveeifyeve <88671402+Eveeifyeve@users.noreply.github.com>
Date: Tue, 27 Jan 2026 07:50:24 +1100
Subject: [PATCH] non-critical-infra: lasuite-meet init

---
 build/pluto/prometheus/exporters/blackbox.nix |  1 +
 dns/nixos.org.js                              |  1 +
 non-critical-infra/hosts/caliban/default.nix  |  1 +
 non-critical-infra/modules/lasuite-meet.nix   | 40 +++++++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 non-critical-infra/modules/lasuite-meet.nix

diff --git a/build/pluto/prometheus/exporters/blackbox.nix b/build/pluto/prometheus/exporters/blackbox.nix
index 2abc090b..e70c0cbe 100644
--- a/build/pluto/prometheus/exporters/blackbox.nix
+++ b/build/pluto/prometheus/exporters/blackbox.nix
@@ -103,6 +103,7 @@ in
           "https://common-styles.nixos.org"
           "https://discourse.nixos.org"
           "https://hydra.nixos.org"
+          "https://lasuite-meet.nixos.org"
           "https://mobile.nixos.org"
           "https://monitoring.nixos.org"
           "https://nixos.org"
diff --git a/dns/nixos.org.js b/dns/nixos.org.js
index 58fe3f7f..625f8e7c 100644
--- a/dns/nixos.org.js
+++ b/dns/nixos.org.js
@@ -124,6 +124,7 @@ D("nixos.org",
 	CNAME("nixpkgs-swh", "caliban"),
 	CNAME("survey", "caliban"),
 	CNAME("vault", "caliban"),
+	CNAME("lasuite-meet", "caliban"),
 	DMARC_BUILDER({
 		label: "caliban",
 		policy: "none"
diff --git a/non-critical-infra/hosts/caliban/default.nix b/non-critical-infra/hosts/caliban/default.nix
index d3584094..c6ae85a9 100644
--- a/non-critical-infra/hosts/caliban/default.nix
+++ b/non-critical-infra/hosts/caliban/default.nix
@@ -16,6 +16,7 @@
     ../../modules/backup.nix
     ../../modules/element-web.nix
     ../../modules/limesurvey.nix
+    ../../modules/lasuite-meet.nix
     ../../modules/matrix-synapse.nix
     ../../modules/owncast.nix
     ../../modules/vaultwarden.nix
diff --git a/non-critical-infra/modules/lasuite-meet.nix b/non-critical-infra/modules/lasuite-meet.nix
new file mode 100644
index 00000000..8d4c4db9
--- /dev/null
+++ b/non-critical-infra/modules/lasuite-meet.nix
@@ -0,0 +1,40 @@
+{
+  config,
+  ...
+}:
+{
+  sops.secrets = {
+    lasuite-livekit-keyfile = {
+      sopsFile = ../secrets/lasuite-livekit-keyfile.caliban;
+      format = "yml";
+      restartUnits = [ "lasuite.service" ];
+    };
+
+  };
+
+  services.lasuite-meet = {
+    enable = true;
+    enableNginx = true;
+    domain = "lasuite-meet.nixos.org";
+    livekit = {
+      enable = true;
+      keyFile = config.sops.secrets.lasuite-livekit-keyfile.path;
+    };
+
+    # Databases
+    postgresql.createLocally = true;
+    redis.createLocally = true;
+
+    settings = {
+      FRONTEND_IS_SILENT_LOGIN_ENABLED = true;
+      ALLOW_UNREGISTERED_ROOMS = true; # We want to allow for the creation of rooms unregistered in case a maintainer needs to meet with another maintainer or a team needs to create a meeting room.
+      RECORDING_ENABLE = true; # Useful for SC for recording mins during meetings.
+    };
+  };
+
+  # This is still requires as enableNginx doesn't enable the acme and forceSSL.
+  services.nginx.virtualHosts."lasuite-meet" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+}