feat(fed): Handle EDUs before PDUs

Aranje needs his crypto keys

.dockerignore

@@ -1,9 +1,9 @@
 # Local build and dev artifacts
 target/
-!target/debug/conduwuit
 
 # Docker files
 Dockerfile*
+docker/
 
 # IDE files
 .vscode

.forgejo/actions/create-docker-manifest/action.yml

@@ -32,19 +32,17 @@ outputs:
 runs:
   using: composite
   steps:
-    - run: mkdir -p digests
-      shell: bash
     - name: Download digests
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
       uses: forgejo/download-artifact@v4
       with:
-        path: digests
+        path: /tmp/digests
         pattern: ${{ inputs.digest_pattern }}
         merge-multiple: true
 
     - name: Login to builtin registry
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: docker/login-action@v4
+      uses: docker/login-action@v3
       with:
         registry: ${{ env.BUILTIN_REGISTRY }}
         username: ${{ inputs.registry_user }}
@@ -52,7 +50,7 @@ runs:
 
     - name: Set up Docker Buildx
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: docker/setup-buildx-action@v4
+      uses: docker/setup-buildx-action@v3
       with:
         # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
         driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
@@ -61,10 +59,9 @@ runs:
     - name: Extract metadata (tags) for Docker
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
       id: meta
-      uses: docker/metadata-action@v6
+      uses: docker/metadata-action@v5
       with:
         flavor: |
-          latest=auto
           suffix=${{ inputs.tag_suffix }},onlatest=true
         tags: |
           type=semver,pattern={{version}},prefix=v
@@ -73,6 +70,7 @@ runs:
           type=ref,event=branch,prefix=${{ format('refs/heads/{0}', github.event.repository.default_branch) != github.ref && 'branch-' || '' }},
           type=ref,event=pr
           type=sha,format=short
+          type=raw,value=latest${{ inputs.tag_suffix }},enable=${{ startsWith(github.ref, 'refs/tags/v') }},priority=1100
         images: ${{ inputs.images }}
         # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
       env:
@@ -80,7 +78,7 @@ runs:
 
     - name: Create manifest list and push
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      working-directory: digests
+      working-directory: /tmp/digests
       shell: bash
       env:
         IMAGES: ${{ inputs.images }}

.forgejo/actions/prepare-docker-build/action.yml

@@ -67,7 +67,7 @@ runs:
       uses: ./.forgejo/actions/rust-toolchain
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v4
+      uses: docker/setup-buildx-action@v3
       with:
         # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
         driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
@@ -79,7 +79,7 @@ runs:
 
     - name: Login to builtin registry
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: docker/login-action@v4
+      uses: docker/login-action@v3
       with:
         registry: ${{ env.BUILTIN_REGISTRY }}
         username: ${{ inputs.registry_user }}
@@ -87,7 +87,7 @@ runs:
 
     - name: Extract metadata (labels, annotations) for Docker
       id: meta
-      uses: docker/metadata-action@v6
+      uses: docker/metadata-action@v5
       with:
         images: ${{ inputs.images }}
         # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
@@ -152,7 +152,7 @@ runs:
 
     - name: inject cache into docker
       if: ${{ env.BUILDKIT_ENDPOINT == '' }}
-      uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.2
+      uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.0
       with:
         cache-map: |
           {

.forgejo/actions/setup-rust/action.yml

@@ -17,7 +17,7 @@ inputs:
     required: false
     default: ''
   rust-version:
-    description: 'Rust version to install (e.g. nightly). Defaults to the version specified in rust-toolchain.toml'
+    description: 'Rust version to install (e.g. nightly). Defaults to 1.87.0'
     required: false
     default: ''
   sccache-cache-limit:
@@ -59,20 +59,9 @@ runs:
         mkdir -p "${{ github.workspace }}/target"
         mkdir -p "${{ github.workspace }}/.rustup"
 
-    - name: Start registry/toolchain restore group
+    - name: Start cache restore group
       shell: bash
-      run: echo "::group::📦 Restoring registry and toolchain caches"
-
-    - name: Cache toolchain binaries
-      id: toolchain-cache
-      uses: actions/cache@v4
-      with:
-        path: |
-          .cargo/bin
-          .rustup/toolchains
-          .rustup/update-hashes
-        # Shared toolchain cache across all Rust versions
-        key: continuwuity-toolchain-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}
+      run: echo "::group::📦 Restoring caches (registry, toolchain, build artifacts)"
 
     - name: Cache Cargo registry and git
       id: registry-cache
@@ -88,13 +77,58 @@ runs:
         restore-keys: |
           continuwuity-cargo-registry-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-
 
-    - name: End registry/toolchain restore group
+    - name: Cache toolchain binaries
+      id: toolchain-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          .cargo/bin
+          .rustup/toolchains
+          .rustup/update-hashes
+        # Shared toolchain cache across all Rust versions
+        key: continuwuity-toolchain-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}
+
+
+    - name: Setup sccache
+      uses: https://git.tomfos.tr/tom/sccache-action@v1
+
+    - name: Cache dependencies
+      id: deps-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          target/**/.fingerprint
+          target/**/deps
+          target/**/*.d
+          target/**/.cargo-lock
+          target/**/CACHEDIR.TAG
+          target/**/.rustc_info.json
+          /timelord/
+        # Dependencies cache - based on Cargo.lock, survives source code changes
+        key: >-
+          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}
+        restore-keys: |
+          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
+
+    - name: Cache incremental compilation
+      id: incremental-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          target/**/incremental
+        # Incremental cache - based on source code changes
+        key: >-
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-${{ hashFiles('**/*.rs', '**/Cargo.toml') }}
+        restore-keys: |
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
+
+    - name: End cache restore group
       shell: bash
       run: echo "::endgroup::"
 
     - name: Setup Rust toolchain
       shell: bash
-      id: rust-setup
       run: |
         # Install rustup if not already cached
         if ! command -v rustup &> /dev/null; then
@@ -122,68 +156,8 @@ runs:
           echo "::group::📦 Setting up Rust from rust-toolchain.toml"
           rustup show
         fi
-
-        RUST_VERSION=$(rustc --version | cut -d' ' -f2)
-        echo "version=$RUST_VERSION" >> $GITHUB_OUTPUT
-
         echo "::endgroup::"
 
-    - name: Install Rust components
-      if: inputs.rust-components != ''
-      shell: bash
-      run: |
-        echo "📦 Installing components: ${{ inputs.rust-components }}"
-        rustup component add ${{ inputs.rust-components }}
-
-    - name: Install Rust target
-      if: inputs.rust-target != ''
-      shell: bash
-      run: |
-        echo "📦 Installing target: ${{ inputs.rust-target }}"
-        rustup target add ${{ inputs.rust-target }}
-
-    - name: Start build cache restore group
-      shell: bash
-      run: echo "::group::📦 Restoring build cache"
-
-    - name: Setup sccache
-      uses: https://git.tomfos.tr/tom/sccache-action@v1
-
-    - name: Cache dependencies
-      id: deps-cache
-      uses: actions/cache@v4
-      with:
-        path: |
-          target/**/.fingerprint
-          target/**/deps
-          target/**/*.d
-          target/**/.cargo-lock
-          target/**/CACHEDIR.TAG
-          target/**/.rustc_info.json
-          /timelord/
-        # Dependencies cache - based on Cargo.lock, survives source code changes
-        key: >-
-          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}
-        restore-keys: |
-          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
-
-    - name: Cache incremental compilation
-      id: incremental-cache
-      uses: actions/cache@v4
-      with:
-        path: |
-          target/**/incremental
-        # Incremental cache - based on source code changes
-        key: >-
-          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-${{ hashFiles('**/*.rs', '**/Cargo.toml') }}
-        restore-keys: |
-          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-
-          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
-
-    - name: End build cache restore group
-      shell: bash
-      run: echo "::endgroup::"
-
     - name: Configure PATH and install tools
       shell: bash
       env:
@@ -237,9 +211,27 @@ runs:
           echo "CARGO_INCREMENTAL_GC_THRESHOLD=5" >> $GITHUB_ENV
         fi
 
-    - name: Output version and summary
+    - name: Install Rust components
+      if: inputs.rust-components != ''
       shell: bash
       run: |
+        echo "📦 Installing components: ${{ inputs.rust-components }}"
+        rustup component add ${{ inputs.rust-components }}
+
+    - name: Install Rust target
+      if: inputs.rust-target != ''
+      shell: bash
+      run: |
+        echo "📦 Installing target: ${{ inputs.rust-target }}"
+        rustup target add ${{ inputs.rust-target }}
+
+    - name: Output version and summary
+      id: rust-setup
+      shell: bash
+      run: |
+        RUST_VERSION=$(rustc --version | cut -d' ' -f2)
+        echo "version=$RUST_VERSION" >> $GITHUB_OUTPUT
+
         echo "📋 Setup complete:"
         echo "  Rust: $(rustc --version)"
         echo "  Cargo: $(cargo --version)"

.forgejo/pull_request_template.md

@@ -1,82 +0,0 @@
----
-name: 'New pull request'
-about: 'Open a new pull request to contribute to continuwuity'
-ref: 'main'
----
-
-<!--
-In order to help reviewers know what your pull request does at a glance, you should ensure that
-
-1. Your PR title is a short, single sentence describing what you changed
-2. You have described in more detail what you have changed, why you have changed it, what the
-   intended effect is, and why you think this will be beneficial to the project.
-
-If you have made any potentially strange/questionable design choices, but didn't feel they'd benefit
-from code comments, please don't mention them here - after opening your pull request,
-go to "files changed", and click on the "+" symbol in the line number gutter,
-and attach comments to the lines that you think would benefit from some clarification.
--->
-
-This pull request...
-
-<!-- Example:
-This pull request allows us to warp through time and space ten times faster than before by
-double-inverting the warp drive with hyperheated jump fluid, both making the drive faster and more
-efficient. This resolves the common issue where we have to wait more than 10 milliseconds to
-engage, use, and disengage the warp drive when travelling between galaxies.
--->
-
-<!-- Closes: #... -->
-<!-- Fixes: #...  -->
-<!-- Uncomment the above line(s) if your pull request fixes an issue or closes another pull request
-by superseding it. Replace `#...` with the issue/pr number, such as `#123`. -->
-
-**Pull request checklist:**
-
-<!-- You need to complete these before your PR can be considered.
-If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. -->
-- [ ] This pull request targets the `main` branch, and the branch is named something other than
-      `main`.
-- [ ] I have written an appropriate pull request title and my description is clear.
-- [ ] I understand I am responsible for the contents of this pull request.
-- I have followed the [contributing guidelines][c1]:
-  - [ ] My contribution follows the [code style][c2], if applicable.
-  - [ ] I ran [pre-commit checks][c1pc] before opening/drafting this pull request.
-  - [ ] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes)
-        myself, if applicable. This includes ensuring code compiles.
-  - [ ] My commit messages follow the [commit message format][c1cm] and are descriptive.
-  - [ ] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->.
-
-<!--
-Notes on these requirements:
-
-- While not required, we encourage you to sign your commits with GPG or SSH to attest the
-  authenticity of your changes.
-- While we allow LLM-assisted contributions, we do not appreciate contributions that are
-  low quality, which is typical of machine-generated contributions that have not had a lot of love
-  and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up
-  the codebase with a +-100,000 diff.
-- In the case of code style violations, reviewers may leave review comments/change requests
-  indicating what the ideal change would look like. For example, a reviewer may suggest you lower
-  a log level, or use `match` instead of `if/else` etc.
-- In the case of code style violations, pre-commit check failures, minor things like typos/spelling
-  errors, and in some cases commit format violations, reviewers may modify your branch directly,
-  typically by making changes and adding a commit. Particularly in the latter case, a reviewer may
-  rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword
-  commit messages that don't satisfy the format.
-- Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be
-  bypassed in exceptional circumstances.
-  If your CI flakes, let us know in matrix:r/dev:continuwuity.org.
-- Pull requests have to be based on the latest `main` commit before being merged. If the main branch
-  changes while you're making your changes, you should make sure you rebase on main before
-  opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind.
-- We typically only do fast-forward merges, so your entire commit log will be included. Once in
-  main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras!
--->
-
-[c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md
-[c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx
-[c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks
-[c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally
-[c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages
-[n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

.forgejo/regsync/regsync.yml

@@ -62,6 +62,10 @@ sync:
     target: registry.gitlab.com/continuwuity/continuwuity
     type: repository
     <<: *tags-main
+  - source: *source
+    target: git.nexy7574.co.uk/mirrored/continuwuity
+    type: repository
+    <<: *tags-releases
   - source: *source
     target: ghcr.io/continuwuity/continuwuity
     type: repository

.forgejo/workflows/build-debian.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        container: [ "ubuntu-latest", "ubuntu-previous", "debian-latest", "debian-oldstable" ]
+        container: ["ubuntu-latest", "ubuntu-previous", "debian-latest", "debian-oldstable"]
     container:
       image: "ghcr.io/tcpipuk/act-runner:${{ matrix.container }}"
 
@@ -30,37 +30,14 @@ jobs:
           echo "version=$VERSION" >> $GITHUB_OUTPUT
           echo "distribution=$DISTRIBUTION" >> $GITHUB_OUTPUT
           echo "Debian distribution: $DISTRIBUTION ($VERSION)"
-      #- name: Work around llvm-project#153385
-      #  id: llvm-workaround
-      #  run: |
-      #    if [ -f /usr/share/apt/default-sequoia.config ]; then
-      #      echo "Applying workaround for llvm-project#153385"
-      #      mkdir -p /etc/crypto-policies/back-ends/
-      #      cp /usr/share/apt/default-sequoia.config /etc/crypto-policies/back-ends/apt-sequoia.config
-      #      sed -i 's/\(sha1\.second_preimage_resistance = \)2026-02-01/\12026-06-01/' /etc/crypto-policies/back-ends/apt-sequoia.config
-      #    else
-      #      echo "No workaround needed for llvm-project#153385"
-      #    fi
-      - name: Pick compatible clang version
-        id: clang-version
-        run: |
-          # both latest need to use clang-23, but oldstable and previous can just use clang
-          if [[ "${{ matrix.container }}" == "ubuntu-latest" ]]; then
-            echo "Using clang-23 package for ${{ matrix.container }}"
-            echo "version=clang-23" >> $GITHUB_OUTPUT
-          else
-            echo "Using default clang package for ${{ matrix.container }}"
-            echo "version=clang" >> $GITHUB_OUTPUT
-          fi
 
       - name: Checkout repository with full history
-        uses: actions/checkout@v6
+        uses: https://code.forgejo.org/actions/checkout@v5
         with:
           fetch-depth: 0
-          ref: ${{ github.ref_name }}
 
       - name: Cache Cargo registry
-        uses: actions/cache@v4
+        uses: https://code.forgejo.org/actions/cache@v4
         with:
           path: |
             ~/.cargo/registry
@@ -81,9 +58,10 @@ jobs:
           # Aggressive GC since cache restores don't increment counter
           echo "CARGO_INCREMENTAL_GC_TRIGGER=5" >> $GITHUB_ENV
 
-      - name: Setup Rust
+      - name: Setup Rust nightly
         uses: ./.forgejo/actions/setup-rust
         with:
+          rust-version: nightly
           github-token: ${{ secrets.GH_PUBLIC_RO }}
 
       - name: Get package version and component
@@ -127,7 +105,7 @@ jobs:
         run: |
           apt-get update -y
           # Build dependencies for rocksdb
-          apt-get install -y liburing-dev ${{ steps.clang-version.outputs.version }}
+          apt-get install -y clang liburing-dev
 
       - name: Run cargo-deb
         id: cargo-deb
@@ -148,7 +126,7 @@ jobs:
           [ -f /etc/conduwuit/conduwuit.toml ] && echo "✅ Config file installed"
 
       - name: Upload deb artifact
-        uses: forgejo/upload-artifact@v4
+        uses: https://code.forgejo.org/actions/upload-artifact@v3
         with:
           name: continuwuity-${{ steps.debian-version.outputs.distribution }}
           path: ${{ steps.cargo-deb.outputs.path }}

.forgejo/workflows/build-fedora.yml

@@ -30,14 +30,13 @@ jobs:
           echo "Fedora version: $VERSION"
 
       - name: Checkout repository with full history
-        uses: actions/checkout@v6
+        uses: https://code.forgejo.org/actions/checkout@v5
         with:
           fetch-depth: 0
-          ref: ${{ github.ref_name }}
 
 
       - name: Cache DNF packages
-        uses: actions/cache@v4
+        uses: https://code.forgejo.org/actions/cache@v4
         with:
           path: |
             /var/cache/dnf
@@ -47,7 +46,7 @@ jobs:
             dnf-fedora${{ steps.fedora.outputs.version }}-
 
       - name: Cache Cargo registry
-        uses: actions/cache@v4
+        uses: https://code.forgejo.org/actions/cache@v4
         with:
           path: |
             ~/.cargo/registry
@@ -57,7 +56,7 @@ jobs:
             cargo-fedora${{ steps.fedora.outputs.version }}-
 
       - name: Cache Rust build dependencies
-        uses: actions/cache@v4
+        uses: https://code.forgejo.org/actions/cache@v4
         with:
           path: |
             ~/rpmbuild/BUILD/*/target/release/deps
@@ -239,13 +238,13 @@ jobs:
           cp $BIN_RPM upload-bin/
 
       - name: Upload binary RPM
-        uses: forgejo/upload-artifact@v4
+        uses: https://code.forgejo.org/actions/upload-artifact@v3
         with:
           name: continuwuity
           path: upload-bin/
 
       - name: Upload debug RPM artifact
-        uses: forgejo/upload-artifact@v4
+        uses: https://code.forgejo.org/actions/upload-artifact@v3
         with:
           name: continuwuity-debug
           path: artifacts/*debuginfo*.rpm

.forgejo/workflows/documentation.yml

@@ -21,11 +21,34 @@ jobs:
 
     steps:
       - name: Sync repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
           fetch-depth: 0
 
+      - name: Setup mdBook
+        uses: https://github.com/peaceiris/actions-mdbook@v2
+        with:
+          mdbook-version: "latest"
+
+      - name: Build mdbook
+        run: mdbook build
+
+      - name: Prepare static files for deployment
+        run: |
+          mkdir -p ./public/.well-known/matrix
+          mkdir -p ./public/.well-known/continuwuity
+          mkdir -p ./public/schema
+          # Copy the Matrix .well-known files
+          cp ./docs/static/server ./public/.well-known/matrix/server
+          cp ./docs/static/client ./public/.well-known/matrix/client
+          cp ./docs/static/client ./public/.well-known/matrix/support
+          cp ./docs/static/announcements.json ./public/.well-known/continuwuity/announcements
+          cp ./docs/static/announcements.schema.json ./public/schema/announcements.schema.json
+          # Copy the custom headers file
+          cp ./docs/static/_headers ./public/_headers
+          echo "Copied .well-known files and _headers to ./public"
+
       - name: Detect runner environment
         id: runner-env
         uses: https://git.tomfos.tr/actions/detect-versions@v1
@@ -40,18 +63,9 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ~/.npm
-          key: continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}-${{ hashFiles('package-lock.json') }}
-          restore-keys: |
-            continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}-
-            continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-
+          key: continuwuity-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}
 
       - name: Install dependencies
-        run: npm ci
-
-      - name: Build Rspress documentation
-        run: npm run docs:build
-
-      - name: Install Wrangler
         run: npm install --save-dev wrangler@latest
 
       - name: Deploy to Cloudflare Pages (Production)
@@ -60,7 +74,7 @@ jobs:
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          command: pages deploy ./doc_build --branch="main" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"
+          command: pages deploy ./public --branch="main" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"
 
       - name: Deploy to Cloudflare Pages (Preview)
         if: github.ref != 'refs/heads/main' && vars.CLOUDFLARE_PROJECT_NAME != ''
@@ -68,4 +82,4 @@ jobs:
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          command: pages deploy ./doc_build --branch="${{ github.head_ref || github.ref_name }}" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"
+          command: pages deploy ./public --branch="${{ github.head_ref || github.ref_name }}" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"

.forgejo/workflows/mirror-images.yml

@@ -38,7 +38,7 @@ jobs:
       DOCKER_MIRROR_TOKEN: ${{ secrets.DOCKER_MIRROR_TOKEN }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 

.forgejo/workflows/prek-checks.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 
@@ -47,7 +47,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 

.forgejo/workflows/release-image.yml

@@ -3,6 +3,15 @@ concurrency:
   group: "release-image-${{ github.ref }}"
 
 on:
+  pull_request:
+    paths-ignore:
+      - "*.md"
+      - "**/*.md"
+      - ".gitlab-ci.yml"
+      - ".gitignore"
+      - "renovate.json"
+      - "pkg/**"
+      - "docs/**"
   push:
     branches:
       - main
@@ -43,7 +52,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Prepare Docker build environment
@@ -59,7 +68,7 @@ jobs:
           registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
       - name: Build and push Docker image by digest
         id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: "docker/Dockerfile"
@@ -97,7 +106,7 @@ jobs:
     needs: build-release
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Create multi-platform manifest
@@ -130,7 +139,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Prepare max-perf Docker build environment
@@ -146,7 +155,7 @@ jobs:
           registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
       - name: Build and push max-perf Docker image by digest
         id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: "docker/Dockerfile"
@@ -184,7 +193,7 @@ jobs:
     needs: build-maxperf
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Create max-perf manifest

.forgejo/workflows/renovate.yml

@@ -43,11 +43,11 @@ jobs:
     name: Renovate
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/renovatebot/renovate:43.59.4@sha256:f951508dea1e7d71cbe6deca298ab0a05488e7631229304813f630cc06010892
+      image: ghcr.io/renovatebot/renovate:41.146.4@sha256:bb70194b7405faf10a6f279b60caa10403a440ba37d158c5a4ef0ae7b67a0f92
       options: --tmpfs /tmp:exec
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           show-progress: false
 

.forgejo/workflows/update-flake-hashes.yml

@@ -14,7 +14,7 @@ jobs:
   update-flake-hashes:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
         with:
           fetch-depth: 0
           fetch-tags: false
@@ -23,7 +23,7 @@ jobs:
           persist-credentials: true
           token: ${{ secrets.FORGEJO_TOKEN }}
 
-      - uses: https://github.com/cachix/install-nix-action@19effe9fe722874e6d46dd7182e4b8b7a43c4a99 # v31.10.0
+      - uses: https://github.com/cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31.8.0
         with:
           nix_path: nixpkgs=channel:nixos-unstable
 

.github/FUNDING.yml

@@ -1,4 +1,4 @@
-github: [JadedBlueEyes, nexy7574, gingershaped]
+github: [JadedBlueEyes, nexy7574]
 custom:
-  - https://timedout.uk/donate.html
-  - https://jade.ellis.link/sponsors
+  - https://ko-fi.com/nexy7574
+  - https://ko-fi.com/JadedBlueEyes

.gitignore

@@ -79,7 +79,7 @@ test-conduit.toml
 /.gitlab-ci.d
 
 # mdbook output
-/public/
+public/
 
 # macOS
 .DS_Store
@@ -95,10 +95,3 @@ rustc-ice-*
 
 # complement test logs are huge
 tests/test_results/complement/test_logs.jsonl
-
-# Node
-node_modules/
-
-# Rspress
-doc_build/
-.rspress/

.mailmap

@@ -2,7 +2,6 @@ AlexPewMaster <git@alex.unbox.at> <68469103+AlexPewMaster@users.noreply.github.c
 Daniel Wiesenberg <weasy@hotmail.de> <weasy666@gmail.com>
 Devin Ragotzy <devin.ragotzy@gmail.com> <d6ragotzy@wmich.edu>
 Devin Ragotzy <devin.ragotzy@gmail.com> <dragotzy7460@mail.kvcc.edu>
-Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>
 Jonas Platte <jplatte+git@posteo.de> <jplatte+gitlab@posteo.de>
 Jonas Zohren <git-pbkyr@jzohren.de> <gitlab-jfowl-0ux98@sh14.de>
 Jonathan de Jong <jonathan@automatia.nl> <jonathandejong02@gmail.com>
@@ -13,6 +12,5 @@ Olivia Lee <olivia@computer.surgery> <benjamin@computer.surgery>
 Rudi Floren <rudi.floren@gmail.com> <rudi.floren@googlemail.com>
 Tamara Schmitz <tamara.zoe.schmitz@posteo.de> <15906939+tamara-schmitz@users.noreply.github.com>
 Timo Kösters <timo@koesters.xyz>
-nexy7574 <git@nexy7574.co.uk> <nex@noreply.forgejo.ellis.link>
-nexy7574 <git@nexy7574.co.uk> <nex@noreply.localhost>
 x4u <xi.zhu@protonmail.ch> <14617923-x4u@users.noreply.gitlab.com>
+Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>

.pre-commit-config.yaml

@@ -1,6 +1,5 @@
 default_install_hook_types:
   - pre-commit
-  - pre-push
   - commit-msg
 default_stages:
   - pre-commit
@@ -24,7 +23,7 @@ repos:
         - id: check-added-large-files
 
   - repo: https://github.com/crate-ci/typos
-    rev: v1.44.0
+    rev: v1.39.0
     hooks:
       - id: typos
       - id: typos
@@ -32,7 +31,7 @@ repos:
         stages: [commit-msg]
 
   - repo: https://github.com/crate-ci/committed
-    rev: v1.1.11
+    rev: v1.1.7
     hooks:
     - id: committed
 
@@ -46,14 +45,3 @@ repos:
         pass_filenames: false
         stages:
             - pre-commit
-
-  - repo: local
-    hooks:
-      - id: cargo-clippy
-        name: cargo clippy
-        entry: cargo clippy -- -D warnings
-        language: system
-        pass_filenames: false
-        types: [rust]
-        stages:
-          - pre-push

.typos.toml

@@ -6,13 +6,14 @@ extend-exclude = ["*.csr", "*.lock", "pnpm-lock.yaml"]
 extend-ignore-re = [
     "(?Rm)^.*(#|//|<!--)\\s*spellchecker:disable-line(\\s*-->)$", # Ignore a line by making it trail with a `spellchecker:disable-line` comment
     "^[0-9a-f]{7,}$", # Commit hashes
-    "4BA7",
+
     # some heuristics for base64 strings
     "[A-Za-z0-9+=]{72,}",
     "([A-Za-z0-9+=]|\\\\\\s\\*){72,}",
     "[0-9+][A-Za-z0-9+]{30,}[a-z0-9+]",
     "\\$[A-Z0-9+][A-Za-z0-9+]{6,}[a-z0-9+]",
     "\\b[a-z0-9+/=][A-Za-z0-9+/=]{7,}[a-z0-9+/=][A-Z]\\b",
+
     # In the renovate config
     ".ontainer"
 ]
@@ -23,6 +24,3 @@ extend-ignore-re = [
 "continuwuity" = "continuwuity"
 "continuwity" = "continuwuity"
 "execuse" = "execuse"
-"oltp" = "OTLP"
-
-rememvering = "remembering"

.vscode/settings.json

@@ -7,5 +7,6 @@
         "continuwuity",
         "homeserver",
         "homeservers"
-    ]
+    ],
+    "rust-analyzer.cargo.features": ["full"]
 }

CHANGELOG.md

@@ -1,179 +0,0 @@
-# Continuwuity 0.5.6 (2026-03-03)
-
-## Security
-
-- Admin escape commands received over federation will never be executed, as this is never valid in a genuine situation. Contributed by @Jade.
-- Fixed data amplification vulnerability (CWE-409) that affected configurations with server-side compression enabled (non-default). Contributed by @nex.
-
-## Features
-
-- Outgoing presence is now disabled by default, and the config option documentation has been adjusted to more accurately represent the weight of presence, typing indicators, and read receipts. Contributed by @nex. ([#1399](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1399))
-- Improved the concurrency handling of federation transactions, vastly improving performance and reliability by more accurately handling inbound transactions and reducing the amount of repeated wasted work. Contributed by @nex and @Jade. ([#1428](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1428))
-- Added [MSC3202](https://github.com/matrix-org/matrix-spec-proposals/pull/3202) Device masquerading (not all of MSC3202). This should fix issues with enabling [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) for some Mautrix bridges. Contributed by @Jade ([#1435](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1435))
-- Added [MSC3814](https://github.com/matrix-org/matrix-spec-proposals/pull/3814) Dehydrated Devices - you can now decrypt messages sent while all devices were logged out. ([#1436](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1436))
-- Implement [MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143) MatrixRTC transport discovery endpoint. Move RTC foci configuration from `[global.well_known]` to a new `[global.matrix_rtc]` section with a `foci` field. Contributed by @0xnim ([#1442](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1442))
-- Updated `list-backups` admin command to output one backup per line. ([#1394](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1394))
-- Improved URL preview fetching with a more compatible user agent for sites like YouTube Music. Added `!admin media delete-url-preview <url>` command to clear cached URL previews that were stuck and broken. ([#1434](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1434))
-
-## Bugfixes
-
-- Removed non-compliant nor functional room alias lookups over federation. Contributed by @nex ([#1393](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1393))
-- Removed ability to set rocksdb as read only. Doing so would cause unintentional and buggy behaviour. Contributed by @Terryiscool160. ([#1418](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1418))
-- Fixed a startup crash in the sender service if we can't detect the number of CPU cores, even if the `sender_workers` config option is set correctly. Contributed by @katie. ([#1421](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1421))
-- Removed the `allow_public_room_directory_without_auth` config option. Contributed by @0xnim. ([#1441](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1441))
-- Fixed sliding sync v5 list ranges always starting from 0, causing extra rooms to be unnecessarily processed and returned. Contributed by @0xnim ([#1445](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1445))
-- Fixed a bug that (repairably) caused a room split between continuwuity and non-continuwuity servers when the room had both `m.room.policy` and `org.matrix.msc4284.policy` in its room state. Contributed by @nex ([#1481](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1481))
-- Fixed `!admin media delete --mxc <url>` responding with an error message when the media was deleted successfully. Contributed by @lynxize
-- Fixed spurious 404 media errors in the logs. Contributed by @benbot.
-- Fixed spurious warn about needed backfill via federation for non-federated rooms. Contributed by @kraem.
-
-# Continuwuity v0.5.5 (2026-02-15)
-
-## Features
-
-- Added unstable support for [MSC4406:
-  `M_SENDER_IGNORED`](https://github.com/matrix-org/matrix-spec-proposals/pull/4406).
-  Contributed by @nex ([#1308](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1308))
-- Introduce a resolver command to allow flushing a server from the cache or to flush the complete cache. Contributed by
-  @Omar007 ([#1349](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1349))
-- Improved the handling of restricted join rules and improved the performance of local-first joins. Contributed by
-  @nex. ([#1368](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1368))
-- You can now set a custom User Agent for URL previews; the default one has been modified to be less likely to be
-  rejected. Contributed by @trashpanda ([#1372](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1372))
-- Improved the first-time setup experience for new homeserver administrators:
-    - Account registration is disabled on the first run, except for with a new special registration token that is logged
-      to the console.
-    - Other helpful information is logged to the console as well, including a giant warning if open registration is
-      enabled.
-    - The default index page now says to check the console for setup instructions if no accounts have been created.
-    - Once the first admin account is created, an improved welcome message is sent to the admin room.
-
-  Contributed by @ginger.
-
-## Bugfixes
-
-- Fixed invites sent to other users in the same homeserver not being properly sent down sync. Users with missing or
-  broken invites should clear their client caches after updating to make them appear. ([#1249](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1249))
-- LDAP-enabled servers will no longer have all admins demoted when LDAP-controlled admins are not configured.
-  Contributed by @Jade ([#1307](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1307))
-- Fixed sliding sync not resolving wildcard state key requests, enabling Video/Audio calls in Element X. ([#1370](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1370))
-
-## Misc
-
-- #1344
-
-# Continuwuity v0.5.4 (2026-02-08)
-
-## Features
-
-- The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other
-  misc improvements. Contributed by @Jade ([#1288](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1288))
-- Drastically improved the performance and reliability of account deactivations. Contributed by
-  @nex ([#1314](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1314))
-- Refuse to process requests for and events in rooms that we no longer have any local users in (reduces state resets
-  and improves performance). Contributed by
-  @nex ([#1316](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1316))
-- Added server-specific admin API routes to ban and unban rooms, for use with moderation bots. Contributed by @nex
-  ([#1301](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1301))
-
-## Bugfixes
-
-- Fix the generated configuration containing uncommented optional sections. Contributed by
-  @Jade ([#1290](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1290))
-- Fixed specification non-compliance when handling remote media errors. Contributed by
-  @nex ([#1298](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1298))
-- UIAA requests which check for out-of-band success (sent by matrix-js-sdk) will no longer create unhelpful errors in
-  the logs. Contributed by @ginger ([#1305](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1305))
-- Use exists instead of contains to save writing to a buffer in `src/service/users/mod.rs`: `is_login_disabled`.
-  Contributed
-  by @aprilgrimoire. ([#1340](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1340))
-- Fixed backtraces being swallowed during panics. Contributed by
-  @jade ([#1337](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1337))
-- Fixed a potential vulnerability that could allow an evil remote server to return malicious events during the room join
-  and knock process. Contributed by @nex, reported by violet & [mat](https://matdoes.dev).
-- Fixed a race condition that could result in outlier PDUs being incorrectly marked as visible to a remote server.
-  Contributed by @nex, reported by violet & [mat](https://matdoes.dev).
-- ACLs are no longer case-sensitive. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat).
-
-## Docs
-
-- Fixed Fedora install instructions. Contributed by
-  @julian45 ([#1342](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1342))
-
-# Continuwuity 0.5.3 (2026-01-12)
-
-## Features
-
-- Improve the display of nested configuration with the `!admin server show-config` command. Contributed by
-  @Jade ([#1279](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1279))
-
-## Bugfixes
-
-- Fixed `M_BAD_JSON` error when sending invites to other servers or when providing joins. Contributed by
-  @nex ([#1286](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1286))
-
-## Docs
-
-- Improve admin command documentation generation. Contributed by
-  @ginger ([#1280](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1280))
-
-## Misc
-
-- Improve timeout-related code for federation and URL previews. Contributed by
-  @Jade ([#1278](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1278))
-
-# Continuwuity 0.5.2 (2026-01-09)
-
-## Features
-
-- Added support for issuing additional registration tokens, stored in the database, which supplement the existing
-  registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or
-  after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is
-  superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration
-  tokens. Contributed by @ginger (#783).
-- Implemented a configuration defined admin list independent of the admin room. Contributed by
-  @Terryiscool160. ([#1253](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1253))
-- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam.
-  Contributed by @nex. ([#1263](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1263))
-- Implemented account locking functionality, to complement user suspension. Contributed by
-  @nex. ([#1266](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1266))
-- Added admin command to forcefully log out all of a user's existing sessions. Contributed by
-  @nex. ([#1271](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1271))
-- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. (
-  [#1272](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1272))
-- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs.
-  Contributed by @nex. ([#1277](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1277))
-- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server
-  console. Contributed by @ginger.
-
-## Bugfixes
-
-- Fixed unreliable room summary fetching and improved error messages. Contributed by
-  @nex. ([#1257](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1257))
-- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now
-  also concurrent. Contributed by @nex. ([#1261](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1261))
-- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by
-  @nex. ([#1276](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1276))
-
-## Misc
-
-- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands
-  directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`.
-  Contributed by @ginger.
-- We now (finally) document our container image mirrors. Contributed by @Jade
-
-# Continuwuity 0.5.0 (2025-12-30)
-
-**This release contains a CRITICAL vulnerability patch, and you must update as soon as possible**
-
-## Features
-
-- Enabled the OTLP exporter in default builds, and allow configuring the exporter protocol. (
-  @Jade). ([#1251](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1251))
-
-## Bug Fixes
-
-- Don't allow admin room upgrades, as this can break the admin room (
-  @timedout) ([#1245](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1245))
-- Fix invalid creators in power levels during upgrade to v12 (
-  @timedout) ([#1245](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1245))

CONTRIBUTING.md

@@ -1,7 +1,7 @@
 # Contributing guide
 
 This page is about contributing to Continuwuity. The
-[development](/development/index.mdx) and [code style guide](/development/code_style.mdx) pages may be of interest for you as well.
+[development](./development.md) and [code style guide](./development/code_style.md) pages may be of interest for you as well.
 
 If you would like to work on an [issue][issues] that is not assigned, preferably
 ask in the Matrix room first at [#continuwuity:continuwuity.org][continuwuity-matrix],
@@ -9,7 +9,7 @@ and comment on it.
 
 ### Code Style
 
-Please review and follow the [code style guide](/development/code_style.mdx) for formatting, linting, naming conventions, and other code standards.
+Please review and follow the [code style guide](./development/code_style.md) for formatting, linting, naming conventions, and other code standards.
 
 ### Pre-commit Checks
 
@@ -22,18 +22,22 @@ Continuwuity uses pre-commit hooks to enforce various coding standards and catch
 - Validating YAML, JSON, and TOML files
 - Checking for merge conflicts
 
-You can run these checks locally by installing [prek](https://github.com/j178/prek):
+You can run these checks locally by installing [prefligit](https://github.com/j178/prefligit):
 
 
 ```bash
-# Install prek using cargo-binstall
-cargo binstall prek
+# Requires UV: https://docs.astral.sh/uv/getting-started/installation/
+# Mac/linux: curl -LsSf https://astral.sh/uv/install.sh | sh
+# Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
+
+# Install prefligit using cargo-binstall
+cargo binstall prefligit
 
 # Install git hooks to run checks automatically
-prek install
+prefligit install
 
 # Run all checks
-prek --all-files
+prefligit --all-files
 ```
 
 Alternatively, you can use [pre-commit](https://pre-commit.com/):
@@ -50,7 +54,7 @@ pre-commit install
 pre-commit run --all-files
 ```
 
-These same checks are run in CI via the prek-checks workflow to ensure consistency. These must pass before the PR is merged.
+These same checks are run in CI via the prefligit-checks workflow to ensure consistency. These must pass before the PR is merged.
 
 ### Running tests locally
 
@@ -81,31 +85,24 @@ If your changes are done to fix Matrix tests, please note that in your pull requ
 
 ### Writing documentation
 
-Continuwuity's website uses [`rspress`][rspress] and is deployed via CI using Cloudflare Pages
+Continuwuity's website uses [`mdbook`][mdbook] and is deployed via CI using Cloudflare Pages
 in the [`documentation.yml`][documentation.yml] workflow file. All documentation is in the `docs/`
 directory at the top level.
 
-To load the documentation locally:
-
-1. Install NodeJS and npm from their [official website][nodejs-download] or via your package manager of choice
-
-2. From the project's root directory, install the relevant npm modules
+To build the documentation locally:
 
+1. Install mdbook if you don't have it already:
    ```bash
-   npm ci
+   cargo install mdbook # or cargo binstall, or another method
    ```
 
-3. Make changes to the document pages as you see fit
-
-4. Generate a live preview of the documentation
-
+2. Build the documentation:
    ```bash
-   npm run docs:dev
+   mdbook build
    ```
 
-   A webserver for the docs will be spun up for you (e.g. at `http://localhost:3000`). Any changes you make to the documentation will be live-reloaded on the webpage.
+The output of the mdbook generation is in `public/`. You can open the HTML files directly in your browser without needing a web server.
 
-Alternatively, you can build the documentation using `npm run docs:build` - the output of this will be in the `/doc_build` directory. Once you're happy with your documentation updates, you can commit the changes.
 
 ### Commit Messages
 
@@ -153,7 +150,7 @@ of it, especially when the CI completed successfully and everything so it
 
 Before submitting a pull request, please ensure:
 1. Your code passes all CI checks (formatting, linting, typo detection, etc.)
-2. Your code follows the [code style guide](/development/code_style.md)
+2. Your code follows the [code style guide](./development/code_style.md)
 3. Your commit messages follow the conventional commits format
 4. Tests are added for new functionality
 5. Documentation is updated if needed
@@ -172,6 +169,5 @@ continuwuity Matrix rooms for Code of Conduct violations.
 [continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
 [complement]: https://github.com/matrix-org/complement/
 [sytest]: https://github.com/matrix-org/sytest/
-[nodejs-download]: https://nodejs.org/en/download
-[rspress]: https://rspress.rs/
+[mdbook]: https://rust-lang.github.io/mdBook/
 [documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml

Cargo.toml

@@ -1,18 +1,27 @@
+#cargo-features = ["profile-rustflags"]
+
 [workspace]
 resolver = "2"
-members = ["src/*", "xtask/"]
+members = ["src/*", "xtask/*"]
 default-members = ["src/*"]
 
 [workspace.package]
-authors = ["Continuwuity Team and contributors <team@continuwuity.org>"]
-description = "A Matrix homeserver written in Rust, the official continuation of the conduwuit homeserver."
+authors = [
+    "June Clementine Strawberry <june@girlboss.ceo>",
+    "strawberry <strawberry@puppygock.gay>", # woof
+    "Jason Volk <jason@zemos.net>",
+]
+categories = ["network-programming"]
+description = "a very cool Matrix chat homeserver written in Rust"
 edition = "2024"
 homepage = "https://continuwuity.org/"
+keywords = ["chat", "matrix", "networking", "server", "uwu"]
 license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-version = "0.5.7-alpha.1"
+rust-version = "1.86.0"
+version = "0.5.0-rc.8"
 
 [workspace.metadata.crane]
 name = "conduwuit"
@@ -24,11 +33,11 @@ features = ["serde"]
 [workspace.dependencies.smallvec]
 version = "1.14.0"
 features = [
-    "const_generics",
-    "const_new",
-    "serde",
-    "union",
-    "write",
+	"const_generics",
+	"const_new",
+	"serde",
+	"union",
+	"write",
 ]
 
 [workspace.dependencies.smallstr]
@@ -39,7 +48,7 @@ features = ["ffi", "std", "union"]
 version = "0.7.0"
 
 [workspace.dependencies.ctor]
-version = "0.6.0"
+version = "0.5.0"
 
 [workspace.dependencies.cargo_toml]
 version = "0.22"
@@ -68,7 +77,7 @@ default-features = false
 version = "0.1.3"
 
 [workspace.dependencies.rand]
-version = "0.10.0"
+version = "0.8.5"
 
 # Used for the http request / response body type for Ruma endpoints used with reqwest
 [workspace.dependencies.bytes]
@@ -84,22 +93,22 @@ version = "1.3.1"
 version = "1.11.1"
 
 [workspace.dependencies.axum]
-version = "0.8.8"
+version = "0.7.9"
 default-features = false
 features = [
-    "form",
-    "http1",
-    "http2",
-    "json",
-    "matched-path",
-    "tokio",
-    "tracing",
+	"form",
+	"http1",
+	"http2",
+	"json",
+	"matched-path",
+	"tokio",
+	"tracing",
 ]
 
 [workspace.dependencies.axum-extra]
-version = "0.12.0"
+version = "0.9.6"
 default-features = false
-features = ["typed-header", "tracing", "cookie"]
+features = ["typed-header", "tracing"]
 
 [workspace.dependencies.axum-server]
 version = "0.7.2"
@@ -110,7 +119,7 @@ default-features = false
 version = "0.7"
 
 [workspace.dependencies.axum-client-ip]
-version = "0.7"
+version = "0.6.1"
 
 [workspace.dependencies.tower]
 version = "0.5.2"
@@ -118,7 +127,7 @@ default-features = false
 features = ["util"]
 
 [workspace.dependencies.tower-http]
-version = "0.6.8"
+version = "0.6.2"
 default-features = false
 features = [
     "add-extension",
@@ -140,11 +149,10 @@ features = ["aws_lc_rs"]
 version = "0.12.15"
 default-features = false
 features = [
-    "rustls-tls-native-roots",
-    "socks",
-    "hickory-dns",
-    "http2",
-    "stream",
+	"rustls-tls-native-roots",
+	"socks",
+	"hickory-dns",
+	"http2",
 ]
 
 [workspace.dependencies.serde]
@@ -159,7 +167,7 @@ features = ["raw_value"]
 
 # Used for appservice registration files
 [workspace.dependencies.serde-saphyr]
-version = "0.0.21"
+version = "0.0.7"
 
 # Used to load forbidden room/user regex from config
 [workspace.dependencies.serde_regex]
@@ -180,18 +188,18 @@ default-features = false
 version = "0.25.5"
 default-features = false
 features = [
-    "jpeg",
-    "png",
-    "gif",
-    "webp",
+	"jpeg",
+	"png",
+	"gif",
+	"webp",
 ]
 
 [workspace.dependencies.blurhash]
 version = "0.2.3"
 default-features = false
 features = [
-    "fast-linear-to-srgb",
-    "image",
+	"fast-linear-to-srgb",
+	"image",
 ]
 
 # logging
@@ -221,13 +229,13 @@ default-features = false
 version = "4.5.35"
 default-features = false
 features = [
-    "derive",
-    "env",
-    "error-context",
-    "help",
-    "std",
-    "string",
-    "usage",
+	"derive",
+	"env",
+	"error-context",
+	"help",
+	"std",
+	"string",
+	"usage",
 ]
 
 [workspace.dependencies.futures]
@@ -239,22 +247,22 @@ features = ["std", "async-await"]
 version = "1.44.2"
 default-features = false
 features = [
-    "fs",
-    "net",
-    "macros",
-    "sync",
-    "signal",
-    "time",
-    "rt-multi-thread",
-    "io-util",
-    "tracing",
+	"fs",
+	"net",
+	"macros",
+	"sync",
+	"signal",
+	"time",
+	"rt-multi-thread",
+	"io-util",
+	"tracing",
 ]
 
 [workspace.dependencies.tokio-metrics]
 version = "0.4.0"
 
 [workspace.dependencies.libloading]
-version = "0.9.0"
+version = "0.8.6"
 
 # Validating urls in config, was already a transitive dependency
 [workspace.dependencies.url]
@@ -272,18 +280,18 @@ default-features = false
 version = "1.6.0"
 default-features = false
 features = [
-    "server",
-    "http1",
-    "http2",
+	"server",
+	"http1",
+	"http2",
 ]
 
 [workspace.dependencies.hyper-util]
 version = "=0.1.17"
 default-features = false
 features = [
-    "server-auto",
-    "server-graceful",
-    "tokio",
+	"server-auto",
+	"server-graceful",
+	"tokio",
 ]
 
 # to support multiple variations of setting a config option
@@ -299,12 +307,12 @@ default-features = false
 features = ["env", "toml"]
 
 [workspace.dependencies.hickory-resolver]
-version = "0.25.2"
+version = "0.25.1"
 default-features = false
 features = [
-    "serde",
-    "system-config",
-    "tokio",
+	"serde",
+	"system-config",
+	"tokio",
 ]
 
 # Used for conduwuit::Error type
@@ -343,8 +351,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-#branch = "conduwuit-changes"
-rev = "bb12ed288a31a23aa11b10ba0fad22b7f985eb88"
+rev = "50b2a91b2ab8f9830eea80b9911e11234e0eac66"
 features = [
     "compat",
     "rand",
@@ -364,7 +371,6 @@ features = [
     "unstable-msc2870",
     "unstable-msc3026",
     "unstable-msc3061",
-    "unstable-msc3814",
     "unstable-msc3245",
     "unstable-msc3266",
     "unstable-msc3381", # polls
@@ -375,15 +381,13 @@ features = [
     "unstable-msc4095",
     "unstable-msc4121",
     "unstable-msc4125",
-    "unstable-msc4155",
+	"unstable-msc4155",
     "unstable-msc4186",
     "unstable-msc4203", # sending to-device events to appservices
     "unstable-msc4210", # remove legacy mentions
     "unstable-extensible-events",
     "unstable-pdu",
-    "unstable-msc4155",
-    "unstable-msc4143", # livekit well_known response
-    "unstable-msc4284"
+	"unstable-msc4155"
 ]
 
 [workspace.dependencies.rust-rocksdb]
@@ -391,11 +395,11 @@ git = "https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1"
 rev = "61d9d23872197e9ace4a477f2617d5c9f50ecb23"
 default-features = false
 features = [
-    "multi-threaded-cf",
-    "mt_static",
-    "lz4",
-    "zstd",
-    "bzip2",
+	"multi-threaded-cf",
+	"mt_static",
+	"lz4",
+	"zstd",
+	"bzip2",
 ]
 
 [workspace.dependencies.sha2]
@@ -422,13 +426,13 @@ features = ["rt-tokio"]
 
 [workspace.dependencies.opentelemetry-otlp]
 version = "0.31.0"
-features = ["http", "grpc-tonic", "trace", "logs", "metrics"]
+features = ["http", "trace", "logs", "metrics"]
 
 
 
 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.46.0"
+version = "0.45.0"
 default-features = false
 features = [
     "backtrace",
@@ -444,9 +448,9 @@ features = [
 ]
 
 [workspace.dependencies.sentry-tracing]
-version = "0.46.0"
+version = "0.45.0"
 [workspace.dependencies.sentry-tower]
-version = "0.46.0"
+version = "0.45.0"
 
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
@@ -454,16 +458,16 @@ git = "https://forgejo.ellis.link/continuwuation/jemallocator"
 rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = [
-    "background_threads_runtime_support",
-    "unprefixed_malloc_on_supported_platforms",
+	"background_threads_runtime_support",
+	"unprefixed_malloc_on_supported_platforms",
 ]
 [workspace.dependencies.tikv-jemallocator]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
 rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = [
-    "background_threads_runtime_support",
-    "unprefixed_malloc_on_supported_platforms",
+	"background_threads_runtime_support",
+	"unprefixed_malloc_on_supported_platforms",
 ]
 [workspace.dependencies.tikv-jemalloc-ctl]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
@@ -475,7 +479,7 @@ features = ["use_std"]
 version = "0.5"
 
 [workspace.dependencies.nix]
-version = "0.31.0"
+version = "0.30.1"
 default-features = false
 features = ["resource"]
 
@@ -487,9 +491,9 @@ default-features = false
 version = "0.1.2"
 default-features = false
 features = [
-    "static",
-    "gcc",
-    "light",
+	"static",
+	"gcc",
+	"light",
 ]
 
 [workspace.dependencies.rustyline-async]
@@ -553,12 +557,6 @@ features = ["sync", "tls-rustls", "rustls-provider"]
 [workspace.dependencies.resolv-conf]
 version = "0.7.5"
 
-[workspace.dependencies.yansi]
-version = "1.0.1"
-
-[workspace.dependencies.askama]
-version = "0.15.0"
-
 #
 # Patches
 #
@@ -672,6 +670,24 @@ panic = "abort"
 inherits = "release"
 strip = "symbols"
 lto = "fat"
+#rustflags = [
+#	'-Ctarget-cpu=native',
+#	'-Ztune-cpu=native',
+#	'-Ctarget-feature=+crt-static',
+#	'-Crelocation-model=static',
+#	'-Ztls-model=local-exec',
+#	'-Zinline-in-all-cgus=true',
+#	'-Zinline-mir=true',
+#	'-Zmir-opt-level=3',
+#	'-Clink-arg=-fuse-ld=gold',
+#	'-Clink-arg=-Wl,--threads',
+#	'-Clink-arg=-Wl,--gc-sections',
+#	'-Clink-arg=-luring',
+#	'-Clink-arg=-lstdc++',
+#	'-Clink-arg=-lc',
+#	'-Ztime-passes',
+#	'-Ztime-llvm-passes',
+#]
 
 [profile.release-max-perf.build-override]
 inherits = "release-max-perf"
@@ -850,8 +866,6 @@ unknown_lints = "allow"
 
 ###################
 cargo = { level = "warn", priority = -1 }
-# Nobody except for us should be consuming these crates, they don't need metadata
-cargo_common_metadata = { level = "allow" }
 
 ## some sadness
 multiple_crate_versions = { level = "allow", priority = 1 }
@@ -969,6 +983,3 @@ needless_raw_string_hashes = "allow"
 
 # TODO: Enable this lint & fix all instances
 collapsible_if = "allow"
-
-# TODO: break these apart
-cognitive_complexity = "allow"

README.md

@@ -11,7 +11,7 @@
 <!-- ANCHOR_END: catchphrase -->
 
 [continuwuity] is a Matrix homeserver written in Rust.
-It's the official community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.
+It's a community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.
 
 <!-- ANCHOR: body -->
 
@@ -59,13 +59,7 @@ Continuwuity aims to:
 
 Check out the [documentation](https://continuwuity.org) for installation instructions.
 
-If you want to try it out as a user, we have some partnered homeservers you can use:
-* You can head over to [https://federated.nexus](https://federated.nexus/) in your browser.
-  * Hit the `Apply to Join` button. Once your request has been accepted, you will receive an email with your username and password.
-  * Head over to [https://app.federated.nexus](https://app.federated.nexus/) and you can sign in there, or use any other matrix chat client you wish elsewhere.
-  * Your username for matrix will be in the form of `@username:federated.nexus`, however you can simply use the `username` part to log in. Your password is your password.
-
-* There's also [https://continuwuity.rocks/](https://continuwuity.rocks/). You can register a new account using Cinny via [this convenient link](https://app.cinny.in/register/continuwuity.rocks), or you can use Element or another matrix client *that supports registration*.
+There are currently no open registration Continuwuity instances available.
 
 ### What are we working on?
 

SECURITY.md

@@ -22,7 +22,7 @@ We appreciate the efforts of security researchers and the community in identifyi
 
 1. **Contact members of the team directly** over E2EE private message.
    - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
-   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk)
+   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
 2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
 3. **Do not disclose the vulnerability publicly** until it has been addressed
 4. **Provide detailed information** about the vulnerability, including:

bin/complement

@@ -2,19 +2,20 @@
 
 set -euo pipefail
 
-# The root path where complement is available.
+# Path to Complement's source code
+#
+# The `COMPLEMENT_SRC` environment variable is set in the Nix dev shell, which
+# points to a store path containing the Complement source code. It's likely you
+# want to just pass that as the first argument to use it here.
 COMPLEMENT_SRC="${COMPLEMENT_SRC:-$1}"
 
 # A `.jsonl` file to write test logs to
-LOG_FILE="${2:-tests/test_results/complement/test_logs.jsonl}"
+LOG_FILE="${2:-complement_test_logs.jsonl}"
 
 # A `.jsonl` file to write test results to
-RESULTS_FILE="${3:-tests/test_results/complement/test_results.jsonl}"
+RESULTS_FILE="${3:-complement_test_results.jsonl}"
 
-# The base docker image to use for complement tests
-# You can build the default with `docker build -t continuwuity:complement -f ./docker/complement.Dockerfile .`
-# after running `cargo build`. Only the debug binary is used.
-COMPLEMENT_BASE_IMAGE="${COMPLEMENT_BASE_IMAGE:-continuwuity:complement}"
+COMPLEMENT_BASE_IMAGE="${COMPLEMENT_BASE_IMAGE:-complement-conduwuit:main}"
 
 # Complement tests that are skipped due to flakiness/reliability issues or we don't implement such features and won't for a long time
 SKIPPED_COMPLEMENT_TESTS='TestPartialStateJoin.*|TestRoomDeleteAlias/Parallel/Regular_users_can_add_and_delete_aliases_when_m.*|TestRoomDeleteAlias/Parallel/Can_delete_canonical_alias|TestUnbanViaInvite.*|TestRoomState/Parallel/GET_/publicRooms_lists.*"|TestRoomDeleteAlias/Parallel/Users_with_sufficient_power-level_can_delete_other.*'
@@ -33,6 +34,25 @@ toplevel="$(git rev-parse --show-toplevel)"
 
 pushd "$toplevel" > /dev/null
 
+if [ ! -f "complement_oci_image.tar.gz" ]; then
+    echo "building complement conduwuit image"
+
+    # if using macOS, use linux-complement
+    #bin/nix-build-and-cache just .#linux-complement
+    bin/nix-build-and-cache just .#complement
+    #nix build -L .#complement
+
+    echo "complement conduwuit image tar.gz built at \"result\""
+
+    echo "loading into docker"
+    docker load < result
+    popd > /dev/null
+else
+    echo "skipping building a complement conduwuit image as complement_oci_image.tar.gz was already found, loading this"
+
+    docker load < complement_oci_image.tar.gz
+    popd > /dev/null
+fi
 
 echo ""
 echo "running go test with:"
@@ -52,16 +72,24 @@ env \
 set -o pipefail
 
 # Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results
-jq -s -c 'sort_by(.Test)[]' < "$LOG_FILE" | jq -c '
+cat "$LOG_FILE" | jq -s -c 'sort_by(.Test)[]' | jq -c '
     select(
         (.Action == "pass" or .Action == "fail" or .Action == "skip")
         and .Test != null
     ) | {Action: .Action, Test: .Test}
     ' > "$RESULTS_FILE"
 
+#if command -v gotestfmt &> /dev/null; then
+#    echo "using gotestfmt on $LOG_FILE"
+#    grep '{"Time":' "$LOG_FILE" | gotestfmt > "complement_test_logs_gotestfmt.log"
+#fi
+
 echo ""
 echo ""
 echo "complement logs saved at $LOG_FILE"
 echo "complement results saved at $RESULTS_FILE"
+#if command -v gotestfmt &> /dev/null; then
+#    echo "complement logs in gotestfmt pretty format outputted at complement_test_logs_gotestfmt.log (use an editor/terminal/pager that interprets ANSI colours and UTF-8 emojis)"
+#fi
 echo ""
 echo ""

book.toml

@@ -4,6 +4,7 @@ description = "continuwuity is a community continuation of the conduwuit Matrix
 language = "en"
 authors = ["The continuwuity Community"]
 text-direction = "ltr"
+multilingual = false
 src = "docs"
 
 [build]

changelog.d/+6368729a.feature.md

@@ -1 +0,0 @@
-Added support for using an admin command to issue self-service password reset links.

changelog.d/+6e57599d.bugfix.md

@@ -1 +0,0 @@
-Stopped left rooms from being unconditionally sent on initial sync, hopefully fixing spurious appearances of left rooms in some clients (and making sync faster as a bonus). Contributed by @ginger

changelog.d/+space-permission-cascading.feature.md

@@ -1 +0,0 @@
-Add Space permission cascading: power levels cascade from Spaces to child rooms, role-based room access with custom roles, continuous enforcement (auto-join/kick), and admin commands for role management. Server-wide default controlled by `space_permission_cascading` config flag (off by default), with per-Space overrides via `!admin space roles enable/disable <space>`.

changelog.d/1265.bugfix

@@ -1 +0,0 @@
-Fixed corrupted appservice registrations causing the server to enter a crash loop. Contributed by @nex.

changelog.d/1371.feature.md

@@ -1 +0,0 @@
-Re-added support for reading registration tokens from a file. Contributed by @ginger and @benbot.

changelog.d/1448.bugfix

@@ -1 +0,0 @@
-Prevent removing the admin room alias (`#admins`) to avoid accidentally breaking admin room functionality. Contributed by @0xnim

changelog.d/1527.feature.md

@@ -1 +0,0 @@
-Add new config option to allow or disallow search engine indexing through a `<meta ../>` tag. Defaults to blocking indexing (`content="noindex"`). Contributed by @s1lv3r and @ginger.

clippy.toml

@@ -15,18 +15,6 @@ disallowed-macros = [
 	{ path = "log::trace", reason = "use conduwuit_core::trace" },
 ]
 
-[[disallowed-methods]]
-path = "tokio::spawn"
-reason = "use and pass conduwuit_core::server::Server::runtime() to spawn from"
-
-[[disallowed-methods]]
-path = "reqwest::Response::bytes"
-reason = "bytes is unsafe, use limit_read via the conduwuit_core::utils::LimitReadExt trait instead"
-
-[[disallowed-methods]]
-path = "reqwest::Response::text"
-reason = "text is unsafe, use limit_read_text via the conduwuit_core::utils::LimitReadExt trait instead"
-
-[[disallowed-methods]]
-path = "reqwest::Response::json"
-reason = "json is unsafe, use limit_read_text via the conduwuit_core::utils::LimitReadExt trait instead"
+disallowed-methods = [
+    { path = "tokio::spawn", reason = "use and pass conduuwit_core::server::Server::runtime() to spawn from" },
+]

complement/complement-entrypoint.sh

@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-set -xe
-# If we have no $SERVER_NAME set, abort
-if [ -z "$SERVER_NAME" ]; then
-  echo "SERVER_NAME is not set, aborting"
-  exit 1
-fi
-
-# If /complement/ca/ca.crt or /complement/ca/ca.key are missing, abort
-if [ ! -f /complement/ca/ca.crt ] || [ ! -f /complement/ca/ca.key ]; then
-  echo "/complement/ca/ca.crt or /complement/ca/ca.key is missing, aborting"
-  exit 1
-fi
-
-# Add the root cert to the local trust store
-echo 'Installing Complement CA certificate to local trust store'
-cp /complement/ca/ca.crt /usr/local/share/ca-certificates/complement-ca.crt
-update-ca-certificates
-
-# Sign a certificate for our $SERVER_NAME
-echo "Generating and signing certificate for $SERVER_NAME"
-openssl genrsa -out "/$SERVER_NAME.key" 2048
-
-echo "Generating CSR for $SERVER_NAME"
-openssl req -new -sha256 \
-  -key "/$SERVER_NAME.key" \
-  -out "/$SERVER_NAME.csr" \
-  -subj "/C=US/ST=CA/O=Continuwuity, Inc./CN=$SERVER_NAME"\
-  -addext "subjectAltName=DNS:$SERVER_NAME"
-openssl req -in "$SERVER_NAME.csr" -noout -text
-
-echo "Signing certificate for $SERVER_NAME with Complement CA"
-cat <<EOF > ./cert.ext
-authorityKeyIdentifier=keyid,issuer
-basicConstraints = CA:FALSE
-keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
-extendedKeyUsage = serverAuth
-subjectAltName = @alt_names
-[alt_names]
-DNS.1 = *.docker.internal
-DNS.2 = hs1
-DNS.3 = hs2
-DNS.4 = hs3
-DNS.5 = hs4
-DNS.6 = $SERVER_NAME
-IP.1 = 127.0.0.1
-EOF
-openssl x509 \
-  -req \
-  -in "/$SERVER_NAME.csr" \
-  -CA /complement/ca/ca.crt \
-  -CAkey /complement/ca/ca.key \
-  -CAcreateserial \
-  -out "/$SERVER_NAME.crt" \
-  -days 1 \
-  -sha256 \
-  -extfile ./cert.ext
-
-# Tell continuwuity where to find the certs
-export CONTINUWUITY_TLS__KEY="/$SERVER_NAME.key"
-export CONTINUWUITY_TLS__CERTS="/$SERVER_NAME.crt"
-# And who it is
-export CONTINUWUITY_SERVER_NAME="$SERVER_NAME"
-
-echo "Starting Continuwuity with SERVER_NAME=$SERVER_NAME"
-# Start continuwuity
-/usr/local/bin/conduwuit --config /etc/continuwuity/config.toml

complement/complement.config.toml

@@ -1,53 +0,0 @@
-# ============================================= #
-# Complement pre-filled configuration file      #
-#
-# DANGER: THIS FILE FORCES INSECURE VALUES.     #
-# DO NOT USE OUTSIDE THE TEST SUITE ENV!        #
-# ============================================= #
-[global]
-address = "0.0.0.0"
-allow_device_name_federation = true
-allow_guest_registration = true
-allow_public_room_directory_over_federation = true
-allow_registration = true
-database_path = "/database"
-log = "trace,h2=debug,hyper=debug,conduwuit_database=warn,conduwuit_service::manager=info,conduwuit_api::router=error,conduwuit_router=error,tower_http=error"
-port = [8008, 8448]
-trusted_servers = []
-only_query_trusted_key_servers = false
-query_trusted_key_servers_first = false
-query_trusted_key_servers_first_on_join = false
-yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
-ip_range_denylist = []
-url_preview_domain_contains_allowlist = ["*"]
-url_preview_domain_explicit_denylist = ["*"]
-media_compat_file_link = false
-media_startup_check = true
-prune_missing_media = true
-log_colors = false
-admin_room_notices = false
-allow_check_for_updates = false
-intentionally_unknown_config_option_for_testing = true
-rocksdb_log_level = "info"
-rocksdb_max_log_files = 1
-rocksdb_recovery_mode = 0
-rocksdb_paranoid_file_checks = true
-log_guest_registrations = false
-allow_legacy_media = true
-startup_netburst = true
-startup_netburst_keep = -1
-allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
-dns_timeout = 60
-dns_attempts = 20
-request_conn_timeout = 60
-request_timeout = 120
-well_known_conn_timeout = 60
-well_known_timeout = 60
-federation_idle_timeout = 300
-sender_timeout = 300
-sender_idle_timeout = 300
-sender_retry_backoff_limit = 300
-force_disable_first_run_mode = true
-
-[global.tls]
-dual_protocol = true

conduwuit-example.toml

@@ -25,13 +25,9 @@
 #
 # Also see the `[global.well_known]` config section at the very bottom.
 #
-# If `client` is not set under `[global.well_known]`, the server name will
-# be used as the base domain for user-facing links (such as password
-# reset links) created by Continuwuity.
-#
 # Examples of delegation:
-# - https://continuwuity.org/.well-known/matrix/server
-# - https://continuwuity.org/.well-known/matrix/client
+# - https://puppygock.gay/.well-known/matrix/server
+# - https://puppygock.gay/.well-known/matrix/client
 #
 # YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
 # WIPE.
@@ -294,25 +290,6 @@
 #
 #max_fetch_prev_events = 192
 
-# How many incoming federation transactions the server is willing to be
-# processing at any given time before it becomes overloaded and starts
-# rejecting further transactions until some slots become available.
-#
-# Setting this value too low or too high may result in unstable
-# federation, and setting it too high may cause runaway resource usage.
-#
-#max_concurrent_inbound_transactions = 150
-
-# Maximum age (in seconds) for cached federation transaction responses.
-# Entries older than this will be removed during cleanup.
-#
-#transaction_id_cache_max_age_secs = 7200 (2 hours)
-
-# Maximum number of cached federation transaction responses.
-# When the cache exceeds this limit, older entries will be removed.
-#
-#transaction_id_cache_max_entries = 8192
-
 # Default/base connection timeout (seconds). This is used only by URL
 # previews and update/news endpoint checks.
 #
@@ -363,9 +340,7 @@
 # this to be high to account for extremely large room joins, slow
 # homeservers, your own resources etc.
 #
-# Joins have 6x the timeout.
-#
-#federation_timeout = 60
+#federation_timeout = 300
 
 # MSC4284 Policy server request timeout (seconds). Generally policy
 # servers should respond near instantly, however may slow down under
@@ -414,15 +389,7 @@
 #
 #appservice_idle_timeout = 300
 
-# Notification gateway pusher request connection timeout (seconds).
-#
-#pusher_conn_timeout = 15
-
-# Notification gateway pusher total request timeout (seconds).
-#
-#pusher_timeout = 60
-
-# Notification gateway pusher idle connection pool timeout (seconds).
+# Notification gateway pusher idle connection pool timeout.
 #
 #pusher_idle_timeout = 15
 
@@ -454,9 +421,9 @@
 # `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
 #
 # If you would like registration only via token reg, please configure
-# `registration_token`.
+# `registration_token` or `registration_token_file`.
 #
-#allow_registration = true
+#allow_registration = false
 
 # If registration is enabled, and this setting is true, new users
 # registered after the first admin user will be automatically suspended
@@ -474,40 +441,30 @@
 #
 #suspend_on_register = false
 
-# Server-wide default for space permission cascading (power levels and
-# role-based access). Individual Spaces can override this via the
-# `com.continuwuity.space.cascading` state event or the admin command
-# `!admin space roles enable/disable <space>`.
-#
-#space_permission_cascading = false
-
-# Maximum number of spaces to cache role data for. When exceeded the
-# cache is cleared and repopulated on demand.
-#
-#space_roles_cache_flush_threshold = 1000
-
 # Enabling this setting opens registration to anyone without restrictions.
 # This makes your server vulnerable to abuse
 #
 #yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false
 
 # A static registration token that new users will have to provide when
-# creating an account. This token does not supersede tokens from other
-# sources, such as the `!admin token` command or the
-# `registration_token_file` configuration option.
+# creating an account. If unset and `allow_registration` is true,
+# you must set
+# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
+# to true to allow open registration without any conditions.
+#
+# YOU NEED TO EDIT THIS OR USE registration_token_file.
 #
 # example: "o&^uCtes4HPf0Vu@F20jQeeWE7"
 #
 #registration_token =
 
-# A path to a file containing static registration tokens, one per line.
-# Tokens in this file do not supersede tokens from other sources, such as
-# the `!admin token` command or the `registration_token` configuration
-# option.
+# Path to a file on the system that gets read for additional registration
+# tokens. Multiple tokens can be added if you separate them with
+# whitespace
 #
-# The file will be read once, when Continuwuity starts. It is not
-# currently reread when the server configuration is reloaded. If the file
-# cannot be read, Continuwuity will fail to start.
+# continuwuity must be able to access the file, and it must not be empty
+#
+# example: "/etc/continuwuity/.reg_token"
 #
 #registration_token_file =
 
@@ -569,6 +526,12 @@
 #
 #allow_public_room_directory_over_federation = false
 
+# Set this to true to allow your server's public room directory to be
+# queried without client authentication (access token) through the Client
+# APIs. Set this to false to protect against /publicRooms spiders.
+#
+#allow_public_room_directory_without_auth = false
+
 # Allow guests/unauthenticated users to access TURN credentials.
 #
 # This is the equivalent of Synapse's `turn_allow_guests` config option.
@@ -623,13 +586,10 @@
 #allow_unstable_room_versions = true
 
 # Default room version continuwuity will create rooms with.
-# Note that this has to be a string since the room version is a string
-# rather than an integer. Forgetting the quotes will make the server fail
-# to start!
 #
-# Per spec, room version "11" is the default.
+# Per spec, room version 11 is the default.
 #
-#default_room_version = "11"
+#default_room_version = 11
 
 # Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
 # Jaeger exporter. Traces will be sent via OTLP to a collector (such as
@@ -645,11 +605,6 @@
 #
 #otlp_filter = "info"
 
-# Protocol to use for OTLP tracing export. Options are "http" or "grpc".
-# The HTTP protocol uses port 4318 by default, while gRPC uses port 4317.
-#
-#otlp_protocol = "http"
-
 # If the 'perf_measurements' compile-time feature is enabled, enables
 # collecting folded stack trace profile of tracing spans using
 # tracing_flame. The resulting profile can be visualized with inferno[1],
@@ -1092,6 +1047,14 @@
 #
 #rocksdb_repair = false
 
+# This item is undocumented. Please contribute documentation for it.
+#
+#rocksdb_read_only = false
+
+# This item is undocumented. Please contribute documentation for it.
+#
+#rocksdb_secondary = false
+
 # Enables idle CPU priority for compaction thread. This is not enabled by
 # default to prevent compaction from falling too far behind on busy
 # systems.
@@ -1148,34 +1111,27 @@
 
 # Allow local (your server only) presence updates/requests.
 #
-# Local presence must be enabled for outgoing presence to function.
-#
-# Note that local presence is not as heavy on the CPU as federated
-# presence, but will still become more expensive the more local users you
-# have.
+# Note that presence on continuwuity is very fast unlike Synapse's. If
+# using outgoing presence, this MUST be enabled.
 #
 #allow_local_presence = true
 
-# Allow incoming federated presence updates.
+# Allow incoming federated presence updates/requests.
 #
-# This option enables processing inbound presence updates from other
-# servers. Without it, remote users will appear as if they are always
-# offline to your local users. This does not affect typing indicators or
-# read receipts.
+# This option receives presence updates from other servers, but does not
+# send any unless `allow_outgoing_presence` is true. Note that presence on
+# continuwuity is very fast unlike Synapse's.
 #
 #allow_incoming_presence = true
 
 # Allow outgoing presence updates/requests.
 #
-# This option sends presence updates to other servers, and requires that
-# `allow_local_presence` is also enabled.
+# This option sends presence updates to other servers, but does not
+# receive any unless `allow_incoming_presence` is true. Note that presence
+# on continuwuity is very fast unlike Synapse's. If using outgoing
+# presence, you MUST enable `allow_local_presence` as well.
 #
-# Note that outgoing presence is very heavy on the CPU and network, and
-# will typically cause extreme strain and slowdowns for no real benefit.
-# There are only a few clients that even implement presence, so you
-# probably don't want to enable this.
-#
-#allow_outgoing_presence = false
+#allow_outgoing_presence = true
 
 # How many seconds without presence updates before you become idle.
 # Defaults to 5 minutes.
@@ -1209,10 +1165,6 @@
 
 # Allow sending read receipts to remote servers.
 #
-# Note that sending read receipts to remote servers in large rooms with
-# lots of other homeservers may cause additional strain on the CPU and
-# network.
-#
 #allow_outgoing_read_receipts = true
 
 # Allow local typing updates.
@@ -1224,10 +1176,6 @@
 
 # Allow outgoing typing updates to federation.
 #
-# Note that sending typing indicators to remote servers in large rooms
-# with lots of other homeservers may cause additional strain on the CPU
-# and network.
-#
 #allow_outgoing_typing = true
 
 # Allow incoming typing updates from federation.
@@ -1361,7 +1309,7 @@
 # sender user's server name, inbound federation X-Matrix origin, and
 # outbound federation handler.
 #
-# You can set this to [".*"] to block all servers by default, and then
+# You can set this to ["*"] to block all servers by default, and then
 # use `allowed_remote_server_names` to allow only specific servers.
 #
 # example: ["badserver\\.tld$", "badphrase", "19dollarfortnitecards"]
@@ -1499,11 +1447,6 @@
 #
 #url_preview_max_spider_size = 256000
 
-# Total request timeout for URL previews (seconds). This includes
-# connection, request, and response body reading time.
-#
-#url_preview_timeout = 120
-
 # Option to decide whether you would like to run the domain allowlist
 # checks (contains and explicit) on the root domain or not. Does not apply
 # to URL contains allowlist. Defaults to false.
@@ -1517,15 +1460,6 @@
 #
 #url_preview_check_root_domain = false
 
-# User agent that is used specifically when fetching url previews.
-#
-#url_preview_user_agent = "continuwuity/<version> (bot; +https://continuwuity.org)"
-
-# Determines whether audio and video files will be downloaded for URL
-# previews.
-#
-#url_preview_allow_audio_video = false
-
 # List of forbidden room aliases and room IDs as strings of regex
 # patterns.
 #
@@ -1596,7 +1530,7 @@
 # a normal continuwuity admin command. The reply will be publicly visible
 # to the room, originating from the sender.
 #
-# example: \\!admin debug ping continuwuity.org
+# example: \\!admin debug ping puppygock.gay
 #
 #admin_escape_commands = true
 
@@ -1614,8 +1548,7 @@
 # For example: `./continuwuity --execute "server admin-notice continuwuity
 # has started up at $(date)"`
 #
-# example: admin_execute = ["debug ping continuwuity.org", "debug echo
-# hi"]`
+# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
 #
 #admin_execute = []
 
@@ -1648,18 +1581,6 @@
 #
 #admin_room_tag = "m.server_notice"
 
-# A list of Matrix IDs that are qualified as server admins.
-#
-# Any Matrix IDs within this list are regarded as an admin
-# regardless of whether they are in the admin room or not
-#
-#admins_list = []
-
-# Defines whether those within the admin room are added to the
-# admins_list.
-#
-#admins_from_room = true
-
 # Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
 # This is NOT enabled by default.
 #
@@ -1705,7 +1626,7 @@
 
 # Enable the tokio-console. This option is only relevant to developers.
 #
-#    For more information, see:
+#	For more information, see:
 # https://continuwuity.org/development.html#debugging-with-tokio-console
 #
 #tokio_console = false
@@ -1811,10 +1732,9 @@
 #
 #config_reload_signal = true
 
-# Allow search engines and crawlers to index Continuwuity's built-in
-# webpages served under the `/_continuwuity/` prefix.
+# This item is undocumented. Please contribute documentation for it.
 #
-#allow_web_indexing = false
+#ldap = false
 
 [global.tls]
 
@@ -1877,16 +1797,6 @@
 #
 #support_mxid =
 
-# **DEPRECATED**: Use `[global.matrix_rtc].foci` instead.
-#
-# A list of MatrixRTC foci URLs which will be served as part of the
-# MSC4143 client endpoint at /.well-known/matrix/client.
-#
-# This option is deprecated and will be removed in a future release.
-# Please migrate to the new `[global.matrix_rtc]` config section.
-#
-#rtc_focus_server_urls = []
-
 [global.blurhashing]
 
 # blurhashing x component, 4 is recommended by https://blurha.sh/
@@ -1905,23 +1815,6 @@
 #
 #blurhash_max_raw_size = 33554432
 
-[global.matrix_rtc]
-
-# A list of MatrixRTC foci (transports) which will be served via the
-# MSC4143 RTC transports endpoint at
-# `/_matrix/client/v1/rtc/transports`. If you're setting up livekit,
-# you'd want something like:
-# ```toml
-# [global.matrix_rtc]
-# foci = [
-#     { type = "livekit", livekit_service_url = "https://livekit.example.com" },
-# ]
-# ```
-#
-# To disable, set this to an empty list (`[]`).
-#
-#foci = []
-
 [global.ldap]
 
 # Whether to enable LDAP login.
@@ -2009,43 +1902,3 @@
 # example: "(objectClass=conduwuitAdmin)" or "(uid={username})"
 #
 #admin_filter = ""
-
-#[global.antispam]
-
-#[global.antispam.meowlnir]
-
-# The base URL on which to contact Meowlnir (before /_meowlnir/antispam).
-#
-# Example: "http://127.0.0.1:29339"
-#
-#base_url =
-
-# The authentication secret defined in antispam->secret. Required for
-# continuwuity to talk to Meowlnir.
-#
-#secret =
-
-# The management room for which to send requests
-#
-#management_room =
-
-# If enabled run all federated join attempts (both federated and local)
-# through the Meowlnir anti-spam checks.
-#
-# By default, only join attempts for rooms with the `fi.mau.spam_checker`
-# restricted join rule are checked.
-#
-#check_all_joins = false
-
-#[global.antispam.draupnir]
-
-# The base URL on which to contact Draupnir (before /api/).
-#
-# Example: "http://127.0.0.1:29339"
-#
-#base_url =
-
-# The authentication secret defined in
-# web->synapseHTTPAntispam->authorization
-#
-#secret =

development.md

@@ -1 +1 @@
-docs/development/index.mdx
+docs/development.md

docker/Dockerfile

@@ -48,11 +48,11 @@ EOF
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.17.7
+ENV BINSTALL_VERSION=1.15.11
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
-ENV LDDTREE_VERSION=0.5.0
+ENV LDDTREE_VERSION=0.3.7
 # renovate: datasource=crate depName=timelord-cli
 ENV TIMELORD_VERSION=3.0.1
 
@@ -162,7 +162,6 @@ ENV CONDUWUIT_VERSION_EXTRA=$CONDUWUIT_VERSION_EXTRA
 ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA
 
 ARG RUST_PROFILE=release
-ARG CARGO_FEATURES="default,http3"
 
 # Build the binary
 RUN --mount=type=cache,target=/usr/local/cargo/registry \
@@ -172,32 +171,18 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
     set -o allexport
     set -o xtrace
     . /etc/environment
-
-    # Check if http3 feature is enabled and set appropriate RUSTFLAGS
-    if echo "${CARGO_FEATURES}" | grep -q "http3"; then
-        export RUSTFLAGS="${RUSTFLAGS} --cfg reqwest_unstable"
-    else
-        export RUSTFLAGS="${RUSTFLAGS}"
-    fi
-
-    RUST_PROFILE_DIR="${RUST_PROFILE}"
-    if [[ "${RUST_PROFILE}" == "dev" ]]; then
-        RUST_PROFILE_DIR="debug"
-    fi
-
     TARGET_DIR=($(cargo metadata --no-deps --format-version 1 | \
             jq -r ".target_directory"))
     mkdir /out/sbin
     PACKAGE=conduwuit
     xx-cargo build --locked --profile ${RUST_PROFILE} \
-        --no-default-features --features ${CARGO_FEATURES} \
         -p $PACKAGE;
     BINARIES=($(cargo metadata --no-deps --format-version 1 | \
         jq -r ".packages[] | select(.name == \"$PACKAGE\") | .targets[] | select( .kind | map(. == \"bin\") | any ) | .name"))
     for BINARY in "${BINARIES[@]}"; do
         echo $BINARY
-        xx-verify $TARGET_DIR/$(xx-cargo --print-target-triple)/${RUST_PROFILE_DIR}/$BINARY
-        cp $TARGET_DIR/$(xx-cargo --print-target-triple)/${RUST_PROFILE_DIR}/$BINARY /out/sbin/$BINARY
+        xx-verify $TARGET_DIR/$(xx-cargo --print-target-triple)/${RUST_PROFILE}/$BINARY
+        cp $TARGET_DIR/$(xx-cargo --print-target-triple)/${RUST_PROFILE}/$BINARY /out/sbin/$BINARY
     done
 EOF
 

docker/complement.Dockerfile

@@ -1,11 +0,0 @@
-FROM ubuntu:latest
-EXPOSE 8008
-EXPOSE 8448
-RUN apt-get update && apt-get install -y ca-certificates liburing2 && rm -rf /var/lib/apt/lists/*
-RUN mkdir -p /etc/continuwuity /var/lib/continuwuity /usr/local/bin/
-COPY complement/complement-entrypoint.sh /usr/local/bin/complement-entrypoint.sh
-COPY complement/complement.config.toml /etc/continuwuity/config.toml
-COPY target/debug/conduwuit /usr/local/bin/conduwuit
-RUN chmod +x /usr/local/bin/conduwuit /usr/local/bin/complement-entrypoint.sh
-#HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:8008/_continuwuity/server_version || exit 1
-ENTRYPOINT ["/usr/local/bin/complement-entrypoint.sh"]

docker/musl.Dockerfile

@@ -18,11 +18,11 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.17.7
+ENV BINSTALL_VERSION=1.15.11
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
-ENV LDDTREE_VERSION=0.5.0
+ENV LDDTREE_VERSION=0.3.7
 
 # Install unpackaged tools
 RUN <<EOF

docs/SUMMARY.md

@@ -0,0 +1,26 @@
+# Summary
+
+- [Introduction](introduction.md)
+- [Configuration](configuration.md)
+  - [Examples](configuration/examples.md)
+- [Deploying](deploying.md)
+  - [Generic](deploying/generic.md)
+  - [NixOS](deploying/nixos.md)
+  - [Docker](deploying/docker.md)
+  - [Kubernetes](deploying/kubernetes.md)
+  - [Arch Linux](deploying/arch-linux.md)
+  - [Debian](deploying/debian.md)
+  - [Fedora](deploying/fedora.md)
+  - [FreeBSD](deploying/freebsd.md)
+- [TURN](turn.md)
+- [Appservices](appservices.md)
+- [Maintenance](maintenance.md)
+- [Troubleshooting](troubleshooting.md)
+- [Admin Command Reference](admin_reference.md)
+- [Development](development.md)
+  - [Contributing](contributing.md)
+  - [Code Style Guide](development/code_style.md)
+  - [Testing](development/testing.md)
+  - [Hot Reloading ("Live" Development)](development/hot_reload.md)
+- [Community (and Guidelines)](community.md)
+- [Security](security.md)

docs/_meta.json

@@ -1,85 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "introduction",
-        "label": "Continuwuity"
-    },
-    {
-        "type": "file",
-        "name": "configuration",
-        "label": "Configuration"
-    },
-    {
-        "type": "dir",
-        "name": "deploying",
-        "label": "Deploying"
-    },
-    {
-        "type": "dir",
-        "name": "calls",
-        "label": "Calls"
-    },
-    {
-        "type": "file",
-        "name": "appservices",
-        "label": "Appservices"
-    },
-    {
-        "type": "file",
-        "name": "maintenance",
-        "label": "Maintenance"
-    },
-    {
-        "type": "file",
-        "name": "troubleshooting",
-        "label": "Troubleshooting"
-    },
-    {
-        "type": "dir",
-        "name": "advanced",
-        "label": "Advanced"
-    },
-    "security",
-    {
-        "type": "dir-section-header",
-        "name": "community",
-        "label": "Community",
-        "collapsible": true,
-        "collapsed": false
-    },
-    {
-        "type": "divider"
-    },
-    {
-        "type": "dir-section-header",
-        "name": "development",
-        "label": "Development",
-        "collapsible": true,
-        "collapsed": false
-    },
-    {
-        "type": "divider"
-    },
-    {
-        "type": "section-header",
-        "label": "Reference"
-    },
-    {
-        "type": "file",
-        "label": "Configuration Reference",
-        "name": "/reference/config"
-    },
-    {
-        "type": "file",
-        "label": "Environment Variables",
-        "name": "/reference/environment-variables"
-    },
-    {
-        "type": "dir",
-        "label": "Admin Command Reference",
-        "name": "/reference/admin/"
-    },
-    {
-        "type": "divider"
-    }
-]

docs/_nav.json

@@ -1,42 +0,0 @@
-[
-    {
-        "text": "Guide",
-        "link": "/introduction",
-        "activeMatch": "^/(introduction|configuration|deploying|calls|appservices|maintenance|troubleshooting|advanced)"
-    },
-    {
-        "text": "Development",
-        "link": "/development/index",
-        "activeMatch": "^/development/"
-    },
-    {
-        "text": "Reference",
-        "items": [
-            {
-                "text": "Configuration Reference",
-                "link": "/reference/config"
-            },
-            {
-                "text": "Admin Command Reference",
-                "link": "/reference/admin/"
-            }
-        ]
-    },
-    {
-        "text": "Community",
-        "items": [
-            {
-                "text": "Community Guidelines",
-                "link": "/community/guidelines"
-            },
-            {
-                "text": "Become a Partnered Homeserver!",
-                "link": "/community/ops-guidelines"
-            }
-        ]
-    },
-    {
-        "text": "Security",
-        "link": "/security"
-    }
-]

docs/advanced/_meta.json

@@ -1,7 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "delegation",
-        "label": "Delegation / split-domain"
-    }
-]

docs/advanced/delegation.mdx

@@ -1,206 +0,0 @@
-# Delegation/split-domain deployment
-
-Matrix allows clients and servers to discover a homeserver's "true" destination via **`.well-known` delegation**. This is especially useful if you would like to:
-
-- Serve Continuwuity on a subdomain while having only the base domain for your usernames
-- Use a port other than `:8448` for server-to-server connections
-
-This guide will show you how to have `@user:example.com` usernames while serving Continuwuity on `https://matrix.example.com`. It assumes you are using port 443 for both client-to-server connections and server-to-server federation.
-
-## Configuration
-
-First, ensure you have set up A/AAAA records for `matrix.example.com` and `example.com` pointing to your IP.
-
-Then, ensure that the `server_name` field matches your intended username suffix. If this is not the case, you **MUST** wipe the database directory and reinstall Continuwuity with your desired `server_name`.
-
-Then, in the `[global.well_known]` section of your config file, add the following fields:
-
-```toml
-[global.well_known]
-
-client = "https://matrix.example.com"
-
-# port number MUST be specified
-server = "matrix.example.com:443"
-
-# (optional) customize your support contacts
-#support_page =
-#support_role = "m.role.admin"
-#support_email =
-#support_mxid = "@user:example.com"
-```
-
-Alternatively if you are using Docker, you can set the `CONTINUWUITY_WELL_KNOWN` environment variable as below:
-
-```yaml
-services:
-  continuwuity:
-    ...
-    environment:
-      CONTINUWUITY_WELL_KNOWN: |
-        {
-        client=https://matrix.example.com,
-        server=matrix.example.com:443
-        }
-```
-
-## Serving with a reverse proxy
-
-After doing the steps above, Continuwuity will serve these 3 JSON files:
-
-- `/.well-known/matrix/client`: for Client-Server discovery
-- `/.well-known/matrix/server`: for Server-Server (federation) discovery
-- `/.well-known/matrix/support`: admin contact details (strongly recommended to have)
-
-To enable full discovery, you will need to reverse proxy these paths from the base domain back to Continuwuity.
-
-<details>
-
-<summary>For Caddy</summary>
-
-```
-matrix.example.com:443 {
-  reverse_proxy 127.0.0.1:8008
-}
-
-example.com:443 {
-  reverse_proxy /.well-known/matrix* 127.0.0.1:8008
-}
-```
-
-</details>
-
-<details>
-
-<summary>For Traefik (via Docker labels)</summary>
-
-```
-services:
-  continuwuity:
-    ...
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.continuwuity.rule=(Host(`matrix.example.com`) || (Host(`example.com`) && PathPrefix(`/.well-known/matrix`)))"
-      - "traefik.http.routers.continuwuity.service=continuwuity"
-      - "traefik.http.services.continuwuity.loadbalancer.server.port=8008"
-```
-
-</details>
-
-Restart Continuwuity and your reverse proxy. Once that's done, visit these routes and check that the responses match the examples below:
-
-<details open>
-
-<summary>`https://example.com/.well-known/matrix/server`</summary>
-
-```json
-{
-  "m.server": "matrix.example.com:443"
-}
-```
-
-</details>
-
-<details open>
-
-<summary>`https://example.com/.well-known/matrix/client`</summary>
-
-```json
-{
-  "m.homeserver": {
-    "base_url": "https://matrix.example.com/"
-  }
-}
-```
-
-</details>
-
-## Troubleshooting
-
-### Cannot log in with web clients
-
-Make sure there is an `Access-Control-Allow-Origin: *` header in your `/.well-known/matrix/client` path. While Continuwuity serves this header by default, it may be dropped by reverse proxies or other middlewares.
-
----
-
-## Using SRV records (not recommended)
-
-:::warning
-The following methods are **not recommended** due to increased complexity with little benefits. If you have already set up `.well-known` delegation as above, you can safely skip this part.
-:::
-
-The following methods uses SRV DNS records and only work with federation traffic. They are only included for completeness.
-
-<details>
-
-<summary>Using only SRV records</summary>
-
-If you can't set up `/.well-known/matrix/server` on :443 for some reason, you can set up a SRV record (via your DNS provider) as below:
-
-- Service and name: `_matrix-fed._tcp.example.com.`
-- Priority: `10` (can be any number)
-- Weight: `10` (can be any number)
-- Port: `443`
-- Target: `matrix.example.com.`
-
-On the target's IP at port 443, you must configure a valid route and cert for your server name, `example.com`. Therefore, this method only works to redirect traffic into the right IP/port combo, and can not delegate your federation to a different domain.
-
-</details>
-
-<details>
-
-<summary>Using SRV records + .well-known</summary>
-
-You can also set up `/.well-known/matrix/server` with a delegated domain but no ports:
-
-```toml
-[global.well_known]
-server = "matrix.example.com"
-```
-
-Then, set up a SRV record (via your DNS provider) to announce the port number as below:
-
-- Service and name: `_matrix-fed._tcp.matrix.example.com.`
-- Priority: `10` (can be any number)
-- Weight: `10` (can be any number)
-- Port: `443`
-- Target: `matrix.example.com.`
-
-On the target's IP at port 443, you'll need to provide a valid route and cert for `matrix.example.com`. It provides the same feature as pure `.well-known` delegation, albeit with more parts to handle.
-
-</details>
-
-<details>
-
-<summary>Using SRV records as a fallback for .well-known delegation</summary>
-
-Assume your delegation is as below:
-
-```toml
-[global.well_known]
-server = "example.com:443"
-```
-
-If your Continuwuity instance becomes temporarily unreachable, other servers will not be able to find your `/.well-known/matrix/server` file, and defaults to using `server_name:8448`. This incorrect cache can persist for a long time, and would hinder re-federation when your server eventually comes back online.
-
-If you want other servers to default to using port :443 even when it is offline, you could set up a SRV record (via your DNS provider) as follows:
-
-- Service and name: `_matrix-fed._tcp.example.com.`
-- Priority: `10` (can be any number)
-- Weight: `10` (can be any number)
-- Port: `443`
-- Target: `example.com.`
-
-On the target's IP at port 443, you'll need to provide a valid route and cert for `example.com`.
-
-</details>
-
----
-
-## Related Documentation
-
-See the following Matrix Specs for full details on client/server resolution mechanisms:
-
-- [Server-to-Server resolution](https://spec.matrix.org/v1.17/server-server-api/#resolving-server-names) (see this for more information on SRV records)
-- [Client-to-Server resolution](https://spec.matrix.org/v1.17/client-server-api/#server-discovery)
-- [MSC1929: Homeserver Admin Contact and Support page](https://github.com/matrix-org/matrix-spec-proposals/pull/1929)

docs/assets/conduwuit_logo.svg

@@ -0,0 +1,36 @@
+<svg
+  version="1.1"
+  id="Layer_1"
+  xmlns="http://www.w3.org/2000/svg"
+  x="0px"
+  y="0px"
+  width="100%"
+  viewBox="0 0 864 864"
+  enableBackground="new 0 0 864 864"
+  xmlSpace="preserve"
+>
+  <path
+    fill="#EC008C"
+    opacity="1.000000"
+    stroke="none"
+    d="M0.999997,649.000000 C1.000000,433.052795 1.000000,217.105591 1.000000,1.079198 C288.876801,1.079198 576.753601,1.079198 865.000000,1.079198 C865.000000,73.025414 865.000000,145.051453 864.634888,217.500671 C852.362488,223.837280 840.447632,229.735275 828.549438,235.666794 C782.143677,258.801056 735.743225,281.945923 688.998657,304.980469 C688.122009,304.476532 687.580750,304.087708 687.053894,303.680206 C639.556946,266.944733 573.006775,291.446869 560.804199,350.179443 C560.141357,353.369446 559.717590,356.609131 559.195374,359.748962 C474.522705,359.748962 390.283478,359.748962 306.088135,359.748962 C298.804138,318.894806 265.253357,295.206024 231.834442,293.306793 C201.003021,291.554596 169.912033,310.230042 156.935104,338.792725 C149.905151,354.265930 147.884064,370.379944 151.151794,387.034515 C155.204453,407.689667 166.300507,423.954224 183.344437,436.516663 C181.938263,437.607025 180.887405,438.409576 179.849426,439.228516 C147.141953,465.032562 139.918045,510.888947 163.388611,545.322632 C167.274551,551.023804 172.285187,555.958313 176.587341,561.495728 C125.846893,587.012817 75.302292,612.295532 24.735992,637.534790 C16.874903,641.458496 8.914484,645.183228 0.999997,649.000000 z"
+  />
+  <path
+    fill="#000000"
+    opacity="1.000000"
+    stroke="none"
+    d="M689.340759,305.086823 C735.743225,281.945923 782.143677,258.801056 828.549438,235.666794 C840.447632,229.735275 852.362488,223.837280 864.634888,217.961929 C865.000000,433.613190 865.000000,649.226379 865.000000,864.919800 C577.000000,864.919800 289.000000,864.919800 1.000000,864.919800 C1.000000,793.225708 1.000000,721.576721 0.999997,649.463867 C8.914484,645.183228 16.874903,641.458496 24.735992,637.534790 C75.302292,612.295532 125.846893,587.012817 176.939667,561.513062 C178.543060,562.085083 179.606812,562.886414 180.667526,563.691833 C225.656799,597.853394 291.232574,574.487244 304.462524,519.579773 C304.989105,517.394409 305.501068,515.205505 305.984619,513.166748 C391.466370,513.166748 476.422729,513.166748 561.331177,513.166748 C573.857727,555.764343 608.978149,572.880920 638.519897,572.672791 C671.048340,572.443665 700.623230,551.730408 711.658752,520.910583 C722.546875,490.502106 715.037842,453.265564 682.776733,429.447052 C683.966064,428.506866 685.119507,427.602356 686.265320,426.688232 C712.934143,405.412262 723.011475,370.684631 711.897339,338.686676 C707.312805,325.487671 699.185303,314.725128 689.340759,305.086823 z"
+  />
+  <path
+    fill="#FEFBFC"
+    opacity="1.000000"
+    stroke="none"
+    d="M688.998657,304.980469 C699.185303,314.725128 707.312805,325.487671 711.897339,338.686676 C723.011475,370.684631 712.934143,405.412262 686.265320,426.688232 C685.119507,427.602356 683.966064,428.506866 682.776733,429.447052 C715.037842,453.265564 722.546875,490.502106 711.658752,520.910583 C700.623230,551.730408 671.048340,572.443665 638.519897,572.672791 C608.978149,572.880920 573.857727,555.764343 561.331177,513.166748 C476.422729,513.166748 391.466370,513.166748 305.984619,513.166748 C305.501068,515.205505 304.989105,517.394409 304.462524,519.579773 C291.232574,574.487244 225.656799,597.853394 180.667526,563.691833 C179.606812,562.886414 178.543060,562.085083 177.128418,561.264465 C172.285187,555.958313 167.274551,551.023804 163.388611,545.322632 C139.918045,510.888947 147.141953,465.032562 179.849426,439.228516 C180.887405,438.409576 181.938263,437.607025 183.344437,436.516663 C166.300507,423.954224 155.204453,407.689667 151.151794,387.034515 C147.884064,370.379944 149.905151,354.265930 156.935104,338.792725 C169.912033,310.230042 201.003021,291.554596 231.834442,293.306793 C265.253357,295.206024 298.804138,318.894806 306.088135,359.748962 C390.283478,359.748962 474.522705,359.748962 559.195374,359.748962 C559.717590,356.609131 560.141357,353.369446 560.804199,350.179443 C573.006775,291.446869 639.556946,266.944733 687.053894,303.680206 C687.580750,304.087708 688.122009,304.476532 688.998657,304.980469 M703.311279,484.370789 C698.954468,457.053253 681.951416,440.229645 656.413696,429.482330 C673.953552,421.977875 688.014709,412.074219 696.456482,395.642365 C704.862061,379.280853 706.487793,362.316345 700.947998,344.809204 C691.688965,315.548492 664.183716,296.954437 633.103516,298.838257 C618.467957,299.725372 605.538086,305.139557 594.588501,314.780121 C577.473999,329.848511 570.185486,349.121399 571.838501,371.750854 C479.166595,371.750854 387.082886,371.750854 294.582672,371.750854 C293.993011,354.662048 288.485260,339.622314 276.940491,327.118439 C265.392609,314.611176 251.082092,307.205322 234.093262,305.960541 C203.355347,303.708374 176.337585,320.898438 166.089890,348.816620 C159.557541,366.613007 160.527206,384.117401 168.756042,401.172516 C177.054779,418.372589 191.471954,428.832886 207.526581,435.632172 C198.407059,442.272583 188.815598,448.302246 180.383728,455.660675 C171.685028,463.251984 166.849655,473.658661 163.940216,484.838684 C161.021744,496.053375 161.212982,507.259705 164.178833,518.426208 C171.577927,546.284302 197.338104,566.588867 226.001465,567.336853 C240.828415,567.723816 254.357819,563.819092 266.385468,555.199646 C284.811554,541.994751 293.631104,523.530579 294.687347,501.238312 C387.354828,501.238312 479.461304,501.238312 571.531799,501.238312 C577.616638,543.189026 615.312866,566.342102 651.310059,559.044739 C684.973938,552.220398 708.263306,519.393127 703.311279,484.370789 z"
+  />
+  <path
+    fill="#EC008C"
+    opacity="1.000000"
+    stroke="none"
+    d="M703.401855,484.804718 C708.263306,519.393127 684.973938,552.220398 651.310059,559.044739 C615.312866,566.342102 577.616638,543.189026 571.531799,501.238312 C479.461304,501.238312 387.354828,501.238312 294.687347,501.238312 C293.631104,523.530579 284.811554,541.994751 266.385468,555.199646 C254.357819,563.819092 240.828415,567.723816 226.001465,567.336853 C197.338104,566.588867 171.577927,546.284302 164.178833,518.426208 C161.212982,507.259705 161.021744,496.053375 163.940216,484.838684 C166.849655,473.658661 171.685028,463.251984 180.383728,455.660675 C188.815598,448.302246 198.407059,442.272583 207.526581,435.632172 C191.471954,428.832886 177.054779,418.372589 168.756042,401.172516 C160.527206,384.117401 159.557541,366.613007 166.089890,348.816620 C176.337585,320.898438 203.355347,303.708374 234.093262,305.960541 C251.082092,307.205322 265.392609,314.611176 276.940491,327.118439 C288.485260,339.622314 293.993011,354.662048 294.582672,371.750854 C387.082886,371.750854 479.166595,371.750854 571.838501,371.750854 C570.185486,349.121399 577.473999,329.848511 594.588501,314.780121 C605.538086,305.139557 618.467957,299.725372 633.103516,298.838257 C664.183716,296.954437 691.688965,315.548492 700.947998,344.809204 C706.487793,362.316345 704.862061,379.280853 696.456482,395.642365 C688.014709,412.074219 673.953552,421.977875 656.413696,429.482330 C681.951416,440.229645 698.954468,457.053253 703.401855,484.804718 z"
+  />
+</svg>

docs/calls.mdx

@@ -1,13 +0,0 @@
-# Calls
-
-Matrix supports two types of calls:
-
-- Element Call powered by [MatrixRTC](https://half-shot.github.io/msc-crafter/#msc/4143) and [LiveKit](https://github.com/livekit/livekit)
-- Legacy calls, sometimes using Jitsi
-
-Both types of calls are supported by different sets of clients, but most clients are moving towards MatrixRTC / Element Call.
-
-For either one to work correctly, you have to do some additional setup.
-
-- For legacy calls to work, you need to set up a TURN/STUN server. [Read the TURN guide for tips on how to set up coturn](./calls/turn.mdx)
-- For MatrixRTC / Element Call to work, you have to set up the LiveKit backend (foci). LiveKit also uses TURN/STUN to increase reliability, so you might want to configure your TURN server first. [Read the LiveKit guide](./calls/livekit.mdx)

docs/calls/_meta.json

@@ -1,12 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "turn",
-        "label": "TURN"
-    },
-    {
-        "type": "file",
-        "name": "livekit",
-        "label": "MatrixRTC / LiveKit"
-    }
-]

docs/calls/livekit.mdx

@@ -1,240 +0,0 @@
-# Matrix RTC/Element Call Setup
-
-:::info
-This guide assumes that you are using docker compose for deployment. LiveKit only provides Docker images.
-:::
-
-## Instructions
-
-### 1. Domain
-
-LiveKit should live on its own domain or subdomain. In this guide we use `livekit.example.com` - this should be replaced with a domain you control.
-
-Make sure the DNS record for the (sub)domain you plan to use is pointed to your server.
-
-### 2. Services
-
-Using LiveKit with Matrix requires two services - Livekit itself, and a service (`lk-jwt-service`) that grants Matrix users permission to connect to it.
-
-You must generate a key and secret to allow the Matrix service to authenticate with LiveKit. `LK_MATRIX_KEY` should be around 20 random characters, and `LK_MATRIX_SECRET` should be around 64. Remember to replace these with the actual values!
-
-:::tip Generating the secrets
-LiveKit provides a utility to generate secure random keys
-```bash
-docker run --rm livekit/livekit-server:latest generate-keys
-```
-:::
-
-```yaml
-services:
-  lk-jwt-service:
-    image: ghcr.io/element-hq/lk-jwt-service:latest
-    container_name: lk-jwt-service
-    environment:
-      - LIVEKIT_JWT_BIND=:8081
-      - LIVEKIT_URL=wss://livekit.example.com
-      - LIVEKIT_KEY=LK_MATRIX_KEY
-      - LIVEKIT_SECRET=LK_MATRIX_SECRET
-      - LIVEKIT_FULL_ACCESS_HOMESERVERS=example.com
-    restart: unless-stopped
-    ports:
-      - "8081:8081"
-
-  livekit:
-    image: livekit/livekit-server:latest
-    container_name: livekit
-    command: --config /etc/livekit.yaml
-    restart: unless-stopped
-    volumes:
-      - ./livekit.yaml:/etc/livekit.yaml:ro
-    network_mode: "host" # /!\ LiveKit binds to all addresses by default.
-    # Make sure port 7880 is blocked by your firewall to prevent access bypassing your reverse proxy
-    # Alternatively, uncomment the lines below and comment `network_mode: "host"` above to specify port mappings.
-#    ports:
-#      - "127.0.0.1:7880:7880/tcp"
-#      - "7881:7881/tcp"
-#      - "50100-50200:50100-50200/udp"
-```
-
-Next, we need to configure LiveKit. In the same directory, create `livekit.yaml` with the following content - remembering to replace `LK_MATRIX_KEY` and `LK_MATRIX_SECRET` with the values you generated:
-
-```yaml
-port: 7880
-bind_addresses:
-  - ""
-rtc:
-  tcp_port: 7881
-  port_range_start: 50100
-  port_range_end: 50200
-  use_external_ip: true
-  enable_loopback_candidate: false
-keys:
-  LK_MATRIX_KEY: LK_MATRIX_SECRET
-```
-
-#### Firewall hints
-
-You will need to allow ports `7881/tcp` and `50100:50200/udp` through your firewall. If you use UFW, the commands are: `ufw allow 7881/tcp` and `ufw allow 50100:50200/udp`.
-
-### 3. Telling clients where to find LiveKit
-
-To tell clients where to find LiveKit, you need to add the address of your `lk-jwt-service` to the `[global.matrix_rtc]` config section using the `foci` option.
-
-The variable should be a list of servers serving as MatrixRTC endpoints. Clients discover these via the `/_matrix/client/v1/rtc/transports` endpoint (MSC4143).
-
-```toml
-[global.matrix_rtc]
-foci = [
-    { type = "livekit", livekit_service_url = "https://livekit.example.com" },
-]
-```
-
-Remember to replace the URL with the address you are deploying your instance of lk-jwt-service to.
-
-### 4. Configure your Reverse Proxy
-
-Reverse proxies can be configured in many different ways - so we can't provide a step by step for this.
-
-By default, all routes should be forwarded to Livekit with the exception of the following path prefixes, which should be forwarded to the JWT/Authentication service:
-
-- `/sfu/get`
-- `/healthz`
-- `/get_token`
-
-<details>
-    <summary>Example caddy config</summary>
-    ```
-    matrix-rtc.example.com {
-
-        # for lk-jwt-service
-        @lk-jwt-service path /sfu/get* /healthz* /get_token*
-        route @lk-jwt-service {
-            reverse_proxy 127.0.0.1:8081
-        }
-
-        # for livekit
-        reverse_proxy 127.0.0.1:7880
-    }
-    ```
-</details>
-
-<details>
-    <summary>Example nginx config</summary>
-    ```
-    server {
-        server_name matrix-rtc.example.com;
-
-        # for lk-jwt-service
-        location ~ ^/(sfu/get|healthz|get_token) {
-            proxy_pass http://127.0.0.1:8081$request_uri;
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $http_host;
-            proxy_buffering off;
-        }
-
-        # for livekit
-        location / {
-            proxy_pass http://127.0.0.1:7880$request_uri;
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $http_host;
-            proxy_buffering off;
-
-            # websocket
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-        }
-    }
-    ```
-
-    Note that for websockets to work, you need to have this somewhere outside your server block:
-    ```
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-    }
-    ```
-</details>
-
-<details>
-    <summary>Example traefik router</summary>
-    ```
-    # on LiveKit itself
-    traefik.http.routers.livekit.rule=Host(`livekit.example.com`)
-    # on the JWT service
-    traefik.http.routers.livekit-jwt.rule=Host(`livekit.example.com`) && (PathPrefix(`/sfu/get`) || PathPrefix(`/healthz`) || PathPrefix(`/get_token`))
-    ```
-</details>
-
-
-### 6. Start Everything
-
-Start up the services using your usual method - for example `docker compose up -d`.
-
-## Additional Configuration
-
-### TURN Integration
-
-If you've already set up coturn, there may be a port clash between the two services. To fix this, make sure the `min-port` and `max-port` for coturn so it doesn't overlap with LiveKit's range:
-
-```ini
-min-port=50201
-max-port=65535
-```
-
-To improve LiveKit's reliability, you can configure it to use your coturn server.
-
-Generate a long random secret for LiveKit, and add it to your coturn config under the `static-auth-secret` option. You can add as many secrets as you want - so set a different one for each thing using your TURN server.
-
-Then configure livekit, making sure to replace `COTURN_SECRET`:
-
-```yaml
-# livekit.yaml
-rtc:
-  turn_servers:
-    - host: coturn.ellis.link
-      port: 3478
-      protocol: tcp
-      secret: "COTURN_SECRET"
-    - host: coturn.ellis.link
-      port: 5349
-      protocol: tls # Only if you've set up TLS in your coturn
-      secret: "COTURN_SECRET"
-    - host: coturn.ellis.link
-      port: 3478
-      protocol: udp
-      secret: "COTURN_SECRET"
-```
-
-## LiveKit's built in TURN server
-
-Livekit includes a built in TURN server which can be used in place of an external option. This TURN server will only work with Livekit, so you can't use it for legacy Matrix calling - or anything else.
-
-If you don't want to set up a separate TURN server, you can enable this with the following changes:
-
-```yaml
-### add this to livekit.yaml ###
-turn:
-  enabled: true
-  udp_port: 3478
-  relay_range_start: 50300
-  relay_range_end: 50400
-  domain: matrix-rtc.example.com
-```
-
-```yaml
-### Add these to docker-compose ###
-- "3478:3478/udp"
-- "50300-50400:50300-50400/udp"
-```
-
-### Related Documentation
-
-- [LiveKit GitHub](https://github.com/livekit/livekit)
-- [LiveKit Connection Tester](https://livekit.io/connection-test) - use with the token returned by `/sfu/get` or `/get_token`
-- [MatrixRTC proposal](https://half-shot.github.io/msc-crafter/#msc/4143)
-- [Synapse documentation](https://github.com/element-hq/element-call/blob/livekit/docs/self-hosting.md)
-- [Community guide](https://tomfos.tr/matrix/livekit/)
-- [Community guide](https://blog.kimiblock.top/2024/12/24/hosting-element-call/)

docs/calls/turn.mdx

@@ -1,214 +0,0 @@
-# Setting up TURN/STUN
-
-[TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT) and [STUN](https://en.wikipedia.org/wiki/STUN) are used as a component in many calling systems. Matrix uses them directly for legacy calls and indirectly for MatrixRTC via Livekit.
-
-Continuwuity recommends using [Coturn](https://github.com/coturn/coturn) as your TURN/STUN server, which is available as a Docker image or a distro package.
-
-## Installing Coturn
-
-### Configuration
-
-Create a configuration file called `coturn.conf` containing:
-
-```ini
-use-auth-secret
-static-auth-secret=<a secret key>
-realm=<your server domain>
-```
-
-:::tip Generating a secure secret
-A common way to generate a suitable alphanumeric secret key is by using:
-```bash
-pwgen -s 64 1
-```
-:::
-
-#### Port Configuration
-
-By default, coturn uses the following ports:
-- `3478` (UDP/TCP): Standard TURN/STUN port
-- `5349` (UDP/TCP): TURN/STUN over TLS
-- `49152-65535` (UDP): Media relay ports
-
-If you're also running LiveKit, you'll need to avoid port conflicts. Configure non-overlapping port ranges:
-
-```ini
-# In coturn.conf
-min-port=50201
-max-port=65535
-```
-
-This leaves ports `50100-50200` available for LiveKit's default configuration.
-
-### Running with Docker
-
-Run the [Coturn](https://hub.docker.com/r/coturn/coturn) image using:
-
-```bash
-docker run -d --network=host \
-  -v $(pwd)/coturn.conf:/etc/coturn/turnserver.conf \
-  coturn/coturn
-```
-
-### Running with Docker Compose
-
-Create a `docker-compose.yml` file and run `docker compose up -d`:
-
-```yaml
-version: '3'
-services:
-  turn:
-    container_name: coturn-server
-    image: docker.io/coturn/coturn
-    restart: unless-stopped
-    network_mode: "host"
-    volumes:
-      - ./coturn.conf:/etc/coturn/turnserver.conf
-```
-
-:::info Why host networking?
-Coturn uses host networking mode because it needs to bind to multiple ports and work with various network protocols. Using host networking is better for performance, and reduces configuration complexity. To understand alternative configuration options, visit [Coturn's Docker documentation](https://github.com/coturn/coturn/blob/master/docker/coturn/README.md).
-:::
-
-### Security Recommendations
-
-For security best practices, see Synapse's [Coturn documentation](https://element-hq.github.io/synapse/latest/turn-howto.html), which includes important firewall and access control recommendations.
-
-## Configuring Continuwuity
-
-Once your TURN server is running, configure Continuwuity to provide credentials to clients. Add the following to your Continuwuity configuration file:
-
-### Shared Secret Authentication (Recommended)
-
-This is the most secure method and generates time-limited credentials automatically:
-
-```toml
-# TURN URIs that clients should connect to
-turn_uris = [
-    "turn:coturn.example.com?transport=udp",
-    "turn:coturn.example.com?transport=tcp",
-    "turns:coturn.example.com?transport=udp",
-    "turns:coturn.example.com?transport=tcp"
-]
-
-# Shared secret for generating credentials (must match coturn's static-auth-secret)
-turn_secret = "<your coturn static-auth-secret>"
-
-# Optional: Read secret from a file instead (takes priority over turn_secret)
-# turn_secret_file = "/etc/continuwuity/.turn_secret"
-
-# TTL for generated credentials in seconds (default: 86400 = 24 hours)
-turn_ttl = 86400
-```
-
-:::tip Using TLS
-The `turns:` URI prefix instructs clients to connect to TURN over TLS, which is highly recommended for security. Make sure you've configured TLS in your coturn server first.
-:::
-
-### Static Credentials (Alternative)
-
-If you prefer static username/password credentials instead of shared secrets:
-
-```toml
-turn_uris = [
-    "turn:coturn.example.com?transport=udp",
-    "turn:coturn.example.com?transport=tcp"
-]
-
-turn_username = "your_username"
-turn_password = "your_password"
-```
-
-:::warning
-Static credentials are less secure than shared secrets because they don't expire and must be configured in coturn separately. It is strongly advised you use shared secret authentication.
-:::
-
-### Guest Access
-
-By default, TURN credentials require client authentication. To allow unauthenticated access:
-
-```toml
-turn_allow_guests = true
-```
-
-:::caution
-This is not recommended as it allows unauthenticated users to access your TURN server, potentially enabling abuse by bots. All major Matrix clients that support legacy calls *also* support authenticated TURN access.
-:::
-
-### Important Notes
-
-- Replace `coturn.example.com` with your actual TURN server domain (the `realm` from coturn.conf)
-- The `turn_secret` must match the `static-auth-secret` in your coturn configuration
-- Restart or reload Continuwuity after making configuration changes
-
-## Testing Your TURN Server
-
-### Testing Credentials
-
-Verify that Continuwuity is correctly serving TURN credentials to clients:
-
-```bash
-curl "https://matrix.example.com/_matrix/client/r0/voip/turnServer" \
-  -H "Authorization: Bearer <your_client_token>" | jq
-```
-
-You should receive a response like this:
-
-```json
-{
-  "username": "1752792167:@jade:example.com",
-  "password": "KjlDlawdPbU9mvP4bhdV/2c/h65=",
-  "uris": [
-    "turns:coturn.example.com?transport=udp",
-    "turns:coturn.example.com?transport=tcp",
-    "turn:coturn.example.com?transport=udp",
-    "turn:coturn.example.com?transport=tcp"
-  ],
-  "ttl": 86400
-}
-```
-
-:::note MSC4166 Compliance
-If no TURN URIs are configured (`turn_uris` is empty), Continuwuity will return a 404 Not Found response, as specified in MSC4166.
-:::
-
-### Testing Connectivity
-
-Use [Trickle ICE](https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/) to verify that the TURN credentials actually work:
-
-1. Copy the credentials from the response above
-2. Paste them into the Trickle ICE testing tool
-3. Click "Gather candidates"
-4. Look for successful `relay` candidates in the results
-
-If you see relay candidates, your TURN server is working correctly!
-
-## Troubleshooting
-
-### Clients can't connect to TURN server
-
-- Verify firewall rules allow the necessary ports (3478, 5349, and your media port range)
-- Check that DNS resolves correctly for your TURN domain
-- Ensure your `turn_secret` matches coturn's `static-auth-secret`
-- Test with Trickle ICE to isolate the issue
-
-### Port conflicts with LiveKit
-
-- Make sure coturn's `min-port` starts above LiveKit's `port_range_end` (default: 50200)
-- Or adjust LiveKit's port range to avoid coturn's default range
-
-### 404 when calling turnServer endpoint
-
-- Verify that `turn_uris` is not empty in your Continuwuity config
-- This behavior is correct per MSC4166 if no TURN URIs are configured
-
-### Credentials expire too quickly
-
-- Adjust the `turn_ttl` value in your Continuwuity configuration
-- Default is 86400 seconds (24 hours)
-
-### Related Documentation
-
-- [MatrixRTC/LiveKit Setup](./livekit.mdx) - Configure group calling with LiveKit
-- [Coturn GitHub](https://github.com/coturn/coturn) - Official coturn repository
-- [Synapse TURN Guide](https://element-hq.github.io/synapse/latest/turn-howto.html) - Additional security recommendations

docs/community/_meta.json

@@ -1,12 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "guidelines",
-        "label": "Community Guidelines"
-    },
-    {
-        "type": "file",
-        "name": "ops-guidelines",
-        "label": "Partnered Homeserver Guidelines"
-    }
-]

docs/community/ops-guidelines.mdx

@@ -1,32 +0,0 @@
-# Partnered Homeserver Operator Requirements
-> _So you want to be an officially sanctioned public Continuwuity homeserver operator?_
-
-Thank you for your interest in the project! There's a few things we need from you first to make sure your homeserver meets our quality standards and that you are prepared to handle the additional workload introduced by operating a public chat service.
-
-## Stuff you must have
-if you don't do these things we will tell you to go away
-
-- Your homeserver must be running an up-to-date version of Continuwuity
-- You must have a CAPTCHA, external registration system, or apply-to-join system that provides one-time-use invite codes (we do not accept fully open nor static token registration)
-- Your homeserver must have support details listed in [`/.well-known/matrix/support`](https://spec.matrix.org/v1.17/client-server-api/#getwell-knownmatrixsupport)
-- Your rules and guidelines must align with [the project's own code of conduct](guidelines).
-- You must be reasonably responsive (i.e. don't leave us hanging for a week if we alert you to an issue on your server)
-- Your homeserver's community rooms (if any) must be protected by a moderation bot subscribed to policy lists like the Community Moderation Effort (you can get one from https://asgard.chat if you don't want to run your own)
-
-## Stuff we encourage you to have
-not strictly required but we will consider your request more strongly if you have it
-
-- You should have automated moderation tooling that can automatically suspend abusive users on your homeserver who are added to policy lists
-- You should have multiple server administrators (increased bus factor)
-- You should have a terms of service and privacy policy prominently available
-
-## Stuff you get
-
-- Prominent listing in our README!
-- A gold star sticker
-- Access to a low noise room for more direct communication with maintainers and collaboration with fellow operators
-- Read-only access to the continuwuity internal ban list
-- Early notice of upcoming releases
-
-## Sound good?
-To get started, ping a team member in [our main chatroom](https://matrix.to/#/#continuwuity:continuwuity.org) and ask to be added to the list.

docs/configuration.md

@@ -8,14 +8,13 @@ Continuwuity uses a config file for the majority of the settings, but also suppo
 setting individual config options via commandline.
 
 Please refer to the [example config
-file](./reference/config.mdx) for all of those
+file](./configuration/examples.md#example-configuration) for all of those
 settings.
 
 The config file to use can be specified on the commandline when running
 Continuwuity by specifying the `-c`, `--config` flag. Alternatively, you can use
-the environment variable `CONTINUWUITY_CONFIG` to specify the config file to be
-used; see [the section on environment variables](#environment-variables) for
-more information.
+the environment variable `CONDUWUIT_CONFIG` to specify the config file to used.
+Conduit's environment variables are supported for backwards compatibility.
 
 ## Option commandline flag
 
@@ -53,15 +52,13 @@ This commandline argument can be paired with the `--option` flag.
 
 All of the settings that are found in the config file can be specified by using
 environment variables. The environment variable names should be all caps and
-prefixed with `CONTINUWUITY_`.
+prefixed with `CONDUWUIT_`.
 
 For example, if the setting you are changing is `max_request_size`, then the
-environment variable to set is `CONTINUWUITY_MAX_REQUEST_SIZE`.
+environment variable to set is `CONDUWUIT_MAX_REQUEST_SIZE`.
 
 To modify config options not in the `[global]` context such as
-`[global.well_known]`, use the `__` suffix split:
-`CONTINUWUITY_WELL_KNOWN__SERVER`
+`[global.well_known]`, use the `__` suffix split: `CONDUWUIT_WELL_KNOWN__SERVER`
 
-Conduit and conduwuit's environment variables are also supported for backwards
-compatibility, via the `CONDUIT_` and `CONDUWUIT_` prefixes respectively (e.g.
+Conduit's environment variables are supported for backwards compatibility (e.g.
 `CONDUIT_SERVER_NAME`).

docs/configuration/examples.md

@@ -0,0 +1,19 @@
+## Example configuration
+
+<details>
+<summary>Example configuration</summary>
+
+```toml
+{{#include ../../conduwuit-example.toml}}
+```
+
+</details>
+
+## systemd unit file
+
+<details>
+<summary>systemd unit file</summary>
+
+```
+{{#include ../../pkg/conduwuit.service}}
+```

docs/deploying/_meta.json

@@ -1,42 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "generic",
-        "label": "Generic"
-    },
-    {
-        "type": "file",
-        "name": "docker",
-        "label": "Docker"
-    },
-    {
-        "type": "file",
-        "name": "debian",
-        "label": "Debian"
-    },
-    {
-        "type": "file",
-        "name": "fedora",
-        "label": "Fedora"
-    },
-    {
-        "type": "file",
-        "name": "nixos",
-        "label": "NixOS"
-    },
-    {
-        "type": "file",
-        "name": "arch-linux",
-        "label": "Arch Linux"
-    },
-    {
-        "type": "file",
-        "name": "kubernetes",
-        "label": "Kubernetes"
-    },
-    {
-        "type": "file",
-        "name": "freebsd",
-        "label": "FreeBSD"
-    }
-]

docs/deploying/debian.md

@@ -0,0 +1 @@
+{{#include ../../pkg/debian/README.md}}

docs/deploying/debian.mdx

@@ -1 +0,0 @@
-../../pkg/debian/README.md

docs/deploying/docker-compose.for-traefik.yml

@@ -2,13 +2,13 @@
 
 services:
   homeserver:
-    ### If you already built the continuwuity image with 'docker build' or want to use the Docker Hub image,
+    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
     ### then you are ready to go.
     image: forgejo.ellis.link/continuwuation/continuwuity:latest
     restart: unless-stopped
-    command: /sbin/conduwuit
     volumes:
       - db:/var/lib/continuwuity
+      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
       #- ./continuwuity.toml:/etc/continuwuity.toml
     networks:
       - proxy

docs/deploying/docker-compose.with-caddy.yml

@@ -16,14 +16,14 @@ services:
         restart: unless-stopped
         labels:
             caddy: example.com
-            caddy.reverse_proxy: /.well-known/matrix/* homeserver:6167
+            caddy.0_respond: /.well-known/matrix/server {"m.server":"matrix.example.com:443"}
+            caddy.1_respond: /.well-known/matrix/client {"m.server":{"base_url":"https://matrix.example.com"},"m.homeserver":{"base_url":"https://matrix.example.com"},"org.matrix.msc3575.proxy":{"url":"https://matrix.example.com"}}
 
     homeserver:
         ### If you already built the Continuwuity image with 'docker build' or want to use a registry image,
         ### then you are ready to go.
         image: forgejo.ellis.link/continuwuation/continuwuity:latest
         restart: unless-stopped
-        command: /sbin/conduwuit
         volumes:
             - db:/var/lib/continuwuity
             - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
@@ -42,10 +42,6 @@ services:
             #CONTINUWUITY_LOG: warn,state_res=warn
             CONTINUWUITY_ADDRESS: 0.0.0.0
             #CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
-
-            # Required for .well-known delegation - edit these according to your chosen domain
-            CONTINUWUITY_WELL_KNOWN__CLIENT: https://matrix.example.com
-            CONTINUWUITY_WELL_KNOWN__SERVER: matrix.example.com:443
         networks:
             - caddy
         labels:

docs/deploying/docker-compose.with-traefik.yml

@@ -6,7 +6,6 @@ services:
     ### then you are ready to go.
     image: forgejo.ellis.link/continuwuation/continuwuity:latest
     restart: unless-stopped
-    command: /sbin/conduwuit
     volumes:
       - db:/var/lib/continuwuity
       - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
@@ -115,10 +114,6 @@ services:
       TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
       TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"
 
-      # Since Traefik 3.6.3, paths with certain "encoded characters" are now blocked by default; we need a couple, or else things *will* break
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDSLASH: true
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDHASH: true
-
       TRAEFIK_PROVIDERS_DOCKER: true
       TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
       TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false

docs/deploying/docker-compose.yml

@@ -6,7 +6,6 @@ services:
         ### then you are ready to go.
         image: forgejo.ellis.link/continuwuation/continuwuity:latest
         restart: unless-stopped
-        command: /sbin/conduwuit
         ports:
             - 8448:6167
         volumes:

docs/deploying/docker.md

@@ -0,0 +1,146 @@
+# Continuwuity for Docker
+
+## Docker
+
+To run Continuwuity with Docker, you can either build the image yourself or pull it
+from a registry.
+
+### Use a registry
+
+OCI images for Continuwuity are available in the registries listed below.
+
+| Registry        | Image                                                           | Notes                  |
+| --------------- | --------------------------------------------------------------- | -----------------------|
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest][fj]     | Latest tagged image.   |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main][fj]       | Main branch image.     |
+
+[fj]: https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity
+
+Use
+
+```bash
+docker image pull $LINK
+```
+
+to pull it to your machine.
+
+### Run
+
+When you have the image, you can simply run it with
+
+```bash
+docker run -d -p 8448:6167 \
+    -v db:/var/lib/continuwuity/ \
+    -e CONTINUWUITY_SERVER_NAME="your.server.name" \
+    -e CONTINUWUITY_ALLOW_REGISTRATION=false \
+    --name continuwuity $LINK
+```
+
+or you can use [Docker Compose](#docker-compose).
+
+The `-d` flag lets the container run in detached mode. You may supply an
+optional `continuwuity.toml` config file, the example config can be found
+[here](../configuration/examples.md). You can pass in different env vars to
+change config values on the fly. You can even configure Continuwuity completely by
+using env vars. For an overview of possible values, please take a look at the
+[`docker-compose.yml`](docker-compose.yml) file.
+
+If you just want to test Continuwuity for a short time, you can use the `--rm`
+flag, which cleans up everything related to your container after you stop
+it.
+
+### Docker-compose
+
+If the `docker run` command is not suitable for you or your setup, you can also use one
+of the provided `docker-compose` files.
+
+Depending on your proxy setup, you can use one of the following files:
+
+- If you already have a `traefik` instance set up, use
+[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml)
+- If you don't have a `traefik` instance set up and would like to use it, use
+[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)
+- If you want a setup that works out of the box with `caddy-docker-proxy`, use
+[`docker-compose.with-caddy.yml`](docker-compose.with-caddy.yml) and replace all
+`example.com` placeholders with your own domain
+- For any other reverse proxy, use [`docker-compose.yml`](docker-compose.yml)
+
+When picking the Traefik-related compose file, rename it to
+`docker-compose.yml`, and rename the override file to
+`docker-compose.override.yml`. Edit the latter with the values you want for your
+server.
+
+When picking the `caddy-docker-proxy` compose file, it's important to first
+create the `caddy` network before spinning up the containers:
+
+```bash
+docker network create caddy
+```
+
+After that, you can rename it to `docker-compose.yml` and spin up the
+containers!
+
+Additional info about deploying Continuwuity can be found [here](generic.md).
+
+### Build
+
+Official Continuwuity images are built using **Docker Buildx** and the Dockerfile found at [`docker/Dockerfile`][dockerfile-path]. This approach uses common Docker tooling and enables efficient multi-platform builds.
+
+The resulting images are widely compatible with Docker and other container runtimes like Podman or containerd.
+
+The images *do not contain a shell*. They contain only the Continuwuity binary, required libraries, TLS certificates, and metadata. Please refer to the [`docker/Dockerfile`][dockerfile-path] for the specific details of the image composition.
+
+To build an image locally using Docker Buildx, you can typically run a command like:
+
+```bash
+# Build for the current platform and load into the local Docker daemon
+docker buildx build --load --tag continuwuity:latest -f docker/Dockerfile .
+
+# Example: Build for specific platforms and push to a registry.
+# docker buildx build --platform linux/amd64,linux/arm64 --tag registry.io/org/continuwuity:latest -f docker/Dockerfile . --push
+
+# Example: Build binary optimized for the current CPU
+# docker buildx build --load --tag continuwuity:latest --build-arg TARGET_CPU=native -f docker/Dockerfile .
+```
+
+Refer to the Docker Buildx documentation for more advanced build options.
+
+[dockerfile-path]: ../../docker/Dockerfile
+
+### Run
+
+If you have already built the image or want to use one from the registries, you
+can start the container and everything else in the compose file in detached
+mode with:
+
+```bash
+docker compose up -d
+```
+
+> **Note:** Don't forget to modify and adjust the compose file to your needs.
+
+### Use Traefik as Proxy
+
+As a container user, you probably know about Traefik. It is an easy-to-use
+reverse proxy for making containerized apps and services available through the
+web. With the two provided files,
+[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or
+[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and
+[`docker-compose.override.yml`](docker-compose.override.yml), it is equally easy
+to deploy and use Continuwuity, with a small caveat. If you have already looked at
+the files, you should have seen the `well-known` service, which is the
+small caveat. Traefik is simply a proxy and load balancer and cannot
+serve any kind of content. For Continuwuity to federate, we need to either
+expose ports `443` and `8448` or serve two endpoints: `.well-known/matrix/client`
+and `.well-known/matrix/server`.
+
+With the service `well-known`, we use a single `nginx` container that serves
+those two files.
+
+Alternatively, you can use Continuwuity's built-in delegation file capability. Set up the delegation files in the configuration file, and then proxy paths under `/.well-known/matrix` to continuwuity. For example, the label ``traefik.http.routers.continuwuity.rule=(Host(`matrix.ellis.link`) || (Host(`ellis.link`) && PathPrefix(`/.well-known/matrix`)))`` does this for the domain `ellis.link`.
+
+## Voice communication
+
+See the [TURN](../turn.md) page.
+
+[nix-buildlayeredimage]: https://ryantm.github.io/nixpkgs/builders/images/dockertools/#ssec-pkgs-dockerTools-buildLayeredImage

docs/deploying/docker.mdx

@@ -1,257 +0,0 @@
-# Continuwuity for Docker
-
-## Docker
-
-To run Continuwuity with Docker, you can either build the image yourself or pull
-it from a registry.
-
-### Use a registry
-
-Available OCI images:
-
-| Registry         | Image                                                                                                                                                       | Notes                                                                        |
-| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:latest](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest)                 | Latest tagged image.                                                         |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:main](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main)                     | Main branch image.                                                           |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest-maxperf) | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:main-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main-maxperf)     | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
-
-**Example:**
-
-```bash
-docker image pull forgejo.ellis.link/continuwuation/continuwuity:main-maxperf
-```
-
-#### Mirrors
-
-Images are mirrored to multiple locations automatically, on a schedule:
-
-- `ghcr.io/continuwuity/continuwuity`
-- `docker.io/jadedblueeyes/continuwuity`
-- `registry.gitlab.com/continuwuity/continuwuity`
-- `git.nexy7574.co.uk/mirrored/continuwuity` (releases only, no `main`)
-
-### Quick Run
-
-Get a working Continuwuity server with an admin user in four steps:
-
-#### Prerequisites
-
-Continuwuity requires HTTPS for Matrix federation. You'll need:
-
-- A domain name pointing to your server
-- A reverse proxy with SSL/TLS certificates (Traefik, Caddy, nginx, etc.)
-
-See [Docker Compose](#docker-compose) for complete examples.
-
-#### Environment Variables
-
-- `CONTINUWUITY_SERVER_NAME` - Your Matrix server's domain name
-- `CONTINUWUITY_DATABASE_PATH` - Where to store your database (must match the
-  volume mount)
-- `CONTINUWUITY_ADDRESS` - Bind address (use `0.0.0.0` to listen on all
-  interfaces)
-- `CONTINUWUITY_ALLOW_REGISTRATION` - Set to `false` to disable registration, or
-  use with `CONTINUWUITY_REGISTRATION_TOKEN` to require a token (see
-  [reference](../reference/environment-variables.mdx#registration--user-configuration)
-  for details)
-
-See the
-[Environment Variables Reference](../reference/environment-variables.mdx) for
-more configuration options.
-
-#### 1. Pull the image
-
-```bash
-docker pull forgejo.ellis.link/continuwuation/continuwuity:latest
-```
-
-#### 2. Start the server with initial admin user
-
-```bash
-docker run -d \
-  -p 6167:6167 \
-  -v continuwuity_db:/var/lib/continuwuity \
-  -e CONTINUWUITY_SERVER_NAME="matrix.example.com" \
-  -e CONTINUWUITY_DATABASE_PATH="/var/lib/continuwuity" \
-  -e CONTINUWUITY_ADDRESS="0.0.0.0" \
-  -e CONTINUWUITY_ALLOW_REGISTRATION="false" \
-  --name continuwuity \
-  forgejo.ellis.link/continuwuation/continuwuity:latest \
-  /sbin/conduwuit --execute "users create-user admin"
-```
-
-Replace `matrix.example.com` with your actual server name and `admin` with
-your preferred username.
-
-#### 3. Get your admin password
-
-```bash
-docker logs continuwuity 2>&1 | grep "Created user"
-```
-
-You'll see output like:
-
-```
-Created user with user_id: @admin:matrix.example.com and password: `[auto-generated-password]`
-```
-
-#### 4. Configure your reverse proxy
-
-Configure your reverse proxy to forward HTTPS traffic to Continuwuity. See
-[Docker Compose](#docker-compose) for examples.
-
-Once configured, log in with any Matrix client using `@admin:matrix.example.com`
-and the generated password. You'll automatically be invited to the admin room
-where you can manage your server.
-
-### Docker Compose
-
-Docker Compose is the recommended deployment method. These examples include
-reverse proxy configurations for Matrix federation.
-
-#### Matrix Federation Requirements
-
-For Matrix federation to work, you need to serve `.well-known/matrix/client` and
-`.well-known/matrix/server` endpoints. You can achieve this either by:
-
-1. **Using a well-known service** - The compose files below include an nginx
-   container to serve these files
-2. **Using Continuwuity's built-in delegation** (easier for Traefik) - Configure
-   delegation files in your config, then proxy `/.well-known/matrix/*` to
-   Continuwuity
-
-**Traefik example using built-in delegation:**
-
-```yaml
-labels:
-  traefik.http.routers.continuwuity.rule: >-
-    (Host(`matrix.example.com`) ||
-     (Host(`example.com`) && PathPrefix(`/.well-known/matrix`)))
-```
-
-This routes your Matrix domain and well-known paths to Continuwuity.
-
-#### Creating Your First Admin User
-
-Add the `--execute` command to create an admin user on first startup. In your
-compose file, add under the `continuwuity` service:
-
-```yaml
-services:
-    continuwuity:
-        image: forgejo.ellis.link/continuwuation/continuwuity:latest
-        command: /sbin/conduwuit --execute "users create-user admin"
-        # ... rest of configuration
-```
-
-Then retrieve the auto-generated password:
-
-```bash
-docker compose logs continuwuity | grep "Created user"
-```
-
-#### Choose Your Reverse Proxy
-
-Select the compose file that matches your setup:
-
-:::note DNS Performance
-Docker's default DNS resolver can cause performance issues with Matrix
-federation. If you experience slow federation or DNS timeouts, you may need to
-use your host's DNS resolver instead. Add this volume mount to the
-`continuwuity` service:
-
-```yaml
-volumes:
-  - /etc/resolv.conf:/etc/resolv.conf:ro
-```
-
-See [Troubleshooting - DNS Issues](../troubleshooting.mdx#potential-dns-issues-when-using-docker)
-for more details and alternative solutions.
-:::
-
-##### For existing Traefik setup
-
-<details>
-<summary>docker-compose.for-traefik.yml</summary>
-
-```yaml file="./docker-compose.for-traefik.yml"
-
-```
-
-</details>
-
-##### With Traefik included
-
-<details>
-<summary>docker-compose.with-traefik.yml</summary>
-
-```yaml file="./docker-compose.with-traefik.yml"
-
-```
-
-</details>
-
-##### With Caddy Docker Proxy
-
-<details>
-<summary>docker-compose.with-caddy.yml</summary>
-
-Replace all `example.com` placeholders with your own domain.
-
-```yaml file="./docker-compose.with-caddy.yml"
-
-```
-
-If you don't already have a network for Caddy to monitor, create one first:
-
-```bash
-docker network create caddy
-```
-
-</details>
-
-##### For other reverse proxies
-
-<details>
-<summary>docker-compose.yml</summary>
-
-```yaml file="./docker-compose.yml"
-
-```
-
-</details>
-
-##### Override file for customisation
-
-<details>
-<summary>docker-compose.override.yml</summary>
-
-```yaml file="./docker-compose.override.yml"
-
-```
-
-</details>
-
-#### Starting Your Server
-
-1. Choose your compose file and rename it to `docker-compose.yml`
-2. If using the override file, rename it to `docker-compose.override.yml` and
-   edit your values
-3. Start the server:
-
-```bash
-docker compose up -d
-```
-
-See the [generic deployment guide](generic.mdx) for more deployment options.
-
-### Building Custom Images
-
-For information on building your own Continuwuity Docker images, see the
-[Building Docker Images](../development/index.mdx#building-docker-images)
-section in the development documentation.
-
-## Voice communication
-
-See the [Calls](../calls.mdx) page.

docs/deploying/fedora.md

@@ -1,18 +1,17 @@
 # RPM Installation Guide
 
-Continuwuity is available as RPM packages for Fedora and compatible distributions.
-We do not currently have infrastructure to build RPMs for RHEL and compatible distributions, but this is a work in progress.
+Continuwuity is available as RPM packages for Fedora, RHEL, and compatible distributions.
 
 The RPM packaging files are maintained in the `fedora/` directory:
 - `continuwuity.spec.rpkg` - RPM spec file using rpkg macros for building from git
 - `continuwuity.service` - Systemd service file for the server
 - `RPM-GPG-KEY-continuwuity.asc` - GPG public key for verifying signed packages
 
-RPM packages built by CI are signed with our GPG key (RSA, ID: `6595 E8DB 9191 D39A 46D6 A514 4BA7 F590 DF0B AA1D`). # spellchecker:disable-line
+RPM packages built by CI are signed with our GPG key (Ed25519, ID: `5E0FF73F411AAFCA`).
 
 ```bash
 # Import the signing key
-sudo rpm --import https://forgejo.ellis.link/api/packages/continuwuation/rpm/repository.key
+sudo rpm --import https://forgejo.ellis.link/continuwuation/continuwuity/raw/branch/main/fedora/RPM-GPG-KEY-continuwuity.asc
 
 # Verify a downloaded package
 rpm --checksig continuwuity-*.rpm
@@ -24,7 +23,7 @@ rpm --checksig continuwuity-*.rpm
 
 ```bash
 # Add the repository and install
-sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable.repo
+sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable/continuwuation.repo
 sudo dnf install continuwuity
 ```
 
@@ -32,7 +31,7 @@ sudo dnf install continuwuity
 
 ```bash
 # Add the dev repository and install
-sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/dev.repo
+sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/dev/continuwuation.repo
 sudo dnf install continuwuity
 ```
 
@@ -40,10 +39,23 @@ sudo dnf install continuwuity
 
 ```bash
 # Branch names are sanitized (slashes become hyphens, lowercase only)
-sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/tom-new-feature.repo
+sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/tom-new-feature/continuwuation.repo
 sudo dnf install continuwuity
 ```
 
+**Direct installation** without adding repository
+
+```bash
+# Latest stable release
+sudo dnf install https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable/continuwuity
+
+# Latest development build
+sudo dnf install https://forgejo.ellis.link/api/packages/continuwuation/rpm/dev/continuwuity
+
+# Specific feature branch
+sudo dnf install https://forgejo.ellis.link/api/packages/continuwuation/rpm/branch-name/continuwuity
+```
+
 **Manual repository configuration** (alternative method)
 
 ```bash
@@ -53,7 +65,7 @@ name=Continuwuity - Matrix homeserver
 baseurl=https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable
 enabled=1
 gpgcheck=1
-gpgkey=https://forgejo.ellis.link/api/packages/continuwuation/rpm/repository.key
+gpgkey=https://forgejo.ellis.link/continuwuation/continuwuity/raw/branch/main/fedora/RPM-GPG-KEY-continuwuity.asc
 EOF
 
 sudo dnf install continuwuity

docs/deploying/freebsd.md

@@ -0,0 +1,5 @@
+# Continuwuity for FreeBSD
+
+Continuwuity currently does not provide FreeBSD builds or FreeBSD packaging. However, Continuwuity does build and work on FreeBSD using the system-provided RocksDB.
+
+Contributions to get Continuwuity packaged for FreeBSD are welcome.

docs/deploying/freebsd.mdx

@@ -1,7 +0,0 @@
-# Continuwuity for FreeBSD
-
-Continuwuity doesn't provide official FreeBSD packages; however, a community-maintained set of packages is available on [Forgejo](https://forgejo.ellis.link/katie/continuwuity-bsd). Note that these are provided as standalone packages and are not part of a FreeBSD package repository (yet), so updates need to be downloaded and installed manually.
-
-Please see the installation instructions in that repository. Direct any questions to its issue tracker or to [@katie:kat5.dev](https://matrix.to/#/@katie:kat5.dev).
-
-For general BSD support, please join our [Continuwuity BSD](https://matrix.to/#/%23bsd:continuwuity.org) community room.

docs/deploying/generic.md

@@ -8,39 +8,29 @@
 
 ## Installing Continuwuity
 
-### Prebuilt binary
+### Static prebuilt binary
 
-Download the binary for your architecture (x86_64 or aarch64) -
-run the `uname -m` to check which you need.
+You may simply download the binary that fits your machine architecture (x86_64
+or aarch64). Run `uname -m` to see what you need.
 
-Prebuilt binaries are available from:
-- **Tagged releases**: [Latest release page](https://forgejo.ellis.link/continuwuation/continuwuity/releases/latest)
-- **Development builds**: CI artifacts from the `main` branch
-  (includes Debian/Ubuntu packages)
+You can download prebuilt fully static musl binaries from the latest tagged
+release [here](https://forgejo.ellis.link/continuwuation/continuwuity/releases/latest) or
+from the `main` CI branch workflow artifact output. These also include Debian/Ubuntu
+packages.
 
-When browsing CI artifacts, `ci-bins` contains binaries organised
-by commit hash, while `releases` contains tagged versions. Sort
-by last modified date to find the most recent builds.
+You can download these directly using curl. The `ci-bins` are CI workflow binaries organized by commit
+hash/revision, and `releases` are tagged releases. Sort by descending last
+modified date to find the latest.
 
-The binaries require jemalloc and io_uring on the host system. Currently
-we can't cross-build static binaries - contributions are welcome here.
+These binaries have jemalloc and io_uring statically linked and included with
+them, so no additional dynamic dependencies need to be installed.
 
-#### Performance-optimised builds
-
-For x86_64 systems with CPUs from the last ~15 years, use the
-`-haswell-` optimised binaries for best performance. These
-binaries enable hardware-accelerated CRC32 checksumming in
-RocksDB, which significantly improves database performance.
-The haswell instruction set provides an excellent balance of
-compatibility and speed.
-
-If you're using Docker instead, equivalent performance-optimised
-images are available with the `-maxperf` suffix (e.g.
-`forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf`).
-These images use the `release-max-perf`
-build profile with
-[link-time optimisation (LTO)](https://doc.rust-lang.org/cargo/reference/profiles.html#lto)
-and, for amd64, target the haswell CPU architecture.
+For the **best** performance: if you are using an `x86_64` CPU made in the last ~15 years,
+we recommend using the `-haswell-` optimized binaries. These set
+`-march=haswell`, which provides the most compatible and highest performance with
+optimized binaries. The database backend, RocksDB, benefits most from this as it
+uses hardware-accelerated CRC32 hashing/checksumming, which is critical
+for performance.
 
 ### Compiling
 
@@ -56,8 +46,6 @@ If wanting to build using standard Rust toolchains, make sure you install:
 
 You can build Continuwuity using `cargo build --release`.
 
-Continuwuity supports various optional features that can be enabled during compilation. Please see the Cargo.toml file for a comprehensive list, or ask in our rooms.
-
 ### Building with Nix
 
 If you prefer, you can use Nix (or [Lix](https://lix.systems)) to build Continuwuity. This provides improved reproducibility and makes it easy to set up a build environment and generate output. This approach also allows for easy cross-compilation.
@@ -109,7 +97,8 @@ on the network level, consider something like NextDNS or Pi-Hole.
 
 ## Setting up a systemd service
 
-You can find an example unit for continuwuity below.
+You can find two example systemd units for Continuwuity
+[on the configuration page](../configuration/examples.md#debian-systemd-unit-file).
 You may need to change the `ExecStart=` path to match where you placed the Continuwuity
 binary if it is not in `/usr/bin/conduwuit`.
 
@@ -128,26 +117,11 @@ and entering the following:
 ReadWritePaths=/path/to/custom/database/path
 ```
 
-
-### Example systemd Unit File
-
-<details>
-<summary>Click to expand systemd unit file (conduwuit.service)</summary>
-
-
-```ini file="../../pkg/conduwuit.service"
-
-```
-
-</details>
-
-You can also [view the file on Foregejo](https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/pkg/conduwuit.service).
-
 ## Creating the Continuwuity configuration file
 
 Now you need to create the Continuwuity configuration file in
-`/etc/conduwuit/conduwuit.toml`. You can find an example configuration at
-[conduwuit-example.toml](../reference/config.mdx).
+`/etc/continuwuity/continuwuity.toml`. You can find an example configuration at
+[conduwuit-example.toml](../configuration/examples.md).
 
 **Please take a moment to read the config. You need to change at least the
 server name.**
@@ -182,7 +156,7 @@ For other software, please refer to their respective documentation or online gui
 After installing Caddy via your preferred method, create `/etc/caddy/conf.d/conduwuit_caddyfile`
 and enter the following (substitute your actual server name):
 
-```
+```caddyfile
 your.server.name, your.server.name:8448 {
     # TCP reverse_proxy
     reverse_proxy 127.0.0.1:6167
@@ -219,10 +193,8 @@ See the following spec pages for more details on these files:
 - [`/.well-known/matrix/support`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixsupport)
 
 Examples of delegation:
-- https://continuwuity.org/.well-known/matrix/server
-- https://continuwuity.org/.well-known/matrix/client
-- https://ellis.link/.well-known/matrix/server
-- https://ellis.link/.well-known/matrix/client
+- <https://puppygock.gay/.well-known/matrix/server>
+- <https://puppygock.gay/.well-known/matrix/client>
 
 For Apache and Nginx there are many examples available online.
 
@@ -271,7 +243,7 @@ curl https://your.server.name:8448/_matrix/federation/v1/version
 ```
 
 - To check if your server can communicate with other homeservers, use the
-[Matrix Federation Tester](https://federationtester.mtrnord.blog/). If you can
+[Matrix Federation Tester](https://federationtester.matrix.org/). If you can
 register but cannot join federated rooms, check your configuration and verify
 that port 8448 is open and forwarded correctly.
 
@@ -279,7 +251,7 @@ that port 8448 is open and forwarded correctly.
 
 ## Audio/Video calls
 
-For Audio/Video call functionality see the [Calls](../calls.md) page.
+For Audio/Video call functionality see the [TURN Guide](../turn.md).
 
 ## Appservices
 

docs/deploying/kubernetes.md

@@ -0,0 +1,9 @@
+# Continuwuity for Kubernetes
+
+Continuwuity doesn't support horizontal scalability or distributed loading
+natively. However, a community-maintained Helm Chart is available here to run
+conduwuit on Kubernetes: <https://gitlab.cronce.io/charts/conduwuit>
+
+This should be compatible with Continuwuity, but you will need to change the image reference.
+
+If changes need to be made, please reach out to the maintainer, as this is not maintained or controlled by the Continuwuity maintainers.

docs/deploying/kubernetes.mdx

@@ -1,112 +0,0 @@
-# Continuwuity for Kubernetes
-
-Continuwuity doesn't support horizontal scalability or distributed loading
-natively. However, a deployment in Kubernetes is very similar to the docker
-setup. This is because Continuwuity can be fully configured using environment
-variables. A sample StatefulSet is shared below. The only thing missing is
-a PVC definition (named `continuwuity-data`) for the volume mounted to
-the StatefulSet, an Ingress resources to point your webserver to the
-Continuwuity Pods, and a Service resource (targeting `app.kubernetes.io/name: continuwuity`)
-to glue the Ingress and Pod together.
-
-Carefully go through the `env` section and add, change, and remove any env vars you like using the [Configuration reference](https://continuwuity.org/reference/config.html)
-
-```yaml
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: continuwuity
-  namespace: matrix
-  labels:
-    app.kubernetes.io/name: continuwuity
-spec:
-  replicas: 1
-  serviceName: continuwuity
-  podManagementPolicy: Parallel
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: continuwuity
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: continuwuity
-    spec:
-      securityContext:
-        sysctls:
-          - name: net.ipv4.ip_unprivileged_port_start
-            value: "0"
-      containers:
-        - name: continuwuity
-          # use a sha hash <3
-          image: forgejo.ellis.link/continuwuation/continuwuity:latest
-          command: ["/sbin/conduwuit"]
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: http
-              containerPort: 80
-          volumeMounts:
-            - mountPath: /data
-              name: data
-              subPath: data
-          securityContext:
-            capabilities:
-              add:
-                - NET_BIND_SERVICE
-          env:
-            - name: TOKIO_WORKER_THREADS
-              value: "2"
-            - name: CONTINUWUITY_SERVER_NAME
-              value: "example.com"
-            - name: CONTINUWUITY_DATABASE_PATH
-              value: "/data/db"
-            - name: CONTINUWUITY_DATABASE_BACKEND
-              value: "rocksdb"
-            - name: CONTINUWUITY_PORT
-              value: "80"
-            - name: CONTINUWUITY_MAX_REQUEST_SIZE
-              value: "20000000"
-            - name: CONTINUWUITY_ALLOW_FEDERATION
-              value: "true"
-            - name: CONTINUWUITY_TRUSTED_SERVERS
-              value: '["matrix.org"]'
-            - name: CONTINUWUITY_ADDRESS
-              value: "0.0.0.0"
-            - name: CONTINUWUITY_ROCKSDB_PARALLELISM_THREADS
-              value: "1"
-            - name: CONTINUWUITY_WELL_KNOWN__SERVER
-              value: "matrix.example.com:443"
-            - name: CONTINUWUITY_WELL_KNOWN__CLIENT
-              value: "https://matrix.example.com"
-            - name: CONTINUWUITY_ALLOW_REGISTRATION
-              value: "false"
-            - name: RUST_LOG
-              value: info
-          readinessProbe:
-            httpGet:
-              path: /_matrix/federation/v1/version
-              port: http
-            periodSeconds: 4
-            failureThreshold: 5
-          resources:
-            # Continuwuity might use quite some RAM :3
-            requests:
-              cpu: "2"
-              memory: "512Mi"
-            limits:
-              cpu: "4"
-              memory: "2048Mi"
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: continuwuity-data
-```
-
----
-
-Apart from manually configuring the containers,
-[a community-maintained Helm Chart is available here to run
-conduwuit on Kubernetes](https://gitlab.cronce.io/charts/conduwuit)
-
-This should be compatible with Continuwuity, but you will need to change the image reference.
-
-If changes need to be made, please reach out to the maintainer, as this is not maintained or controlled by the Continuwuity maintainers.

docs/deploying/nixos.md

@@ -48,7 +48,7 @@ The NixOS module provides these configuration options:
 - `package`: The Continuwuity package to use
 - `settings`: The Continuwuity configuration (in TOML format)
 
-Use the `settings` option to configure Continuwuity itself. See the [example configuration file](../reference/config.mdx) for all available options.
+Use the `settings` option to configure Continuwuity itself. See the [example configuration file](../configuration/examples.md#example-configuration) for all available options.
 
 ### UNIX sockets
 

docs/development.md

@@ -0,0 +1,140 @@
+# Development
+
+Information about developing the project. If you are only interested in using
+it, you can safely ignore this page. If you plan on contributing, see the
+[contributor's guide](./contributing.md) and [code style guide](./development/code_style.md).
+
+## Continuwuity project layout
+
+Continuwuity uses a collection of sub-crates, packages, or workspace members
+that indicate what each general area of code is for. All of the workspace
+members are under `src/`. The workspace definition is at the top level / root
+`Cargo.toml`.
+
+The crate names are generally self-explanatory:
+- `admin` is the admin room
+- `api` is the HTTP API, Matrix C-S and S-S endpoints, etc
+- `core` is core Continuwuity functionality like config loading, error definitions,
+global utilities, logging infrastructure, etc
+- `database` is RocksDB methods, helpers, RocksDB config, and general database definitions,
+utilities, or functions
+- `macros` are Continuwuity Rust [macros][macros] like general helper macros, logging
+and error handling macros, and [syn][syn] and [procedural macros][proc-macro]
+used for admin room commands and others
+- `main` is the "primary" sub-crate. This is where the `main()` function lives,
+tokio worker and async initialisation, Sentry initialisation, [clap][clap] init,
+and signal handling. If you are adding new [Rust features][features], they *must*
+go here.
+- `router` is the webserver and request handling bits, using axum, tower, tower-http,
+hyper, etc, and the [global server state][state] to access `services`.
+- `service` is the high-level database definitions and functions for data,
+outbound/sending code, and other business logic such as media fetching.
+
+It is highly unlikely you will ever need to add a new workspace member, but
+if you truly find yourself needing to, we recommend reaching out to us in
+the Matrix room for discussions about it beforehand.
+
+The primary inspiration for this design was apart of hot reloadable development,
+to support "Continuwuity as a library" where specific parts can simply be swapped out.
+There is evidence Conduit wanted to go this route too as `axum` is technically an
+optional feature in Conduit, and can be compiled without the binary or axum library
+for handling inbound web requests; but it was never completed or worked.
+
+See the Rust documentation on [Workspaces][workspaces] for general questions
+and information on Cargo workspaces.
+
+## Adding compile-time [features][features]
+
+If you'd like to add a compile-time feature, you must first define it in
+the `main` workspace crate located in `src/main/Cargo.toml`. The feature must
+enable a feature in the other workspace crate(s) you intend to use it in. Then
+the said workspace crate(s) must define the feature there in its `Cargo.toml`.
+
+So, if this is adding a feature to the API such as `woof`, you define the feature
+in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition in `main`'s
+`Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.
+
+The rationale for this is due to Rust / Cargo not supporting
+["workspace level features"][9], we must make a choice of; either scattering
+features all over the workspace crates, making it difficult for anyone to add
+or remove default features; or define all the features in one central workspace
+crate that propagate down/up to the other workspace crates. It is a Cargo pitfall,
+and we'd like to see better developer UX in Rust's Workspaces.
+
+Additionally, the definition of one single place makes "feature collection" in our
+Nix flake a million times easier instead of collecting and deduping them all from
+searching in all the workspace crates' `Cargo.toml`s. Though we wouldn't need to
+do this if Rust supported workspace-level features to begin with.
+
+## List of forked dependencies
+
+During Continuwuity (and prior projects) development, we have had to fork some dependencies to support our use-cases.
+These forks exist for various reasons including features that upstream projects won't accept,
+faster-paced development, Continuwuity-specific usecases, or lack of time to upstream changes.
+
+All forked dependencies are maintained under the [continuwuation organization on Forgejo](https://forgejo.ellis.link/continuwuation):
+
+- [ruwuma][continuwuation-ruwuma] - Fork of [ruma/ruma][ruma] with various performance improvements, more features and better client/server interop
+- [rocksdb][continuwuation-rocksdb] - Fork of [facebook/rocksdb][rocksdb] via [`@zaidoon1`][8] with liburing build fixes and GCC debug build fixes
+- [jemallocator][continuwuation-jemallocator] - Fork of [tikv/jemallocator][jemallocator] fixing musl builds, suspicious code,
+  and adding support for redzones in Valgrind
+- [rustyline-async][continuwuation-rustyline-async] - Fork of [zyansheep/rustyline-async][rustyline-async] with tab completion callback
+  and `CTRL+\` signal quit event for Continuwuity console CLI
+- [rust-rocksdb][continuwuation-rust-rocksdb] - Fork of [rust-rocksdb/rust-rocksdb][rust-rocksdb] fixing musl build issues,
+  removing unnecessary `gtest` include, and using our RocksDB and jemallocator forks
+- [tracing][continuwuation-tracing] - Fork of [tokio-rs/tracing][tracing] implementing `Clone` for `EnvFilter` to
+  support dynamically changing tracing environments
+
+## Debugging with `tokio-console`
+
+[`tokio-console`][7] can be a useful tool for debugging and profiling. To make a
+`tokio-console`-enabled build of Continuwuity, enable the `tokio_console` feature,
+disable the default `release_max_log_level` feature, and set the `--cfg
+tokio_unstable` flag to enable experimental tokio APIs. A build might look like
+this:
+
+```bash
+RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
+    --release \
+    --no-default-features \
+    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
+```
+
+You will also need to enable the `tokio_console` config option in Continuwuity when
+starting it. This was due to tokio-console causing gradual memory leak/usage
+if left enabled.
+
+## Building Docker Images
+
+To build a Docker image for Continuwuity, use the standard Docker build command:
+
+```bash
+docker build -f docker/Dockerfile .
+```
+
+The image can be cross-compiled for different architectures.
+
+[continuwuation-ruwuma]: https://forgejo.ellis.link/continuwuation/ruwuma
+[continuwuation-rocksdb]: https://forgejo.ellis.link/continuwuation/rocksdb
+[continuwuation-jemallocator]: https://forgejo.ellis.link/continuwuation/jemallocator
+[continuwuation-rustyline-async]: https://forgejo.ellis.link/continuwuation/rustyline-async
+[continuwuation-rust-rocksdb]: https://forgejo.ellis.link/continuwuation/rust-rocksdb
+[continuwuation-tracing]: https://forgejo.ellis.link/continuwuation/tracing
+
+[ruma]: https://github.com/ruma/ruma/
+[rocksdb]: https://github.com/facebook/rocksdb/
+[jemallocator]: https://github.com/tikv/jemallocator/
+[rustyline-async]: https://github.com/zyansheep/rustyline-async/
+[rust-rocksdb]: https://github.com/rust-rocksdb/rust-rocksdb/
+[tracing]: https://github.com/tokio-rs/tracing/
+
+[7]: https://docs.rs/tokio-console/latest/tokio_console/
+[8]: https://github.com/zaidoon1/
+[9]: https://github.com/rust-lang/cargo/issues/12162
+[workspaces]: https://doc.rust-lang.org/cargo/reference/workspaces.html
+[macros]: https://doc.rust-lang.org/book/ch19-06-macros.html
+[syn]: https://docs.rs/syn/latest/syn/
+[proc-macro]: https://doc.rust-lang.org/reference/procedural-macros.html
+[clap]: https://docs.rs/clap/latest/clap/
+[features]: https://doc.rust-lang.org/cargo/reference/features.html
+[state]: https://docs.rs/axum/latest/axum/extract/struct.State.html

docs/development/_meta.json

@@ -1,27 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "index",
-        "label": "Development Guide"
-    },
-    {
-        "type": "file",
-        "name": "contributing",
-        "label": "Contributing"
-    },
-    {
-        "type": "file",
-        "name": "code_style",
-        "label": "Code Style Guide"
-    },
-    {
-        "type": "file",
-        "name": "testing",
-        "label": "Testing"
-    },
-    {
-        "type": "file",
-        "name": "hot_reload",
-        "label": "Hot Reloading"
-    }
-]

docs/development/code_style.md

@@ -128,7 +128,7 @@ Keep in mind the frequency that the log will be reached, and the relevancy to a
 ```rs
 // Good
 error!(
-    error = ?err,
+    error = %err,
     room_id = %room_id,
     "Failed to send event to room"
 );
@@ -264,7 +264,7 @@ pub async fn send_federation_request(
                 warn!(
                     destination = %destination,
                     attempt = attempt,
-                    error = ?err,
+                    error = %err,
                     retry_delay_ms = retry_delay.as_millis(),
                     "Federation request failed, retrying"
                 );

docs/development/contributing.mdx

@@ -1,203 +0,0 @@
-# Contributing guide
-
-This page is about contributing to Continuwuity. The
-[development](./index.mdx) and [code style guide](./code_style.mdx) pages may be of interest for you as well.
-
-If you would like to work on an [issue][issues] that is not assigned, preferably
-ask in the Matrix room first at [#continuwuity:continuwuity.org][continuwuity-matrix],
-and comment on it.
-
-### Code Style
-
-Please review and follow the [code style guide](./code_style) for formatting, linting, naming conventions, and other code standards.
-
-### Pre-commit Checks
-
-Continuwuity uses pre-commit hooks to enforce various coding standards and catch common issues before they're committed. These checks include:
-
-- Code formatting and linting
-- Typo detection (both in code and commit messages)
-- Checking for large files
-- Ensuring proper line endings and no trailing whitespace
-- Validating YAML, JSON, and TOML files
-- Checking for merge conflicts
-
-You can run these checks locally by installing [prefligit](https://github.com/j178/prefligit):
-
-
-```bash
-# Requires UV: https://docs.astral.sh/uv/getting-started/installation/
-# Mac/linux: curl -LsSf https://astral.sh/uv/install.sh | sh
-# Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
-
-# Install prefligit using cargo-binstall
-cargo binstall prefligit
-
-# Install git hooks to run checks automatically
-prefligit install
-
-# Run all checks
-prefligit --all-files
-```
-
-Alternatively, you can use [pre-commit](https://pre-commit.com/):
-```bash
-# Requires python
-
-# Install pre-commit
-pip install pre-commit
-
-# Install the hooks
-pre-commit install
-
-# Run all checks manually
-pre-commit run --all-files
-```
-
-These same checks are run in CI via the prefligit-checks workflow to ensure consistency. These must pass before the PR is merged.
-
-### Running tests locally
-
-Tests, compilation, and linting can be run with standard Cargo commands:
-
-```bash
-# Run tests
-cargo test
-
-# Check compilation
-cargo check --workspace --features full
-
-# Run lints
-cargo clippy --workspace --features full
-# Auto-fix: cargo clippy --workspace --features full --fix --allow-staged;
-
-# Format code (must use nightly)
-cargo +nightly fmt
-```
-
-### Matrix tests
-
-Continuwuity uses [Complement][complement] for Matrix protocol compliance testing. Complement tests are run manually by developers, and documentation on how to run these tests locally is currently being developed.
-
-If your changes are done to fix Matrix tests, please note that in your pull request. If more Complement tests start failing from your changes, please review the logs and determine if they're intended or not.
-
-[Sytest][sytest] is currently unsupported.
-
-### Writing documentation
-
-Continuwuity's website uses [`mdbook`][mdbook] and is deployed via CI using Cloudflare Pages
-in the [`documentation.yml`][documentation.yml] workflow file. All documentation is in the `docs/`
-directory at the top level.
-
-To build the documentation locally:
-
-1. Install mdbook if you don't have it already:
-   ```bash
-   cargo install mdbook # or cargo binstall, or another method
-   ```
-
-2. Build the documentation:
-   ```bash
-   mdbook build
-   ```
-
-The output of the mdbook generation is in `public/`. You can open the HTML files directly in your browser without needing a web server.
-
-
-### Commit Messages
-
-Continuwuity follows the [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
-
-The basic structure is:
-
-```
-<type>[(optional scope)]: <description>
-
-[optional body]
-
-[optional footer(s)]
-```
-
-The allowed types for commits are:
-- `fix`: Bug fixes
-- `feat`: New features
-- `docs`: Documentation changes
-- `style`: Changes that don't affect the meaning of the code (formatting, etc.)
-- `refactor`: Code changes that neither fix bugs nor add features
-- `perf`: Performance improvements
-- `test`: Adding or fixing tests
-- `build`: Changes to the build system or dependencies
-- `ci`: Changes to CI configuration
-- `chore`: Other changes that don't modify source or test files
-
-Examples:
-```
-feat: add user authentication
-fix(database): resolve connection pooling issue
-docs: update installation instructions
-```
-
-The project uses the `committed` hook to validate commit messages in pre-commit. This ensures all commits follow the conventional format.
-
-### Creating pull requests
-
-Please try to keep contributions to the Forgejo Instance. While the mirrors of continuwuity
-allow for pull/merge requests, there is no guarantee the maintainers will see them in a timely
-manner. Additionally, please mark WIP or unfinished or incomplete PRs as drafts.
-This prevents us from having to ping once in a while to double check the status
-of it, especially when the CI completed successfully and everything so it
-*looks* done.
-
-Before submitting a pull request, please ensure:
-1. Your code passes all CI checks (formatting, linting, typo detection, etc.). Run pre-commit for this.
-2. Your code follows the [code style guide](./code_style)
-3. Your commit messages follow the conventional commits format
-4. Tests are added for new functionality
-5. Documentation is updated if needed
-6. You have written a [news fragment](#writing-news-fragments) for your changes
-
-Direct all PRs/MRs to the `main` branch.
-
-By sending a pull request or patch, you are agreeing that your changes are
-allowed to be licenced under the Apache-2.0 licence and all of your conduct is
-in line with the Contributor's Covenant, and continuwuity's Code of Conduct.
-
-Contribution by users who violate either of these code of conducts may not have
-their contributions accepted. This includes users who have been banned from
-continuwuity Matrix rooms for Code of Conduct violations.
-
-[issues]: https://forgejo.ellis.link/continuwuation/continuwuity/issues
-[continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
-[complement]: https://github.com/matrix-org/complement/
-[sytest]: https://github.com/matrix-org/sytest/
-[mdbook]: https://rust-lang.github.io/mdBook/
-[documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
-
-#### Writing news fragments
-
-In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
-"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
-
-When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
-describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
-of the following:
-
-- `feature` - for new features
-- `bugfix` - for bug fixes
-- `doc` - for documentation changes
-- `misc` - for other changes that don't fit the above categories
-
-For example:
-
-```bash
-$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
-```
-
-(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
-
-When the next release is made, Towncrier will automatically include your news fragment in the changelog.
-
-You can read more about writing news fragments in the [Towncrier tutorial][tt].
-
-[Towncrier]: https://towncrier.readthedocs.io/
-[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

docs/development/hot_reload.md

@@ -137,7 +137,7 @@ acyclic graph. The primary rule is simple and illustrated in the figure below:
 it.**
 
 ![Continuwuity's dynamic library setup diagram - created by Jason
-Volk](./assets/libraries.png)
+Volk](assets/libraries.png)
 
 When a symbol is referenced between crates they become bound: **crates cannot be
 unloaded until their calling crates are first unloaded.** Thus we start the
@@ -148,7 +148,7 @@ and the first crate, freeing the executable from all modules as no global
 binding ever occurs between them.
 
 ![Continuwuity's reload and load order diagram - created by Jason
-Volk](./assets/reload_order.png)
+Volk](assets/reload_order.png)
 
 Proper resource management is essential for reliable reloading to occur. This is
 a very basic ask in RAII-idiomatic Rust and the exposure to reloading hazards is

docs/development/index.mdx

@@ -1,203 +0,0 @@
-# Development
-
-Information about developing the project. If you are only interested in using
-it, you can safely ignore this page. If you plan on contributing, see the
-[contributor's guide](./contributing.mdx) and
-[code style guide](./code_style.mdx).
-
-## Continuwuity project layout
-
-Continuwuity uses a collection of sub-crates, packages, or workspace members
-that indicate what each general area of code is for. All of the workspace
-members are under `src/`. The workspace definition is at the top level / root
-`Cargo.toml`.
-
-The crate names are generally self-explanatory:
-
-- `admin` is the admin room
-- `api` is the HTTP API, Matrix C-S and S-S endpoints, etc
-- `core` is core Continuwuity functionality like config loading, error
-  definitions, global utilities, logging infrastructure, etc
-- `database` is RocksDB methods, helpers, RocksDB config, and general database
-  definitions, utilities, or functions
-- `macros` are Continuwuity Rust [macros][macros] like general helper macros,
-  logging and error handling macros, and [syn][syn] and [procedural
-  macros][proc-macro] used for admin room commands and others
-- `main` is the "primary" sub-crate. This is where the `main()` function lives,
-  tokio worker and async initialisation, Sentry initialisation, [clap][clap]
-  init, and signal handling. If you are adding new [Rust features][features],
-  they _must_ go here.
-- `router` is the webserver and request handling bits, using axum, tower,
-  tower-http, hyper, etc, and the [global server state][state] to access
-  `services`.
-- `service` is the high-level database definitions and functions for data,
-  outbound/sending code, and other business logic such as media fetching.
-
-It is highly unlikely you will ever need to add a new workspace member, but if
-you truly find yourself needing to, we recommend reaching out to us in the
-Matrix room for discussions about it beforehand.
-
-The primary inspiration for this design was apart of hot reloadable development,
-to support "Continuwuity as a library" where specific parts can simply be
-swapped out. There is evidence Conduit wanted to go this route too as `axum` is
-technically an optional feature in Conduit, and can be compiled without the
-binary or axum library for handling inbound web requests; but it was never
-completed or worked.
-
-See the Rust documentation on [Workspaces][workspaces] for general questions and
-information on Cargo workspaces.
-
-## Adding compile-time [features][features]
-
-If you'd like to add a compile-time feature, you must first define it in the
-`main` workspace crate located in `src/main/Cargo.toml`. The feature must enable
-a feature in the other workspace crate(s) you intend to use it in. Then the said
-workspace crate(s) must define the feature there in its `Cargo.toml`.
-
-So, if this is adding a feature to the API such as `woof`, you define the
-feature in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition
-in `main`'s `Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.
-
-The rationale for this is due to Rust / Cargo not supporting ["workspace level
-features"][9], we must make a choice of; either scattering features all over the
-workspace crates, making it difficult for anyone to add or remove default
-features; or define all the features in one central workspace crate that
-propagate down/up to the other workspace crates. It is a Cargo pitfall, and we'd
-like to see better developer UX in Rust's Workspaces.
-
-Additionally, the definition of one single place makes "feature collection" in
-our Nix flake a million times easier instead of collecting and deduping them all
-from searching in all the workspace crates' `Cargo.toml`s. Though we wouldn't
-need to do this if Rust supported workspace-level features to begin with.
-
-## List of forked dependencies
-
-During Continuwuity (and prior projects) development, we have had to fork some
-dependencies to support our use-cases. These forks exist for various reasons
-including features that upstream projects won't accept, faster-paced
-development, Continuwuity-specific usecases, or lack of time to upstream
-changes.
-
-All forked dependencies are maintained under the
-[continuwuation organization on Forgejo](https://forgejo.ellis.link/continuwuation):
-
-- [ruwuma][continuwuation-ruwuma] - Fork of [ruma/ruma][ruma] with various
-  performance improvements, more features and better client/server interop
-- [rocksdb][continuwuation-rocksdb] - Fork of [facebook/rocksdb][rocksdb] via
-  [`@zaidoon1`][8] with liburing build fixes and GCC debug build fixes
-- [jemallocator][continuwuation-jemallocator] - Fork of
-  [tikv/jemallocator][jemallocator] fixing musl builds, suspicious code, and
-  adding support for redzones in Valgrind
-- [rustyline-async][continuwuation-rustyline-async] - Fork of
-  [zyansheep/rustyline-async][rustyline-async] with tab completion callback and
-  `CTRL+\` signal quit event for Continuwuity console CLI
-- [rust-rocksdb][continuwuation-rust-rocksdb] - Fork of
-  [rust-rocksdb/rust-rocksdb][rust-rocksdb] fixing musl build issues, removing
-  unnecessary `gtest` include, and using our RocksDB and jemallocator forks
-- [tracing][continuwuation-tracing] - Fork of [tokio-rs/tracing][tracing]
-  implementing `Clone` for `EnvFilter` to support dynamically changing tracing
-  environments
-
-## Debugging with `tokio-console`
-
-[`tokio-console`][7] can be a useful tool for debugging and profiling. To make a
-`tokio-console`-enabled build of Continuwuity, enable the `tokio_console`
-feature, disable the default `release_max_log_level` feature, and set the
-`--cfg tokio_unstable` flag to enable experimental tokio APIs. A build might
-look like this:
-
-```bash
-RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
-    --release \
-    --no-default-features \
-    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
-```
-
-You will also need to enable the `tokio_console` config option in Continuwuity
-when starting it. This was due to tokio-console causing gradual memory
-leak/usage if left enabled.
-
-## Building Docker Images
-
-Official Continuwuity images are built using **Docker Buildx** and the
-Dockerfile found at [`docker/Dockerfile`][dockerfile-path].
-
-The images are compatible with Docker and other container runtimes like Podman
-or containerd.
-
-The images _do not contain a shell_. They contain only the Continuwuity binary,
-required libraries, TLS certificates, and metadata.
-
-<details>
-<summary>Click to view the Dockerfile</summary>
-
-You can also
-
-<a
-    href="<https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile>"
-    target="_blank"
->
-    view the Dockerfile on Forgejo
-</a>
-.
-
-```dockerfile file="../../docker/Dockerfile"
-
-```
-
-</details>
-
-### Building Locally
-
-To build an image locally using Docker Buildx:
-
-```bash
-# Build for the current platform and load into the local Docker daemon
-docker buildx build --load --tag continuwuity:latest -f docker/Dockerfile .
-
-# Example: Build for specific platforms and push to a registry
-# docker buildx build --platform linux/amd64,linux/arm64 --tag registry.io/org/continuwuity:latest -f docker/Dockerfile . --push
-
-# Example: Build binary optimised for the current CPU (standard release profile)
-# docker buildx build --load \
-#   --tag continuwuity:latest \
-#   --build-arg TARGET_CPU=native \
-#   -f docker/Dockerfile .
-
-# Example: Build maxperf variant (release-max-perf profile with LTO)
-# docker buildx build --load \
-#   --tag continuwuity:latest-maxperf \
-#   --build-arg TARGET_CPU=native \
-#   --build-arg RUST_PROFILE=release-max-perf \
-#   -f docker/Dockerfile .
-```
-
-Refer to the Docker Buildx documentation for more advanced build options.
-
-[dockerfile-path]:
-    https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile
-[continuwuation-ruwuma]: https://forgejo.ellis.link/continuwuation/ruwuma
-[continuwuation-rocksdb]: https://forgejo.ellis.link/continuwuation/rocksdb
-[continuwuation-jemallocator]:
-    https://forgejo.ellis.link/continuwuation/jemallocator
-[continuwuation-rustyline-async]:
-    https://forgejo.ellis.link/continuwuation/rustyline-async
-[continuwuation-rust-rocksdb]:
-    https://forgejo.ellis.link/continuwuation/rust-rocksdb
-[continuwuation-tracing]: https://forgejo.ellis.link/continuwuation/tracing
-[ruma]: https://github.com/ruma/ruma/
-[rocksdb]: https://github.com/facebook/rocksdb/
-[jemallocator]: https://github.com/tikv/jemallocator/
-[rustyline-async]: https://github.com/zyansheep/rustyline-async/
-[rust-rocksdb]: https://github.com/rust-rocksdb/rust-rocksdb/
-[tracing]: https://github.com/tokio-rs/tracing/
-[7]: https://docs.rs/tokio-console/latest/tokio_console/
-[8]: https://github.com/zaidoon1/
-[9]: https://github.com/rust-lang/cargo/issues/12162
-[workspaces]: https://doc.rust-lang.org/cargo/reference/workspaces.html
-[macros]: https://doc.rust-lang.org/book/ch19-06-macros.html
-[syn]: https://docs.rs/syn/latest/syn/
-[proc-macro]: https://doc.rust-lang.org/reference/procedural-macros.html
-[clap]: https://docs.rs/clap/latest/clap/
-[features]: https://doc.rust-lang.org/cargo/reference/features.html
-[state]: https://docs.rs/axum/latest/axum/extract/struct.State.html

docs/development/testing.md

@@ -24,7 +24,7 @@ and run the script.
 If you're on macOS and need to build an image, run `nix build .#linux-complement`.
 
 We have a Complement fork as some tests have needed to be fixed. This can be found
-at [continuwuation/complement](https://forgejo.ellis.link/continuwuation/complement)
+at: <https://forgejo.ellis.link/continuwuation/complement>
 
 [ci-workflows]:
 https://forgejo.ellis.link/continuwuation/continuwuity/actions/?workflow=ci.yml&actor=0&status=1

docs/index.mdx

@@ -1,61 +0,0 @@
----
-pageType: home
-
-hero:
-  name: Continuwuity
-  text: A community-driven Matrix homeserver
-  tagline: Fast, lightweight and open
-  actions:
-    - theme: brand
-      text: Get Started
-      link: /introduction
-    - theme: alt
-      text: Contribute on Forgejo
-      link: https://forgejo.ellis.link/continuwuation/continuwuity
-    - theme: alt
-      text: Star on GitHub
-      link: https://github.com/continuwuity/continuwuity
-  image:
-    src: /assets/logo.svg
-    alt: continuwuity logo
-
-beforeFeatures:
-  - title: Matrix for Discord users
-    details: New to Matrix? Learn how Matrix compares to Discord
-    link: https://joinmatrix.org/guide/matrix-vs-discord/
-    buttonText: Find Out the Difference
-  - title: How Matrix Works
-    details: Learn how Matrix works under the hood, and what that means
-    link: https://matrix.org/docs/matrix-concepts/elements-of-matrix/
-    buttonText: Read the Guide
-
-features:
-  - title: 🚀 High Performance
-    details: Built with Rust for exceptional speed and efficiency. Designed to run smoothly even on modest hardware.
-  - title: 🔒 Secure by Default
-    details: Memory-safe Rust implementation with built-in security features to protect your communication.
-  - title: 🌐 Matrix Protocol
-    details: Fully compatible with the Matrix ecosystem. Connect with users across the federated network.
-  - title: 🛠️ Community Maintained
-    details: Actively developed by a dedicated community of Matrix enthusiasts and contributors.
-  - title: 📦 Easy to Deploy
-    details: Multiple deployment options including Docker, NixOS, and traditional package managers.
-  - title: 🔌 Appservice Support
-    details: Bridge to other platforms like Discord, Telegram, and more with Matrix appservices.
-
-doc: false
----
-
-## What is Continuwuity?
-
-Continuwuity is a Matrix homeserver.
-
-Matrix is an open chat network that lets anyone talk to anyone, no matter what server or address they use - sort of like email.
-
-Continuwuity receives and keeps track of all your messages, and delivers what you send to the right people.
-
-## Why is Continuwuity different?
-
-Continuwuity is light and fast, using a fraction of the memory of other major homeservers. It's also simple to set up, and secure by default.
-
-We are a community run project, filled with diverse and friendly people. Everything is built by people who care about the project volunteering their free time.

docs/introduction.md

@@ -0,0 +1,18 @@
+# Continuwuity
+
+{{#include ../README.md:catchphrase}}
+
+{{#include ../README.md:body}}
+
+#### How can I deploy my own?
+
+- [Deployment options](deploying.md)
+
+If you want to connect an appservice to Continuwuity, take a look at the
+[appservices documentation](appservices.md).
+
+#### How can I contribute?
+
+See the [contributor's guide](contributing.md)
+
+{{#include ../README.md:footer}}

docs/introduction.mdx

@@ -1,98 +0,0 @@
-# Continuwuity
-
-## A community-driven [Matrix](https://matrix.org/) homeserver in Rust
-
-[![Chat on Matrix](https://img.shields.io/matrix/continuwuity%3Acontinuwuity.org?server_fqdn=matrix.continuwuity.org&fetchMode=summary&logo=matrix)](https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) [![Join the space](https://img.shields.io/matrix/space%3Acontinuwuity.org?server_fqdn=matrix.continuwuity.org&fetchMode=summary&logo=matrix&label=space)](https://matrix.to/#/#space:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org)
-
-[continuwuity] is a Matrix homeserver written in Rust.
-It's the official community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.
-
-[![forgejo.ellis.link](https://img.shields.io/badge/Ellis%20Git-main+packages-green?style=flat&logo=forgejo&labelColor=fff)](https://forgejo.ellis.link/continuwuation/continuwuity) [![Stars](https://forgejo.ellis.link/continuwuation/continuwuity/badges/stars.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/stars) [![Issues](https://forgejo.ellis.link/continuwuation/continuwuity/badges/issues/open.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/issues?state=open) [![Pull Requests](https://forgejo.ellis.link/continuwuation/continuwuity/badges/pulls/open.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/pulls?state=open)
-
-[![GitHub](https://img.shields.io/badge/GitHub-mirror-blue?style=flat&logo=github&labelColor=fff&logoColor=24292f)](https://github.com/continuwuity/continuwuity) [![Stars](https://img.shields.io/github/stars/continuwuity/continuwuity?style=flat)](https://github.com/continuwuity/continuwuity/stargazers)
-
-[![GitLab](https://img.shields.io/badge/GitLab-mirror-blue?style=flat&logo=gitlab&labelColor=fff)](https://gitlab.com/continuwuity/continuwuity) [![Stars](https://img.shields.io/gitlab/stars/continuwuity/continuwuity?style=flat)](https://gitlab.com/continuwuity/continuwuity/-/starrers)
-
-[![Codeberg](https://img.shields.io/badge/Codeberg-mirror-2185D0?style=flat&logo=codeberg&labelColor=fff)](https://codeberg.org/continuwuity/continuwuity) [![Stars](https://codeberg.org/continuwuity/continuwuity/badges/stars.svg?style=flat)](https://codeberg.org/continuwuity/continuwuity/stars)
-
-## Why does this exist?
-
-The original conduwuit project has been archived and is no longer maintained. Rather than letting this Rust-based Matrix homeserver disappear, a group of community contributors have forked the project to continue its development, fix outstanding issues, and add new features.
-
-We aim to provide a stable, well-maintained alternative for current conduwuit users and welcome newcomers seeking a lightweight, efficient Matrix homeserver.
-
-## Who are we?
-
-We are a group of Matrix enthusiasts, developers and system administrators who have used conduwuit and believe in its potential. Our team includes both previous
-contributors to the original project and new developers who want to help maintain and improve this important piece of Matrix infrastructure.
-
-We operate as an open community project, welcoming contributions from anyone interested in improving continuwuity.
-
-## What is Matrix?
-
-[Matrix](https://matrix.org) is an open, federated, and extensible network for
-decentralized communication. Users from any Matrix homeserver can chat with users from all
-other homeservers over federation. Matrix is designed to be extensible and built on top of.
-You can even use bridges such as Matrix Appservices to communicate with users outside of Matrix, like a community on Discord.
-
-## What are the project's goals?
-
-continuwuity aims to:
-
-- Maintain a stable, reliable Matrix homeserver implementation in Rust
-- Improve compatibility and specification compliance with the Matrix protocol
-- Fix bugs and performance issues from the original conduwuit
-- Add missing features needed by homeserver administrators
-- Provide comprehensive documentation and easy deployment options
-- Create a sustainable development model for long-term maintenance
-- Keep a lightweight, efficient codebase that can run on modest hardware
-
-## Can I try it out?
-
-Check out the [documentation](https://continuwuity.org) for installation instructions.
-
-If you want to try it out as a user, we have some partnered homeservers you can use:
-* You can head over to [https://federated.nexus](https://federated.nexus/) in your browser.
-  * Hit the `Apply to Join` button. Once your request has been accepted, you will receive an email with your username and password.
-  * Head over to [https://app.federated.nexus](https://app.federated.nexus/) and you can sign in there, or use any other matrix chat client you wish elsewhere.
-  * Your username for matrix will be in the form of `@username:federated.nexus`, however you can simply use the `username` part to log in. Your password is your password.
-
-* There's also [https://continuwuity.rocks/](https://continuwuity.rocks/). You can register a new account using Cinny via [this convenient link](https://app.cinny.in/register/continuwuity.rocks), or you can use Element or another matrix client *that supports registration*.
-
-## What are we working on?
-
-We're working our way through all of the issues in the [Forgejo project](https://forgejo.ellis.link/continuwuation/continuwuity/issues).
-
-- [Packaging & availability in more places](https://forgejo.ellis.link/continuwuation/continuwuity/issues/747)
-- [Appservices bugs & features](https://forgejo.ellis.link/continuwuation/continuwuity/issues?q=&type=all&state=open&labels=178&milestone=0&assignee=0&poster=0)
-- [Improving compatibility and spec compliance](https://forgejo.ellis.link/continuwuation/continuwuity/issues?labels=119)
-- Automated testing
-- [Admin API](https://forgejo.ellis.link/continuwuation/continuwuity/issues/748)
-- [Policy-list controlled moderation](https://forgejo.ellis.link/continuwuation/continuwuity/issues/750)
-
-## Can I migrate my data from x?
-
-- **Conduwuit**: Yes
-- **Conduit**: No, database is now incompatible
-- **Grapevine**: No, database is now incompatible
-- **Dendrite**: No
-- **Synapse**: No
-
-We haven't written up a guide on migrating from incompatible homeservers yet. Reach out to us if you need to do this!
-
-## How can I deploy my own?
-
-- [Deployment options](deploying)
-
-If you want to connect an appservice to continuwuity, take a look at the
-[appservices documentation](appservices).
-
-## How can I contribute?
-
-See the [contributor's guide](development/contributing)
-
-## Contact
-
-Join our [Matrix room](https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) and [space](https://matrix.to/#/#space:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) to chat with us about the project!
-
-[continuwuity]: https://forgejo.ellis.link/continuwuation/continuwuity

docs/maintenance.md

@@ -47,7 +47,7 @@ RocksDB troubleshooting can be found [in the RocksDB section of troubleshooting]
 ### Compression
 
 Some RocksDB settings can be adjusted such as the compression method chosen. See
-the RocksDB section in the [example config](./reference/config.mdx).
+the RocksDB section in the [example config](configuration/examples.md).
 
 btrfs users have reported that database compression does not need to be disabled
 on Continuwuity as the filesystem already does not attempt to compress. This can be
@@ -55,7 +55,7 @@ validated by using `filefrag -v` on a `.SST` file in your database, and ensure
 the `physical_offset` matches (no filesystem compression). It is very important
 to ensure no additional filesystem compression takes place as this can render
 unbuffered Direct IO inoperable, significantly slowing down read and write
-performance. See [the Btrfs docs](https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility).
+performance. See <https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility>
 
 > Compression is done using the COW mechanism so it’s incompatible with
 > nodatacow. Direct IO read works on compressed files but will fall back to

docs/plans/2026-03-17-space-permission-cascading-design.md

@@ -1,226 +0,0 @@
-# Space Permission Cascading — Design Document
-
-**Date:** 2026-03-17
-**Status:** Approved
-
-## Overview
-
-Server-side feature that allows user rights in a Space to cascade down to its
-direct child rooms. Includes power level cascading and role-based room access
-control. Enabled via a server-wide configuration flag, disabled by default.
-
-## Requirements
-
-1. Power levels defined in a Space cascade to all direct child rooms (Space
-   always wins over per-room overrides).
-2. Admins can define custom roles in a Space and assign them to users.
-3. Child rooms can require one or more roles for access.
-4. Enforcement is continuous — role revocation auto-kicks users from rooms they
-   no longer qualify for.
-5. Users are auto-joined to all qualifying child rooms when they join a Space or
-   receive a new role.
-6. Cascading applies to direct parent Space only; no nested cascade through
-   sub-spaces.
-7. Feature is toggled by a single server-wide config flag
-   (`space_permission_cascading`), off by default.
-
-## Configuration
-
-```toml
-# conduwuit-example.toml
-
-# Enable space permission cascading (power levels and role-based access).
-# When enabled, power levels cascade from Spaces to child rooms and rooms
-# can require roles for access. Applies to all Spaces on this server.
-# Default: false
-space_permission_cascading = false
-```
-
-## Custom State Events
-
-All events live in the Space room.
-
-### `m.space.roles` (state key: `""`)
-
-Defines the available roles for the Space. Two default roles (`admin` and `mod`)
-are created automatically when a Space is first encountered with the feature
-enabled.
-
-```json
-{
-  "roles": {
-    "admin": {
-      "description": "Space administrator",
-      "power_level": 100
-    },
-    "mod": {
-      "description": "Space moderator",
-      "power_level": 50
-    },
-    "nsfw": {
-      "description": "Access to NSFW content"
-    },
-    "vip": {
-      "description": "VIP member"
-    }
-  }
-}
-```
-
-- `description` (string, required): Human-readable description.
-- `power_level` (integer, optional): If present, users with this role receive
-  this power level in all child rooms. When a user holds multiple roles with
-  power levels, the highest value wins.
-
-### `m.space.role.member` (state key: user ID)
-
-Assigns roles to a user within the Space.
-
-```json
-{
-  "roles": ["nsfw", "vip"]
-}
-```
-
-### `m.space.role.room` (state key: room ID)
-
-Declares which roles a child room requires. A user must hold **all** listed
-roles to access the room.
-
-```json
-{
-  "required_roles": ["nsfw"]
-}
-```
-
-## Enforcement Rules
-
-All enforcement is skipped when `space_permission_cascading = false`.
-
-### 1. Join gating
-
-When a user attempts to join a room that is a direct child of a Space:
-
-- Look up the room's `m.space.role.room` event in the parent Space.
-- If the room has `required_roles`, check the user's `m.space.role.member`.
-- Reject the join if the user is missing any required role.
-
-### 2. Power level override
-
-For every user in a child room of a Space:
-
-- Look up their roles via `m.space.role.member` in the parent Space.
-- For each role that has a `power_level`, take the highest value.
-- Override the user's power level in the child room's `m.room.power_levels`.
-- Reject attempts to manually set per-room power levels that conflict with
-  Space-granted levels.
-
-### 3. Role revocation
-
-When an `m.space.role.member` event is updated and a role is removed:
-
-- Identify all child rooms that require the removed role.
-- Auto-kick the user from rooms they no longer qualify for.
-- Recalculate and update the user's power level in all child rooms.
-
-### 4. Room requirement change
-
-When an `m.space.role.room` event is updated with new requirements:
-
-- Check all current members of the room.
-- Auto-kick members who do not hold all newly required roles.
-
-### 5. Auto-join on role grant
-
-When an `m.space.role.member` event is updated and a role is added:
-
-- Find all child rooms where the user now meets all required roles.
-- Auto-join the user to qualifying rooms they are not already in.
-
-This also applies when a user first joins the Space — they are auto-joined to
-all child rooms they qualify for. Rooms with no role requirements auto-join all
-Space members.
-
-### 6. New child room
-
-When a new `m.space.child` event is added to a Space:
-
-- Auto-join all qualifying Space members to the new child room.
-
-## Caching & Indexing
-
-The source of truth is always the state events. The server maintains an
-in-memory index for fast enforcement lookups, following the same patterns as the
-existing `roomid_spacehierarchy_cache`.
-
-### Index structures
-
-| Index                        | Source event           |
-|------------------------------|------------------------|
-| Space → roles defined        | `m.space.roles`        |
-| Space → user → roles         | `m.space.role.member`  |
-| Space → room → required roles| `m.space.role.room`    |
-| Room → parent Space          | `m.space.child` (reverse lookup) |
-
-The Space → child rooms mapping already exists.
-
-### Cache invalidation triggers
-
-| Event changed              | Action                                              |
-|----------------------------|-----------------------------------------------------|
-| `m.space.roles`            | Refresh role definitions, revalidate all members    |
-| `m.space.role.member`      | Refresh user's roles, trigger auto-join/kick        |
-| `m.space.role.room`        | Refresh room requirements, trigger auto-join/kick   |
-| `m.space.child` added      | Index new child, auto-join qualifying members       |
-| `m.space.child` removed    | Remove from index (no auto-kick)                    |
-| Server startup             | Full rebuild from state events                      |
-
-## Admin Room Commands
-
-Roles are managed via the existing admin room interface, which sends the
-appropriate state events under the hood and triggers enforcement.
-
-```
-!admin space roles list <space>
-!admin space roles add <space> <role_name> [description] [power_level]
-!admin space roles remove <space> <role_name>
-!admin space roles assign <space> <user_id> <role_name>
-!admin space roles revoke <space> <user_id> <role_name>
-!admin space roles require <space> <room_id> <role_name>
-!admin space roles unrequire <space> <room_id> <role_name>
-!admin space roles user <space> <user_id>
-!admin space roles room <space> <room_id>
-```
-
-## Architecture
-
-**Approach:** Hybrid — state events for definition, database cache for
-enforcement.
-
-- State events are the source of truth and federate normally.
-- The server maintains an in-memory cache/index for fast enforcement.
-- Cache is invalidated on relevant state event changes and fully rebuilt on
-  startup.
-- All enforcement hooks (join gating, PL override, auto-join, auto-kick) check
-  the feature flag first and no-op when disabled.
-- Existing clients can manage roles via Developer Tools (custom state events).
-  The admin room commands provide a user-friendly interface.
-
-## Scope
-
-### In scope
-
-- Server-wide feature flag
-- Custom state events for role definition, assignment, and room requirements
-- Power level cascading (Space always wins)
-- Continuous enforcement (auto-join, auto-kick)
-- Admin room commands
-- In-memory caching with invalidation
-- Default `admin` (PL 100) and `mod` (PL 50) roles
-
-### Out of scope
-
-- Client-side UI for role management
-- Nested cascade through sub-spaces
-- Per-space opt-in/opt-out (it is server-wide)
-- Federation-specific logic beyond normal state event replication

docs/public/.well-known/continuwuity/announcements

@@ -1,15 +0,0 @@
-{
-    "$schema": "https://continuwuity.org/schema/announcements.schema.json",
-    "announcements": [
-        {
-            "id": 1,
-            "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
-        },
-        {
-            "id": 10,
-            "mention_room": false,
-            "date": "2026-03-03",
-            "message": "We've just released [v0.5.6](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.6), which contains a few  security improvements - plus significant reliability and performance improvements. Please update as soon as possible. \n\nWe released [v0.5.5](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.5) two weeks ago, but it skipped your admin room straight to [our announcements channel](https://matrix.to/#/!jIdNjSM5X-V5JVx2h2kAhUZIIQ08GyzPL55NFZAH1vM?via=ellis.link&via=gingershaped.computer&via=matrix.org). Make sure you're there to get important information as soon as we announce it! [Our space](https://matrix.to/#/!8cR4g-i9ucof69E4JHNg9LbPVkGprHb3SzcrGBDDJgk?via=continuwuity.org&via=ellis.link&via=matrix.org) has also gained a bunch of new and interesting rooms - be there or be square."
-        }
-    ]
-}

docs/public/.well-known/matrix/client

@@ -1 +0,0 @@
-{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.ellis.link"}]}

docs/public/assets/logo.svg

@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-
-<svg
-   width="447.99823"
-   height="447.99823"
-   viewBox="0 0 447.99823 447.99823"
-   version="1.1"
-   id="svg1"
-   xml:space="preserve"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg"><defs
-     id="defs1" /><g
-     id="layer1"
-     transform="translate(-32.000893,-32.000893)"><circle
-       style="fill:#9b4bd4;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-dasharray:none;stroke-opacity:1"
-       id="path1"
-       cy="256"
-       cx="256"
-       r="176" /><path
-       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
-       d="m 41,174 69,36 C 135,126 175,102 226,94 l -12,31 62,-44 -69,-44 15,30 C 128,69 84,109 41,172 Z"
-       id="path7" /><path
-       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
-       d="m 338,41 -36,69 c 84,25 108,65 116,116 l -31,-12 44,62 44,-69 -30,15 C 443,128 403,84 340,41 Z"
-       id="path6" /><path
-       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
-       d="m 471,338 -69,-36 c -25,84 -65,108 -116,116 l 12,-31 -62,44 69,44 -15,-30 c 94,-2 138,-42 181,-105 z"
-       id="path8" /><path
-       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
-       d="m 174,471 36,-69 C 126,377 102,337 94,286 l 31,12 -44,-62 -44,69 30,-15 c 2,94 42,138 105,181 z"
-       id="path9" /><g
-       id="g15"
-       transform="translate(-5.4157688e-4)"><path
-         style="fill:none;stroke:#000000;stroke-width:10;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:normal"
-         d="m 155.45977,224.65379 c -7.25909,13.49567 -7.25909,26.09161 -6.35171,39.58729 0.90737,11.69626 12.7034,24.29222 24.49943,26.09164 21.77727,3.59884 28.12898,-20.69338 28.12898,-20.69338 0,0 4.53693,-15.29508 5.4443,-40.48699"
-         id="path11" /><path
-         style="fill:none;stroke:#000000;stroke-width:10;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:normal"
-         d="m 218.96706,278.05399 c 3.00446,17.12023 7.52704,24.88918 19.22704,28.48918 9,2.7 22.5,-4.5 22.5,-16.2 0.9,21.6 17.1,17.1 19.8,17.1 11.7,-1.8 18.9,-14.4 16.2,-30.6"
-         id="path12" /><path
-         style="fill:none;stroke:#000000;stroke-width:10;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:normal"
-         d="m 305.6941,230.94317 c 1.8,27 6.3,40.5 6.3,40.5 8.1,27 28.8,19.8 28.8,19.8 18.9,-7.2 22.5,-24.3 22.5,-30.6 0,-25.2 -6.3,-35.1 -6.3,-35.1"
-         id="path13" /></g></g></svg>

docs/reference/_meta.json

@@ -1,17 +0,0 @@
-[
-    {
-        "type": "file",
-        "name": "config",
-        "label": "Configuration"
-    },
-    {
-        "type": "file",
-        "name": "environment-variables",
-        "label": "Environment Variables"
-    },
-    {
-        "type": "file",
-        "name": "admin",
-        "label": "Admin Commands"
-    }
-]

docs/reference/admin/appservices.md

@@ -1,29 +0,0 @@
-<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
-# `!admin appservices`
-
-Commands for managing appservices
-
-
-## `!admin appservices register`
-
-Register an appservice using its registration YAML
-
-This command needs a YAML generated by an appservice (such as a bridge), which must be provided in a Markdown code block below the command.
-
-Registering a new bridge using the ID of an existing bridge will replace the old one.
-
-## `!admin appservices unregister`
-
-Unregister an appservice using its ID
-
-You can find the ID using the `list-appservices` command.
-
-## `!admin appservices show-appservice-config`
-
-Show an appservice's config using its ID
-
-You can find the ID using the `list-appservices` command.
-
-## `!admin appservices list-registered`
-
-List all the currently registered appservices

docs/reference/admin/check.md

@@ -1,9 +0,0 @@
-<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
-# `!admin check`
-
-Commands for checking integrity
-
-
-## `!admin check check-all-users`
-
-Uses the iterator in `src/database/key_value/users.rs` to iterator over every user in our database (remote and local). Reports total count, any errors if there were any, etc

docs/reference/admin/debug.md

@@ -1,135 +0,0 @@
-<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
-# `!admin debug`
-
-Commands for debugging things
-
-
-## `!admin debug echo`
-
-Echo input of admin command
-
-## `!admin debug get-auth-chain`
-
-Get the auth_chain of a PDU
-
-## `!admin debug parse-pdu`
-
-Parse and print a PDU from a JSON
-
-The PDU event is only checked for validity and is not added to the database.
-
-This command needs a JSON blob provided in a Markdown code block below the command.
-
-## `!admin debug get-pdu`
-
-Retrieve and print a PDU by EventID from the Continuwuity database
-
-## `!admin debug get-short-pdu`
-
-Retrieve and print a PDU by PduId from the Continuwuity database
-
-## `!admin debug get-remote-pdu`
-
-Attempts to retrieve a PDU from a remote server. **Does not** insert it into the database or persist it anywhere
-
-## `!admin debug get-remote-pdu-list`
-
-Same as `get-remote-pdu` but accepts a codeblock newline delimited list of PDUs and a single server to fetch from
-
-## `!admin debug get-room-state`
-
-Gets all the room state events for the specified room.
-
-This is functionally equivalent to `GET /_matrix/client/v3/rooms/{roomid}/state`, except the admin command does *not* check if the sender user is allowed to see state events. This is done because it's implied that server admins here have database access and can see/get room info themselves anyways if they were malicious admins.
-
-Of course the check is still done on the actual client API.
-
-## `!admin debug get-signing-keys`
-
-Get and display signing keys from local cache or remote server
-
-## `!admin debug get-verify-keys`
-
-Get and display signing keys from local cache or remote server
-
-## `!admin debug ping`
-
-Sends a federation request to the remote server's `/_matrix/federation/v1/version` endpoint and measures the latency it took for the server to respond
-
-## `!admin debug force-device-list-updates`
-
-Forces device lists for all local and remote users to be updated (as having new keys available)
-
-## `!admin debug change-log-level`
-
-Change tracing log level/filter on the fly
-
-This accepts the same format as the `log` config option.
-
-## `!admin debug verify-json`
-
-Verify JSON signatures
-
-This command needs a JSON blob provided in a Markdown code block below the command.
-
-## `!admin debug verify-pdu`
-
-Verify PDU
-
-This re-verifies a PDU existing in the database found by ID.
-
-## `!admin debug first-pdu-in-room`
-
-Prints the very first PDU in the specified room (typically m.room.create)
-
-## `!admin debug latest-pdu-in-room`
-
-Prints the latest ("last") PDU in the specified room (typically a message)
-
-## `!admin debug force-set-room-state-from-server`
-
-Forcefully replaces the room state of our local copy of the specified room, with the copy (auth chain and room state events) the specified remote server says.
-
-A common desire for room deletion is to simply "reset" our copy of the room. While this admin command is not a replacement for that, if you know you have split/broken room state and you know another server in the room that has the best/working room state, this command can let you use their room state. Such example is your server saying users are in a room, but other servers are saying they're not in the room in question.
-
-This command will get the latest PDU in the room we know about, and request the room state at that point in time via `/_matrix/federation/v1/state/{roomId}`.
-
-## `!admin debug resolve-true-destination`
-
-Runs a server name through Continuwuity's true destination resolution process
-
-Useful for debugging well-known issues
-
-## `!admin debug memory-stats`
-
-Print extended memory usage
-
-Optional argument is a character mask (a sequence of characters in any order) which enable additional extended statistics. Known characters are "abdeglmx". For convenience, a '*' will enable everything.
-
-## `!admin debug runtime-metrics`
-
-Print general tokio runtime metric totals
-
-## `!admin debug runtime-interval`
-
-Print detailed tokio runtime metrics accumulated since last command invocation
-
-## `!admin debug time`
-
-Print the current time
-
-## `!admin debug database-stats`
-
-Get database statistics
-
-## `!admin debug trim-memory`
-
-Trim memory usage
-
-## `!admin debug database-files`
-
-List database files
-
-## `!admin debug tester`
-
-Developer test stubs