style: Reduce migration warning verbosity to info

They aren't actually warning of anything
style: Reduce verbosity of fix_corrupt_msc4133_fields
2026-05-26 20:49:55 +00:00 · 2026-03-05 05:46:52 +00:00 · 2026-03-05 05:45:37 +00:00 · 2026-03-05 05:43:57 +00:00 · 2026-03-05 05:40:03 +00:00 · 2026-03-05 05:38:19 +00:00
207 changed files with 3879 additions and 7338 deletions
@@ -2,7 +2,7 @@

 dotenv_if_exists

-if command -v nix >/dev/null 2>&1; then
+if [ -f /etc/os-release ] && grep -q '^ID=nixos' /etc/os-release; then
    use flake ".#${DIRENV_DEVSHELL:-default}"
 fi

@@ -44,7 +44,7 @@ runs:

    - name: Login to builtin registry
      if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: docker/login-action@v4
+      uses: docker/login-action@v3
      with:
        registry: ${{ env.BUILTIN_REGISTRY }}
        username: ${{ inputs.registry_user }}
@@ -52,7 +52,7 @@ runs:

    - name: Set up Docker Buildx
      if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: docker/setup-buildx-action@v4
+      uses: docker/setup-buildx-action@v3
      with:
        # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
        driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
@@ -61,7 +61,7 @@ runs:
    - name: Extract metadata (tags) for Docker
      if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
      id: meta
-      uses: docker/metadata-action@v6
+      uses: docker/metadata-action@v5
      with:
        flavor: |
          latest=auto
@@ -67,7 +67,7 @@ runs:
      uses: ./.forgejo/actions/rust-toolchain

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v4
+      uses: docker/setup-buildx-action@v3
      with:
        # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
        driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
@@ -75,11 +75,11 @@ runs:

    - name: Set up QEMU
      if: ${{ env.BUILDKIT_ENDPOINT == '' }}
-      uses: docker/setup-qemu-action@v4
+      uses: docker/setup-qemu-action@v3

    - name: Login to builtin registry
      if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: docker/login-action@v4
+      uses: docker/login-action@v3
      with:
        registry: ${{ env.BUILTIN_REGISTRY }}
        username: ${{ inputs.registry_user }}
@@ -87,7 +87,7 @@ runs:

    - name: Extract metadata (labels, annotations) for Docker
      id: meta
-      uses: docker/metadata-action@v6
+      uses: docker/metadata-action@v5
      with:
        images: ${{ inputs.images }}
        # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
@@ -152,7 +152,7 @@ runs:

    - name: inject cache into docker
      if: ${{ env.BUILDKIT_ENDPOINT == '' }}
-      uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.2
+      uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.0
      with:
        cache-map: |
          {
@@ -149,6 +149,37 @@ runs:
    - name: Setup sccache
      uses: https://git.tomfos.tr/tom/sccache-action@v1

+    - name: Cache dependencies
+      id: deps-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          target/**/.fingerprint
+          target/**/deps
+          target/**/*.d
+          target/**/.cargo-lock
+          target/**/CACHEDIR.TAG
+          target/**/.rustc_info.json
+          /timelord/
+        # Dependencies cache - based on Cargo.lock, survives source code changes
+        key: >-
+          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}
+        restore-keys: |
+          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
+
+    - name: Cache incremental compilation
+      id: incremental-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          target/**/incremental
+        # Incremental cache - based on source code changes
+        key: >-
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-${{ hashFiles('**/*.rs', '**/Cargo.toml') }}
+        restore-keys: |
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
+
    - name: End build cache restore group
      shell: bash
      run: echo "::endgroup::"
@@ -62,6 +62,10 @@ sync:
    target: registry.gitlab.com/continuwuity/continuwuity
    type: repository
    <<: *tags-main
+  - source: *source
+    target: git.nexy7574.co.uk/mirrored/continuwuity
+    type: repository
+    <<: *tags-releases
  - source: *source
    target: ghcr.io/continuwuity/continuwuity
    type: repository
@@ -1,103 +0,0 @@
-name: Check Changelog
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened, ready_for_review]
-
-
-concurrency:
-  group: "${{ github.workflow }}-${{ github.ref }}"
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-  pull-requests: write
-  issues: write
-
-jobs:
-  check-changelog:
-    name: Check for changelog
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-          persist-credentials: false
-          sparse-checkout: .
-
-      - name: Check for changelog entry
-        id: check_files
-        run: |
-          git fetch origin ${GITHUB_BASE_REF}
-
-          # Check for Added (A) or Modified (M) files in changelog.d
-          CHANGELOG_CHANGES=$(git diff --name-status origin/${GITHUB_BASE_REF} HEAD -- changelog.d/)
-
-          SRC_CHANGES=$(git diff --name-status origin/${GITHUB_BASE_REF} HEAD -- src/)
-
-          echo "Changes in changelog.d/:"
-          echo "$CHANGELOG_CHANGES"
-          echo "Changes in src/:"
-          echo "$SRC_CHANGES"
-
-          if echo "$CHANGELOG_CHANGES" | grep -q "^[AM]"; then
-            echo "has_changelog=true" >> $GITHUB_OUTPUT
-          else
-            echo "has_changelog=false" >> $GITHUB_OUTPUT
-          fi
-
-          if [ -n "$SRC_CHANGES" ]; then
-            echo "src_changed=true" >> $GITHUB_OUTPUT
-          else
-            echo "src_changed=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Manage PR Comment
-        uses: https://github.com/actions/github-script@v8
-        env:
-          HAS_CHANGELOG: ${{ steps.check_files.outputs.has_changelog }}
-          SRC_CHANGED: ${{ steps.check_files.outputs.src_changed }}
-        with:
-          script: |
-            const hasChangelog = process.env.HAS_CHANGELOG === 'true';
-            const srcChanged = process.env.SRC_CHANGED === 'true';
-            const commentSignature = '<!-- changelog-check-action -->';
-            const commentBody = `${commentSignature}\nPlease add a changelog fragment to \`changelog.d/\` describing your changes.`;
-
-            const { data: currentUser } = await github.rest.users.getAuthenticated();
-
-            const { data: comments } = await github.rest.issues.listComments({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.issue.number,
-            });
-
-            const botComment = comments.find(comment =>
-              comment.user.id === currentUser.id &&
-              comment.body.includes(commentSignature)
-            );
-
-            const shouldWarn = srcChanged && !hasChangelog;
-
-            if (!shouldWarn) {
-              if (botComment) {
-                console.log('Changelog found or not required. Deleting existing warning comment.');
-                await github.rest.issues.deleteComment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  comment_id: botComment.id,
-                });
-              }
-            } else {
-              if (!botComment) {
-                console.log('Changelog missing and required. Creating warning comment.');
-                await github.rest.issues.createComment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: context.issue.number,
-                  body: commentBody,
-                });
-              }
-            }
@@ -59,7 +59,7 @@ jobs:
          registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
      - name: Build and push Docker image by digest
        id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: "docker/Dockerfile"
@@ -146,7 +146,7 @@ jobs:
          registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
      - name: Build and push max-perf Docker image by digest
        id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: "docker/Dockerfile"
@@ -43,7 +43,7 @@ jobs:
    name: Renovate
    runs-on: ubuntu-latest
    container:
-      image: ghcr.io/renovatebot/renovate:43.59.4@sha256:f951508dea1e7d71cbe6deca298ab0a05488e7631229304813f630cc06010892
+      image: ghcr.io/renovatebot/renovate:42.70.2@sha256:3c2ac1b94fa92ef2fa4d1a0493f2c3ba564454720a32fdbcac2db2846ff1ee47
      options: --tmpfs /tmp:exec
    steps:
      - name: Checkout
@@ -16,19 +16,48 @@ jobs:
    steps:
      - uses: actions/checkout@v6
        with:
+          fetch-depth: 0
+          fetch-tags: false
+          fetch-single-branch: true
+          submodules: false
          persist-credentials: true
          token: ${{ secrets.FORGEJO_TOKEN }}

-      - name: Install Lix
-        uses: https://github.com/samueldr/lix-gha-installer-action@f5e94192f565f53d84f41a056956dc0d3183b343
+      - uses: https://github.com/cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
        with:
-          extra_nix_config: experimental-features = nix-command flakes flake-self-attrs
+          nix_path: nixpkgs=channel:nixos-unstable
+
+        # We can skip getting a toolchain hash if this was ran as a dispatch with the intent
+        # to update just the rocksdb hash. If this was ran as a dispatch and the toolchain
+        # files are changed, we still update them, as well as the rocksdb import.
+      - name: Detect changed files
+        id: changes
+        run: |
+          git fetch origin ${{ github.base_ref }} --depth=1 || true
+          if [ -n "${{ github.event.pull_request.base.sha }}" ]; then
+            base=${{ github.event.pull_request.base.sha }}
+          else
+            base=$(git rev-parse HEAD~1)
+          fi
+          echo "Base: $base"
+          echo "HEAD: $(git rev-parse HEAD)"
+          git diff --name-only $base HEAD > changed_files.txt
+          echo "detected changes in $(cat changed_files.txt)"
+          # Join files with commas
+          files=$(paste -sd, changed_files.txt)
+          echo "files=$files" >> $FORGEJO_OUTPUT
+
+      - name: Debug output
+        run: |
+          echo "State of output"
+          echo "Changed files: ${{ steps.changes.outputs.files }}"

      - name: Get new toolchain hash
+        if: contains(steps.changes.outputs.files, 'Cargo.toml') || contains(steps.changes.outputs.files, 'Cargo.lock') || contains(steps.changes.outputs.files, 'rust-toolchain.toml')
        run: |
          # Set the current sha256 to an empty hash to make `nix build` calculate a new one
-          awk '/fromToolchainFile *\{/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = lib.fakeSha256;"); found=0} 1' nix/rust.nix > temp.nix
-          mv temp.nix nix/rust.nix
+          awk '/fromToolchainFile *\{/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = lib.fakeSha256;"); found=0} 1' nix/packages/rust.nix > temp.nix
+          mv temp.nix nix/packages/rust.nix

          # Build continuwuity and filter for the new hash
          # We do `|| true` because we want this to fail without stopping the workflow
@@ -36,17 +65,36 @@ jobs:

          # Place the new hash in place of the empty hash
          new_hash=$(cat new_toolchain_hash.txt)
-          sed -i "s|lib.fakeSha256|\"$new_hash\"|" nix/rust.nix
+          sed -i "s|lib.fakeSha256|\"$new_hash\"|" nix/packages/rust.nix

          echo "New hash:"
-          awk -F'"' '/fromToolchainFile/{found=1; next} found && /sha256 =/{print $2; found=0}' nix/rust.nix
+          awk -F'"' '/fromToolchainFile/{found=1; next} found && /sha256 =/{print $2; found=0}' nix/packages/rust.nix
          echo "Expected new hash:"
          cat new_toolchain_hash.txt

          rm new_toolchain_hash.txt

-      - name: Update rocksdb
-        run: nix run .#update-rocksdb
+      - name: Get new rocksdb hash
+        if: contains(steps.changes.outputs.files, '.nix') || contains(steps.changes.outputs.files, 'flake.lock')
+        run: |
+          # Set the current sha256 to an empty hash to make `nix build` calculate a new one
+          awk '/repo = "rocksdb";/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = lib.fakeSha256;"); found=0} 1' nix/packages/rocksdb/package.nix > temp.nix
+          mv temp.nix nix/packages/rocksdb/package.nix
+
+          # Build continuwuity and filter for the new hash
+          # We do `|| true` because we want this to fail without stopping the workflow
+          nix build .#default 2>&1 | tee >(grep 'got:' | awk '{print $2}' > new_rocksdb_hash.txt) || true
+
+          # Place the new hash in place of the empty hash
+          new_hash=$(cat new_rocksdb_hash.txt)
+          sed -i "s|lib.fakeSha256|\"$new_hash\"|" nix/packages/rocksdb/package.nix
+
+          echo "New hash:"
+          awk -F'"' '/repo = "rocksdb";/{found=1; next} found && /sha256 =/{print $2; found=0}' nix/packages/rocksdb/package.nix
+          echo "Expected new hash:"
+          cat new_rocksdb_hash.txt
+
+          rm new_rocksdb_hash.txt

      - name: Show diff
        run: git diff flake.nix nix
@@ -1,4 +1,4 @@
 github: [JadedBlueEyes, nexy7574, gingershaped]
 custom:
-  - https://timedout.uk/donate.html
-  - https://jade.ellis.link/sponsors
+  - https://ko-fi.com/nexy7574
+  - https://ko-fi.com/JadedBlueEyes
@@ -24,7 +24,7 @@ repos:
        - id: check-added-large-files

  - repo: https://github.com/crate-ci/typos
-    rev: v1.45.0
+    rev: v1.44.0
    hooks:
      - id: typos
      - id: typos
@@ -1 +1,131 @@
-Contributors are expected to follow the [Continuwuity Community Guidelines](continuwuity.org/community/guidelines).
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement over Matrix at [#continuwuity:continuwuity.org](https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) or email at <tom@tcpip.uk>, <jade@continuwuity.org> and <nex@continuwuity.org> respectively.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
@@ -22,21 +22,25 @@ Continuwuity uses pre-commit hooks to enforce various coding standards and catch
 - Validating YAML, JSON, and TOML files
 - Checking for merge conflicts

-You can run these checks locally by installing [prek](https://github.com/j178/prek):
+You can run these checks locally by installing [prefligit](https://github.com/j178/prefligit):


 ```bash
-# Install prek using cargo-binstall
-cargo binstall prek
+# Requires UV: https://docs.astral.sh/uv/getting-started/installation/
+# Mac/linux: curl -LsSf https://astral.sh/uv/install.sh | sh
+# Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
+
+# Install prefligit using cargo-binstall
+cargo binstall prefligit

 # Install git hooks to run checks automatically
-prek install
+prefligit install

 # Run all checks
-prek --all-files
+prefligit --all-files
 ```

-Alternatively, you can use [pre-commit][pre-commit]:
+Alternatively, you can use [pre-commit](https://pre-commit.com/):
 ```bash
 # Requires python

@@ -50,9 +54,7 @@ pre-commit install
 pre-commit run --all-files
 ```

-These same checks are run in CI via the prek-checks workflow to ensure consistency. These must pass before the PR is merged.
-
-[pre-commit]: https://pre-commit.com/
+These same checks are run in CI via the prefligit-checks workflow to ensure consistency. These must pass before the PR is merged.

 ### Running tests locally

@@ -111,7 +113,7 @@ Alternatively, you can build the documentation using `npm run docs:build` - the

 ### Commit Messages

-Continuwuity follows the [Conventional Commits][conventional-commits] specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
+Continuwuity follows the [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.

 The basic structure is:

@@ -170,7 +172,6 @@ Contribution by users who violate either of these code of conducts may not have
 their contributions accepted. This includes users who have been banned from
 continuwuity Matrix rooms for Code of Conduct violations.

-[conventional-commits]: https://www.conventionalcommits.org/
 [issues]: https://forgejo.ellis.link/continuwuation/continuwuity/issues
 [continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
 [complement]: https://github.com/matrix-org/complement/
@@ -178,32 +179,3 @@ continuwuity Matrix rooms for Code of Conduct violations.
 [nodejs-download]: https://nodejs.org/en/download
 [rspress]: https://rspress.rs/
 [documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
-
-#### Writing news fragments
-
-In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
-"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
-
-When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
-describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
-of the following:
-
- `feature` - for new features
- `bugfix` - for bug fixes
- `doc` - for documentation changes
- `misc` - for other changes that don't fit the above categories
-
-For example:
-
-```bash
-$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
-```
-
-(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
-
-When the next release is made, Towncrier will automatically include your news fragment in the changelog.
-
-You can read more about writing news fragments in the [Towncrier tutorial][tt].
-
-[Towncrier]: https://towncrier.readthedocs.io/
-[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
@@ -12,7 +12,7 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-version = "0.5.7-alpha.1"
+version = "0.5.6"

 [workspace.metadata.crane]
 name = "conduwuit"
@@ -99,7 +99,7 @@ features = [
 [workspace.dependencies.axum-extra]
 version = "0.12.0"
 default-features = false
-features = ["typed-header", "tracing", "cookie"]
+features = ["typed-header", "tracing"]

 [workspace.dependencies.axum-server]
 version = "0.7.2"
@@ -159,7 +159,7 @@ features = ["raw_value"]

 # Used for appservice registration files
 [workspace.dependencies.serde-saphyr]
-version = "0.0.21"
+version = "0.0.19"

 # Used to load forbidden room/user regex from config
 [workspace.dependencies.serde_regex]
@@ -278,7 +278,7 @@ features = [
 ]

 [workspace.dependencies.hyper-util]
-version = "=0.1.20"
+version = "=0.1.17"
 default-features = false
 features = [
    "server-auto",
@@ -332,7 +332,7 @@ version = "0.4.0"

 # used for MPMC channels
 [workspace.dependencies.async-channel]
-version = "2.5.0"
+version = "2.3.1"

 [workspace.dependencies.async-trait]
 version = "0.1.88"
@@ -344,7 +344,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
 #branch = "conduwuit-changes"
-rev = "1415caf8a32af4d943580c5ea4e12be1974593c2"
+rev = "bb12ed288a31a23aa11b10ba0fad22b7f985eb88"
 features = [
    "compat",
    "rand",
@@ -383,13 +383,12 @@ features = [
    "unstable-pdu",
    "unstable-msc4155",
    "unstable-msc4143", # livekit well_known response
-    "unstable-msc4284",
-    "unstable-msc4439", # pgp_key in .well_known/matrix/support
+    "unstable-msc4284"
 ]

 [workspace.dependencies.rust-rocksdb]
 git = "https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1"
-rev = "31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9"
+rev = "61d9d23872197e9ace4a477f2617d5c9f50ecb23"
 default-features = false
 features = [
    "multi-threaded-cf",
@@ -452,7 +451,7 @@ version = "0.46.0"
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
-rev = "df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
+rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = [
    "background_threads_runtime_support",
@@ -460,7 +459,7 @@ features = [
 ]
 [workspace.dependencies.tikv-jemallocator]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
-rev = "df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
+rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = [
    "background_threads_runtime_support",
@@ -468,7 +467,7 @@ features = [
 ]
 [workspace.dependencies.tikv-jemalloc-ctl]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
-rev = "df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
+rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = ["use_std"]

@@ -494,7 +493,7 @@ features = [
 ]

 [workspace.dependencies.rustyline-async]
-version = "0.4.9"
+version = "0.4.3"
 default-features = false

 [workspace.dependencies.termimad]
@@ -527,7 +526,7 @@ version = "0.4.13"
 version = "2.0"

 [workspace.dependencies.core_affinity]
-version = "0.8.3"
+version = "0.8.1"

 [workspace.dependencies.libc]
 version = "0.2"
@@ -551,25 +550,15 @@ version = "0.12.0"
 default-features = false
 features = ["sync", "tls-rustls", "rustls-provider"]

+[workspace.dependencies.resolv-conf]
+version = "0.7.5"
+
 [workspace.dependencies.yansi]
 version = "1.0.1"

 [workspace.dependencies.askama]
 version = "0.15.0"

-[workspace.dependencies.lettre]
-version = "0.11.19"
-default-features = false
-features = ["smtp-transport", "pool", "hostname", "builder", "rustls", "rustls-native-certs", "tokio1", "ring", "tokio1-rustls", "tracing", "serde"]
-
-[workspace.dependencies.governor]
-version = "0.10.4"
-default-features = false
-features = ["std"]
-
-[workspace.dependencies.nonzero_ext]
-version = "0.3.0"
-
 #
 # Patches
 #
@@ -582,25 +571,25 @@ version = "0.3.0"
 # adds event for CTRL+\: https://forgejo.ellis.link/continuwuation/rustyline-async/src/branch/main/.patchy/0001-add-event-for-ctrl.patch
 [patch.crates-io.rustyline-async]
 git = "https://forgejo.ellis.link/continuwuation/rustyline-async"
-rev = "b13aca2cc08d5f78303746cd192d9a03d73e768e"
+rev = "e9f01cf8c6605483cb80b3b0309b400940493d7f"

 # adds LIFO queue scheduling; this should be updated with PR progress.
 [patch.crates-io.event-listener]
 git = "https://forgejo.ellis.link/continuwuation/event-listener"
-rev = "b2c19bcaf5a0a69c38c034e417bda04a9b991529"
+rev = "fe4aebeeaae435af60087ddd56b573a2e0be671d"
 [patch.crates-io.async-channel]
 git = "https://forgejo.ellis.link/continuwuation/async-channel"
-rev = "e990f0006b68dc9bace7a3c95fc90b5c4e44948d"
+rev = "92e5e74063bf2a3b10414bcc8a0d68b235644280"

 # adds affinity masks for selecting more than one core at a time
 [patch.crates-io.core_affinity]
 git = "https://forgejo.ellis.link/continuwuation/core_affinity_rs"
-rev = "7c7a9dea35382743a63837cdd1d977efdb8f1b8a"
+rev = "9c8e51510c35077df888ee72a36b4b05637147da"

 # reverts hyperium#148 conflicting with our delicate federation resolver hooks
 [patch.crates-io.hyper-util]
 git = "https://forgejo.ellis.link/continuwuation/hyper-util"
-rev = "09fcd3bf4656c81a8ad573bee410ab2b57f60b86"
+rev = "5886d5292bf704c246206ad72d010d674a7b77d0"

 #
 # Our crates
@@ -930,6 +919,7 @@ fn_to_numeric_cast_any = "warn"
 format_push_string = "warn"
 get_unwrap = "warn"
 impl_trait_in_params = "warn"
+let_underscore_untyped = "warn"
 lossy_float_literal = "warn"
 mem_forget = "warn"
 missing_assert_message = "warn"
@@ -979,6 +969,3 @@ needless_raw_string_hashes = "allow"

 # TODO: Enable this lint & fix all instances
 collapsible_if = "allow"
-
-# TODO: break these apart
-cognitive_complexity = "allow"
@@ -1,3 +1,4 @@
+
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
@@ -186,7 +187,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

-   Copyright 2023 Continuwuity Team and contributors
+   Copyright 2023 June

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@@ -0,0 +1,23 @@
+[book]
+title = "continuwuity"
+description = "continuwuity is a community continuation of the conduwuit Matrix homeserver, written in Rust."
+language = "en"
+authors = ["The continuwuity Community"]
+text-direction = "ltr"
+src = "docs"
+
+[build]
+build-dir = "public"
+create-missing = true
+extra-watch-dirs = ["debian", "docs"]
+
+[rust]
+edition = "2024"
+
+[output.html]
+edit-url-template = "https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/{path}"
+git-repository-url = "https://forgejo.ellis.link/continuwuation/continuwuity"
+git-repository-icon = "fa-git-alt"
+
+[output.html.search]
+limit-results = 15
@@ -1 +0,0 @@
-Added support for associating email addresses with accounts, requiring email addresses for registration, and resetting passwords via email. Contributed by @ginger
@@ -1 +0,0 @@
-Added support for using an admin command to issue self-service password reset links.
@@ -1 +0,0 @@
-Added support for requiring users to accept terms and conditions when registering.
@@ -1 +0,0 @@
-Fixed room alias deletion so removing one local alias no longer removes other aliases from room alias listings.
@@ -1 +0,0 @@
-Fixed corrupted appservice registrations causing the server to enter a crash loop. Contributed by @nex.
@@ -1 +0,0 @@
-Added Testing and Troubleshooting instructions for Livekit documentation. Contributed by @stratself.
@@ -1 +0,0 @@
-Add new config option to allow or disallow search engine indexing through a `<meta ../>` tag. Defaults to blocking indexing (`content="noindex"`). Contributed by @s1lv3r and @ginger.
@@ -1 +0,0 @@
-Stripped `join_authorised_via_users_server` from json if user is already in room (@partha:cxy.run)
@@ -1 +0,0 @@
-Fixed internal server errors for fetching thumbnails. Contributed by @PerformativeJade
@@ -1 +0,0 @@
-Fixed error 500 when joining non-existent rooms. Contributed by @ezera.
@@ -1 +0,0 @@
-Refactored nix package. Breaking, since `all-features` package no longer exists. Continuwuity is now built with jemalloc and liburing by default. Contributed by @Henry-Hiles (QuadRadical).
@@ -1,2 +0,0 @@
-Add new config option for [MSC4439](https://github.com/matrix-org/matrix-spec-proposals/pull/4439)
-PGP key URIs. Contributed by LogN.
@@ -1 +0,0 @@
-Added `!admin users reset-push-rules` command to reset the notification settings of users. Contributed by @nex.
@@ -1 +0,0 @@
-Notification pushers are now automatically removed when their associated device is. Admin commands now exist for manual cleanup too. Contributed by @nex.
@@ -1 +0,0 @@
-Fixed resolving IP of servers that only use SRV delegation. Contributed by @tulir.
@@ -1 +0,0 @@
-Fixed compiler warning in cf_opts.rs when building in release. Contributed by @ezera.
@@ -1 +0,0 @@
-Fixed "Sender must be a local user" error for make_join, make_knock, and make_leave federation routes. Contributed by @nex.
@@ -1 +0,0 @@
-Added admin commands to get build information and features. Contributed by @Jade
@@ -1 +0,0 @@
-Fixed restricted joins not being signed when we are being used as an authorising server. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat).
@@ -25,10 +25,6 @@
 #
 # Also see the `[global.well_known]` config section at the very bottom.
 #
-# If `client` is not set under `[global.well_known]`, the server name will
-# be used as the base domain for user-facing links (such as password
-# reset links) created by Continuwuity.
-#
 # Examples of delegation:
 # - https://continuwuity.org/.well-known/matrix/server
 # - https://continuwuity.org/.well-known/matrix/client
@@ -95,10 +91,6 @@
 # engine API. To use this, set a database backup path that continuwuity
 # can write to.
 #
-# If you are using systemd, you will need to add the path to
-# ReadWritePaths in the service file, preferably via a drop-in file
-# through `systemctl edit`.
-#
 # For more information, see:
 # https://continuwuity.org/maintenance.html#backups
 #
@@ -523,18 +515,6 @@
 #
 #recaptcha_private_site_key =

-# Policy documents, such as terms and conditions or a privacy policy,
-# which users must agree to when registering an account.
-#
-# Example:
-# ```ignore
-# [global.registration_terms.privacy_policy]
-# en = { name = "Privacy Policy", url = "https://homeserver.example/en/privacy_policy.html" }
-# es = { name = "Política de Privacidad", url = "https://homeserver.example/es/privacy_policy.html" }
-# ```
-#
-#registration_terms = {}
-
 # Controls whether encrypted rooms and events are allowed.
 #
 #allow_encryption = true
@@ -1525,11 +1505,6 @@
 #
 #url_preview_user_agent = "continuwuity/<version> (bot; +https://continuwuity.org)"

-# Determines whether audio and video files will be downloaded for URL
-# previews.
-#
-#url_preview_allow_audio_video = false
-
 # List of forbidden room aliases and room IDs as strings of regex
 # patterns.
 #
@@ -1815,11 +1790,6 @@
 #
 #config_reload_signal = true

-# Allow search engines and crawlers to index Continuwuity's built-in
-# webpages served under the `/_continuwuity/` prefix.
-#
-#allow_web_indexing = false
-
 [global.tls]

 # Path to a valid TLS certificate file.
@@ -1881,11 +1851,6 @@
 #
 #support_mxid =

-# PGP key URI for server support contacts, to be served as part of the
-# MSC1929 server support endpoint.
-#
-#support_pgp_key =
-
 # **DEPRECATED**: Use `[global.matrix_rtc].foci` instead.
 #
 # A list of MatrixRTC foci URLs which will be served as part of the
@@ -2058,41 +2023,3 @@
 # web->synapseHTTPAntispam->authorization
 #
 #secret =
-
-#[global.smtp]
-
-# A `smtp://`` URI which will be used to connect to a mail server.
-# Uncommenting the [global.smtp] group and setting this option enables
-# features which depend on the ability to send email,
-# such as self-service password resets.
-#
-# For most modern mail servers, format the URI like this:
-# 	`smtps://username:password@hostname:port`
-# Note that you will need to URL-encode the username and password. If your
-# username _is_ your email address, you will need to replace the `@` with
-# `%40`.
-#
-# For a guide on the accepted URI syntax, consult Lettre's documentation:
-# https://docs.rs/lettre/latest/lettre/transport/smtp/struct.AsyncSmtpTransport.html#method.from_url
-#
-#connection_uri =
-
-# The outgoing address which will be used for sending emails.
-#
-# For a syntax guide, see https://datatracker.ietf.org/doc/html/rfc2822#section-3.4
-#
-# ...or if you don't want to read the RFC, for some reason:
-# - `Name <address@domain.org>` to specify a sender name
-# - `address@domain.org` to not use a name
-#
-#sender =
-
-# Whether to require that users provide an email address when they
-# register.
-#
-#require_email_for_registration = false
-
-# Whether to require that users who register with a registration token
-# provide an email address.
-#
-#require_email_for_token_registration = false
@@ -10,18 +10,18 @@ RUN rm -f /etc/apt/apt.conf.d/docker-clean

 # Match Rustc version as close as possible
 # rustc -vV
-ARG LLVM_VERSION=21
+ARG LLVM_VERSION=20
 # ENV RUSTUP_TOOLCHAIN=${RUST_VERSION}

 # Install repo tools
 # Line one: compiler tools
-# Line two: curl, for downloading binaries and wget because llvm.sh is broken with curl
+# Line two: curl, for downloading binaries
 # Line three: for xx-verify
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
    apt-get update && apt-get install -y \
    pkg-config make jq \
-    wget curl git software-properties-common \
+    curl git software-properties-common \
    file

 # LLVM packages
@@ -48,7 +48,7 @@ EOF

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.17.8
+ENV BINSTALL_VERSION=1.17.6
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.17.8
+ENV BINSTALL_VERSION=1.17.6
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
@@ -69,11 +69,6 @@
        "label": "Configuration Reference",
        "name": "/reference/config"
    },
-    {
-        "type": "file",
-        "label": "Environment Variables",
-        "name": "/reference/environment-variables"
-    },
    {
        "type": "dir",
        "label": "Admin Command Reference",
@@ -109,6 +109,9 @@ Restart Continuwuity and your reverse proxy. Once that's done, visit these route
 {
  "m.homeserver": {
    "base_url": "https://matrix.example.com/"
+  },
+  "org.matrix.msc3575.proxy": {
+    "url": "https://matrix.example.com/"
  }
 }
 ```
@@ -10,4 +10,4 @@ Both types of calls are supported by different sets of clients, but most clients
 For either one to work correctly, you have to do some additional setup.

 - For legacy calls to work, you need to set up a TURN/STUN server. [Read the TURN guide for tips on how to set up coturn](./calls/turn.mdx)
- For MatrixRTC / Element Call to work, you have to set up the LiveKit backend (foci). LiveKit also uses TURN/STUN to increase reliability - you can set up its built-in TURN server, or integrate with an existing one. [Read the LiveKit guide](./calls/livekit.mdx)
+- For MatrixRTC / Element Call to work, you have to set up the LiveKit backend (foci). LiveKit also uses TURN/STUN to increase reliability, so you might want to configure your TURN server first. [Read the LiveKit guide](./calls/livekit.mdx)
@@ -4,10 +4,6 @@
 This guide assumes that you are using docker compose for deployment. LiveKit only provides Docker images.
 :::

-:::tip
-You can find help setting up MatrixRTC in our dedicated room - [#matrixrtc:continuwuity.org](https://matrix.to/#/%23matrixrtc%3Acontinuwuity.org)
-:::
-
 ## Instructions

 ### 1. Domain
@@ -18,21 +14,17 @@ Make sure the DNS record for the (sub)domain you plan to use is pointed to your

 ### 2. Services

-Using LiveKit with Matrix requires two services - LiveKit itself, and a service (`lk-jwt-service`) that grants Matrix users permission to connect to it.
+Using LiveKit with Matrix requires two services - Livekit itself, and a service (`lk-jwt-service`) that grants Matrix users permission to connect to it.

 You must generate a key and secret to allow the Matrix service to authenticate with LiveKit. `LK_MATRIX_KEY` should be around 20 random characters, and `LK_MATRIX_SECRET` should be around 64. Remember to replace these with the actual values!

 :::tip Generating the secrets
 LiveKit provides a utility to generate secure random keys
 ```bash
-~$ docker run --rm livekit/livekit-server:latest generate-keys
-API Key:  APIUxUnMnSkuFWV
-API Secret:  t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
+docker run --rm livekit/livekit-server:latest generate-keys
 ```
 :::

-Create a `docker-compose.yml` file as following:
-
 ```yaml
 services:
  lk-jwt-service:
@@ -40,11 +32,10 @@ services:
    container_name: lk-jwt-service
    environment:
      - LIVEKIT_JWT_BIND=:8081
-      - LIVEKIT_URL=wss://livekit.example.com # your LiveKit domain
-      - LIVEKIT_FULL_ACCESS_HOMESERVERS=example.com # your server_name
-      # Replace these with the generated values as above
-      - LIVEKIT_KEY=LK_MATRIX_KEY # APIUxUnMnSkuFWV
-      - LIVEKIT_SECRET=LK_MATRIX_SECRET # t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
+      - LIVEKIT_URL=wss://livekit.example.com
+      - LIVEKIT_KEY=LK_MATRIX_KEY
+      - LIVEKIT_SECRET=LK_MATRIX_SECRET
+      - LIVEKIT_FULL_ACCESS_HOMESERVERS=example.com
    restart: unless-stopped
    ports:
      - "8081:8081"
@@ -79,8 +70,6 @@ rtc:
  enable_loopback_candidate: false
 keys:
  LK_MATRIX_KEY: LK_MATRIX_SECRET
-  # replace these with your key-secret pair. Example:
-  # APIUxUnMnSkuFWV: t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
 ```

 #### Firewall hints
@@ -106,7 +95,7 @@ Remember to replace the URL with the address you are deploying your instance of

 Reverse proxies can be configured in many different ways - so we can't provide a step by step for this.

-All paths should be forwarded to LiveKit by default, with the exception of the following path prefixes, which should be forwarded to the JWT/Authentication service:
+By default, all routes should be forwarded to Livekit with the exception of the following path prefixes, which should be forwarded to the JWT/Authentication service:

 - `/sfu/get`
 - `/healthz`
@@ -115,7 +104,7 @@ All paths should be forwarded to LiveKit by default, with the exception of the f
 <details>
    <summary>Example caddy config</summary>
    ```
-    livekit.example.com {
+    matrix-rtc.example.com {

        # for lk-jwt-service
        @lk-jwt-service path /sfu/get* /healthz* /get_token*
@@ -133,7 +122,7 @@ All paths should be forwarded to LiveKit by default, with the exception of the f
    <summary>Example nginx config</summary>
    ```
    server {
-        server_name livekit.example.com;
+        server_name matrix-rtc.example.com;

        # for lk-jwt-service
        location ~ ^/(sfu/get|healthz|get_token) {
@@ -144,7 +133,7 @@ All paths should be forwarded to LiveKit by default, with the exception of the f
            proxy_buffering off;
        }

-        # for LiveKit
+        # for livekit
        location / {
            proxy_pass http://127.0.0.1:7880$request_uri;
            proxy_set_header X-Forwarded-For $remote_addr;
@@ -184,11 +173,44 @@ All paths should be forwarded to LiveKit by default, with the exception of the f

 Start up the services using your usual method - for example `docker compose up -d`.

-## Additional TURN configuration
+## Additional Configuration

-### Using LiveKit's built-in TURN server
+### TURN Integration

-LiveKit includes a built-in TURN server which can be used in place of an external option. This TURN server will only work with LiveKit, so you can't use it for legacy Matrix calling or anything else.
+If you've already set up coturn, there may be a port clash between the two services. To fix this, make sure the `min-port` and `max-port` for coturn so it doesn't overlap with LiveKit's range:
+
+```ini
+min-port=50201
+max-port=65535
+```
+
+To improve LiveKit's reliability, you can configure it to use your coturn server.
+
+Generate a long random secret for LiveKit, and add it to your coturn config under the `static-auth-secret` option. You can add as many secrets as you want - so set a different one for each thing using your TURN server.
+
+Then configure livekit, making sure to replace `COTURN_SECRET`:
+
+```yaml
+# livekit.yaml
+rtc:
+  turn_servers:
+    - host: coturn.ellis.link
+      port: 3478
+      protocol: tcp
+      secret: "COTURN_SECRET"
+    - host: coturn.ellis.link
+      port: 5349
+      protocol: tls # Only if you've set up TLS in your coturn
+      secret: "COTURN_SECRET"
+    - host: coturn.ellis.link
+      port: 3478
+      protocol: udp
+      secret: "COTURN_SECRET"
+```
+
+## LiveKit's built in TURN server
+
+Livekit includes a built in TURN server which can be used in place of an external option. This TURN server will only work with Livekit, so you can't use it for legacy Matrix calling - or anything else.

 If you don't want to set up a separate TURN server, you can enable this with the following changes:

@@ -199,175 +221,20 @@ turn:
  udp_port: 3478
  relay_range_start: 50300
  relay_range_end: 50400
-  domain: livekit.example.com
+  domain: matrix-rtc.example.com
 ```

 ```yaml
-### add these to livekit's docker-compose ###
-ports:
-  - "3478:3478/udp"
-  - "50300-50400:50300-50400/udp"
-### if you're using `network_mode: host`, you can skip this part
+### Add these to docker-compose ###
+- "3478:3478/udp"
+- "50300-50400:50300-50400/udp"
 ```

-Recreate the LiveKit container (with `docker-compose up -d livekit`) to apply these changes. Remember to allow the new `3478/udp` and `50100:50200/udp` ports through your firewall.
+### Related Documentation

-### Integration with an external TURN server
-
-If you've already [set up coturn](./turn), you can configure Livekit to use it.
-
-:::tip Avoid port clashes between the two services
-
-Before continuing, make sure coturn's `min-port` and `max-port` do not overlap with LiveKit's port range:
-
-```ini
-# in your coturn.conf
-min-port=50201
-max-port=65535
-```
-:::
-
-Generate a long random secret for LiveKit, and add it to your coturn config under the `static-auth-secret` option. You can add as many secrets as you want, so set a different one for LiveKit to use.
-
-Then configure LiveKit, making sure to replace `COTURN_SECRET` with the one you generated:
-
-```yaml
-# livekit.yaml
-rtc:
-  turn_servers:
-    - host: coturn.example.com
-      port: 3478
-      protocol: udp
-      secret: "COTURN_SECRET"
-    - host: coturn.example.com
-      port: 3478
-      protocol: tcp
-      secret: "COTURN_SECRET"
-    - host: coturn.example.com
-      port: 5349
-      protocol: tls # Only if you have already set up TLS in your coturn
-      secret: "COTURN_SECRET"
-```
-
-Restart LiveKit and coturn to apply these changes.
-
-## Testing
-
-To test that LiveKit is successfully integrated with Continuwuity, you will need to replicate its [Token Exchange Flow](https://github.com/element-hq/lk-jwt-service#%EF%B8%8F-how-it-works--token-exchange-flow).
-
-First, you will need an access token for your current login session. These can be found in your client's settings or obtained via [this website](https://timedout.uk/mxtoken.html).
-
-Then, using that token, request another OpenID token for use with the lk-jwt-service:
-
-```bash
-~$ curl -X POST -H "Authorization: Bearer <session-access-token>" \
-  https://matrix.example.com/_matrix/client/v3/user/@user:example.com/openid/request_token
-{"access_token":"<openid_access_token>","token_type":"Bearer","matrix_server_name":"example.com","expires_in":3600}
-```
-
-Next, create a `payload.json` file with the following content:
-
-<details>
-
-<summary>`payload.json`</summary>
-
-```json
-{
-    "room_id": "abc",
-    "slot_id": "xyz",
-    "openid_token": {
-        "matrix_server_name": "example.com",
-        "access_token": "<openid_access_token>",
-        "token_type": "Bearer"
-    },
-    "member": {
-        "id": "xyz",
-        "claimed_device_id": "DEVICEID",
-        "claimed_user_id": "@user:example.com"
-    }
-}
-```
-
-Replace `matrix_server_name` and `claimed_user_id` with your information, and `<openid_access_token>` with the one you got from the previous step. Other values can be left as-is.
-
-</details>
-
-You can then send this payload to the lk-jwt-service:
-
-```bash
-~$ curl -X POST -d @payload.json https://livekit.example.com/get_token
-{"url":"wss://livekit.example.com","jwt":"a_really_really_long_string"}
-```
-
-The lk-jwt-service will, after checking against Continuwuity, answer with a `jwt` token to create a LiveKit media room. Use this token to test at the [LiveKit Connection Tester](https://livekit.io/connection-test). If everything works there, then you have set up LiveKit successfully!
-
-## Troubleshooting
-
-To debug any issues, you can place a call or redo the Testing instructions, and check the container logs for any specific errors. Use `docker-compose logs --follow` to follow them in real-time.
-
-### Common errors in Element Call UI
-
- `MISSING_MATRIX_RTC_FOCUS`: LiveKit is missing from Continuwuity's config file
- "Waiting for media" popup always showing: a LiveKit URL has been configured in Continuwuity, but your client cannot connect to it for some reason
-
-### Docker loopback networking issues
-
-Some distros do not allow Docker containers to connect to its host's public IP by default. This would cause `lk-jwt-service` to fail connecting to `livekit` or `continuwuity` on the same host. As a result, you would see connection refused/connection timeouts log entries in the JWT service, even when `LIVEKIT_URL` has been configured correctly.
-
-To alleviate this, you can try one of the following workarounds:
-
- Use `network_mode: host` for the `lk-jwt-service` container (instead of the default bridge networking).
-
- Add an `extra_hosts` file mapping livekit's (and continuwuity's) domain name to a localhost address:
-
-    ```diff
-    # in docker-compose.yaml
-    services:
-      lk-jwt-service:
-        ...
-    +    extra_hosts:
-    +     - "livekit.example.com:127.0.0.1"
-    +     - "matrix.example.com:127.0.0.1"
-    ```
-
- (**untested, use at your own risk**) Implement an iptables workaround as shown [here](https://forums.docker.com/t/unable-to-connect-to-host-service-from-inside-docker-container/145749/6).
-
-After implementing the changes and restarting your compose, you can test whether the connection works by cURLing from a sidecar container:
-
-```bash
-~$ docker run --rm --net container:lk-jwt-service docker.io/curlimages/curl https://livekit.example.com
-OK
-```
-
-### Workaround for non-federating servers
-
-When deploying on servers with federation disabled (`allow_federation = false`), LiveKit will fail as it can't fetch the required [OpenID endpoint](https://spec.matrix.org/v1.17/server-server-api/#get_matrixfederationv1openiduserinfo) via federation paths.
-
-As a workaround, you can enable federation, but forbid all remote servers via the following config parameters:
-
-```toml
-### in your continuwuity.toml file ###
-allow_federation = true
-forbidden_remote_server_names = [".*"]
-```
-
-Subscribe to issue [!1440](https://forgejo.ellis.link/continuwuation/continuwuity/issues/1440) for future updates on this matter.
-
-## Related Documentation
-
-Guides:
-
- [Element Call self-hosting documentation](https://github.com/element-hq/element-call/blob/livekit/docs/self-hosting.md)
- [Community guide with overview of LiveKit's mechanisms](https://tomfos.tr/matrix/livekit/)
- [Community guide using systemd](https://blog.kimiblock.top/2024/12/24/hosting-element-call/)
-
-Specifications:
-
- [MatrixRTC proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)
- [LiveKit proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4195)
-
-Source code:
-
- [Element Call](https://github.com/element-hq/element-call)
- [lk-jwt-service](https://github.com/element-hq/lk-jwt-service)
- [LiveKit server](https://github.com/livekit/livekit)
+- [LiveKit GitHub](https://github.com/livekit/livekit)
+- [LiveKit Connection Tester](https://livekit.io/connection-test) - use with the token returned by `/sfu/get` or `/get_token`
+- [MatrixRTC proposal](https://half-shot.github.io/msc-crafter/#msc/4143)
+- [Synapse documentation](https://github.com/element-hq/element-call/blob/livekit/docs/self-hosting.md)
+- [Community guide](https://tomfos.tr/matrix/livekit/)
+- [Community guide](https://blog.kimiblock.top/2024/12/24/hosting-element-call/)
@@ -1,12 +1,17 @@
 # Continuwuity Community Guidelines

-Welcome to the Continuwuity commuwunity! We're excited to have you here.
+Welcome to the Continuwuity commuwunity! We're excited to have you here. Continuwuity is a
+continuation of the conduwuit homeserver, which in turn is a hard-fork of the Conduit homeserver,
+aimed at making Matrix more accessible and inclusive for everyone.

-Our project aims to make Matrix more accessible and inclusive for everyone. To that end, we are dedicated to fostering a positive, supportive, safe and welcoming environment for our community.
+This space is dedicated to fostering a positive, supportive, and welcoming environment for everyone.
+These guidelines apply to all Continuwuity spaces, including our Matrix rooms and any other
+community channels that reference them. We've written these guidelines to help us all create an
+environment where everyone feels safe and respected.

-These guidelines apply to all Continuwuity spaces, including our Matrix rooms and code forge.
-
-Our community spaces are intended for individuals aged 16 or over, because we expect maturity and respect from our community members.
+For code and contribution guidelines, please refer to the
+[Contributor's Covenant](https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CODE_OF_CONDUCT.md).
+Below are additional guidelines specific to the Continuwuity community.

 ## Our Values and Expected Behaviors

@@ -24,21 +29,17 @@ all members to:

 3. **Communicate Clearly and Kindly**: Our community includes neurodivergent individuals and those
   who may not appreciate sarcasm or subtlety. Communicate clearly and kindly. Avoid ambiguity and
-   ensure your messages can be easily understood by all.
-
-4. **Be Considerate and Proactive**: Not everyone has the same time, resource and experience to spare.
-   Don't expect others to give up their time and labour for you; be thankful for what you have already been given.
-   Avoid placing the burden of education on
+   ensure your messages can be easily understood by all. Avoid placing the burden of education on
   marginalized groups; please make an effort to look into your questions before asking others for
   detailed explanations.

-5. **Be Engaged and Open-Minded**: Actively participate in making our community more inclusive.
+4. **Be Open to Improving Inclusivity**: Actively participate in making our community more inclusive.
   Report behaviour that contradicts these guidelines (see Reporting and Enforcement below) and be
   open to constructive feedback aimed at improving our community. Understand that discussing
   negative experiences can be emotionally taxing; focus on the message, not the tone.

-6. **Commit to Our Values**: Building an inclusive community requires ongoing effort from everyone.
-   Recognise that creating a welcoming and open community is a continuous process that needs commitment
+5. **Commit to Our Values**: Building an inclusive community requires ongoing effort from everyone.
+   Recognise that addressing bias and discrimination is a continuous process that needs commitment
   and action from all members.

 ## Unacceptable Behaviors
@@ -71,6 +72,36 @@ within the Continuwuity community:
 This is not an exhaustive list. Any behaviour that makes others feel unsafe or unwelcome may be
 subject to enforcement action.

+## Matrix Community
+
+These Community Guidelines apply to the entire
+[Continuwuity Matrix Space](https://matrix.to/#/#space:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) and its rooms, including:
+
+### [#continuwuity:continuwuity.org](https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org)
+
+This room is for support and discussions about Continuwuity. Ask questions, share insights, and help
+each other out while adhering to these guidelines.
+
+We ask that this room remain focused on the Continuwuity software specifically: the team are
+typically happy to engage in conversations about related subjects in the off-topic room.
+
+### [#offtopic:continuwuity.org](https://matrix.to/#/#offtopic:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org)
+
+For off-topic community conversations about any subject. While this room allows for a wide range of
+topics, the same guidelines apply. Please keep discussions respectful and inclusive, and avoid
+divisive or stressful subjects like specific country/world politics unless handled with exceptional
+care and respect for diverse viewpoints.
+
+General topics, such as world events, are welcome as long as they follow the guidelines. If a member
+of the team asks for the conversation to end, please respect their decision.
+
+### [#dev:continuwuity.org](https://matrix.to/#/#dev:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org)
+
+This room is dedicated to discussing active development of Continuwuity, including ongoing issues or
+code development. Collaboration here must follow these guidelines, and please consider raising
+[an issue](https://forgejo.ellis.link/continuwuation/continuwuity/issues) on the repository to help
+track progress.
+
 ## Reporting and Enforcement

 We take these Community Guidelines seriously to protect our community members. If you witness or
@@ -83,7 +114,6 @@ experience unacceptable behaviour, or have any other concerns, please report it.
  will immediately alert all available moderators.
 * **Direct Message:** If you're not comfortable raising the issue publicly, please send a direct
  message (DM) to one of the room moderators.
-* **Email**: Please email Jade and/or Nex at `jade@continuwuity.org` and `nex@continuwuity.org` respectively, or email `team@continuwuity.org`.

 Reports will be handled with discretion. We will investigate promptly and thoroughly.

@@ -0,0 +1 @@
+../CONTRIBUTING.md
@@ -6,9 +6,9 @@ services:
    ### then you are ready to go.
    image: forgejo.ellis.link/continuwuation/continuwuity:latest
    restart: unless-stopped
-    command: /sbin/conduwuit
    volumes:
      - db:/var/lib/continuwuity
+      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
      #- ./continuwuity.toml:/etc/continuwuity.toml
    networks:
      - proxy
@@ -23,7 +23,6 @@ services:
        ### then you are ready to go.
        image: forgejo.ellis.link/continuwuation/continuwuity:latest
        restart: unless-stopped
-        command: /sbin/conduwuit
        volumes:
            - db:/var/lib/continuwuity
            - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
@@ -6,7 +6,6 @@ services:
    ### then you are ready to go.
    image: forgejo.ellis.link/continuwuation/continuwuity:latest
    restart: unless-stopped
-    command: /sbin/conduwuit
    volumes:
      - db:/var/lib/continuwuity
      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
@@ -6,7 +6,6 @@ services:
        ### then you are ready to go.
        image: forgejo.ellis.link/continuwuation/continuwuity:latest
        restart: unless-stopped
-        command: /sbin/conduwuit
        ports:
            - 8448:6167
        volumes:
@@ -2,26 +2,28 @@

 ## Docker

-To run Continuwuity with Docker, you can either build the image yourself or pull
-it from a registry.
+To run Continuwuity with Docker, you can either build the image yourself or pull it
+from a registry.

 ### Use a registry

-Available OCI images:
+OCI images for Continuwuity are available in the registries listed below.

-| Registry         | Image                                                                                                                                                       | Notes                                                                        |
-| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:latest](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest)                 | Latest tagged image.                                                         |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:main](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main)                     | Main branch image.                                                           |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest-maxperf) | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
-| Forgejo Registry | [forgejo.ellis.link/continuwuation/continuwuity:main-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main-maxperf)     | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
+| Registry        | Image                                                           | Notes                  |
+| --------------- | --------------------------------------------------------------- | -----------------------|
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest)     | Latest tagged image.   |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main)       | Main branch image.     |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest-maxperf) | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main-maxperf)   | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |

-**Example:**
+Use

 ```bash
-docker image pull forgejo.ellis.link/continuwuation/continuwuity:main-maxperf
+docker image pull $LINK
 ```

+to pull it to your machine.
+
 #### Mirrors

 Images are mirrored to multiple locations automatically, on a schedule:
@@ -31,146 +33,39 @@ Images are mirrored to multiple locations automatically, on a schedule:
 - `registry.gitlab.com/continuwuity/continuwuity`
 - `git.nexy7574.co.uk/mirrored/continuwuity` (releases only, no `main`)

-### Quick Run
+### Run

-Get a working Continuwuity server with an admin user in four steps:
-
-#### Prerequisites
-
-Continuwuity requires HTTPS for Matrix federation. You'll need:
-
- A domain name pointing to your server
- A reverse proxy with SSL/TLS certificates (Traefik, Caddy, nginx, etc.)
-
-See [Docker Compose](#docker-compose) for complete examples.
-
-#### Environment Variables
-
- `CONTINUWUITY_SERVER_NAME` - Your Matrix server's domain name
- `CONTINUWUITY_DATABASE_PATH` - Where to store your database (must match the
-  volume mount)
- `CONTINUWUITY_ADDRESS` - Bind address (use `0.0.0.0` to listen on all
-  interfaces)
- `CONTINUWUITY_ALLOW_REGISTRATION` - Set to `false` to disable registration, or
-  use with `CONTINUWUITY_REGISTRATION_TOKEN` to require a token (see
-  [reference](../reference/environment-variables.mdx#registration--user-configuration)
-  for details)
-
-See the
-[Environment Variables Reference](../reference/environment-variables.mdx) for
-more configuration options.
-
-#### 1. Pull the image
+When you have the image, you can simply run it with

 ```bash
-docker pull forgejo.ellis.link/continuwuation/continuwuity:latest
+docker run -d -p 8448:6167 \
+    -v db:/var/lib/continuwuity/ \
+    -e CONTINUWUITY_SERVER_NAME="your.server.name" \
+    -e CONTINUWUITY_ALLOW_REGISTRATION=false \
+    --name continuwuity $LINK
 ```

-#### 2. Start the server with initial admin user
+or you can use [Docker Compose](#docker-compose).

-```bash
-docker run -d \
-  -p 6167:6167 \
-  -v continuwuity_db:/var/lib/continuwuity \
-  -e CONTINUWUITY_SERVER_NAME="matrix.example.com" \
-  -e CONTINUWUITY_DATABASE_PATH="/var/lib/continuwuity" \
-  -e CONTINUWUITY_ADDRESS="0.0.0.0" \
-  -e CONTINUWUITY_ALLOW_REGISTRATION="false" \
-  --name continuwuity \
-  forgejo.ellis.link/continuwuation/continuwuity:latest \
-  /sbin/conduwuit --execute "users create-user admin"
-```
+The `-d` flag lets the container run in detached mode. You may supply an
+optional `continuwuity.toml` config file, the example config can be found
+[here](../reference/config.mdx). You can pass in different env vars to
+change config values on the fly. You can even configure Continuwuity completely by
+using env vars. For an overview of possible values, please take a look at the
+<a href="/examples/docker-compose.yml" target="_blank">`docker-compose.yml`</a> file.

-Replace `matrix.example.com` with your actual server name and `admin` with
-your preferred username.
-
-#### 3. Get your admin password
-
-```bash
-docker logs continuwuity 2>&1 | grep "Created user"
-```
-
-You'll see output like:
-
-```
-Created user with user_id: @admin:matrix.example.com and password: `[auto-generated-password]`
-```
-
-#### 4. Configure your reverse proxy
-
-Configure your reverse proxy to forward HTTPS traffic to Continuwuity. See
-[Docker Compose](#docker-compose) for examples.
-
-Once configured, log in with any Matrix client using `@admin:matrix.example.com`
-and the generated password. You'll automatically be invited to the admin room
-where you can manage your server.
+If you just want to test Continuwuity for a short time, you can use the `--rm`
+flag, which cleans up everything related to your container after you stop
+it.

 ### Docker Compose

-Docker Compose is the recommended deployment method. These examples include
-reverse proxy configurations for Matrix federation.
+If the `docker run` command is not suitable for you or your setup, you can also use one
+of the provided `docker-compose` files.

-#### Matrix Federation Requirements
+Depending on your proxy setup, you can use one of the following files:

-For Matrix federation to work, you need to serve `.well-known/matrix/client` and
-`.well-known/matrix/server` endpoints. You can achieve this either by:
-
-1. **Using a well-known service** - The compose files below include an nginx
-   container to serve these files
-2. **Using Continuwuity's built-in delegation** (easier for Traefik) - Configure
-   delegation files in your config, then proxy `/.well-known/matrix/*` to
-   Continuwuity
-
-**Traefik example using built-in delegation:**
-
-```yaml
-labels:
-  traefik.http.routers.continuwuity.rule: >-
-    (Host(`matrix.example.com`) ||
-     (Host(`example.com`) && PathPrefix(`/.well-known/matrix`)))
-```
-
-This routes your Matrix domain and well-known paths to Continuwuity.
-
-#### Creating Your First Admin User
-
-Add the `--execute` command to create an admin user on first startup. In your
-compose file, add under the `continuwuity` service:
-
-```yaml
-services:
-    continuwuity:
-        image: forgejo.ellis.link/continuwuation/continuwuity:latest
-        command: /sbin/conduwuit --execute "users create-user admin"
-        # ... rest of configuration
-```
-
-Then retrieve the auto-generated password:
-
-```bash
-docker compose logs continuwuity | grep "Created user"
-```
-
-#### Choose Your Reverse Proxy
-
-Select the compose file that matches your setup:
-
-:::note DNS Performance
-Docker's default DNS resolver can cause performance issues with Matrix
-federation. If you experience slow federation or DNS timeouts, you may need to
-use your host's DNS resolver instead. Add this volume mount to the
-`continuwuity` service:
-
-```yaml
-volumes:
-  - /etc/resolv.conf:/etc/resolv.conf:ro
-```
-
-See [Troubleshooting - DNS Issues](../troubleshooting.mdx#potential-dns-issues-when-using-docker)
-for more details and alternative solutions.
-:::
-
-##### For existing Traefik setup
+### For existing Traefik setup

 <details>
 <summary>docker-compose.for-traefik.yml</summary>
@@ -181,7 +76,7 @@ for more details and alternative solutions.

 </details>

-##### With Traefik included
+### With Traefik included

 <details>
 <summary>docker-compose.with-traefik.yml</summary>
@@ -192,7 +87,7 @@ for more details and alternative solutions.

 </details>

-##### With Caddy Docker Proxy
+### With Caddy Docker Proxy

 <details>
 <summary>docker-compose.with-caddy.yml</summary>
@@ -203,15 +98,9 @@ Replace all `example.com` placeholders with your own domain.

 ```

-If you don't already have a network for Caddy to monitor, create one first:
-
-```bash
-docker network create caddy
-```
-
 </details>

-##### For other reverse proxies
+### For other reverse proxies

 <details>
 <summary>docker-compose.yml</summary>
@@ -222,7 +111,7 @@ docker network create caddy

 </details>

-##### Override file for customisation
+### Override file

 <details>
 <summary>docker-compose.override.yml</summary>
@@ -233,24 +122,98 @@ docker network create caddy

 </details>

-#### Starting Your Server
+When picking the Traefik-related compose file, rename it to
+`docker-compose.yml`, and rename the override file to
+`docker-compose.override.yml`. Edit the latter with the values you want for your
+server.

-1. Choose your compose file and rename it to `docker-compose.yml`
-2. If using the override file, rename it to `docker-compose.override.yml` and
-   edit your values
-3. Start the server:
+When picking the `caddy-docker-proxy` compose file, it's important to first
+create the `caddy` network before spinning up the containers:
+
+```bash
+docker network create caddy
+```
+
+After that, you can rename it to `docker-compose.yml` and spin up the
+containers!
+
+Additional info about deploying Continuwuity can be found [here](generic.mdx).
+
+### Build
+
+Official Continuwuity images are built using **Docker Buildx** and the Dockerfile found at [`docker/Dockerfile`][dockerfile-path]. This approach uses common Docker tooling and enables efficient multi-platform builds.
+
+The resulting images are widely compatible with Docker and other container runtimes like Podman or containerd.
+
+The images *do not contain a shell*. They contain only the Continuwuity binary, required libraries, TLS certificates, and metadata.
+
+<details>
+<summary>Click to view the Dockerfile</summary>
+
+You can also <a href="https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile" target="_blank">view the Dockerfile on Forgejo</a>.
+
+```dockerfile file="../../docker/Dockerfile"
+
+```
+
+</details>
+
+To build an image locally using Docker Buildx, you can typically run a command like:
+
+```bash
+# Build for the current platform and load into the local Docker daemon
+docker buildx build --load --tag continuwuity:latest -f docker/Dockerfile .
+
+# Example: Build for specific platforms and push to a registry.
+# docker buildx build --platform linux/amd64,linux/arm64 --tag registry.io/org/continuwuity:latest -f docker/Dockerfile . --push
+
+# Example: Build binary optimised for the current CPU (standard release profile)
+# docker buildx build --load \
+#   --tag continuwuity:latest \
+#   --build-arg TARGET_CPU=native \
+#   -f docker/Dockerfile .
+
+# Example: Build maxperf variant (release-max-perf profile with LTO)
+# Optimised for runtime performance and smaller binary size, but requires longer build time
+# docker buildx build --load \
+#   --tag continuwuity:latest-maxperf \
+#   --build-arg TARGET_CPU=native \
+#   --build-arg RUST_PROFILE=release-max-perf \
+#   -f docker/Dockerfile .
+```
+
+Refer to the Docker Buildx documentation for more advanced build options.
+
+[dockerfile-path]: https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile
+
+### Run
+
+If you have already built the image or want to use one from the registries, you
+can start the container and everything else in the compose file in detached
+mode with:

 ```bash
 docker compose up -d
 ```

-See the [generic deployment guide](generic.mdx) for more deployment options.
+> **Note:** Don't forget to modify and adjust the compose file to your needs.

-### Building Custom Images
+### Use Traefik as Proxy

-For information on building your own Continuwuity Docker images, see the
-[Building Docker Images](../development/index.mdx#building-docker-images)
-section in the development documentation.
+As a container user, you probably know about Traefik. It is an easy-to-use
+reverse proxy for making containerized apps and services available through the
+web. With the Traefik-related docker-compose files provided above, it is equally easy
+to deploy and use Continuwuity, with a small caveat. If you have already looked at
+the files, you should have seen the `well-known` service, which is the
+small caveat. Traefik is simply a proxy and load balancer and cannot
+serve any kind of content. For Continuwuity to federate, we need to either
+expose ports `443` and `8448` or serve two endpoints: `.well-known/matrix/client`
+and `.well-known/matrix/server`.
+
+With the service `well-known`, we use a single `nginx` container that serves
+those two files.
+
+Alternatively, you can use Continuwuity's built-in delegation file capability. Set up the delegation files in the configuration file, and then proxy paths under `/.well-known/matrix` to continuwuity. For example, the label ``traefik.http.routers.continuwuity.rule=(Host(`matrix.ellis.link`) || (Host(`ellis.link`) && PathPrefix(`/.well-known/matrix`)))`` does this for the domain `ellis.link`.

 ## Voice communication

@@ -1,7 +1,7 @@
 # Continuwuity for FreeBSD

-Continuwuity doesn't provide official FreeBSD packages; however, a community-maintained set of packages is available on [Forgejo](https://forgejo.ellis.link/katie/continuwuity-bsd). Note that these are provided as standalone packages and are not part of a FreeBSD package repository (yet), so updates need to be downloaded and installed manually.
+Continuwuity currently does not provide FreeBSD builds or FreeBSD packaging. However, Continuwuity does build and work on FreeBSD using the system-provided RocksDB.

-Please see the installation instructions in that repository. Direct any questions to its issue tracker or to [@katie:kat5.dev](https://matrix.to/#/@katie:kat5.dev).
+Contributions to get Continuwuity packaged for FreeBSD are welcome.

-For general BSD support, please join our [Continuwuity BSD](https://matrix.to/#/%23bsd:continuwuity.org) community room.
+Please join our [Continuwuity BSD](https://matrix.to/#/%23bsd:continuwuity.org) community room.
@@ -39,7 +39,6 @@ spec:
        - name: continuwuity
          # use a sha hash <3
          image: forgejo.ellis.link/continuwuation/continuwuity:latest
-          command: ["/sbin/conduwuit"]
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
@@ -1 +0,0 @@
-../../CONTRIBUTING.md
@@ -0,0 +1,203 @@
+# Contributing guide
+
+This page is about contributing to Continuwuity. The
+[development](./index.mdx) and [code style guide](./code_style.mdx) pages may be of interest for you as well.
+
+If you would like to work on an [issue][issues] that is not assigned, preferably
+ask in the Matrix room first at [#continuwuity:continuwuity.org][continuwuity-matrix],
+and comment on it.
+
+### Code Style
+
+Please review and follow the [code style guide](./code_style) for formatting, linting, naming conventions, and other code standards.
+
+### Pre-commit Checks
+
+Continuwuity uses pre-commit hooks to enforce various coding standards and catch common issues before they're committed. These checks include:
+
+- Code formatting and linting
+- Typo detection (both in code and commit messages)
+- Checking for large files
+- Ensuring proper line endings and no trailing whitespace
+- Validating YAML, JSON, and TOML files
+- Checking for merge conflicts
+
+You can run these checks locally by installing [prefligit](https://github.com/j178/prefligit):
+
+
+```bash
+# Requires UV: https://docs.astral.sh/uv/getting-started/installation/
+# Mac/linux: curl -LsSf https://astral.sh/uv/install.sh | sh
+# Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
+
+# Install prefligit using cargo-binstall
+cargo binstall prefligit
+
+# Install git hooks to run checks automatically
+prefligit install
+
+# Run all checks
+prefligit --all-files
+```
+
+Alternatively, you can use [pre-commit](https://pre-commit.com/):
+```bash
+# Requires python
+
+# Install pre-commit
+pip install pre-commit
+
+# Install the hooks
+pre-commit install
+
+# Run all checks manually
+pre-commit run --all-files
+```
+
+These same checks are run in CI via the prefligit-checks workflow to ensure consistency. These must pass before the PR is merged.
+
+### Running tests locally
+
+Tests, compilation, and linting can be run with standard Cargo commands:
+
+```bash
+# Run tests
+cargo test
+
+# Check compilation
+cargo check --workspace --features full
+
+# Run lints
+cargo clippy --workspace --features full
+# Auto-fix: cargo clippy --workspace --features full --fix --allow-staged;
+
+# Format code (must use nightly)
+cargo +nightly fmt
+```
+
+### Matrix tests
+
+Continuwuity uses [Complement][complement] for Matrix protocol compliance testing. Complement tests are run manually by developers, and documentation on how to run these tests locally is currently being developed.
+
+If your changes are done to fix Matrix tests, please note that in your pull request. If more Complement tests start failing from your changes, please review the logs and determine if they're intended or not.
+
+[Sytest][sytest] is currently unsupported.
+
+### Writing documentation
+
+Continuwuity's website uses [`mdbook`][mdbook] and is deployed via CI using Cloudflare Pages
+in the [`documentation.yml`][documentation.yml] workflow file. All documentation is in the `docs/`
+directory at the top level.
+
+To build the documentation locally:
+
+1. Install mdbook if you don't have it already:
+   ```bash
+   cargo install mdbook # or cargo binstall, or another method
+   ```
+
+2. Build the documentation:
+   ```bash
+   mdbook build
+   ```
+
+The output of the mdbook generation is in `public/`. You can open the HTML files directly in your browser without needing a web server.
+
+
+### Commit Messages
+
+Continuwuity follows the [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
+
+The basic structure is:
+
+```
+<type>[(optional scope)]: <description>
+
+[optional body]
+
+[optional footer(s)]
+```
+
+The allowed types for commits are:
+- `fix`: Bug fixes
+- `feat`: New features
+- `docs`: Documentation changes
+- `style`: Changes that don't affect the meaning of the code (formatting, etc.)
+- `refactor`: Code changes that neither fix bugs nor add features
+- `perf`: Performance improvements
+- `test`: Adding or fixing tests
+- `build`: Changes to the build system or dependencies
+- `ci`: Changes to CI configuration
+- `chore`: Other changes that don't modify source or test files
+
+Examples:
+```
+feat: add user authentication
+fix(database): resolve connection pooling issue
+docs: update installation instructions
+```
+
+The project uses the `committed` hook to validate commit messages in pre-commit. This ensures all commits follow the conventional format.
+
+### Creating pull requests
+
+Please try to keep contributions to the Forgejo Instance. While the mirrors of continuwuity
+allow for pull/merge requests, there is no guarantee the maintainers will see them in a timely
+manner. Additionally, please mark WIP or unfinished or incomplete PRs as drafts.
+This prevents us from having to ping once in a while to double check the status
+of it, especially when the CI completed successfully and everything so it
+*looks* done.
+
+Before submitting a pull request, please ensure:
+1. Your code passes all CI checks (formatting, linting, typo detection, etc.). Run pre-commit for this.
+2. Your code follows the [code style guide](./code_style)
+3. Your commit messages follow the conventional commits format
+4. Tests are added for new functionality
+5. Documentation is updated if needed
+6. You have written a [news fragment](#writing-news-fragments) for your changes
+
+Direct all PRs/MRs to the `main` branch.
+
+By sending a pull request or patch, you are agreeing that your changes are
+allowed to be licenced under the Apache-2.0 licence and all of your conduct is
+in line with the Contributor's Covenant, and continuwuity's Code of Conduct.
+
+Contribution by users who violate either of these code of conducts may not have
+their contributions accepted. This includes users who have been banned from
+continuwuity Matrix rooms for Code of Conduct violations.
+
+[issues]: https://forgejo.ellis.link/continuwuation/continuwuity/issues
+[continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
+[complement]: https://github.com/matrix-org/complement/
+[sytest]: https://github.com/matrix-org/sytest/
+[mdbook]: https://rust-lang.github.io/mdBook/
+[documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
+
+#### Writing news fragments
+
+In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
+"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
+
+When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
+describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
+of the following:
+
+- `feature` - for new features
+- `bugfix` - for bug fixes
+- `doc` - for documentation changes
+- `misc` - for other changes that don't fit the above categories
+
+For example:
+
+```bash
+$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
+```
+
+(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
+
+When the next release is made, Towncrier will automatically include your news fragment in the changelog.
+
+You can read more about writing news fragments in the [Towncrier tutorial][tt].
+
+[Towncrier]: https://towncrier.readthedocs.io/
+[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
@@ -2,8 +2,7 @@

 Information about developing the project. If you are only interested in using
 it, you can safely ignore this page. If you plan on contributing, see the
-[contributor's guide](./contributing.mdx) and
-[code style guide](./code_style.mdx).
+[contributor's guide](./contributing.mdx) and [code style guide](./code_style.mdx).

 ## Continuwuity project layout

@@ -13,98 +12,86 @@ members are under `src/`. The workspace definition is at the top level / root
 `Cargo.toml`.

 The crate names are generally self-explanatory:
-
 - `admin` is the admin room
 - `api` is the HTTP API, Matrix C-S and S-S endpoints, etc
- `core` is core Continuwuity functionality like config loading, error
-  definitions, global utilities, logging infrastructure, etc
- `database` is RocksDB methods, helpers, RocksDB config, and general database
-  definitions, utilities, or functions
- `macros` are Continuwuity Rust [macros][macros] like general helper macros,
-  logging and error handling macros, and [syn][syn] and [procedural
-  macros][proc-macro] used for admin room commands and others
+- `core` is core Continuwuity functionality like config loading, error definitions,
+global utilities, logging infrastructure, etc
+- `database` is RocksDB methods, helpers, RocksDB config, and general database definitions,
+utilities, or functions
+- `macros` are Continuwuity Rust [macros][macros] like general helper macros, logging
+and error handling macros, and [syn][syn] and [procedural macros][proc-macro]
+used for admin room commands and others
 - `main` is the "primary" sub-crate. This is where the `main()` function lives,
-  tokio worker and async initialisation, Sentry initialisation, [clap][clap]
-  init, and signal handling. If you are adding new [Rust features][features],
-  they _must_ go here.
- `router` is the webserver and request handling bits, using axum, tower,
-  tower-http, hyper, etc, and the [global server state][state] to access
-  `services`.
+tokio worker and async initialisation, Sentry initialisation, [clap][clap] init,
+and signal handling. If you are adding new [Rust features][features], they *must*
+go here.
+- `router` is the webserver and request handling bits, using axum, tower, tower-http,
+hyper, etc, and the [global server state][state] to access `services`.
 - `service` is the high-level database definitions and functions for data,
-  outbound/sending code, and other business logic such as media fetching.
+outbound/sending code, and other business logic such as media fetching.

-It is highly unlikely you will ever need to add a new workspace member, but if
-you truly find yourself needing to, we recommend reaching out to us in the
-Matrix room for discussions about it beforehand.
+It is highly unlikely you will ever need to add a new workspace member, but
+if you truly find yourself needing to, we recommend reaching out to us in
+the Matrix room for discussions about it beforehand.

 The primary inspiration for this design was apart of hot reloadable development,
-to support "Continuwuity as a library" where specific parts can simply be
-swapped out. There is evidence Conduit wanted to go this route too as `axum` is
-technically an optional feature in Conduit, and can be compiled without the
-binary or axum library for handling inbound web requests; but it was never
-completed or worked.
+to support "Continuwuity as a library" where specific parts can simply be swapped out.
+There is evidence Conduit wanted to go this route too as `axum` is technically an
+optional feature in Conduit, and can be compiled without the binary or axum library
+for handling inbound web requests; but it was never completed or worked.

-See the Rust documentation on [Workspaces][workspaces] for general questions and
-information on Cargo workspaces.
+See the Rust documentation on [Workspaces][workspaces] for general questions
+and information on Cargo workspaces.

 ## Adding compile-time [features][features]

-If you'd like to add a compile-time feature, you must first define it in the
-`main` workspace crate located in `src/main/Cargo.toml`. The feature must enable
-a feature in the other workspace crate(s) you intend to use it in. Then the said
-workspace crate(s) must define the feature there in its `Cargo.toml`.
+If you'd like to add a compile-time feature, you must first define it in
+the `main` workspace crate located in `src/main/Cargo.toml`. The feature must
+enable a feature in the other workspace crate(s) you intend to use it in. Then
+the said workspace crate(s) must define the feature there in its `Cargo.toml`.

-So, if this is adding a feature to the API such as `woof`, you define the
-feature in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition
-in `main`'s `Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.
+So, if this is adding a feature to the API such as `woof`, you define the feature
+in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition in `main`'s
+`Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.

-The rationale for this is due to Rust / Cargo not supporting ["workspace level
-features"][9], we must make a choice of; either scattering features all over the
-workspace crates, making it difficult for anyone to add or remove default
-features; or define all the features in one central workspace crate that
-propagate down/up to the other workspace crates. It is a Cargo pitfall, and we'd
-like to see better developer UX in Rust's Workspaces.
+The rationale for this is due to Rust / Cargo not supporting
+["workspace level features"][9], we must make a choice of; either scattering
+features all over the workspace crates, making it difficult for anyone to add
+or remove default features; or define all the features in one central workspace
+crate that propagate down/up to the other workspace crates. It is a Cargo pitfall,
+and we'd like to see better developer UX in Rust's Workspaces.

-Additionally, the definition of one single place makes "feature collection" in
-our Nix flake a million times easier instead of collecting and deduping them all
-from searching in all the workspace crates' `Cargo.toml`s. Though we wouldn't
-need to do this if Rust supported workspace-level features to begin with.
+Additionally, the definition of one single place makes "feature collection" in our
+Nix flake a million times easier instead of collecting and deduping them all from
+searching in all the workspace crates' `Cargo.toml`s. Though we wouldn't need to
+do this if Rust supported workspace-level features to begin with.

 ## List of forked dependencies

-During Continuwuity (and prior projects) development, we have had to fork some
-dependencies to support our use-cases. These forks exist for various reasons
-including features that upstream projects won't accept, faster-paced
-development, Continuwuity-specific usecases, or lack of time to upstream
-changes.
+During Continuwuity (and prior projects) development, we have had to fork some dependencies to support our use-cases.
+These forks exist for various reasons including features that upstream projects won't accept,
+faster-paced development, Continuwuity-specific usecases, or lack of time to upstream changes.

-All forked dependencies are maintained under the
-[continuwuation organization on Forgejo](https://forgejo.ellis.link/continuwuation):
+All forked dependencies are maintained under the [continuwuation organization on Forgejo](https://forgejo.ellis.link/continuwuation):

- [ruwuma][continuwuation-ruwuma] - Fork of [ruma/ruma][ruma] with various
-  performance improvements, more features and better client/server interop
- [rocksdb][continuwuation-rocksdb] - Fork of [facebook/rocksdb][rocksdb] via
-  [`@zaidoon1`][8] with liburing build fixes and GCC debug build fixes
- [jemallocator][continuwuation-jemallocator] - Fork of
-  [tikv/jemallocator][jemallocator] fixing musl builds, suspicious code, and
-  adding support for redzones in Valgrind
- [rustyline-async][continuwuation-rustyline-async] - Fork of
-  [zyansheep/rustyline-async][rustyline-async] with tab completion callback and
-  `CTRL+\` signal quit event for Continuwuity console CLI
- [rust-rocksdb][continuwuation-rust-rocksdb] - Fork of
-  [rust-rocksdb/rust-rocksdb][rust-rocksdb] fixing musl build issues, removing
-  unnecessary `gtest` include, and using our RocksDB and jemallocator forks
- [tracing][continuwuation-tracing] - Fork of [tokio-rs/tracing][tracing]
-  implementing `Clone` for `EnvFilter` to support dynamically changing tracing
-  environments
+- [ruwuma][continuwuation-ruwuma] - Fork of [ruma/ruma][ruma] with various performance improvements, more features and better client/server interop
+- [rocksdb][continuwuation-rocksdb] - Fork of [facebook/rocksdb][rocksdb] via [`@zaidoon1`][8] with liburing build fixes and GCC debug build fixes
+- [jemallocator][continuwuation-jemallocator] - Fork of [tikv/jemallocator][jemallocator] fixing musl builds, suspicious code,
+  and adding support for redzones in Valgrind
+- [rustyline-async][continuwuation-rustyline-async] - Fork of [zyansheep/rustyline-async][rustyline-async] with tab completion callback
+  and `CTRL+\` signal quit event for Continuwuity console CLI
+- [rust-rocksdb][continuwuation-rust-rocksdb] - Fork of [rust-rocksdb/rust-rocksdb][rust-rocksdb] fixing musl build issues,
+  removing unnecessary `gtest` include, and using our RocksDB and jemallocator forks
+- [tracing][continuwuation-tracing] - Fork of [tokio-rs/tracing][tracing] implementing `Clone` for `EnvFilter` to
+  support dynamically changing tracing environments

 ## Debugging with `tokio-console`

 [`tokio-console`][7] can be a useful tool for debugging and profiling. To make a
-`tokio-console`-enabled build of Continuwuity, enable the `tokio_console`
-feature, disable the default `release_max_log_level` feature, and set the
-`--cfg tokio_unstable` flag to enable experimental tokio APIs. A build might
-look like this:
+`tokio-console`-enabled build of Continuwuity, enable the `tokio_console` feature,
+disable the default `release_max_log_level` feature, and set the `--cfg
+tokio_unstable` flag to enable experimental tokio APIs. A build might look like
+this:

 ```bash
 RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
@@ -113,84 +100,34 @@ RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
 ```

-You will also need to enable the `tokio_console` config option in Continuwuity
-when starting it. This was due to tokio-console causing gradual memory
-leak/usage if left enabled.
+You will also need to enable the `tokio_console` config option in Continuwuity when
+starting it. This was due to tokio-console causing gradual memory leak/usage
+if left enabled.

 ## Building Docker Images

-Official Continuwuity images are built using **Docker Buildx** and the
-Dockerfile found at [`docker/Dockerfile`][dockerfile-path].
-
-The images are compatible with Docker and other container runtimes like Podman
-or containerd.
-
-The images _do not contain a shell_. They contain only the Continuwuity binary,
-required libraries, TLS certificates, and metadata.
-
-<details>
-<summary>Click to view the Dockerfile</summary>
-
-You can also
-
-<a
-    href="<https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile>"
-    target="_blank"
->
-    view the Dockerfile on Forgejo
-</a>
-.
-
-```dockerfile file="../../docker/Dockerfile"
-
-```
-
-</details>
-
-### Building Locally
-
-To build an image locally using Docker Buildx:
+To build a Docker image for Continuwuity, use the standard Docker build command:

 ```bash
-# Build for the current platform and load into the local Docker daemon
-docker buildx build --load --tag continuwuity:latest -f docker/Dockerfile .
-
-# Example: Build for specific platforms and push to a registry
-# docker buildx build --platform linux/amd64,linux/arm64 --tag registry.io/org/continuwuity:latest -f docker/Dockerfile . --push
-
-# Example: Build binary optimised for the current CPU (standard release profile)
-# docker buildx build --load \
-#   --tag continuwuity:latest \
-#   --build-arg TARGET_CPU=native \
-#   -f docker/Dockerfile .
-
-# Example: Build maxperf variant (release-max-perf profile with LTO)
-# docker buildx build --load \
-#   --tag continuwuity:latest-maxperf \
-#   --build-arg TARGET_CPU=native \
-#   --build-arg RUST_PROFILE=release-max-perf \
-#   -f docker/Dockerfile .
+docker build -f docker/Dockerfile .
 ```

-Refer to the Docker Buildx documentation for more advanced build options.
+The image can be cross-compiled for different architectures.

-[dockerfile-path]:
-    https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile
 [continuwuation-ruwuma]: https://forgejo.ellis.link/continuwuation/ruwuma
 [continuwuation-rocksdb]: https://forgejo.ellis.link/continuwuation/rocksdb
-[continuwuation-jemallocator]:
-    https://forgejo.ellis.link/continuwuation/jemallocator
-[continuwuation-rustyline-async]:
-    https://forgejo.ellis.link/continuwuation/rustyline-async
-[continuwuation-rust-rocksdb]:
-    https://forgejo.ellis.link/continuwuation/rust-rocksdb
+[continuwuation-jemallocator]: https://forgejo.ellis.link/continuwuation/jemallocator
+[continuwuation-rustyline-async]: https://forgejo.ellis.link/continuwuation/rustyline-async
+[continuwuation-rust-rocksdb]: https://forgejo.ellis.link/continuwuation/rust-rocksdb
 [continuwuation-tracing]: https://forgejo.ellis.link/continuwuation/tracing
+
 [ruma]: https://github.com/ruma/ruma/
 [rocksdb]: https://github.com/facebook/rocksdb/
 [jemallocator]: https://github.com/tikv/jemallocator/
 [rustyline-async]: https://github.com/zyansheep/rustyline-async/
 [rust-rocksdb]: https://github.com/rust-rocksdb/rust-rocksdb/
 [tracing]: https://github.com/tokio-rs/tracing/
+
 [7]: https://docs.rs/tokio-console/latest/tokio_console/
 [8]: https://github.com/zaidoon1/
 [9]: https://github.com/rust-lang/cargo/issues/12162
@@ -1 +1 @@
-{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.ellis.link"}]}
+{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.ellis.link"}]}
@@ -1,6 +1,6 @@
 {
    "$schema": "http://json-schema.org/draft-04/schema#",
-    "$id": "https://continuwuity.org/schema/announcements.schema.json",
+    "$id": "https://continwuity.org/schema/announcements.schema.json",
    "type": "object",
    "properties": {
      "announcements": {
@@ -4,11 +4,6 @@
        "name": "config",
        "label": "Configuration"
    },
-    {
-        "type": "file",
-        "name": "environment-variables",
-        "label": "Environment Variables"
-    },
    {
        "type": "file",
        "name": "admin",
@@ -130,10 +130,6 @@ Trim memory usage

 List database files

-## `!admin debug send-test-email`
-
-Send a test email to the invoking admin's email address
-
 ## `!admin debug tester`

 Developer test stubs
@@ -133,18 +133,6 @@ pusher service

 Returns all the pushers for the user

-### `!admin query pusher delete-pusher`
-
-Deletes a specific pusher by ID
-
-### `!admin query pusher delete-all-user`
-
-Deletes all pushers for a user
-
-### `!admin query pusher delete-all-device`
-
-Deletes all pushers associated with a device ID
-
 ## `!admin query short`

 short service
@@ -47,11 +47,3 @@ Restart the server
 ## `!admin server shutdown`

 Shutdown the server
-
-## `!admin server list-features`
-
-List features built into the server
-
-## `!admin server build-info`
-
-Build information
@@ -12,24 +12,6 @@ Create a new user

 Reset user password

-## `!admin users issue-password-reset-link`
-
-Issue a self-service password reset link for a user
-
-## `!admin users get-email`
-
-Get a user's associated email address
-
-## `!admin users get-user-by-email`
-
-Get the user with the given email address
-
-## `!admin users change-email`
-
-Update or remove a user's email address.
-
-If `email` is not supplied, the user's existing address will be removed.
-
 ## `!admin users deactivate`

 Deactivate a user
@@ -157,7 +139,3 @@ Force joins all local users to the specified room.
 At least 1 server admin must be in the room to reduce abuse.

 Requires the `--yes-i-want-to-do-this` flag.
-
-## `!admin users reset-push-rules`
-
-Resets the push-rules (notification settings) of the target user to the server defaults
@@ -1,281 +0,0 @@
-# Environment Variables
-
-Continuwuity can be configured entirely through environment variables, making it
-ideal for containerised deployments and infrastructure-as-code scenarios.
-
-This is a convenience reference and may not be exhaustive. The
-[Configuration Reference](./config.mdx) is the primary source for all
-configuration options.
-
-## Prefix System
-
-Continuwuity supports three environment variable prefixes for backwards
-compatibility:
-
- `CONTINUWUITY_*` (current, recommended)
- `CONDUWUIT_*` (compatibility)
- `CONDUIT_*` (legacy)
-
-All three prefixes work identically. Use double underscores (`__`) to represent
-nested configuration sections from the TOML config.
-
-**Examples:**
-
-```bash
-# Simple top-level config
-CONTINUWUITY_SERVER_NAME="matrix.example.com"
-CONTINUWUITY_PORT="8008"
-
-# Nested config sections use double underscores
-# This maps to [database] section in TOML
-CONTINUWUITY_DATABASE__PATH="/var/lib/continuwuity"
-
-# This maps to [tls] section in TOML
-CONTINUWUITY_TLS__CERTS="/path/to/cert.pem"
-```
-
-## Configuration File Override
-
-You can specify a custom configuration file path:
-
- `CONTINUWUITY_CONFIG` - Path to continuwuity.toml (current)
- `CONDUWUIT_CONFIG` - Path to config file (compatibility)
- `CONDUIT_CONFIG` - Path to config file (legacy)
-
-## Essential Variables
-
-These are the minimum variables needed for a working deployment:
-
-| Variable                     | Description                        | Default                |
-| ---------------------------- | ---------------------------------- | ---------------------- |
-| `CONTINUWUITY_SERVER_NAME`   | Your Matrix server's domain name   | Required               |
-| `CONTINUWUITY_DATABASE_PATH` | Path to RocksDB database directory | `/var/lib/conduwuit`   |
-| `CONTINUWUITY_ADDRESS`       | IP address to bind to              | `["127.0.0.1", "::1"]` |
-| `CONTINUWUITY_PORT`          | Port to listen on                  | `8008`                 |
-
-## Network Configuration
-
-| Variable                         | Description                                     | Default                |
-| -------------------------------- | ----------------------------------------------- | ---------------------- |
-| `CONTINUWUITY_ADDRESS`           | Bind address (use `0.0.0.0` for all interfaces) | `["127.0.0.1", "::1"]` |
-| `CONTINUWUITY_PORT`              | HTTP port                                       | `8008`                 |
-| `CONTINUWUITY_UNIX_SOCKET_PATH`  | UNIX socket path (alternative to TCP)           | -                      |
-| `CONTINUWUITY_UNIX_SOCKET_PERMS` | Socket permissions (octal)                      | `660`                  |
-
-## Database Configuration
-
-| Variable                                   | Description                 | Default              |
-| ------------------------------------------ | --------------------------- | -------------------- |
-| `CONTINUWUITY_DATABASE_PATH`               | RocksDB data directory      | `/var/lib/conduwuit` |
-| `CONTINUWUITY_DATABASE_BACKUP_PATH`        | Backup directory            | -                    |
-| `CONTINUWUITY_DATABASE_BACKUPS_TO_KEEP`    | Number of backups to retain | `1`                  |
-| `CONTINUWUITY_DB_CACHE_CAPACITY_MB`        | Database read cache (MB)    | -                    |
-| `CONTINUWUITY_DB_WRITE_BUFFER_CAPACITY_MB` | Write cache (MB)            | -                    |
-
-## Cache Configuration
-
-| Variable                                 | Description              |
-| ---------------------------------------- | ------------------------ |
-| `CONTINUWUITY_CACHE_CAPACITY_MODIFIER`   | LRU cache multiplier     |
-| `CONTINUWUITY_PDU_CACHE_CAPACITY`        | PDU cache entries        |
-| `CONTINUWUITY_AUTH_CHAIN_CACHE_CAPACITY` | Auth chain cache entries |
-
-## DNS Configuration
-
-Configure DNS resolution behaviour for federation and external requests.
-
-| Variable                             | Description                  | Default  |
-| ------------------------------------ | ---------------------------- | -------- |
-| `CONTINUWUITY_DNS_CACHE_ENTRIES`     | Max DNS cache entries        | `32768`  |
-| `CONTINUWUITY_DNS_MIN_TTL`           | Minimum cache TTL (seconds)  | `10800`  |
-| `CONTINUWUITY_DNS_MIN_TTL_NXDOMAIN`  | NXDOMAIN cache TTL (seconds) | `259200` |
-| `CONTINUWUITY_DNS_ATTEMPTS`          | Retry attempts               | -        |
-| `CONTINUWUITY_DNS_TIMEOUT`           | Query timeout (seconds)      | -        |
-| `CONTINUWUITY_DNS_TCP_FALLBACK`      | Allow TCP fallback           | -        |
-| `CONTINUWUITY_QUERY_ALL_NAMESERVERS` | Query all nameservers        | -        |
-| `CONTINUWUITY_QUERY_OVER_TCP_ONLY`   | TCP-only queries             | -        |
-
-## Request Configuration
-
-| Variable                             | Description                   |
-| ------------------------------------ | ----------------------------- |
-| `CONTINUWUITY_MAX_REQUEST_SIZE`      | Max HTTP request size (bytes) |
-| `CONTINUWUITY_REQUEST_CONN_TIMEOUT`  | Connection timeout (seconds)  |
-| `CONTINUWUITY_REQUEST_TIMEOUT`       | Overall request timeout       |
-| `CONTINUWUITY_REQUEST_TOTAL_TIMEOUT` | Total timeout                 |
-| `CONTINUWUITY_REQUEST_IDLE_TIMEOUT`  | Idle timeout                  |
-| `CONTINUWUITY_REQUEST_IDLE_PER_HOST` | Idle connections per host     |
-
-## Federation Configuration
-
-Control how your server federates with other Matrix servers.
-
-| Variable                                       | Description                   | Default |
-| ---------------------------------------------- | ----------------------------- | ------- |
-| `CONTINUWUITY_ALLOW_FEDERATION`                | Enable federation             | `true`  |
-| `CONTINUWUITY_FEDERATION_LOOPBACK`             | Allow loopback federation     | -       |
-| `CONTINUWUITY_FEDERATION_CONN_TIMEOUT`         | Connection timeout            | -       |
-| `CONTINUWUITY_FEDERATION_TIMEOUT`              | Request timeout               | -       |
-| `CONTINUWUITY_FEDERATION_IDLE_TIMEOUT`         | Idle timeout                  | -       |
-| `CONTINUWUITY_FEDERATION_IDLE_PER_HOST`        | Idle connections per host     | -       |
-| `CONTINUWUITY_TRUSTED_SERVERS`                 | JSON array of trusted servers | -       |
-| `CONTINUWUITY_QUERY_TRUSTED_KEY_SERVERS_FIRST` | Query trusted first           | -       |
-| `CONTINUWUITY_ONLY_QUERY_TRUSTED_KEY_SERVERS`  | Only query trusted            | -       |
-
-**Example:**
-
-```bash
-# Trust matrix.org for key verification
-CONTINUWUITY_TRUSTED_SERVERS='["matrix.org"]'
-```
-
-## Registration & User Configuration
-
-Control user registration and account creation behaviour.
-
-| Variable                                   | Description           | Default |
-| ------------------------------------------ | --------------------- | ------- |
-| `CONTINUWUITY_ALLOW_REGISTRATION`          | Enable registration   | `true`  |
-| `CONTINUWUITY_REGISTRATION_TOKEN`          | Token requirement     | -       |
-| `CONTINUWUITY_SUSPEND_ON_REGISTER`         | Suspend new accounts  | -       |
-| `CONTINUWUITY_NEW_USER_DISPLAYNAME_SUFFIX` | Display name suffix   | 🏳️‍⚧️      |
-| `CONTINUWUITY_RECAPTCHA_SITE_KEY`          | reCAPTCHA site key    | -       |
-| `CONTINUWUITY_RECAPTCHA_PRIVATE_SITE_KEY`  | reCAPTCHA private key | -       |
-
-**Example:**
-
-```bash
-# Disable open registration
-CONTINUWUITY_ALLOW_REGISTRATION="false"
-
-# Require a registration token
-CONTINUWUITY_REGISTRATION_TOKEN="your_secret_token_here"
-```
-
-## Feature Configuration
-
-| Variable                                                   | Description                | Default |
-| ---------------------------------------------------------- | -------------------------- | ------- |
-| `CONTINUWUITY_ALLOW_ENCRYPTION`                            | Enable E2EE                | `true`  |
-| `CONTINUWUITY_ALLOW_ROOM_CREATION`                         | Enable room creation       | -       |
-| `CONTINUWUITY_ALLOW_UNSTABLE_ROOM_VERSIONS`                | Allow unstable versions    | -       |
-| `CONTINUWUITY_DEFAULT_ROOM_VERSION`                        | Default room version       | `v11`   |
-| `CONTINUWUITY_REQUIRE_AUTH_FOR_PROFILE_REQUESTS`           | Auth for profiles          | -       |
-| `CONTINUWUITY_ALLOW_PUBLIC_ROOM_DIRECTORY_OVER_FEDERATION` | Federate directory         | -       |
-| `CONTINUWUITY_ALLOW_PUBLIC_ROOM_DIRECTORY_WITHOUT_AUTH`    | Unauth directory           | -       |
-| `CONTINUWUITY_ALLOW_DEVICE_NAME_FEDERATION`                | Device names in federation | -       |
-
-## TLS Configuration
-
-Built-in TLS support is primarily for testing. **For production deployments,
-especially when federating on the internet, use a reverse proxy** (Traefik,
-Caddy, nginx) to handle TLS termination.
-
-| Variable                          | Description               |
-| --------------------------------- | ------------------------- |
-| `CONTINUWUITY_TLS__CERTS`         | TLS certificate file path |
-| `CONTINUWUITY_TLS__KEY`           | TLS private key path      |
-| `CONTINUWUITY_TLS__DUAL_PROTOCOL` | Support TLS 1.2 + 1.3     |
-
-**Example (testing only):**
-
-```bash
-CONTINUWUITY_TLS__CERTS="/etc/letsencrypt/live/matrix.example.com/fullchain.pem"
-CONTINUWUITY_TLS__KEY="/etc/letsencrypt/live/matrix.example.com/privkey.pem"
-```
-
-## Logging Configuration
-
-Control log output format and verbosity.
-
-| Variable                       | Description        | Default |
-| ------------------------------ | ------------------ | ------- |
-| `CONTINUWUITY_LOG`             | Log filter level   | -       |
-| `CONTINUWUITY_LOG_COLORS`      | ANSI colours       | `true`  |
-| `CONTINUWUITY_LOG_SPAN_EVENTS` | Log span events    | `none`  |
-| `CONTINUWUITY_LOG_THREAD_IDS`  | Include thread IDs | -       |
-
-**Examples:**
-
-```bash
-# Set log level to info
-CONTINUWUITY_LOG="info"
-
-# Enable debug logging for specific modules
-CONTINUWUITY_LOG="warn,continuwuity::api=debug"
-
-# Disable colours for log aggregation
-CONTINUWUITY_LOG_COLORS="false"
-```
-
-## Observability Configuration
-
-| Variable                                 | Description           |
-| ---------------------------------------- | --------------------- |
-| `CONTINUWUITY_ALLOW_OTLP`                | Enable OpenTelemetry  |
-| `CONTINUWUITY_OTLP_FILTER`               | OTLP filter level     |
-| `CONTINUWUITY_OTLP_PROTOCOL`             | Protocol (http/grpc)  |
-| `CONTINUWUITY_TRACING_FLAME`             | Enable flame graphs   |
-| `CONTINUWUITY_TRACING_FLAME_FILTER`      | Flame graph filter    |
-| `CONTINUWUITY_TRACING_FLAME_OUTPUT_PATH` | Output directory      |
-| `CONTINUWUITY_SENTRY`                    | Enable Sentry         |
-| `CONTINUWUITY_SENTRY_ENDPOINT`           | Sentry DSN            |
-| `CONTINUWUITY_SENTRY_SEND_SERVER_NAME`   | Include server name   |
-| `CONTINUWUITY_SENTRY_TRACES_SAMPLE_RATE` | Sample rate (0.0-1.0) |
-
-## Admin Configuration
-
-Configure admin users and automated command execution.
-
-| Variable                                   | Description                      | Default           |
-| ------------------------------------------ | -------------------------------- | ----------------- |
-| `CONTINUWUITY_ADMINS_LIST`                 | JSON array of admin user IDs     | -                 |
-| `CONTINUWUITY_ADMINS_FROM_ROOM`            | Derive admins from room          | -                 |
-| `CONTINUWUITY_ADMIN_ESCAPE_COMMANDS`       | Allow `\` prefix in public rooms | -                 |
-| `CONTINUWUITY_ADMIN_CONSOLE_AUTOMATIC`     | Auto-activate console            | -                 |
-| `CONTINUWUITY_ADMIN_EXECUTE`               | JSON array of startup commands   | -                 |
-| `CONTINUWUITY_ADMIN_EXECUTE_ERRORS_IGNORE` | Ignore command errors            | -                 |
-| `CONTINUWUITY_ADMIN_SIGNAL_EXECUTE`        | Commands on SIGUSR2              | -                 |
-| `CONTINUWUITY_ADMIN_ROOM_TAG`              | Admin room tag                   | `m.server_notice` |
-
-**Examples:**
-
-```bash
-# Create admin user on startup
-CONTINUWUITY_ADMIN_EXECUTE='["users create-user admin", "users make-user-admin admin"]'
-
-# Specify admin users directly
-CONTINUWUITY_ADMINS_LIST='["@alice:example.com", "@bob:example.com"]'
-```
-
-## Media & URL Preview Configuration
-
-| Variable                                             | Description        |
-| ---------------------------------------------------- | ------------------ |
-| `CONTINUWUITY_URL_PREVIEW_BOUND_INTERFACE`           | Bind interface     |
-| `CONTINUWUITY_URL_PREVIEW_DOMAIN_CONTAINS_ALLOWLIST` | Domain allowlist   |
-| `CONTINUWUITY_URL_PREVIEW_DOMAIN_EXPLICIT_ALLOWLIST` | Explicit allowlist |
-| `CONTINUWUITY_URL_PREVIEW_DOMAIN_EXPLICIT_DENYLIST`  | Explicit denylist  |
-| `CONTINUWUITY_URL_PREVIEW_MAX_SPIDER_SIZE`           | Max fetch size     |
-| `CONTINUWUITY_URL_PREVIEW_TIMEOUT`                   | Fetch timeout      |
-| `CONTINUWUITY_IP_RANGE_DENYLIST`                     | IP range denylist  |
-
-## Tokio Runtime Configuration
-
-These can be set as environment variables or CLI arguments:
-
-| Variable                                  | Description                |
-| ----------------------------------------- | -------------------------- |
-| `TOKIO_WORKER_THREADS`                    | Worker thread count        |
-| `TOKIO_GLOBAL_QUEUE_INTERVAL`             | Global queue interval      |
-| `TOKIO_EVENT_INTERVAL`                    | Event interval             |
-| `TOKIO_MAX_IO_EVENTS_PER_TICK`            | Max I/O events per tick    |
-| `CONTINUWUITY_RUNTIME_HISTOGRAM_INTERVAL` | Histogram bucket size (μs) |
-| `CONTINUWUITY_RUNTIME_HISTOGRAM_BUCKETS`  | Bucket count               |
-| `CONTINUWUITY_RUNTIME_WORKER_AFFINITY`    | Enable worker affinity     |
-
-## See Also
-
- [Configuration Reference](./config.mdx) - Complete TOML configuration
-  documentation
- [Admin Commands](./admin/) - Admin command reference
@@ -6,7 +6,7 @@ misconfigurations to cause issues, particularly with networking and permissions.
 Please check that your issues are not due to problems with your Docker setup.
 :::

-## Continuwuity issues
+## Continuwuity and Matrix issues

 ### Slow joins to rooms

@@ -23,16 +23,6 @@ which is a longstanding bug with synchronizing room joins to clients. In this si
 the bug caused your homeserver to forget to tell your client. **To fix this, clear your client's cache.** Both Element and Cinny
 have a button to clear their cache in the "About" section of their settings.

-### Configuration not working as expected
-
-Sometimes you can make a mistake in your configuration that
-means things don't get passed to Continuwuity correctly.
-This is particularly easy to do with environment variables.
-To check what configuration Continuwuity actually sees, you can
-use the `!admin server show-config` command in your admin room.
-Beware that this prints out any secrets in your configuration,
-so you might want to delete the result afterwards!
-
 ### Lost access to admin room

 You can reinvite yourself to the admin room through the following methods:
@@ -43,7 +33,17 @@ argument once to invite yourslf to the admin room on startup
 - Or specify the `emergency_password` config option to allow you to temporarily
 log into the server account (`@conduit`) from a web client

-## DNS issues
+## General potential issues
+
+### Configuration not working as expected
+
+Sometimes you can make a mistake in your configuration that
+means things don't get passed to Continuwuity correctly.
+This is particularly easy to do with environment variables.
+To check what configuration Continuwuity actually sees, you can
+use the `!admin server show-config` command in your admin room.
+Beware that this prints out any secrets in your configuration,
+so you might want to delete the result afterwards!

 ### Potential DNS issues when using Docker

@@ -3,11 +3,11 @@
    "advisory-db": {
      "flake": false,
      "locked": {
-        "lastModified": 1773786698,
-        "narHash": "sha256-o/J7ZculgwSs1L4H4UFlFZENOXTJzq1X0n71x6oNNvY=",
+        "lastModified": 1766324728,
+        "narHash": "sha256-9C+WyE5U3y5w4WQXxmb0ylRyMMsPyzxielWXSHrcDpE=",
        "owner": "rustsec",
        "repo": "advisory-db",
-        "rev": "99e9de91bb8b61f06ef234ff84e11f758ecd5384",
+        "rev": "c88b88c62bda077be8aa621d4e89d8701e39cb5d",
        "type": "github"
      },
      "original": {
@@ -18,11 +18,11 @@
    },
    "crane": {
      "locked": {
-        "lastModified": 1773189535,
-        "narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=",
+        "lastModified": 1766194365,
+        "narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269",
+        "rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379",
        "type": "github"
      },
      "original": {
@@ -39,11 +39,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1773732206,
-        "narHash": "sha256-HKibxaUXyWd4Hs+ZUnwo6XslvaFqFqJh66uL9tphU4Q=",
+        "lastModified": 1766299592,
+        "narHash": "sha256-7u+q5hexu2eAxL2VjhskHvaUKg+GexmelIR2ve9Nbb4=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "0aa13c1b54063a8d8679b28a5cd357ba98f4a56b",
+        "rev": "381579dee168d5ced412e2990e9637ecc7cf1c5d",
        "type": "github"
      },
      "original": {
@@ -55,11 +55,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1767039857,
-        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "lastModified": 1765121682,
+        "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
        "type": "github"
      },
      "original": {
@@ -74,11 +74,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1772408722,
-        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
+        "lastModified": 1765835352,
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
        "type": "github"
      },
      "original": {
@@ -89,11 +89,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1773734432,
-        "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=",
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "cda48547b432e8d3b18b4180ba07473762ec8558",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
        "type": "github"
      },
      "original": {
@@ -105,11 +105,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1772328832,
-        "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
+        "lastModified": 1765674936,
+        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
+        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
        "type": "github"
      },
      "original": {
@@ -132,11 +132,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1773697963,
-        "narHash": "sha256-xdKI77It9PM6eNrCcDZsnP4SKulZwk8VkDgBRVMnCb8=",
+        "lastModified": 1766253897,
+        "narHash": "sha256-ChK07B1aOlJ4QzWXpJo+y8IGAxp1V9yQ2YloJ+RgHRw=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "2993637174252ff60a582fd1f55b9ab52c39db6d",
+        "rev": "765b7bdb432b3740f2d564afccfae831d5a972e4",
        "type": "github"
      },
      "original": {
@@ -153,11 +153,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773297127,
-        "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
+        "lastModified": 1766000401,
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
        "type": "github"
      },
      "original": {
@@ -29,6 +29,7 @@
      url = "github:edolstra/flake-compat?ref=master";
      flake = false;
    };
+
  };

  outputs =
@@ -36,10 +37,10 @@
    flake-parts.lib.mkFlake { inherit inputs; } {
      imports = [ ./nix ];
      systems = [
+        # good support
        "x86_64-linux"
-        "aarch64-linux"
        # support untested but theoretically there
-        "aarch64-darwin"
+        "aarch64-linux"
      ];
    };
 }
@@ -0,0 +1,107 @@
+{ inputs, ... }:
+{
+  perSystem =
+    {
+      self',
+      lib,
+      pkgs,
+      ...
+    }:
+    let
+      uwulib = inputs.self.uwulib.init pkgs;
+
+      rocksdbAllFeatures = self'.packages.rocksdb.override {
+        enableJemalloc = true;
+      };
+
+      commonAttrs = (uwulib.build.commonAttrs { }) // {
+        buildInputs = [
+          pkgs.liburing
+          pkgs.rust-jemalloc-sys-unprefixed
+          rocksdbAllFeatures
+        ];
+        nativeBuildInputs = [
+          pkgs.pkg-config
+          # bindgen needs the build platform's libclang. Apparently due to "splicing
+          # weirdness", pkgs.rustPlatform.bindgenHook on its own doesn't quite do the
+          # right thing here.
+          pkgs.rustPlatform.bindgenHook
+        ];
+        env = {
+          LIBCLANG_PATH = lib.makeLibraryPath [ pkgs.llvmPackages.libclang.lib ];
+          LD_LIBRARY_PATH = lib.makeLibraryPath [
+            pkgs.liburing
+            pkgs.rust-jemalloc-sys-unprefixed
+            rocksdbAllFeatures
+          ];
+        }
+        // uwulib.environment.buildPackageEnv
+        // {
+          ROCKSDB_INCLUDE_DIR = "${rocksdbAllFeatures}/include";
+          ROCKSDB_LIB_DIR = "${rocksdbAllFeatures}/lib";
+        };
+      };
+      cargoArtifacts = self'.packages.continuwuity-all-features-deps;
+    in
+    {
+      # taken from
+      #
+      # https://crane.dev/examples/quick-start.html
+      checks = {
+        continuwuity-all-features-build = self'.packages.continuwuity-all-features-bin;
+
+        continuwuity-all-features-clippy = uwulib.build.craneLibForChecks.cargoClippy (
+          commonAttrs
+          // {
+            inherit cargoArtifacts;
+            cargoClippyExtraArgs = "-- --deny warnings";
+          }
+        );
+
+        continuwuity-all-features-docs = uwulib.build.craneLibForChecks.cargoDoc (
+          commonAttrs
+          // {
+            inherit cargoArtifacts;
+            # This can be commented out or tweaked as necessary, e.g. set to
+            # `--deny rustdoc::broken-intra-doc-links` to only enforce that lint
+            env.RUSTDOCFLAGS = "--deny warnings";
+          }
+        );
+
+        # Check formatting
+        continuwuity-all-features-fmt = uwulib.build.craneLibForChecks.cargoFmt {
+          src = uwulib.build.src;
+        };
+
+        continuwuity-all-features-toml-fmt = uwulib.build.craneLibForChecks.taploFmt {
+          src = pkgs.lib.sources.sourceFilesBySuffices uwulib.build.src [ ".toml" ];
+          # taplo arguments can be further customized below as needed
+          taploExtraArgs = "--config ${inputs.self}/taplo.toml";
+        };
+
+        # Audit dependencies
+        continuwuity-all-features-audit = uwulib.build.craneLibForChecks.cargoAudit {
+          inherit (inputs) advisory-db;
+          src = uwulib.build.src;
+        };
+
+        # Audit licenses
+        continuwuity-all-features-deny = uwulib.build.craneLibForChecks.cargoDeny {
+          src = uwulib.build.src;
+        };
+
+        # Run tests with cargo-nextest
+        # Consider setting `doCheck = false` on `continuwuity-all-features` if you do not want
+        # the tests to run twice
+        continuwuity-all-features-nextest = uwulib.build.craneLibForChecks.cargoNextest (
+          commonAttrs
+          // {
+            inherit cargoArtifacts;
+            partitions = 1;
+            partitionType = "count";
+            cargoNextestPartitionsExtraArgs = "--no-tests=pass";
+          }
+        );
+      };
+    };
+}
@@ -1,14 +0,0 @@
-{ inputs, ... }:
-{
-  perSystem =
-    {
-      pkgs,
-      self',
-      ...
-    }:
-    {
-      _module.args.craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (
-        pkgs: self'.packages.stable-toolchain
-      );
-    };
-}
@@ -1,10 +1,11 @@
 {
  imports = [
-    ./rust.nix
-    ./crane.nix
+    ./checks
    ./packages
-    ./devshell.nix
+    ./shells
+    ./tests
+
+    ./hydra.nix
    ./fmt.nix
-    ./rocksdb-updater.nix
  ];
 }
@@ -1,42 +0,0 @@
-{
-  perSystem =
-    {
-      craneLib,
-      self',
-      lib,
-      pkgs,
-      ...
-    }:
-    {
-      # basic nix shell containing all things necessary to build continuwuity in all flavors manually (on x86_64-linux)
-      devShells.default = craneLib.devShell {
-        packages = [
-          self'.packages.rocksdb
-          pkgs.nodejs
-          pkgs.pkg-config
-        ]
-        ++ lib.optionals pkgs.stdenv.isLinux [
-          pkgs.liburing
-          pkgs.rust-jemalloc-sys-unprefixed
-        ];
-
-        env = {
-          LIBCLANG_PATH = lib.makeLibraryPath [ pkgs.llvmPackages.libclang.lib ];
-          LD_LIBRARY_PATH = lib.makeLibraryPath (
-            [
-              pkgs.stdenv.cc.cc.lib
-            ]
-            ++ lib.optionals pkgs.stdenv.isLinux [
-              pkgs.liburing
-              pkgs.jemalloc
-            ]
-          );
-        }
-        // lib.optionalAttrs pkgs.stdenv.isLinux {
-          PKG_CONFIG_PATH = lib.makeSearchPath "lib/pkgconfig" [
-            pkgs.liburing.dev
-          ];
-        };
-      };
-    };
-}
@@ -0,0 +1,9 @@
+{ inputs, ... }:
+let
+  lib = inputs.nixpkgs.lib;
+in
+{
+  flake.hydraJobs.packages = builtins.mapAttrs (
+    _name: lib.hydraJob
+  ) inputs.self.packages.x86_64-linux;
+}
@@ -1,65 +0,0 @@
-{
-  lib,
-  self,
-  stdenv,
-  liburing,
-  craneLib,
-  pkg-config,
-  callPackage,
-  rustPlatform,
-  cargoExtraArgs ? "",
-  rocksdb ? callPackage ./rocksdb.nix { },
-}:
-let
-  # see https://crane.dev/API.html#cranelibfiltercargosources
-  # we need to keep the `web` directory which would be filtered out by the regular source filtering function
-  # https://crane.dev/API.html#cranelibcleancargosource
-  isWebTemplate = path: _type: builtins.match ".*(src/(web|service)|docs).*" path != null;
-  isRust = craneLib.filterCargoSources;
-  isNix = path: _type: builtins.match ".+/nix.*" path != null;
-  webOrRustNotNix = p: t: !(isNix p t) && (isWebTemplate p t || isRust p t);
-
-  src = lib.cleanSourceWith {
-    src = self;
-    filter = webOrRustNotNix;
-    name = "source";
-  };
-
-  attrs = {
-    inherit src;
-    nativeBuildInputs = [
-      pkg-config
-      rustPlatform.bindgenHook
-    ];
-    buildInputs = lib.optionals stdenv.hostPlatform.isLinux [ liburing ];
-    env = {
-      ROCKSDB_INCLUDE_DIR = "${rocksdb}/include";
-      ROCKSDB_LIB_DIR = "${rocksdb}/lib";
-    };
-  };
-in
-craneLib.buildPackage (
-  lib.recursiveUpdate attrs {
-    inherit cargoExtraArgs;
-    cargoArtifacts = craneLib.buildDepsOnly attrs;
-
-    # Needed to make continuwuity link to rocksdb
-    postFixup = lib.optionalString stdenv.hostPlatform.isLinux ''
-      old_rpath="$(patchelf --print-rpath $out/bin/conduwuit)"
-      extra_rpath="${
-        lib.makeLibraryPath [
-          rocksdb
-        ]
-      }"
-
-      patchelf  --set-rpath "$old_rpath:$extra_rpath" $out/bin/conduwuit
-    '';
-
-    meta = {
-      description = "A community-driven Matrix homeserver in Rust";
-      mainProgram = "conduwuit";
-      platforms = lib.platforms.all;
-      maintainers = with lib.maintainers; [ quadradical ];
-    };
-  }
-)
@@ -0,0 +1,59 @@
+{ inputs, ... }:
+{
+  perSystem =
+    {
+      self',
+      lib,
+      pkgs,
+      ...
+    }:
+    let
+      uwulib = inputs.self.uwulib.init pkgs;
+    in
+    {
+      packages =
+        lib.pipe
+          [
+            # this is the default variant
+            {
+              variantName = "default";
+              commonAttrsArgs.profile = "release";
+              rocksdb = self'.packages.rocksdb;
+              features = { };
+            }
+            # this is the variant with all features enabled (liburing + jemalloc)
+            {
+              variantName = "all-features";
+              commonAttrsArgs.profile = "release";
+              rocksdb = self'.packages.rocksdb.override {
+                enableJemalloc = true;
+              };
+              features = {
+                enabledFeatures = "all";
+                disabledFeatures = uwulib.features.defaultDisabledFeatures ++ [ "bindgen-static" ];
+              };
+            }
+          ]
+          [
+            (builtins.map (cfg: rec {
+              deps = {
+                name = "continuwuity-${cfg.variantName}-deps";
+                value = uwulib.build.buildDeps {
+                  features = uwulib.features.calcFeatures cfg.features;
+                  inherit (cfg) commonAttrsArgs rocksdb;
+                };
+              };
+              bin = {
+                name = "continuwuity-${cfg.variantName}-bin";
+                value = uwulib.build.buildPackage {
+                  deps = self'.packages.${deps.name};
+                  features = uwulib.features.calcFeatures cfg.features;
+                  inherit (cfg) commonAttrsArgs rocksdb;
+                };
+              };
+            }))
+            (builtins.concatMap builtins.attrValues)
+            builtins.listToAttrs
+          ];
+    };
+}
@@ -1,18 +1,14 @@
 {
-  self,
-  ...
-}:
-{
+  imports = [
+    ./continuwuity
+    ./rocksdb
+    ./rust.nix
+    ./uwulib
+  ];
+
  perSystem =
+    { self', ... }:
    {
-      pkgs,
-      craneLib,
-      ...
-    }:
-    {
-      packages = {
-        rocksdb = pkgs.callPackage ./rocksdb.nix { };
-        default = pkgs.callPackage ./continuwuity.nix { inherit self craneLib; };
-      };
+      packages.default = self'.packages.continuwuity-default-bin;
    };
 }
@@ -1,34 +0,0 @@
-{
-  stdenv,
-  rocksdb,
-  fetchFromGitea,
-  rust-jemalloc-sys-unprefixed,
-  ...
-}:
-(rocksdb.override {
-  # rocksdb fails to build with prefixed jemalloc, which is required on
-  # darwin due to [1]. In this case, fall back to building rocksdb with
-  # libc malloc. This should not cause conflicts, because all of the
-  # jemalloc symbols are prefixed.
-  #
-  # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17
-  jemalloc = rust-jemalloc-sys-unprefixed;
-  enableJemalloc = stdenv.hostPlatform.isLinux;
-}).overrideAttrs
-  ({
-    version = "continuwuity-v0.5.0-unstable-2026-03-27";
-    src = fetchFromGitea {
-      domain = "forgejo.ellis.link";
-      owner = "continuwuation";
-      repo = "rocksdb";
-      rev = "463f47afceebfe088f6922420265546bd237f249";
-      hash = "sha256-1ef75IDMs5Hba4VWEyXPJb02JyShy5k4gJfzGDhopRk=";
-    };
-
-    # We have this already at https://forgejo.ellis.link/continuwuation/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
-    # Unsetting `patches` so we don't have to revert it and make this nix exclusive
-    patches = [ ];
-
-    # Unset postPatch, as our version override breaks version-specific sed calls in the original package
-    postPatch = "";
-  })
@@ -0,0 +1,12 @@
+{
+  perSystem =
+    {
+      pkgs,
+      ...
+    }:
+    {
+      packages = {
+        rocksdb = pkgs.callPackage ./package.nix { };
+      };
+    };
+}
@@ -0,0 +1,87 @@
+{
+  lib,
+  stdenv,
+
+  rocksdb,
+  liburing,
+  rust-jemalloc-sys-unprefixed,
+
+  enableJemalloc ? false,
+
+  fetchFromGitea,
+
+  ...
+}:
+let
+  notDarwin = !stdenv.hostPlatform.isDarwin;
+in
+(rocksdb.override {
+  # Override the liburing input for the build with our own so
+  # we have it built with the library flag
+  inherit liburing;
+  jemalloc = rust-jemalloc-sys-unprefixed;
+
+  # rocksdb fails to build with prefixed jemalloc, which is required on
+  # darwin due to [1]. In this case, fall back to building rocksdb with
+  # libc malloc. This should not cause conflicts, because all of the
+  # jemalloc symbols are prefixed.
+  #
+  # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17
+  enableJemalloc = enableJemalloc && notDarwin;
+
+  # for some reason enableLiburing in nixpkgs rocksdb is default true
+  # which breaks Darwin entirely
+  enableLiburing = notDarwin;
+}).overrideAttrs
+  (old: {
+    src = fetchFromGitea {
+      domain = "forgejo.ellis.link";
+      owner = "continuwuation";
+      repo = "rocksdb";
+      rev = "10.5.fb";
+      sha256 = "sha256-X4ApGLkHF9ceBtBg77dimEpu720I79ffLoyPa8JMHaU=";
+    };
+    version = "10.5.fb";
+    cmakeFlags =
+      lib.subtractLists (builtins.map (flag: lib.cmakeBool flag true) [
+        # No real reason to have snappy or zlib, no one uses this
+        "WITH_SNAPPY"
+        "ZLIB"
+        "WITH_ZLIB"
+        # We don't need to use ldb or sst_dump (core_tools)
+        "WITH_CORE_TOOLS"
+        # We don't need to build rocksdb tests
+        "WITH_TESTS"
+        # We use rust-rocksdb via C interface and don't need C++ RTTI
+        "USE_RTTI"
+        # This doesn't exist in RocksDB, and USE_SSE is deprecated for
+        # PORTABLE=$(march)
+        "FORCE_SSE42"
+      ]) old.cmakeFlags
+      ++ (builtins.map (flag: lib.cmakeBool flag false) [
+        # No real reason to have snappy, no one uses this
+        "WITH_SNAPPY"
+        "ZLIB"
+        "WITH_ZLIB"
+        # We don't need to use ldb or sst_dump (core_tools)
+        "WITH_CORE_TOOLS"
+        # We don't need trace tools
+        "WITH_TRACE_TOOLS"
+        # We don't need to build rocksdb tests
+        "WITH_TESTS"
+        # We use rust-rocksdb via C interface and don't need C++ RTTI
+        "USE_RTTI"
+      ]);
+
+    enableLiburing = notDarwin;
+
+    # outputs has "tools" which we don't need or use
+    outputs = [ "out" ];
+
+    # preInstall hooks has stuff for messing with ldb/sst_dump which we don't need or use
+    preInstall = "";
+
+    # We have this already at https://forgejo.ellis.link/continuwuation/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
+    # Unsetting `patches` so we don't have to revert it and make this nix exclusive
+    patches = [ ];
+  })
@@ -4,7 +4,6 @@
    {
      system,
      lib,
-      pkgs,
      ...
    }:
    {
@@ -12,18 +11,19 @@
        let
          fnx = inputs.fenix.packages.${system};

-          stable-toolchain = fnx.fromToolchainFile {
+          stable = fnx.fromToolchainFile {
            file = inputs.self + "/rust-toolchain.toml";

            # See also `rust-toolchain.toml`
-            sha256 = "sha256-sqSWJDUxc+zaz1nBWMAJKTAGBuGWP25GCftIOlCEAtA=";
+            sha256 = "sha256-SJwZ8g0zF2WrKDVmHrVG3pD2RGoQeo24MEXnNx5FyuI=";
          };
        in
        {
-          inherit stable-toolchain;
-
+          # used for building nix stuff (doesn't include rustfmt overhead)
+          build-toolchain = stable;
+          # used for dev shells
          dev-toolchain = fnx.combine [
-            stable-toolchain
+            stable
            # use the nightly rustfmt because we use nightly features
            fnx.complete.rustfmt
          ];
@@ -0,0 +1,122 @@
+args@{ pkgs, inputs, ... }:
+let
+  inherit (pkgs) lib;
+  uwuenv = import ./environment.nix args;
+  selfpkgs = inputs.self.packages.${pkgs.stdenv.system};
+in
+rec {
+  # basic, very minimal instance of the crane library with a minimal rust toolchain
+  craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (_: selfpkgs.build-toolchain);
+  # the checks require more rust toolchain components, hence we have this separate instance of the crane library
+  craneLibForChecks = (inputs.crane.mkLib pkgs).overrideToolchain (_: selfpkgs.dev-toolchain);
+
+  # meta information (name, version, etc) of the rust crate based on the Cargo.toml
+  crateInfo = craneLib.crateNameFromCargoToml { cargoToml = "${inputs.self}/Cargo.toml"; };
+
+  src =
+    let
+      # see https://crane.dev/API.html#cranelibfiltercargosources
+      #
+      # we need to keep the `web` directory which would be filtered out by the regular source filtering function
+      #
+      # https://crane.dev/API.html#cranelibcleancargosource
+      isWebTemplate = path: _type: builtins.match ".*(src/(web|service)|docs).*" path != null;
+      isRust = craneLib.filterCargoSources;
+      isNix = path: _type: builtins.match ".+/nix.*" path != null;
+      webOrRustNotNix = p: t: !(isNix p t) && (isWebTemplate p t || isRust p t);
+    in
+    lib.cleanSourceWith {
+      src = inputs.self;
+      filter = webOrRustNotNix;
+      name = "source";
+    };
+
+  # common attrs that are shared between building continuwuity's deps and the package itself
+  commonAttrs =
+    {
+      profile ? "dev",
+      ...
+    }:
+    {
+      inherit (crateInfo)
+        pname
+        version
+        ;
+      inherit src;
+
+      # this prevents unnecessary rebuilds
+      strictDeps = true;
+
+      dontStrip = profile == "dev" || profile == "test";
+      dontPatchELF = profile == "dev" || profile == "test";
+
+      doCheck = true;
+
+      nativeBuildInputs = [
+        # bindgen needs the build platform's libclang. Apparently due to "splicing
+        # weirdness", pkgs.rustPlatform.bindgenHook on its own doesn't quite do the
+        # right thing here.
+        pkgs.rustPlatform.bindgenHook
+      ];
+    };
+
+  makeRocksDBEnv =
+    { rocksdb }:
+    {
+      ROCKSDB_INCLUDE_DIR = "${rocksdb}/include";
+      ROCKSDB_LIB_DIR = "${rocksdb}/lib";
+    };
+
+  # function that builds the continuwuity dependencies derivation
+  buildDeps =
+    {
+      rocksdb,
+      features,
+      commonAttrsArgs,
+    }:
+    craneLib.buildDepsOnly (
+      (commonAttrs commonAttrsArgs)
+      // {
+        env = uwuenv.buildDepsOnlyEnv
+              // (makeRocksDBEnv { inherit rocksdb; })
+              // {
+                # required since we started using unstable reqwest apparently ... otherwise the all-features build will fail
+                RUSTFLAGS = "--cfg reqwest_unstable";
+              };
+        inherit (features) cargoExtraArgs;
+      }
+
+    );
+
+  # function that builds the continuwuity package
+  buildPackage =
+    {
+      deps,
+      rocksdb,
+      features,
+      commonAttrsArgs,
+    }:
+    let
+      rocksdbEnv = makeRocksDBEnv { inherit rocksdb; };
+    in
+    craneLib.buildPackage (
+      (commonAttrs commonAttrsArgs)
+      // {
+        postFixup = ''
+          patchelf --set-rpath "$(${pkgs.patchelf}/bin/patchelf --print-rpath $out/bin/${crateInfo.pname}):${rocksdb}/lib" $out/bin/${crateInfo.pname}
+        '';
+        cargoArtifacts = deps;
+        doCheck = true;
+        env =
+          uwuenv.buildPackageEnv
+          // rocksdbEnv
+          // {
+            # required since we started using unstable reqwest apparently ... otherwise the all-features build will fail
+            RUSTFLAGS = "--cfg reqwest_unstable";
+          };
+        passthru.env = uwuenv.buildPackageEnv // rocksdbEnv;
+        meta.mainProgram = crateInfo.pname;
+        inherit (features) cargoExtraArgs;
+      }
+    );
+}
@@ -0,0 +1,10 @@
+{ inputs, ... }:
+{
+  flake.uwulib = {
+    init = pkgs: {
+      features = import ./features.nix { inherit pkgs inputs; };
+      environment = import ./environment.nix { inherit pkgs inputs; };
+      build = import ./build.nix { inherit pkgs inputs; };
+    };
+  };
+}
@@ -0,0 +1,18 @@
+args@{ pkgs, inputs, ... }:
+let
+  uwubuild = import ./build.nix args;
+in
+rec {
+  buildDepsOnlyEnv = {
+    # https://crane.dev/faq/rebuilds-bindgen.html
+    NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
+    CARGO_PROFILE = "release";
+  }
+  // uwubuild.craneLib.mkCrossToolchainEnv (p: pkgs.clangStdenv);
+
+  buildPackageEnv = {
+    GIT_COMMIT_HASH = inputs.self.rev or inputs.self.dirtyRev or "";
+    GIT_COMMIT_HASH_SHORT = inputs.self.shortRev or inputs.self.dirtyShortRev or "";
+  }
+  // buildDepsOnlyEnv;
+}
@@ -0,0 +1,77 @@
+{ pkgs, inputs, ... }:
+let
+  inherit (pkgs) lib;
+in
+rec {
+  defaultDisabledFeatures = [
+    # dont include experimental features
+    "experimental"
+    # jemalloc profiling/stats features are expensive and shouldn't
+    # be expected on non-debug builds.
+    "jemalloc_prof"
+    "jemalloc_stats"
+    # this is non-functional on nix for some reason
+    "hardened_malloc"
+    # conduwuit_mods is a development-only hot reload feature
+    "conduwuit_mods"
+    # we don't want to enable this feature set by default but be more specific about it
+    "full"
+  ];
+  # We perform default-feature unification in nix, because some of the dependencies
+  # on the nix side depend on feature values.
+  calcFeatures =
+    {
+      tomlPath ? "${inputs.self}/src/main",
+      # either a list of feature names or a string "all" which enables all non-default features
+      enabledFeatures ? [ ],
+      disabledFeatures ? defaultDisabledFeatures,
+      default_features ? true,
+      disable_release_max_log_level ? false,
+    }:
+    let
+      # simple helper to get the contents of a Cargo.toml file in a nix format
+      getToml = path: lib.importTOML "${path}/Cargo.toml";
+
+      # get all the features except for the default features
+      allFeatures = lib.pipe tomlPath [
+        getToml
+        (manifest: manifest.features)
+        lib.attrNames
+        (lib.remove "default")
+      ];
+
+      # get just the default enabled features
+      allDefaultFeatures = lib.pipe tomlPath [
+        getToml
+        (manifest: manifest.features.default)
+      ];
+
+      # depending on the value of enabledFeatures choose just a set or all non-default features
+      #
+      # - [ list of features ] -> choose exactly the features listed
+      # - "all" -> choose all non-default features
+      additionalFeatures = if enabledFeatures == "all" then allFeatures else enabledFeatures;
+
+      # unification with default features (if enabled)
+      features = lib.unique (additionalFeatures ++ lib.optionals default_features allDefaultFeatures);
+
+      # prepare the features that are subtracted from the set
+      disabledFeatures' =
+        disabledFeatures ++ lib.optionals disable_release_max_log_level [ "release_max_log_level" ];
+
+      # construct the final feature set
+      finalFeatures = lib.subtractLists disabledFeatures' features;
+    in
+    {
+      # final feature set, useful for querying it
+      features = finalFeatures;
+
+      # crane flag with the relevant features
+      cargoExtraArgs = builtins.concatStringsSep " " [
+        "--no-default-features"
+        "--locked"
+        (lib.optionalString (finalFeatures != [ ]) "--features")
+        (builtins.concatStringsSep "," finalFeatures)
+      ];
+    };
+}
@@ -1,14 +0,0 @@
-{
-  perSystem =
-    { pkgs, ... }:
-    {
-      apps.update-rocksdb = {
-        type = "app";
-        program = pkgs.writeShellApplication {
-          name = "update-rocksdb";
-          runtimeInputs = [ pkgs.nix-update ];
-          text = "nix-update rocksdb -F --version branch";
-        };
-      };
-    };
-}
@@ -0,0 +1,28 @@
+{ inputs, ... }:
+{
+  perSystem =
+    {
+      self',
+      lib,
+      pkgs,
+      ...
+    }:
+    let
+      uwulib = inputs.self.uwulib.init pkgs;
+      rocksdbAllFeatures = self'.packages.rocksdb.override {
+        enableJemalloc = true;
+      };
+    in
+    {
+      # basic nix shell containing all things necessary to build continuwuity in all flavors manually (on x86_64-linux)
+      devShells.default = uwulib.build.craneLib.devShell {
+        packages = [
+          pkgs.pkg-config
+          pkgs.liburing
+          pkgs.rust-jemalloc-sys-unprefixed
+          rocksdbAllFeatures
+        ];
+        env.LIBCLANG_PATH = lib.makeLibraryPath [ pkgs.llvmPackages.libclang.lib ];
+      };
+    };
+}
@@ -0,0 +1,150 @@
+{
+  perSystem =
+    {
+      self',
+      lib,
+      pkgs,
+      ...
+    }:
+    let
+      baseTestScript =
+        pkgs.writers.writePython3Bin "do_test" { libraries = [ pkgs.python3Packages.matrix-nio ]; }
+          ''
+            import asyncio
+            import nio
+
+
+            async def main() -> None:
+                # Connect to continuwuity
+                client = nio.AsyncClient("http://continuwuity:6167", "alice")
+
+                # Register as user alice
+                response = await client.register("alice", "my-secret-password")
+
+                # Log in as user alice
+                response = await client.login("my-secret-password")
+
+                # Create a new room
+                response = await client.room_create(federate=False)
+                print("Matrix room create response:", response)
+                assert isinstance(response, nio.RoomCreateResponse)
+                room_id = response.room_id
+
+                # Join the room
+                response = await client.join(room_id)
+                print("Matrix join response:", response)
+                assert isinstance(response, nio.JoinResponse)
+
+                # Send a message to the room
+                response = await client.room_send(
+                    room_id=room_id,
+                    message_type="m.room.message",
+                    content={
+                        "msgtype": "m.text",
+                        "body": "Hello continuwuity!"
+                    }
+                )
+                print("Matrix room send response:", response)
+                assert isinstance(response, nio.RoomSendResponse)
+
+                # Sync responses
+                response = await client.sync(timeout=30000)
+                print("Matrix sync response:", response)
+                assert isinstance(response, nio.SyncResponse)
+
+                # Check the message was received by continuwuity
+                last_message = response.rooms.join[room_id].timeline.events[-1].body
+                assert last_message == "Hello continuwuity!"
+
+                # Leave the room
+                response = await client.room_leave(room_id)
+                print("Matrix room leave response:", response)
+                assert isinstance(response, nio.RoomLeaveResponse)
+
+                # Close the client
+                await client.close()
+
+
+            if __name__ == "__main__":
+                asyncio.run(main())
+          '';
+    in
+    {
+      # run some nixos tests as checks
+      checks = lib.pipe self'.packages [
+        # we take all packages (names)
+        builtins.attrNames
+        # we filter out all packages that end with `-bin` (which we are interested in for testing)
+        (builtins.filter (lib.hasSuffix "-bin"))
+        # for each of these binaries we built the basic nixos test
+        #
+        # this test was initially yoinked from
+        #
+        # https://github.com/NixOS/nixpkgs/blob/960ce26339661b1b69c6f12b9063ca51b688615f/nixos/tests/matrix/continuwuity.nix
+        (builtins.concatMap (
+          name:
+          builtins.map
+            (
+              { config, suffix }:
+              {
+                name = "test-${name}-${suffix}";
+                value = pkgs.testers.runNixOSTest {
+                  inherit name;
+
+                  nodes = {
+                    continuwuity = {
+                      services.matrix-continuwuity = {
+                        enable = true;
+                        package = self'.packages.${name};
+                        settings = config;
+                        extraEnvironment.RUST_BACKTRACE = "yes";
+                      };
+                      networking.firewall.allowedTCPPorts = [ 6167 ];
+                    };
+                    client.environment.systemPackages = [ baseTestScript ];
+                  };
+
+                  testScript = ''
+                    start_all()
+
+                    with subtest("start continuwuity"):
+                          continuwuity.wait_for_unit("continuwuity.service")
+                          continuwuity.wait_for_open_port(6167)
+
+                    with subtest("ensure messages can be exchanged"):
+                          client.succeed("${lib.getExe baseTestScript} >&2")
+                  '';
+
+                };
+              }
+            )
+            [
+              {
+                suffix = "base";
+                config = {
+                  global = {
+                    server_name = name;
+                    address = [ "0.0.0.0" ];
+                    allow_registration = true;
+                    yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
+                  };
+                };
+              }
+              {
+                suffix = "with-room-version";
+                config = {
+                  global = {
+                    server_name = name;
+                    address = [ "0.0.0.0" ];
+                    allow_registration = true;
+                    yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
+                    default_room_version = "12";
+                  };
+                };
+              }
+            ]
+        ))
+        builtins.listToAttrs
+      ];
+    };
+}
@@ -25,6 +25,6 @@
    "@rspress/core": "^2.0.0",
    "@rspress/plugin-client-redirects": "^2.0.0",
    "@rspress/plugin-sitemap": "^2.0.0",
-    "typescript": "^6.0.0"
+    "typescript": "^5.9.3"
  }
 }
@@ -18,7 +18,6 @@ Environment="CONTINUWUITY_DATABASE_PATH=%S/conduwuit"
 Environment="CONTINUWUITY_CONFIG_RELOAD_SIGNAL=true"

 LoadCredential=conduwuit.toml:/etc/conduwuit/conduwuit.toml
-RefreshOnReload=yes

 ExecStart=/usr/bin/conduwuit --config ${CREDENTIALS_DIRECTORY}/conduwuit.toml

@@ -1,6 +1,6 @@
 {
    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": ["config:recommended", "replacements:all", ":semanticCommitTypeAll(chore)", "helpers:pinGitHubActionDigests"],
+    "extends": ["config:recommended", "replacements:all"],
    "dependencyDashboard": true,
    "osvVulnerabilityAlerts": true,
    "lockFileMaintenance": {
@@ -36,18 +36,10 @@
    },
    "packageRules": [
        {
-            "description": "Batch minor and patch Rust dependency updates",
-            "matchManagers": ["cargo"],
-            "matchUpdateTypes": ["minor", "patch"],
-            "matchCurrentVersion": ">=1.0.0",
-            "groupName": "rust-non-major"
-        },
-        {
-            "description": "Batch patch-level zerover Rust dependency updates",
+            "description": "Batch patch-level Rust dependency updates",
            "matchManagers": ["cargo"],
            "matchUpdateTypes": ["patch"],
-            "matchCurrentVersion": ">=0.1.0,<1.0.0",
-            "groupName": "rust-zerover-patch-updates"
+            "groupName": "rust-patch-updates"
        },
        {
            "description": "Limit concurrent Cargo PRs",
@@ -95,16 +87,16 @@
        }
    ],
    "customManagers": [
-        {
-            "customType": "regex",
-            "description": "Update _VERSION variables in Dockerfiles",
-            "managerFilePatterns": [
-                "/(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$/",
-                "/(^|/|\\.)([Dd]ocker|[Cc]ontainer)file$/"
-            ],
-            "matchStrings": [
-                "# renovate: datasource=(?<datasource>[a-zA-Z0-9-._]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?(?: registryUrl=(?<registryUrl>[^\\s]+?))?\\s+(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_VERSION[ =][\"']?(?<currentValue>.+?)[\"']?\\s+(?:(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_CHECKSUM[ =][\"']?(?<currentDigest>.+?)[\"']?\\s)?"
-            ]
-        }
+       {
+         "customType": "regex",
+         "description": "Update _VERSION variables in Dockerfiles",
+         "managerFilePatterns": [
+           "/(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$/",
+           "/(^|/|\\.)([Dd]ocker|[Cc]ontainer)file$/"
+         ],
+         "matchStrings": [
+           "# renovate: datasource=(?<datasource>[a-zA-Z0-9-._]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?(?: registryUrl=(?<registryUrl>[^\\s]+?))?\\s+(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_VERSION[ =][\"']?(?<currentValue>.+?)[\"']?\\s+(?:(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_CHECKSUM[ =][\"']?(?<currentDigest>.+?)[\"']?\\s)?"
+         ]
+       }
    ]
 }
@@ -10,7 +10,7 @@

 [toolchain]
 profile = "minimal"
-channel = "1.92.0"
+channel = "1.90.0"
 components = [
    # For rust-analyzer
    "rust-src",
@@ -2,7 +2,6 @@
 name = "conduwuit_admin"
 description.workspace = true
 edition.workspace = true
-homepage.workspace = true
 license.workspace = true
 readme.workspace = true
 repository.workspace = true
@@ -80,9 +79,7 @@ conduwuit-database.workspace = true
 conduwuit-macros.workspace = true
 conduwuit-service.workspace = true
 const-str.workspace = true
-ctor.workspace = true
 futures.workspace = true
-lettre.workspace = true
 log.workspace = true
 ruma.workspace = true
 serde_json.workspace = true
@@ -19,7 +19,6 @@ use conduwuit::{
 	warn,
 };
 use futures::{FutureExt, StreamExt, TryStreamExt};
-use lettre::message::Mailbox;
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, OwnedRoomId,
 	OwnedRoomOrAliasId, OwnedServerName, RoomId, RoomVersionId,
@@ -877,31 +876,3 @@ pub(super) async fn trim_memory(&self) -> Result {

 	writeln!(self, "done").await
 }
-
-#[admin_command]
-pub(super) async fn send_test_email(&self) -> Result {
-	self.bail_restricted()?;
-
-	let mailer = self.services.mailer.expect_mailer()?;
-	let Some(sender) = self.sender else {
-		return Err!("No sender user provided in context");
-	};
-
-	let Some(email) = self
-		.services
-		.threepid
-		.get_email_for_localpart(sender.localpart())
-		.await
-	else {
-		return Err!("{} has no associated email address", sender);
-	};
-
-	mailer
-		.send(Mailbox::new(None, email.clone()), service::mailer::messages::Test)
-		.await?;
-
-	self.write_str(&format!("Test email successfully sent to {email}"))
-		.await?;
-
-	Ok(())
-}
@@ -225,9 +225,6 @@ pub enum DebugCommand {
 		level: Option<i32>,
 	},

-	/// Send a test email to the invoking admin's email address
-	SendTestEmail,
-
 	/// Developer test stubs
 	#[command(subcommand)]
 	#[allow(non_snake_case)]
@@ -3,8 +3,6 @@
 #![allow(clippy::enum_glob_use)]
 #![allow(clippy::too_many_arguments)]

-conduwuit_macros::introspect_crate! {}
-
 pub(crate) mod admin;
 pub(crate) mod context;
 pub(crate) mod processor;
@@ -1,10 +1,6 @@
 use clap::Subcommand;
-use conduwuit::{
-	Result,
-	utils::{IterStream, stream::BroadbandExt},
-};
-use futures::StreamExt;
-use ruma::{OwnedDeviceId, OwnedUserId};
+use conduwuit::Result;
+use ruma::OwnedUserId;

 use crate::Context;

@@ -15,23 +11,6 @@ pub enum PusherCommand {
 		/// Full user ID
 		user_id: OwnedUserId,
 	},
-
-	/// Deletes a specific pusher by ID
-	DeletePusher {
-		user_id: OwnedUserId,
-		pusher_id: String,
-	},
-
-	/// Deletes all pushers for a user
-	DeleteAllUser {
-		user_id: OwnedUserId,
-	},
-
-	/// Deletes all pushers associated with a device ID
-	DeleteAllDevice {
-		user_id: OwnedUserId,
-		device_id: OwnedDeviceId,
-	},
 }

 pub(super) async fn process(subcommand: PusherCommand, context: &Context<'_>) -> Result {
@@ -45,51 +24,6 @@ pub(super) async fn process(subcommand: PusherCommand, context: &Context<'_>) ->

 			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		| PusherCommand::DeletePusher { user_id, pusher_id } => {
-			services.pusher.delete_pusher(&user_id, &pusher_id).await;
-			write!(context, "Deleted pusher {pusher_id} for {user_id}.")
-		},
-		| PusherCommand::DeleteAllUser { user_id } => {
-			let pushers = services
-				.pusher
-				.get_pushkeys(&user_id)
-				.collect::<Vec<_>>()
-				.await;
-			let pusher_count = pushers.len();
-			pushers
-				.stream()
-				.for_each(async |pushkey| {
-					services.pusher.delete_pusher(&user_id, pushkey).await;
-				})
-				.await;
-			write!(context, "Deleted {pusher_count} pushers for {user_id}.")
-		},
-		| PusherCommand::DeleteAllDevice { user_id, device_id } => {
-			let pushers = services
-				.pusher
-				.get_pushkeys(&user_id)
-				.map(ToOwned::to_owned)
-				.broad_filter_map(async |pushkey| {
-					services
-						.pusher
-						.get_pusher_device(&pushkey)
-						.await
-						.ok()
-						.as_ref()
-						.is_some_and(|pusher_device| pusher_device == &device_id)
-						.then_some(pushkey)
-				})
-				.collect::<Vec<_>>()
-				.await;
-			let pusher_count = pushers.len();
-			pushers
-				.stream()
-				.for_each(async |pushkey| {
-					services.pusher.delete_pusher(&user_id, &pushkey).await;
-				})
-				.await;
-			write!(context, "Deleted {pusher_count} pushers for {device_id}.")
-		},
 	}
 	.await
 }
@@ -1,4 +1,4 @@
-use std::{fmt::Write, path::PathBuf, sync::Arc};
+use std::{path::PathBuf, sync::Arc};

 use conduwuit::{
 	Err, Result,
@@ -153,97 +153,3 @@ pub(super) async fn shutdown(&self) -> Result {

 	self.write_str("Shutting down server...").await
 }
-
-#[admin_command]
-pub(super) async fn list_features(&self) -> Result {
-	let mut enabled_features = conduwuit::info::introspection::ENABLED_FEATURES
-		.lock()
-		.expect("locked")
-		.iter()
-		.flat_map(|(_, f)| f.iter())
-		.collect::<Vec<_>>();
-
-	enabled_features.sort_unstable();
-	enabled_features.dedup();
-
-	let mut available_features = conduwuit::build_metadata::WORKSPACE_FEATURES
-		.iter()
-		.flat_map(|(_, f)| f.iter())
-		.collect::<Vec<_>>();
-
-	available_features.sort_unstable();
-	available_features.dedup();
-
-	let mut features = String::new();
-
-	for feature in available_features {
-		let active = enabled_features.contains(&feature);
-		let emoji = if active { "✅" } else { "❌" };
-		let remark = if active { "[enabled]" } else { "" };
-		writeln!(features, "{emoji} {feature} {remark}")?;
-	}
-
-	self.write_str(&features).await
-}
-
-#[admin_command]
-pub(super) async fn build_info(&self) -> Result {
-	use conduwuit::build_metadata::built;
-
-	let mut info = String::new();
-
-	// Version information
-	writeln!(info, "# Build Information\n")?;
-	writeln!(info, "**Version:** {}", built::PKG_VERSION)?;
-	writeln!(info, "**Package:** {}", built::PKG_NAME)?;
-	writeln!(info, "**Description:** {}", built::PKG_DESCRIPTION)?;
-
-	// Git information
-	writeln!(info, "\n## Git Information\n")?;
-	if let Some(hash) = conduwuit::build_metadata::GIT_COMMIT_HASH {
-		writeln!(info, "**Commit Hash:** {hash}")?;
-	}
-	if let Some(hash) = conduwuit::build_metadata::GIT_COMMIT_HASH_SHORT {
-		writeln!(info, "**Commit Hash (short):** {hash}")?;
-	}
-	if let Some(url) = conduwuit::build_metadata::GIT_REMOTE_WEB_URL {
-		writeln!(info, "**Repository:** {url}")?;
-	}
-	if let Some(url) = conduwuit::build_metadata::GIT_REMOTE_COMMIT_URL {
-		writeln!(info, "**Commit URL:** {url}")?;
-	}
-
-	// Build environment
-	writeln!(info, "\n## Build Environment\n")?;
-	writeln!(info, "**Profile:** {}", built::PROFILE)?;
-	writeln!(info, "**Optimization Level:** {}", built::OPT_LEVEL)?;
-	writeln!(info, "**Debug:** {}", built::DEBUG)?;
-	writeln!(info, "**Target:** {}", built::TARGET)?;
-	writeln!(info, "**Host:** {}", built::HOST)?;
-
-	// Rust compiler information
-	writeln!(info, "\n## Compiler Information\n")?;
-	writeln!(info, "**Rustc Version:** {}", built::RUSTC_VERSION)?;
-	if !built::RUSTDOC_VERSION.is_empty() {
-		writeln!(info, "**Rustdoc Version:** {}", built::RUSTDOC_VERSION)?;
-	}
-
-	// Target configuration
-	writeln!(info, "\n## Target Configuration\n")?;
-	writeln!(info, "**Architecture:** {}", built::CFG_TARGET_ARCH)?;
-	writeln!(info, "**OS:** {}", built::CFG_OS)?;
-	writeln!(info, "**Family:** {}", built::CFG_FAMILY)?;
-	writeln!(info, "**Endianness:** {}", built::CFG_ENDIAN)?;
-	writeln!(info, "**Pointer Width:** {} bits", built::CFG_POINTER_WIDTH)?;
-	if !built::CFG_ENV.is_empty() {
-		writeln!(info, "**Environment:** {}", built::CFG_ENV)?;
-	}
-
-	// CI information
-	if let Some(ci) = built::CI_PLATFORM {
-		writeln!(info, "\n## CI Platform\n")?;
-		writeln!(info, "**Platform:** {ci}")?;
-	}
-
-	self.write_str(&info).await
-}
@@ -52,10 +52,4 @@ pub enum ServerCommand {

 	/// Shutdown the server
 	Shutdown,
-
-	/// List features built into the server
-	ListFeatures,
-
-	/// Build information
-	BuildInfo,
 }
@@ -3,10 +3,7 @@ use std::{
 	fmt::Write as _,
 };

-use api::client::{
-	full_user_deactivate, join_room_by_id_helper, leave_room, recreate_push_rules_and_return,
-	remote_leave_room,
-};
+use api::client::{full_user_deactivate, join_room_by_id_helper, leave_room, remote_leave_room};
 use conduwuit::{
 	Err, Result, debug_warn, error, info,
 	matrix::{Event, pdu::PduBuilder},
@@ -14,7 +11,6 @@ use conduwuit::{
 	warn,
 };
 use futures::{FutureExt, StreamExt};
-use lettre::Address;
 use ruma::{
 	OwnedEventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedServerName, OwnedUserId, UserId,
 	events::{
@@ -300,31 +296,6 @@ pub(super) async fn reset_password(
 	Ok(())
 }

-#[admin_command]
-pub(super) async fn issue_password_reset_link(&self, username: String) -> Result {
-	use conduwuit_service::password_reset::{PASSWORD_RESET_PATH, RESET_TOKEN_QUERY_PARAM};
-
-	self.bail_restricted()?;
-
-	let mut reset_url = self
-		.services
-		.config
-		.get_client_domain()
-		.join(PASSWORD_RESET_PATH)
-		.unwrap();
-
-	let user_id = parse_local_user_id(self.services, &username)?;
-	let token = self.services.password_reset.issue_token(user_id).await?;
-	reset_url
-		.query_pairs_mut()
-		.append_pair(RESET_TOKEN_QUERY_PARAM, &token.token);
-
-	self.write_str(&format!("Password reset link issued for {username}: {reset_url}"))
-		.await?;
-
-	Ok(())
-}
-
 #[admin_command]
 pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) -> Result {
 	if self.body.len() < 2
@@ -1098,117 +1069,3 @@ pub(super) async fn enable_login(&self, user_id: String) -> Result {

 	self.write_str(&format!("{user_id} can now log in.")).await
 }
-
-#[admin_command]
-pub(super) async fn get_email(&self, user_id: String) -> Result {
-	self.bail_restricted()?;
-	let user_id = parse_local_user_id(self.services, &user_id)?;
-
-	match self
-		.services
-		.threepid
-		.get_email_for_localpart(user_id.localpart())
-		.await
-	{
-		| Some(email) =>
-			self.write_str(&format!("{user_id} has the associated email address {email}."))
-				.await,
-		| None =>
-			self.write_str(&format!("{user_id} has no associated email address."))
-				.await,
-	}
-}
-
-#[admin_command]
-pub(super) async fn get_user_by_email(&self, email: String) -> Result {
-	self.bail_restricted()?;
-
-	let Ok(email) = Address::try_from(email) else {
-		return Err!("Invalid email address.");
-	};
-
-	match self.services.threepid.get_localpart_for_email(&email).await {
-		| Some(localpart) => {
-			let user_id = OwnedUserId::parse(format!(
-				"@{localpart}:{}",
-				self.services.globals.server_name()
-			))
-			.unwrap();
-
-			self.write_str(&format!("{email} belongs to {user_id}."))
-				.await
-		},
-		| None =>
-			self.write_str(&format!("No user has {email} as their email address."))
-				.await,
-	}
-}
-
-#[admin_command]
-pub(super) async fn change_email(&self, user_id: String, email: Option<String>) -> Result {
-	self.bail_restricted()?;
-
-	let user_id = parse_local_user_id(self.services, &user_id)?;
-	let Ok(new_email) = email.map(Address::try_from).transpose() else {
-		return Err!("Invalid email address.");
-	};
-
-	if self.services.mailer.mailer().is_none() {
-		warn!("SMTP has not been configured on this server, emails cannot be sent.");
-	}
-
-	let current_email = self
-		.services
-		.threepid
-		.get_email_for_localpart(user_id.localpart())
-		.await;
-
-	match (current_email, new_email) {
-		| (None, None) =>
-			self.write_str(&format!(
-				"{user_id} already had no associated email. No changes have been made."
-			))
-			.await,
-		| (current_email, Some(new_email)) => {
-			self.services
-				.threepid
-				.associate_localpart_email(user_id.localpart(), &new_email)
-				.await?;
-
-			if let Some(current_email) = current_email {
-				self.write_str(&format!(
-					"The associated email of {user_id} has been changed from {current_email} to \
-					 {new_email}."
-				))
-				.await
-			} else {
-				self.write_str(&format!(
-					"{user_id} has been associated with the email {new_email}."
-				))
-				.await
-			}
-		},
-		| (Some(current_email), None) => {
-			self.services
-				.threepid
-				.disassociate_localpart_email(user_id.localpart())
-				.await;
-
-			self.write_str(&format!(
-				"The associated email of {user_id} has been removed (it was {current_email})."
-			))
-			.await
-		},
-	}
-}
-
-#[admin_command]
-pub(super) async fn reset_push_rules(&self, user_id: String) -> Result {
-	let user_id = parse_local_user_id(self.services, &user_id)?;
-	if !self.services.users.is_active(&user_id).await {
-		return Err!("User is not active.");
-	}
-	recreate_push_rules_and_return(self.services, &user_id).await?;
-	self.write_str("Reset user's push rules to the server default.")
-		.await
-}
@@ -29,30 +29,6 @@ pub enum UserCommand {
 		password: Option<String>,
 	},

-	/// Issue a self-service password reset link for a user.
-	IssuePasswordResetLink {
-		/// Username of the user who may use the link
-		username: String,
-	},
-
-	/// Get a user's associated email address.
-	GetEmail {
-		user_id: String,
-	},
-
-	/// Get the user with the given email address.
-	GetUserByEmail {
-		email: String,
-	},
-
-	/// Update or remove a user's email address.
-	///
-	/// If `email` is not supplied, the user's existing address will be removed.
-	ChangeEmail {
-		user_id: String,
-		email: Option<String>,
-	},
-
 	/// Deactivate a user
 	///
 	/// User will be removed from all rooms by default.
@@ -257,10 +233,4 @@ pub enum UserCommand {
 		#[arg(long)]
 		yes_i_want_to_do_this: bool,
 	},
-
-	/// Resets the push-rules (notification settings) of the target user to the
-	/// server defaults.
-	ResetPushRules {
-		user_id: String,
-	},
 }
@@ -2,7 +2,6 @@
 name = "conduwuit_api"
 description.workspace = true
 edition.workspace = true
-homepage.workspace = true
 license.workspace = true
 readme.workspace = true
 repository.workspace = true
@@ -77,10 +76,8 @@ axum.workspace = true
 base64.workspace = true
 bytes.workspace = true
 conduwuit-core.workspace = true
-conduwuit-macros.workspace = true
 conduwuit-service.workspace = true
 const-str.workspace = true
-ctor.workspace = true
 futures.workspace = true
 hmac.workspace = true
 http.workspace = true
@@ -88,7 +85,6 @@ http-body-util.workspace = true
 hyper.workspace = true
 ipaddress.workspace = true
 itertools.workspace = true
-lettre.workspace = true
 log.workspace = true
 rand.workspace = true
 reqwest.workspace = true
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
timedout	18e4f787a2	style: Reduce migration warning verbosity to info They aren't actually warning of anything	2026-03-05 05:46:52 +00:00
timedout	d0c7dfe63a	style: Reduce verbosity of `fix_corrupt_msc4133_fields`	2026-03-05 05:45:37 +00:00
timedout	acc5aa3f25	fix: Don't fail on invalid stripped state entries during migration	2026-03-05 05:43:57 +00:00
timedout	b4a330f260	perf: Insert missed migration markers into fresh databases	2026-03-05 05:40:03 +00:00
timedout	afa9678564	feat: Make noise about migrations and make errors more informative	2026-03-05 05:38:19 +00:00
				`@@ -1 +0,0 @@`
				`Added support for associating email addresses with accounts, requiring email addresses for registration, and resetting passwords via email. Contributed by @ginger`
				`@@ -1 +0,0 @@`
				`Added support for using an admin command to issue self-service password reset links.`
				`@@ -1 +0,0 @@`
				`Added support for requiring users to accept terms and conditions when registering.`
				`@@ -1 +0,0 @@`
				`Fixed room alias deletion so removing one local alias no longer removes other aliases from room alias listings.`
				`@@ -1 +0,0 @@`
				`Fixed corrupted appservice registrations causing the server to enter a crash loop. Contributed by @nex.`
				`@@ -1 +0,0 @@`
				`Added Testing and Troubleshooting instructions for Livekit documentation. Contributed by @stratself.`
				`@@ -1 +0,0 @@`
				Add new config option to allow or disallow search engine indexing through a `<meta ../>` tag. Defaults to blocking indexing (`content="noindex"`). Contributed by @s1lv3r and @ginger.
				`@@ -1 +0,0 @@`
				Stripped `join_authorised_via_users_server` from json if user is already in room (@partha:cxy.run)
				`@@ -1 +0,0 @@`
				`Fixed internal server errors for fetching thumbnails. Contributed by @PerformativeJade`