document all the fancy admin room config options and arguments

Signed-off-by: strawberry <strawberry@puppygock.gay>

.gitlab-ci.yml

@@ -58,7 +58,7 @@ before_script:
 
 ci:
   stage: ci
-  image: nixos/nix:2.23.3
+  image: nixos/nix:2.24.4
   script:
     # Cache CI dependencies
     - ./bin/nix-build-and-cache ci
@@ -83,7 +83,7 @@ ci:
 
 artifacts:
   stage: artifacts
-  image: nixos/nix:2.23.3
+  image: nixos/nix:2.24.4
   script:
     - ./bin/nix-build-and-cache just .#static-x86_64-unknown-linux-musl
     - cp result/bin/conduit x86_64-unknown-linux-musl

Cargo.lock

@@ -130,7 +130,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -141,7 +141,7 @@ checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -376,7 +376,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.75",
+ "syn 2.0.76",
  "which",
 ]
 
@@ -572,7 +572,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -746,7 +746,7 @@ dependencies = [
  "itertools 0.13.0",
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -1042,7 +1042,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edb49164822f3ee45b17acd4a208cfc1251410cf0cad9a833234c9890774dd9f"
 dependencies = [
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -1069,7 +1069,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -1179,7 +1179,7 @@ dependencies = [
  "heck 0.4.1",
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -1331,7 +1331,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -1602,7 +1602,7 @@ dependencies = [
  "markup5ever",
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -1966,7 +1966,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -2497,7 +2497,7 @@ dependencies = [
  "proc-macro2",
  "proc-macro2-diagnostics",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -2590,7 +2590,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -2662,7 +2662,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e"
 dependencies = [
  "proc-macro2",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -2691,7 +2691,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
  "version_check",
  "yansi",
 ]
@@ -2716,7 +2716,7 @@ dependencies = [
  "itertools 0.13.0",
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -3131,7 +3131,7 @@ dependencies = [
  "quote",
  "ruma-identifiers-validation",
  "serde",
- "syn 2.0.75",
+ "syn 2.0.76",
  "toml",
 ]
 
@@ -3560,22 +3560,22 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.208"
+version = "1.0.209"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2"
+checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.208"
+version = "1.0.209"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf"
+checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -3869,9 +3869,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.75"
+version = "2.0.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9"
+checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3947,7 +3947,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -4058,9 +4058,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.39.3"
+version = "1.40.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9babc99b9923bfa4804bd74722ff02c0381021eafa4db9949217e3be8e84fff5"
+checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998"
 dependencies = [
  "backtrace",
  "bytes",
@@ -4082,7 +4082,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -4306,7 +4306,7 @@ source = "git+https://github.com/girlbossceo/tracing?rev=4d78a14a5e03f539b8c6b47
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -4577,7 +4577,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
  "wasm-bindgen-shared",
 ]
 
@@ -4611,7 +4611,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -4976,7 +4976,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]
@@ -4996,7 +4996,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.75",
+ "syn 2.0.76",
 ]
 
 [[package]]

Cargo.toml

@@ -142,7 +142,7 @@ features = [
 ]
 
 [workspace.dependencies.serde]
-version = "1.0.204"
+version = "1.0.209"
 default-features = false
 features = ["rc"]
 
@@ -216,7 +216,7 @@ version = "0.3.30"
 default-features = false
 
 [workspace.dependencies.tokio]
-version = "1.39.2"
+version = "1.40.0"
 default-features = false
 features = [
 	"fs",
@@ -449,7 +449,7 @@ default-features = false
 version = "0.1"
 
 [workspace.dependencies.syn]
-version = "2.0.72"
+version = "2.0.76"
 default-features = false
 features = ["full", "extra-traits"]
 

README.md

@@ -1,15 +1,20 @@
 # conduwuit
 
-`main` / stable: [![CI and
+`main`: [![CI and
 Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)
 
-<!-- ANCHOR: catchphrase --> ### a very cool, featureful fork of
+<!-- ANCHOR: catchphrase -->
-[Conduit](https://conduit.rs/) <!-- ANCHOR_END: catchphrase -->
+
+### a very cool, featureful fork of [Conduit](https://conduit.rs/)
+
+<!-- ANCHOR_END: catchphrase -->
 
 Visit the [Conduwuit documentation](https://conduwuit.puppyirl.gay/) for more
 information.
 
-<!-- ANCHOR: body --> #### What is Matrix?
+<!-- ANCHOR: body -->
+
+#### What is Matrix?
 
 [Matrix](https://matrix.org) is an open network for secure and decentralized
 communication. Users from every Matrix homeserver can chat with users from all
@@ -43,7 +48,9 @@ might run into bugs from time to time.
 
 <!-- ANCHOR_END: body -->
 
-<!-- ANCHOR: footer --> #### Contact
+<!-- ANCHOR: footer -->
+
+#### Contact
 
 If you run into any question, feel free to
 
@@ -73,5 +80,6 @@ Both, but I prefer conduwuit.
 - git.girlcock.ceo: <https://git.girlcock.ceo/strawberry/conduwuit>
 - git.gay: <https://git.gay/june/conduwuit>
 - Codeberg: <https://codeberg.org/girlbossceo/conduwuit>
-- sourcehut: <https://git.sr.ht/~girlbossceo/conduwuit> <!-- ANCHOR_END: footer
+- sourcehut: <https://git.sr.ht/~girlbossceo/conduwuit>
--->
+
+<!-- ANCHOR_END: footer -->

conduwuit-example.toml

@@ -68,6 +68,10 @@
 # only effective in release-mode; forced to false in debug-mode.
 #sentry_send_error = true
 
+# Controls the tracing log level for Sentry to send things like breadcrumbs and transactions
+# Defaults to "info"
+#sentry_filter = "info"
+
 
 ### Database configuration
 
@@ -160,6 +164,19 @@ ip_range_denylist = [
 
 ### Moderation / Privacy / Security
 
+# Config option to control whether the legacy unauthenticated Matrix media repository endpoints will be enabled.
+# These endpoints consist of:
+# - /_matrix/media/*/config
+# - /_matrix/media/*/upload
+# - /_matrix/media/*/preview_url
+# - /_matrix/media/*/download/*
+# - /_matrix/media/*/thumbnail/*
+#
+# The authenticated equivalent endpoints are always enabled.
+#
+# Defaults to true for now, but this is highly subject to change, likely in the next release.
+#allow_legacy_media = true
+
 # Set to true to allow user type "guest" registrations. Element attempts to register guest users automatically.
 # Defaults to false
 allow_guest_registration = false
@@ -207,11 +224,6 @@ registration_token = "change this token for something specific to your server"
 # defaults to false
 # block_non_admin_invites = false
 
-# Allows admins to enter commands in rooms other than #admins by prefixing with \!admin. The reply
-# will be publicly visible to the room, originating from the sender.
-# defaults to true
-#admin_escape_commands = true
-
 # List of forbidden username patterns/strings. Values in this list are matched as *contains*.
 # This is checked upon username availability check, registration, and startup as warnings if any local users in your database
 # have a forbidden username.
@@ -305,6 +317,41 @@ allow_profile_lookup_federation_requests = true
 #auto_deactivate_banned_room_attempts = false
 
 
+### Admin Room and Console
+
+# Controls whether the conduwuit admin room console / CLI will immediately activate on startup.
+# This option can also be enabled with `--console` conduwuit argument
+#
+# Defaults to false
+#admin_console_automatic = false
+
+# Controls what admin commands will be executed on startup. This is a vector list of strings of admin commands to run.
+#
+# An example of this can be: `admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
+#
+# This option can also be configured with the `--execute` conduwuit argument and can take standard shell commands and environment variables
+#
+# Such example could be: `./conduwuit --execute "server admin-notice conduwuit has started up at $(date)"`
+#
+# Defaults to nothing.
+#admin_execute = [""]
+
+# Controls whether conduwuit should error and fail to start if an admin execute command (`--execute` / `admin_execute`) fails
+#
+# Defaults to false
+#admin_execute_errors_ignore = false
+
+# Controls the max log level for admin command log captures (logs generated from running admin commands)
+#
+# Defaults to "info" on release builds, else "debug" on debug builds
+#admin_log_capture = info
+
+# Allows admins to enter commands in rooms other than #admins by prefixing with \!admin. The reply
+# will be publicly visible to the room, originating from the sender.
+# defaults to true
+#admin_escape_commands = true
+
+
 ### Misc
 
 # max log level for conduwuit. allows debug, info, warn, or error

docs/conduwuit_coc.md

@@ -9,7 +9,7 @@ environment for everyone. This Code of Conduct applies to all conduwuit spaces,
 including any further community rooms that reference this CoC. Here are our
 guidelines to help maintain the welcoming atmosphere that sets conduwuit apart.
 
-For the general foundational rules, please refer to the [Contributor's 
+For the general foundational rules, please refer to the [Contributor's
 Covenant](https://github.com/girlbossceo/conduwuit/blob/main/CODE_OF_CONDUCT.md).
 Below are additional guidelines specific to the conduwuit community.
 
@@ -90,4 +90,4 @@ comfortable doing that, then please send a DM to one of the moderators directly.
 
 Together, let’s build a community where everyone feels valued and respected.
 
-- The conduwuit Moderation Team
+— The conduwuit Moderation Team

docs/configuration.md

@@ -31,6 +31,22 @@ string. This does not apply to options that take booleans or numbers:
 - `--option log=\"debug\"` works ✅
 - `--option server_name='"example.com'"` works ✅
 
+## Execute commandline flag
+
+conduwuit supports running admin commands on startup using the commandline
+argument `--execute`. The most notable use for this is to create an admin user
+on first startup.
+
+The syntax of this is a standard admin command without the prefix such as
+`./conduwuit --execute "users create_user june"`
+
+An example output of a success is:
+```
+INFO conduit_service::admin::startup: Startup command #0 completed:
+Created user with user_id: @june:girlboss.ceo and password: `<redacted>`
+```
+
+This commandline argument can be paired with the `--option` flag.
 
 ## Environment variables
 

docs/deploying/docker-compose.for-traefik.yml

@@ -1,40 +1,44 @@
 # conduwuit - Behind Traefik Reverse Proxy
 
 services:
-    homeserver:
+  homeserver:
-        ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
+    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
-        ### then you are ready to go.
+    ### then you are ready to go.
-        image: girlbossceo/conduwuit:latest
+    image: girlbossceo/conduwuit:latest
-        restart: unless-stopped
+    restart: unless-stopped
-        volumes:
+    volumes:
-            - db:/var/lib/conduwuit
+      - db:/var/lib/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
+      #- ./conduwuit.toml:/etc/conduwuit.toml
-        networks:
+    networks:
-            - proxy
+      - proxy
-        environment:
+    environment:
-            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
+      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
-            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
+      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_DATABASE_BACKEND: rocksdb
+      CONDUWUIT_DATABASE_BACKEND: rocksdb
-            CONDUWUIT_PORT: 6167
+      CONDUWUIT_PORT: 6167 # should match the loadbalancer traefik label
-            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+      CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
-            CONDUWUIT_ALLOW_REGISTRATION: 'true'
+      CONDUWUIT_ALLOW_REGISTRATION: 'true'
-            CONDUWUIT_ALLOW_FEDERATION: 'true'
+      CONDUWUIT_ALLOW_FEDERATION: 'true'
-            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUWUIT_LOG: warn,state_res=warn
+      #CONDUWUIT_LOG: warn,state_res=warn
-            CONDUWUIT_ADDRESS: 0.0.0.0
+      CONDUWUIT_ADDRESS: 0.0.0.0
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
+      #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
-        #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+
+      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
+      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
+      # see the override file for more information about delegation
+      CONDUWUIT_WELL_KNOWN: |
+        {
+        client=https://your.server.name.example,
+        server=your.server.name.example:443
+        }
+    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
+      nofile:
+        soft: 1048567
+        hard: 1048567
 
-    # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
-    # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
-    # and in the docker compose override file.
-    well-known:
-        image: nginx:latest
-        restart: unless-stopped
-        volumes:
-            - ./nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf # the config to serve the .well-known/matrix files
-            - ./nginx/www:/var/www/ # location of the client and server .well-known-files
     ### Uncomment if you want to use your own Element-Web App.
     ### Note: You need to provide a config.json for Element and you also need a second
     ###       Domain or Subdomain for the communication between Element and conduwuit
@@ -50,10 +54,12 @@ services:
     #         - homeserver
 
 volumes:
-    db:
+  db:
 
 networks:
-    # This is the network Traefik listens to, if your network has a different
+  # This is the network Traefik listens to, if your network has a different
-    # name, don't forget to change it here and in the docker-compose.override.yml
+  # name, don't forget to change it here and in the docker-compose.override.yml
-    proxy:
+  proxy:
-        external: true
+    external: true
+
+# vim: ts=2:sw=2:expandtab

docs/deploying/docker-compose.override.yml

@@ -1,44 +1,37 @@
 # conduwuit - Traefik Reverse Proxy Labels
 
 services:
-    homeserver:
+  homeserver:
-        labels:
+    labels:
-            - "traefik.enable=true"
+      - "traefik.enable=true"
-            - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
+      - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
 
-            - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which conduwuit is hosted
+      - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which conduwuit is hosted
-            - "traefik.http.routers.to-conduwuit.tls=true"
+      - "traefik.http.routers.to-conduwuit.tls=true"
-            - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
-            - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
+      - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
+      - "traefik.http.services.to_conduwuit.loadbalancer.server.port=6167"
 
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
 
-    # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
+      # If you want to have your account on <DOMAIN>, but host conduwuit on a subdomain,
-    # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
+      # you can let it only handle the well known file on that domain instead
-    # and in the docker compose file.
+      #- "traefik.http.routers.to-matrix-wellknown.rule=Host(`<DOMAIN>`) && PathPrefix(`/.well-known/matrix`)"
-    well-known:
+      #- "traefik.http.routers.to-matrix-wellknown.tls=true"
-        labels:
+      #- "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt"
-            - "traefik.enable=true"
+      #- "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker"
-            - "traefik.docker.network=proxy"
 
-            - "traefik.http.routers.to-matrix-wellknown.rule=Host(`<SUBDOMAIN>.<DOMAIN>`) && PathPrefix(`/.well-known/matrix`)"
+  ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml
-            - "traefik.http.routers.to-matrix-wellknown.tls=true"
+  # element-web:
-            - "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt"
+  #     labels:
-            - "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker"
+  #         - "traefik.enable=true"
+  #         - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
 
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
+  #         - "traefik.http.routers.to-element-web.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Element-Web is hosted
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
+  #         - "traefik.http.routers.to-element-web.tls=true"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+  #         - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"
 
+# vim: ts=2:sw=2:expandtab
 
-    ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml
-    # element-web:
-    #     labels:
-    #         - "traefik.enable=true"
-    #         - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
-
-    #         - "traefik.http.routers.to-element-web.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Element-Web is hosted
-    #         - "traefik.http.routers.to-element-web.tls=true"
-    #         - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"

docs/deploying/docker-compose.with-traefik.yml

@@ -1,42 +1,52 @@
 # conduwuit - Behind Traefik Reverse Proxy
 
 services:
-    homeserver:
+  homeserver:
-        ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image,
+    ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image,
-        ### then you are ready to go.
+    ### then you are ready to go.
-        image: girlbossceo/conduwuit:latest
+    image: girlbossceo/conduwuit:latest
-        restart: unless-stopped
+    restart: unless-stopped
-        volumes:
+    volumes:
-            - db:/srv/conduwuit/.local/share/conduwuit
+      - db:/var/lib/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
+      #- ./conduwuit.toml:/etc/conduwuit.toml
-        networks:
+    networks:
-            - proxy
+      - proxy
-        environment:
+    environment:
-            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
+      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            CONDUWUIT_ALLOW_REGISTRATION : 'true'
+      CONDUWUIT_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
+      CONDUWUIT_REGISTRATION_TOKEN: # This is a token you can use to register on the server
-            ### Uncomment and change values as desired
+      CONDUWUIT_ADDRESS: 0.0.0.0
-            # CONDUWUIT_ADDRESS: 0.0.0.0
+      CONDUWUIT_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
-            # CONDUWUIT_PORT: 6167
+      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
+      #CONDUWUIT_CONFIG: '/etc/conduit.toml' # Uncomment if you mapped config toml above
-            # CONDUWUIT_ALLOW_JAEGER: 'false'
+      ### Uncomment and change values as desired, note that conduwuit has plenty of config options, so you should check out the example example config too
-            # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
+      # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
-            # CONDUWUIT_ALLOW_FEDERATION: 'true'
+      # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
-            # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+      # CONDUWUIT_ALLOW_JAEGER: 'false'
-            # CONDUWUIT_DATABASE_PATH: /srv/conduwuit/.local/share/conduwuit
+      # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
-            # CONDUWUIT_WORKERS: 10
+      # CONDUWUIT_ALLOW_FEDERATION: 'true'
-            # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
+      # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+      # CONDUWUIT_ALLOW_INCOMING_PRESENCE: true
+      # CONDUWUIT_ALLOW_OUTGOING_PRESENCE: true
+      # CONDUWUIT_ALLOW_LOCAL_PRESENCE: true
+      # CONDUWUIT_WORKERS: 10
+      # CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000  # in bytes, ~20 MB
+      # CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"
 
-    # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
+      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
-    # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
+      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
-    # and in the docker compose override file.
+      # reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included
-    well-known:
+      CONDUWUIT_WELL_KNOWN: |
-        image: nginx:latest
+        {
-        restart: unless-stopped
+          client=https://your.server.name.example,
-        volumes:
+          server=your.server.name.example:443
-            - ./nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf # the config to serve the .well-known/matrix files
+        }
-            - ./nginx/www:/var/www/ # location of the client and server .well-known-files
+    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
+      nofile:
+        soft: 1048567
+        hard: 1048567
 
     ### Uncomment if you want to use your own Element-Web App.
     ### Note: You need to provide a config.json for Element and you also need a second
@@ -52,29 +62,79 @@ services:
     #     depends_on:
     #         - homeserver
 
-    traefik:
+  traefik:
-        image: "traefik:latest"
+    image: "traefik:latest"
-        container_name: "traefik"
+    container_name: "traefik"
-        restart: "unless-stopped"
+    restart: "unless-stopped"
-        ports:
+    ports:
-            - "80:80"
+      - "80:80"
-            - "443:443"
+      - "443:443"
-        volumes:
+    volumes:
-            - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/var/run/docker.sock:/var/run/docker.sock:z"
-            # - "./traefik_config:/etc/traefik"
+      - "acme:/etc/traefik/acme"
-            - "acme:/etc/traefik/acme"
+      #- "./traefik_config:/etc/traefik:z"
-        labels:
+    labels:
-            - "traefik.enable=true"
+      - "traefik.enable=true"
 
-            # middleware redirect
+      # middleware redirect
-            - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-            # global redirect to https
+      # global redirect to https
-            - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
-            - "traefik.http.routers.redirs.entrypoints=http"
+      - "traefik.http.routers.redirs.entrypoints=web"
-            - "traefik.http.routers.redirs.middlewares=redirect-to-https"
+      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
 
-        networks:
+    configs:
-            - proxy
+      - source: dynamic.yml
+        target: /etc/traefik/dynamic.yml
+
+    environment:
+      TRAEFIK_LOG_LEVEL: DEBUG
+      TRAEFIK_ENTRYPOINTS_WEB: true
+      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"
+      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
+
+      TRAEFIK_ENTRYPOINTS_WEBSECURE: true
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
+      #TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_MIDDLEWARES: secureHeaders@file # if you want to enabled STS
+
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT: true
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: # Set this to the email you want to receive certificate expiration emails for
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_KEYTYPE: EC384
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE: true
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"
+
+      TRAEFIK_PROVIDERS_DOCKER: true
+      TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
+      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
+
+      TRAEFIK_PROVIDERS_FILE: true
+      TRAEFIK_PROVIDERS_FILE_FILENAME: "/etc/traefik/dynamic.yml"
+
+configs:
+  dynamic.yml:
+    content: |
+      # Optionally set STS headers, like in https://hstspreload.org
+      # http:
+      #   middlewares:
+      #     secureHeaders:
+      #       headers:
+      #         forceSTSHeader: true
+      #         stsIncludeSubdomains: true
+      #         stsPreload: true
+      #         stsSeconds: 31536000
+      tls:
+        options:
+          default:
+            cipherSuites:
+              - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+              - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+              - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+              - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+              - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+              - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+            minVersion: VersionTLS12
 
 volumes:
     db:
@@ -82,3 +142,5 @@ volumes:
 
 networks:
     proxy:
+
+# vim: ts=2:sw=2:expandtab

docs/deploying/docker.md

@@ -9,22 +9,14 @@ from a registry.
 
 OCI images for conduwuit are available in the registries listed below.
 
-| Registry        | Image
+| Registry        | Image                                                           | Size                          | Notes                  |
-| Size                          | Notes                  | | --------------- |
+| --------------- | --------------------------------------------------------------- | ----------------------------- | ---------------------- |
---------------------------------------------------------------- |
+| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  | Stable tagged image.          |
------------------------------ | ---------------------- | | GitHub Registry |
+| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image Size][shield-latest]  | Stable tagged image.          |
-[ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  |
+| Docker Hub      | [docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image Size][shield-latest]  | Stable tagged image.          |
-Stable tagged image.          | | GitLab Registry |
+| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:main][gh]   | ![Image Size][shield-main]    | Stable main branch.   |
-[registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image
+| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:main][gl]   | ![Image Size][shield-main]    | Stable main branch.   |
-Size][shield-latest]  | Stable tagged image.          | | Docker Hub      |
+| Docker Hub      | [docker.io/girlbossceo/conduwuit:main][dh]               | ![Image Size][shield-main]    | Stable main branch.   |
-[docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image
-Size][shield-latest]  | Stable tagged image.          | | GitHub Registry |
-[ghcr.io/girlbossceo/conduwuit:main][gh]   | ![Image Size][shield-main]    |
-Stable main branch.   | | GitLab Registry |
-[registry.gitlab.com/conduwuit/conduwuit:main][gl]   | ![Image
-Size][shield-main]    | Stable main branch.   | | Docker Hub      |
-[docker.io/girlbossceo/conduwuit:main][dh]               | ![Image
-Size][shield-main]    | Stable main branch.   |
 
 [dh]: https://hub.docker.com/r/girlbossceo/conduwuit
 [gh]: https://github.com/girlbossceo/conduwuit/pkgs/container/conduwuit
@@ -34,7 +26,9 @@ Size][shield-main]    | Stable main branch.   |
 
 Use
 
-```bash docker image pull <link> ```
+```bash
+docker image pull $LINK
+```
 
 to pull it to your machine.
 
@@ -42,13 +36,13 @@ to pull it to your machine.
 
 When you have the image you can simply run it with
 
-```bash 
+```bash
-docker run -d -p 8448:6167 \ 
+docker run -d -p 8448:6167 \
-    -v db:/var/lib/conduwuit/ \ 
+    -v db:/var/lib/conduwuit/ \
-    -e CONDUWUIT_SERVER_NAME="your.server.name" \ 
+    -e CONDUWUIT_SERVER_NAME="your.server.name" \
-    -e CONDUWUIT_DATABASE_BACKEND="rocksdb" \ 
+    -e CONDUWUIT_DATABASE_BACKEND="rocksdb" \
     -e CONDUWUIT_ALLOW_REGISTRATION=false \
-    --name conduit <link> 
+    --name conduit $LINK
 ```
 
 or you can use [docker compose](#docker-compose).
@@ -88,7 +82,9 @@ server.
 When picking the `caddy-docker-proxy` compose file, it's important to first
 create the `caddy` network before spinning up the containers:
 
-```bash docker network create caddy ```
+```bash
+docker network create caddy
+```
 
 After that, you can rename it so it matches `docker-compose.yml` and spin up the
 containers!
@@ -101,7 +97,7 @@ To build the conduwuit image with docker-compose, you first need to open and
 modify the `docker-compose.yml` file. There you need to comment the `image:`
 option and uncomment the `build:` option. Then call docker compose with:
 
-```bash 
+```bash
 docker compose up
 ```
 

docs/deploying/generic.md

@@ -34,12 +34,14 @@ are correctly set up.
 In Debian or Fedora/RHEL, you can use this command to create a conduwuit user:
 
 ```bash
-sudo adduser --system conduwuit --group --disabled-login --no-create-home 
+sudo adduser --system conduwuit --group --disabled-login --no-create-home
 ```
 
 For distros without `adduser`:
 
-```bash sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit ```
+```bash
+sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit
+```
 
 ## Forwarding ports in the firewall or the router
 
@@ -60,8 +62,9 @@ change the `ExecStart=` path to where you placed the conduwuit binary.
 
 Now we need to create the conduwuit's config file in
 `/etc/conduwuit/conduwuit.toml`. The example config can be found at
-[conduwuit-example.toml](../configuration/examples.md).**Please take a moment to
+[conduwuit-example.toml](../configuration/examples.md).
-read it. You need to change at least the server name.**
+
+**Please take a moment to read the config. You need to change at least the server name.**
 
 RocksDB is the only supported database backend.
 
@@ -76,9 +79,9 @@ sudo chown -R root:root /etc/conduwuit sudo chmod -R 755 /etc/conduwuit
 
 If you use the default database path you also need to run this:
 
-```bash 
+```bash
-sudo mkdir -p /var/lib/conduwuit/ sudo chown -R conduwuit:conduwuit
+sudo mkdir -p /var/lib/conduwuit/ sudo chown -R conduwuit:conduwuit /var/lib/conduwuit/
-/var/lib/conduwuit/ sudo chmod 700 /var/lib/conduwuit/ 
+sudo chmod 700 /var/lib/conduwuit/
 ```
 
 ## Setting up the Reverse Proxy
@@ -97,27 +100,34 @@ header, making federation non-functional. If using Apache, you need to use
 Create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter this (substitute for
 your server name).
 
-```caddy
+```caddyfile
-your.server.name, your.server.name:8448 { # TCP reverse_proxy
+your.server.name, your.server.name:8448 {
+    # TCP reverse_proxy
     127.0.0.1:6167
-    # UNIX socket 
+    # UNIX socket
-    #reverse_proxy unix//run/conduwuit/conduwuit.sock 
+    #reverse_proxy unix//run/conduwuit/conduwuit.sock
 }
 ```
 
 That's it! Just start and enable the service and you're set.
 
-```bash sudo systemctl enable --now caddy ```
+```bash
+sudo systemctl enable --now caddy
+```
 
 ## You're done
 
 Now you can start conduwuit with:
 
-```bash sudo systemctl start conduwuit ```
+```bash
+sudo systemctl start conduwuit
+```
 
 Set it to start automatically when your system boots with:
 
-```bash sudo systemctl enable conduwuit ```
+```bash
+sudo systemctl enable conduwuit
+```
 
 ## How do I know it works?
 
@@ -127,10 +137,12 @@ homeserver and try to register.
 You can also use these commands as a quick health check (replace
 `your.server.name`).
 
-```bash $ curl https://your.server.name/_conduwuit/server_version
+```bash
+curl https://your.server.name/_conduwuit/server_version
 
-# If using port 8448 $ curl
+# If using port 8448
-https://your.server.name:8448/_conduwuit/server_version ```
+curl https://your.server.name:8448/_conduwuit/server_version
+```
 
 - To check if your server can talk with other homeservers, you can use the
 [Matrix Federation Tester](https://federationtester.matrix.org/). If you can

docs/deploying/nixos.md

@@ -9,18 +9,21 @@ conduwuit can be acquired by [Lix][lix] from various places:
 A binary cache for conduwuit that the CI/CD publishes to is available at the
 following places (both are the same just different names):
 
-``` https://attic.kennel.juneis.dog/conduit
+```
+https://attic.kennel.juneis.dog/conduit
 conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=
 
 https://attic.kennel.juneis.dog/conduwuit
-conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= ```
+conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE=
+```
 
 The binary caches have been recreated recently due to attic issues. The old
 public keys were:
 
-``` conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
+```
-
+conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
-conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw= ```
+conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
+```
 
 If specifying a URL in your flake, please use the GitHub remote:
 `github:girlbossceo/conduwuit`

docs/development.md

@@ -38,9 +38,11 @@ disable the default `release_max_log_level` feature, and set the `--cfg
 tokio_unstable` flag to enable experimental tokio APIs. A build might look like
 this:
 
-```bash RUSTFLAGS="--cfg tokio_unstable" cargo build \ --release \
+```bash
---no-default-features \
+RUSTFLAGS="--cfg tokio_unstable" cargo build \
---features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
+    --release \
+    --no-default-features \
+    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
 ```
 
 [1]: https://github.com/ruma/ruma/

docs/troubleshooting.md

@@ -13,6 +13,17 @@
 > If there are things like Compose file issues or Dockerhub image issues, those
 > can still be mentioned as long as they're something we can fix.
 
+## conduwuit and Matrix issues
+
+#### Lost access to admin room
+
+You can reinvite yourself to the admin room through the following methods:
+- Use the `--execute "users make_user_admin <username>"` conduwuit binary
+argument once to invite yourslf to the admin room on startup
+- Use the conduwuit console/CLI to run the `users make_user_admin` command
+- Or specify the `emergency_password` config option to allow you to temporarily
+log into the server account (`@conduit`) from a web client
+
 ## General potential issues
 
 #### Potential DNS issues when using Docker
@@ -30,7 +41,7 @@ workarounds for this are:
 - Don't use Docker's default DNS setup and instead allow the container to use
 and communicate with your host's DNS servers (host's `/etc/resolv.conf`)
 
-## Rocksdb / database issues
+## RocksDB / database issues
 
 #### Direct IO
 

renovate.json

@@ -12,5 +12,15 @@
   "nix": {
     "enabled": true
   },
-  "labels": ["dependencies", "github_actions"]
+  "labels": [
+    "dependencies",
+    "github_actions"
+  ],
+  "ignoreDeps": [
+    "tikv-jemllocator",
+    "tikv-jemalloc-sys",
+    "tikv-jemalloc-ctl",
+    "opentelemetry-rust",
+    "tracing-opentelemetry"
+  ]
 }

src/admin/processor.rs

@@ -15,7 +15,7 @@ use conduit::{
 	},
 	trace,
 	utils::string::{collect_stream, common_prefix},
-	Error, Result,
+	warn, Error, Result,
 };
 use futures_util::future::FutureExt;
 use ruma::{
@@ -114,7 +114,15 @@ async fn process(context: &Command<'_>, command: AdminCommand, args: &[String])
 
 fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {
 	let env_config = &context.services.server.config.admin_log_capture;
-	let env_filter = EnvFilter::try_new(env_config).unwrap_or_else(|_| "debug".into());
+	let env_filter = EnvFilter::try_new(env_config).unwrap_or_else(|e| {
+		warn!("admin_log_capture filter invalid: {e:?}");
+		cfg!(debug_assertions)
+			.then_some("debug")
+			.or(Some("info"))
+			.map(Into::into)
+			.expect("default capture EnvFilter")
+	});
+
 	let log_level = env_filter
 		.max_level_hint()
 		.and_then(LevelFilter::into_level)

src/admin/room/commands.rs

@@ -1,13 +1,11 @@
-use std::fmt::Write;
-
 use conduit::Result;
 use ruma::events::room::message::RoomMessageEventContent;
 
-use crate::{admin_command, escape_html, get_room_info, PAGE_SIZE};
+use crate::{admin_command, get_room_info, PAGE_SIZE};
 
 #[admin_command]
 pub(super) async fn list_rooms(
-	&self, page: Option<usize>, exclude_disabled: bool, exclude_banned: bool,
+	&self, page: Option<usize>, exclude_disabled: bool, exclude_banned: bool, no_details: bool,
 ) -> Result<RoomMessageEventContent> {
 	// TODO: i know there's a way to do this with clap, but i can't seem to find it
 	let page = page.unwrap_or(1);
@@ -61,29 +59,18 @@ pub(super) async fn list_rooms(
 	};
 
 	let output_plain = format!(
-		"Rooms:\n{}",
+		"Rooms ({}):\n```\n{}\n```",
+		rooms.len(),
 		rooms
 			.iter()
-			.map(|(id, members, name)| format!("{id}\tMembers: {members}\tName: {name}"))
+			.map(|(id, members, name)| if no_details {
+				format!("{id}")
+			} else {
+				format!("{id}\tMembers: {members}\tName: {name}")
+			})
 			.collect::<Vec<_>>()
 			.join("\n")
 	);
-	let output_html = format!(
+
-		"<table><caption>Room list - page \
+	Ok(RoomMessageEventContent::notice_markdown(output_plain))
-		 {page}</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-		rooms
-			.iter()
-			.fold(String::new(), |mut output, (id, members, name)| {
-				writeln!(
-					output,
-					"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-					escape_html(id.as_ref()),
-					members,
-					escape_html(name)
-				)
-				.expect("should be able to write to string buffer");
-				output
-			})
-	);
-	Ok(RoomMessageEventContent::text_html(output_plain, output_html))
 }

src/admin/room/mod.rs

@@ -27,6 +27,11 @@ pub(super) enum RoomCommand {
 		/// Excludes rooms that we have banned
 		#[arg(long)]
 		exclude_banned: bool,
+
+		#[arg(long)]
+		/// Whether to only output room IDs without supplementary room
+		/// information
+		no_details: bool,
 	},
 
 	#[command(subcommand)]

src/admin/user/commands.rs

@@ -1,6 +1,6 @@
 use std::{collections::BTreeMap, fmt::Write as _};
 
-use api::client::{join_room_by_id_helper, leave_all_rooms, update_avatar_url, update_displayname};
+use api::client::{join_room_by_id_helper, leave_all_rooms, leave_room, update_avatar_url, update_displayname};
 use conduit::{error, info, utils, warn, PduBuilder, Result};
 use ruma::{
 	events::{
@@ -13,7 +13,7 @@ use ruma::{
 use serde_json::value::to_raw_value;
 
 use crate::{
-	admin_command, escape_html, get_room_info,
+	admin_command, get_room_info,
 	utils::{parse_active_local_user_id, parse_local_user_id},
 };
 
@@ -320,7 +320,7 @@ pub(super) async fn list_joined_rooms(&self, user_id: String) -> Result<RoomMess
 	rooms.reverse();
 
 	let output_plain = format!(
-		"Rooms {user_id} Joined ({}):\n{}",
+		"Rooms {user_id} Joined ({}):\n```\n{}\n```",
 		rooms.len(),
 		rooms
 			.iter()
@@ -329,26 +329,7 @@ pub(super) async fn list_joined_rooms(&self, user_id: String) -> Result<RoomMess
 			.join("\n")
 	);
 
-	let output_html = format!(
+	Ok(RoomMessageEventContent::notice_markdown(output_plain))
-		"<table><caption>Rooms {user_id} Joined \
-		 ({})</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-		rooms.len(),
-		rooms
-			.iter()
-			.fold(String::new(), |mut output, (id, members, name)| {
-				writeln!(
-					output,
-					"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-					escape_html(id.as_ref()),
-					members,
-					escape_html(name)
-				)
-				.unwrap();
-				output
-			})
-	);
-
-	Ok(RoomMessageEventContent::text_html(output_plain, output_html))
 }
 
 #[admin_command]
@@ -369,6 +350,24 @@ pub(super) async fn force_join_room(
 	)))
 }
 
+#[admin_command]
+pub(super) async fn force_leave_room(
+	&self, user_id: String, room_id: OwnedRoomOrAliasId,
+) -> Result<RoomMessageEventContent> {
+	let user_id = parse_local_user_id(self.services, &user_id)?;
+	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
+
+	assert!(
+		self.services.globals.user_is_local(&user_id),
+		"Parsed user_id must be a local user"
+	);
+	leave_room(self.services, &user_id, &room_id, None).await?;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"{user_id} has left {room_id}.",
+	)))
+}
+
 #[admin_command]
 pub(super) async fn make_user_admin(&self, user_id: String) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &user_id)?;

src/admin/user/mod.rs

@@ -73,6 +73,12 @@ pub(super) enum UserCommand {
 		room_id: OwnedRoomOrAliasId,
 	},
 
+	/// - Manually leave a local user from a room.
+	ForceLeaveRoom {
+		user_id: String,
+		room_id: OwnedRoomOrAliasId,
+	},
+
 	/// - Grant server-admin privileges to a user.
 	MakeUserAdmin {
 		user_id: String,

src/api/client/appservice.rs

@@ -0,0 +1,47 @@
+use axum::extract::State;
+use conduit::{err, Err, Result};
+use ruma::api::{appservice::ping, client::appservice::request_ping};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/v1/appservice/{appserviceId}/ping`
+///
+/// Ask the homeserver to ping the application service to ensure the connection
+/// works.
+pub(crate) async fn appservice_ping(
+	State(services): State<crate::State>, body: Ruma<request_ping::v1::Request>,
+) -> Result<request_ping::v1::Response> {
+	let appservice_info = body
+		.appservice_info
+		.as_ref()
+		.ok_or_else(|| err!(Request(Forbidden("This endpoint can only be called by appservices."))))?;
+
+	if body.appservice_id != appservice_info.registration.id {
+		return Err!(Request(Forbidden(
+			"Appservices can only ping themselves (wrong appservice ID)."
+		)));
+	}
+
+	if appservice_info.registration.url.is_none() {
+		return Err!(Request(UrlNotSet(
+			"Appservice does not have a URL set, there is nothing to ping."
+		)));
+	}
+
+	let timer = tokio::time::Instant::now();
+
+	let _response = services
+		.sending
+		.send_appservice_request(
+			appservice_info.registration.clone(),
+			ping::send_ping::v1::Request {
+				transaction_id: body.transaction_id.clone(),
+			},
+		)
+		.await?
+		.expect("We already validated if an appservice URL exists above");
+
+	Ok(request_ping::v1::Response {
+		duration: timer.elapsed(),
+	})
+}

src/api/client/capabilities.rs

@@ -1,8 +1,11 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use ruma::api::client::discovery::get_capabilities::{
+use ruma::{
-	self, Capabilities, RoomVersionStability, RoomVersionsCapability, ThirdPartyIdChangesCapability,
+	api::client::discovery::get_capabilities::{
+		self, Capabilities, RoomVersionStability, RoomVersionsCapability, ThirdPartyIdChangesCapability,
+	},
+	RoomVersionId,
 };
 
 use crate::{Result, Ruma};
@@ -14,13 +17,19 @@ use crate::{Result, Ruma};
 pub(crate) async fn get_capabilities_route(
 	State(services): State<crate::State>, _body: Ruma<get_capabilities::v3::Request>,
 ) -> Result<get_capabilities::v3::Response> {
-	let mut available = BTreeMap::new();
+	let available: BTreeMap<RoomVersionId, RoomVersionStability> = services
-	for room_version in &services.globals.unstable_room_versions {
+		.globals
-		available.insert(room_version.clone(), RoomVersionStability::Unstable);
+		.unstable_room_versions
-	}
+		.iter()
-	for room_version in &services.globals.stable_room_versions {
+		.map(|unstable_room_version| (unstable_room_version.clone(), RoomVersionStability::Unstable))
-		available.insert(room_version.clone(), RoomVersionStability::Stable);
+		.chain(
-	}
+			services
+				.globals
+				.stable_room_versions
+				.iter()
+				.map(|stable_room_version| (stable_room_version.clone(), RoomVersionStability::Stable)),
+		)
+		.collect();
 
 	let mut capabilities = Capabilities::default();
 	capabilities.room_versions = RoomVersionsCapability {
@@ -28,7 +37,7 @@ pub(crate) async fn get_capabilities_route(
 		available,
 	};
 
-	// conduit does not implement 3PID stuff
+	// we do not implement 3PID stuff
 	capabilities.thirdparty_id_changes = ThirdPartyIdChangesCapability {
 		enabled: false,
 	};

src/api/client/directory.rs

@@ -139,6 +139,14 @@ pub(crate) async fn set_room_visibility_route(
 					 \"lockdown_public_room_directory\" is enabled",
 					body.room_id
 				);
+				services
+					.admin
+					.send_text(&format!(
+						"Non-admin user {sender_user} tried to publish {0} to the room directory while \
+						 \"lockdown_public_room_directory\" is enabled",
+						body.room_id
+					))
+					.await;
 
 				return Err(Error::BadRequest(
 					ErrorKind::forbidden(),
@@ -147,7 +155,11 @@ pub(crate) async fn set_room_visibility_route(
 			}
 
 			services.rooms.directory.set_public(&body.room_id)?;
-			info!("{sender_user} made {0} public", body.room_id);
+			services
+				.admin
+				.send_text(&format!("{sender_user} made {} public to the room directory", body.room_id))
+				.await;
+			info!("{sender_user} made {0} public to the room directory", body.room_id);
 		},
 		room::Visibility::Private => services.rooms.directory.set_not_public(&body.room_id)?,
 		_ => {

src/api/client/membership.rs

@@ -20,7 +20,8 @@ use ruma::{
 			error::ErrorKind,
 			membership::{
 				ban_user, forget_room, get_member_events, invite_user, join_room_by_id, join_room_by_id_or_alias,
-				joined_members, joined_rooms, kick_user, leave_room, unban_user, ThirdPartySigned,
+				joined_members::{self, v3::RoomMember},
+				joined_rooms, kick_user, leave_room, unban_user, ThirdPartySigned,
 			},
 		},
 		federation::{self, membership::create_invite},
@@ -635,24 +636,22 @@ pub(crate) async fn joined_members_route(
 		));
 	}
 
-	let mut joined = BTreeMap::new();
+	let joined: BTreeMap<OwnedUserId, RoomMember> = services
-	for user_id in services
 		.rooms
 		.state_cache
 		.room_members(&body.room_id)
-		.filter_map(Result::ok)
+		.filter_map(|user| {
-	{
+			let user = user.ok()?;
-		let display_name = services.users.displayname(&user_id)?;
-		let avatar_url = services.users.avatar_url(&user_id)?;
 
-		joined.insert(
+			Some((
-			user_id,
+				user.clone(),
-			joined_members::v3::RoomMember {
+				RoomMember {
-				display_name,
+					display_name: services.users.displayname(&user).unwrap_or_default(),
-				avatar_url,
+					avatar_url: services.users.avatar_url(&user).unwrap_or_default(),
-			},
+				},
-		);
+			))
-	}
+		})
+		.collect();
 
 	Ok(joined_members::v3::Response {
 		joined,

src/api/client/mod.rs

@@ -1,5 +1,6 @@
 pub(super) mod account;
 pub(super) mod alias;
+pub(super) mod appservice;
 pub(super) mod backup;
 pub(super) mod capabilities;
 pub(super) mod config;
@@ -38,6 +39,7 @@ pub(super) mod voip;
 
 pub(super) use account::*;
 pub(super) use alias::*;
+pub(super) use appservice::*;
 pub(super) use backup::*;
 pub(super) use capabilities::*;
 pub(super) use config::*;

src/api/client/report.rs

@@ -31,6 +31,8 @@ pub(crate) async fn report_event_route(
 		body.room_id, body.event_id
 	);
 
+	delay_response().await;
+
 	// check if we know about the reported event ID or if it's invalid
 	let Some(pdu) = services.rooms.timeline.get_pdu(&body.event_id)? else {
 		return Err(Error::BadRequest(
@@ -81,21 +83,19 @@ pub(crate) async fn report_event_route(
 		))
 		.await;
 
-	delay_response().await?;
-
 	Ok(report_content::v3::Response {})
 }
 
 /// in the following order:
 ///
 /// check if the room ID from the URI matches the PDU's room ID
-/// check if reporting user is in the reporting room
 /// check if score is in valid range
 /// check if report reasoning is less than or equal to 750 characters
+/// check if reporting user is in the reporting room
 fn is_report_valid(
 	services: &Services, event_id: &EventId, room_id: &RoomId, sender_user: &UserId, reason: &Option<String>,
 	score: Option<ruma::Int>, pdu: &std::sync::Arc<PduEvent>,
-) -> Result<bool> {
+) -> Result<()> {
 	debug_info!("Checking if report from user {sender_user} for event {event_id} in room {room_id} is valid");
 
 	if room_id != pdu.room_id {
@@ -105,10 +105,24 @@ fn is_report_valid(
 		));
 	}
 
+	if score.is_some_and(|s| s > int!(0) || s < int!(-100)) {
+		return Err(Error::BadRequest(
+			ErrorKind::InvalidParam,
+			"Invalid score, must be within 0 to -100",
+		));
+	};
+
+	if reason.as_ref().is_some_and(|s| s.len() > 750) {
+		return Err(Error::BadRequest(
+			ErrorKind::InvalidParam,
+			"Reason too long, should be 750 characters or fewer",
+		));
+	};
+
 	if !services
 		.rooms
 		.state_cache
-		.room_members(&pdu.room_id)
+		.room_members(room_id)
 		.filter_map(Result::ok)
 		.any(|user_id| user_id == *sender_user)
 	{
@@ -118,30 +132,14 @@ fn is_report_valid(
 		));
 	}
 
-	if score.map(|s| s > int!(0) || s < int!(-100)) == Some(true) {
+	Ok(())
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"Invalid score, must be within 0 to -100",
-		));
-	};
-
-	if reason.clone().map(|s| s.len() >= 750) == Some(true) {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"Reason too long, should be 750 characters or fewer",
-		));
-	};
-
-	Ok(true)
 }
 
 /// even though this is kinda security by obscurity, let's still make a small
-/// random delay sending a successful response per spec suggestion regarding
+/// random delay sending a response per spec suggestion regarding
 /// enumerating for potential events existing in our server.
-async fn delay_response() -> Result<()> {
+async fn delay_response() {
-	let time_to_wait = rand::thread_rng().gen_range(8..21);
+	let time_to_wait = rand::thread_rng().gen_range(3..10);
 	debug_info!("Got successful /report request, waiting {time_to_wait} seconds before sending successful response.");
 	sleep(Duration::from_secs(time_to_wait)).await;
-
-	Ok(())
 }

src/api/client/sync.rs

@@ -1,6 +1,5 @@
 use std::{
-	cmp,
+	cmp::{self, Ordering},
-	cmp::Ordering,
 	collections::{hash_map::Entry, BTreeMap, BTreeSet, HashMap, HashSet},
 	time::Duration,
 };
@@ -1501,8 +1500,28 @@ pub(crate) async fn sync_events_v4_route(
 	for (room_id, (required_state_request, timeline_limit, roomsince)) in &todo_rooms {
 		let roomsincecount = PduCount::Normal(*roomsince);
 
-		let (timeline_pdus, limited) =
+		let mut timestamp: Option<_> = None;
-			load_timeline(&services, &sender_user, room_id, roomsincecount, *timeline_limit)?;
+		let mut invite_state = None;
+		let (timeline_pdus, limited);
+		if all_invited_rooms.contains(room_id) {
+			// TODO: figure out a timestamp we can use for remote invites
+			invite_state = services
+				.rooms
+				.state_cache
+				.invite_state(&sender_user, room_id)
+				.unwrap_or(None);
+
+			(timeline_pdus, limited) = (Vec::new(), true);
+		} else {
+			(timeline_pdus, limited) =
+				match load_timeline(&services, &sender_user, room_id, roomsincecount, *timeline_limit) {
+					Ok(value) => value,
+					Err(err) => {
+						warn!("Encountered missing timeline in {}, error {}", room_id, err);
+						continue;
+					},
+				};
+		}
 
 		account_data.rooms.insert(
 			room_id.clone(),
@@ -1556,17 +1575,6 @@ pub(crate) async fn sync_events_v4_route(
 			.map(|(_, pdu)| pdu.to_sync_room_event())
 			.collect();
 
-		let invite_state = if all_invited_rooms.contains(room_id) {
-			services
-				.rooms
-				.state_cache
-				.invite_state(&sender_user, room_id)
-				.unwrap_or(None)
-		} else {
-			None
-		};
-
-		let mut timestamp: Option<_> = None;
 		for (_, pdu) in timeline_pdus {
 			let ts = MilliSecondsSinceUnixEpoch(pdu.origin_server_ts);
 			if DEFAULT_BUMP_TYPES.contains(pdu.event_type()) && !timestamp.is_some_and(|time| time > ts) {

src/api/router.rs

@@ -22,6 +22,7 @@ use crate::{client, server};
 pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 	let config = &server.config;
 	let mut router = router
+        .ruma_route(client::appservice_ping)
 		.ruma_route(client::get_supported_versions_route)
 		.ruma_route(client::get_register_available_route)
 		.ruma_route(client::register_route)
@@ -249,7 +250,11 @@ pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 			.route("/_matrix/media/v3/config", any(legacy_media_disabled))
 			.route("/_matrix/media/v3/download/*path", any(legacy_media_disabled))
 			.route("/_matrix/media/v3/thumbnail/*path", any(legacy_media_disabled))
-			.route("/_matrix/media/v3/preview_url", any(redirect_legacy_preview));
+			.route("/_matrix/media/v3/preview_url", any(redirect_legacy_preview))
+			.route("/_matrix/media/r0/config", any(legacy_media_disabled))
+			.route("/_matrix/media/r0/download/*path", any(legacy_media_disabled))
+			.route("/_matrix/media/r0/thumbnail/*path", any(legacy_media_disabled))
+			.route("/_matrix/media/r0/preview_url", any(redirect_legacy_preview));
 	}
 
 	router

src/core/config/mod.rs

@@ -1079,6 +1079,11 @@ fn default_sentry_filter() -> String { "info".to_owned() }
 
 fn default_startup_netburst_keep() -> i64 { 50 }
 
-fn default_admin_log_capture() -> String { "debug".to_owned() }
+fn default_admin_log_capture() -> String {
+	cfg!(debug_assertions)
+		.then_some("debug")
+		.unwrap_or("info")
+		.to_owned()
+}
 
 fn default_admin_room_tag() -> String { "m.server_notice".to_owned() }

src/service/admin/grant.rs

@@ -123,9 +123,8 @@ impl super::Service {
 		self.services.timeline.build_and_append_pdu(
   			PduBuilder {
                 event_type: TimelineEventType::RoomMessage,
-                content: to_raw_value(&RoomMessageEventContent::text_html(
+                content: to_raw_value(&RoomMessageEventContent::text_markdown(
-                        format!("## Thank you for trying out conduwuit!\n\nconduwuit is a fork of upstream Conduit which is in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.\n\nHelpful links:\n> Git and Documentation: https://github.com/girlbossceo/conduwuit\n> Report issues: https://github.com/girlbossceo/conduwuit/issues\n\nFor a list of available commands, send the following message in this room: `@conduit:{}: --help`\n\nHere are some rooms you can join (by typing the command):\n\nconduwuit room (Ask questions and get notified on updates):\n`/join #conduwuit:puppygock.gay`", self.services.globals.server_name()),
+                        String::from("## Thank you for trying out conduwuit!\n\nconduwuit is a fork of upstream Conduit which is in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.\n\nHelpful links:\n> Git and Documentation: https://github.com/girlbossceo/conduwuit\n> Report issues: https://github.com/girlbossceo/conduwuit/issues\n\nFor a list of available commands, send the following message in this room: `!admin --help`\n\nHere are some rooms you can join (by typing the command):\n\nconduwuit room (Ask questions and get notified on updates):\n`/join #conduwuit:puppygock.gay`"),
-                        format!("<h2>Thank you for trying out conduwuit!</h2>\n<p>conduwuit is a fork of upstream Conduit which is in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.</p>\n<p>Helpful links:</p>\n<blockquote>\n<p>Git and Documentation: https://github.com/girlbossceo/conduwuit<br>Report issues: https://github.com/girlbossceo/conduwuit/issues</p>\n</blockquote>\n<p>For a list of available commands, send the following message in this room: <code>@conduit:{}: --help</code></p>\n<p>Here are some rooms you can join (by typing the command):</p>\n<p>conduwuit room (Ask questions and get notified on updates):<br><code>/join #conduwuit:puppygock.gay</code></p>\n", self.services.globals.server_name()),
                 ))
                 .expect("event is valid, we just created it"),
                 unsigned: None,

src/service/admin/startup.rs

@@ -92,12 +92,12 @@ fn startup_command_error(i: usize, content: &RoomMessageEventContent) -> Result<
 #[cfg(not(feature = "console"))]
 #[implement(super::Service)]
 fn startup_command_output(i: usize, content: &RoomMessageEventContent) -> Result<()> {
-	info!("Startup command #{i} completed:\n{:#?}", content.body());
+	info!("Startup command #{i} completed:\n{:#}", content.body());
 	Ok(())
 }
 
 #[cfg(not(feature = "console"))]
 #[implement(super::Service)]
 fn startup_command_error(i: usize, content: &RoomMessageEventContent) -> Result<()> {
-	Err!(error!("Startup command #{i} failed:\n{:#?}", content.body()))
+	Err!(error!("Startup command #{i} failed:\n{:#}", content.body()))
 }

src/service/client/mod.rs

@@ -120,7 +120,7 @@ fn base(config: &Config) -> Result<reqwest::ClientBuilder> {
 		builder = if config.zstd_compression {
 			builder.zstd(true)
 		} else {
-			builder.zstd(false).no_brotli()
+			builder.zstd(false).no_zstd()
 		};
 	};
 

src/service/globals/mod.rs

@@ -8,7 +8,7 @@ use std::{
 	time::Instant,
 };
 
-use conduit::{error, trace, Config, Result};
+use conduit::{err, error, trace, Config, Result};
 use data::Data;
 use ipaddress::IPAddress;
 use regex::RegexSet;
@@ -76,12 +76,13 @@ impl crate::Service for Service {
 		// Experimental, partially supported room versions
 		let unstable_room_versions = vec![RoomVersionId::V2, RoomVersionId::V3, RoomVersionId::V4, RoomVersionId::V5];
 
-		let mut cidr_range_denylist = Vec::new();
+		let cidr_range_denylist: Vec<_> = config
-		for cidr in config.ip_range_denylist.clone() {
+			.ip_range_denylist
-			let cidr = IPAddress::parse(cidr).expect("valid cidr range");
+			.iter()
-			trace!("Denied CIDR range: {:?}", cidr);
+			.map(IPAddress::parse)
-			cidr_range_denylist.push(cidr);
+			.inspect(|cidr| trace!("Denied CIDR range: {cidr:?}"))
-		}
+			.collect::<Result<_, String>>()
+			.map_err(|e| err!(Config("ip_range_denylist", e)))?;
 
 		let mut s = Self {
 			db,

src/service/sending/appservice.rs

@@ -15,7 +15,7 @@ pub(crate) async fn send_request<T>(
 where
 	T: OutgoingRequest + Debug + Send,
 {
-	const VERSIONS: [MatrixVersion; 1] = [MatrixVersion::V1_0];
+	const VERSIONS: [MatrixVersion; 1] = [MatrixVersion::V1_7];
 
 	let Some(dest) = registration.url else {
 		return Ok(None);