update complement test results

Signed-off-by: June Clementine Strawberry <strawberry@puppygock.gay>
fix unused import in release mode
2026-05-26 20:49:55 +00:00 · 2025-01-02 22:02:11 -05:00 · 2025-01-03 02:36:24 +00:00 · 2025-01-02 20:56:27 -05:00 · 2025-01-02 19:13:27 -05:00 · 2025-01-02 18:48:04 -05:00
463 changed files with 41103 additions and 25794 deletions
@@ -21,3 +21,4 @@ indent_size = 2

 [*.rs]
 indent_style = tab
+max_line_length = 98
@@ -24,8 +24,11 @@ env:
  # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps
  NIX_CONFIG: |
    show-trace = true
-    extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org
+    extra-substituters = extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+    experimental-features = nix-command flakes
+    extra-experimental-features = nix-command flakes
+    accept-flake-config = true

 # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
 # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
@@ -33,10 +36,12 @@ concurrency:
  group: "pages"
  cancel-in-progress: false

+permissions: {}
+
 jobs:
  docs:
    name: Documentation and GitHub Pages
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04

    permissions:
      pages: write
@@ -47,23 +52,25 @@ jobs:
      url: ${{ steps.deployment.outputs.page_url }}

    steps:
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
+      - name: Free up a bit of runner space
+        run: |
+            set +o pipefail
+            sudo docker image prune --all --force || true
+            sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
+            sudo apt clean
+            sudo rm -v -rf /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/heroku
+            set -o pipefail

      - name: Sync repository
        uses: actions/checkout@v4
+        with:
+          persist-credentials: false

      - name: Setup GitHub Pages
-        if: github.event_name != 'pull_request'
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
        uses: actions/configure-pages@v5

-      - uses: nixbuild/nix-quick-install-action@v28
-
-      - name: Enable Cachix binary cache
-        run: |
-            nix profile install nixpkgs#cachix
-            cachix use crane
-            cachix use nix-community
+      - uses: nixbuild/nix-quick-install-action@master

      - name: Restore and cache Nix store
        uses: nix-community/cache-nix-action@v5.1.0
@@ -86,19 +93,28 @@ jobs:
          # always save the cache
          save-always: true

+      - name: Enable Cachix binary cache
+        run: |
+            nix profile install nixpkgs#cachix
+            cachix use crane
+            cachix use nix-community
+
      - name: Apply Nix binary cache configuration
        run: |
            sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-            extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org
+            extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
            extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+            experimental-features = nix-command flakes
+            extra-experimental-features = nix-command flakes
+            accept-flake-config = true
            EOF

      - name: Use alternative Nix binary caches if specified
        if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
        run: |
            sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-            extra-substituters = ${{ env.ATTIC_ENDPOINT }}
-            extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
+            extra-substituters = ${ATTIC_ENDPOINT}
+            extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
            EOF

      - name: Prepare build environment
@@ -110,23 +126,7 @@ jobs:

      - name: Cache CI dependencies
        run: |
-            # attic nix binary cache server is very, very terribly flakey. nothing i can do to fix it other than retry multiple times here
-            ATTEMPTS=3
-            SUCCESS=false
-            while (( ATTEMPTS-- > 0 ))
-            do
-              bin/nix-build-and-cache ci
-              if [[ $? == 0 ]]; then
-                SUCCESS=true
-                break
-              else
-                sleep 3
-              fi
-            done
-
-            if [[ $SUCCESS == "false" ]]; then
-              exit 1
-            fi
+            bin/nix-build-and-cache ci

      - name: Run lychee and markdownlint
        run: |
@@ -135,23 +135,7 @@ jobs:

      - name: Build documentation (book)
        run: |
-            # attic nix binary cache server is very, very terribly flakey. nothing i can do to fix it other than retry multiple times here
-            ATTEMPTS=3
-            SUCCESS=false
-            while (( ATTEMPTS-- > 0 ))
-            do
-              bin/nix-build-and-cache just .#book
-              if [[ $? == 0 ]]; then
-                SUCCESS=true
-                break
-              else
-                sleep 3
-              fi
-            done
-
-            if [[ $SUCCESS == "false" ]]; then
-              exit 1
-            fi
+            bin/nix-build-and-cache just .#book

            cp -r --dereference result public

@@ -165,12 +149,12 @@ jobs:
          compression-level: 0

      - name: Upload generated documentation (book) as GitHub Pages artifact
-        if: github.event_name != 'pull_request'
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
        uses: actions/upload-pages-artifact@v3
        with:
          path: public

      - name: Deploy to GitHub Pages
-        if: github.event_name != 'pull_request'
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
        id: deployment
        uses: actions/deploy-pages@v4
@@ -0,0 +1,118 @@
+name: Upload Release Assets
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release'
+        required: true
+        type: string
+      action_id:
+        description: 'Action ID of the CI run'
+        required: true
+        type: string
+
+permissions: {}
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    env:
+      GH_EVENT_NAME: ${{ github.event_name }}
+      GH_EVENT_INPUTS_ACTION_ID: ${{ github.event.inputs.action_id }}
+      GH_EVENT_INPUTS_TAG: ${{ github.event.inputs.tag }}
+      GH_REPOSITORY: ${{ github.repository }}
+      GH_SHA: ${{ github.sha }}
+      GH_TAG: ${{ github.event.release.tag_name }}
+
+    steps:
+      - name: get latest ci id
+        id: get_ci_id
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if [ "${GH_EVENT_NAME}" == "workflow_dispatch" ]; then
+            id="${GH_EVENT_INPUTS_ACTION_ID}"
+            tag="${GH_EVENT_INPUTS_TAG}"
+          else
+            # get all runs of the ci workflow
+            json=$(gh api "repos/${GH_REPOSITORY}/actions/workflows/ci.yml/runs")
+
+            # find first run that is github sha and status is completed
+            id=$(echo "$json" | jq ".workflow_runs[] | select(.head_sha == \"${GH_SHA}\" and .status == \"completed\") | .id" | head -n 1)
+
+            if [ ! "$id" ]; then
+              echo "No completed runs found"
+              echo "ci_id=0" >> "$GITHUB_OUTPUT"
+              exit 0
+            fi
+
+            tag="${GH_TAG}"
+          fi
+
+          echo "ci_id=$id" >> "$GITHUB_OUTPUT"
+          echo "tag=$tag" >> "$GITHUB_OUTPUT"
+
+      - name: get latest ci artifacts
+        if: steps.get_ci_id.outputs.ci_id != 0
+        uses: actions/download-artifact@v4
+        env:
+          GH_TOKEN: ${{ github.token }}
+        with:
+          merge-multiple: true
+          run-id: ${{ steps.get_ci_id.outputs.ci_id }}
+          github-token: ${{ github.token }}
+
+      - run: |
+          ls
+
+      - name: upload release assets
+        if: steps.get_ci_id.outputs.ci_id != 0
+        env:
+          GH_TOKEN: ${{ github.token }}
+          TAG: ${{ steps.get_ci_id.outputs.tag }}
+        run: |
+          for file in $(find . -type f); do
+            case "$file" in
+              *json*) echo "Skipping $file...";;
+              *) echo "Uploading $file..."; gh release upload $TAG "$file" --clobber --repo="${GH_REPOSITORY}" || echo "Something went wrong, skipping.";;
+            esac
+          done
+
+      - name: upload release assets to website
+        if: steps.get_ci_id.outputs.ci_id != 0
+        env:
+          TAG: ${{ steps.get_ci_id.outputs.tag }}
+        run: |
+          mkdir -p -v ~/.ssh
+
+          echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+          echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
+
+          chmod 600 ~/.ssh/id_ed25519
+
+          cat >>~/.ssh/config <<END
+          Host website
+            HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
+            User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
+            IdentityFile ~/.ssh/id_ed25519
+            StrictHostKeyChecking yes
+            AddKeysToAgent no
+            ForwardX11 no
+            BatchMode yes
+          END
+
+          echo "Creating tag directory on web server"
+          ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/"
+          ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/"
+
+          for file in $(find . -type f); do
+            case "$file" in
+              *json*) echo "Skipping $file...";;
+              *) echo "Uploading $file to website"; scp $file website:/var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/$file;;
+            esac
+          done
@@ -1,42 +0,0 @@
-name: Trivy code and vulnerability scanning
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-    tags:
-      - '*'
-  schedule:
-    - cron: '00 12 * * *'
-
-permissions:
-  contents: read
-
-jobs:
-  trivy-scan:
-    name: Trivy Scan
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Trivy code and vulnerability scanner on repo
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          scan-type: repo
-          format: sarif
-          output: trivy-results.sarif
-          severity: CRITICAL,HIGH,MEDIUM,LOW
-
-      - name: Run Trivy code and vulnerability scanner on filesystem
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          scan-type: fs
-          format: sarif
-          output: trivy-results.sarif
-          severity: CRITICAL,HIGH,MEDIUM,LOW
@@ -30,7 +30,7 @@ modules.xml
 .nfs*

 # Rust
-/target/
+/target

 ### vscode ###
 .vscode/*
@@ -10,6 +10,13 @@ variables:
  FF_USE_FASTZIP: true
  # Print progress reports for cache and artifact transfers
  TRANSFER_METER_FREQUENCY: 5s
+  NIX_CONFIG: |
+    show-trace = true
+    extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org
+    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+    experimental-features = nix-command flakes
+    extra-experimental-features = nix-command flakes
+    accept-flake-config = true

 # Avoid duplicate pipelines
 # See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
@@ -23,6 +30,9 @@ workflow:
 before_script:
  # Enable nix-command and flakes
  - if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi
+  # Accept flake config from "untrusted" users
+  - if command -v nix > /dev/null; then echo "accept-flake-config = true" >> /etc/nix/nix.conf; fi

  # Add conduwuit binary cache
  - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduwuit" >> /etc/nix/nix.conf; fi
@@ -47,6 +57,8 @@ before_script:
  - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi

+  - if command -v nix > /dev/null; then echo "extra-substituters = https://aseipp-nix-cache.freetls.fastly.net" >> /etc/nix/nix.conf; fi
+
  # Install direnv and nix-direnv
  - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi

@@ -58,7 +70,7 @@ before_script:

 ci:
  stage: ci
-  image: nixos/nix:2.23.3
+  image: nixos/nix:2.24.9
  script:
    # Cache CI dependencies
    - ./bin/nix-build-and-cache ci
@@ -83,31 +95,31 @@ ci:

 artifacts:
  stage: artifacts
-  image: nixos/nix:2.23.3
+  image: nixos/nix:2.24.9
  script:
-    - ./bin/nix-build-and-cache just .#static-x86_64-unknown-linux-musl
-    - cp result/bin/conduit x86_64-unknown-linux-musl
+    - ./bin/nix-build-and-cache just .#static-x86_64-linux-musl
+    - cp result/bin/conduit x86_64-linux-musl

    - mkdir -p target/release
    - cp result/bin/conduit target/release
    - direnv exec . cargo deb --no-build --no-strip
-    - mv target/debian/*.deb x86_64-unknown-linux-musl.deb
+    - mv target/debian/*.deb x86_64-linux-musl.deb

    # Since the OCI image package is based on the binary package, this has the
    # fun side effect of uploading the normal binary too. Conduit users who are
    # deploying with Nix can leverage this fact by adding our binary cache to
    # their systems.
    #
-    # Note that although we have an `oci-image-x86_64-unknown-linux-musl`
+    # Note that although we have an `oci-image-x86_64-linux-musl`
    # output, we don't build it because it would be largely redundant to this
    # one since it's all containerized anyway.
    - ./bin/nix-build-and-cache just .#oci-image
    - cp result oci-image-amd64.tar.gz

-    - ./bin/nix-build-and-cache just .#static-aarch64-unknown-linux-musl
-    - cp result/bin/conduit aarch64-unknown-linux-musl
+    - ./bin/nix-build-and-cache just .#static-aarch64-linux-musl
+    - cp result/bin/conduit aarch64-linux-musl

-    - ./bin/nix-build-and-cache just .#oci-image-aarch64-unknown-linux-musl
+    - ./bin/nix-build-and-cache just .#oci-image-aarch64-linux-musl
    - cp result oci-image-arm64v8.tar.gz

    - ./bin/nix-build-and-cache just .#book
@@ -115,9 +127,9 @@ artifacts:
    - cp -r --dereference result public
  artifacts:
    paths:
-      - x86_64-unknown-linux-musl
-      - aarch64-unknown-linux-musl
-      - x86_64-unknown-linux-musl.deb
+      - x86_64-linux-musl
+      - aarch64-linux-musl
+      - x86_64-linux-musl.deb
      - oci-image-amd64.tar.gz
      - oci-image-arm64v8.tar.gz
      - public
@@ -1,7 +1,7 @@
 # Contributing guide

 This page is for about contributing to conduwuit. The
-[development](development.md) page may be of interest for you as well.
+[development](./development.md) page may be of interest for you as well.

 If you would like to work on an [issue][issues] that is not assigned, preferably
 ask in the Matrix room first at [#conduwuit:puppygock.gay][conduwuit-matrix],
@@ -67,7 +67,7 @@ failing from your changes, please review the logs (they are uploaded as
 artifacts) and determine if they're intended or not.

 If you'd like to run Complement locally using Nix, see the
-[testing](docs/development/testing.md) page.
+[testing](development/testing.md) page.

 [Sytest][sytest] support will come soon.

@@ -128,7 +128,11 @@ Direct all PRs/MRs to the `main` branch.

 By sending a pull request or patch, you are agreeing that your changes are
 allowed to be licenced under the Apache-2.0 licence and all of your conduct is
-in line with the Contributor's Covenant.
+in line with the Contributor's Covenant, and conduwuit's Code of Conduct.
+
+Contribution by users who violate either of these code of conducts will not have
+their contributions accepted. This includes users who have been banned from
+conduwuit Matrix rooms for Code of Conduct violations.

 [issues]: https://github.com/girlbossceo/conduwuit/issues
 [conduwuit-matrix]: https://matrix.to/#/#conduwuit:puppygock.gay
@@ -19,23 +19,34 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://github.com/girlbossceo/conduwuit"
-rust-version = "1.80.1"
-version = "0.4.6"
+rust-version = "1.83.0"
+version = "0.5.0"

 [workspace.metadata.crane]
-name = "conduit"
+name = "conduwuit"

 [workspace.dependencies.arrayvec]
 version = "0.7.4"
+features = ["serde"]
+
+[workspace.dependencies.smallvec]
+version = "1.13.2"
+features = [
+	"const_generics",
+	"const_new",
+	"serde",
+	"union",
+	"write",
+]

 [workspace.dependencies.const-str]
 version = "0.5.7"

 [workspace.dependencies.ctor]
-version = "0.2.8"
+version = "0.2.9"

 [workspace.dependencies.cargo_toml]
-version = "0.20"
+version = "0.21"
 default-features = false
 features = ["features"]

@@ -45,20 +56,20 @@ default-features = false
 features = ["parse"]

 [workspace.dependencies.sanitize-filename]
-version = "0.5.0"
+version = "0.6.0"

 [workspace.dependencies.jsonwebtoken]
 version = "9.3.0"
+default-features = false

 [workspace.dependencies.base64]
 version = "0.22.1"
+default-features = false

 # used for TURN server authentication
 [workspace.dependencies.hmac]
 version = "0.12.1"
-
-[workspace.dependencies.sha-1]
-version = "0.10.1"
+default-features = false

 # used for checking if an IP is in specific subnets / CIDR ranges easier
 [workspace.dependencies.ipaddress]
@@ -69,19 +80,19 @@ version = "0.8.5"

 # Used for the http request / response body type for Ruma endpoints used with reqwest
 [workspace.dependencies.bytes]
-version = "1.7.1"
+version = "1.9.0"

 [workspace.dependencies.http-body-util]
-version = "0.1.1"
+version = "0.1.2"

 [workspace.dependencies.http]
-version = "1.1.0"
+version = "1.2.0"

 [workspace.dependencies.regex]
-version = "1.10.6"
+version = "1.11.1"

 [workspace.dependencies.axum]
-version = "0.7.5"
+version = "0.7.9"
 default-features = false
 features = [
 	"form",
@@ -94,29 +105,28 @@ features = [
 ]

 [workspace.dependencies.axum-extra]
-version = "0.9.3"
+version = "0.9.6"
 default-features = false
 features = ["typed-header", "tracing"]

 [workspace.dependencies.axum-server]
 version = "0.7.1"
 default-features = false
-features = ["tls-rustls"]

 # to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
 [workspace.dependencies.axum-server-dual-protocol]
 version = "0.7"

 [workspace.dependencies.axum-client-ip]
-version = "0.6.0"
+version = "0.6.1"

 [workspace.dependencies.tower]
-version = "0.5.0"
+version = "0.5.1"
 default-features = false
 features = ["util"]

 [workspace.dependencies.tower-http]
-version = "0.5.2"
+version = "0.6.2"
 default-features = false
 features = [
    "add-extension",
@@ -129,10 +139,12 @@ features = [
 ]

 [workspace.dependencies.rustls]
-version = "0.23.12"
+version = "0.23.19"
+default-features = false
+features = ["aws_lc_rs"]

 [workspace.dependencies.reqwest]
-version = "0.12.7"
+version = "0.12.9"
 default-features = false
 features = [
 	"rustls-tls-native-roots",
@@ -142,12 +154,12 @@ features = [
 ]

 [workspace.dependencies.serde]
-version = "1.0.204"
+version = "1.0.216"
 default-features = false
 features = ["rc"]

 [workspace.dependencies.serde_json]
-version = "1.0.124"
+version = "1.0.133"
 default-features = false
 features = ["raw_value"]

@@ -171,7 +183,7 @@ default-features = false

 # Used to generate thumbnails for images
 [workspace.dependencies.image]
-version = "0.25.1"
+version = "0.25.5"
 default-features = false
 features = [
 	"jpeg",
@@ -182,41 +194,45 @@ features = [

 # logging
 [workspace.dependencies.log]
-version = "0.4.21"
+version = "0.4.22"
 default-features = false
 [workspace.dependencies.tracing]
-version = "0.1.40"
+version = "0.1.41"
 default-features = false
 [workspace.dependencies.tracing-subscriber]
-version = "0.3.18"
-features = ["env-filter"]
+version = "=0.3.18"
+default-features = false
+features = ["env-filter", "std", "tracing", "tracing-log", "ansi", "fmt"]
 [workspace.dependencies.tracing-core]
-version = "0.1.32"
+version = "0.1.33"
+default-features = false

 # for URL previews
 [workspace.dependencies.webpage]
 version = "2.0.1"
 default-features = false

-# used for conduit's CLI and admin room command parsing
+# used for conduwuit's CLI and admin room command parsing
 [workspace.dependencies.clap]
-version = "4.5.15"
+version = "4.5.23"
 default-features = false
 features = [
-	"std",
 	"derive",
-	"help",
-	"usage",
+	"env",
 	"error-context",
+	"help",
+	"std",
 	"string",
+	"usage",
 ]

-[workspace.dependencies.futures-util]
+[workspace.dependencies.futures]
 version = "0.3.30"
 default-features = false
+features = ["std", "async-await"]

 [workspace.dependencies.tokio]
-version = "1.39.2"
+version = "1.42.0"
 default-features = false
 features = [
 	"fs",
@@ -227,17 +243,18 @@ features = [
 	"time",
 	"rt-multi-thread",
 	"io-util",
+	"tracing",
 ]

 [workspace.dependencies.tokio-metrics]
-version = "0.3.1"
+version = "0.4.0"

 [workspace.dependencies.libloading]
-version = "0.8.5"
+version = "0.8.6"

 # Validating urls in config, was already a transitive dependency
 [workspace.dependencies.url]
-version = "2.5.0"
+version = "2.5.4"
 default-features = false
 features = ["serde"]

@@ -248,7 +265,7 @@ features = ["alloc", "std"]
 default-features = false

 [workspace.dependencies.hyper]
-version = "1.4.1"
+version = "1.5.1"
 default-features = false
 features = [
 	"server",
@@ -257,39 +274,40 @@ features = [
 ]

 [workspace.dependencies.hyper-util]
-version = "0.1.6"
+# hyper-util >=0.1.9 seems to have DNS issues
+version = "=0.1.8"
 default-features = false
 features = [
-	"client",
 	"server-auto",
 	"server-graceful",
-	"service",
 	"tokio",
 ]

 # to support multiple variations of setting a config option
 [workspace.dependencies.either]
-version = "1.11.0"
+version = "1.13.0"
 default-features = false
 features = ["serde"]

 # Used for reading the configuration from conduwuit.toml & environment variables
 [workspace.dependencies.figment]
-version = "0.10.18"
+version = "0.10.19"
 default-features = false
 features = ["env", "toml"]

 [workspace.dependencies.hickory-resolver]
-version = "0.24.1"
+version = "0.24.2"
 default-features = false

-# Used for conduit::Error type
+# Used for conduwuit::Error type
 [workspace.dependencies.thiserror]
-version = "1.0.63"
+version = "2.0.7"
+default-features = false

 # Used when hashing the state
 [workspace.dependencies.ring]
 version = "0.17.8"
+default-features = false

 # Used to make working with iterators easier, was already a transitive depdendency
 [workspace.dependencies.itertools]
@@ -300,12 +318,16 @@ version = "0.13.0"
 [workspace.dependencies.cyborgtime]
 version = "2.1.1"

-# used to replace the channels of the tokio runtime
+# used for MPSC channels
 [workspace.dependencies.loole]
-version = "0.3.1"
+version = "0.4.0"
+
+# used for MPMC channels
+[workspace.dependencies.async-channel]
+version = "2.3.1"

 [workspace.dependencies.async-trait]
-version = "0.1.81"
+version = "0.1.83"

 [workspace.dependencies.lru-cache]
 version = "0.1.2"
@@ -314,7 +336,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://github.com/girlbossceo/ruwuma"
 #branch = "conduwuit-changes"
-rev = "d7ddcd036f81edb257ab9371f9cadd46444e8a90"
+rev = "c4f55b39900b33b2d443dd12a6a2dab50961fdfb"
 features = [
    "compat",
    "rand",
@@ -327,6 +349,7 @@ features = [
    "server-util",
    "unstable-exhaustive-types",
    "ring-compat",
+    "compat-upload-signatures",
    "identifiers-validation",
    "unstable-unspecified",
    "unstable-msc2448",
@@ -335,12 +358,17 @@ features = [
    "unstable-msc2870",
    "unstable-msc3026",
    "unstable-msc3061",
+    "unstable-msc3245",
    "unstable-msc3266",
    "unstable-msc3381", # polls
    "unstable-msc3489", # beacon / live location
    "unstable-msc3575",
+    "unstable-msc4075",
    "unstable-msc4121",
    "unstable-msc4125",
+    "unstable-msc4186",
+    "unstable-msc4203", # sending to-device events to appservices 
+    "unstable-msc4210", # remove legacy mentions
    "unstable-extensible-events",
 ]

@@ -356,9 +384,13 @@ features = [
 	"bzip2",
 ]

-# optional SHA256 media keys feature
 [workspace.dependencies.sha2]
 version = "0.10.8"
+default-features = false
+
+[workspace.dependencies.sha1]
+version = "0.10.6"
+default-features = false

 # optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
 [workspace.dependencies.opentelemetry]
@@ -380,7 +412,7 @@ features = ["rt-tokio"]

 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.34.0"
+version = "0.35.0"
 default-features = false
 features = [
    "backtrace",
@@ -396,24 +428,24 @@ features = [
 ]

 [workspace.dependencies.sentry-tracing]
-version = "0.34.0"
+version = "0.35.0"
 [workspace.dependencies.sentry-tower]
-version = "0.34.0"
+version = "0.35.0"

 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
 git = "https://github.com/girlbossceo/jemallocator"
-rev = "c32af15f3b440ae5e46c3404f78b19093bbd5294"
+rev = "d87938bfddc26377dd7fdf14bbcd345f3ab19442"
 default-features = false
 features = ["unprefixed_malloc_on_supported_platforms"]
 [workspace.dependencies.tikv-jemallocator]
 git = "https://github.com/girlbossceo/jemallocator"
-rev = "c32af15f3b440ae5e46c3404f78b19093bbd5294"
+rev = "d87938bfddc26377dd7fdf14bbcd345f3ab19442"
 default-features = false
 features = ["unprefixed_malloc_on_supported_platforms"]
 [workspace.dependencies.tikv-jemalloc-ctl]
 git = "https://github.com/girlbossceo/jemallocator"
-rev = "c32af15f3b440ae5e46c3404f78b19093bbd5294"
+rev = "d87938bfddc26377dd7fdf14bbcd345f3ab19442"
 default-features = false
 features = ["use_std"]

@@ -426,7 +458,8 @@ default-features = false
 features = ["resource"]

 [workspace.dependencies.sd-notify]
-version = "0.4.1"
+version = "0.4.3"
+default-features = false

 [workspace.dependencies.hardened_malloc-rs]
 version = "0.1.2"
@@ -442,23 +475,34 @@ version = "0.4.3"
 default-features = false

 [workspace.dependencies.termimad]
-version = "0.30.0"
+version = "0.31.1"
 default-features = false

 [workspace.dependencies.checked_ops]
 version = "0.1"

 [workspace.dependencies.syn]
-version = "2.0.72"
+version = "2.0.90"
 default-features = false
 features = ["full", "extra-traits"]

 [workspace.dependencies.quote]
-version = "1.0.36"
+version = "1.0.37"

 [workspace.dependencies.proc-macro2]
-version = "1.0.86"
+version = "1.0.89"

+[workspace.dependencies.bytesize]
+version = "1.3.0"
+
+[workspace.dependencies.core_affinity]
+version = "0.8.1"
+
+[workspace.dependencies.libc]
+version = "0.2"
+
+[workspace.dependencies.num-traits]
+version = "0.2"

 #
 # Patches
@@ -469,59 +513,71 @@ version = "1.0.86"
 # https://github.com/girlbossceo/tracing/commit/b348dca742af641c47bc390261f60711c2af573c
 [patch.crates-io.tracing-subscriber]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d"
 [patch.crates-io.tracing]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d"
 [patch.crates-io.tracing-core]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d"
 [patch.crates-io.tracing-log]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d"

 # adds a tab completion callback: https://github.com/girlbossceo/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50
 # adds event for CTRL+\: https://github.com/girlbossceo/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b
 [patch.crates-io.rustyline-async]
 git = "https://github.com/girlbossceo/rustyline-async"
-rev = "9654cc84e19241f6e19021eb8e677892656f5071"
+rev = "deaeb0694e2083f53d363b648da06e10fc13900c"
+
+# adds LIFO queue scheduling; this should be updated with PR progress.
+[patch.crates-io.event-listener]
+git = "https://github.com/girlbossceo/event-listener"
+rev = "fe4aebeeaae435af60087ddd56b573a2e0be671d"
+[patch.crates-io.async-channel]
+git = "https://github.com/girlbossceo/async-channel"
+rev = "92e5e74063bf2a3b10414bcc8a0d68b235644280"
+
+[patch.crates-io.core_affinity]
+git = "https://github.com/girlbossceo/core_affinity_rs"
+rev = "9c8e51510c35077df888ee72a36b4b05637147da"

 #
 # Our crates
 #

-[workspace.dependencies.conduit-router]
-package = "conduit_router"
+[workspace.dependencies.conduwuit-router]
+package = "conduwuit_router"
 path = "src/router"
 default-features = false

-[workspace.dependencies.conduit-admin]
-package = "conduit_admin"
+[workspace.dependencies.conduwuit-admin]
+package = "conduwuit_admin"
 path = "src/admin"
 default-features = false

-[workspace.dependencies.conduit-api]
-package = "conduit_api"
+[workspace.dependencies.conduwuit-api]
+package = "conduwuit_api"
 path = "src/api"
 default-features = false

-[workspace.dependencies.conduit-service]
-package = "conduit_service"
+[workspace.dependencies.conduwuit-service]
+package = "conduwuit_service"
 path = "src/service"
 default-features = false

-[workspace.dependencies.conduit-database]
-package = "conduit_database"
+[workspace.dependencies.conduwuit-database]
+package = "conduwuit_database"
 path = "src/database"
 default-features = false

-[workspace.dependencies.conduit-core]
-package = "conduit_core"
+[workspace.dependencies.conduwuit-core]
+package = "conduwuit_core"
 path = "src/core"
 default-features = false

-[workspace.dependencies.conduit-macros]
-package = "conduit_macros"
+[workspace.dependencies.conduwuit-macros]
+package = "conduwuit_macros"
 path = "src/macros"
 default-features = false

@@ -580,7 +636,7 @@ codegen-units = 32
 #	'-Clink-arg=-Wl,--no-gc-sections',
 #]

-[profile.release-max-perf.package.conduit_macros]
+[profile.release-max-perf.package.conduwuit_macros]
 inherits = "release-max-perf.build-override"
 #rustflags = [
 #	'-Crelocation-model=pic',
@@ -608,14 +664,13 @@ inherits = "release"
 # and can be raised if build times are tolerable.

 [profile.dev]
-debug = 1
+debug = "full"
 opt-level = 0
 panic = "unwind"
 debug-assertions = true
 incremental = true
-codegen-units = 64
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Zvalidate-mir=false',
@@ -632,11 +687,11 @@ codegen-units = 64
 #	'-Clink-arg=-Wl,-z,lazy',
 #]

-[profile.dev.package.conduit_core]
+[profile.dev.package.conduwuit_core]
 inherits = "dev"
 incremental = false
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Ztls-model=initial-exec',
@@ -653,11 +708,10 @@ incremental = false
 #	'-Clink-arg=-Wl,-z,nodelete',
 #]

-[profile.dev.package.conduit]
+[profile.dev.package.conduwuit]
 inherits = "dev"
-incremental = false
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Zvalidate-mir=false',
@@ -679,7 +733,7 @@ incremental = false
 codegen-units = 1
 opt-level = 'z'
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztls-model=initial-exec',
 #	'-Cprefer-dynamic=true',
 #	'-Zstaticlib-prefer-dynamic=true',
@@ -700,7 +754,7 @@ incremental = false
 codegen-units = 1
 opt-level = 'z'
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztls-model=global-dynamic',
 #	'-Cprefer-dynamic=true',
 #	'-Zstaticlib-prefer-dynamic=true',
@@ -715,12 +769,16 @@ opt-level = 'z'
 # primarily used for CI
 [profile.test]
 inherits = "dev"
+strip = false
+opt-level = 0
 codegen-units = 16
 incremental = false

 [profile.test.package.'*']
 inherits = "dev"
 debug = 0
+strip = false
+opt-level = 0
 codegen-units = 16
 incremental = false

@@ -763,6 +821,7 @@ unused-qualifications = "warn"
 #unused-results = "warn"                                             # TODO

 ## some sadness
+elided_named_lifetimes = "allow"                                     # TODO!
 let_underscore_drop = "allow"
 missing_docs = "allow"
 # cfgs cannot be limited to expected cfgs or their de facto non-transitive/opt-in use-case e.g.
@@ -808,6 +867,7 @@ significant_drop_tightening = { level = "allow", priority = 1 }      # TODO
 pedantic = { level = "warn", priority = -1 }

 ## some sadness
+too_long_first_doc_paragraph = { level = "allow", priority = 1 }
 doc_markdown = { level = "allow", priority = 1 }
 enum_glob_use = { level = "allow", priority = 1 }
 if_not_else = { level = "allow", priority = 1 }
@@ -819,6 +879,7 @@ missing_panics_doc = { level = "allow", priority = 1 }
 module_name_repetitions = { level = "allow", priority = 1 }
 no_effect_underscore_binding = { level = "allow", priority = 1 }
 similar_names = { level = "allow", priority = 1 }
+single_match_else = { level = "allow", priority = 1 }
 struct_field_names = { level = "allow", priority = 1 }
 unnecessary_wraps = { level = "allow", priority = 1 }
 unused_async = { level = "allow", priority = 1 }
@@ -1,15 +1,19 @@
 # conduwuit

-`main` / stable: [![CI and
-Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)
+[![conduwuit main room](https://img.shields.io/matrix/conduwuit%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit:puppygock.gay) [![conduwuit space](https://img.shields.io/matrix/conduwuit-space%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit-space%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit-space:puppygock.gay) [![CI and Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)

-<!-- ANCHOR: catchphrase --> ### a very cool, featureful fork of
-[Conduit](https://conduit.rs/) <!-- ANCHOR_END: catchphrase -->
+<!-- ANCHOR: catchphrase -->

-Visit the [Conduwuit documentation](https://conduwuit.puppyirl.gay/) for more
-information.
+### a very cool, featureful fork of [Conduit](https://conduit.rs/)

-<!-- ANCHOR: body --> #### What is Matrix?
+<!-- ANCHOR_END: catchphrase -->
+
+Visit the [conduwuit documentation](https://conduwuit.puppyirl.gay/) for more
+information and how to deploy/setup conduwuit.
+
+<!-- ANCHOR: body -->
+
+#### What is Matrix?

 [Matrix](https://matrix.org) is an open network for secure and decentralized
 communication. Users from every Matrix homeserver can chat with users from all
@@ -18,9 +22,9 @@ to communicate with users outside of Matrix, like a community on Discord.

 #### What is the goal?

-An efficient Matrix homeserver that's easy to set up and just works. You can
-install it on a mini-computer like the Raspberry Pi to host Matrix for your
-family, friends or company.
+A high-performance and efficient Matrix homeserver that's easy to set up and
+just works. You can install it on a mini-computer like the Raspberry Pi to
+host Matrix for your family, friends or company.

 #### Can I try it out?

@@ -37,13 +41,42 @@ transfem.dev is also listed at

 #### What is the current status?

-conduwuit is a hard fork of Conduit which is in beta, meaning you can join and
-participate in most Matrix rooms, but not all features are supported and you
-might run into bugs from time to time.
+conduwuit is technically a hard fork of Conduit, which is in Beta. The Beta status
+initially was inherited from Conduit, however overtime this Beta status is rapidly
+becoming less and less relevant as our codebase significantly diverges more and more.
+
+conduwuit is quite stable and very usable as a daily driver and for a low-medium
+sized homeserver. There is still a lot of more work to be done, but it is in a far
+better place than the project was in early 2024.
+
+#### How is conduwuit funded? Is conduwuit sustainable?
+
+conduwuit has no external funding. This is made possible purely in my freetime with
+contributors, also in their free time, and only by user-curated donations.
+
+conduwuit has existed since around November 2023, but [only became more publicly known
+in March/April 2024](https://matrix.org/blog/2024/04/26/this-week-in-matrix-2024-04-26/#conduwuit-website)
+and we have no plans in stopping or slowing down any time soon!
+
+#### Can I migrate or switch from Conduit?
+
+conduwuit is a complete drop-in replacement for Conduit. As long as you are using RocksDB,
+the only "migration" you need to do is replace the binary or container image. There
+is no harm or additional steps required for using conduwuit. See the
+[Migrating from Conduit](https://conduwuit.puppyirl.gay/deploying/generic.html#migrating-from-conduit) section
+on the generic deploying guide.
+
+Note that as of conduwuit version 0.5.0, backwards compatibility with Conduit is
+no longer supported. We only support migrating *from* Conduit, not back to
+Conduit like before. If you are truly finding yourself wanting to migrate back
+to Conduit, we would appreciate all your feedback and if we can assist with
+any issues or concerns.

 <!-- ANCHOR_END: body -->

-<!-- ANCHOR: footer --> #### Contact
+<!-- ANCHOR: footer -->
+
+#### Contact

 If you run into any question, feel free to

@@ -52,15 +85,19 @@ If you run into any question, feel free to

 #### Donate

+conduwuit development is purely made possible by myself and contributors. I do
+not get paid to work on this, and I work on it in my free time. Donations are
+heavily appreciated! 💜🥺
+
 - Liberapay: <https://liberapay.com/girlbossceo>
- Ko-fi: <https://ko-fi.com/puppygock>
+- Ko-fi (note they take a fee): <https://ko-fi.com/puppygock>
 - GitHub Sponsors: <https://github.com/sponsors/girlbossceo>

 #### Logo

 Original repo and Matrix room picture was from bran (<3). Current banner image
 and logo is directly from [this cohost
-post](https://cohost.org/RatBaby/post/1028290-finally-a-flag-for).
+post](https://web.archive.org/web/20241126004041/https://cohost.org/RatBaby/post/1028290-finally-a-flag-for).

 #### Is it conduwuit or Conduwuit?

@@ -73,5 +110,6 @@ Both, but I prefer conduwuit.
 - git.girlcock.ceo: <https://git.girlcock.ceo/strawberry/conduwuit>
 - git.gay: <https://git.gay/june/conduwuit>
 - Codeberg: <https://codeberg.org/girlbossceo/conduwuit>
- sourcehut: <https://git.sr.ht/~girlbossceo/conduwuit> <!-- ANCHOR_END: footer
-->
+- sourcehut: <https://git.sr.ht/~girlbossceo/conduwuit>
+
+<!-- ANCHOR_END: footer -->
@@ -1,6 +1,7 @@
 [Unit]
 Description=conduwuit Matrix homeserver
-After=network.target
+Wants=network-online.target
+After=network-online.target
 Documentation=https://conduwuit.puppyirl.gay/
 RequiresMountsFor=/var/lib/private/conduwuit

@@ -15,7 +16,7 @@ DevicePolicy=closed
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-ProcSubset=pid
+#ProcSubset=pid
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
@@ -15,10 +15,10 @@ LOG_FILE="$2"
 # A `.jsonl` file to write test results to
 RESULTS_FILE="$3"

-OCI_IMAGE="complement-conduit:main"
+OCI_IMAGE="complement-conduwuit:main"

 # Complement tests that are skipped due to flakiness/reliability issues
-SKIPPED_COMPLEMENT_TESTS='-skip=TestClientSpacesSummary.*|TestJoinFederatedRoomFromApplicationServiceBridgeUser.*|TestJumpToDateEndpoint.*'
+SKIPPED_COMPLEMENT_TESTS='-skip=TestClientSpacesSummary.*|TestJoinFederatedRoomFromApplicationServiceBridgeUser.*|TestJumpToDateEndpoint.*|TestUnbanViaInvite.*'

 # $COMPLEMENT_SRC needs to be a directory to Complement source code
 if [ -f "$COMPLEMENT_SRC" ]; then
@@ -34,7 +34,7 @@ toplevel="$(git rev-parse --show-toplevel)"

 pushd "$toplevel" > /dev/null

-bin/nix-build-and-cache just .#static-complement
+bin/nix-build-and-cache just .#linux-complement

 docker load < result
 popd > /dev/null
@@ -26,7 +26,12 @@ just() {
        "$ATTIC_TOKEN"

    # Find all output paths of the installables and their build dependencies
-    readarray -t derivations < <(nix path-info --derivation "$@")
+    #readarray -t derivations < <(nix path-info --derivation "$@")
+    derivations=()
+    while IFS=$'\n' read derivation; do
+        derivations+=("$derivation")
+    done < <(nix path-info --derivation "$@")
+
    cache=()
    for derivation in "${derivations[@]}"; do
        cache+=(
@@ -34,6 +39,9 @@ just() {
        )
    done

+    withattic() {
+        nix shell --inputs-from "$toplevel" attic --command xargs attic push "$@" <<< "${cache[*]}"
+    }
    # Upload them to Attic (conduit store)
    #
    # Use `xargs` and a here-string because something would probably explode if
@@ -41,8 +49,7 @@ just() {
    # store paths include a newline in them.
    (
        IFS=$'\n'
-        nix shell --inputs-from "$toplevel" attic -c xargs \
-            attic push conduit <<< "${cache[*]}"
+        withattic conduit || withattic conduit || withattic conduit || true
    )

    # main "conduwuit" store
@@ -59,8 +66,7 @@ just() {
    # store paths include a newline in them.
    (
        IFS=$'\n'
-        nix shell --inputs-from "$toplevel" attic -c xargs \
-            attic push conduwuit <<< "${cache[*]}"
+        withattic conduwuit || withattic conduwuit || withattic conduwuit || true

        # push to cachix if available
        if [ "$CACHIX_AUTH_TOKEN" ]; then
@@ -76,8 +82,8 @@ ci() {
        --inputs-from "$toplevel"

        # Keep sorted
-        "$toplevel#devShells.x86_64-linux.default"
-        "$toplevel#devShells.x86_64-linux.all-features"
+        #"$toplevel#devShells.x86_64-linux.default"
+        #"$toplevel#devShells.x86_64-linux.all-features"
        attic#default
        cachix#default
        nixpkgs#direnv
@@ -2,6 +2,18 @@ array-size-threshold = 4096
 cognitive-complexity-threshold = 94         # TODO reduce me ALARA
 excessive-nesting-threshold = 11            # TODO reduce me to 4 or 5
 future-size-threshold = 7745                # TODO reduce me ALARA
-stack-size-threshold = 144000               # reduce me ALARA
-too-many-lines-threshold = 700              # TODO reduce me to <= 100
+stack-size-threshold = 196608               # reduce me ALARA
+too-many-lines-threshold = 780              # TODO reduce me to <= 100
 type-complexity-threshold = 250             # reduce me to ~200
+
+disallowed-macros = [
+	{ path = "log::error", reason = "use conduwuit_core::error" },
+	{ path = "log::warn", reason = "use conduwuit_core::warn" },
+	{ path = "log::info", reason = "use conduwuit_core::info" },
+	{ path = "log::debug", reason = "use conduwuit_core::debug" },
+	{ path = "log::trace", reason = "use conduwuit_core::trace" },
+]
+
+disallowed-methods = [
+    { path = "tokio::spawn", reason = "use and pass conduuwit_core::server::Server::runtime() to spawn from" },
+]
@@ -1,17 +1,24 @@
 # conduwuit for Debian

-Information about downloading and deploying the Debian package. This may also be referenced for other `apt`-based distros such as Ubuntu.
+Information about downloading and deploying the Debian package. This may also be
+referenced for other `apt`-based distros such as Ubuntu.

 ### Installation

-It is recommended to see the [generic deployment guide](../deploying/generic.md) for further information if needed as usage of the Debian package is generally related.
+It is recommended to see the [generic deployment guide](../deploying/generic.md)
+for further information if needed as usage of the Debian package is generally
+related.
+
+No `apt` repository is currently offered yet, it is in the works/development.

 ### Configuration

-When installed, the example config is placed at `/etc/conduwuit/conduwuit.toml` as the default config. At the minimum, you will need to change your `server_name` here.
+When installed, the example config is placed at `/etc/conduwuit/conduwuit.toml`
+as the default config. The config mentions things required to be changed before
+starting.

-You can tweak more detailed settings by uncommenting and setting the config options
-in `/etc/conduwuit/conduwuit.toml`.
+You can tweak more detailed settings by uncommenting and setting the config
+options in `/etc/conduwuit/conduwuit.toml`.

 ### Running

@@ -1,7 +1,8 @@
 [Unit]
 Description=conduwuit Matrix homeserver
-Documentation=https://conduwuit.puppyirl.gay/
+Wants=network-online.target
 After=network-online.target
+Documentation=https://conduwuit.puppyirl.gay/

 [Service]
 DynamicUser=yes
@@ -22,7 +23,7 @@ DevicePolicy=closed
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-ProcSubset=pid
+#ProcSubset=pid
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
@@ -27,7 +27,7 @@ malloc-usable-size = ["rust-rocksdb/malloc-usable-size"]

 [dependencies.rust-rocksdb]
 git = "https://github.com/girlbossceo/rust-rocksdb-zaidoon1"
-rev = "5383ca8173299066b516406e3a2cf945ead891cb"
+rev = "123d6302fed23fc706344becb2f19623265a83f8"
 #branch = "master"
 default-features = false

@@ -1,61 +1,62 @@
 pub use rust_rocksdb::*;

-#[cfg_attr(not(conduit_mods), link(name = "rocksdb"))]
-#[cfg_attr(conduit_mods, link(name = "rocksdb", kind = "static"))]
-extern "C" {
-	pub fn rocksdb_list_column_families();
-	pub fn rocksdb_logger_create_stderr_logger();
-	pub fn rocksdb_options_set_info_log();
-	pub fn rocksdb_get_options_from_string();
-	pub fn rocksdb_writebatch_create();
-	pub fn rocksdb_writebatch_destroy();
-	pub fn rocksdb_writebatch_put_cf();
-	pub fn rocksdb_writebatch_delete_cf();
-	pub fn rocksdb_iter_value();
-	pub fn rocksdb_iter_seek_to_last();
-	pub fn rocksdb_iter_seek_for_prev();
-	pub fn rocksdb_iter_seek_to_first();
-	pub fn rocksdb_iter_next();
-	pub fn rocksdb_iter_prev();
-	pub fn rocksdb_iter_seek();
-	pub fn rocksdb_iter_valid();
-	pub fn rocksdb_iter_get_error();
-	pub fn rocksdb_iter_key();
-	pub fn rocksdb_iter_destroy();
-	pub fn rocksdb_livefiles();
-	pub fn rocksdb_livefiles_count();
-	pub fn rocksdb_livefiles_destroy();
-	pub fn rocksdb_livefiles_column_family_name();
-	pub fn rocksdb_livefiles_name();
-	pub fn rocksdb_livefiles_size();
-	pub fn rocksdb_livefiles_level();
-	pub fn rocksdb_livefiles_smallestkey();
-	pub fn rocksdb_livefiles_largestkey();
-	pub fn rocksdb_livefiles_entries();
-	pub fn rocksdb_livefiles_deletions();
-	pub fn rocksdb_put_cf();
-	pub fn rocksdb_delete_cf();
-	pub fn rocksdb_get_pinned_cf();
-	pub fn rocksdb_create_column_family();
-	pub fn rocksdb_get_latest_sequence_number();
-	pub fn rocksdb_batched_multi_get_cf();
-	pub fn rocksdb_cancel_all_background_work();
-	pub fn rocksdb_repair_db();
-	pub fn rocksdb_list_column_families_destroy();
-	pub fn rocksdb_flush();
-	pub fn rocksdb_flush_wal();
-	pub fn rocksdb_open_column_families();
-	pub fn rocksdb_open_for_read_only_column_families();
-	pub fn rocksdb_open_as_secondary_column_families();
-	pub fn rocksdb_open_column_families_with_ttl();
-	pub fn rocksdb_open();
-	pub fn rocksdb_open_for_read_only();
-	pub fn rocksdb_open_with_ttl();
-	pub fn rocksdb_open_as_secondary();
-	pub fn rocksdb_write();
-	pub fn rocksdb_create_iterator_cf();
-	pub fn rocksdb_backup_engine_create_new_backup_flush();
-	pub fn rocksdb_backup_engine_options_create();
-	pub fn rocksdb_write_buffer_manager_destroy();
-	pub fn rocksdb_options_set_ttl();
+#[cfg_attr(not(conduwuit_mods), link(name = "rocksdb"))]
+#[cfg_attr(conduwuit_mods, link(name = "rocksdb", kind = "static"))]
+unsafe extern "C" {
+	pub unsafe fn rocksdb_list_column_families();
+	pub unsafe fn rocksdb_logger_create_stderr_logger();
+	pub unsafe fn rocksdb_logger_create_callback_logger();
+	pub unsafe fn rocksdb_options_set_info_log();
+	pub unsafe fn rocksdb_get_options_from_string();
+	pub unsafe fn rocksdb_writebatch_create();
+	pub unsafe fn rocksdb_writebatch_destroy();
+	pub unsafe fn rocksdb_writebatch_put_cf();
+	pub unsafe fn rocksdb_writebatch_delete_cf();
+	pub unsafe fn rocksdb_iter_value();
+	pub unsafe fn rocksdb_iter_seek_to_last();
+	pub unsafe fn rocksdb_iter_seek_for_prev();
+	pub unsafe fn rocksdb_iter_seek_to_first();
+	pub unsafe fn rocksdb_iter_next();
+	pub unsafe fn rocksdb_iter_prev();
+	pub unsafe fn rocksdb_iter_seek();
+	pub unsafe fn rocksdb_iter_valid();
+	pub unsafe fn rocksdb_iter_get_error();
+	pub unsafe fn rocksdb_iter_key();
+	pub unsafe fn rocksdb_iter_destroy();
+	pub unsafe fn rocksdb_livefiles();
+	pub unsafe fn rocksdb_livefiles_count();
+	pub unsafe fn rocksdb_livefiles_destroy();
+	pub unsafe fn rocksdb_livefiles_column_family_name();
+	pub unsafe fn rocksdb_livefiles_name();
+	pub unsafe fn rocksdb_livefiles_size();
+	pub unsafe fn rocksdb_livefiles_level();
+	pub unsafe fn rocksdb_livefiles_smallestkey();
+	pub unsafe fn rocksdb_livefiles_largestkey();
+	pub unsafe fn rocksdb_livefiles_entries();
+	pub unsafe fn rocksdb_livefiles_deletions();
+	pub unsafe fn rocksdb_put_cf();
+	pub unsafe fn rocksdb_delete_cf();
+	pub unsafe fn rocksdb_get_pinned_cf();
+	pub unsafe fn rocksdb_create_column_family();
+	pub unsafe fn rocksdb_get_latest_sequence_number();
+	pub unsafe fn rocksdb_batched_multi_get_cf();
+	pub unsafe fn rocksdb_cancel_all_background_work();
+	pub unsafe fn rocksdb_repair_db();
+	pub unsafe fn rocksdb_list_column_families_destroy();
+	pub unsafe fn rocksdb_flush();
+	pub unsafe fn rocksdb_flush_wal();
+	pub unsafe fn rocksdb_open_column_families();
+	pub unsafe fn rocksdb_open_for_read_only_column_families();
+	pub unsafe fn rocksdb_open_as_secondary_column_families();
+	pub unsafe fn rocksdb_open_column_families_with_ttl();
+	pub unsafe fn rocksdb_open();
+	pub unsafe fn rocksdb_open_for_read_only();
+	pub unsafe fn rocksdb_open_with_ttl();
+	pub unsafe fn rocksdb_open_as_secondary();
+	pub unsafe fn rocksdb_write();
+	pub unsafe fn rocksdb_create_iterator_cf();
+	pub unsafe fn rocksdb_backup_engine_create_new_backup_flush();
+	pub unsafe fn rocksdb_backup_engine_options_create();
+	pub unsafe fn rocksdb_write_buffer_manager_destroy();
+	pub unsafe fn rocksdb_options_set_ttl();
 }
@@ -0,0 +1 @@
+docs/development.md
@@ -8,6 +8,7 @@
  - [Generic](deploying/generic.md)
  - [NixOS](deploying/nixos.md)
  - [Docker](deploying/docker.md)
+  - [Kubernetes](deploying/kubernetes.md)
  - [Arch Linux](deploying/arch-linux.md)
  - [Debian](deploying/debian.md)
  - [FreeBSD](deploying/freebsd.md)
@@ -9,7 +9,7 @@ environment for everyone. This Code of Conduct applies to all conduwuit spaces,
 including any further community rooms that reference this CoC. Here are our
 guidelines to help maintain the welcoming atmosphere that sets conduwuit apart.

-For the general foundational rules, please refer to the [Contributor's 
+For the general foundational rules, please refer to the [Contributor's
 Covenant](https://github.com/girlbossceo/conduwuit/blob/main/CODE_OF_CONDUCT.md).
 Below are additional guidelines specific to the conduwuit community.

@@ -90,4 +90,4 @@ comfortable doing that, then please send a DM to one of the moderators directly.

 Together, let’s build a community where everyone feels valued and respected.

- The conduwuit Moderation Team
+— The conduwuit Moderation Team
@@ -31,6 +31,22 @@ string. This does not apply to options that take booleans or numbers:
 - `--option log=\"debug\"` works ✅
 - `--option server_name='"example.com'"` works ✅

+## Execute commandline flag
+
+conduwuit supports running admin commands on startup using the commandline
+argument `--execute`. The most notable use for this is to create an admin user
+on first startup.
+
+The syntax of this is a standard admin command without the prefix such as
+`./conduwuit --execute "users create_user june"`
+
+An example output of a success is:
+```
+INFO conduwuit_service::admin::startup: Startup command #0 completed:
+Created user with user_id: @june:girlboss.ceo and password: `<redacted>`
+```
+
+This commandline argument can be paired with the `--option` flag.

 ## Environment variables

@@ -1 +0,0 @@
-{{#include ../CONTRIBUTING.md}}
@@ -0,0 +1 @@
+../CONTRIBUTING.md
@@ -1,40 +1,43 @@
 # conduwuit - Behind Traefik Reverse Proxy

 services:
-    homeserver:
-        ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
-        ### then you are ready to go.
-        image: girlbossceo/conduwuit:latest
-        restart: unless-stopped
-        volumes:
-            - db:/var/lib/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
-        networks:
-            - proxy
-        environment:
-            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_DATABASE_BACKEND: rocksdb
-            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
-            CONDUWUIT_ALLOW_REGISTRATION: 'true'
-            CONDUWUIT_ALLOW_FEDERATION: 'true'
-            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUWUIT_LOG: warn,state_res=warn
-            CONDUWUIT_ADDRESS: 0.0.0.0
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
-        #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+  homeserver:
+    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
+    ### then you are ready to go.
+    image: girlbossceo/conduwuit:latest
+    restart: unless-stopped
+    volumes:
+      - db:/var/lib/conduwuit
+      #- ./conduwuit.toml:/etc/conduwuit.toml
+    networks:
+      - proxy
+    environment:
+      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
+      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
+      CONDUWUIT_PORT: 6167 # should match the loadbalancer traefik label
+      CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
+      CONDUWUIT_ALLOW_REGISTRATION: 'true'
+      CONDUWUIT_ALLOW_FEDERATION: 'true'
+      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+      #CONDUWUIT_LOG: warn,state_res=warn
+      CONDUWUIT_ADDRESS: 0.0.0.0
+      #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
+
+      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
+      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
+      # see the override file for more information about delegation
+      CONDUWUIT_WELL_KNOWN: |
+        {
+        client=https://your.server.name.example,
+        server=your.server.name.example:443
+        }
+    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
+      nofile:
+        soft: 1048567
+        hard: 1048567

-    # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
-    # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
-    # and in the docker compose override file.
-    well-known:
-        image: nginx:latest
-        restart: unless-stopped
-        volumes:
-            - ./nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf # the config to serve the .well-known/matrix files
-            - ./nginx/www:/var/www/ # location of the client and server .well-known-files
    ### Uncomment if you want to use your own Element-Web App.
    ### Note: You need to provide a config.json for Element and you also need a second
    ###       Domain or Subdomain for the communication between Element and conduwuit
@@ -50,10 +53,12 @@ services:
    #         - homeserver

 volumes:
-    db:
+  db:

 networks:
-    # This is the network Traefik listens to, if your network has a different
-    # name, don't forget to change it here and in the docker-compose.override.yml
-    proxy:
-        external: true
+  # This is the network Traefik listens to, if your network has a different
+  # name, don't forget to change it here and in the docker-compose.override.yml
+  proxy:
+    external: true
+
+# vim: ts=2:sw=2:expandtab
@@ -1,44 +1,37 @@
 # conduwuit - Traefik Reverse Proxy Labels

 services:
-    homeserver:
-        labels:
-            - "traefik.enable=true"
-            - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
+  homeserver:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network

-            - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which conduwuit is hosted
-            - "traefik.http.routers.to-conduwuit.tls=true"
-            - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
-            - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
+      - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which conduwuit is hosted
+      - "traefik.http.routers.to-conduwuit.tls=true"
+      - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
+      - "traefik.http.services.to_conduwuit.loadbalancer.server.port=6167"

-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"

-    # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
-    # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
-    # and in the docker compose file.
-    well-known:
-        labels:
-            - "traefik.enable=true"
-            - "traefik.docker.network=proxy"
+      # If you want to have your account on <DOMAIN>, but host conduwuit on a subdomain,
+      # you can let it only handle the well known file on that domain instead
+      #- "traefik.http.routers.to-matrix-wellknown.rule=Host(`<DOMAIN>`) && PathPrefix(`/.well-known/matrix`)"
+      #- "traefik.http.routers.to-matrix-wellknown.tls=true"
+      #- "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt"
+      #- "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker"

-            - "traefik.http.routers.to-matrix-wellknown.rule=Host(`<SUBDOMAIN>.<DOMAIN>`) && PathPrefix(`/.well-known/matrix`)"
-            - "traefik.http.routers.to-matrix-wellknown.tls=true"
-            - "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt"
-            - "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker"
+  ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml
+  # element-web:
+  #     labels:
+  #         - "traefik.enable=true"
+  #         - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network

-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
-            - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+  #         - "traefik.http.routers.to-element-web.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Element-Web is hosted
+  #         - "traefik.http.routers.to-element-web.tls=true"
+  #         - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"

+# vim: ts=2:sw=2:expandtab

-    ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml
-    # element-web:
-    #     labels:
-    #         - "traefik.enable=true"
-    #         - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
-
-    #         - "traefik.http.routers.to-element-web.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Element-Web is hosted
-    #         - "traefik.http.routers.to-element-web.tls=true"
-    #         - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"
@@ -30,9 +30,8 @@ services:
        environment:
            CONDUWUIT_SERVER_NAME: example.com # EDIT THIS
            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_DATABASE_BACKEND: rocksdb
            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
            CONDUWUIT_ALLOW_REGISTRATION: 'true'
            CONDUWUIT_ALLOW_FEDERATION: 'true'
            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
@@ -1,42 +1,52 @@
 # conduwuit - Behind Traefik Reverse Proxy

 services:
-    homeserver:
-        ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image,
-        ### then you are ready to go.
-        image: girlbossceo/conduwuit:latest
-        restart: unless-stopped
-        volumes:
-            - db:/srv/conduwuit/.local/share/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
-        networks:
-            - proxy
-        environment:
-            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            CONDUWUIT_ALLOW_REGISTRATION : 'true'
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
-            ### Uncomment and change values as desired
-            # CONDUWUIT_ADDRESS: 0.0.0.0
-            # CONDUWUIT_PORT: 6167
-            # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
-            # CONDUWUIT_ALLOW_JAEGER: 'false'
-            # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
-            # CONDUWUIT_ALLOW_FEDERATION: 'true'
-            # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            # CONDUWUIT_DATABASE_PATH: /srv/conduwuit/.local/share/conduwuit
-            # CONDUWUIT_WORKERS: 10
-            # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
+  homeserver:
+    ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image,
+    ### then you are ready to go.
+    image: girlbossceo/conduwuit:latest
+    restart: unless-stopped
+    volumes:
+      - db:/var/lib/conduwuit
+      #- ./conduwuit.toml:/etc/conduwuit.toml
+    networks:
+      - proxy
+    environment:
+      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
+      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+      CONDUWUIT_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
+      CONDUWUIT_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
+      #CONDUWUIT_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
+      CONDUWUIT_ADDRESS: 0.0.0.0
+      CONDUWUIT_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
+      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
+      #CONDUWUIT_CONFIG: '/etc/conduit.toml' # Uncomment if you mapped config toml above
+      ### Uncomment and change values as desired, note that conduwuit has plenty of config options, so you should check out the example example config too
+      # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
+      # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
+      # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
+      # CONDUWUIT_ALLOW_FEDERATION: 'true'
+      # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+      # CONDUWUIT_ALLOW_INCOMING_PRESENCE: true
+      # CONDUWUIT_ALLOW_OUTGOING_PRESENCE: true
+      # CONDUWUIT_ALLOW_LOCAL_PRESENCE: true
+      # CONDUWUIT_WORKERS: 10
+      # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
+      # CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"

-    # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
-    # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
-    # and in the docker compose override file.
-    well-known:
-        image: nginx:latest
-        restart: unless-stopped
-        volumes:
-            - ./nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf # the config to serve the .well-known/matrix files
-            - ./nginx/www:/var/www/ # location of the client and server .well-known-files
+      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
+      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
+      # reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included
+      CONDUWUIT_WELL_KNOWN: |
+        {
+          client=https://your.server.name.example,
+          server=your.server.name.example:443
+        }
+    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
+      nofile:
+        soft: 1048567
+        hard: 1048567

    ### Uncomment if you want to use your own Element-Web App.
    ### Note: You need to provide a config.json for Element and you also need a second
@@ -52,29 +62,79 @@ services:
    #     depends_on:
    #         - homeserver

-    traefik:
-        image: "traefik:latest"
-        container_name: "traefik"
-        restart: "unless-stopped"
-        ports:
-            - "80:80"
-            - "443:443"
-        volumes:
-            - "/var/run/docker.sock:/var/run/docker.sock"
-            # - "./traefik_config:/etc/traefik"
-            - "acme:/etc/traefik/acme"
-        labels:
-            - "traefik.enable=true"
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    restart: "unless-stopped"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:z"
+      - "acme:/etc/traefik/acme"
+      #- "./traefik_config:/etc/traefik:z"
+    labels:
+      - "traefik.enable=true"

-            # middleware redirect
-            - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-            # global redirect to https
-            - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
-            - "traefik.http.routers.redirs.entrypoints=http"
-            - "traefik.http.routers.redirs.middlewares=redirect-to-https"
+      # middleware redirect
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # global redirect to https
+      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.redirs.entrypoints=web"
+      - "traefik.http.routers.redirs.middlewares=redirect-to-https"

-        networks:
-            - proxy
+    configs:
+      - source: dynamic.yml
+        target: /etc/traefik/dynamic.yml
+
+    environment:
+      TRAEFIK_LOG_LEVEL: DEBUG
+      TRAEFIK_ENTRYPOINTS_WEB: true
+      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"
+      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
+
+      TRAEFIK_ENTRYPOINTS_WEBSECURE: true
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
+      #TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_MIDDLEWARES: secureHeaders@file # if you want to enabled STS
+
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT: true
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: # Set this to the email you want to receive certificate expiration emails for
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_KEYTYPE: EC384
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE: true
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"
+
+      TRAEFIK_PROVIDERS_DOCKER: true
+      TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
+      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
+
+      TRAEFIK_PROVIDERS_FILE: true
+      TRAEFIK_PROVIDERS_FILE_FILENAME: "/etc/traefik/dynamic.yml"
+
+configs:
+  dynamic.yml:
+    content: |
+      # Optionally set STS headers, like in https://hstspreload.org
+      # http:
+      #   middlewares:
+      #     secureHeaders:
+      #       headers:
+      #         forceSTSHeader: true
+      #         stsIncludeSubdomains: true
+      #         stsPreload: true
+      #         stsSeconds: 31536000
+      tls:
+        options:
+          default:
+            cipherSuites:
+              - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+              - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+              - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+              - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+              - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+              - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+            minVersion: VersionTLS12

 volumes:
    db:
@@ -82,3 +142,5 @@ volumes:

 networks:
    proxy:
+
+# vim: ts=2:sw=2:expandtab
@@ -14,9 +14,8 @@ services:
        environment:
            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_DATABASE_BACKEND: rocksdb
            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
            CONDUWUIT_ALLOW_REGISTRATION: 'true'
            CONDUWUIT_ALLOW_FEDERATION: 'true'
            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
@@ -9,22 +9,14 @@ from a registry.

 OCI images for conduwuit are available in the registries listed below.

-| Registry        | Image
-| Size                          | Notes                  | | --------------- |
--------------------------------------------------------------- |
----------------------------- | ---------------------- | | GitHub Registry |
-[ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  |
-Stable tagged image.          | | GitLab Registry |
-[registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image
-Size][shield-latest]  | Stable tagged image.          | | Docker Hub      |
-[docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image
-Size][shield-latest]  | Stable tagged image.          | | GitHub Registry |
-[ghcr.io/girlbossceo/conduwuit:main][gh]   | ![Image Size][shield-main]    |
-Stable main branch.   | | GitLab Registry |
-[registry.gitlab.com/conduwuit/conduwuit:main][gl]   | ![Image
-Size][shield-main]    | Stable main branch.   | | Docker Hub      |
-[docker.io/girlbossceo/conduwuit:main][dh]               | ![Image
-Size][shield-main]    | Stable main branch.   |
+| Registry        | Image                                                           | Size                          | Notes                  |
+| --------------- | --------------------------------------------------------------- | ----------------------------- | ---------------------- |
+| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  | Stable latest tagged image.          |
+| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image Size][shield-latest]  | Stable latest tagged image.          |
+| Docker Hub      | [docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image Size][shield-latest]  | Stable latest tagged image.          |
+| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:main][gh]   | ![Image Size][shield-main]    | Stable main branch.   |
+| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:main][gl]   | ![Image Size][shield-main]    | Stable main branch.   |
+| Docker Hub      | [docker.io/girlbossceo/conduwuit:main][dh]               | ![Image Size][shield-main]    | Stable main branch.   |

 [dh]: https://hub.docker.com/r/girlbossceo/conduwuit
 [gh]: https://github.com/girlbossceo/conduwuit/pkgs/container/conduwuit
@@ -32,9 +24,14 @@ Size][shield-main]    | Stable main branch.   |
 [shield-latest]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/latest
 [shield-main]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/main

+OCI image `.tar.gz` files are also hosted directly at when uploaded by CI with a
+commit hash/revision or a tagged release: <https://pup.systems/~strawberry/conduwuit/>
+
 Use

-```bash docker image pull <link> ```
+```bash
+docker image pull $LINK
+```

 to pull it to your machine.

@@ -42,13 +39,12 @@ to pull it to your machine.

 When you have the image you can simply run it with

-```bash 
-docker run -d -p 8448:6167 \ 
-    -v db:/var/lib/conduwuit/ \ 
-    -e CONDUWUIT_SERVER_NAME="your.server.name" \ 
-    -e CONDUWUIT_DATABASE_BACKEND="rocksdb" \ 
+```bash
+docker run -d -p 8448:6167 \
+    -v db:/var/lib/conduwuit/ \
+    -e CONDUWUIT_SERVER_NAME="your.server.name" \
    -e CONDUWUIT_ALLOW_REGISTRATION=false \
-    --name conduit <link> 
+    --name conduwuit $LINK
 ```

 or you can use [docker compose](#docker-compose).
@@ -88,7 +84,9 @@ server.
 When picking the `caddy-docker-proxy` compose file, it's important to first
 create the `caddy` network before spinning up the containers:

-```bash docker network create caddy ```
+```bash
+docker network create caddy
+```

 After that, you can rename it so it matches `docker-compose.yml` and spin up the
 containers!
@@ -97,16 +95,28 @@ Additional info about deploying conduwuit can be found [here](generic.md).

 ### Build

-To build the conduwuit image with docker-compose, you first need to open and
-modify the `docker-compose.yml` file. There you need to comment the `image:`
-option and uncomment the `build:` option. Then call docker compose with:
+Official conduwuit images are built using Nix's
+[`buildLayeredImage`][nix-buildlayeredimage]. This ensures all OCI images are
+repeatable and reproducible by anyone, keeps the images lightweight, and can be
+built offline.

-```bash 
-docker compose up
-```
+This also ensures portability of our images because `buildLayeredImage` builds
+OCI images, not Docker images, and works with other container software.

-This will also start the container right afterwards, so if want it to run in
-detached mode, you also should use the `-d` flag.
+The OCI images are OS-less with only a very minimal environment of the `tini`
+init system, CA certificates, and the conduwuit binary. This does mean there is
+not a shell, but in theory you can get a shell by adding the necessary layers
+to the layered image. However it's very unlikely you will need a shell for any
+real troubleshooting.
+
+The flake file for the OCI image definition is at [`nix/pkgs/oci-image/default.nix`][oci-image-def].
+
+To build an OCI image using Nix, the following outputs can be built:
+- `nix build -L .#oci-image` (default features, x86_64 glibc)
+- `nix build -L .#oci-image-x86_64-linux-musl` (default features, x86_64 musl)
+- `nix build -L .#oci-image-aarch64-linux-musl` (default features, aarch64 musl)
+- `nix build -L .#oci-image-x86_64-linux-musl-all-features` (all features, x86_64 musl)
+- `nix build -L .#oci-image-aarch64-linux-musl-all-features` (all features, aarch64 musl)

 ### Run

@@ -141,3 +151,6 @@ those two files.
 ## Voice communication

 See the [TURN](../turn.md) page.
+
+[nix-buildlayeredimage]: https://ryantm.github.io/nixpkgs/builders/images/dockertools/#ssec-pkgs-dockerTools-buildLayeredImage
+[oci-image-def]: https://github.com/girlbossceo/conduwuit/blob/main/nix/pkgs/oci-image/default.nix
@@ -1,11 +1,5 @@
 # conduwuit for FreeBSD

-conduwuit at the moment does not provide FreeBSD builds. Building conduwuit on
-FreeBSD requires a specific environment variable to use the system prebuilt
-RocksDB library instead of rust-rocksdb / rust-librocksdb-sys which does *not*
-work and will cause a build error or coredump.
+conduwuit at the moment does not provide FreeBSD builds or have FreeBSD packaging, however conduwuit does build and work on FreeBSD using the system-provided RocksDB.

-Use the following environment variable: `ROCKSDB_LIB_DIR=/usr/local/lib`
-
-Such example commandline with it can be: `ROCKSDB_LIB_DIR=/usr/local/lib cargo
-build --release`
+Contributions for getting conduwuit packaged are welcome.
@@ -1,6 +1,6 @@
 # Generic deployment documentation

-> ## Getting help
+> ### Getting help
 >
 > If you run into any problems while setting up conduwuit, ask us in
 > `#conduwuit:puppygock.gay` or [open an issue on
@@ -8,22 +8,72 @@

 ## Installing conduwuit

-You may simply download the binary that fits your machine. Run `uname -m` to see
-what you need.
+### Static prebuilt binary
+
+You may simply download the binary that fits your machine architecture (x86_64
+or aarch64). Run `uname -m` to see what you need.

 Prebuilt fully static musl binaries can be downloaded from the latest tagged
 release [here](https://github.com/girlbossceo/conduwuit/releases/latest) or
-`main` CI branch workflow artifact output. These also include Debian packages.
+`main` CI branch workflow artifact output. These also include Debian/Ubuntu
+packages.
+
+Binaries are also available on my website directly at: <https://pup.systems/~strawberry/conduwuit/>
+
+These can be curl'd directly from. `ci-bins` are CI workflow binaries by commit
+hash/revision, and `releases` are tagged releases. Sort by descending last
+modified for the latest.
+
 These binaries have jemalloc and io_uring statically linked and included with
-them.
+them, so no additional dynamic dependencies need to be installed.
+
+For the **best** performance; if using an `x86_64` CPU made in the last ~15 years,
+we recommend using the `-haswell-` optimised binaries. This sets
+`-march=haswell` which is the most compatible and highest performance with
+optimised binaries. The database backend, RocksDB, most benefits from this as it
+will then use hardware accelerated CRC32 hashing/checksumming which is critical
+for performance.
+
+### Compiling

 Alternatively, you may compile the binary yourself. We recommend using
-[Lix](https://lix.systems) to build conduwuit as this has the most guaranteed
-reproducibiltiy and easiest to get a build environment and output going.
+Nix (or [Lix](https://lix.systems)) to build conduwuit as this has the most
+guaranteed reproducibiltiy and easiest to get a build environment and output
+going. This also allows easy cross-compilation.

-Otherwise, follow standard Rust project build guides (installing git and cloning
-the repo, getting the Rust toolchain via rustup, installing LLVM toolchain +
-libclang for RocksDB, installing liburing for io_uring and RocksDB, etc).
+You can run the `nix build -L .#static-x86_64-linux-musl-all-features` or
+`nix build -L .#static-aarch64-linux-musl-all-features` commands based
+on architecture to cross-compile the necessary static binary located at
+`result/bin/conduwuit`. This is reproducible with the static binaries produced
+in our CI.
+
+If wanting to build using standard Rust toolchains, make sure you install:
+- `liburing-dev` on the compiling machine, and `liburing` on the target host
+- LLVM and libclang for RocksDB
+
+You can build conduwuit using `cargo build --release --all-features`
+
+## Migrating from Conduit
+
+As mentioned in the README, there is little to no steps needed to migrate
+from Conduit. As long as you are using the RocksDB database backend, just
+replace the binary / container image / etc.
+
+**WARNING**: As of conduwuit 0.5.0, all database and backwards compatibility
+with Conduit is no longer supported. We only support migrating *from* Conduit,
+not back to Conduit like before. If you are truly finding yourself wanting to
+migrate back to Conduit, we would appreciate all your feedback and if we can
+assist with any issues or concerns.
+
+**Note**: If you are relying on Conduit's "automatic delegation" feature,
+this will **NOT** work on conduwuit and you must configure delegation manually.
+This is not a mistake and no support for this feature will be added.
+
+If you are using SQLite, you **MUST** migrate to RocksDB. You can use this
+tool to migrate from SQLite to RocksDB: <https://github.com/ShadowJonathan/conduit_toolbox/>
+
+See the `[global.well_known]` config section, or configure your web server
+appropriately to send the delegation responses.

 ## Adding a conduwuit user

@@ -31,37 +81,69 @@ While conduwuit can run as any user it is better to use dedicated users for
 different services. This also allows you to make sure that the file permissions
 are correctly set up.

-In Debian or Fedora/RHEL, you can use this command to create a conduwuit user:
+In Debian, you can use this command to create a conduwuit user:

 ```bash
-sudo adduser --system conduwuit --group --disabled-login --no-create-home 
+sudo adduser --system conduwuit --group --disabled-login --no-create-home
 ```

-For distros without `adduser`:
+For distros without `adduser` (or where it's a symlink to `useradd`):

-```bash sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit ```
+```bash
+sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit
+```

 ## Forwarding ports in the firewall or the router

-conduwuit uses the ports 443 and 8448 both of which need to be open in the
-firewall.
+Matrix's default federation port is port 8448, and clients must be using port 443.
+If you would like to use only port 443, or a different port, you will need to setup
+delegation. conduwuit has config options for doing delegation, or you can configure
+your reverse proxy to manually serve the necessary JSON files to do delegation
+(see the `[global.well_known]` config section).

 If conduwuit runs behind a router or in a container and has a different public
 IP address than the host system these public ports need to be forwarded directly
 or indirectly to the port mentioned in the config.

+Note for NAT users; if you have trouble connecting to your server from the inside
+of your network, you need to research your router and see if it supports "NAT
+hairpinning" or "NAT loopback".
+
+If your router does not support this feature, you need to research doing local
+DNS overrides and force your Matrix DNS records to use your local IP internally.
+This can be done at the host level using `/etc/hosts`. If you need this to be
+on the network level, consider something like NextDNS or Pi-Hole.
+
 ## Setting up a systemd service

-The systemd unit for conduwuit can be found
-[here](../configuration/examples.md#example-systemd-unit-file). You may need to
-change the `ExecStart=` path to where you placed the conduwuit binary.
+Two example systemd units for conduwuit can be found
+[on the configuration page](../configuration/examples.md#debian-systemd-unit-file).
+You may need to change the `ExecStart=` path to where you placed the conduwuit
+binary if it is not `/usr/bin/conduwuit`.
+
+On systems where rsyslog is used alongside journald (i.e. Red Hat-based distros
+and OpenSUSE), put `$EscapeControlCharactersOnReceive off` inside
+`/etc/rsyslog.conf` to allow color in logs.
+
+If you are using a different `database_path` other than the systemd unit
+configured default `/var/lib/conduwuit`, you need to add your path to the
+systemd unit's `ReadWritePaths=`. This can be done by either directly editing
+`conduwuit.service` and reloading systemd, or running `systemctl edit conduwuit.service`
+and entering the following:
+
+```
+[Service]
+ReadWritePaths=/path/to/custom/database/path
+```

 ## Creating the conduwuit configuration file

 Now we need to create the conduwuit's config file in
 `/etc/conduwuit/conduwuit.toml`. The example config can be found at
-[conduwuit-example.toml](../configuration/examples.md).**Please take a moment to
-read it. You need to change at least the server name.**
+[conduwuit-example.toml](../configuration/examples.md).
+
+**Please take a moment to read the config. You need to change at least the
+server name.**

 RocksDB is the only supported database backend.

@@ -71,53 +153,94 @@ If you are using a dedicated user for conduwuit, you will need to allow it to
 read the config. To do that you can run this:

 ```bash
-sudo chown -R root:root /etc/conduwuit sudo chmod -R 755 /etc/conduwuit
+sudo chown -R root:root /etc/conduwuit
+sudo chmod -R 755 /etc/conduwuit
 ```

 If you use the default database path you also need to run this:

-```bash 
-sudo mkdir -p /var/lib/conduwuit/ sudo chown -R conduwuit:conduwuit
-/var/lib/conduwuit/ sudo chmod 700 /var/lib/conduwuit/ 
+```bash
+sudo mkdir -p /var/lib/conduwuit/
+sudo chown -R conduwuit:conduwuit /var/lib/conduwuit/
+sudo chmod 700 /var/lib/conduwuit/
 ```

 ## Setting up the Reverse Proxy

 Refer to the documentation or various guides online of your chosen reverse proxy
-software. A [Caddy](https://caddyserver.com/) example will be provided as this
+software. There are many examples of basic Apache/Nginx reverse proxy setups
+out there.
+
+A [Caddy](https://caddyserver.com/) example will be provided as this
 is the recommended reverse proxy for new users and is very trivial to use
 (handles TLS, reverse proxy headers, etc transparently with proper defaults).

 Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization
-header, making federation non-functional. If using Apache, you need to use
-`nocanon` to prevent this.
+header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.
+
+If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent this (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).
+
+If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so:
+- `proxy_pass http://127.0.0.1:6167$request_uri;`
+- `proxy_pass http://127.0.0.1:6167;`
+
+Nginx users need to increase `client_max_body_size` (default is 1M) to match
+`max_request_size` defined in conduwuit.toml.
+
+You will need to reverse proxy everything under following routes:
+- `/_matrix/` - core Matrix C-S and S-S APIs
+- `/_conduwuit/` - ad-hoc conduwuit routes such as `/local_user_count` and
+`/server_version`
+
+You can optionally reverse proxy the following individual routes:
+- `/.well-known/matrix/client` and `/.well-known/matrix/server` if using
+conduwuit to perform delegation (see the `[global.well_known]` config section)
+- `/.well-known/matrix/support` if using conduwuit to send the homeserver admin
+contact and support page (formerly known as MSC1929)
+- `/` if you would like to see `hewwo from conduwuit woof!` at the root
+
+See the following spec pages for more details on these files:
+- [`/.well-known/matrix/server`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixserver)
+- [`/.well-known/matrix/client`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient)
+- [`/.well-known/matrix/support`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixsupport)
+
+Examples of delegation:
+- <https://puppygock.gay/.well-known/matrix/server>
+- <https://puppygock.gay/.well-known/matrix/client>

 ### Caddy

 Create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter this (substitute for
 your server name).

-```caddy
-your.server.name, your.server.name:8448 { # TCP reverse_proxy
+```caddyfile
+your.server.name, your.server.name:8448 {
+    # TCP reverse_proxy
    127.0.0.1:6167
-    # UNIX socket 
-    #reverse_proxy unix//run/conduwuit/conduwuit.sock 
+    # UNIX socket
+    #reverse_proxy unix//run/conduwuit/conduwuit.sock
 }
 ```

 That's it! Just start and enable the service and you're set.

-```bash sudo systemctl enable --now caddy ```
+```bash
+sudo systemctl enable --now caddy
+```

 ## You're done

 Now you can start conduwuit with:

-```bash sudo systemctl start conduwuit ```
+```bash
+sudo systemctl start conduwuit
+```

 Set it to start automatically when your system boots with:

-```bash sudo systemctl enable conduwuit ```
+```bash
+sudo systemctl enable conduwuit
+```

 ## How do I know it works?

@@ -127,10 +250,15 @@ homeserver and try to register.
 You can also use these commands as a quick health check (replace
 `your.server.name`).

-```bash $ curl https://your.server.name/_conduwuit/server_version
+```bash
+curl https://your.server.name/_conduwuit/server_version

-# If using port 8448 $ curl
-https://your.server.name:8448/_conduwuit/server_version ```
+# If using port 8448
+curl https://your.server.name:8448/_conduwuit/server_version
+
+# If federation is enabled
+curl https://your.server.name:8448/_matrix/federation/v1/version
+```

 - To check if your server can talk with other homeservers, you can use the
 [Matrix Federation Tester](https://federationtester.matrix.org/). If you can
@@ -0,0 +1,8 @@
+# conduwuit for Kubernetes
+
+conduwuit doesn't support horizontal scalability or distributed loading
+natively, however a community maintained Helm Chart is available here to run
+conduwuit on Kubernetes: <https://gitlab.cronce.io/charts/conduwuit>
+
+Should changes need to be made, please reach out to the maintainer in our
+Matrix room as this is not maintained/controlled by the conduwuit maintainers.
@@ -1,38 +1,108 @@
 # conduwuit for NixOS

-conduwuit can be acquired by [Lix][lix] from various places:
+conduwuit can be acquired by Nix (or [Lix][lix]) from various places:

 * The `flake.nix` at the root of the repo
 * The `default.nix` at the root of the repo
 * From conduwuit's binary cache

+A community maintained NixOS package is available at [`conduwuit`](https://search.nixos.org/packages?channel=unstable&show=conduwuit&from=0&size=50&sort=relevance&type=packages&query=conduwuit)
+
+### Binary cache
+
 A binary cache for conduwuit that the CI/CD publishes to is available at the
 following places (both are the same just different names):

-``` https://attic.kennel.juneis.dog/conduit
+```
+https://attic.kennel.juneis.dog/conduit
 conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=

 https://attic.kennel.juneis.dog/conduwuit
-conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= ```
+conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE=
+```

-The binary caches have been recreated recently due to attic issues. The old
-public keys were:
+The binary caches were recreated some months ago due to attic issues. The old public
+keys were:

-``` conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
+```
+conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
+conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
+```

-conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw= ```
+If needed, we have a binary cache on Cachix but it is only limited to 5GB:

-If specifying a URL in your flake, please use the GitHub remote:
-`github:girlbossceo/conduwuit`
+```
+https://conduwuit.cachix.org
+conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+```

-The `flake.nix` and `default.nix` do not (currently) provide a NixOS module, so
-(for now) [`services.matrix-conduit`][module] from Nixpkgs should be used to
-configure conduwuit.
+If specifying a Git remote URL in your flake, you can use any remotes that
+are specified on the README (the mirrors), such as the GitHub: `github:girlbossceo/conduwuit`

-If you want to run the latest code, you should get conduwuit from the
-`flake.nix` or `default.nix` and set
-[`services.matrix-conduit.package`][package] appropriately.
+### NixOS module
+
+The `flake.nix` and `default.nix` do not currently provide a NixOS module (contributions
+welcome!), so [`services.matrix-conduit`][module] from Nixpkgs can be used to configure
+conduwuit.
+
+### Conduit NixOS Config Module and SQLite
+
+Beware! The [`services.matrix-conduit`][module] module defaults to SQLite as a database backend.
+Conduwuit dropped SQLite support in favor of exclusively supporting the much faster RocksDB.
+Make sure that you are using the RocksDB backend before migrating!
+
+There is a [tool to  migrate a Conduit SQLite database to
+RocksDB](https://github.com/ShadowJonathan/conduit_toolbox/).
+
+If you want to run the latest code, you should get conduwuit from the `flake.nix`
+or `default.nix` and set [`services.matrix-conduit.package`][package]
+appropriately to use conduwuit instead of Conduit.
+
+### UNIX sockets
+
+Due to the lack of a conduwuit NixOS module, when using the `services.matrix-conduit` module
+a workaround like the one below is necessary to use UNIX sockets. This is because the UNIX
+socket option does not exist in Conduit, and the module forcibly sets the `address` and 
+`port` config options.
+
+```nix
+options.services.matrix-conduit.settings = lib.mkOption {
+  apply = old: old // (
+    if (old.global ? "unix_socket_path")
+    then { global = builtins.removeAttrs old.global [ "address" "port" ]; }
+    else {  }
+  );
+};
+
+```
+
+Additionally, the [`matrix-conduit` systemd unit][systemd-unit] in the module does not allow
+the `AF_UNIX` socket address family in their systemd unit's `RestrictAddressFamilies=` which
+disallows the namespace from accessing or creating UNIX sockets and has to be enabled like so:
+
+```nix
+systemd.services.conduit.serviceConfig.RestrictAddressFamilies = [ "AF_UNIX" ];
+```
+
+Even though those workarounds are feasible a conduwuit NixOS configuration module, developed and
+published by the community, would be appreciated.
+
+### jemalloc and hardened profile
+
+conduwuit uses jemalloc by default. This may interfere with the [`hardened.nix` profile][hardened.nix]
+due to them using `scudo` by default. You must either disable/hide `scudo` from conduwuit, or
+disable jemalloc like so:
+
+```nix
+let
+    conduwuit = pkgs.unstable.conduwuit.override {
+      enableJemalloc = false;
+    };
+in
+```

 [lix]: https://lix.systems/
 [module]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit
 [package]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit.package
+[hardened.nix]: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix#L22
+[systemd-unit]: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/matrix/conduit.nix#L132
@@ -1,31 +1,95 @@
 # Development

 Information about developing the project. If you are only interested in using
-it, you can safely ignore this section. If you plan on contributing, see the
-[contributor's guide](contributing.md).
+it, you can safely ignore this page. If you plan on contributing, see the
+[contributor's guide](./contributing.md).

-## List of forked dependencies During conduwuit development, we have had to fork
+## conduwuit project layout
+
+conduwuit uses a collection of sub-crates, packages, or workspace members
+that indicate what each general area of code is for. All of the workspace
+members are under `src/`. The workspace definition is at the top level / root
+`Cargo.toml`.
+
+The crate names are generally self-explanatory:
+- `admin` is the admin room
+- `api` is the HTTP API, Matrix C-S and S-S endpoints, etc
+- `core` is core conduwuit functionality like config loading, error definitions,
+global utilities, logging infrastructure, etc
+- `database` is RocksDB methods, helpers, RocksDB config, and general database definitions,
+utilities, or functions
+- `macros` are conduwuit Rust [macros][macros] like general helper macros, logging
+and error handling macros, and [syn][syn] and [procedural macros][proc-macro]
+used for admin room commands and others
+- `main` is the "primary" sub-crate. This is where the `main()` function lives,
+tokio worker and async initialisation, Sentry initialisation, [clap][clap] init,
+and signal handling. If you are adding new [Rust features][features], they *must*
+go here.
+- `router` is the webserver and request handling bits, using axum, tower, tower-http,
+hyper, etc, and the [global server state][state] to access `services`.
+- `service` is the high-level database definitions and functions for data,
+outbound/sending code, and other business logic such as media fetching.
+
+It is highly unlikely you will ever need to add a new workspace member, but
+if you truly find yourself needing to, we recommend reaching out to us in
+the Matrix room for discussions about it beforehand.
+
+The primary inspiration for this design was apart of hot reloadable development,
+to support "conduwuit as a library" where specific parts can simply be swapped out.
+There is evidence Conduit wanted to go this route too as `axum` is technically an
+optional feature in Conduit, and can be compiled without the binary or axum library
+for handling inbound web requests; but it was never completed or worked.
+
+See the Rust documentation on [Workspaces][workspaces] for general questions
+and information on Cargo workspaces.
+
+## Adding compile-time [features][features]
+
+If you'd like to add a compile-time feature, you must first define it in
+the `main` workspace crate located in `src/main/Cargo.toml`. The feature must
+enable a feature in the other workspace crate(s) you intend to use it in. Then
+the said workspace crate(s) must define the feature there in its `Cargo.toml`.
+
+So, if this is adding a feature to the API such as `woof`, you define the feature
+in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition in `main`'s
+`Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.
+
+The rationale for this is due to Rust / Cargo not supporting
+["workspace level features"][9], we must make a choice of; either scattering
+features all over the workspace crates, making it difficult for anyone to add
+or remove default features; or define all the features in one central workspace
+crate that propagate down/up to the other workspace crates. It is a Cargo pitfall,
+and we'd like to see better developer UX in Rust's Workspaces.
+
+Additionally, the definition of one single place makes "feature collection" in our
+Nix flake a million times easier instead of collecting and deduping them all from
+searching in all the workspace crates' `Cargo.toml`s. Though we wouldn't need to
+do this if Rust supported workspace-level features to begin with.
+
+## List of forked dependencies
+
+During conduwuit development, we have had to fork
 some dependencies to support our use-cases in some areas. This ranges from
 things said upstream project won't accept for any reason, faster-paced
 development (unresponsive or slow upstream), conduwuit-specific usecases, or
 lack of time to upstream some things.

 - [ruma/ruma][1]: <https://github.com/girlbossceo/ruwuma> - various performance
-improvements, more features, faster-paced development, client/server interop
+improvements, more features, faster-paced development, better client/server interop
 hacks upstream won't accept, etc
 - [facebook/rocksdb][2]: <https://github.com/girlbossceo/rocksdb> - liburing
-build fixes, GCC build fix, and logging callback C API for Rust tracing
-integration
+build fixes and GCC debug build fix
 - [tikv/jemallocator][3]: <https://github.com/girlbossceo/jemallocator> - musl
-builds seem to be broken on upstream
+builds seem to be broken on upstream, fixes some broken/suspicious code in
+places, additional safety measures, and support redzones for Valgrind
 - [zyansheep/rustyline-async][4]:
 <https://github.com/girlbossceo/rustyline-async> - tab completion callback and
-`CTRL+\` signal quit event for CLI
+`CTRL+\` signal quit event for conduwuit console CLI
 - [rust-rocksdb/rust-rocksdb][5]:
-<https://github.com/girlbossceo/rust-rocksdb-zaidoon1> - [`@zaidoon1`'s][8] fork
-has quicker updates, more up to date dependencies. Our changes fix musl build
-issues, Rust part of the logging callback C API, removes unnecessary `gtest`
-include, and uses our RocksDB and jemallocator
+<https://github.com/girlbossceo/rust-rocksdb-zaidoon1> - [`@zaidoon1`][8]'s fork
+has quicker updates, more up to date dependencies, etc. Our fork fixes musl build
+issues, removes unnecessary `gtest` include, and uses our RocksDB and jemallocator
+forks.
 - [tokio-rs/tracing][6]: <https://github.com/girlbossceo/tracing> - Implements
 `Clone` for `EnvFilter` to support dynamically changing tracing envfilter's
 alongside other logging/metrics things
@@ -38,11 +102,17 @@ disable the default `release_max_log_level` feature, and set the `--cfg
 tokio_unstable` flag to enable experimental tokio APIs. A build might look like
 this:

-```bash RUSTFLAGS="--cfg tokio_unstable" cargo build \ --release \
--no-default-features \
--features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
+```bash
+RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
+    --release \
+    --no-default-features \
+    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
 ```

+You will also need to enable the `tokio_console` config option in conduwuit when
+starting it. This was due to tokio-console causing gradual memory leak/usage
+if left enabled.
+
 [1]: https://github.com/ruma/ruma/
 [2]: https://github.com/facebook/rocksdb/
 [3]: https://github.com/tikv/jemallocator/
@@ -51,3 +121,11 @@ this:
 [6]: https://github.com/tokio-rs/tracing/
 [7]: https://docs.rs/tokio-console/latest/tokio_console/
 [8]: https://github.com/zaidoon1/
+[9]: https://github.com/rust-lang/cargo/issues/12162
+[workspaces]: https://doc.rust-lang.org/cargo/reference/workspaces.html
+[macros]: https://doc.rust-lang.org/book/ch19-06-macros.html
+[syn]: https://docs.rs/syn/latest/syn/
+[proc-macro]: https://doc.rust-lang.org/reference/procedural-macros.html
+[clap]: https://docs.rs/clap/latest/clap/
+[features]: https://doc.rust-lang.org/cargo/reference/features.html
+[state]: https://docs.rs/axum/latest/axum/extract/struct.State.html
@@ -5,8 +5,8 @@
 Have a look at [Complement's repository][complement] for an explanation of what
 it is.

-To test against Complement, with [Lix][lix] and direnv installed and set up, you
-can:
+To test against Complement, with Nix (or [Lix](https://lix.systems) and direnv
+installed and set up, you can:

 * Run `./bin/complement "$COMPLEMENT_SRC" ./path/to/logs.jsonl
 ./path/to/results.jsonl` to build a Complement image, run the tests, and output
@@ -18,6 +18,5 @@ Complement OCI image outputted to `result` (it's a `.tar.gz` file)
 output from the commit/revision you want to test (e.g. from main)
 [here][ci-workflows]

-[lix]: https://lix.systems/
 [ci-workflows]: https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml?query=event%3Apush+is%3Asuccess+actor%3Agirlbossceo
 [complement]: https://github.com/matrix-org/complement
@@ -241,8 +241,7 @@ both new users and power users
 - Fixed every single clippy (default lints) and rustc warnings, including some
 that were performance related or potential safety issues / unsoundness
 - Add a **lot** of other clippy and rustc lints and a rustfmt.toml file
- Repo uses [Renovate](https://docs.renovatebot.com/),
-[Trivy](https://github.com/aquasecurity/trivy-action), and keeps ALL
+- Repo uses [Renovate](https://docs.renovatebot.com/) and keeps ALL
 dependencies as up to date as possible
 - Purge unmaintained/irrelevant/broken database backends (heed, sled, persy) and
 other unnecessary code or overhead
@@ -22,23 +22,59 @@ conduwuit has moderation admin commands for:
 Any commands with `-list` in them will require a codeblock in the message with
 each object being newline delimited. An example of doing this is:

-```` !admin rooms moderation ban-list-of-rooms ``` !roomid1:server.name
-!roomid2:server.name !roomid3:server.name ``` ````
+````
+!admin rooms moderation ban-list-of-rooms
+```
+!roomid1:server.name
+#badroomalias1:server.name
+!roomid2:server.name
+!roomid3:server.name
+#badroomalias2:server.name
+```
+````

-## Database
+## Database (RocksDB)

-If using RocksDB, there's very little you need to do. Compaction is ran
-automatically based on various defined thresholds tuned for conduwuit to be high
-performance with the least I/O amplifcation or overhead. Manually running
-compaction is not recommended, or compaction via a timer. RocksDB is built with
-io_uring support via liburing for async read I/O.
+Generally there is very little you need to do. [Compaction][rocksdb-compaction]
+is ran automatically based on various defined thresholds tuned for conduwuit to
+be high performance with the least I/O amplifcation or overhead. Manually
+running compaction is not recommended, or compaction via a timer, due to
+creating unnecessary I/O amplification. RocksDB is built with io_uring support
+via liburing for improved read performance.
+
+RocksDB troubleshooting can be found [in the RocksDB section of troubleshooting](troubleshooting.md).
+
+### Compression

 Some RocksDB settings can be adjusted such as the compression method chosen. See
-the RocksDB section in the [example config](configuration/examples.md). btrfs
-users may benefit from disabling compression on RocksDB if CoW is in use.
+the RocksDB section in the [example config](configuration/examples.md).

-RocksDB troubleshooting can be found [in the RocksDB section of
-troubleshooting](troubleshooting.md).
+btrfs users have reported that database compression does not need to be disabled
+on conduwuit as the filesystem already does not attempt to compress. This can be
+validated by using `filefrag -v` on a `.SST` file in your database, and ensure
+the `physical_offset` matches (no filesystem compression). It is very important
+to ensure no additional filesystem compression takes place as this can render
+unbuffered Direct IO inoperable, significantly slowing down read and write
+performance. See <https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility>
+
+> Compression is done using the COW mechanism so it’s incompatible with
+> nodatacow. Direct IO read works on compressed files but will fall back to
+> buffered writes and leads to no compression even if force compression is set.
+> Currently nodatasum and compression don’t work together.
+
+### Files in database
+
+Do not touch any of the files in the database directory. This must be said due
+to users being mislead by the `.log` files in the RocksDB directory, thinking
+they're server logs or database logs, however they are critical RocksDB files
+related to WAL tracking.
+
+The only safe files that can be deleted are the `LOG` files (all caps). These
+are the real RocksDB telemetry/log files, however conduwuit has already
+configured to only store up to 3 RocksDB `LOG` files due to generall being
+useless for average users unless troubleshooting something low-level. If you
+would like to store nearly none at all, see the `rocksdb_max_log_files`
+config option.

 ## Backups

@@ -95,3 +131,5 @@ Built-in S3 support is also planned, but for now using a "S3 filesystem" on
 `media/` works. conduwuit also sends a `Cache-Control` header of 1 year and
 immutable for all media requests (download and thumbnail) to reduce unnecessary
 media requests from browsers, reduce bandwidth usage, and reduce load.
+
+[rocksdb-compaction]: https://github.com/facebook/rocksdb/wiki/Compaction
@@ -13,6 +13,17 @@
 > If there are things like Compose file issues or Dockerhub image issues, those
 > can still be mentioned as long as they're something we can fix.

+## conduwuit and Matrix issues
+
+#### Lost access to admin room
+
+You can reinvite yourself to the admin room through the following methods:
+- Use the `--execute "users make_user_admin <username>"` conduwuit binary
+argument once to invite yourslf to the admin room on startup
+- Use the conduwuit console/CLI to run the `users make_user_admin` command
+- Or specify the `emergency_password` config option to allow you to temporarily
+log into the server account (`@conduit`) from a web client
+
 ## General potential issues

 #### Potential DNS issues when using Docker
@@ -30,16 +41,55 @@ workarounds for this are:
 - Don't use Docker's default DNS setup and instead allow the container to use
 and communicate with your host's DNS servers (host's `/etc/resolv.conf`)

-## Rocksdb / database issues
+#### DNS No connections available error message

-#### Direct IO
+If you receive spurious amounts of error logs saying "DNS No connections
+available", this is due to your DNS server (servers from `/etc/resolv.conf`)
+being overloaded and unable to handle typical Matrix federation volume. Some
+users have reported that the upstream servers are rate-limiting them as well
+when they get this error (e.g. popular upstreams like Google DNS).

-Some filesystems may not like RocksDB using [Direct
-IO](https://github.com/facebook/rocksdb/wiki/Direct-IO). Direct IO is for
-non-buffered I/O which improves conduwuit performance, but at least FUSE is a
-filesystem potentially known to not like this. See the [example
-config](configuration/examples.md) for disabling it if needed. Issues from
-Direct IO on unsupported filesystems are usually shown as startup errors.
+Matrix federation is extremely heavy and sends wild amounts of DNS requests.
+Unfortunately this is by design and has only gotten worse with more
+server/destination resolution steps. Synapse also expects a very perfect DNS
+setup.
+
+There are some ways you can reduce the amount of DNS queries, but ultimately
+the best solution/fix is selfhosting a high quality caching DNS server like
+[Unbound][unbound-arch] without any upstream resolvers, and without DNSSEC
+validation enabled.
+
+DNSSEC validation is highly recommended to be **disabled** due to DNSSEC being
+very computationally expensive, and is extremely susceptible to denial of
+service, especially on Matrix. Many servers also strangely have broken DNSSEC
+setups and will result in non-functional federation.
+
+conduwuit cannot provide a "works-for-everyone" Unbound DNS setup guide, but
+the [official Unbound tuning guide][unbound-tuning] and the [Unbound Arch Linux wiki page][unbound-arch]
+may be of interest. Disabling DNSSEC on Unbound is commenting out trust-anchors
+config options and removing the `validator` module.
+
+**Avoid** using `systemd-resolved` as it does **not** perform very well under
+high load, and we have identified its DNS caching to not be very effective.
+
+dnsmasq can possibly work, but it does **not** support TCP fallback which can be
+problematic when receiving large DNS responses such as from large SRV records.
+If you still want to use dnsmasq, make sure you **disable** `dns_tcp_fallback`
+in conduwuit config.
+
+Raising `dns_cache_entries` in conduwuit config from the default can also assist
+in DNS caching, but a full-fledged external caching resolver is better and more
+reliable.
+
+If you don't have IPv6 connectivity, changing `ip_lookup_strategy` to match
+your setup can help reduce unnecessary AAAA queries
+(`1 - Ipv4Only (Only query for A records, no AAAA/IPv6)`).
+
+If your DNS server supports it, some users have reported enabling
+`query_over_tcp_only` to force only TCP querying by default has improved DNS
+reliability at a slight performance cost due to TCP overhead.
+
+## RocksDB / database issues

 #### Database corruption

@@ -94,24 +144,49 @@ Various debug commands can be found in `!admin debug`.

 #### Debug/Trace log level

-conduwuit builds without debug or trace log levels by default for at least
-performance reasons. This may change in the future and/or binaries providing
-such configurations may be provided. If you need to access debug/trace log
-levels, you will need to build without the `release_max_log_level` feature.
+conduwuit builds without debug or trace log levels at compile time by default
+for substantial performance gains in CPU usage and improved compile times. If
+you need to access debug/trace log levels, you will need to build without the
+`release_max_log_level` feature or use our provided static debug binaries.

 #### Changing log level dynamically

 conduwuit supports changing the tracing log environment filter on-the-fly using
-the admin command `!admin debug change-log-level`. This accepts a string
-**without quotes** the same format as the `log` config option.
+the admin command `!admin debug change-log-level <log env filter>`. This accepts
+a string **without quotes** the same format as the `log` config option.
+
+Example: `!admin debug change-log-level debug`
+
+This can also accept complex filters such as:
+`!admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,ruma_state_res=trace`
+`!admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,conduit_service[send{dest="example.org"}]=trace`
+
+And to reset the log level to the one that was set at startup / last config
+load, simply pass the `--reset` flag.
+
+`!admin debug change-log-level --reset`

 #### Pinging servers

-conduwuit can ping other servers using `!admin debug ping`. This takes a server
-name and goes through the server discovery process and queries
+conduwuit can ping other servers using `!admin debug ping <server>`. This takes
+a server name and goes through the server discovery process and queries
 `/_matrix/federation/v1/version`. Errors are outputted.

+While it does measure the latency of the request, it is not indicative of
+server performance on either side as that endpoint is completely unauthenticated
+and simply fetches a string on a static JSON endpoint. It is very low cost both
+bandwidth and computationally.
+
 #### Allocator memory stats

-When using jemalloc with jemallocator's `stats` feature, you can see conduwuit's
-jemalloc memory stats by using `!admin debug memory-stats`
+When using jemalloc with jemallocator's `stats` feature (`--enable-stats`), you
+can see conduwuit's high-level allocator stats by using
+`!admin server memory-usage` at the bottom.
+
+If you are a developer, you can also view the raw jemalloc statistics with
+`!admin debug memory-stats`. Please note that this output is extremely large
+which may only be visible in the conduwuit console CLI due to PDU size limits,
+and is not easy for non-developers to understand.
+
+[unbound-tuning]: https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/performance.html
+[unbound-arch]: https://wiki.archlinux.org/title/Unbound
@@ -21,6 +21,22 @@ These same values need to be set in conduwuit. See the [example
 config](configuration/examples.md) in the TURN section for configuring these and
 restart conduwuit after.

+`turn_secret` or a path to `turn_secret_file` must have a value of your
+coturn `static-auth-secret`, or use `turn_username` and `turn_password`
+if using legacy username:password TURN authentication (not preferred).
+
+`turn_uris` must be the list of TURN URIs you would like to send to the client.
+Typically you will just replace the example domain `example.turn.uri` with the
+`realm` you set from the example config.
+
+If you are using TURN over TLS, you can replace `turn:` with `turns:` in the
+`turn_uris` config option to instruct clients to attempt to connect to
+TURN over TLS. This is highly recommended.
+
+If you need unauthenticated access to the TURN URIs, or some clients may be
+having trouble, you can enable `turn_guest_access` in conduwuit which disables
+authentication for the TURN URI endpoint `/_matrix/client/v3/voip/turnServer`
+
 ### Run

 Run the [Coturn](https://hub.docker.com/r/coturn/coturn) image using
@@ -152,7 +152,7 @@ cargo clippy \
 [[task]]
 name = "lychee"
 group = "lints"
-script = "lychee --verbose --offline docs *.md --exclude development.md"
+script = "lychee --verbose --offline docs *.md --exclude development.md --exclude contributing.md --exclude testing.md"

 [[task]]
 name = "markdownlint"
@@ -188,6 +188,16 @@ cargo test \
    --color=always
 """

+# Checks if the generated example config differs from the checked in repo's
+# example config.
+[[task]]
+name = "example-config"
+group = "tests"
+depends = ["cargo/default"]
+script = """
+git diff --exit-code conduwuit-example.toml
+"""
+
 # Ensure that the flake's default output can build and run without crashing
 #
 # This is a dynamically-linked jemalloc build, which is a case not covered by
@@ -4,16 +4,17 @@
      "inputs": {
        "crane": "crane",
        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
+        "flake-parts": "flake-parts",
+        "nix-github-actions": "nix-github-actions",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1724226964,
-        "narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=",
+        "lastModified": 1731270564,
+        "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
        "owner": "zhaofengli",
        "repo": "attic",
-        "rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2",
+        "rev": "47752427561f1c34debb16728a210d378f0ece36",
        "type": "github"
      },
      "original": {
@@ -26,16 +27,16 @@
    "cachix": {
      "inputs": {
        "devenv": "devenv",
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_2",
        "git-hooks": "git-hooks",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1724232775,
-        "narHash": "sha256-6u2DycIEgrgNYlLxyGqdFVmBNiKIitnQKJ1pbRP5oko=",
+        "lastModified": 1733424942,
+        "narHash": "sha256-5t7Sl6EkOaoP4FvzLmH7HFDbdl9SizmLh53RjDQCbWQ=",
        "owner": "cachix",
        "repo": "cachix",
-        "rev": "03b6cb3f953097bff378fb8b9ea094bd091a4ec7",
+        "rev": "8b6b0e4694b9aa78b2ea4c93bff6e1a222dc7e4a",
        "type": "github"
      },
      "original": {
@@ -47,33 +48,31 @@
    },
    "cachix_2": {
      "inputs": {
-        "devenv": "devenv_2",
+        "devenv": [
+          "cachix",
+          "devenv"
+        ],
        "flake-compat": [
          "cachix",
-          "devenv",
-          "flake-compat"
+          "devenv"
        ],
-        "nixpkgs": [
+        "git-hooks": [
          "cachix",
-          "devenv",
-          "nixpkgs"
+          "devenv"
        ],
-        "pre-commit-hooks": [
-          "cachix",
-          "devenv",
-          "pre-commit-hooks"
-        ]
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1712055811,
-        "narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=",
+        "lastModified": 1728672398,
+        "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
        "owner": "cachix",
        "repo": "cachix",
-        "rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30",
+        "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
+        "ref": "latest",
        "repo": "cachix",
        "type": "github"
      }
@@ -81,15 +80,15 @@
    "complement": {
      "flake": false,
      "locked": {
-        "lastModified": 1722323564,
-        "narHash": "sha256-6w6/N8walz4Ayc9zu7iySqJRmGFukhkaICLn4dweAcA=",
-        "owner": "matrix-org",
+        "lastModified": 1734303596,
+        "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=",
+        "owner": "girlbossceo",
        "repo": "complement",
-        "rev": "6e4426a9e63233f9821a4d2382bfed145244183f",
+        "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8",
        "type": "github"
      },
      "original": {
-        "owner": "matrix-org",
+        "owner": "girlbossceo",
        "ref": "main",
        "repo": "complement",
        "type": "github"
@@ -117,17 +116,12 @@
      }
    },
    "crane_2": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
      "locked": {
-        "lastModified": 1724006180,
-        "narHash": "sha256-PVxPj0Ga2fMYMtcT9ARCthF+4U71YkOT7ZjgD/vf1Aw=",
+        "lastModified": 1734808813,
+        "narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "7ce92819802bc583b7e82ebc08013a530f22209f",
+        "rev": "72e2d02dbac80c8c86bf6bf3e785536acf8ee926",
        "type": "github"
      },
      "original": {
@@ -144,22 +138,22 @@
          "cachix",
          "flake-compat"
        ],
-        "nix": "nix_2",
+        "git-hooks": [
+          "cachix",
+          "git-hooks"
+        ],
+        "nix": "nix",
        "nixpkgs": [
          "cachix",
          "nixpkgs"
-        ],
-        "pre-commit-hooks": [
-          "cachix",
-          "git-hooks"
        ]
      },
      "locked": {
-        "lastModified": 1723156315,
-        "narHash": "sha256-0JrfahRMJ37Rf1i0iOOn+8Z4CLvbcGNwa2ChOAVrp/8=",
+        "lastModified": 1733323168,
+        "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "ff5eb4f2accbcda963af67f1a1159e3f6c7f5f91",
+        "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
        "type": "github"
      },
      "original": {
@@ -168,39 +162,6 @@
        "type": "github"
      }
    },
-    "devenv_2": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "flake-compat"
-        ],
-        "nix": "nix",
-        "nixpkgs": "nixpkgs_2",
-        "poetry2nix": "poetry2nix",
-        "pre-commit-hooks": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "pre-commit-hooks"
-        ]
-      },
-      "locked": {
-        "lastModified": 1708704632,
-        "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=",
-        "owner": "cachix",
-        "repo": "devenv",
-        "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "ref": "python-rewrite",
-        "repo": "devenv",
-        "type": "github"
-      }
-    },
    "fenix": {
      "inputs": {
        "nixpkgs": [
@@ -209,11 +170,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1724221791,
-        "narHash": "sha256-mKX67QPnUybOopVph/LhOV1G/H4EvPxDIfSmbufrVdA=",
+        "lastModified": 1735799625,
+        "narHash": "sha256-lFadwWDvVIub11bwfZhsh2WUByf9LOi6yjsSUMmE0xk=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "e88b38a5a3834e039d413a88f8150a75ef6453ef",
+        "rev": "a9d84a1545814910cb4ab0515ed6921e8b07ee95",
        "type": "github"
      },
      "original": {
@@ -242,11 +203,11 @@
    "flake-compat_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
@@ -258,27 +219,11 @@
    "flake-compat_3": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_4": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
@@ -288,52 +233,60 @@
        "type": "github"
      }
    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "attic",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "cachix",
+          "devenv",
+          "nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712014858,
+        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -357,11 +310,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1723202784,
-        "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
+        "lastModified": 1733318908,
+        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "c7012d0c18567c889b948781bc74a501e92275d1",
+        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
        "type": "github"
      },
      "original": {
@@ -392,14 +345,30 @@
        "type": "github"
      }
    },
+    "libgit2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1697646580,
+        "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
+        "owner": "libgit2",
+        "repo": "libgit2",
+        "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "libgit2",
+        "repo": "libgit2",
+        "type": "github"
+      }
+    },
    "liburing": {
      "flake": false,
      "locked": {
-        "lastModified": 1724199144,
-        "narHash": "sha256-MVjnwO6EbKzzSrU51dSseLarZ1fRp+6SagAf/nE/XZU=",
+        "lastModified": 1733603756,
+        "narHash": "sha256-eTKnZDZ1Ex++v+BI0DBcUBmCXAO/tE8hxK9MiyztZkU=",
        "owner": "axboe",
        "repo": "liburing",
-        "rev": "2d4e799017d64cd2f8304503eef9064931bb3fbd",
+        "rev": "c3d5d6270cd5ed48d817fc1e8e95f7c8b222f2ff",
        "type": "github"
      },
      "original": {
@@ -411,38 +380,48 @@
    },
    "nix": {
      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "nixpkgs": [
+        "flake-compat": [
          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "nixpkgs"
+          "devenv"
        ],
-        "nixpkgs-regression": "nixpkgs-regression"
+        "flake-parts": "flake-parts_2",
+        "libgit2": "libgit2",
+        "nixpkgs": "nixpkgs_3",
+        "nixpkgs-23-11": [
+          "cachix",
+          "devenv"
+        ],
+        "nixpkgs-regression": [
+          "cachix",
+          "devenv"
+        ],
+        "pre-commit-hooks": [
+          "cachix",
+          "devenv"
+        ]
      },
      "locked": {
-        "lastModified": 1712911606,
-        "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=",
+        "lastModified": 1727438425,
+        "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
        "owner": "domenkozar",
        "repo": "nix",
-        "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12",
+        "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
        "type": "github"
      },
      "original": {
        "owner": "domenkozar",
-        "ref": "devenv-2.21",
+        "ref": "devenv-2.24",
        "repo": "nix",
        "type": "github"
      }
    },
    "nix-filter": {
      "locked": {
-        "lastModified": 1710156097,
-        "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
+        "lastModified": 1731533336,
+        "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
        "owner": "numtide",
        "repo": "nix-filter",
-        "rev": "3342559a24e85fc164b295c3444e8a139924675b",
+        "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
        "type": "github"
      },
      "original": {
@@ -455,20 +434,16 @@
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "poetry2nix",
+          "attic",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1688870561,
-        "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
+        "lastModified": 1729742964,
+        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
-        "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
+        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
        "type": "github"
      },
      "original": {
@@ -477,42 +452,13 @@
        "type": "github"
      }
    },
-    "nix_2": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "flake-compat"
-        ],
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ],
-        "nixpkgs-regression": "nixpkgs-regression_2"
-      },
-      "locked": {
-        "lastModified": 1712911606,
-        "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=",
-        "owner": "domenkozar",
-        "repo": "nix",
-        "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12",
-        "type": "github"
-      },
-      "original": {
-        "owner": "domenkozar",
-        "ref": "devenv-2.21",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1723827930,
-        "narHash": "sha256-EU+W5F6y2CVNxGrGIMpY7nSVYq72WRChYxF4zpjx0y4=",
+        "lastModified": 1726042813,
+        "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d4a7a4d0e066278bfb0d77bd2a7adde1c0ec9e3d",
+        "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
        "type": "github"
      },
      "original": {
@@ -522,61 +468,29 @@
        "type": "github"
      }
    },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
-    "nixpkgs-regression_2": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1720535198,
-        "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
+        "lastModified": 1724316499,
+        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
+        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1720386169,
-        "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
+        "lastModified": 1730741070,
+        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
+        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
        "type": "github"
      },
      "original": {
@@ -588,11 +502,59 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1692808169,
-        "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
+        "lastModified": 1730531603,
+        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
+        "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1717432640,
+        "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1733212471,
+        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1735685343,
+        "narHash": "sha256-h1CpBzdJDNtSUb5QMyfFHKHocTTky+4McgQEBQBM+xA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "81934660d6e9ea54d2f0cdee821e8533b10c221a",
        "type": "github"
      },
      "original": {
@@ -602,77 +564,19 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1722813957,
-        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1724271409,
-        "narHash": "sha256-z4nw9HxkaXEn+5OT8ljLVL2oataHvAzUQ1LEi8Fp+SY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "36a9aeaaa17a2d4348498275f9fe530cd4f9e519",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "poetry2nix": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nix-github-actions": "nix-github-actions",
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1692876271,
-        "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=",
-        "owner": "nix-community",
-        "repo": "poetry2nix",
-        "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "poetry2nix",
-        "type": "github"
-      }
-    },
    "rocksdb": {
      "flake": false,
      "locked": {
-        "lastModified": 1724285323,
-        "narHash": "sha256-k60kreKQ0v+bQ16yBd2SfLYpuNjMw2qoRmZL/S3k6CU=",
+        "lastModified": 1734469478,
+        "narHash": "sha256-IcQ4N8xADYal79K+ONmNq4RLlIwdgUqgrVzgNgiIaG8=",
        "owner": "girlbossceo",
        "repo": "rocksdb",
-        "rev": "5a67ad7ce46328578ee5587fb0c23faa03d14e67",
+        "rev": "8b4808e7de2fbb5d119d8d72cdca76d8ab84bc47",
        "type": "github"
      },
      "original": {
        "owner": "girlbossceo",
-        "ref": "v9.5.2",
+        "ref": "v9.9.3",
        "repo": "rocksdb",
        "type": "github"
      }
@@ -684,22 +588,22 @@
        "complement": "complement",
        "crane": "crane_2",
        "fenix": "fenix",
-        "flake-compat": "flake-compat_4",
-        "flake-utils": "flake-utils_3",
+        "flake-compat": "flake-compat_3",
+        "flake-utils": "flake-utils",
        "liburing": "liburing",
        "nix-filter": "nix-filter",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
        "rocksdb": "rocksdb"
      }
    },
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1724153119,
-        "narHash": "sha256-WxpvDJDttkINkXmUA/W5o11lwLPYhATAgu0QUAacZ2g=",
+        "lastModified": 1735742096,
+        "narHash": "sha256-q3a80h8Jf8wfmPURUgRR46nQCB3I5fhZ+/swulTF5HY=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "3723e5910c14f0ffbd13de474b8a8fcc74db04ce",
+        "rev": "7e639ee3dda6ed9cecc79d41f6d38235121e483d",
        "type": "github"
      },
      "original": {
@@ -723,36 +627,6 @@
        "repo": "default",
        "type": "github"
      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
    }
  },
  "root": "root",
@@ -2,14 +2,14 @@
  inputs = {
    attic.url = "github:zhaofengli/attic?ref=main";
    cachix.url = "github:cachix/cachix?ref=master";
-    complement = { url = "github:matrix-org/complement?ref=main"; flake = false; };
-    crane = { url = "github:ipetkov/crane?ref=master"; inputs.nixpkgs.follows = "nixpkgs"; };
+    complement = { url = "github:girlbossceo/complement?ref=main"; flake = false; };
+    crane = { url = "github:ipetkov/crane?ref=master"; };
    fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; };
    flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; };
    flake-utils.url = "github:numtide/flake-utils?ref=main";
    nix-filter.url = "github:numtide/nix-filter?ref=main";
-    nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
-    rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.5.2"; flake = false; };
+    nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable";
+    rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.9.3"; flake = false; };
    liburing = { url = "github:axboe/liburing?ref=master"; flake = false; };
  };

@@ -18,7 +18,6 @@
    let
      pkgsHost = import inputs.nixpkgs{
        inherit system;
-        config.permittedInsecurePackages = [ "olm-3.2.16" ];
      };
      pkgsHostStatic = pkgsHost.pkgsStatic;

@@ -27,7 +26,7 @@
        file = ./rust-toolchain.toml;

        # See also `rust-toolchain.toml`
-        sha256 = "sha256-3jVIIf5XPnUU1CRaTyAiO0XHVbJl12MSx3eucTXCjtE=";
+        sha256 = "sha256-s1RPtyvDGJaX/BisLT+ifVfuhDT1nZkZ1NcK8sbwELM=";
      };

      mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {
@@ -38,7 +37,23 @@
        inherit inputs;
        main = self.callPackage ./nix/pkgs/main {};
        oci-image = self.callPackage ./nix/pkgs/oci-image {};
-        rocksdb = pkgs.rocksdb.overrideAttrs (old: {
+        tini = pkgs.tini.overrideAttrs {
+            # newer clang/gcc is unhappy with tini-static: <https://3.dog/~strawberry/pb/c8y4>
+            patches = [ (pkgs.fetchpatch {
+                url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch";
+                hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k=";
+              })
+            ];
+        };
+        liburing = pkgs.liburing.overrideAttrs {
+          # Tests weren't building
+          outputs = [ "out" "dev" "man" ];
+          buildFlags = [ "library" ];
+          src = inputs.liburing;
+        };
+        rocksdb = (pkgs.rocksdb.override {
+          liburing = self.liburing;
+        }).overrideAttrs (old: {
          src = inputs.rocksdb;
          version = pkgs.lib.removePrefix
            "v"
@@ -57,9 +72,16 @@
              "-DWITH_TESTS=1"
              # we use rust-rocksdb via C interface and dont need C++ RTTI
              "-DUSE_RTTI=1"
+              # this doesn't exist in RocksDB, and USE_SSE is deprecated for
+              # PORTABLE=$(march)
+              "-DFORCE_SSE42=1"
+              # PORTABLE will get set in main/default.nix
+              "-DPORTABLE=1"
            ]
            old.cmakeFlags
            ++ [
+              # no real reason to have snappy, no one uses this
+              "-DWITH_SNAPPY=0"
              # we dont need to use ldb or sst_dump (core_tools)
              "-DWITH_CORE_TOOLS=0"
              # we dont need trace tools
@@ -76,18 +98,20 @@
          # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
          preInstall = "";
        });
-        # TODO: remove once https://github.com/NixOS/nixpkgs/pull/314945 is available
-        liburing = pkgs.liburing.overrideAttrs (old: {
-          # the configure script doesn't support these, and unconditionally
-          # builds both static and dynamic libraries.
-          configureFlags = pkgs.lib.subtractLists
-            [ "--enable-static" "--disable-shared" ]
-            old.configureFlags;
-        });
      });

      scopeHost = mkScope pkgsHost;
      scopeHostStatic = mkScope pkgsHostStatic;
+      scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic;
+      mkCrossScope = crossSystem:
+        let pkgsCrossStatic = (import inputs.nixpkgs {
+          inherit system;
+          crossSystem = {
+           config = crossSystem;
+          };
+        }).pkgsStatic;
+         in
+        mkScope pkgsCrossStatic;

      mkDevShell = scope: scope.pkgs.mkShell {
        env = scope.main.env // {
@@ -100,9 +124,9 @@
          # code.
          COMPLEMENT_SRC = inputs.complement.outPath;

-          # Needed for Complement
-          CGO_CFLAGS = "-I${scope.pkgs.olm}/include";
-          CGO_LDFLAGS = "-L${scope.pkgs.olm}/lib";
+          # Needed for Complement: <https://github.com/golang/go/issues/52690>
+          CGO_CFLAGS = "-Wl,--no-gc-sections";
+          CGO_LDFLAGS = "-Wl,--no-gc-sections";
        };

        # Development tools
@@ -119,6 +143,9 @@
          engage
          cargo-audit

+          # Required by hardened-malloc.rs dep
+          binutils
+
          # Needed for producing Debian packages
          cargo-deb

@@ -145,12 +172,21 @@

          # needed so we can get rid of gcc and other unused deps that bloat OCI images
          removeReferencesTo
-        ])
+        ]
+        # liburing is Linux-exclusive
+        ++ lib.optional stdenv.hostPlatform.isLinux liburing
+        # needed to build Rust applications on macOS
+        ++ lib.optionals stdenv.hostPlatform.isDarwin [
+            # https://github.com/NixOS/nixpkgs/issues/206242
+            # ld: library not found for -liconv
+            libiconv
+            # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
+            # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
+            pkgsBuildHost.darwin.apple_sdk.frameworks.Security
+            ])
        ++ scope.main.buildInputs
        ++ scope.main.propagatedBuildInputs
        ++ scope.main.nativeBuildInputs;
-
-        meta.broken = scope.main.meta.broken;
      };
    in
    {
@@ -172,6 +208,10 @@
                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
            ];
        };
        all-features-debug = scopeHost.main.override {
@@ -197,6 +237,10 @@
                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
            ];
          };
        };
@@ -224,6 +268,8 @@

        complement = scopeHost.complement;
        static-complement = scopeHostStatic.complement;
+        # macOS containers don't exist, so the complement images must be forced to linux
+        linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement;
      }
      //
      builtins.listToAttrs
@@ -232,14 +278,7 @@
            (crossSystem:
              let
                binaryName = "static-${crossSystem}";
-                pkgsCrossStatic =
-                  (import inputs.nixpkgs {
-                    inherit system;
-                    crossSystem = {
-                      config = crossSystem;
-                    };
-                  }).pkgsStatic;
-                scopeCrossStatic = mkScope pkgsCrossStatic;
+                scopeCrossStatic = mkCrossScope crossSystem;
              in
              [
                # An output for a statically-linked binary
@@ -248,6 +287,15 @@
                  value = scopeCrossStatic.main;
                }

+                # An output for a statically-linked binary with x86_64 haswell
+                # target optimisations
+                {
+                  name = "${binaryName}-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.main.override {
+                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                  };
+                }
+
                # An output for a statically-linked unstripped debug ("dev") binary
                {
                  name = "${binaryName}-debug";
@@ -278,10 +326,34 @@
                        "hardened_malloc"
                        # dont include experimental features
                        "experimental"
+                        # jemalloc profiling/stats features are expensive and shouldn't
+                        # be expected on non-debug builds.
+                        "jemalloc_prof"
+                        "jemalloc_stats"
                    ];
                  };
                }

+                # An output for a statically-linked binary with `--all-features` and with x86_64 haswell
+                # target optimisations
+                {
+                  name = "${binaryName}-all-features-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.main.override {
+                    all_features = true;
+                    disable_features = [
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # dont include experimental features
+                        "experimental"
+                        # jemalloc profiling/stats features are expensive and shouldn't
+                        # be expected on non-debug builds.
+                        "jemalloc_prof"
+                        "jemalloc_stats"
+                    ];
+                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                  };
+                }
+
                # An output for a statically-linked unstripped debug ("dev") binary with `--all-features`
                {
                  name = "${binaryName}-all-features-debug";
@@ -313,6 +385,17 @@
                  value = scopeCrossStatic.oci-image;
                }

+                # An output for an OCI image based on that binary with x86_64 haswell
+                # target optimisations
+                {
+                  name = "oci-image-${crossSystem}-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.oci-image.override {
+                    main = scopeCrossStatic.main.override {
+                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                    };
+                  };
+                }
+
                # An output for an OCI image based on that unstripped debug ("dev") binary
                {
                  name = "oci-image-${crossSystem}-debug";
@@ -336,26 +419,52 @@
                          "hardened_malloc"
                          # dont include experimental features
                          "experimental"
+                          # jemalloc profiling/stats features are expensive and shouldn't
+                          # be expected on non-debug builds.
+                          "jemalloc_prof"
+                          "jemalloc_stats"
                      ];
                    };
                  };
                }

+                # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell
+                # target optimisations
+                {
+                  name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.oci-image.override {
+                    main = scopeCrossStatic.main.override {
+                      all_features = true;
+                      disable_features = [
+                          # this is non-functional on nix for some reason
+                          "hardened_malloc"
+                          # dont include experimental features
+                          "experimental"
+                          # jemalloc profiling/stats features are expensive and shouldn't
+                          # be expected on non-debug builds.
+                          "jemalloc_prof"
+                          "jemalloc_stats"
+                      ];
+                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                    };
+                  };
+                }
+
                # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features`
                {
                  name = "oci-image-${crossSystem}-all-features-debug";
                  value = scopeCrossStatic.oci-image.override {
                    main = scopeCrossStatic.main.override {
-                        profile = "dev";
-                        all_features = true;
-                        # debug build users expect full logs
-                        disable_release_max_log_level = true;
-                        disable_features = [
-                            # this is non-functional on nix for some reason
-                            "hardened_malloc"
-                            # dont include experimental features
-                            "experimental"
-                        ];
+                      profile = "dev";
+                      all_features = true;
+                      # debug build users expect full logs
+                      disable_release_max_log_level = true;
+                      disable_features = [
+                          # this is non-functional on nix for some reason
+                          "hardened_malloc"
+                          # dont include experimental features
+                          "experimental"
+                      ];
                    };
                  };
                }
@@ -369,11 +478,20 @@
                    };
                  };
                }
+
+                # An output for a complement OCI image for the specified platform
+                {
+                  name = "complement-${crossSystem}";
+                  value = scopeCrossStatic.complement;
+                }
              ]
            )
            [
-              "x86_64-unknown-linux-musl"
-              "aarch64-unknown-linux-musl"
+              #"x86_64-apple-darwin"
+              #"aarch64-apple-darwin"
+              "x86_64-linux-gnu"
+              "x86_64-linux-musl"
+              "aarch64-linux-musl"
            ]
          )
        );
@@ -388,6 +506,10 @@
                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
            ];
        };
        }));
@@ -14,8 +14,10 @@ stdenv.mkDerivation {
    include = [
      "book.toml"
      "conduwuit-example.toml"
+      "CODE_OF_CONDUCT.md"
      "CONTRIBUTING.md"
      "README.md"
+      "development.md"
      "debian/conduwuit.service"
      "debian/README.md"
      "arch/conduwuit.service"
@@ -9,13 +9,27 @@ database_path = "/database"
 log = "trace,h2=warn,hyper=warn"
 port = [8008, 8448]
 trusted_servers = []
+only_query_trusted_key_servers = false
 query_trusted_key_servers_first = false
+query_trusted_key_servers_first_on_join = false
 yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
 ip_range_denylist = []
 url_preview_domain_contains_allowlist = ["*"]
+url_preview_domain_explicit_denylist = ["*"]
 media_compat_file_link = false
 media_startup_check = false
-rocksdb_direct_io = false
+prune_missing_media = false
+log_colors = false
+admin_room_notices = false
+allow_check_for_updates = false
+allow_unstable_room_versions = true
+rocksdb_log_level = "debug"
+rocksdb_max_log_files = 1
+rocksdb_recovery_mode = 0
+rocksdb_paranoid_file_checks = true
+log_guest_registrations = false
+allow_legacy_media = true
+startup_netburst = false

 [global.tls]
 certs = "/certificate.crt"
@@ -18,6 +18,16 @@ let
    all_features = true;
    disable_release_max_log_level = true;
    disable_features = [
+        # no reason to use jemalloc for complement, just has compatibility/build issues
+        "jemalloc"
+        # console/CLI stuff isn't used or relevant for complement
+        "console"
+        "tokio_console"
+        # sentry telemetry isn't useful for complement, disabled by default anyways
+        "sentry_telemetry"
+        "perf_measurements"
+        # the containers don't use or need systemd signal support
+        "systemd"
        # this is non-functional on nix for some reason
        "hardened_malloc"
        # dont include experimental features
@@ -57,7 +67,7 @@ let
 in

 dockerTools.buildImage {
-  name = "complement-${main.pname}";
+  name = "complement-conduwuit";
  tag = "main";

  copyToRoot = buildEnv {
@@ -78,7 +88,7 @@ dockerTools.buildImage {
      "${lib.getExe start}"
    ];

-    Entrypoint = if !stdenv.isDarwin
+    Entrypoint = if !stdenv.hostPlatform.isDarwin
      # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
      # are handled as expected
      then [ "${lib.getExe' tini "tini"}" "--" ]
@@ -87,6 +97,7 @@ dockerTools.buildImage {
    Env = [
      "SSL_CERT_FILE=/complement/ca/ca.crt"
      "CONDUWUIT_CONFIG=${./config.toml}"
+      "RUST_BACKTRACE=full"
    ];

    ExposedPorts = {
@@ -13,12 +13,6 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
    lib.concatStringsSep
      " "
      ([]
-        ++ lib.optionals
-          stdenv.targetPlatform.isx86_64
-          [ "-C" "target-cpu=x86-64-v2" ]
-        ++ lib.optionals
-          stdenv.targetPlatform.isAarch64
-          [ "-C" "target-cpu=cortex-a55" ] # cortex-a55 == ARMv8.2-a
        # This disables PIE for static builds, which isn't great in terms
        # of security. Unfortunately, my hand is forced because nixpkgs'
        # `libstdc++.a` is built without `-fPIE`, which precludes us from
@@ -28,25 +22,13 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
          [ "-C" "relocation-model=static" ]
        ++ lib.optionals
          (stdenv.buildPlatform.config != stdenv.hostPlatform.config)
-          [ "-l" "c" ]
-        ++ lib.optionals
-          # This check has to match the one [here][0]. We only need to set
-          # these flags when using a different linker. Don't ask me why,
-          # though, because I don't know. All I know is it breaks otherwise.
-          #
-          # [0]: https://github.com/NixOS/nixpkgs/blob/5cdb38bb16c6d0a38779db14fcc766bc1b2394d6/pkgs/build-support/rust/lib/default.nix#L37-L40
-          (
-            # Nixpkgs doesn't check for x86_64 here but we do, because I
-            # observed a failure building statically for x86_64 without
-            # including it here. Linkers are weird.
-            (stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isx86_64)
-              && stdenv.hostPlatform.isStatic
-              && !stdenv.isDarwin
-              && !stdenv.cc.bintools.isLLVM
-          )
          [
+            "-l"
+            "c"
+
            "-l"
            "stdc++"
+
            "-L"
            "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib"
          ]
@@ -58,7 +40,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
 # even covers the case of build scripts that need native code compiled and
 # run on the build platform (I think).
 #
-# [0]: https://github.com/NixOS/nixpkgs/blob/5cdb38bb16c6d0a38779db14fcc766bc1b2394d6/pkgs/build-support/rust/lib/default.nix#L57-L80
+# [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68
 //
 (
  let
@@ -74,8 +56,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
      {
        "CC_${cargoEnvVarTarget}" = envVars.ccForTarget;
        "CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget;
-        "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" =
-          envVars.linkerForTarget;
+        "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget;
      }
    )
  //
@@ -86,7 +67,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
    {
      "CC_${cargoEnvVarTarget}" = envVars.ccForHost;
      "CXX_${cargoEnvVarTarget}" = envVars.cxxForHost;
-      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.linkerForHost;
+      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForHost;
      CARGO_BUILD_TARGET = rustcTarget;
    }
  )
@@ -98,7 +79,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
    {
      "CC_${cargoEnvVarTarget}" = envVars.ccForBuild;
      "CXX_${cargoEnvVarTarget}" = envVars.cxxForBuild;
-      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.linkerForBuild;
+      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForBuild;
      HOST_CC = "${pkgsBuildHost.stdenv.cc}/bin/cc";
      HOST_CXX = "${pkgsBuildHost.stdenv.cc}/bin/c++";
    }
@@ -13,12 +13,17 @@
 , stdenv

 # Options (keep sorted)
-, default_features ? true
-, disable_release_max_log_level ? false
 , all_features ? false
+, default_features ? true
 , disable_features ? []
+, disable_release_max_log_level ? false
 , features ? []
 , profile ? "release"
+# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
+# haswell is pretty much any x86 cpu made in the last 12 years, and
+# supports modern CPU extensions that rocksdb can make use of.
+# disable if trying to make a portable x86_64 build for very old hardware
+, x86_64_haswell_target_optimised ? false
 }:

 let
@@ -40,7 +45,7 @@ features'' = lib.subtractLists disable_features' features';

 featureEnabled = feature : builtins.elem feature features'';

-enableLiburing = featureEnabled "io_uring" && !stdenv.isDarwin;
+enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin;

 # This derivation will set the JEMALLOC_OVERRIDE variable, causing the
 # tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's
@@ -72,35 +77,20 @@ buildDepsOnlyEnv =
      # jemalloc symbols are prefixed.
      #
      # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17
-      enableJemalloc = featureEnabled "jemalloc" && !stdenv.isDarwin;
+      enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin;

      # for some reason enableLiburing in nixpkgs rocksdb is default true
      # which breaks Darwin entirely
      enableLiburing = enableLiburing;
    }).overrideAttrs (old: {
-      # TODO: static rocksdb fails to build on darwin, also see <https://github.com/NixOS/nixpkgs/issues/320448>
-      # build log at <https://girlboss.ceo/~strawberry/pb/JjGH>
-      meta.broken = stdenv.hostPlatform.isStatic && stdenv.isDarwin;
-
      enableLiburing = enableLiburing;
-
-      sse42Support = stdenv.targetPlatform.isx86_64;
-
-      cmakeFlags = if stdenv.targetPlatform.isx86_64
-        then lib.subtractLists [ "-DPORTABLE=1" ] old.cmakeFlags
-        ++ lib.optionals stdenv.targetPlatform.isx86_64 [
-          "-DPORTABLE=x86-64-v2"
-          "-DUSE_SSE=1"
-          "-DHAVE_SSE=1"
-          "-DHAVE_SSE42=1"
-        ]
-        else if stdenv.targetPlatform.isAarch64
-        then lib.subtractLists [ "-DPORTABLE=1" ] old.cmakeFlags
-        ++ lib.optionals stdenv.targetPlatform.isAarch64 [
-          # cortex-a73 == ARMv8-A
-          "-DPORTABLE=armv8-a"
-        ]
-        else old.cmakeFlags;
+      cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [
+        # dont make a portable build if x86_64_haswell_target_optimised is enabled
+        "-DPORTABLE=1"
+      ] old.cmakeFlags
+      ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
+      )
+      ++ old.cmakeFlags;
    });
  in
  {
@@ -128,10 +118,8 @@ buildPackageEnv = {
  CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS
    + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic)
      " -L${lib.getLib liburing}/lib -luring"
-    + lib.optionalString stdenv.targetPlatform.isx86_64
-      " -Ctarget-cpu=x86-64-v2"
-    + lib.optionalString stdenv.targetPlatform.isAarch64
-      " -Ctarget-cpu=cortex-a73"; # cortex-a73 == ARMv8-A
+    + lib.optionalString x86_64_haswell_target_optimised
+      " -Ctarget-cpu=haswell";
 };


@@ -159,7 +147,16 @@ commonAttrs = {
    dontStrip = profile == "dev" || profile == "test";
    dontPatchELF = profile == "dev" || profile == "test";

-    buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
+    buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'
+    # needed to build Rust applications on macOS
+    ++ lib.optionals stdenv.hostPlatform.isDarwin [
+        # https://github.com/NixOS/nixpkgs/issues/206242
+        # ld: library not found for -liconv
+        libiconv
+        # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
+        # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
+        pkgsBuildHost.darwin.apple_sdk.frameworks.Security
+      ];

    nativeBuildInputs = [
      # bindgen needs the build platform's libclang. Apparently due to "splicing
@@ -176,8 +173,10 @@ commonAttrs = {
      # needed so we can get rid of gcc and other unused deps that bloat OCI images
      removeReferencesTo
  ]
-  ++ lib.optionals stdenv.isDarwin [
+  # needed to build Rust applications on macOS
+  ++ lib.optionals stdenv.hostPlatform.isDarwin [
      # https://github.com/NixOS/nixpkgs/issues/206242
+      # ld: library not found for -liconv
      libiconv

      # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
@@ -189,7 +188,7 @@ commonAttrs = {
    #
    # <https://github.com/input-output-hk/haskell.nix/issues/829>
    postInstall = with pkgsBuildHost; ''
-        find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${libgcc} -t ${linuxHeaders} -t ${libidn2} -t ${libunistring} '{}' +
+        find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${llvm} -t ${rustc.unwrapped} -t ${rustc} '{}' +
    '';
 };
 in
@@ -14,9 +14,10 @@ dockerTools.buildLayeredImage {
  created = "@${toString inputs.self.lastModified}";
  contents = [
    dockerTools.caCertificates
+    main
  ];
  config = {
-    Entrypoint = if !stdenv.isDarwin
+    Entrypoint = if !stdenv.hostPlatform.isDarwin
      # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
      # are handled as expected
      then [ "${lib.getExe' tini "tini"}" "--" ]
@@ -24,5 +25,8 @@ dockerTools.buildLayeredImage {
    Cmd = [
      "${lib.getExe main}"
    ];
+    Env = [
+      "RUST_BACKTRACE=full"
+    ];
  };
 }
@@ -12,5 +12,15 @@
  "nix": {
    "enabled": true
  },
-  "labels": ["dependencies", "github_actions"]
+  "labels": [
+    "dependencies",
+    "github_actions"
+  ],
+  "ignoreDeps": [
+    "tikv-jemllocator",
+    "tikv-jemalloc-sys",
+    "tikv-jemalloc-ctl",
+    "opentelemetry-rust",
+    "tracing-opentelemetry"
+  ]
 }
@@ -2,8 +2,6 @@
 #
 # Other files that need upkeep when this changes:
 #
-# * `.gitlab-ci.yml`
-# * `.github/workflows/ci.yml`
 # * `Cargo.toml`
 # * `flake.nix`
 #
@@ -11,13 +9,20 @@
 # If you're having trouble making the relevant changes, bug a maintainer.

 [toolchain]
-channel = "1.80.1"
+channel = "1.83.0"
+profile = "minimal"
 components = [
    # For rust-analyzer
    "rust-src",
+    "rust-analyzer",
+    # For CI and editors
+    "rustfmt",
+    "clippy",
 ]
 targets = [
+    #"x86_64-apple-darwin",
    "x86_64-unknown-linux-gnu",
    "x86_64-unknown-linux-musl",
    "aarch64-unknown-linux-musl",
+    #"aarch64-apple-darwin",
 ]
@@ -1,28 +1,33 @@
-edition = "2021"
-
+array_width = 80
+chain_width = 60
+comment_width = 80
 condense_wildcard_suffixes = true
+edition = "2024"
+fn_call_width = 80
+fn_single_line = true
 format_code_in_doc_comments = true
 format_macro_bodies = true
 format_macro_matchers = true
 format_strings = true
-hex_literal_case = "Upper"
-max_width = 120
-tab_spaces = 4
-array_width = 80
-comment_width = 80
-wrap_comments = true
-fn_params_layout = "Compressed"
-fn_call_width = 80
-fn_single_line = true
+group_imports = "StdExternalCrate"
 hard_tabs = true
-match_block_trailing_comma = true
+hex_literal_case = "Upper"
 imports_granularity = "Crate"
+match_arm_blocks = false
+match_arm_leading_pipes = "Always"
+match_block_trailing_comma = true
+max_width = 98
+newline_style = "Unix"
 normalize_comments = false
+overflow_delimited_expr = true
 reorder_impl_items = true
 reorder_imports = true
-group_imports = "StdExternalCrate"
-newline_style = "Unix"
+single_line_if_else_max_width = 60
+single_line_let_else_max_width = 80
+struct_lit_width = 40
+tab_spaces = 4
+unstable_features = true
 use_field_init_shorthand = true
 use_small_heuristics = "Off"
 use_try_shorthand = true
-chain_width = 60
+wrap_comments = true
@@ -1,5 +1,5 @@
 [package]
-name = "conduit_admin"
+name = "conduwuit_admin"
 categories.workspace = true
 description.workspace = true
 edition.workspace = true
@@ -17,7 +17,6 @@ crate-type = [
 ]

 [features]
-#dev_release_log_level = []
 release_max_log_level = [
 	"tracing/max_level_trace",
 	"tracing/release_max_level_info",
@@ -27,12 +26,13 @@ release_max_log_level = [

 [dependencies]
 clap.workspace = true
-conduit-api.workspace = true
-conduit-core.workspace = true
-conduit-macros.workspace = true
-conduit-service.workspace = true
+conduwuit-api.workspace = true
+conduwuit-core.workspace = true
+conduwuit-database.workspace = true
+conduwuit-macros.workspace = true
+conduwuit-service.workspace = true
 const-str.workspace = true
-futures-util.workspace = true
+futures.workspace = true
 log.workspace = true
 ruma.workspace = true
 serde_json.workspace = true
@@ -1,15 +1,16 @@
 use clap::Parser;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::{
-	appservice, appservice::AppserviceCommand, check, check::CheckCommand, command::Command, debug,
-	debug::DebugCommand, federation, federation::FederationCommand, media, media::MediaCommand, query,
-	query::QueryCommand, room, room::RoomCommand, server, server::ServerCommand, user, user::UserCommand,
+	appservice, appservice::AppserviceCommand, check, check::CheckCommand, command::Command,
+	debug, debug::DebugCommand, federation, federation::FederationCommand, media,
+	media::MediaCommand, query, query::QueryCommand, room, room::RoomCommand, server,
+	server::ServerCommand, user, user::UserCommand,
 };

 #[derive(Debug, Parser)]
-#[command(name = "admin", version = env!("CARGO_PKG_VERSION"))]
+#[command(name = "conduwuit", version = conduwuit::version())]
 pub(super) enum AdminCommand {
 	#[command(subcommand)]
 	/// - Commands for managing appservices
@@ -49,18 +50,21 @@ pub(super) enum AdminCommand {
 }

 #[tracing::instrument(skip_all, name = "command")]
-pub(super) async fn process(command: AdminCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	command: AdminCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	use AdminCommand::*;

 	Ok(match command {
-		Appservices(command) => appservice::process(command, context).await?,
-		Media(command) => media::process(command, context).await?,
-		Users(command) => user::process(command, context).await?,
-		Rooms(command) => room::process(command, context).await?,
-		Federation(command) => federation::process(command, context).await?,
-		Server(command) => server::process(command, context).await?,
-		Debug(command) => debug::process(command, context).await?,
-		Query(command) => query::process(command, context).await?,
-		Check(command) => check::process(command, context).await?,
+		| Appservices(command) => appservice::process(command, context).await?,
+		| Media(command) => media::process(command, context).await?,
+		| Users(command) => user::process(command, context).await?,
+		| Rooms(command) => room::process(command, context).await?,
+		| Federation(command) => federation::process(command, context).await?,
+		| Server(command) => server::process(command, context).await?,
+		| Debug(command) => debug::process(command, context).await?,
+		| Query(command) => query::process(command, context).await?,
+		| Check(command) => check::process(command, context).await?,
 	})
 }
@@ -4,59 +4,75 @@ use crate::{admin_command, Result};

 #[admin_command]
 pub(super) async fn register(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
 		));
 	}

-	let appservice_config = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
-	let parsed_config = serde_yaml::from_str::<Registration>(&appservice_config);
+	let appservice_config_body = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
+	let parsed_config = serde_yaml::from_str::<Registration>(&appservice_config_body);
 	match parsed_config {
-		Ok(yaml) => match self.services.appservice.register_appservice(yaml).await {
-			Ok(id) => Ok(RoomMessageEventContent::text_plain(format!(
-				"Appservice registered with ID: {id}."
+		| Ok(registration) => match self
+			.services
+			.appservice
+			.register_appservice(&registration, &appservice_config_body)
+			.await
+		{
+			| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+				"Appservice registered with ID: {}",
+				registration.id
 			))),
-			Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+			| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 				"Failed to register appservice: {e}"
 			))),
 		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
-			"Could not parse appservice config: {e}"
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+			"Could not parse appservice config as YAML: {e}"
 		))),
 	}
 }

 #[admin_command]
-pub(super) async fn unregister(&self, appservice_identifier: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn unregister(
+	&self,
+	appservice_identifier: String,
+) -> Result<RoomMessageEventContent> {
 	match self
 		.services
 		.appservice
 		.unregister_appservice(&appservice_identifier)
 		.await
 	{
-		Ok(()) => Ok(RoomMessageEventContent::text_plain("Appservice unregistered.")),
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+		| Ok(()) => Ok(RoomMessageEventContent::text_plain("Appservice unregistered.")),
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 			"Failed to unregister appservice: {e}"
 		))),
 	}
 }

 #[admin_command]
-pub(super) async fn show_appservice_config(&self, appservice_identifier: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn show_appservice_config(
+	&self,
+	appservice_identifier: String,
+) -> Result<RoomMessageEventContent> {
 	match self
 		.services
 		.appservice
 		.get_registration(&appservice_identifier)
 		.await
 	{
-		Some(config) => {
-			let config_str = serde_yaml::to_string(&config).expect("config should've been validated on register");
-			let output = format!("Config for {appservice_identifier}:\n\n```yaml\n{config_str}\n```",);
+		| Some(config) => {
+			let config_str = serde_yaml::to_string(&config)
+				.expect("config should've been validated on register");
+			let output =
+				format!("Config for {appservice_identifier}:\n\n```yaml\n{config_str}\n```",);
 			Ok(RoomMessageEventContent::notice_markdown(output))
 		},
-		None => Ok(RoomMessageEventContent::text_plain("Appservice does not exist.")),
+		| None => Ok(RoomMessageEventContent::text_plain("Appservice does not exist.")),
 	}
 }

@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;

 use crate::admin_command_dispatch;

@@ -1,5 +1,6 @@
-use conduit::Result;
-use conduit_macros::implement;
+use conduwuit::Result;
+use conduwuit_macros::implement;
+use futures::StreamExt;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::Command;
@@ -10,18 +11,17 @@ use crate::Command;
 #[implement(Command, params = "<'_>")]
 pub(super) async fn check_all_users(&self) -> Result<RoomMessageEventContent> {
 	let timer = tokio::time::Instant::now();
-	let results = self.services.users.db.iter();
+	let users = self.services.users.iter().collect::<Vec<_>>().await;
 	let query_time = timer.elapsed();

-	let users = results.collect::<Vec<_>>();
-
 	let total = users.len();
-	let err_count = users.iter().filter(|user| user.is_err()).count();
-	let ok_count = users.iter().filter(|user| user.is_ok()).count();
+	let err_count = users.iter().filter(|_user| false).count();
+	let ok_count = users.iter().filter(|_user| true).count();

 	let message = format!(
-		"Database query completed in {query_time:?}:\n\n```\nTotal entries: {total:?}\nFailure/Invalid user count: \
-		 {err_count:?}\nSuccess/Valid user count: {ok_count:?}\n```"
+		"Database query completed in {query_time:?}:\n\n```\nTotal entries: \
+		 {total:?}\nFailure/Invalid user count: {err_count:?}\nSuccess/Valid user count: \
+		 {ok_count:?}\n```"
 	);

 	Ok(RoomMessageEventContent::notice_markdown(message))
@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::Command;
@@ -11,8 +11,11 @@ pub(super) enum CheckCommand {
 	AllUsers,
 }

-pub(super) async fn process(command: CheckCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	command: CheckCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	Ok(match command {
-		CheckCommand::AllUsers => context.check_all_users().await?,
+		| CheckCommand::AllUsers => context.check_all_users().await?,
 	})
 }
@@ -1,6 +1,6 @@
 use std::time::SystemTime;

-use conduit_service::Services;
+use conduwuit_service::Services;
 use ruma::EventId;

 pub(crate) struct Command<'a> {
@@ -1,18 +1,21 @@
 use std::{
-	collections::{BTreeMap, HashMap},
+	collections::HashMap,
 	fmt::Write,
-	sync::Arc,
+	iter::once,
 	time::{Instant, SystemTime},
 };

-use api::client::validate_and_add_event_id;
-use conduit::{debug, debug_error, err, info, trace, utils, warn, Error, PduEvent, Result};
+use conduwuit::{
+	debug_error, err, info, trace, utils, utils::string::EMPTY, warn, Error, PduEvent, Result,
+};
+use futures::{FutureExt, StreamExt};
 use ruma::{
 	api::{client::error::ErrorKind, federation::event::get_room_state},
 	events::room::message::RoomMessageEventContent,
-	CanonicalJsonObject, EventId, OwnedRoomOrAliasId, RoomId, RoomVersionId, ServerName,
+	CanonicalJsonObject, EventId, OwnedEventId, OwnedRoomOrAliasId, RoomId, RoomVersionId,
+	ServerName,
 };
-use tokio::sync::RwLock;
+use service::rooms::state_compressor::HashSetCompressStateEvent;
 use tracing_subscriber::EnvFilter;

 use crate::admin_command;
@@ -25,38 +28,43 @@ pub(super) async fn echo(&self, message: Vec<String>) -> Result<RoomMessageEvent
 }

 #[admin_command]
-pub(super) async fn get_auth_chain(&self, event_id: Box<EventId>) -> Result<RoomMessageEventContent> {
-	let event_id = Arc::<EventId>::from(event_id);
-	if let Some(event) = self.services.rooms.timeline.get_pdu_json(&event_id)? {
-		let room_id_str = event
-			.get("room_id")
-			.and_then(|val| val.as_str())
-			.ok_or_else(|| Error::bad_database("Invalid event in database"))?;
+pub(super) async fn get_auth_chain(
+	&self,
+	event_id: Box<EventId>,
+) -> Result<RoomMessageEventContent> {
+	let Ok(event) = self.services.rooms.timeline.get_pdu_json(&event_id).await else {
+		return Ok(RoomMessageEventContent::notice_plain("Event not found."));
+	};

-		let room_id = <&RoomId>::try_from(room_id_str)
-			.map_err(|_| Error::bad_database("Invalid room id field in event in database"))?;
+	let room_id_str = event
+		.get("room_id")
+		.and_then(|val| val.as_str())
+		.ok_or_else(|| Error::bad_database("Invalid event in database"))?;

-		let start = Instant::now();
-		let count = self
-			.services
-			.rooms
-			.auth_chain
-			.event_ids_iter(room_id, vec![event_id])
-			.await?
-			.count();
+	let room_id = <&RoomId>::try_from(room_id_str)
+		.map_err(|_| Error::bad_database("Invalid room id field in event in database"))?;

-		let elapsed = start.elapsed();
-		Ok(RoomMessageEventContent::text_plain(format!(
-			"Loaded auth chain with length {count} in {elapsed:?}"
-		)))
-	} else {
-		Ok(RoomMessageEventContent::text_plain("Event not found."))
-	}
+	let start = Instant::now();
+	let count = self
+		.services
+		.rooms
+		.auth_chain
+		.event_ids_iter(room_id, once(event_id.as_ref()))
+		.await?
+		.count()
+		.await;
+
+	let elapsed = start.elapsed();
+	Ok(RoomMessageEventContent::text_plain(format!(
+		"Loaded auth chain with length {count} in {elapsed:?}"
+	)))
 }

 #[admin_command]
 pub(super) async fn parse_pdu(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&EMPTY).trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -65,20 +73,26 @@ pub(super) async fn parse_pdu(&self) -> Result<RoomMessageEventContent> {

 	let string = self.body[1..self.body.len().saturating_sub(1)].join("\n");
 	match serde_json::from_str(&string) {
-		Ok(value) => match ruma::signatures::reference_hash(&value, &RoomVersionId::V6) {
-			Ok(hash) => {
-				let event_id = EventId::parse(format!("${hash}"));
+		| Ok(value) => match ruma::signatures::reference_hash(&value, &RoomVersionId::V6) {
+			| Ok(hash) => {
+				let event_id = OwnedEventId::parse(format!("${hash}"));

-				match serde_json::from_value::<PduEvent>(serde_json::to_value(value).expect("value is json")) {
-					Ok(pdu) => Ok(RoomMessageEventContent::text_plain(format!("EventId: {event_id:?}\n{pdu:#?}"))),
-					Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+				match serde_json::from_value::<PduEvent>(
+					serde_json::to_value(value).expect("value is json"),
+				) {
+					| Ok(pdu) => Ok(RoomMessageEventContent::text_plain(format!(
+						"EventId: {event_id:?}\n{pdu:#?}"
+					))),
+					| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 						"EventId: {event_id:?}\nCould not parse event: {e}"
 					))),
 				}
 			},
-			Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Could not parse PDU JSON: {e:?}"))),
+			| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+				"Could not parse PDU JSON: {e:?}"
+			))),
 		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 			"Invalid json in command body: {e}"
 		))),
 	}
@@ -91,31 +105,37 @@ pub(super) async fn get_pdu(&self, event_id: Box<EventId>) -> Result<RoomMessage
 		.services
 		.rooms
 		.timeline
-		.get_non_outlier_pdu_json(&event_id)?;
-	if pdu_json.is_none() {
+		.get_non_outlier_pdu_json(&event_id)
+		.await;
+
+	if pdu_json.is_err() {
 		outlier = true;
-		pdu_json = self.services.rooms.timeline.get_pdu_json(&event_id)?;
+		pdu_json = self.services.rooms.timeline.get_pdu_json(&event_id).await;
 	}
+
 	match pdu_json {
-		Some(json) => {
-			let json_text = serde_json::to_string_pretty(&json).expect("canonical json is valid json");
+		| Ok(json) => {
+			let json_text =
+				serde_json::to_string_pretty(&json).expect("canonical json is valid json");
 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"{}\n```json\n{}\n```",
 				if outlier {
-					"Outlier PDU found in our database"
+					"Outlier (Rejected / Soft Failed) PDU found in our database"
 				} else {
 					"PDU found in our database"
 				},
 				json_text
 			)))
 		},
-		None => Ok(RoomMessageEventContent::text_plain("PDU not found locally.")),
+		| Err(_) => Ok(RoomMessageEventContent::text_plain("PDU not found locally.")),
 	}
 }

 #[admin_command]
 pub(super) async fn get_remote_pdu_list(
-	&self, server: Box<ServerName>, force: bool,
+	&self,
+	server: Box<ServerName>,
+	force: bool,
 ) -> Result<RoomMessageEventContent> {
 	if !self.services.globals.config.allow_federation {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -125,12 +145,14 @@ pub(super) async fn get_remote_pdu_list(

 	if server == self.services.globals.server_name() {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Not allowed to send federation requests to ourselves. Please use `get-pdu` for fetching local PDUs from \
-			 the database.",
+			"Not allowed to send federation requests to ourselves. Please use `get-pdu` for \
+			 fetching local PDUs from the database.",
 		));
 	}

-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&EMPTY).trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -157,7 +179,8 @@ pub(super) async fn get_remote_pdu_list(
 					.send_message(RoomMessageEventContent::text_plain(format!(
 						"Failed to get remote PDU, ignoring error: {e}"
 					)))
-					.await;
+					.await
+					.ok();
 				warn!("Failed to get remote PDU, ignoring error: {e}");
 			} else {
 				success_count = success_count.saturating_add(1);
@@ -175,7 +198,9 @@ pub(super) async fn get_remote_pdu_list(

 #[admin_command]
 pub(super) async fn get_remote_pdu(
-	&self, event_id: Box<EventId>, server: Box<ServerName>,
+	&self,
+	event_id: Box<EventId>,
+	server: Box<ServerName>,
 ) -> Result<RoomMessageEventContent> {
 	if !self.services.globals.config.allow_federation {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -185,40 +210,45 @@ pub(super) async fn get_remote_pdu(

 	if server == self.services.globals.server_name() {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Not allowed to send federation requests to ourselves. Please use `get-pdu` for fetching local PDUs.",
+			"Not allowed to send federation requests to ourselves. Please use `get-pdu` for \
+			 fetching local PDUs.",
 		));
 	}

 	match self
 		.services
 		.sending
-		.send_federation_request(
-			&server,
-			ruma::api::federation::event::get_event::v1::Request {
-				event_id: event_id.clone().into(),
-			},
-		)
+		.send_federation_request(&server, ruma::api::federation::event::get_event::v1::Request {
+			event_id: event_id.clone().into(),
+			include_unredacted_content: None,
+		})
 		.await
 	{
-		Ok(response) => {
-			let json: CanonicalJsonObject = serde_json::from_str(response.pdu.get()).map_err(|e| {
-				warn!(
-					"Requested event ID {event_id} from server but failed to convert from RawValue to \
-					 CanonicalJsonObject (malformed event/response?): {e}"
-				);
-				Error::BadRequest(ErrorKind::Unknown, "Received response from server but failed to parse PDU")
-			})?;
+		| Ok(response) => {
+			let json: CanonicalJsonObject =
+				serde_json::from_str(response.pdu.get()).map_err(|e| {
+					warn!(
+						"Requested event ID {event_id} from server but failed to convert from \
+						 RawValue to CanonicalJsonObject (malformed event/response?): {e}"
+					);
+					Error::BadRequest(
+						ErrorKind::Unknown,
+						"Received response from server but failed to parse PDU",
+					)
+				})?;

 			trace!("Attempting to parse PDU: {:?}", &response.pdu);
-			let parsed_pdu = {
+			let _parsed_pdu = {
 				let parsed_result = self
 					.services
 					.rooms
 					.event_handler
-					.parse_incoming_pdu(&response.pdu);
+					.parse_incoming_pdu(&response.pdu)
+					.await;
+
 				let (event_id, value, room_id) = match parsed_result {
-					Ok(t) => t,
-					Err(e) => {
+					| Ok(t) => t,
+					| Err(e) => {
 						warn!("Failed to parse PDU: {e}");
 						info!("Full PDU: {:?}", &response.pdu);
 						return Ok(RoomMessageEventContent::text_plain(format!(
@@ -230,49 +260,45 @@ pub(super) async fn get_remote_pdu(
 				vec![(event_id, value, room_id)]
 			};

-			let pub_key_map = RwLock::new(BTreeMap::new());
-
-			debug!("Attempting to fetch homeserver signing keys for {server}");
-			self.services
-				.server_keys
-				.fetch_required_signing_keys(parsed_pdu.iter().map(|(_event_id, event, _room_id)| event), &pub_key_map)
-				.await
-				.unwrap_or_else(|e| {
-					warn!("Could not fetch all signatures for PDUs from {server}: {e:?}");
-				});
-
 			info!("Attempting to handle event ID {event_id} as backfilled PDU");
 			self.services
 				.rooms
 				.timeline
-				.backfill_pdu(&server, response.pdu, &pub_key_map)
+				.backfill_pdu(&server, response.pdu)
+				.boxed()
 				.await?;

-			let json_text = serde_json::to_string_pretty(&json).expect("canonical json is valid json");
+			let json_text =
+				serde_json::to_string_pretty(&json).expect("canonical json is valid json");

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"{}\n```json\n{}\n```",
-				"Got PDU from specified server and handled as backfilled PDU successfully. Event body:", json_text
+				"Got PDU from specified server and handled as backfilled PDU successfully. \
+				 Event body:",
+				json_text
 			)))
 		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 			"Remote server did not have PDU or failed sending request to remote server: {e}"
 		))),
 	}
 }

 #[admin_command]
-pub(super) async fn get_room_state(&self, room: OwnedRoomOrAliasId) -> Result<RoomMessageEventContent> {
+pub(super) async fn get_room_state(
+	&self,
+	room: OwnedRoomOrAliasId,
+) -> Result<RoomMessageEventContent> {
 	let room_id = self.services.rooms.alias.resolve(&room).await?;
-	let room_state = self
+	let room_state: Vec<_> = self
 		.services
 		.rooms
 		.state_accessor
 		.room_state_full(&room_id)
 		.await?
 		.values()
-		.map(|pdu| pdu.to_state_event())
-		.collect::<Vec<_>>();
+		.map(PduEvent::to_state_event)
+		.collect();

 	if room_state.is_empty() {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -283,7 +309,8 @@ pub(super) async fn get_room_state(&self, room: OwnedRoomOrAliasId) -> Result<Ro
 	let json = serde_json::to_string_pretty(&room_state).map_err(|e| {
 		warn!("Failed converting room state vector in our database to pretty JSON: {e}");
 		Error::bad_database(
-			"Failed to convert room state events to pretty JSON, possible invalid room state events in our database",
+			"Failed to convert room state events to pretty JSON, possible invalid room state \
+			 events in our database",
 		)
 	})?;

@@ -303,10 +330,13 @@ pub(super) async fn ping(&self, server: Box<ServerName>) -> Result<RoomMessageEv
 	match self
 		.services
 		.sending
-		.send_federation_request(&server, ruma::api::federation::discovery::get_server_version::v1::Request {})
+		.send_federation_request(
+			&server,
+			ruma::api::federation::discovery::get_server_version::v1::Request {},
+		)
 		.await
 	{
-		Ok(response) => {
+		| Ok(response) => {
 			let ping_time = timer.elapsed();

 			let json_text_res = serde_json::to_string_pretty(&response.server);
@@ -321,8 +351,11 @@ pub(super) async fn ping(&self, server: Box<ServerName>) -> Result<RoomMessageEv
 				"Got non-JSON response which took {ping_time:?} time:\n{response:?}"
 			)))
 		},
-		Err(e) => {
-			warn!("Failed sending federation request to specified server from ping debug command: {e}");
+		| Err(e) => {
+			warn!(
+				"Failed sending federation request to specified server from ping debug command: \
+				 {e}"
+			);
 			Ok(RoomMessageEventContent::text_plain(format!(
 				"Failed sending federation request to specified server:\n\n{e}",
 			)))
@@ -333,22 +366,29 @@ pub(super) async fn ping(&self, server: Box<ServerName>) -> Result<RoomMessageEv
 #[admin_command]
 pub(super) async fn force_device_list_updates(&self) -> Result<RoomMessageEventContent> {
 	// Force E2EE device list updates for all users
-	for user_id in self.services.users.iter().filter_map(Result::ok) {
-		self.services.users.mark_device_key_update(&user_id)?;
-	}
+	self.services
+		.users
+		.stream()
+		.for_each(|user_id| self.services.users.mark_device_key_update(user_id))
+		.await;
+
 	Ok(RoomMessageEventContent::text_plain(
 		"Marked all devices for all users as having new keys to update",
 	))
 }

 #[admin_command]
-pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool) -> Result<RoomMessageEventContent> {
+pub(super) async fn change_log_level(
+	&self,
+	filter: Option<String>,
+	reset: bool,
+) -> Result<RoomMessageEventContent> {
 	let handles = &["console"];

 	if reset {
 		let old_filter_layer = match EnvFilter::try_new(&self.services.globals.config.log) {
-			Ok(s) => s,
-			Err(e) => {
+			| Ok(s) => s,
+			| Err(e) => {
 				return Ok(RoomMessageEventContent::text_plain(format!(
 					"Log level from config appears to be invalid now: {e}"
 				)));
@@ -362,13 +402,13 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)
 			.reload
 			.reload(&old_filter_layer, Some(handles))
 		{
-			Ok(()) => {
+			| Ok(()) => {
 				return Ok(RoomMessageEventContent::text_plain(format!(
 					"Successfully changed log level back to config value {}",
 					self.services.globals.config.log
 				)));
 			},
-			Err(e) => {
+			| Err(e) => {
 				return Ok(RoomMessageEventContent::text_plain(format!(
 					"Failed to modify and reload the global tracing log level: {e}"
 				)));
@@ -378,8 +418,8 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)

 	if let Some(filter) = filter {
 		let new_filter_layer = match EnvFilter::try_new(filter) {
-			Ok(s) => s,
-			Err(e) => {
+			| Ok(s) => s,
+			| Err(e) => {
 				return Ok(RoomMessageEventContent::text_plain(format!(
 					"Invalid log level filter specified: {e}"
 				)));
@@ -393,10 +433,10 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)
 			.reload
 			.reload(&new_filter_layer, Some(handles))
 		{
-			Ok(()) => {
+			| Ok(()) => {
 				return Ok(RoomMessageEventContent::text_plain("Successfully changed log level"));
 			},
-			Err(e) => {
+			| Err(e) => {
 				return Ok(RoomMessageEventContent::text_plain(format!(
 					"Failed to modify and reload the global tracing log level: {e}"
 				)));
@@ -409,7 +449,9 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)

 #[admin_command]
 pub(super) async fn sign_json(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -418,23 +460,24 @@ pub(super) async fn sign_json(&self) -> Result<RoomMessageEventContent> {

 	let string = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
 	match serde_json::from_str(&string) {
-		Ok(mut value) => {
-			ruma::signatures::sign_json(
-				self.services.globals.server_name().as_str(),
-				self.services.globals.keypair(),
-				&mut value,
-			)
-			.expect("our request json is what ruma expects");
-			let json_text = serde_json::to_string_pretty(&value).expect("canonical json is valid json");
+		| Ok(mut value) => {
+			self.services
+				.server_keys
+				.sign_json(&mut value)
+				.expect("our request json is what ruma expects");
+			let json_text =
+				serde_json::to_string_pretty(&value).expect("canonical json is valid json");
 			Ok(RoomMessageEventContent::text_plain(json_text))
 		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Invalid json: {e}"))),
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Invalid json: {e}"))),
 	}
 }

 #[admin_command]
 pub(super) async fn verify_json(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -442,35 +485,44 @@ pub(super) async fn verify_json(&self) -> Result<RoomMessageEventContent> {
 	}

 	let string = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
-	match serde_json::from_str(&string) {
-		Ok(value) => {
-			let pub_key_map = RwLock::new(BTreeMap::new());
-
-			self.services
-				.server_keys
-				.fetch_required_signing_keys([&value], &pub_key_map)
-				.await?;
-
-			let pub_key_map = pub_key_map.read().await;
-			match ruma::signatures::verify_json(&pub_key_map, &value) {
-				Ok(()) => Ok(RoomMessageEventContent::text_plain("Signature correct")),
-				Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
-					"Signature verification failed: {e}"
-				))),
-			}
+	match serde_json::from_str::<CanonicalJsonObject>(&string) {
+		| Ok(value) => match self.services.server_keys.verify_json(&value, None).await {
+			| Ok(()) => Ok(RoomMessageEventContent::text_plain("Signature correct")),
+			| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+				"Signature verification failed: {e}"
+			))),
 		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Invalid json: {e}"))),
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Invalid json: {e}"))),
 	}
 }

+#[admin_command]
+pub(super) async fn verify_pdu(&self, event_id: Box<EventId>) -> Result<RoomMessageEventContent> {
+	let mut event = self.services.rooms.timeline.get_pdu_json(&event_id).await?;
+
+	event.remove("event_id");
+	let msg = match self.services.server_keys.verify_event(&event, None).await {
+		| Ok(ruma::signatures::Verified::Signatures) =>
+			"signatures OK, but content hash failed (redaction).",
+		| Ok(ruma::signatures::Verified::All) => "signatures and hashes OK.",
+		| Err(e) => return Err(e),
+	};
+
+	Ok(RoomMessageEventContent::notice_plain(msg))
+}
+
 #[admin_command]
 #[tracing::instrument(skip(self))]
-pub(super) async fn first_pdu_in_room(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
+pub(super) async fn first_pdu_in_room(
+	&self,
+	room_id: Box<RoomId>,
+) -> Result<RoomMessageEventContent> {
 	if !self
 		.services
 		.rooms
 		.state_cache
-		.server_in_room(&self.services.globals.config.server_name, &room_id)?
+		.server_in_room(&self.services.globals.config.server_name, &room_id)
+		.await
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"We are not participating in the room / we don't know about the room ID.",
@@ -481,20 +533,25 @@ pub(super) async fn first_pdu_in_room(&self, room_id: Box<RoomId>) -> Result<Roo
 		.services
 		.rooms
 		.timeline
-		.first_pdu_in_room(&room_id)?
-		.ok_or_else(|| Error::bad_database("Failed to find the first PDU in database"))?;
+		.first_pdu_in_room(&room_id)
+		.await
+		.map_err(|_| Error::bad_database("Failed to find the first PDU in database"))?;

 	Ok(RoomMessageEventContent::text_plain(format!("{first_pdu:?}")))
 }

 #[admin_command]
 #[tracing::instrument(skip(self))]
-pub(super) async fn latest_pdu_in_room(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
+pub(super) async fn latest_pdu_in_room(
+	&self,
+	room_id: Box<RoomId>,
+) -> Result<RoomMessageEventContent> {
 	if !self
 		.services
 		.rooms
 		.state_cache
-		.server_in_room(&self.services.globals.config.server_name, &room_id)?
+		.server_in_room(&self.services.globals.config.server_name, &room_id)
+		.await
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"We are not participating in the room / we don't know about the room ID.",
@@ -505,8 +562,9 @@ pub(super) async fn latest_pdu_in_room(&self, room_id: Box<RoomId>) -> Result<Ro
 		.services
 		.rooms
 		.timeline
-		.latest_pdu_in_room(&room_id)?
-		.ok_or_else(|| Error::bad_database("Failed to find the latest PDU in database"))?;
+		.latest_pdu_in_room(&room_id)
+		.await
+		.map_err(|_| Error::bad_database("Failed to find the latest PDU in database"))?;

 	Ok(RoomMessageEventContent::text_plain(format!("{latest_pdu:?}")))
 }
@@ -514,13 +572,16 @@ pub(super) async fn latest_pdu_in_room(&self, room_id: Box<RoomId>) -> Result<Ro
 #[admin_command]
 #[tracing::instrument(skip(self))]
 pub(super) async fn force_set_room_state_from_server(
-	&self, room_id: Box<RoomId>, server_name: Box<ServerName>,
+	&self,
+	room_id: Box<RoomId>,
+	server_name: Box<ServerName>,
 ) -> Result<RoomMessageEventContent> {
 	if !self
 		.services
 		.rooms
 		.state_cache
-		.server_in_room(&self.services.globals.config.server_name, &room_id)?
+		.server_in_room(&self.services.globals.config.server_name, &room_id)
+		.await
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"We are not participating in the room / we don't know about the room ID.",
@@ -531,50 +592,45 @@ pub(super) async fn force_set_room_state_from_server(
 		.services
 		.rooms
 		.timeline
-		.latest_pdu_in_room(&room_id)?
-		.ok_or_else(|| Error::bad_database("Failed to find the latest PDU in database"))?;
+		.latest_pdu_in_room(&room_id)
+		.await
+		.map_err(|_| Error::bad_database("Failed to find the latest PDU in database"))?;

-	let room_version = self.services.rooms.state.get_room_version(&room_id)?;
+	let room_version = self.services.rooms.state.get_room_version(&room_id).await?;

-	let mut state: HashMap<u64, Arc<EventId>> = HashMap::new();
-	let pub_key_map = RwLock::new(BTreeMap::new());
+	let mut state: HashMap<u64, OwnedEventId> = HashMap::new();

 	let remote_state_response = self
 		.services
 		.sending
-		.send_federation_request(
-			&server_name,
-			get_room_state::v1::Request {
-				room_id: room_id.clone().into(),
-				event_id: first_pdu.event_id.clone().into(),
-			},
-		)
+		.send_federation_request(&server_name, get_room_state::v1::Request {
+			room_id: room_id.clone().into(),
+			event_id: first_pdu.event_id.clone(),
+		})
 		.await?;

-	let mut events = Vec::with_capacity(remote_state_response.pdus.len());
-
 	for pdu in remote_state_response.pdus.clone() {
-		events.push(match self.services.rooms.event_handler.parse_incoming_pdu(&pdu) {
-			Ok(t) => t,
-			Err(e) => {
+		match self
+			.services
+			.rooms
+			.event_handler
+			.parse_incoming_pdu(&pdu)
+			.await
+		{
+			| Ok(t) => t,
+			| Err(e) => {
 				warn!("Could not parse PDU, ignoring: {e}");
 				continue;
 			},
-		});
+		};
 	}

-	info!("Fetching required signing keys for all the state events we got");
-	self.services
-		.server_keys
-		.fetch_required_signing_keys(events.iter().map(|(_event_id, event, _room_id)| event), &pub_key_map)
-		.await?;
-
 	info!("Going through room_state response PDUs");
-	for result in remote_state_response
-		.pdus
-		.iter()
-		.map(|pdu| validate_and_add_event_id(self.services, pdu, &room_version, &pub_key_map))
-	{
+	for result in remote_state_response.pdus.iter().map(|pdu| {
+		self.services
+			.server_keys
+			.validate_and_add_event_id(pdu, &room_version)
+	}) {
 		let Ok((event_id, value)) = result.await else {
 			continue;
 		};
@@ -587,23 +643,26 @@ pub(super) async fn force_set_room_state_from_server(
 		self.services
 			.rooms
 			.outlier
-			.add_pdu_outlier(&event_id, &value)?;
+			.add_pdu_outlier(&event_id, &value);
+
 		if let Some(state_key) = &pdu.state_key {
 			let shortstatekey = self
 				.services
 				.rooms
 				.short
-				.get_or_create_shortstatekey(&pdu.kind.to_string().into(), state_key)?;
+				.get_or_create_shortstatekey(&pdu.kind.to_string().into(), state_key)
+				.await;
+
 			state.insert(shortstatekey, pdu.event_id.clone());
 		}
 	}

 	info!("Going through auth_chain response");
-	for result in remote_state_response
-		.auth_chain
-		.iter()
-		.map(|pdu| validate_and_add_event_id(self.services, pdu, &room_version, &pub_key_map))
-	{
+	for result in remote_state_response.auth_chain.iter().map(|pdu| {
+		self.services
+			.server_keys
+			.validate_and_add_event_id(pdu, &room_version)
+	}) {
 		let Ok((event_id, value)) = result.await else {
 			continue;
 		};
@@ -611,38 +670,44 @@ pub(super) async fn force_set_room_state_from_server(
 		self.services
 			.rooms
 			.outlier
-			.add_pdu_outlier(&event_id, &value)?;
+			.add_pdu_outlier(&event_id, &value);
 	}

 	let new_room_state = self
 		.services
 		.rooms
 		.event_handler
-		.resolve_state(room_id.clone().as_ref(), &room_version, state)
+		.resolve_state(&room_id, &room_version, state)
 		.await?;

 	info!("Forcing new room state");
-	let (short_state_hash, new, removed) = self
+	let HashSetCompressStateEvent {
+		shortstatehash: short_state_hash,
+		added,
+		removed,
+	} = self
 		.services
 		.rooms
 		.state_compressor
-		.save_state(room_id.clone().as_ref(), new_room_state)?;
+		.save_state(room_id.clone().as_ref(), new_room_state)
+		.await?;

 	let state_lock = self.services.rooms.state.mutex.lock(&room_id).await;
 	self.services
 		.rooms
 		.state
-		.force_state(room_id.clone().as_ref(), short_state_hash, new, removed, &state_lock)
+		.force_state(room_id.clone().as_ref(), short_state_hash, added, removed, &state_lock)
 		.await?;

 	info!(
-		"Updating joined counts for room just in case (e.g. we may have found a difference in the room's \
-		 m.room.member state"
+		"Updating joined counts for room just in case (e.g. we may have found a difference in \
+		 the room's m.room.member state"
 	);
 	self.services
 		.rooms
 		.state_cache
-		.update_joined_count(&room_id)?;
+		.update_joined_count(&room_id)
+		.await;

 	drop(state_lock);

@@ -653,10 +718,37 @@ pub(super) async fn force_set_room_state_from_server(

 #[admin_command]
 pub(super) async fn get_signing_keys(
-	&self, server_name: Option<Box<ServerName>>, _cached: bool,
+	&self,
+	server_name: Option<Box<ServerName>>,
+	notary: Option<Box<ServerName>>,
+	query: bool,
 ) -> Result<RoomMessageEventContent> {
-	let server_name = server_name.unwrap_or_else(|| self.services.server.config.server_name.clone().into());
-	let signing_keys = self.services.globals.signing_keys_for(&server_name)?;
+	let server_name =
+		server_name.unwrap_or_else(|| self.services.server.config.server_name.clone().into());
+
+	if let Some(notary) = notary {
+		let signing_keys = self
+			.services
+			.server_keys
+			.notary_request(&notary, &server_name)
+			.await?;
+
+		return Ok(RoomMessageEventContent::notice_markdown(format!(
+			"```rs\n{signing_keys:#?}\n```"
+		)));
+	}
+
+	let signing_keys = if query {
+		self.services
+			.server_keys
+			.server_request(&server_name)
+			.await?
+	} else {
+		self.services
+			.server_keys
+			.signing_keys_for(&server_name)
+			.await?
+	};

 	Ok(RoomMessageEventContent::notice_markdown(format!(
 		"```rs\n{signing_keys:#?}\n```"
@@ -664,34 +756,24 @@ pub(super) async fn get_signing_keys(
 }

 #[admin_command]
-#[allow(dead_code)]
 pub(super) async fn get_verify_keys(
-	&self, server_name: Option<Box<ServerName>>, cached: bool,
+	&self,
+	server_name: Option<Box<ServerName>>,
 ) -> Result<RoomMessageEventContent> {
-	let server_name = server_name.unwrap_or_else(|| self.services.server.config.server_name.clone().into());
-	let mut out = String::new();
+	let server_name =
+		server_name.unwrap_or_else(|| self.services.server.config.server_name.clone().into());

-	if cached {
-		writeln!(out, "| Key ID | VerifyKey |")?;
-		writeln!(out, "| --- | --- |")?;
-		for (key_id, verify_key) in self.services.globals.verify_keys_for(&server_name)? {
-			writeln!(out, "| {key_id} | {verify_key:?} |")?;
-		}
-
-		return Ok(RoomMessageEventContent::notice_markdown(out));
-	}
-
-	let signature_ids: Vec<String> = Vec::new();
 	let keys = self
 		.services
 		.server_keys
-		.fetch_signing_keys_for_server(&server_name, signature_ids)
-		.await?;
+		.verify_keys_for(&server_name)
+		.await;

+	let mut out = String::new();
 	writeln!(out, "| Key ID | Public Key |")?;
 	writeln!(out, "| --- | --- |")?;
 	for (key_id, key) in keys {
-		writeln!(out, "| {key_id} | {key} |")?;
+		writeln!(out, "| {key_id} | {key:?} |")?;
 	}

 	Ok(RoomMessageEventContent::notice_markdown(out))
@@ -699,7 +781,9 @@ pub(super) async fn get_verify_keys(

 #[admin_command]
 pub(super) async fn resolve_true_destination(
-	&self, server_name: Box<ServerName>, no_cache: bool,
+	&self,
+	server_name: Box<ServerName>,
+	no_cache: bool,
 ) -> Result<RoomMessageEventContent> {
 	if !self.services.globals.config.allow_federation {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -709,7 +793,8 @@ pub(super) async fn resolve_true_destination(

 	if server_name == self.services.globals.config.server_name {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Not allowed to send federation requests to ourselves. Please use `get-pdu` for fetching local PDUs.",
+			"Not allowed to send federation requests to ourselves. Please use `get-pdu` for \
+			 fetching local PDUs.",
 		));
 	}

@@ -726,7 +811,7 @@ pub(super) async fn resolve_true_destination(

 #[admin_command]
 pub(super) async fn memory_stats(&self) -> Result<RoomMessageEventContent> {
-	let html_body = conduit::alloc::memory_stats();
+	let html_body = conduwuit::alloc::memory_stats();

 	if html_body.is_none() {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -745,7 +830,14 @@ pub(super) async fn memory_stats(&self) -> Result<RoomMessageEventContent> {
 pub(super) async fn runtime_metrics(&self) -> Result<RoomMessageEventContent> {
 	let out = self.services.server.metrics.runtime_metrics().map_or_else(
 		|| "Runtime metrics are not available.".to_owned(),
-		|metrics| format!("```rs\n{metrics:#?}\n```"),
+		|metrics| {
+			format!(
+				"```rs\nnum_workers: {}\nnum_alive_tasks: {}\nglobal_queue_depth: {}\n```",
+				metrics.num_workers(),
+				metrics.num_alive_tasks(),
+				metrics.global_queue_depth()
+			)
+		},
 	);

 	Ok(RoomMessageEventContent::text_markdown(out))
@@ -811,13 +903,15 @@ pub(super) async fn list_dependencies(&self, names: bool) -> Result<RoomMessageE

 #[admin_command]
 pub(super) async fn database_stats(
-	&self, property: Option<String>, map: Option<String>,
+	&self,
+	property: Option<String>,
+	map: Option<String>,
 ) -> Result<RoomMessageEventContent> {
 	let property = property.unwrap_or_else(|| "rocksdb.stats".to_owned());
-	let map_name = map.as_ref().map_or(utils::string::EMPTY, String::as_str);
+	let map_name = map.as_ref().map_or(EMPTY, String::as_str);

 	let mut out = String::new();
-	for (name, map) in self.services.db.iter_maps() {
+	for (name, map) in self.services.db.iter() {
 		if !map_name.is_empty() && *map_name != *name {
 			continue;
 		}
@@ -2,7 +2,7 @@ mod commands;
 pub(crate) mod tester;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{EventId, OwnedRoomOrAliasId, RoomId, ServerName};

 use self::tester::TesterCommand;
@@ -80,8 +80,16 @@ pub(super) enum DebugCommand {
 	GetSigningKeys {
 		server_name: Option<Box<ServerName>>,

+		#[arg(long)]
+		notary: Option<Box<ServerName>>,
+
 		#[arg(short, long)]
-		cached: bool,
+		query: bool,
+	},
+
+	/// - Get and display signing keys from local cache or remote server.
+	GetVerifyKeys {
+		server_name: Option<Box<ServerName>>,
 	},

 	/// - Sends a federation request to the remote server's
@@ -119,6 +127,13 @@ pub(super) enum DebugCommand {
 	/// the command.
 	VerifyJson,

+	/// - Verify PDU
+	///
+	/// This re-verifies a PDU existing in the database found by ID.
+	VerifyPdu {
+		event_id: Box<EventId>,
+	},
+
 	/// - Prints the very first PDU in the specified room (typically
 	///   m.room.create)
 	FirstPduInRoom {
@@ -1,4 +1,4 @@
-use conduit::Err;
+use conduwuit::Err;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::{admin_command, admin_command_dispatch, Result};
@@ -1,19 +1,22 @@
 use std::fmt::Write;

-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId, RoomId, ServerName, UserId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedRoomId, RoomId, ServerName, UserId,
+};

-use crate::{admin_command, escape_html, get_room_info};
+use crate::{admin_command, get_room_info};

 #[admin_command]
 pub(super) async fn disable_room(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	self.services.rooms.metadata.disable_room(&room_id, true)?;
+	self.services.rooms.metadata.disable_room(&room_id, true);
 	Ok(RoomMessageEventContent::text_plain("Room disabled."))
 }

 #[admin_command]
 pub(super) async fn enable_room(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	self.services.rooms.metadata.disable_room(&room_id, false)?;
+	self.services.rooms.metadata.disable_room(&room_id, false);
 	Ok(RoomMessageEventContent::text_plain("Room enabled."))
 }

@@ -37,7 +40,10 @@ pub(super) async fn incoming_federation(&self) -> Result<RoomMessageEventContent
 }

 #[admin_command]
-pub(super) async fn fetch_support_well_known(&self, server_name: Box<ServerName>) -> Result<RoomMessageEventContent> {
+pub(super) async fn fetch_support_well_known(
+	&self,
+	server_name: Box<ServerName>,
+) -> Result<RoomMessageEventContent> {
 	let response = self
 		.services
 		.client
@@ -59,16 +65,20 @@ pub(super) async fn fetch_support_well_known(&self, server_name: Box<ServerName>
 	}

 	let json: serde_json::Value = match serde_json::from_str(&text) {
-		Ok(json) => json,
-		Err(_) => {
-			return Ok(RoomMessageEventContent::text_plain("Response text/body is not valid JSON."));
+		| Ok(json) => json,
+		| Err(_) => {
+			return Ok(RoomMessageEventContent::text_plain(
+				"Response text/body is not valid JSON.",
+			));
 		},
 	};

 	let pretty_json: String = match serde_json::to_string_pretty(&json) {
-		Ok(json) => json,
-		Err(_) => {
-			return Ok(RoomMessageEventContent::text_plain("Response text/body is not valid JSON."));
+		| Ok(json) => json,
+		| Err(_) => {
+			return Ok(RoomMessageEventContent::text_plain(
+				"Response text/body is not valid JSON.",
+			));
 		},
 	};

@@ -78,14 +88,18 @@ pub(super) async fn fetch_support_well_known(&self, server_name: Box<ServerName>
 }

 #[admin_command]
-pub(super) async fn remote_user_in_rooms(&self, user_id: Box<UserId>) -> Result<RoomMessageEventContent> {
+pub(super) async fn remote_user_in_rooms(
+	&self,
+	user_id: Box<UserId>,
+) -> Result<RoomMessageEventContent> {
 	if user_id.server_name() == self.services.globals.config.server_name {
 		return Ok(RoomMessageEventContent::text_plain(
-			"User belongs to our server, please use `list-joined-rooms` user admin command instead.",
+			"User belongs to our server, please use `list-joined-rooms` user admin command \
+			 instead.",
 		));
 	}

-	if !self.services.users.exists(&user_id)? {
+	if !self.services.users.exists(&user_id).await {
 		return Ok(RoomMessageEventContent::text_plain(
 			"Remote user does not exist in our database.",
 		));
@@ -96,9 +110,9 @@ pub(super) async fn remote_user_in_rooms(&self, user_id: Box<UserId>) -> Result<
 		.rooms
 		.state_cache
 		.rooms_joined(&user_id)
-		.filter_map(Result::ok)
-		.map(|room_id| get_room_info(self.services, &room_id))
-		.collect();
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect()
+		.await;

 	if rooms.is_empty() {
 		return Ok(RoomMessageEventContent::text_plain("User is not in any rooms."));
@@ -107,33 +121,15 @@ pub(super) async fn remote_user_in_rooms(&self, user_id: Box<UserId>) -> Result<
 	rooms.sort_by_key(|r| r.1);
 	rooms.reverse();

-	let output_plain = format!(
-		"Rooms {user_id} shares with us ({}):\n{}",
+	let output = format!(
+		"Rooms {user_id} shares with us ({}):\n```\n{}\n```",
 		rooms.len(),
 		rooms
 			.iter()
-			.map(|(id, members, name)| format!("{id}\tMembers: {members}\tName: {name}"))
+			.map(|(id, members, name)| format!("{id} | Members: {members} | Name: {name}"))
 			.collect::<Vec<_>>()
 			.join("\n")
 	);
-	let output_html = format!(
-		"<table><caption>Rooms {user_id} shares with us \
-		 ({})</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-		rooms.len(),
-		rooms
-			.iter()
-			.fold(String::new(), |mut output, (id, members, name)| {
-				writeln!(
-					output,
-					"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-					id,
-					members,
-					escape_html(name)
-				)
-				.expect("should be able to write to string buffer");
-				output
-			})
-	);

-	Ok(RoomMessageEventContent::text_html(output_plain, output_html))
+	Ok(RoomMessageEventContent::text_markdown(output))
 }
@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{RoomId, ServerName, UserId};

 use crate::admin_command_dispatch;
@@ -1,16 +1,21 @@
 use std::time::Duration;

-use conduit::{debug, info, trace, utils::time::parse_timepoint_ago, warn, Result};
-use conduit_service::media::Dim;
+use conduwuit::{
+	debug, debug_info, debug_warn, error, info, trace, utils::time::parse_timepoint_ago, Result,
+};
+use conduwuit_service::media::Dim;
 use ruma::{
-	events::room::message::RoomMessageEventContent, EventId, Mxc, MxcUri, OwnedMxcUri, OwnedServerName, ServerName,
+	events::room::message::RoomMessageEventContent, EventId, Mxc, MxcUri, OwnedMxcUri,
+	OwnedServerName, ServerName,
 };

 use crate::{admin_command, utils::parse_local_user_id};

 #[admin_command]
 pub(super) async fn delete(
-	&self, mxc: Option<Box<MxcUri>>, event_id: Option<Box<EventId>>,
+	&self,
+	mxc: Option<Box<MxcUri>>,
+	event_id: Option<Box<EventId>>,
 ) -> Result<RoomMessageEventContent> {
 	if event_id.is_some() && mxc.is_some() {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -19,7 +24,7 @@ pub(super) async fn delete(
 	}

 	if let Some(mxc) = mxc {
-		debug!("Got MXC URL: {mxc}");
+		trace!("Got MXC URL: {mxc}");
 		self.services
 			.media
 			.delete(&mxc.as_str().try_into()?)
@@ -28,14 +33,15 @@ pub(super) async fn delete(
 		return Ok(RoomMessageEventContent::text_plain(
 			"Deleted the MXC from our database and on our filesystem.",
 		));
-	} else if let Some(event_id) = event_id {
-		debug!("Got event ID to delete media from: {event_id}");
+	}

-		let mut mxc_urls = vec![];
-		let mut mxc_deletion_count: usize = 0;
+	if let Some(event_id) = event_id {
+		trace!("Got event ID to delete media from: {event_id}");
+
+		let mut mxc_urls = Vec::with_capacity(4);

 		// parsing the PDU for any MXC URLs begins here
-		if let Some(event_json) = self.services.rooms.timeline.get_pdu_json(&event_id)? {
+		if let Ok(event_json) = self.services.rooms.timeline.get_pdu_json(&event_id).await {
 			if let Some(content_key) = event_json.get("content") {
 				debug!("Event ID has \"content\".");
 				let content_obj = content_key.as_object();
@@ -51,7 +57,10 @@ pub(super) async fn delete(
 							let final_url = url.to_string().replace('"', "");
 							mxc_urls.push(final_url);
 						} else {
-							info!("Found a URL in the event ID {event_id} but did not start with mxc://, ignoring");
+							info!(
+								"Found a URL in the event ID {event_id} but did not start with \
+								 mxc://, ignoring"
+							);
 						}
 					}

@@ -66,17 +75,24 @@ pub(super) async fn delete(
 								debug!("Found a thumbnail_url in info key: {thumbnail_url}");

 								if thumbnail_url.to_string().starts_with("\"mxc://") {
-									debug!("Pushing thumbnail URL {thumbnail_url} to list of MXCs to delete");
-									let final_thumbnail_url = thumbnail_url.to_string().replace('"', "");
+									debug!(
+										"Pushing thumbnail URL {thumbnail_url} to list of MXCs \
+										 to delete"
+									);
+									let final_thumbnail_url =
+										thumbnail_url.to_string().replace('"', "");
 									mxc_urls.push(final_thumbnail_url);
 								} else {
 									info!(
-										"Found a thumbnail URL in the event ID {event_id} but did not start with \
-										 mxc://, ignoring"
+										"Found a thumbnail URL in the event ID {event_id} but \
+										 did not start with mxc://, ignoring"
 									);
 								}
 							} else {
-								info!("No \"thumbnail_url\" key in \"info\" key, assuming no thumbnails.");
+								info!(
+									"No \"thumbnail_url\" key in \"info\" key, assuming no \
+									 thumbnails."
+								);
 							}
 						}
 					}
@@ -97,8 +113,8 @@ pub(super) async fn delete(
 									mxc_urls.push(final_url);
 								} else {
 									info!(
-										"Found a URL in the event ID {event_id} but did not start with mxc://, \
-										 ignoring"
+										"Found a URL in the event ID {event_id} but did not \
+										 start with mxc://, ignoring"
 									);
 								}
 							} else {
@@ -108,13 +124,14 @@ pub(super) async fn delete(
 					}
 				} else {
 					return Ok(RoomMessageEventContent::text_plain(
-						"Event ID does not have a \"content\" key or failed parsing the event ID JSON.",
+						"Event ID does not have a \"content\" key or failed parsing the event \
+						 ID JSON.",
 					));
 				}
 			} else {
 				return Ok(RoomMessageEventContent::text_plain(
-					"Event ID does not have a \"content\" key, this is not a message or an event type that contains \
-					 media.",
+					"Event ID does not have a \"content\" key, this is not a message or an \
+					 event type that contains media.",
 				));
 			}
 		} else {
@@ -124,68 +141,120 @@ pub(super) async fn delete(
 		}

 		if mxc_urls.is_empty() {
-			// we shouldn't get here (should have errored earlier) but just in case for
-			// whatever reason we do...
 			info!("Parsed event ID {event_id} but did not contain any MXC URLs.");
-			return Ok(RoomMessageEventContent::text_plain("Parsed event ID but found no MXC URLs."));
+			return Ok(RoomMessageEventContent::text_plain(
+				"Parsed event ID but found no MXC URLs.",
+			));
 		}

+		let mut mxc_deletion_count: usize = 0;
+
 		for mxc_url in mxc_urls {
-			self.services
+			match self
+				.services
 				.media
 				.delete(&mxc_url.as_str().try_into()?)
-				.await?;
-			mxc_deletion_count = mxc_deletion_count.saturating_add(1);
+				.await
+			{
+				| Ok(()) => {
+					debug_info!("Successfully deleted {mxc_url} from filesystem and database");
+					mxc_deletion_count = mxc_deletion_count.saturating_add(1);
+				},
+				| Err(e) => {
+					debug_warn!("Failed to delete {mxc_url}, ignoring error and skipping: {e}");
+					continue;
+				},
+			}
 		}

 		return Ok(RoomMessageEventContent::text_plain(format!(
-			"Deleted {mxc_deletion_count} total MXCs from our database and the filesystem from event ID {event_id}."
+			"Deleted {mxc_deletion_count} total MXCs from our database and the filesystem from \
+			 event ID {event_id}."
 		)));
 	}

 	Ok(RoomMessageEventContent::text_plain(
-		"Please specify either an MXC using --mxc or an event ID using --event-id of the message containing an image. \
-		 See --help for details.",
+		"Please specify either an MXC using --mxc or an event ID using --event-id of the \
+		 message containing an image. See --help for details.",
 	))
 }

 #[admin_command]
 pub(super) async fn delete_list(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
 		));
 	}

+	let mut failed_parsed_mxcs: usize = 0;
+
 	let mxc_list = self
 		.body
 		.to_vec()
 		.drain(1..self.body.len().checked_sub(1).unwrap())
-		.collect::<Vec<_>>();
+		.filter_map(|mxc_s| {
+			mxc_s
+				.try_into()
+				.inspect_err(|e| {
+					debug_warn!("Failed to parse user-provided MXC URI: {e}");
+
+					failed_parsed_mxcs = failed_parsed_mxcs.saturating_add(1);
+				})
+				.ok()
+		})
+		.collect::<Vec<Mxc<'_>>>();

 	let mut mxc_deletion_count: usize = 0;

-	for mxc in mxc_list {
-		debug!("Deleting MXC {mxc} in bulk");
-		self.services.media.delete(&mxc.try_into()?).await?;
-		mxc_deletion_count = mxc_deletion_count
-			.checked_add(1)
-			.expect("mxc_deletion_count should not get this high");
+	for mxc in &mxc_list {
+		trace!(%failed_parsed_mxcs, %mxc_deletion_count, "Deleting MXC {mxc} in bulk");
+		match self.services.media.delete(mxc).await {
+			| Ok(()) => {
+				debug_info!("Successfully deleted {mxc} from filesystem and database");
+				mxc_deletion_count = mxc_deletion_count.saturating_add(1);
+			},
+			| Err(e) => {
+				debug_warn!("Failed to delete {mxc}, ignoring error and skipping: {e}");
+				continue;
+			},
+		}
 	}

 	Ok(RoomMessageEventContent::text_plain(format!(
-		"Finished bulk MXC deletion, deleted {mxc_deletion_count} total MXCs from our database and the filesystem.",
+		"Finished bulk MXC deletion, deleted {mxc_deletion_count} total MXCs from our database \
+		 and the filesystem. {failed_parsed_mxcs} MXCs failed to be parsed from the database.",
 	)))
 }

 #[admin_command]
-pub(super) async fn delete_past_remote_media(&self, duration: String, force: bool) -> Result<RoomMessageEventContent> {
+pub(super) async fn delete_past_remote_media(
+	&self,
+	duration: String,
+	before: bool,
+	after: bool,
+	yes_i_want_to_delete_local_media: bool,
+) -> Result<RoomMessageEventContent> {
+	if before && after {
+		return Ok(RoomMessageEventContent::text_plain(
+			"Please only pick one argument, --before or --after.",
+		));
+	}
+	assert!(!(before && after), "--before and --after should not be specified together");
+
 	let duration = parse_timepoint_ago(&duration)?;
 	let deleted_count = self
 		.services
 		.media
-		.delete_all_remote_media_at_after_time(duration, force)
+		.delete_all_remote_media_at_after_time(
+			duration,
+			before,
+			after,
+			yes_i_want_to_delete_local_media,
+		)
 		.await?;

 	Ok(RoomMessageEventContent::text_plain(format!(
@@ -194,14 +263,13 @@ pub(super) async fn delete_past_remote_media(&self, duration: String, force: boo
 }

 #[admin_command]
-pub(super) async fn delete_all_from_user(&self, username: String, force: bool) -> Result<RoomMessageEventContent> {
+pub(super) async fn delete_all_from_user(
+	&self,
+	username: String,
+) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &username)?;

-	let deleted_count = self
-		.services
-		.media
-		.delete_from_user(&user_id, force)
-		.await?;
+	let deleted_count = self.services.media.delete_from_user(&user_id).await?;

 	Ok(RoomMessageEventContent::text_plain(format!(
 		"Deleted {deleted_count} total files.",
@@ -210,34 +278,44 @@ pub(super) async fn delete_all_from_user(&self, username: String, force: bool) -

 #[admin_command]
 pub(super) async fn delete_all_from_server(
-	&self, server_name: Box<ServerName>, force: bool,
+	&self,
+	server_name: Box<ServerName>,
+	yes_i_want_to_delete_local_media: bool,
 ) -> Result<RoomMessageEventContent> {
-	if server_name == self.services.globals.server_name() {
-		return Ok(RoomMessageEventContent::text_plain("This command only works for remote media."));
+	if server_name == self.services.globals.server_name() && !yes_i_want_to_delete_local_media {
+		return Ok(RoomMessageEventContent::text_plain(
+			"This command only works for remote media by default.",
+		));
 	}

-	let Ok(all_mxcs) = self.services.media.get_all_mxcs().await else {
-		return Ok(RoomMessageEventContent::text_plain("Failed to get MXC URIs from our database"));
+	let Ok(all_mxcs) = self
+		.services
+		.media
+		.get_all_mxcs()
+		.await
+		.inspect_err(|e| error!("Failed to get MXC URIs from our database: {e}"))
+	else {
+		return Ok(RoomMessageEventContent::text_plain(
+			"Failed to get MXC URIs from our database",
+		));
 	};

 	let mut deleted_count: usize = 0;

 	for mxc in all_mxcs {
-		let mxc_server_name = match mxc.server_name() {
-			Ok(server_name) => server_name,
-			Err(e) => {
-				if force {
-					warn!("Failed to parse MXC {mxc} server name from database, ignoring error and skipping: {e}");
-					continue;
-				}
-
-				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse MXC {mxc} server name from database: {e}",
-				)));
-			},
+		let Ok(mxc_server_name) = mxc.server_name().inspect_err(|e| {
+			debug_warn!(
+				"Failed to parse MXC {mxc} server name from database, ignoring error and \
+				 skipping: {e}"
+			);
+		}) else {
+			continue;
 		};

-		if mxc_server_name != server_name || self.services.globals.server_is_ours(mxc_server_name) {
+		if mxc_server_name != server_name
+			|| (self.services.globals.server_is_ours(mxc_server_name)
+				&& !yes_i_want_to_delete_local_media)
+		{
 			trace!("skipping MXC URI {mxc}");
 			continue;
 		}
@@ -245,16 +323,12 @@ pub(super) async fn delete_all_from_server(
 		let mxc: Mxc<'_> = mxc.as_str().try_into()?;

 		match self.services.media.delete(&mxc).await {
-			Ok(()) => {
+			| Ok(()) => {
 				deleted_count = deleted_count.saturating_add(1);
 			},
-			Err(e) => {
-				if force {
-					warn!("Failed to delete {mxc}, ignoring error and skipping: {e}");
-					continue;
-				}
-
-				return Ok(RoomMessageEventContent::text_plain(format!("Failed to delete MXC {mxc}: {e}")));
+			| Err(e) => {
+				debug_warn!("Failed to delete {mxc}, ignoring error and skipping: {e}");
+				continue;
 			},
 		}
 	}
@@ -267,14 +341,17 @@ pub(super) async fn delete_all_from_server(
 #[admin_command]
 pub(super) async fn get_file_info(&self, mxc: OwnedMxcUri) -> Result<RoomMessageEventContent> {
 	let mxc: Mxc<'_> = mxc.as_str().try_into()?;
-	let metadata = self.services.media.get_metadata(&mxc);
+	let metadata = self.services.media.get_metadata(&mxc).await;

 	Ok(RoomMessageEventContent::notice_markdown(format!("```\n{metadata:#?}\n```")))
 }

 #[admin_command]
 pub(super) async fn get_remote_file(
-	&self, mxc: OwnedMxcUri, server: Option<OwnedServerName>, timeout: u32,
+	&self,
+	mxc: OwnedMxcUri,
+	server: Option<OwnedServerName>,
+	timeout: u32,
 ) -> Result<RoomMessageEventContent> {
 	let mxc: Mxc<'_> = mxc.as_str().try_into()?;
 	let timeout = Duration::from_millis(timeout.into());
@@ -294,7 +371,12 @@ pub(super) async fn get_remote_file(

 #[admin_command]
 pub(super) async fn get_remote_thumbnail(
-	&self, mxc: OwnedMxcUri, server: Option<OwnedServerName>, timeout: u32, width: u32, height: u32,
+	&self,
+	mxc: OwnedMxcUri,
+	server: Option<OwnedServerName>,
+	timeout: u32,
+	width: u32,
+	height: u32,
 ) -> Result<RoomMessageEventContent> {
 	let mxc: Mxc<'_> = mxc.as_str().try_into()?;
 	let timeout = Duration::from_millis(timeout.into());
@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{EventId, MxcUri, OwnedMxcUri, OwnedServerName, ServerName};

 use crate::admin_command_dispatch;
@@ -10,7 +10,7 @@ use crate::admin_command_dispatch;
 #[derive(Debug, Subcommand)]
 pub(super) enum MediaCommand {
 	/// - Deletes a single media file from our database and on the filesystem
-	///   via a single MXC URL
+	///   via a single MXC URL or event ID (not redacted)
 	Delete {
 		/// The MXC URL to delete
 		#[arg(long)]
@@ -23,37 +23,44 @@ pub(super) enum MediaCommand {
 	},

 	/// - Deletes a codeblock list of MXC URLs from our database and on the
-	///   filesystem
+	///   filesystem. This will always ignore errors.
 	DeleteList,

-	/// - Deletes all remote media in the last X amount of time using filesystem
-	///   metadata first created at date.
+	/// - Deletes all remote (and optionally local) media created before or
+	///   after \[duration] time using filesystem metadata first created at
+	///   date, or fallback to last modified date. This will always ignore
+	///   errors by default.
 	DeletePastRemoteMedia {
-		/// - The duration (at or after), e.g. "5m" to delete all media in the
-		///   past 5 minutes
+		/// - The relative time (e.g. 30s, 5m, 7d) within which to search
 		duration: String,

-		/// Continues deleting remote media if an undeletable object is found
-		#[arg(short, long)]
-		force: bool,
+		/// - Only delete media created more recently than \[duration] ago
+		#[arg(long, short)]
+		before: bool,
+
+		/// - Only delete media created after \[duration] ago
+		#[arg(long, short)]
+		after: bool,
+
+		/// - Long argument to additionally delete local media
+		#[arg(long)]
+		yes_i_want_to_delete_local_media: bool,
 	},

-	/// - Deletes all the local media from a local user on our server
+	/// - Deletes all the local media from a local user on our server. This will
+	///   always ignore errors by default.
 	DeleteAllFromUser {
 		username: String,
-
-		/// Continues deleting media if an undeletable object is found
-		#[arg(short, long)]
-		force: bool,
 	},

-	/// - Deletes all remote media from the specified remote server
+	/// - Deletes all remote media from the specified remote server. This will
+	///   always ignore errors by default.
 	DeleteAllFromServer {
 		server_name: Box<ServerName>,

-		/// Continues deleting media if an undeletable object is found
-		#[arg(short, long)]
-		force: bool,
+		/// Long argument to delete local media
+		#[arg(long)]
+		yes_i_want_to_delete_local_media: bool,
 	},

 	GetFileInfo {
@@ -82,10 +89,10 @@ pub(super) enum MediaCommand {
 		#[arg(short, long, default_value("10000"))]
 		timeout: u32,

-		#[arg(short, long)]
+		#[arg(short, long, default_value("800"))]
 		width: u32,

-		#[arg(short, long)]
+		#[arg(short, long, default_value("800"))]
 		height: u32,
 	},
 }
@@ -18,12 +18,12 @@ pub(crate) mod room;
 pub(crate) mod server;
 pub(crate) mod user;

-extern crate conduit_api as api;
-extern crate conduit_core as conduit;
-extern crate conduit_service as service;
+extern crate conduwuit_api as api;
+extern crate conduwuit_core as conduwuit;
+extern crate conduwuit_service as service;

-pub(crate) use conduit::Result;
-pub(crate) use conduit_macros::{admin_command, admin_command_dispatch};
+pub(crate) use conduwuit::Result;
+pub(crate) use conduwuit_macros::{admin_command, admin_command_dispatch};

 pub(crate) use crate::{
 	command::Command,
@@ -32,9 +32,9 @@ pub(crate) use crate::{

 pub(crate) const PAGE_SIZE: usize = 100;

-conduit::mod_ctor! {}
-conduit::mod_dtor! {}
-conduit::rustc_flags_capture! {}
+conduwuit::mod_ctor! {}
+conduwuit::mod_dtor! {}
+conduwuit::rustc_flags_capture! {}

 /// Install the admin command processor
 pub async fn init(admin_service: &service::admin::Service) {
@@ -6,7 +6,7 @@ use std::{
 };

 use clap::{CommandFactory, Parser};
-use conduit::{
+use conduwuit::{
 	debug, error,
 	log::{
 		capture,
@@ -15,9 +15,9 @@ use conduit::{
 	},
 	trace,
 	utils::string::{collect_stream, common_prefix},
-	Error, Result,
+	warn, Error, Result,
 };
-use futures_util::future::FutureExt;
+use futures::future::FutureExt;
 use ruma::{
 	events::{
 		relation::InReplyTo,
@@ -53,8 +53,8 @@ async fn handle_command(services: Arc<Services>, command: CommandInput) -> Proce

 async fn process_command(services: Arc<Services>, input: &CommandInput) -> ProcessorResult {
 	let (command, args, body) = match parse(&services, input) {
-		Err(error) => return Err(error),
-		Ok(parsed) => parsed,
+		| Err(error) => return Err(error),
+		| Ok(parsed) => parsed,
 	};

 	let context = Command {
@@ -68,7 +68,8 @@ async fn process_command(services: Arc<Services>, input: &CommandInput) -> Proce
 }

 fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
-	let link = "Please submit a [bug report](https://github.com/girlbossceo/conduwuit/issues/new). 🥺";
+	let link =
+		"Please submit a [bug report](https://github.com/girlbossceo/conduwuit/issues/new). 🥺";
 	let msg = format!("Panic occurred while processing command:\n```\n{error:#?}\n```\n{link}");
 	let content = RoomMessageEventContent::notice_markdown(msg);
 	error!("Panic while processing command: {error:?}");
@@ -76,7 +77,11 @@ fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
 }

 // Parse and process a message from the admin room
-async fn process(context: &Command<'_>, command: AdminCommand, args: &[String]) -> ProcessorResult {
+async fn process(
+	context: &Command<'_>,
+	command: AdminCommand,
+	args: &[String],
+) -> ProcessorResult {
 	let (capture, logs) = capture_create(context);

 	let capture_scope = capture.start();
@@ -100,11 +105,12 @@ async fn process(context: &Command<'_>, command: AdminCommand, args: &[String])
 	drop(logs);

 	match result {
-		Ok(content) => {
-			write!(&mut output, "{0}", content.body()).expect("failed to format command result to output buffer");
+		| Ok(content) => {
+			write!(&mut output, "{0}", content.body())
+				.expect("failed to format command result to output buffer");
 			Ok(Some(reply(RoomMessageEventContent::notice_markdown(output), context.reply_id)))
 		},
-		Err(error) => {
+		| Err(error) => {
 			write!(&mut output, "Command failed with error:\n```\n{error:#?}\n```")
 				.expect("failed to format command result to output");
 			Err(reply(RoomMessageEventContent::notice_markdown(output), context.reply_id))
@@ -114,14 +120,23 @@ async fn process(context: &Command<'_>, command: AdminCommand, args: &[String])

 fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {
 	let env_config = &context.services.server.config.admin_log_capture;
-	let env_filter = EnvFilter::try_new(env_config).unwrap_or_else(|_| "debug".into());
+	let env_filter = EnvFilter::try_new(env_config).unwrap_or_else(|e| {
+		warn!("admin_log_capture filter invalid: {e:?}");
+		cfg!(debug_assertions)
+			.then_some("debug")
+			.or(Some("info"))
+			.map(Into::into)
+			.expect("default capture EnvFilter")
+	});
+
 	let log_level = env_filter
 		.max_level_hint()
 		.and_then(LevelFilter::into_level)
 		.unwrap_or(Level::DEBUG);

-	let filter =
-		move |data: capture::Data<'_>| data.level() <= log_level && data.our_modules() && data.scope.contains(&"admin");
+	let filter = move |data: capture::Data<'_>| {
+		data.level() <= log_level && data.our_modules() && data.scope.contains(&"admin")
+	};

 	let logs = Arc::new(Mutex::new(
 		collect_stream(|s| markdown_table_head(s)).expect("markdown table header"),
@@ -138,21 +153,19 @@ fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {

 // Parse chat messages from the admin room into an AdminCommand object
 fn parse<'a>(
-	services: &Arc<Services>, input: &'a CommandInput,
+	services: &Arc<Services>,
+	input: &'a CommandInput,
 ) -> Result<(AdminCommand, Vec<String>, Vec<&'a str>), CommandOutput> {
 	let lines = input.command.lines().filter(|line| !line.trim().is_empty());
 	let command_line = lines.clone().next().expect("command missing first line");
 	let body = lines.skip(1).collect();
 	match parse_command(command_line) {
-		Ok((command, args)) => Ok((command, args, body)),
-		Err(error) => {
+		| Ok((command, args)) => Ok((command, args, body)),
+		| Err(error) => {
 			let message = error
 				.to_string()
 				.replace("server.name", services.globals.server_name().as_str());
-			Err(reply(
-				RoomMessageEventContent::notice_markdown(message),
-				input.reply_id.as_deref(),
-			))
+			Err(reply(RoomMessageEventContent::notice_plain(message), input.reply_id.as_deref()))
 		},
 	}
 }
@@ -250,11 +263,12 @@ fn parse_line(command_line: &str) -> Vec<String> {
 	argv
 }

-fn reply(mut content: RoomMessageEventContent, reply_id: Option<&EventId>) -> RoomMessageEventContent {
+fn reply(
+	mut content: RoomMessageEventContent,
+	reply_id: Option<&EventId>,
+) -> RoomMessageEventContent {
 	content.relates_to = reply_id.map(|event_id| Reply {
-		in_reply_to: InReplyTo {
-			event_id: event_id.to_owned(),
-		},
+		in_reply_to: InReplyTo { event_id: event_id.to_owned() },
 	});

 	content
@@ -1,9 +1,7 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{
-	events::{room::message::RoomMessageEventContent, RoomAccountDataEventType},
-	RoomId, UserId,
-};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, RoomId, UserId};

 use crate::Command;

@@ -25,41 +23,39 @@ pub(crate) enum AccountDataCommand {
 		/// Full user ID
 		user_id: Box<UserId>,
 		/// Account data event type
-		kind: RoomAccountDataEventType,
+		kind: String,
 		/// Optional room ID of the account data
 		room_id: Option<Box<RoomId>>,
 	},
 }

 /// All the getters and iterators from src/database/key_value/account_data.rs
-pub(super) async fn process(subcommand: AccountDataCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	subcommand: AccountDataCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		AccountDataCommand::ChangesSince {
-			user_id,
-			since,
-			room_id,
-		} => {
+		| AccountDataCommand::ChangesSince { user_id, since, room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services
+			let results: Vec<_> = services
 				.account_data
-				.changes_since(room_id.as_deref(), &user_id, since)?;
+				.changes_since(room_id.as_deref(), &user_id, since)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		AccountDataCommand::Get {
-			user_id,
-			kind,
-			room_id,
-		} => {
+		| AccountDataCommand::Get { user_id, kind, room_id } => {
 			let timer = tokio::time::Instant::now();
 			let results = services
 				.account_data
-				.get(room_id.as_deref(), &user_id, kind)?;
+				.get_raw(room_id.as_deref(), &user_id, &kind)
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -1,5 +1,5 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::Command;
@@ -18,27 +18,26 @@ pub(crate) enum AppserviceCommand {
 }

 /// All the getters and iterators from src/database/key_value/appservice.rs
-pub(super) async fn process(subcommand: AppserviceCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	subcommand: AppserviceCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		AppserviceCommand::GetRegistration {
-			appservice_id,
-		} => {
+		| AppserviceCommand::GetRegistration { appservice_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services
-				.appservice
-				.db
-				.get_registration(appservice_id.as_ref());
+			let results = services.appservice.get_registration(&appservice_id).await;
+
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		AppserviceCommand::All => {
+		| AppserviceCommand::All => {
 			let timer = tokio::time::Instant::now();
-			let results = services.appservice.all();
+			let results = services.appservice.all().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -1,5 +1,5 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{events::room::message::RoomMessageEventContent, ServerName};

 use crate::Command;
@@ -13,8 +13,6 @@ pub(crate) enum GlobalsCommand {

 	LastCheckForUpdatesId,

-	LoadKeypair,
-
 	/// - This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
 	///   for the server.
 	SigningKeysFor {
@@ -23,20 +21,23 @@ pub(crate) enum GlobalsCommand {
 }

 /// All the getters and iterators from src/database/key_value/globals.rs
-pub(super) async fn process(subcommand: GlobalsCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	subcommand: GlobalsCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		GlobalsCommand::DatabaseVersion => {
+		| GlobalsCommand::DatabaseVersion => {
 			let timer = tokio::time::Instant::now();
-			let results = services.globals.db.database_version();
+			let results = services.globals.db.database_version().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		GlobalsCommand::CurrentCount => {
+		| GlobalsCommand::CurrentCount => {
 			let timer = tokio::time::Instant::now();
 			let results = services.globals.db.current_count();
 			let query_time = timer.elapsed();
@@ -45,29 +46,18 @@ pub(super) async fn process(subcommand: GlobalsCommand, context: &Command<'_>) -
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		GlobalsCommand::LastCheckForUpdatesId => {
+		| GlobalsCommand::LastCheckForUpdatesId => {
 			let timer = tokio::time::Instant::now();
-			let results = services.updates.last_check_for_updates_id();
+			let results = services.updates.last_check_for_updates_id().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		GlobalsCommand::LoadKeypair => {
+		| GlobalsCommand::SigningKeysFor { origin } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.globals.db.load_keypair();
-			let query_time = timer.elapsed();
-
-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
-		},
-		GlobalsCommand::SigningKeysFor {
-			origin,
-		} => {
-			let timer = tokio::time::Instant::now();
-			let results = services.globals.db.verify_keys_for(&origin);
+			let results = services.server_keys.verify_keys_for(&origin).await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -2,6 +2,7 @@ mod account_data;
 mod appservice;
 mod globals;
 mod presence;
+mod pusher;
 mod resolver;
 mod room_alias;
 mod room_state_cache;
@@ -9,12 +10,13 @@ mod sending;
 mod users;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;

 use self::{
 	account_data::AccountDataCommand, appservice::AppserviceCommand, globals::GlobalsCommand,
-	presence::PresenceCommand, resolver::ResolverCommand, room_alias::RoomAliasCommand,
-	room_state_cache::RoomStateCacheCommand, sending::SendingCommand, users::UsersCommand,
+	presence::PresenceCommand, pusher::PusherCommand, resolver::ResolverCommand,
+	room_alias::RoomAliasCommand, room_state_cache::RoomStateCacheCommand,
+	sending::SendingCommand, users::UsersCommand,
 };
 use crate::admin_command_dispatch;

@@ -57,4 +59,8 @@ pub(super) enum QueryCommand {
 	/// - resolver service
 	#[command(subcommand)]
 	Resolver(ResolverCommand),
+
+	/// - pusher service
+	#[command(subcommand)]
+	Pusher(PusherCommand),
 }
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, UserId};

 use crate::Command;
@@ -22,31 +23,34 @@ pub(crate) enum PresenceCommand {
 }

 /// All the getters and iterators in key_value/presence.rs
-pub(super) async fn process(subcommand: PresenceCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	subcommand: PresenceCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		PresenceCommand::GetPresence {
-			user_id,
-		} => {
+		| PresenceCommand::GetPresence { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.presence.db.get_presence(&user_id)?;
+			let results = services.presence.db.get_presence(&user_id).await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		PresenceCommand::PresenceSince {
-			since,
-		} => {
+		| PresenceCommand::PresenceSince { since } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.presence.db.presence_since(since);
-			let presence_since: Vec<(_, _, _)> = results.collect();
+			let results: Vec<(_, _, _)> = services
+				.presence
+				.presence_since(since)
+				.map(|(user_id, count, bytes)| (user_id.to_owned(), count, bytes.to_vec()))
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{presence_since:#?}\n```"
+				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
 	}
@@ -0,0 +1,33 @@
+use clap::Subcommand;
+use conduwuit::Result;
+use ruma::{events::room::message::RoomMessageEventContent, UserId};
+
+use crate::Command;
+
+#[derive(Debug, Subcommand)]
+pub(crate) enum PusherCommand {
+	/// - Returns all the pushers for the user.
+	GetPushers {
+		/// Full user ID
+		user_id: Box<UserId>,
+	},
+}
+
+pub(super) async fn process(
+	subcommand: PusherCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
+	let services = context.services;
+
+	match subcommand {
+		| PusherCommand::GetPushers { user_id } => {
+			let timer = tokio::time::Instant::now();
+			let results = services.pusher.get_pushers(&user_id).await;
+			let query_time = timer.elapsed();
+
+			Ok(RoomMessageEventContent::notice_markdown(format!(
+				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
+			)))
+		},
+	}
+}
@@ -1,7 +1,7 @@
 use std::fmt::Write;

 use clap::Subcommand;
-use conduit::{utils::time, Result};
+use conduwuit::{utils::time, Result};
 use ruma::{events::room::message::RoomMessageEventContent, OwnedServerName};

 use crate::{admin_command, admin_command_dispatch};
@@ -22,20 +22,16 @@ pub(crate) enum ResolverCommand {
 }

 #[admin_command]
-async fn destinations_cache(&self, server_name: Option<OwnedServerName>) -> Result<RoomMessageEventContent> {
+async fn destinations_cache(
+	&self,
+	server_name: Option<OwnedServerName>,
+) -> Result<RoomMessageEventContent> {
 	use service::resolver::cache::CachedDest;

 	let mut out = String::new();
 	writeln!(out, "| Server Name | Destination | Hostname | Expires |")?;
 	writeln!(out, "| ----------- | ----------- | -------- | ------- |")?;
-	let row = |(
-		name,
-		&CachedDest {
-			ref dest,
-			ref host,
-			expire,
-		},
-	)| {
+	let row = |(name, &CachedDest { ref dest, ref host, expire })| {
 		let expire = time::format(expire, "%+");
 		writeln!(out, "| {name} | {dest} | {host} | {expire} |").expect("wrote line");
 	};
@@ -64,14 +60,7 @@ async fn overrides_cache(&self, server_name: Option<String>) -> Result<RoomMessa
 	let mut out = String::new();
 	writeln!(out, "| Server Name | IP  | Port | Expires |")?;
 	writeln!(out, "| ----------- | --- | ----:| ------- |")?;
-	let row = |(
-		name,
-		&CachedOverride {
-			ref ips,
-			port,
-			expire,
-		},
-	)| {
+	let row = |(name, &CachedOverride { ref ips, port, expire })| {
 		let expire = time::format(expire, "%+");
 		writeln!(out, "| {name} | {ips:?} | {port} | {expire} |").expect("wrote line");
 	};
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, RoomAliasId, RoomId};

 use crate::Command;
@@ -23,37 +24,46 @@ pub(crate) enum RoomAliasCommand {
 }

 /// All the getters and iterators in src/database/key_value/rooms/alias.rs
-pub(super) async fn process(subcommand: RoomAliasCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	subcommand: RoomAliasCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		RoomAliasCommand::ResolveLocalAlias {
-			alias,
-		} => {
+		| RoomAliasCommand::ResolveLocalAlias { alias } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.alias.resolve_local_alias(&alias);
+			let results = services.rooms.alias.resolve_local_alias(&alias).await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomAliasCommand::LocalAliasesForRoom {
-			room_id,
-		} => {
+		| RoomAliasCommand::LocalAliasesForRoom { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.alias.local_aliases_for_room(&room_id);
-			let aliases: Vec<_> = results.collect();
+			let aliases: Vec<_> = services
+				.rooms
+				.alias
+				.local_aliases_for_room(&room_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{aliases:#?}\n```"
 			)))
 		},
-		RoomAliasCommand::AllLocalAliases => {
+		| RoomAliasCommand::AllLocalAliases => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.alias.all_local_aliases();
-			let aliases: Vec<_> = results.collect();
+			let aliases = services
+				.rooms
+				.alias
+				.all_local_aliases()
+				.map(|(room_id, alias)| (room_id.to_owned(), alias.to_owned()))
+				.collect::<Vec<_>>()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, RoomId, ServerName, UserId};

 use crate::Command;
@@ -76,207 +77,228 @@ pub(crate) enum RoomStateCacheCommand {
 }

 pub(super) async fn process(
-	subcommand: RoomStateCacheCommand, context: &Command<'_>,
+	subcommand: RoomStateCacheCommand,
+	context: &Command<'_>,
 ) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		RoomStateCacheCommand::ServerInRoom {
-			server,
-			room_id,
-		} => {
+		| RoomStateCacheCommand::ServerInRoom { server, room_id } => {
 			let timer = tokio::time::Instant::now();
-			let result = services.rooms.state_cache.server_in_room(&server, &room_id);
+			let result = services
+				.rooms
+				.state_cache
+				.server_in_room(&server, &room_id)
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomServers {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomServers { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.room_servers(&room_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.room_servers(&room_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::ServerRooms {
-			server,
-		} => {
+		| RoomStateCacheCommand::ServerRooms { server } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.server_rooms(&server).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.server_rooms(&server)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomMembers {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomMembers { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.room_members(&room_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.room_members(&room_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::LocalUsersInRoom {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::LocalUsersInRoom { room_id } => {
 			let timer = tokio::time::Instant::now();
 			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.local_users_in_room(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::ActiveLocalUsersInRoom {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::ActiveLocalUsersInRoom { room_id } => {
 			let timer = tokio::time::Instant::now();
 			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.active_local_users_in_room(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomJoinedCount {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomJoinedCount { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.state_cache.room_joined_count(&room_id);
+			let results = services.rooms.state_cache.room_joined_count(&room_id).await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomInvitedCount {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomInvitedCount { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.state_cache.room_invited_count(&room_id);
+			let results = services
+				.rooms
+				.state_cache
+				.room_invited_count(&room_id)
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomUserOnceJoined {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomUserOnceJoined { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services
+			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.room_useroncejoined(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomMembersInvited {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomMembersInvited { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services
+			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.room_members_invited(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::GetInviteCount {
-			room_id,
-			user_id,
-		} => {
+		| RoomStateCacheCommand::GetInviteCount { room_id, user_id } => {
 			let timer = tokio::time::Instant::now();
 			let results = services
 				.rooms
 				.state_cache
-				.get_invite_count(&room_id, &user_id);
+				.get_invite_count(&room_id, &user_id)
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::GetLeftCount {
-			room_id,
-			user_id,
-		} => {
+		| RoomStateCacheCommand::GetLeftCount { room_id, user_id } => {
 			let timer = tokio::time::Instant::now();
 			let results = services
 				.rooms
 				.state_cache
-				.get_left_count(&room_id, &user_id);
+				.get_left_count(&room_id, &user_id)
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomsJoined {
-			user_id,
-		} => {
+		| RoomStateCacheCommand::RoomsJoined { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.rooms_joined(&user_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.rooms_joined(&user_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomsInvited {
-			user_id,
-		} => {
+		| RoomStateCacheCommand::RoomsInvited { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.rooms_invited(&user_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.rooms_invited(&user_id)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomsLeft {
-			user_id,
-		} => {
+		| RoomStateCacheCommand::RoomsLeft { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.rooms_left(&user_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.rooms_left(&user_id)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::InviteState {
-			user_id,
-			room_id,
-		} => {
+		| RoomStateCacheCommand::InviteState { user_id, room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.state_cache.invite_state(&user_id, &room_id);
+			let results = services
+				.rooms
+				.state_cache
+				.invite_state(&user_id, &room_id)
+				.await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, ServerName, UserId};
 use service::sending::Destination;

@@ -61,39 +62,46 @@ pub(crate) enum SendingCommand {
 }

 /// All the getters and iterators in key_value/sending.rs
-pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	subcommand: SendingCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		SendingCommand::ActiveRequests => {
+		| SendingCommand::ActiveRequests => {
 			let timer = tokio::time::Instant::now();
 			let results = services.sending.db.active_requests();
-			let active_requests: Result<Vec<(_, _, _)>> = results.collect();
+			let active_requests = results.collect::<Vec<_>>().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{active_requests:#?}\n```"
 			)))
 		},
-		SendingCommand::QueuedRequests {
+		| SendingCommand::QueuedRequests {
 			appservice_id,
 			server_name,
 			user_id,
 			push_key,
 		} => {
-			if appservice_id.is_none() && server_name.is_none() && user_id.is_none() && push_key.is_none() {
+			if appservice_id.is_none()
+				&& server_name.is_none()
+				&& user_id.is_none()
+				&& push_key.is_none()
+			{
 				return Ok(RoomMessageEventContent::text_plain(
-					"An appservice ID, server name, or a user ID with push key must be specified via arguments. See \
-					 --help for more details.",
+					"An appservice ID, server name, or a user ID with push key must be \
+					 specified via arguments. See --help for more details.",
 				));
 			}
 			let timer = tokio::time::Instant::now();
 			let results = match (appservice_id, server_name, user_id, push_key) {
-				(Some(appservice_id), None, None, None) => {
+				| (Some(appservice_id), None, None, None) => {
 					if appservice_id.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -102,15 +110,15 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.queued_requests(&Destination::Appservice(appservice_id))
 				},
-				(None, Some(server_name), None, None) => services
+				| (None, Some(server_name), None, None) => services
 					.sending
 					.db
-					.queued_requests(&Destination::Normal(server_name.into())),
-				(None, None, Some(user_id), Some(push_key)) => {
+					.queued_requests(&Destination::Federation(server_name.into())),
+				| (None, None, Some(user_id), Some(push_key)) => {
 					if push_key.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -119,47 +127,51 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.queued_requests(&Destination::Push(user_id.into(), push_key))
 				},
-				(Some(_), Some(_), Some(_), Some(_)) => {
+				| (Some(_), Some(_), Some(_), Some(_)) => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 Not all of them See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. Not all of them See --help for more details.",
 					));
 				},
-				_ => {
+				| _ => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. See --help for more details.",
 					));
 				},
 			};

-			let queued_requests = results.collect::<Result<Vec<(_, _)>>>();
+			let queued_requests = results.collect::<Vec<_>>().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{queued_requests:#?}\n```"
 			)))
 		},
-		SendingCommand::ActiveRequestsFor {
+		| SendingCommand::ActiveRequestsFor {
 			appservice_id,
 			server_name,
 			user_id,
 			push_key,
 		} => {
-			if appservice_id.is_none() && server_name.is_none() && user_id.is_none() && push_key.is_none() {
+			if appservice_id.is_none()
+				&& server_name.is_none()
+				&& user_id.is_none()
+				&& push_key.is_none()
+			{
 				return Ok(RoomMessageEventContent::text_plain(
-					"An appservice ID, server name, or a user ID with push key must be specified via arguments. See \
-					 --help for more details.",
+					"An appservice ID, server name, or a user ID with push key must be \
+					 specified via arguments. See --help for more details.",
 				));
 			}

 			let timer = tokio::time::Instant::now();
 			let results = match (appservice_id, server_name, user_id, push_key) {
-				(Some(appservice_id), None, None, None) => {
+				| (Some(appservice_id), None, None, None) => {
 					if appservice_id.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -168,15 +180,15 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.active_requests_for(&Destination::Appservice(appservice_id))
 				},
-				(None, Some(server_name), None, None) => services
+				| (None, Some(server_name), None, None) => services
 					.sending
 					.db
-					.active_requests_for(&Destination::Normal(server_name.into())),
-				(None, None, Some(user_id), Some(push_key)) => {
+					.active_requests_for(&Destination::Federation(server_name.into())),
+				| (None, None, Some(user_id), Some(push_key)) => {
 					if push_key.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -185,32 +197,30 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.active_requests_for(&Destination::Push(user_id.into(), push_key))
 				},
-				(Some(_), Some(_), Some(_), Some(_)) => {
+				| (Some(_), Some(_), Some(_), Some(_)) => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 Not all of them See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. Not all of them See --help for more details.",
 					));
 				},
-				_ => {
+				| _ => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. See --help for more details.",
 					));
 				},
 			};

-			let active_requests = results.collect::<Result<Vec<(_, _)>>>();
+			let active_requests = results.collect::<Vec<_>>().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{active_requests:#?}\n```"
 			)))
 		},
-		SendingCommand::GetLatestEduCount {
-			server_name,
-		} => {
+		| SendingCommand::GetLatestEduCount { server_name } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.sending.db.get_latest_educount(&server_name);
+			let results = services.sending.db.get_latest_educount(&server_name).await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -1,29 +1,378 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
+use conduwuit::Result;
+use futures::stream::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedDeviceId, OwnedRoomId, OwnedUserId,
+};

-use crate::Command;
+use crate::{admin_command, admin_command_dispatch};

+#[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/users.rs
 pub(crate) enum UsersCommand {
-	Iter,
+	CountUsers,
+
+	IterUsers,
+
+	PasswordHash {
+		user_id: OwnedUserId,
+	},
+
+	ListDevices {
+		user_id: OwnedUserId,
+	},
+
+	ListDevicesMetadata {
+		user_id: OwnedUserId,
+	},
+
+	GetDeviceMetadata {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetDevicesVersion {
+		user_id: OwnedUserId,
+	},
+
+	CountOneTimeKeys {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetDeviceKeys {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetUserSigningKey {
+		user_id: OwnedUserId,
+	},
+
+	GetMasterKey {
+		user_id: OwnedUserId,
+	},
+
+	GetToDeviceEvents {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetLatestBackup {
+		user_id: OwnedUserId,
+	},
+
+	GetLatestBackupVersion {
+		user_id: OwnedUserId,
+	},
+
+	GetBackupAlgorithm {
+		user_id: OwnedUserId,
+		version: String,
+	},
+
+	GetAllBackups {
+		user_id: OwnedUserId,
+		version: String,
+	},
+
+	GetRoomBackups {
+		user_id: OwnedUserId,
+		version: String,
+		room_id: OwnedRoomId,
+	},
+
+	GetBackupSession {
+		user_id: OwnedUserId,
+		version: String,
+		room_id: OwnedRoomId,
+		session_id: String,
+	},
 }

-/// All the getters and iterators in key_value/users.rs
-pub(super) async fn process(subcommand: UsersCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
-	let services = context.services;
+#[admin_command]
+async fn get_backup_session(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+	room_id: OwnedRoomId,
+	session_id: String,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_session(&user_id, &version, &room_id, &session_id)
+		.await;
+	let query_time = timer.elapsed();

-	match subcommand {
-		UsersCommand::Iter => {
-			let timer = tokio::time::Instant::now();
-			let results = services.users.db.iter();
-			let users = results.collect::<Vec<_>>();
-			let query_time = timer.elapsed();
-
-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{users:#?}\n```"
-			)))
-		},
-	}
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_room_backups(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+	room_id: OwnedRoomId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_room(&user_id, &version, &room_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_all_backups(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.key_backups.get_all(&user_id, &version).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_backup_algorithm(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_backup(&user_id, &version)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_latest_backup_version(
+	&self,
+	user_id: OwnedUserId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_latest_backup_version(&user_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_latest_backup(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.key_backups.get_latest_backup(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn iter_users(&self) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result: Vec<OwnedUserId> = self.services.users.stream().map(Into::into).collect().await;
+
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn count_users(&self) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.users.count().await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn password_hash(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.users.password_hash(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn list_devices(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let devices = self
+		.services
+		.users
+		.all_device_ids(&user_id)
+		.map(ToOwned::to_owned)
+		.collect::<Vec<_>>()
+		.await;
+
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{devices:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn list_devices_metadata(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let devices = self
+		.services
+		.users
+		.all_devices_metadata(&user_id)
+		.collect::<Vec<_>>()
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{devices:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_device_metadata(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let device = self
+		.services
+		.users
+		.get_device_metadata(&user_id, &device_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{device:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_devices_version(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let device = self.services.users.get_devicelist_version(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{device:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn count_one_time_keys(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.count_one_time_keys(&user_id, &device_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_device_keys(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.get_device_keys(&user_id, &device_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_user_signing_key(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.users.get_user_signing_key(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_master_key(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.get_master_key(None, &user_id, &|_| true)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_to_device_events(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.get_to_device_events(&user_id, &device_id)
+		.collect::<Vec<_>>()
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
 }
@@ -1,8 +1,11 @@
 use std::fmt::Write;

 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, RoomAliasId, RoomId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedRoomAliasId, OwnedRoomId, RoomId,
+};

 use crate::{escape_html, Command};

@@ -41,148 +44,151 @@ pub(crate) enum RoomAliasCommand {
 	},
 }

-pub(super) async fn process(command: RoomAliasCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	command: RoomAliasCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;
 	let server_user = &services.globals.server_user;

 	match command {
-		RoomAliasCommand::Set {
-			ref room_alias_localpart,
-			..
-		}
-		| RoomAliasCommand::Remove {
-			ref room_alias_localpart,
-		}
-		| RoomAliasCommand::Which {
-			ref room_alias_localpart,
-		} => {
-			let room_alias_str = format!("#{}:{}", room_alias_localpart, services.globals.server_name());
-			let room_alias = match RoomAliasId::parse_box(room_alias_str) {
-				Ok(alias) => alias,
-				Err(err) => return Ok(RoomMessageEventContent::text_plain(format!("Failed to parse alias: {err}"))),
+		| RoomAliasCommand::Set { ref room_alias_localpart, .. }
+		| RoomAliasCommand::Remove { ref room_alias_localpart }
+		| RoomAliasCommand::Which { ref room_alias_localpart } => {
+			let room_alias_str =
+				format!("#{}:{}", room_alias_localpart, services.globals.server_name());
+			let room_alias = match OwnedRoomAliasId::parse(room_alias_str) {
+				| Ok(alias) => alias,
+				| Err(err) =>
+					return Ok(RoomMessageEventContent::text_plain(format!(
+						"Failed to parse alias: {err}"
+					))),
 			};
 			match command {
-				RoomAliasCommand::Set {
-					force,
-					room_id,
-					..
-				} => match (force, services.rooms.alias.resolve_local_alias(&room_alias)) {
-					(true, Ok(Some(id))) => match services
-						.rooms
-						.alias
-						.set_alias(&room_alias, &room_id, server_user)
-					{
-						Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
-							"Successfully overwrote alias (formerly {id})"
+				| RoomAliasCommand::Set { force, room_id, .. } =>
+					match (force, services.rooms.alias.resolve_local_alias(&room_alias).await) {
+						| (true, Ok(id)) => {
+							match services.rooms.alias.set_alias(
+								&room_alias,
+								&room_id,
+								server_user,
+							) {
+								| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+									"Successfully overwrote alias (formerly {id})"
+								))),
+								| Err(err) => Ok(RoomMessageEventContent::text_plain(format!(
+									"Failed to remove alias: {err}"
+								))),
+							}
+						},
+						| (false, Ok(id)) => Ok(RoomMessageEventContent::text_plain(format!(
+							"Refusing to overwrite in use alias for {id}, use -f or --force to \
+							 overwrite"
 						))),
-						Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Failed to remove alias: {err}"))),
+						| (_, Err(_)) => {
+							match services.rooms.alias.set_alias(
+								&room_alias,
+								&room_id,
+								server_user,
+							) {
+								| Ok(()) => Ok(RoomMessageEventContent::text_plain(
+									"Successfully set alias",
+								)),
+								| Err(err) => Ok(RoomMessageEventContent::text_plain(format!(
+									"Failed to remove alias: {err}"
+								))),
+							}
+						},
 					},
-					(false, Ok(Some(id))) => Ok(RoomMessageEventContent::text_plain(format!(
-						"Refusing to overwrite in use alias for {id}, use -f or --force to overwrite"
-					))),
-					(_, Ok(None)) => match services
-						.rooms
-						.alias
-						.set_alias(&room_alias, &room_id, server_user)
-					{
-						Ok(()) => Ok(RoomMessageEventContent::text_plain("Successfully set alias")),
-						Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Failed to remove alias: {err}"))),
+				| RoomAliasCommand::Remove { .. } =>
+					match services.rooms.alias.resolve_local_alias(&room_alias).await {
+						| Ok(id) => match services
+							.rooms
+							.alias
+							.remove_alias(&room_alias, server_user)
+							.await
+						{
+							| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+								"Removed alias from {id}"
+							))),
+							| Err(err) => Ok(RoomMessageEventContent::text_plain(format!(
+								"Failed to remove alias: {err}"
+							))),
+						},
+						| Err(_) =>
+							Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
 					},
-					(_, Err(err)) => Ok(RoomMessageEventContent::text_plain(format!("Unable to lookup alias: {err}"))),
-				},
-				RoomAliasCommand::Remove {
-					..
-				} => match services.rooms.alias.resolve_local_alias(&room_alias) {
-					Ok(Some(id)) => match services
-						.rooms
-						.alias
-						.remove_alias(&room_alias, server_user)
-						.await
-					{
-						Ok(()) => Ok(RoomMessageEventContent::text_plain(format!("Removed alias from {id}"))),
-						Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Failed to remove alias: {err}"))),
+				| RoomAliasCommand::Which { .. } =>
+					match services.rooms.alias.resolve_local_alias(&room_alias).await {
+						| Ok(id) => Ok(RoomMessageEventContent::text_plain(format!(
+							"Alias resolves to {id}"
+						))),
+						| Err(_) =>
+							Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
 					},
-					Ok(None) => Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
-					Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to lookup alias: {err}"))),
-				},
-				RoomAliasCommand::Which {
-					..
-				} => match services.rooms.alias.resolve_local_alias(&room_alias) {
-					Ok(Some(id)) => Ok(RoomMessageEventContent::text_plain(format!("Alias resolves to {id}"))),
-					Ok(None) => Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
-					Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to lookup alias: {err}"))),
-				},
-				RoomAliasCommand::List {
-					..
-				} => unreachable!(),
+				| RoomAliasCommand::List { .. } => unreachable!(),
 			}
 		},
-		RoomAliasCommand::List {
-			room_id,
-		} => {
+		| RoomAliasCommand::List { room_id } =>
 			if let Some(room_id) = room_id {
-				let aliases = services
+				let aliases: Vec<OwnedRoomAliasId> = services
 					.rooms
 					.alias
 					.local_aliases_for_room(&room_id)
-					.collect::<Result<Vec<_>, _>>();
-				match aliases {
-					Ok(aliases) => {
-						let plain_list = aliases.iter().fold(String::new(), |mut output, alias| {
-							writeln!(output, "- {alias}").expect("should be able to write to string buffer");
-							output
-						});
+					.map(Into::into)
+					.collect()
+					.await;

-						let html_list = aliases.iter().fold(String::new(), |mut output, alias| {
-							writeln!(output, "<li>{}</li>", escape_html(alias.as_ref()))
-								.expect("should be able to write to string buffer");
-							output
-						});
+				let plain_list = aliases.iter().fold(String::new(), |mut output, alias| {
+					writeln!(output, "- {alias}")
+						.expect("should be able to write to string buffer");
+					output
+				});

-						let plain = format!("Aliases for {room_id}:\n{plain_list}");
-						let html = format!("Aliases for {room_id}:\n<ul>{html_list}</ul>");
-						Ok(RoomMessageEventContent::text_html(plain, html))
-					},
-					Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to list aliases: {err}"))),
-				}
+				let html_list = aliases.iter().fold(String::new(), |mut output, alias| {
+					writeln!(output, "<li>{}</li>", escape_html(alias.as_ref()))
+						.expect("should be able to write to string buffer");
+					output
+				});
+
+				let plain = format!("Aliases for {room_id}:\n{plain_list}");
+				let html = format!("Aliases for {room_id}:\n<ul>{html_list}</ul>");
+				Ok(RoomMessageEventContent::text_html(plain, html))
 			} else {
 				let aliases = services
 					.rooms
 					.alias
 					.all_local_aliases()
-					.collect::<Result<Vec<_>, _>>();
-				match aliases {
-					Ok(aliases) => {
-						let server_name = services.globals.server_name();
-						let plain_list = aliases
-							.iter()
-							.fold(String::new(), |mut output, (alias, id)| {
-								writeln!(output, "- `{alias}` -> #{id}:{server_name}")
-									.expect("should be able to write to string buffer");
-								output
-							});
+					.map(|(room_id, localpart)| (room_id.into(), localpart.into()))
+					.collect::<Vec<(OwnedRoomId, String)>>()
+					.await;

-						let html_list = aliases
-							.iter()
-							.fold(String::new(), |mut output, (alias, id)| {
-								writeln!(
-									output,
-									"<li><code>{}</code> -> #{}:{}</li>",
-									escape_html(alias.as_ref()),
-									escape_html(id.as_ref()),
-									server_name
-								)
-								.expect("should be able to write to string buffer");
-								output
-							});
+				let server_name = services.globals.server_name();
+				let plain_list = aliases
+					.iter()
+					.fold(String::new(), |mut output, (alias, id)| {
+						writeln!(output, "- `{alias}` -> #{id}:{server_name}")
+							.expect("should be able to write to string buffer");
+						output
+					});

-						let plain = format!("Aliases:\n{plain_list}");
-						let html = format!("Aliases:\n<ul>{html_list}</ul>");
-						Ok(RoomMessageEventContent::text_html(plain, html))
-					},
-					Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Unable to list room aliases: {e}"))),
-				}
-			}
-		},
+				let html_list = aliases
+					.iter()
+					.fold(String::new(), |mut output, (alias, id)| {
+						writeln!(
+							output,
+							"<li><code>{}</code> -> #{}:{}</li>",
+							escape_html(alias.as_ref()),
+							escape_html(id),
+							server_name
+						)
+						.expect("should be able to write to string buffer");
+						output
+					});
+
+				let plain = format!("Aliases:\n{plain_list}");
+				let html = format!("Aliases:\n<ul>{html_list}</ul>");
+				Ok(RoomMessageEventContent::text_html(plain, html))
+			},
 	}
 }
@@ -1,13 +1,16 @@
-use std::fmt::Write;
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId};

-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
-
-use crate::{admin_command, escape_html, get_room_info, PAGE_SIZE};
+use crate::{admin_command, get_room_info, PAGE_SIZE};

 #[admin_command]
 pub(super) async fn list_rooms(
-	&self, page: Option<usize>, exclude_disabled: bool, exclude_banned: bool,
+	&self,
+	page: Option<usize>,
+	exclude_disabled: bool,
+	exclude_banned: bool,
+	no_details: bool,
 ) -> Result<RoomMessageEventContent> {
 	// TODO: i know there's a way to do this with clap, but i can't seem to find it
 	let page = page.unwrap_or(1);
@@ -16,37 +19,18 @@ pub(super) async fn list_rooms(
 		.rooms
 		.metadata
 		.iter_ids()
-		.filter_map(|room_id| {
-			room_id
-				.ok()
-				.filter(|room_id| {
-					if exclude_disabled
-						&& self
-							.services
-							.rooms
-							.metadata
-							.is_disabled(room_id)
-							.unwrap_or(false)
-					{
-						return false;
-					}
-
-					if exclude_banned
-						&& self
-							.services
-							.rooms
-							.metadata
-							.is_banned(room_id)
-							.unwrap_or(false)
-					{
-						return false;
-					}
-
-					true
-				})
-				.map(|room_id| get_room_info(self.services, &room_id))
+		.filter_map(|room_id| async move {
+			(!exclude_disabled || !self.services.rooms.metadata.is_disabled(room_id).await)
+				.then_some(room_id)
 		})
-		.collect::<Vec<_>>();
+		.filter_map(|room_id| async move {
+			(!exclude_banned || !self.services.rooms.metadata.is_banned(room_id).await)
+				.then_some(room_id)
+		})
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect::<Vec<_>>()
+		.await;
+
 	rooms.sort_by_key(|r| r.1);
 	rooms.reverse();

@@ -61,29 +45,25 @@ pub(super) async fn list_rooms(
 	};

 	let output_plain = format!(
-		"Rooms:\n{}",
+		"Rooms ({}):\n```\n{}\n```",
+		rooms.len(),
 		rooms
 			.iter()
-			.map(|(id, members, name)| format!("{id}\tMembers: {members}\tName: {name}"))
+			.map(|(id, members, name)| if no_details {
+				format!("{id}")
+			} else {
+				format!("{id}\tMembers: {members}\tName: {name}")
+			})
 			.collect::<Vec<_>>()
 			.join("\n")
 	);
-	let output_html = format!(
-		"<table><caption>Room list - page \
-		 {page}</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-		rooms
-			.iter()
-			.fold(String::new(), |mut output, (id, members, name)| {
-				writeln!(
-					output,
-					"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-					escape_html(id.as_ref()),
-					members,
-					escape_html(name)
-				)
-				.expect("should be able to write to string buffer");
-				output
-			})
-	);
-	Ok(RoomMessageEventContent::text_html(output_plain, output_html))
+
+	Ok(RoomMessageEventContent::notice_markdown(output_plain))
+}
+
+#[admin_command]
+pub(super) async fn exists(&self, room_id: OwnedRoomId) -> Result<RoomMessageEventContent> {
+	let result = self.services.rooms.metadata.exists(&room_id).await;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{result}")))
 }
@@ -1,10 +1,9 @@
-use std::fmt::Write;
-
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId, RoomId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, RoomId};

-use crate::{escape_html, get_room_info, Command, PAGE_SIZE};
+use crate::{get_room_info, Command, PAGE_SIZE};

 #[derive(Debug, Subcommand)]
 pub(crate) enum RoomDirectoryCommand {
@@ -26,72 +25,55 @@ pub(crate) enum RoomDirectoryCommand {
 	},
 }

-pub(super) async fn process(command: RoomDirectoryCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(
+	command: RoomDirectoryCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;
 	match command {
-		RoomDirectoryCommand::Publish {
-			room_id,
-		} => match services.rooms.directory.set_public(&room_id) {
-			Ok(()) => Ok(RoomMessageEventContent::text_plain("Room published")),
-			Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to update room: {err}"))),
+		| RoomDirectoryCommand::Publish { room_id } => {
+			services.rooms.directory.set_public(&room_id);
+			Ok(RoomMessageEventContent::notice_plain("Room published"))
 		},
-		RoomDirectoryCommand::Unpublish {
-			room_id,
-		} => match services.rooms.directory.set_not_public(&room_id) {
-			Ok(()) => Ok(RoomMessageEventContent::text_plain("Room unpublished")),
-			Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to update room: {err}"))),
+		| RoomDirectoryCommand::Unpublish { room_id } => {
+			services.rooms.directory.set_not_public(&room_id);
+			Ok(RoomMessageEventContent::notice_plain("Room unpublished"))
 		},
-		RoomDirectoryCommand::List {
-			page,
-		} => {
+		| RoomDirectoryCommand::List { page } => {
 			// TODO: i know there's a way to do this with clap, but i can't seem to find it
 			let page = page.unwrap_or(1);
-			let mut rooms = services
+			let mut rooms: Vec<_> = services
 				.rooms
 				.directory
 				.public_rooms()
-				.filter_map(Result::ok)
-				.map(|id: OwnedRoomId| get_room_info(services, &id))
-				.collect::<Vec<_>>();
+				.then(|room_id| get_room_info(services, room_id))
+				.collect()
+				.await;
+
 			rooms.sort_by_key(|r| r.1);
 			rooms.reverse();

-			let rooms = rooms
+			let rooms: Vec<_> = rooms
 				.into_iter()
 				.skip(page.saturating_sub(1).saturating_mul(PAGE_SIZE))
 				.take(PAGE_SIZE)
-				.collect::<Vec<_>>();
+				.collect();

 			if rooms.is_empty() {
 				return Ok(RoomMessageEventContent::text_plain("No more rooms."));
 			};

-			let output_plain = format!(
-				"Rooms:\n{}",
+			let output = format!(
+				"Rooms (page {page}):\n```\n{}\n```",
 				rooms
 					.iter()
-					.map(|(id, members, name)| format!("{id}\tMembers: {members}\tName: {name}"))
+					.map(|(id, members, name)| format!(
+						"{id} | Members: {members} | Name: {name}"
+					))
 					.collect::<Vec<_>>()
 					.join("\n")
 			);
-			let output_html = format!(
-				"<table><caption>Room directory - page \
-				 {page}</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-				rooms
-					.iter()
-					.fold(String::new(), |mut output, (id, members, name)| {
-						writeln!(
-							output,
-							"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-							escape_html(id.as_ref()),
-							members,
-							escape_html(name.as_ref())
-						)
-						.expect("should be able to write to string buffer");
-						output
-					})
-			);
-			Ok(RoomMessageEventContent::text_html(output_plain, output_html))
+			Ok(RoomMessageEventContent::text_markdown(output))
 		},
 	}
 }
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::{utils::ReadyExt, Result};
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, RoomId};

 use crate::{admin_command, admin_command_dispatch};
@@ -10,6 +11,10 @@ pub(crate) enum RoomInfoCommand {
 	/// - List joined members in a room
 	ListJoinedMembers {
 		room_id: Box<RoomId>,
+
+		/// Lists only our local users in the specified room
+		#[arg(long)]
+		local_only: bool,
 	},

 	/// - Displays room topic
@@ -22,44 +27,50 @@ pub(crate) enum RoomInfoCommand {
 }

 #[admin_command]
-async fn list_joined_members(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
+async fn list_joined_members(
+	&self,
+	room_id: Box<RoomId>,
+	local_only: bool,
+) -> Result<RoomMessageEventContent> {
 	let room_name = self
 		.services
 		.rooms
 		.state_accessor
 		.get_name(&room_id)
-		.ok()
-		.flatten()
-		.unwrap_or_else(|| room_id.to_string());
+		.await
+		.unwrap_or_else(|_| room_id.to_string());

-	let members = self
+	let member_info: Vec<_> = self
 		.services
 		.rooms
 		.state_cache
 		.room_members(&room_id)
-		.filter_map(Result::ok);
-
-	let member_info = members
-		.into_iter()
-		.map(|user_id| {
-			(
-				user_id.clone(),
+		.ready_filter(|user_id| {
+			local_only
+				.then(|| self.services.globals.user_is_local(user_id))
+				.unwrap_or(true)
+		})
+		.map(ToOwned::to_owned)
+		.filter_map(|user_id| async move {
+			Some((
 				self.services
 					.users
 					.displayname(&user_id)
-					.unwrap_or(None)
-					.unwrap_or_else(|| user_id.to_string()),
-			)
+					.await
+					.unwrap_or_else(|_| user_id.to_string()),
+				user_id,
+			))
 		})
-		.collect::<Vec<_>>();
+		.collect()
+		.await;

 	let output_plain = format!(
 		"{} Members in Room \"{}\":\n```\n{}\n```",
 		member_info.len(),
 		room_name,
 		member_info
-			.iter()
-			.map(|(mxid, displayname)| format!("{mxid} | {displayname}"))
+			.into_iter()
+			.map(|(displayname, mxid)| format!("{mxid} | {displayname}"))
 			.collect::<Vec<_>>()
 			.join("\n")
 	);
@@ -69,11 +80,12 @@ async fn list_joined_members(&self, room_id: Box<RoomId>) -> Result<RoomMessageE

 #[admin_command]
 async fn view_room_topic(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	let Some(room_topic) = self
+	let Ok(room_topic) = self
 		.services
 		.rooms
 		.state_accessor
-		.get_room_topic(&room_id)?
+		.get_room_topic(&room_id)
+		.await
 	else {
 		return Ok(RoomMessageEventContent::text_plain("Room does not have a room topic set."));
 	};
@@ -5,10 +5,12 @@ mod info;
 mod moderation;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use ruma::OwnedRoomId;

 use self::{
-	alias::RoomAliasCommand, directory::RoomDirectoryCommand, info::RoomInfoCommand, moderation::RoomModerationCommand,
+	alias::RoomAliasCommand, directory::RoomDirectoryCommand, info::RoomInfoCommand,
+	moderation::RoomModerationCommand,
 };
 use crate::admin_command_dispatch;

@@ -27,6 +29,11 @@ pub(super) enum RoomCommand {
 		/// Excludes rooms that we have banned
 		#[arg(long)]
 		exclude_banned: bool,
+
+		#[arg(long)]
+		/// Whether to only output room IDs without supplementary room
+		/// information
+		no_details: bool,
 	},

 	#[command(subcommand)]
@@ -44,4 +51,9 @@ pub(super) enum RoomCommand {
 	#[command(subcommand)]
 	/// - Manage the room directory
 	Directory(RoomDirectoryCommand),
+
+	/// - Check if we know about a room
+	Exists {
+		room_id: OwnedRoomId,
+	},
 }
@@ -1,7 +1,15 @@
 use api::client::leave_room;
 use clap::Subcommand;
-use conduit::{debug, error, info, warn, Result};
-use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId, RoomAliasId, RoomId, RoomOrAliasId};
+use conduwuit::{
+	debug, error, info,
+	utils::{IterStream, ReadyExt},
+	warn, Result,
+};
+use futures::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedRoomId, RoomAliasId, RoomId,
+	RoomOrAliasId,
+};

 use crate::{admin_command, admin_command_dispatch, get_room_info};

@@ -70,13 +78,16 @@ pub(crate) enum RoomModerationCommand {

 #[admin_command]
 async fn ban_room(
-	&self, force: bool, disable_federation: bool, room: Box<RoomOrAliasId>,
+	&self,
+	force: bool,
+	disable_federation: bool,
+	room: Box<RoomOrAliasId>,
 ) -> Result<RoomMessageEventContent> {
 	debug!("Got room alias or ID: {}", room);

 	let admin_room_alias = &self.services.globals.admin_alias;

-	if let Some(admin_room_id) = self.services.admin.get_admin_room()? {
+	if let Ok(admin_room_id) = self.services.admin.get_admin_room().await {
 		if room.to_string().eq(&admin_room_id) || room.to_string().eq(admin_room_alias) {
 			return Ok(RoomMessageEventContent::text_plain("Not allowed to ban the admin room."));
 		}
@@ -84,129 +95,128 @@ async fn ban_room(

 	let room_id = if room.is_room_id() {
 		let room_id = match RoomId::parse(&room) {
-			Ok(room_id) => room_id,
-			Err(e) => {
+			| Ok(room_id) => room_id,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!("Room specified is a room ID, banning room ID");
+		self.services.rooms.metadata.ban_room(room_id, true);

-		self.services.rooms.metadata.ban_room(&room_id, true)?;
-
-		room_id
+		room_id.to_owned()
 	} else if room.is_room_alias_id() {
 		let room_alias = match RoomAliasId::parse(&room) {
-			Ok(room_alias) => room_alias,
-			Err(e) => {
+			| Ok(room_alias) => room_alias,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!(
-			"Room specified is not a room ID, attempting to resolve room alias to a room ID locally, if not using \
-			 get_alias_helper to fetch room ID remotely"
+			"Room specified is not a room ID, attempting to resolve room alias to a room ID \
+			 locally, if not using get_alias_helper to fetch room ID remotely"
 		);

-		let room_id = if let Some(room_id) = self.services.rooms.alias.resolve_local_alias(&room_alias)? {
+		let room_id = if let Ok(room_id) = self
+			.services
+			.rooms
+			.alias
+			.resolve_local_alias(room_alias)
+			.await
+		{
 			room_id
 		} else {
-			debug!("We don't have this room alias to a room ID locally, attempting to fetch room ID over federation");
+			debug!(
+				"We don't have this room alias to a room ID locally, attempting to fetch room \
+				 ID over federation"
+			);

 			match self
 				.services
 				.rooms
 				.alias
-				.resolve_alias(&room_alias, None)
+				.resolve_alias(room_alias, None)
 				.await
 			{
-				Ok((room_id, servers)) => {
-					debug!(?room_id, ?servers, "Got federation response fetching room ID for {room}");
+				| Ok((room_id, servers)) => {
+					debug!(
+						?room_id,
+						?servers,
+						"Got federation response fetching room ID for {room_id}"
+					);
 					room_id
 				},
-				Err(e) => {
+				| Err(e) => {
 					return Ok(RoomMessageEventContent::notice_plain(format!(
-						"Failed to resolve room alias {room} to a room ID: {e}"
+						"Failed to resolve room alias {room_alias} to a room ID: {e}"
 					)));
 				},
 			}
 		};

-		self.services.rooms.metadata.ban_room(&room_id, true)?;
+		self.services.rooms.metadata.ban_room(&room_id, true);

 		room_id
 	} else {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Room specified is not a room ID or room alias. Please note that this requires a full room ID \
-			 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`)",
+			"Room specified is not a room ID or room alias. Please note that this requires a \
+			 full room ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+			 (`#roomalias:example.com`)",
 		));
 	};

 	debug!("Making all users leave the room {}", &room);
 	if force {
-		for local_user in self
+		let mut users = self
 			.services
 			.rooms
 			.state_cache
 			.room_members(&room_id)
-			.filter_map(|user| {
-				user.ok().filter(|local_user| {
-					self.services.globals.user_is_local(local_user)
-								// additional wrapped check here is to avoid adding remote users
-								// who are in the admin room to the list of local users (would
-								// fail auth check)
-								&& (self.services.globals.user_is_local(local_user)
-									// since this is a force operation, assume user is an admin
-									// if somehow this fails
-									&& self.services
-										.users
-										.is_admin(local_user)
-										.unwrap_or(true))
-				})
-			}) {
+			.ready_filter(|user| self.services.globals.user_is_local(user))
+			.boxed();
+
+		while let Some(local_user) = users.next().await {
 			debug!(
-				"Attempting leave for user {} in room {} (forced, ignoring all errors, evicting admins too)",
-				&local_user, &room_id
+				"Attempting leave for user {local_user} in room {room_id} (forced, ignoring all \
+				 errors, evicting admins too)",
 			);

-			if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+			if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 				warn!(%e, "Failed to leave room");
 			}
 		}
 	} else {
-		for local_user in self
+		let mut users = self
 			.services
 			.rooms
 			.state_cache
 			.room_members(&room_id)
-			.filter_map(|user| {
-				user.ok().filter(|local_user| {
-					local_user.server_name() == self.services.globals.server_name()
-								// additional wrapped check here is to avoid adding remote users
-								// who are in the admin room to the list of local users (would fail auth check)
-								&& (local_user.server_name()
-									== self.services.globals.server_name()
-									&& !self.services
-										.users
-										.is_admin(local_user)
-										.unwrap_or(false))
-				})
-			}) {
+			.ready_filter(|user| self.services.globals.user_is_local(user))
+			.boxed();
+
+		while let Some(local_user) = users.next().await {
+			if self.services.users.is_admin(local_user).await {
+				continue;
+			}
+
 			debug!("Attempting leave for user {} in room {}", &local_user, &room_id);
-			if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+			if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 				error!(
-					"Error attempting to make local user {} leave room {} during room banning: {}",
+					"Error attempting to make local user {} leave room {} during room banning: \
+					 {}",
 					&local_user, &room_id, e
 				);
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Error attempting to make local user {} leave room {} during room banning (room is still banned \
-					 but not removing any more users): {}\nIf you would like to ignore errors, use --force",
+					"Error attempting to make local user {} leave room {} during room banning \
+					 (room is still banned but not removing any more users): {}\nIf you would \
+					 like to ignore errors, use --force",
 					&local_user, &room_id, e
 				)));
 			}
@@ -214,12 +224,14 @@ async fn ban_room(
 	}

 	// remove any local aliases, ignore errors
-	for ref local_alias in self
+	for local_alias in &self
 		.services
 		.rooms
 		.alias
 		.local_aliases_for_room(&room_id)
-		.filter_map(Result::ok)
+		.map(ToOwned::to_owned)
+		.collect::<Vec<_>>()
+		.await
 	{
 		_ = self
 			.services
@@ -230,24 +242,31 @@ async fn ban_room(
 	}

 	// unpublish from room directory, ignore errors
-	_ = self.services.rooms.directory.set_not_public(&room_id);
+	self.services.rooms.directory.set_not_public(&room_id);

 	if disable_federation {
-		self.services.rooms.metadata.disable_room(&room_id, true)?;
+		self.services.rooms.metadata.disable_room(&room_id, true);
 		return Ok(RoomMessageEventContent::text_plain(
-			"Room banned, removed all our local users, and disabled incoming federation with room.",
+			"Room banned, removed all our local users, and disabled incoming federation with \
+			 room.",
 		));
 	}

 	Ok(RoomMessageEventContent::text_plain(
-		"Room banned and removed all our local users, use `!admin federation disable-room` to stop receiving new \
-		 inbound federation events as well if needed.",
+		"Room banned and removed all our local users, use `!admin federation disable-room` to \
+		 stop receiving new inbound federation events as well if needed.",
 	))
 }

 #[admin_command]
-async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+async fn ban_list_of_rooms(
+	&self,
+	force: bool,
+	disable_federation: bool,
+) -> Result<RoomMessageEventContent> {
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -267,9 +286,10 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu

 	for &room in &rooms_s {
 		match <&RoomOrAliasId>::try_from(room) {
-			Ok(room_alias_or_id) => {
-				if let Some(admin_room_id) = self.services.admin.get_admin_room()? {
-					if room.to_owned().eq(&admin_room_id) || room.to_owned().eq(admin_room_alias) {
+			| Ok(room_alias_or_id) => {
+				if let Ok(admin_room_id) = self.services.admin.get_admin_room().await {
+					if room.to_owned().eq(&admin_room_id) || room.to_owned().eq(admin_room_alias)
+					{
 						info!("User specified admin room in bulk ban list, ignoring");
 						continue;
 					}
@@ -277,175 +297,167 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu

 				if room_alias_or_id.is_room_id() {
 					let room_id = match RoomId::parse(room_alias_or_id) {
-						Ok(room_id) => room_id,
-						Err(e) => {
+						| Ok(room_id) => room_id,
+						| Err(e) => {
 							if force {
 								// ignore rooms we failed to parse if we're force banning
 								warn!(
-									"Error parsing room \"{room}\" during bulk room banning, ignoring error and \
-									 logging here: {e}"
+									"Error parsing room \"{room}\" during bulk room banning, \
+									 ignoring error and logging here: {e}"
 								);
 								continue;
 							}

 							return Ok(RoomMessageEventContent::text_plain(format!(
-								"{room} is not a valid room ID or room alias, please fix the list and try again: {e}"
+								"{room} is not a valid room ID or room alias, please fix the \
+								 list and try again: {e}"
 							)));
 						},
 					};

-					room_ids.push(room_id);
+					room_ids.push(room_id.to_owned());
 				}

 				if room_alias_or_id.is_room_alias_id() {
 					match RoomAliasId::parse(room_alias_or_id) {
-						Ok(room_alias) => {
-							let room_id =
-								if let Some(room_id) = self.services.rooms.alias.resolve_local_alias(&room_alias)? {
-									room_id
-								} else {
-									debug!(
-										"We don't have this room alias to a room ID locally, attempting to fetch room \
-										 ID over federation"
-									);
+						| Ok(room_alias) => {
+							let room_id = if let Ok(room_id) = self
+								.services
+								.rooms
+								.alias
+								.resolve_local_alias(room_alias)
+								.await
+							{
+								room_id
+							} else {
+								debug!(
+									"We don't have this room alias to a room ID locally, \
+									 attempting to fetch room ID over federation"
+								);

-									match self
-										.services
-										.rooms
-										.alias
-										.resolve_alias(&room_alias, None)
-										.await
-									{
-										Ok((room_id, servers)) => {
-											debug!(
-												?room_id,
-												?servers,
-												"Got federation response fetching room ID for {room}",
+								match self
+									.services
+									.rooms
+									.alias
+									.resolve_alias(room_alias, None)
+									.await
+								{
+									| Ok((room_id, servers)) => {
+										debug!(
+											?room_id,
+											?servers,
+											"Got federation response fetching room ID for {room}",
+										);
+										room_id
+									},
+									| Err(e) => {
+										// don't fail if force blocking
+										if force {
+											warn!(
+												"Failed to resolve room alias {room} to a room \
+												 ID: {e}"
 											);
-											room_id
-										},
-										Err(e) => {
-											// don't fail if force blocking
-											if force {
-												warn!("Failed to resolve room alias {room} to a room ID: {e}");
-												continue;
-											}
+											continue;
+										}

-											return Ok(RoomMessageEventContent::text_plain(format!(
-												"Failed to resolve room alias {room} to a room ID: {e}"
-											)));
-										},
-									}
-								};
+										return Ok(RoomMessageEventContent::text_plain(format!(
+											"Failed to resolve room alias {room} to a room ID: \
+											 {e}"
+										)));
+									},
+								}
+							};

 							room_ids.push(room_id);
 						},
-						Err(e) => {
+						| Err(e) => {
 							if force {
 								// ignore rooms we failed to parse if we're force deleting
 								error!(
-									"Error parsing room \"{room}\" during bulk room banning, ignoring error and \
-									 logging here: {e}"
+									"Error parsing room \"{room}\" during bulk room banning, \
+									 ignoring error and logging here: {e}"
 								);
 								continue;
 							}

 							return Ok(RoomMessageEventContent::text_plain(format!(
-								"{room} is not a valid room ID or room alias, please fix the list and try again: {e}"
+								"{room} is not a valid room ID or room alias, please fix the \
+								 list and try again: {e}"
 							)));
 						},
 					}
 				}
 			},
-			Err(e) => {
+			| Err(e) => {
 				if force {
 					// ignore rooms we failed to parse if we're force deleting
 					error!(
-						"Error parsing room \"{room}\" during bulk room banning, ignoring error and logging here: {e}"
+						"Error parsing room \"{room}\" during bulk room banning, ignoring error \
+						 and logging here: {e}"
 					);
 					continue;
 				}

 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"{room} is not a valid room ID or room alias, please fix the list and try again: {e}"
+					"{room} is not a valid room ID or room alias, please fix the list and try \
+					 again: {e}"
 				)));
 			},
 		}
 	}

 	for room_id in room_ids {
-		if self
-			.services
-			.rooms
-			.metadata
-			.ban_room(&room_id, true)
-			.is_ok()
-		{
-			debug!("Banned {room_id} successfully");
-			room_ban_count = room_ban_count.saturating_add(1);
-		}
+		self.services.rooms.metadata.ban_room(&room_id, true);
+
+		debug!("Banned {room_id} successfully");
+		room_ban_count = room_ban_count.saturating_add(1);

 		debug!("Making all users leave the room {}", &room_id);
 		if force {
-			for local_user in self
+			let mut users = self
 				.services
 				.rooms
 				.state_cache
 				.room_members(&room_id)
-				.filter_map(|user| {
-					user.ok().filter(|local_user| {
-						local_user.server_name() == self.services.globals.server_name()
-										// additional wrapped check here is to avoid adding remote
-										// users who are in the admin room to the list of local
-										// users (would fail auth check)
-										&& (local_user.server_name()
-											== self.services.globals.server_name()
-											// since this is a force operation, assume user is an
-											// admin if somehow this fails
-											&& self.services
-												.users
-												.is_admin(local_user)
-												.unwrap_or(true))
-					})
-				}) {
+				.ready_filter(|user| self.services.globals.user_is_local(user))
+				.boxed();
+
+			while let Some(local_user) = users.next().await {
 				debug!(
-					"Attempting leave for user {} in room {} (forced, ignoring all errors, evicting admins too)",
-					&local_user, room_id
+					"Attempting leave for user {local_user} in room {room_id} (forced, ignoring \
+					 all errors, evicting admins too)",
 				);
-				if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+
+				if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 					warn!(%e, "Failed to leave room");
 				}
 			}
 		} else {
-			for local_user in self
+			let mut users = self
 				.services
 				.rooms
 				.state_cache
 				.room_members(&room_id)
-				.filter_map(|user| {
-					user.ok().filter(|local_user| {
-						local_user.server_name() == self.services.globals.server_name()
-										// additional wrapped check here is to avoid adding remote
-										// users who are in the admin room to the list of local
-										// users (would fail auth check)
-										&& (local_user.server_name()
-											== self.services.globals.server_name()
-											&& !self.services
-												.users
-												.is_admin(local_user)
-												.unwrap_or(false))
-					})
-				}) {
-				debug!("Attempting leave for user {} in room {}", &local_user, &room_id);
-				if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+				.ready_filter(|user| self.services.globals.user_is_local(user))
+				.boxed();
+
+			while let Some(local_user) = users.next().await {
+				if self.services.users.is_admin(local_user).await {
+					continue;
+				}
+
+				debug!("Attempting leave for user {local_user} in room {room_id}");
+				if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 					error!(
-						"Error attempting to make local user {} leave room {} during bulk room banning: {}",
-						&local_user, &room_id, e
+						"Error attempting to make local user {local_user} leave room {room_id} \
+						 during bulk room banning: {e}",
 					);
+
 					return Ok(RoomMessageEventContent::text_plain(format!(
-						"Error attempting to make local user {} leave room {} during room banning (room is still \
-						 banned but not removing any more users and not banning any more rooms): {}\nIf you would \
-						 like to ignore errors, use --force",
+						"Error attempting to make local user {} leave room {} during room \
+						 banning (room is still banned but not removing any more users and not \
+						 banning any more rooms): {}\nIf you would like to ignore errors, use \
+						 --force",
 						&local_user, &room_id, e
 					)));
 				}
@@ -453,33 +465,33 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu
 		}

 		// remove any local aliases, ignore errors
-		for ref local_alias in self
-			.services
+		self.services
 			.rooms
 			.alias
 			.local_aliases_for_room(&room_id)
-			.filter_map(Result::ok)
-		{
-			_ = self
-				.services
-				.rooms
-				.alias
-				.remove_alias(local_alias, &self.services.globals.server_user)
-				.await;
-		}
+			.map(ToOwned::to_owned)
+			.for_each(|local_alias| async move {
+				self.services
+					.rooms
+					.alias
+					.remove_alias(&local_alias, &self.services.globals.server_user)
+					.await
+					.ok();
+			})
+			.await;

 		// unpublish from room directory, ignore errors
-		_ = self.services.rooms.directory.set_not_public(&room_id);
+		self.services.rooms.directory.set_not_public(&room_id);

 		if disable_federation {
-			self.services.rooms.metadata.disable_room(&room_id, true)?;
+			self.services.rooms.metadata.disable_room(&room_id, true);
 		}
 	}

 	if disable_federation {
 		Ok(RoomMessageEventContent::text_plain(format!(
-			"Finished bulk room ban, banned {room_ban_count} total rooms, evicted all users, and disabled incoming \
-			 federation with the room."
+			"Finished bulk room ban, banned {room_ban_count} total rooms, evicted all users, \
+			 and disabled incoming federation with the room."
 		)))
 	} else {
 		Ok(RoomMessageEventContent::text_plain(format!(
@@ -489,56 +501,72 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu
 }

 #[admin_command]
-async fn unban_room(&self, enable_federation: bool, room: Box<RoomOrAliasId>) -> Result<RoomMessageEventContent> {
+async fn unban_room(
+	&self,
+	enable_federation: bool,
+	room: Box<RoomOrAliasId>,
+) -> Result<RoomMessageEventContent> {
 	let room_id = if room.is_room_id() {
 		let room_id = match RoomId::parse(&room) {
-			Ok(room_id) => room_id,
-			Err(e) => {
+			| Ok(room_id) => room_id,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!("Room specified is a room ID, unbanning room ID");
+		self.services.rooms.metadata.ban_room(room_id, false);

-		self.services.rooms.metadata.ban_room(&room_id, false)?;
-
-		room_id
+		room_id.to_owned()
 	} else if room.is_room_alias_id() {
 		let room_alias = match RoomAliasId::parse(&room) {
-			Ok(room_alias) => room_alias,
-			Err(e) => {
+			| Ok(room_alias) => room_alias,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!(
-			"Room specified is not a room ID, attempting to resolve room alias to a room ID locally, if not using \
-			 get_alias_helper to fetch room ID remotely"
+			"Room specified is not a room ID, attempting to resolve room alias to a room ID \
+			 locally, if not using get_alias_helper to fetch room ID remotely"
 		);

-		let room_id = if let Some(room_id) = self.services.rooms.alias.resolve_local_alias(&room_alias)? {
+		let room_id = if let Ok(room_id) = self
+			.services
+			.rooms
+			.alias
+			.resolve_local_alias(room_alias)
+			.await
+		{
 			room_id
 		} else {
-			debug!("We don't have this room alias to a room ID locally, attempting to fetch room ID over federation");
+			debug!(
+				"We don't have this room alias to a room ID locally, attempting to fetch room \
+				 ID over federation"
+			);

 			match self
 				.services
 				.rooms
 				.alias
-				.resolve_alias(&room_alias, None)
+				.resolve_alias(room_alias, None)
 				.await
 			{
-				Ok((room_id, servers)) => {
-					debug!(?room_id, ?servers, "Got federation response fetching room ID for room {room}");
+				| Ok((room_id, servers)) => {
+					debug!(
+						?room_id,
+						?servers,
+						"Got federation response fetching room ID for room {room}"
+					);
 					room_id
 				},
-				Err(e) => {
+				| Err(e) => {
 					return Ok(RoomMessageEventContent::text_plain(format!(
 						"Failed to resolve room alias {room} to a room ID: {e}"
 					)));
@@ -546,68 +574,66 @@ async fn unban_room(&self, enable_federation: bool, room: Box<RoomOrAliasId>) ->
 			}
 		};

-		self.services.rooms.metadata.ban_room(&room_id, false)?;
+		self.services.rooms.metadata.ban_room(&room_id, false);

 		room_id
 	} else {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Room specified is not a room ID or room alias. Please note that this requires a full room ID \
-			 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`)",
+			"Room specified is not a room ID or room alias. Please note that this requires a \
+			 full room ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+			 (`#roomalias:example.com`)",
 		));
 	};

 	if enable_federation {
-		self.services.rooms.metadata.disable_room(&room_id, false)?;
+		self.services.rooms.metadata.disable_room(&room_id, false);
 		return Ok(RoomMessageEventContent::text_plain("Room unbanned."));
 	}

 	Ok(RoomMessageEventContent::text_plain(
-		"Room unbanned, you may need to re-enable federation with the room using enable-room if this is a remote room \
-		 to make it fully functional.",
+		"Room unbanned, you may need to re-enable federation with the room using enable-room if \
+		 this is a remote room to make it fully functional.",
 	))
 }

 #[admin_command]
 async fn list_banned_rooms(&self, no_details: bool) -> Result<RoomMessageEventContent> {
-	let rooms = self
+	let room_ids: Vec<OwnedRoomId> = self
 		.services
 		.rooms
 		.metadata
 		.list_banned_rooms()
-		.collect::<Result<Vec<_>, _>>();
+		.map(Into::into)
+		.collect()
+		.await;

-	match rooms {
-		Ok(room_ids) => {
-			if room_ids.is_empty() {
-				return Ok(RoomMessageEventContent::text_plain("No rooms are banned."));
-			}
-
-			let mut rooms = room_ids
-				.into_iter()
-				.map(|room_id| get_room_info(self.services, &room_id))
-				.collect::<Vec<_>>();
-			rooms.sort_by_key(|r| r.1);
-			rooms.reverse();
-
-			let output_plain = format!(
-				"Rooms Banned ({}):\n```\n{}\n```",
-				rooms.len(),
-				rooms
-					.iter()
-					.map(|(id, members, name)| if no_details {
-						format!("{id}")
-					} else {
-						format!("{id}\tMembers: {members}\tName: {name}")
-					})
-					.collect::<Vec<_>>()
-					.join("\n")
-			);
-
-			Ok(RoomMessageEventContent::notice_markdown(output_plain))
-		},
-		Err(e) => {
-			error!("Failed to list banned rooms: {e}");
-			Ok(RoomMessageEventContent::text_plain(format!("Unable to list banned rooms: {e}")))
-		},
+	if room_ids.is_empty() {
+		return Ok(RoomMessageEventContent::text_plain("No rooms are banned."));
 	}
+
+	let mut rooms = room_ids
+		.iter()
+		.stream()
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect::<Vec<_>>()
+		.await;
+
+	rooms.sort_by_key(|r| r.1);
+	rooms.reverse();
+
+	let output_plain = format!(
+		"Rooms Banned ({}):\n```\n{}\n```",
+		rooms.len(),
+		rooms
+			.iter()
+			.map(|(id, members, name)| if no_details {
+				format!("{id}")
+			} else {
+				format!("{id}\tMembers: {members}\tName: {name}")
+			})
+			.collect::<Vec<_>>()
+			.join("\n")
+	);
+
+	Ok(RoomMessageEventContent::notice_markdown(output_plain))
 }
@@ -1,6 +1,6 @@
 use std::{fmt::Write, sync::Arc};

-use conduit::{info, utils::time, warn, Err, Result};
+use conduwuit::{info, utils::time, warn, Err, Result};
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::admin_command;
@@ -21,18 +21,20 @@ pub(super) async fn uptime(&self) -> Result<RoomMessageEventContent> {
 #[admin_command]
 pub(super) async fn show_config(&self) -> Result<RoomMessageEventContent> {
 	// Construct and send the response
-	Ok(RoomMessageEventContent::text_plain(format!("{}", self.services.globals.config)))
+	Ok(RoomMessageEventContent::text_markdown(format!(
+		"```\n{}\n```",
+		self.services.globals.config
+	)))
 }

 #[admin_command]
 pub(super) async fn list_features(
-	&self, available: bool, enabled: bool, comma: bool,
+	&self,
+	available: bool,
+	enabled: bool,
+	comma: bool,
 ) -> Result<RoomMessageEventContent> {
-	let delim = if comma {
-		","
-	} else {
-		" "
-	};
+	let delim = if comma { "," } else { " " };
 	if enabled && !available {
 		let features = info::rustc::features().join(delim);
 		let out = format!("`\n{features}\n`");
@@ -50,16 +52,8 @@ pub(super) async fn list_features(
 	let available = info::cargo::features();
 	for feature in available {
 		let active = enabled.contains(&feature.as_str());
-		let emoji = if active {
-			"✅"
-		} else {
-			"❌"
-		};
-		let remark = if active {
-			"[enabled]"
-		} else {
-			""
-		};
+		let emoji = if active { "✅" } else { "❌" };
+		let remark = if active { "[enabled]" } else { "" };
 		writeln!(features, "{emoji} {feature} {remark}")?;
 	}

@@ -70,7 +64,8 @@ pub(super) async fn list_features(
 pub(super) async fn memory_usage(&self) -> Result<RoomMessageEventContent> {
 	let services_usage = self.services.memory_usage().await?;
 	let database_usage = self.services.db.db.memory_usage()?;
-	let allocator_usage = conduit::alloc::memory_usage().map_or(String::new(), |s| format!("\nAllocator:\n{s}"));
+	let allocator_usage =
+		conduwuit::alloc::memory_usage().map_or(String::new(), |s| format!("\nAllocator:\n{s}"));

 	Ok(RoomMessageEventContent::text_plain(format!(
 		"Services:\n{services_usage}\nDatabase:\n{database_usage}{allocator_usage}",
@@ -103,8 +98,8 @@ pub(super) async fn backup_database(&self) -> Result<RoomMessageEventContent> {
 		.server
 		.runtime()
 		.spawn_blocking(move || match globals.db.backup() {
-			Ok(()) => String::new(),
-			Err(e) => (*e).to_string(),
+			| Ok(()) => String::new(),
+			| Err(e) => e.to_string(),
 		})
 		.await?;

@@ -140,12 +135,12 @@ pub(super) async fn reload_mods(&self) -> Result<RoomMessageEventContent> {
 #[admin_command]
 #[cfg(unix)]
 pub(super) async fn restart(&self, force: bool) -> Result<RoomMessageEventContent> {
-	use conduit::utils::sys::current_exe_deleted;
+	use conduwuit::utils::sys::current_exe_deleted;

 	if !force && current_exe_deleted() {
 		return Err!(
-			"The server cannot be restarted because the executable changed. If this is expected use --force to \
-			 override."
+			"The server cannot be restarted because the executable changed. If this is expected \
+			 use --force to override."
 		);
 	}

@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;

 use crate::admin_command_dispatch;

@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{EventId, OwnedRoomOrAliasId, RoomId};

 use crate::admin_command_dispatch;
@@ -22,6 +22,8 @@ pub(super) enum UserCommand {
 	ResetPassword {
 		/// Username of the user for whom the password should be reset
 		username: String,
+		/// New password for the user, if unspecified one is generated
+		password: Option<String>,
 	},

 	/// - Deactivate a user
@@ -73,6 +75,19 @@ pub(super) enum UserCommand {
 		room_id: OwnedRoomOrAliasId,
 	},

+	/// - Manually leave a local user from a room.
+	ForceLeaveRoom {
+		user_id: String,
+		room_id: OwnedRoomOrAliasId,
+	},
+
+	/// - Forces the specified user to drop their power levels to the room
+	///   default, if their permissions allow and the auth check permits
+	ForceDemote {
+		user_id: String,
+		room_id: OwnedRoomOrAliasId,
+	},
+
 	/// - Grant server-admin privileges to a user.
 	MakeUserAdmin {
 		user_id: String,
@@ -111,4 +126,31 @@ pub(super) enum UserCommand {
 	RedactEvent {
 		event_id: Box<EventId>,
 	},
+
+	/// - Force joins a specified list of local users to join the specified
+	///   room.
+	///
+	/// Specify a codeblock of usernames.
+	///
+	/// At least 1 server admin must be in the room to reduce abuse.
+	///
+	/// Requires the `--yes-i-want-to-do-this` flag.
+	ForceJoinListOfLocalUsers {
+		room_id: OwnedRoomOrAliasId,
+
+		#[arg(long)]
+		yes_i_want_to_do_this: bool,
+	},
+
+	/// - Force joins all local users to the specified room.
+	///
+	/// At least 1 server admin must be in the room to reduce abuse.
+	///
+	/// Requires the `--yes-i-want-to-do-this` flag.
+	ForceJoinAllLocalUsers {
+		room_id: OwnedRoomOrAliasId,
+
+		#[arg(long)]
+		yes_i_want_to_do_this: bool,
+	},
 }
@@ -1,4 +1,4 @@
-use conduit_core::{err, Err, Result};
+use conduwuit_core::{err, Err, Result};
 use ruma::{OwnedRoomId, OwnedUserId, RoomId, UserId};
 use service::Services;

@@ -8,23 +8,24 @@ pub(crate) fn escape_html(s: &str) -> String {
 		.replace('>', "&gt;")
 }

-pub(crate) fn get_room_info(services: &Services, id: &RoomId) -> (OwnedRoomId, u64, String) {
+pub(crate) async fn get_room_info(
+	services: &Services,
+	room_id: &RoomId,
+) -> (OwnedRoomId, u64, String) {
 	(
-		id.into(),
+		room_id.into(),
 		services
 			.rooms
 			.state_cache
-			.room_joined_count(id)
-			.ok()
-			.flatten()
+			.room_joined_count(room_id)
+			.await
 			.unwrap_or(0),
 		services
 			.rooms
 			.state_accessor
-			.get_name(id)
-			.ok()
-			.flatten()
-			.unwrap_or_else(|| id.to_string()),
+			.get_name(room_id)
+			.await
+			.unwrap_or_else(|_| room_id.to_string()),
 	)
 }

@@ -46,14 +47,17 @@ pub(crate) fn parse_local_user_id(services: &Services, user_id: &str) -> Result<
 }

 /// Parses user ID that is an active (not guest or deactivated) local user
-pub(crate) fn parse_active_local_user_id(services: &Services, user_id: &str) -> Result<OwnedUserId> {
+pub(crate) async fn parse_active_local_user_id(
+	services: &Services,
+	user_id: &str,
+) -> Result<OwnedUserId> {
 	let user_id = parse_local_user_id(services, user_id)?;

-	if !services.users.exists(&user_id)? {
+	if !services.users.exists(&user_id).await {
 		return Err!("User {user_id:?} does not exist on this server.");
 	}

-	if services.users.is_deactivated(&user_id)? {
+	if services.users.is_deactivated(&user_id).await? {
 		return Err!("User {user_id:?} is deactivated.");
 	}

@@ -1,5 +1,5 @@
 [package]
-name = "conduit_api"
+name = "conduwuit_api"
 categories.workspace = true
 description.workspace = true
 edition.workspace = true
@@ -18,7 +18,6 @@ crate-type = [

 [features]
 element_hacks = []
-#dev_release_log_level = []
 release_max_log_level = [
 	"tracing/max_level_trace",
 	"tracing/release_max_level_info",
@@ -41,11 +40,11 @@ axum-extra.workspace = true
 axum.workspace = true
 base64.workspace = true
 bytes.workspace = true
-conduit-core.workspace = true
-conduit-database.workspace = true
-conduit-service.workspace = true
+conduwuit-core.workspace = true
+conduwuit-database.workspace = true
+conduwuit-service.workspace = true
 const-str.workspace = true
-futures-util.workspace = true
+futures.workspace = true
 hmac.workspace = true
 http.workspace = true
 http-body-util.workspace = true
@@ -59,7 +58,7 @@ ruma.workspace = true
 serde_html_form.workspace = true
 serde_json.workspace = true
 serde.workspace = true
-sha-1.workspace = true
+sha1.workspace = true
 tokio.workspace = true
 tracing.workspace = true

@@ -2,22 +2,33 @@ use std::fmt::Write;

 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduit::{debug_info, error, info, utils, warn, Error, Result};
+use conduwuit::{
+	debug_info, error, info, is_equal_to, utils, utils::ReadyExt, warn, Error, PduBuilder, Result,
+};
+use futures::{FutureExt, StreamExt};
 use register::RegistrationKind;
 use ruma::{
 	api::client::{
 		account::{
-			change_password, check_registration_token_validity, deactivate, get_3pids, get_username_availability,
+			change_password, check_registration_token_validity, deactivate, get_3pids,
+			get_username_availability,
 			register::{self, LoginType},
-			request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn, whoami,
-			ThirdPartyIdRemovalStatus,
+			request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn,
+			whoami, ThirdPartyIdRemovalStatus,
 		},
 		error::ErrorKind,
 		uiaa::{AuthFlow, AuthType, UiaaInfo},
 	},
-	events::{room::message::RoomMessageEventContent, GlobalAccountDataEventType},
+	events::{
+		room::{
+			message::RoomMessageEventContent,
+			power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
+		},
+		GlobalAccountDataEventType, StateEventType,
+	},
 	push, OwnedRoomId, UserId,
 };
+use service::Services;

 use super::{join_room_by_id_helper, DEVICE_ID_LENGTH, SESSION_ID_LENGTH, TOKEN_LENGTH};
 use crate::Ruma;
@@ -37,17 +48,35 @@ const RANDOM_USER_ID_LENGTH: usize = 10;
 /// invalid when trying to register
 #[tracing::instrument(skip_all, fields(%client), name = "register_available")]
 pub(crate) async fn get_register_available_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_username_availability::v3::Request>,
 ) -> Result<get_username_availability::v3::Response> {
+	// workaround for https://github.com/matrix-org/matrix-appservice-irc/issues/1780 due to inactivity of fixing the issue
+	let is_matrix_appservice_irc = body.appservice_info.as_ref().is_some_and(|appservice| {
+		appservice.registration.id == "irc"
+			|| appservice.registration.id.contains("matrix-appservice-irc")
+			|| appservice.registration.id.contains("matrix_appservice_irc")
+	});
+
+	// don't force the username lowercase if it's from matrix-appservice-irc
+	let body_username = if is_matrix_appservice_irc {
+		body.username.clone()
+	} else {
+		body.username.to_lowercase()
+	};
+
 	// Validate user id
-	let user_id = UserId::parse_with_server_name(body.username.to_lowercase(), services.globals.server_name())
+	let user_id = UserId::parse_with_server_name(body_username, services.globals.server_name())
 		.ok()
-		.filter(|user_id| !user_id.is_historical() && services.globals.user_is_local(user_id))
+		.filter(|user_id| {
+			(!user_id.is_historical() || is_matrix_appservice_irc)
+				&& services.globals.user_is_local(user_id)
+		})
 		.ok_or(Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;

 	// Check if username is creative enough
-	if services.users.exists(&user_id)? {
+	if services.users.exists(&user_id).await {
 		return Err(Error::BadRequest(ErrorKind::UserInUse, "Desired user ID is already taken."));
 	}

@@ -62,9 +91,7 @@ pub(crate) async fn get_register_available_route(
 	// TODO add check for appservice namespaces

 	// If no if check is true we have an username that's available to be used.
-	Ok(get_username_availability::v3::Response {
-		available: true,
-	})
+	Ok(get_username_availability::v3::Response { available: true })
 }

 /// # `POST /_matrix/client/v3/register`
@@ -87,13 +114,15 @@ pub(crate) async fn get_register_available_route(
 #[allow(clippy::doc_markdown)]
 #[tracing::instrument(skip_all, fields(%client), name = "register")]
 pub(crate) async fn register_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp, body: Ruma<register::v3::Request>,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
+	body: Ruma<register::v3::Request>,
 ) -> Result<register::v3::Response> {
 	if !services.globals.allow_registration() && body.appservice_info.is_none() {
 		info!(
-			"Registration disabled and request not from known appservice, rejecting registration attempt for username \
-			 {:?}",
-			body.username
+			"Registration disabled and request not from known appservice, rejecting \
+			 registration attempt for username \"{}\"",
+			body.username.as_deref().unwrap_or("")
 		);
 		return Err(Error::BadRequest(ErrorKind::forbidden(), "Registration has been disabled."));
 	}
@@ -102,12 +131,13 @@ pub(crate) async fn register_route(

 	if is_guest
 		&& (!services.globals.allow_guest_registration()
-			|| (services.globals.allow_registration() && services.globals.config.registration_token.is_some()))
+			|| (services.globals.allow_registration()
+				&& services.globals.registration_token.is_some()))
 	{
 		info!(
-			"Guest registration disabled / registration enabled with token configured, rejecting guest registration \
-			 attempt, initial device name: {:?}",
-			body.initial_device_display_name
+			"Guest registration disabled / registration enabled with token configured, \
+			 rejecting guest registration attempt, initial device name: \"{}\"",
+			body.initial_device_display_name.as_deref().unwrap_or("")
 		);
 		return Err(Error::BadRequest(
 			ErrorKind::GuestAccessForbidden,
@@ -117,25 +147,52 @@ pub(crate) async fn register_route(

 	// forbid guests from registering if there is not a real admin user yet. give
 	// generic user error.
-	if is_guest && services.users.count()? < 2 {
+	if is_guest && services.users.count().await < 2 {
 		warn!(
-			"Guest account attempted to register before a real admin user has been registered, rejecting \
-			 registration. Guest's initial device name: {:?}",
-			body.initial_device_display_name
+			"Guest account attempted to register before a real admin user has been registered, \
+			 rejecting registration. Guest's initial device name: \"{}\"",
+			body.initial_device_display_name.as_deref().unwrap_or("")
 		);
-		return Err(Error::BadRequest(ErrorKind::forbidden(), "Registration temporarily disabled."));
+		return Err(Error::BadRequest(
+			ErrorKind::forbidden(),
+			"Registration temporarily disabled.",
+		));
 	}

 	let user_id = match (&body.username, is_guest) {
-		(Some(username), false) => {
-			let proposed_user_id =
-				UserId::parse_with_server_name(username.to_lowercase(), services.globals.server_name())
-					.ok()
-					.filter(|user_id| !user_id.is_historical() && services.globals.user_is_local(user_id))
-					.ok_or(Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;
+		| (Some(username), false) => {
+			// workaround for https://github.com/matrix-org/matrix-appservice-irc/issues/1780 due to inactivity of fixing the issue
+			let is_matrix_appservice_irc =
+				body.appservice_info.as_ref().is_some_and(|appservice| {
+					appservice.registration.id == "irc"
+						|| appservice.registration.id.contains("matrix-appservice-irc")
+						|| appservice.registration.id.contains("matrix_appservice_irc")
+				});

-			if services.users.exists(&proposed_user_id)? {
-				return Err(Error::BadRequest(ErrorKind::UserInUse, "Desired user ID is already taken."));
+			// don't force the username lowercase if it's from matrix-appservice-irc
+			let body_username = if is_matrix_appservice_irc {
+				username.clone()
+			} else {
+				username.to_lowercase()
+			};
+
+			let proposed_user_id =
+				UserId::parse_with_server_name(body_username, services.globals.server_name())
+					.ok()
+					.filter(|user_id| {
+						(!user_id.is_historical() || is_matrix_appservice_irc)
+							&& services.globals.user_is_local(user_id)
+					})
+					.ok_or(Error::BadRequest(
+						ErrorKind::InvalidUsername,
+						"Username is invalid.",
+					))?;
+
+			if services.users.exists(&proposed_user_id).await {
+				return Err(Error::BadRequest(
+					ErrorKind::UserInUse,
+					"Desired user ID is already taken.",
+				));
 			}

 			if services
@@ -148,13 +205,13 @@ pub(crate) async fn register_route(

 			proposed_user_id
 		},
-		_ => loop {
+		| _ => loop {
 			let proposed_user_id = UserId::parse_with_server_name(
 				utils::random_string(RANDOM_USER_ID_LENGTH).to_lowercase(),
 				services.globals.server_name(),
 			)
 			.unwrap();
-			if !services.users.exists(&proposed_user_id)? {
+			if !services.users.exists(&proposed_user_id).await {
 				break proposed_user_id;
 			}
 		},
@@ -174,7 +231,7 @@ pub(crate) async fn register_route(

 	// UIAA
 	let mut uiaainfo;
-	let skip_auth = if services.globals.config.registration_token.is_some() {
+	let skip_auth = if services.globals.registration_token.is_some() {
 		// Registration token required
 		uiaainfo = UiaaInfo {
 			flows: vec![AuthFlow {
@@ -189,9 +246,7 @@ pub(crate) async fn register_route(
 	} else {
 		// No registration token necessary, but clients must still go through the flow
 		uiaainfo = UiaaInfo {
-			flows: vec![AuthFlow {
-				stages: vec![AuthType::Dummy],
-			}],
+			flows: vec![AuthFlow { stages: vec![AuthType::Dummy] }],
 			completed: Vec::new(),
 			params: Box::default(),
 			session: None,
@@ -202,12 +257,16 @@ pub(crate) async fn register_route(

 	if !skip_auth {
 		if let Some(auth) = &body.auth {
-			let (worked, uiaainfo) = services.uiaa.try_auth(
-				&UserId::parse_with_server_name("", services.globals.server_name()).expect("we know this is valid"),
-				"".into(),
-				auth,
-				&uiaainfo,
-			)?;
+			let (worked, uiaainfo) = services
+				.uiaa
+				.try_auth(
+					&UserId::parse_with_server_name("", services.globals.server_name())
+						.expect("we know this is valid"),
+					"".into(),
+					auth,
+					&uiaainfo,
+				)
+				.await?;
 			if !worked {
 				return Err(Error::Uiaa(uiaainfo));
 			}
@@ -215,22 +274,19 @@ pub(crate) async fn register_route(
 		} else if let Some(json) = body.json_body {
 			uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 			services.uiaa.create(
-				&UserId::parse_with_server_name("", services.globals.server_name()).expect("we know this is valid"),
+				&UserId::parse_with_server_name("", services.globals.server_name())
+					.expect("we know this is valid"),
 				"".into(),
 				&uiaainfo,
 				&json,
-			)?;
+			);
 			return Err(Error::Uiaa(uiaainfo));
 		} else {
 			return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
 		}
 	}

-	let password = if is_guest {
-		None
-	} else {
-		body.password.as_deref()
-	};
+	let password = if is_guest { None } else { body.password.as_deref() };

 	// Create user
 	services.users.create(&user_id, password)?;
@@ -240,28 +296,32 @@ pub(crate) async fn register_route(

 	// If `new_user_displayname_suffix` is set, registration will push whatever
 	// content is set to the user's display name with a space before it
-	if !services.globals.new_user_displayname_suffix().is_empty() && body.appservice_info.is_none() {
+	if !services.globals.new_user_displayname_suffix().is_empty()
+		&& body.appservice_info.is_none()
+	{
 		write!(displayname, " {}", services.globals.config.new_user_displayname_suffix)
 			.expect("should be able to write to string buffer");
 	}

 	services
 		.users
-		.set_displayname(&user_id, Some(displayname.clone()))
-		.await?;
+		.set_displayname(&user_id, Some(displayname.clone()));

 	// Initial account data
-	services.account_data.update(
-		None,
-		&user_id,
-		GlobalAccountDataEventType::PushRules.to_string().into(),
-		&serde_json::to_value(ruma::events::push_rules::PushRulesEvent {
-			content: ruma::events::push_rules::PushRulesEventContent {
-				global: push::Ruleset::server_default(&user_id),
-			},
-		})
-		.expect("to json always works"),
-	)?;
+	services
+		.account_data
+		.update(
+			None,
+			&user_id,
+			GlobalAccountDataEventType::PushRules.to_string().into(),
+			&serde_json::to_value(ruma::events::push_rules::PushRulesEvent {
+				content: ruma::events::push_rules::PushRulesEventContent {
+					global: push::Ruleset::server_default(&user_id),
+				},
+			})
+			.expect("to json always works"),
+		)
+		.await?;

 	// Inhibit login does not work for guests
 	if !is_guest && body.inhibit_login {
@@ -275,84 +335,103 @@ pub(crate) async fn register_route(
 	}

 	// Generate new device id if the user didn't specify one
-	let device_id = if is_guest {
-		None
-	} else {
-		body.device_id.clone()
-	}
-	.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());
+	let device_id = if is_guest { None } else { body.device_id.clone() }
+		.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());

 	// Generate new token for the device
 	let token = utils::random_string(TOKEN_LENGTH);

 	// Create device for this account
-	services.users.create_device(
-		&user_id,
-		&device_id,
-		&token,
-		body.initial_device_display_name.clone(),
-		Some(client.to_string()),
-	)?;
+	services
+		.users
+		.create_device(
+			&user_id,
+			&device_id,
+			&token,
+			body.initial_device_display_name.clone(),
+			Some(client.to_string()),
+		)
+		.await?;

 	debug_info!(%user_id, %device_id, "User account was created");

+	let device_display_name = body.initial_device_display_name.as_deref().unwrap_or("");
+
 	// log in conduit admin channel if a non-guest user registered
 	if body.appservice_info.is_none() && !is_guest {
-		info!("New user \"{user_id}\" registered on this server.");
-		services
-			.admin
-			.send_message(RoomMessageEventContent::notice_plain(format!(
-				"New user \"{user_id}\" registered on this server from IP {client}."
-			)))
-			.await;
+		if !device_display_name.is_empty() {
+			info!(
+				"New user \"{user_id}\" registered on this server with device display name: \
+				 \"{device_display_name}\""
+			);
+
+			if services.globals.config.admin_room_notices {
+				services
+					.admin
+					.send_message(RoomMessageEventContent::notice_plain(format!(
+						"New user \"{user_id}\" registered on this server from IP {client} and \
+						 device display name \"{device_display_name}\""
+					)))
+					.await
+					.ok();
+			}
+		} else {
+			info!("New user \"{user_id}\" registered on this server.");
+
+			if services.globals.config.admin_room_notices {
+				services
+					.admin
+					.send_message(RoomMessageEventContent::notice_plain(format!(
+						"New user \"{user_id}\" registered on this server from IP {client}"
+					)))
+					.await
+					.ok();
+			}
+		}
 	}

 	// log in conduit admin channel if a guest registered
 	if body.appservice_info.is_none() && is_guest && services.globals.log_guest_registrations() {
 		info!("New guest user \"{user_id}\" registered on this server.");

-		if let Some(device_display_name) = &body.initial_device_display_name {
-			if body
-				.initial_device_display_name
-				.as_ref()
-				.is_some_and(|device_display_name| !device_display_name.is_empty())
-			{
+		if !device_display_name.is_empty() {
+			if services.globals.config.admin_room_notices {
 				services
 					.admin
 					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"Guest user \"{user_id}\" with device display name `{device_display_name}` registered on this \
-						 server from IP {client}."
+						"Guest user \"{user_id}\" with device display name \
+						 \"{device_display_name}\" registered on this server from IP {client}"
 					)))
-					.await;
-			} else {
-				services
-					.admin
-					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"Guest user \"{user_id}\" with no device display name registered on this server from IP \
-						 {client}.",
-					)))
-					.await;
+					.await
+					.ok();
 			}
 		} else {
-			services
-				.admin
-				.send_message(RoomMessageEventContent::notice_plain(format!(
-					"Guest user \"{user_id}\" with no device display name registered on this server from IP {client}.",
-				)))
-				.await;
+			#[allow(clippy::collapsible_else_if)]
+			if services.globals.config.admin_room_notices {
+				services
+					.admin
+					.send_message(RoomMessageEventContent::notice_plain(format!(
+						"Guest user \"{user_id}\" with no device display name registered on \
+						 this server from IP {client}",
+					)))
+					.await
+					.ok();
+			}
 		}
 	}

 	// If this is the first real user, grant them admin privileges except for guest
 	// users Note: the server user, @conduit:servername, is generated first
 	if !is_guest {
-		if let Some(admin_room) = services.admin.get_admin_room()? {
-			if services.rooms.state_cache.room_joined_count(&admin_room)? == Some(1) {
-				services
-					.admin
-					.make_user_admin(&user_id, displayname)
-					.await?;
-
+		if let Ok(admin_room) = services.admin.get_admin_room().await {
+			if services
+				.rooms
+				.state_cache
+				.room_joined_count(&admin_room)
+				.await
+				.is_ok_and(is_equal_to!(1))
+			{
+				services.admin.make_user_admin(&user_id).await?;
 				warn!("Granting {user_id} admin privileges as the first user");
 			}
 		}
@@ -363,24 +442,37 @@ pub(crate) async fn register_route(
 		&& (services.globals.allow_guests_auto_join_rooms() || !is_guest)
 	{
 		for room in &services.globals.config.auto_join_rooms {
+			let Ok(room_id) = services.rooms.alias.resolve(room).await else {
+				error!(
+					"Failed to resolve room alias to room ID when attempting to auto join \
+					 {room}, skipping"
+				);
+				continue;
+			};
+
 			if !services
 				.rooms
 				.state_cache
-				.server_in_room(services.globals.server_name(), room)?
+				.server_in_room(services.globals.server_name(), &room_id)
+				.await
 			{
-				warn!("Skipping room {room} to automatically join as we have never joined before.");
+				warn!(
+					"Skipping room {room} to automatically join as we have never joined before."
+				);
 				continue;
 			}

-			if let Some(room_id_server_name) = room.server_name() {
+			if let Some(room_server_name) = room.server_name() {
 				if let Err(e) = join_room_by_id_helper(
 					&services,
 					&user_id,
-					room,
+					&room_id,
 					Some("Automatically joining this room upon registration".to_owned()),
-					&[room_id_server_name.to_owned(), services.globals.server_name().to_owned()],
+					&[services.globals.server_name().to_owned(), room_server_name.to_owned()],
 					None,
+					&body.appservice_info,
 				)
+				.boxed()
 				.await
 				{
 					// don't return this error so we don't fail registrations
@@ -420,7 +512,8 @@ pub(crate) async fn register_route(
 /// - Triggers device list updates
 #[tracing::instrument(skip_all, fields(%client), name = "change_password")]
 pub(crate) async fn change_password_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<change_password::v3::Request>,
 ) -> Result<change_password::v3::Response> {
 	// Authentication for this endpoint was made optional, but we need
@@ -432,9 +525,7 @@ pub(crate) async fn change_password_route(
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

 	let mut uiaainfo = UiaaInfo {
-		flows: vec![AuthFlow {
-			stages: vec![AuthType::Password],
-		}],
+		flows: vec![AuthFlow { stages: vec![AuthType::Password] }],
 		completed: Vec::new(),
 		params: Box::default(),
 		session: None,
@@ -444,16 +535,20 @@ pub(crate) async fn change_password_route(
 	if let Some(auth) = &body.auth {
 		let (worked, uiaainfo) = services
 			.uiaa
-			.try_auth(sender_user, sender_device, auth, &uiaainfo)?;
+			.try_auth(sender_user, sender_device, auth, &uiaainfo)
+			.await?;
+
 		if !worked {
 			return Err(Error::Uiaa(uiaainfo));
 		}
-	// Success!
+
+		// Success!
 	} else if let Some(json) = body.json_body {
 		uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 		services
 			.uiaa
-			.create(sender_user, sender_device, &uiaainfo, &json)?;
+			.create(sender_user, sender_device, &uiaainfo, &json);
+
 		return Err(Error::Uiaa(uiaainfo));
 	} else {
 		return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
@@ -465,23 +560,25 @@ pub(crate) async fn change_password_route(

 	if body.logout_devices {
 		// Logout all devices except the current one
-		for id in services
+		services
 			.users
 			.all_device_ids(sender_user)
-			.filter_map(Result::ok)
-			.filter(|id| id != sender_device)
-		{
-			services.users.remove_device(sender_user, &id)?;
-		}
+			.ready_filter(|id| id != sender_device)
+			.for_each(|id| services.users.remove_device(sender_user, id))
+			.await;
 	}

 	info!("User {sender_user} changed their password.");
-	services
-		.admin
-		.send_message(RoomMessageEventContent::notice_plain(format!(
-			"User {sender_user} changed their password."
-		)))
-		.await;
+
+	if services.globals.config.admin_room_notices {
+		services
+			.admin
+			.send_message(RoomMessageEventContent::notice_plain(format!(
+				"User {sender_user} changed their password."
+			)))
+			.await
+			.ok();
+	}

 	Ok(change_password::v3::Response {})
 }
@@ -492,7 +589,8 @@ pub(crate) async fn change_password_route(
 ///
 /// Note: Also works for Application Services
 pub(crate) async fn whoami_route(
-	State(services): State<crate::State>, body: Ruma<whoami::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<whoami::v3::Request>,
 ) -> Result<whoami::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let device_id = body.sender_device.clone();
@@ -500,7 +598,8 @@ pub(crate) async fn whoami_route(
 	Ok(whoami::v3::Response {
 		user_id: sender_user.clone(),
 		device_id,
-		is_guest: services.users.is_deactivated(sender_user)? && body.appservice_info.is_none(),
+		is_guest: services.users.is_deactivated(sender_user).await?
+			&& body.appservice_info.is_none(),
 	})
 }

@@ -517,7 +616,8 @@ pub(crate) async fn whoami_route(
 /// - Removes ability to log in again
 #[tracing::instrument(skip_all, fields(%client), name = "deactivate")]
 pub(crate) async fn deactivate_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<deactivate::v3::Request>,
 ) -> Result<deactivate::v3::Response> {
 	// Authentication for this endpoint was made optional, but we need
@@ -529,9 +629,7 @@ pub(crate) async fn deactivate_route(
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

 	let mut uiaainfo = UiaaInfo {
-		flows: vec![AuthFlow {
-			stages: vec![AuthType::Password],
-		}],
+		flows: vec![AuthFlow { stages: vec![AuthType::Password] }],
 		completed: Vec::new(),
 		params: Box::default(),
 		session: None,
@@ -541,7 +639,9 @@ pub(crate) async fn deactivate_route(
 	if let Some(auth) = &body.auth {
 		let (worked, uiaainfo) = services
 			.uiaa
-			.try_auth(sender_user, sender_device, auth, &uiaainfo)?;
+			.try_auth(sender_user, sender_device, auth, &uiaainfo)
+			.await?;
+
 		if !worked {
 			return Err(Error::Uiaa(uiaainfo));
 		}
@@ -550,35 +650,38 @@ pub(crate) async fn deactivate_route(
 		uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 		services
 			.uiaa
-			.create(sender_user, sender_device, &uiaainfo, &json)?;
+			.create(sender_user, sender_device, &uiaainfo, &json);
+
 		return Err(Error::Uiaa(uiaainfo));
 	} else {
 		return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
 	}

-	// Remove devices and mark account as deactivated
-	services.users.deactivate_account(sender_user)?;
-
 	// Remove profile pictures and display name
 	let all_joined_rooms: Vec<OwnedRoomId> = services
 		.rooms
 		.state_cache
 		.rooms_joined(sender_user)
-		.filter_map(Result::ok)
-		.collect();
-	super::update_displayname(&services, sender_user.clone(), None, all_joined_rooms.clone()).await?;
-	super::update_avatar_url(&services, sender_user.clone(), None, None, all_joined_rooms).await?;
+		.map(Into::into)
+		.collect()
+		.await;

-	// Make the user leave all rooms before deactivation
-	super::leave_all_rooms(&services, sender_user).await;
+	super::update_displayname(&services, sender_user, None, &all_joined_rooms).await;
+	super::update_avatar_url(&services, sender_user, None, None, &all_joined_rooms).await;
+
+	full_user_deactivate(&services, sender_user, &all_joined_rooms).await?;

 	info!("User {sender_user} deactivated their account.");
-	services
-		.admin
-		.send_message(RoomMessageEventContent::notice_plain(format!(
-			"User {sender_user} deactivated their account."
-		)))
-		.await;
+
+	if services.globals.config.admin_room_notices {
+		services
+			.admin
+			.send_message(RoomMessageEventContent::notice_plain(format!(
+				"User {sender_user} deactivated their account."
+			)))
+			.await
+			.ok();
+	}

 	Ok(deactivate::v3::Response {
 		id_server_unbind_result: ThirdPartyIdRemovalStatus::NoSupport,
@@ -590,7 +693,9 @@ pub(crate) async fn deactivate_route(
 /// Get a list of third party identifiers associated with this account.
 ///
 /// - Currently always returns empty list
-pub(crate) async fn third_party_route(body: Ruma<get_3pids::v3::Request>) -> Result<get_3pids::v3::Response> {
+pub(crate) async fn third_party_route(
+	body: Ruma<get_3pids::v3::Request>,
+) -> Result<get_3pids::v3::Response> {
 	let _sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	Ok(get_3pids::v3::Response::new(Vec::new()))
@@ -635,16 +740,94 @@ pub(crate) async fn request_3pid_management_token_via_msisdn_route(
 /// Currently does not have any ratelimiting, and this isn't very practical as
 /// there is only one registration token allowed.
 pub(crate) async fn check_registration_token_validity(
-	State(services): State<crate::State>, body: Ruma<check_registration_token_validity::v1::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<check_registration_token_validity::v1::Request>,
 ) -> Result<check_registration_token_validity::v1::Response> {
-	let Some(reg_token) = services.globals.config.registration_token.clone() else {
+	let Some(reg_token) = services.globals.registration_token.clone() else {
 		return Err(Error::BadRequest(
 			ErrorKind::forbidden(),
 			"Server does not allow token registration.",
 		));
 	};

-	Ok(check_registration_token_validity::v1::Response {
-		valid: reg_token == body.token,
-	})
+	Ok(check_registration_token_validity::v1::Response { valid: reg_token == body.token })
+}
+
+/// Runs through all the deactivation steps:
+///
+/// - Mark as deactivated
+/// - Removing display name
+/// - Removing avatar URL and blurhash
+/// - Removing all profile data
+/// - Leaving all rooms (and forgets all of them)
+pub async fn full_user_deactivate(
+	services: &Services,
+	user_id: &UserId,
+	all_joined_rooms: &[OwnedRoomId],
+) -> Result<()> {
+	services.users.deactivate_account(user_id).await.ok();
+	super::update_displayname(services, user_id, None, all_joined_rooms).await;
+	super::update_avatar_url(services, user_id, None, None, all_joined_rooms).await;
+
+	services
+		.users
+		.all_profile_keys(user_id)
+		.ready_for_each(|(profile_key, _)| {
+			services.users.set_profile_key(user_id, &profile_key, None);
+		})
+		.await;
+
+	for room_id in all_joined_rooms {
+		let state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+		let room_power_levels = services
+			.rooms
+			.state_accessor
+			.room_state_get_content::<RoomPowerLevelsEventContent>(
+				room_id,
+				&StateEventType::RoomPowerLevels,
+				"",
+			)
+			.await
+			.ok();
+
+		let user_can_demote_self =
+			room_power_levels
+				.as_ref()
+				.is_some_and(|power_levels_content| {
+					RoomPowerLevels::from(power_levels_content.clone())
+						.user_can_change_user_power_level(user_id, user_id)
+				}) || services
+				.rooms
+				.state_accessor
+				.room_state_get(room_id, &StateEventType::RoomCreate, "")
+				.await
+				.is_ok_and(|event| event.sender == user_id);
+
+		if user_can_demote_self {
+			let mut power_levels_content = room_power_levels.unwrap_or_default();
+			power_levels_content.users.remove(user_id);
+
+			// ignore errors so deactivation doesn't fail
+			if let Err(e) = services
+				.rooms
+				.timeline
+				.build_and_append_pdu(
+					PduBuilder::state(String::new(), &power_levels_content),
+					user_id,
+					room_id,
+					&state_lock,
+				)
+				.await
+			{
+				warn!(%room_id, %user_id, "Failed to demote user's own power level: {e}");
+			} else {
+				info!("Demoted {user_id} in {room_id} as part of account deactivation");
+			}
+		}
+	}
+
+	super::leave_all_rooms(services, user_id).await;
+
+	Ok(())
 }
@@ -0,0 +1,159 @@
+use axum::extract::State;
+use conduwuit::{err, Err};
+use ruma::{
+	api::client::config::{
+		get_global_account_data, get_room_account_data, set_global_account_data,
+		set_room_account_data,
+	},
+	events::{
+		AnyGlobalAccountDataEventContent, AnyRoomAccountDataEventContent,
+		GlobalAccountDataEventType, RoomAccountDataEventType,
+	},
+	serde::Raw,
+	RoomId, UserId,
+};
+use serde::Deserialize;
+use serde_json::{json, value::RawValue as RawJsonValue};
+
+use crate::{service::Services, Result, Ruma};
+
+/// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
+///
+/// Sets some account data for the sender user.
+pub(crate) async fn set_global_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<set_global_account_data::v3::Request>,
+) -> Result<set_global_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot set account data for other users.")));
+	}
+
+	set_account_data(
+		&services,
+		None,
+		&body.user_id,
+		&body.event_type.to_string(),
+		body.data.json(),
+	)
+	.await?;
+
+	Ok(set_global_account_data::v3::Response {})
+}
+
+/// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
+///
+/// Sets some room account data for the sender user.
+pub(crate) async fn set_room_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<set_room_account_data::v3::Request>,
+) -> Result<set_room_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot set account data for other users.")));
+	}
+
+	set_account_data(
+		&services,
+		Some(&body.room_id),
+		&body.user_id,
+		&body.event_type.to_string(),
+		body.data.json(),
+	)
+	.await?;
+
+	Ok(set_room_account_data::v3::Response {})
+}
+
+/// # `GET /_matrix/client/r0/user/{userId}/account_data/{type}`
+///
+/// Gets some account data for the sender user.
+pub(crate) async fn get_global_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<get_global_account_data::v3::Request>,
+) -> Result<get_global_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot get account data of other users.")));
+	}
+
+	let account_data: ExtractGlobalEventContent = services
+		.account_data
+		.get_global(&body.user_id, body.event_type.clone())
+		.await
+		.map_err(|_| err!(Request(NotFound("Data not found."))))?;
+
+	Ok(get_global_account_data::v3::Response { account_data: account_data.content })
+}
+
+/// # `GET /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
+///
+/// Gets some room account data for the sender user.
+pub(crate) async fn get_room_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<get_room_account_data::v3::Request>,
+) -> Result<get_room_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot get account data of other users.")));
+	}
+
+	let account_data: ExtractRoomEventContent = services
+		.account_data
+		.get_room(&body.room_id, &body.user_id, body.event_type.clone())
+		.await
+		.map_err(|_| err!(Request(NotFound("Data not found."))))?;
+
+	Ok(get_room_account_data::v3::Response { account_data: account_data.content })
+}
+
+async fn set_account_data(
+	services: &Services,
+	room_id: Option<&RoomId>,
+	sender_user: &UserId,
+	event_type_s: &str,
+	data: &RawJsonValue,
+) -> Result {
+	if event_type_s == RoomAccountDataEventType::FullyRead.to_cow_str() {
+		return Err!(Request(BadJson(
+			"This endpoint cannot be used for marking a room as fully read (setting \
+			 m.fully_read)"
+		)));
+	}
+
+	if event_type_s == GlobalAccountDataEventType::PushRules.to_cow_str() {
+		return Err!(Request(BadJson(
+			"This endpoint cannot be used for setting/configuring push rules."
+		)));
+	}
+
+	let data: serde_json::Value = serde_json::from_str(data.get())
+		.map_err(|e| err!(Request(BadJson(warn!("Invalid JSON provided: {e}")))))?;
+
+	services
+		.account_data
+		.update(
+			room_id,
+			sender_user,
+			event_type_s.into(),
+			&json!({
+				"type": event_type_s,
+				"content": data,
+			}),
+		)
+		.await
+}
+
+#[derive(Deserialize)]
+struct ExtractRoomEventContent {
+	content: Raw<AnyRoomAccountDataEventContent>,
+}
+
+#[derive(Deserialize)]
+struct ExtractGlobalEventContent {
+	content: Raw<AnyGlobalAccountDataEventContent>,
+}
@@ -1,11 +1,9 @@
 use axum::extract::State;
-use conduit::{debug, Error, Result};
+use conduwuit::{debug, Err, Result};
+use futures::StreamExt;
 use rand::seq::SliceRandom;
 use ruma::{
-	api::client::{
-		alias::{create_alias, delete_alias, get_alias},
-		error::ErrorKind,
-	},
+	api::client::alias::{create_alias, delete_alias, get_alias},
 	OwnedServerName, RoomAliasId, RoomId,
 };
 use service::Services;
@@ -16,7 +14,8 @@ use crate::Ruma;
 ///
 /// Creates a new room alias on this server.
 pub(crate) async fn create_alias_route(
-	State(services): State<crate::State>, body: Ruma<create_alias::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<create_alias::v3::Request>,
 ) -> Result<create_alias::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

@@ -33,16 +32,17 @@ pub(crate) async fn create_alias_route(
 		.forbidden_alias_names()
 		.is_match(body.room_alias.alias())
 	{
-		return Err(Error::BadRequest(ErrorKind::forbidden(), "Room alias is forbidden."));
+		return Err!(Request(Forbidden("Room alias is forbidden.")));
 	}

 	if services
 		.rooms
 		.alias
-		.resolve_local_alias(&body.room_alias)?
-		.is_some()
+		.resolve_local_alias(&body.room_alias)
+		.await
+		.is_ok()
 	{
-		return Err(Error::Conflict("Alias already exists."));
+		return Err!(Conflict("Alias already exists."));
 	}

 	services
@@ -59,7 +59,8 @@ pub(crate) async fn create_alias_route(
 ///
 /// - TODO: Update canonical alias event
 pub(crate) async fn delete_alias_route(
-	State(services): State<crate::State>, body: Ruma<delete_alias::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_alias::v3::Request>,
 ) -> Result<delete_alias::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

@@ -84,42 +85,40 @@ pub(crate) async fn delete_alias_route(
 ///
 /// Resolve an alias locally or over federation.
 pub(crate) async fn get_alias_route(
-	State(services): State<crate::State>, body: Ruma<get_alias::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_alias::v3::Request>,
 ) -> Result<get_alias::v3::Response> {
 	let room_alias = body.body.room_alias;
-	let servers = None;

-	let Ok((room_id, pre_servers)) = services
-		.rooms
-		.alias
-		.resolve_alias(&room_alias, servers.as_ref())
-		.await
+	let Ok((room_id, servers)) = services.rooms.alias.resolve_alias(&room_alias, None).await
 	else {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Room with alias not found."));
+		return Err!(Request(NotFound("Room with alias not found.")));
 	};

-	let servers = room_available_servers(&services, &room_id, &room_alias, &pre_servers);
+	let servers = room_available_servers(&services, &room_id, &room_alias, servers).await;
 	debug!(?room_alias, ?room_id, "available servers: {servers:?}");

 	Ok(get_alias::v3::Response::new(room_id, servers))
 }

-fn room_available_servers(
-	services: &Services, room_id: &RoomId, room_alias: &RoomAliasId, pre_servers: &Option<Vec<OwnedServerName>>,
+async fn room_available_servers(
+	services: &Services,
+	room_id: &RoomId,
+	room_alias: &RoomAliasId,
+	pre_servers: Vec<OwnedServerName>,
 ) -> Vec<OwnedServerName> {
 	// find active servers in room state cache to suggest
 	let mut servers: Vec<OwnedServerName> = services
 		.rooms
 		.state_cache
 		.room_servers(room_id)
-		.filter_map(Result::ok)
-		.collect();
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;

 	// push any servers we want in the list already (e.g. responded remote alias
 	// servers, room alias server itself)
-	if let Some(pre_servers) = pre_servers {
-		servers.extend(pre_servers.clone());
-	};
+	servers.extend(pre_servers);

 	servers.sort_unstable();
 	servers.dedup();
@@ -0,0 +1,45 @@
+use axum::extract::State;
+use conduwuit::{err, Err, Result};
+use ruma::api::{appservice::ping, client::appservice::request_ping};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/v1/appservice/{appserviceId}/ping`
+///
+/// Ask the homeserver to ping the application service to ensure the connection
+/// works.
+pub(crate) async fn appservice_ping(
+	State(services): State<crate::State>,
+	body: Ruma<request_ping::v1::Request>,
+) -> Result<request_ping::v1::Response> {
+	let appservice_info = body.appservice_info.as_ref().ok_or_else(|| {
+		err!(Request(Forbidden("This endpoint can only be called by appservices.")))
+	})?;
+
+	if body.appservice_id != appservice_info.registration.id {
+		return Err!(Request(Forbidden(
+			"Appservices can only ping themselves (wrong appservice ID)."
+		)));
+	}
+
+	if appservice_info.registration.url.is_none() {
+		return Err!(Request(UrlNotSet(
+			"Appservice does not have a URL set, there is nothing to ping."
+		)));
+	}
+
+	let timer = tokio::time::Instant::now();
+
+	let _response = services
+		.sending
+		.send_appservice_request(
+			appservice_info.registration.clone(),
+			ping::send_ping::v1::Request {
+				transaction_id: body.transaction_id.clone(),
+			},
+		)
+		.await?
+		.expect("We already validated if an appservice URL exists above");
+
+	Ok(request_ping::v1::Response { duration: timer.elapsed() })
+}
@@ -1,33 +1,30 @@
 use axum::extract::State;
+use conduwuit::{err, Err};
 use ruma::{
-	api::client::{
-		backup::{
-			add_backup_keys, add_backup_keys_for_room, add_backup_keys_for_session, create_backup_version,
-			delete_backup_keys, delete_backup_keys_for_room, delete_backup_keys_for_session, delete_backup_version,
-			get_backup_info, get_backup_keys, get_backup_keys_for_room, get_backup_keys_for_session,
-			get_latest_backup_info, update_backup_version,
-		},
-		error::ErrorKind,
+	api::client::backup::{
+		add_backup_keys, add_backup_keys_for_room, add_backup_keys_for_session,
+		create_backup_version, delete_backup_keys, delete_backup_keys_for_room,
+		delete_backup_keys_for_session, delete_backup_version, get_backup_info, get_backup_keys,
+		get_backup_keys_for_room, get_backup_keys_for_session, get_latest_backup_info,
+		update_backup_version,
 	},
 	UInt,
 };

-use crate::{Error, Result, Ruma};
+use crate::{Result, Ruma};

 /// # `POST /_matrix/client/r0/room_keys/version`
 ///
 /// Creates a new backup.
 pub(crate) async fn create_backup_version_route(
-	State(services): State<crate::State>, body: Ruma<create_backup_version::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<create_backup_version::v3::Request>,
 ) -> Result<create_backup_version::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let version = services
 		.key_backups
-		.create_backup(sender_user, &body.algorithm)?;
+		.create_backup(body.sender_user(), &body.algorithm)?;

-	Ok(create_backup_version::v3::Response {
-		version,
-	})
+	Ok(create_backup_version::v3::Response { version })
 }

 /// # `PUT /_matrix/client/r0/room_keys/version/{version}`
@@ -35,12 +32,13 @@ pub(crate) async fn create_backup_version_route(
 /// Update information about an existing backup. Only `auth_data` can be
 /// modified.
 pub(crate) async fn update_backup_version_route(
-	State(services): State<crate::State>, body: Ruma<update_backup_version::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<update_backup_version::v3::Request>,
 ) -> Result<update_backup_version::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	services
 		.key_backups
-		.update_backup(sender_user, &body.version, &body.algorithm)?;
+		.update_backup(body.sender_user(), &body.version, &body.algorithm)
+		.await?;

 	Ok(update_backup_version::v3::Response {})
 }
@@ -49,20 +47,28 @@ pub(crate) async fn update_backup_version_route(
 ///
 /// Get information about the latest backup version.
 pub(crate) async fn get_latest_backup_info_route(
-	State(services): State<crate::State>, body: Ruma<get_latest_backup_info::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_latest_backup_info::v3::Request>,
 ) -> Result<get_latest_backup_info::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let (version, algorithm) = services
 		.key_backups
-		.get_latest_backup(sender_user)?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Key backup does not exist."))?;
+		.get_latest_backup(body.sender_user())
+		.await
+		.map_err(|_| err!(Request(NotFound("Key backup does not exist."))))?;

 	Ok(get_latest_backup_info::v3::Response {
 		algorithm,
-		count: (UInt::try_from(services.key_backups.count_keys(sender_user, &version)?)
-			.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &version)?,
+		count: (UInt::try_from(
+			services
+				.key_backups
+				.count_keys(body.sender_user(), &version)
+				.await,
+		)
+		.expect("user backup keys count should not be that high")),
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &version)
+			.await,
 		version,
 	})
 }
@@ -71,23 +77,28 @@ pub(crate) async fn get_latest_backup_info_route(
 ///
 /// Get information about an existing backup.
 pub(crate) async fn get_backup_info_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_info::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_info::v3::Request>,
 ) -> Result<get_backup_info::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let algorithm = services
 		.key_backups
-		.get_backup(sender_user, &body.version)?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Key backup does not exist."))?;
+		.get_backup(body.sender_user(), &body.version)
+		.await
+		.map_err(|_| {
+			err!(Request(NotFound("Key backup does not exist at version {:?}", body.version)))
+		})?;

 	Ok(get_backup_info::v3::Response {
 		algorithm,
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 		version: body.version.clone(),
 	})
 }
@@ -99,13 +110,13 @@ pub(crate) async fn get_backup_info_route(
 /// - Deletes both information about the backup, as well as all key data related
 ///   to the backup
 pub(crate) async fn delete_backup_version_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_version::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_version::v3::Request>,
 ) -> Result<delete_backup_version::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_backup(sender_user, &body.version)?;
+		.delete_backup(body.sender_user(), &body.version)
+		.await;

 	Ok(delete_backup_version::v3::Response {})
 }
@@ -119,38 +130,39 @@ pub(crate) async fn delete_backup_version_route(
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
 pub(crate) async fn add_backup_keys_route(
-	State(services): State<crate::State>, body: Ruma<add_backup_keys::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<add_backup_keys::v3::Request>,
 ) -> Result<add_backup_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	if Some(&body.version)
-		!= services
-			.key_backups
-			.get_latest_backup_version(sender_user)?
-			.as_ref()
+	if services
+		.key_backups
+		.get_latest_backup_version(body.sender_user())
+		.await
+		.is_ok_and(|version| version != body.version)
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"You may only manipulate the most recently created version of the backup.",
-		));
+		return Err!(Request(InvalidParam(
+			"You may only manipulate the most recently created version of the backup."
+		)));
 	}

 	for (room_id, room) in &body.rooms {
 		for (session_id, key_data) in &room.sessions {
 			services
 				.key_backups
-				.add_key(sender_user, &body.version, room_id, session_id, key_data)?;
+				.add_key(body.sender_user(), &body.version, room_id, session_id, key_data)
+				.await?;
 		}
 	}

 	Ok(add_backup_keys::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -163,36 +175,37 @@ pub(crate) async fn add_backup_keys_route(
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
 pub(crate) async fn add_backup_keys_for_room_route(
-	State(services): State<crate::State>, body: Ruma<add_backup_keys_for_room::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<add_backup_keys_for_room::v3::Request>,
 ) -> Result<add_backup_keys_for_room::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	if Some(&body.version)
-		!= services
-			.key_backups
-			.get_latest_backup_version(sender_user)?
-			.as_ref()
+	if services
+		.key_backups
+		.get_latest_backup_version(body.sender_user())
+		.await
+		.is_ok_and(|version| version != body.version)
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"You may only manipulate the most recently created version of the backup.",
-		));
+		return Err!(Request(InvalidParam(
+			"You may only manipulate the most recently created version of the backup."
+		)));
 	}

 	for (session_id, key_data) in &body.sessions {
 		services
 			.key_backups
-			.add_key(sender_user, &body.version, &body.room_id, session_id, key_data)?;
+			.add_key(body.sender_user(), &body.version, &body.room_id, session_id, key_data)
+			.await?;
 	}

 	Ok(add_backup_keys_for_room::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -205,34 +218,41 @@ pub(crate) async fn add_backup_keys_for_room_route(
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
 pub(crate) async fn add_backup_keys_for_session_route(
-	State(services): State<crate::State>, body: Ruma<add_backup_keys_for_session::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<add_backup_keys_for_session::v3::Request>,
 ) -> Result<add_backup_keys_for_session::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	if Some(&body.version)
-		!= services
-			.key_backups
-			.get_latest_backup_version(sender_user)?
-			.as_ref()
+	if services
+		.key_backups
+		.get_latest_backup_version(body.sender_user())
+		.await
+		.is_ok_and(|version| version != body.version)
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"You may only manipulate the most recently created version of the backup.",
-		));
+		return Err!(Request(InvalidParam(
+			"You may only manipulate the most recently created version of the backup."
+		)));
 	}

 	services
 		.key_backups
-		.add_key(sender_user, &body.version, &body.room_id, &body.session_id, &body.session_data)?;
+		.add_key(
+			body.sender_user(),
+			&body.version,
+			&body.room_id,
+			&body.session_id,
+			&body.session_data,
+		)
+		.await?;

 	Ok(add_backup_keys_for_session::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -240,72 +260,72 @@ pub(crate) async fn add_backup_keys_for_session_route(
 ///
 /// Retrieves all keys from the backup.
 pub(crate) async fn get_backup_keys_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_keys::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_keys::v3::Request>,
 ) -> Result<get_backup_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let rooms = services
+		.key_backups
+		.get_all(body.sender_user(), &body.version)
+		.await;

-	let rooms = services.key_backups.get_all(sender_user, &body.version)?;
-
-	Ok(get_backup_keys::v3::Response {
-		rooms,
-	})
+	Ok(get_backup_keys::v3::Response { rooms })
 }

 /// # `GET /_matrix/client/r0/room_keys/keys/{roomId}`
 ///
 /// Retrieves all keys from the backup for a given room.
 pub(crate) async fn get_backup_keys_for_room_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_keys_for_room::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_keys_for_room::v3::Request>,
 ) -> Result<get_backup_keys_for_room::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let sessions = services
 		.key_backups
-		.get_room(sender_user, &body.version, &body.room_id)?;
+		.get_room(body.sender_user(), &body.version, &body.room_id)
+		.await;

-	Ok(get_backup_keys_for_room::v3::Response {
-		sessions,
-	})
+	Ok(get_backup_keys_for_room::v3::Response { sessions })
 }

 /// # `GET /_matrix/client/r0/room_keys/keys/{roomId}/{sessionId}`
 ///
 /// Retrieves a key from the backup.
 pub(crate) async fn get_backup_keys_for_session_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_keys_for_session::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_keys_for_session::v3::Request>,
 ) -> Result<get_backup_keys_for_session::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let key_data = services
 		.key_backups
-		.get_session(sender_user, &body.version, &body.room_id, &body.session_id)?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Backup key not found for this user's session."))?;
+		.get_session(body.sender_user(), &body.version, &body.room_id, &body.session_id)
+		.await
+		.map_err(|_| {
+			err!(Request(NotFound(debug_error!("Backup key not found for this user's session."))))
+		})?;

-	Ok(get_backup_keys_for_session::v3::Response {
-		key_data,
-	})
+	Ok(get_backup_keys_for_session::v3::Response { key_data })
 }

 /// # `DELETE /_matrix/client/r0/room_keys/keys`
 ///
 /// Delete the keys from the backup.
 pub(crate) async fn delete_backup_keys_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_keys::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_keys::v3::Request>,
 ) -> Result<delete_backup_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_all_keys(sender_user, &body.version)?;
+		.delete_all_keys(body.sender_user(), &body.version)
+		.await;

 	Ok(delete_backup_keys::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -313,22 +333,24 @@ pub(crate) async fn delete_backup_keys_route(
 ///
 /// Delete the keys from the backup for a given room.
 pub(crate) async fn delete_backup_keys_for_room_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_keys_for_room::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_keys_for_room::v3::Request>,
 ) -> Result<delete_backup_keys_for_room::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_room_keys(sender_user, &body.version, &body.room_id)?;
+		.delete_room_keys(body.sender_user(), &body.version, &body.room_id)
+		.await;

 	Ok(delete_backup_keys_for_room::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -336,21 +358,23 @@ pub(crate) async fn delete_backup_keys_for_room_route(
 ///
 /// Delete a key from the backup.
 pub(crate) async fn delete_backup_keys_for_session_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_keys_for_session::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_keys_for_session::v3::Request>,
 ) -> Result<delete_backup_keys_for_session::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_room_key(sender_user, &body.version, &body.room_id, &body.session_id)?;
+		.delete_room_key(body.sender_user(), &body.version, &body.room_id, &body.session_id)
+		.await;

 	Ok(delete_backup_keys_for_session::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }
@@ -1,9 +1,14 @@
 use std::collections::BTreeMap;

 use axum::extract::State;
-use ruma::api::client::discovery::get_capabilities::{
-	self, Capabilities, RoomVersionStability, RoomVersionsCapability, ThirdPartyIdChangesCapability,
+use ruma::{
+	api::client::discovery::get_capabilities::{
+		self, Capabilities, GetLoginTokenCapability, RoomVersionStability,
+		RoomVersionsCapability, ThirdPartyIdChangesCapability,
+	},
+	RoomVersionId,
 };
+use serde_json::json;

 use crate::{Result, Ruma};

@@ -12,28 +17,28 @@ use crate::{Result, Ruma};
 /// Get information on the supported feature set and other relevent capabilities
 /// of this server.
 pub(crate) async fn get_capabilities_route(
-	State(services): State<crate::State>, _body: Ruma<get_capabilities::v3::Request>,
+	State(services): State<crate::State>,
+	_body: Ruma<get_capabilities::v3::Request>,
 ) -> Result<get_capabilities::v3::Response> {
-	let mut available = BTreeMap::new();
-	for room_version in &services.globals.unstable_room_versions {
-		available.insert(room_version.clone(), RoomVersionStability::Unstable);
-	}
-	for room_version in &services.globals.stable_room_versions {
-		available.insert(room_version.clone(), RoomVersionStability::Stable);
-	}
+	let available: BTreeMap<RoomVersionId, RoomVersionStability> =
+		services.server.available_room_versions().collect();

 	let mut capabilities = Capabilities::default();
 	capabilities.room_versions = RoomVersionsCapability {
-		default: services.globals.default_room_version(),
+		default: services.server.config.default_room_version.clone(),
 		available,
 	};

-	// conduit does not implement 3PID stuff
-	capabilities.thirdparty_id_changes = ThirdPartyIdChangesCapability {
-		enabled: false,
-	};
+	// we do not implement 3PID stuff
+	capabilities.thirdparty_id_changes = ThirdPartyIdChangesCapability { enabled: false };

-	Ok(get_capabilities::v3::Response {
-		capabilities,
-	})
+	// we dont support generating tokens yet
+	capabilities.get_login_token = GetLoginTokenCapability { enabled: false };
+
+	// MSC4133 capability
+	capabilities
+		.set("uk.tcpip.msc4133.profile_fields", json!({"enabled": true}))
+		.expect("this is valid JSON we created");
+
+	Ok(get_capabilities::v3::Response { capabilities })
 }
@@ -1,124 +0,0 @@
-use axum::extract::State;
-use ruma::{
-	api::client::{
-		config::{get_global_account_data, get_room_account_data, set_global_account_data, set_room_account_data},
-		error::ErrorKind,
-	},
-	events::{AnyGlobalAccountDataEventContent, AnyRoomAccountDataEventContent},
-	serde::Raw,
-	OwnedUserId, RoomId,
-};
-use serde::Deserialize;
-use serde_json::{json, value::RawValue as RawJsonValue};
-
-use crate::{service::Services, Error, Result, Ruma};
-
-/// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
-///
-/// Sets some account data for the sender user.
-pub(crate) async fn set_global_account_data_route(
-	State(services): State<crate::State>, body: Ruma<set_global_account_data::v3::Request>,
-) -> Result<set_global_account_data::v3::Response> {
-	set_account_data(
-		&services,
-		None,
-		&body.sender_user,
-		&body.event_type.to_string(),
-		body.data.json(),
-	)?;
-
-	Ok(set_global_account_data::v3::Response {})
-}
-
-/// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
-///
-/// Sets some room account data for the sender user.
-pub(crate) async fn set_room_account_data_route(
-	State(services): State<crate::State>, body: Ruma<set_room_account_data::v3::Request>,
-) -> Result<set_room_account_data::v3::Response> {
-	set_account_data(
-		&services,
-		Some(&body.room_id),
-		&body.sender_user,
-		&body.event_type.to_string(),
-		body.data.json(),
-	)?;
-
-	Ok(set_room_account_data::v3::Response {})
-}
-
-/// # `GET /_matrix/client/r0/user/{userId}/account_data/{type}`
-///
-/// Gets some account data for the sender user.
-pub(crate) async fn get_global_account_data_route(
-	State(services): State<crate::State>, body: Ruma<get_global_account_data::v3::Request>,
-) -> Result<get_global_account_data::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	let event: Box<RawJsonValue> = services
-		.account_data
-		.get(None, sender_user, body.event_type.to_string().into())?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
-
-	let account_data = serde_json::from_str::<ExtractGlobalEventContent>(event.get())
-		.map_err(|_| Error::bad_database("Invalid account data event in db."))?
-		.content;
-
-	Ok(get_global_account_data::v3::Response {
-		account_data,
-	})
-}
-
-/// # `GET /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
-///
-/// Gets some room account data for the sender user.
-pub(crate) async fn get_room_account_data_route(
-	State(services): State<crate::State>, body: Ruma<get_room_account_data::v3::Request>,
-) -> Result<get_room_account_data::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	let event: Box<RawJsonValue> = services
-		.account_data
-		.get(Some(&body.room_id), sender_user, body.event_type.clone())?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
-
-	let account_data = serde_json::from_str::<ExtractRoomEventContent>(event.get())
-		.map_err(|_| Error::bad_database("Invalid account data event in db."))?
-		.content;
-
-	Ok(get_room_account_data::v3::Response {
-		account_data,
-	})
-}
-
-fn set_account_data(
-	services: &Services, room_id: Option<&RoomId>, sender_user: &Option<OwnedUserId>, event_type: &str,
-	data: &RawJsonValue,
-) -> Result<()> {
-	let sender_user = sender_user.as_ref().expect("user is authenticated");
-
-	let data: serde_json::Value =
-		serde_json::from_str(data.get()).map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Data is invalid."))?;
-
-	services.account_data.update(
-		room_id,
-		sender_user,
-		event_type.into(),
-		&json!({
-			"type": event_type,
-			"content": data,
-		}),
-	)?;
-
-	Ok(())
-}
-
-#[derive(Deserialize)]
-struct ExtractRoomEventContent {
-	content: Raw<AnyRoomAccountDataEventContent>,
-}
-
-#[derive(Deserialize)]
-struct ExtractGlobalEventContent {
-	content: Raw<AnyGlobalAccountDataEventContent>,
-}
--- a/Show More
+++ b/Show More