comment out borked ci thing for now

Signed-off-by: strawberry <strawberry@puppygock.gay>
bump ruwuma to stop erroring on empty push response body
2026-05-26 20:49:55 +00:00 · 2025-02-09 10:17:28 -05:00 · 2025-02-07 18:00:58 -05:00 · 2025-02-07 11:49:00 -05:00 · 2025-02-06 19:02:14 -05:00 · 2025-02-06 18:27:36 -05:00
496 changed files with 48736 additions and 28725 deletions
@@ -21,3 +21,4 @@ indent_size = 2

 [*.rs]
 indent_style = tab
+max_line_length = 98
@@ -0,0 +1,87 @@
+# taken from https://github.com/gitattributes/gitattributes/blob/46a8961ad73f5bd4d8d193708840fbc9e851d702/Rust.gitattributes
+# Auto detect text files and perform normalization
+*          text=auto
+
+*.rs       text diff=rust
+*.toml     text diff=toml
+Cargo.lock text
+
+# taken from https://github.com/gitattributes/gitattributes/blob/46a8961ad73f5bd4d8d193708840fbc9e851d702/Common.gitattributes
+# Documents
+*.bibtex   text diff=bibtex
+*.doc      diff=astextplain
+*.DOC      diff=astextplain
+*.docx     diff=astextplain
+*.DOCX     diff=astextplain
+*.dot      diff=astextplain
+*.DOT      diff=astextplain
+*.pdf      diff=astextplain
+*.PDF      diff=astextplain
+*.rtf      diff=astextplain
+*.RTF      diff=astextplain
+*.md       text diff=markdown
+*.mdx      text diff=markdown
+*.tex      text diff=tex
+*.adoc     text
+*.textile  text
+*.mustache text
+*.csv      text eol=crlf
+*.tab      text
+*.tsv      text
+*.txt      text
+*.sql      text
+*.epub     diff=astextplain
+
+# Graphics
+*.png      binary
+*.jpg      binary
+*.jpeg     binary
+*.gif      binary
+*.tif      binary
+*.tiff     binary
+*.ico      binary
+# SVG treated as text by default.
+*.svg      text
+*.eps      binary
+
+# Scripts
+*.bash     text eol=lf
+*.fish     text eol=lf
+*.ksh      text eol=lf
+*.sh       text eol=lf
+*.zsh      text eol=lf
+# These are explicitly windows files and should use crlf
+*.bat      text eol=crlf
+*.cmd      text eol=crlf
+*.ps1      text eol=crlf
+
+# Serialisation
+*.json     text
+*.toml     text
+*.xml      text
+*.yaml     text
+*.yml      text
+
+# Archives
+*.7z       binary
+*.bz       binary
+*.bz2      binary
+*.bzip2    binary
+*.gz       binary
+*.lz       binary
+*.lzma     binary
+*.rar      binary
+*.tar      binary
+*.taz      binary
+*.tbz      binary
+*.tbz2     binary
+*.tgz      binary
+*.tlz      binary
+*.txz      binary
+*.xz       binary
+*.Z        binary
+*.zip      binary
+*.zst      binary
+
+# Text files where line endings should be preserved
+*.patch    -text
@@ -1,8 +0,0 @@
-
-<!-- Please describe your changes here -->
-
-----------------------------------------------------------------------------
-
- [ ] I ran `cargo fmt`, `cargo clippy`, and `cargo test`
- [ ] I agree to release my code and all other changes of this MR under the Apache-2.0 license
-
@@ -1,264 +0,0 @@
-name: CI and Artifacts
-
-on:
-    pull_request:
-    push:
-        # documentation workflow deals with this or is not relevant for this workflow
-        paths-ignore:
-          - '*.md'
-          - 'conduwuit-example.toml'
-          - 'book.toml'
-          - '.gitlab-ci.yml'
-          - '.gitignore'
-          - 'renovate.json'
-          - 'docs/**'
-          - 'debian/**'
-          - 'docker/**'
-        branches:
-            - main
-        tags:
-          - '*'
-    # Allows you to run this workflow manually from the Actions tab
-    #workflow_dispatch:
-
-#concurrency:
-#    group: ${{ gitea.head_ref || gitea.ref_name }}
-#    cancel-in-progress: true
-
-env:
-    # Required to make some things output color
-    TERM: ansi
-    # Publishing to my nix binary cache
-    ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
-    # conduwuit.cachix.org
-    CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-    # Just in case incremental is still being set to true, speeds up CI
-    CARGO_INCREMENTAL: 0
-    # Custom nix binary cache if fork is being used
-    ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
-    ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }}
-    # Get error output from nix that we can actually use
-    NIX_CONFIG: show-trace = true
-
-#permissions:
-#    packages: write
-#    contents: read
-
-jobs:
-    tests:
-        name: Test
-        runs-on: ubuntu-latest
-        steps:
-            - name: Sync repository
-              uses: https://github.com/actions/checkout@v4
-
-            - name: Tag comparison check
-              if: startsWith(gitea.ref, 'refs/tags/v')
-              run: |
-                  # Tag mismatch with latest repo tag check to prevent potential downgrades
-                  LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
-
-                  if [ $LATEST_TAG != ${{ gitea.ref_name }} ]; then
-                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.'
-                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY
-                    exit 1
-                  fi
-
-            - name: Install Nix
-              uses: https://github.com/DeterminateSystems/nix-installer-action@main
-              with:
-                diagnostic-endpoint: ""
-                extra-conf: |
-                  experimental-features = nix-command flakes
-                  accept-flake-config = true
-
-            - name: Enable Cachix binary cache
-              run: |
-                  nix profile install nixpkgs#cachix
-                  cachix use crane
-                  cachix use nix-community
-
-            - name: Configure Magic Nix Cache
-              uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main
-              with:
-                diagnostic-endpoint: ""
-                upstream-cache: "https://attic.kennel.juneis.dog/conduwuit"
-
-            - name: Apply Nix binary cache configuration
-              run: |
-                  sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org
-                  extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-                  EOF
-
-            - name: Use alternative Nix binary caches if specified
-              if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
-              run: |
-                  sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
-                  extra-substituters = ${{ env.ATTIC_ENDPOINT }}
-                  extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
-                  EOF
-
-            - name: Prepare build environment
-              run: |
-                  echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
-                  nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
-                  direnv allow
-                  nix develop .#all-features --command true
-
-            - name: Cache CI dependencies
-              run: |
-                  bin/nix-build-and-cache ci
-
-            - name: Run CI tests
-              run: |
-                  direnv exec . engage > >(tee -a test_output.log)
-
-            - name: Sync Complement repository
-              uses: https://github.com/actions/checkout@v4
-              with:
-                repository: 'matrix-org/complement'
-                path: complement_src
-
-            - name: Run Complement tests
-              run: |
-                  direnv exec . bin/complement 'complement_src' 'complement_test_logs.jsonl' 'complement_test_results.jsonl'
-                  cp -v -f result complement_oci_image.tar.gz
-
-            - name: Upload Complement OCI image
-              uses: https://github.com/actions/upload-artifact@v4
-              with:
-                name: complement_oci_image.tar.gz
-                path: complement_oci_image.tar.gz
-                if-no-files-found: error
-
-            - name: Upload Complement logs
-              uses: https://github.com/actions/upload-artifact@v4
-              with:
-                name: complement_test_logs.jsonl
-                path: complement_test_logs.jsonl
-                if-no-files-found: error
-
-            - name: Upload Complement results
-              uses: https://github.com/actions/upload-artifact@v4
-              with:
-                name: complement_test_results.jsonl
-                path: complement_test_results.jsonl
-                if-no-files-found: error
-
-            - name: Diff Complement results with checked-in repo results
-              run: |
-                  diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_test_output.log)
-                  echo '# Complement diff results' >> $GITHUB_STEP_SUMMARY
-                  echo '```diff' >> $GITHUB_STEP_SUMMARY
-                  tail -n 100 complement_test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY
-                  echo '```' >> $GITHUB_STEP_SUMMARY
-
-            - name: Update Job Summary
-              if: success() || failure()
-              run: |
-                  if [ ${{ job.status }} == 'success' ]; then
-                      echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY
-                  else
-                      echo '```' >> $GITHUB_STEP_SUMMARY
-                      tail -n 40 test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY
-                      echo '```' >> $GITHUB_STEP_SUMMARY
-                  fi
-
-    build:
-        name: Build
-        runs-on: ubuntu-latest
-        needs: tests
-        strategy:
-            matrix:
-                include:
-                    - target: aarch64-unknown-linux-musl
-                    - target: x86_64-unknown-linux-musl
-        steps:
-            - name: Sync repository
-              uses: https://github.com/actions/checkout@v4
-
-            - name: Install Nix
-              uses: https://github.com/DeterminateSystems/nix-installer-action@main
-              with:
-                diagnostic-endpoint: ""
-                extra-conf: |
-                  experimental-features = nix-command flakes
-                  accept-flake-config = true
-
-            - name: Install and enable Cachix binary cache
-              run: |
-                  nix profile install nixpkgs#cachix
-                  cachix use crane
-                  cachix use nix-community
-
-            - name: Configure Magic Nix Cache
-              uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main
-              with:
-                diagnostic-endpoint: ""
-                upstream-cache: "https://attic.kennel.juneis.dog/conduwuit"
-
-            - name: Apply Nix binary cache configuration
-              run: |
-                  sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org
-                  extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-                  EOF
-
-            - name: Use alternative Nix binary caches if specified
-              if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
-              run: |
-                  sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
-                  extra-substituters = ${{ env.ATTIC_ENDPOINT }}
-                  extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
-                  EOF
-
-            - name: Prepare build environment
-              run: |
-                  echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
-                  nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
-                  direnv allow
-                  nix develop .#all-features --command true
-
-            - name: Build static ${{ matrix.target }}
-              run: |
-                  CARGO_DEB_TARGET_TUPLE=$(echo ${{ matrix.target }} | grep -o -E '^([^-]*-){3}[^-]*')
-                  SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
-
-                  bin/nix-build-and-cache just .#static-${{ matrix.target }}
-                  mkdir -v -p target/release/
-                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
-                  cp -v -f result/bin/conduit target/release/conduwuit
-                  cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
-                  # -p conduit is the main crate name
-                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb
-                  mv -v target/release/conduwuit static-${{ matrix.target }}
-                  mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb
-
-            - name: Upload static-${{ matrix.target }}
-              uses: https://github.com/actions/upload-artifact@v4
-              with:
-                  name: static-${{ matrix.target }}
-                  path: static-${{ matrix.target }}
-                  if-no-files-found: error
-
-            - name: Upload deb ${{ matrix.target }}
-              uses: https://github.com/actions/upload-artifact@v4
-              with:
-                  name: deb-${{ matrix.target }}
-                  path: ${{ matrix.target }}.deb
-                  if-no-files-found: error
-                  compression-level: 0
-
-            - name: Build OCI image ${{ matrix.target }}
-              run: |
-                  bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}
-                  cp -v -f result oci-image-${{ matrix.target }}.tar.gz
-
-            - name: Upload OCI image ${{ matrix.target }}
-              uses: https://github.com/actions/upload-artifact@v4
-              with:
-                  name: oci-image-${{ matrix.target }}
-                  path: oci-image-${{ matrix.target }}.tar.gz
-                  if-no-files-found: error
-                  compression-level: 0
@@ -3,15 +3,10 @@ name: CI and Artifacts
 on:
    pull_request:
    push:
-        # documentation workflow deals with this or is not relevant for this workflow
        paths-ignore:
-          - '*.md'
-          - 'conduwuit-example.toml'
-          - 'book.toml'
          - '.gitlab-ci.yml'
          - '.gitignore'
          - 'renovate.json'
-          - 'docs/**'
          - 'debian/**'
          - 'docker/**'
        branches:
@@ -23,12 +18,12 @@ on:

 concurrency:
    group: ${{ github.head_ref || github.ref_name }}
-    cancel-in-progress: false
+    cancel-in-progress: true

 env:
    # sccache only on main repo
-    SCCACHE_GHA_ENABLED: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'true' || 'false' }}"
-    RUSTC_WRAPPER: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
+    SCCACHE_GHA_ENABLED: "${{ !startsWith(github.ref, 'refs/tags/') && (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'true' || 'false' }}"
+    RUSTC_WRAPPER: "${{ !startsWith(github.ref, 'refs/tags/') && (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
    SCCACHE_BUCKET: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
    SCCACHE_S3_USE_SSL: ${{ vars.SCCACHE_S3_USE_SSL }}
    SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
@@ -50,41 +45,71 @@ env:
    # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps
    NIX_CONFIG: |
      show-trace = true
-      extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
-      extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+      extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
+      extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
      experimental-features = nix-command flakes
      extra-experimental-features = nix-command flakes
      accept-flake-config = true
-    # complement uses libolm
-    NIXPKGS_ALLOW_INSECURE: 1
+    WEB_UPLOAD_SSH_USERNAME: ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
+    GH_REF_NAME: ${{ github.ref_name }}
+    WEBSERVER_DIR_NAME: ${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}

-permissions:
-    packages: write
-    contents: read
+permissions: {}

 jobs:
    tests:
        name: Test
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
-            - name: Free Disk Space (Ubuntu)
-              uses: jlumbroso/free-disk-space@main
-
-            - name: Free up more runner space
+            - name: Setup SSH web publish
+              env:
+                web_upload_ssh_private_key: ${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}
+              if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (env.web_upload_ssh_private_key != '') && github.event.pull_request.user.login != 'renovate[bot]'
              run: |
-                set +o pipefail
-                # large docker images
-                sudo docker image prune --all --force || true
-                # large packages
-                sudo apt-get purge -y '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
-                sudo apt-get autoremove -y
-                sudo apt-get clean
-                # large folders
-                sudo rm -rf /var/lib/apt/lists/* /usr/local/games /usr/local/sqlpackage /usr/local/.ghcup /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/local/share/vcpkg /usr/local/lib/python* /usr/local/lib/node_modules /usr/local/julia* /opt/mssql-tools /etc/skel /usr/share/vim /usr/share/postgresql /usr/share/man /usr/share/apache-maven-* /usr/share/R /usr/share/alsa /usr/share/miniconda /usr/share/grub /usr/share/gradle-* /usr/share/locale /usr/share/texinfo /usr/share/kotlinc /usr/share/swift /usr/share/doc /usr/share/az_9.3.0 /usr/share/sbt /usr/share/ri /usr/share/icons /usr/share/java /usr/share/fonts /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/R /usr/lib/postgresql /usr/lib/heroku /usr/lib/gcc
-                set -o pipefail
+                  mkdir -p -v ~/.ssh
+
+                  echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+                  echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
+
+                  chmod 600 ~/.ssh/id_ed25519
+
+                  cat >>~/.ssh/config <<END
+                  Host website
+                    HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
+                    User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
+                    IdentityFile ~/.ssh/id_ed25519
+                    StrictHostKeyChecking yes
+                    AddKeysToAgent no
+                    ForwardX11 no
+                    BatchMode yes
+                  END
+
+                  echo "Checking connection"
+                  ssh -q website "echo test" || ssh -q website "echo test"
+
+                  echo "Creating commit rev directory on web server"
+                  ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/"
+                  ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/"
+
+                  echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
+
+            - name: Install liburing
+              run: |
+                  sudo apt install liburing-dev -y
+
+            - name: Free up a bit of runner space
+              run: |
+                  set +o pipefail
+                  sudo docker image prune --all --force || true
+                  sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
+                  sudo apt clean
+                  sudo rm -rf /usr/local/lib/android /usr/local/julia* /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/local/lib/heroku /usr/lib/heroku /usr/local/share/boost /usr/share/dotnet /usr/local/bin/cmake* /usr/local/bin/stack /usr/local/bin/terraform /opt/microsoft/powershell /opt/hostedtoolcache/CodeQL /opt/hostedtoolcache/go /opt/hostedtoolcache/PyPy /usr/local/bin/sam || true
+                  set -o pipefail

            - name: Sync repository
              uses: actions/checkout@v4
+              with:
+                persist-credentials: false

            - name: Tag comparison check
              if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }}
@@ -92,7 +117,7 @@ jobs:
                  # Tag mismatch with latest repo tag check to prevent potential downgrades
                  LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)

-                  if [ $LATEST_TAG != ${{ github.ref_name }} ]; then
+                  if [ ${LATEST_TAG} != ${GH_REF_NAME} ]; then
                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.'
                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY
                    exit 1
@@ -101,6 +126,9 @@ jobs:
            - uses: nixbuild/nix-quick-install-action@master

            - name: Restore and cache Nix store
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
              uses: nix-community/cache-nix-action@v5.1.0
              with:
                # restore and save a cache using this key
@@ -130,7 +158,7 @@ jobs:
            - name: Apply Nix binary cache configuration
              run: |
                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
+                  extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
                  extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
                  experimental-features = nix-command flakes
                  extra-experimental-features = nix-command flakes
@@ -141,8 +169,8 @@ jobs:
              if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
              run: |
                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = ${{ env.ATTIC_ENDPOINT }}
-                  extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
+                  extra-substituters = ${ATTIC_ENDPOINT}
+                  extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
                  EOF

            - name: Prepare build environment
@@ -161,13 +189,20 @@ jobs:

            # use sccache for Rust
            - name: Run sccache-cache
-              if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]')
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
              uses: mozilla-actions/sccache-action@main

            # use rust-cache
            - uses: Swatinem/rust-cache@v2
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
              with:
                cache-all-crates: "true"
+                cache-on-failure: "true"
+                cache-targets: "true"

            - name: Run CI tests
              env:
@@ -189,6 +224,7 @@ jobs:
                name: complement_oci_image.tar.gz
                path: complement_oci_image.tar.gz
                if-no-files-found: error
+                compression-level: 0

            - name: Upload Complement logs
              uses: actions/upload-artifact@v4
@@ -209,9 +245,11 @@ jobs:
                  diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_diff_output.log)

            - name: Update Job Summary
+              env:
+                GH_JOB_STATUS: ${{ job.status }}
              if: success() || failure()
              run: |
-                  if [ ${{ job.status }} == 'success' ]; then
+                  if [ ${GH_JOB_STATUS} == 'success' ]; then
                      echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY
                  else
                      echo '# CI failure' >> $GITHUB_STEP_SUMMARY
@@ -231,23 +269,61 @@ jobs:

    build:
        name: Build
-        runs-on: ubuntu-latest
-        needs: tests
+        runs-on: ubuntu-24.04
        strategy:
            matrix:
                include:
                    - target: aarch64-linux-musl
                    - target: x86_64-linux-musl
        steps:
-            - name: Free Disk Space (Ubuntu)
-              uses: jlumbroso/free-disk-space@main
+            - name: Free up a bit of runner space
+              run: |
+                  set +o pipefail
+                  sudo docker image prune --all --force || true
+                  sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
+                  sudo apt clean
+                  sudo rm -rf /usr/local/lib/android /usr/local/julia* /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/local/lib/heroku /usr/lib/heroku /usr/local/share/boost /usr/share/dotnet /usr/local/bin/cmake* /usr/local/bin/stack /usr/local/bin/terraform /opt/microsoft/powershell /opt/hostedtoolcache/CodeQL /opt/hostedtoolcache/go /opt/hostedtoolcache/PyPy /usr/local/bin/sam || true
+                  set -o pipefail

            - name: Sync repository
              uses: actions/checkout@v4
+              with:
+                persist-credentials: false

-            - uses: nixbuild/nix-quick-install-action@v28
+            - name: Setup SSH web publish
+              env:
+                web_upload_ssh_private_key: ${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}
+              if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (env.web_upload_ssh_private_key != '') && github.event.pull_request.user.login != 'renovate[bot]'
+              run: |
+                  mkdir -p -v ~/.ssh
+
+                  echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+                  echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
+
+                  chmod 600 ~/.ssh/id_ed25519
+
+                  cat >>~/.ssh/config <<END
+                  Host website
+                    HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
+                    User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
+                    IdentityFile ~/.ssh/id_ed25519
+                    StrictHostKeyChecking yes
+                    AddKeysToAgent no
+                    ForwardX11 no
+                    BatchMode yes
+                  END
+
+                  echo "Checking connection"
+                  ssh -q website "echo test" || ssh -q website "echo test"
+
+                  echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
+
+            - uses: nixbuild/nix-quick-install-action@master

            - name: Restore and cache Nix store
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
              uses: nix-community/cache-nix-action@v5.1.0
              with:
                # restore and save a cache using this key
@@ -277,7 +353,7 @@ jobs:
            - name: Apply Nix binary cache configuration
              run: |
                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
+                  extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
                  extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
                  experimental-features = nix-command flakes
                  extra-experimental-features = nix-command flakes
@@ -288,8 +364,8 @@ jobs:
              if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
              run: |
                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = ${{ env.ATTIC_ENDPOINT }}
-                  extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
+                  extra-substituters = ${ATTIC_ENDPOINT}
+                  extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
                  EOF

            - name: Prepare build environment
@@ -301,15 +377,22 @@ jobs:

            # use sccache for Rust
            - name: Run sccache-cache
-              if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]')
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
              uses: mozilla-actions/sccache-action@main

            # use rust-cache
            - uses: Swatinem/rust-cache@v2
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
              with:
                cache-all-crates: "true"
+                cache-on-failure: "true"
+                cache-targets: "true"

-            - name: Build static ${{ matrix.target }}
+            - name: Build static ${{ matrix.target }}-all-features
              run: |
                  if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]]
                  then
@@ -325,22 +408,40 @@ jobs:

                  mkdir -v -p target/release/
                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
-                  cp -v -f result/bin/conduit target/release/conduwuit
-                  cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
-                  # -p conduit is the main crate name
-                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb
+                  cp -v -f result/bin/conduwuit target/release/conduwuit
+                  cp -v -f result/bin/conduwuit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
+                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduwuit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb
                  mv -v target/release/conduwuit static-${{ matrix.target }}
                  mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb

+            - name: Build static x86_64-linux-musl-all-features-x86_64-haswell-optimised
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              run: |
+                  CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl"
+                  SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
+
+                  bin/nix-build-and-cache just .#static-x86_64-linux-musl-all-features-x86_64-haswell-optimised
+
+                  mkdir -v -p target/release/
+                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
+                  cp -v -f result/bin/conduwuit target/release/conduwuit
+                  cp -v -f result/bin/conduwuit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
+                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduwuit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/x86_64-linux-musl-x86_64-haswell-optimised.deb
+                  mv -v target/release/conduwuit static-x86_64-linux-musl-x86_64-haswell-optimised
+                  mv -v target/release/x86_64-linux-musl-x86_64-haswell-optimised.deb x86_64-linux-musl-x86_64-haswell-optimised.deb
+
            # quick smoke test of the x86_64 static release binary
-            - name: Run x86_64 static release binary
+            - name: Quick smoke test the x86_64 static release binary
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
              run: |
                  # GH actions default runners are x86_64 only
-                  if file result/bin/conduit | grep x86-64; then
-                    result/bin/conduit --version
+                  if file result/bin/conduwuit | grep x86-64; then
+                    result/bin/conduwuit --version
+                    result/bin/conduwuit --help
+                    result/bin/conduwuit -Oserver_name="'$(date -u +%s).local'" -Odatabase_path="'/tmp/$(date -u +%s)'" --execute "server admin-notice awawawawawawawawawawa" --execute "server memory-usage" --execute "server shutdown"
                  fi

-            - name: Build static debug ${{ matrix.target }}
+            - name: Build static debug ${{ matrix.target }}-all-features
              run: |
                  if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]]
                  then
@@ -358,10 +459,9 @@ jobs:
                  # so we need to coerce cargo-deb into thinking this is a release binary
                  mkdir -v -p target/release/
                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
-                  cp -v -f result/bin/conduit target/release/conduwuit
-                  cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
-                  # -p conduit is the main crate name
-                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}-debug.deb
+                  cp -v -f result/bin/conduwuit target/release/conduwuit
+                  cp -v -f result/bin/conduwuit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
+                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduwuit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}-debug.deb
                  mv -v target/release/conduwuit static-${{ matrix.target }}-debug
                  mv -v target/release/${{ matrix.target }}-debug.deb ${{ matrix.target }}-debug.deb

@@ -369,8 +469,8 @@ jobs:
            - name: Run x86_64 static debug binary
              run: |
                  # GH actions default runners are x86_64 only
-                  if file result/bin/conduit | grep x86-64; then
-                    result/bin/conduit --version
+                  if file result/bin/conduwuit | grep x86-64; then
+                    result/bin/conduwuit --version
                  fi

            # check validity of produced deb package, invalid debs will error on these commands
@@ -383,14 +483,22 @@ jobs:
                  dpkg-deb --info ${{ matrix.target }}.deb
                  dpkg-deb --info ${{ matrix.target }}-debug.deb

-            - name: Upload static-${{ matrix.target }}
+            - name: Upload static-x86_64-linux-musl-all-features-x86_64-haswell-optimised to GitHub
+              uses: actions/upload-artifact@v4
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              with:
+                  name: static-x86_64-linux-musl-x86_64-haswell-optimised
+                  path: static-x86_64-linux-musl-x86_64-haswell-optimised
+                  if-no-files-found: error
+
+            - name: Upload static-${{ matrix.target }}-all-features to GitHub
              uses: actions/upload-artifact@v4
              with:
                  name: static-${{ matrix.target }}
                  path: static-${{ matrix.target }}
                  if-no-files-found: error

-            - name: Upload deb ${{ matrix.target }}
+            - name: Upload static deb ${{ matrix.target }}-all-features to GitHub
              uses: actions/upload-artifact@v4
              with:
                  name: deb-${{ matrix.target }}
@@ -398,14 +506,42 @@ jobs:
                  if-no-files-found: error
                  compression-level: 0

-            - name: Upload static-${{ matrix.target }}-debug
+            - name: Upload static-x86_64-linux-musl-all-features-x86_64-haswell-optimised to webserver
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    chmod +x static-x86_64-linux-musl-x86_64-haswell-optimised
+                    scp static-x86_64-linux-musl-x86_64-haswell-optimised website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/static-x86_64-linux-musl-x86_64-haswell-optimised
+                  fi
+
+            - name: Upload static-${{ matrix.target }}-all-features to webserver
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    chmod +x static-${{ matrix.target }}
+                    scp static-${{ matrix.target }} website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/static-${{ matrix.target }}
+                  fi
+
+            - name: Upload static deb x86_64-linux-musl-all-features-x86_64-haswell-optimised to webserver
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp x86_64-linux-musl-x86_64-haswell-optimised.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/x86_64-linux-musl-x86_64-haswell-optimised.deb
+                  fi
+
+            - name: Upload static deb ${{ matrix.target }}-all-features to webserver
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp ${{ matrix.target }}.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/${{ matrix.target }}.deb
+                  fi
+
+            - name: Upload static-${{ matrix.target }}-debug-all-features to GitHub
              uses: actions/upload-artifact@v4
              with:
                  name: static-${{ matrix.target }}-debug
                  path: static-${{ matrix.target }}-debug
                  if-no-files-found: error

-            - name: Upload deb ${{ matrix.target }}-debug
+            - name: Upload static deb ${{ matrix.target }}-debug-all-features to GitHub
              uses: actions/upload-artifact@v4
              with:
                  name: deb-${{ matrix.target }}-debug
@@ -413,19 +549,46 @@ jobs:
                  if-no-files-found: error
                  compression-level: 0

-            - name: Build OCI image ${{ matrix.target }}
+            - name: Upload static-${{ matrix.target }}-debug-all-features to webserver
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp static-${{ matrix.target }}-debug website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/static-${{ matrix.target }}-debug
+                  fi
+
+            - name: Upload static deb ${{ matrix.target }}-debug-all-features to webserver
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp ${{ matrix.target }}-debug.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/${{ matrix.target }}-debug.deb
+                  fi
+
+            - name: Build OCI image ${{ matrix.target }}-all-features
              run: |
                  bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features

                  cp -v -f result oci-image-${{ matrix.target }}.tar.gz

-            - name: Build debug OCI image ${{ matrix.target }}
+            - name: Build OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              run: |
+                  bin/nix-build-and-cache just .#oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised
+
+                  cp -v -f result oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz
+
+            - name: Build debug OCI image ${{ matrix.target }}-all-features
              run: |
                  bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features-debug

                  cp -v -f result oci-image-${{ matrix.target }}-debug.tar.gz

-            - name: Upload OCI image ${{ matrix.target }}
+            - name: Upload OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised to GitHub
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              uses: actions/upload-artifact@v4
+              with:
+                  name: oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised
+                  path: oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz
+                  if-no-files-found: error
+                  compression-level: 0
+            - name: Upload OCI image ${{ matrix.target }}-all-features to GitHub
              uses: actions/upload-artifact@v4
              with:
                  name: oci-image-${{ matrix.target }}
@@ -433,7 +596,7 @@ jobs:
                  if-no-files-found: error
                  compression-level: 0

-            - name: Upload OCI image ${{ matrix.target }}-debug
+            - name: Upload OCI image ${{ matrix.target }}-debug-all-features to GitHub
              uses: actions/upload-artifact@v4
              with:
                  name: oci-image-${{ matrix.target }}-debug
@@ -441,6 +604,25 @@ jobs:
                  if-no-files-found: error
                  compression-level: 0

+            - name: Upload OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz to webserver
+              if: ${{ matrix.target == 'x86_64-linux-musl' }}
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz
+                  fi
+
+            - name: Upload OCI image ${{ matrix.target }}-all-features to webserver
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp oci-image-${{ matrix.target }}.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/oci-image-${{ matrix.target }}.tar.gz
+                  fi
+
+            - name: Upload OCI image ${{ matrix.target }}-debug-all-features to webserver
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    scp oci-image-${{ matrix.target }}-debug.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/oci-image-${{ matrix.target }}-debug.tar.gz
+                  fi
+
    build_mac_binaries:
        name: Build MacOS Binaries
        strategy:
@@ -450,47 +632,108 @@ jobs:
        steps:
            - name: Sync repository
              uses: actions/checkout@v4
+              with:
+                persist-credentials: false
+
+            - name: Setup SSH web publish
+              env:
+                web_upload_ssh_private_key: ${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}
+              if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (env.web_upload_ssh_private_key != '') && github.event.pull_request.user.login != 'renovate[bot]'
+              run: |
+                  mkdir -p -v ~/.ssh
+
+                  echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+                  echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
+
+                  chmod 600 ~/.ssh/id_ed25519
+
+                  cat >>~/.ssh/config <<END
+                  Host website
+                    HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
+                    User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
+                    IdentityFile ~/.ssh/id_ed25519
+                    StrictHostKeyChecking yes
+                    AddKeysToAgent no
+                    ForwardX11 no
+                    BatchMode yes
+                  END
+
+                  echo "Checking connection"
+                  ssh -q website "echo test" || ssh -q website "echo test"
+
+                  echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
+
            - name: Tag comparison check
              if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }}
              run: |
                  # Tag mismatch with latest repo tag check to prevent potential downgrades
                  LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
-                  if [ $LATEST_TAG != ${{ github.ref_name }} ]; then
+
+                  if [ ${LATEST_TAG} != ${GH_REF_NAME} ]; then
                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.'
                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY
                    exit 1
                  fi
+
            # use sccache for Rust
            - name: Run sccache-cache
-              if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]')
+              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+              # releases and tags
+              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
              uses: mozilla-actions/sccache-action@main
+
            # use rust-cache
            - uses: Swatinem/rust-cache@v2
              with:
                cache-all-crates: "true"
+                cache-on-failure: "true"
+                cache-targets: "true"
+
            # Nix can't do portable macOS builds yet
            - name: Build macOS x86_64 binary
              if: ${{ matrix.os == 'macos-13' }}
              run: |
-                  CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short HEAD)" cargo build --release
-                  cp -v -f target/release/conduit conduwuit-macos-x86_64
+                  CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short ${{ github.sha }})" cargo build --release --locked --features=perf_measurements,sentry_telemetry,direct_tls
+                  cp -v -f target/release/conduwuit conduwuit-macos-x86_64
                  otool -L conduwuit-macos-x86_64
+
            # quick smoke test of the x86_64 macOS binary
            - name: Run x86_64 macOS release binary
              if: ${{ matrix.os == 'macos-13' }}
              run: |
+                  ./conduwuit-macos-x86_64 --help
                  ./conduwuit-macos-x86_64 --version
+
            - name: Build macOS arm64 binary
              if: ${{ matrix.os == 'macos-latest' }}
              run: |
-                  CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short HEAD)" cargo build --release
-                  cp -v -f target/release/conduit conduwuit-macos-arm64
+                  CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short ${{ github.sha }})" cargo build --release --locked --features=perf_measurements,sentry_telemetry,direct_tls
+                  cp -v -f target/release/conduwuit conduwuit-macos-arm64
                  otool -L conduwuit-macos-arm64
+
            # quick smoke test of the arm64 macOS binary
            - name: Run arm64 macOS release binary
              if: ${{ matrix.os == 'macos-latest' }}
              run: |
+                  ./conduwuit-macos-arm64 --help
                  ./conduwuit-macos-arm64 --version
+
+            - name: Upload macOS x86_64 binary to webserver
+              if: ${{ matrix.os == 'macos-13' }}
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    chmod +x conduwuit-macos-x86_64
+                    scp conduwuit-macos-x86_64 website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/conduwuit-macos-x86_64
+                  fi
+
+            - name: Upload macOS arm64 binary to webserver
+              if: ${{ matrix.os == 'macos-latest' }}
+              run: |
+                  if [ ! -z $SSH_WEBSITE ]; then
+                    chmod +x conduwuit-macos-arm64
+                    scp conduwuit-macos-arm64 website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/conduwuit-macos-arm64
+                  fi
+
            - name: Upload macOS x86_64 binary
              if: ${{ matrix.os == 'macos-13' }}
              uses: actions/upload-artifact@v4
@@ -498,6 +741,7 @@ jobs:
                  name: conduwuit-macos-x86_64
                  path: conduwuit-macos-x86_64
                  if-no-files-found: error
+
            - name: Upload macOS arm64 binary
              if: ${{ matrix.os == 'macos-latest' }}
              uses: actions/upload-artifact@v4
@@ -505,28 +749,35 @@ jobs:
                  name: conduwuit-macos-arm64
                  path: conduwuit-macos-arm64
                  if-no-files-found: error
-
+    variables: 
+      outputs:
+        github_repository: ${{ steps.var.outputs.github_repository }}
+      runs-on: "ubuntu-latest"
+      steps:
+        - name: Setting global variables
+          uses: actions/github-script@v7
+          id: var
+          with:
+            script: |
+              core.setOutput('github_repository', '${{ github.repository }}'.toLowerCase())
    docker:
        name: Docker publish
-        runs-on: ubuntu-latest
-        needs: build
-        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]'
+        runs-on: ubuntu-24.04
+        needs: [build, variables, tests]
+        permissions:
+          packages: write
+          contents: read
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && github.event.pull_request.user.login != 'renovate[bot]'
        env:
-            DOCKER_ARM64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8
-            DOCKER_AMD64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64
-            DOCKER_TAG: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
-            DOCKER_BRANCH: docker.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}
-            GHCR_ARM64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8
-            GHCR_AMD64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64
-            GHCR_TAG: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
-            GHCR_BRANCH: ghcr.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}
-            GLCR_ARM64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8
-            GLCR_AMD64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64
-            GLCR_TAG: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
-            GLCR_BRANCH: registry.gitlab.com/conduwuit/conduwuit:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}
+            DOCKER_HUB_REPO: docker.io/${{ needs.variables.outputs.github_repository }}
+            GHCR_REPO: ghcr.io/${{ needs.variables.outputs.github_repository }}
+            GLCR_REPO: registry.gitlab.com/conduwuit/conduwuit
+            UNIQUE_TAG: ${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
+            BRANCH_TAG: ${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}

            DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
            GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
+            GHCR_ENABLED: "${{ (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) && 'true' || 'false' }}"
        steps:
            - name: Login to GitHub Container Registry
              uses: docker/login-action@v3
@@ -556,101 +807,187 @@ jobs:

            - name: Move OCI images into position
              run: |
+                  mv -v oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised/*.tar.gz oci-image-amd64-haswell-optimised.tar.gz
                  mv -v oci-image-x86_64-linux-musl/*.tar.gz oci-image-amd64.tar.gz
                  mv -v oci-image-aarch64-linux-musl/*.tar.gz oci-image-arm64v8.tar.gz
                  mv -v oci-image-x86_64-linux-musl-debug/*.tar.gz oci-image-amd64-debug.tar.gz
                  mv -v oci-image-aarch64-linux-musl-debug/*.tar.gz oci-image-arm64v8-debug.tar.gz

+            - name: Load and push amd64 haswell image
+              run: |
+                  docker load -i oci-image-amd64-haswell-optimised.tar.gz
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
+                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-haswell
+                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-haswell
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-haswell
+                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-haswell
+                  fi
+
            - name: Load and push amd64 image
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
              run: |
                  docker load -i oci-image-amd64.tar.gz
-                  docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }}
-                  docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }}
-                  docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }}
-                  docker push ${{ env.DOCKER_AMD64 }}
-                  docker push ${{ env.GHCR_AMD64 }}
-                  docker push ${{ env.GLCR_AMD64 }}
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
+                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-amd64
+                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-amd64
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-amd64
+                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-amd64
+                  fi

            - name: Load and push arm64 image
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
              run: |
                  docker load -i oci-image-arm64v8.tar.gz
-                  docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }}
-                  docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }}
-                  docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }}
-                  docker push ${{ env.DOCKER_ARM64 }}
-                  docker push ${{ env.GHCR_ARM64 }}
-                  docker push ${{ env.GLCR_ARM64 }}
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8
+                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8
+                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8
+                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8
+                  fi

            - name: Load and push amd64 debug image
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
              run: |
                  docker load -i oci-image-amd64-debug.tar.gz
-                  docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }}-debug
-                  docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }}-debug
-                  docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }}-debug
-                  docker push ${{ env.DOCKER_AMD64 }}-debug
-                  docker push ${{ env.GHCR_AMD64 }}-debug
-                  docker push ${{ env.GLCR_AMD64 }}-debug
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
+                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                  fi

            - name: Load and push arm64 debug image
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
              run: |
                  docker load -i oci-image-arm64v8-debug.tar.gz
-                  docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }}-debug
-                  docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }}-debug
-                  docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }}-debug
-                  docker push ${{ env.DOCKER_ARM64 }}-debug
-                  docker push ${{ env.GHCR_ARM64 }}-debug
-                  docker push ${{ env.GLCR_ARM64 }}-debug
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug
+                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
+                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
+                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
+                  fi
+
+            - name: Create Docker haswell manifests
+              run: |
+                  # Dockerhub Container Registry
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker manifest create ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
+                    docker manifest create ${DOCKER_HUB_REPO}:${BRANCH_TAG}-haswell --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
+                  fi
+                  # GitHub Container Registry
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker manifest create ${GHCR_REPO}:${UNIQUE_TAG}-haswell --amend ${GHCR_REPO}:${UNIQUE_TAG}-haswell
+                    docker manifest create ${GHCR_REPO}:${BRANCH_TAG}-haswell --amend ${GHCR_REPO}:${UNIQUE_TAG}-haswell
+                  fi
+                  # GitLab Container Registry
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker manifest create ${GLCR_REPO}:${UNIQUE_TAG}-haswell --amend ${GLCR_REPO}:${UNIQUE_TAG}-haswell
+                    docker manifest create ${GLCR_REPO}:${BRANCH_TAG}-haswell --amend ${GLCR_REPO}:${UNIQUE_TAG}-haswell
+                  fi

            - name: Create Docker combined manifests
              run: |
                  # Dockerhub Container Registry
-                  docker manifest create ${{ env.DOCKER_TAG }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }}
-                  docker manifest create ${{ env.DOCKER_BRANCH }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }}
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker manifest create ${DOCKER_HUB_REPO}:${UNIQUE_TAG} --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
+                    docker manifest create ${DOCKER_HUB_REPO}:${BRANCH_TAG} --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
+                  fi
                  # GitHub Container Registry
-                  docker manifest create ${{ env.GHCR_TAG }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }}
-                  docker manifest create ${{ env.GHCR_BRANCH }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }}
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker manifest create ${GHCR_REPO}:${UNIQUE_TAG} --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64
+                    docker manifest create ${GHCR_REPO}:${BRANCH_TAG} --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64
+                  fi
                  # GitLab Container Registry
-                  docker manifest create ${{ env.GLCR_TAG }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }}
-                  docker manifest create ${{ env.GLCR_BRANCH }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }}
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker manifest create ${GLCR_REPO}:${UNIQUE_TAG} --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64
+                    docker manifest create ${GLCR_REPO}:${BRANCH_TAG} --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64
+                  fi

            - name: Create Docker combined debug manifests
              run: |
                  # Dockerhub Container Registry
-                  docker manifest create ${{ env.DOCKER_TAG }}-debug --amend ${{ env.DOCKER_ARM64 }}-debug --amend ${{ env.DOCKER_AMD64 }}-debug
-                  docker manifest create ${{ env.DOCKER_BRANCH }}-debug --amend ${{ env.DOCKER_ARM64 }}-debug --amend ${{ env.DOCKER_AMD64 }}-debug
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker manifest create ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
+                    docker manifest create ${DOCKER_HUB_REPO}:${BRANCH_TAG}-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
+                  fi
                  # GitHub Container Registry
-                  docker manifest create ${{ env.GHCR_TAG }}-debug --amend ${{ env.GHCR_ARM64 }}-debug --amend ${{ env.GHCR_AMD64 }}-debug
-                  docker manifest create ${{ env.GHCR_BRANCH }}-debug --amend ${{ env.GHCR_ARM64 }}-debug --amend ${{ env.GHCR_AMD64 }}-debug
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker manifest create ${GHCR_REPO}:${UNIQUE_TAG}-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                    docker manifest create ${GHCR_REPO}:${BRANCH_TAG}-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                  fi
                  # GitLab Container Registry
-                  docker manifest create ${{ env.GLCR_TAG }}-debug --amend ${{ env.GLCR_ARM64 }}-debug --amend ${{ env.GLCR_AMD64 }}-debug
-                  docker manifest create ${{ env.GLCR_BRANCH }}-debug --amend ${{ env.GLCR_ARM64 }}-debug --amend ${{ env.GLCR_AMD64 }}-debug
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker manifest create ${GLCR_REPO}:${UNIQUE_TAG}-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                    docker manifest create ${GLCR_REPO}:${BRANCH_TAG}-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
+                  fi

            - name: Push manifests to Docker registries
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
              run: |
-                  docker manifest push ${{ env.DOCKER_TAG }}
-                  docker manifest push ${{ env.DOCKER_BRANCH }}
-                  docker manifest push ${{ env.GHCR_TAG }}
-                  docker manifest push ${{ env.GHCR_BRANCH }}
-                  docker manifest push ${{ env.GLCR_TAG }}
-                  docker manifest push ${{ env.GLCR_BRANCH }}
-                  docker manifest push ${{ env.DOCKER_TAG }}-debug
-                  docker manifest push ${{ env.DOCKER_BRANCH }}-debug
-                  docker manifest push ${{ env.GHCR_TAG }}-debug
-                  docker manifest push ${{ env.GHCR_BRANCH }}-debug
-                  docker manifest push ${{ env.GLCR_TAG }}-debug
-                  docker manifest push ${{ env.GLCR_BRANCH }}-debug
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    docker manifest push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}
+                    docker manifest push ${DOCKER_HUB_REPO}:${BRANCH_TAG}
+                    docker manifest push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-debug
+                    docker manifest push ${DOCKER_HUB_REPO}:${BRANCH_TAG}-debug
+                    docker manifest push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
+                    docker manifest push ${DOCKER_HUB_REPO}:${BRANCH_TAG}-haswell
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    docker manifest push ${GHCR_REPO}:${UNIQUE_TAG}
+                    docker manifest push ${GHCR_REPO}:${BRANCH_TAG}
+                    docker manifest push ${GHCR_REPO}:${UNIQUE_TAG}-debug
+                    docker manifest push ${GHCR_REPO}:${BRANCH_TAG}-debug
+                    docker manifest push ${GHCR_REPO}:${UNIQUE_TAG}-haswell
+                    docker manifest push ${GHCR_REPO}:${BRANCH_TAG}-haswell
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    docker manifest push ${GLCR_REPO}:${UNIQUE_TAG}
+                    docker manifest push ${GLCR_REPO}:${BRANCH_TAG}
+                    docker manifest push ${GLCR_REPO}:${UNIQUE_TAG}-debug
+                    docker manifest push ${GLCR_REPO}:${BRANCH_TAG}-debug
+                    docker manifest push ${GLCR_REPO}:${UNIQUE_TAG}-haswell
+                    docker manifest push ${GLCR_REPO}:${BRANCH_TAG}-haswell
+                  fi

            - name: Add Image Links to Job Summary
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
              run: |
-                  echo "- \`docker pull ${{ env.DOCKER_TAG }}\`" >> $GITHUB_STEP_SUMMARY
-                  echo "- \`docker pull ${{ env.GHCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY
-                  echo "- \`docker pull ${{ env.GLCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY
-                  echo "- \`docker pull ${{ env.DOCKER_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY
-                  echo "- \`docker pull ${{ env.GHCR_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY
-                  echo "- \`docker pull ${{ env.GLCR_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY
+                  if [ ! -z $DOCKERHUB_TOKEN ]; then
+                    echo "- \`docker pull ${DOCKER_HUB_REPO}:${UNIQUE_TAG}\`" >> $GITHUB_STEP_SUMMARY
+                    echo "- \`docker pull ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-debug\`" >> $GITHUB_STEP_SUMMARY
+                    echo "- \`docker pull ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell\`" >> $GITHUB_STEP_SUMMARY
+                  fi
+                  if [ $GHCR_ENABLED = "true" ]; then
+                    echo "- \`docker pull ${GHCR_REPO}:${UNIQUE_TAG}\`" >> $GITHUB_STEP_SUMMARY
+                    echo "- \`docker pull ${GHCR_REPO}:${UNIQUE_TAG}-debug\`" >> $GITHUB_STEP_SUMMARY
+                    echo "- \`docker pull ${GHCR_REPO}:${UNIQUE_TAG}-haswell\`" >> $GITHUB_STEP_SUMMARY
+                  fi
+                  if [ ! -z $GITLAB_TOKEN ]; then
+                    echo "- \`docker pull ${GLCR_REPO}:${UNIQUE_TAG}\`" >> $GITHUB_STEP_SUMMARY
+                    echo "- \`docker pull ${GLCR_REPO}:${UNIQUE_TAG}-debug\`" >> $GITHUB_STEP_SUMMARY
+                    echo "- \`docker pull ${GLCR_REPO}:${UNIQUE_TAG}-haswell\`" >> $GITHUB_STEP_SUMMARY
+                  fi
@@ -0,0 +1,41 @@
+name: Update Docker Hub Description
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - README.md
+      - .github/workflows/docker-hub-description.yml
+
+  workflow_dispatch:
+
+jobs:
+  dockerHubDescription:
+    runs-on: ubuntu-latest
+    if: ${{ (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && github.event.pull_request.user.login != 'renovate[bot]' && (vars.DOCKER_USERNAME != '') }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+
+    - name: Setting variables
+      uses: actions/github-script@v7
+      id: var
+      with:
+        script: |
+          const githubRepo = '${{ github.repository }}'.toLowerCase()
+          const repoId = githubRepo.split('/')[1]
+          
+          core.setOutput('github_repository', githubRepo)
+          const dockerRepo = '${{ vars.DOCKER_USERNAME }}'.toLowerCase() + '/' + repoId
+          core.setOutput('docker_repo', dockerRepo)
+
+    - name: Docker Hub Description
+      uses: peter-evans/dockerhub-description@v4
+      with:
+        username: ${{ vars.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+        repository: ${{ steps.var.outputs.docker_repo }}
+        short-description: ${{ github.event.repository.description }}
+        enable-url-completion: true
@@ -24,7 +24,7 @@ env:
  # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps
  NIX_CONFIG: |
    show-trace = true
-    extra-substituters = extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
+    extra-substituters = extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
    experimental-features = nix-command flakes
    extra-experimental-features = nix-command flakes
@@ -36,10 +36,12 @@ concurrency:
  group: "pages"
  cancel-in-progress: false

+permissions: {}
+
 jobs:
  docs:
    name: Documentation and GitHub Pages
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04

    permissions:
      pages: write
@@ -50,19 +52,30 @@ jobs:
      url: ${{ steps.deployment.outputs.page_url }}

    steps:
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
+      - name: Free up a bit of runner space
+        run: |
+            set +o pipefail
+            sudo docker image prune --all --force || true
+            sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
+            sudo apt clean
+            sudo rm -v -rf /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/heroku
+            set -o pipefail

      - name: Sync repository
        uses: actions/checkout@v4
+        with:
+          persist-credentials: false

      - name: Setup GitHub Pages
-        if: github.event_name != 'pull_request'
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
        uses: actions/configure-pages@v5

      - uses: nixbuild/nix-quick-install-action@master

      - name: Restore and cache Nix store
+        # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
+        # releases and tags
+        if: ${{ !startsWith(github.ref, 'refs/tags/') }}
        uses: nix-community/cache-nix-action@v5.1.0
        with:
          # restore and save a cache using this key
@@ -92,7 +105,7 @@ jobs:
      - name: Apply Nix binary cache configuration
        run: |
            sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-            extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
+            extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
            extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
            experimental-features = nix-command flakes
            extra-experimental-features = nix-command flakes
@@ -103,8 +116,8 @@ jobs:
        if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
        run: |
            sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-            extra-substituters = ${{ env.ATTIC_ENDPOINT }}
-            extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
+            extra-substituters = ${ATTIC_ENDPOINT}
+            extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
            EOF

      - name: Prepare build environment
@@ -139,12 +152,12 @@ jobs:
          compression-level: 0

      - name: Upload generated documentation (book) as GitHub Pages artifact
-        if: github.event_name != 'pull_request'
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
        uses: actions/upload-pages-artifact@v3
        with:
          path: public

      - name: Deploy to GitHub Pages
-        if: github.event_name != 'pull_request'
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
        id: deployment
        uses: actions/deploy-pages@v4
@@ -0,0 +1,118 @@
+name: Upload Release Assets
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release'
+        required: true
+        type: string
+      action_id:
+        description: 'Action ID of the CI run'
+        required: true
+        type: string
+
+permissions: {}
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    env:
+      GH_EVENT_NAME: ${{ github.event_name }}
+      GH_EVENT_INPUTS_ACTION_ID: ${{ github.event.inputs.action_id }}
+      GH_EVENT_INPUTS_TAG: ${{ github.event.inputs.tag }}
+      GH_REPOSITORY: ${{ github.repository }}
+      GH_SHA: ${{ github.sha }}
+      GH_TAG: ${{ github.event.release.tag_name }}
+
+    steps:
+      - name: get latest ci id
+        id: get_ci_id
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if [ "${GH_EVENT_NAME}" == "workflow_dispatch" ]; then
+            id="${GH_EVENT_INPUTS_ACTION_ID}"
+            tag="${GH_EVENT_INPUTS_TAG}"
+          else
+            # get all runs of the ci workflow
+            json=$(gh api "repos/${GH_REPOSITORY}/actions/workflows/ci.yml/runs")
+
+            # find first run that is github sha and status is completed
+            id=$(echo "$json" | jq ".workflow_runs[] | select(.head_sha == \"${GH_SHA}\" and .status == \"completed\") | .id" | head -n 1)
+
+            if [ ! "$id" ]; then
+              echo "No completed runs found"
+              echo "ci_id=0" >> "$GITHUB_OUTPUT"
+              exit 0
+            fi
+
+            tag="${GH_TAG}"
+          fi
+
+          echo "ci_id=$id" >> "$GITHUB_OUTPUT"
+          echo "tag=$tag" >> "$GITHUB_OUTPUT"
+
+      - name: get latest ci artifacts
+        if: steps.get_ci_id.outputs.ci_id != 0
+        uses: actions/download-artifact@v4
+        env:
+          GH_TOKEN: ${{ github.token }}
+        with:
+          merge-multiple: true
+          run-id: ${{ steps.get_ci_id.outputs.ci_id }}
+          github-token: ${{ github.token }}
+
+      - run: |
+          ls
+
+      - name: upload release assets
+        if: steps.get_ci_id.outputs.ci_id != 0
+        env:
+          GH_TOKEN: ${{ github.token }}
+          TAG: ${{ steps.get_ci_id.outputs.tag }}
+        run: |
+          for file in $(find . -type f); do
+            case "$file" in
+              *json*) echo "Skipping $file...";;
+              *) echo "Uploading $file..."; gh release upload $TAG "$file" --clobber --repo="${GH_REPOSITORY}" || echo "Something went wrong, skipping.";;
+            esac
+          done
+
+      - name: upload release assets to website
+        if: steps.get_ci_id.outputs.ci_id != 0
+        env:
+          TAG: ${{ steps.get_ci_id.outputs.tag }}
+        run: |
+          mkdir -p -v ~/.ssh
+
+          echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+          echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
+
+          chmod 600 ~/.ssh/id_ed25519
+
+          cat >>~/.ssh/config <<END
+          Host website
+            HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
+            User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
+            IdentityFile ~/.ssh/id_ed25519
+            StrictHostKeyChecking yes
+            AddKeysToAgent no
+            ForwardX11 no
+            BatchMode yes
+          END
+
+          echo "Creating tag directory on web server"
+          ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/"
+          ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/"
+
+          for file in $(find . -type f); do
+            case "$file" in
+              *json*) echo "Skipping $file...";;
+              *) echo "Uploading $file to website"; scp $file website:/var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/$file;;
+            esac
+          done
@@ -1,42 +0,0 @@
-name: Trivy code and vulnerability scanning
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-    tags:
-      - '*'
-  schedule:
-    - cron: '00 12 * * *'
-
-permissions:
-  contents: read
-
-jobs:
-  trivy-scan:
-    name: Trivy Scan
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Trivy code and vulnerability scanner on repo
-        uses: aquasecurity/trivy-action@0.28.0
-        with:
-          scan-type: repo
-          format: sarif
-          output: trivy-results.sarif
-          severity: CRITICAL,HIGH,MEDIUM,LOW
-
-      - name: Run Trivy code and vulnerability scanner on filesystem
-        uses: aquasecurity/trivy-action@0.28.0
-        with:
-          scan-type: fs
-          format: sarif
-          output: trivy-results.sarif
-          severity: CRITICAL,HIGH,MEDIUM,LOW
@@ -30,7 +30,7 @@ modules.xml
 .nfs*

 # Rust
-/target/
+/target

 ### vscode ###
 .vscode/*
@@ -12,8 +12,8 @@ variables:
  TRANSFER_METER_FREQUENCY: 5s
  NIX_CONFIG: |
    show-trace = true
-    extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org
-    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+    extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://conduwuit.cachix.org
+    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
    experimental-features = nix-command flakes
    extra-experimental-features = nix-command flakes
    accept-flake-config = true
@@ -45,10 +45,6 @@ before_script:
  - if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi

-  # Add Lix binary cache
-  - if command -v nix > /dev/null; then echo "extra-substituters = https://cache.lix.systems" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" >> /etc/nix/nix.conf; fi
-
  # Add crane binary cache
  - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi
@@ -131,7 +131,8 @@ allowed to be licenced under the Apache-2.0 licence and all of your conduct is
 in line with the Contributor's Covenant, and conduwuit's Code of Conduct.

 Contribution by users who violate either of these code of conducts will not have
-their contributions accepted.
+their contributions accepted. This includes users who have been banned from
+conduwuit Matrix rooms for Code of Conduct violations.

 [issues]: https://github.com/girlbossceo/conduwuit/issues
 [conduwuit-matrix]: https://matrix.to/#/#conduwuit:puppygock.gay
@@ -7,35 +7,47 @@ default-members = ["src/*"]

 [workspace.package]
 authors = [
-    "strawberry <strawberry@puppygock.gay>",
-    "timokoesters <timo@koesters.xyz>",
+    "June Clementine Strawberry <june@girlboss.ceo>",
+    "strawberry <strawberry@puppygock.gay>", # woof
+    "Jason Volk <jason@zemos.net>",
 ]
 categories = ["network-programming"]
-description = "a very cool fork of Conduit, a Matrix homeserver written in Rust"
+description = "a very cool Matrix chat homeserver written in Rust"
 edition = "2021"
 homepage = "https://conduwuit.puppyirl.gay/"
-keywords = ["chat", "matrix", "server", "uwu"]
+keywords = ["chat", "matrix", "networking", "server", "uwu"]
 license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://github.com/girlbossceo/conduwuit"
-rust-version = "1.82.0"
-version = "0.4.7"
+rust-version = "1.84.0"
+version = "0.5.0"

 [workspace.metadata.crane]
-name = "conduit"
+name = "conduwuit"

 [workspace.dependencies.arrayvec]
 version = "0.7.4"
+features = ["serde"]
+
+[workspace.dependencies.smallvec]
+version = "1.13.2"
+features = [
+	"const_generics",
+	"const_new",
+	"serde",
+	"union",
+	"write",
+]

 [workspace.dependencies.const-str]
 version = "0.5.7"

 [workspace.dependencies.ctor]
-version = "0.2.8"
+version = "0.2.9"

 [workspace.dependencies.cargo_toml]
-version = "0.20"
+version = "0.21"
 default-features = false
 features = ["features"]

@@ -45,20 +57,16 @@ default-features = false
 features = ["parse"]

 [workspace.dependencies.sanitize-filename]
-version = "0.5.0"
-
-[workspace.dependencies.jsonwebtoken]
-version = "9.3.0"
+version = "0.6.0"

 [workspace.dependencies.base64]
 version = "0.22.1"
+default-features = false

 # used for TURN server authentication
 [workspace.dependencies.hmac]
 version = "0.12.1"
-
-[workspace.dependencies.sha-1]
-version = "0.10.1"
+default-features = false

 # used for checking if an IP is in specific subnets / CIDR ranges easier
 [workspace.dependencies.ipaddress]
@@ -69,19 +77,19 @@ version = "0.8.5"

 # Used for the http request / response body type for Ruma endpoints used with reqwest
 [workspace.dependencies.bytes]
-version = "1.7.2"
+version = "1.9.0"

 [workspace.dependencies.http-body-util]
-version = "0.1.1"
+version = "0.1.2"

 [workspace.dependencies.http]
-version = "1.1.0"
+version = "1.2.0"

 [workspace.dependencies.regex]
-version = "1.10.6"
+version = "1.11.1"

 [workspace.dependencies.axum]
-version = "0.7.5"
+version = "0.7.9"
 default-features = false
 features = [
 	"form",
@@ -94,7 +102,7 @@ features = [
 ]

 [workspace.dependencies.axum-extra]
-version = "0.9.3"
+version = "0.9.6"
 default-features = false
 features = ["typed-header", "tracing"]

@@ -115,23 +123,26 @@ default-features = false
 features = ["util"]

 [workspace.dependencies.tower-http]
-version = "0.6.0"
+version = "0.6.2"
 default-features = false
 features = [
    "add-extension",
+    "catch-panic",
    "cors",
    "sensitive-headers",
    "set-header",
+    "timeout",
    "trace",
    "util",
-    "catch-panic",
 ]

 [workspace.dependencies.rustls]
-version = "0.23.13"
+version = "0.23.19"
+default-features = false
+features = ["aws_lc_rs"]

 [workspace.dependencies.reqwest]
-version = "0.12.8"
+version = "0.12.9"
 default-features = false
 features = [
 	"rustls-tls-native-roots",
@@ -141,12 +152,12 @@ features = [
 ]

 [workspace.dependencies.serde]
-version = "1.0.209"
+version = "1.0.216"
 default-features = false
 features = ["rc"]

 [workspace.dependencies.serde_json]
-version = "1.0.124"
+version = "1.0.133"
 default-features = false
 features = ["raw_value"]

@@ -168,9 +179,9 @@ version = "0.5.3"
 features = ["alloc", "rand"]
 default-features = false

-# Used to generate thumbnails for images
+# Used to generate thumbnails for images & blurhashes
 [workspace.dependencies.image]
-version = "0.25.1"
+version = "0.25.5"
 default-features = false
 features = [
 	"jpeg",
@@ -179,43 +190,55 @@ features = [
 	"webp",
 ]

+[workspace.dependencies.blurhash]
+version = "0.2.3"
+default-features = false
+features = [
+	"fast-linear-to-srgb",
+	"image",
+]
+
 # logging
 [workspace.dependencies.log]
-version = "0.4.21"
+version = "0.4.22"
 default-features = false
 [workspace.dependencies.tracing]
-version = "0.1.40"
+version = "0.1.41"
 default-features = false
 [workspace.dependencies.tracing-subscriber]
-version = "0.3.18"
-features = ["env-filter"]
+version = "=0.3.18"
+default-features = false
+features = ["env-filter", "std", "tracing", "tracing-log", "ansi", "fmt"]
 [workspace.dependencies.tracing-core]
-version = "0.1.32"
+version = "0.1.33"
+default-features = false

 # for URL previews
 [workspace.dependencies.webpage]
 version = "2.0.1"
 default-features = false

-# used for conduit's CLI and admin room command parsing
+# used for conduwuit's CLI and admin room command parsing
 [workspace.dependencies.clap]
-version = "4.5.20"
+version = "4.5.23"
 default-features = false
 features = [
-	"std",
 	"derive",
-	"help",
-	"usage",
+	"env",
 	"error-context",
+	"help",
+	"std",
 	"string",
+	"usage",
 ]

-[workspace.dependencies.futures-util]
+[workspace.dependencies.futures]
 version = "0.3.30"
 default-features = false
+features = ["std", "async-await"]

 [workspace.dependencies.tokio]
-version = "1.40.0"
+version = "1.42.0"
 default-features = false
 features = [
 	"fs",
@@ -226,17 +249,18 @@ features = [
 	"time",
 	"rt-multi-thread",
 	"io-util",
+	"tracing",
 ]

 [workspace.dependencies.tokio-metrics]
-version = "0.3.1"
+version = "0.4.0"

 [workspace.dependencies.libloading]
-version = "0.8.5"
+version = "0.8.6"

 # Validating urls in config, was already a transitive dependency
 [workspace.dependencies.url]
-version = "2.5.0"
+version = "2.5.4"
 default-features = false
 features = ["serde"]

@@ -247,7 +271,7 @@ features = ["alloc", "std"]
 default-features = false

 [workspace.dependencies.hyper]
-version = "1.5.0"
+version = "1.5.1"
 default-features = false
 features = [
 	"server",
@@ -256,40 +280,40 @@ features = [
 ]

 [workspace.dependencies.hyper-util]
-# 0.1.9 causes DNS issues
+# hyper-util >=0.1.9 seems to have DNS issues
 version = "=0.1.8"
 default-features = false
 features = [
-	"client",
 	"server-auto",
 	"server-graceful",
-	"service",
 	"tokio",
 ]

 # to support multiple variations of setting a config option
 [workspace.dependencies.either]
-version = "1.11.0"
+version = "1.13.0"
 default-features = false
 features = ["serde"]

 # Used for reading the configuration from conduwuit.toml & environment variables
 [workspace.dependencies.figment]
-version = "0.10.18"
+version = "0.10.19"
 default-features = false
 features = ["env", "toml"]

 [workspace.dependencies.hickory-resolver]
-version = "0.24.1"
+version = "0.24.2"
 default-features = false

-# Used for conduit::Error type
+# Used for conduwuit::Error type
 [workspace.dependencies.thiserror]
-version = "1.0.63"
+version = "2.0.7"
+default-features = false

 # Used when hashing the state
 [workspace.dependencies.ring]
 version = "0.17.8"
+default-features = false

 # Used to make working with iterators easier, was already a transitive depdendency
 [workspace.dependencies.itertools]
@@ -300,12 +324,16 @@ version = "0.13.0"
 [workspace.dependencies.cyborgtime]
 version = "2.1.1"

-# used to replace the channels of the tokio runtime
+# used for MPSC channels
 [workspace.dependencies.loole]
-version = "0.3.1"
+version = "0.4.0"
+
+# used for MPMC channels
+[workspace.dependencies.async-channel]
+version = "2.3.1"

 [workspace.dependencies.async-trait]
-version = "0.1.81"
+version = "0.1.83"

 [workspace.dependencies.lru-cache]
 version = "0.1.2"
@@ -314,7 +342,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://github.com/girlbossceo/ruwuma"
 #branch = "conduwuit-changes"
-rev = "9900d0676564883cfade556d6e8da2a2c9061efd"
+rev = "f5667c6292adb43fbe4725d31d6b5127a0cf60ce"
 features = [
    "compat",
    "rand",
@@ -327,9 +355,9 @@ features = [
    "server-util",
    "unstable-exhaustive-types",
    "ring-compat",
+    "compat-upload-signatures",
    "identifiers-validation",
    "unstable-unspecified",
-    "unstable-msc2409",
    "unstable-msc2448",
    "unstable-msc2666",
    "unstable-msc2867",
@@ -345,6 +373,8 @@ features = [
    "unstable-msc4121",
    "unstable-msc4125",
    "unstable-msc4186",
+    "unstable-msc4203", # sending to-device events to appservices 
+    "unstable-msc4210", # remove legacy mentions
    "unstable-extensible-events",
 ]

@@ -360,9 +390,13 @@ features = [
 	"bzip2",
 ]

-# optional SHA256 media keys feature
 [workspace.dependencies.sha2]
 version = "0.10.8"
+default-features = false
+
+[workspace.dependencies.sha1]
+version = "0.10.6"
+default-features = false

 # optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
 [workspace.dependencies.opentelemetry]
@@ -384,7 +418,7 @@ features = ["rt-tokio"]

 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.34.0"
+version = "0.35.0"
 default-features = false
 features = [
    "backtrace",
@@ -400,24 +434,30 @@ features = [
 ]

 [workspace.dependencies.sentry-tracing]
-version = "0.34.0"
+version = "0.35.0"
 [workspace.dependencies.sentry-tower]
-version = "0.34.0"
+version = "0.35.0"

 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
 git = "https://github.com/girlbossceo/jemallocator"
-rev = "d87938bfddc26377dd7fdf14bbcd345f3ab19442"
+rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
-features = ["unprefixed_malloc_on_supported_platforms"]
+features = [
+	"background_threads_runtime_support",
+	"unprefixed_malloc_on_supported_platforms",
+]
 [workspace.dependencies.tikv-jemallocator]
 git = "https://github.com/girlbossceo/jemallocator"
-rev = "d87938bfddc26377dd7fdf14bbcd345f3ab19442"
+rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
-features = ["unprefixed_malloc_on_supported_platforms"]
+features = [
+	"background_threads_runtime_support",
+	"unprefixed_malloc_on_supported_platforms",
+]
 [workspace.dependencies.tikv-jemalloc-ctl]
 git = "https://github.com/girlbossceo/jemallocator"
-rev = "d87938bfddc26377dd7fdf14bbcd345f3ab19442"
+rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = ["use_std"]

@@ -430,7 +470,8 @@ default-features = false
 features = ["resource"]

 [workspace.dependencies.sd-notify]
-version = "0.4.1"
+version = "0.4.3"
+default-features = false

 [workspace.dependencies.hardened_malloc-rs]
 version = "0.1.2"
@@ -446,23 +487,42 @@ version = "0.4.3"
 default-features = false

 [workspace.dependencies.termimad]
-version = "0.30.1"
+version = "0.31.1"
 default-features = false

 [workspace.dependencies.checked_ops]
 version = "0.1"

 [workspace.dependencies.syn]
-version = "2.0.76"
+version = "2.0.90"
 default-features = false
 features = ["full", "extra-traits"]

 [workspace.dependencies.quote]
-version = "1.0.36"
+version = "1.0.37"

 [workspace.dependencies.proc-macro2]
 version = "1.0.89"

+[workspace.dependencies.bytesize]
+version = "1.3.0"
+
+[workspace.dependencies.core_affinity]
+version = "0.8.1"
+
+[workspace.dependencies.libc]
+version = "0.2"
+
+[workspace.dependencies.num-traits]
+version = "0.2"
+
+[workspace.dependencies.minicbor]
+version = "0.25.1"
+features = ["std"]
+
+[workspace.dependencies.minicbor-serde]
+version = "0.3.2"
+features = ["std"]

 #
 # Patches
@@ -473,59 +533,71 @@ version = "1.0.89"
 # https://github.com/girlbossceo/tracing/commit/b348dca742af641c47bc390261f60711c2af573c
 [patch.crates-io.tracing-subscriber]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
 [patch.crates-io.tracing]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
 [patch.crates-io.tracing-core]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
 [patch.crates-io.tracing-log]
 git = "https://github.com/girlbossceo/tracing"
-rev = "4d78a14a5e03f539b8c6b475aefa08bb14e4de91"
+rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"

 # adds a tab completion callback: https://github.com/girlbossceo/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50
 # adds event for CTRL+\: https://github.com/girlbossceo/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b
 [patch.crates-io.rustyline-async]
 git = "https://github.com/girlbossceo/rustyline-async"
-rev = "9654cc84e19241f6e19021eb8e677892656f5071"
+rev = "deaeb0694e2083f53d363b648da06e10fc13900c"
+
+# adds LIFO queue scheduling; this should be updated with PR progress.
+[patch.crates-io.event-listener]
+git = "https://github.com/girlbossceo/event-listener"
+rev = "fe4aebeeaae435af60087ddd56b573a2e0be671d"
+[patch.crates-io.async-channel]
+git = "https://github.com/girlbossceo/async-channel"
+rev = "92e5e74063bf2a3b10414bcc8a0d68b235644280"
+
+[patch.crates-io.core_affinity]
+git = "https://github.com/girlbossceo/core_affinity_rs"
+rev = "9c8e51510c35077df888ee72a36b4b05637147da"

 #
 # Our crates
 #

-[workspace.dependencies.conduit-router]
-package = "conduit_router"
+[workspace.dependencies.conduwuit-router]
+package = "conduwuit_router"
 path = "src/router"
 default-features = false

-[workspace.dependencies.conduit-admin]
-package = "conduit_admin"
+[workspace.dependencies.conduwuit-admin]
+package = "conduwuit_admin"
 path = "src/admin"
 default-features = false

-[workspace.dependencies.conduit-api]
-package = "conduit_api"
+[workspace.dependencies.conduwuit-api]
+package = "conduwuit_api"
 path = "src/api"
 default-features = false

-[workspace.dependencies.conduit-service]
-package = "conduit_service"
+[workspace.dependencies.conduwuit-service]
+package = "conduwuit_service"
 path = "src/service"
 default-features = false

-[workspace.dependencies.conduit-database]
-package = "conduit_database"
+[workspace.dependencies.conduwuit-database]
+package = "conduwuit_database"
 path = "src/database"
 default-features = false

-[workspace.dependencies.conduit-core]
-package = "conduit_core"
+[workspace.dependencies.conduwuit-core]
+package = "conduwuit_core"
 path = "src/core"
 default-features = false

-[workspace.dependencies.conduit-macros]
-package = "conduit_macros"
+[workspace.dependencies.conduwuit-macros]
+package = "conduwuit_macros"
 path = "src/macros"
 default-features = false

@@ -584,7 +656,7 @@ codegen-units = 32
 #	'-Clink-arg=-Wl,--no-gc-sections',
 #]

-[profile.release-max-perf.package.conduit_macros]
+[profile.release-max-perf.package.conduwuit_macros]
 inherits = "release-max-perf.build-override"
 #rustflags = [
 #	'-Crelocation-model=pic',
@@ -617,9 +689,8 @@ opt-level = 0
 panic = "unwind"
 debug-assertions = true
 incremental = true
-codegen-units = 64
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Zvalidate-mir=false',
@@ -636,11 +707,11 @@ codegen-units = 64
 #	'-Clink-arg=-Wl,-z,lazy',
 #]

-[profile.dev.package.conduit_core]
+[profile.dev.package.conduwuit_core]
 inherits = "dev"
 incremental = false
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Ztls-model=initial-exec',
@@ -657,11 +728,10 @@ incremental = false
 #	'-Clink-arg=-Wl,-z,nodelete',
 #]

-[profile.dev.package.conduit]
+[profile.dev.package.conduwuit]
 inherits = "dev"
-incremental = false
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Zvalidate-mir=false',
@@ -683,7 +753,7 @@ incremental = false
 codegen-units = 1
 opt-level = 'z'
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztls-model=initial-exec',
 #	'-Cprefer-dynamic=true',
 #	'-Zstaticlib-prefer-dynamic=true',
@@ -704,7 +774,7 @@ incremental = false
 codegen-units = 1
 opt-level = 'z'
 #rustflags = [
-#	'--cfg', 'conduit_mods',
+#	'--cfg', 'conduwuit_mods',
 #	'-Ztls-model=global-dynamic',
 #	'-Cprefer-dynamic=true',
 #	'-Zstaticlib-prefer-dynamic=true',
@@ -771,6 +841,7 @@ unused-qualifications = "warn"
 #unused-results = "warn"                                             # TODO

 ## some sadness
+elided_named_lifetimes = "allow"                                     # TODO!
 let_underscore_drop = "allow"
 missing_docs = "allow"
 # cfgs cannot be limited to expected cfgs or their de facto non-transitive/opt-in use-case e.g.
@@ -822,12 +893,14 @@ enum_glob_use = { level = "allow", priority = 1 }
 if_not_else = { level = "allow", priority = 1 }
 if_then_some_else_none = { level = "allow", priority = 1 }
 inline_always = { level = "allow", priority = 1 }
+match_bool = { level = "allow", priority = 1 }
 missing_docs_in_private_items = { level = "allow", priority = 1 }
 missing_errors_doc = { level = "allow", priority = 1 }
 missing_panics_doc = { level = "allow", priority = 1 }
 module_name_repetitions = { level = "allow", priority = 1 }
 no_effect_underscore_binding = { level = "allow", priority = 1 }
 similar_names = { level = "allow", priority = 1 }
+single_match_else = { level = "allow", priority = 1 }
 struct_field_names = { level = "allow", priority = 1 }
 unnecessary_wraps = { level = "allow", priority = 1 }
 unused_async = { level = "allow", priority = 1 }
@@ -1,31 +1,29 @@
 # conduwuit

-`main`: [![CI and
-Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)
+[![conduwuit main room](https://img.shields.io/matrix/conduwuit%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit:puppygock.gay) [![conduwuit space](https://img.shields.io/matrix/conduwuit-space%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit-space%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit-space:puppygock.gay) [![CI and Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)

 <!-- ANCHOR: catchphrase -->

-### a very cool, featureful fork of [Conduit](https://conduit.rs/)
+### a very cool [Matrix](https://matrix.org/) chat homeserver written in Rust

 <!-- ANCHOR_END: catchphrase -->

 Visit the [conduwuit documentation](https://conduwuit.puppyirl.gay/) for more
-information.
+information and how to deploy/setup conduwuit.

 <!-- ANCHOR: body -->

 #### What is Matrix?

-[Matrix](https://matrix.org) is an open network for secure and decentralized
-communication. Users from every Matrix homeserver can chat with users from all
-other Matrix servers. You can even use bridges (also called Matrix Appservices)
-to communicate with users outside of Matrix, like a community on Discord.
+[Matrix](https://matrix.org) is an open, federated, and extensible network for
+decentralised communication. Users from any Matrix homeserver can chat with users from all
+other homeservers over federation. Matrix is designed to be extensible and built on top of.
+You can even use bridges such as Matrix Appservices to communicate with users outside of Matrix, like a community on Discord.

 #### What is the goal?

-A high-performance and efficient Matrix homeserver that's easy to set up and
-just works. You can install it on a mini-computer like the Raspberry Pi to
-host Matrix for your family, friends or company.
+A high-performance, efficient, low-cost, and featureful Matrix homeserver that's
+easy to set up and just works with minimal configuration needed.

 #### Can I try it out?

@@ -38,17 +36,22 @@ homeserver". This means there are rules, so please read the rules:
 [https://transfem.dev/homeserver_rules.txt](https://transfem.dev/homeserver_rules.txt)

 transfem.dev is also listed at
-[servers.joinmatrix.org](https://servers.joinmatrix.org/)
+[servers.joinmatrix.org](https://servers.joinmatrix.org/), which is a list of
+popular public Matrix homeservers, including some others that run conduwuit.

 #### What is the current status?

-conduwuit is technically a hard fork of Conduit, which is in Beta. The Beta status
-initially was inherited from Conduit, however overtime this Beta status is rapidly
-becoming less and less relevant as our codebase significantly diverges more and more.
+conduwuit is technically a hard fork of [Conduit](https://conduit.rs/), which is in beta.
+The beta status initially was inherited from Conduit, however the huge amount of
+codebase divergance, changes, fixes, and improvements have effectively made this
+beta status not entirely applicable to us anymore.

-conduwuit is quite stable and very usable as a daily driver and for a low-medium
-sized homeserver. There is still a lot of more work to be done, but it is in a far
-better place than the project was in early 2024.
+conduwuit is very stable based on our rapidly growing userbase, has lots of features that users
+expect, and very usable as a daily driver for small, medium, and upper-end medium sized homeservers.
+
+A lot of critical stability and performance issues have been fixed, and a lot of
+necessary groundwork has finished; making this project way better than it was
+back in the start at ~early 2024.

 #### How is conduwuit funded? Is conduwuit sustainable?

@@ -63,7 +66,26 @@ and we have no plans in stopping or slowing down any time soon!

 conduwuit is a complete drop-in replacement for Conduit. As long as you are using RocksDB,
 the only "migration" you need to do is replace the binary or container image. There
-is no harm or additional steps required for using conduwuit.
+is no harm or additional steps required for using conduwuit. See the
+[Migrating from Conduit](https://conduwuit.puppyirl.gay/deploying/generic.html#migrating-from-conduit) section
+on the generic deploying guide.
+
+Note that as of conduwuit version 0.5.0, backwards compatibility with Conduit is
+no longer supported. We only support migrating *from* Conduit, not back to
+Conduit like before. If you are truly finding yourself wanting to migrate back
+to Conduit, we would appreciate all your feedback and if we can assist with
+any issues or concerns.
+
+#### Can I migrate from Synapse or Dendrite?
+
+Currently there is no known way to seamlessly migrate all user data from the old
+homeserver to conduwuit. However it is perfectly acceptable to replace the old
+homeserver software with conduwuit using the same server name and there will not
+be any issues with federation.
+
+There is an interest in developing a built-in seamless user data migration
+method into conduwuit, however there is no concrete ETA or timeline for this.
+

 <!-- ANCHOR_END: body -->

@@ -71,10 +93,20 @@ is no harm or additional steps required for using conduwuit.

 #### Contact

-If you run into any question, feel free to
+[`#conduwuit:puppygock.gay`](https://matrix.to/#/#conduwuit:puppygock.gay)
+is the official project Matrix room. You can get support here, ask questions or
+concerns, get assistance setting up conduwuit, etc.

- Ask us in `#conduwuit:puppygock.gay` on Matrix
- [Open an issue on GitHub](https://github.com/girlbossceo/conduwuit/issues/new)
+This room should stay relevant and focused on conduwuit. An offtopic general
+chatter room can be found there as well.
+
+Please keep the issue trackers focused on bug reports and enhancement requests.
+General support is extremely difficult to be offered over an issue tracker, and
+simple questions should be asked directly in an interactive platform like our
+Matrix room above as they can turn into a relevant discussion and/or may not be
+simple to answer. If you're not sure, just ask in the Matrix room.
+
+If you have a bug or feature to request: [Open an issue on GitHub](https://github.com/girlbossceo/conduwuit/issues/new)

 #### Donate

@@ -82,15 +114,17 @@ conduwuit development is purely made possible by myself and contributors. I do
 not get paid to work on this, and I work on it in my free time. Donations are
 heavily appreciated! 💜🥺

- Liberapay: <https://liberapay.com/girlbossceo>
- Ko-fi (note they take a fee): <https://ko-fi.com/puppygock>
- GitHub Sponsors: <https://github.com/sponsors/girlbossceo>
+- Liberapay (preferred): <https://liberapay.com/girlbossceo>
+- GitHub Sponsors (preferred): <https://github.com/sponsors/girlbossceo>
+- Ko-fi: <https://ko-fi.com/puppygock>
+
+I do not and will not accept cryptocurrency donations, including things related.

 #### Logo

 Original repo and Matrix room picture was from bran (<3). Current banner image
 and logo is directly from [this cohost
-post](https://cohost.org/RatBaby/post/1028290-finally-a-flag-for).
+post](https://web.archive.org/web/20241126004041/https://cohost.org/RatBaby/post/1028290-finally-a-flag-for).

 #### Is it conduwuit or Conduwuit?

@@ -98,11 +132,15 @@ Both, but I prefer conduwuit.

 #### Mirrors of conduwuit

+If GitHub is unavailable in your country, or has poor connectivity, conduwuit's
+source code is mirrored onto the following additional platforms I maintain:
+
 - GitHub: <https://github.com/girlbossceo/conduwuit>
 - GitLab: <https://gitlab.com/conduwuit/conduwuit>
 - git.girlcock.ceo: <https://git.girlcock.ceo/strawberry/conduwuit>
 - git.gay: <https://git.gay/june/conduwuit>
- Codeberg: <https://codeberg.org/girlbossceo/conduwuit>
+- mau.dev: <https://mau.dev/june/conduwuit>
+- Codeberg: <https://codeberg.org/arf/conduwuit>
 - sourcehut: <https://git.sr.ht/~girlbossceo/conduwuit>

 <!-- ANCHOR_END: footer -->
@@ -1,12 +1,26 @@
 [Unit]
 Description=conduwuit Matrix homeserver
-After=network.target
+Wants=network-online.target
+After=network-online.target
 Documentation=https://conduwuit.puppyirl.gay/
 RequiresMountsFor=/var/lib/private/conduwuit

 [Service]
 DynamicUser=yes
-Type=notify
+Type=notify-reload
+ReloadSignal=SIGUSR1
+
+TTYPath=/dev/tty25
+DeviceAllow=char-tty
+StandardInput=tty-force
+StandardOutput=tty
+StandardError=journal+console
+TTYReset=yes
+# uncomment to allow buffer to be cleared every restart
+TTYVTDisallocate=no
+
+TTYColumns=120
+TTYRows=40

 AmbientCapabilities=
 CapabilityBoundingSet=
@@ -18,7 +18,7 @@ RESULTS_FILE="$3"
 OCI_IMAGE="complement-conduwuit:main"

 # Complement tests that are skipped due to flakiness/reliability issues
-SKIPPED_COMPLEMENT_TESTS='-skip=TestClientSpacesSummary.*|TestJoinFederatedRoomFromApplicationServiceBridgeUser.*|TestJumpToDateEndpoint.*'
+SKIPPED_COMPLEMENT_TESTS='-skip=TestClientSpacesSummary.*|TestJoinFederatedRoomFromApplicationServiceBridgeUser.*|TestJumpToDateEndpoint.*|TestUnbanViaInvite.*'

 # $COMPLEMENT_SRC needs to be a directory to Complement source code
 if [ -f "$COMPLEMENT_SRC" ]; then
@@ -34,7 +34,8 @@ toplevel="$(git rev-parse --show-toplevel)"

 pushd "$toplevel" > /dev/null

-bin/nix-build-and-cache just .#linux-complement
+#bin/nix-build-and-cache just .#linux-complement
+bin/nix-build-and-cache just .#complement

 docker load < result
 popd > /dev/null
@@ -2,6 +2,18 @@ array-size-threshold = 4096
 cognitive-complexity-threshold = 94         # TODO reduce me ALARA
 excessive-nesting-threshold = 11            # TODO reduce me to 4 or 5
 future-size-threshold = 7745                # TODO reduce me ALARA
-stack-size-threshold = 144000               # reduce me ALARA
-too-many-lines-threshold = 700              # TODO reduce me to <= 100
+stack-size-threshold = 196608               # reduce me ALARA
+too-many-lines-threshold = 780              # TODO reduce me to <= 100
 type-complexity-threshold = 250             # reduce me to ~200
+
+disallowed-macros = [
+	{ path = "log::error", reason = "use conduwuit_core::error" },
+	{ path = "log::warn", reason = "use conduwuit_core::warn" },
+	{ path = "log::info", reason = "use conduwuit_core::info" },
+	{ path = "log::debug", reason = "use conduwuit_core::debug" },
+	{ path = "log::trace", reason = "use conduwuit_core::trace" },
+]
+
+disallowed-methods = [
+    { path = "tokio::spawn", reason = "use and pass conduuwit_core::server::Server::runtime() to spawn from" },
+]
@@ -1,17 +1,24 @@
 # conduwuit for Debian

-Information about downloading and deploying the Debian package. This may also be referenced for other `apt`-based distros such as Ubuntu.
+Information about downloading and deploying the Debian package. This may also be
+referenced for other `apt`-based distros such as Ubuntu.

 ### Installation

-It is recommended to see the [generic deployment guide](../deploying/generic.md) for further information if needed as usage of the Debian package is generally related.
+It is recommended to see the [generic deployment guide](../deploying/generic.md)
+for further information if needed as usage of the Debian package is generally
+related.
+
+No `apt` repository is currently offered yet, it is in the works/development.

 ### Configuration

-When installed, the example config is placed at `/etc/conduwuit/conduwuit.toml` as the default config. At the minimum, you will need to change your `server_name` here.
+When installed, the example config is placed at `/etc/conduwuit/conduwuit.toml`
+as the default config. The config mentions things required to be changed before
+starting.

-You can tweak more detailed settings by uncommenting and setting the config options
-in `/etc/conduwuit/conduwuit.toml`.
+You can tweak more detailed settings by uncommenting and setting the config
+options in `/etc/conduwuit/conduwuit.toml`.

 ### Running

@@ -1,13 +1,27 @@
 [Unit]
 Description=conduwuit Matrix homeserver
-Documentation=https://conduwuit.puppyirl.gay/
+Wants=network-online.target
 After=network-online.target
+Documentation=https://conduwuit.puppyirl.gay/

 [Service]
 DynamicUser=yes
 User=conduwuit
 Group=conduwuit
-Type=notify
+Type=notify-reload
+ReloadSignal=SIGUSR1
+
+TTYPath=/dev/tty25
+DeviceAllow=char-tty
+StandardInput=tty-force
+StandardOutput=tty
+StandardError=journal+console
+TTYReset=yes
+# uncomment to allow buffer to be cleared every restart
+TTYVTDisallocate=no
+
+TTYColumns=120
+TTYRows=40

 Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"

@@ -10,21 +10,33 @@ CONDUWUIT_DATABASE_PATH_SYMLINK=/var/lib/matrix-conduit
 case $1 in
  purge)
    # Remove debconf changes from the db
-    db_purge
+    #db_purge

    # Per https://www.debian.org/doc/debian-policy/ch-files.html#behavior
    # "configuration files must be preserved when the package is removed, and
    #  only deleted when the package is purged."
+
+    #
+
    if [ -d "$CONDUWUIT_CONFIG_PATH" ]; then
-      rm -v -r "$CONDUWUIT_CONFIG_PATH"
+      if test -L "$CONDUWUIT_CONFIG_PATH"; then
+        echo "Deleting conduwuit configuration files"
+        rm -v -r "$CONDUWUIT_CONFIG_PATH"
+      fi
    fi

    if [ -d "$CONDUWUIT_DATABASE_PATH" ]; then
-      rm -v -r "$CONDUWUIT_DATABASE_PATH"
+      if test -L "$CONDUWUIT_DATABASE_PATH"; then
+        echo "Deleting conduwuit database directory"
+        rm -r "$CONDUWUIT_DATABASE_PATH"
+      fi
    fi

    if [ -d "$CONDUWUIT_DATABASE_PATH_SYMLINK" ]; then
-      rm -v -r "$CONDUWUIT_DATABASE_PATH_SYMLINK"
+      if test -L "$CONDUWUIT_DATABASE_SYMLINK"; then
+        echo "Removing matrix-conduit symlink"
+        rm -r "$CONDUWUIT_DATABASE_PATH_SYMLINK"
+      fi
    fi
    ;;
 esac
@@ -27,7 +27,7 @@ malloc-usable-size = ["rust-rocksdb/malloc-usable-size"]

 [dependencies.rust-rocksdb]
 git = "https://github.com/girlbossceo/rust-rocksdb-zaidoon1"
-rev = "c1e5523eae095a893deaf9056128c7dbc2d5fd73"
+rev = "7b0e1bbe395a41ba8a11347a4921da590e3ad0d9"
 #branch = "master"
 default-features = false

@@ -1,61 +1,62 @@
 pub use rust_rocksdb::*;

-#[cfg_attr(not(conduit_mods), link(name = "rocksdb"))]
-#[cfg_attr(conduit_mods, link(name = "rocksdb", kind = "static"))]
-extern "C" {
-	pub fn rocksdb_list_column_families();
-	pub fn rocksdb_logger_create_stderr_logger();
-	pub fn rocksdb_options_set_info_log();
-	pub fn rocksdb_get_options_from_string();
-	pub fn rocksdb_writebatch_create();
-	pub fn rocksdb_writebatch_destroy();
-	pub fn rocksdb_writebatch_put_cf();
-	pub fn rocksdb_writebatch_delete_cf();
-	pub fn rocksdb_iter_value();
-	pub fn rocksdb_iter_seek_to_last();
-	pub fn rocksdb_iter_seek_for_prev();
-	pub fn rocksdb_iter_seek_to_first();
-	pub fn rocksdb_iter_next();
-	pub fn rocksdb_iter_prev();
-	pub fn rocksdb_iter_seek();
-	pub fn rocksdb_iter_valid();
-	pub fn rocksdb_iter_get_error();
-	pub fn rocksdb_iter_key();
-	pub fn rocksdb_iter_destroy();
-	pub fn rocksdb_livefiles();
-	pub fn rocksdb_livefiles_count();
-	pub fn rocksdb_livefiles_destroy();
-	pub fn rocksdb_livefiles_column_family_name();
-	pub fn rocksdb_livefiles_name();
-	pub fn rocksdb_livefiles_size();
-	pub fn rocksdb_livefiles_level();
-	pub fn rocksdb_livefiles_smallestkey();
-	pub fn rocksdb_livefiles_largestkey();
-	pub fn rocksdb_livefiles_entries();
-	pub fn rocksdb_livefiles_deletions();
-	pub fn rocksdb_put_cf();
-	pub fn rocksdb_delete_cf();
-	pub fn rocksdb_get_pinned_cf();
-	pub fn rocksdb_create_column_family();
-	pub fn rocksdb_get_latest_sequence_number();
-	pub fn rocksdb_batched_multi_get_cf();
-	pub fn rocksdb_cancel_all_background_work();
-	pub fn rocksdb_repair_db();
-	pub fn rocksdb_list_column_families_destroy();
-	pub fn rocksdb_flush();
-	pub fn rocksdb_flush_wal();
-	pub fn rocksdb_open_column_families();
-	pub fn rocksdb_open_for_read_only_column_families();
-	pub fn rocksdb_open_as_secondary_column_families();
-	pub fn rocksdb_open_column_families_with_ttl();
-	pub fn rocksdb_open();
-	pub fn rocksdb_open_for_read_only();
-	pub fn rocksdb_open_with_ttl();
-	pub fn rocksdb_open_as_secondary();
-	pub fn rocksdb_write();
-	pub fn rocksdb_create_iterator_cf();
-	pub fn rocksdb_backup_engine_create_new_backup_flush();
-	pub fn rocksdb_backup_engine_options_create();
-	pub fn rocksdb_write_buffer_manager_destroy();
-	pub fn rocksdb_options_set_ttl();
+#[cfg_attr(not(conduwuit_mods), link(name = "rocksdb"))]
+#[cfg_attr(conduwuit_mods, link(name = "rocksdb", kind = "static"))]
+unsafe extern "C" {
+	pub unsafe fn rocksdb_list_column_families();
+	pub unsafe fn rocksdb_logger_create_stderr_logger();
+	pub unsafe fn rocksdb_logger_create_callback_logger();
+	pub unsafe fn rocksdb_options_set_info_log();
+	pub unsafe fn rocksdb_get_options_from_string();
+	pub unsafe fn rocksdb_writebatch_create();
+	pub unsafe fn rocksdb_writebatch_destroy();
+	pub unsafe fn rocksdb_writebatch_put_cf();
+	pub unsafe fn rocksdb_writebatch_delete_cf();
+	pub unsafe fn rocksdb_iter_value();
+	pub unsafe fn rocksdb_iter_seek_to_last();
+	pub unsafe fn rocksdb_iter_seek_for_prev();
+	pub unsafe fn rocksdb_iter_seek_to_first();
+	pub unsafe fn rocksdb_iter_next();
+	pub unsafe fn rocksdb_iter_prev();
+	pub unsafe fn rocksdb_iter_seek();
+	pub unsafe fn rocksdb_iter_valid();
+	pub unsafe fn rocksdb_iter_get_error();
+	pub unsafe fn rocksdb_iter_key();
+	pub unsafe fn rocksdb_iter_destroy();
+	pub unsafe fn rocksdb_livefiles();
+	pub unsafe fn rocksdb_livefiles_count();
+	pub unsafe fn rocksdb_livefiles_destroy();
+	pub unsafe fn rocksdb_livefiles_column_family_name();
+	pub unsafe fn rocksdb_livefiles_name();
+	pub unsafe fn rocksdb_livefiles_size();
+	pub unsafe fn rocksdb_livefiles_level();
+	pub unsafe fn rocksdb_livefiles_smallestkey();
+	pub unsafe fn rocksdb_livefiles_largestkey();
+	pub unsafe fn rocksdb_livefiles_entries();
+	pub unsafe fn rocksdb_livefiles_deletions();
+	pub unsafe fn rocksdb_put_cf();
+	pub unsafe fn rocksdb_delete_cf();
+	pub unsafe fn rocksdb_get_pinned_cf();
+	pub unsafe fn rocksdb_create_column_family();
+	pub unsafe fn rocksdb_get_latest_sequence_number();
+	pub unsafe fn rocksdb_batched_multi_get_cf();
+	pub unsafe fn rocksdb_cancel_all_background_work();
+	pub unsafe fn rocksdb_repair_db();
+	pub unsafe fn rocksdb_list_column_families_destroy();
+	pub unsafe fn rocksdb_flush();
+	pub unsafe fn rocksdb_flush_wal();
+	pub unsafe fn rocksdb_open_column_families();
+	pub unsafe fn rocksdb_open_for_read_only_column_families();
+	pub unsafe fn rocksdb_open_as_secondary_column_families();
+	pub unsafe fn rocksdb_open_column_families_with_ttl();
+	pub unsafe fn rocksdb_open();
+	pub unsafe fn rocksdb_open_for_read_only();
+	pub unsafe fn rocksdb_open_with_ttl();
+	pub unsafe fn rocksdb_open_as_secondary();
+	pub unsafe fn rocksdb_write();
+	pub unsafe fn rocksdb_create_iterator_cf();
+	pub unsafe fn rocksdb_backup_engine_create_new_backup_flush();
+	pub unsafe fn rocksdb_backup_engine_options_create();
+	pub unsafe fn rocksdb_write_buffer_manager_destroy();
+	pub unsafe fn rocksdb_options_set_ttl();
 }
@@ -8,6 +8,7 @@
  - [Generic](deploying/generic.md)
  - [NixOS](deploying/nixos.md)
  - [Docker](deploying/docker.md)
+  - [Kubernetes](deploying/kubernetes.md)
  - [Arch Linux](deploying/arch-linux.md)
  - [Debian](deploying/debian.md)
  - [FreeBSD](deploying/freebsd.md)
@@ -42,7 +42,7 @@ The syntax of this is a standard admin command without the prefix such as

 An example output of a success is:
 ```
-INFO conduit_service::admin::startup: Startup command #0 completed:
+INFO conduwuit_service::admin::startup: Startup command #0 completed:
 Created user with user_id: @june:girlboss.ceo and password: `<redacted>`
 ```

@@ -14,10 +14,11 @@ services:
    environment:
      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-      CONDUWUIT_DATABASE_BACKEND: rocksdb
      CONDUWUIT_PORT: 6167 # should match the loadbalancer traefik label
-      CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+      CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
      CONDUWUIT_ALLOW_REGISTRATION: 'true'
+      CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
+      #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
      CONDUWUIT_ALLOW_FEDERATION: 'true'
      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
@@ -30,10 +30,11 @@ services:
        environment:
            CONDUWUIT_SERVER_NAME: example.com # EDIT THIS
            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_DATABASE_BACKEND: rocksdb
            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
            CONDUWUIT_ALLOW_REGISTRATION: 'true'
+            CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
+            #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
            CONDUWUIT_ALLOW_FEDERATION: 'true'
            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
@@ -15,7 +15,8 @@ services:
      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
      CONDUWUIT_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
-      CONDUWUIT_REGISTRATION_TOKEN: # This is a token you can use to register on the server
+      CONDUWUIT_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
+      #CONDUWUIT_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
      CONDUWUIT_ADDRESS: 0.0.0.0
      CONDUWUIT_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
@@ -23,7 +24,6 @@ services:
      ### Uncomment and change values as desired, note that conduwuit has plenty of config options, so you should check out the example example config too
      # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
      # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
-      # CONDUWUIT_ALLOW_JAEGER: 'false'
      # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
      # CONDUWUIT_ALLOW_FEDERATION: 'true'
      # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
@@ -31,7 +31,7 @@ services:
      # CONDUWUIT_ALLOW_OUTGOING_PRESENCE: true
      # CONDUWUIT_ALLOW_LOCAL_PRESENCE: true
      # CONDUWUIT_WORKERS: 10
-      # CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000  # in bytes, ~20 MB
+      # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
      # CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"

      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
@@ -14,10 +14,11 @@ services:
        environment:
            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_DATABASE_BACKEND: rocksdb
            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
            CONDUWUIT_ALLOW_REGISTRATION: 'true'
+            CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
+            #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
            CONDUWUIT_ALLOW_FEDERATION: 'true'
            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
@@ -11,9 +11,9 @@ OCI images for conduwuit are available in the registries listed below.

 | Registry        | Image                                                           | Size                          | Notes                  |
 | --------------- | --------------------------------------------------------------- | ----------------------------- | ---------------------- |
-| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  | Stable tagged image.          |
-| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image Size][shield-latest]  | Stable tagged image.          |
-| Docker Hub      | [docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image Size][shield-latest]  | Stable tagged image.          |
+| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  | Stable latest tagged image.          |
+| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image Size][shield-latest]  | Stable latest tagged image.          |
+| Docker Hub      | [docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image Size][shield-latest]  | Stable latest tagged image.          |
 | GitHub Registry | [ghcr.io/girlbossceo/conduwuit:main][gh]   | ![Image Size][shield-main]    | Stable main branch.   |
 | GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:main][gl]   | ![Image Size][shield-main]    | Stable main branch.   |
 | Docker Hub      | [docker.io/girlbossceo/conduwuit:main][dh]               | ![Image Size][shield-main]    | Stable main branch.   |
@@ -24,6 +24,9 @@ OCI images for conduwuit are available in the registries listed below.
 [shield-latest]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/latest
 [shield-main]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/main

+OCI image `.tar.gz` files are also hosted directly at when uploaded by CI with a
+commit hash/revision or a tagged release: <https://pup.systems/~strawberry/conduwuit/>
+
 Use

 ```bash
@@ -40,9 +43,8 @@ When you have the image you can simply run it with
 docker run -d -p 8448:6167 \
    -v db:/var/lib/conduwuit/ \
    -e CONDUWUIT_SERVER_NAME="your.server.name" \
-    -e CONDUWUIT_DATABASE_BACKEND="rocksdb" \
    -e CONDUWUIT_ALLOW_REGISTRATION=false \
-    --name conduit $LINK
+    --name conduwuit $LINK
 ```

 or you can use [docker compose](#docker-compose).
@@ -93,16 +95,28 @@ Additional info about deploying conduwuit can be found [here](generic.md).

 ### Build

-To build the conduwuit image with docker-compose, you first need to open and
-modify the `docker-compose.yml` file. There you need to comment the `image:`
-option and uncomment the `build:` option. Then call docker compose with:
+Official conduwuit images are built using Nix's
+[`buildLayeredImage`][nix-buildlayeredimage]. This ensures all OCI images are
+repeatable and reproducible by anyone, keeps the images lightweight, and can be
+built offline.

-```bash
-docker compose up
-```
+This also ensures portability of our images because `buildLayeredImage` builds
+OCI images, not Docker images, and works with other container software.

-This will also start the container right afterwards, so if want it to run in
-detached mode, you also should use the `-d` flag.
+The OCI images are OS-less with only a very minimal environment of the `tini`
+init system, CA certificates, and the conduwuit binary. This does mean there is
+not a shell, but in theory you can get a shell by adding the necessary layers
+to the layered image. However it's very unlikely you will need a shell for any
+real troubleshooting.
+
+The flake file for the OCI image definition is at [`nix/pkgs/oci-image/default.nix`][oci-image-def].
+
+To build an OCI image using Nix, the following outputs can be built:
+- `nix build -L .#oci-image` (default features, x86_64 glibc)
+- `nix build -L .#oci-image-x86_64-linux-musl` (default features, x86_64 musl)
+- `nix build -L .#oci-image-aarch64-linux-musl` (default features, aarch64 musl)
+- `nix build -L .#oci-image-x86_64-linux-musl-all-features` (all features, x86_64 musl)
+- `nix build -L .#oci-image-aarch64-linux-musl-all-features` (all features, aarch64 musl)

 ### Run

@@ -137,3 +151,6 @@ those two files.
 ## Voice communication

 See the [TURN](../turn.md) page.
+
+[nix-buildlayeredimage]: https://ryantm.github.io/nixpkgs/builders/images/dockertools/#ssec-pkgs-dockerTools-buildLayeredImage
+[oci-image-def]: https://github.com/girlbossceo/conduwuit/blob/main/nix/pkgs/oci-image/default.nix
@@ -1,11 +1,5 @@
 # conduwuit for FreeBSD

-conduwuit at the moment does not provide FreeBSD builds. Building conduwuit on
-FreeBSD requires a specific environment variable to use the system prebuilt
-RocksDB library instead of rust-rocksdb / rust-librocksdb-sys which does *not*
-work and will cause a build error or coredump.
+conduwuit at the moment does not provide FreeBSD builds or have FreeBSD packaging, however conduwuit does build and work on FreeBSD using the system-provided RocksDB.

-Use the following environment variable: `ROCKSDB_LIB_DIR=/usr/local/lib`
-
-Such example commandline with it can be: `ROCKSDB_LIB_DIR=/usr/local/lib cargo
-build --release`
+Contributions for getting conduwuit packaged are welcome.
@@ -1,6 +1,6 @@
 # Generic deployment documentation

-> ## Getting help
+> ### Getting help
 >
 > If you run into any problems while setting up conduwuit, ask us in
 > `#conduwuit:puppygock.gay` or [open an issue on
@@ -8,29 +8,50 @@

 ## Installing conduwuit

-You may simply download the binary that fits your machine. Run `uname -m` to see
-what you need.
+### Static prebuilt binary
+
+You may simply download the binary that fits your machine architecture (x86_64
+or aarch64). Run `uname -m` to see what you need.

 Prebuilt fully static musl binaries can be downloaded from the latest tagged
 release [here](https://github.com/girlbossceo/conduwuit/releases/latest) or
-`main` CI branch workflow artifact output. These also include Debian/Ubuntu packages.
+`main` CI branch workflow artifact output. These also include Debian/Ubuntu
+packages.
+
+Binaries are also available on my website directly at: <https://pup.systems/~strawberry/conduwuit/>
+
+These can be curl'd directly from. `ci-bins` are CI workflow binaries by commit
+hash/revision, and `releases` are tagged releases. Sort by descending last
+modified for the latest.

 These binaries have jemalloc and io_uring statically linked and included with
 them, so no additional dynamic dependencies need to be installed.

+For the **best** performance; if using an `x86_64` CPU made in the last ~15 years,
+we recommend using the `-haswell-` optimised binaries. This sets
+`-march=haswell` which is the most compatible and highest performance with
+optimised binaries. The database backend, RocksDB, most benefits from this as it
+will then use hardware accelerated CRC32 hashing/checksumming which is critical
+for performance.
+
+### Compiling
+
 Alternatively, you may compile the binary yourself. We recommend using
-Nix (or [Lix](https://lix.systems)) to build conduwuit as this has the most guaranteed
-reproducibiltiy and easiest to get a build environment and output going. This also
-allows easy cross-compilation.
+Nix (or [Lix](https://lix.systems)) to build conduwuit as this has the most
+guaranteed reproducibiltiy and easiest to get a build environment and output
+going. This also allows easy cross-compilation.

 You can run the `nix build -L .#static-x86_64-linux-musl-all-features` or
 `nix build -L .#static-aarch64-linux-musl-all-features` commands based
 on architecture to cross-compile the necessary static binary located at
-`result/bin/conduit`. This is reproducible with the static binaries produced in our CI.
+`result/bin/conduwuit`. This is reproducible with the static binaries produced
+in our CI.

-Otherwise, follow standard Rust project build guides (installing git and cloning
-the repo, getting the Rust toolchain via rustup, installing LLVM toolchain +
-libclang for RocksDB, installing liburing for io_uring and RocksDB, etc).
+If wanting to build using standard Rust toolchains, make sure you install:
+- `liburing-dev` on the compiling machine, and `liburing` on the target host
+- LLVM and libclang for RocksDB
+
+You can build conduwuit using `cargo build --release --all-features`

 ## Migrating from Conduit

@@ -38,10 +59,19 @@ As mentioned in the README, there is little to no steps needed to migrate
 from Conduit. As long as you are using the RocksDB database backend, just
 replace the binary / container image / etc.

+**WARNING**: As of conduwuit 0.5.0, all database and backwards compatibility
+with Conduit is no longer supported. We only support migrating *from* Conduit,
+not back to Conduit like before. If you are truly finding yourself wanting to
+migrate back to Conduit, we would appreciate all your feedback and if we can
+assist with any issues or concerns.
+
 **Note**: If you are relying on Conduit's "automatic delegation" feature,
 this will **NOT** work on conduwuit and you must configure delegation manually.
 This is not a mistake and no support for this feature will be added.

+If you are using SQLite, you **MUST** migrate to RocksDB. You can use this
+tool to migrate from SQLite to RocksDB: <https://github.com/ShadowJonathan/conduit_toolbox/>
+
 See the `[global.well_known]` config section, or configure your web server
 appropriately to send the delegation responses.

@@ -51,13 +81,13 @@ While conduwuit can run as any user it is better to use dedicated users for
 different services. This also allows you to make sure that the file permissions
 are correctly set up.

-In Debian or Fedora/RHEL, you can use this command to create a conduwuit user:
+In Debian, you can use this command to create a conduwuit user:

 ```bash
 sudo adduser --system conduwuit --group --disabled-login --no-create-home
 ```

-For distros without `adduser`:
+For distros without `adduser` (or where it's a symlink to `useradd`):

 ```bash
 sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit
@@ -65,20 +95,46 @@ sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit

 ## Forwarding ports in the firewall or the router

-conduwuit uses the ports 443 and 8448 both of which need to be open in the
-firewall.
+Matrix's default federation port is port 8448, and clients must be using port 443.
+If you would like to use only port 443, or a different port, you will need to setup
+delegation. conduwuit has config options for doing delegation, or you can configure
+your reverse proxy to manually serve the necessary JSON files to do delegation
+(see the `[global.well_known]` config section).

 If conduwuit runs behind a router or in a container and has a different public
 IP address than the host system these public ports need to be forwarded directly
 or indirectly to the port mentioned in the config.

+Note for NAT users; if you have trouble connecting to your server from the inside
+of your network, you need to research your router and see if it supports "NAT
+hairpinning" or "NAT loopback".
+
+If your router does not support this feature, you need to research doing local
+DNS overrides and force your Matrix DNS records to use your local IP internally.
+This can be done at the host level using `/etc/hosts`. If you need this to be
+on the network level, consider something like NextDNS or Pi-Hole.
+
 ## Setting up a systemd service

-The systemd unit for conduwuit can be found
-[here](../configuration/examples.md#example-systemd-unit-file). You may need to
-change the `ExecStart=` path to where you placed the conduwuit binary.
+Two example systemd units for conduwuit can be found
+[on the configuration page](../configuration/examples.md#debian-systemd-unit-file).
+You may need to change the `ExecStart=` path to where you placed the conduwuit
+binary if it is not `/usr/bin/conduwuit`.

-On systems where rsyslog is used alongside journald (i.e. Red Hat-based distros and OpenSUSE), put `$EscapeControlCharactersOnReceive off` inside `/etc/rsyslog.conf` to allow color in logs.
+On systems where rsyslog is used alongside journald (i.e. Red Hat-based distros
+and OpenSUSE), put `$EscapeControlCharactersOnReceive off` inside
+`/etc/rsyslog.conf` to allow color in logs.
+
+If you are using a different `database_path` other than the systemd unit
+configured default `/var/lib/conduwuit`, you need to add your path to the
+systemd unit's `ReadWritePaths=`. This can be done by either directly editing
+`conduwuit.service` and reloading systemd, or running `systemctl edit conduwuit.service`
+and entering the following:
+
+```
+[Service]
+ReadWritePaths=/path/to/custom/database/path
+```

 ## Creating the conduwuit configuration file

@@ -86,7 +142,8 @@ Now we need to create the conduwuit's config file in
 `/etc/conduwuit/conduwuit.toml`. The example config can be found at
 [conduwuit-example.toml](../configuration/examples.md).

-**Please take a moment to read the config. You need to change at least the server name.**
+**Please take a moment to read the config. You need to change at least the
+server name.**

 RocksDB is the only supported database backend.

@@ -119,12 +176,16 @@ is the recommended reverse proxy for new users and is very trivial to use
 (handles TLS, reverse proxy headers, etc transparently with proper defaults).

 Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization
-header, making federation non-functional. If using Apache, you need to use
-`nocanon` in your `ProxyPass` directive to prevent this (note that Apache
-isn't very good as a general reverse proxy).
+header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.

-Nginx users may need to set `proxy_buffering off;` if there are issues with
-uploading media like images.
+If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent this (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).
+
+If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so:
+- `proxy_pass http://127.0.0.1:6167$request_uri;`
+- `proxy_pass http://127.0.0.1:6167;`
+
+Nginx users need to increase `client_max_body_size` (default is 1M) to match
+`max_request_size` defined in conduwuit.toml.

 You will need to reverse proxy everything under following routes:
 - `/_matrix/` - core Matrix C-S and S-S APIs
@@ -133,11 +194,20 @@ You will need to reverse proxy everything under following routes:

 You can optionally reverse proxy the following individual routes:
 - `/.well-known/matrix/client` and `/.well-known/matrix/server` if using
-conduwuit to perform delegation
+conduwuit to perform delegation (see the `[global.well_known]` config section)
 - `/.well-known/matrix/support` if using conduwuit to send the homeserver admin
 contact and support page (formerly known as MSC1929)
 - `/` if you would like to see `hewwo from conduwuit woof!` at the root

+See the following spec pages for more details on these files:
+- [`/.well-known/matrix/server`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixserver)
+- [`/.well-known/matrix/client`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient)
+- [`/.well-known/matrix/support`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixsupport)
+
+Examples of delegation:
+- <https://puppygock.gay/.well-known/matrix/server>
+- <https://puppygock.gay/.well-known/matrix/client>
+
 ### Caddy

 Create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter this (substitute for
@@ -0,0 +1,8 @@
+# conduwuit for Kubernetes
+
+conduwuit doesn't support horizontal scalability or distributed loading
+natively, however a community maintained Helm Chart is available here to run
+conduwuit on Kubernetes: <https://gitlab.cronce.io/charts/conduwuit>
+
+Should changes need to be made, please reach out to the maintainer in our
+Matrix room as this is not maintained/controlled by the conduwuit maintainers.
@@ -29,6 +29,12 @@ conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
 conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
 ```

+If needed, we have a binary cache on Cachix but it is only limited to 5GB:
+
+```
+https://conduwuit.cachix.org
+conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
+```

 If specifying a Git remote URL in your flake, you can use any remotes that
 are specified on the README (the mirrors), such as the GitHub: `github:girlbossceo/conduwuit`
@@ -39,6 +45,15 @@ The `flake.nix` and `default.nix` do not currently provide a NixOS module (contr
 welcome!), so [`services.matrix-conduit`][module] from Nixpkgs can be used to configure
 conduwuit.

+### Conduit NixOS Config Module and SQLite
+
+Beware! The [`services.matrix-conduit`][module] module defaults to SQLite as a database backend.
+Conduwuit dropped SQLite support in favor of exclusively supporting the much faster RocksDB.
+Make sure that you are using the RocksDB backend before migrating!
+
+There is a [tool to  migrate a Conduit SQLite database to
+RocksDB](https://github.com/ShadowJonathan/conduit_toolbox/).
+
 If you want to run the latest code, you should get conduwuit from the `flake.nix`
 or `default.nix` and set [`services.matrix-conduit.package`][package]
 appropriately to use conduwuit instead of Conduit.
@@ -46,15 +61,31 @@ appropriately to use conduwuit instead of Conduit.
 ### UNIX sockets

 Due to the lack of a conduwuit NixOS module, when using the `services.matrix-conduit` module
-it is not possible to use UNIX sockets. This is because the UNIX socket option does not exist
-in Conduit, and their module forces listening on `[::1]:6167` by default if unspecified.
+a workaround like the one below is necessary to use UNIX sockets. This is because the UNIX
+socket option does not exist in Conduit, and the module forcibly sets the `address` and 
+`port` config options.
+
+```nix
+options.services.matrix-conduit.settings = lib.mkOption {
+  apply = old: old // (
+    if (old.global ? "unix_socket_path")
+    then { global = builtins.removeAttrs old.global [ "address" "port" ]; }
+    else {  }
+  );
+};
+
+```

 Additionally, the [`matrix-conduit` systemd unit][systemd-unit] in the module does not allow
 the `AF_UNIX` socket address family in their systemd unit's `RestrictAddressFamilies=` which
-disallows the namespace from accessing or creating UNIX sockets.
+disallows the namespace from accessing or creating UNIX sockets and has to be enabled like so:

-There is no known workaround these. A conduwuit NixOS configuration module must be developed and
-published by the community.
+```nix
+systemd.services.conduit.serviceConfig.RestrictAddressFamilies = [ "AF_UNIX" ];
+```
+
+Even though those workarounds are feasible a conduwuit NixOS configuration module, developed and
+published by the community, would be appreciated.

 ### jemalloc and hardened profile

@@ -52,7 +52,7 @@ the said workspace crate(s) must define the feature there in its `Cargo.toml`.

 So, if this is adding a feature to the API such as `woof`, you define the feature
 in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition in `main`'s
-`Cargo.toml` will be `woof = ["conduit-api/woof"]`.
+`Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.

 The rationale for this is due to Rust / Cargo not supporting
 ["workspace level features"][9], we must make a choice of; either scattering
@@ -75,21 +75,21 @@ development (unresponsive or slow upstream), conduwuit-specific usecases, or
 lack of time to upstream some things.

 - [ruma/ruma][1]: <https://github.com/girlbossceo/ruwuma> - various performance
-improvements, more features, faster-paced development, client/server interop
+improvements, more features, faster-paced development, better client/server interop
 hacks upstream won't accept, etc
 - [facebook/rocksdb][2]: <https://github.com/girlbossceo/rocksdb> - liburing
-build fixes, GCC build fix, and logging callback C API for Rust tracing
-integration
+build fixes and GCC debug build fix
 - [tikv/jemallocator][3]: <https://github.com/girlbossceo/jemallocator> - musl
-builds seem to be broken on upstream
+builds seem to be broken on upstream, fixes some broken/suspicious code in
+places, additional safety measures, and support redzones for Valgrind
 - [zyansheep/rustyline-async][4]:
 <https://github.com/girlbossceo/rustyline-async> - tab completion callback and
-`CTRL+\` signal quit event for CLI
+`CTRL+\` signal quit event for conduwuit console CLI
 - [rust-rocksdb/rust-rocksdb][5]:
-<https://github.com/girlbossceo/rust-rocksdb-zaidoon1> - [`@zaidoon1`'s][8] fork
-has quicker updates, more up to date dependencies. Our changes fix musl build
-issues, Rust part of the logging callback C API, removes unnecessary `gtest`
-include, and uses our RocksDB and jemallocator
+<https://github.com/girlbossceo/rust-rocksdb-zaidoon1> - [`@zaidoon1`][8]'s fork
+has quicker updates, more up to date dependencies, etc. Our fork fixes musl build
+issues, removes unnecessary `gtest` include, and uses our RocksDB and jemallocator
+forks.
 - [tokio-rs/tracing][6]: <https://github.com/girlbossceo/tracing> - Implements
 `Clone` for `EnvFilter` to support dynamically changing tracing envfilter's
 alongside other logging/metrics things
@@ -103,12 +103,16 @@ tokio_unstable` flag to enable experimental tokio APIs. A build might look like
 this:

 ```bash
-RUSTFLAGS="--cfg tokio_unstable" cargo build \
+RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
    --release \
    --no-default-features \
    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
 ```

+You will also need to enable the `tokio_console` config option in conduwuit when
+starting it. This was due to tokio-console causing gradual memory leak/usage
+if left enabled.
+
 [1]: https://github.com/ruma/ruma/
 [2]: https://github.com/facebook/rocksdb/
 [3]: https://github.com/tikv/jemallocator/
@@ -5,8 +5,8 @@
 Have a look at [Complement's repository][complement] for an explanation of what
 it is.

-To test against Complement, with Nix (or [Lix](https://lix.systems) and direnv installed
-and set up, you can:
+To test against Complement, with Nix (or [Lix](https://lix.systems) and direnv
+installed and set up, you can:

 * Run `./bin/complement "$COMPLEMENT_SRC" ./path/to/logs.jsonl
 ./path/to/results.jsonl` to build a Complement image, run the tests, and output
@@ -241,8 +241,7 @@ both new users and power users
 - Fixed every single clippy (default lints) and rustc warnings, including some
 that were performance related or potential safety issues / unsoundness
 - Add a **lot** of other clippy and rustc lints and a rustfmt.toml file
- Repo uses [Renovate](https://docs.renovatebot.com/),
-[Trivy](https://github.com/aquasecurity/trivy-action), and keeps ALL
+- Repo uses [Renovate](https://docs.renovatebot.com/) and keeps ALL
 dependencies as up to date as possible
 - Purge unmaintained/irrelevant/broken database backends (heed, sled, persy) and
 other unnecessary code or overhead
@@ -22,23 +22,59 @@ conduwuit has moderation admin commands for:
 Any commands with `-list` in them will require a codeblock in the message with
 each object being newline delimited. An example of doing this is:

-```` !admin rooms moderation ban-list-of-rooms ``` !roomid1:server.name
-!roomid2:server.name !roomid3:server.name ``` ````
+````
+!admin rooms moderation ban-list-of-rooms
+```
+!roomid1:server.name
+#badroomalias1:server.name
+!roomid2:server.name
+!roomid3:server.name
+#badroomalias2:server.name
+```
+````

-## Database
+## Database (RocksDB)

-If using RocksDB, there's very little you need to do. Compaction is ran
-automatically based on various defined thresholds tuned for conduwuit to be high
-performance with the least I/O amplifcation or overhead. Manually running
-compaction is not recommended, or compaction via a timer. RocksDB is built with
-io_uring support via liburing for async read I/O.
+Generally there is very little you need to do. [Compaction][rocksdb-compaction]
+is ran automatically based on various defined thresholds tuned for conduwuit to
+be high performance with the least I/O amplifcation or overhead. Manually
+running compaction is not recommended, or compaction via a timer, due to
+creating unnecessary I/O amplification. RocksDB is built with io_uring support
+via liburing for improved read performance.
+
+RocksDB troubleshooting can be found [in the RocksDB section of troubleshooting](troubleshooting.md).
+
+### Compression

 Some RocksDB settings can be adjusted such as the compression method chosen. See
-the RocksDB section in the [example config](configuration/examples.md). btrfs
-users may benefit from disabling compression on RocksDB if CoW is in use.
+the RocksDB section in the [example config](configuration/examples.md).

-RocksDB troubleshooting can be found [in the RocksDB section of
-troubleshooting](troubleshooting.md).
+btrfs users have reported that database compression does not need to be disabled
+on conduwuit as the filesystem already does not attempt to compress. This can be
+validated by using `filefrag -v` on a `.SST` file in your database, and ensure
+the `physical_offset` matches (no filesystem compression). It is very important
+to ensure no additional filesystem compression takes place as this can render
+unbuffered Direct IO inoperable, significantly slowing down read and write
+performance. See <https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility>
+
+> Compression is done using the COW mechanism so it’s incompatible with
+> nodatacow. Direct IO read works on compressed files but will fall back to
+> buffered writes and leads to no compression even if force compression is set.
+> Currently nodatasum and compression don’t work together.
+
+### Files in database
+
+Do not touch any of the files in the database directory. This must be said due
+to users being mislead by the `.log` files in the RocksDB directory, thinking
+they're server logs or database logs, however they are critical RocksDB files
+related to WAL tracking.
+
+The only safe files that can be deleted are the `LOG` files (all caps). These
+are the real RocksDB telemetry/log files, however conduwuit has already
+configured to only store up to 3 RocksDB `LOG` files due to generall being
+useless for average users unless troubleshooting something low-level. If you
+would like to store nearly none at all, see the `rocksdb_max_log_files`
+config option.

 ## Backups

@@ -95,3 +131,5 @@ Built-in S3 support is also planned, but for now using a "S3 filesystem" on
 `media/` works. conduwuit also sends a `Cache-Control` header of 1 year and
 immutable for all media requests (download and thumbnail) to reduce unnecessary
 media requests from browsers, reduce bandwidth usage, and reduce load.
+
+[rocksdb-compaction]: https://github.com/facebook/rocksdb/wiki/Compaction
@@ -41,17 +41,56 @@ workarounds for this are:
 - Don't use Docker's default DNS setup and instead allow the container to use
 and communicate with your host's DNS servers (host's `/etc/resolv.conf`)

+#### DNS No connections available error message
+
+If you receive spurious amounts of error logs saying "DNS No connections
+available", this is due to your DNS server (servers from `/etc/resolv.conf`)
+being overloaded and unable to handle typical Matrix federation volume. Some
+users have reported that the upstream servers are rate-limiting them as well
+when they get this error (e.g. popular upstreams like Google DNS).
+
+Matrix federation is extremely heavy and sends wild amounts of DNS requests.
+Unfortunately this is by design and has only gotten worse with more
+server/destination resolution steps. Synapse also expects a very perfect DNS
+setup.
+
+There are some ways you can reduce the amount of DNS queries, but ultimately
+the best solution/fix is selfhosting a high quality caching DNS server like
+[Unbound][unbound-arch] without any upstream resolvers, and without DNSSEC
+validation enabled.
+
+DNSSEC validation is highly recommended to be **disabled** due to DNSSEC being
+very computationally expensive, and is extremely susceptible to denial of
+service, especially on Matrix. Many servers also strangely have broken DNSSEC
+setups and will result in non-functional federation.
+
+conduwuit cannot provide a "works-for-everyone" Unbound DNS setup guide, but
+the [official Unbound tuning guide][unbound-tuning] and the [Unbound Arch Linux wiki page][unbound-arch]
+may be of interest. Disabling DNSSEC on Unbound is commenting out trust-anchors
+config options and removing the `validator` module.
+
+**Avoid** using `systemd-resolved` as it does **not** perform very well under
+high load, and we have identified its DNS caching to not be very effective.
+
+dnsmasq can possibly work, but it does **not** support TCP fallback which can be
+problematic when receiving large DNS responses such as from large SRV records.
+If you still want to use dnsmasq, make sure you **disable** `dns_tcp_fallback`
+in conduwuit config.
+
+Raising `dns_cache_entries` in conduwuit config from the default can also assist
+in DNS caching, but a full-fledged external caching resolver is better and more
+reliable.
+
+If you don't have IPv6 connectivity, changing `ip_lookup_strategy` to match
+your setup can help reduce unnecessary AAAA queries
+(`1 - Ipv4Only (Only query for A records, no AAAA/IPv6)`).
+
+If your DNS server supports it, some users have reported enabling
+`query_over_tcp_only` to force only TCP querying by default has improved DNS
+reliability at a slight performance cost due to TCP overhead.
+
 ## RocksDB / database issues

-#### Direct IO
-
-Some filesystems may not like RocksDB using [Direct
-IO](https://github.com/facebook/rocksdb/wiki/Direct-IO). Direct IO is for
-non-buffered I/O which improves conduwuit performance, but at least FUSE is a
-filesystem potentially known to not like this. See the [example
-config](configuration/examples.md) for disabling it if needed. Issues from
-Direct IO on unsupported filesystems are usually shown as startup errors.
-
 #### Database corruption

 If your database is corrupted *and* is failing to start (e.g. checksum
@@ -105,24 +144,49 @@ Various debug commands can be found in `!admin debug`.

 #### Debug/Trace log level

-conduwuit builds without debug or trace log levels by default for at least
-performance reasons. This may change in the future and/or binaries providing
-such configurations may be provided. If you need to access debug/trace log
-levels, you will need to build without the `release_max_log_level` feature.
+conduwuit builds without debug or trace log levels at compile time by default
+for substantial performance gains in CPU usage and improved compile times. If
+you need to access debug/trace log levels, you will need to build without the
+`release_max_log_level` feature or use our provided static debug binaries.

 #### Changing log level dynamically

 conduwuit supports changing the tracing log environment filter on-the-fly using
-the admin command `!admin debug change-log-level`. This accepts a string
-**without quotes** the same format as the `log` config option.
+the admin command `!admin debug change-log-level <log env filter>`. This accepts
+a string **without quotes** the same format as the `log` config option.
+
+Example: `!admin debug change-log-level debug`
+
+This can also accept complex filters such as:
+`!admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,ruma_state_res=trace`
+`!admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,conduit_service[send{dest="example.org"}]=trace`
+
+And to reset the log level to the one that was set at startup / last config
+load, simply pass the `--reset` flag.
+
+`!admin debug change-log-level --reset`

 #### Pinging servers

-conduwuit can ping other servers using `!admin debug ping`. This takes a server
-name and goes through the server discovery process and queries
+conduwuit can ping other servers using `!admin debug ping <server>`. This takes
+a server name and goes through the server discovery process and queries
 `/_matrix/federation/v1/version`. Errors are outputted.

+While it does measure the latency of the request, it is not indicative of
+server performance on either side as that endpoint is completely unauthenticated
+and simply fetches a string on a static JSON endpoint. It is very low cost both
+bandwidth and computationally.
+
 #### Allocator memory stats

-When using jemalloc with jemallocator's `stats` feature, you can see conduwuit's
-jemalloc memory stats by using `!admin debug memory-stats`
+When using jemalloc with jemallocator's `stats` feature (`--enable-stats`), you
+can see conduwuit's high-level allocator stats by using
+`!admin server memory-usage` at the bottom.
+
+If you are a developer, you can also view the raw jemalloc statistics with
+`!admin debug memory-stats`. Please note that this output is extremely large
+which may only be visible in the conduwuit console CLI due to PDU size limits,
+and is not easy for non-developers to understand.
+
+[unbound-tuning]: https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/performance.html
+[unbound-arch]: https://wiki.archlinux.org/title/Unbound
@@ -86,6 +86,7 @@ env DIRENV_DEVSHELL=all-features \
    direnv exec . \
    cargo doc \
        --workspace \
+        --locked \
        --profile test \
        --all-features \
        --no-deps \
@@ -97,10 +98,11 @@ env DIRENV_DEVSHELL=all-features \
 name = "clippy/default"
 group = "lints"
 script = """
+direnv exec . \
 cargo clippy \
    --workspace \
+    --locked \
    --profile test \
-    --all-targets \
    --color=always \
    -- \
    -D warnings
@@ -114,8 +116,8 @@ env DIRENV_DEVSHELL=all-features \
    direnv exec . \
    cargo clippy \
        --workspace \
+        --locked \
        --profile test \
-        --all-targets \
        --all-features \
        --color=always \
        -- \
@@ -123,32 +125,37 @@ env DIRENV_DEVSHELL=all-features \
 """

 [[task]]
-name = "clippy/jemalloc"
+name = "clippy/no-features"
 group = "lints"
 script = """
+env DIRENV_DEVSHELL=no-features \
+    direnv exec . \
+    cargo clippy \
+        --workspace \
+        --locked \
+        --profile test \
+        --no-default-features \
+        --color=always \
+        -- \
+        -D warnings
+"""
+
+[[task]]
+name = "clippy/other-features"
+group = "lints"
+script = """
+direnv exec . \
 cargo clippy \
    --workspace \
+    --locked \
    --profile test \
-    --features jemalloc \
-    --all-targets \
+    --no-default-features \
+    --features=console,systemd,element_hacks,direct_tls,perf_measurements,brotli_compression,blurhashing \
    --color=always \
    -- \
    -D warnings
 """

-#[[task]]
-#name = "clippy/hardened_malloc"
-#group = "lints"
-#script = """
-#cargo clippy \
-#    --workspace \
-#    --features hardened_malloc \
-#    --all-targets \
-#    --color=always \
-#    -- \
-#    -D warnings
-#"""
-
 [[task]]
 name = "lychee"
 group = "lints"
@@ -167,8 +174,10 @@ env DIRENV_DEVSHELL=all-features \
    direnv exec . \
    cargo test \
        --workspace \
+        --locked \
        --profile test \
        --all-targets \
+        --no-fail-fast \
        --all-features \
        --color=always \
        -- \
@@ -179,13 +188,45 @@ env DIRENV_DEVSHELL=all-features \
 name = "cargo/default"
 group = "tests"
 script = """
-cargo test \
-    --workspace \
-    --profile test \
-    --all-targets \
-    --color=always \
-    -- \
-    --color=always
+env DIRENV_DEVSHELL=default \
+    direnv exec . \
+    cargo test \
+        --workspace \
+        --locked \
+        --profile test \
+        --all-targets \
+        --no-fail-fast \
+        --color=always \
+        -- \
+        --color=always
+"""
+
+[[task]]
+name = "cargo/no-features"
+group = "tests"
+script = """
+env DIRENV_DEVSHELL=no-features \
+    direnv exec . \
+    cargo test \
+        --workspace \
+        --locked \
+        --profile test \
+        --all-targets \
+        --no-fail-fast \
+        --no-default-features \
+        --color=always \
+        -- \
+        --color=always
+"""
+
+# Checks if the generated example config differs from the checked in repo's
+# example config.
+[[task]]
+name = "example-config"
+group = "tests"
+depends = ["cargo/default"]
+script = """
+git diff --exit-code conduwuit-example.toml
 """

 # Ensure that the flake's default output can build and run without crashing
@@ -5,15 +5,16 @@
        "crane": "crane",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
+        "nix-github-actions": "nix-github-actions",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1729116596,
-        "narHash": "sha256-NnLMLIXGZtAscUF4dCShksuQ1nOGF6Y2dEeyj0rBbUg=",
+        "lastModified": 1731270564,
+        "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
        "owner": "zhaofengli",
        "repo": "attic",
-        "rev": "2b05b7d986cf6009b1c1ef7daa4961cd1a658782",
+        "rev": "47752427561f1c34debb16728a210d378f0ece36",
        "type": "github"
      },
      "original": {
@@ -26,16 +27,16 @@
    "cachix": {
      "inputs": {
        "devenv": "devenv",
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_2",
        "git-hooks": "git-hooks",
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1728672398,
-        "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
+        "lastModified": 1737621947,
+        "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
        "owner": "cachix",
        "repo": "cachix",
-        "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
+        "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
        "type": "github"
      },
      "original": {
@@ -47,72 +48,31 @@
    },
    "cachix_2": {
      "inputs": {
-        "devenv": "devenv_2",
+        "devenv": [
+          "cachix",
+          "devenv"
+        ],
        "flake-compat": [
          "cachix",
-          "devenv",
-          "flake-compat"
+          "devenv"
        ],
        "git-hooks": [
          "cachix",
-          "devenv",
-          "pre-commit-hooks"
+          "devenv"
        ],
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1726520618,
-        "narHash": "sha256-jOsaBmJ/EtX5t/vbylCdS7pWYcKGmWOKg4QKUzKr6dA=",
+        "lastModified": 1728672398,
+        "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
        "owner": "cachix",
        "repo": "cachix",
-        "rev": "695525f9086542dfb09fde0871dbf4174abbf634",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "cachix",
-        "type": "github"
-      }
-    },
-    "cachix_3": {
-      "inputs": {
-        "devenv": "devenv_3",
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "flake-compat"
-        ],
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ],
-        "pre-commit-hooks": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "pre-commit-hooks"
-        ]
-      },
-      "locked": {
-        "lastModified": 1712055811,
-        "narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=",
-        "owner": "cachix",
-        "repo": "cachix",
-        "rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30",
+        "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
+        "ref": "latest",
        "repo": "cachix",
        "type": "github"
      }
@@ -120,15 +80,15 @@
    "complement": {
      "flake": false,
      "locked": {
-        "lastModified": 1724347376,
-        "narHash": "sha256-y0e/ULDJ92IhNQZsS/06g0s+AYZ82aJfrIO9qEse94c=",
-        "owner": "matrix-org",
+        "lastModified": 1734303596,
+        "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=",
+        "owner": "girlbossceo",
        "repo": "complement",
-        "rev": "39733c1b2f8314800776748cc7164f9a34650686",
+        "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8",
        "type": "github"
      },
      "original": {
-        "owner": "matrix-org",
+        "owner": "girlbossceo",
        "ref": "main",
        "repo": "complement",
        "type": "github"
@@ -157,11 +117,11 @@
    },
    "crane_2": {
      "locked": {
-        "lastModified": 1729741221,
-        "narHash": "sha256-8AHZZXs1lFkERfBY0C8cZGElSo33D/et7NKEpLRmvzo=",
+        "lastModified": 1737689766,
+        "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "f235b656ee5b2bfd6d94c3bfd67896a575d4a6ed",
+        "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527",
        "type": "github"
      },
      "original": {
@@ -178,100 +138,26 @@
          "cachix",
          "flake-compat"
        ],
-        "nix": "nix_3",
-        "nixpkgs": [
-          "cachix",
-          "nixpkgs"
-        ],
-        "pre-commit-hooks": [
+        "git-hooks": [
          "cachix",
          "git-hooks"
-        ]
-      },
-      "locked": {
-        "lastModified": 1727963652,
-        "narHash": "sha256-os0EDjn7QVXL6RtHNb9TrZLXVm2Tc5/nZKk3KpbTzd8=",
-        "owner": "cachix",
-        "repo": "devenv",
-        "rev": "cb0052e25dbcc8267b3026160dc73cddaac7d5fd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "devenv",
-        "type": "github"
-      }
-    },
-    "devenv_2": {
-      "inputs": {
-        "cachix": "cachix_3",
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "flake-compat"
-        ],
-        "nix": "nix_2",
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "nixpkgs"
-        ],
-        "pre-commit-hooks": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "git-hooks"
-        ]
-      },
-      "locked": {
-        "lastModified": 1723156315,
-        "narHash": "sha256-0JrfahRMJ37Rf1i0iOOn+8Z4CLvbcGNwa2ChOAVrp/8=",
-        "owner": "cachix",
-        "repo": "devenv",
-        "rev": "ff5eb4f2accbcda963af67f1a1159e3f6c7f5f91",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "devenv",
-        "type": "github"
-      }
-    },
-    "devenv_3": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "cachix",
-          "flake-compat"
        ],
        "nix": "nix",
-        "nixpkgs": "nixpkgs_2",
-        "poetry2nix": "poetry2nix",
-        "pre-commit-hooks": [
+        "nixpkgs": [
          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "cachix",
-          "pre-commit-hooks"
+          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1708704632,
-        "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=",
+        "lastModified": 1733323168,
+        "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196",
+        "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
-        "ref": "python-rewrite",
        "repo": "devenv",
        "type": "github"
      }
@@ -284,11 +170,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1729751566,
-        "narHash": "sha256-99u/hrgBdi8bxSXZc9ZbNkR5EL1htrkbd3lsbKzS60g=",
+        "lastModified": 1737786656,
+        "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "f32a2d484091a6dc98220b1f4a2c2d60b7c97c64",
+        "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f",
        "type": "github"
      },
      "original": {
@@ -317,11 +203,11 @@
    "flake-compat_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
@@ -333,27 +219,11 @@
    "flake-compat_3": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_4": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
@@ -412,44 +282,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -473,11 +310,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1727854478,
-        "narHash": "sha256-/odH2nUMAwkMgOS2nG2z0exLQNJS4S2LfMW0teqU7co=",
+        "lastModified": 1733318908,
+        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "5f58871c9657b5fc0a7f65670fe2ba99c26c1d79",
+        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
        "type": "github"
      },
      "original": {
@@ -527,11 +364,11 @@
    "liburing": {
      "flake": false,
      "locked": {
-        "lastModified": 1725659644,
-        "narHash": "sha256-WjnpmopfvFoUbubIu9bki+Y6P4YXDfvnW4+72hniq3g=",
+        "lastModified": 1737600516,
+        "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=",
        "owner": "axboe",
        "repo": "liburing",
-        "rev": "0fe5c09195c0918f89582dd6ff098a58a0bdf62a",
+        "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681",
        "type": "github"
      },
      "original": {
@@ -542,123 +379,26 @@
      }
    },
    "nix": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ],
-        "nixpkgs-regression": "nixpkgs-regression"
-      },
-      "locked": {
-        "lastModified": 1712911606,
-        "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=",
-        "owner": "domenkozar",
-        "repo": "nix",
-        "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12",
-        "type": "github"
-      },
-      "original": {
-        "owner": "domenkozar",
-        "ref": "devenv-2.21",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
-    "nix-filter": {
-      "locked": {
-        "lastModified": 1710156097,
-        "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
-        "owner": "numtide",
-        "repo": "nix-filter",
-        "rev": "3342559a24e85fc164b295c3444e8a139924675b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "ref": "main",
-        "repo": "nix-filter",
-        "type": "github"
-      }
-    },
-    "nix-github-actions": {
-      "inputs": {
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "poetry2nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1688870561,
-        "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "type": "github"
-      }
-    },
-    "nix_2": {
      "inputs": {
        "flake-compat": [
          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "flake-compat"
-        ],
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ],
-        "nixpkgs-regression": "nixpkgs-regression_2"
-      },
-      "locked": {
-        "lastModified": 1712911606,
-        "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=",
-        "owner": "domenkozar",
-        "repo": "nix",
-        "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12",
-        "type": "github"
-      },
-      "original": {
-        "owner": "domenkozar",
-        "ref": "devenv-2.21",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
-    "nix_3": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "flake-compat"
+          "devenv"
        ],
        "flake-parts": "flake-parts_2",
        "libgit2": "libgit2",
        "nixpkgs": "nixpkgs_3",
-        "nixpkgs-23-11": "nixpkgs-23-11",
-        "nixpkgs-regression": "nixpkgs-regression_3",
-        "pre-commit-hooks": "pre-commit-hooks"
+        "nixpkgs-23-11": [
+          "cachix",
+          "devenv"
+        ],
+        "nixpkgs-regression": [
+          "cachix",
+          "devenv"
+        ],
+        "pre-commit-hooks": [
+          "cachix",
+          "devenv"
+        ]
      },
      "locked": {
        "lastModified": 1727438425,
@@ -675,6 +415,43 @@
        "type": "github"
      }
    },
+    "nix-filter": {
+      "locked": {
+        "lastModified": 1731533336,
+        "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
+        "owner": "numtide",
+        "repo": "nix-filter",
+        "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "ref": "main",
+        "repo": "nix-filter",
+        "type": "github"
+      }
+    },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "attic",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729742964,
+        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1726042813,
@@ -691,70 +468,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-23-11": {
-      "locked": {
-        "lastModified": 1717159533,
-        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
-        "type": "github"
-      }
-    },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
-    "nixpkgs-regression_2": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
-    "nixpkgs-regression_3": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1724316499,
@@ -773,11 +486,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1720386169,
-        "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
+        "lastModified": 1730741070,
+        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
+        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
        "type": "github"
      },
      "original": {
@@ -789,16 +502,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1692808169,
-        "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
+        "lastModified": 1730531603,
+        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
+        "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -821,11 +534,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1727802920,
-        "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
+        "lastModified": 1733212471,
+        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515",
+        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
        "type": "github"
      },
      "original": {
@@ -837,11 +550,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1725534445,
-        "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=",
+        "lastModified": 1737717945,
+        "narHash": "sha256-ET91TMkab3PmOZnqiJQYOtSGvSTvGeHoegAv4zcTefM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39",
+        "rev": "ecd26a469ac56357fd333946a99086e992452b6a",
        "type": "github"
      },
      "original": {
@@ -851,87 +564,19 @@
        "type": "github"
      }
    },
-    "poetry2nix": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nix-github-actions": "nix-github-actions",
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "cachix",
-          "devenv",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1692876271,
-        "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=",
-        "owner": "nix-community",
-        "repo": "poetry2nix",
-        "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "poetry2nix",
-        "type": "github"
-      }
-    },
-    "pre-commit-hooks": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "devenv",
-          "nix"
-        ],
-        "flake-utils": "flake-utils_2",
-        "gitignore": [
-          "cachix",
-          "devenv",
-          "nix"
-        ],
-        "nixpkgs": [
-          "cachix",
-          "devenv",
-          "nix",
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": [
-          "cachix",
-          "devenv",
-          "nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1712897695,
-        "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=",
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "type": "github"
-      }
-    },
    "rocksdb": {
      "flake": false,
      "locked": {
-        "lastModified": 1729712930,
-        "narHash": "sha256-jlp4kPkRTpoJaUdobEoHd8rCGAQNBy4ZHZ6y5zL/ibw=",
+        "lastModified": 1737828695,
+        "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=",
        "owner": "girlbossceo",
        "repo": "rocksdb",
-        "rev": "871eda6953c3f399aae39808dcfccdd014885beb",
+        "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c",
        "type": "github"
      },
      "original": {
        "owner": "girlbossceo",
-        "ref": "v9.7.3",
+        "ref": "v9.9.3",
        "repo": "rocksdb",
        "type": "github"
      }
@@ -943,8 +588,8 @@
        "complement": "complement",
        "crane": "crane_2",
        "fenix": "fenix",
-        "flake-compat": "flake-compat_4",
-        "flake-utils": "flake-utils_3",
+        "flake-compat": "flake-compat_3",
+        "flake-utils": "flake-utils",
        "liburing": "liburing",
        "nix-filter": "nix-filter",
        "nixpkgs": "nixpkgs_5",
@@ -954,11 +599,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1729715509,
-        "narHash": "sha256-jUDN4e1kObbksb4sc+57NEeujBEDRdLCOu9wiE3RZdM=",
+        "lastModified": 1737728869,
+        "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "40492e15d49b89cf409e2c5536444131fac49429",
+        "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636",
        "type": "github"
      },
      "original": {
@@ -982,21 +627,6 @@
        "repo": "default",
        "type": "github"
      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
    }
  },
  "root": "root",
@@ -2,14 +2,14 @@
  inputs = {
    attic.url = "github:zhaofengli/attic?ref=main";
    cachix.url = "github:cachix/cachix?ref=master";
-    complement = { url = "github:matrix-org/complement?ref=main"; flake = false; };
+    complement = { url = "github:girlbossceo/complement?ref=main"; flake = false; };
    crane = { url = "github:ipetkov/crane?ref=master"; };
    fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; };
    flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; };
    flake-utils.url = "github:numtide/flake-utils?ref=main";
    nix-filter.url = "github:numtide/nix-filter?ref=main";
    nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable";
-    rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.7.3"; flake = false; };
+    rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.9.3"; flake = false; };
    liburing = { url = "github:axboe/liburing?ref=master"; flake = false; };
  };

@@ -18,7 +18,6 @@
    let
      pkgsHost = import inputs.nixpkgs{
        inherit system;
-        config.permittedInsecurePackages = [ "olm-3.2.16" ];
      };
      pkgsHostStatic = pkgsHost.pkgsStatic;

@@ -27,7 +26,7 @@
        file = ./rust-toolchain.toml;

        # See also `rust-toolchain.toml`
-        sha256 = "sha256-yMuSb5eQPO/bHv+Bcf/US8LVMbf/G/0MSfiPwBhiPpk=";
+        sha256 = "sha256-lMLAupxng4Fd9F1oDw8gx+qA0RuF7ou7xhNU8wgs0PU=";
      };

      mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {
@@ -73,9 +72,16 @@
              "-DWITH_TESTS=1"
              # we use rust-rocksdb via C interface and dont need C++ RTTI
              "-DUSE_RTTI=1"
+              # this doesn't exist in RocksDB, and USE_SSE is deprecated for
+              # PORTABLE=$(march)
+              "-DFORCE_SSE42=1"
+              # PORTABLE will get set in main/default.nix
+              "-DPORTABLE=1"
            ]
            old.cmakeFlags
            ++ [
+              # no real reason to have snappy, no one uses this
+              "-DWITH_SNAPPY=0"
              # we dont need to use ldb or sst_dump (core_tools)
              "-DWITH_CORE_TOOLS=0"
              # we dont need trace tools
@@ -118,9 +124,9 @@
          # code.
          COMPLEMENT_SRC = inputs.complement.outPath;

-          # Needed for Complement
-          CGO_CFLAGS = "-I${scope.pkgs.olm}/include";
-          CGO_LDFLAGS = "-L${scope.pkgs.olm}/lib";
+          # Needed for Complement: <https://github.com/golang/go/issues/52690>
+          CGO_CFLAGS = "-Wl,--no-gc-sections";
+          CGO_LDFLAGS = "-Wl,--no-gc-sections";
        };

        # Development tools
@@ -163,21 +169,9 @@

          # used for rust caching in CI to speed it up
          sccache
-
-          # needed so we can get rid of gcc and other unused deps that bloat OCI images
-          removeReferencesTo
        ]
        # liburing is Linux-exclusive
-        ++ lib.optional stdenv.hostPlatform.isLinux liburing
-        # needed to build Rust applications on macOS
-        ++ lib.optionals stdenv.hostPlatform.isDarwin [
-            # https://github.com/NixOS/nixpkgs/issues/206242
-            # ld: library not found for -liconv
-            libiconv
-            # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
-            # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
-            pkgsBuildHost.darwin.apple_sdk.frameworks.Security
-            ])
+        ++ lib.optional stdenv.hostPlatform.isLinux liburing)
        ++ scope.main.buildInputs
        ++ scope.main.propagatedBuildInputs
        ++ scope.main.nativeBuildInputs;
@@ -185,23 +179,59 @@
    in
    {
      packages = {
-        default = scopeHost.main;
+        default = scopeHost.main.override {
+            disable_features = [
+                # dont include experimental features
+                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
+            ];
+        };
        default-debug = scopeHost.main.override {
            profile = "dev";
            # debug build users expect full logs
            disable_release_max_log_level = true;
+            disable_features = [
+                # dont include experimental features
+                "experimental"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
+            ];
        };
+        # just a test profile used for things like CI and complement
        default-test = scopeHost.main.override {
            profile = "test";
            disable_release_max_log_level = true;
+            disable_features = [
+                # dont include experimental features
+                "experimental"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
+            ];
        };
        all-features = scopeHost.main.override {
            all_features = true;
            disable_features = [
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
            ];
        };
        all-features-debug = scopeHost.main.override {
@@ -210,10 +240,12 @@
            # debug build users expect full logs
            disable_release_max_log_level = true;
            disable_features = [
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
            ];
        };
        hmalloc = scopeHost.main.override { features = ["hardened_malloc"]; };
@@ -223,10 +255,16 @@
          main = scopeHost.main.override {
            all_features = true;
            disable_features = [
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
            ];
          };
        };
@@ -237,10 +275,12 @@
            # debug build users expect full logs
            disable_release_max_log_level = true;
            disable_features = [
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
            ];
          };
        };
@@ -273,6 +313,15 @@
                  value = scopeCrossStatic.main;
                }

+                # An output for a statically-linked binary with x86_64 haswell
+                # target optimisations
+                {
+                  name = "${binaryName}-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.main.override {
+                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                  };
+                }
+
                # An output for a statically-linked unstripped debug ("dev") binary
                {
                  name = "${binaryName}-debug";
@@ -290,6 +339,14 @@
                  value = scopeCrossStatic.main.override {
                    profile = "test";
                    disable_release_max_log_level = true;
+                    disable_features = [
+                        # dont include experimental features
+                        "experimental"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
+                    ];
                  };
                }

@@ -299,14 +356,42 @@
                  value = scopeCrossStatic.main.override {
                    all_features = true;
                    disable_features = [
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
                        # dont include experimental features
                        "experimental"
+                        # jemalloc profiling/stats features are expensive and shouldn't
+                        # be expected on non-debug builds.
+                        "jemalloc_prof"
+                        "jemalloc_stats"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
                    ];
                  };
                }

+                # An output for a statically-linked binary with `--all-features` and with x86_64 haswell
+                # target optimisations
+                {
+                  name = "${binaryName}-all-features-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.main.override {
+                    all_features = true;
+                    disable_features = [
+                        # dont include experimental features
+                        "experimental"
+                        # jemalloc profiling/stats features are expensive and shouldn't
+                        # be expected on non-debug builds.
+                        "jemalloc_prof"
+                        "jemalloc_stats"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
+                    ];
+                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                  };
+                }
+
                # An output for a statically-linked unstripped debug ("dev") binary with `--all-features`
                {
                  name = "${binaryName}-all-features-debug";
@@ -316,10 +401,12 @@
                    # debug build users expect full logs
                    disable_release_max_log_level = true;
                    disable_features = [
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
                        # dont include experimental features
                        "experimental"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
                    ];
                  };
                }
@@ -338,6 +425,17 @@
                  value = scopeCrossStatic.oci-image;
                }

+                # An output for an OCI image based on that binary with x86_64 haswell
+                # target optimisations
+                {
+                  name = "oci-image-${crossSystem}-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.oci-image.override {
+                    main = scopeCrossStatic.main.override {
+                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                    };
+                  };
+                }
+
                # An output for an OCI image based on that unstripped debug ("dev") binary
                {
                  name = "oci-image-${crossSystem}-debug";
@@ -357,30 +455,62 @@
                    main = scopeCrossStatic.main.override {
                      all_features = true;
                      disable_features = [
-                          # this is non-functional on nix for some reason
-                          "hardened_malloc"
-                          # dont include experimental features
-                          "experimental"
+                        # dont include experimental features
+                        "experimental"
+                        # jemalloc profiling/stats features are expensive and shouldn't
+                        # be expected on non-debug builds.
+                        "jemalloc_prof"
+                        "jemalloc_stats"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
                      ];
                    };
                  };
                }

+                # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell
+                # target optimisations
+                {
+                  name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised";
+                  value = scopeCrossStatic.oci-image.override {
+                    main = scopeCrossStatic.main.override {
+                      all_features = true;
+                      disable_features = [
+                        # dont include experimental features
+                        "experimental"
+                        # jemalloc profiling/stats features are expensive and shouldn't
+                        # be expected on non-debug builds.
+                        "jemalloc_prof"
+                        "jemalloc_stats"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
+                      ];
+                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
+                    };
+                  };
+                }
+
                # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features`
                {
                  name = "oci-image-${crossSystem}-all-features-debug";
                  value = scopeCrossStatic.oci-image.override {
                    main = scopeCrossStatic.main.override {
-                        profile = "dev";
-                        all_features = true;
-                        # debug build users expect full logs
-                        disable_release_max_log_level = true;
-                        disable_features = [
-                            # this is non-functional on nix for some reason
-                            "hardened_malloc"
-                            # dont include experimental features
-                            "experimental"
-                        ];
+                      profile = "dev";
+                      all_features = true;
+                      # debug build users expect full logs
+                      disable_release_max_log_level = true;
+                      disable_features = [
+                        # dont include experimental features
+                        "experimental"
+                        # this is non-functional on nix for some reason
+                        "hardened_malloc"
+                        # conduwuit_mods is a development-only hot reload feature
+                        "conduwuit_mods"
+                      ];
                    };
                  };
                }
@@ -418,10 +548,16 @@
          main = prev.main.override {
            all_features = true;
            disable_features = [
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
                # dont include experimental features
                "experimental"
+                # jemalloc profiling/stats features are expensive and shouldn't
+                # be expected on non-debug builds.
+                "jemalloc_prof"
+                "jemalloc_stats"
+                # this is non-functional on nix for some reason
+                "hardened_malloc"
+                # conduwuit_mods is a development-only hot reload feature
+                "conduwuit_mods"
            ];
        };
        }));
@@ -9,14 +9,40 @@ database_path = "/database"
 log = "trace,h2=warn,hyper=warn"
 port = [8008, 8448]
 trusted_servers = []
+only_query_trusted_key_servers = false
 query_trusted_key_servers_first = false
+query_trusted_key_servers_first_on_join = false
 yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
 ip_range_denylist = []
 url_preview_domain_contains_allowlist = ["*"]
+url_preview_domain_explicit_denylist = ["*"]
 media_compat_file_link = false
-media_startup_check = false
-rocksdb_direct_io = false
+media_startup_check = true
+prune_missing_media = true
 log_colors = false
+admin_room_notices = false
+allow_check_for_updates = false
+intentionally_unknown_config_option_for_testing = true
+rocksdb_log_level = "debug"
+rocksdb_max_log_files = 1
+rocksdb_recovery_mode = 0
+rocksdb_paranoid_file_checks = true
+log_guest_registrations = false
+allow_legacy_media = true
+startup_netburst = true
+startup_netburst_keep = -1
+
+# valgrind makes things so slow
+dns_timeout = 60
+dns_attempts = 20
+request_conn_timeout = 60
+request_timeout = 120
+well_known_conn_timeout = 60
+well_known_timeout = 60
+federation_idle_timeout = 300
+sender_timeout = 300
+sender_idle_timeout = 300
+sender_retry_backoff_limit = 300

 [global.tls]
 certs = "/certificate.crt"
@@ -18,19 +18,24 @@ let
    all_features = true;
    disable_release_max_log_level = true;
    disable_features = [
-        # no reason to use jemalloc for complement, just has compatibility/build issues
-        "jemalloc"
        # console/CLI stuff isn't used or relevant for complement
        "console"
        "tokio_console"
        # sentry telemetry isn't useful for complement, disabled by default anyways
        "sentry_telemetry"
-        # the containers don't use or need systemd signal support
-        "systemd"
+        "perf_measurements"
        # this is non-functional on nix for some reason
        "hardened_malloc"
        # dont include experimental features
        "experimental"
+        # compression isn't needed for complement
+        "brotli_compression"
+        "gzip_compression"
+        "zstd_compression"
+        # complement doesn't need hot reloading
+        "conduwuit_mods"
+        # complement doesn't have URL preview media tests
+        "url_preview"
    ];
  };

@@ -96,6 +101,7 @@ dockerTools.buildImage {
    Env = [
      "SSL_CERT_FILE=/complement/ca/ca.crt"
      "CONDUWUIT_CONFIG=${./config.toml}"
+      "RUST_BACKTRACE=full"
    ];

    ExposedPorts = {
@@ -1,6 +1,5 @@
 { lib
 , pkgsBuildHost
-, pkgsBuildTarget
 , rust
 , stdenv
 }:
@@ -23,25 +22,13 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
          [ "-C" "relocation-model=static" ]
        ++ lib.optionals
          (stdenv.buildPlatform.config != stdenv.hostPlatform.config)
-          [ "-l" "c" ]
-        ++ lib.optionals
-          # This check has to match the one [here][0]. We only need to set
-          # these flags when using a different linker. Don't ask me why,
-          # though, because I don't know. All I know is it breaks otherwise.
-          #
-          # [0]: https://github.com/NixOS/nixpkgs/blob/5cdb38bb16c6d0a38779db14fcc766bc1b2394d6/pkgs/build-support/rust/lib/default.nix#L37-L40
-          (
-            # Nixpkgs doesn't check for x86_64 here but we do, because I
-            # observed a failure building statically for x86_64 without
-            # including it here. Linkers are weird.
-            (stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isx86_64)
-              && stdenv.hostPlatform.isStatic
-              && !stdenv.hostPlatform.isDarwin
-              && !stdenv.cc.bintools.isLLVM
-          )
          [
+            "-l"
+            "c"
+
            "-l"
            "stdc++"
+
            "-L"
            "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib"
          ]
@@ -58,7 +45,6 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
 (
  let
    inherit (rust.lib) envVars;
-    shouldUseLLD = platform: platform.isAarch64 && platform.isStatic && !stdenv.hostPlatform.isDarwin;
  in
  lib.optionalAttrs
    (stdenv.targetPlatform.rust.rustcTarget
@@ -66,30 +52,22 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
    (
      let
        inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget;
-        linkerForTarget = if shouldUseLLD stdenv.targetPlatform
-          && !stdenv.cc.bintools.isLLVM # whether stdenv's linker is lld already
-          then "${pkgsBuildTarget.llvmPackages.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld"
-          else envVars.ccForTarget;
      in
      {
        "CC_${cargoEnvVarTarget}" = envVars.ccForTarget;
        "CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget;
-        "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = linkerForTarget;
+        "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget;
      }
    )
  //
  (
    let
      inherit (stdenv.hostPlatform.rust) cargoEnvVarTarget rustcTarget;
-      linkerForHost = if shouldUseLLD stdenv.targetPlatform
-        && !stdenv.cc.bintools.isLLVM
-        then "${pkgsBuildHost.llvmPackages.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld"
-        else envVars.ccForHost;
    in
    {
      "CC_${cargoEnvVarTarget}" = envVars.ccForHost;
      "CXX_${cargoEnvVarTarget}" = envVars.cxxForHost;
-      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = linkerForHost;
+      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForHost;
      CARGO_BUILD_TARGET = rustcTarget;
    }
  )
@@ -6,7 +6,6 @@
 , libiconv
 , liburing
 , pkgsBuildHost
-, pkgsBuildTarget
 , rocksdb
 , removeReferencesTo
 , rust
@@ -14,12 +13,29 @@
 , stdenv

 # Options (keep sorted)
-, default_features ? true
-, disable_release_max_log_level ? false
 , all_features ? false
-, disable_features ? []
+, default_features ? true
+# default list of disabled features
+, disable_features ? [
+  # dont include experimental features
+  "experimental"
+  # jemalloc profiling/stats features are expensive and shouldn't
+  # be expected on non-debug builds.
+  "jemalloc_prof"
+  "jemalloc_stats"
+  # this is non-functional on nix for some reason
+  "hardened_malloc"
+  # conduwuit_mods is a development-only hot reload feature
+  "conduwuit_mods"
+]
+, disable_release_max_log_level ? false
 , features ? []
 , profile ? "release"
+# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
+# haswell is pretty much any x86 cpu made in the last 12 years, and
+# supports modern CPU extensions that rocksdb can make use of.
+# disable if trying to make a portable x86_64 build for very old hardware
+, x86_64_haswell_target_optimised ? false
 }:

 let
@@ -66,7 +82,7 @@ rust-jemalloc-sys' = (rust-jemalloc-sys.override {
 buildDepsOnlyEnv =
  let
    rocksdb' = (rocksdb.override {
-      jemalloc = rust-jemalloc-sys';
+      jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
      # rocksdb fails to build with prefixed jemalloc, which is required on
      # darwin due to [1]. In this case, fall back to building rocksdb with
      # libc malloc. This should not cause conflicts, because all of the
@@ -80,6 +96,19 @@ buildDepsOnlyEnv =
      enableLiburing = enableLiburing;
    }).overrideAttrs (old: {
      enableLiburing = enableLiburing;
+      cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [
+        # dont make a portable build if x86_64_haswell_target_optimised is enabled
+        "-DPORTABLE=1"
+      ] old.cmakeFlags
+      ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
+      )
+      ++ old.cmakeFlags;
+
+      # outputs has "tools" which we dont need or use
+      outputs = [ "out" ];
+
+      # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
+      preInstall = "";
    });
  in
  {
@@ -96,7 +125,6 @@ buildDepsOnlyEnv =
    inherit
      lib
      pkgsBuildHost
-      pkgsBuildTarget
      rust
      stdenv;
  });
@@ -107,7 +135,9 @@ buildPackageEnv = {
  # Only needed in static stdenv because these are transitive dependencies of rocksdb
  CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS
    + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic)
-      " -L${lib.getLib liburing}/lib -luring";
+      " -L${lib.getLib liburing}/lib -luring"
+    + lib.optionalString x86_64_haswell_target_optimised
+      " -Ctarget-cpu=haswell";
 };


@@ -132,6 +162,19 @@ commonAttrs = {
      ];
    };

+    # This is redundant with CI
+    doCheck = false;
+
+    cargoTestCommand = "cargo test --locked ";
+    cargoExtraArgs = "--no-default-features --locked "
+      + lib.optionalString
+        (features'' != [])
+        "--features " + (builtins.concatStringsSep "," features'');
+    cargoTestExtraArgs = "--no-default-features --locked "
+      + lib.optionalString
+        (features'' != [])
+        "--features " + (builtins.concatStringsSep "," features'');
+
    dontStrip = profile == "dev" || profile == "test";
    dontPatchELF = profile == "dev" || profile == "test";

@@ -157,27 +200,7 @@ commonAttrs = {
      # differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious
      # rebuilds of bindgen and its depedents.
      jq
-
-      # needed so we can get rid of gcc and other unused deps that bloat OCI images
-      removeReferencesTo
-  ]
-  # needed to build Rust applications on macOS
-  ++ lib.optionals stdenv.hostPlatform.isDarwin [
-      # https://github.com/NixOS/nixpkgs/issues/206242
-      # ld: library not found for -liconv
-      libiconv
-
-      # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
-      # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
-      pkgsBuildHost.darwin.apple_sdk.frameworks.Security
-    ];
-
-    # for some reason gcc and other weird deps are added to OCI images and bloats it up
-    #
-    # <https://github.com/input-output-hk/haskell.nix/issues/829>
-    postInstall = with pkgsBuildHost; ''
-        find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${rustc.unwrapped} -t ${rustc} -t ${libidn2} -t ${libunistring} '{}' +
-    '';
+  ];
 };
 in

@@ -186,15 +209,18 @@ craneLib.buildPackage ( commonAttrs // {
    env = buildDepsOnlyEnv;
  });

-  cargoExtraArgs = "--no-default-features "
+  # This is redundant with CI
+  doCheck = false;
+
+  cargoTestCommand = "cargo test --locked ";
+  cargoExtraArgs = "--no-default-features --locked "
+    + lib.optionalString
+      (features'' != [])
+      "--features " + (builtins.concatStringsSep "," features'');
+  cargoTestExtraArgs = "--no-default-features --locked "
    + lib.optionalString
      (features'' != [])
      "--features " + (builtins.concatStringsSep "," features'');
-
-  # This is redundant with CI
-  cargoTestCommand = "";
-  cargoCheckCommand = "";
-  doCheck = false;

  env = buildPackageEnv;

@@ -14,6 +14,7 @@ dockerTools.buildLayeredImage {
  created = "@${toString inputs.self.lastModified}";
  contents = [
    dockerTools.caCertificates
+    main
  ];
  config = {
    Entrypoint = if !stdenv.hostPlatform.isDarwin
@@ -24,5 +25,22 @@ dockerTools.buildLayeredImage {
    Cmd = [
      "${lib.getExe main}"
    ];
+    Env = [
+      "RUST_BACKTRACE=full"
+    ];
+    Labels = {
+      "org.opencontainers.image.authors" = "June Clementine Strawberry <june@girlboss.ceo> and Jason Volk
+      <jason@zemos.net>";
+      "org.opencontainers.image.created" ="@${toString inputs.self.lastModified}";
+      "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust";
+      "org.opencontainers.image.documentation" = "https://conduwuit.puppyirl.gay/";
+      "org.opencontainers.image.licenses" = "Apache-2.0";
+      "org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or "";
+      "org.opencontainers.image.source" = "https://github.com/girlbossceo/conduwuit";
+      "org.opencontainers.image.title" = main.pname;
+      "org.opencontainers.image.url" = "https://conduwuit.puppyirl.gay/";
+      "org.opencontainers.image.vendor" = "girlbossceo";
+      "org.opencontainers.image.version" = main.version;
+    };
  };
 }
@@ -9,7 +9,7 @@
 # If you're having trouble making the relevant changes, bug a maintainer.

 [toolchain]
-channel = "1.82.0"
+channel = "1.84.0"
 profile = "minimal"
 components = [
    # For rust-analyzer
@@ -1,28 +1,33 @@
-edition = "2021"
-
+array_width = 80
+chain_width = 60
+comment_width = 80
 condense_wildcard_suffixes = true
+edition = "2024"
+fn_call_width = 80
+fn_single_line = true
 format_code_in_doc_comments = true
 format_macro_bodies = true
 format_macro_matchers = true
 format_strings = true
-hex_literal_case = "Upper"
-max_width = 120
-tab_spaces = 4
-array_width = 80
-comment_width = 80
-wrap_comments = true
-fn_params_layout = "Compressed"
-fn_call_width = 80
-fn_single_line = true
+group_imports = "StdExternalCrate"
 hard_tabs = true
-match_block_trailing_comma = true
+hex_literal_case = "Upper"
 imports_granularity = "Crate"
+match_arm_blocks = false
+match_arm_leading_pipes = "Always"
+match_block_trailing_comma = true
+max_width = 98
+newline_style = "Unix"
 normalize_comments = false
+overflow_delimited_expr = true
 reorder_impl_items = true
 reorder_imports = true
-group_imports = "StdExternalCrate"
-newline_style = "Unix"
+single_line_if_else_max_width = 60
+single_line_let_else_max_width = 80
+struct_lit_width = 40
+tab_spaces = 4
+unstable_features = true
 use_field_init_shorthand = true
 use_small_heuristics = "Off"
 use_try_shorthand = true
-chain_width = 60
+wrap_comments = true
@@ -1,5 +1,5 @@
 [package]
-name = "conduit_admin"
+name = "conduwuit_admin"
 categories.workspace = true
 description.workspace = true
 edition.workspace = true
@@ -17,7 +17,6 @@ crate-type = [
 ]

 [features]
-#dev_release_log_level = []
 release_max_log_level = [
 	"tracing/max_level_trace",
 	"tracing/release_max_level_info",
@@ -27,12 +26,13 @@ release_max_log_level = [

 [dependencies]
 clap.workspace = true
-conduit-api.workspace = true
-conduit-core.workspace = true
-conduit-macros.workspace = true
-conduit-service.workspace = true
+conduwuit-api.workspace = true
+conduwuit-core.workspace = true
+conduwuit-database.workspace = true
+conduwuit-macros.workspace = true
+conduwuit-service.workspace = true
 const-str.workspace = true
-futures-util.workspace = true
+futures.workspace = true
 log.workspace = true
 ruma.workspace = true
 serde_json.workspace = true
@@ -1,15 +1,15 @@
 use clap::Parser;
-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
+use conduwuit::Result;

 use crate::{
-	appservice, appservice::AppserviceCommand, check, check::CheckCommand, command::Command, debug,
-	debug::DebugCommand, federation, federation::FederationCommand, media, media::MediaCommand, query,
-	query::QueryCommand, room, room::RoomCommand, server, server::ServerCommand, user, user::UserCommand,
+	appservice, appservice::AppserviceCommand, check, check::CheckCommand, command::Command,
+	debug, debug::DebugCommand, federation, federation::FederationCommand, media,
+	media::MediaCommand, query, query::QueryCommand, room, room::RoomCommand, server,
+	server::ServerCommand, user, user::UserCommand,
 };

 #[derive(Debug, Parser)]
-#[command(name = "admin", version = env!("CARGO_PKG_VERSION"))]
+#[command(name = "conduwuit", version = conduwuit::version())]
 pub(super) enum AdminCommand {
 	#[command(subcommand)]
 	/// - Commands for managing appservices
@@ -49,18 +49,20 @@ pub(super) enum AdminCommand {
 }

 #[tracing::instrument(skip_all, name = "command")]
-pub(super) async fn process(command: AdminCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(command: AdminCommand, context: &Command<'_>) -> Result {
 	use AdminCommand::*;

-	Ok(match command {
-		Appservices(command) => appservice::process(command, context).await?,
-		Media(command) => media::process(command, context).await?,
-		Users(command) => user::process(command, context).await?,
-		Rooms(command) => room::process(command, context).await?,
-		Federation(command) => federation::process(command, context).await?,
-		Server(command) => server::process(command, context).await?,
-		Debug(command) => debug::process(command, context).await?,
-		Query(command) => query::process(command, context).await?,
-		Check(command) => check::process(command, context).await?,
-	})
+	match command {
+		| Appservices(command) => appservice::process(command, context).await?,
+		| Media(command) => media::process(command, context).await?,
+		| Users(command) => user::process(command, context).await?,
+		| Rooms(command) => room::process(command, context).await?,
+		| Federation(command) => federation::process(command, context).await?,
+		| Server(command) => server::process(command, context).await?,
+		| Debug(command) => debug::process(command, context).await?,
+		| Query(command) => query::process(command, context).await?,
+		| Check(command) => check::process(command, context).await?,
+	};
+
+	Ok(())
 }
@@ -4,59 +4,75 @@ use crate::{admin_command, Result};

 #[admin_command]
 pub(super) async fn register(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
 		));
 	}

-	let appservice_config = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
-	let parsed_config = serde_yaml::from_str::<Registration>(&appservice_config);
+	let appservice_config_body = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
+	let parsed_config = serde_yaml::from_str::<Registration>(&appservice_config_body);
 	match parsed_config {
-		Ok(yaml) => match self.services.appservice.register_appservice(yaml).await {
-			Ok(id) => Ok(RoomMessageEventContent::text_plain(format!(
-				"Appservice registered with ID: {id}."
+		| Ok(registration) => match self
+			.services
+			.appservice
+			.register_appservice(&registration, &appservice_config_body)
+			.await
+		{
+			| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+				"Appservice registered with ID: {}",
+				registration.id
 			))),
-			Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+			| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 				"Failed to register appservice: {e}"
 			))),
 		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
-			"Could not parse appservice config: {e}"
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+			"Could not parse appservice config as YAML: {e}"
 		))),
 	}
 }

 #[admin_command]
-pub(super) async fn unregister(&self, appservice_identifier: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn unregister(
+	&self,
+	appservice_identifier: String,
+) -> Result<RoomMessageEventContent> {
 	match self
 		.services
 		.appservice
 		.unregister_appservice(&appservice_identifier)
 		.await
 	{
-		Ok(()) => Ok(RoomMessageEventContent::text_plain("Appservice unregistered.")),
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+		| Ok(()) => Ok(RoomMessageEventContent::text_plain("Appservice unregistered.")),
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 			"Failed to unregister appservice: {e}"
 		))),
 	}
 }

 #[admin_command]
-pub(super) async fn show_appservice_config(&self, appservice_identifier: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn show_appservice_config(
+	&self,
+	appservice_identifier: String,
+) -> Result<RoomMessageEventContent> {
 	match self
 		.services
 		.appservice
 		.get_registration(&appservice_identifier)
 		.await
 	{
-		Some(config) => {
-			let config_str = serde_yaml::to_string(&config).expect("config should've been validated on register");
-			let output = format!("Config for {appservice_identifier}:\n\n```yaml\n{config_str}\n```",);
+		| Some(config) => {
+			let config_str = serde_yaml::to_string(&config)
+				.expect("config should've been validated on register");
+			let output =
+				format!("Config for {appservice_identifier}:\n\n```yaml\n{config_str}\n```",);
 			Ok(RoomMessageEventContent::notice_markdown(output))
 		},
-		None => Ok(RoomMessageEventContent::text_plain("Appservice does not exist.")),
+		| None => Ok(RoomMessageEventContent::text_plain("Appservice does not exist.")),
 	}
 }

@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;

 use crate::admin_command_dispatch;

@@ -1,5 +1,6 @@
-use conduit::Result;
-use conduit_macros::implement;
+use conduwuit::Result;
+use conduwuit_macros::implement;
+use futures::StreamExt;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::Command;
@@ -10,18 +11,17 @@ use crate::Command;
 #[implement(Command, params = "<'_>")]
 pub(super) async fn check_all_users(&self) -> Result<RoomMessageEventContent> {
 	let timer = tokio::time::Instant::now();
-	let results = self.services.users.db.iter();
+	let users = self.services.users.iter().collect::<Vec<_>>().await;
 	let query_time = timer.elapsed();

-	let users = results.collect::<Vec<_>>();
-
 	let total = users.len();
-	let err_count = users.iter().filter(|user| user.is_err()).count();
-	let ok_count = users.iter().filter(|user| user.is_ok()).count();
+	let err_count = users.iter().filter(|_user| false).count();
+	let ok_count = users.iter().filter(|_user| true).count();

 	let message = format!(
-		"Database query completed in {query_time:?}:\n\n```\nTotal entries: {total:?}\nFailure/Invalid user count: \
-		 {err_count:?}\nSuccess/Valid user count: {ok_count:?}\n```"
+		"Database query completed in {query_time:?}:\n\n```\nTotal entries: \
+		 {total:?}\nFailure/Invalid user count: {err_count:?}\nSuccess/Valid user count: \
+		 {ok_count:?}\n```"
 	);

 	Ok(RoomMessageEventContent::notice_markdown(message))
@@ -1,18 +1,12 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
+use conduwuit::Result;

-use crate::Command;
+use crate::admin_command_dispatch;

+#[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub(super) enum CheckCommand {
-	AllUsers,
-}
-
-pub(super) async fn process(command: CheckCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
-	Ok(match command {
-		CheckCommand::AllUsers => context.check_all_users().await?,
-	})
+	CheckAllUsers,
 }
@@ -1,6 +1,12 @@
-use std::time::SystemTime;
+use std::{fmt, time::SystemTime};

-use conduit_service::Services;
+use conduwuit::Result;
+use conduwuit_service::Services;
+use futures::{
+	io::{AsyncWriteExt, BufWriter},
+	lock::Mutex,
+	Future, FutureExt,
+};
 use ruma::EventId;

 pub(crate) struct Command<'a> {
@@ -8,4 +14,26 @@ pub(crate) struct Command<'a> {
 	pub(crate) body: &'a [&'a str],
 	pub(crate) timer: SystemTime,
 	pub(crate) reply_id: Option<&'a EventId>,
+	pub(crate) output: Mutex<BufWriter<Vec<u8>>>,
+}
+
+impl Command<'_> {
+	pub(crate) fn write_fmt(
+		&self,
+		arguments: fmt::Arguments<'_>,
+	) -> impl Future<Output = Result> + Send + '_ {
+		let buf = format!("{arguments}");
+		self.output.lock().then(|mut output| async move {
+			output.write_all(buf.as_bytes()).await.map_err(Into::into)
+		})
+	}
+
+	pub(crate) fn write_str<'a>(
+		&'a self,
+		s: &'a str,
+	) -> impl Future<Output = Result> + Send + 'a {
+		self.output.lock().then(move |mut output| async move {
+			output.write_all(s.as_bytes()).await.map_err(Into::into)
+		})
+	}
 }
@@ -2,8 +2,9 @@ mod commands;
 pub(crate) mod tester;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{EventId, OwnedRoomOrAliasId, RoomId, ServerName};
+use service::rooms::short::{ShortEventId, ShortRoomId};

 use self::tester::TesterCommand;
 use crate::admin_command_dispatch;
@@ -31,12 +32,21 @@ pub(super) enum DebugCommand {
 	/// the command.
 	ParsePdu,

-	/// - Retrieve and print a PDU by ID from the conduwuit database
+	/// - Retrieve and print a PDU by EventID from the conduwuit database
 	GetPdu {
 		/// An event ID (a $ followed by the base64 reference hash)
 		event_id: Box<EventId>,
 	},

+	/// - Retrieve and print a PDU by PduId from the conduwuit database
+	GetShortPdu {
+		/// Shortroomid integer
+		shortroomid: ShortRoomId,
+
+		/// Shorteventid integer
+		shorteventid: ShortEventId,
+	},
+
 	/// - Attempts to retrieve a PDU from a remote server. Inserts it into our
 	///   database/timeline if found and we do not have this PDU already
 	///   (following normal event auth rules, handles it as an incoming PDU).
@@ -80,8 +90,16 @@ pub(super) enum DebugCommand {
 	GetSigningKeys {
 		server_name: Option<Box<ServerName>>,

+		#[arg(long)]
+		notary: Option<Box<ServerName>>,
+
 		#[arg(short, long)]
-		cached: bool,
+		query: bool,
+	},
+
+	/// - Get and display signing keys from local cache or remote server.
+	GetVerifyKeys {
+		server_name: Option<Box<ServerName>>,
 	},

 	/// - Sends a federation request to the remote server's
@@ -119,6 +137,13 @@ pub(super) enum DebugCommand {
 	/// the command.
 	VerifyJson,

+	/// - Verify PDU
+	///
+	/// This re-verifies a PDU existing in the database found by ID.
+	VerifyPdu {
+		event_id: Box<EventId>,
+	},
+
 	/// - Prints the very first PDU in the specified room (typically
 	///   m.room.create)
 	FirstPduInRoom {
@@ -166,7 +191,13 @@ pub(super) enum DebugCommand {
 	},

 	/// - Print extended memory usage
-	MemoryStats,
+	///
+	/// Optional argument is a character mask (a sequence of characters in any
+	/// order) which enable additional extended statistics. Known characters are
+	/// "abdeglmx". For convenience, a '*' will enable everything.
+	MemoryStats {
+		opts: Option<String>,
+	},

 	/// - Print general tokio runtime metric totals.
 	RuntimeMetrics,
@@ -192,6 +223,17 @@ pub(super) enum DebugCommand {
 		map: Option<String>,
 	},

+	/// - Trim memory usage
+	TrimMemory,
+
+	/// - List database files
+	DatabaseFiles {
+		map: Option<String>,
+
+		#[arg(long)]
+		level: Option<i32>,
+	},
+
 	/// - Developer test stubs
 	#[command(subcommand)]
 	#[allow(non_snake_case)]
@@ -1,4 +1,4 @@
-use conduit::Err;
+use conduwuit::Err;
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::{admin_command, admin_command_dispatch, Result};
@@ -31,7 +31,7 @@ async fn failure(&self) -> Result<RoomMessageEventContent> {
 #[admin_command]
 async fn tester(&self) -> Result<RoomMessageEventContent> {

-	Ok(RoomMessageEventContent::notice_plain("completed"))
+	Ok(RoomMessageEventContent::notice_plain("legacy"))
 }

 #[inline(never)]
@@ -1,19 +1,22 @@
 use std::fmt::Write;

-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId, RoomId, ServerName, UserId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedRoomId, RoomId, ServerName, UserId,
+};

-use crate::{admin_command, escape_html, get_room_info};
+use crate::{admin_command, get_room_info};

 #[admin_command]
 pub(super) async fn disable_room(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	self.services.rooms.metadata.disable_room(&room_id, true)?;
+	self.services.rooms.metadata.disable_room(&room_id, true);
 	Ok(RoomMessageEventContent::text_plain("Room disabled."))
 }

 #[admin_command]
 pub(super) async fn enable_room(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	self.services.rooms.metadata.disable_room(&room_id, false)?;
+	self.services.rooms.metadata.disable_room(&room_id, false);
 	Ok(RoomMessageEventContent::text_plain("Room enabled."))
 }

@@ -37,7 +40,10 @@ pub(super) async fn incoming_federation(&self) -> Result<RoomMessageEventContent
 }

 #[admin_command]
-pub(super) async fn fetch_support_well_known(&self, server_name: Box<ServerName>) -> Result<RoomMessageEventContent> {
+pub(super) async fn fetch_support_well_known(
+	&self,
+	server_name: Box<ServerName>,
+) -> Result<RoomMessageEventContent> {
 	let response = self
 		.services
 		.client
@@ -59,16 +65,20 @@ pub(super) async fn fetch_support_well_known(&self, server_name: Box<ServerName>
 	}

 	let json: serde_json::Value = match serde_json::from_str(&text) {
-		Ok(json) => json,
-		Err(_) => {
-			return Ok(RoomMessageEventContent::text_plain("Response text/body is not valid JSON."));
+		| Ok(json) => json,
+		| Err(_) => {
+			return Ok(RoomMessageEventContent::text_plain(
+				"Response text/body is not valid JSON.",
+			));
 		},
 	};

 	let pretty_json: String = match serde_json::to_string_pretty(&json) {
-		Ok(json) => json,
-		Err(_) => {
-			return Ok(RoomMessageEventContent::text_plain("Response text/body is not valid JSON."));
+		| Ok(json) => json,
+		| Err(_) => {
+			return Ok(RoomMessageEventContent::text_plain(
+				"Response text/body is not valid JSON.",
+			));
 		},
 	};

@@ -78,14 +88,18 @@ pub(super) async fn fetch_support_well_known(&self, server_name: Box<ServerName>
 }

 #[admin_command]
-pub(super) async fn remote_user_in_rooms(&self, user_id: Box<UserId>) -> Result<RoomMessageEventContent> {
-	if user_id.server_name() == self.services.globals.config.server_name {
+pub(super) async fn remote_user_in_rooms(
+	&self,
+	user_id: Box<UserId>,
+) -> Result<RoomMessageEventContent> {
+	if user_id.server_name() == self.services.server.name {
 		return Ok(RoomMessageEventContent::text_plain(
-			"User belongs to our server, please use `list-joined-rooms` user admin command instead.",
+			"User belongs to our server, please use `list-joined-rooms` user admin command \
+			 instead.",
 		));
 	}

-	if !self.services.users.exists(&user_id)? {
+	if !self.services.users.exists(&user_id).await {
 		return Ok(RoomMessageEventContent::text_plain(
 			"Remote user does not exist in our database.",
 		));
@@ -96,9 +110,9 @@ pub(super) async fn remote_user_in_rooms(&self, user_id: Box<UserId>) -> Result<
 		.rooms
 		.state_cache
 		.rooms_joined(&user_id)
-		.filter_map(Result::ok)
-		.map(|room_id| get_room_info(self.services, &room_id))
-		.collect();
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect()
+		.await;

 	if rooms.is_empty() {
 		return Ok(RoomMessageEventContent::text_plain("User is not in any rooms."));
@@ -107,33 +121,15 @@ pub(super) async fn remote_user_in_rooms(&self, user_id: Box<UserId>) -> Result<
 	rooms.sort_by_key(|r| r.1);
 	rooms.reverse();

-	let output_plain = format!(
-		"Rooms {user_id} shares with us ({}):\n{}",
+	let output = format!(
+		"Rooms {user_id} shares with us ({}):\n```\n{}\n```",
 		rooms.len(),
 		rooms
 			.iter()
-			.map(|(id, members, name)| format!("{id}\tMembers: {members}\tName: {name}"))
+			.map(|(id, members, name)| format!("{id} | Members: {members} | Name: {name}"))
 			.collect::<Vec<_>>()
 			.join("\n")
 	);
-	let output_html = format!(
-		"<table><caption>Rooms {user_id} shares with us \
-		 ({})</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-		rooms.len(),
-		rooms
-			.iter()
-			.fold(String::new(), |mut output, (id, members, name)| {
-				writeln!(
-					output,
-					"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-					id,
-					members,
-					escape_html(name)
-				)
-				.expect("should be able to write to string buffer");
-				output
-			})
-	);

-	Ok(RoomMessageEventContent::text_html(output_plain, output_html))
+	Ok(RoomMessageEventContent::text_markdown(output))
 }
@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{RoomId, ServerName, UserId};

 use crate::admin_command_dispatch;
@@ -1,16 +1,21 @@
 use std::time::Duration;

-use conduit::{debug, debug_info, debug_warn, error, info, trace, utils::time::parse_timepoint_ago, Result};
-use conduit_service::media::Dim;
+use conduwuit::{
+	debug, debug_info, debug_warn, error, info, trace, utils::time::parse_timepoint_ago, Result,
+};
+use conduwuit_service::media::Dim;
 use ruma::{
-	events::room::message::RoomMessageEventContent, EventId, Mxc, MxcUri, OwnedMxcUri, OwnedServerName, ServerName,
+	events::room::message::RoomMessageEventContent, EventId, Mxc, MxcUri, OwnedMxcUri,
+	OwnedServerName, ServerName,
 };

 use crate::{admin_command, utils::parse_local_user_id};

 #[admin_command]
 pub(super) async fn delete(
-	&self, mxc: Option<Box<MxcUri>>, event_id: Option<Box<EventId>>,
+	&self,
+	mxc: Option<Box<MxcUri>>,
+	event_id: Option<Box<EventId>>,
 ) -> Result<RoomMessageEventContent> {
 	if event_id.is_some() && mxc.is_some() {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -36,7 +41,7 @@ pub(super) async fn delete(
 		let mut mxc_urls = Vec::with_capacity(4);

 		// parsing the PDU for any MXC URLs begins here
-		if let Some(event_json) = self.services.rooms.timeline.get_pdu_json(&event_id)? {
+		if let Ok(event_json) = self.services.rooms.timeline.get_pdu_json(&event_id).await {
 			if let Some(content_key) = event_json.get("content") {
 				debug!("Event ID has \"content\".");
 				let content_obj = content_key.as_object();
@@ -52,7 +57,10 @@ pub(super) async fn delete(
 							let final_url = url.to_string().replace('"', "");
 							mxc_urls.push(final_url);
 						} else {
-							info!("Found a URL in the event ID {event_id} but did not start with mxc://, ignoring");
+							info!(
+								"Found a URL in the event ID {event_id} but did not start with \
+								 mxc://, ignoring"
+							);
 						}
 					}

@@ -67,17 +75,24 @@ pub(super) async fn delete(
 								debug!("Found a thumbnail_url in info key: {thumbnail_url}");

 								if thumbnail_url.to_string().starts_with("\"mxc://") {
-									debug!("Pushing thumbnail URL {thumbnail_url} to list of MXCs to delete");
-									let final_thumbnail_url = thumbnail_url.to_string().replace('"', "");
+									debug!(
+										"Pushing thumbnail URL {thumbnail_url} to list of MXCs \
+										 to delete"
+									);
+									let final_thumbnail_url =
+										thumbnail_url.to_string().replace('"', "");
 									mxc_urls.push(final_thumbnail_url);
 								} else {
 									info!(
-										"Found a thumbnail URL in the event ID {event_id} but did not start with \
-										 mxc://, ignoring"
+										"Found a thumbnail URL in the event ID {event_id} but \
+										 did not start with mxc://, ignoring"
 									);
 								}
 							} else {
-								info!("No \"thumbnail_url\" key in \"info\" key, assuming no thumbnails.");
+								info!(
+									"No \"thumbnail_url\" key in \"info\" key, assuming no \
+									 thumbnails."
+								);
 							}
 						}
 					}
@@ -98,8 +113,8 @@ pub(super) async fn delete(
 									mxc_urls.push(final_url);
 								} else {
 									info!(
-										"Found a URL in the event ID {event_id} but did not start with mxc://, \
-										 ignoring"
+										"Found a URL in the event ID {event_id} but did not \
+										 start with mxc://, ignoring"
 									);
 								}
 							} else {
@@ -109,13 +124,14 @@ pub(super) async fn delete(
 					}
 				} else {
 					return Ok(RoomMessageEventContent::text_plain(
-						"Event ID does not have a \"content\" key or failed parsing the event ID JSON.",
+						"Event ID does not have a \"content\" key or failed parsing the event \
+						 ID JSON.",
 					));
 				}
 			} else {
 				return Ok(RoomMessageEventContent::text_plain(
-					"Event ID does not have a \"content\" key, this is not a message or an event type that contains \
-					 media.",
+					"Event ID does not have a \"content\" key, this is not a message or an \
+					 event type that contains media.",
 				));
 			}
 		} else {
@@ -126,7 +142,9 @@ pub(super) async fn delete(

 		if mxc_urls.is_empty() {
 			info!("Parsed event ID {event_id} but did not contain any MXC URLs.");
-			return Ok(RoomMessageEventContent::text_plain("Parsed event ID but found no MXC URLs."));
+			return Ok(RoomMessageEventContent::text_plain(
+				"Parsed event ID but found no MXC URLs.",
+			));
 		}

 		let mut mxc_deletion_count: usize = 0;
@@ -138,11 +156,11 @@ pub(super) async fn delete(
 				.delete(&mxc_url.as_str().try_into()?)
 				.await
 			{
-				Ok(()) => {
+				| Ok(()) => {
 					debug_info!("Successfully deleted {mxc_url} from filesystem and database");
 					mxc_deletion_count = mxc_deletion_count.saturating_add(1);
 				},
-				Err(e) => {
+				| Err(e) => {
 					debug_warn!("Failed to delete {mxc_url}, ignoring error and skipping: {e}");
 					continue;
 				},
@@ -150,19 +168,22 @@ pub(super) async fn delete(
 		}

 		return Ok(RoomMessageEventContent::text_plain(format!(
-			"Deleted {mxc_deletion_count} total MXCs from our database and the filesystem from event ID {event_id}."
+			"Deleted {mxc_deletion_count} total MXCs from our database and the filesystem from \
+			 event ID {event_id}."
 		)));
 	}

 	Ok(RoomMessageEventContent::text_plain(
-		"Please specify either an MXC using --mxc or an event ID using --event-id of the message containing an image. \
-		 See --help for details.",
+		"Please specify either an MXC using --mxc or an event ID using --event-id of the \
+		 message containing an image. See --help for details.",
 	))
 }

 #[admin_command]
 pub(super) async fn delete_list(&self) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -192,11 +213,11 @@ pub(super) async fn delete_list(&self) -> Result<RoomMessageEventContent> {
 	for mxc in &mxc_list {
 		trace!(%failed_parsed_mxcs, %mxc_deletion_count, "Deleting MXC {mxc} in bulk");
 		match self.services.media.delete(mxc).await {
-			Ok(()) => {
+			| Ok(()) => {
 				debug_info!("Successfully deleted {mxc} from filesystem and database");
 				mxc_deletion_count = mxc_deletion_count.saturating_add(1);
 			},
-			Err(e) => {
+			| Err(e) => {
 				debug_warn!("Failed to delete {mxc}, ignoring error and skipping: {e}");
 				continue;
 			},
@@ -204,14 +225,18 @@ pub(super) async fn delete_list(&self) -> Result<RoomMessageEventContent> {
 	}

 	Ok(RoomMessageEventContent::text_plain(format!(
-		"Finished bulk MXC deletion, deleted {mxc_deletion_count} total MXCs from our database and the filesystem. \
-		 {failed_parsed_mxcs} MXCs failed to be parsed from the database.",
+		"Finished bulk MXC deletion, deleted {mxc_deletion_count} total MXCs from our database \
+		 and the filesystem. {failed_parsed_mxcs} MXCs failed to be parsed from the database.",
 	)))
 }

 #[admin_command]
 pub(super) async fn delete_past_remote_media(
-	&self, duration: String, before: bool, after: bool, yes_i_want_to_delete_local_media: bool,
+	&self,
+	duration: String,
+	before: bool,
+	after: bool,
+	yes_i_want_to_delete_local_media: bool,
 ) -> Result<RoomMessageEventContent> {
 	if before && after {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -224,7 +249,12 @@ pub(super) async fn delete_past_remote_media(
 	let deleted_count = self
 		.services
 		.media
-		.delete_all_remote_media_at_after_time(duration, before, after, yes_i_want_to_delete_local_media)
+		.delete_all_remote_media_at_after_time(
+			duration,
+			before,
+			after,
+			yes_i_want_to_delete_local_media,
+		)
 		.await?;

 	Ok(RoomMessageEventContent::text_plain(format!(
@@ -233,7 +263,10 @@ pub(super) async fn delete_past_remote_media(
 }

 #[admin_command]
-pub(super) async fn delete_all_from_user(&self, username: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn delete_all_from_user(
+	&self,
+	username: String,
+) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &username)?;

 	let deleted_count = self.services.media.delete_from_user(&user_id).await?;
@@ -245,7 +278,9 @@ pub(super) async fn delete_all_from_user(&self, username: String) -> Result<Room

 #[admin_command]
 pub(super) async fn delete_all_from_server(
-	&self, server_name: Box<ServerName>, yes_i_want_to_delete_local_media: bool,
+	&self,
+	server_name: Box<ServerName>,
+	yes_i_want_to_delete_local_media: bool,
 ) -> Result<RoomMessageEventContent> {
 	if server_name == self.services.globals.server_name() && !yes_i_want_to_delete_local_media {
 		return Ok(RoomMessageEventContent::text_plain(
@@ -260,20 +295,26 @@ pub(super) async fn delete_all_from_server(
 		.await
 		.inspect_err(|e| error!("Failed to get MXC URIs from our database: {e}"))
 	else {
-		return Ok(RoomMessageEventContent::text_plain("Failed to get MXC URIs from our database"));
+		return Ok(RoomMessageEventContent::text_plain(
+			"Failed to get MXC URIs from our database",
+		));
 	};

 	let mut deleted_count: usize = 0;

 	for mxc in all_mxcs {
 		let Ok(mxc_server_name) = mxc.server_name().inspect_err(|e| {
-			debug_warn!("Failed to parse MXC {mxc} server name from database, ignoring error and skipping: {e}");
+			debug_warn!(
+				"Failed to parse MXC {mxc} server name from database, ignoring error and \
+				 skipping: {e}"
+			);
 		}) else {
 			continue;
 		};

 		if mxc_server_name != server_name
-			|| (self.services.globals.server_is_ours(mxc_server_name) && !yes_i_want_to_delete_local_media)
+			|| (self.services.globals.server_is_ours(mxc_server_name)
+				&& !yes_i_want_to_delete_local_media)
 		{
 			trace!("skipping MXC URI {mxc}");
 			continue;
@@ -282,10 +323,10 @@ pub(super) async fn delete_all_from_server(
 		let mxc: Mxc<'_> = mxc.as_str().try_into()?;

 		match self.services.media.delete(&mxc).await {
-			Ok(()) => {
+			| Ok(()) => {
 				deleted_count = deleted_count.saturating_add(1);
 			},
-			Err(e) => {
+			| Err(e) => {
 				debug_warn!("Failed to delete {mxc}, ignoring error and skipping: {e}");
 				continue;
 			},
@@ -300,14 +341,17 @@ pub(super) async fn delete_all_from_server(
 #[admin_command]
 pub(super) async fn get_file_info(&self, mxc: OwnedMxcUri) -> Result<RoomMessageEventContent> {
 	let mxc: Mxc<'_> = mxc.as_str().try_into()?;
-	let metadata = self.services.media.get_metadata(&mxc);
+	let metadata = self.services.media.get_metadata(&mxc).await;

 	Ok(RoomMessageEventContent::notice_markdown(format!("```\n{metadata:#?}\n```")))
 }

 #[admin_command]
 pub(super) async fn get_remote_file(
-	&self, mxc: OwnedMxcUri, server: Option<OwnedServerName>, timeout: u32,
+	&self,
+	mxc: OwnedMxcUri,
+	server: Option<OwnedServerName>,
+	timeout: u32,
 ) -> Result<RoomMessageEventContent> {
 	let mxc: Mxc<'_> = mxc.as_str().try_into()?;
 	let timeout = Duration::from_millis(timeout.into());
@@ -327,7 +371,12 @@ pub(super) async fn get_remote_file(

 #[admin_command]
 pub(super) async fn get_remote_thumbnail(
-	&self, mxc: OwnedMxcUri, server: Option<OwnedServerName>, timeout: u32, width: u32, height: u32,
+	&self,
+	mxc: OwnedMxcUri,
+	server: Option<OwnedServerName>,
+	timeout: u32,
+	width: u32,
+	height: u32,
 ) -> Result<RoomMessageEventContent> {
 	let mxc: Mxc<'_> = mxc.as_str().try_into()?;
 	let timeout = Duration::from_millis(timeout.into());
@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{EventId, MxcUri, OwnedMxcUri, OwnedServerName, ServerName};

 use crate::admin_command_dispatch;
@@ -26,23 +26,23 @@ pub(super) enum MediaCommand {
 	///   filesystem. This will always ignore errors.
 	DeleteList,

-	/// - Deletes all remote media in the last/after "X" time using filesystem
-	///   metadata first created at date, or fallback to last modified date.
-	///   This will always ignore errors by default.
-	///
-	/// Synapse
+	/// - Deletes all remote (and optionally local) media created before or
+	///   after \[duration] time using filesystem metadata first created at
+	///   date, or fallback to last modified date. This will always ignore
+	///   errors by default.
 	DeletePastRemoteMedia {
-		/// - The duration (at or after/before), e.g. "5m" to delete all media
-		///   in the past or up to 5 minutes
+		/// - The relative time (e.g. 30s, 5m, 7d) within which to search
 		duration: String,

+		/// - Only delete media created more recently than \[duration] ago
 		#[arg(long, short)]
 		before: bool,

+		/// - Only delete media created after \[duration] ago
 		#[arg(long, short)]
 		after: bool,

-		/// Long argument to delete local media
+		/// - Long argument to additionally delete local media
 		#[arg(long)]
 		yes_i_want_to_delete_local_media: bool,
 	},
@@ -1,6 +1,7 @@
 #![recursion_limit = "192"]
 #![allow(clippy::wildcard_imports)]
 #![allow(clippy::enum_glob_use)]
+#![allow(clippy::too_many_arguments)]

 pub(crate) mod admin;
 pub(crate) mod command;
@@ -18,12 +19,12 @@ pub(crate) mod room;
 pub(crate) mod server;
 pub(crate) mod user;

-extern crate conduit_api as api;
-extern crate conduit_core as conduit;
-extern crate conduit_service as service;
+extern crate conduwuit_api as api;
+extern crate conduwuit_core as conduwuit;
+extern crate conduwuit_service as service;

-pub(crate) use conduit::Result;
-pub(crate) use conduit_macros::{admin_command, admin_command_dispatch};
+pub(crate) use conduwuit::Result;
+pub(crate) use conduwuit_macros::{admin_command, admin_command_dispatch};

 pub(crate) use crate::{
 	command::Command,
@@ -32,9 +33,9 @@ pub(crate) use crate::{

 pub(crate) const PAGE_SIZE: usize = 100;

-conduit::mod_ctor! {}
-conduit::mod_dtor! {}
-conduit::rustc_flags_capture! {}
+conduwuit::mod_ctor! {}
+conduwuit::mod_dtor! {}
+conduwuit::rustc_flags_capture! {}

 /// Install the admin command processor
 pub async fn init(admin_service: &service::admin::Service) {
@@ -1,12 +1,13 @@
 use std::{
 	fmt::Write,
+	mem::take,
 	panic::AssertUnwindSafe,
 	sync::{Arc, Mutex},
 	time::SystemTime,
 };

 use clap::{CommandFactory, Parser};
-use conduit::{
+use conduwuit::{
 	debug, error,
 	log::{
 		capture,
@@ -17,7 +18,7 @@ use conduit::{
 	utils::string::{collect_stream, common_prefix},
 	warn, Error, Result,
 };
-use futures_util::future::FutureExt;
+use futures::{future::FutureExt, io::BufWriter, AsyncWriteExt};
 use ruma::{
 	events::{
 		relation::InReplyTo,
@@ -53,8 +54,8 @@ async fn handle_command(services: Arc<Services>, command: CommandInput) -> Proce

 async fn process_command(services: Arc<Services>, input: &CommandInput) -> ProcessorResult {
 	let (command, args, body) = match parse(&services, input) {
-		Err(error) => return Err(error),
-		Ok(parsed) => parsed,
+		| Err(error) => return Err(error),
+		| Ok(parsed) => parsed,
 	};

 	let context = Command {
@@ -62,13 +63,37 @@ async fn process_command(services: Arc<Services>, input: &CommandInput) -> Proce
 		body: &body,
 		timer: SystemTime::now(),
 		reply_id: input.reply_id.as_deref(),
+		output: BufWriter::new(Vec::new()).into(),
 	};

-	process(&context, command, &args).await
+	let (result, mut logs) = process(&context, command, &args).await;
+
+	let output = &mut context.output.lock().await;
+	output.flush().await.expect("final flush of output stream");
+
+	let output =
+		String::from_utf8(take(output.get_mut())).expect("invalid utf8 in command output stream");
+
+	match result {
+		| Ok(()) if logs.is_empty() =>
+			Ok(Some(reply(RoomMessageEventContent::notice_markdown(output), context.reply_id))),
+
+		| Ok(()) => {
+			logs.write_str(output.as_str()).expect("output buffer");
+			Ok(Some(reply(RoomMessageEventContent::notice_markdown(logs), context.reply_id)))
+		},
+		| Err(error) => {
+			write!(&mut logs, "Command failed with error:\n```\n{error:#?}\n```")
+				.expect("output buffer");
+
+			Err(reply(RoomMessageEventContent::notice_markdown(logs), context.reply_id))
+		},
+	}
 }

 fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
-	let link = "Please submit a [bug report](https://github.com/girlbossceo/conduwuit/issues/new). 🥺";
+	let link =
+		"Please submit a [bug report](https://github.com/girlbossceo/conduwuit/issues/new). 🥺";
 	let msg = format!("Panic occurred while processing command:\n```\n{error:#?}\n```\n{link}");
 	let content = RoomMessageEventContent::notice_markdown(msg);
 	error!("Panic while processing command: {error:?}");
@@ -76,7 +101,11 @@ fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
 }

 // Parse and process a message from the admin room
-async fn process(context: &Command<'_>, command: AdminCommand, args: &[String]) -> ProcessorResult {
+async fn process(
+	context: &Command<'_>,
+	command: AdminCommand,
+	args: &[String],
+) -> (Result, String) {
 	let (capture, logs) = capture_create(context);

 	let capture_scope = capture.start();
@@ -99,17 +128,7 @@ async fn process(context: &Command<'_>, command: AdminCommand, args: &[String])
 	}
 	drop(logs);

-	match result {
-		Ok(content) => {
-			write!(&mut output, "{0}", content.body()).expect("failed to format command result to output buffer");
-			Ok(Some(reply(RoomMessageEventContent::notice_markdown(output), context.reply_id)))
-		},
-		Err(error) => {
-			write!(&mut output, "Command failed with error:\n```\n{error:#?}\n```")
-				.expect("failed to format command result to output");
-			Err(reply(RoomMessageEventContent::notice_markdown(output), context.reply_id))
-		},
-	}
+	(result, output)
 }

 fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {
@@ -128,8 +147,9 @@ fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {
 		.and_then(LevelFilter::into_level)
 		.unwrap_or(Level::DEBUG);

-	let filter =
-		move |data: capture::Data<'_>| data.level() <= log_level && data.our_modules() && data.scope.contains(&"admin");
+	let filter = move |data: capture::Data<'_>| {
+		data.level() <= log_level && data.our_modules() && data.scope.contains(&"admin")
+	};

 	let logs = Arc::new(Mutex::new(
 		collect_stream(|s| markdown_table_head(s)).expect("markdown table header"),
@@ -146,21 +166,19 @@ fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {

 // Parse chat messages from the admin room into an AdminCommand object
 fn parse<'a>(
-	services: &Arc<Services>, input: &'a CommandInput,
+	services: &Arc<Services>,
+	input: &'a CommandInput,
 ) -> Result<(AdminCommand, Vec<String>, Vec<&'a str>), CommandOutput> {
 	let lines = input.command.lines().filter(|line| !line.trim().is_empty());
 	let command_line = lines.clone().next().expect("command missing first line");
 	let body = lines.skip(1).collect();
 	match parse_command(command_line) {
-		Ok((command, args)) => Ok((command, args, body)),
-		Err(error) => {
+		| Ok((command, args)) => Ok((command, args, body)),
+		| Err(error) => {
 			let message = error
 				.to_string()
 				.replace("server.name", services.globals.server_name().as_str());
-			Err(reply(
-				RoomMessageEventContent::notice_markdown(message),
-				input.reply_id.as_deref(),
-			))
+			Err(reply(RoomMessageEventContent::notice_plain(message), input.reply_id.as_deref()))
 		},
 	}
 }
@@ -258,11 +276,12 @@ fn parse_line(command_line: &str) -> Vec<String> {
 	argv
 }

-fn reply(mut content: RoomMessageEventContent, reply_id: Option<&EventId>) -> RoomMessageEventContent {
+fn reply(
+	mut content: RoomMessageEventContent,
+	reply_id: Option<&EventId>,
+) -> RoomMessageEventContent {
 	content.relates_to = reply_id.map(|event_id| Reply {
-		in_reply_to: InReplyTo {
-			event_id: event_id.to_owned(),
-		},
+		in_reply_to: InReplyTo { event_id: event_id.to_owned() },
 	});

 	content
@@ -1,12 +1,11 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{
-	events::{room::message::RoomMessageEventContent, RoomAccountDataEventType},
-	RoomId, UserId,
-};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, RoomId, UserId};

-use crate::Command;
+use crate::{admin_command, admin_command_dispatch};

+#[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/account_data.rs
 pub(crate) enum AccountDataCommand {
@@ -21,50 +20,53 @@ pub(crate) enum AccountDataCommand {
 	},

 	/// - Searches the account data for a specific kind.
-	Get {
+	AccountDataGet {
 		/// Full user ID
 		user_id: Box<UserId>,
 		/// Account data event type
-		kind: RoomAccountDataEventType,
+		kind: String,
 		/// Optional room ID of the account data
 		room_id: Option<Box<RoomId>>,
 	},
 }

-/// All the getters and iterators from src/database/key_value/account_data.rs
-pub(super) async fn process(subcommand: AccountDataCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
-	let services = context.services;
+#[admin_command]
+async fn changes_since(
+	&self,
+	user_id: Box<UserId>,
+	since: u64,
+	room_id: Option<Box<RoomId>>,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let results: Vec<_> = self
+		.services
+		.account_data
+		.changes_since(room_id.as_deref(), &user_id, since, None)
+		.collect()
+		.await;
+	let query_time = timer.elapsed();

-	match subcommand {
-		AccountDataCommand::ChangesSince {
-			user_id,
-			since,
-			room_id,
-		} => {
-			let timer = tokio::time::Instant::now();
-			let results = services
-				.account_data
-				.changes_since(room_id.as_deref(), &user_id, since)?;
-			let query_time = timer.elapsed();
-
-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
-		},
-		AccountDataCommand::Get {
-			user_id,
-			kind,
-			room_id,
-		} => {
-			let timer = tokio::time::Instant::now();
-			let results = services
-				.account_data
-				.get(room_id.as_deref(), &user_id, kind)?;
-			let query_time = timer.elapsed();
-
-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
-		},
-	}
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn account_data_get(
+	&self,
+	user_id: Box<UserId>,
+	kind: String,
+	room_id: Option<Box<RoomId>>,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let results = self
+		.services
+		.account_data
+		.get_raw(room_id.as_deref(), &user_id, &kind)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
+	)))
 }
@@ -1,6 +1,5 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
+use conduwuit::Result;

 use crate::Command;

@@ -18,32 +17,25 @@ pub(crate) enum AppserviceCommand {
 }

 /// All the getters and iterators from src/database/key_value/appservice.rs
-pub(super) async fn process(subcommand: AppserviceCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: AppserviceCommand, context: &Command<'_>) -> Result {
 	let services = context.services;

 	match subcommand {
-		AppserviceCommand::GetRegistration {
-			appservice_id,
-		} => {
+		| AppserviceCommand::GetRegistration { appservice_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services
-				.appservice
-				.db
-				.get_registration(appservice_id.as_ref());
+			let results = services.appservice.get_registration(&appservice_id).await;
+
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		AppserviceCommand::All => {
+		| AppserviceCommand::All => {
 			let timer = tokio::time::Instant::now();
-			let results = services.appservice.all();
+			let results = services.appservice.all().await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
 	}
+	.await
 }
@@ -1,6 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, ServerName};
+use conduwuit::Result;
+use ruma::ServerName;

 use crate::Command;

@@ -13,8 +13,6 @@ pub(crate) enum GlobalsCommand {

 	LastCheckForUpdatesId,

-	LoadKeypair,
-
 	/// - This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
 	///   for the server.
 	SigningKeysFor {
@@ -23,56 +21,38 @@ pub(crate) enum GlobalsCommand {
 }

 /// All the getters and iterators from src/database/key_value/globals.rs
-pub(super) async fn process(subcommand: GlobalsCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: GlobalsCommand, context: &Command<'_>) -> Result {
 	let services = context.services;

 	match subcommand {
-		GlobalsCommand::DatabaseVersion => {
+		| GlobalsCommand::DatabaseVersion => {
 			let timer = tokio::time::Instant::now();
-			let results = services.globals.db.database_version();
+			let results = services.globals.db.database_version().await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		GlobalsCommand::CurrentCount => {
+		| GlobalsCommand::CurrentCount => {
 			let timer = tokio::time::Instant::now();
 			let results = services.globals.db.current_count();
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		GlobalsCommand::LastCheckForUpdatesId => {
+		| GlobalsCommand::LastCheckForUpdatesId => {
 			let timer = tokio::time::Instant::now();
-			let results = services.updates.last_check_for_updates_id();
+			let results = services.updates.last_check_for_updates_id().await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		GlobalsCommand::LoadKeypair => {
+		| GlobalsCommand::SigningKeysFor { origin } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.globals.db.load_keypair();
+			let results = services.server_keys.verify_keys_for(&origin).await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
-		},
-		GlobalsCommand::SigningKeysFor {
-			origin,
-		} => {
-			let timer = tokio::time::Instant::now();
-			let results = services.globals.db.verify_keys_for(&origin);
-			let query_time = timer.elapsed();
-
-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
 	}
+	.await
 }
@@ -3,19 +3,24 @@ mod appservice;
 mod globals;
 mod presence;
 mod pusher;
+mod raw;
 mod resolver;
 mod room_alias;
 mod room_state_cache;
+mod room_timeline;
 mod sending;
+mod short;
 mod users;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;

 use self::{
 	account_data::AccountDataCommand, appservice::AppserviceCommand, globals::GlobalsCommand,
-	presence::PresenceCommand, pusher::PusherCommand, resolver::ResolverCommand, room_alias::RoomAliasCommand,
-	room_state_cache::RoomStateCacheCommand, sending::SendingCommand, users::UsersCommand,
+	presence::PresenceCommand, pusher::PusherCommand, raw::RawCommand, resolver::ResolverCommand,
+	room_alias::RoomAliasCommand, room_state_cache::RoomStateCacheCommand,
+	room_timeline::RoomTimelineCommand, sending::SendingCommand, short::ShortCommand,
+	users::UsersCommand,
 };
 use crate::admin_command_dispatch;

@@ -43,6 +48,10 @@ pub(super) enum QueryCommand {
 	#[command(subcommand)]
 	RoomStateCache(RoomStateCacheCommand),

+	/// - rooms/timeline iterators and getters
+	#[command(subcommand)]
+	RoomTimeline(RoomTimelineCommand),
+
 	/// - globals.rs iterators and getters
 	#[command(subcommand)]
 	Globals(GlobalsCommand),
@@ -62,4 +71,12 @@ pub(super) enum QueryCommand {
 	/// - pusher service
 	#[command(subcommand)]
 	Pusher(PusherCommand),
+
+	/// - short service
+	#[command(subcommand)]
+	Short(ShortCommand),
+
+	/// - raw service
+	#[command(subcommand)]
+	Raw(RawCommand),
 }
@@ -1,6 +1,7 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, UserId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::UserId;

 use crate::Command;

@@ -22,32 +23,29 @@ pub(crate) enum PresenceCommand {
 }

 /// All the getters and iterators in key_value/presence.rs
-pub(super) async fn process(subcommand: PresenceCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: PresenceCommand, context: &Command<'_>) -> Result {
 	let services = context.services;

 	match subcommand {
-		PresenceCommand::GetPresence {
-			user_id,
-		} => {
+		| PresenceCommand::GetPresence { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.presence.db.get_presence(&user_id)?;
+			let results = services.presence.get_presence(&user_id).await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		PresenceCommand::PresenceSince {
-			since,
-		} => {
+		| PresenceCommand::PresenceSince { since } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.presence.db.presence_since(since);
-			let presence_since: Vec<(_, _, _)> = results.collect();
+			let results: Vec<(_, _, _)> = services
+				.presence
+				.presence_since(since)
+				.map(|(user_id, count, bytes)| (user_id.to_owned(), count, bytes.to_vec()))
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{presence_since:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
 	}
+	.await
 }
@@ -1,6 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, UserId};
+use conduwuit::Result;
+use ruma::UserId;

 use crate::Command;

@@ -13,20 +13,17 @@ pub(crate) enum PusherCommand {
 	},
 }

-pub(super) async fn process(subcommand: PusherCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: PusherCommand, context: &Command<'_>) -> Result {
 	let services = context.services;

 	match subcommand {
-		PusherCommand::GetPushers {
-			user_id,
-		} => {
+		| PusherCommand::GetPushers { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.pusher.get_pushers(&user_id)?;
+			let results = services.pusher.get_pushers(&user_id).await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
 	}
+	.await
 }
@@ -0,0 +1,576 @@
+use std::{borrow::Cow, collections::BTreeMap, ops::Deref};
+
+use clap::Subcommand;
+use conduwuit::{
+	apply, at, is_zero,
+	utils::{
+		stream::{ReadyExt, TryIgnore, TryParallelExt},
+		string::EMPTY,
+		IterStream,
+	},
+	Err, Result,
+};
+use futures::{FutureExt, StreamExt, TryStreamExt};
+use ruma::events::room::message::RoomMessageEventContent;
+use tokio::time::Instant;
+
+use crate::{admin_command, admin_command_dispatch};
+
+#[admin_command_dispatch]
+#[derive(Debug, Subcommand)]
+#[allow(clippy::enum_variant_names)]
+/// Query tables from database
+pub(crate) enum RawCommand {
+	/// - List database maps
+	RawMaps,
+
+	/// - Raw database query
+	RawGet {
+		/// Map name
+		map: String,
+
+		/// Key
+		key: String,
+	},
+
+	/// - Raw database delete (for string keys)
+	RawDel {
+		/// Map name
+		map: String,
+
+		/// Key
+		key: String,
+	},
+
+	/// - Raw database keys iteration
+	RawKeys {
+		/// Map name
+		map: String,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Raw database key size breakdown
+	RawKeysSizes {
+		/// Map name
+		map: Option<String>,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Raw database keys total bytes
+	RawKeysTotal {
+		/// Map name
+		map: Option<String>,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Raw database values size breakdown
+	RawValsSizes {
+		/// Map name
+		map: Option<String>,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Raw database values total bytes
+	RawValsTotal {
+		/// Map name
+		map: Option<String>,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Raw database items iteration
+	RawIter {
+		/// Map name
+		map: String,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Raw database keys iteration
+	RawKeysFrom {
+		/// Map name
+		map: String,
+
+		/// Lower-bound
+		start: String,
+
+		/// Limit
+		#[arg(short, long)]
+		limit: Option<usize>,
+	},
+
+	/// - Raw database items iteration
+	RawIterFrom {
+		/// Map name
+		map: String,
+
+		/// Lower-bound
+		start: String,
+
+		/// Limit
+		#[arg(short, long)]
+		limit: Option<usize>,
+	},
+
+	/// - Raw database record count
+	RawCount {
+		/// Map name
+		map: Option<String>,
+
+		/// Key prefix
+		prefix: Option<String>,
+	},
+
+	/// - Compact database
+	Compact {
+		#[arg(short, long, alias("column"))]
+		map: Option<Vec<String>>,
+
+		#[arg(long)]
+		start: Option<String>,
+
+		#[arg(long)]
+		stop: Option<String>,
+
+		#[arg(long)]
+		from: Option<usize>,
+
+		#[arg(long)]
+		into: Option<usize>,
+
+		/// There is one compaction job per column; then this controls how many
+		/// columns are compacted in parallel. If zero, one compaction job is
+		/// still run at a time here, but in exclusive-mode blocking any other
+		/// automatic compaction jobs until complete.
+		#[arg(long)]
+		parallelism: Option<usize>,
+
+		#[arg(long, default_value("false"))]
+		exhaustive: bool,
+	},
+}
+
+#[admin_command]
+pub(super) async fn compact(
+	&self,
+	map: Option<Vec<String>>,
+	start: Option<String>,
+	stop: Option<String>,
+	from: Option<usize>,
+	into: Option<usize>,
+	parallelism: Option<usize>,
+	exhaustive: bool,
+) -> Result<RoomMessageEventContent> {
+	use conduwuit_database::compact::Options;
+
+	let default_all_maps = map
+		.is_none()
+		.then(|| {
+			self.services
+				.db
+				.keys()
+				.map(Deref::deref)
+				.map(ToOwned::to_owned)
+		})
+		.into_iter()
+		.flatten();
+
+	let maps: Vec<_> = map
+		.unwrap_or_default()
+		.into_iter()
+		.chain(default_all_maps)
+		.map(|map| self.services.db.get(&map))
+		.filter_map(Result::ok)
+		.cloned()
+		.collect();
+
+	if maps.is_empty() {
+		return Err!("--map argument invalid. not found in database");
+	}
+
+	let range = (
+		start.as_ref().map(String::as_bytes).map(Into::into),
+		stop.as_ref().map(String::as_bytes).map(Into::into),
+	);
+
+	let options = Options {
+		range,
+		level: (from, into),
+		exclusive: parallelism.is_some_and(is_zero!()),
+		exhaustive,
+	};
+
+	let runtime = self.services.server.runtime().clone();
+	let parallelism = parallelism.unwrap_or(1);
+	let results = maps
+		.into_iter()
+		.try_stream()
+		.paralleln_and_then(runtime, parallelism, move |map| {
+			map.compact_blocking(options.clone())?;
+			Ok(map.name().to_owned())
+		})
+		.collect::<Vec<_>>();
+
+	let timer = Instant::now();
+	let results = results.await;
+	let query_time = timer.elapsed();
+	self.write_str(&format!("Jobs completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"))
+		.await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_count(
+	&self,
+	map: Option<String>,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	let prefix = prefix.as_deref().unwrap_or(EMPTY);
+
+	let default_all_maps = map
+		.is_none()
+		.then(|| self.services.db.keys().map(Deref::deref))
+		.into_iter()
+		.flatten();
+
+	let maps: Vec<_> = map
+		.iter()
+		.map(String::as_str)
+		.chain(default_all_maps)
+		.map(|map| self.services.db.get(map))
+		.filter_map(Result::ok)
+		.cloned()
+		.collect();
+
+	let timer = Instant::now();
+	let count = maps
+		.iter()
+		.stream()
+		.then(|map| map.raw_count_prefix(&prefix))
+		.ready_fold(0_usize, usize::saturating_add)
+		.await;
+
+	let query_time = timer.elapsed();
+	self.write_str(&format!("Query completed in {query_time:?}:\n\n```rs\n{count:#?}\n```"))
+		.await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_keys(
+	&self,
+	map: String,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	writeln!(self, "```").boxed().await?;
+
+	let map = self.services.db.get(map.as_str())?;
+	let timer = Instant::now();
+	prefix
+		.as_deref()
+		.map_or_else(|| map.raw_keys().boxed(), |prefix| map.raw_keys_prefix(prefix).boxed())
+		.map_ok(String::from_utf8_lossy)
+		.try_for_each(|str| writeln!(self, "{str:?}"))
+		.boxed()
+		.await?;
+
+	let query_time = timer.elapsed();
+	let out = format!("\n```\n\nQuery completed in {query_time:?}");
+	self.write_str(out.as_str()).await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_keys_sizes(
+	&self,
+	map: Option<String>,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	let prefix = prefix.as_deref().unwrap_or(EMPTY);
+
+	let default_all_maps = map
+		.is_none()
+		.then(|| self.services.db.keys().map(Deref::deref))
+		.into_iter()
+		.flatten();
+
+	let maps: Vec<_> = map
+		.iter()
+		.map(String::as_str)
+		.chain(default_all_maps)
+		.map(|map| self.services.db.get(map))
+		.filter_map(Result::ok)
+		.cloned()
+		.collect();
+
+	let timer = Instant::now();
+	let result = maps
+		.iter()
+		.stream()
+		.map(|map| map.raw_keys_prefix(&prefix))
+		.flatten()
+		.ignore_err()
+		.map(<[u8]>::len)
+		.ready_fold_default(|mut map: BTreeMap<_, usize>, len| {
+			let entry = map.entry(len).or_default();
+			*entry = entry.saturating_add(1);
+			map
+		})
+		.await;
+
+	let query_time = timer.elapsed();
+	let result = format!("```\n{result:#?}\n```\n\nQuery completed in {query_time:?}");
+	self.write_str(result.as_str()).await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_keys_total(
+	&self,
+	map: Option<String>,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	let prefix = prefix.as_deref().unwrap_or(EMPTY);
+
+	let default_all_maps = map
+		.is_none()
+		.then(|| self.services.db.keys().map(Deref::deref))
+		.into_iter()
+		.flatten();
+
+	let maps: Vec<_> = map
+		.iter()
+		.map(String::as_str)
+		.chain(default_all_maps)
+		.map(|map| self.services.db.get(map))
+		.filter_map(Result::ok)
+		.cloned()
+		.collect();
+
+	let timer = Instant::now();
+	let result = maps
+		.iter()
+		.stream()
+		.map(|map| map.raw_keys_prefix(&prefix))
+		.flatten()
+		.ignore_err()
+		.map(<[u8]>::len)
+		.ready_fold_default(|acc: usize, len| acc.saturating_add(len))
+		.await;
+
+	let query_time = timer.elapsed();
+
+	self.write_str(&format!("```\n{result:#?}\n\n```\n\nQuery completed in {query_time:?}"))
+		.await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_vals_sizes(
+	&self,
+	map: Option<String>,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	let prefix = prefix.as_deref().unwrap_or(EMPTY);
+
+	let default_all_maps = map
+		.is_none()
+		.then(|| self.services.db.keys().map(Deref::deref))
+		.into_iter()
+		.flatten();
+
+	let maps: Vec<_> = map
+		.iter()
+		.map(String::as_str)
+		.chain(default_all_maps)
+		.map(|map| self.services.db.get(map))
+		.filter_map(Result::ok)
+		.cloned()
+		.collect();
+
+	let timer = Instant::now();
+	let result = maps
+		.iter()
+		.stream()
+		.map(|map| map.raw_stream_prefix(&prefix))
+		.flatten()
+		.ignore_err()
+		.map(at!(1))
+		.map(<[u8]>::len)
+		.ready_fold_default(|mut map: BTreeMap<_, usize>, len| {
+			let entry = map.entry(len).or_default();
+			*entry = entry.saturating_add(1);
+			map
+		})
+		.await;
+
+	let query_time = timer.elapsed();
+	let result = format!("```\n{result:#?}\n```\n\nQuery completed in {query_time:?}");
+	self.write_str(result.as_str()).await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_vals_total(
+	&self,
+	map: Option<String>,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	let prefix = prefix.as_deref().unwrap_or(EMPTY);
+
+	let default_all_maps = map
+		.is_none()
+		.then(|| self.services.db.keys().map(Deref::deref))
+		.into_iter()
+		.flatten();
+
+	let maps: Vec<_> = map
+		.iter()
+		.map(String::as_str)
+		.chain(default_all_maps)
+		.map(|map| self.services.db.get(map))
+		.filter_map(Result::ok)
+		.cloned()
+		.collect();
+
+	let timer = Instant::now();
+	let result = maps
+		.iter()
+		.stream()
+		.map(|map| map.raw_stream_prefix(&prefix))
+		.flatten()
+		.ignore_err()
+		.map(at!(1))
+		.map(<[u8]>::len)
+		.ready_fold_default(|acc: usize, len| acc.saturating_add(len))
+		.await;
+
+	let query_time = timer.elapsed();
+
+	self.write_str(&format!("```\n{result:#?}\n\n```\n\nQuery completed in {query_time:?}"))
+		.await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_iter(
+	&self,
+	map: String,
+	prefix: Option<String>,
+) -> Result<RoomMessageEventContent> {
+	writeln!(self, "```").await?;
+
+	let map = self.services.db.get(&map)?;
+	let timer = Instant::now();
+	prefix
+		.as_deref()
+		.map_or_else(|| map.raw_stream().boxed(), |prefix| map.raw_stream_prefix(prefix).boxed())
+		.map_ok(apply!(2, String::from_utf8_lossy))
+		.map_ok(apply!(2, Cow::into_owned))
+		.try_for_each(|keyval| writeln!(self, "{keyval:?}"))
+		.boxed()
+		.await?;
+
+	let query_time = timer.elapsed();
+	self.write_str(&format!("\n```\n\nQuery completed in {query_time:?}"))
+		.await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_keys_from(
+	&self,
+	map: String,
+	start: String,
+	limit: Option<usize>,
+) -> Result<RoomMessageEventContent> {
+	writeln!(self, "```").await?;
+
+	let map = self.services.db.get(&map)?;
+	let timer = Instant::now();
+	map.raw_keys_from(&start)
+		.map_ok(String::from_utf8_lossy)
+		.take(limit.unwrap_or(usize::MAX))
+		.try_for_each(|str| writeln!(self, "{str:?}"))
+		.boxed()
+		.await?;
+
+	let query_time = timer.elapsed();
+	self.write_str(&format!("\n```\n\nQuery completed in {query_time:?}"))
+		.await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
+}
+
+#[admin_command]
+pub(super) async fn raw_iter_from(
+	&self,
+	map: String,
+	start: String,
+	limit: Option<usize>,
+) -> Result<RoomMessageEventContent> {
+	let map = self.services.db.get(&map)?;
+	let timer = Instant::now();
+	let result = map
+		.raw_stream_from(&start)
+		.map_ok(apply!(2, String::from_utf8_lossy))
+		.map_ok(apply!(2, Cow::into_owned))
+		.take(limit.unwrap_or(usize::MAX))
+		.try_collect::<Vec<(String, String)>>()
+		.await?;
+
+	let query_time = timer.elapsed();
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+pub(super) async fn raw_del(&self, map: String, key: String) -> Result<RoomMessageEventContent> {
+	let map = self.services.db.get(&map)?;
+	let timer = Instant::now();
+	map.remove(&key);
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Operation completed in {query_time:?}"
+	)))
+}
+
+#[admin_command]
+pub(super) async fn raw_get(&self, map: String, key: String) -> Result<RoomMessageEventContent> {
+	let map = self.services.db.get(&map)?;
+	let timer = Instant::now();
+	let handle = map.get(&key).await?;
+	let query_time = timer.elapsed();
+	let result = String::from_utf8_lossy(&handle);
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:?}\n```"
+	)))
+}
+
+#[admin_command]
+pub(super) async fn raw_maps(&self) -> Result<RoomMessageEventContent> {
+	let list: Vec<_> = self.services.db.iter().map(at!(0)).copied().collect();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{list:#?}")))
+}
@@ -1,7 +1,6 @@
-use std::fmt::Write;
-
 use clap::Subcommand;
-use conduit::{utils::time, Result};
+use conduwuit::{utils::time, Result};
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, OwnedServerName};

 use crate::{admin_command, admin_command_dispatch};
@@ -22,73 +21,54 @@ pub(crate) enum ResolverCommand {
 }

 #[admin_command]
-async fn destinations_cache(&self, server_name: Option<OwnedServerName>) -> Result<RoomMessageEventContent> {
+async fn destinations_cache(
+	&self,
+	server_name: Option<OwnedServerName>,
+) -> Result<RoomMessageEventContent> {
 	use service::resolver::cache::CachedDest;

-	let mut out = String::new();
-	writeln!(out, "| Server Name | Destination | Hostname | Expires |")?;
-	writeln!(out, "| ----------- | ----------- | -------- | ------- |")?;
-	let row = |(
-		name,
-		&CachedDest {
-			ref dest,
-			ref host,
-			expire,
-		},
-	)| {
+	writeln!(self, "| Server Name | Destination | Hostname | Expires |").await?;
+	writeln!(self, "| ----------- | ----------- | -------- | ------- |").await?;
+
+	let mut destinations = self.services.resolver.cache.destinations().boxed();
+
+	while let Some((name, CachedDest { dest, host, expire })) = destinations.next().await {
+		if let Some(server_name) = server_name.as_ref() {
+			if name != server_name {
+				continue;
+			}
+		}
+
 		let expire = time::format(expire, "%+");
-		writeln!(out, "| {name} | {dest} | {host} | {expire} |").expect("wrote line");
-	};
-
-	let map = self
-		.services
-		.resolver
-		.cache
-		.destinations
-		.read()
-		.expect("locked");
-
-	if let Some(server_name) = server_name.as_ref() {
-		map.get_key_value(server_name).map(row);
-	} else {
-		map.iter().for_each(row);
+		self.write_str(&format!("| {name} | {dest} | {host} | {expire} |\n"))
+			.await?;
 	}

-	Ok(RoomMessageEventContent::notice_markdown(out))
+	Ok(RoomMessageEventContent::notice_plain(""))
 }

 #[admin_command]
 async fn overrides_cache(&self, server_name: Option<String>) -> Result<RoomMessageEventContent> {
 	use service::resolver::cache::CachedOverride;

-	let mut out = String::new();
-	writeln!(out, "| Server Name | IP  | Port | Expires |")?;
-	writeln!(out, "| ----------- | --- | ----:| ------- |")?;
-	let row = |(
-		name,
-		&CachedOverride {
-			ref ips,
-			port,
-			expire,
-		},
-	)| {
+	writeln!(self, "| Server Name | IP  | Port | Expires | Overriding |").await?;
+	writeln!(self, "| ----------- | --- | ----:| ------- | ---------- |").await?;
+
+	let mut overrides = self.services.resolver.cache.overrides().boxed();
+
+	while let Some((name, CachedOverride { ips, port, expire, overriding })) =
+		overrides.next().await
+	{
+		if let Some(server_name) = server_name.as_ref() {
+			if name != server_name {
+				continue;
+			}
+		}
+
 		let expire = time::format(expire, "%+");
-		writeln!(out, "| {name} | {ips:?} | {port} | {expire} |").expect("wrote line");
-	};
-
-	let map = self
-		.services
-		.resolver
-		.cache
-		.overrides
-		.read()
-		.expect("locked");
-
-	if let Some(server_name) = server_name.as_ref() {
-		map.get_key_value(server_name).map(row);
-	} else {
-		map.iter().for_each(row);
+		self.write_str(&format!("| {name} | {ips:?} | {port} | {expire} | {overriding:?} |\n"))
+			.await?;
 	}

-	Ok(RoomMessageEventContent::notice_markdown(out))
+	Ok(RoomMessageEventContent::notice_plain(""))
 }
@@ -1,6 +1,7 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, RoomAliasId, RoomId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{RoomAliasId, RoomId};

 use crate::Command;

@@ -23,42 +24,43 @@ pub(crate) enum RoomAliasCommand {
 }

 /// All the getters and iterators in src/database/key_value/rooms/alias.rs
-pub(super) async fn process(subcommand: RoomAliasCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: RoomAliasCommand, context: &Command<'_>) -> Result {
 	let services = context.services;

 	match subcommand {
-		RoomAliasCommand::ResolveLocalAlias {
-			alias,
-		} => {
+		| RoomAliasCommand::ResolveLocalAlias { alias } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.alias.resolve_local_alias(&alias);
+			let results = services.rooms.alias.resolve_local_alias(&alias).await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```")
 		},
-		RoomAliasCommand::LocalAliasesForRoom {
-			room_id,
-		} => {
+		| RoomAliasCommand::LocalAliasesForRoom { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.alias.local_aliases_for_room(&room_id);
-			let aliases: Vec<_> = results.collect();
+			let aliases: Vec<_> = services
+				.rooms
+				.alias
+				.local_aliases_for_room(&room_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{aliases:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{aliases:#?}\n```")
 		},
-		RoomAliasCommand::AllLocalAliases => {
+		| RoomAliasCommand::AllLocalAliases => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.alias.all_local_aliases();
-			let aliases: Vec<_> = results.collect();
+			let aliases = services
+				.rooms
+				.alias
+				.all_local_aliases()
+				.map(|(room_id, alias)| (room_id.to_owned(), alias.to_owned()))
+				.collect::<Vec<_>>()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{aliases:#?}\n```"
-			)))
+			write!(context, "Query completed in {query_time:?}:\n\n```rs\n{aliases:#?}\n```")
 		},
 	}
+	.await
 }
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::{Error, Result};
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, RoomId, ServerName, UserId};

 use crate::Command;
@@ -75,213 +76,235 @@ pub(crate) enum RoomStateCacheCommand {
 	},
 }

-pub(super) async fn process(
-	subcommand: RoomStateCacheCommand, context: &Command<'_>,
-) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: RoomStateCacheCommand, context: &Command<'_>) -> Result {
 	let services = context.services;

-	match subcommand {
-		RoomStateCacheCommand::ServerInRoom {
-			server,
-			room_id,
-		} => {
+	let c = match subcommand {
+		| RoomStateCacheCommand::ServerInRoom { server, room_id } => {
 			let timer = tokio::time::Instant::now();
-			let result = services.rooms.state_cache.server_in_room(&server, &room_id);
+			let result = services
+				.rooms
+				.state_cache
+				.server_in_room(&server, &room_id)
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomServers {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomServers { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.room_servers(&room_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.room_servers(&room_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::ServerRooms {
-			server,
-		} => {
+		| RoomStateCacheCommand::ServerRooms { server } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.server_rooms(&server).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.server_rooms(&server)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomMembers {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomMembers { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.room_members(&room_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.room_members(&room_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::LocalUsersInRoom {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::LocalUsersInRoom { room_id } => {
 			let timer = tokio::time::Instant::now();
 			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.local_users_in_room(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::ActiveLocalUsersInRoom {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::ActiveLocalUsersInRoom { room_id } => {
 			let timer = tokio::time::Instant::now();
 			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.active_local_users_in_room(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomJoinedCount {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomJoinedCount { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.state_cache.room_joined_count(&room_id);
+			let results = services.rooms.state_cache.room_joined_count(&room_id).await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomInvitedCount {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomInvitedCount { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.state_cache.room_invited_count(&room_id);
+			let results = services
+				.rooms
+				.state_cache
+				.room_invited_count(&room_id)
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomUserOnceJoined {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomUserOnceJoined { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services
+			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.room_useroncejoined(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomMembersInvited {
-			room_id,
-		} => {
+		| RoomStateCacheCommand::RoomMembersInvited { room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services
+			let results: Vec<_> = services
 				.rooms
 				.state_cache
 				.room_members_invited(&room_id)
-				.collect();
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::GetInviteCount {
-			room_id,
-			user_id,
-		} => {
+		| RoomStateCacheCommand::GetInviteCount { room_id, user_id } => {
 			let timer = tokio::time::Instant::now();
 			let results = services
 				.rooms
 				.state_cache
-				.get_invite_count(&room_id, &user_id);
+				.get_invite_count(&room_id, &user_id)
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::GetLeftCount {
-			room_id,
-			user_id,
-		} => {
+		| RoomStateCacheCommand::GetLeftCount { room_id, user_id } => {
 			let timer = tokio::time::Instant::now();
 			let results = services
 				.rooms
 				.state_cache
-				.get_left_count(&room_id, &user_id);
+				.get_left_count(&room_id, &user_id)
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomsJoined {
-			user_id,
-		} => {
+		| RoomStateCacheCommand::RoomsJoined { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.rooms_joined(&user_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.rooms_joined(&user_id)
+				.map(ToOwned::to_owned)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomsInvited {
-			user_id,
-		} => {
+		| RoomStateCacheCommand::RoomsInvited { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.rooms_invited(&user_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.rooms_invited(&user_id)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::RoomsLeft {
-			user_id,
-		} => {
+		| RoomStateCacheCommand::RoomsLeft { user_id } => {
 			let timer = tokio::time::Instant::now();
-			let results: Result<Vec<_>> = services.rooms.state_cache.rooms_left(&user_id).collect();
+			let results: Vec<_> = services
+				.rooms
+				.state_cache
+				.rooms_left(&user_id)
+				.collect()
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-		RoomStateCacheCommand::InviteState {
-			user_id,
-			room_id,
-		} => {
+		| RoomStateCacheCommand::InviteState { user_id, room_id } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.rooms.state_cache.invite_state(&user_id, &room_id);
+			let results = services
+				.rooms
+				.state_cache
+				.invite_state(&user_id, &room_id)
+				.await;
 			let query_time = timer.elapsed();

-			Ok(RoomMessageEventContent::notice_markdown(format!(
+			Result::<_, Error>::Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{results:#?}\n```"
 			)))
 		},
-	}
+	}?;
+
+	context.write_str(c.body()).await?;
+
+	Ok(())
 }
@@ -0,0 +1,61 @@
+use clap::Subcommand;
+use conduwuit::{utils::stream::TryTools, PduCount, Result};
+use futures::TryStreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomOrAliasId};
+
+use crate::{admin_command, admin_command_dispatch};
+
+#[admin_command_dispatch]
+#[derive(Debug, Subcommand)]
+/// Query tables from database
+pub(crate) enum RoomTimelineCommand {
+	Pdus {
+		room_id: OwnedRoomOrAliasId,
+
+		from: Option<String>,
+
+		#[arg(short, long)]
+		limit: Option<usize>,
+	},
+
+	Last {
+		room_id: OwnedRoomOrAliasId,
+	},
+}
+
+#[admin_command]
+pub(super) async fn last(&self, room_id: OwnedRoomOrAliasId) -> Result<RoomMessageEventContent> {
+	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
+
+	let result = self
+		.services
+		.rooms
+		.timeline
+		.last_timeline_count(None, &room_id)
+		.await?;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{result:#?}")))
+}
+
+#[admin_command]
+pub(super) async fn pdus(
+	&self,
+	room_id: OwnedRoomOrAliasId,
+	from: Option<String>,
+	limit: Option<usize>,
+) -> Result<RoomMessageEventContent> {
+	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
+
+	let from: Option<PduCount> = from.as_deref().map(str::parse).transpose()?;
+
+	let result: Vec<_> = self
+		.services
+		.rooms
+		.timeline
+		.pdus_rev(None, &room_id, from)
+		.try_take(limit.unwrap_or(3))
+		.try_collect()
+		.await?;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{result:#?}")))
+}
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, ServerName, UserId};
 use service::sending::Destination;

@@ -61,39 +62,53 @@ pub(crate) enum SendingCommand {
 }

 /// All the getters and iterators in key_value/sending.rs
-pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -> Result {
+	let c = reprocess(subcommand, context).await?;
+	context.write_str(c.body()).await?;
+	Ok(())
+}
+
+/// All the getters and iterators in key_value/sending.rs
+pub(super) async fn reprocess(
+	subcommand: SendingCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;

 	match subcommand {
-		SendingCommand::ActiveRequests => {
+		| SendingCommand::ActiveRequests => {
 			let timer = tokio::time::Instant::now();
 			let results = services.sending.db.active_requests();
-			let active_requests: Result<Vec<(_, _, _)>> = results.collect();
+			let active_requests = results.collect::<Vec<_>>().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{active_requests:#?}\n```"
 			)))
 		},
-		SendingCommand::QueuedRequests {
+		| SendingCommand::QueuedRequests {
 			appservice_id,
 			server_name,
 			user_id,
 			push_key,
 		} => {
-			if appservice_id.is_none() && server_name.is_none() && user_id.is_none() && push_key.is_none() {
+			if appservice_id.is_none()
+				&& server_name.is_none()
+				&& user_id.is_none()
+				&& push_key.is_none()
+			{
 				return Ok(RoomMessageEventContent::text_plain(
-					"An appservice ID, server name, or a user ID with push key must be specified via arguments. See \
-					 --help for more details.",
+					"An appservice ID, server name, or a user ID with push key must be \
+					 specified via arguments. See --help for more details.",
 				));
 			}
 			let timer = tokio::time::Instant::now();
 			let results = match (appservice_id, server_name, user_id, push_key) {
-				(Some(appservice_id), None, None, None) => {
+				| (Some(appservice_id), None, None, None) => {
 					if appservice_id.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -102,15 +117,15 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.queued_requests(&Destination::Appservice(appservice_id))
 				},
-				(None, Some(server_name), None, None) => services
+				| (None, Some(server_name), None, None) => services
 					.sending
 					.db
-					.queued_requests(&Destination::Normal(server_name.into())),
-				(None, None, Some(user_id), Some(push_key)) => {
+					.queued_requests(&Destination::Federation(server_name.into())),
+				| (None, None, Some(user_id), Some(push_key)) => {
 					if push_key.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -119,47 +134,51 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.queued_requests(&Destination::Push(user_id.into(), push_key))
 				},
-				(Some(_), Some(_), Some(_), Some(_)) => {
+				| (Some(_), Some(_), Some(_), Some(_)) => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 Not all of them See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. Not all of them See --help for more details.",
 					));
 				},
-				_ => {
+				| _ => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. See --help for more details.",
 					));
 				},
 			};

-			let queued_requests = results.collect::<Result<Vec<(_, _)>>>();
+			let queued_requests = results.collect::<Vec<_>>().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{queued_requests:#?}\n```"
 			)))
 		},
-		SendingCommand::ActiveRequestsFor {
+		| SendingCommand::ActiveRequestsFor {
 			appservice_id,
 			server_name,
 			user_id,
 			push_key,
 		} => {
-			if appservice_id.is_none() && server_name.is_none() && user_id.is_none() && push_key.is_none() {
+			if appservice_id.is_none()
+				&& server_name.is_none()
+				&& user_id.is_none()
+				&& push_key.is_none()
+			{
 				return Ok(RoomMessageEventContent::text_plain(
-					"An appservice ID, server name, or a user ID with push key must be specified via arguments. See \
-					 --help for more details.",
+					"An appservice ID, server name, or a user ID with push key must be \
+					 specified via arguments. See --help for more details.",
 				));
 			}

 			let timer = tokio::time::Instant::now();
 			let results = match (appservice_id, server_name, user_id, push_key) {
-				(Some(appservice_id), None, None, None) => {
+				| (Some(appservice_id), None, None, None) => {
 					if appservice_id.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -168,15 +187,15 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.active_requests_for(&Destination::Appservice(appservice_id))
 				},
-				(None, Some(server_name), None, None) => services
+				| (None, Some(server_name), None, None) => services
 					.sending
 					.db
-					.active_requests_for(&Destination::Normal(server_name.into())),
-				(None, None, Some(user_id), Some(push_key)) => {
+					.active_requests_for(&Destination::Federation(server_name.into())),
+				| (None, None, Some(user_id), Some(push_key)) => {
 					if push_key.is_empty() {
 						return Ok(RoomMessageEventContent::text_plain(
-							"An appservice ID, server name, or a user ID with push key must be specified via \
-							 arguments. See --help for more details.",
+							"An appservice ID, server name, or a user ID with push key must be \
+							 specified via arguments. See --help for more details.",
 						));
 					}

@@ -185,32 +204,30 @@ pub(super) async fn process(subcommand: SendingCommand, context: &Command<'_>) -
 						.db
 						.active_requests_for(&Destination::Push(user_id.into(), push_key))
 				},
-				(Some(_), Some(_), Some(_), Some(_)) => {
+				| (Some(_), Some(_), Some(_), Some(_)) => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 Not all of them See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. Not all of them See --help for more details.",
 					));
 				},
-				_ => {
+				| _ => {
 					return Ok(RoomMessageEventContent::text_plain(
-						"An appservice ID, server name, or a user ID with push key must be specified via arguments. \
-						 See --help for more details.",
+						"An appservice ID, server name, or a user ID with push key must be \
+						 specified via arguments. See --help for more details.",
 					));
 				},
 			};

-			let active_requests = results.collect::<Result<Vec<(_, _)>>>();
+			let active_requests = results.collect::<Vec<_>>().await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
 				"Query completed in {query_time:?}:\n\n```rs\n{active_requests:#?}\n```"
 			)))
 		},
-		SendingCommand::GetLatestEduCount {
-			server_name,
-		} => {
+		| SendingCommand::GetLatestEduCount { server_name } => {
 			let timer = tokio::time::Instant::now();
-			let results = services.sending.db.get_latest_educount(&server_name);
+			let results = services.sending.db.get_latest_educount(&server_name).await;
 			let query_time = timer.elapsed();

 			Ok(RoomMessageEventContent::notice_markdown(format!(
@@ -0,0 +1,45 @@
+use clap::Subcommand;
+use conduwuit::Result;
+use ruma::{events::room::message::RoomMessageEventContent, OwnedEventId, OwnedRoomOrAliasId};
+
+use crate::{admin_command, admin_command_dispatch};
+
+#[admin_command_dispatch]
+#[derive(Debug, Subcommand)]
+/// Query tables from database
+pub(crate) enum ShortCommand {
+	ShortEventId {
+		event_id: OwnedEventId,
+	},
+
+	ShortRoomId {
+		room_id: OwnedRoomOrAliasId,
+	},
+}
+
+#[admin_command]
+pub(super) async fn short_event_id(
+	&self,
+	event_id: OwnedEventId,
+) -> Result<RoomMessageEventContent> {
+	let shortid = self
+		.services
+		.rooms
+		.short
+		.get_shorteventid(&event_id)
+		.await?;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{shortid:#?}")))
+}
+
+#[admin_command]
+pub(super) async fn short_room_id(
+	&self,
+	room_id: OwnedRoomOrAliasId,
+) -> Result<RoomMessageEventContent> {
+	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
+
+	let shortid = self.services.rooms.short.get_shortroomid(&room_id).await?;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{shortid:#?}")))
+}
@@ -1,29 +1,424 @@
 use clap::Subcommand;
-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
+use conduwuit::Result;
+use futures::stream::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedDeviceId, OwnedRoomId, OwnedUserId,
+};

-use crate::Command;
+use crate::{admin_command, admin_command_dispatch};

+#[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/users.rs
 pub(crate) enum UsersCommand {
-	Iter,
+	CountUsers,
+
+	IterUsers,
+
+	IterUsers2,
+
+	PasswordHash {
+		user_id: OwnedUserId,
+	},
+
+	ListDevices {
+		user_id: OwnedUserId,
+	},
+
+	ListDevicesMetadata {
+		user_id: OwnedUserId,
+	},
+
+	GetDeviceMetadata {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetDevicesVersion {
+		user_id: OwnedUserId,
+	},
+
+	CountOneTimeKeys {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetDeviceKeys {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetUserSigningKey {
+		user_id: OwnedUserId,
+	},
+
+	GetMasterKey {
+		user_id: OwnedUserId,
+	},
+
+	GetToDeviceEvents {
+		user_id: OwnedUserId,
+		device_id: OwnedDeviceId,
+	},
+
+	GetLatestBackup {
+		user_id: OwnedUserId,
+	},
+
+	GetLatestBackupVersion {
+		user_id: OwnedUserId,
+	},
+
+	GetBackupAlgorithm {
+		user_id: OwnedUserId,
+		version: String,
+	},
+
+	GetAllBackups {
+		user_id: OwnedUserId,
+		version: String,
+	},
+
+	GetRoomBackups {
+		user_id: OwnedUserId,
+		version: String,
+		room_id: OwnedRoomId,
+	},
+
+	GetBackupSession {
+		user_id: OwnedUserId,
+		version: String,
+		room_id: OwnedRoomId,
+		session_id: String,
+	},
+
+	GetSharedRooms {
+		user_a: OwnedUserId,
+		user_b: OwnedUserId,
+	},
 }

-/// All the getters and iterators in key_value/users.rs
-pub(super) async fn process(subcommand: UsersCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
-	let services = context.services;
+#[admin_command]
+async fn get_shared_rooms(
+	&self,
+	user_a: OwnedUserId,
+	user_b: OwnedUserId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result: Vec<_> = self
+		.services
+		.rooms
+		.state_cache
+		.get_shared_rooms(&user_a, &user_b)
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;
+	let query_time = timer.elapsed();

-	match subcommand {
-		UsersCommand::Iter => {
-			let timer = tokio::time::Instant::now();
-			let results = services.users.db.iter();
-			let users = results.collect::<Vec<_>>();
-			let query_time = timer.elapsed();
-
-			Ok(RoomMessageEventContent::notice_markdown(format!(
-				"Query completed in {query_time:?}:\n\n```rs\n{users:#?}\n```"
-			)))
-		},
-	}
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_backup_session(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+	room_id: OwnedRoomId,
+	session_id: String,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_session(&user_id, &version, &room_id, &session_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_room_backups(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+	room_id: OwnedRoomId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_room(&user_id, &version, &room_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_all_backups(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.key_backups.get_all(&user_id, &version).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_backup_algorithm(
+	&self,
+	user_id: OwnedUserId,
+	version: String,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_backup(&user_id, &version)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_latest_backup_version(
+	&self,
+	user_id: OwnedUserId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.key_backups
+		.get_latest_backup_version(&user_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_latest_backup(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.key_backups.get_latest_backup(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn iter_users(&self) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result: Vec<OwnedUserId> = self.services.users.stream().map(Into::into).collect().await;
+
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn iter_users2(&self) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result: Vec<_> = self.services.users.stream().collect().await;
+	let result: Vec<_> = result
+		.into_iter()
+		.map(ruma::UserId::as_bytes)
+		.map(String::from_utf8_lossy)
+		.collect();
+
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn count_users(&self) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.users.count().await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn password_hash(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.users.password_hash(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn list_devices(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let devices = self
+		.services
+		.users
+		.all_device_ids(&user_id)
+		.map(ToOwned::to_owned)
+		.collect::<Vec<_>>()
+		.await;
+
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{devices:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn list_devices_metadata(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let devices = self
+		.services
+		.users
+		.all_devices_metadata(&user_id)
+		.collect::<Vec<_>>()
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{devices:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_device_metadata(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let device = self
+		.services
+		.users
+		.get_device_metadata(&user_id, &device_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{device:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_devices_version(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let device = self.services.users.get_devicelist_version(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{device:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn count_one_time_keys(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.count_one_time_keys(&user_id, &device_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_device_keys(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.get_device_keys(&user_id, &device_id)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_user_signing_key(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self.services.users.get_user_signing_key(&user_id).await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_master_key(&self, user_id: OwnedUserId) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.get_master_key(None, &user_id, &|_| true)
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
+}
+
+#[admin_command]
+async fn get_to_device_events(
+	&self,
+	user_id: OwnedUserId,
+	device_id: OwnedDeviceId,
+) -> Result<RoomMessageEventContent> {
+	let timer = tokio::time::Instant::now();
+	let result = self
+		.services
+		.users
+		.get_to_device_events(&user_id, &device_id, None, None)
+		.collect::<Vec<_>>()
+		.await;
+	let query_time = timer.elapsed();
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"Query completed in {query_time:?}:\n\n```rs\n{result:#?}\n```"
+	)))
 }
@@ -1,8 +1,11 @@
 use std::fmt::Write;

 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, RoomAliasId, RoomId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedRoomAliasId, OwnedRoomId, RoomId,
+};

 use crate::{escape_html, Command};

@@ -41,148 +44,161 @@ pub(crate) enum RoomAliasCommand {
 	},
 }

-pub(super) async fn process(command: RoomAliasCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(command: RoomAliasCommand, context: &Command<'_>) -> Result {
+	let c = reprocess(command, context).await?;
+	context.write_str(c.body()).await?;
+
+	Ok(())
+}
+
+pub(super) async fn reprocess(
+	command: RoomAliasCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;
 	let server_user = &services.globals.server_user;

 	match command {
-		RoomAliasCommand::Set {
-			ref room_alias_localpart,
-			..
-		}
-		| RoomAliasCommand::Remove {
-			ref room_alias_localpart,
-		}
-		| RoomAliasCommand::Which {
-			ref room_alias_localpart,
-		} => {
-			let room_alias_str = format!("#{}:{}", room_alias_localpart, services.globals.server_name());
-			let room_alias = match RoomAliasId::parse_box(room_alias_str) {
-				Ok(alias) => alias,
-				Err(err) => return Ok(RoomMessageEventContent::text_plain(format!("Failed to parse alias: {err}"))),
+		| RoomAliasCommand::Set { ref room_alias_localpart, .. }
+		| RoomAliasCommand::Remove { ref room_alias_localpart }
+		| RoomAliasCommand::Which { ref room_alias_localpart } => {
+			let room_alias_str =
+				format!("#{}:{}", room_alias_localpart, services.globals.server_name());
+			let room_alias = match OwnedRoomAliasId::parse(room_alias_str) {
+				| Ok(alias) => alias,
+				| Err(err) =>
+					return Ok(RoomMessageEventContent::text_plain(format!(
+						"Failed to parse alias: {err}"
+					))),
 			};
 			match command {
-				RoomAliasCommand::Set {
-					force,
-					room_id,
-					..
-				} => match (force, services.rooms.alias.resolve_local_alias(&room_alias)) {
-					(true, Ok(Some(id))) => match services
-						.rooms
-						.alias
-						.set_alias(&room_alias, &room_id, server_user)
-					{
-						Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
-							"Successfully overwrote alias (formerly {id})"
+				| RoomAliasCommand::Set { force, room_id, .. } => {
+					match (force, services.rooms.alias.resolve_local_alias(&room_alias).await) {
+						| (true, Ok(id)) => {
+							match services.rooms.alias.set_alias(
+								&room_alias,
+								&room_id,
+								server_user,
+							) {
+								| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+									"Successfully overwrote alias (formerly {id})"
+								))),
+								| Err(err) => Ok(RoomMessageEventContent::text_plain(format!(
+									"Failed to remove alias: {err}"
+								))),
+							}
+						},
+						| (false, Ok(id)) => Ok(RoomMessageEventContent::text_plain(format!(
+							"Refusing to overwrite in use alias for {id}, use -f or --force to \
+							 overwrite"
 						))),
-						Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Failed to remove alias: {err}"))),
-					},
-					(false, Ok(Some(id))) => Ok(RoomMessageEventContent::text_plain(format!(
-						"Refusing to overwrite in use alias for {id}, use -f or --force to overwrite"
-					))),
-					(_, Ok(None)) => match services
-						.rooms
-						.alias
-						.set_alias(&room_alias, &room_id, server_user)
-					{
-						Ok(()) => Ok(RoomMessageEventContent::text_plain("Successfully set alias")),
-						Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Failed to remove alias: {err}"))),
-					},
-					(_, Err(err)) => Ok(RoomMessageEventContent::text_plain(format!("Unable to lookup alias: {err}"))),
+						| (_, Err(_)) => {
+							match services.rooms.alias.set_alias(
+								&room_alias,
+								&room_id,
+								server_user,
+							) {
+								| Ok(()) => Ok(RoomMessageEventContent::text_plain(
+									"Successfully set alias",
+								)),
+								| Err(err) => Ok(RoomMessageEventContent::text_plain(format!(
+									"Failed to remove alias: {err}"
+								))),
+							}
+						},
+					}
 				},
-				RoomAliasCommand::Remove {
-					..
-				} => match services.rooms.alias.resolve_local_alias(&room_alias) {
-					Ok(Some(id)) => match services
-						.rooms
-						.alias
-						.remove_alias(&room_alias, server_user)
-						.await
-					{
-						Ok(()) => Ok(RoomMessageEventContent::text_plain(format!("Removed alias from {id}"))),
-						Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Failed to remove alias: {err}"))),
-					},
-					Ok(None) => Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
-					Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to lookup alias: {err}"))),
+				| RoomAliasCommand::Remove { .. } => {
+					match services.rooms.alias.resolve_local_alias(&room_alias).await {
+						| Ok(id) => match services
+							.rooms
+							.alias
+							.remove_alias(&room_alias, server_user)
+							.await
+						{
+							| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+								"Removed alias from {id}"
+							))),
+							| Err(err) => Ok(RoomMessageEventContent::text_plain(format!(
+								"Failed to remove alias: {err}"
+							))),
+						},
+						| Err(_) =>
+							Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
+					}
 				},
-				RoomAliasCommand::Which {
-					..
-				} => match services.rooms.alias.resolve_local_alias(&room_alias) {
-					Ok(Some(id)) => Ok(RoomMessageEventContent::text_plain(format!("Alias resolves to {id}"))),
-					Ok(None) => Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
-					Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to lookup alias: {err}"))),
+				| RoomAliasCommand::Which { .. } => {
+					match services.rooms.alias.resolve_local_alias(&room_alias).await {
+						| Ok(id) => Ok(RoomMessageEventContent::text_plain(format!(
+							"Alias resolves to {id}"
+						))),
+						| Err(_) =>
+							Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
+					}
 				},
-				RoomAliasCommand::List {
-					..
-				} => unreachable!(),
+				| RoomAliasCommand::List { .. } => unreachable!(),
 			}
 		},
-		RoomAliasCommand::List {
-			room_id,
-		} => {
+		| RoomAliasCommand::List { room_id } =>
 			if let Some(room_id) = room_id {
-				let aliases = services
+				let aliases: Vec<OwnedRoomAliasId> = services
 					.rooms
 					.alias
 					.local_aliases_for_room(&room_id)
-					.collect::<Result<Vec<_>, _>>();
-				match aliases {
-					Ok(aliases) => {
-						let plain_list = aliases.iter().fold(String::new(), |mut output, alias| {
-							writeln!(output, "- {alias}").expect("should be able to write to string buffer");
-							output
-						});
+					.map(Into::into)
+					.collect()
+					.await;

-						let html_list = aliases.iter().fold(String::new(), |mut output, alias| {
-							writeln!(output, "<li>{}</li>", escape_html(alias.as_ref()))
-								.expect("should be able to write to string buffer");
-							output
-						});
+				let plain_list = aliases.iter().fold(String::new(), |mut output, alias| {
+					writeln!(output, "- {alias}")
+						.expect("should be able to write to string buffer");
+					output
+				});

-						let plain = format!("Aliases for {room_id}:\n{plain_list}");
-						let html = format!("Aliases for {room_id}:\n<ul>{html_list}</ul>");
-						Ok(RoomMessageEventContent::text_html(plain, html))
-					},
-					Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to list aliases: {err}"))),
-				}
+				let html_list = aliases.iter().fold(String::new(), |mut output, alias| {
+					writeln!(output, "<li>{}</li>", escape_html(alias.as_ref()))
+						.expect("should be able to write to string buffer");
+					output
+				});
+
+				let plain = format!("Aliases for {room_id}:\n{plain_list}");
+				let html = format!("Aliases for {room_id}:\n<ul>{html_list}</ul>");
+				Ok(RoomMessageEventContent::text_html(plain, html))
 			} else {
 				let aliases = services
 					.rooms
 					.alias
 					.all_local_aliases()
-					.collect::<Result<Vec<_>, _>>();
-				match aliases {
-					Ok(aliases) => {
-						let server_name = services.globals.server_name();
-						let plain_list = aliases
-							.iter()
-							.fold(String::new(), |mut output, (alias, id)| {
-								writeln!(output, "- `{alias}` -> #{id}:{server_name}")
-									.expect("should be able to write to string buffer");
-								output
-							});
+					.map(|(room_id, localpart)| (room_id.into(), localpart.into()))
+					.collect::<Vec<(OwnedRoomId, String)>>()
+					.await;

-						let html_list = aliases
-							.iter()
-							.fold(String::new(), |mut output, (alias, id)| {
-								writeln!(
-									output,
-									"<li><code>{}</code> -> #{}:{}</li>",
-									escape_html(alias.as_ref()),
-									escape_html(id.as_ref()),
-									server_name
-								)
-								.expect("should be able to write to string buffer");
-								output
-							});
+				let server_name = services.globals.server_name();
+				let plain_list = aliases
+					.iter()
+					.fold(String::new(), |mut output, (alias, id)| {
+						writeln!(output, "- `{alias}` -> #{id}:{server_name}")
+							.expect("should be able to write to string buffer");
+						output
+					});

-						let plain = format!("Aliases:\n{plain_list}");
-						let html = format!("Aliases:\n<ul>{html_list}</ul>");
-						Ok(RoomMessageEventContent::text_html(plain, html))
-					},
-					Err(e) => Ok(RoomMessageEventContent::text_plain(format!("Unable to list room aliases: {e}"))),
-				}
-			}
-		},
+				let html_list = aliases
+					.iter()
+					.fold(String::new(), |mut output, (alias, id)| {
+						writeln!(
+							output,
+							"<li><code>{}</code> -> #{}:{}</li>",
+							escape_html(alias.as_ref()),
+							escape_html(id),
+							server_name
+						)
+						.expect("should be able to write to string buffer");
+						output
+					});
+
+				let plain = format!("Aliases:\n{plain_list}");
+				let html = format!("Aliases:\n<ul>{html_list}</ul>");
+				Ok(RoomMessageEventContent::text_html(plain, html))
+			},
 	}
 }
@@ -1,11 +1,16 @@
-use conduit::Result;
-use ruma::events::room::message::RoomMessageEventContent;
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId};

 use crate::{admin_command, get_room_info, PAGE_SIZE};

 #[admin_command]
 pub(super) async fn list_rooms(
-	&self, page: Option<usize>, exclude_disabled: bool, exclude_banned: bool, no_details: bool,
+	&self,
+	page: Option<usize>,
+	exclude_disabled: bool,
+	exclude_banned: bool,
+	no_details: bool,
 ) -> Result<RoomMessageEventContent> {
 	// TODO: i know there's a way to do this with clap, but i can't seem to find it
 	let page = page.unwrap_or(1);
@@ -14,37 +19,18 @@ pub(super) async fn list_rooms(
 		.rooms
 		.metadata
 		.iter_ids()
-		.filter_map(|room_id| {
-			room_id
-				.ok()
-				.filter(|room_id| {
-					if exclude_disabled
-						&& self
-							.services
-							.rooms
-							.metadata
-							.is_disabled(room_id)
-							.unwrap_or(false)
-					{
-						return false;
-					}
-
-					if exclude_banned
-						&& self
-							.services
-							.rooms
-							.metadata
-							.is_banned(room_id)
-							.unwrap_or(false)
-					{
-						return false;
-					}
-
-					true
-				})
-				.map(|room_id| get_room_info(self.services, &room_id))
+		.filter_map(|room_id| async move {
+			(!exclude_disabled || !self.services.rooms.metadata.is_disabled(room_id).await)
+				.then_some(room_id)
 		})
-		.collect::<Vec<_>>();
+		.filter_map(|room_id| async move {
+			(!exclude_banned || !self.services.rooms.metadata.is_banned(room_id).await)
+				.then_some(room_id)
+		})
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect::<Vec<_>>()
+		.await;
+
 	rooms.sort_by_key(|r| r.1);
 	rooms.reverse();

@@ -74,3 +60,10 @@ pub(super) async fn list_rooms(

 	Ok(RoomMessageEventContent::notice_markdown(output_plain))
 }
+
+#[admin_command]
+pub(super) async fn exists(&self, room_id: OwnedRoomId) -> Result<RoomMessageEventContent> {
+	let result = self.services.rooms.metadata.exists(&room_id).await;
+
+	Ok(RoomMessageEventContent::notice_markdown(format!("{result}")))
+}
@@ -1,10 +1,9 @@
-use std::fmt::Write;
-
 use clap::Subcommand;
-use conduit::Result;
-use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId, RoomId};
+use conduwuit::Result;
+use futures::StreamExt;
+use ruma::{events::room::message::RoomMessageEventContent, RoomId};

-use crate::{escape_html, get_room_info, Command, PAGE_SIZE};
+use crate::{get_room_info, Command, PAGE_SIZE};

 #[derive(Debug, Subcommand)]
 pub(crate) enum RoomDirectoryCommand {
@@ -26,72 +25,61 @@ pub(crate) enum RoomDirectoryCommand {
 	},
 }

-pub(super) async fn process(command: RoomDirectoryCommand, context: &Command<'_>) -> Result<RoomMessageEventContent> {
+pub(super) async fn process(command: RoomDirectoryCommand, context: &Command<'_>) -> Result {
+	let c = reprocess(command, context).await?;
+	context.write_str(c.body()).await?;
+	Ok(())
+}
+
+pub(super) async fn reprocess(
+	command: RoomDirectoryCommand,
+	context: &Command<'_>,
+) -> Result<RoomMessageEventContent> {
 	let services = context.services;
 	match command {
-		RoomDirectoryCommand::Publish {
-			room_id,
-		} => match services.rooms.directory.set_public(&room_id) {
-			Ok(()) => Ok(RoomMessageEventContent::text_plain("Room published")),
-			Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to update room: {err}"))),
+		| RoomDirectoryCommand::Publish { room_id } => {
+			services.rooms.directory.set_public(&room_id);
+			Ok(RoomMessageEventContent::notice_plain("Room published"))
 		},
-		RoomDirectoryCommand::Unpublish {
-			room_id,
-		} => match services.rooms.directory.set_not_public(&room_id) {
-			Ok(()) => Ok(RoomMessageEventContent::text_plain("Room unpublished")),
-			Err(err) => Ok(RoomMessageEventContent::text_plain(format!("Unable to update room: {err}"))),
+		| RoomDirectoryCommand::Unpublish { room_id } => {
+			services.rooms.directory.set_not_public(&room_id);
+			Ok(RoomMessageEventContent::notice_plain("Room unpublished"))
 		},
-		RoomDirectoryCommand::List {
-			page,
-		} => {
+		| RoomDirectoryCommand::List { page } => {
 			// TODO: i know there's a way to do this with clap, but i can't seem to find it
 			let page = page.unwrap_or(1);
-			let mut rooms = services
+			let mut rooms: Vec<_> = services
 				.rooms
 				.directory
 				.public_rooms()
-				.filter_map(Result::ok)
-				.map(|id: OwnedRoomId| get_room_info(services, &id))
-				.collect::<Vec<_>>();
+				.then(|room_id| get_room_info(services, room_id))
+				.collect()
+				.await;
+
 			rooms.sort_by_key(|r| r.1);
 			rooms.reverse();

-			let rooms = rooms
+			let rooms: Vec<_> = rooms
 				.into_iter()
 				.skip(page.saturating_sub(1).saturating_mul(PAGE_SIZE))
 				.take(PAGE_SIZE)
-				.collect::<Vec<_>>();
+				.collect();

 			if rooms.is_empty() {
 				return Ok(RoomMessageEventContent::text_plain("No more rooms."));
 			};

-			let output_plain = format!(
-				"Rooms:\n{}",
+			let output = format!(
+				"Rooms (page {page}):\n```\n{}\n```",
 				rooms
 					.iter()
-					.map(|(id, members, name)| format!("{id}\tMembers: {members}\tName: {name}"))
+					.map(|(id, members, name)| format!(
+						"{id} | Members: {members} | Name: {name}"
+					))
 					.collect::<Vec<_>>()
 					.join("\n")
 			);
-			let output_html = format!(
-				"<table><caption>Room directory - page \
-				 {page}</caption>\n<tr><th>id</th>\t<th>members</th>\t<th>name</th></tr>\n{}</table>",
-				rooms
-					.iter()
-					.fold(String::new(), |mut output, (id, members, name)| {
-						writeln!(
-							output,
-							"<tr><td>{}</td>\t<td>{}</td>\t<td>{}</td></tr>",
-							escape_html(id.as_ref()),
-							members,
-							escape_html(name.as_ref())
-						)
-						.expect("should be able to write to string buffer");
-						output
-					})
-			);
-			Ok(RoomMessageEventContent::text_html(output_plain, output_html))
+			Ok(RoomMessageEventContent::text_markdown(output))
 		},
 	}
 }
@@ -1,5 +1,6 @@
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::{utils::ReadyExt, Result};
+use futures::StreamExt;
 use ruma::{events::room::message::RoomMessageEventContent, RoomId};

 use crate::{admin_command, admin_command_dispatch};
@@ -26,52 +27,50 @@ pub(crate) enum RoomInfoCommand {
 }

 #[admin_command]
-async fn list_joined_members(&self, room_id: Box<RoomId>, local_only: bool) -> Result<RoomMessageEventContent> {
+async fn list_joined_members(
+	&self,
+	room_id: Box<RoomId>,
+	local_only: bool,
+) -> Result<RoomMessageEventContent> {
 	let room_name = self
 		.services
 		.rooms
 		.state_accessor
 		.get_name(&room_id)
-		.ok()
-		.flatten()
-		.unwrap_or_else(|| room_id.to_string());
+		.await
+		.unwrap_or_else(|_| room_id.to_string());

-	let members = self
+	let member_info: Vec<_> = self
 		.services
 		.rooms
 		.state_cache
 		.room_members(&room_id)
-		.filter_map(|member| {
-			if local_only {
-				member
-					.ok()
-					.filter(|user| self.services.globals.user_is_local(user))
-			} else {
-				member.ok()
-			}
-		});
-
-	let member_info = members
-		.into_iter()
-		.map(|user_id| {
-			(
-				user_id.clone(),
+		.ready_filter(|user_id| {
+			local_only
+				.then(|| self.services.globals.user_is_local(user_id))
+				.unwrap_or(true)
+		})
+		.map(ToOwned::to_owned)
+		.filter_map(|user_id| async move {
+			Some((
 				self.services
 					.users
 					.displayname(&user_id)
-					.unwrap_or(None)
-					.unwrap_or_else(|| user_id.to_string()),
-			)
+					.await
+					.unwrap_or_else(|_| user_id.to_string()),
+				user_id,
+			))
 		})
-		.collect::<Vec<_>>();
+		.collect()
+		.await;

 	let output_plain = format!(
 		"{} Members in Room \"{}\":\n```\n{}\n```",
 		member_info.len(),
 		room_name,
 		member_info
-			.iter()
-			.map(|(mxid, displayname)| format!("{mxid} | {displayname}"))
+			.into_iter()
+			.map(|(displayname, mxid)| format!("{mxid} | {displayname}"))
 			.collect::<Vec<_>>()
 			.join("\n")
 	);
@@ -81,11 +80,12 @@ async fn list_joined_members(&self, room_id: Box<RoomId>, local_only: bool) -> R

 #[admin_command]
 async fn view_room_topic(&self, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	let Some(room_topic) = self
+	let Ok(room_topic) = self
 		.services
 		.rooms
 		.state_accessor
-		.get_room_topic(&room_id)?
+		.get_room_topic(&room_id)
+		.await
 	else {
 		return Ok(RoomMessageEventContent::text_plain("Room does not have a room topic set."));
 	};
@@ -5,10 +5,12 @@ mod info;
 mod moderation;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
+use ruma::OwnedRoomId;

 use self::{
-	alias::RoomAliasCommand, directory::RoomDirectoryCommand, info::RoomInfoCommand, moderation::RoomModerationCommand,
+	alias::RoomAliasCommand, directory::RoomDirectoryCommand, info::RoomInfoCommand,
+	moderation::RoomModerationCommand,
 };
 use crate::admin_command_dispatch;

@@ -49,4 +51,9 @@ pub(super) enum RoomCommand {
 	#[command(subcommand)]
 	/// - Manage the room directory
 	Directory(RoomDirectoryCommand),
+
+	/// - Check if we know about a room
+	Exists {
+		room_id: OwnedRoomId,
+	},
 }
@@ -1,7 +1,15 @@
 use api::client::leave_room;
 use clap::Subcommand;
-use conduit::{debug, error, info, warn, Result};
-use ruma::{events::room::message::RoomMessageEventContent, OwnedRoomId, RoomAliasId, RoomId, RoomOrAliasId};
+use conduwuit::{
+	debug, error, info,
+	utils::{IterStream, ReadyExt},
+	warn, Result,
+};
+use futures::StreamExt;
+use ruma::{
+	events::room::message::RoomMessageEventContent, OwnedRoomId, RoomAliasId, RoomId,
+	RoomOrAliasId,
+};

 use crate::{admin_command, admin_command_dispatch, get_room_info};

@@ -70,13 +78,16 @@ pub(crate) enum RoomModerationCommand {

 #[admin_command]
 async fn ban_room(
-	&self, force: bool, disable_federation: bool, room: Box<RoomOrAliasId>,
+	&self,
+	force: bool,
+	disable_federation: bool,
+	room: Box<RoomOrAliasId>,
 ) -> Result<RoomMessageEventContent> {
 	debug!("Got room alias or ID: {}", room);

 	let admin_room_alias = &self.services.globals.admin_alias;

-	if let Some(admin_room_id) = self.services.admin.get_admin_room()? {
+	if let Ok(admin_room_id) = self.services.admin.get_admin_room().await {
 		if room.to_string().eq(&admin_room_id) || room.to_string().eq(admin_room_alias) {
 			return Ok(RoomMessageEventContent::text_plain("Not allowed to ban the admin room."));
 		}
@@ -84,129 +95,128 @@ async fn ban_room(

 	let room_id = if room.is_room_id() {
 		let room_id = match RoomId::parse(&room) {
-			Ok(room_id) => room_id,
-			Err(e) => {
+			| Ok(room_id) => room_id,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!("Room specified is a room ID, banning room ID");
+		self.services.rooms.metadata.ban_room(room_id, true);

-		self.services.rooms.metadata.ban_room(&room_id, true)?;
-
-		room_id
+		room_id.to_owned()
 	} else if room.is_room_alias_id() {
 		let room_alias = match RoomAliasId::parse(&room) {
-			Ok(room_alias) => room_alias,
-			Err(e) => {
+			| Ok(room_alias) => room_alias,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!(
-			"Room specified is not a room ID, attempting to resolve room alias to a room ID locally, if not using \
-			 get_alias_helper to fetch room ID remotely"
+			"Room specified is not a room ID, attempting to resolve room alias to a room ID \
+			 locally, if not using get_alias_helper to fetch room ID remotely"
 		);

-		let room_id = if let Some(room_id) = self.services.rooms.alias.resolve_local_alias(&room_alias)? {
+		let room_id = if let Ok(room_id) = self
+			.services
+			.rooms
+			.alias
+			.resolve_local_alias(room_alias)
+			.await
+		{
 			room_id
 		} else {
-			debug!("We don't have this room alias to a room ID locally, attempting to fetch room ID over federation");
+			debug!(
+				"We don't have this room alias to a room ID locally, attempting to fetch room \
+				 ID over federation"
+			);

 			match self
 				.services
 				.rooms
 				.alias
-				.resolve_alias(&room_alias, None)
+				.resolve_alias(room_alias, None)
 				.await
 			{
-				Ok((room_id, servers)) => {
-					debug!(?room_id, ?servers, "Got federation response fetching room ID for {room}");
+				| Ok((room_id, servers)) => {
+					debug!(
+						?room_id,
+						?servers,
+						"Got federation response fetching room ID for {room_id}"
+					);
 					room_id
 				},
-				Err(e) => {
+				| Err(e) => {
 					return Ok(RoomMessageEventContent::notice_plain(format!(
-						"Failed to resolve room alias {room} to a room ID: {e}"
+						"Failed to resolve room alias {room_alias} to a room ID: {e}"
 					)));
 				},
 			}
 		};

-		self.services.rooms.metadata.ban_room(&room_id, true)?;
+		self.services.rooms.metadata.ban_room(&room_id, true);

 		room_id
 	} else {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Room specified is not a room ID or room alias. Please note that this requires a full room ID \
-			 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`)",
+			"Room specified is not a room ID or room alias. Please note that this requires a \
+			 full room ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+			 (`#roomalias:example.com`)",
 		));
 	};

 	debug!("Making all users leave the room {}", &room);
 	if force {
-		for local_user in self
+		let mut users = self
 			.services
 			.rooms
 			.state_cache
 			.room_members(&room_id)
-			.filter_map(|user| {
-				user.ok().filter(|local_user| {
-					self.services.globals.user_is_local(local_user)
-								// additional wrapped check here is to avoid adding remote users
-								// who are in the admin room to the list of local users (would
-								// fail auth check)
-								&& (self.services.globals.user_is_local(local_user)
-									// since this is a force operation, assume user is an admin
-									// if somehow this fails
-									&& self.services
-										.users
-										.is_admin(local_user)
-										.unwrap_or(true))
-				})
-			}) {
+			.ready_filter(|user| self.services.globals.user_is_local(user))
+			.boxed();
+
+		while let Some(local_user) = users.next().await {
 			debug!(
-				"Attempting leave for user {} in room {} (forced, ignoring all errors, evicting admins too)",
-				&local_user, &room_id
+				"Attempting leave for user {local_user} in room {room_id} (forced, ignoring all \
+				 errors, evicting admins too)",
 			);

-			if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+			if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 				warn!(%e, "Failed to leave room");
 			}
 		}
 	} else {
-		for local_user in self
+		let mut users = self
 			.services
 			.rooms
 			.state_cache
 			.room_members(&room_id)
-			.filter_map(|user| {
-				user.ok().filter(|local_user| {
-					local_user.server_name() == self.services.globals.server_name()
-								// additional wrapped check here is to avoid adding remote users
-								// who are in the admin room to the list of local users (would fail auth check)
-								&& (local_user.server_name()
-									== self.services.globals.server_name()
-									&& !self.services
-										.users
-										.is_admin(local_user)
-										.unwrap_or(false))
-				})
-			}) {
+			.ready_filter(|user| self.services.globals.user_is_local(user))
+			.boxed();
+
+		while let Some(local_user) = users.next().await {
+			if self.services.users.is_admin(local_user).await {
+				continue;
+			}
+
 			debug!("Attempting leave for user {} in room {}", &local_user, &room_id);
-			if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+			if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 				error!(
-					"Error attempting to make local user {} leave room {} during room banning: {}",
+					"Error attempting to make local user {} leave room {} during room banning: \
+					 {}",
 					&local_user, &room_id, e
 				);
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Error attempting to make local user {} leave room {} during room banning (room is still banned \
-					 but not removing any more users): {}\nIf you would like to ignore errors, use --force",
+					"Error attempting to make local user {} leave room {} during room banning \
+					 (room is still banned but not removing any more users): {}\nIf you would \
+					 like to ignore errors, use --force",
 					&local_user, &room_id, e
 				)));
 			}
@@ -214,12 +224,14 @@ async fn ban_room(
 	}

 	// remove any local aliases, ignore errors
-	for ref local_alias in self
+	for local_alias in &self
 		.services
 		.rooms
 		.alias
 		.local_aliases_for_room(&room_id)
-		.filter_map(Result::ok)
+		.map(ToOwned::to_owned)
+		.collect::<Vec<_>>()
+		.await
 	{
 		_ = self
 			.services
@@ -230,24 +242,31 @@ async fn ban_room(
 	}

 	// unpublish from room directory, ignore errors
-	_ = self.services.rooms.directory.set_not_public(&room_id);
+	self.services.rooms.directory.set_not_public(&room_id);

 	if disable_federation {
-		self.services.rooms.metadata.disable_room(&room_id, true)?;
+		self.services.rooms.metadata.disable_room(&room_id, true);
 		return Ok(RoomMessageEventContent::text_plain(
-			"Room banned, removed all our local users, and disabled incoming federation with room.",
+			"Room banned, removed all our local users, and disabled incoming federation with \
+			 room.",
 		));
 	}

 	Ok(RoomMessageEventContent::text_plain(
-		"Room banned and removed all our local users, use `!admin federation disable-room` to stop receiving new \
-		 inbound federation events as well if needed.",
+		"Room banned and removed all our local users, use `!admin federation disable-room` to \
+		 stop receiving new inbound federation events as well if needed.",
 	))
 }

 #[admin_command]
-async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+async fn ban_list_of_rooms(
+	&self,
+	force: bool,
+	disable_federation: bool,
+) -> Result<RoomMessageEventContent> {
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -267,9 +286,10 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu

 	for &room in &rooms_s {
 		match <&RoomOrAliasId>::try_from(room) {
-			Ok(room_alias_or_id) => {
-				if let Some(admin_room_id) = self.services.admin.get_admin_room()? {
-					if room.to_owned().eq(&admin_room_id) || room.to_owned().eq(admin_room_alias) {
+			| Ok(room_alias_or_id) => {
+				if let Ok(admin_room_id) = self.services.admin.get_admin_room().await {
+					if room.to_owned().eq(&admin_room_id) || room.to_owned().eq(admin_room_alias)
+					{
 						info!("User specified admin room in bulk ban list, ignoring");
 						continue;
 					}
@@ -277,175 +297,167 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu

 				if room_alias_or_id.is_room_id() {
 					let room_id = match RoomId::parse(room_alias_or_id) {
-						Ok(room_id) => room_id,
-						Err(e) => {
+						| Ok(room_id) => room_id,
+						| Err(e) => {
 							if force {
 								// ignore rooms we failed to parse if we're force banning
 								warn!(
-									"Error parsing room \"{room}\" during bulk room banning, ignoring error and \
-									 logging here: {e}"
+									"Error parsing room \"{room}\" during bulk room banning, \
+									 ignoring error and logging here: {e}"
 								);
 								continue;
 							}

 							return Ok(RoomMessageEventContent::text_plain(format!(
-								"{room} is not a valid room ID or room alias, please fix the list and try again: {e}"
+								"{room} is not a valid room ID or room alias, please fix the \
+								 list and try again: {e}"
 							)));
 						},
 					};

-					room_ids.push(room_id);
+					room_ids.push(room_id.to_owned());
 				}

 				if room_alias_or_id.is_room_alias_id() {
 					match RoomAliasId::parse(room_alias_or_id) {
-						Ok(room_alias) => {
-							let room_id =
-								if let Some(room_id) = self.services.rooms.alias.resolve_local_alias(&room_alias)? {
-									room_id
-								} else {
-									debug!(
-										"We don't have this room alias to a room ID locally, attempting to fetch room \
-										 ID over federation"
-									);
+						| Ok(room_alias) => {
+							let room_id = if let Ok(room_id) = self
+								.services
+								.rooms
+								.alias
+								.resolve_local_alias(room_alias)
+								.await
+							{
+								room_id
+							} else {
+								debug!(
+									"We don't have this room alias to a room ID locally, \
+									 attempting to fetch room ID over federation"
+								);

-									match self
-										.services
-										.rooms
-										.alias
-										.resolve_alias(&room_alias, None)
-										.await
-									{
-										Ok((room_id, servers)) => {
-											debug!(
-												?room_id,
-												?servers,
-												"Got federation response fetching room ID for {room}",
+								match self
+									.services
+									.rooms
+									.alias
+									.resolve_alias(room_alias, None)
+									.await
+								{
+									| Ok((room_id, servers)) => {
+										debug!(
+											?room_id,
+											?servers,
+											"Got federation response fetching room ID for {room}",
+										);
+										room_id
+									},
+									| Err(e) => {
+										// don't fail if force blocking
+										if force {
+											warn!(
+												"Failed to resolve room alias {room} to a room \
+												 ID: {e}"
 											);
-											room_id
-										},
-										Err(e) => {
-											// don't fail if force blocking
-											if force {
-												warn!("Failed to resolve room alias {room} to a room ID: {e}");
-												continue;
-											}
+											continue;
+										}

-											return Ok(RoomMessageEventContent::text_plain(format!(
-												"Failed to resolve room alias {room} to a room ID: {e}"
-											)));
-										},
-									}
-								};
+										return Ok(RoomMessageEventContent::text_plain(format!(
+											"Failed to resolve room alias {room} to a room ID: \
+											 {e}"
+										)));
+									},
+								}
+							};

 							room_ids.push(room_id);
 						},
-						Err(e) => {
+						| Err(e) => {
 							if force {
 								// ignore rooms we failed to parse if we're force deleting
 								error!(
-									"Error parsing room \"{room}\" during bulk room banning, ignoring error and \
-									 logging here: {e}"
+									"Error parsing room \"{room}\" during bulk room banning, \
+									 ignoring error and logging here: {e}"
 								);
 								continue;
 							}

 							return Ok(RoomMessageEventContent::text_plain(format!(
-								"{room} is not a valid room ID or room alias, please fix the list and try again: {e}"
+								"{room} is not a valid room ID or room alias, please fix the \
+								 list and try again: {e}"
 							)));
 						},
 					}
 				}
 			},
-			Err(e) => {
+			| Err(e) => {
 				if force {
 					// ignore rooms we failed to parse if we're force deleting
 					error!(
-						"Error parsing room \"{room}\" during bulk room banning, ignoring error and logging here: {e}"
+						"Error parsing room \"{room}\" during bulk room banning, ignoring error \
+						 and logging here: {e}"
 					);
 					continue;
 				}

 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"{room} is not a valid room ID or room alias, please fix the list and try again: {e}"
+					"{room} is not a valid room ID or room alias, please fix the list and try \
+					 again: {e}"
 				)));
 			},
 		}
 	}

 	for room_id in room_ids {
-		if self
-			.services
-			.rooms
-			.metadata
-			.ban_room(&room_id, true)
-			.is_ok()
-		{
-			debug!("Banned {room_id} successfully");
-			room_ban_count = room_ban_count.saturating_add(1);
-		}
+		self.services.rooms.metadata.ban_room(&room_id, true);
+
+		debug!("Banned {room_id} successfully");
+		room_ban_count = room_ban_count.saturating_add(1);

 		debug!("Making all users leave the room {}", &room_id);
 		if force {
-			for local_user in self
+			let mut users = self
 				.services
 				.rooms
 				.state_cache
 				.room_members(&room_id)
-				.filter_map(|user| {
-					user.ok().filter(|local_user| {
-						local_user.server_name() == self.services.globals.server_name()
-										// additional wrapped check here is to avoid adding remote
-										// users who are in the admin room to the list of local
-										// users (would fail auth check)
-										&& (local_user.server_name()
-											== self.services.globals.server_name()
-											// since this is a force operation, assume user is an
-											// admin if somehow this fails
-											&& self.services
-												.users
-												.is_admin(local_user)
-												.unwrap_or(true))
-					})
-				}) {
+				.ready_filter(|user| self.services.globals.user_is_local(user))
+				.boxed();
+
+			while let Some(local_user) = users.next().await {
 				debug!(
-					"Attempting leave for user {} in room {} (forced, ignoring all errors, evicting admins too)",
-					&local_user, room_id
+					"Attempting leave for user {local_user} in room {room_id} (forced, ignoring \
+					 all errors, evicting admins too)",
 				);
-				if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+
+				if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 					warn!(%e, "Failed to leave room");
 				}
 			}
 		} else {
-			for local_user in self
+			let mut users = self
 				.services
 				.rooms
 				.state_cache
 				.room_members(&room_id)
-				.filter_map(|user| {
-					user.ok().filter(|local_user| {
-						local_user.server_name() == self.services.globals.server_name()
-										// additional wrapped check here is to avoid adding remote
-										// users who are in the admin room to the list of local
-										// users (would fail auth check)
-										&& (local_user.server_name()
-											== self.services.globals.server_name()
-											&& !self.services
-												.users
-												.is_admin(local_user)
-												.unwrap_or(false))
-					})
-				}) {
-				debug!("Attempting leave for user {} in room {}", &local_user, &room_id);
-				if let Err(e) = leave_room(self.services, &local_user, &room_id, None).await {
+				.ready_filter(|user| self.services.globals.user_is_local(user))
+				.boxed();
+
+			while let Some(local_user) = users.next().await {
+				if self.services.users.is_admin(local_user).await {
+					continue;
+				}
+
+				debug!("Attempting leave for user {local_user} in room {room_id}");
+				if let Err(e) = leave_room(self.services, local_user, &room_id, None).await {
 					error!(
-						"Error attempting to make local user {} leave room {} during bulk room banning: {}",
-						&local_user, &room_id, e
+						"Error attempting to make local user {local_user} leave room {room_id} \
+						 during bulk room banning: {e}",
 					);
+
 					return Ok(RoomMessageEventContent::text_plain(format!(
-						"Error attempting to make local user {} leave room {} during room banning (room is still \
-						 banned but not removing any more users and not banning any more rooms): {}\nIf you would \
-						 like to ignore errors, use --force",
+						"Error attempting to make local user {} leave room {} during room \
+						 banning (room is still banned but not removing any more users and not \
+						 banning any more rooms): {}\nIf you would like to ignore errors, use \
+						 --force",
 						&local_user, &room_id, e
 					)));
 				}
@@ -453,33 +465,33 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu
 		}

 		// remove any local aliases, ignore errors
-		for ref local_alias in self
-			.services
+		self.services
 			.rooms
 			.alias
 			.local_aliases_for_room(&room_id)
-			.filter_map(Result::ok)
-		{
-			_ = self
-				.services
-				.rooms
-				.alias
-				.remove_alias(local_alias, &self.services.globals.server_user)
-				.await;
-		}
+			.map(ToOwned::to_owned)
+			.for_each(|local_alias| async move {
+				self.services
+					.rooms
+					.alias
+					.remove_alias(&local_alias, &self.services.globals.server_user)
+					.await
+					.ok();
+			})
+			.await;

 		// unpublish from room directory, ignore errors
-		_ = self.services.rooms.directory.set_not_public(&room_id);
+		self.services.rooms.directory.set_not_public(&room_id);

 		if disable_federation {
-			self.services.rooms.metadata.disable_room(&room_id, true)?;
+			self.services.rooms.metadata.disable_room(&room_id, true);
 		}
 	}

 	if disable_federation {
 		Ok(RoomMessageEventContent::text_plain(format!(
-			"Finished bulk room ban, banned {room_ban_count} total rooms, evicted all users, and disabled incoming \
-			 federation with the room."
+			"Finished bulk room ban, banned {room_ban_count} total rooms, evicted all users, \
+			 and disabled incoming federation with the room."
 		)))
 	} else {
 		Ok(RoomMessageEventContent::text_plain(format!(
@@ -489,56 +501,72 @@ async fn ban_list_of_rooms(&self, force: bool, disable_federation: bool) -> Resu
 }

 #[admin_command]
-async fn unban_room(&self, enable_federation: bool, room: Box<RoomOrAliasId>) -> Result<RoomMessageEventContent> {
+async fn unban_room(
+	&self,
+	enable_federation: bool,
+	room: Box<RoomOrAliasId>,
+) -> Result<RoomMessageEventContent> {
 	let room_id = if room.is_room_id() {
 		let room_id = match RoomId::parse(&room) {
-			Ok(room_id) => room_id,
-			Err(e) => {
+			| Ok(room_id) => room_id,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!("Room specified is a room ID, unbanning room ID");
+		self.services.rooms.metadata.ban_room(room_id, false);

-		self.services.rooms.metadata.ban_room(&room_id, false)?;
-
-		room_id
+		room_id.to_owned()
 	} else if room.is_room_alias_id() {
 		let room_alias = match RoomAliasId::parse(&room) {
-			Ok(room_alias) => room_alias,
-			Err(e) => {
+			| Ok(room_alias) => room_alias,
+			| Err(e) =>
 				return Ok(RoomMessageEventContent::text_plain(format!(
-					"Failed to parse room ID {room}. Please note that this requires a full room ID \
-					 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`): {e}"
-				)))
-			},
+					"Failed to parse room ID {room}. Please note that this requires a full room \
+					 ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+					 (`#roomalias:example.com`): {e}"
+				))),
 		};

 		debug!(
-			"Room specified is not a room ID, attempting to resolve room alias to a room ID locally, if not using \
-			 get_alias_helper to fetch room ID remotely"
+			"Room specified is not a room ID, attempting to resolve room alias to a room ID \
+			 locally, if not using get_alias_helper to fetch room ID remotely"
 		);

-		let room_id = if let Some(room_id) = self.services.rooms.alias.resolve_local_alias(&room_alias)? {
+		let room_id = if let Ok(room_id) = self
+			.services
+			.rooms
+			.alias
+			.resolve_local_alias(room_alias)
+			.await
+		{
 			room_id
 		} else {
-			debug!("We don't have this room alias to a room ID locally, attempting to fetch room ID over federation");
+			debug!(
+				"We don't have this room alias to a room ID locally, attempting to fetch room \
+				 ID over federation"
+			);

 			match self
 				.services
 				.rooms
 				.alias
-				.resolve_alias(&room_alias, None)
+				.resolve_alias(room_alias, None)
 				.await
 			{
-				Ok((room_id, servers)) => {
-					debug!(?room_id, ?servers, "Got federation response fetching room ID for room {room}");
+				| Ok((room_id, servers)) => {
+					debug!(
+						?room_id,
+						?servers,
+						"Got federation response fetching room ID for room {room}"
+					);
 					room_id
 				},
-				Err(e) => {
+				| Err(e) => {
 					return Ok(RoomMessageEventContent::text_plain(format!(
 						"Failed to resolve room alias {room} to a room ID: {e}"
 					)));
@@ -546,68 +574,66 @@ async fn unban_room(&self, enable_federation: bool, room: Box<RoomOrAliasId>) ->
 			}
 		};

-		self.services.rooms.metadata.ban_room(&room_id, false)?;
+		self.services.rooms.metadata.ban_room(&room_id, false);

 		room_id
 	} else {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Room specified is not a room ID or room alias. Please note that this requires a full room ID \
-			 (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias (`#roomalias:example.com`)",
+			"Room specified is not a room ID or room alias. Please note that this requires a \
+			 full room ID (`!awIh6gGInaS5wLQJwa:example.com`) or a room alias \
+			 (`#roomalias:example.com`)",
 		));
 	};

 	if enable_federation {
-		self.services.rooms.metadata.disable_room(&room_id, false)?;
+		self.services.rooms.metadata.disable_room(&room_id, false);
 		return Ok(RoomMessageEventContent::text_plain("Room unbanned."));
 	}

 	Ok(RoomMessageEventContent::text_plain(
-		"Room unbanned, you may need to re-enable federation with the room using enable-room if this is a remote room \
-		 to make it fully functional.",
+		"Room unbanned, you may need to re-enable federation with the room using enable-room if \
+		 this is a remote room to make it fully functional.",
 	))
 }

 #[admin_command]
 async fn list_banned_rooms(&self, no_details: bool) -> Result<RoomMessageEventContent> {
-	let rooms = self
+	let room_ids: Vec<OwnedRoomId> = self
 		.services
 		.rooms
 		.metadata
 		.list_banned_rooms()
-		.collect::<Result<Vec<_>, _>>();
+		.map(Into::into)
+		.collect()
+		.await;

-	match rooms {
-		Ok(room_ids) => {
-			if room_ids.is_empty() {
-				return Ok(RoomMessageEventContent::text_plain("No rooms are banned."));
-			}
-
-			let mut rooms = room_ids
-				.into_iter()
-				.map(|room_id| get_room_info(self.services, &room_id))
-				.collect::<Vec<_>>();
-			rooms.sort_by_key(|r| r.1);
-			rooms.reverse();
-
-			let output_plain = format!(
-				"Rooms Banned ({}):\n```\n{}\n```",
-				rooms.len(),
-				rooms
-					.iter()
-					.map(|(id, members, name)| if no_details {
-						format!("{id}")
-					} else {
-						format!("{id}\tMembers: {members}\tName: {name}")
-					})
-					.collect::<Vec<_>>()
-					.join("\n")
-			);
-
-			Ok(RoomMessageEventContent::notice_markdown(output_plain))
-		},
-		Err(e) => {
-			error!("Failed to list banned rooms: {e}");
-			Ok(RoomMessageEventContent::text_plain(format!("Unable to list banned rooms: {e}")))
-		},
+	if room_ids.is_empty() {
+		return Ok(RoomMessageEventContent::text_plain("No rooms are banned."));
 	}
+
+	let mut rooms = room_ids
+		.iter()
+		.stream()
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect::<Vec<_>>()
+		.await;
+
+	rooms.sort_by_key(|r| r.1);
+	rooms.reverse();
+
+	let output_plain = format!(
+		"Rooms Banned ({}):\n```\n{}\n```",
+		rooms.len(),
+		rooms
+			.iter()
+			.map(|(id, members, name)| if no_details {
+				format!("{id}")
+			} else {
+				format!("{id}\tMembers: {members}\tName: {name}")
+			})
+			.collect::<Vec<_>>()
+			.join("\n")
+	);
+
+	Ok(RoomMessageEventContent::notice_markdown(output_plain))
 }
@@ -1,6 +1,6 @@
-use std::{fmt::Write, sync::Arc};
+use std::{fmt::Write, path::PathBuf, sync::Arc};

-use conduit::{info, utils::time, warn, Err, Result};
+use conduwuit::{info, utils::time, warn, Err, Result};
 use ruma::events::room::message::RoomMessageEventContent;

 use crate::admin_command;
@@ -21,18 +21,31 @@ pub(super) async fn uptime(&self) -> Result<RoomMessageEventContent> {
 #[admin_command]
 pub(super) async fn show_config(&self) -> Result<RoomMessageEventContent> {
 	// Construct and send the response
-	Ok(RoomMessageEventContent::text_plain(format!("{}", self.services.globals.config)))
+	Ok(RoomMessageEventContent::text_markdown(format!(
+		"{}",
+		*self.services.server.config
+	)))
+}
+
+#[admin_command]
+pub(super) async fn reload_config(
+	&self,
+	path: Option<PathBuf>,
+) -> Result<RoomMessageEventContent> {
+	let path = path.as_deref().into_iter();
+	self.services.config.reload(path)?;
+
+	Ok(RoomMessageEventContent::text_plain("Successfully reconfigured."))
 }

 #[admin_command]
 pub(super) async fn list_features(
-	&self, available: bool, enabled: bool, comma: bool,
+	&self,
+	available: bool,
+	enabled: bool,
+	comma: bool,
 ) -> Result<RoomMessageEventContent> {
-	let delim = if comma {
-		","
-	} else {
-		" "
-	};
+	let delim = if comma { "," } else { " " };
 	if enabled && !available {
 		let features = info::rustc::features().join(delim);
 		let out = format!("`\n{features}\n`");
@@ -50,16 +63,8 @@ pub(super) async fn list_features(
 	let available = info::cargo::features();
 	for feature in available {
 		let active = enabled.contains(&feature.as_str());
-		let emoji = if active {
-			"✅"
-		} else {
-			"❌"
-		};
-		let remark = if active {
-			"[enabled]"
-		} else {
-			""
-		};
+		let emoji = if active { "✅" } else { "❌" };
+		let remark = if active { "[enabled]" } else { "" };
 		writeln!(features, "{emoji} {feature} {remark}")?;
 	}

@@ -70,7 +75,8 @@ pub(super) async fn list_features(
 pub(super) async fn memory_usage(&self) -> Result<RoomMessageEventContent> {
 	let services_usage = self.services.memory_usage().await?;
 	let database_usage = self.services.db.db.memory_usage()?;
-	let allocator_usage = conduit::alloc::memory_usage().map_or(String::new(), |s| format!("\nAllocator:\n{s}"));
+	let allocator_usage =
+		conduwuit::alloc::memory_usage().map_or(String::new(), |s| format!("\nAllocator:\n{s}"));

 	Ok(RoomMessageEventContent::text_plain(format!(
 		"Services:\n{services_usage}\nDatabase:\n{database_usage}{allocator_usage}",
@@ -86,7 +92,7 @@ pub(super) async fn clear_caches(&self) -> Result<RoomMessageEventContent> {

 #[admin_command]
 pub(super) async fn list_backups(&self) -> Result<RoomMessageEventContent> {
-	let result = self.services.globals.db.backup_list()?;
+	let result = self.services.db.db.backup_list()?;

 	if result.is_empty() {
 		Ok(RoomMessageEventContent::text_plain("No backups found."))
@@ -97,31 +103,24 @@ pub(super) async fn list_backups(&self) -> Result<RoomMessageEventContent> {

 #[admin_command]
 pub(super) async fn backup_database(&self) -> Result<RoomMessageEventContent> {
-	let globals = Arc::clone(&self.services.globals);
+	let db = Arc::clone(&self.services.db);
 	let mut result = self
 		.services
 		.server
 		.runtime()
-		.spawn_blocking(move || match globals.db.backup() {
-			Ok(()) => String::new(),
-			Err(e) => (*e).to_string(),
+		.spawn_blocking(move || match db.db.backup() {
+			| Ok(()) => String::new(),
+			| Err(e) => e.to_string(),
 		})
 		.await?;

 	if result.is_empty() {
-		result = self.services.globals.db.backup_list()?;
+		result = self.services.db.db.backup_list()?;
 	}

 	Ok(RoomMessageEventContent::notice_markdown(result))
 }

-#[admin_command]
-pub(super) async fn list_database_files(&self) -> Result<RoomMessageEventContent> {
-	let result = self.services.globals.db.file_list()?;
-
-	Ok(RoomMessageEventContent::notice_markdown(result))
-}
-
 #[admin_command]
 pub(super) async fn admin_notice(&self, message: Vec<String>) -> Result<RoomMessageEventContent> {
 	let message = message.join(" ");
@@ -140,12 +139,12 @@ pub(super) async fn reload_mods(&self) -> Result<RoomMessageEventContent> {
 #[admin_command]
 #[cfg(unix)]
 pub(super) async fn restart(&self, force: bool) -> Result<RoomMessageEventContent> {
-	use conduit::utils::sys::current_exe_deleted;
+	use conduwuit::utils::sys::current_exe_deleted;

 	if !force && current_exe_deleted() {
 		return Err!(
-			"The server cannot be restarted because the executable changed. If this is expected use --force to \
-			 override."
+			"The server cannot be restarted because the executable changed. If this is expected \
+			 use --force to override."
 		);
 	}

@@ -1,7 +1,9 @@
 mod commands;

+use std::path::PathBuf;
+
 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;

 use crate::admin_command_dispatch;

@@ -14,6 +16,11 @@ pub(super) enum ServerCommand {
 	/// - Show configuration values
 	ShowConfig,

+	/// - Reload configuration values
+	ReloadConfig {
+		path: Option<PathBuf>,
+	},
+
 	/// - List the features built into the server
 	ListFeatures {
 		#[arg(short, long)]
@@ -39,9 +46,6 @@ pub(super) enum ServerCommand {
 	/// - List database backups
 	ListBackups,

-	/// - List database files
-	ListDatabaseFiles,
-
 	/// - Send a message to the admin room.
 	AdminNotice {
 		message: Vec<String>,
@@ -1,7 +1,13 @@
 use std::{collections::BTreeMap, fmt::Write as _};

 use api::client::{full_user_deactivate, join_room_by_id_helper, leave_room};
-use conduit::{error, info, utils, warn, PduBuilder, Result};
+use conduwuit::{
+	debug_warn, error, info, is_equal_to,
+	utils::{self, ReadyExt},
+	warn, PduBuilder, Result,
+};
+use conduwuit_api::client::{leave_all_rooms, update_avatar_url, update_displayname};
+use futures::StreamExt;
 use ruma::{
 	events::{
 		room::{
@@ -10,11 +16,10 @@ use ruma::{
 			redaction::RoomRedactionEventContent,
 		},
 		tag::{TagEvent, TagEventContent, TagInfo},
-		RoomAccountDataEventType, StateEventType, TimelineEventType,
+		RoomAccountDataEventType, StateEventType,
 	},
-	EventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedUserId, RoomId,
+	EventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedUserId, RoomId, UserId,
 };
-use serde_json::value::to_raw_value;

 use crate::{
 	admin_command, get_room_info,
@@ -22,28 +27,40 @@ use crate::{
 };

 const AUTO_GEN_PASSWORD_LENGTH: usize = 25;
+const BULK_JOIN_REASON: &str = "Bulk force joining this room as initiated by the server admin.";

 #[admin_command]
 pub(super) async fn list_users(&self) -> Result<RoomMessageEventContent> {
-	match self.services.users.list_local_users() {
-		Ok(users) => {
-			let mut plain_msg = format!("Found {} local user account(s):\n```\n", users.len());
-			plain_msg += users.join("\n").as_str();
-			plain_msg += "\n```";
+	let users: Vec<_> = self
+		.services
+		.users
+		.list_local_users()
+		.map(ToString::to_string)
+		.collect()
+		.await;

-			Ok(RoomMessageEventContent::notice_markdown(plain_msg))
-		},
-		Err(e) => Ok(RoomMessageEventContent::text_plain(e.to_string())),
-	}
+	let mut plain_msg = format!("Found {} local user account(s):\n```\n", users.len());
+	plain_msg += users.join("\n").as_str();
+	plain_msg += "\n```";
+
+	self.write_str(plain_msg.as_str()).await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
 }

 #[admin_command]
-pub(super) async fn create_user(&self, username: String, password: Option<String>) -> Result<RoomMessageEventContent> {
+pub(super) async fn create_user(
+	&self,
+	username: String,
+	password: Option<String>,
+) -> Result<RoomMessageEventContent> {
 	// Validate user id
 	let user_id = parse_local_user_id(self.services, &username)?;

-	if self.services.users.exists(&user_id)? {
-		return Ok(RoomMessageEventContent::text_plain(format!("Userid {user_id} already exists")));
+	if self.services.users.exists(&user_id).await {
+		return Ok(RoomMessageEventContent::text_plain(format!(
+			"Userid {user_id} already exists"
+		)));
 	}

 	if user_id.is_historical() {
@@ -66,65 +83,88 @@ pub(super) async fn create_user(&self, username: String, password: Option<String
 	// content is set to the user's display name with a space before it
 	if !self
 		.services
-		.globals
+		.server
 		.config
 		.new_user_displayname_suffix
 		.is_empty()
 	{
-		write!(displayname, " {}", self.services.globals.config.new_user_displayname_suffix)
+		write!(displayname, " {}", self.services.server.config.new_user_displayname_suffix)
 			.expect("should be able to write to string buffer");
 	}

 	self.services
 		.users
-		.set_displayname(&user_id, Some(displayname))
-		.await?;
+		.set_displayname(&user_id, Some(displayname));

 	// Initial account data
-	self.services.account_data.update(
-		None,
-		&user_id,
-		ruma::events::GlobalAccountDataEventType::PushRules
-			.to_string()
-			.into(),
-		&serde_json::to_value(ruma::events::push_rules::PushRulesEvent {
-			content: ruma::events::push_rules::PushRulesEventContent {
-				global: ruma::push::Ruleset::server_default(&user_id),
-			},
-		})
-		.expect("to json value always works"),
-	)?;
+	self.services
+		.account_data
+		.update(
+			None,
+			&user_id,
+			ruma::events::GlobalAccountDataEventType::PushRules
+				.to_string()
+				.into(),
+			&serde_json::to_value(ruma::events::push_rules::PushRulesEvent {
+				content: ruma::events::push_rules::PushRulesEventContent {
+					global: ruma::push::Ruleset::server_default(&user_id),
+				},
+			})
+			.expect("to json value always works"),
+		)
+		.await?;
+
+	if !self.services.server.config.auto_join_rooms.is_empty() {
+		for room in &self.services.server.config.auto_join_rooms {
+			let Ok(room_id) = self.services.rooms.alias.resolve(room).await else {
+				error!(%user_id, "Failed to resolve room alias to room ID when attempting to auto join {room}, skipping");
+				continue;
+			};

-	if !self.services.globals.config.auto_join_rooms.is_empty() {
-		for room in &self.services.globals.config.auto_join_rooms {
 			if !self
 				.services
 				.rooms
 				.state_cache
-				.server_in_room(self.services.globals.server_name(), room)?
+				.server_in_room(self.services.globals.server_name(), &room_id)
+				.await
 			{
-				warn!("Skipping room {room} to automatically join as we have never joined before.");
+				warn!(
+					"Skipping room {room} to automatically join as we have never joined before."
+				);
 				continue;
 			}

-			if let Some(room_id_server_name) = room.server_name() {
+			if let Some(room_server_name) = room.server_name() {
 				match join_room_by_id_helper(
 					self.services,
 					&user_id,
-					room,
+					&room_id,
 					Some("Automatically joining this room upon registration".to_owned()),
-					&[room_id_server_name.to_owned(), self.services.globals.server_name().to_owned()],
+					&[
+						self.services.globals.server_name().to_owned(),
+						room_server_name.to_owned(),
+					],
 					None,
 					&None,
 				)
 				.await
 				{
-					Ok(_response) => {
+					| Ok(_response) => {
 						info!("Automatically joined room {room} for user {user_id}");
 					},
-					Err(e) => {
+					| Err(e) => {
+						self.services
+							.admin
+							.send_message(RoomMessageEventContent::text_plain(format!(
+								"Failed to automatically join room {room} for user {user_id}: \
+								 {e}"
+							)))
+							.await
+							.ok();
 						// don't return this error so we don't fail registrations
-						error!("Failed to automatically join room {room} for user {user_id}: {e}");
+						error!(
+							"Failed to automatically join room {room} for user {user_id}: {e}"
+						);
 					},
 				};
 			}
@@ -135,13 +175,14 @@ pub(super) async fn create_user(&self, username: String, password: Option<String

 	// if this account creation is from the CLI / --execute, invite the first user
 	// to admin room
-	if let Some(admin_room) = self.services.admin.get_admin_room()? {
+	if let Ok(admin_room) = self.services.admin.get_admin_room().await {
 		if self
 			.services
 			.rooms
 			.state_cache
-			.room_joined_count(&admin_room)?
-			== Some(1)
+			.room_joined_count(&admin_room)
+			.await
+			.is_ok_and(is_equal_to!(1))
 		{
 			self.services.admin.make_user_admin(&user_id).await?;

@@ -156,7 +197,11 @@ pub(super) async fn create_user(&self, username: String, password: Option<String
 }

 #[admin_command]
-pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn deactivate(
+	&self,
+	no_leave_rooms: bool,
+	user_id: String,
+) -> Result<RoomMessageEventContent> {
 	// Validate user id
 	let user_id = parse_local_user_id(self.services, &user_id)?;

@@ -167,7 +212,7 @@ pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) ->
 		));
 	}

-	self.services.users.deactivate_account(&user_id)?;
+	self.services.users.deactivate_account(&user_id).await?;

 	if !no_leave_rooms {
 		self.services
@@ -175,17 +220,22 @@ pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) ->
 			.send_message(RoomMessageEventContent::text_plain(format!(
 				"Making {user_id} leave all rooms after deactivation..."
 			)))
-			.await;
+			.await
+			.ok();

 		let all_joined_rooms: Vec<OwnedRoomId> = self
 			.services
 			.rooms
 			.state_cache
 			.rooms_joined(&user_id)
-			.filter_map(Result::ok)
-			.collect();
+			.map(Into::into)
+			.collect()
+			.await;

-		full_user_deactivate(self.services, &user_id, all_joined_rooms).await?;
+		full_user_deactivate(self.services, &user_id, &all_joined_rooms).await?;
+		update_displayname(self.services, &user_id, None, &all_joined_rooms).await;
+		update_avatar_url(self.services, &user_id, None, None, &all_joined_rooms).await;
+		leave_all_rooms(self.services, &user_id).await;
 	}

 	Ok(RoomMessageEventContent::text_plain(format!(
@@ -194,34 +244,45 @@ pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) ->
 }

 #[admin_command]
-pub(super) async fn reset_password(&self, username: String) -> Result<RoomMessageEventContent> {
+pub(super) async fn reset_password(
+	&self,
+	username: String,
+	password: Option<String>,
+) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &username)?;

 	if user_id == self.services.globals.server_user {
 		return Ok(RoomMessageEventContent::text_plain(
-			"Not allowed to set the password for the server account. Please use the emergency password config option.",
+			"Not allowed to set the password for the server account. Please use the emergency \
+			 password config option.",
 		));
 	}

-	let new_password = utils::random_string(AUTO_GEN_PASSWORD_LENGTH);
+	let new_password = password.unwrap_or_else(|| utils::random_string(AUTO_GEN_PASSWORD_LENGTH));

 	match self
 		.services
 		.users
 		.set_password(&user_id, Some(new_password.as_str()))
 	{
-		Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
+		| Ok(()) => Ok(RoomMessageEventContent::text_plain(format!(
 			"Successfully reset the password for user {user_id}: `{new_password}`"
 		))),
-		Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
+		| Err(e) => Ok(RoomMessageEventContent::text_plain(format!(
 			"Couldn't reset the password for user {user_id}: {e}"
 		))),
 	}
 }

 #[admin_command]
-pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) -> Result<RoomMessageEventContent> {
-	if self.body.len() < 2 || !self.body[0].trim().starts_with("```") || self.body.last().unwrap_or(&"").trim() != "```"
+pub(super) async fn deactivate_all(
+	&self,
+	no_leave_rooms: bool,
+	force: bool,
+) -> Result<RoomMessageEventContent> {
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
 	{
 		return Ok(RoomMessageEventContent::text_plain(
 			"Expected code block in command body. Add --help for details.",
@@ -238,15 +299,16 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 	let mut admins = Vec::new();

 	for username in usernames {
-		match parse_active_local_user_id(self.services, username) {
-			Ok(user_id) => {
-				if self.services.users.is_admin(&user_id)? && !force {
+		match parse_active_local_user_id(self.services, username).await {
+			| Ok(user_id) => {
+				if self.services.users.is_admin(&user_id).await && !force {
 					self.services
 						.admin
 						.send_message(RoomMessageEventContent::text_plain(format!(
 							"{username} is an admin and --force is not set, skipping over"
 						)))
-						.await;
+						.await
+						.ok();
 					admins.push(username);
 					continue;
 				}
@@ -258,19 +320,21 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 						.send_message(RoomMessageEventContent::text_plain(format!(
 							"{username} is the server service account, skipping over"
 						)))
-						.await;
+						.await
+						.ok();
 					continue;
 				}

 				user_ids.push(user_id);
 			},
-			Err(e) => {
+			| Err(e) => {
 				self.services
 					.admin
 					.send_message(RoomMessageEventContent::text_plain(format!(
 						"{username} is not a valid username, skipping over: {e}"
 					)))
-					.await;
+					.await
+					.ok();
 				continue;
 			},
 		}
@@ -279,8 +343,8 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 	let mut deactivation_count: usize = 0;

 	for user_id in user_ids {
-		match self.services.users.deactivate_account(&user_id) {
-			Ok(()) => {
+		match self.services.users.deactivate_account(&user_id).await {
+			| Ok(()) => {
 				deactivation_count = deactivation_count.saturating_add(1);
 				if !no_leave_rooms {
 					info!("Forcing user {user_id} to leave all rooms apart of deactivate-all");
@@ -289,16 +353,25 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 						.rooms
 						.state_cache
 						.rooms_joined(&user_id)
-						.filter_map(Result::ok)
-						.collect();
-					full_user_deactivate(self.services, &user_id, all_joined_rooms).await?;
+						.map(Into::into)
+						.collect()
+						.await;
+
+					full_user_deactivate(self.services, &user_id, &all_joined_rooms).await?;
+					update_displayname(self.services, &user_id, None, &all_joined_rooms).await;
+					update_avatar_url(self.services, &user_id, None, None, &all_joined_rooms)
+						.await;
+					leave_all_rooms(self.services, &user_id).await;
 				}
 			},
-			Err(e) => {
+			| Err(e) => {
 				self.services
 					.admin
-					.send_message(RoomMessageEventContent::text_plain(format!("Failed deactivating user: {e}")))
-					.await;
+					.send_message(RoomMessageEventContent::text_plain(format!(
+						"Failed deactivating user: {e}"
+					)))
+					.await
+					.ok();
 			},
 		}
 	}
@@ -309,8 +382,8 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 		)))
 	} else {
 		Ok(RoomMessageEventContent::text_plain(format!(
-			"Deactivated {deactivation_count} accounts.\nSkipped admin accounts: {}. Use --force to deactivate admin \
-			 accounts",
+			"Deactivated {deactivation_count} accounts.\nSkipped admin accounts: {}. Use \
+			 --force to deactivate admin accounts",
 			admins.join(", ")
 		)))
 	}
@@ -326,9 +399,9 @@ pub(super) async fn list_joined_rooms(&self, user_id: String) -> Result<RoomMess
 		.rooms
 		.state_cache
 		.rooms_joined(&user_id)
-		.filter_map(Result::ok)
-		.map(|room_id| get_room_info(self.services, &room_id))
-		.collect();
+		.then(|room_id| get_room_info(self.services, room_id))
+		.collect()
+		.await;

 	if rooms.is_empty() {
 		return Ok(RoomMessageEventContent::text_plain("User is not in any rooms."));
@@ -350,18 +423,258 @@ pub(super) async fn list_joined_rooms(&self, user_id: String) -> Result<RoomMess
 	Ok(RoomMessageEventContent::notice_markdown(output_plain))
 }

+#[admin_command]
+pub(super) async fn force_join_list_of_local_users(
+	&self,
+	room_id: OwnedRoomOrAliasId,
+	yes_i_want_to_do_this: bool,
+) -> Result<RoomMessageEventContent> {
+	if self.body.len() < 2
+		|| !self.body[0].trim().starts_with("```")
+		|| self.body.last().unwrap_or(&"").trim() != "```"
+	{
+		return Ok(RoomMessageEventContent::text_plain(
+			"Expected code block in command body. Add --help for details.",
+		));
+	}
+
+	if !yes_i_want_to_do_this {
+		return Ok(RoomMessageEventContent::notice_markdown(
+			"You must pass the --yes-i-want-to-do-this-flag to ensure you really want to force \
+			 bulk join all specified local users.",
+		));
+	}
+
+	let Ok(admin_room) = self.services.admin.get_admin_room().await else {
+		return Ok(RoomMessageEventContent::notice_markdown(
+			"There is not an admin room to check for server admins.",
+		));
+	};
+
+	let (room_id, servers) = self
+		.services
+		.rooms
+		.alias
+		.resolve_with_servers(&room_id, None)
+		.await?;
+
+	if !self
+		.services
+		.rooms
+		.state_cache
+		.server_in_room(self.services.globals.server_name(), &room_id)
+		.await
+	{
+		return Ok(RoomMessageEventContent::notice_markdown("We are not joined in this room."));
+	}
+
+	let server_admins: Vec<_> = self
+		.services
+		.rooms
+		.state_cache
+		.active_local_users_in_room(&admin_room)
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;
+
+	if !self
+		.services
+		.rooms
+		.state_cache
+		.room_members(&room_id)
+		.ready_any(|user_id| server_admins.contains(&user_id.to_owned()))
+		.await
+	{
+		return Ok(RoomMessageEventContent::notice_markdown(
+			"There is not a single server admin in the room.",
+		));
+	}
+
+	let usernames = self
+		.body
+		.to_vec()
+		.drain(1..self.body.len().saturating_sub(1))
+		.collect::<Vec<_>>();
+
+	let mut user_ids: Vec<OwnedUserId> = Vec::with_capacity(usernames.len());
+
+	for username in usernames {
+		match parse_active_local_user_id(self.services, username).await {
+			| Ok(user_id) => {
+				// don't make the server service account join
+				if user_id == self.services.globals.server_user {
+					self.services
+						.admin
+						.send_message(RoomMessageEventContent::text_plain(format!(
+							"{username} is the server service account, skipping over"
+						)))
+						.await
+						.ok();
+					continue;
+				}
+
+				user_ids.push(user_id);
+			},
+			| Err(e) => {
+				self.services
+					.admin
+					.send_message(RoomMessageEventContent::text_plain(format!(
+						"{username} is not a valid username, skipping over: {e}"
+					)))
+					.await
+					.ok();
+				continue;
+			},
+		}
+	}
+
+	let mut failed_joins: usize = 0;
+	let mut successful_joins: usize = 0;
+
+	for user_id in user_ids {
+		match join_room_by_id_helper(
+			self.services,
+			&user_id,
+			&room_id,
+			Some(String::from(BULK_JOIN_REASON)),
+			&servers,
+			None,
+			&None,
+		)
+		.await
+		{
+			| Ok(_res) => {
+				successful_joins = successful_joins.saturating_add(1);
+			},
+			| Err(e) => {
+				debug_warn!("Failed force joining {user_id} to {room_id} during bulk join: {e}");
+				failed_joins = failed_joins.saturating_add(1);
+			},
+		};
+	}
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"{successful_joins} local users have been joined to {room_id}. {failed_joins} joins \
+		 failed.",
+	)))
+}
+
+#[admin_command]
+pub(super) async fn force_join_all_local_users(
+	&self,
+	room_id: OwnedRoomOrAliasId,
+	yes_i_want_to_do_this: bool,
+) -> Result<RoomMessageEventContent> {
+	if !yes_i_want_to_do_this {
+		return Ok(RoomMessageEventContent::notice_markdown(
+			"You must pass the --yes-i-want-to-do-this-flag to ensure you really want to force \
+			 bulk join all local users.",
+		));
+	}
+
+	let Ok(admin_room) = self.services.admin.get_admin_room().await else {
+		return Ok(RoomMessageEventContent::notice_markdown(
+			"There is not an admin room to check for server admins.",
+		));
+	};
+
+	let (room_id, servers) = self
+		.services
+		.rooms
+		.alias
+		.resolve_with_servers(&room_id, None)
+		.await?;
+
+	if !self
+		.services
+		.rooms
+		.state_cache
+		.server_in_room(self.services.globals.server_name(), &room_id)
+		.await
+	{
+		return Ok(RoomMessageEventContent::notice_markdown("We are not joined in this room."));
+	}
+
+	let server_admins: Vec<_> = self
+		.services
+		.rooms
+		.state_cache
+		.active_local_users_in_room(&admin_room)
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;
+
+	if !self
+		.services
+		.rooms
+		.state_cache
+		.room_members(&room_id)
+		.ready_any(|user_id| server_admins.contains(&user_id.to_owned()))
+		.await
+	{
+		return Ok(RoomMessageEventContent::notice_markdown(
+			"There is not a single server admin in the room.",
+		));
+	}
+
+	let mut failed_joins: usize = 0;
+	let mut successful_joins: usize = 0;
+
+	for user_id in &self
+		.services
+		.users
+		.list_local_users()
+		.map(UserId::to_owned)
+		.collect::<Vec<_>>()
+		.await
+	{
+		match join_room_by_id_helper(
+			self.services,
+			user_id,
+			&room_id,
+			Some(String::from(BULK_JOIN_REASON)),
+			&servers,
+			None,
+			&None,
+		)
+		.await
+		{
+			| Ok(_res) => {
+				successful_joins = successful_joins.saturating_add(1);
+			},
+			| Err(e) => {
+				debug_warn!("Failed force joining {user_id} to {room_id} during bulk join: {e}");
+				failed_joins = failed_joins.saturating_add(1);
+			},
+		};
+	}
+
+	Ok(RoomMessageEventContent::notice_markdown(format!(
+		"{successful_joins} local users have been joined to {room_id}. {failed_joins} joins \
+		 failed.",
+	)))
+}
+
 #[admin_command]
 pub(super) async fn force_join_room(
-	&self, user_id: String, room_id: OwnedRoomOrAliasId,
+	&self,
+	user_id: String,
+	room_id: OwnedRoomOrAliasId,
 ) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &user_id)?;
-	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
+	let (room_id, servers) = self
+		.services
+		.rooms
+		.alias
+		.resolve_with_servers(&room_id, None)
+		.await?;

 	assert!(
 		self.services.globals.user_is_local(&user_id),
 		"Parsed user_id must be a local user"
 	);
-	join_room_by_id_helper(self.services, &user_id, &room_id, None, &[], None, &None).await?;
+	join_room_by_id_helper(self.services, &user_id, &room_id, None, &servers, None, &None)
+		.await?;

 	Ok(RoomMessageEventContent::notice_markdown(format!(
 		"{user_id} has been joined to {room_id}.",
@@ -370,7 +683,9 @@ pub(super) async fn force_join_room(

 #[admin_command]
 pub(super) async fn force_leave_room(
-	&self, user_id: String, room_id: OwnedRoomOrAliasId,
+	&self,
+	user_id: String,
+	room_id: OwnedRoomOrAliasId,
 ) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &user_id)?;
 	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
@@ -388,7 +703,9 @@ pub(super) async fn force_leave_room(

 #[admin_command]
 pub(super) async fn force_demote(
-	&self, user_id: String, room_id: OwnedRoomOrAliasId,
+	&self,
+	user_id: String,
+	room_id: OwnedRoomOrAliasId,
 ) -> Result<RoomMessageEventContent> {
 	let user_id = parse_local_user_id(self.services, &user_id)?;
 	let room_id = self.services.rooms.alias.resolve(&room_id).await?;
@@ -404,22 +721,26 @@ pub(super) async fn force_demote(
 		.services
 		.rooms
 		.state_accessor
-		.room_state_get(&room_id, &StateEventType::RoomPowerLevels, "")?
-		.as_ref()
-		.and_then(|event| serde_json::from_str(event.content.get()).ok()?)
-		.and_then(|content: RoomPowerLevelsEventContent| content.into());
+		.room_state_get_content::<RoomPowerLevelsEventContent>(
+			&room_id,
+			&StateEventType::RoomPowerLevels,
+			"",
+		)
+		.await
+		.ok();

 	let user_can_demote_self = room_power_levels
 		.as_ref()
 		.is_some_and(|power_levels_content| {
-			RoomPowerLevels::from(power_levels_content.clone()).user_can_change_user_power_level(&user_id, &user_id)
+			RoomPowerLevels::from(power_levels_content.clone())
+				.user_can_change_user_power_level(&user_id, &user_id)
 		}) || self
 		.services
 		.rooms
 		.state_accessor
-		.room_state_get(&room_id, &StateEventType::RoomCreate, "")?
-		.as_ref()
-		.is_some_and(|event| event.sender == user_id);
+		.room_state_get(&room_id, &StateEventType::RoomCreate, "")
+		.await
+		.is_ok_and(|event| event.sender == user_id);

 	if !user_can_demote_self {
 		return Ok(RoomMessageEventContent::notice_markdown(
@@ -435,14 +756,7 @@ pub(super) async fn force_demote(
 		.rooms
 		.timeline
 		.build_and_append_pdu(
-			PduBuilder {
-				event_type: TimelineEventType::RoomPowerLevels,
-				content: to_raw_value(&power_levels_content).expect("event is valid, we just created it"),
-				unsigned: None,
-				state_key: Some(String::new()),
-				redacts: None,
-				timestamp: None,
-			},
+			PduBuilder::state(String::new(), &power_levels_content),
 			&user_id,
 			&room_id,
 			&state_lock,
@@ -450,7 +764,8 @@ pub(super) async fn force_demote(
 		.await?;

 	Ok(RoomMessageEventContent::notice_markdown(format!(
-		"User {user_id} demoted themselves to the room default power level in {room_id} - {event_id}"
+		"User {user_id} demoted themselves to the room default power level in {room_id} - \
+		 {event_id}"
 	)))
 }

@@ -471,35 +786,36 @@ pub(super) async fn make_user_admin(&self, user_id: String) -> Result<RoomMessag

 #[admin_command]
 pub(super) async fn put_room_tag(
-	&self, user_id: String, room_id: Box<RoomId>, tag: String,
+	&self,
+	user_id: String,
+	room_id: Box<RoomId>,
+	tag: String,
 ) -> Result<RoomMessageEventContent> {
-	let user_id = parse_active_local_user_id(self.services, &user_id)?;
+	let user_id = parse_active_local_user_id(self.services, &user_id).await?;

-	let event = self
+	let mut tags_event = self
 		.services
 		.account_data
-		.get(Some(&room_id), &user_id, RoomAccountDataEventType::Tag)?;
-
-	let mut tags_event = event.map_or_else(
-		|| TagEvent {
-			content: TagEventContent {
-				tags: BTreeMap::new(),
-			},
-		},
-		|e| serde_json::from_str(e.get()).expect("Bad account data in database for user {user_id}"),
-	);
+		.get_room(&room_id, &user_id, RoomAccountDataEventType::Tag)
+		.await
+		.unwrap_or(TagEvent {
+			content: TagEventContent { tags: BTreeMap::new() },
+		});

 	tags_event
 		.content
 		.tags
 		.insert(tag.clone().into(), TagInfo::new());

-	self.services.account_data.update(
-		Some(&room_id),
-		&user_id,
-		RoomAccountDataEventType::Tag,
-		&serde_json::to_value(tags_event).expect("to json value always works"),
-	)?;
+	self.services
+		.account_data
+		.update(
+			Some(&room_id),
+			&user_id,
+			RoomAccountDataEventType::Tag,
+			&serde_json::to_value(tags_event).expect("to json value always works"),
+		)
+		.await?;

 	Ok(RoomMessageEventContent::text_plain(format!(
 		"Successfully updated room account data for {user_id} and room {room_id} with tag {tag}"
@@ -508,55 +824,56 @@ pub(super) async fn put_room_tag(

 #[admin_command]
 pub(super) async fn delete_room_tag(
-	&self, user_id: String, room_id: Box<RoomId>, tag: String,
+	&self,
+	user_id: String,
+	room_id: Box<RoomId>,
+	tag: String,
 ) -> Result<RoomMessageEventContent> {
-	let user_id = parse_active_local_user_id(self.services, &user_id)?;
+	let user_id = parse_active_local_user_id(self.services, &user_id).await?;

-	let event = self
+	let mut tags_event = self
 		.services
 		.account_data
-		.get(Some(&room_id), &user_id, RoomAccountDataEventType::Tag)?;
-
-	let mut tags_event = event.map_or_else(
-		|| TagEvent {
-			content: TagEventContent {
-				tags: BTreeMap::new(),
-			},
-		},
-		|e| serde_json::from_str(e.get()).expect("Bad account data in database for user {user_id}"),
-	);
+		.get_room(&room_id, &user_id, RoomAccountDataEventType::Tag)
+		.await
+		.unwrap_or(TagEvent {
+			content: TagEventContent { tags: BTreeMap::new() },
+		});

 	tags_event.content.tags.remove(&tag.clone().into());

-	self.services.account_data.update(
-		Some(&room_id),
-		&user_id,
-		RoomAccountDataEventType::Tag,
-		&serde_json::to_value(tags_event).expect("to json value always works"),
-	)?;
+	self.services
+		.account_data
+		.update(
+			Some(&room_id),
+			&user_id,
+			RoomAccountDataEventType::Tag,
+			&serde_json::to_value(tags_event).expect("to json value always works"),
+		)
+		.await?;

 	Ok(RoomMessageEventContent::text_plain(format!(
-		"Successfully updated room account data for {user_id} and room {room_id}, deleting room tag {tag}"
+		"Successfully updated room account data for {user_id} and room {room_id}, deleting room \
+		 tag {tag}"
 	)))
 }

 #[admin_command]
-pub(super) async fn get_room_tags(&self, user_id: String, room_id: Box<RoomId>) -> Result<RoomMessageEventContent> {
-	let user_id = parse_active_local_user_id(self.services, &user_id)?;
+pub(super) async fn get_room_tags(
+	&self,
+	user_id: String,
+	room_id: Box<RoomId>,
+) -> Result<RoomMessageEventContent> {
+	let user_id = parse_active_local_user_id(self.services, &user_id).await?;

-	let event = self
+	let tags_event = self
 		.services
 		.account_data
-		.get(Some(&room_id), &user_id, RoomAccountDataEventType::Tag)?;
-
-	let tags_event = event.map_or_else(
-		|| TagEvent {
-			content: TagEventContent {
-				tags: BTreeMap::new(),
-			},
-		},
-		|e| serde_json::from_str(e.get()).expect("Bad account data in database for user {user_id}"),
-	);
+		.get_room(&room_id, &user_id, RoomAccountDataEventType::Tag)
+		.await
+		.unwrap_or(TagEvent {
+			content: TagEventContent { tags: BTreeMap::new() },
+		});

 	Ok(RoomMessageEventContent::notice_markdown(format!(
 		"```\n{:#?}\n```",
@@ -565,12 +882,16 @@ pub(super) async fn get_room_tags(&self, user_id: String, room_id: Box<RoomId>)
 }

 #[admin_command]
-pub(super) async fn redact_event(&self, event_id: Box<EventId>) -> Result<RoomMessageEventContent> {
-	let Some(event) = self
+pub(super) async fn redact_event(
+	&self,
+	event_id: Box<EventId>,
+) -> Result<RoomMessageEventContent> {
+	let Ok(event) = self
 		.services
 		.rooms
 		.timeline
-		.get_non_outlier_pdu(&event_id)?
+		.get_non_outlier_pdu(&event_id)
+		.await
 	else {
 		return Ok(RoomMessageEventContent::text_plain("Event does not exist in our database."));
 	};
@@ -583,7 +904,9 @@ pub(super) async fn redact_event(&self, event_id: Box<EventId>) -> Result<RoomMe
 	let sender_user = event.sender;

 	if !self.services.globals.user_is_local(&sender_user) {
-		return Ok(RoomMessageEventContent::text_plain("This command only works on local users."));
+		return Ok(RoomMessageEventContent::text_plain(
+			"This command only works on local users.",
+		));
 	}

 	let reason = format!(
@@ -591,34 +914,30 @@ pub(super) async fn redact_event(&self, event_id: Box<EventId>) -> Result<RoomMe
 		self.services.globals.server_name()
 	);

-	let state_lock = self.services.rooms.state.mutex.lock(&room_id).await;
+	let redaction_event_id = {
+		let state_lock = self.services.rooms.state.mutex.lock(&room_id).await;

-	let redaction_event_id = self
-		.services
-		.rooms
-		.timeline
-		.build_and_append_pdu(
-			PduBuilder {
-				event_type: TimelineEventType::RoomRedaction,
-				content: to_raw_value(&RoomRedactionEventContent {
-					redacts: Some(event.event_id.clone().into()),
-					reason: Some(reason),
-				})
-				.expect("event is valid, we just created it"),
-				unsigned: None,
-				state_key: None,
-				redacts: Some(event.event_id),
-				timestamp: None,
-			},
-			&sender_user,
-			&room_id,
-			&state_lock,
-		)
-		.await?;
+		self.services
+			.rooms
+			.timeline
+			.build_and_append_pdu(
+				PduBuilder {
+					redacts: Some(event.event_id.clone()),
+					..PduBuilder::timeline(&RoomRedactionEventContent {
+						redacts: Some(event.event_id.clone()),
+						reason: Some(reason),
+					})
+				},
+				&sender_user,
+				&room_id,
+				&state_lock,
+			)
+			.await?
+	};

-	drop(state_lock);
+	let out = format!("Successfully redacted event. Redaction event ID: {redaction_event_id}");

-	Ok(RoomMessageEventContent::text_plain(format!(
-		"Successfully redacted event. Redaction event ID: {redaction_event_id}"
-	)))
+	self.write_str(out.as_str()).await?;
+
+	Ok(RoomMessageEventContent::text_plain(""))
 }
@@ -1,7 +1,7 @@
 mod commands;

 use clap::Subcommand;
-use conduit::Result;
+use conduwuit::Result;
 use ruma::{EventId, OwnedRoomOrAliasId, RoomId};

 use crate::admin_command_dispatch;
@@ -22,6 +22,8 @@ pub(super) enum UserCommand {
 	ResetPassword {
 		/// Username of the user for whom the password should be reset
 		username: String,
+		/// New password for the user, if unspecified one is generated
+		password: Option<String>,
 	},

 	/// - Deactivate a user
@@ -124,4 +126,31 @@ pub(super) enum UserCommand {
 	RedactEvent {
 		event_id: Box<EventId>,
 	},
+
+	/// - Force joins a specified list of local users to join the specified
+	///   room.
+	///
+	/// Specify a codeblock of usernames.
+	///
+	/// At least 1 server admin must be in the room to reduce abuse.
+	///
+	/// Requires the `--yes-i-want-to-do-this` flag.
+	ForceJoinListOfLocalUsers {
+		room_id: OwnedRoomOrAliasId,
+
+		#[arg(long)]
+		yes_i_want_to_do_this: bool,
+	},
+
+	/// - Force joins all local users to the specified room.
+	///
+	/// At least 1 server admin must be in the room to reduce abuse.
+	///
+	/// Requires the `--yes-i-want-to-do-this` flag.
+	ForceJoinAllLocalUsers {
+		room_id: OwnedRoomOrAliasId,
+
+		#[arg(long)]
+		yes_i_want_to_do_this: bool,
+	},
 }
@@ -1,4 +1,4 @@
-use conduit_core::{err, Err, Result};
+use conduwuit_core::{err, Err, Result};
 use ruma::{OwnedRoomId, OwnedUserId, RoomId, UserId};
 use service::Services;

@@ -8,23 +8,24 @@ pub(crate) fn escape_html(s: &str) -> String {
 		.replace('>', "&gt;")
 }

-pub(crate) fn get_room_info(services: &Services, id: &RoomId) -> (OwnedRoomId, u64, String) {
+pub(crate) async fn get_room_info(
+	services: &Services,
+	room_id: &RoomId,
+) -> (OwnedRoomId, u64, String) {
 	(
-		id.into(),
+		room_id.into(),
 		services
 			.rooms
 			.state_cache
-			.room_joined_count(id)
-			.ok()
-			.flatten()
+			.room_joined_count(room_id)
+			.await
 			.unwrap_or(0),
 		services
 			.rooms
 			.state_accessor
-			.get_name(id)
-			.ok()
-			.flatten()
-			.unwrap_or_else(|| id.to_string()),
+			.get_name(room_id)
+			.await
+			.unwrap_or_else(|_| room_id.to_string()),
 	)
 }

@@ -46,14 +47,17 @@ pub(crate) fn parse_local_user_id(services: &Services, user_id: &str) -> Result<
 }

 /// Parses user ID that is an active (not guest or deactivated) local user
-pub(crate) fn parse_active_local_user_id(services: &Services, user_id: &str) -> Result<OwnedUserId> {
+pub(crate) async fn parse_active_local_user_id(
+	services: &Services,
+	user_id: &str,
+) -> Result<OwnedUserId> {
 	let user_id = parse_local_user_id(services, user_id)?;

-	if !services.users.exists(&user_id)? {
+	if !services.users.exists(&user_id).await {
 		return Err!("User {user_id:?} does not exist on this server.");
 	}

-	if services.users.is_deactivated(&user_id)? {
+	if services.users.is_deactivated(&user_id).await? {
 		return Err!("User {user_id:?} is deactivated.");
 	}

@@ -1,5 +1,5 @@
 [package]
-name = "conduit_api"
+name = "conduwuit_api"
 categories.workspace = true
 description.workspace = true
 edition.workspace = true
@@ -18,7 +18,6 @@ crate-type = [

 [features]
 element_hacks = []
-#dev_release_log_level = []
 release_max_log_level = [
 	"tracing/max_level_trace",
 	"tracing/release_max_level_info",
@@ -41,17 +40,17 @@ axum-extra.workspace = true
 axum.workspace = true
 base64.workspace = true
 bytes.workspace = true
-conduit-core.workspace = true
-conduit-database.workspace = true
-conduit-service.workspace = true
+conduwuit-core.workspace = true
+conduwuit-database.workspace = true
+conduwuit-service.workspace = true
 const-str.workspace = true
-futures-util.workspace = true
+futures.workspace = true
 hmac.workspace = true
 http.workspace = true
 http-body-util.workspace = true
 hyper.workspace = true
 ipaddress.workspace = true
-jsonwebtoken.workspace = true
+itertools.workspace = true
 log.workspace = true
 rand.workspace = true
 reqwest.workspace = true
@@ -59,7 +58,7 @@ ruma.workspace = true
 serde_html_form.workspace = true
 serde_json.workspace = true
 serde.workspace = true
-sha-1.workspace = true
+sha1.workspace = true
 tokio.workspace = true
 tracing.workspace = true

@@ -2,15 +2,19 @@ use std::fmt::Write;

 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduit::{debug_info, error, info, utils, warn, Error, PduBuilder, Result};
+use conduwuit::{
+	debug_info, error, info, is_equal_to, utils, utils::ReadyExt, warn, Error, PduBuilder, Result,
+};
+use futures::{FutureExt, StreamExt};
 use register::RegistrationKind;
 use ruma::{
 	api::client::{
 		account::{
-			change_password, check_registration_token_validity, deactivate, get_3pids, get_username_availability,
+			change_password, check_registration_token_validity, deactivate, get_3pids,
+			get_username_availability,
 			register::{self, LoginType},
-			request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn, whoami,
-			ThirdPartyIdRemovalStatus,
+			request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn,
+			whoami, ThirdPartyIdRemovalStatus,
 		},
 		error::ErrorKind,
 		uiaa::{AuthFlow, AuthType, UiaaInfo},
@@ -20,11 +24,10 @@ use ruma::{
 			message::RoomMessageEventContent,
 			power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
 		},
-		GlobalAccountDataEventType, StateEventType, TimelineEventType,
+		GlobalAccountDataEventType, StateEventType,
 	},
 	push, OwnedRoomId, UserId,
 };
-use serde_json::value::to_raw_value;
 use service::Services;

 use super::{join_room_by_id_helper, DEVICE_ID_LENGTH, SESSION_ID_LENGTH, TOKEN_LENGTH};
@@ -45,17 +48,35 @@ const RANDOM_USER_ID_LENGTH: usize = 10;
 /// invalid when trying to register
 #[tracing::instrument(skip_all, fields(%client), name = "register_available")]
 pub(crate) async fn get_register_available_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_username_availability::v3::Request>,
 ) -> Result<get_username_availability::v3::Response> {
+	// workaround for https://github.com/matrix-org/matrix-appservice-irc/issues/1780 due to inactivity of fixing the issue
+	let is_matrix_appservice_irc = body.appservice_info.as_ref().is_some_and(|appservice| {
+		appservice.registration.id == "irc"
+			|| appservice.registration.id.contains("matrix-appservice-irc")
+			|| appservice.registration.id.contains("matrix_appservice_irc")
+	});
+
+	// don't force the username lowercase if it's from matrix-appservice-irc
+	let body_username = if is_matrix_appservice_irc {
+		body.username.clone()
+	} else {
+		body.username.to_lowercase()
+	};
+
 	// Validate user id
-	let user_id = UserId::parse_with_server_name(body.username.to_lowercase(), services.globals.server_name())
+	let user_id = UserId::parse_with_server_name(body_username, services.globals.server_name())
 		.ok()
-		.filter(|user_id| !user_id.is_historical() && services.globals.user_is_local(user_id))
+		.filter(|user_id| {
+			(!user_id.is_historical() || is_matrix_appservice_irc)
+				&& services.globals.user_is_local(user_id)
+		})
 		.ok_or(Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;

 	// Check if username is creative enough
-	if services.users.exists(&user_id)? {
+	if services.users.exists(&user_id).await {
 		return Err(Error::BadRequest(ErrorKind::UserInUse, "Desired user ID is already taken."));
 	}

@@ -70,9 +91,7 @@ pub(crate) async fn get_register_available_route(
 	// TODO add check for appservice namespaces

 	// If no if check is true we have an username that's available to be used.
-	Ok(get_username_availability::v3::Response {
-		available: true,
-	})
+	Ok(get_username_availability::v3::Response { available: true })
 }

 /// # `POST /_matrix/client/v3/register`
@@ -95,13 +114,15 @@ pub(crate) async fn get_register_available_route(
 #[allow(clippy::doc_markdown)]
 #[tracing::instrument(skip_all, fields(%client), name = "register")]
 pub(crate) async fn register_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp, body: Ruma<register::v3::Request>,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
+	body: Ruma<register::v3::Request>,
 ) -> Result<register::v3::Response> {
 	if !services.globals.allow_registration() && body.appservice_info.is_none() {
 		info!(
-			"Registration disabled and request not from known appservice, rejecting registration attempt for username \
-			 {:?}",
-			body.username
+			"Registration disabled and request not from known appservice, rejecting \
+			 registration attempt for username \"{}\"",
+			body.username.as_deref().unwrap_or("")
 		);
 		return Err(Error::BadRequest(ErrorKind::forbidden(), "Registration has been disabled."));
 	}
@@ -110,12 +131,13 @@ pub(crate) async fn register_route(

 	if is_guest
 		&& (!services.globals.allow_guest_registration()
-			|| (services.globals.allow_registration() && services.globals.config.registration_token.is_some()))
+			|| (services.globals.allow_registration()
+				&& services.globals.registration_token.is_some()))
 	{
 		info!(
-			"Guest registration disabled / registration enabled with token configured, rejecting guest registration \
-			 attempt, initial device name: {:?}",
-			body.initial_device_display_name
+			"Guest registration disabled / registration enabled with token configured, \
+			 rejecting guest registration attempt, initial device name: \"{}\"",
+			body.initial_device_display_name.as_deref().unwrap_or("")
 		);
 		return Err(Error::BadRequest(
 			ErrorKind::GuestAccessForbidden,
@@ -125,25 +147,52 @@ pub(crate) async fn register_route(

 	// forbid guests from registering if there is not a real admin user yet. give
 	// generic user error.
-	if is_guest && services.users.count()? < 2 {
+	if is_guest && services.users.count().await < 2 {
 		warn!(
-			"Guest account attempted to register before a real admin user has been registered, rejecting \
-			 registration. Guest's initial device name: {:?}",
-			body.initial_device_display_name
+			"Guest account attempted to register before a real admin user has been registered, \
+			 rejecting registration. Guest's initial device name: \"{}\"",
+			body.initial_device_display_name.as_deref().unwrap_or("")
 		);
-		return Err(Error::BadRequest(ErrorKind::forbidden(), "Registration temporarily disabled."));
+		return Err(Error::BadRequest(
+			ErrorKind::forbidden(),
+			"Registration temporarily disabled.",
+		));
 	}

 	let user_id = match (&body.username, is_guest) {
-		(Some(username), false) => {
-			let proposed_user_id =
-				UserId::parse_with_server_name(username.to_lowercase(), services.globals.server_name())
-					.ok()
-					.filter(|user_id| !user_id.is_historical() && services.globals.user_is_local(user_id))
-					.ok_or(Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;
+		| (Some(username), false) => {
+			// workaround for https://github.com/matrix-org/matrix-appservice-irc/issues/1780 due to inactivity of fixing the issue
+			let is_matrix_appservice_irc =
+				body.appservice_info.as_ref().is_some_and(|appservice| {
+					appservice.registration.id == "irc"
+						|| appservice.registration.id.contains("matrix-appservice-irc")
+						|| appservice.registration.id.contains("matrix_appservice_irc")
+				});

-			if services.users.exists(&proposed_user_id)? {
-				return Err(Error::BadRequest(ErrorKind::UserInUse, "Desired user ID is already taken."));
+			// don't force the username lowercase if it's from matrix-appservice-irc
+			let body_username = if is_matrix_appservice_irc {
+				username.clone()
+			} else {
+				username.to_lowercase()
+			};
+
+			let proposed_user_id =
+				UserId::parse_with_server_name(body_username, services.globals.server_name())
+					.ok()
+					.filter(|user_id| {
+						(!user_id.is_historical() || is_matrix_appservice_irc)
+							&& services.globals.user_is_local(user_id)
+					})
+					.ok_or(Error::BadRequest(
+						ErrorKind::InvalidUsername,
+						"Username is invalid.",
+					))?;
+
+			if services.users.exists(&proposed_user_id).await {
+				return Err(Error::BadRequest(
+					ErrorKind::UserInUse,
+					"Desired user ID is already taken.",
+				));
 			}

 			if services
@@ -156,13 +205,13 @@ pub(crate) async fn register_route(

 			proposed_user_id
 		},
-		_ => loop {
+		| _ => loop {
 			let proposed_user_id = UserId::parse_with_server_name(
 				utils::random_string(RANDOM_USER_ID_LENGTH).to_lowercase(),
 				services.globals.server_name(),
 			)
 			.unwrap();
-			if !services.users.exists(&proposed_user_id)? {
+			if !services.users.exists(&proposed_user_id).await {
 				break proposed_user_id;
 			}
 		},
@@ -182,7 +231,7 @@ pub(crate) async fn register_route(

 	// UIAA
 	let mut uiaainfo;
-	let skip_auth = if services.globals.config.registration_token.is_some() {
+	let skip_auth = if services.globals.registration_token.is_some() {
 		// Registration token required
 		uiaainfo = UiaaInfo {
 			flows: vec![AuthFlow {
@@ -197,9 +246,7 @@ pub(crate) async fn register_route(
 	} else {
 		// No registration token necessary, but clients must still go through the flow
 		uiaainfo = UiaaInfo {
-			flows: vec![AuthFlow {
-				stages: vec![AuthType::Dummy],
-			}],
+			flows: vec![AuthFlow { stages: vec![AuthType::Dummy] }],
 			completed: Vec::new(),
 			params: Box::default(),
 			session: None,
@@ -210,12 +257,16 @@ pub(crate) async fn register_route(

 	if !skip_auth {
 		if let Some(auth) = &body.auth {
-			let (worked, uiaainfo) = services.uiaa.try_auth(
-				&UserId::parse_with_server_name("", services.globals.server_name()).expect("we know this is valid"),
-				"".into(),
-				auth,
-				&uiaainfo,
-			)?;
+			let (worked, uiaainfo) = services
+				.uiaa
+				.try_auth(
+					&UserId::parse_with_server_name("", services.globals.server_name())
+						.expect("we know this is valid"),
+					"".into(),
+					auth,
+					&uiaainfo,
+				)
+				.await?;
 			if !worked {
 				return Err(Error::Uiaa(uiaainfo));
 			}
@@ -223,22 +274,19 @@ pub(crate) async fn register_route(
 		} else if let Some(json) = body.json_body {
 			uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 			services.uiaa.create(
-				&UserId::parse_with_server_name("", services.globals.server_name()).expect("we know this is valid"),
+				&UserId::parse_with_server_name("", services.globals.server_name())
+					.expect("we know this is valid"),
 				"".into(),
 				&uiaainfo,
 				&json,
-			)?;
+			);
 			return Err(Error::Uiaa(uiaainfo));
 		} else {
 			return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
 		}
 	}

-	let password = if is_guest {
-		None
-	} else {
-		body.password.as_deref()
-	};
+	let password = if is_guest { None } else { body.password.as_deref() };

 	// Create user
 	services.users.create(&user_id, password)?;
@@ -248,28 +296,32 @@ pub(crate) async fn register_route(

 	// If `new_user_displayname_suffix` is set, registration will push whatever
 	// content is set to the user's display name with a space before it
-	if !services.globals.new_user_displayname_suffix().is_empty() && body.appservice_info.is_none() {
-		write!(displayname, " {}", services.globals.config.new_user_displayname_suffix)
+	if !services.globals.new_user_displayname_suffix().is_empty()
+		&& body.appservice_info.is_none()
+	{
+		write!(displayname, " {}", services.server.config.new_user_displayname_suffix)
 			.expect("should be able to write to string buffer");
 	}

 	services
 		.users
-		.set_displayname(&user_id, Some(displayname.clone()))
-		.await?;
+		.set_displayname(&user_id, Some(displayname.clone()));

 	// Initial account data
-	services.account_data.update(
-		None,
-		&user_id,
-		GlobalAccountDataEventType::PushRules.to_string().into(),
-		&serde_json::to_value(ruma::events::push_rules::PushRulesEvent {
-			content: ruma::events::push_rules::PushRulesEventContent {
-				global: push::Ruleset::server_default(&user_id),
-			},
-		})
-		.expect("to json always works"),
-	)?;
+	services
+		.account_data
+		.update(
+			None,
+			&user_id,
+			GlobalAccountDataEventType::PushRules.to_string().into(),
+			&serde_json::to_value(ruma::events::push_rules::PushRulesEvent {
+				content: ruma::events::push_rules::PushRulesEventContent {
+					global: push::Ruleset::server_default(&user_id),
+				},
+			})
+			.expect("to json always works"),
+		)
+		.await?;

 	// Inhibit login does not work for guests
 	if !is_guest && body.inhibit_login {
@@ -283,53 +335,57 @@ pub(crate) async fn register_route(
 	}

 	// Generate new device id if the user didn't specify one
-	let device_id = if is_guest {
-		None
-	} else {
-		body.device_id.clone()
-	}
-	.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());
+	let device_id = if is_guest { None } else { body.device_id.clone() }
+		.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());

 	// Generate new token for the device
 	let token = utils::random_string(TOKEN_LENGTH);

 	// Create device for this account
-	services.users.create_device(
-		&user_id,
-		&device_id,
-		&token,
-		body.initial_device_display_name.clone(),
-		Some(client.to_string()),
-	)?;
+	services
+		.users
+		.create_device(
+			&user_id,
+			&device_id,
+			&token,
+			body.initial_device_display_name.clone(),
+			Some(client.to_string()),
+		)
+		.await?;

 	debug_info!(%user_id, %device_id, "User account was created");

-	let device_display_name = body.initial_device_display_name.clone().unwrap_or_default();
+	let device_display_name = body.initial_device_display_name.as_deref().unwrap_or("");

 	// log in conduit admin channel if a non-guest user registered
 	if body.appservice_info.is_none() && !is_guest {
 		if !device_display_name.is_empty() {
-			info!("New user \"{user_id}\" registered on this server with device display name: {device_display_name}");
+			info!(
+				"New user \"{user_id}\" registered on this server with device display name: \
+				 \"{device_display_name}\""
+			);

-			if services.globals.config.admin_room_notices {
+			if services.server.config.admin_room_notices {
 				services
 					.admin
 					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"New user \"{user_id}\" registered on this server from IP {client} and device display name \
-						 \"{device_display_name}\""
+						"New user \"{user_id}\" registered on this server from IP {client} and \
+						 device display name \"{device_display_name}\""
 					)))
-					.await;
+					.await
+					.ok();
 			}
 		} else {
 			info!("New user \"{user_id}\" registered on this server.");

-			if services.globals.config.admin_room_notices {
+			if services.server.config.admin_room_notices {
 				services
 					.admin
 					.send_message(RoomMessageEventContent::notice_plain(format!(
 						"New user \"{user_id}\" registered on this server from IP {client}"
 					)))
-					.await;
+					.await
+					.ok();
 			}
 		}
 	}
@@ -339,25 +395,27 @@ pub(crate) async fn register_route(
 		info!("New guest user \"{user_id}\" registered on this server.");

 		if !device_display_name.is_empty() {
-			if services.globals.config.admin_room_notices {
+			if services.server.config.admin_room_notices {
 				services
 					.admin
 					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"Guest user \"{user_id}\" with device display name \"{device_display_name}\" registered on \
-						 this server from IP {client}"
+						"Guest user \"{user_id}\" with device display name \
+						 \"{device_display_name}\" registered on this server from IP {client}"
 					)))
-					.await;
+					.await
+					.ok();
 			}
 		} else {
 			#[allow(clippy::collapsible_else_if)]
-			if services.globals.config.admin_room_notices {
+			if services.server.config.admin_room_notices {
 				services
 					.admin
 					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"Guest user \"{user_id}\" with no device display name registered on this server from IP \
-						 {client}",
+						"Guest user \"{user_id}\" with no device display name registered on \
+						 this server from IP {client}",
 					)))
-					.await;
+					.await
+					.ok();
 			}
 		}
 	}
@@ -365,39 +423,56 @@ pub(crate) async fn register_route(
 	// If this is the first real user, grant them admin privileges except for guest
 	// users Note: the server user, @conduit:servername, is generated first
 	if !is_guest {
-		if let Some(admin_room) = services.admin.get_admin_room()? {
-			if services.rooms.state_cache.room_joined_count(&admin_room)? == Some(1) {
+		if let Ok(admin_room) = services.admin.get_admin_room().await {
+			if services
+				.rooms
+				.state_cache
+				.room_joined_count(&admin_room)
+				.await
+				.is_ok_and(is_equal_to!(1))
+			{
 				services.admin.make_user_admin(&user_id).await?;
-
 				warn!("Granting {user_id} admin privileges as the first user");
 			}
 		}
 	}

 	if body.appservice_info.is_none()
-		&& !services.globals.config.auto_join_rooms.is_empty()
+		&& !services.server.config.auto_join_rooms.is_empty()
 		&& (services.globals.allow_guests_auto_join_rooms() || !is_guest)
 	{
-		for room in &services.globals.config.auto_join_rooms {
+		for room in &services.server.config.auto_join_rooms {
+			let Ok(room_id) = services.rooms.alias.resolve(room).await else {
+				error!(
+					"Failed to resolve room alias to room ID when attempting to auto join \
+					 {room}, skipping"
+				);
+				continue;
+			};
+
 			if !services
 				.rooms
 				.state_cache
-				.server_in_room(services.globals.server_name(), room)?
+				.server_in_room(services.globals.server_name(), &room_id)
+				.await
 			{
-				warn!("Skipping room {room} to automatically join as we have never joined before.");
+				warn!(
+					"Skipping room {room} to automatically join as we have never joined before."
+				);
 				continue;
 			}

-			if let Some(room_id_server_name) = room.server_name() {
+			if let Some(room_server_name) = room.server_name() {
 				if let Err(e) = join_room_by_id_helper(
 					&services,
 					&user_id,
-					room,
+					&room_id,
 					Some("Automatically joining this room upon registration".to_owned()),
-					&[room_id_server_name.to_owned(), services.globals.server_name().to_owned()],
+					&[services.globals.server_name().to_owned(), room_server_name.to_owned()],
 					None,
 					&body.appservice_info,
 				)
+				.boxed()
 				.await
 				{
 					// don't return this error so we don't fail registrations
@@ -437,7 +512,8 @@ pub(crate) async fn register_route(
 /// - Triggers device list updates
 #[tracing::instrument(skip_all, fields(%client), name = "change_password")]
 pub(crate) async fn change_password_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<change_password::v3::Request>,
 ) -> Result<change_password::v3::Response> {
 	// Authentication for this endpoint was made optional, but we need
@@ -449,9 +525,7 @@ pub(crate) async fn change_password_route(
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

 	let mut uiaainfo = UiaaInfo {
-		flows: vec![AuthFlow {
-			stages: vec![AuthType::Password],
-		}],
+		flows: vec![AuthFlow { stages: vec![AuthType::Password] }],
 		completed: Vec::new(),
 		params: Box::default(),
 		session: None,
@@ -461,16 +535,20 @@ pub(crate) async fn change_password_route(
 	if let Some(auth) = &body.auth {
 		let (worked, uiaainfo) = services
 			.uiaa
-			.try_auth(sender_user, sender_device, auth, &uiaainfo)?;
+			.try_auth(sender_user, sender_device, auth, &uiaainfo)
+			.await?;
+
 		if !worked {
 			return Err(Error::Uiaa(uiaainfo));
 		}
-	// Success!
+
+		// Success!
 	} else if let Some(json) = body.json_body {
 		uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 		services
 			.uiaa
-			.create(sender_user, sender_device, &uiaainfo, &json)?;
+			.create(sender_user, sender_device, &uiaainfo, &json);
+
 		return Err(Error::Uiaa(uiaainfo));
 	} else {
 		return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
@@ -482,25 +560,24 @@ pub(crate) async fn change_password_route(

 	if body.logout_devices {
 		// Logout all devices except the current one
-		for id in services
+		services
 			.users
 			.all_device_ids(sender_user)
-			.filter_map(Result::ok)
-			.filter(|id| id != sender_device)
-		{
-			services.users.remove_device(sender_user, &id)?;
-		}
+			.ready_filter(|id| id != sender_device)
+			.for_each(|id| services.users.remove_device(sender_user, id))
+			.await;
 	}

 	info!("User {sender_user} changed their password.");

-	if services.globals.config.admin_room_notices {
+	if services.server.config.admin_room_notices {
 		services
 			.admin
 			.send_message(RoomMessageEventContent::notice_plain(format!(
 				"User {sender_user} changed their password."
 			)))
-			.await;
+			.await
+			.ok();
 	}

 	Ok(change_password::v3::Response {})
@@ -512,7 +589,8 @@ pub(crate) async fn change_password_route(
 ///
 /// Note: Also works for Application Services
 pub(crate) async fn whoami_route(
-	State(services): State<crate::State>, body: Ruma<whoami::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<whoami::v3::Request>,
 ) -> Result<whoami::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let device_id = body.sender_device.clone();
@@ -520,7 +598,8 @@ pub(crate) async fn whoami_route(
 	Ok(whoami::v3::Response {
 		user_id: sender_user.clone(),
 		device_id,
-		is_guest: services.users.is_deactivated(sender_user)? && body.appservice_info.is_none(),
+		is_guest: services.users.is_deactivated(sender_user).await?
+			&& body.appservice_info.is_none(),
 	})
 }

@@ -537,7 +616,8 @@ pub(crate) async fn whoami_route(
 /// - Removes ability to log in again
 #[tracing::instrument(skip_all, fields(%client), name = "deactivate")]
 pub(crate) async fn deactivate_route(
-	State(services): State<crate::State>, InsecureClientIp(client): InsecureClientIp,
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<deactivate::v3::Request>,
 ) -> Result<deactivate::v3::Response> {
 	// Authentication for this endpoint was made optional, but we need
@@ -549,9 +629,7 @@ pub(crate) async fn deactivate_route(
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

 	let mut uiaainfo = UiaaInfo {
-		flows: vec![AuthFlow {
-			stages: vec![AuthType::Password],
-		}],
+		flows: vec![AuthFlow { stages: vec![AuthType::Password] }],
 		completed: Vec::new(),
 		params: Box::default(),
 		session: None,
@@ -561,7 +639,9 @@ pub(crate) async fn deactivate_route(
 	if let Some(auth) = &body.auth {
 		let (worked, uiaainfo) = services
 			.uiaa
-			.try_auth(sender_user, sender_device, auth, &uiaainfo)?;
+			.try_auth(sender_user, sender_device, auth, &uiaainfo)
+			.await?;
+
 		if !worked {
 			return Err(Error::Uiaa(uiaainfo));
 		}
@@ -570,7 +650,8 @@ pub(crate) async fn deactivate_route(
 		uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 		services
 			.uiaa
-			.create(sender_user, sender_device, &uiaainfo, &json)?;
+			.create(sender_user, sender_device, &uiaainfo, &json);
+
 		return Err(Error::Uiaa(uiaainfo));
 	} else {
 		return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
@@ -581,20 +662,25 @@ pub(crate) async fn deactivate_route(
 		.rooms
 		.state_cache
 		.rooms_joined(sender_user)
-		.filter_map(Result::ok)
-		.collect();
+		.map(Into::into)
+		.collect()
+		.await;

-	full_user_deactivate(&services, sender_user, all_joined_rooms).await?;
+	super::update_displayname(&services, sender_user, None, &all_joined_rooms).await;
+	super::update_avatar_url(&services, sender_user, None, None, &all_joined_rooms).await;
+
+	full_user_deactivate(&services, sender_user, &all_joined_rooms).await?;

 	info!("User {sender_user} deactivated their account.");

-	if services.globals.config.admin_room_notices {
+	if services.server.config.admin_room_notices {
 		services
 			.admin
 			.send_message(RoomMessageEventContent::notice_plain(format!(
 				"User {sender_user} deactivated their account."
 			)))
-			.await;
+			.await
+			.ok();
 	}

 	Ok(deactivate::v3::Response {
@@ -607,7 +693,9 @@ pub(crate) async fn deactivate_route(
 /// Get a list of third party identifiers associated with this account.
 ///
 /// - Currently always returns empty list
-pub(crate) async fn third_party_route(body: Ruma<get_3pids::v3::Request>) -> Result<get_3pids::v3::Response> {
+pub(crate) async fn third_party_route(
+	body: Ruma<get_3pids::v3::Request>,
+) -> Result<get_3pids::v3::Response> {
 	let _sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	Ok(get_3pids::v3::Response::new(Vec::new()))
@@ -652,18 +740,17 @@ pub(crate) async fn request_3pid_management_token_via_msisdn_route(
 /// Currently does not have any ratelimiting, and this isn't very practical as
 /// there is only one registration token allowed.
 pub(crate) async fn check_registration_token_validity(
-	State(services): State<crate::State>, body: Ruma<check_registration_token_validity::v1::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<check_registration_token_validity::v1::Request>,
 ) -> Result<check_registration_token_validity::v1::Response> {
-	let Some(reg_token) = services.globals.config.registration_token.clone() else {
+	let Some(reg_token) = services.globals.registration_token.clone() else {
 		return Err(Error::BadRequest(
 			ErrorKind::forbidden(),
 			"Server does not allow token registration.",
 		));
 	};

-	Ok(check_registration_token_validity::v1::Response {
-		valid: reg_token == body.token,
-	})
+	Ok(check_registration_token_validity::v1::Response { valid: reg_token == body.token })
 }

 /// Runs through all the deactivation steps:
@@ -674,45 +761,48 @@ pub(crate) async fn check_registration_token_validity(
 /// - Removing all profile data
 /// - Leaving all rooms (and forgets all of them)
 pub async fn full_user_deactivate(
-	services: &Services, user_id: &UserId, all_joined_rooms: Vec<OwnedRoomId>,
+	services: &Services,
+	user_id: &UserId,
+	all_joined_rooms: &[OwnedRoomId],
 ) -> Result<()> {
-	services.users.deactivate_account(user_id)?;
+	services.users.deactivate_account(user_id).await.ok();
+	super::update_displayname(services, user_id, None, all_joined_rooms).await;
+	super::update_avatar_url(services, user_id, None, None, all_joined_rooms).await;

-	super::update_displayname(services, user_id, None, all_joined_rooms.clone()).await?;
-	super::update_avatar_url(services, user_id, None, None, all_joined_rooms.clone()).await?;
-
-	let all_profile_keys = services
+	services
 		.users
 		.all_profile_keys(user_id)
-		.filter_map(Result::ok);
-
-	for (profile_key, _profile_value) in all_profile_keys {
-		if let Err(e) = services.users.set_profile_key(user_id, &profile_key, None) {
-			warn!("Failed removing {user_id} profile key {profile_key}: {e}");
-		}
-	}
+		.ready_for_each(|(profile_key, _)| {
+			services.users.set_profile_key(user_id, &profile_key, None);
+		})
+		.await;

 	for room_id in all_joined_rooms {
-		let state_lock = services.rooms.state.mutex.lock(&room_id).await;
+		let state_lock = services.rooms.state.mutex.lock(room_id).await;

 		let room_power_levels = services
 			.rooms
 			.state_accessor
-			.room_state_get(&room_id, &StateEventType::RoomPowerLevels, "")?
-			.as_ref()
-			.and_then(|event| serde_json::from_str(event.content.get()).ok()?)
-			.and_then(|content: RoomPowerLevelsEventContent| content.into());
+			.room_state_get_content::<RoomPowerLevelsEventContent>(
+				room_id,
+				&StateEventType::RoomPowerLevels,
+				"",
+			)
+			.await
+			.ok();

-		let user_can_demote_self = room_power_levels
-			.as_ref()
-			.is_some_and(|power_levels_content| {
-				RoomPowerLevels::from(power_levels_content.clone()).user_can_change_user_power_level(user_id, user_id)
-			}) || services
-			.rooms
-			.state_accessor
-			.room_state_get(&room_id, &StateEventType::RoomCreate, "")?
-			.as_ref()
-			.is_some_and(|event| event.sender == user_id);
+		let user_can_demote_self =
+			room_power_levels
+				.as_ref()
+				.is_some_and(|power_levels_content| {
+					RoomPowerLevels::from(power_levels_content.clone())
+						.user_can_change_user_power_level(user_id, user_id)
+				}) || services
+				.rooms
+				.state_accessor
+				.room_state_get(room_id, &StateEventType::RoomCreate, "")
+				.await
+				.is_ok_and(|event| event.sender == user_id);

 		if user_can_demote_self {
 			let mut power_levels_content = room_power_levels.unwrap_or_default();
@@ -723,16 +813,9 @@ pub async fn full_user_deactivate(
 				.rooms
 				.timeline
 				.build_and_append_pdu(
-					PduBuilder {
-						event_type: TimelineEventType::RoomPowerLevels,
-						content: to_raw_value(&power_levels_content).expect("event is valid, we just created it"),
-						unsigned: None,
-						state_key: Some(String::new()),
-						redacts: None,
-						timestamp: None,
-					},
+					PduBuilder::state(String::new(), &power_levels_content),
 					user_id,
-					&room_id,
+					room_id,
 					&state_lock,
 				)
 				.await
@@ -0,0 +1,159 @@
+use axum::extract::State;
+use conduwuit::{err, Err};
+use ruma::{
+	api::client::config::{
+		get_global_account_data, get_room_account_data, set_global_account_data,
+		set_room_account_data,
+	},
+	events::{
+		AnyGlobalAccountDataEventContent, AnyRoomAccountDataEventContent,
+		GlobalAccountDataEventType, RoomAccountDataEventType,
+	},
+	serde::Raw,
+	RoomId, UserId,
+};
+use serde::Deserialize;
+use serde_json::{json, value::RawValue as RawJsonValue};
+
+use crate::{service::Services, Result, Ruma};
+
+/// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
+///
+/// Sets some account data for the sender user.
+pub(crate) async fn set_global_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<set_global_account_data::v3::Request>,
+) -> Result<set_global_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot set account data for other users.")));
+	}
+
+	set_account_data(
+		&services,
+		None,
+		&body.user_id,
+		&body.event_type.to_string(),
+		body.data.json(),
+	)
+	.await?;
+
+	Ok(set_global_account_data::v3::Response {})
+}
+
+/// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
+///
+/// Sets some room account data for the sender user.
+pub(crate) async fn set_room_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<set_room_account_data::v3::Request>,
+) -> Result<set_room_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot set account data for other users.")));
+	}
+
+	set_account_data(
+		&services,
+		Some(&body.room_id),
+		&body.user_id,
+		&body.event_type.to_string(),
+		body.data.json(),
+	)
+	.await?;
+
+	Ok(set_room_account_data::v3::Response {})
+}
+
+/// # `GET /_matrix/client/r0/user/{userId}/account_data/{type}`
+///
+/// Gets some account data for the sender user.
+pub(crate) async fn get_global_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<get_global_account_data::v3::Request>,
+) -> Result<get_global_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot get account data of other users.")));
+	}
+
+	let account_data: ExtractGlobalEventContent = services
+		.account_data
+		.get_global(&body.user_id, body.event_type.clone())
+		.await
+		.map_err(|_| err!(Request(NotFound("Data not found."))))?;
+
+	Ok(get_global_account_data::v3::Response { account_data: account_data.content })
+}
+
+/// # `GET /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
+///
+/// Gets some room account data for the sender user.
+pub(crate) async fn get_room_account_data_route(
+	State(services): State<crate::State>,
+	body: Ruma<get_room_account_data::v3::Request>,
+) -> Result<get_room_account_data::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user != body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(Forbidden("You cannot get account data of other users.")));
+	}
+
+	let account_data: ExtractRoomEventContent = services
+		.account_data
+		.get_room(&body.room_id, &body.user_id, body.event_type.clone())
+		.await
+		.map_err(|_| err!(Request(NotFound("Data not found."))))?;
+
+	Ok(get_room_account_data::v3::Response { account_data: account_data.content })
+}
+
+async fn set_account_data(
+	services: &Services,
+	room_id: Option<&RoomId>,
+	sender_user: &UserId,
+	event_type_s: &str,
+	data: &RawJsonValue,
+) -> Result {
+	if event_type_s == RoomAccountDataEventType::FullyRead.to_cow_str() {
+		return Err!(Request(BadJson(
+			"This endpoint cannot be used for marking a room as fully read (setting \
+			 m.fully_read)"
+		)));
+	}
+
+	if event_type_s == GlobalAccountDataEventType::PushRules.to_cow_str() {
+		return Err!(Request(BadJson(
+			"This endpoint cannot be used for setting/configuring push rules."
+		)));
+	}
+
+	let data: serde_json::Value = serde_json::from_str(data.get())
+		.map_err(|e| err!(Request(BadJson(warn!("Invalid JSON provided: {e}")))))?;
+
+	services
+		.account_data
+		.update(
+			room_id,
+			sender_user,
+			event_type_s.into(),
+			&json!({
+				"type": event_type_s,
+				"content": data,
+			}),
+		)
+		.await
+}
+
+#[derive(Deserialize)]
+struct ExtractRoomEventContent {
+	content: Raw<AnyRoomAccountDataEventContent>,
+}
+
+#[derive(Deserialize)]
+struct ExtractGlobalEventContent {
+	content: Raw<AnyGlobalAccountDataEventContent>,
+}
@@ -1,11 +1,9 @@
 use axum::extract::State;
-use conduit::{debug, Error, Result};
+use conduwuit::{debug, Err, Result};
+use futures::StreamExt;
 use rand::seq::SliceRandom;
 use ruma::{
-	api::client::{
-		alias::{create_alias, delete_alias, get_alias},
-		error::ErrorKind,
-	},
+	api::client::alias::{create_alias, delete_alias, get_alias},
 	OwnedServerName, RoomAliasId, RoomId,
 };
 use service::Services;
@@ -16,7 +14,8 @@ use crate::Ruma;
 ///
 /// Creates a new room alias on this server.
 pub(crate) async fn create_alias_route(
-	State(services): State<crate::State>, body: Ruma<create_alias::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<create_alias::v3::Request>,
 ) -> Result<create_alias::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

@@ -33,16 +32,17 @@ pub(crate) async fn create_alias_route(
 		.forbidden_alias_names()
 		.is_match(body.room_alias.alias())
 	{
-		return Err(Error::BadRequest(ErrorKind::forbidden(), "Room alias is forbidden."));
+		return Err!(Request(Forbidden("Room alias is forbidden.")));
 	}

 	if services
 		.rooms
 		.alias
-		.resolve_local_alias(&body.room_alias)?
-		.is_some()
+		.resolve_local_alias(&body.room_alias)
+		.await
+		.is_ok()
 	{
-		return Err(Error::Conflict("Alias already exists."));
+		return Err!(Conflict("Alias already exists."));
 	}

 	services
@@ -59,7 +59,8 @@ pub(crate) async fn create_alias_route(
 ///
 /// - TODO: Update canonical alias event
 pub(crate) async fn delete_alias_route(
-	State(services): State<crate::State>, body: Ruma<delete_alias::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_alias::v3::Request>,
 ) -> Result<delete_alias::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

@@ -84,42 +85,40 @@ pub(crate) async fn delete_alias_route(
 ///
 /// Resolve an alias locally or over federation.
 pub(crate) async fn get_alias_route(
-	State(services): State<crate::State>, body: Ruma<get_alias::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_alias::v3::Request>,
 ) -> Result<get_alias::v3::Response> {
 	let room_alias = body.body.room_alias;
-	let servers = None;

-	let Ok((room_id, pre_servers)) = services
-		.rooms
-		.alias
-		.resolve_alias(&room_alias, servers.as_ref())
-		.await
+	let Ok((room_id, servers)) = services.rooms.alias.resolve_alias(&room_alias, None).await
 	else {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Room with alias not found."));
+		return Err!(Request(NotFound("Room with alias not found.")));
 	};

-	let servers = room_available_servers(&services, &room_id, &room_alias, &pre_servers);
+	let servers = room_available_servers(&services, &room_id, &room_alias, servers).await;
 	debug!(?room_alias, ?room_id, "available servers: {servers:?}");

 	Ok(get_alias::v3::Response::new(room_id, servers))
 }

-fn room_available_servers(
-	services: &Services, room_id: &RoomId, room_alias: &RoomAliasId, pre_servers: &Option<Vec<OwnedServerName>>,
+async fn room_available_servers(
+	services: &Services,
+	room_id: &RoomId,
+	room_alias: &RoomAliasId,
+	pre_servers: Vec<OwnedServerName>,
 ) -> Vec<OwnedServerName> {
 	// find active servers in room state cache to suggest
 	let mut servers: Vec<OwnedServerName> = services
 		.rooms
 		.state_cache
 		.room_servers(room_id)
-		.filter_map(Result::ok)
-		.collect();
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;

 	// push any servers we want in the list already (e.g. responded remote alias
 	// servers, room alias server itself)
-	if let Some(pre_servers) = pre_servers {
-		servers.extend(pre_servers.clone());
-	};
+	servers.extend(pre_servers);

 	servers.sort_unstable();
 	servers.dedup();
@@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduit::{err, Err, Result};
+use conduwuit::{err, Err, Result};
 use ruma::api::{appservice::ping, client::appservice::request_ping};

 use crate::Ruma;
@@ -9,12 +9,12 @@ use crate::Ruma;
 /// Ask the homeserver to ping the application service to ensure the connection
 /// works.
 pub(crate) async fn appservice_ping(
-	State(services): State<crate::State>, body: Ruma<request_ping::v1::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<request_ping::v1::Request>,
 ) -> Result<request_ping::v1::Response> {
-	let appservice_info = body
-		.appservice_info
-		.as_ref()
-		.ok_or_else(|| err!(Request(Forbidden("This endpoint can only be called by appservices."))))?;
+	let appservice_info = body.appservice_info.as_ref().ok_or_else(|| {
+		err!(Request(Forbidden("This endpoint can only be called by appservices.")))
+	})?;

 	if body.appservice_id != appservice_info.registration.id {
 		return Err!(Request(Forbidden(
@@ -41,7 +41,5 @@ pub(crate) async fn appservice_ping(
 		.await?
 		.expect("We already validated if an appservice URL exists above");

-	Ok(request_ping::v1::Response {
-		duration: timer.elapsed(),
-	})
+	Ok(request_ping::v1::Response { duration: timer.elapsed() })
 }
@@ -1,33 +1,30 @@
 use axum::extract::State;
+use conduwuit::{err, Err};
 use ruma::{
-	api::client::{
-		backup::{
-			add_backup_keys, add_backup_keys_for_room, add_backup_keys_for_session, create_backup_version,
-			delete_backup_keys, delete_backup_keys_for_room, delete_backup_keys_for_session, delete_backup_version,
-			get_backup_info, get_backup_keys, get_backup_keys_for_room, get_backup_keys_for_session,
-			get_latest_backup_info, update_backup_version,
-		},
-		error::ErrorKind,
+	api::client::backup::{
+		add_backup_keys, add_backup_keys_for_room, add_backup_keys_for_session,
+		create_backup_version, delete_backup_keys, delete_backup_keys_for_room,
+		delete_backup_keys_for_session, delete_backup_version, get_backup_info, get_backup_keys,
+		get_backup_keys_for_room, get_backup_keys_for_session, get_latest_backup_info,
+		update_backup_version,
 	},
 	UInt,
 };

-use crate::{Error, Result, Ruma};
+use crate::{Result, Ruma};

 /// # `POST /_matrix/client/r0/room_keys/version`
 ///
 /// Creates a new backup.
 pub(crate) async fn create_backup_version_route(
-	State(services): State<crate::State>, body: Ruma<create_backup_version::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<create_backup_version::v3::Request>,
 ) -> Result<create_backup_version::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let version = services
 		.key_backups
-		.create_backup(sender_user, &body.algorithm)?;
+		.create_backup(body.sender_user(), &body.algorithm)?;

-	Ok(create_backup_version::v3::Response {
-		version,
-	})
+	Ok(create_backup_version::v3::Response { version })
 }

 /// # `PUT /_matrix/client/r0/room_keys/version/{version}`
@@ -35,12 +32,13 @@ pub(crate) async fn create_backup_version_route(
 /// Update information about an existing backup. Only `auth_data` can be
 /// modified.
 pub(crate) async fn update_backup_version_route(
-	State(services): State<crate::State>, body: Ruma<update_backup_version::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<update_backup_version::v3::Request>,
 ) -> Result<update_backup_version::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	services
 		.key_backups
-		.update_backup(sender_user, &body.version, &body.algorithm)?;
+		.update_backup(body.sender_user(), &body.version, &body.algorithm)
+		.await?;

 	Ok(update_backup_version::v3::Response {})
 }
@@ -49,20 +47,28 @@ pub(crate) async fn update_backup_version_route(
 ///
 /// Get information about the latest backup version.
 pub(crate) async fn get_latest_backup_info_route(
-	State(services): State<crate::State>, body: Ruma<get_latest_backup_info::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_latest_backup_info::v3::Request>,
 ) -> Result<get_latest_backup_info::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let (version, algorithm) = services
 		.key_backups
-		.get_latest_backup(sender_user)?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Key backup does not exist."))?;
+		.get_latest_backup(body.sender_user())
+		.await
+		.map_err(|_| err!(Request(NotFound("Key backup does not exist."))))?;

 	Ok(get_latest_backup_info::v3::Response {
 		algorithm,
-		count: (UInt::try_from(services.key_backups.count_keys(sender_user, &version)?)
-			.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &version)?,
+		count: (UInt::try_from(
+			services
+				.key_backups
+				.count_keys(body.sender_user(), &version)
+				.await,
+		)
+		.expect("user backup keys count should not be that high")),
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &version)
+			.await,
 		version,
 	})
 }
@@ -71,23 +77,28 @@ pub(crate) async fn get_latest_backup_info_route(
 ///
 /// Get information about an existing backup.
 pub(crate) async fn get_backup_info_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_info::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_info::v3::Request>,
 ) -> Result<get_backup_info::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let algorithm = services
 		.key_backups
-		.get_backup(sender_user, &body.version)?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Key backup does not exist."))?;
+		.get_backup(body.sender_user(), &body.version)
+		.await
+		.map_err(|_| {
+			err!(Request(NotFound("Key backup does not exist at version {:?}", body.version)))
+		})?;

 	Ok(get_backup_info::v3::Response {
 		algorithm,
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 		version: body.version.clone(),
 	})
 }
@@ -99,13 +110,13 @@ pub(crate) async fn get_backup_info_route(
 /// - Deletes both information about the backup, as well as all key data related
 ///   to the backup
 pub(crate) async fn delete_backup_version_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_version::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_version::v3::Request>,
 ) -> Result<delete_backup_version::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_backup(sender_user, &body.version)?;
+		.delete_backup(body.sender_user(), &body.version)
+		.await;

 	Ok(delete_backup_version::v3::Response {})
 }
@@ -119,38 +130,39 @@ pub(crate) async fn delete_backup_version_route(
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
 pub(crate) async fn add_backup_keys_route(
-	State(services): State<crate::State>, body: Ruma<add_backup_keys::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<add_backup_keys::v3::Request>,
 ) -> Result<add_backup_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	if Some(&body.version)
-		!= services
-			.key_backups
-			.get_latest_backup_version(sender_user)?
-			.as_ref()
+	if services
+		.key_backups
+		.get_latest_backup_version(body.sender_user())
+		.await
+		.is_ok_and(|version| version != body.version)
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"You may only manipulate the most recently created version of the backup.",
-		));
+		return Err!(Request(InvalidParam(
+			"You may only manipulate the most recently created version of the backup."
+		)));
 	}

 	for (room_id, room) in &body.rooms {
 		for (session_id, key_data) in &room.sessions {
 			services
 				.key_backups
-				.add_key(sender_user, &body.version, room_id, session_id, key_data)?;
+				.add_key(body.sender_user(), &body.version, room_id, session_id, key_data)
+				.await?;
 		}
 	}

 	Ok(add_backup_keys::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -163,36 +175,37 @@ pub(crate) async fn add_backup_keys_route(
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
 pub(crate) async fn add_backup_keys_for_room_route(
-	State(services): State<crate::State>, body: Ruma<add_backup_keys_for_room::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<add_backup_keys_for_room::v3::Request>,
 ) -> Result<add_backup_keys_for_room::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	if Some(&body.version)
-		!= services
-			.key_backups
-			.get_latest_backup_version(sender_user)?
-			.as_ref()
+	if services
+		.key_backups
+		.get_latest_backup_version(body.sender_user())
+		.await
+		.is_ok_and(|version| version != body.version)
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"You may only manipulate the most recently created version of the backup.",
-		));
+		return Err!(Request(InvalidParam(
+			"You may only manipulate the most recently created version of the backup."
+		)));
 	}

 	for (session_id, key_data) in &body.sessions {
 		services
 			.key_backups
-			.add_key(sender_user, &body.version, &body.room_id, session_id, key_data)?;
+			.add_key(body.sender_user(), &body.version, &body.room_id, session_id, key_data)
+			.await?;
 	}

 	Ok(add_backup_keys_for_room::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -205,34 +218,41 @@ pub(crate) async fn add_backup_keys_for_room_route(
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
 pub(crate) async fn add_backup_keys_for_session_route(
-	State(services): State<crate::State>, body: Ruma<add_backup_keys_for_session::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<add_backup_keys_for_session::v3::Request>,
 ) -> Result<add_backup_keys_for_session::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	if Some(&body.version)
-		!= services
-			.key_backups
-			.get_latest_backup_version(sender_user)?
-			.as_ref()
+	if services
+		.key_backups
+		.get_latest_backup_version(body.sender_user())
+		.await
+		.is_ok_and(|version| version != body.version)
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"You may only manipulate the most recently created version of the backup.",
-		));
+		return Err!(Request(InvalidParam(
+			"You may only manipulate the most recently created version of the backup."
+		)));
 	}

 	services
 		.key_backups
-		.add_key(sender_user, &body.version, &body.room_id, &body.session_id, &body.session_data)?;
+		.add_key(
+			body.sender_user(),
+			&body.version,
+			&body.room_id,
+			&body.session_id,
+			&body.session_data,
+		)
+		.await?;

 	Ok(add_backup_keys_for_session::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -240,72 +260,72 @@ pub(crate) async fn add_backup_keys_for_session_route(
 ///
 /// Retrieves all keys from the backup.
 pub(crate) async fn get_backup_keys_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_keys::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_keys::v3::Request>,
 ) -> Result<get_backup_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let rooms = services
+		.key_backups
+		.get_all(body.sender_user(), &body.version)
+		.await;

-	let rooms = services.key_backups.get_all(sender_user, &body.version)?;
-
-	Ok(get_backup_keys::v3::Response {
-		rooms,
-	})
+	Ok(get_backup_keys::v3::Response { rooms })
 }

 /// # `GET /_matrix/client/r0/room_keys/keys/{roomId}`
 ///
 /// Retrieves all keys from the backup for a given room.
 pub(crate) async fn get_backup_keys_for_room_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_keys_for_room::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_keys_for_room::v3::Request>,
 ) -> Result<get_backup_keys_for_room::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let sessions = services
 		.key_backups
-		.get_room(sender_user, &body.version, &body.room_id)?;
+		.get_room(body.sender_user(), &body.version, &body.room_id)
+		.await;

-	Ok(get_backup_keys_for_room::v3::Response {
-		sessions,
-	})
+	Ok(get_backup_keys_for_room::v3::Response { sessions })
 }

 /// # `GET /_matrix/client/r0/room_keys/keys/{roomId}/{sessionId}`
 ///
 /// Retrieves a key from the backup.
 pub(crate) async fn get_backup_keys_for_session_route(
-	State(services): State<crate::State>, body: Ruma<get_backup_keys_for_session::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_backup_keys_for_session::v3::Request>,
 ) -> Result<get_backup_keys_for_session::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let key_data = services
 		.key_backups
-		.get_session(sender_user, &body.version, &body.room_id, &body.session_id)?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Backup key not found for this user's session."))?;
+		.get_session(body.sender_user(), &body.version, &body.room_id, &body.session_id)
+		.await
+		.map_err(|_| {
+			err!(Request(NotFound(debug_error!("Backup key not found for this user's session."))))
+		})?;

-	Ok(get_backup_keys_for_session::v3::Response {
-		key_data,
-	})
+	Ok(get_backup_keys_for_session::v3::Response { key_data })
 }

 /// # `DELETE /_matrix/client/r0/room_keys/keys`
 ///
 /// Delete the keys from the backup.
 pub(crate) async fn delete_backup_keys_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_keys::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_keys::v3::Request>,
 ) -> Result<delete_backup_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_all_keys(sender_user, &body.version)?;
+		.delete_all_keys(body.sender_user(), &body.version)
+		.await;

 	Ok(delete_backup_keys::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -313,22 +333,24 @@ pub(crate) async fn delete_backup_keys_route(
 ///
 /// Delete the keys from the backup for a given room.
 pub(crate) async fn delete_backup_keys_for_room_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_keys_for_room::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_keys_for_room::v3::Request>,
 ) -> Result<delete_backup_keys_for_room::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_room_keys(sender_user, &body.version, &body.room_id)?;
+		.delete_room_keys(body.sender_user(), &body.version, &body.room_id)
+		.await;

 	Ok(delete_backup_keys_for_room::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }

@@ -336,21 +358,23 @@ pub(crate) async fn delete_backup_keys_for_room_route(
 ///
 /// Delete a key from the backup.
 pub(crate) async fn delete_backup_keys_for_session_route(
-	State(services): State<crate::State>, body: Ruma<delete_backup_keys_for_session::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<delete_backup_keys_for_session::v3::Request>,
 ) -> Result<delete_backup_keys_for_session::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.key_backups
-		.delete_room_key(sender_user, &body.version, &body.room_id, &body.session_id)?;
+		.delete_room_key(body.sender_user(), &body.version, &body.room_id, &body.session_id)
+		.await;

 	Ok(delete_backup_keys_for_session::v3::Response {
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(sender_user, &body.version)?,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services.key_backups.get_etag(sender_user, &body.version)?,
+		count: services
+			.key_backups
+			.count_keys(body.sender_user(), &body.version)
+			.await
+			.try_into()?,
+		etag: services
+			.key_backups
+			.get_etag(body.sender_user(), &body.version)
+			.await,
 	})
 }
@@ -1,46 +1,40 @@
 use std::collections::BTreeMap;

 use axum::extract::State;
+use conduwuit::{Result, Server};
 use ruma::{
 	api::client::discovery::get_capabilities::{
-		self, Capabilities, RoomVersionStability, RoomVersionsCapability, ThirdPartyIdChangesCapability,
+		self, Capabilities, GetLoginTokenCapability, RoomVersionStability,
+		RoomVersionsCapability, ThirdPartyIdChangesCapability,
 	},
 	RoomVersionId,
 };
 use serde_json::json;

-use crate::{Result, Ruma};
+use crate::Ruma;

 /// # `GET /_matrix/client/v3/capabilities`
 ///
 /// Get information on the supported feature set and other relevent capabilities
 /// of this server.
 pub(crate) async fn get_capabilities_route(
-	State(services): State<crate::State>, _body: Ruma<get_capabilities::v3::Request>,
+	State(services): State<crate::State>,
+	_body: Ruma<get_capabilities::v3::Request>,
 ) -> Result<get_capabilities::v3::Response> {
-	let available: BTreeMap<RoomVersionId, RoomVersionStability> = services
-		.globals
-		.unstable_room_versions
-		.iter()
-		.map(|unstable_room_version| (unstable_room_version.clone(), RoomVersionStability::Unstable))
-		.chain(
-			services
-				.globals
-				.stable_room_versions
-				.iter()
-				.map(|stable_room_version| (stable_room_version.clone(), RoomVersionStability::Stable)),
-		)
-		.collect();
+	let available: BTreeMap<RoomVersionId, RoomVersionStability> =
+		Server::available_room_versions().collect();

 	let mut capabilities = Capabilities::default();
 	capabilities.room_versions = RoomVersionsCapability {
-		default: services.globals.default_room_version(),
+		default: services.server.config.default_room_version.clone(),
 		available,
 	};

 	// we do not implement 3PID stuff
-	capabilities.thirdparty_id_changes = ThirdPartyIdChangesCapability {
-		enabled: false,
+	capabilities.thirdparty_id_changes = ThirdPartyIdChangesCapability { enabled: false };
+
+	capabilities.get_login_token = GetLoginTokenCapability {
+		enabled: services.server.config.login_via_existing_session,
 	};

 	// MSC4133 capability
@@ -48,7 +42,5 @@ pub(crate) async fn get_capabilities_route(
 		.set("uk.tcpip.msc4133.profile_fields", json!({"enabled": true}))
 		.expect("this is valid JSON we created");

-	Ok(get_capabilities::v3::Response {
-		capabilities,
-	})
+	Ok(get_capabilities::v3::Response { capabilities })
 }
@@ -1,124 +0,0 @@
-use axum::extract::State;
-use ruma::{
-	api::client::{
-		config::{get_global_account_data, get_room_account_data, set_global_account_data, set_room_account_data},
-		error::ErrorKind,
-	},
-	events::{AnyGlobalAccountDataEventContent, AnyRoomAccountDataEventContent},
-	serde::Raw,
-	OwnedUserId, RoomId,
-};
-use serde::Deserialize;
-use serde_json::{json, value::RawValue as RawJsonValue};
-
-use crate::{service::Services, Error, Result, Ruma};
-
-/// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
-///
-/// Sets some account data for the sender user.
-pub(crate) async fn set_global_account_data_route(
-	State(services): State<crate::State>, body: Ruma<set_global_account_data::v3::Request>,
-) -> Result<set_global_account_data::v3::Response> {
-	set_account_data(
-		&services,
-		None,
-		&body.sender_user,
-		&body.event_type.to_string(),
-		body.data.json(),
-	)?;
-
-	Ok(set_global_account_data::v3::Response {})
-}
-
-/// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
-///
-/// Sets some room account data for the sender user.
-pub(crate) async fn set_room_account_data_route(
-	State(services): State<crate::State>, body: Ruma<set_room_account_data::v3::Request>,
-) -> Result<set_room_account_data::v3::Response> {
-	set_account_data(
-		&services,
-		Some(&body.room_id),
-		&body.sender_user,
-		&body.event_type.to_string(),
-		body.data.json(),
-	)?;
-
-	Ok(set_room_account_data::v3::Response {})
-}
-
-/// # `GET /_matrix/client/r0/user/{userId}/account_data/{type}`
-///
-/// Gets some account data for the sender user.
-pub(crate) async fn get_global_account_data_route(
-	State(services): State<crate::State>, body: Ruma<get_global_account_data::v3::Request>,
-) -> Result<get_global_account_data::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	let event: Box<RawJsonValue> = services
-		.account_data
-		.get(None, sender_user, body.event_type.to_string().into())?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
-
-	let account_data = serde_json::from_str::<ExtractGlobalEventContent>(event.get())
-		.map_err(|_| Error::bad_database("Invalid account data event in db."))?
-		.content;
-
-	Ok(get_global_account_data::v3::Response {
-		account_data,
-	})
-}
-
-/// # `GET /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
-///
-/// Gets some room account data for the sender user.
-pub(crate) async fn get_room_account_data_route(
-	State(services): State<crate::State>, body: Ruma<get_room_account_data::v3::Request>,
-) -> Result<get_room_account_data::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	let event: Box<RawJsonValue> = services
-		.account_data
-		.get(Some(&body.room_id), sender_user, body.event_type.clone())?
-		.ok_or_else(|| Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
-
-	let account_data = serde_json::from_str::<ExtractRoomEventContent>(event.get())
-		.map_err(|_| Error::bad_database("Invalid account data event in db."))?
-		.content;
-
-	Ok(get_room_account_data::v3::Response {
-		account_data,
-	})
-}
-
-fn set_account_data(
-	services: &Services, room_id: Option<&RoomId>, sender_user: &Option<OwnedUserId>, event_type: &str,
-	data: &RawJsonValue,
-) -> Result<()> {
-	let sender_user = sender_user.as_ref().expect("user is authenticated");
-
-	let data: serde_json::Value =
-		serde_json::from_str(data.get()).map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Data is invalid."))?;
-
-	services.account_data.update(
-		room_id,
-		sender_user,
-		event_type.into(),
-		&json!({
-			"type": event_type,
-			"content": data,
-		}),
-	)?;
-
-	Ok(())
-}
-
-#[derive(Deserialize)]
-struct ExtractRoomEventContent {
-	content: Raw<AnyRoomAccountDataEventContent>,
-}
-
-#[derive(Deserialize)]
-struct ExtractGlobalEventContent {
-	content: Raw<AnyGlobalAccountDataEventContent>,
-}
@@ -1,203 +1,210 @@
-use std::collections::HashSet;
-
 use axum::extract::State;
-use ruma::{
-	api::client::{context::get_context, error::ErrorKind, filter::LazyLoadOptions},
-	events::StateEventType,
+use conduwuit::{
+	at, err, ref_at,
+	utils::{
+		future::TryExtExt,
+		stream::{BroadbandExt, ReadyExt, TryIgnore, WidebandExt},
+		IterStream,
+	},
+	Err, PduEvent, Result,
 };
-use tracing::error;
+use futures::{
+	future::{join, join3, try_join3, OptionFuture},
+	FutureExt, StreamExt, TryFutureExt, TryStreamExt,
+};
+use ruma::{api::client::context::get_context, events::StateEventType, OwnedEventId, UserId};
+use service::rooms::{lazy_loading, lazy_loading::Options, short::ShortStateKey};

-use crate::{Error, Result, Ruma};
+use crate::{
+	client::message::{event_filter, ignored_filter, lazy_loading_witness, visibility_filter},
+	Ruma,
+};

-/// # `GET /_matrix/client/r0/rooms/{roomId}/context`
+const LIMIT_MAX: usize = 100;
+const LIMIT_DEFAULT: usize = 10;
+
+/// # `GET /_matrix/client/r0/rooms/{roomId}/context/{eventId}`
 ///
 /// Allows loading room history around an event.
 ///
 /// - Only works if the user is joined (TODO: always allow, but only show events
 ///   if the user was joined, depending on history_visibility)
 pub(crate) async fn get_context_route(
-	State(services): State<crate::State>, body: Ruma<get_context::v3::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<get_context::v3::Request>,
 ) -> Result<get_context::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let sender_device = body.sender_device.as_ref().expect("user is authenticated");
-
-	// some clients, at least element, seem to require knowledge of redundant
-	// members for "inline" profiles on the timeline to work properly
-	let (lazy_load_enabled, lazy_load_send_redundant) = match &body.filter.lazy_load_options {
-		LazyLoadOptions::Enabled {
-			include_redundant_members,
-		} => (true, *include_redundant_members),
-		LazyLoadOptions::Disabled => (false, cfg!(feature = "element_hacks")),
-	};
-
-	let mut lazy_loaded = HashSet::new();
-
-	let base_token = services
-		.rooms
-		.timeline
-		.get_pdu_count(&body.event_id)?
-		.ok_or(Error::BadRequest(ErrorKind::NotFound, "Base event id not found."))?;
-
-	let base_event = services
-		.rooms
-		.timeline
-		.get_pdu(&body.event_id)?
-		.ok_or(Error::BadRequest(ErrorKind::NotFound, "Base event not found."))?;
-
-	let room_id = base_event.room_id.clone();
-
-	if !services
-		.rooms
-		.state_accessor
-		.user_can_see_event(sender_user, &room_id, &body.event_id)?
-	{
-		return Err(Error::BadRequest(
-			ErrorKind::forbidden(),
-			"You don't have permission to view this event.",
-		));
-	}
-
-	if !services.rooms.lazy_loading.lazy_load_was_sent_before(
-		sender_user,
-		sender_device,
-		&room_id,
-		&base_event.sender,
-	)? || lazy_load_send_redundant
-	{
-		lazy_loaded.insert(base_event.sender.as_str().to_owned());
-	}
+	let sender = body.sender();
+	let (sender_user, sender_device) = sender;
+	let room_id = &body.room_id;
+	let filter = &body.filter;

 	// Use limit or else 10, with maximum 100
-	let limit = usize::try_from(body.limit).unwrap_or(10).min(100);
+	let limit: usize = body
+		.limit
+		.try_into()
+		.unwrap_or(LIMIT_DEFAULT)
+		.min(LIMIT_MAX);

-	let base_event = base_event.to_room_event();
-
-	let events_before: Vec<_> = services
+	let base_id = services
 		.rooms
 		.timeline
-		.pdus_until(sender_user, &room_id, base_token)?
-		.take(limit / 2)
-		.filter_map(Result::ok) // Remove buggy events
-		.filter(|(_, pdu)| {
-			services
-				.rooms
-				.state_accessor
-				.user_can_see_event(sender_user, &room_id, &pdu.event_id)
-				.unwrap_or(false)
-		})
-		.collect();
+		.get_pdu_id(&body.event_id)
+		.map_err(|_| err!(Request(NotFound("Event not found."))));

-	for (_, event) in &events_before {
-		if !services.rooms.lazy_loading.lazy_load_was_sent_before(
-			sender_user,
-			sender_device,
-			&room_id,
-			&event.sender,
-		)? || lazy_load_send_redundant
-		{
-			lazy_loaded.insert(event.sender.as_str().to_owned());
-		}
-	}
-
-	let start_token = events_before
-		.last()
-		.map_or_else(|| base_token.stringify(), |(count, _)| count.stringify());
-
-	let events_before: Vec<_> = events_before
-		.into_iter()
-		.map(|(_, pdu)| pdu.to_room_event())
-		.collect();
-
-	let events_after: Vec<_> = services
+	let base_pdu = services
 		.rooms
 		.timeline
-		.pdus_after(sender_user, &room_id, base_token)?
-		.take(limit / 2)
-		.filter_map(Result::ok) // Remove buggy events
-		.filter(|(_, pdu)| {
-			services
-				.rooms
-				.state_accessor
-				.user_can_see_event(sender_user, &room_id, &pdu.event_id)
-				.unwrap_or(false)
-		})
-		.collect();
+		.get_pdu(&body.event_id)
+		.map_err(|_| err!(Request(NotFound("Base event not found."))));

-	for (_, event) in &events_after {
-		if !services.rooms.lazy_loading.lazy_load_was_sent_before(
-			sender_user,
-			sender_device,
-			&room_id,
-			&event.sender,
-		)? || lazy_load_send_redundant
-		{
-			lazy_loaded.insert(event.sender.as_str().to_owned());
-		}
-	}
-
-	let shortstatehash = services
+	let visible = services
 		.rooms
 		.state_accessor
-		.pdu_shortstatehash(
-			events_after
-				.last()
-				.map_or(&*body.event_id, |(_, e)| &*e.event_id),
-		)?
-		.map_or(
-			services
-				.rooms
-				.state
-				.get_room_shortstatehash(&room_id)?
-				.expect("All rooms have state"),
-			|hash| hash,
-		);
+		.user_can_see_event(sender_user, &body.room_id, &body.event_id)
+		.map(Ok);
+
+	let (base_id, base_pdu, visible) = try_join3(base_id, base_pdu, visible).await?;
+
+	if base_pdu.room_id != body.room_id || base_pdu.event_id != body.event_id {
+		return Err!(Request(NotFound("Base event not found.")));
+	}
+
+	if !visible {
+		return Err!(Request(Forbidden("You don't have permission to view this event.")));
+	}
+
+	let base_count = base_id.pdu_count();
+
+	let base_event = ignored_filter(&services, (base_count, base_pdu), sender_user);
+
+	let events_before = services
+		.rooms
+		.timeline
+		.pdus_rev(Some(sender_user), room_id, Some(base_count))
+		.ignore_err()
+		.ready_filter_map(|item| event_filter(item, filter))
+		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
+		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
+		.take(limit / 2)
+		.collect();
+
+	let events_after = services
+		.rooms
+		.timeline
+		.pdus(Some(sender_user), room_id, Some(base_count))
+		.ignore_err()
+		.ready_filter_map(|item| event_filter(item, filter))
+		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
+		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
+		.take(limit / 2)
+		.collect();
+
+	let (base_event, events_before, events_after): (_, Vec<_>, Vec<_>) =
+		join3(base_event, events_before, events_after).await;
+
+	let lazy_loading_context = lazy_loading::Context {
+		user_id: sender_user,
+		device_id: sender_device,
+		room_id,
+		token: Some(base_count.into_unsigned()),
+		options: Some(&filter.lazy_load_options),
+	};
+
+	let lazy_loading_witnessed: OptionFuture<_> = filter
+		.lazy_load_options
+		.is_enabled()
+		.then_some(
+			base_event
+				.iter()
+				.chain(events_before.iter())
+				.chain(events_after.iter()),
+		)
+		.map(|witnessed| lazy_loading_witness(&services, &lazy_loading_context, witnessed))
+		.into();
+
+	let state_at = events_after
+		.last()
+		.map(ref_at!(1))
+		.map_or(body.event_id.as_ref(), |pdu| pdu.event_id.as_ref());

 	let state_ids = services
 		.rooms
 		.state_accessor
-		.state_full_ids(shortstatehash)
-		.await?;
+		.pdu_shortstatehash(state_at)
+		.or_else(|_| services.rooms.state.get_room_shortstatehash(room_id))
+		.map_ok(|shortstatehash| {
+			services
+				.rooms
+				.state_accessor
+				.state_full_ids(shortstatehash)
+				.map(Ok)
+		})
+		.map_err(|e| err!(Database("State not found: {e}")))
+		.try_flatten_stream()
+		.try_collect()
+		.boxed();

-	let end_token = events_after
-		.last()
-		.map_or_else(|| base_token.stringify(), |(count, _)| count.stringify());
+	let (lazy_loading_witnessed, state_ids) = join(lazy_loading_witnessed, state_ids).await;

-	let events_after: Vec<_> = events_after
-		.into_iter()
-		.map(|(_, pdu)| pdu.to_room_event())
-		.collect();
+	let state_ids: Vec<(ShortStateKey, OwnedEventId)> = state_ids?;
+	let shortstatekeys = state_ids.iter().map(at!(0)).stream();
+	let shorteventids = state_ids.iter().map(ref_at!(1)).stream();
+	let lazy_loading_witnessed = lazy_loading_witnessed.unwrap_or_default();
+	let state: Vec<_> = services
+		.rooms
+		.short
+		.multi_get_statekey_from_short(shortstatekeys)
+		.zip(shorteventids)
+		.ready_filter_map(|item| Some((item.0.ok()?, item.1)))
+		.ready_filter_map(|((event_type, state_key), event_id)| {
+			if filter.lazy_load_options.is_enabled()
+				&& event_type == StateEventType::RoomMember
+				&& state_key
+					.as_str()
+					.try_into()
+					.is_ok_and(|user_id: &UserId| !lazy_loading_witnessed.contains(user_id))
+			{
+				return None;
+			}

-	let mut state = Vec::with_capacity(state_ids.len());
-
-	for (shortstatekey, id) in state_ids {
-		let (event_type, state_key) = services
-			.rooms
-			.short
-			.get_statekey_from_short(shortstatekey)?;
-
-		if event_type != StateEventType::RoomMember {
-			let Some(pdu) = services.rooms.timeline.get_pdu(&id)? else {
-				error!("Pdu in state not found: {}", id);
-				continue;
-			};
-
-			state.push(pdu.to_state_event());
-		} else if !lazy_load_enabled || lazy_loaded.contains(&state_key) {
-			let Some(pdu) = services.rooms.timeline.get_pdu(&id)? else {
-				error!("Pdu in state not found: {}", id);
-				continue;
-			};
-
-			state.push(pdu.to_state_event());
-		}
-	}
+			Some(event_id)
+		})
+		.broad_filter_map(|event_id: &OwnedEventId| {
+			services.rooms.timeline.get_pdu(event_id.as_ref()).ok()
+		})
+		.map(PduEvent::into_state_event)
+		.collect()
+		.await;

 	Ok(get_context::v3::Response {
-		start: Some(start_token),
-		end: Some(end_token),
-		events_before,
-		event: Some(base_event),
-		events_after,
+		event: base_event.map(at!(1)).as_ref().map(PduEvent::to_room_event),
+
+		start: events_before
+			.last()
+			.map(at!(0))
+			.or(Some(base_count))
+			.as_ref()
+			.map(ToString::to_string),
+
+		end: events_after
+			.last()
+			.map(at!(0))
+			.or(Some(base_count))
+			.as_ref()
+			.map(ToString::to_string),
+
+		events_before: events_before
+			.into_iter()
+			.map(at!(1))
+			.map(|pdu| pdu.to_room_event())
+			.collect(),
+
+		events_after: events_after
+			.into_iter()
+			.map(at!(1))
+			.map(|pdu| pdu.to_room_event())
+			.collect(),
+
 		state,
 	})
 }
--- a/Show More
+++ b/Show More