Increase traefik read timeout to allow uploading larger container images

re-align ansible inv
Forgejo config
2026-05-26 20:49:55 +00:00 · 2025-01-24 20:54:15 +00:00 · 2025-01-24 17:56:30 +00:00 · 2025-01-24 17:50:19 +00:00 · 2025-01-23 14:51:57 +00:00 · 2025-01-23 14:23:23 +00:00
748 changed files with 24589 additions and 88378 deletions
@@ -1,27 +1,9 @@
-# Local build and dev artifacts
-target
-tests
-
-# Docker files
-Dockerfile*
-
-# IDE files
-.vscode
-.idea
-*.iml
-
-# Git folder
-.git
-.gitea
-.gitlab
-.github
-
-# Dot files
-.env
+servers
+compose.yml
+node_modules
 .gitignore
-
-# Toml files
-rustfmt.toml
-
-# Documentation
-#*.md
+Dockerfile
+.svelte-kit
+build
+output
+.git
@@ -1,24 +1,6 @@
-# EditorConfig is awesome: https://EditorConfig.org
-
 root = true
-
-[*]
+[*.{js,ts,svelte}]
 charset = utf-8
-end_of_line = lf
-tab_width = 4
-indent_size = 4
+
 indent_style = space
-insert_final_newline = true
-max_line_length = 120
-
-[*.{md,txt}]
-indent_style = space
-indent_size = 4
-max_line_length = 80
-
-[*.nix]
-indent_size = 2
-
-[*.rs]
-indent_style = tab
-max_line_length = 98
+indent_size = 4
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-dotenv_if_exists
-
-use flake ".#${DIRENV_DEVSHELL:-default}"
-
-PATH_add bin
@@ -1,7 +0,0 @@
-# .git-blame-ignore-revs
-# adds a proper rustfmt.toml and formats the entire codebase
-1d1ac065141181438e744e7d8abd0e45f75a2f91
-f419c64aca300a338096b4e0db4c73ace54f23d0
-# use chain_width 60
-162948313c212193965dece50b816ef0903172ba
-5998a0d883d31b866f7c8c46433a8857eae51a89
@@ -1,87 +1,2 @@
-# taken from https://github.com/gitattributes/gitattributes/blob/46a8961ad73f5bd4d8d193708840fbc9e851d702/Rust.gitattributes
-# Auto detect text files and perform normalization
-*          text=auto
-
-*.rs       text diff=rust
-*.toml     text diff=toml
-Cargo.lock text
-
-# taken from https://github.com/gitattributes/gitattributes/blob/46a8961ad73f5bd4d8d193708840fbc9e851d702/Common.gitattributes
-# Documents
-*.bibtex   text diff=bibtex
-*.doc      diff=astextplain
-*.DOC      diff=astextplain
-*.docx     diff=astextplain
-*.DOCX     diff=astextplain
-*.dot      diff=astextplain
-*.DOT      diff=astextplain
-*.pdf      diff=astextplain
-*.PDF      diff=astextplain
-*.rtf      diff=astextplain
-*.RTF      diff=astextplain
-*.md       text diff=markdown
-*.mdx      text diff=markdown
-*.tex      text diff=tex
-*.adoc     text
-*.textile  text
-*.mustache text
-*.csv      text eol=crlf
-*.tab      text
-*.tsv      text
-*.txt      text
-*.sql      text
-*.epub     diff=astextplain
-
-# Graphics
-*.png      binary
-*.jpg      binary
-*.jpeg     binary
-*.gif      binary
-*.tif      binary
-*.tiff     binary
-*.ico      binary
-# SVG treated as text by default.
-*.svg      text
-*.eps      binary
-
-# Scripts
-*.bash     text eol=lf
-*.fish     text eol=lf
-*.ksh      text eol=lf
-*.sh       text eol=lf
-*.zsh      text eol=lf
-# These are explicitly windows files and should use crlf
-*.bat      text eol=crlf
-*.cmd      text eol=crlf
-*.ps1      text eol=crlf
-
-# Serialisation
-*.json     text
-*.toml     text
-*.xml      text
-*.yaml     text
-*.yml      text
-
-# Archives
-*.7z       binary
-*.bz       binary
-*.bz2      binary
-*.bzip2    binary
-*.gz       binary
-*.lz       binary
-*.lzma     binary
-*.rar      binary
-*.tar      binary
-*.taz      binary
-*.tbz      binary
-*.tbz2     binary
-*.tgz      binary
-*.tlz      binary
-*.txz      binary
-*.xz       binary
-*.Z        binary
-*.zip      binary
-*.zst      binary
-
-# Text files where line endings should be preserved
-*.patch    -text
+# Auto detect text files and perform LF normalization
+* text=auto
@@ -1,993 +0,0 @@
-name: CI and Artifacts
-
-on:
-    pull_request:
-    push:
-        paths-ignore:
-          - '.gitlab-ci.yml'
-          - '.gitignore'
-          - 'renovate.json'
-          - 'debian/**'
-          - 'docker/**'
-        branches:
-            - main
-        tags:
-          - '*'
-    # Allows you to run this workflow manually from the Actions tab
-    workflow_dispatch:
-
-concurrency:
-    group: ${{ github.head_ref || github.ref_name }}
-    cancel-in-progress: true
-
-env:
-    # sccache only on main repo
-    SCCACHE_GHA_ENABLED: "${{ !startsWith(github.ref, 'refs/tags/') && (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'true' || 'false' }}"
-    RUSTC_WRAPPER: "${{ !startsWith(github.ref, 'refs/tags/') && (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
-    SCCACHE_BUCKET: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
-    SCCACHE_S3_USE_SSL: ${{ vars.SCCACHE_S3_USE_SSL }}
-    SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
-    SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }}
-    SCCACHE_CACHE_MULTIARCH: ${{ vars.SCCACHE_CACHE_MULTIARCH }}
-    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-    # Required to make some things output color
-    TERM: ansi
-    # Publishing to my nix binary cache
-    ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
-    # conduwuit.cachix.org
-    CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-    # Just in case incremental is still being set to true, speeds up CI
-    CARGO_INCREMENTAL: 0
-    # Custom nix binary cache if fork is being used
-    ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
-    ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }}
-    # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps
-    NIX_CONFIG: |
-      show-trace = true
-      extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
-      extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-      experimental-features = nix-command flakes
-      extra-experimental-features = nix-command flakes
-      accept-flake-config = true
-    WEB_UPLOAD_SSH_USERNAME: ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
-    GH_REF_NAME: ${{ github.ref_name }}
-    WEBSERVER_DIR_NAME: ${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
-
-permissions: {}
-
-jobs:
-    tests:
-        name: Test
-        runs-on: ubuntu-24.04
-        steps:
-            - name: Setup SSH web publish
-              env:
-                web_upload_ssh_private_key: ${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}
-              if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (env.web_upload_ssh_private_key != '') && github.event.pull_request.user.login != 'renovate[bot]'
-              run: |
-                  mkdir -p -v ~/.ssh
-
-                  echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
-                  echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
-
-                  chmod 600 ~/.ssh/id_ed25519
-
-                  cat >>~/.ssh/config <<END
-                  Host website
-                    HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
-                    User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
-                    IdentityFile ~/.ssh/id_ed25519
-                    StrictHostKeyChecking yes
-                    AddKeysToAgent no
-                    ForwardX11 no
-                    BatchMode yes
-                  END
-
-                  echo "Checking connection"
-                  ssh -q website "echo test" || ssh -q website "echo test"
-
-                  echo "Creating commit rev directory on web server"
-                  ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/"
-                  ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/"
-
-                  echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
-
-            - name: Install liburing
-              run: |
-                  sudo apt install liburing-dev -y
-
-            - name: Free up a bit of runner space
-              run: |
-                  set +o pipefail
-                  sudo docker image prune --all --force || true
-                  sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
-                  sudo apt clean
-                  sudo rm -rf /usr/local/lib/android /usr/local/julia* /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/local/lib/heroku /usr/lib/heroku /usr/local/share/boost /usr/share/dotnet /usr/local/bin/cmake* /usr/local/bin/stack /usr/local/bin/terraform /opt/microsoft/powershell /opt/hostedtoolcache/CodeQL /opt/hostedtoolcache/go /opt/hostedtoolcache/PyPy /usr/local/bin/sam || true
-                  set -o pipefail
-
-            - name: Sync repository
-              uses: actions/checkout@v4
-              with:
-                persist-credentials: false
-
-            - name: Tag comparison check
-              if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }}
-              run: |
-                  # Tag mismatch with latest repo tag check to prevent potential downgrades
-                  LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
-
-                  if [ ${LATEST_TAG} != ${GH_REF_NAME} ]; then
-                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.'
-                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY
-                    exit 1
-                  fi
-
-            - uses: nixbuild/nix-quick-install-action@master
-
-            - name: Restore and cache Nix store
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-              uses: nix-community/cache-nix-action@v5.1.0
-              with:
-                # restore and save a cache using this key
-                primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/.lock') }}
-                # if there's no cache hit, restore a cache by this prefix
-                restore-prefixes-first-match: nix-${{ runner.os }}-
-                # collect garbage until Nix store size (in bytes) is at most this number
-                # before trying to save a new cache
-                gc-max-store-size-linux: 2073741824
-                # do purge caches
-                purge: true
-                # purge all versions of the cache
-                purge-prefixes: nix-${{ runner.os }}-
-                # created more than this number of seconds ago relative to the start of the `Post Restore` phase
-                purge-last-accessed: 86400
-                # except the version with the `primary-key`, if it exists
-                purge-primary-key: never
-                # always save the cache
-                save-always: true
-
-            - name: Enable Cachix binary cache
-              run: |
-                  nix profile install nixpkgs#cachix
-                  cachix use crane
-                  cachix use nix-community
-
-            - name: Apply Nix binary cache configuration
-              run: |
-                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
-                  extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-                  experimental-features = nix-command flakes
-                  extra-experimental-features = nix-command flakes
-                  accept-flake-config = true
-                  EOF
-
-            - name: Use alternative Nix binary caches if specified
-              if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
-              run: |
-                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = ${ATTIC_ENDPOINT}
-                  extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
-                  EOF
-
-            - name: Prepare build environment
-              run: |
-                  echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
-                  nix profile install --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
-                  direnv allow
-                  nix develop .#all-features --command true
-
-            - name: Cache CI dependencies
-              run: |
-                  bin/nix-build-and-cache ci
-                  bin/nix-build-and-cache just '.#devShells.x86_64-linux.default'
-                  bin/nix-build-and-cache just '.#devShells.x86_64-linux.all-features'
-                  bin/nix-build-and-cache just '.#devShells.x86_64-linux.dynamic'
-
-            # use sccache for Rust
-            - name: Run sccache-cache
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
-              uses: mozilla-actions/sccache-action@main
-
-            # use rust-cache
-            - uses: Swatinem/rust-cache@v2
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-              with:
-                cache-all-crates: "true"
-                cache-on-failure: "true"
-                cache-targets: "true"
-
-            - name: Run CI tests
-              env:
-                CARGO_PROFILE: "test"
-              run: |
-                  direnv exec . engage > >(tee -a test_output.log)
-
-            - name: Run Complement tests
-              env:
-                CARGO_PROFILE: "test"
-              run: |
-                  # the nix devshell sets $COMPLEMENT_SRC, so "/dev/null" is no-op
-                  direnv exec . bin/complement "/dev/null" complement_test_logs.jsonl complement_test_results.jsonl > >(tee -a test_output.log)
-                  cp -v -f result complement_oci_image.tar.gz
-
-            - name: Upload Complement OCI image
-              uses: actions/upload-artifact@v4
-              with:
-                name: complement_oci_image.tar.gz
-                path: complement_oci_image.tar.gz
-                if-no-files-found: error
-                compression-level: 0
-
-            - name: Upload Complement logs
-              uses: actions/upload-artifact@v4
-              with:
-                name: complement_test_logs.jsonl
-                path: complement_test_logs.jsonl
-                if-no-files-found: error
-
-            - name: Upload Complement results
-              uses: actions/upload-artifact@v4
-              with:
-                name: complement_test_results.jsonl
-                path: complement_test_results.jsonl
-                if-no-files-found: error
-
-            - name: Diff Complement results with checked-in repo results
-              run: |
-                  diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_diff_output.log)
-
-            - name: Update Job Summary
-              env:
-                GH_JOB_STATUS: ${{ job.status }}
-              if: success() || failure()
-              run: |
-                  if [ ${GH_JOB_STATUS} == 'success' ]; then
-                      echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY
-                  else
-                      echo '# CI failure' >> $GITHUB_STEP_SUMMARY
-                      echo '```' >> $GITHUB_STEP_SUMMARY
-                      tail -n 40 test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY
-                      echo '```' >> $GITHUB_STEP_SUMMARY
-
-                      echo '# Complement diff results' >> $GITHUB_STEP_SUMMARY
-                      echo '```diff' >> $GITHUB_STEP_SUMMARY
-                      tail -n 100 complement_diff_output.log | sed 's/\x1b\[[0-9;]*m//g' >>     $GITHUB_STEP_SUMMARY
-                      echo '```' >> $GITHUB_STEP_SUMMARY
-                  fi
-
-            - name: Run cargo clean test artifacts to free up space
-              run: |
-                  cargo clean --profile test
-
-    build:
-        name: Build
-        runs-on: ubuntu-24.04
-        strategy:
-            matrix:
-                include:
-                    - target: aarch64-linux-musl
-                    - target: x86_64-linux-musl
-        steps:
-            - name: Free up a bit of runner space
-              run: |
-                  set +o pipefail
-                  sudo docker image prune --all --force || true
-                  sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
-                  sudo apt clean
-                  sudo rm -rf /usr/local/lib/android /usr/local/julia* /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/local/lib/heroku /usr/lib/heroku /usr/local/share/boost /usr/share/dotnet /usr/local/bin/cmake* /usr/local/bin/stack /usr/local/bin/terraform /opt/microsoft/powershell /opt/hostedtoolcache/CodeQL /opt/hostedtoolcache/go /opt/hostedtoolcache/PyPy /usr/local/bin/sam || true
-                  set -o pipefail
-
-            - name: Sync repository
-              uses: actions/checkout@v4
-              with:
-                persist-credentials: false
-
-            - name: Setup SSH web publish
-              env:
-                web_upload_ssh_private_key: ${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}
-              if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (env.web_upload_ssh_private_key != '') && github.event.pull_request.user.login != 'renovate[bot]'
-              run: |
-                  mkdir -p -v ~/.ssh
-
-                  echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
-                  echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
-
-                  chmod 600 ~/.ssh/id_ed25519
-
-                  cat >>~/.ssh/config <<END
-                  Host website
-                    HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
-                    User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
-                    IdentityFile ~/.ssh/id_ed25519
-                    StrictHostKeyChecking yes
-                    AddKeysToAgent no
-                    ForwardX11 no
-                    BatchMode yes
-                  END
-
-                  echo "Checking connection"
-                  ssh -q website "echo test" || ssh -q website "echo test"
-
-                  echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
-
-            - uses: nixbuild/nix-quick-install-action@master
-
-            - name: Restore and cache Nix store
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-              uses: nix-community/cache-nix-action@v5.1.0
-              with:
-                # restore and save a cache using this key
-                primary-key: nix-${{ runner.os }}-${{ matrix.target }}-${{ hashFiles('**/*.nix', '**/.lock') }}
-                # if there's no cache hit, restore a cache by this prefix
-                restore-prefixes-first-match: nix-${{ runner.os }}-
-                # collect garbage until Nix store size (in bytes) is at most this number
-                # before trying to save a new cache
-                gc-max-store-size-linux: 2073741824
-                # do purge caches
-                purge: true
-                # purge all versions of the cache
-                purge-prefixes: nix-${{ runner.os }}-
-                # created more than this number of seconds ago relative to the start of the `Post Restore` phase
-                purge-last-accessed: 86400
-                # except the version with the `primary-key`, if it exists
-                purge-primary-key: never
-                # always save the cache
-                save-always: true
-
-            - name: Enable Cachix binary cache
-              run: |
-                  nix profile install nixpkgs#cachix
-                  cachix use crane
-                  cachix use nix-community
-
-            - name: Apply Nix binary cache configuration
-              run: |
-                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
-                  extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-                  experimental-features = nix-command flakes
-                  extra-experimental-features = nix-command flakes
-                  accept-flake-config = true
-                  EOF
-
-            - name: Use alternative Nix binary caches if specified
-              if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
-              run: |
-                  sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-                  extra-substituters = ${ATTIC_ENDPOINT}
-                  extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
-                  EOF
-
-            - name: Prepare build environment
-              run: |
-                  echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
-                  nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
-                  direnv allow
-                  nix develop .#all-features --command true --impure
-
-            # use sccache for Rust
-            - name: Run sccache-cache
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
-              uses: mozilla-actions/sccache-action@main
-
-            # use rust-cache
-            - uses: Swatinem/rust-cache@v2
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-              with:
-                cache-all-crates: "true"
-                cache-on-failure: "true"
-                cache-targets: "true"
-
-            - name: Build static ${{ matrix.target }}-all-features
-              run: |
-                  if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]]
-                  then
-                    CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl"
-                  elif [[ ${{ matrix.target }} == "aarch64-linux-musl" ]]
-                  then
-                    CARGO_DEB_TARGET_TUPLE="aarch64-unknown-linux-musl"
-                  fi
-
-                  SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
-
-                  bin/nix-build-and-cache just .#static-${{ matrix.target }}-all-features
-
-                  mkdir -v -p target/release/
-                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
-                  cp -v -f result/bin/conduwuit target/release/conduwuit
-                  cp -v -f result/bin/conduwuit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
-                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduwuit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb
-                  mv -v target/release/conduwuit static-${{ matrix.target }}
-                  mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb
-
-            - name: Build static x86_64-linux-musl-all-features-x86_64-haswell-optimised
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              run: |
-                  CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl"
-                  SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
-
-                  bin/nix-build-and-cache just .#static-x86_64-linux-musl-all-features-x86_64-haswell-optimised
-
-                  mkdir -v -p target/release/
-                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
-                  cp -v -f result/bin/conduwuit target/release/conduwuit
-                  cp -v -f result/bin/conduwuit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
-                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduwuit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/x86_64-linux-musl-x86_64-haswell-optimised.deb
-                  mv -v target/release/conduwuit static-x86_64-linux-musl-x86_64-haswell-optimised
-                  mv -v target/release/x86_64-linux-musl-x86_64-haswell-optimised.deb x86_64-linux-musl-x86_64-haswell-optimised.deb
-
-            # quick smoke test of the x86_64 static release binary
-            - name: Quick smoke test the x86_64 static release binary
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              run: |
-                  # GH actions default runners are x86_64 only
-                  if file result/bin/conduwuit | grep x86-64; then
-                    result/bin/conduwuit --version
-                    result/bin/conduwuit --help
-                    result/bin/conduwuit -Oserver_name="'$(date -u +%s).local'" -Odatabase_path="'/tmp/$(date -u +%s)'" --execute "server admin-notice awawawawawawawawawawa" --execute "server memory-usage" --execute "server shutdown"
-                  fi
-
-            - name: Build static debug ${{ matrix.target }}-all-features
-              run: |
-                  if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]]
-                  then
-                    CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl"
-                  elif [[ ${{ matrix.target }} == "aarch64-linux-musl" ]]
-                  then
-                    CARGO_DEB_TARGET_TUPLE="aarch64-unknown-linux-musl"
-                  fi
-
-                  SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
-
-                  bin/nix-build-and-cache just .#static-${{ matrix.target }}-all-features-debug
-
-                  # > warning: dev profile is not supported and will be a hard error in the future. cargo-deb is for making releases, and it doesn't make sense to use it with dev profiles.
-                  # so we need to coerce cargo-deb into thinking this is a release binary
-                  mkdir -v -p target/release/
-                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
-                  cp -v -f result/bin/conduwuit target/release/conduwuit
-                  cp -v -f result/bin/conduwuit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
-                  direnv exec . cargo deb --verbose --no-build --no-strip -p conduwuit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}-debug.deb
-                  mv -v target/release/conduwuit static-${{ matrix.target }}-debug
-                  mv -v target/release/${{ matrix.target }}-debug.deb ${{ matrix.target }}-debug.deb
-
-            # quick smoke test of the x86_64 static debug binary
-            - name: Run x86_64 static debug binary
-              run: |
-                  # GH actions default runners are x86_64 only
-                  if file result/bin/conduwuit | grep x86-64; then
-                    result/bin/conduwuit --version
-                  fi
-
-            # check validity of produced deb package, invalid debs will error on these commands
-            - name: Validate produced deb package
-              run: |
-                  # List contents
-                  dpkg-deb --contents ${{ matrix.target }}.deb
-                  dpkg-deb --contents ${{ matrix.target }}-debug.deb
-                  # List info
-                  dpkg-deb --info ${{ matrix.target }}.deb
-                  dpkg-deb --info ${{ matrix.target }}-debug.deb
-
-            - name: Upload static-x86_64-linux-musl-all-features-x86_64-haswell-optimised to GitHub
-              uses: actions/upload-artifact@v4
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              with:
-                  name: static-x86_64-linux-musl-x86_64-haswell-optimised
-                  path: static-x86_64-linux-musl-x86_64-haswell-optimised
-                  if-no-files-found: error
-
-            - name: Upload static-${{ matrix.target }}-all-features to GitHub
-              uses: actions/upload-artifact@v4
-              with:
-                  name: static-${{ matrix.target }}
-                  path: static-${{ matrix.target }}
-                  if-no-files-found: error
-
-            - name: Upload static deb ${{ matrix.target }}-all-features to GitHub
-              uses: actions/upload-artifact@v4
-              with:
-                  name: deb-${{ matrix.target }}
-                  path: ${{ matrix.target }}.deb
-                  if-no-files-found: error
-                  compression-level: 0
-
-            - name: Upload static-x86_64-linux-musl-all-features-x86_64-haswell-optimised to webserver
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    chmod +x static-x86_64-linux-musl-x86_64-haswell-optimised
-                    scp static-x86_64-linux-musl-x86_64-haswell-optimised website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/static-x86_64-linux-musl-x86_64-haswell-optimised
-                  fi
-
-            - name: Upload static-${{ matrix.target }}-all-features to webserver
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    chmod +x static-${{ matrix.target }}
-                    scp static-${{ matrix.target }} website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/static-${{ matrix.target }}
-                  fi
-
-            - name: Upload static deb x86_64-linux-musl-all-features-x86_64-haswell-optimised to webserver
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp x86_64-linux-musl-x86_64-haswell-optimised.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/x86_64-linux-musl-x86_64-haswell-optimised.deb
-                  fi
-
-            - name: Upload static deb ${{ matrix.target }}-all-features to webserver
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp ${{ matrix.target }}.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/${{ matrix.target }}.deb
-                  fi
-
-            - name: Upload static-${{ matrix.target }}-debug-all-features to GitHub
-              uses: actions/upload-artifact@v4
-              with:
-                  name: static-${{ matrix.target }}-debug
-                  path: static-${{ matrix.target }}-debug
-                  if-no-files-found: error
-
-            - name: Upload static deb ${{ matrix.target }}-debug-all-features to GitHub
-              uses: actions/upload-artifact@v4
-              with:
-                  name: deb-${{ matrix.target }}-debug
-                  path: ${{ matrix.target }}-debug.deb
-                  if-no-files-found: error
-                  compression-level: 0
-
-            - name: Upload static-${{ matrix.target }}-debug-all-features to webserver
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp static-${{ matrix.target }}-debug website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/static-${{ matrix.target }}-debug
-                  fi
-
-            - name: Upload static deb ${{ matrix.target }}-debug-all-features to webserver
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp ${{ matrix.target }}-debug.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/${{ matrix.target }}-debug.deb
-                  fi
-
-            - name: Build OCI image ${{ matrix.target }}-all-features
-              run: |
-                  bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features
-
-                  cp -v -f result oci-image-${{ matrix.target }}.tar.gz
-
-            - name: Build OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              run: |
-                  bin/nix-build-and-cache just .#oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised
-
-                  cp -v -f result oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz
-
-            - name: Build debug OCI image ${{ matrix.target }}-all-features
-              run: |
-                  bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features-debug
-
-                  cp -v -f result oci-image-${{ matrix.target }}-debug.tar.gz
-
-            - name: Upload OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised to GitHub
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              uses: actions/upload-artifact@v4
-              with:
-                  name: oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised
-                  path: oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz
-                  if-no-files-found: error
-                  compression-level: 0
-            - name: Upload OCI image ${{ matrix.target }}-all-features to GitHub
-              uses: actions/upload-artifact@v4
-              with:
-                  name: oci-image-${{ matrix.target }}
-                  path: oci-image-${{ matrix.target }}.tar.gz
-                  if-no-files-found: error
-                  compression-level: 0
-
-            - name: Upload OCI image ${{ matrix.target }}-debug-all-features to GitHub
-              uses: actions/upload-artifact@v4
-              with:
-                  name: oci-image-${{ matrix.target }}-debug
-                  path: oci-image-${{ matrix.target }}-debug.tar.gz
-                  if-no-files-found: error
-                  compression-level: 0
-
-            - name: Upload OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz to webserver
-              if: ${{ matrix.target == 'x86_64-linux-musl' }}
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz
-                  fi
-
-            - name: Upload OCI image ${{ matrix.target }}-all-features to webserver
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp oci-image-${{ matrix.target }}.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/oci-image-${{ matrix.target }}.tar.gz
-                  fi
-
-            - name: Upload OCI image ${{ matrix.target }}-debug-all-features to webserver
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    scp oci-image-${{ matrix.target }}-debug.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/oci-image-${{ matrix.target }}-debug.tar.gz
-                  fi
-
-    build_mac_binaries:
-        name: Build MacOS Binaries
-        strategy:
-          matrix:
-            os: [macos-latest, macos-13]
-        runs-on: ${{ matrix.os }}
-        steps:
-            - name: Sync repository
-              uses: actions/checkout@v4
-              with:
-                persist-credentials: false
-
-            - name: Setup SSH web publish
-              env:
-                web_upload_ssh_private_key: ${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}
-              if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (env.web_upload_ssh_private_key != '') && github.event.pull_request.user.login != 'renovate[bot]'
-              run: |
-                  mkdir -p -v ~/.ssh
-
-                  echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
-                  echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
-
-                  chmod 600 ~/.ssh/id_ed25519
-
-                  cat >>~/.ssh/config <<END
-                  Host website
-                    HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
-                    User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
-                    IdentityFile ~/.ssh/id_ed25519
-                    StrictHostKeyChecking yes
-                    AddKeysToAgent no
-                    ForwardX11 no
-                    BatchMode yes
-                  END
-
-                  echo "Checking connection"
-                  ssh -q website "echo test" || ssh -q website "echo test"
-
-                  echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
-
-            - name: Tag comparison check
-              if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }}
-              run: |
-                  # Tag mismatch with latest repo tag check to prevent potential downgrades
-                  LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
-
-                  if [ ${LATEST_TAG} != ${GH_REF_NAME} ]; then
-                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.'
-                    echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY
-                    exit 1
-                  fi
-
-            # use sccache for Rust
-            - name: Run sccache-cache
-              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-              # releases and tags
-              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
-              uses: mozilla-actions/sccache-action@main
-
-            # use rust-cache
-            - uses: Swatinem/rust-cache@v2
-              with:
-                cache-all-crates: "true"
-                cache-on-failure: "true"
-                cache-targets: "true"
-
-            # Nix can't do portable macOS builds yet
-            - name: Build macOS x86_64 binary
-              if: ${{ matrix.os == 'macos-13' }}
-              run: |
-                  CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short ${{ github.sha }})" cargo build --release --locked --features=perf_measurements,sentry_telemetry,direct_tls
-                  cp -v -f target/release/conduwuit conduwuit-macos-x86_64
-                  otool -L conduwuit-macos-x86_64
-
-            # quick smoke test of the x86_64 macOS binary
-            - name: Run x86_64 macOS release binary
-              if: ${{ matrix.os == 'macos-13' }}
-              run: |
-                  ./conduwuit-macos-x86_64 --help
-                  ./conduwuit-macos-x86_64 --version
-
-            - name: Build macOS arm64 binary
-              if: ${{ matrix.os == 'macos-latest' }}
-              run: |
-                  CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short ${{ github.sha }})" cargo build --release --locked --features=perf_measurements,sentry_telemetry,direct_tls
-                  cp -v -f target/release/conduwuit conduwuit-macos-arm64
-                  otool -L conduwuit-macos-arm64
-
-            # quick smoke test of the arm64 macOS binary
-            - name: Run arm64 macOS release binary
-              if: ${{ matrix.os == 'macos-latest' }}
-              run: |
-                  ./conduwuit-macos-arm64 --help
-                  ./conduwuit-macos-arm64 --version
-
-            - name: Upload macOS x86_64 binary to webserver
-              if: ${{ matrix.os == 'macos-13' }}
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    chmod +x conduwuit-macos-x86_64
-                    scp conduwuit-macos-x86_64 website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/conduwuit-macos-x86_64
-                  fi
-
-            - name: Upload macOS arm64 binary to webserver
-              if: ${{ matrix.os == 'macos-latest' }}
-              run: |
-                  if [ ! -z $SSH_WEBSITE ]; then
-                    chmod +x conduwuit-macos-arm64
-                    scp conduwuit-macos-arm64 website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/conduwuit-macos-arm64
-                  fi
-
-            - name: Upload macOS x86_64 binary
-              if: ${{ matrix.os == 'macos-13' }}
-              uses: actions/upload-artifact@v4
-              with:
-                  name: conduwuit-macos-x86_64
-                  path: conduwuit-macos-x86_64
-                  if-no-files-found: error
-
-            - name: Upload macOS arm64 binary
-              if: ${{ matrix.os == 'macos-latest' }}
-              uses: actions/upload-artifact@v4
-              with:
-                  name: conduwuit-macos-arm64
-                  path: conduwuit-macos-arm64
-                  if-no-files-found: error
-    variables: 
-      outputs:
-        github_repository: ${{ steps.var.outputs.github_repository }}
-      runs-on: "ubuntu-latest"
-      steps:
-        - name: Setting global variables
-          uses: actions/github-script@v7
-          id: var
-          with:
-            script: |
-              core.setOutput('github_repository', '${{ github.repository }}'.toLowerCase())
-    docker:
-        name: Docker publish
-        runs-on: ubuntu-24.04
-        needs: [build, variables, tests]
-        permissions:
-          packages: write
-          contents: read
-        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && github.event.pull_request.user.login != 'renovate[bot]'
-        env:
-            DOCKER_HUB_REPO: docker.io/${{ needs.variables.outputs.github_repository }}
-            GHCR_REPO: ghcr.io/${{ needs.variables.outputs.github_repository }}
-            GLCR_REPO: registry.gitlab.com/conduwuit/conduwuit
-            UNIQUE_TAG: ${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
-            BRANCH_TAG: ${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}
-
-            DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-            GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
-            GHCR_ENABLED: "${{ (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) && 'true' || 'false' }}"
-        steps:
-            - name: Login to GitHub Container Registry
-              uses: docker/login-action@v3
-              with:
-                  registry: ghcr.io
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
-
-            - name: Login to Docker Hub
-              if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
-              uses: docker/login-action@v3
-              with:
-                  registry: docker.io
-                  username: ${{ vars.DOCKER_USERNAME }}
-                  password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-            - name: Login to GitLab Container Registry
-              if: ${{ (vars.GITLAB_USERNAME != '') && (env.GITLAB_TOKEN != '') }}
-              uses: docker/login-action@v3
-              with:
-                  registry: registry.gitlab.com
-                  username: ${{ vars.GITLAB_USERNAME }}
-                  password: ${{ secrets.GITLAB_TOKEN }}
-
-            - name: Download artifacts
-              uses: actions/download-artifact@v4
-
-            - name: Move OCI images into position
-              run: |
-                  mv -v oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised/*.tar.gz oci-image-amd64-haswell-optimised.tar.gz
-                  mv -v oci-image-x86_64-linux-musl/*.tar.gz oci-image-amd64.tar.gz
-                  mv -v oci-image-aarch64-linux-musl/*.tar.gz oci-image-arm64v8.tar.gz
-                  mv -v oci-image-x86_64-linux-musl-debug/*.tar.gz oci-image-amd64-debug.tar.gz
-                  mv -v oci-image-aarch64-linux-musl-debug/*.tar.gz oci-image-arm64v8-debug.tar.gz
-
-            - name: Load and push amd64 haswell image
-              run: |
-                  docker load -i oci-image-amd64-haswell-optimised.tar.gz
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
-                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-haswell
-                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-haswell
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-haswell
-                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-haswell
-                  fi
-
-            - name: Load and push amd64 image
-              run: |
-                  docker load -i oci-image-amd64.tar.gz
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
-                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-amd64
-                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-amd64
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-amd64
-                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-amd64
-                  fi
-
-            - name: Load and push arm64 image
-              run: |
-                  docker load -i oci-image-arm64v8.tar.gz
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8
-                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8
-                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8
-                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8
-                  fi
-
-            - name: Load and push amd64 debug image
-              run: |
-                  docker load -i oci-image-amd64-debug.tar.gz
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
-                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                  fi
-
-            - name: Load and push arm64 debug image
-              run: |
-                  docker load -i oci-image-arm64v8-debug.tar.gz
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug
-                    docker push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
-                    docker push ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker tag $(docker images -q conduwuit:main) ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
-                    docker push ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug
-                  fi
-
-            - name: Create Docker haswell manifests
-              run: |
-                  # Dockerhub Container Registry
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker manifest create ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
-                    docker manifest create ${DOCKER_HUB_REPO}:${BRANCH_TAG}-haswell --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
-                  fi
-                  # GitHub Container Registry
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker manifest create ${GHCR_REPO}:${UNIQUE_TAG}-haswell --amend ${GHCR_REPO}:${UNIQUE_TAG}-haswell
-                    docker manifest create ${GHCR_REPO}:${BRANCH_TAG}-haswell --amend ${GHCR_REPO}:${UNIQUE_TAG}-haswell
-                  fi
-                  # GitLab Container Registry
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker manifest create ${GLCR_REPO}:${UNIQUE_TAG}-haswell --amend ${GLCR_REPO}:${UNIQUE_TAG}-haswell
-                    docker manifest create ${GLCR_REPO}:${BRANCH_TAG}-haswell --amend ${GLCR_REPO}:${UNIQUE_TAG}-haswell
-                  fi
-
-            - name: Create Docker combined manifests
-              run: |
-                  # Dockerhub Container Registry
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker manifest create ${DOCKER_HUB_REPO}:${UNIQUE_TAG} --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
-                    docker manifest create ${DOCKER_HUB_REPO}:${BRANCH_TAG} --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64
-                  fi
-                  # GitHub Container Registry
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker manifest create ${GHCR_REPO}:${UNIQUE_TAG} --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64
-                    docker manifest create ${GHCR_REPO}:${BRANCH_TAG} --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64
-                  fi
-                  # GitLab Container Registry
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker manifest create ${GLCR_REPO}:${UNIQUE_TAG} --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64
-                    docker manifest create ${GLCR_REPO}:${BRANCH_TAG} --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8 --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64
-                  fi
-
-            - name: Create Docker combined debug manifests
-              run: |
-                  # Dockerhub Container Registry
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker manifest create ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
-                    docker manifest create ${DOCKER_HUB_REPO}:${BRANCH_TAG}-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-amd64-debug
-                  fi
-                  # GitHub Container Registry
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker manifest create ${GHCR_REPO}:${UNIQUE_TAG}-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                    docker manifest create ${GHCR_REPO}:${BRANCH_TAG}-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GHCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                  fi
-                  # GitLab Container Registry
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker manifest create ${GLCR_REPO}:${UNIQUE_TAG}-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                    docker manifest create ${GLCR_REPO}:${BRANCH_TAG}-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-arm64v8-debug --amend ${GLCR_REPO}:${UNIQUE_TAG}-amd64-debug
-                  fi
-
-            - name: Push manifests to Docker registries
-              run: |
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    docker manifest push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}
-                    docker manifest push ${DOCKER_HUB_REPO}:${BRANCH_TAG}
-                    docker manifest push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-debug
-                    docker manifest push ${DOCKER_HUB_REPO}:${BRANCH_TAG}-debug
-                    docker manifest push ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell
-                    docker manifest push ${DOCKER_HUB_REPO}:${BRANCH_TAG}-haswell
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    docker manifest push ${GHCR_REPO}:${UNIQUE_TAG}
-                    docker manifest push ${GHCR_REPO}:${BRANCH_TAG}
-                    docker manifest push ${GHCR_REPO}:${UNIQUE_TAG}-debug
-                    docker manifest push ${GHCR_REPO}:${BRANCH_TAG}-debug
-                    docker manifest push ${GHCR_REPO}:${UNIQUE_TAG}-haswell
-                    docker manifest push ${GHCR_REPO}:${BRANCH_TAG}-haswell
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    docker manifest push ${GLCR_REPO}:${UNIQUE_TAG}
-                    docker manifest push ${GLCR_REPO}:${BRANCH_TAG}
-                    docker manifest push ${GLCR_REPO}:${UNIQUE_TAG}-debug
-                    docker manifest push ${GLCR_REPO}:${BRANCH_TAG}-debug
-                    docker manifest push ${GLCR_REPO}:${UNIQUE_TAG}-haswell
-                    docker manifest push ${GLCR_REPO}:${BRANCH_TAG}-haswell
-                  fi
-
-            - name: Add Image Links to Job Summary
-              run: |
-                  if [ ! -z $DOCKERHUB_TOKEN ]; then
-                    echo "- \`docker pull ${DOCKER_HUB_REPO}:${UNIQUE_TAG}\`" >> $GITHUB_STEP_SUMMARY
-                    echo "- \`docker pull ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-debug\`" >> $GITHUB_STEP_SUMMARY
-                    echo "- \`docker pull ${DOCKER_HUB_REPO}:${UNIQUE_TAG}-haswell\`" >> $GITHUB_STEP_SUMMARY
-                  fi
-                  if [ $GHCR_ENABLED = "true" ]; then
-                    echo "- \`docker pull ${GHCR_REPO}:${UNIQUE_TAG}\`" >> $GITHUB_STEP_SUMMARY
-                    echo "- \`docker pull ${GHCR_REPO}:${UNIQUE_TAG}-debug\`" >> $GITHUB_STEP_SUMMARY
-                    echo "- \`docker pull ${GHCR_REPO}:${UNIQUE_TAG}-haswell\`" >> $GITHUB_STEP_SUMMARY
-                  fi
-                  if [ ! -z $GITLAB_TOKEN ]; then
-                    echo "- \`docker pull ${GLCR_REPO}:${UNIQUE_TAG}\`" >> $GITHUB_STEP_SUMMARY
-                    echo "- \`docker pull ${GLCR_REPO}:${UNIQUE_TAG}-debug\`" >> $GITHUB_STEP_SUMMARY
-                    echo "- \`docker pull ${GLCR_REPO}:${UNIQUE_TAG}-haswell\`" >> $GITHUB_STEP_SUMMARY
-                  fi
@@ -1,41 +0,0 @@
-name: Update Docker Hub Description
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - README.md
-      - .github/workflows/docker-hub-description.yml
-
-  workflow_dispatch:
-
-jobs:
-  dockerHubDescription:
-    runs-on: ubuntu-latest
-    if: ${{ (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && github.event.pull_request.user.login != 'renovate[bot]' && (vars.DOCKER_USERNAME != '') }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        persist-credentials: false
-
-    - name: Setting variables
-      uses: actions/github-script@v7
-      id: var
-      with:
-        script: |
-          const githubRepo = '${{ github.repository }}'.toLowerCase()
-          const repoId = githubRepo.split('/')[1]
-          
-          core.setOutput('github_repository', githubRepo)
-          const dockerRepo = '${{ vars.DOCKER_USERNAME }}'.toLowerCase() + '/' + repoId
-          core.setOutput('docker_repo', dockerRepo)
-
-    - name: Docker Hub Description
-      uses: peter-evans/dockerhub-description@v4
-      with:
-        username: ${{ vars.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        repository: ${{ steps.var.outputs.docker_repo }}
-        short-description: ${{ github.event.repository.description }}
-        enable-url-completion: true
@@ -1,163 +0,0 @@
-name: Documentation and GitHub Pages
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-    tags:
-      - '*'
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-env:
-  # Required to make some things output color
-  TERM: ansi
-  # Publishing to my nix binary cache
-  ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
-  # conduwuit.cachix.org
-  CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-  # Custom nix binary cache if fork is being used
-  ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
-  ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }}
-  # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps
-  NIX_CONFIG: |
-    show-trace = true
-    extra-substituters = extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
-    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-    experimental-features = nix-command flakes
-    extra-experimental-features = nix-command flakes
-    accept-flake-config = true
-
-# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
-# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
-concurrency:
-  group: "pages"
-  cancel-in-progress: false
-
-permissions: {}
-
-jobs:
-  docs:
-    name: Documentation and GitHub Pages
-    runs-on: ubuntu-24.04
-
-    permissions:
-      pages: write
-      id-token: write
-
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-
-    steps:
-      - name: Free up a bit of runner space
-        run: |
-            set +o pipefail
-            sudo docker image prune --all --force || true
-            sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true
-            sudo apt clean
-            sudo rm -v -rf /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/heroku
-            set -o pipefail
-
-      - name: Sync repository
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Setup GitHub Pages
-        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
-        uses: actions/configure-pages@v5
-
-      - uses: nixbuild/nix-quick-install-action@master
-
-      - name: Restore and cache Nix store
-        # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
-        # releases and tags
-        if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-        uses: nix-community/cache-nix-action@v5.1.0
-        with:
-          # restore and save a cache using this key
-          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/.lock') }}
-          # if there's no cache hit, restore a cache by this prefix
-          restore-prefixes-first-match: nix-${{ runner.os }}-
-          # collect garbage until Nix store size (in bytes) is at most this number
-          # before trying to save a new cache
-          gc-max-store-size-linux: 2073741824
-          # do purge caches
-          purge: true
-          # purge all versions of the cache
-          purge-prefixes: nix-${{ runner.os }}-
-          # created more than this number of seconds ago relative to the start of the `Post Restore` phase
-          purge-last-accessed: 86400
-          # except the version with the `primary-key`, if it exists
-          purge-primary-key: never
-          # always save the cache
-          save-always: true
-
-      - name: Enable Cachix binary cache
-        run: |
-            nix profile install nixpkgs#cachix
-            cachix use crane
-            cachix use nix-community
-
-      - name: Apply Nix binary cache configuration
-        run: |
-            sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-            extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net
-            extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-            experimental-features = nix-command flakes
-            extra-experimental-features = nix-command flakes
-            accept-flake-config = true
-            EOF
-
-      - name: Use alternative Nix binary caches if specified
-        if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
-        run: |
-            sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
-            extra-substituters = ${ATTIC_ENDPOINT}
-            extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
-            EOF
-
-      - name: Prepare build environment
-        run: |
-            echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
-            nix profile install --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
-            direnv allow
-            nix develop --command true
-
-      - name: Cache CI dependencies
-        run: |
-            bin/nix-build-and-cache ci
-
-      - name: Run lychee and markdownlint
-        run: |
-            direnv exec . engage just lints lychee
-            direnv exec . engage just lints markdownlint
-
-      - name: Build documentation (book)
-        run: |
-            bin/nix-build-and-cache just .#book
-
-            cp -r --dereference result public
-
-      - name: Upload generated documentation (book) as normal artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: public
-          path: public
-          if-no-files-found: error
-          # don't compress again
-          compression-level: 0
-
-      - name: Upload generated documentation (book) as GitHub Pages artifact
-        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
-        uses: actions/upload-pages-artifact@v3
-        with:
-          path: public
-
-      - name: Deploy to GitHub Pages
-        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
-        id: deployment
-        uses: actions/deploy-pages@v4
@@ -1,118 +0,0 @@
-name: Upload Release Assets
-
-on:
-  release:
-    types: [published]
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: 'Tag to release'
-        required: true
-        type: string
-      action_id:
-        description: 'Action ID of the CI run'
-        required: true
-        type: string
-
-permissions: {}
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    env:
-      GH_EVENT_NAME: ${{ github.event_name }}
-      GH_EVENT_INPUTS_ACTION_ID: ${{ github.event.inputs.action_id }}
-      GH_EVENT_INPUTS_TAG: ${{ github.event.inputs.tag }}
-      GH_REPOSITORY: ${{ github.repository }}
-      GH_SHA: ${{ github.sha }}
-      GH_TAG: ${{ github.event.release.tag_name }}
-
-    steps:
-      - name: get latest ci id
-        id: get_ci_id
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          if [ "${GH_EVENT_NAME}" == "workflow_dispatch" ]; then
-            id="${GH_EVENT_INPUTS_ACTION_ID}"
-            tag="${GH_EVENT_INPUTS_TAG}"
-          else
-            # get all runs of the ci workflow
-            json=$(gh api "repos/${GH_REPOSITORY}/actions/workflows/ci.yml/runs")
-
-            # find first run that is github sha and status is completed
-            id=$(echo "$json" | jq ".workflow_runs[] | select(.head_sha == \"${GH_SHA}\" and .status == \"completed\") | .id" | head -n 1)
-
-            if [ ! "$id" ]; then
-              echo "No completed runs found"
-              echo "ci_id=0" >> "$GITHUB_OUTPUT"
-              exit 0
-            fi
-
-            tag="${GH_TAG}"
-          fi
-
-          echo "ci_id=$id" >> "$GITHUB_OUTPUT"
-          echo "tag=$tag" >> "$GITHUB_OUTPUT"
-
-      - name: get latest ci artifacts
-        if: steps.get_ci_id.outputs.ci_id != 0
-        uses: actions/download-artifact@v4
-        env:
-          GH_TOKEN: ${{ github.token }}
-        with:
-          merge-multiple: true
-          run-id: ${{ steps.get_ci_id.outputs.ci_id }}
-          github-token: ${{ github.token }}
-
-      - run: |
-          ls
-
-      - name: upload release assets
-        if: steps.get_ci_id.outputs.ci_id != 0
-        env:
-          GH_TOKEN: ${{ github.token }}
-          TAG: ${{ steps.get_ci_id.outputs.tag }}
-        run: |
-          for file in $(find . -type f); do
-            case "$file" in
-              *json*) echo "Skipping $file...";;
-              *) echo "Uploading $file..."; gh release upload $TAG "$file" --clobber --repo="${GH_REPOSITORY}" || echo "Something went wrong, skipping.";;
-            esac
-          done
-
-      - name: upload release assets to website
-        if: steps.get_ci_id.outputs.ci_id != 0
-        env:
-          TAG: ${{ steps.get_ci_id.outputs.tag }}
-        run: |
-          mkdir -p -v ~/.ssh
-
-          echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
-          echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519
-
-          chmod 600 ~/.ssh/id_ed25519
-
-          cat >>~/.ssh/config <<END
-          Host website
-            HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }}
-            User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
-            IdentityFile ~/.ssh/id_ed25519
-            StrictHostKeyChecking yes
-            AddKeysToAgent no
-            ForwardX11 no
-            BatchMode yes
-          END
-
-          echo "Creating tag directory on web server"
-          ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/"
-          ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/"
-
-          for file in $(find . -type f); do
-            case "$file" in
-              *json*) echo "Skipping $file...";;
-              *) echo "Uploading $file to website"; scp $file website:/var/www/girlboss.ceo/~strawberry/conduwuit/releases/$TAG/$file;;
-            esac
-          done
@@ -1,97 +1,4 @@
-# Local environment overrides
-/.env
+node_modules

-# CMake
-cmake-build-*/
-
-# IntelliJ
-.idea/
-out/
-*.iml
-modules.xml
-*.ipr
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# Linux backup files
-*~
-
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-
-# Rust
-/target
-
-### vscode ###
-.vscode/*
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-*.code-workspace
-
-### Windows ###
-# Windows thumbnail cache files
-Thumbs.db
-Thumbs.db:encryptable
-ehthumbs.db
-ehthumbs_vista.db
-
-# Dump file
-*.stackdump
-
-# Folder config file
-[Dd]esktop.ini
-
-# Recycle Bin used on file shares
-$RECYCLE.BIN/
-
-# Windows shortcuts
-*.lnk
-
-# Conduit
-conduit.toml
-conduit.db
-
-# Etc.
-**/*.rs.bk
-cached_target
-
-# Nix artifacts
-/result*
-
-# Direnv cache
-/.direnv
-
-test-conduit/
-test-conduit.toml
-
-# Gitlab CI cache
-/.gitlab-ci.d
-
-# mdbook output
-public/
-
-# macOS
-.DS_Store
-
-# VS Code
-.vscode/
-
-# Zed
-.zed/
-
-# idk where you're coming from, but i'm tired of you
-rustc-ice-*
-
-# complement test logs are huge
-tests/test_results/complement/test_logs.jsonl
+servers/*.ign
+.parcel-cache
@@ -1,152 +0,0 @@
-stages:
-  - ci
-  - artifacts
-  - publish
-
-variables:
-  # Makes some things print in color
-  TERM: ansi
-  # Faster cache and artifact compression / decompression
-  FF_USE_FASTZIP: true
-  # Print progress reports for cache and artifact transfers
-  TRANSFER_METER_FREQUENCY: 5s
-  NIX_CONFIG: |
-    show-trace = true
-    extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://conduwuit.cachix.org
-    extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-    experimental-features = nix-command flakes
-    extra-experimental-features = nix-command flakes
-    accept-flake-config = true
-
-# Avoid duplicate pipelines
-# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
-workflow:
-  rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
-      when: never
-    - if: $CI
-
-before_script:
-  # Enable nix-command and flakes
-  - if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null; then echo "extra-experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi
-  # Accept flake config from "untrusted" users
-  - if command -v nix > /dev/null; then echo "accept-flake-config = true" >> /etc/nix/nix.conf; fi
-
-  # Add conduwuit binary cache
-  - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduwuit" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE=" >> /etc/nix/nix.conf; fi
-
-  - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduit" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=" >> /etc/nix/nix.conf; fi
-
-  # Add alternate binary cache
-  - if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi
-
-  # Add crane binary cache
-  - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi
-
-  # Add nix-community binary cache
-  - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi
-  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi
-
-  - if command -v nix > /dev/null; then echo "extra-substituters = https://aseipp-nix-cache.freetls.fastly.net" >> /etc/nix/nix.conf; fi
-
-  # Install direnv and nix-direnv
-  - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi
-
-  # Allow .envrc
-  - if command -v nix > /dev/null; then direnv allow; fi
-
-  # Set CARGO_HOME to a cacheable path
-  - export CARGO_HOME="$(git rev-parse --show-toplevel)/.gitlab-ci.d/cargo"
-
-ci:
-  stage: ci
-  image: nixos/nix:2.24.9
-  script:
-    # Cache CI dependencies
-    - ./bin/nix-build-and-cache ci
-
-    - direnv exec . engage
-  cache:
-    key: nix
-    paths:
-      - target
-      - .gitlab-ci.d
-  rules:
-    # CI on upstream runners (only available for maintainers)
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $IS_UPSTREAM_CI == "true"
-    # Manual CI on unprotected branches that are not MRs
-    - if: $CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "false"
-      when: manual
-    # Manual CI on forks
-    - if: $IS_UPSTREAM_CI != "true"
-      when: manual
-    - if: $CI
-  interruptible: true
-
-artifacts:
-  stage: artifacts
-  image: nixos/nix:2.24.9
-  script:
-    - ./bin/nix-build-and-cache just .#static-x86_64-linux-musl
-    - cp result/bin/conduit x86_64-linux-musl
-
-    - mkdir -p target/release
-    - cp result/bin/conduit target/release
-    - direnv exec . cargo deb --no-build --no-strip
-    - mv target/debian/*.deb x86_64-linux-musl.deb
-
-    # Since the OCI image package is based on the binary package, this has the
-    # fun side effect of uploading the normal binary too. Conduit users who are
-    # deploying with Nix can leverage this fact by adding our binary cache to
-    # their systems.
-    #
-    # Note that although we have an `oci-image-x86_64-linux-musl`
-    # output, we don't build it because it would be largely redundant to this
-    # one since it's all containerized anyway.
-    - ./bin/nix-build-and-cache just .#oci-image
-    - cp result oci-image-amd64.tar.gz
-
-    - ./bin/nix-build-and-cache just .#static-aarch64-linux-musl
-    - cp result/bin/conduit aarch64-linux-musl
-
-    - ./bin/nix-build-and-cache just .#oci-image-aarch64-linux-musl
-    - cp result oci-image-arm64v8.tar.gz
-
-    - ./bin/nix-build-and-cache just .#book
-    # We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746
-    - cp -r --dereference result public
-  artifacts:
-    paths:
-      - x86_64-linux-musl
-      - aarch64-linux-musl
-      - x86_64-linux-musl.deb
-      - oci-image-amd64.tar.gz
-      - oci-image-arm64v8.tar.gz
-      - public
-  rules:
-    # CI required for all MRs
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-    # Optional CI on forks
-    - if: $IS_UPSTREAM_CI != "true"
-      when: manual
-      allow_failure: true
-    - if: $CI
-  interruptible: true
-
-pages:
-  stage: publish
-  dependencies:
-    - artifacts
-  only:
-    - next
-  script:
-    - "true"
-  artifacts:
-    paths:
-      - public
@@ -1,8 +0,0 @@
-
-<!-- Please describe your changes here -->
-
-----------------------------------------------------------------------------
-
- [ ] I ran `cargo fmt`, `cargo clippy`, and `cargo test`
- [ ] I agree to release my code and all other changes of this MR under the Apache-2.0 license
-
@@ -1,3 +0,0 @@
-# Docs: Map markdown to html files
- source: /docs/(.+)\.md/
-  public: '\1.html'
@@ -1 +0,0 @@
-.gitignore
@@ -1,133 +0,0 @@
-
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
-identity and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our
-community include:
-
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the overall
-  community
-
-Examples of unacceptable behavior include:
-
-* The use of sexualized language or imagery, and sexual attention or advances of
-  any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email address,
-  without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
-
-## Scope
-
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement over email at
-<strawberry@puppygock.gay> or over Matrix at @strawberry:puppygock.gay.
-All complaints will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series of
-actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
-ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within the
-community.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.1, available at
-[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
-
-Community Impact Guidelines were inspired by
-[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
-
-For answers to common questions about this code of conduct, see the FAQ at
-[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
-[https://www.contributor-covenant.org/translations][translations].
-
-[homepage]: https://www.contributor-covenant.org
-[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
-[Mozilla CoC]: https://github.com/mozilla/diversity
-[FAQ]: https://www.contributor-covenant.org/faq
-[translations]: https://www.contributor-covenant.org/translations
@@ -1,149 +0,0 @@
-# Contributing guide
-
-This page is for about contributing to conduwuit. The
-[development](./development.md) page may be of interest for you as well.
-
-If you would like to work on an [issue][issues] that is not assigned, preferably
-ask in the Matrix room first at [#conduwuit:puppygock.gay][conduwuit-matrix],
-and comment on it.
-
-### Linting and Formatting
-
-It is mandatory all your changes satisfy the lints (clippy, rustc, rustdoc, etc)
-and your code is formatted via the **nightly** `cargo fmt`. A lot of the
-`rustfmt.toml` features depend on nightly toolchain. It would be ideal if they
-weren't nightly-exclusive features, but they currently still are. CI's rustfmt
-uses nightly.
-
-If you need to allow a lint, please make sure it's either obvious as to why
-(e.g. clippy saying redundant clone but it's actually required) or it has a
-comment saying why. Do not write inefficient code for the sake of satisfying
-lints. If a lint is wrong and provides a more inefficient solution or
-suggestion, allow the lint and mention that in a comment.
-
-### Running CI tests locally
-
-conduwuit's CI for tests, linting, formatting, audit, etc use
-[`engage`][engage]. engage can be installed from nixpkgs or `cargo install
-engage`. conduwuit's Nix flake devshell has the nixpkgs engage with `direnv`.
-Use `engage --help` for more usage details.
-
-To test, format, lint, etc that CI would do, install engage, allow the `.envrc`
-file using `direnv allow`, and run `engage`.
-
-All of the tasks are defined at the [engage.toml][engage.toml] file. You can
-view all of them neatly by running `engage list`
-
-If you would like to run only a specific engage task group, use `just`:
-
- `engage just <group>`
- Example: `engage just lints`
-
-If you would like to run a specific engage task in a specific group, use `just
-<GROUP> [TASK]`: `engage just lints cargo-fmt`
-
-The following binaries are used in [`engage.toml`][engage.toml]:
-
- [`engage`][engage]
- `nix`
- [`direnv`][direnv]
- `rustc`
- `cargo`
- `cargo-fmt`
- `rustdoc`
- `cargo-clippy`
- [`cargo-audit`][cargo-audit]
- [`cargo-deb`][cargo-deb]
- [`lychee`][lychee]
- [`markdownlint-cli`][markdownlint-cli]
- `dpkg`
-
-### Matrix tests
-
-CI runs [Complement][complement], but currently does not fail if results from
-the checked-in results differ with the new results. If your changes are done to
-fix Matrix tests, note that in your pull request. If more Complement tests start
-failing from your changes, please review the logs (they are uploaded as
-artifacts) and determine if they're intended or not.
-
-If you'd like to run Complement locally using Nix, see the
-[testing](development/testing.md) page.
-
-[Sytest][sytest] support will come soon.
-
-### Writing documentation
-
-conduwuit's website uses [`mdbook`][mdbook] and deployed via CI using GitHub
-Pages in the [`documentation.yml`][documentation.yml] workflow file with Nix's
-mdbook in the devshell. All documentation is in the `docs/` directory at the top
-level. The compiled mdbook website is also uploaded as an artifact.
-
-To build the documentation using Nix, run: `bin/nix-build-and-cache just .#book`
-
-The output of the mdbook generation is in `result/`. mdbooks can be opened in
-your browser from the individual HTML files without any web server needed.
-
-### Inclusivity and Diversity
-
-All **MUST** code and write with inclusivity and diversity in mind. See the
-[following page by Google on writing inclusive code and
-documentation](https://developers.google.com/style/inclusive-documentation).
-
-This **EXPLICITLY** forbids usage of terms like "blacklist"/"whitelist" and
-"master"/"slave", [forbids gender-specific words and
-phrases](https://developers.google.com/style/pronouns#gender-neutral-pronouns),
-forbids ableist language like "sanity-check", "cripple", or "insane", and
-forbids culture-specific language (e.g. US-only holidays or cultures).
-
-No exceptions are allowed. Dependencies that may use these terms are allowed but
-[do not replicate the name in your functions or
-variables](https://developers.google.com/style/inclusive-documentation#write-around).
-
-In addition to language, write and code with the user experience in mind. This
-is software that intends to be used by everyone, so make it easy and comfortable
-for everyone to use. 🏳️‍⚧️
-
-### Variable, comment, function, etc standards
-
-Rust's default style and standards with regards to [function names, variable
-names, comments](https://rust-lang.github.io/api-guidelines/naming.html), etc
-applies here.
-
-### Creating pull requests
-
-Please try to keep contributions to the GitHub. While the mirrors of conduwuit
-allow for pull/merge requests, there is no guarantee I will see them in a timely
-manner. Additionally, please mark WIP or unfinished or incomplete PRs as drafts.
-This prevents me from having to ping once in a while to double check the status
-of it, especially when the CI completed successfully and everything so it
-*looks* done.
-
-If you open a pull request on one of the mirrors, it is your responsibility to
-inform me about its existence. In the future I may try to solve this with more
-repo bots in the conduwuit Matrix room. There is no mailing list or email-patch
-support on the sr.ht mirror, but if you'd like to email me a git patch you can
-do so at `strawberry@puppygock.gay`.
-
-Direct all PRs/MRs to the `main` branch.
-
-By sending a pull request or patch, you are agreeing that your changes are
-allowed to be licenced under the Apache-2.0 licence and all of your conduct is
-in line with the Contributor's Covenant, and conduwuit's Code of Conduct.
-
-Contribution by users who violate either of these code of conducts will not have
-their contributions accepted. This includes users who have been banned from
-conduwuit Matrix rooms for Code of Conduct violations.
-
-[issues]: https://github.com/girlbossceo/conduwuit/issues
-[conduwuit-matrix]: https://matrix.to/#/#conduwuit:puppygock.gay
-[complement]: https://github.com/matrix-org/complement/
-[engage.toml]: https://github.com/girlbossceo/conduwuit/blob/main/engage.toml
-[engage]: https://charles.page.computer.surgery/engage/
-[sytest]: https://github.com/matrix-org/sytest/
-[cargo-deb]: https://github.com/kornelski/cargo-deb
-[lychee]: https://github.com/lycheeverse/lychee
-[markdownlint-cli]: https://github.com/igorshubovych/markdownlint-cli
-[cargo-audit]: https://github.com/RustSec/rustsec/tree/main/cargo-audit
-[direnv]: https://direnv.net/
-[mdbook]: https://rust-lang.github.io/mdBook/
-[documentation.yml]: https://github.com/girlbossceo/conduwuit/blob/main/.github/workflows/documentation.yml
@@ -1,970 +0,0 @@
-#cargo-features = ["profile-rustflags"]
-
-[workspace]
-resolver = "2"
-members = ["src/*"]
-default-members = ["src/*"]
-
-[workspace.package]
-authors = [
-    "June Clementine Strawberry <june@girlboss.ceo>",
-    "strawberry <strawberry@puppygock.gay>", # woof
-    "Jason Volk <jason@zemos.net>",
-]
-categories = ["network-programming"]
-description = "a very cool Matrix chat homeserver written in Rust"
-edition = "2021"
-homepage = "https://conduwuit.puppyirl.gay/"
-keywords = ["chat", "matrix", "networking", "server", "uwu"]
-license = "Apache-2.0"
-# See also `rust-toolchain.toml`
-readme = "README.md"
-repository = "https://github.com/girlbossceo/conduwuit"
-rust-version = "1.84.0"
-version = "0.5.0"
-
-[workspace.metadata.crane]
-name = "conduwuit"
-
-[workspace.dependencies.arrayvec]
-version = "0.7.4"
-features = ["serde"]
-
-[workspace.dependencies.smallvec]
-version = "1.13.2"
-features = [
-	"const_generics",
-	"const_new",
-	"serde",
-	"union",
-	"write",
-]
-
-[workspace.dependencies.const-str]
-version = "0.5.7"
-
-[workspace.dependencies.ctor]
-version = "0.2.9"
-
-[workspace.dependencies.cargo_toml]
-version = "0.21"
-default-features = false
-features = ["features"]
-
-[workspace.dependencies.toml]
-version = "0.8.14"
-default-features = false
-features = ["parse"]
-
-[workspace.dependencies.sanitize-filename]
-version = "0.6.0"
-
-[workspace.dependencies.base64]
-version = "0.22.1"
-default-features = false
-
-# used for TURN server authentication
-[workspace.dependencies.hmac]
-version = "0.12.1"
-default-features = false
-
-# used for checking if an IP is in specific subnets / CIDR ranges easier
-[workspace.dependencies.ipaddress]
-version = "0.1.3"
-
-[workspace.dependencies.rand]
-version = "0.8.5"
-
-# Used for the http request / response body type for Ruma endpoints used with reqwest
-[workspace.dependencies.bytes]
-version = "1.9.0"
-
-[workspace.dependencies.http-body-util]
-version = "0.1.2"
-
-[workspace.dependencies.http]
-version = "1.2.0"
-
-[workspace.dependencies.regex]
-version = "1.11.1"
-
-[workspace.dependencies.axum]
-version = "0.7.9"
-default-features = false
-features = [
-	"form",
-	"http1",
-	"http2",
-	"json",
-	"matched-path",
-	"tokio",
-	"tracing",
-]
-
-[workspace.dependencies.axum-extra]
-version = "0.9.6"
-default-features = false
-features = ["typed-header", "tracing"]
-
-[workspace.dependencies.axum-server]
-version = "0.7.1"
-default-features = false
-
-# to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
-[workspace.dependencies.axum-server-dual-protocol]
-version = "0.7"
-
-[workspace.dependencies.axum-client-ip]
-version = "0.6.1"
-
-[workspace.dependencies.tower]
-version = "0.5.1"
-default-features = false
-features = ["util"]
-
-[workspace.dependencies.tower-http]
-version = "0.6.2"
-default-features = false
-features = [
-    "add-extension",
-    "catch-panic",
-    "cors",
-    "sensitive-headers",
-    "set-header",
-    "timeout",
-    "trace",
-    "util",
-]
-
-[workspace.dependencies.rustls]
-version = "0.23.19"
-default-features = false
-features = ["aws_lc_rs"]
-
-[workspace.dependencies.reqwest]
-version = "0.12.9"
-default-features = false
-features = [
-	"rustls-tls-native-roots",
-	"socks",
-	"hickory-dns",
-	"http2",
-]
-
-[workspace.dependencies.serde]
-version = "1.0.216"
-default-features = false
-features = ["rc"]
-
-[workspace.dependencies.serde_json]
-version = "1.0.133"
-default-features = false
-features = ["raw_value"]
-
-# Used for appservice registration files
-[workspace.dependencies.serde_yaml]
-version = "0.9.34"
-
-# Used to load forbidden room/user regex from config
-[workspace.dependencies.serde_regex]
-version = "1.1.0"
-
-# Used for ruma wrapper
-[workspace.dependencies.serde_html_form]
-version = "0.2.6"
-
-# Used for password hashing
-[workspace.dependencies.argon2]
-version = "0.5.3"
-features = ["alloc", "rand"]
-default-features = false
-
-# Used to generate thumbnails for images & blurhashes
-[workspace.dependencies.image]
-version = "0.25.5"
-default-features = false
-features = [
-	"jpeg",
-	"png",
-	"gif",
-	"webp",
-]
-
-[workspace.dependencies.blurhash]
-version = "0.2.3"
-default-features = false
-features = [
-	"fast-linear-to-srgb",
-	"image",
-]
-
-# logging
-[workspace.dependencies.log]
-version = "0.4.22"
-default-features = false
-[workspace.dependencies.tracing]
-version = "0.1.41"
-default-features = false
-[workspace.dependencies.tracing-subscriber]
-version = "=0.3.18"
-default-features = false
-features = ["env-filter", "std", "tracing", "tracing-log", "ansi", "fmt"]
-[workspace.dependencies.tracing-core]
-version = "0.1.33"
-default-features = false
-
-# for URL previews
-[workspace.dependencies.webpage]
-version = "2.0.1"
-default-features = false
-
-# used for conduwuit's CLI and admin room command parsing
-[workspace.dependencies.clap]
-version = "4.5.23"
-default-features = false
-features = [
-	"derive",
-	"env",
-	"error-context",
-	"help",
-	"std",
-	"string",
-	"usage",
-]
-
-[workspace.dependencies.futures]
-version = "0.3.30"
-default-features = false
-features = ["std", "async-await"]
-
-[workspace.dependencies.tokio]
-version = "1.42.0"
-default-features = false
-features = [
-	"fs",
-	"net",
-	"macros",
-	"sync",
-	"signal",
-	"time",
-	"rt-multi-thread",
-	"io-util",
-	"tracing",
-]
-
-[workspace.dependencies.tokio-metrics]
-version = "0.4.0"
-
-[workspace.dependencies.libloading]
-version = "0.8.6"
-
-# Validating urls in config, was already a transitive dependency
-[workspace.dependencies.url]
-version = "2.5.4"
-default-features = false
-features = ["serde"]
-
-# standard date and time tools
-[workspace.dependencies.chrono]
-version = "0.4.38"
-features = ["alloc", "std"]
-default-features = false
-
-[workspace.dependencies.hyper]
-version = "1.5.1"
-default-features = false
-features = [
-	"server",
-	"http1",
-	"http2",
-]
-
-[workspace.dependencies.hyper-util]
-# hyper-util >=0.1.9 seems to have DNS issues
-version = "=0.1.8"
-default-features = false
-features = [
-	"server-auto",
-	"server-graceful",
-	"tokio",
-]
-
-# to support multiple variations of setting a config option
-[workspace.dependencies.either]
-version = "1.13.0"
-default-features = false
-features = ["serde"]
-
-# Used for reading the configuration from conduwuit.toml & environment variables
-[workspace.dependencies.figment]
-version = "0.10.19"
-default-features = false
-features = ["env", "toml"]
-
-[workspace.dependencies.hickory-resolver]
-version = "0.24.2"
-default-features = false
-
-# Used for conduwuit::Error type
-[workspace.dependencies.thiserror]
-version = "2.0.7"
-default-features = false
-
-# Used when hashing the state
-[workspace.dependencies.ring]
-version = "0.17.8"
-default-features = false
-
-# Used to make working with iterators easier, was already a transitive depdendency
-[workspace.dependencies.itertools]
-version = "0.13.0"
-
-# to parse user-friendly time durations in admin commands
-#TODO: overlaps chrono?
-[workspace.dependencies.cyborgtime]
-version = "2.1.1"
-
-# used for MPSC channels
-[workspace.dependencies.loole]
-version = "0.4.0"
-
-# used for MPMC channels
-[workspace.dependencies.async-channel]
-version = "2.3.1"
-
-[workspace.dependencies.async-trait]
-version = "0.1.83"
-
-[workspace.dependencies.lru-cache]
-version = "0.1.2"
-
-# Used for matrix spec type definitions and helpers
-[workspace.dependencies.ruma]
-git = "https://github.com/girlbossceo/ruwuma"
-#branch = "conduwuit-changes"
-rev = "f5667c6292adb43fbe4725d31d6b5127a0cf60ce"
-features = [
-    "compat",
-    "rand",
-    "appservice-api-c",
-    "client-api",
-    "federation-api",
-    "markdown",
-    "push-gateway-api-c",
-    "state-res",
-    "server-util",
-    "unstable-exhaustive-types",
-    "ring-compat",
-    "compat-upload-signatures",
-    "identifiers-validation",
-    "unstable-unspecified",
-    "unstable-msc2448",
-    "unstable-msc2666",
-    "unstable-msc2867",
-    "unstable-msc2870",
-    "unstable-msc3026",
-    "unstable-msc3061",
-    "unstable-msc3245",
-    "unstable-msc3266",
-    "unstable-msc3381", # polls
-    "unstable-msc3489", # beacon / live location
-    "unstable-msc3575",
-    "unstable-msc4075",
-    "unstable-msc4121",
-    "unstable-msc4125",
-    "unstable-msc4186",
-    "unstable-msc4203", # sending to-device events to appservices 
-    "unstable-msc4210", # remove legacy mentions
-    "unstable-extensible-events",
-]
-
-[workspace.dependencies.rust-rocksdb]
-path = "deps/rust-rocksdb"
-package = "rust-rocksdb-uwu"
-features = [
-	"multi-threaded-cf",
-	"mt_static",
-	"lz4",
-	"zstd",
-	"zlib",
-	"bzip2",
-]
-
-[workspace.dependencies.sha2]
-version = "0.10.8"
-default-features = false
-
-[workspace.dependencies.sha1]
-version = "0.10.6"
-default-features = false
-
-# optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
-[workspace.dependencies.opentelemetry]
-version = "0.21.0"
-
-[workspace.dependencies.tracing-flame]
-version = "0.2.0"
-
-[workspace.dependencies.tracing-opentelemetry]
-version = "0.22.0"
-
-[workspace.dependencies.opentelemetry_sdk]
-version = "0.21.2"
-features = ["rt-tokio"]
-
-[workspace.dependencies.opentelemetry-jaeger]
-version = "0.20.0"
-features = ["rt-tokio"]
-
-# optional sentry metrics for crash/panic reporting
-[workspace.dependencies.sentry]
-version = "0.35.0"
-default-features = false
-features = [
-    "backtrace",
-    "contexts",
-    "debug-images",
-    "panic",
-    "rustls",
-    "tower",
-    "tower-http",
-    "tracing",
-    "reqwest",
-    "log",
-]
-
-[workspace.dependencies.sentry-tracing]
-version = "0.35.0"
-[workspace.dependencies.sentry-tower]
-version = "0.35.0"
-
-# jemalloc usage
-[workspace.dependencies.tikv-jemalloc-sys]
-git = "https://github.com/girlbossceo/jemallocator"
-rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
-default-features = false
-features = [
-	"background_threads_runtime_support",
-	"unprefixed_malloc_on_supported_platforms",
-]
-[workspace.dependencies.tikv-jemallocator]
-git = "https://github.com/girlbossceo/jemallocator"
-rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
-default-features = false
-features = [
-	"background_threads_runtime_support",
-	"unprefixed_malloc_on_supported_platforms",
-]
-[workspace.dependencies.tikv-jemalloc-ctl]
-git = "https://github.com/girlbossceo/jemallocator"
-rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
-default-features = false
-features = ["use_std"]
-
-[workspace.dependencies.console-subscriber]
-version = "0.4"
-
-[workspace.dependencies.nix]
-version = "0.29.0"
-default-features = false
-features = ["resource"]
-
-[workspace.dependencies.sd-notify]
-version = "0.4.3"
-default-features = false
-
-[workspace.dependencies.hardened_malloc-rs]
-version = "0.1.2"
-default-features = false
-features = [
-	"static",
-	"gcc",
-	"light",
-]
-
-[workspace.dependencies.rustyline-async]
-version = "0.4.3"
-default-features = false
-
-[workspace.dependencies.termimad]
-version = "0.31.1"
-default-features = false
-
-[workspace.dependencies.checked_ops]
-version = "0.1"
-
-[workspace.dependencies.syn]
-version = "2.0.90"
-default-features = false
-features = ["full", "extra-traits"]
-
-[workspace.dependencies.quote]
-version = "1.0.37"
-
-[workspace.dependencies.proc-macro2]
-version = "1.0.89"
-
-[workspace.dependencies.bytesize]
-version = "1.3.0"
-
-[workspace.dependencies.core_affinity]
-version = "0.8.1"
-
-[workspace.dependencies.libc]
-version = "0.2"
-
-[workspace.dependencies.num-traits]
-version = "0.2"
-
-[workspace.dependencies.minicbor]
-version = "0.25.1"
-features = ["std"]
-
-[workspace.dependencies.minicbor-serde]
-version = "0.3.2"
-features = ["std"]
-
-#
-# Patches
-#
-
-# backport of [https://github.com/tokio-rs/tracing/pull/2956] to the 0.1.x branch of tracing.
-# we can switch back to upstream if #2956 is merged and backported in the upstream repo.
-# https://github.com/girlbossceo/tracing/commit/b348dca742af641c47bc390261f60711c2af573c
-[patch.crates-io.tracing-subscriber]
-git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
-[patch.crates-io.tracing]
-git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
-[patch.crates-io.tracing-core]
-git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
-[patch.crates-io.tracing-log]
-git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
-
-# adds a tab completion callback: https://github.com/girlbossceo/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50
-# adds event for CTRL+\: https://github.com/girlbossceo/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b
-[patch.crates-io.rustyline-async]
-git = "https://github.com/girlbossceo/rustyline-async"
-rev = "deaeb0694e2083f53d363b648da06e10fc13900c"
-
-# adds LIFO queue scheduling; this should be updated with PR progress.
-[patch.crates-io.event-listener]
-git = "https://github.com/girlbossceo/event-listener"
-rev = "fe4aebeeaae435af60087ddd56b573a2e0be671d"
-[patch.crates-io.async-channel]
-git = "https://github.com/girlbossceo/async-channel"
-rev = "92e5e74063bf2a3b10414bcc8a0d68b235644280"
-
-[patch.crates-io.core_affinity]
-git = "https://github.com/girlbossceo/core_affinity_rs"
-rev = "9c8e51510c35077df888ee72a36b4b05637147da"
-
-#
-# Our crates
-#
-
-[workspace.dependencies.conduwuit-router]
-package = "conduwuit_router"
-path = "src/router"
-default-features = false
-
-[workspace.dependencies.conduwuit-admin]
-package = "conduwuit_admin"
-path = "src/admin"
-default-features = false
-
-[workspace.dependencies.conduwuit-api]
-package = "conduwuit_api"
-path = "src/api"
-default-features = false
-
-[workspace.dependencies.conduwuit-service]
-package = "conduwuit_service"
-path = "src/service"
-default-features = false
-
-[workspace.dependencies.conduwuit-database]
-package = "conduwuit_database"
-path = "src/database"
-default-features = false
-
-[workspace.dependencies.conduwuit-core]
-package = "conduwuit_core"
-path = "src/core"
-default-features = false
-
-[workspace.dependencies.conduwuit-macros]
-package = "conduwuit_macros"
-path = "src/macros"
-default-features = false
-
-###############################################################################
-#
-# Release profiles
-#
-
-[profile.release]
-strip = "symbols"
-lto = "thin"
-
-# release profile with debug symbols
-[profile.release-debuginfo]
-inherits = "release"
-debug = "full"
-strip = "none"
-
-[profile.release-high-perf]
-inherits = "release"
-lto = "fat"
-codegen-units = 1
-panic = "abort"
-
-# do not use without profile-rustflags enabled
-[profile.release-max-perf]
-inherits = "release"
-strip = "symbols"
-lto = "fat"
-#rustflags = [
-#	'-Ctarget-cpu=native',
-#	'-Ztune-cpu=native',
-#	'-Ctarget-feature=+crt-static',
-#	'-Crelocation-model=static',
-#	'-Ztls-model=local-exec',
-#	'-Zinline-in-all-cgus=true',
-#	'-Zinline-mir=true',
-#	'-Zmir-opt-level=3',
-#	'-Clink-arg=-fuse-ld=gold',
-#	'-Clink-arg=-Wl,--threads',
-#	'-Clink-arg=-Wl,--gc-sections',
-#	'-Clink-arg=-luring',
-#	'-Clink-arg=-lstdc++',
-#	'-Clink-arg=-lc',
-#	'-Ztime-passes',
-#	'-Ztime-llvm-passes',
-#]
-
-[profile.release-max-perf.build-override]
-inherits = "release-max-perf"
-opt-level = 0
-codegen-units = 32
-#rustflags = [
-#	'-Crelocation-model=pic',
-#	'-Ctarget-feature=-crt-static',
-#	'-Clink-arg=-Wl,--no-gc-sections',
-#]
-
-[profile.release-max-perf.package.conduwuit_macros]
-inherits = "release-max-perf.build-override"
-#rustflags = [
-#	'-Crelocation-model=pic',
-#	'-Ctarget-feature=-crt-static',
-#]
-
-[profile.bench]
-inherits = "release"
-#rustflags = [
-#	"-Cremark=all",
-#	'-Ztime-passes',
-#	'-Ztime-llvm-passes',
-#]
-
-###############################################################################
-#
-# Developer profile
-#
-
-# To enable hot-reloading:
-# 1. Uncomment all of the rustflags here.
-# 2. Uncomment crate-type=dylib in src/*/Cargo.toml and deps/rust-rocksdb/Cargo.toml
-#
-# opt-level, mir-opt-level, validate-mir are not known to interfere with reloading
-# and can be raised if build times are tolerable.
-
-[profile.dev]
-debug = "full"
-opt-level = 0
-panic = "unwind"
-debug-assertions = true
-incremental = true
-#rustflags = [
-#	'--cfg', 'conduwuit_mods',
-#	'-Ztime-passes',
-#	'-Zmir-opt-level=0',
-#	'-Zvalidate-mir=false',
-#	'-Ztls-model=global-dynamic',
-#	'-Cprefer-dynamic=true',
-#	'-Zstaticlib-prefer-dynamic=true',
-#	'-Zstaticlib-allow-rdylib-deps=true',
-#	'-Zpacked-bundled-libs=false',
-#	'-Zplt=true',
-#	'-Crpath=true',
-#	'-Clink-arg=-Wl,--as-needed',
-#	'-Clink-arg=-Wl,--allow-shlib-undefined',
-#	'-Clink-arg=-Wl,-z,keep-text-section-prefix',
-#	'-Clink-arg=-Wl,-z,lazy',
-#]
-
-[profile.dev.package.conduwuit_core]
-inherits = "dev"
-incremental = false
-#rustflags = [
-#	'--cfg', 'conduwuit_mods',
-#	'-Ztime-passes',
-#	'-Zmir-opt-level=0',
-#	'-Ztls-model=initial-exec',
-#	'-Cprefer-dynamic=true',
-#	'-Zstaticlib-prefer-dynamic=true',
-#	'-Zstaticlib-allow-rdylib-deps=true',
-#	'-Zpacked-bundled-libs=false',
-#	'-Zplt=true',
-#	'-Clink-arg=-Wl,--as-needed',
-#	'-Clink-arg=-Wl,--allow-shlib-undefined',
-#	'-Clink-arg=-Wl,-z,lazy',
-#	'-Clink-arg=-Wl,-z,unique',
-#	'-Clink-arg=-Wl,-z,nodlopen',
-#	'-Clink-arg=-Wl,-z,nodelete',
-#]
-
-[profile.dev.package.conduwuit]
-inherits = "dev"
-#rustflags = [
-#	'--cfg', 'conduwuit_mods',
-#	'-Ztime-passes',
-#	'-Zmir-opt-level=0',
-#	'-Zvalidate-mir=false',
-#	'-Ztls-model=global-dynamic',
-#	'-Cprefer-dynamic=true',
-#	'-Zexport-executable-symbols=true',
-#	'-Zplt=true',
-#	'-Crpath=true',
-#	'-Clink-arg=-Wl,--as-needed',
-#	'-Clink-arg=-Wl,--allow-shlib-undefined',
-#	'-Clink-arg=-Wl,--export-dynamic',
-#	'-Clink-arg=-Wl,-z,lazy',
-#]
-
-[profile.dev.package.rust-rocksdb-uwu]
-inherits = "dev"
-debug = 'limited'
-incremental = false
-codegen-units = 1
-opt-level = 'z'
-#rustflags = [
-#	'--cfg', 'conduwuit_mods',
-#	'-Ztls-model=initial-exec',
-#	'-Cprefer-dynamic=true',
-#	'-Zstaticlib-prefer-dynamic=true',
-#	'-Zstaticlib-allow-rdylib-deps=true',
-#	'-Zpacked-bundled-libs=true',
-#	'-Zplt=true',
-#	'-Clink-arg=-Wl,--no-as-needed',
-#	'-Clink-arg=-Wl,--allow-shlib-undefined',
-#	'-Clink-arg=-Wl,-z,lazy',
-#	'-Clink-arg=-Wl,-z,nodlopen',
-#	'-Clink-arg=-Wl,-z,nodelete',
-#]
-
-[profile.dev.package.'*']
-inherits = "dev"
-debug = 'limited'
-incremental = false
-codegen-units = 1
-opt-level = 'z'
-#rustflags = [
-#	'--cfg', 'conduwuit_mods',
-#	'-Ztls-model=global-dynamic',
-#	'-Cprefer-dynamic=true',
-#	'-Zstaticlib-prefer-dynamic=true',
-#	'-Zstaticlib-allow-rdylib-deps=true',
-#	'-Zpacked-bundled-libs=true',
-#	'-Zplt=true',
-#	'-Clink-arg=-Wl,--as-needed',
-#	'-Clink-arg=-Wl,-z,lazy',
-#	'-Clink-arg=-Wl,-z,nodelete',
-#]
-
-# primarily used for CI
-[profile.test]
-inherits = "dev"
-strip = false
-opt-level = 0
-codegen-units = 16
-incremental = false
-
-[profile.test.package.'*']
-inherits = "dev"
-debug = 0
-strip = false
-opt-level = 0
-codegen-units = 16
-incremental = false
-
-###############################################################################
-#
-# Linting
-#
-
-[workspace.lints.rust]
-absolute-paths-not-starting-with-crate = "warn"
-#box-pointers = "warn"
-deprecated-in-future = "warn"
-elided-lifetimes-in-paths = "warn"
-explicit-outlives-requirements = "warn"
-ffi-unwind-calls = "warn"
-keyword-idents = "warn"
-macro-use-extern-crate = "warn"
-meta-variable-misuse = "warn"
-missing-abi = "warn"
-#missing-copy-implementations = "warn"                               # TODO
-#missing-debug-implementations = "warn"                              # TODO
-non-ascii-idents = "warn"
-rust-2021-incompatible-closure-captures = "warn"
-rust-2021-incompatible-or-patterns = "warn"
-rust-2021-prefixes-incompatible-syntax = "warn"
-rust-2021-prelude-collisions = "warn"
-single-use-lifetimes = "warn"
-trivial-casts = "warn"
-trivial-numeric-casts = "warn"
-unit-bindings = "warn"
-#unnameable-types = "warn"                                           # TODO
-unreachable-pub = "warn"
-unsafe-op-in-unsafe-fn = "warn"
-unstable-features = "warn"
-unused-extern-crates = "warn"
-unused-import-braces = "warn"
-unused-lifetimes = "warn"
-unused-macro-rules = "warn"
-unused-qualifications = "warn"
-#unused-results = "warn"                                             # TODO
-
-## some sadness
-elided_named_lifetimes = "allow"                                     # TODO!
-let_underscore_drop = "allow"
-missing_docs = "allow"
-# cfgs cannot be limited to expected cfgs or their de facto non-transitive/opt-in use-case e.g.
-# tokio_unstable will warn.
-unexpected_cfgs = "allow"
-# this seems to suggest broken code and is not working correctly
-unused_braces = "allow"
-# buggy, but worth checking on occasionally
-unused_crate_dependencies = "allow"
-unsafe_code = "allow"
-variant_size_differences = "allow"
-
-#######################################
-#
-# Clippy lints
-#
-
-[workspace.lints.clippy]
-
-###################
-cargo = { level = "warn", priority = -1 }
-
-## some sadness
-multiple_crate_versions = { level = "allow", priority = 1 }
-
-###################
-complexity = { level = "warn", priority = -1 }
-
-###################
-correctness = { level = "warn", priority = -1 }
-
-###################
-nursery = { level = "warn", priority = -1 }
-
-## some sadness
-missing_const_for_fn = { level = "allow", priority = 1 }             # TODO
-option_if_let_else = { level = "allow", priority = 1 }               # TODO
-redundant_pub_crate = { level = "allow", priority = 1 }              # TODO
-significant_drop_in_scrutinee = { level = "allow", priority = 1 }    # TODO
-significant_drop_tightening = { level = "allow", priority = 1 }      # TODO
-
-###################
-pedantic = { level = "warn", priority = -1 }
-
-## some sadness
-too_long_first_doc_paragraph = { level = "allow", priority = 1 }
-doc_markdown = { level = "allow", priority = 1 }
-enum_glob_use = { level = "allow", priority = 1 }
-if_not_else = { level = "allow", priority = 1 }
-if_then_some_else_none = { level = "allow", priority = 1 }
-inline_always = { level = "allow", priority = 1 }
-match_bool = { level = "allow", priority = 1 }
-missing_docs_in_private_items = { level = "allow", priority = 1 }
-missing_errors_doc = { level = "allow", priority = 1 }
-missing_panics_doc = { level = "allow", priority = 1 }
-module_name_repetitions = { level = "allow", priority = 1 }
-no_effect_underscore_binding = { level = "allow", priority = 1 }
-similar_names = { level = "allow", priority = 1 }
-single_match_else = { level = "allow", priority = 1 }
-struct_field_names = { level = "allow", priority = 1 }
-unnecessary_wraps = { level = "allow", priority = 1 }
-unused_async = { level = "allow", priority = 1 }
-
-###################
-perf = { level = "warn", priority = -1 }
-
-###################
-#restriction = "warn"
-
-#allow_attributes = "warn"                                           # UNSTABLE
-arithmetic_side_effects = "warn"
-as_conversions = "warn"
-as_underscore = "warn"
-assertions_on_result_states = "warn"
-dbg_macro = "warn"
-default_union_representation = "warn"
-deref_by_slicing = "warn"
-empty_drop = "warn"
-empty_structs_with_brackets = "warn"
-exit = "warn"
-filetype_is_file = "warn"
-float_cmp_const = "warn"
-fn_to_numeric_cast_any = "warn"
-format_push_string = "warn"
-get_unwrap = "warn"
-impl_trait_in_params = "warn"
-let_underscore_untyped = "warn"
-lossy_float_literal = "warn"
-mem_forget = "warn"
-missing_assert_message = "warn"
-mutex_atomic = "warn"
-pub_without_shorthand = "warn"
-rc_buffer = "warn"
-rc_mutex = "warn"
-redundant_type_annotations = "warn"
-rest_pat_in_fully_bound_structs = "warn"
-semicolon_outside_block = "warn"
-str_to_string = "warn"
-string_lit_chars_any = "warn"
-string_slice = "warn"
-string_to_string = "warn"
-suspicious_xor_used_as_pow = "warn"
-tests_outside_test_module = "warn"
-try_err = "warn"
-undocumented_unsafe_blocks = "warn"
-unnecessary_safety_comment = "warn"
-unnecessary_safety_doc = "warn"
-unnecessary_self_imports = "warn"
-unneeded_field_pattern = "warn"
-unseparated_literal_suffix = "warn"
-#unwrap_used = "warn"                                                # TODO
-verbose_file_reads = "warn"
-
-###################
-style = { level = "warn", priority = -1 }
-
-## some sadness
-# trivial assertions are quite alright
-assertions_on_constants = { level = "allow", priority = 1 }
-module_inception = { level = "allow", priority = 1 }
-
-###################
-suspicious = { level = "warn", priority = -1 }
-
-## some sadness
-let_underscore_future = { level = "allow", priority = 1 }
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright 2023 June
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
@@ -1,146 +0,0 @@
-# conduwuit
-
-[![conduwuit main room](https://img.shields.io/matrix/conduwuit%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit:puppygock.gay) [![conduwuit space](https://img.shields.io/matrix/conduwuit-space%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit-space%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit-space:puppygock.gay) [![CI and Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)
-
-<!-- ANCHOR: catchphrase -->
-
-### a very cool [Matrix](https://matrix.org/) chat homeserver written in Rust
-
-<!-- ANCHOR_END: catchphrase -->
-
-Visit the [conduwuit documentation](https://conduwuit.puppyirl.gay/) for more
-information and how to deploy/setup conduwuit.
-
-<!-- ANCHOR: body -->
-
-#### What is Matrix?
-
-[Matrix](https://matrix.org) is an open, federated, and extensible network for
-decentralised communication. Users from any Matrix homeserver can chat with users from all
-other homeservers over federation. Matrix is designed to be extensible and built on top of.
-You can even use bridges such as Matrix Appservices to communicate with users outside of Matrix, like a community on Discord.
-
-#### What is the goal?
-
-A high-performance, efficient, low-cost, and featureful Matrix homeserver that's
-easy to set up and just works with minimal configuration needed.
-
-#### Can I try it out?
-
-An official conduwuit server ran by me is available at transfem.dev
-([element.transfem.dev](https://element.transfem.dev) /
-[cinny.transfem.dev](https://cinny.transfem.dev))
-
-transfem.dev is a public homeserver that can be used, it is not a "test only
-homeserver". This means there are rules, so please read the rules:
-[https://transfem.dev/homeserver_rules.txt](https://transfem.dev/homeserver_rules.txt)
-
-transfem.dev is also listed at
-[servers.joinmatrix.org](https://servers.joinmatrix.org/), which is a list of
-popular public Matrix homeservers, including some others that run conduwuit.
-
-#### What is the current status?
-
-conduwuit is technically a hard fork of [Conduit](https://conduit.rs/), which is in beta.
-The beta status initially was inherited from Conduit, however the huge amount of
-codebase divergance, changes, fixes, and improvements have effectively made this
-beta status not entirely applicable to us anymore.
-
-conduwuit is very stable based on our rapidly growing userbase, has lots of features that users
-expect, and very usable as a daily driver for small, medium, and upper-end medium sized homeservers.
-
-A lot of critical stability and performance issues have been fixed, and a lot of
-necessary groundwork has finished; making this project way better than it was
-back in the start at ~early 2024.
-
-#### How is conduwuit funded? Is conduwuit sustainable?
-
-conduwuit has no external funding. This is made possible purely in my freetime with
-contributors, also in their free time, and only by user-curated donations.
-
-conduwuit has existed since around November 2023, but [only became more publicly known
-in March/April 2024](https://matrix.org/blog/2024/04/26/this-week-in-matrix-2024-04-26/#conduwuit-website)
-and we have no plans in stopping or slowing down any time soon!
-
-#### Can I migrate or switch from Conduit?
-
-conduwuit is a complete drop-in replacement for Conduit. As long as you are using RocksDB,
-the only "migration" you need to do is replace the binary or container image. There
-is no harm or additional steps required for using conduwuit. See the
-[Migrating from Conduit](https://conduwuit.puppyirl.gay/deploying/generic.html#migrating-from-conduit) section
-on the generic deploying guide.
-
-Note that as of conduwuit version 0.5.0, backwards compatibility with Conduit is
-no longer supported. We only support migrating *from* Conduit, not back to
-Conduit like before. If you are truly finding yourself wanting to migrate back
-to Conduit, we would appreciate all your feedback and if we can assist with
-any issues or concerns.
-
-#### Can I migrate from Synapse or Dendrite?
-
-Currently there is no known way to seamlessly migrate all user data from the old
-homeserver to conduwuit. However it is perfectly acceptable to replace the old
-homeserver software with conduwuit using the same server name and there will not
-be any issues with federation.
-
-There is an interest in developing a built-in seamless user data migration
-method into conduwuit, however there is no concrete ETA or timeline for this.
-
-
-<!-- ANCHOR_END: body -->
-
-<!-- ANCHOR: footer -->
-
-#### Contact
-
-[`#conduwuit:puppygock.gay`](https://matrix.to/#/#conduwuit:puppygock.gay)
-is the official project Matrix room. You can get support here, ask questions or
-concerns, get assistance setting up conduwuit, etc.
-
-This room should stay relevant and focused on conduwuit. An offtopic general
-chatter room can be found there as well.
-
-Please keep the issue trackers focused on bug reports and enhancement requests.
-General support is extremely difficult to be offered over an issue tracker, and
-simple questions should be asked directly in an interactive platform like our
-Matrix room above as they can turn into a relevant discussion and/or may not be
-simple to answer. If you're not sure, just ask in the Matrix room.
-
-If you have a bug or feature to request: [Open an issue on GitHub](https://github.com/girlbossceo/conduwuit/issues/new)
-
-#### Donate
-
-conduwuit development is purely made possible by myself and contributors. I do
-not get paid to work on this, and I work on it in my free time. Donations are
-heavily appreciated! 💜🥺
-
- Liberapay (preferred): <https://liberapay.com/girlbossceo>
- GitHub Sponsors (preferred): <https://github.com/sponsors/girlbossceo>
- Ko-fi: <https://ko-fi.com/puppygock>
-
-I do not and will not accept cryptocurrency donations, including things related.
-
-#### Logo
-
-Original repo and Matrix room picture was from bran (<3). Current banner image
-and logo is directly from [this cohost
-post](https://web.archive.org/web/20241126004041/https://cohost.org/RatBaby/post/1028290-finally-a-flag-for).
-
-#### Is it conduwuit or Conduwuit?
-
-Both, but I prefer conduwuit.
-
-#### Mirrors of conduwuit
-
-If GitHub is unavailable in your country, or has poor connectivity, conduwuit's
-source code is mirrored onto the following additional platforms I maintain:
-
- GitHub: <https://github.com/girlbossceo/conduwuit>
- GitLab: <https://gitlab.com/conduwuit/conduwuit>
- git.girlcock.ceo: <https://git.girlcock.ceo/strawberry/conduwuit>
- git.gay: <https://git.gay/june/conduwuit>
- mau.dev: <https://mau.dev/june/conduwuit>
- Codeberg: <https://codeberg.org/arf/conduwuit>
- sourcehut: <https://git.sr.ht/~girlbossceo/conduwuit>
-
-<!-- ANCHOR_END: footer -->
@@ -1,76 +0,0 @@
-[Unit]
-Description=conduwuit Matrix homeserver
-Wants=network-online.target
-After=network-online.target
-Documentation=https://conduwuit.puppyirl.gay/
-RequiresMountsFor=/var/lib/private/conduwuit
-
-[Service]
-DynamicUser=yes
-Type=notify-reload
-ReloadSignal=SIGUSR1
-
-TTYPath=/dev/tty25
-DeviceAllow=char-tty
-StandardInput=tty-force
-StandardOutput=tty
-StandardError=journal+console
-TTYReset=yes
-# uncomment to allow buffer to be cleared every restart
-TTYVTDisallocate=no
-
-TTYColumns=120
-TTYRows=40
-
-AmbientCapabilities=
-CapabilityBoundingSet=
-
-DevicePolicy=closed
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
-#ProcSubset=pid
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectProc=invisible
-ProtectSystem=strict
-PrivateDevices=yes
-PrivateMounts=yes
-PrivateTmp=yes
-PrivateUsers=yes
-PrivateIPC=yes
-RemoveIPC=yes
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service @resources
-SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
-SystemCallErrorNumber=EPERM
-StateDirectory=conduwuit
-
-RuntimeDirectory=conduwuit
-RuntimeDirectoryMode=0750
-
-Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"
-BindPaths=/var/lib/private/conduwuit:/var/lib/matrix-conduit
-BindPaths=/var/lib/private/conduwuit:/var/lib/private/matrix-conduit
-
-ExecStart=/usr/bin/conduwuit
-Restart=on-failure
-RestartSec=5
-
-TimeoutStopSec=4m
-TimeoutStartSec=4m
-
-StartLimitInterval=1m
-StartLimitBurst=5
-
-[Install]
-WantedBy=multi-user.target
@@ -1,57 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Path to Complement's source code
-#
-# The `COMPLEMENT_SRC` environment variable is set in the Nix dev shell, which
-# points to a store path containing the Complement source code. It's likely you
-# want to just pass that as the first argument to use it here.
-COMPLEMENT_SRC="${COMPLEMENT_SRC:-$1}"
-
-# A `.jsonl` file to write test logs to
-LOG_FILE="$2"
-
-# A `.jsonl` file to write test results to
-RESULTS_FILE="$3"
-
-OCI_IMAGE="complement-conduwuit:main"
-
-# Complement tests that are skipped due to flakiness/reliability issues
-SKIPPED_COMPLEMENT_TESTS='-skip=TestClientSpacesSummary.*|TestJoinFederatedRoomFromApplicationServiceBridgeUser.*|TestJumpToDateEndpoint.*|TestUnbanViaInvite.*'
-
-# $COMPLEMENT_SRC needs to be a directory to Complement source code
-if [ -f "$COMPLEMENT_SRC" ]; then
-    echo "\$COMPLEMENT_SRC must be a directory/path to Complement source code"
-    exit 1
-fi
-
-# quick test to make sure we can actually write to $LOG_FILE and $RESULTS_FILE
-touch $LOG_FILE && rm -v $LOG_FILE
-touch $RESULTS_FILE && rm -v $RESULTS_FILE
-
-toplevel="$(git rev-parse --show-toplevel)"
-
-pushd "$toplevel" > /dev/null
-
-#bin/nix-build-and-cache just .#linux-complement
-bin/nix-build-and-cache just .#complement
-
-docker load < result
-popd > /dev/null
-
-# It's okay (likely, even) that `go test` exits nonzero
-set +o pipefail
-env \
-    -C "$COMPLEMENT_SRC" \
-    COMPLEMENT_BASE_IMAGE="$OCI_IMAGE" \
-    go test -tags="conduwuit_blacklist" "$SKIPPED_COMPLEMENT_TESTS" -v -timeout 1h -json ./tests | tee "$LOG_FILE"
-set -o pipefail
-
-# Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results
-cat "$LOG_FILE" | jq -s -c 'sort_by(.Test)[]' | jq -c '
-    select(
-        (.Action == "pass" or .Action == "fail" or .Action == "skip")
-        and .Test != null
-    ) | {Action: .Action, Test: .Test}
-    ' > "$RESULTS_FILE"
@@ -1,110 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail
-
-toplevel="$(git rev-parse --show-toplevel)"
-
-# Build just the single installable and forward any other arguments too
-just() {
-    # uses nix-output-monitor (nom) if available
-    if command -v nom &> /dev/null; then
-        nom build "$@"
-    else
-        nix build -L "$@"
-    fi
-
-    if [ -z "$ATTIC_TOKEN" ]; then
-        echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache"
-        return
-    fi
-
-    # historical "conduit" store for compatibility purposes, same as conduwuit
-    nix run --inputs-from "$toplevel" attic -- \
-        login \
-        conduit \
-        "${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduit}" \
-        "$ATTIC_TOKEN"
-
-    # Find all output paths of the installables and their build dependencies
-    #readarray -t derivations < <(nix path-info --derivation "$@")
-    derivations=()
-    while IFS=$'\n' read derivation; do
-        derivations+=("$derivation")
-    done < <(nix path-info --derivation "$@")
-
-    cache=()
-    for derivation in "${derivations[@]}"; do
-        cache+=(
-            "$(nix-store --query --requisites --include-outputs "$derivation")"
-        )
-    done
-
-    withattic() {
-        nix shell --inputs-from "$toplevel" attic --command xargs attic push "$@" <<< "${cache[*]}"
-    }
-    # Upload them to Attic (conduit store)
-    #
-    # Use `xargs` and a here-string because something would probably explode if
-    # several thousand arguments got passed to a command at once. Hopefully no
-    # store paths include a newline in them.
-    (
-        IFS=$'\n'
-        withattic conduit || withattic conduit || withattic conduit || true
-    )
-
-    # main "conduwuit" store
-    nix run --inputs-from "$toplevel" attic -- \
-        login \
-        conduwuit \
-        "${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduwuit}" \
-        "$ATTIC_TOKEN"
-
-    # Upload them to Attic (conduwuit store) and Cachix
-    #
-    # Use `xargs` and a here-string because something would probably explode if
-    # several thousand arguments got passed to a command at once. Hopefully no
-    # store paths include a newline in them.
-    (
-        IFS=$'\n'
-        withattic conduwuit || withattic conduwuit || withattic conduwuit || true
-
-        # push to cachix if available
-        if [ "$CACHIX_AUTH_TOKEN" ]; then
-            nix shell --inputs-from "$toplevel" cachix -c xargs \
-            cachix push conduwuit <<< "${cache[*]}"
-        fi
-    )
-}
-
-# Build and cache things needed for CI
-ci() {
-    cache=(
-        --inputs-from "$toplevel"
-
-        # Keep sorted
-        #"$toplevel#devShells.x86_64-linux.default"
-        #"$toplevel#devShells.x86_64-linux.all-features"
-        attic#default
-        cachix#default
-        nixpkgs#direnv
-        nixpkgs#jq
-        nixpkgs#nix-direnv
-    )
-
-    just "${cache[@]}"
-}
-
-# Build and cache *all* the package outputs from the flake.nix
-packages() {
-    declare -a cache="($(
-        nix flake show --json 2> /dev/null |
-            nix run --inputs-from "$toplevel" nixpkgs#jq -- \
-            -r \
-            '.packages."x86_64-linux" | keys | map("'"$toplevel"'#" + .) | @sh'
-    ))"
-
-    just "${cache[@]}"
-}
-
-
-eval "$@"
@@ -1,24 +0,0 @@
-[book]
-title = "conduwuit 🏳️‍⚧️ 💜 🦴"
-description = "conduwuit, which is a well-maintained fork of Conduit, is a simple, fast and reliable chat server for the Matrix protocol"
-language = "en"
-authors = ["strawberry (June)"]
-text-direction = "ltr"
-multilingual = false
-src = "docs"
-
-[build]
-build-dir = "public"
-create-missing = true
-extra-watch-dirs = ["debian", "docs"]
-
-[rust]
-edition = "2021"
-
-[output.html]
-git-repository-url = "https://github.com/girlbossceo/conduwuit"
-edit-url-template = "https://github.com/girlbossceo/conduwuit/edit/main/{path}"
-git-repository-icon = "fa-github-square"
-
-[output.html.search]
-limit-results = 15
@@ -1,19 +0,0 @@
-array-size-threshold = 4096
-cognitive-complexity-threshold = 94         # TODO reduce me ALARA
-excessive-nesting-threshold = 11            # TODO reduce me to 4 or 5
-future-size-threshold = 7745                # TODO reduce me ALARA
-stack-size-threshold = 196608               # reduce me ALARA
-too-many-lines-threshold = 780              # TODO reduce me to <= 100
-type-complexity-threshold = 250             # reduce me to ~200
-
-disallowed-macros = [
-	{ path = "log::error", reason = "use conduwuit_core::error" },
-	{ path = "log::warn", reason = "use conduwuit_core::warn" },
-	{ path = "log::info", reason = "use conduwuit_core::info" },
-	{ path = "log::debug", reason = "use conduwuit_core::debug" },
-	{ path = "log::trace", reason = "use conduwuit_core::trace" },
-]
-
-disallowed-methods = [
-    { path = "tokio::spawn", reason = "use and pass conduuwit_core::server::Server::runtime() to spawn from" },
-]
@@ -0,0 +1,114 @@
+# podman save --format oci-archive jade-website-frontend:latest | gzip | ssh core@176.126.240.240 -T "zcat | podman load"
+# podman compose create
+# let containers = podman ps -a --format json | from json | where Labels."com.docker.compose.project" == "jade-website"
+
+# podman compose create; let containers = podman ps -a --format json | from json | where Labels."com.docker.compose.project" == "jade-website"; podman kube generate ($containers | get Id) | save deployment.yml
+# echo deployment.yml | ssh core@176.126.240.240 -T "cat > deployment.yml"
+#  $containers.1.Labels | to yaml
+
+# podman kube generate -s ($containers | get Id) --podman-only | ssh core@176.126.240.240 -T "cat > deployment.yml"
+
+
+version: '2'
+services:
+  jade-website-frontend:
+    image: jade-website-frontend:latest
+    build:
+      context: .
+      dockerfile: packages/website/Dockerfile
+    restart: unless-stopped
+    # ports:
+      # - 3000:3000
+    networks:
+        - proxy
+    # deploy:
+      
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
+
+      # - "traefik.http.routers.to-website.rule=Host(`jade.ellis.link`)"
+      # - "traefik.http.routers.to-website.entrypoints=http"
+      - "traefik.http.routers.to-website.rule=Host(`jade.ellis.link.localhost`)"
+      - "traefik.http.routers.to-website.entrypoints=http"
+      # - "traefik.http.routers.to-website.tls=true"
+      # - "traefik.http.routers.to-website.tls.certresolver=letsencrypt"
+      # - "traefik.http.routers.to-website.middlewares=cors-headers@docker"
+
+      # - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
+      # - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
+      # - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+
+
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    restart: "unless-stopped"
+    # privileged: true
+    security_opt:
+      - "label=type:container_runtime_t"
+    command: 
+      - "--log.level=DEBUG"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.http.address=:8080"
+      # - "--entrypoints.https.address=:443"
+      # - "--acme"
+      # - "--certificatesresolvers.letsencrypt.acme.email='jade@ellis.link'"
+      # - "--certificatesresolvers.letsencrypt.acme.storage=/certificates/acme.json"
+
+      # - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      # - "--certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=http"
+      # - "--certificatesresolvers.lets-encrypt.acme.tlschallenge=true"
+
+      # - "--entrypoints.http.http.redirections.entryPoint.to=https" 
+      # - "--entrypoints.http.http.redirections.entryPoint.scheme=https"
+      
+      # - --api.dashboard=true 
+      # - --api.insecure=true 
+    ports:
+      # - "80:80"
+      # - "443:443"
+      - "8080:8080"
+    volumes:
+      - "/run/user/1000/podman/podman.sock:/var/run/docker.sock"
+      # - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "traefik-public-certificates:/certificates"
+      # - "./traefik_config:/etc/traefik"
+    # labels:
+      # - "traefik.enable=true"
+
+      # # middleware redirect
+      # - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # # global redirect to https
+      # - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
+      # - "traefik.http.routers.redirs.entrypoints=http"
+      # - "traefik.http.routers.redirs.middlewares=redirect-to-https"
+
+    networks:
+      - proxy
+
+networks:
+    proxy:
+      # external: true
+      enable_ipv6: true
+
+      
+
+
+volumes:
+  traefik-public-certificates:
+# mkdir -p ~/.config/containers/systemd
+#  nano  ~/.config/containers/systemd/deployment.kube
+
+# [Unit]
+# Description=Deployment via kubernetes
+# Before=local-fs.target
+# [Kube]
+# Yaml=/var/home/core/deployment.yml
+# [Install]
+# # Start by default on boot
+# WantedBy=multi-user.target default.target
+
+# systemctl --user daemon-reload
+# systemctl --user start deployment.service
@@ -1,29 +0,0 @@
-# conduwuit for Debian
-
-Information about downloading and deploying the Debian package. This may also be
-referenced for other `apt`-based distros such as Ubuntu.
-
-### Installation
-
-It is recommended to see the [generic deployment guide](../deploying/generic.md)
-for further information if needed as usage of the Debian package is generally
-related.
-
-No `apt` repository is currently offered yet, it is in the works/development.
-
-### Configuration
-
-When installed, the example config is placed at `/etc/conduwuit/conduwuit.toml`
-as the default config. The config mentions things required to be changed before
-starting.
-
-You can tweak more detailed settings by uncommenting and setting the config
-options in `/etc/conduwuit/conduwuit.toml`.
-
-### Running
-
-The package uses the [`conduwuit.service`](../configuration/examples.md#example-systemd-unit-file) systemd unit file to start and stop conduwuit. The binary is installed at `/usr/sbin/conduwuit`.
-
-This package assumes by default that conduwuit will be placed behind a reverse proxy. The default config options apply (listening on `localhost` and TCP port `6167`). Matrix federation requires a valid domain name and TLS, so you will need to set up TLS certificates and renewal for it to work properly if you intend to federate.
-
-Consult various online documentation and guides on setting up a reverse proxy and TLS. Caddy is documented at the [generic deployment guide](../deploying/generic.md#setting-up-the-reverse-proxy) as it's the easiest and most user friendly.
@@ -1,78 +0,0 @@
-[Unit]
-Description=conduwuit Matrix homeserver
-Wants=network-online.target
-After=network-online.target
-Documentation=https://conduwuit.puppyirl.gay/
-
-[Service]
-DynamicUser=yes
-User=conduwuit
-Group=conduwuit
-Type=notify-reload
-ReloadSignal=SIGUSR1
-
-TTYPath=/dev/tty25
-DeviceAllow=char-tty
-StandardInput=tty-force
-StandardOutput=tty
-StandardError=journal+console
-TTYReset=yes
-# uncomment to allow buffer to be cleared every restart
-TTYVTDisallocate=no
-
-TTYColumns=120
-TTYRows=40
-
-Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"
-
-ExecStart=/usr/sbin/conduwuit
-
-ReadWritePaths=/var/lib/conduwuit /etc/conduwuit
-
-AmbientCapabilities=
-CapabilityBoundingSet=
-
-DevicePolicy=closed
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
-#ProcSubset=pid
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectProc=invisible
-ProtectSystem=strict
-PrivateDevices=yes
-PrivateMounts=yes
-PrivateTmp=yes
-PrivateUsers=yes
-PrivateIPC=yes
-RemoveIPC=yes
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service @resources
-SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
-SystemCallErrorNumber=EPERM
-#StateDirectory=conduwuit
-
-RuntimeDirectory=conduwuit
-RuntimeDirectoryMode=0750
-
-Restart=on-failure
-RestartSec=5
-
-TimeoutStopSec=2m
-TimeoutStartSec=2m
-
-StartLimitInterval=1m
-StartLimitBurst=5
-
-[Install]
-WantedBy=multi-user.target
@@ -1,18 +0,0 @@
-#!/bin/sh
-set -e
-
-# TODO: implement debconf support that is maintainable without duplicating the config
-# Source debconf library.
-#. /usr/share/debconf/confmodule
-#
-## Ask for the Matrix homeserver name, address and port.
-#db_input high conduwuit/hostname || true
-#db_go
-#
-#db_input low conduwuit/address || true
-#db_go
-#
-#db_input medium conduwuit/port || true
-#db_go
-
-exit 0
@@ -1,44 +0,0 @@
-#!/bin/sh
-set -e
-
-# TODO: implement debconf support that is maintainable without duplicating the config
-#. /usr/share/debconf/confmodule
-
-CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
-CONDUWUIT_CONFIG_PATH=/etc/conduwuit
-
-case "$1" in
-  configure)
-    # Create the `conduwuit` user if it does not exist yet.
-    if ! getent passwd conduwuit > /dev/null ; then
-      echo 'Adding system user for the conduwuit Matrix homeserver' 1>&2
-      adduser --system --group --quiet \
-        --home "$CONDUWUIT_DATABASE_PATH" \
-        --disabled-login \
-        --shell "/usr/sbin/nologin" \
-        conduwuit
-    fi
-
-    # Create the database path if it does not exist yet and fix up ownership
-    # and permissions for the config.
-    mkdir -v -p "$CONDUWUIT_DATABASE_PATH"
-
-    # symlink the previous location for compatibility if it does not exist yet.
-    if ! test -L "/var/lib/matrix-conduit" ; then
-        ln -s -v "$CONDUWUIT_DATABASE_PATH" "/var/lib/matrix-conduit"
-    fi
-
-    chown -v conduwuit:conduwuit -R "$CONDUWUIT_DATABASE_PATH"
-    chown -v conduwuit:conduwuit -R "$CONDUWUIT_CONFIG_PATH"
-
-    chmod -v 740 "$CONDUWUIT_DATABASE_PATH"
-
-    echo ''
-    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
-    echo 'To start the server, run: systemctl start conduwuit.service'
-    echo ''
-
-    ;;
-esac
-
-#DEBHELPER#
@@ -1,44 +0,0 @@
-#!/bin/sh
-set -e
-
-#. /usr/share/debconf/confmodule
-
-CONDUWUIT_CONFIG_PATH=/etc/conduwuit
-CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
-CONDUWUIT_DATABASE_PATH_SYMLINK=/var/lib/matrix-conduit
-
-case $1 in
-  purge)
-    # Remove debconf changes from the db
-    #db_purge
-
-    # Per https://www.debian.org/doc/debian-policy/ch-files.html#behavior
-    # "configuration files must be preserved when the package is removed, and
-    #  only deleted when the package is purged."
-
-    #
-
-    if [ -d "$CONDUWUIT_CONFIG_PATH" ]; then
-      if test -L "$CONDUWUIT_CONFIG_PATH"; then
-        echo "Deleting conduwuit configuration files"
-        rm -v -r "$CONDUWUIT_CONFIG_PATH"
-      fi
-    fi
-
-    if [ -d "$CONDUWUIT_DATABASE_PATH" ]; then
-      if test -L "$CONDUWUIT_DATABASE_PATH"; then
-        echo "Deleting conduwuit database directory"
-        rm -r "$CONDUWUIT_DATABASE_PATH"
-      fi
-    fi
-
-    if [ -d "$CONDUWUIT_DATABASE_PATH_SYMLINK" ]; then
-      if test -L "$CONDUWUIT_DATABASE_SYMLINK"; then
-        echo "Removing matrix-conduit symlink"
-        rm -r "$CONDUWUIT_DATABASE_PATH_SYMLINK"
-      fi
-    fi
-    ;;
-esac
-
-#DEBHELPER#
@@ -1,10 +0,0 @@
-(import
-  (
-    let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
-    fetchTarball {
-      url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-      sha256 = lock.nodes.flake-compat.locked.narHash;
-    }
-  )
-  { src = ./.; }
-).defaultNix
@@ -0,0 +1,2 @@
+podman build . -f packages/website/Dockerfile  -t jade-website-frontend:latest;
+podman save --format oci-archive jade-website-frontend:latest | gzip | ssh fedora@213.32.25.24 -T "sudo sh -c ' zcat > /opt/images/jade-website-frontend'"
@@ -1,42 +0,0 @@
-[package]
-name = "rust-rocksdb-uwu"
-categories.workspace = true
-description = "dylib wrapper for rust-rocksdb"
-edition = "2021"
-keywords.workspace = true
-license.workspace = true
-readme.workspace = true
-repository.workspace = true
-version = "0.0.1"
-
-[features]
-default = ["lz4", "zstd", "zlib", "bzip2"]
-jemalloc = ["rust-rocksdb/jemalloc"]
-io-uring = ["rust-rocksdb/io-uring"]
-valgrind = ["rust-rocksdb/valgrind"]
-snappy = ["rust-rocksdb/snappy"]
-lz4 = ["rust-rocksdb/lz4"]
-zstd = ["rust-rocksdb/zstd"]
-zlib = ["rust-rocksdb/zlib"]
-bzip2 = ["rust-rocksdb/bzip2"]
-rtti = ["rust-rocksdb/rtti"]
-mt_static = ["rust-rocksdb/mt_static"]
-multi-threaded-cf = ["rust-rocksdb/multi-threaded-cf"]
-serde1 = ["rust-rocksdb/serde1"]
-malloc-usable-size = ["rust-rocksdb/malloc-usable-size"]
-
-[dependencies.rust-rocksdb]
-git = "https://github.com/girlbossceo/rust-rocksdb-zaidoon1"
-rev = "7b0e1bbe395a41ba8a11347a4921da590e3ad0d9"
-#branch = "master"
-default-features = false
-
-[lib]
-path = "lib.rs"
-crate-type = [
-	"rlib",
-#	"dylib"
-]
-
-[lints]
-workspace = true
@@ -1,62 +0,0 @@
-pub use rust_rocksdb::*;
-
-#[cfg_attr(not(conduwuit_mods), link(name = "rocksdb"))]
-#[cfg_attr(conduwuit_mods, link(name = "rocksdb", kind = "static"))]
-unsafe extern "C" {
-	pub unsafe fn rocksdb_list_column_families();
-	pub unsafe fn rocksdb_logger_create_stderr_logger();
-	pub unsafe fn rocksdb_logger_create_callback_logger();
-	pub unsafe fn rocksdb_options_set_info_log();
-	pub unsafe fn rocksdb_get_options_from_string();
-	pub unsafe fn rocksdb_writebatch_create();
-	pub unsafe fn rocksdb_writebatch_destroy();
-	pub unsafe fn rocksdb_writebatch_put_cf();
-	pub unsafe fn rocksdb_writebatch_delete_cf();
-	pub unsafe fn rocksdb_iter_value();
-	pub unsafe fn rocksdb_iter_seek_to_last();
-	pub unsafe fn rocksdb_iter_seek_for_prev();
-	pub unsafe fn rocksdb_iter_seek_to_first();
-	pub unsafe fn rocksdb_iter_next();
-	pub unsafe fn rocksdb_iter_prev();
-	pub unsafe fn rocksdb_iter_seek();
-	pub unsafe fn rocksdb_iter_valid();
-	pub unsafe fn rocksdb_iter_get_error();
-	pub unsafe fn rocksdb_iter_key();
-	pub unsafe fn rocksdb_iter_destroy();
-	pub unsafe fn rocksdb_livefiles();
-	pub unsafe fn rocksdb_livefiles_count();
-	pub unsafe fn rocksdb_livefiles_destroy();
-	pub unsafe fn rocksdb_livefiles_column_family_name();
-	pub unsafe fn rocksdb_livefiles_name();
-	pub unsafe fn rocksdb_livefiles_size();
-	pub unsafe fn rocksdb_livefiles_level();
-	pub unsafe fn rocksdb_livefiles_smallestkey();
-	pub unsafe fn rocksdb_livefiles_largestkey();
-	pub unsafe fn rocksdb_livefiles_entries();
-	pub unsafe fn rocksdb_livefiles_deletions();
-	pub unsafe fn rocksdb_put_cf();
-	pub unsafe fn rocksdb_delete_cf();
-	pub unsafe fn rocksdb_get_pinned_cf();
-	pub unsafe fn rocksdb_create_column_family();
-	pub unsafe fn rocksdb_get_latest_sequence_number();
-	pub unsafe fn rocksdb_batched_multi_get_cf();
-	pub unsafe fn rocksdb_cancel_all_background_work();
-	pub unsafe fn rocksdb_repair_db();
-	pub unsafe fn rocksdb_list_column_families_destroy();
-	pub unsafe fn rocksdb_flush();
-	pub unsafe fn rocksdb_flush_wal();
-	pub unsafe fn rocksdb_open_column_families();
-	pub unsafe fn rocksdb_open_for_read_only_column_families();
-	pub unsafe fn rocksdb_open_as_secondary_column_families();
-	pub unsafe fn rocksdb_open_column_families_with_ttl();
-	pub unsafe fn rocksdb_open();
-	pub unsafe fn rocksdb_open_for_read_only();
-	pub unsafe fn rocksdb_open_with_ttl();
-	pub unsafe fn rocksdb_open_as_secondary();
-	pub unsafe fn rocksdb_write();
-	pub unsafe fn rocksdb_create_iterator_cf();
-	pub unsafe fn rocksdb_backup_engine_create_new_backup_flush();
-	pub unsafe fn rocksdb_backup_engine_options_create();
-	pub unsafe fn rocksdb_write_buffer_manager_destroy();
-	pub unsafe fn rocksdb_options_set_ttl();
-}
@@ -1 +0,0 @@
-docs/development.md
@@ -1,23 +0,0 @@
-# Summary
-
- [Introduction](introduction.md)
- [Differences from upstream Conduit](differences.md)
- [Configuration](configuration.md)
-  - [Examples](configuration/examples.md)
- [Deploying](deploying.md)
-  - [Generic](deploying/generic.md)
-  - [NixOS](deploying/nixos.md)
-  - [Docker](deploying/docker.md)
-  - [Kubernetes](deploying/kubernetes.md)
-  - [Arch Linux](deploying/arch-linux.md)
-  - [Debian](deploying/debian.md)
-  - [FreeBSD](deploying/freebsd.md)
- [TURN](turn.md)
- [Appservices](appservices.md)
- [Maintenance](maintenance.md)
- [Troubleshooting](troubleshooting.md)
- [Development](development.md)
-  - [Contributing](contributing.md)
-  - [Testing](development/testing.md)
-  - [Hot Reloading ("Live" Development)](development/hot_reload.md)
- [conduwuit Community Code of Conduct](conduwuit_coc.md)
@@ -1,53 +0,0 @@
-# Setting up Appservices
-
-## Getting help
-
-If you run into any problems while setting up an Appservice: ask us in
-[#conduwuit:puppygock.gay](https://matrix.to/#/#conduwuit:puppygock.gay) or
-[open an issue on GitHub](https://github.com/girlbossceo/conduwuit/issues/new).
-
-## Set up the appservice - general instructions
-
-Follow whatever instructions are given by the appservice. This usually includes
-downloading, changing its config (setting domain, homeserver url, port etc.) and
-later starting it.
-
-At some point the appservice guide should ask you to add a registration yaml
-file to the homeserver. In Synapse you would do this by adding the path to the
-homeserver.yaml, but in conduwuit you can do this from within Matrix:
-
-First, go into the `#admins` room of your homeserver. The first person that
-registered on the homeserver automatically joins it. Then send a message into
-the room like this:
-
-    !admin appservices register
-    ```
-    paste
-    the
-    contents
-    of
-    the
-    yaml
-    registration
-    here
-    ```
-
-You can confirm it worked by sending a message like this:
-`!admin appservices list`
-
-The server bot should answer with `Appservices (1): your-bridge`
-
-Then you are done. conduwuit will send messages to the appservices and the
-appservice can send requests to the homeserver. You don't need to restart
-conduwuit, but if it doesn't work, restarting while the appservice is running
-could help.
-
-## Appservice-specific instructions
-
-### Remove an appservice
-
-To remove an appservice go to your admin room and execute
-
-`!admin appservices unregister <name>`
-
-where `<name>` one of the output of `appservices list`.
@@ -1,93 +0,0 @@
-# conduwuit Community Code of Conduct
-
-Welcome to the conduwuit community! We’re excited to have you here. conduwuit is
-a hard-fork of the Conduit homeserver, aimed at making Matrix more accessible
-and inclusive for everyone.
-
-This space is dedicated to fostering a positive, supportive, and inclusive
-environment for everyone. This Code of Conduct applies to all conduwuit spaces,
-including any further community rooms that reference this CoC. Here are our
-guidelines to help maintain the welcoming atmosphere that sets conduwuit apart.
-
-For the general foundational rules, please refer to the [Contributor's
-Covenant](https://github.com/girlbossceo/conduwuit/blob/main/CODE_OF_CONDUCT.md).
-Below are additional guidelines specific to the conduwuit community.
-
-## Our Values and Guidelines
-
-1. **Respect and Inclusivity**: We are committed to maintaining a community
-   where everyone feels safe and respected. Discrimination, harassment, or hate
-speech of any kind will not be tolerated. Recognise that each community member
-experiences the world differently based on their past experiences, background,
-and identity. Share your own experiences and be open to learning about others'
-diverse perspectives.
-
-2. **Positivity and Constructiveness**: Engage in constructive discussions and
-   support each other. If you feel angry, negative, or aggressive, take a break
-until you can participate in a positive and constructive manner. Process intense
-feelings with a friend or in a private setting before engaging in community
-conversations to help maintain a supportive and focused environment.
-
-3. **Clarity and Understanding**: Our community includes neurodivergent
-   individuals and those who may not appreciate sarcasm or subtlety. Communicate
-clearly and kindly, avoiding sarcasm and ensuring your messages are easily
-understood by all. Additionally, avoid putting the burden of education on
-marginalized groups by doing your own research before asking for explanations.
-
-4. **Be Open to Inclusivity**: Actively engage in conversations about making our
-   community more inclusive. Report discriminatory behavior to the moderators
-and be open to constructive feedback that aims to improve our community.
-Understand that discussing discrimination and negative experiences can be
-emotionally taxing, so focus on the message rather than critiquing the tone
-used.
-
-5. **Commit to Inclusivity**: Building an inclusive community requires time,
-   energy, and resources. Recognise that addressing discrimination and bias is
-an ongoing process that necessitates commitment and action from all community
-members.
-
-## Matrix Community
-
-This Code of Conduct applies to the entire [conduwuit Matrix
-Space](https://matrix.to/#/#conduwuit-space:puppygock.gay) and its rooms,
-including:
-
-### [#conduwuit:puppygock.gay](https://matrix.to/#/#conduwuit:puppygock.gay)
-
-This room is for support and discussions about conduwuit. Ask questions, share
-insights, and help each other out.
-
-### [#conduwuit-offtopic:girlboss.ceo](https://matrix.to/#/#conduwuit-offtopic:girlboss.ceo)
-
-For off-topic community conversations about any subject. While this room allows
-for a wide range of topics, the same CoC applies. Keep discussions respectful
-and inclusive, and avoid divisive subjects like country/world politics. General
-topics, such as world events, are welcome as long as they follow the CoC.
-
-### [#conduwuit-dev:puppygock.gay](https://matrix.to/#/#conduwuit-dev:puppygock.gay)
-
-This room is dedicated to discussing active development of conduwuit. Posting
-requires an elevated power level, which can be requested in one of the other
-rooms. Use this space to collaborate and innovate.
-
-## Enforcement
-
-We have a zero-tolerance policy for violations of this Code of Conduct. If
-someone’s behavior makes you uncomfortable, please report it to the moderators.
-Actions we may take include:
-
-1. **Warning**: A warning given directly in the room or via a private message
-   from the moderators, identifying the violation and requesting corrective
-action.
-2. **Temporary Mute**: Temporary restriction from participating in discussions
-   for a specified period to allow for reflection and cooling off.
-3. **Kick or Ban**: Egregious behavior may result in an immediate kick or ban to
-   protect other community members. Bans are considered permanent and will only
-be reversed in exceptional circumstances after proven good behavior.
-
-Please highlight issues directly in rooms when possible, but if you don't feel
-comfortable doing that, then please send a DM to one of the moderators directly.
-
-Together, let’s build a community where everyone feels valued and respected.
-
-— The conduwuit Moderation Team
@@ -1,64 +0,0 @@
-# Configuration
-
-This chapter describes various ways to configure conduwuit.
-
-## Basics
-
-conduwuit uses a config file for the majority of the settings, but also supports
-setting individual config options via commandline.
-
-Please refer to the [example config
-file](./configuration/examples.md#example-configuration) for all of those
-settings.
-
-The config file to use can be specified on the commandline when running
-conduwuit by specifying the `-c`, `--config` flag. Alternatively, you can use
-the environment variable `CONDUWUIT_CONFIG` to specify the config file to used.
-Conduit's environment variables are supported for backwards compatibility.
-
-## Option commandline flag
-
-conduwuit supports setting individual config options in TOML format from the
-`-O` / `--option` flag. For example, you can set your server name via `-O
-server_name=\"example.com\"`.
-
-Note that the config is parsed as TOML, and shells like bash will remove quotes.
-So unfortunately it is required to escape quotes if the config option takes a
-string. This does not apply to options that take booleans or numbers:
- `--option allow_registration=true` works ✅
- `-O max_request_size=99999999` works ✅
- `-O server_name=example.com` does not work ❌
- `--option log=\"debug\"` works ✅
- `--option server_name='"example.com'"` works ✅
-
-## Execute commandline flag
-
-conduwuit supports running admin commands on startup using the commandline
-argument `--execute`. The most notable use for this is to create an admin user
-on first startup.
-
-The syntax of this is a standard admin command without the prefix such as
-`./conduwuit --execute "users create_user june"`
-
-An example output of a success is:
-```
-INFO conduwuit_service::admin::startup: Startup command #0 completed:
-Created user with user_id: @june:girlboss.ceo and password: `<redacted>`
-```
-
-This commandline argument can be paired with the `--option` flag.
-
-## Environment variables
-
-All of the settings that are found in the config file can be specified by using
-environment variables. The environment variable names should be all caps and
-prefixed with `CONDUWUIT_`.
-
-For example, if the setting you are changing is `max_request_size`, then the
-environment variable to set is `CONDUWUIT_MAX_REQUEST_SIZE`.
-
-To modify config options not in the `[global]` context such as
-`[global.well_known]`, use the `__` suffix split: `CONDUWUIT_WELL_KNOWN__SERVER`
-
-Conduit's environment variables are supported for backwards compatibility (e.g.
-`CONDUIT_SERVER_NAME`).
@@ -1,32 +0,0 @@
-## Example configuration
-
-<details>
-<summary>Example configuration</summary>
-
-```toml
-{{#include ../../conduwuit-example.toml}}
-```
-
-</details>
-
-## Debian systemd unit file
-
-<details>
-<summary>Debian systemd unit file</summary>
-
-```
-{{#include ../../debian/conduwuit.service}}
-```
-
-</details>
-
-## Arch Linux systemd unit file
-
-<details>
-<summary>Arch Linux systemd unit file</summary>
-
-```
-{{#include ../../arch/conduwuit.service}}
-```
-
-</details>
@@ -1 +0,0 @@
-../CONTRIBUTING.md
@@ -1,3 +0,0 @@
-# Deploying
-
-This chapter describes various ways to deploy conduwuit.
@@ -1,15 +0,0 @@
-# conduwuit for Arch Linux
-
-Currently conduwuit is only on the Arch User Repository (AUR).
-
-The conduwuit AUR packages are community maintained and are not maintained by
-conduwuit development team, but the AUR package maintainers are in the Matrix
-room. Please attempt to verify your AUR package's PKGBUILD file looks fine
-before asking for support.
-
- [conduwuit](https://aur.archlinux.org/packages/conduwuit) - latest tagged
-conduwuit
- [conduwuit-git](https://aur.archlinux.org/packages/conduwuit-git) - latest git
-conduwuit from `main` branch
- [conduwuit-bin](https://aur.archlinux.org/packages/conduwuit-bin) - latest
-tagged conduwuit static binary
@@ -1 +0,0 @@
-{{#include ../../debian/README.md}}
@@ -1,66 +0,0 @@
-# conduwuit - Behind Traefik Reverse Proxy
-
-services:
-  homeserver:
-    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
-    ### then you are ready to go.
-    image: girlbossceo/conduwuit:latest
-    restart: unless-stopped
-    volumes:
-      - db:/var/lib/conduwuit
-      #- ./conduwuit.toml:/etc/conduwuit.toml
-    networks:
-      - proxy
-    environment:
-      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
-      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-      CONDUWUIT_PORT: 6167 # should match the loadbalancer traefik label
-      CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-      CONDUWUIT_ALLOW_REGISTRATION: 'true'
-      CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
-      #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
-      CONDUWUIT_ALLOW_FEDERATION: 'true'
-      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-      #CONDUWUIT_LOG: warn,state_res=warn
-      CONDUWUIT_ADDRESS: 0.0.0.0
-      #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
-
-      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
-      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
-      # see the override file for more information about delegation
-      CONDUWUIT_WELL_KNOWN: |
-        {
-        client=https://your.server.name.example,
-        server=your.server.name.example:443
-        }
-    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
-    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
-      nofile:
-        soft: 1048567
-        hard: 1048567
-
-    ### Uncomment if you want to use your own Element-Web App.
-    ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and conduwuit
-    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
-    # element-web:
-    #     image: vectorim/element-web:latest
-    #     restart: unless-stopped
-    #     volumes:
-    #         - ./element_config.json:/app/config.json
-    #     networks:
-    #         - proxy
-    #     depends_on:
-    #         - homeserver
-
-volumes:
-  db:
-
-networks:
-  # This is the network Traefik listens to, if your network has a different
-  # name, don't forget to change it here and in the docker-compose.override.yml
-  proxy:
-    external: true
-
-# vim: ts=2:sw=2:expandtab
@@ -1,37 +0,0 @@
-# conduwuit - Traefik Reverse Proxy Labels
-
-services:
-  homeserver:
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
-
-      - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which conduwuit is hosted
-      - "traefik.http.routers.to-conduwuit.tls=true"
-      - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
-      - "traefik.http.services.to_conduwuit.loadbalancer.server.port=6167"
-
-      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
-      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
-      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
-
-      # If you want to have your account on <DOMAIN>, but host conduwuit on a subdomain,
-      # you can let it only handle the well known file on that domain instead
-      #- "traefik.http.routers.to-matrix-wellknown.rule=Host(`<DOMAIN>`) && PathPrefix(`/.well-known/matrix`)"
-      #- "traefik.http.routers.to-matrix-wellknown.tls=true"
-      #- "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt"
-      #- "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker"
-
-  ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml
-  # element-web:
-  #     labels:
-  #         - "traefik.enable=true"
-  #         - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
-
-  #         - "traefik.http.routers.to-element-web.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Element-Web is hosted
-  #         - "traefik.http.routers.to-element-web.tls=true"
-  #         - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"
-
-# vim: ts=2:sw=2:expandtab
-
@@ -1,55 +0,0 @@
-services:
-    caddy:
-    # This compose file uses caddy-docker-proxy as the reverse proxy for conduwuit!
-    # For more info, visit https://github.com/lucaslorentz/caddy-docker-proxy
-        image: lucaslorentz/caddy-docker-proxy:ci-alpine
-        ports:
-            - 80:80
-            - 443:443
-        environment:
-            - CADDY_INGRESS_NETWORKS=caddy
-        networks:
-            - caddy
-        volumes:
-            - /var/run/docker.sock:/var/run/docker.sock
-            - ./data:/data
-        restart: unless-stopped
-        labels:
-            caddy: example.com
-            caddy.0_respond: /.well-known/matrix/server {"m.server":"matrix.example.com:443"}
-            caddy.1_respond: /.well-known/matrix/client {"m.server":{"base_url":"https://matrix.example.com"},"m.homeserver":{"base_url":"https://matrix.example.com"},"org.matrix.msc3575.proxy":{"url":"https://matrix.example.com"}}
-
-    homeserver:
-        ### If you already built the conduwuit image with 'docker build' or want to use a registry image,
-        ### then you are ready to go.
-        image: girlbossceo/conduwuit:latest
-        restart: unless-stopped
-        volumes:
-            - db:/var/lib/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
-        environment:
-            CONDUWUIT_SERVER_NAME: example.com # EDIT THIS
-            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-            CONDUWUIT_ALLOW_REGISTRATION: 'true'
-            CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
-            #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
-            CONDUWUIT_ALLOW_FEDERATION: 'true'
-            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUWUIT_LOG: warn,state_res=warn
-            CONDUWUIT_ADDRESS: 0.0.0.0
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
-        networks:
-            - caddy
-        labels:
-            caddy: matrix.example.com
-            caddy.reverse_proxy: "{{upstreams 6167}}"
-
-volumes:
-    db:
-
-networks:
-    caddy:
-        external: true
@@ -1,146 +0,0 @@
-# conduwuit - Behind Traefik Reverse Proxy
-
-services:
-  homeserver:
-    ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image,
-    ### then you are ready to go.
-    image: girlbossceo/conduwuit:latest
-    restart: unless-stopped
-    volumes:
-      - db:/var/lib/conduwuit
-      #- ./conduwuit.toml:/etc/conduwuit.toml
-    networks:
-      - proxy
-    environment:
-      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
-      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-      CONDUWUIT_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
-      CONDUWUIT_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
-      #CONDUWUIT_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
-      CONDUWUIT_ADDRESS: 0.0.0.0
-      CONDUWUIT_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
-      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-      #CONDUWUIT_CONFIG: '/etc/conduit.toml' # Uncomment if you mapped config toml above
-      ### Uncomment and change values as desired, note that conduwuit has plenty of config options, so you should check out the example example config too
-      # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
-      # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
-      # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
-      # CONDUWUIT_ALLOW_FEDERATION: 'true'
-      # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-      # CONDUWUIT_ALLOW_INCOMING_PRESENCE: true
-      # CONDUWUIT_ALLOW_OUTGOING_PRESENCE: true
-      # CONDUWUIT_ALLOW_LOCAL_PRESENCE: true
-      # CONDUWUIT_WORKERS: 10
-      # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
-      # CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"
-
-      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
-      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
-      # reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included
-      CONDUWUIT_WELL_KNOWN: |
-        {
-          client=https://your.server.name.example,
-          server=your.server.name.example:443
-        }
-    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
-    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
-      nofile:
-        soft: 1048567
-        hard: 1048567
-
-    ### Uncomment if you want to use your own Element-Web App.
-    ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and conduwuit
-    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
-    # element-web:
-    #     image: vectorim/element-web:latest
-    #     restart: unless-stopped
-    #     volumes:
-    #         - ./element_config.json:/app/config.json
-    #     networks:
-    #         - proxy
-    #     depends_on:
-    #         - homeserver
-
-  traefik:
-    image: "traefik:latest"
-    container_name: "traefik"
-    restart: "unless-stopped"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:z"
-      - "acme:/etc/traefik/acme"
-      #- "./traefik_config:/etc/traefik:z"
-    labels:
-      - "traefik.enable=true"
-
-      # middleware redirect
-      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-      # global redirect to https
-      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
-      - "traefik.http.routers.redirs.entrypoints=web"
-      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
-
-    configs:
-      - source: dynamic.yml
-        target: /etc/traefik/dynamic.yml
-
-    environment:
-      TRAEFIK_LOG_LEVEL: DEBUG
-      TRAEFIK_ENTRYPOINTS_WEB: true
-      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"
-      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
-
-      TRAEFIK_ENTRYPOINTS_WEBSECURE: true
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
-      #TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_MIDDLEWARES: secureHeaders@file # if you want to enabled STS
-
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT: true
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: # Set this to the email you want to receive certificate expiration emails for
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_KEYTYPE: EC384
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE: true
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"
-
-      TRAEFIK_PROVIDERS_DOCKER: true
-      TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
-      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
-
-      TRAEFIK_PROVIDERS_FILE: true
-      TRAEFIK_PROVIDERS_FILE_FILENAME: "/etc/traefik/dynamic.yml"
-
-configs:
-  dynamic.yml:
-    content: |
-      # Optionally set STS headers, like in https://hstspreload.org
-      # http:
-      #   middlewares:
-      #     secureHeaders:
-      #       headers:
-      #         forceSTSHeader: true
-      #         stsIncludeSubdomains: true
-      #         stsPreload: true
-      #         stsSeconds: 31536000
-      tls:
-        options:
-          default:
-            cipherSuites:
-              - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-              - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-              - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-              - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-              - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-              - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-            minVersion: VersionTLS12
-
-volumes:
-    db:
-    acme:
-
-networks:
-    proxy:
-
-# vim: ts=2:sw=2:expandtab
@@ -1,44 +0,0 @@
-# conduwuit
-
-services:
-    homeserver:
-        ### If you already built the conduwuit image with 'docker build' or want to use a registry image,
-        ### then you are ready to go.
-        image: girlbossceo/conduwuit:latest
-        restart: unless-stopped
-        ports:
-            - 8448:6167
-        volumes:
-            - db:/var/lib/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
-        environment:
-            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-            CONDUWUIT_ALLOW_REGISTRATION: 'true'
-            CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
-            #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
-            CONDUWUIT_ALLOW_FEDERATION: 'true'
-            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUWUIT_LOG: warn,state_res=warn
-            CONDUWUIT_ADDRESS: 0.0.0.0
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
-    #
-    ### Uncomment if you want to use your own Element-Web App.
-    ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and conduwuit
-    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
-    # element-web:
-    #     image: vectorim/element-web:latest
-    #     restart: unless-stopped
-    #     ports:
-    #         - 8009:80
-    #     volumes:
-    #         - ./element_config.json:/app/config.json
-    #     depends_on:
-    #         - homeserver
-
-volumes:
-    db:
@@ -1,156 +0,0 @@
-# conduwuit for Docker
-
-## Docker
-
-To run conduwuit with Docker you can either build the image yourself or pull it
-from a registry.
-
-### Use a registry
-
-OCI images for conduwuit are available in the registries listed below.
-
-| Registry        | Image                                                           | Size                          | Notes                  |
-| --------------- | --------------------------------------------------------------- | ----------------------------- | ---------------------- |
-| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest]  | Stable latest tagged image.          |
-| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image Size][shield-latest]  | Stable latest tagged image.          |
-| Docker Hub      | [docker.io/girlbossceo/conduwuit:latest][dh]             | ![Image Size][shield-latest]  | Stable latest tagged image.          |
-| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:main][gh]   | ![Image Size][shield-main]    | Stable main branch.   |
-| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:main][gl]   | ![Image Size][shield-main]    | Stable main branch.   |
-| Docker Hub      | [docker.io/girlbossceo/conduwuit:main][dh]               | ![Image Size][shield-main]    | Stable main branch.   |
-
-[dh]: https://hub.docker.com/r/girlbossceo/conduwuit
-[gh]: https://github.com/girlbossceo/conduwuit/pkgs/container/conduwuit
-[gl]: https://gitlab.com/conduwuit/conduwuit/container_registry/6369729
-[shield-latest]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/latest
-[shield-main]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/main
-
-OCI image `.tar.gz` files are also hosted directly at when uploaded by CI with a
-commit hash/revision or a tagged release: <https://pup.systems/~strawberry/conduwuit/>
-
-Use
-
-```bash
-docker image pull $LINK
-```
-
-to pull it to your machine.
-
-### Run
-
-When you have the image you can simply run it with
-
-```bash
-docker run -d -p 8448:6167 \
-    -v db:/var/lib/conduwuit/ \
-    -e CONDUWUIT_SERVER_NAME="your.server.name" \
-    -e CONDUWUIT_ALLOW_REGISTRATION=false \
-    --name conduwuit $LINK
-```
-
-or you can use [docker compose](#docker-compose).
-
-The `-d` flag lets the container run in detached mode. You may supply an
-optional `conduwuit.toml` config file, the example config can be found
-[here](../configuration/examples.md). You can pass in different env vars to
-change config values on the fly. You can even configure conduwuit completely by
-using env vars. For an overview of possible values, please take a look at the
-[`docker-compose.yml`](docker-compose.yml) file.
-
-If you just want to test conduwuit for a short time, you can use the `--rm`
-flag, which will clean up everything related to your container after you stop
-it.
-
-### Docker-compose
-
-If the `docker run` command is not for you or your setup, you can also use one
-of the provided `docker-compose` files.
-
-Depending on your proxy setup, you can use one of the following files;
-
- If you already have a `traefik` instance set up, use
-[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml)
- If you don't have a `traefik` instance set up and would like to use it, use
-[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)
- If you want a setup that works out of the box with `caddy-docker-proxy`, use
-[`docker-compose.with-caddy.yml`](docker-compose.with-caddy.yml) and replace all
-`example.com` placeholders with your own domain
- For any other reverse proxy, use [`docker-compose.yml`](docker-compose.yml)
-
-When picking the traefik-related compose file, rename it so it matches
-`docker-compose.yml`, and rename the override file to
-`docker-compose.override.yml`. Edit the latter with the values you want for your
-server.
-
-When picking the `caddy-docker-proxy` compose file, it's important to first
-create the `caddy` network before spinning up the containers:
-
-```bash
-docker network create caddy
-```
-
-After that, you can rename it so it matches `docker-compose.yml` and spin up the
-containers!
-
-Additional info about deploying conduwuit can be found [here](generic.md).
-
-### Build
-
-Official conduwuit images are built using Nix's
-[`buildLayeredImage`][nix-buildlayeredimage]. This ensures all OCI images are
-repeatable and reproducible by anyone, keeps the images lightweight, and can be
-built offline.
-
-This also ensures portability of our images because `buildLayeredImage` builds
-OCI images, not Docker images, and works with other container software.
-
-The OCI images are OS-less with only a very minimal environment of the `tini`
-init system, CA certificates, and the conduwuit binary. This does mean there is
-not a shell, but in theory you can get a shell by adding the necessary layers
-to the layered image. However it's very unlikely you will need a shell for any
-real troubleshooting.
-
-The flake file for the OCI image definition is at [`nix/pkgs/oci-image/default.nix`][oci-image-def].
-
-To build an OCI image using Nix, the following outputs can be built:
- `nix build -L .#oci-image` (default features, x86_64 glibc)
- `nix build -L .#oci-image-x86_64-linux-musl` (default features, x86_64 musl)
- `nix build -L .#oci-image-aarch64-linux-musl` (default features, aarch64 musl)
- `nix build -L .#oci-image-x86_64-linux-musl-all-features` (all features, x86_64 musl)
- `nix build -L .#oci-image-aarch64-linux-musl-all-features` (all features, aarch64 musl)
-
-### Run
-
-If you already have built the image or want to use one from the registries, you
-can just start the container and everything else in the compose file in detached
-mode with:
-
-```bash
-docker compose up -d
-```
-
-> **Note:** Don't forget to modify and adjust the compose file to your needs.
-
-### Use Traefik as Proxy
-
-As a container user, you probably know about Traefik. It is a easy to use
-reverse proxy for making containerized app and services available through the
-web. With the two provided files,
-[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or
-[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and
-[`docker-compose.override.yml`](docker-compose.override.yml), it is equally easy
-to deploy and use conduwuit, with a little caveat. If you already took a look at
-the files, then you should have seen the `well-known` service, and that is the
-little caveat. Traefik is simply a proxy and loadbalancer and is not able to
-serve any kind of content, but for conduwuit to federate, we need to either
-expose ports `443` and `8448` or serve two endpoints `.well-known/matrix/client`
-and `.well-known/matrix/server`.
-
-With the service `well-known` we use a single `nginx` container that will serve
-those two files.
-
-## Voice communication
-
-See the [TURN](../turn.md) page.
-
-[nix-buildlayeredimage]: https://ryantm.github.io/nixpkgs/builders/images/dockertools/#ssec-pkgs-dockerTools-buildLayeredImage
-[oci-image-def]: https://github.com/girlbossceo/conduwuit/blob/main/nix/pkgs/oci-image/default.nix
@@ -1,5 +0,0 @@
-# conduwuit for FreeBSD
-
-conduwuit at the moment does not provide FreeBSD builds or have FreeBSD packaging, however conduwuit does build and work on FreeBSD using the system-provided RocksDB.
-
-Contributions for getting conduwuit packaged are welcome.
@@ -1,277 +0,0 @@
-# Generic deployment documentation
-
-> ### Getting help
->
-> If you run into any problems while setting up conduwuit, ask us in
-> `#conduwuit:puppygock.gay` or [open an issue on
-> GitHub](https://github.com/girlbossceo/conduwuit/issues/new).
-
-## Installing conduwuit
-
-### Static prebuilt binary
-
-You may simply download the binary that fits your machine architecture (x86_64
-or aarch64). Run `uname -m` to see what you need.
-
-Prebuilt fully static musl binaries can be downloaded from the latest tagged
-release [here](https://github.com/girlbossceo/conduwuit/releases/latest) or
-`main` CI branch workflow artifact output. These also include Debian/Ubuntu
-packages.
-
-Binaries are also available on my website directly at: <https://pup.systems/~strawberry/conduwuit/>
-
-These can be curl'd directly from. `ci-bins` are CI workflow binaries by commit
-hash/revision, and `releases` are tagged releases. Sort by descending last
-modified for the latest.
-
-These binaries have jemalloc and io_uring statically linked and included with
-them, so no additional dynamic dependencies need to be installed.
-
-For the **best** performance; if using an `x86_64` CPU made in the last ~15 years,
-we recommend using the `-haswell-` optimised binaries. This sets
-`-march=haswell` which is the most compatible and highest performance with
-optimised binaries. The database backend, RocksDB, most benefits from this as it
-will then use hardware accelerated CRC32 hashing/checksumming which is critical
-for performance.
-
-### Compiling
-
-Alternatively, you may compile the binary yourself. We recommend using
-Nix (or [Lix](https://lix.systems)) to build conduwuit as this has the most
-guaranteed reproducibiltiy and easiest to get a build environment and output
-going. This also allows easy cross-compilation.
-
-You can run the `nix build -L .#static-x86_64-linux-musl-all-features` or
-`nix build -L .#static-aarch64-linux-musl-all-features` commands based
-on architecture to cross-compile the necessary static binary located at
-`result/bin/conduwuit`. This is reproducible with the static binaries produced
-in our CI.
-
-If wanting to build using standard Rust toolchains, make sure you install:
- `liburing-dev` on the compiling machine, and `liburing` on the target host
- LLVM and libclang for RocksDB
-
-You can build conduwuit using `cargo build --release --all-features`
-
-## Migrating from Conduit
-
-As mentioned in the README, there is little to no steps needed to migrate
-from Conduit. As long as you are using the RocksDB database backend, just
-replace the binary / container image / etc.
-
-**WARNING**: As of conduwuit 0.5.0, all database and backwards compatibility
-with Conduit is no longer supported. We only support migrating *from* Conduit,
-not back to Conduit like before. If you are truly finding yourself wanting to
-migrate back to Conduit, we would appreciate all your feedback and if we can
-assist with any issues or concerns.
-
-**Note**: If you are relying on Conduit's "automatic delegation" feature,
-this will **NOT** work on conduwuit and you must configure delegation manually.
-This is not a mistake and no support for this feature will be added.
-
-If you are using SQLite, you **MUST** migrate to RocksDB. You can use this
-tool to migrate from SQLite to RocksDB: <https://github.com/ShadowJonathan/conduit_toolbox/>
-
-See the `[global.well_known]` config section, or configure your web server
-appropriately to send the delegation responses.
-
-## Adding a conduwuit user
-
-While conduwuit can run as any user it is better to use dedicated users for
-different services. This also allows you to make sure that the file permissions
-are correctly set up.
-
-In Debian, you can use this command to create a conduwuit user:
-
-```bash
-sudo adduser --system conduwuit --group --disabled-login --no-create-home
-```
-
-For distros without `adduser` (or where it's a symlink to `useradd`):
-
-```bash
-sudo useradd -r --shell /usr/bin/nologin --no-create-home conduwuit
-```
-
-## Forwarding ports in the firewall or the router
-
-Matrix's default federation port is port 8448, and clients must be using port 443.
-If you would like to use only port 443, or a different port, you will need to setup
-delegation. conduwuit has config options for doing delegation, or you can configure
-your reverse proxy to manually serve the necessary JSON files to do delegation
-(see the `[global.well_known]` config section).
-
-If conduwuit runs behind a router or in a container and has a different public
-IP address than the host system these public ports need to be forwarded directly
-or indirectly to the port mentioned in the config.
-
-Note for NAT users; if you have trouble connecting to your server from the inside
-of your network, you need to research your router and see if it supports "NAT
-hairpinning" or "NAT loopback".
-
-If your router does not support this feature, you need to research doing local
-DNS overrides and force your Matrix DNS records to use your local IP internally.
-This can be done at the host level using `/etc/hosts`. If you need this to be
-on the network level, consider something like NextDNS or Pi-Hole.
-
-## Setting up a systemd service
-
-Two example systemd units for conduwuit can be found
-[on the configuration page](../configuration/examples.md#debian-systemd-unit-file).
-You may need to change the `ExecStart=` path to where you placed the conduwuit
-binary if it is not `/usr/bin/conduwuit`.
-
-On systems where rsyslog is used alongside journald (i.e. Red Hat-based distros
-and OpenSUSE), put `$EscapeControlCharactersOnReceive off` inside
-`/etc/rsyslog.conf` to allow color in logs.
-
-If you are using a different `database_path` other than the systemd unit
-configured default `/var/lib/conduwuit`, you need to add your path to the
-systemd unit's `ReadWritePaths=`. This can be done by either directly editing
-`conduwuit.service` and reloading systemd, or running `systemctl edit conduwuit.service`
-and entering the following:
-
-```
-[Service]
-ReadWritePaths=/path/to/custom/database/path
-```
-
-## Creating the conduwuit configuration file
-
-Now we need to create the conduwuit's config file in
-`/etc/conduwuit/conduwuit.toml`. The example config can be found at
-[conduwuit-example.toml](../configuration/examples.md).
-
-**Please take a moment to read the config. You need to change at least the
-server name.**
-
-RocksDB is the only supported database backend.
-
-## Setting the correct file permissions
-
-If you are using a dedicated user for conduwuit, you will need to allow it to
-read the config. To do that you can run this:
-
-```bash
-sudo chown -R root:root /etc/conduwuit
-sudo chmod -R 755 /etc/conduwuit
-```
-
-If you use the default database path you also need to run this:
-
-```bash
-sudo mkdir -p /var/lib/conduwuit/
-sudo chown -R conduwuit:conduwuit /var/lib/conduwuit/
-sudo chmod 700 /var/lib/conduwuit/
-```
-
-## Setting up the Reverse Proxy
-
-Refer to the documentation or various guides online of your chosen reverse proxy
-software. There are many examples of basic Apache/Nginx reverse proxy setups
-out there.
-
-A [Caddy](https://caddyserver.com/) example will be provided as this
-is the recommended reverse proxy for new users and is very trivial to use
-(handles TLS, reverse proxy headers, etc transparently with proper defaults).
-
-Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization
-header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.
-
-If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent this (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).
-
-If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so:
- `proxy_pass http://127.0.0.1:6167$request_uri;`
- `proxy_pass http://127.0.0.1:6167;`
-
-Nginx users need to increase `client_max_body_size` (default is 1M) to match
-`max_request_size` defined in conduwuit.toml.
-
-You will need to reverse proxy everything under following routes:
- `/_matrix/` - core Matrix C-S and S-S APIs
- `/_conduwuit/` - ad-hoc conduwuit routes such as `/local_user_count` and
-`/server_version`
-
-You can optionally reverse proxy the following individual routes:
- `/.well-known/matrix/client` and `/.well-known/matrix/server` if using
-conduwuit to perform delegation (see the `[global.well_known]` config section)
- `/.well-known/matrix/support` if using conduwuit to send the homeserver admin
-contact and support page (formerly known as MSC1929)
- `/` if you would like to see `hewwo from conduwuit woof!` at the root
-
-See the following spec pages for more details on these files:
- [`/.well-known/matrix/server`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixserver)
- [`/.well-known/matrix/client`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient)
- [`/.well-known/matrix/support`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixsupport)
-
-Examples of delegation:
- <https://puppygock.gay/.well-known/matrix/server>
- <https://puppygock.gay/.well-known/matrix/client>
-
-### Caddy
-
-Create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter this (substitute for
-your server name).
-
-```caddyfile
-your.server.name, your.server.name:8448 {
-    # TCP reverse_proxy
-    127.0.0.1:6167
-    # UNIX socket
-    #reverse_proxy unix//run/conduwuit/conduwuit.sock
-}
-```
-
-That's it! Just start and enable the service and you're set.
-
-```bash
-sudo systemctl enable --now caddy
-```
-
-## You're done
-
-Now you can start conduwuit with:
-
-```bash
-sudo systemctl start conduwuit
-```
-
-Set it to start automatically when your system boots with:
-
-```bash
-sudo systemctl enable conduwuit
-```
-
-## How do I know it works?
-
-You can open [a Matrix client](https://matrix.org/ecosystem/clients), enter your
-homeserver and try to register.
-
-You can also use these commands as a quick health check (replace
-`your.server.name`).
-
-```bash
-curl https://your.server.name/_conduwuit/server_version
-
-# If using port 8448
-curl https://your.server.name:8448/_conduwuit/server_version
-
-# If federation is enabled
-curl https://your.server.name:8448/_matrix/federation/v1/version
-```
-
- To check if your server can talk with other homeservers, you can use the
-[Matrix Federation Tester](https://federationtester.matrix.org/). If you can
-register but cannot join federated rooms check your config again and also check
-if the port 8448 is open and forwarded correctly.
-
-# What's next?
-
-## Audio/Video calls
-
-For Audio/Video call functionality see the [TURN Guide](../turn.md).
-
-## Appservices
-
-If you want to set up an appservice, take a look at the [Appservice
-Guide](../appservices.md).
@@ -1,8 +0,0 @@
-# conduwuit for Kubernetes
-
-conduwuit doesn't support horizontal scalability or distributed loading
-natively, however a community maintained Helm Chart is available here to run
-conduwuit on Kubernetes: <https://gitlab.cronce.io/charts/conduwuit>
-
-Should changes need to be made, please reach out to the maintainer in our
-Matrix room as this is not maintained/controlled by the conduwuit maintainers.
@@ -1,108 +0,0 @@
-# conduwuit for NixOS
-
-conduwuit can be acquired by Nix (or [Lix][lix]) from various places:
-
-* The `flake.nix` at the root of the repo
-* The `default.nix` at the root of the repo
-* From conduwuit's binary cache
-
-A community maintained NixOS package is available at [`conduwuit`](https://search.nixos.org/packages?channel=unstable&show=conduwuit&from=0&size=50&sort=relevance&type=packages&query=conduwuit)
-
-### Binary cache
-
-A binary cache for conduwuit that the CI/CD publishes to is available at the
-following places (both are the same just different names):
-
-```
-https://attic.kennel.juneis.dog/conduit
-conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=
-
-https://attic.kennel.juneis.dog/conduwuit
-conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE=
-```
-
-The binary caches were recreated some months ago due to attic issues. The old public
-keys were:
-
-```
-conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
-conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
-```
-
-If needed, we have a binary cache on Cachix but it is only limited to 5GB:
-
-```
-https://conduwuit.cachix.org
-conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg=
-```
-
-If specifying a Git remote URL in your flake, you can use any remotes that
-are specified on the README (the mirrors), such as the GitHub: `github:girlbossceo/conduwuit`
-
-### NixOS module
-
-The `flake.nix` and `default.nix` do not currently provide a NixOS module (contributions
-welcome!), so [`services.matrix-conduit`][module] from Nixpkgs can be used to configure
-conduwuit.
-
-### Conduit NixOS Config Module and SQLite
-
-Beware! The [`services.matrix-conduit`][module] module defaults to SQLite as a database backend.
-Conduwuit dropped SQLite support in favor of exclusively supporting the much faster RocksDB.
-Make sure that you are using the RocksDB backend before migrating!
-
-There is a [tool to  migrate a Conduit SQLite database to
-RocksDB](https://github.com/ShadowJonathan/conduit_toolbox/).
-
-If you want to run the latest code, you should get conduwuit from the `flake.nix`
-or `default.nix` and set [`services.matrix-conduit.package`][package]
-appropriately to use conduwuit instead of Conduit.
-
-### UNIX sockets
-
-Due to the lack of a conduwuit NixOS module, when using the `services.matrix-conduit` module
-a workaround like the one below is necessary to use UNIX sockets. This is because the UNIX
-socket option does not exist in Conduit, and the module forcibly sets the `address` and 
-`port` config options.
-
-```nix
-options.services.matrix-conduit.settings = lib.mkOption {
-  apply = old: old // (
-    if (old.global ? "unix_socket_path")
-    then { global = builtins.removeAttrs old.global [ "address" "port" ]; }
-    else {  }
-  );
-};
-
-```
-
-Additionally, the [`matrix-conduit` systemd unit][systemd-unit] in the module does not allow
-the `AF_UNIX` socket address family in their systemd unit's `RestrictAddressFamilies=` which
-disallows the namespace from accessing or creating UNIX sockets and has to be enabled like so:
-
-```nix
-systemd.services.conduit.serviceConfig.RestrictAddressFamilies = [ "AF_UNIX" ];
-```
-
-Even though those workarounds are feasible a conduwuit NixOS configuration module, developed and
-published by the community, would be appreciated.
-
-### jemalloc and hardened profile
-
-conduwuit uses jemalloc by default. This may interfere with the [`hardened.nix` profile][hardened.nix]
-due to them using `scudo` by default. You must either disable/hide `scudo` from conduwuit, or
-disable jemalloc like so:
-
-```nix
-let
-    conduwuit = pkgs.unstable.conduwuit.override {
-      enableJemalloc = false;
-    };
-in
-```
-
-[lix]: https://lix.systems/
-[module]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit
-[package]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit.package
-[hardened.nix]: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix#L22
-[systemd-unit]: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/matrix/conduit.nix#L132
@@ -1,131 +0,0 @@
-# Development
-
-Information about developing the project. If you are only interested in using
-it, you can safely ignore this page. If you plan on contributing, see the
-[contributor's guide](./contributing.md).
-
-## conduwuit project layout
-
-conduwuit uses a collection of sub-crates, packages, or workspace members
-that indicate what each general area of code is for. All of the workspace
-members are under `src/`. The workspace definition is at the top level / root
-`Cargo.toml`.
-
-The crate names are generally self-explanatory:
- `admin` is the admin room
- `api` is the HTTP API, Matrix C-S and S-S endpoints, etc
- `core` is core conduwuit functionality like config loading, error definitions,
-global utilities, logging infrastructure, etc
- `database` is RocksDB methods, helpers, RocksDB config, and general database definitions,
-utilities, or functions
- `macros` are conduwuit Rust [macros][macros] like general helper macros, logging
-and error handling macros, and [syn][syn] and [procedural macros][proc-macro]
-used for admin room commands and others
- `main` is the "primary" sub-crate. This is where the `main()` function lives,
-tokio worker and async initialisation, Sentry initialisation, [clap][clap] init,
-and signal handling. If you are adding new [Rust features][features], they *must*
-go here.
- `router` is the webserver and request handling bits, using axum, tower, tower-http,
-hyper, etc, and the [global server state][state] to access `services`.
- `service` is the high-level database definitions and functions for data,
-outbound/sending code, and other business logic such as media fetching.
-
-It is highly unlikely you will ever need to add a new workspace member, but
-if you truly find yourself needing to, we recommend reaching out to us in
-the Matrix room for discussions about it beforehand.
-
-The primary inspiration for this design was apart of hot reloadable development,
-to support "conduwuit as a library" where specific parts can simply be swapped out.
-There is evidence Conduit wanted to go this route too as `axum` is technically an
-optional feature in Conduit, and can be compiled without the binary or axum library
-for handling inbound web requests; but it was never completed or worked.
-
-See the Rust documentation on [Workspaces][workspaces] for general questions
-and information on Cargo workspaces.
-
-## Adding compile-time [features][features]
-
-If you'd like to add a compile-time feature, you must first define it in
-the `main` workspace crate located in `src/main/Cargo.toml`. The feature must
-enable a feature in the other workspace crate(s) you intend to use it in. Then
-the said workspace crate(s) must define the feature there in its `Cargo.toml`.
-
-So, if this is adding a feature to the API such as `woof`, you define the feature
-in the `api` crate's `Cargo.toml` as `woof = []`. The feature definition in `main`'s
-`Cargo.toml` will be `woof = ["conduwuit-api/woof"]`.
-
-The rationale for this is due to Rust / Cargo not supporting
-["workspace level features"][9], we must make a choice of; either scattering
-features all over the workspace crates, making it difficult for anyone to add
-or remove default features; or define all the features in one central workspace
-crate that propagate down/up to the other workspace crates. It is a Cargo pitfall,
-and we'd like to see better developer UX in Rust's Workspaces.
-
-Additionally, the definition of one single place makes "feature collection" in our
-Nix flake a million times easier instead of collecting and deduping them all from
-searching in all the workspace crates' `Cargo.toml`s. Though we wouldn't need to
-do this if Rust supported workspace-level features to begin with.
-
-## List of forked dependencies
-
-During conduwuit development, we have had to fork
-some dependencies to support our use-cases in some areas. This ranges from
-things said upstream project won't accept for any reason, faster-paced
-development (unresponsive or slow upstream), conduwuit-specific usecases, or
-lack of time to upstream some things.
-
- [ruma/ruma][1]: <https://github.com/girlbossceo/ruwuma> - various performance
-improvements, more features, faster-paced development, better client/server interop
-hacks upstream won't accept, etc
- [facebook/rocksdb][2]: <https://github.com/girlbossceo/rocksdb> - liburing
-build fixes and GCC debug build fix
- [tikv/jemallocator][3]: <https://github.com/girlbossceo/jemallocator> - musl
-builds seem to be broken on upstream, fixes some broken/suspicious code in
-places, additional safety measures, and support redzones for Valgrind
- [zyansheep/rustyline-async][4]:
-<https://github.com/girlbossceo/rustyline-async> - tab completion callback and
-`CTRL+\` signal quit event for conduwuit console CLI
- [rust-rocksdb/rust-rocksdb][5]:
-<https://github.com/girlbossceo/rust-rocksdb-zaidoon1> - [`@zaidoon1`][8]'s fork
-has quicker updates, more up to date dependencies, etc. Our fork fixes musl build
-issues, removes unnecessary `gtest` include, and uses our RocksDB and jemallocator
-forks.
- [tokio-rs/tracing][6]: <https://github.com/girlbossceo/tracing> - Implements
-`Clone` for `EnvFilter` to support dynamically changing tracing envfilter's
-alongside other logging/metrics things
-
-## Debugging with `tokio-console`
-
-[`tokio-console`][7] can be a useful tool for debugging and profiling. To make a
-`tokio-console`-enabled build of conduwuit, enable the `tokio_console` feature,
-disable the default `release_max_log_level` feature, and set the `--cfg
-tokio_unstable` flag to enable experimental tokio APIs. A build might look like
-this:
-
-```bash
-RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
-    --release \
-    --no-default-features \
-    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console
-```
-
-You will also need to enable the `tokio_console` config option in conduwuit when
-starting it. This was due to tokio-console causing gradual memory leak/usage
-if left enabled.
-
-[1]: https://github.com/ruma/ruma/
-[2]: https://github.com/facebook/rocksdb/
-[3]: https://github.com/tikv/jemallocator/
-[4]: https://github.com/zyansheep/rustyline-async/
-[5]: https://github.com/rust-rocksdb/rust-rocksdb/
-[6]: https://github.com/tokio-rs/tracing/
-[7]: https://docs.rs/tokio-console/latest/tokio_console/
-[8]: https://github.com/zaidoon1/
-[9]: https://github.com/rust-lang/cargo/issues/12162
-[workspaces]: https://doc.rust-lang.org/cargo/reference/workspaces.html
-[macros]: https://doc.rust-lang.org/book/ch19-06-macros.html
-[syn]: https://docs.rs/syn/latest/syn/
-[proc-macro]: https://doc.rust-lang.org/reference/procedural-macros.html
-[clap]: https://docs.rs/clap/latest/clap/
-[features]: https://doc.rust-lang.org/cargo/reference/features.html
-[state]: https://docs.rs/axum/latest/axum/extract/struct.State.html
@@ -1,197 +0,0 @@
-# Hot Reloading ("Live" Development)
-
-### Summary
-
-When developing in debug-builds with the nightly toolchain, conduwuit is modular
-using dynamic libraries and various parts of the application are hot-reloadable
-while the server is running: http api handlers, admin commands, services,
-database, etc. These are all split up into individual workspace crates as seen
-in the `src/` directory. Changes to sourcecode in a crate rebuild that crate and
-subsequent crates depending on it. Reloading then occurs for the changed crates.
-
-Release builds still produce static binaries which are unaffected. Rust's
-soundness guarantees are in full force. Thus you cannot hot-reload release
-binaries.
-
-### Requirements
-
-Currently, this development setup only works on x86_64 and aarch64 Linux glibc.
-[musl explicitly does not support hot reloadable libraries, and does not
-implement `dlclose`][2]. macOS does not fully support our usage of `RTLD_GLOBAL`
-possibly due to some thread-local issues. [This Rust issue][3] may be of
-relevance, specifically [this comment][4]. It may be possible to get it working
-on only very modern macOS versions such as at least Sonoma, as currently loading
-dylibs is supported, but not unloading them in our setup, and the cited comment
-mentions an Apple WWDC confirming there have been TLS changes to somewhat make
-this possible.
-
-As mentioned above this requires the nightly toolchain. This is due to reliance
-on various Cargo.toml features that are only available on nightly, most
-specifically `RUSTFLAGS` in Cargo.toml. Some of the implementation could also be
-simpler based on other various nightly features. We hope lots of nightly
-features start making it out of nightly sooner as there have been dozens of very
-helpful features that have been stuck in nightly ("unstable") for at least 5+
-years that would make this simpler. We encourage greater community consensus to
-move these features into stability.
-
-This currently only works on x86_64/aarch64 Linux with a glibc C library. musl C
-library, macOS, and likely other host architectures are not supported (if other
-architectures work, feel free to let us know and/or make a PR updating this).
-This should work on GNU ld and lld (rust-lld) and gcc/clang, however if you
-happen to have linker issues it's recommended to try using `mold` or `gold`
-linkers, and please let us know in the [conduwuit Matrix room][7] the linker
-error and what linker solved this issue so we can figure out a solution. Ideally
-there should be minimal friction to using this, and in the future a build script
-(`build.rs`) may be suitable to making this easier to use if the capabilities
-allow us.
-
-### Usage
-
-As of 19 May 2024, the instructions for using this are:
-
-0. Have patience. Don't hesitate to join the [conduwuit Matrix room][7] to
-   receive help using this. As indicated by the various rustflags used and some
-of the interesting issues linked at the bottom, this is definitely not something
-the Rust ecosystem or toolchain is used to doing.
-
-1. Install the nightly toolchain using rustup. You may need to use `rustup
-   override set nightly` in your local conduwuit directory, or use `cargo
-+nightly` for all actions.
-
-2. Uncomment `cargo-features` at the top level / root Cargo.toml
-
-3. Scroll down to the `# Developer profile` section and uncomment ALL the
-   rustflags for each dev profile and their respective packages.
-
-4. In each workspace crate's Cargo.toml (everything under `src/*` AND
-   `deps/rust-rocksdb/Cargo.toml`), uncomment the `dylib` crate type under
-`[lib]`.
-
-5. Due to [this rpath issue][5], you must export the `LD_LIBRARY_PATH`
-   environment variable to your nightly Rust toolchain library directory. If
-using rustup (hopefully), use this: `export
-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/`
-
-6. Start the server. You can use `cargo +nightly run` for this along with the
-   standard.
-
-7. Make some changes where you need to.
-
-8. In a separate terminal window in the same directory (or using a terminal
-   multiplexer like tmux), run the *build* Cargo command `cargo +nightly build`.
-   Cargo should only rebuild what was changed / what's necessary, so it should
-   not be rebuilding all the crates.
-
-9. In your conduwuit server terminal, hit/send `CTRL+C` signal. This will tell
-   conduwuit to find which libraries need to be reloaded, and reloads them as
-   necessary.
-
-10. If there were no errors, it will tell you it successfully reloaded `#`
-   modules, and your changes should now be visible. Repeat 7 - 9 as needed.
-
-To shutdown conduwuit in this setup, hit/send `CTRL+\`. Normal builds still
-shutdown with `CTRL+C` as usual.
-
-Steps 1 - 5 are the initial first-time steps for using this. To remove the hot
-reload setup, revert/comment all the Cargo.toml changes.
-
-As mentioned in the requirements section, if you happen to have some linker
-issues, try using the `-fuse-ld=` rustflag and specify mold or gold in all the
-`rustflags` definitions in the top level Cargo.toml, and please let us know in
-the [conduwuit Matrix room][7] the problem. mold can be installed typically
-through your distro, and gold is provided by the binutils package.
-
-It's possible a helper script can be made to do all of this, or most preferably
-a specially made build script (build.rs). `cargo watch` support will be
-implemented soon which will eliminate the need to manually run `cargo build` all
-together.
-
-### Addendum
-
-Conduit was inherited as a single crate without modularity or reloading in its
-design. Reasonable partitioning and abstraction allowed a split into several
-crates, though many circular dependencies had to be corrected. The resulting
-crates now form a directed graph as depicted in figures below. The interfacing
-between these crates is still extremely broad which is not mitigable.
-
-Initially [hot_lib_reload][6] was investigated but found appropriate for a
-project designed with modularity through limited interfaces, not a large and
-complex existing codebase. Instead a bespoke solution built directly on
-[libloading][8] satisfied our constraints. This required relatively minimal
-modifications and zero maintenance burden compared to what would be required
-otherwise. The technical difference lies with relocation processing: we leverage
-global bindings (`RTLD_GLOBAL`) in a very intentional way. Most libraries and
-off-the-shelf module systems (such as [hot_lib_reload][6]) restrict themselves
-to local bindings (`RTLD_LOCAL`). This allows them to release software to
-multiple platforms with much greater consistency, but at the cost of burdening
-applications to explicitly manage these bindings. In our case with an optional
-feature for developers, we shrug any such requirement to enjoy the cost/benefit
-on platforms where global relocations are properly cooperative.
-
-To make use of `RTLD_GLOBAL` the application has to be oriented as a directed
-acyclic graph. The primary rule is simple and illustrated in the figure below:
-**no crate is allowed to call a function or use a variable from a crate below
-it.**
-
-![conduwuit's dynamic library setup diagram - created by Jason
-Volk](assets/libraries.png)
-
-When a symbol is referenced between crates they become bound: **crates cannot be
-unloaded until their calling crates are first unloaded.** Thus we start the
-reloading process from the crate which has no callers. There is a small problem
-though: the first crate is called by the base executable itself! This is solved
-by using an `RTLD_LOCAL` binding for just one link between the main executable
-and the first crate, freeing the executable from all modules as no global
-binding ever occurs between them.
-
-![conduwuit's reload and load order diagram - created by Jason
-Volk](assets/reload_order.png)
-
-Proper resource management is essential for reliable reloading to occur. This is
-a very basic ask in RAII-idiomatic Rust and the exposure to reloading hazards is
-remarkably low, generally stemming from poor patterns and practices.
-Unfortunately static analysis doesn't enforce reload-safety programmatically
-(though it could one day), for now hazards can be avoided by knowing a few basic
-do's and dont's:
-
-1. Understand that code is memory. Just like one is forbidden from referencing
-   free'd memory, one must not transfer control to free'd code. Exposure to this
-is primarily from two things:
-
-    - Callbacks, which this project makes very little use of.
-    - Async tasks, which are addressed below.
-
-2. Tie all resources to a scope or object lifetime with greatest possible
-symmetry (locality). For our purposes this applies to code resources, which
-means async blocks and tokio tasks.
-
-    - **Never spawn a task without receiving and storing its JoinHandle**.
-    - **Always wait on join handles** before leaving a scope or in another cleanup
-    function called by an owning scope.
-
-3. Know any minor specific quirks documented in code or here:
-
-    - Don't use `tokio::spawn`, instead use our `Handle` in `core/server.rs`, which
-    is reachable in most of the codebase via `services()` or other state. This is
-    due to some bugs or assumptions made in tokio, as it happens in `unsafe {}`
-    blocks, which are mitigated by circumventing some thread-local variables. Using
-    runtime handles is good practice in any case.
-
-The initial implementation PR is available [here][1].
-
-### Interesting related issues/bugs
-
- [DT_RUNPATH produced in binary with rpath = true is wrong (cargo)][5]
- [Disabling MIR Optimization in Rust Compilation
-(cargo)](https://internals.rust-lang.org/t/disabling-mir-optimization-in-rust-compilation/19066/5)
- [Workspace-level metadata
-(cargo-deb)](https://github.com/kornelski/cargo-deb/issues/68)
-
-[1]: https://github.com/girlbossceo/conduwuit/pull/387
-[2]: https://wiki.musl-libc.org/functional-differences-from-glibc.html#Unloading-libraries
-[3]: https://github.com/rust-lang/rust/issues/28794
-[4]: https://github.com/rust-lang/rust/issues/28794#issuecomment-368693049
-[5]: https://github.com/rust-lang/cargo/issues/12746
-[6]: https://crates.io/crates/hot-lib-reloader/
-[7]: https://matrix.to/#/#conduwuit:puppygock.gay
-[8]: https://crates.io/crates/libloading
@@ -1,22 +0,0 @@
-# Testing
-
-## Complement
-
-Have a look at [Complement's repository][complement] for an explanation of what
-it is.
-
-To test against Complement, with Nix (or [Lix](https://lix.systems) and direnv
-installed and set up, you can:
-
-* Run `./bin/complement "$COMPLEMENT_SRC" ./path/to/logs.jsonl
-./path/to/results.jsonl` to build a Complement image, run the tests, and output
-the logs and results to the specified paths. This will also output the OCI image
-at `result`
-* Run `nix build .#complement` from the root of the repository to just build a
-Complement OCI image outputted to `result` (it's a `.tar.gz` file)
-* Or download the latest Complement OCI image from the CI workflow artifacts
-output from the commit/revision you want to test (e.g. from main)
-[here][ci-workflows]
-
-[ci-workflows]: https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml?query=event%3Apush+is%3Asuccess+actor%3Agirlbossceo
-[complement]: https://github.com/matrix-org/complement
@@ -1,379 +0,0 @@
-#### **Note: This list may not up to date. There are rapidly more and more
-improvements, fixes, changes, etc being made that it is becoming more difficult
-to maintain this list. I recommend that you give conduwuit a try and see the
-differences for yourself. If you have any concerns, feel free to join the
-conduwuit Matrix room and ask any pre-usage questions.**
-
-### list of features, bug fixes, etc that conduwuit does that Conduit does not
-
-Outgoing typing indicators, outgoing read receipts, **and** outgoing presence!
-
-## Performance
-
- Concurrency support for individual homeserver key fetching for faster remote
-room joins and room joins that will error less frequently
- Send `Cache-Control` response header with `immutable` and 1 year cache length
-for all media requests (download and thumbnail) to instruct clients to cache
-media, and reduce server load from media requests that could be otherwise cached
- Add feature flags and config options to enable/build with zstd, brotli, and/or
-gzip HTTP body compression (response and request)
- Eliminate all usage of the thread-blocking `getaddrinfo(3)` call upon DNS
-queries, significantly improving federation latency/ping and cache DNS results
-(NXDOMAINs, successful queries, etc) using hickory-dns / hickory-resolver
- Enable HTTP/2 support on all requests
- Vastly improve RocksDB default settings to use new features that help with
-performance significantly, uses settings tailored to SSDs, various ways to tweak
-RocksDB, and a conduwuit setting to tell RocksDB to use settings that are
-tailored to HDDs or slow spinning rust storage or buggy filesystems.
- Implement database flush and cleanup conduwuit operations when using RocksDB
- Implement RocksDB write buffer corking and coalescing in database write-heavy
-areas
- Perform connection pooling and keepalives where necessary to significantly
-improve federation performance and latency
- Various config options to tweak connection pooling, request timeouts,
-connection timeouts, DNS timeouts and settings, etc with good defaults which
-also help huge with performance via reusing connections and retrying where
-needed
- Properly get and use the amount of parallelism / tokio workers
- Implement building conduwuit with jemalloc (which extends to the RocksDB
-jemalloc feature for maximum gains) or hardened_malloc light variant, and
-io_uring support, and produce CI builds with jemalloc and io_uring by default
-for performance (Nix doesn't seem to build
-[hardened_malloc-rs](https://github.com/girlbossceo/hardened_malloc-rs)
-properly)
- Add support for caching DNS results with hickory-dns / hickory-resolver in
-conduwuit (not a replacement for a proper resolver cache, but still far better
-than nothing), also properly falls back on TCP for UDP errors or if a SRV
-response is too large
- Add config option for using DNS over TCP, and config option for controlling
-A/AAAA record lookup strategy (e.g. don't query AAAA records if you don't have
-IPv6 connectivity)
- Overall significant database, Client-Server, and federation performance and
-latency improvements (check out the ping room leaderboards if you don't believe
-me :>)
- Add config options for RocksDB compression and bottommost compression,
-including choosing the algorithm and compression level
- Use [loole](https://github.com/mahdi-shojaee/loole) MPSC channels instead of
-tokio MPSC channels for huge performance boosts in sending channels (mainly
-relevant for federation) and presence channels
- Use `tracing`/`log`'s `release_max_level_info` feature to improve performance,
-build speeds, binary size, and CPU usage in release builds by avoid compiling
-debug/trace log level macros that users will generally never use (can be
-disabled with a build-time feature flag)
- Remove some unnecessary checks on EDU handling for incoming transactions,
-effectively speeding them up
- Simplify, dedupe, etc huge chunks of the codebase, including some that were
-unnecessary overhead, binary bloats, or preventing compiler/linker optimisations
- Implement zero-copy RocksDB database accessors, substantially improving
-performance caused by unnecessary memory allocations
-
-## General Fixes/Features
-
- Add legacy Element client hack fixing password changes and deactivations on
-legacy Element Android/iOS due to usage of an unspecced `user` field for UIAA
- Raise and improve all the various request timeouts making some things like
-room joins and client bugs error less or none at all than they should, and make
-them all user configurable
- Add missing `reason` field to user ban events (`/ban`)
- Safer and cleaner shutdowns across incoming/outgoing requests (graceful
-shutdown) and the database
- Stop sending `make_join` requests on room joins if 15 servers respond with
-`M_UNSUPPORTED_ROOM_VERSION` or `M_INVALID_ROOM_VERSION`
- Stop sending `make_join` requests if 50 servers cannot provide `make_join` for
-us
- Respect *most* client parameters for `/media/` requests (`allow_redirect`
-still needs work)
- Return joined member count of rooms for push rules/conditions instead of a
-hardcoded value of 10
- Make `CONDUIT_CONFIG` optional, relevant for container users that configure
-only by environment variables and no longer need to set `CONDUIT_CONFIG` to an
-empty string.
- Allow HEAD and PATCH (MSC4138) HTTP requests in CORS for clients (despite not
-being explicity mentioned in Matrix spec, HTTP spec says all HEAD requests need
-to behave the same as GET requests, Synapse supports HEAD requests)
- Fix using conduwuit with flake-compat on NixOS
- Resolve and remove some "features" from upstream that result in concurrency
-hazards, exponential backoff issues, or arbitrary performance limiters
- Find more servers for outbound federation `/hierarchy` requests instead of
-just the room ID server name
- Support for suggesting servers to join through at
-`/_matrix/client/v3/directory/room/{roomAlias}`
- Support for suggesting servers to join through us at
-`/_matrix/federation/v1/query/directory`
- Misc edge-case search fixes (e.g. potentially missing some events)
- Misc `/sync` fixes (e.g. returning unnecessary data or incorrect/invalid
-responses)
- Add `replaces_state` and `prev_sender` in `unsigned` for state event changes
-which primarily makes Element's "See history" button on a state event functional
- Fix Conduit not allowing incoming federation requests for various world
-readable rooms
- Fix Conduit not respecting the client-requested file name on media requests
- Prevent sending junk / non-membership events to `/send_join` and `/send_leave`
-endpoints
- Only allow the requested membership type on `/send_join` and `/send_leave`
-endpoints (e.g. don't allow leave memberships on join endpoints)
- Prevent state key impersonation on `/send_join` and `/send_leave` endpoints
- Validate `X-Matrix` origin and request body `"origin"` field on incoming
-transactions
- Add `GET /_matrix/client/v1/register/m.login.registration_token/validity`
-endpoint
- Explicitly define support for sliding sync at `/_matrix/client/versions`
-(`org.matrix.msc3575`)
- Fix seeing empty status messages on user presences
-
-## Moderation
-
- (Also see [Admin Room](#admin-room) for all the admin commands pertaining to
-moderation, there's a lot!)
- Add support for room banning/blocking by ID using admin command
- Add support for serving `support` well-known from `[global.well_known]`
-(MSC1929) (`/.well-known/matrix/support`)
- Config option to forbid publishing rooms to the room directory
-(`lockdown_public_room_directory`) except for admins
- Admin commands to delete room aliases and unpublish rooms from our room
-directory
- For all
-[`/report`](https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3roomsroomidreporteventid)
-requests: check if the reported event ID belongs to the reported room ID, raise
-report reasoning character limit to 750, fix broken formatting, make a small
-delayed random response per spec suggestion on privacy, and check if the sender
-user is in the reported room.
- Support blocking servers from downloading remote media from, returning a 404
- Don't allow `m.call.invite` events to be sent in public rooms (prevents
-calling the entire room)
- On new public room creations, only allow moderators to send `m.call.invite`,
-`org.matrix.msc3401.call`, and `org.matrix.msc3401.call.member` events to
-prevent unprivileged users from calling the entire room
- Add support for a "global ACLs" feature (`forbidden_remote_server_names`) that
-blocks inbound remote room invites, room joins by room ID on server name, room
-joins by room alias on server name, incoming federated joins, and incoming
-federated room directory requests. This is very helpful for blocking servers
-that are purely toxic/bad and serve no value in allowing our users to suffer
-from things like room invite spam or such. Please note that this is not a
-substitute for room ACLs.
- Add support for a config option to forbid our local users from sending
-federated room directory requests for
-(`forbidden_remote_room_directory_server_names`). Similar to above, useful for
-blocking servers that help prevent our users from wandering into bad areas of
-Matrix via room directories of those malicious servers.
- Add config option for auto remediating/deactivating local non-admin users who
-attempt to join bad/forbidden rooms (`auto_deactivate_banned_room_attempts`)
- Deactivating users will remove their profile picture, blurhash, display name,
-and leave all rooms by default just like Synapse and for additional privacy
- Reject some EDUs from ACL'd users such as read receipts and typing indicators
-
-## Privacy/Security
-
- Add config option for device name federation with a privacy-friendly default
-(disabled)
- Add config option for requiring authentication to the `/publicRooms` endpoint
-(room directory) with a default enabled for privacy
- Add config option for federating `/publicRooms` endpoint (room directory) to
-other servers with a default disabled for privacy
- Uses proper `argon2` crate by RustCrypto instead of questionable `rust-argon2`
-crate
- Generate passwords with 25 characters instead of 15
- Config option `ip_range_denylist` to support refusing to send requests
-(typically federation) to specific IP ranges, typically RFC 1918, non-routable,
-testnet, etc addresses like Synapse for security (note: this is not a guaranteed
-protection, and you should be using a firewall with zones if you want guaranteed
-protection as doing this on the application level is prone to bypasses).
- Config option to block non-admin users from sending room invites or receiving
-remote room invites. Admin users are still allowed.
- Config option to disable incoming and/or outgoing remote read receipts
- Config option to disable incoming and/or outgoing remote typing indicators
- Config option to disable incoming, outgoing, and/or local presence and for
-timing out remote users
- Sanitise file names for the `Content-Disposition` header for all media
-requests (thumbnails, downloads, uploads)
- Media repository on handling `Content-Disposition` and `Content-Type` is fully
-spec compliant and secured
- Send secure default HTTP headers such as a strong restrictive CSP (see
-MSC4149), deny iframes, disable `X-XSS-Protection`, disable interest cohort in
-`Permission-Policy`, etc to mitigate any potential attack surface such as from
-untrusted media
-
-## Administration/Logging
-
- Commandline argument to specify the path to a config file instead of relying
-on `CONDUIT_CONFIG`
- Revamped admin room infrastructure and commands
- Substantially clean up, improve, and fix logging (less noisy dead server
-logging, registration attempts, more useful troubleshooting logging, proper
-error propagation, etc)
- Configurable RocksDB logging (`LOG` files) with proper defaults (rotate, max
-size, verbosity, etc) to stop LOG files from accumulating so much
- Explicit startup error if your configuration allows open registration without
-a token or such like Synapse with a way to bypass it if needed
- Replace the lightning bolt emoji option with support for setting any arbitrary
-text (e.g. another emoji) to suffix to all new user registrations, with a
-conduwuit default of "🏳️‍⚧️"
- Implement config option to auto join rooms upon registration
- Warn on unknown config options specified
- Add `/_conduwuit/server_version` route to return the version of conduwuit
-without relying on the federation API `/_matrix/federation/v1/version`
- Add `/_conduwuit/local_user_count` route to return the amount of registered
-active local users on your homeserver *if federation is enabled*
- Add configurable RocksDB recovery modes to aid in recovering corrupted RocksDB
-databases
- Support config options via `CONDUWUIT_` prefix and accessing non-global struct
-config options with the `__` split (e.g. `CONDUWUIT_WELL_KNOWN__SERVER`)
- Add support for listening on multiple TCP ports and multiple addresses
- **Opt-in** Sentry.io telemetry and metrics, mainly used for crash reporting
- Log the client IP on various requests such as registrations, banned room join
-attempts, logins, deactivations, federation transactions, etc
- Fix Conduit dropping some remote server federation response errors
-
-## Maintenance/Stability
-
- GitLab CI ported to GitHub Actions
- Add support for the Matrix spec compliance test suite
-[Complement](https://github.com/matrix-org/complement/) via the Nix flake and
-various other fixes for it
- Implement running and diff'ing Complement results in CI and error if any
-mismatch occurs to prevent large cases of conduwuit regressions
- Repo is (officially) mirrored to GitHub, GitLab, git.gay, git.girlcock.ceo,
-sourcehut, and Codeberg (see README.md for their links)
- Docker container images published to GitLab Container Registry, GitHub
-Container Registry, and Dockerhub
- Extensively revamp the example config to be extremely helpful and useful to
-both new users and power users
- Fixed every single clippy (default lints) and rustc warnings, including some
-that were performance related or potential safety issues / unsoundness
- Add a **lot** of other clippy and rustc lints and a rustfmt.toml file
- Repo uses [Renovate](https://docs.renovatebot.com/) and keeps ALL
-dependencies as up to date as possible
- Purge unmaintained/irrelevant/broken database backends (heed, sled, persy) and
-other unnecessary code or overhead
- webp support for images
- Add cargo audit support to CI
- Add documentation lints via lychee and markdownlint-cli to CI
- CI tests for all sorts of feature matrixes (jemalloc, non-defaullt, all
-features, etc)
- Add static and dynamic linking smoke tests in CI to prevent any potential
-linking regressions for Complement, static binaries, Nix devshells, etc
- Add timestamp by commit date when building OCI images for keeping image build
-reproducibility and still have a meaningful "last modified date" for OCI image
- Add timestamp by commit date via `SOURCE_DATE_EPOCH` for Debian packages
- Startup check if conduwuit running in a container and is listening on
-127.0.0.1 (generally containers are using NAT networking and 0.0.0.0 is the
-intended listening address)
- Add a panic catcher layer to return panic messages in HTTP responses if a
-panic occurs
- Add full compatibility support for SHA256 media file names instead of base64
-file names to overcome filesystem file name length limitations (OS error file
-name too long) while still retaining upstream database compatibility
- Remove SQLite support due to being very poor performance, difficult to
-maintain against RocksDB, and is a blocker to significantly improved database
-code
-
-## Admin Room
-
- Add support for a console CLI interface that can issue admin commands and
-output them in your terminal
- Add support for an admin-user-only commandline admin room interface that can
-be issued in any room with the `\\!admin` or `\!admin` prefix and returns the
-response as yourself in the same room
- Add admin commands for uptime, server startup, server shutdown, and server
-restart
- Fix admin room handler to not panic/crash if the admin room command response
-fails (e.g. too large message)
- Add command to dynamically change conduwuit's tracing log level filter on the
-fly
- Add admin command to fetch a server's `/.well-known/matrix/support` file
- Add debug admin command to force update user device lists (could potentially
-resolve some E2EE flukes)
- Implement **RocksDB online backups**, listing RocksDB backups, and listing
-database file counts all via admin commands
- Add various database visibility commands such as being able to query the
-getters and iterators used in conduwuit, a very helpful online debugging utility
- Forbid the admin room from being made public or world readable history
- Add `!admin` as a way to call the admin bot
- Extend clear cache admin command to support clearing more caches such as DNS
-and TLS name overrides
- Admin debug command to send a federation request/ping to a server's
-`/_matrix/federation/v1/version` endpoint and measures the latency it took
- Add admin command to bulk delete media via a codeblock list of MXC URLs.
- Add admin command to delete both the thumbnail and media MXC URLs from an
-event ID (e.g. from an abuse report)
- Add admin command to list all the rooms a local user is joined in
- Add admin command to list joined members in a room
- Add admin command to view the room topic of a room
- Add admin command to delete all remote media in the past X minutes as a form
-of deleting media that you don't want on your server that a remote user posted
-in a room, a `--force` flag to ignore errors, and support for reading `last
-modified time` instead of `creation time` for filesystems that don't support
-file created metadata
- Add admin command to return a room's full/complete state
- Admin debug command to fetch a PDU from a remote server and inserts it into
-our database/timeline as backfill
- Add admin command to delete media via a specific MXC. This deletes the MXC
-from our database, and the file locally.
- Add admin commands for banning (blocking) room IDs from our local users
-joining (admins are always allowed) and evicts all our local users from that
-room, in addition to bulk room banning support, and blocks room invites (remote
-and local) to the banned room, as a moderation feature
- Add admin commands to output jemalloc memory stats and memory usage
- Add admin command to get rooms a *remote* user shares with us
- Add debug admin commands to get the earliest and latest PDU in a room
- Add debug admin command to echo a message
- Add admin command to insert rooms tags for a user, most useful for inserting
-the `m.server_notice` tag on your admin room to make it "persistent" in the
-"System Alerts" section of Element
- Add experimental admin debug command for Dendrite's `AdminDownloadState`
-(`/admin/downloadState/{serverName}/{roomID}`) admin API endpoint to download
-and use a remote server's room state in the room
- Disable URL previews by default in the admin room due to various command
-outputs having "URLs" in them that clients may needlessly render/request
- Extend memory usage admin server command to support showing memory allocator
-stats such as jemalloc's
- Add admin debug command to see memory allocator's full extended debug
-statistics such as jemalloc's
-
-## Misc
-
- Add guest support for accessing TURN servers via `turn_allow_guests` like
-Synapse
- Support for creating rooms with custom room IDs like Maunium Synapse
-(`room_id` request body field to `/createRoom`)
- Query parameter `?format=event|content` for returning either the room state
-event's content (default) for the full room state event on
-`/_matrix/client/v3/rooms/{roomId}/state/{eventType}[/{stateKey}]` requests (see
-<https://github.com/matrix-org/matrix-spec/issues/1047>)
- Send a User-Agent on all of our requests
- Send `avatar_url` on invite room membership events/changes
- Support sending [`well_known` response to client login
-responses](https://spec.matrix.org/v1.10/client-server-api/#post_matrixclientv3login)
-if using config option `[well_known.client]`
- Implement `include_state` search criteria support for `/search` requests
-(response now can include room states)
- Declare various missing Matrix versions and features at
-`/_matrix/client/versions`
- Implement legacy Matrix `/v1/` media endpoints that some clients and servers
-may still call
- Config option to change Conduit's behaviour of homeserver key fetching
-(`query_trusted_key_servers_first`). This option sets whether conduwuit will
-query trusted notary key servers first before the individual homeserver(s), or
-vice versa which may help in joining certain rooms.
- Implement unstable MSC2666 support for querying mutual rooms with a user
- Implement unstable MSC3266 room summary API support
- Implement unstable MSC4125 support for specifying servers to join via on
-federated invites
- Make conduwuit build and be functional under Nix + macOS
- Log out all sessions after unsetting the emergency password
- Assume well-knowns are broken if they exceed past 12288 characters.
- Add support for listening on both HTTP and HTTPS if using direct TLS with
-conduwuit for usecases such as Complement
- Add config option for disabling RocksDB Direct IO if needed
- Add various documentation on maintaining conduwuit, using RocksDB online
-backups, some troubleshooting, using admin commands, moderation documentation,
-etc
- (Developers): Add support for [hot reloadable/"live" modular
-development](development/hot_reload.md)
- (Developers): Add support for tokio-console
- (Developers): Add support for tracing flame graphs
- No cryptocurrency donations allowed, conduwuit is fully maintained by
-independent queer maintainers, and with a strong priority on inclusitivity and
-comfort for protected groups 🏳️‍⚧️
- [Add a community Code of Conduct for all conduwuit community spaces, primarily
-the Matrix space](https://conduwuit.puppyirl.gay/conduwuit_coc.html)
@@ -1,22 +0,0 @@
-# conduwuit
-
-{{#include ../README.md:catchphrase}}
-
-{{#include ../README.md:body}}
-
-#### What's different about your fork than upstream Conduit?
-
-See the [differences](differences.md) page
-
-#### How can I deploy my own?
-
- [Deployment options](deploying.md)
-
-If you want to connect an appservice to conduwuit, take a look at the
-[appservices documentation](appservices.md).
-
-#### How can I contribute?
-
-See the [contributor's guide](contributing.md)
-
-{{#include ../README.md:footer}}
@@ -1,135 +0,0 @@
-# Maintaining your conduwuit setup
-
-## Moderation
-
-conduwuit has moderation through admin room commands. "binary commands" (medium
-priority) and an admin API (low priority) is planned. Some moderation-related
-config options are available in the example config such as "global ACLs" and
-blocking media requests to certain servers. See the example config for the
-moderation config options under the "Moderation / Privacy / Security" section.
-
-conduwuit has moderation admin commands for:
-
- managing room aliases (`!admin rooms alias`)
- managing room directory (`!admin rooms directory`)
- managing room banning/blocking and user removal (`!admin rooms moderation`)
- managing user accounts (`!admin users`)
- fetching `/.well-known/matrix/support` from servers (`!admin federation`)
- blocking incoming federation for certain rooms (not the same as room banning)
-(`!admin federation`)
- deleting media (see [the media section](#media))
-
-Any commands with `-list` in them will require a codeblock in the message with
-each object being newline delimited. An example of doing this is:
-
-````
-!admin rooms moderation ban-list-of-rooms
-```
-!roomid1:server.name
-#badroomalias1:server.name
-!roomid2:server.name
-!roomid3:server.name
-#badroomalias2:server.name
-```
-````
-
-## Database (RocksDB)
-
-Generally there is very little you need to do. [Compaction][rocksdb-compaction]
-is ran automatically based on various defined thresholds tuned for conduwuit to
-be high performance with the least I/O amplifcation or overhead. Manually
-running compaction is not recommended, or compaction via a timer, due to
-creating unnecessary I/O amplification. RocksDB is built with io_uring support
-via liburing for improved read performance.
-
-RocksDB troubleshooting can be found [in the RocksDB section of troubleshooting](troubleshooting.md).
-
-### Compression
-
-Some RocksDB settings can be adjusted such as the compression method chosen. See
-the RocksDB section in the [example config](configuration/examples.md).
-
-btrfs users have reported that database compression does not need to be disabled
-on conduwuit as the filesystem already does not attempt to compress. This can be
-validated by using `filefrag -v` on a `.SST` file in your database, and ensure
-the `physical_offset` matches (no filesystem compression). It is very important
-to ensure no additional filesystem compression takes place as this can render
-unbuffered Direct IO inoperable, significantly slowing down read and write
-performance. See <https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility>
-
-> Compression is done using the COW mechanism so it’s incompatible with
-> nodatacow. Direct IO read works on compressed files but will fall back to
-> buffered writes and leads to no compression even if force compression is set.
-> Currently nodatasum and compression don’t work together.
-
-### Files in database
-
-Do not touch any of the files in the database directory. This must be said due
-to users being mislead by the `.log` files in the RocksDB directory, thinking
-they're server logs or database logs, however they are critical RocksDB files
-related to WAL tracking.
-
-The only safe files that can be deleted are the `LOG` files (all caps). These
-are the real RocksDB telemetry/log files, however conduwuit has already
-configured to only store up to 3 RocksDB `LOG` files due to generall being
-useless for average users unless troubleshooting something low-level. If you
-would like to store nearly none at all, see the `rocksdb_max_log_files`
-config option.
-
-## Backups
-
-Currently only RocksDB supports online backups. If you'd like to backup your
-database online without any downtime, see the `!admin server` command for the
-backup commands and the `database_backup_path` config options in the example
-config. Please note that the format of the database backup is not the exact
-same. This is unfortunately a bad design choice by Facebook as we are using the
-database backup engine API from RocksDB, however the data is still there and can
-still be joined together.
-
-To restore a backup from an online RocksDB backup:
-
- shutdown conduwuit
- create a new directory for merging together the data
- in the online backup created, copy all `.sst` files in
-`$DATABASE_BACKUP_PATH/shared_checksum` to your new directory
- trim all the strings so instead of `######_sxxxxxxxxx.sst`, it reads
-`######.sst`. A way of doing this with sed and bash is `for file in *.sst; do mv
-"$file" "$(echo "$file" | sed 's/_s.*/.sst/')"; done`
- copy all the files in `$DATABASE_BACKUP_PATH/1` (or the latest backup number
-if you have multiple) to your new directory
- set your `database_path` config option to your new directory, or replace your
-old one with the new one you crafted
- start up conduwuit again and it should open as normal
-
-If you'd like to do an offline backup, shutdown conduwuit and copy your
-`database_path` directory elsewhere. This can be restored with no modifications
-needed.
-
-Backing up media is also just copying the `media/` directory from your database
-directory.
-
-## Media
-
-Media still needs various work, however conduwuit implements media deletion via:
-
- MXC URI or Event ID (unencrypted and attempts to find the MXC URI in the
-event)
- Delete list of MXC URIs
- Delete remote media in the past `N` seconds/minutes via filesystem metadata on
-the file created time (`btime`) or file modified time (`mtime`)
-
-See the `!admin media` command for further information. All media in conduwuit
-is stored at `$DATABASE_DIR/media`. This will be configurable soon.
-
-If you are finding yourself needing extensive granular control over media, we
-recommend looking into [Matrix Media
-Repo](https://github.com/t2bot/matrix-media-repo). conduwuit intends to
-implement various utilities for media, but MMR is dedicated to extensive media
-management.
-
-Built-in S3 support is also planned, but for now using a "S3 filesystem" on
-`media/` works. conduwuit also sends a `Cache-Control` header of 1 year and
-immutable for all media requests (download and thumbnail) to reduce unnecessary
-media requests from browsers, reduce bandwidth usage, and reduce load.
-
-[rocksdb-compaction]: https://github.com/facebook/rocksdb/wiki/Compaction
@@ -1,192 +0,0 @@
-# Troubleshooting conduwuit
-
-> ## Docker users ⚠️
->
-> Docker is extremely UX unfriendly. Because of this, a ton of issues or support
-> is actually Docker support, not conduwuit support. We also cannot document the
-> ever-growing list of Docker issues here.
->
-> If you intend on asking for support and you are using Docker, **PLEASE**
-> triple validate your issues are **NOT** because you have a misconfiguration in
-> your Docker setup.
->
-> If there are things like Compose file issues or Dockerhub image issues, those
-> can still be mentioned as long as they're something we can fix.
-
-## conduwuit and Matrix issues
-
-#### Lost access to admin room
-
-You can reinvite yourself to the admin room through the following methods:
- Use the `--execute "users make_user_admin <username>"` conduwuit binary
-argument once to invite yourslf to the admin room on startup
- Use the conduwuit console/CLI to run the `users make_user_admin` command
- Or specify the `emergency_password` config option to allow you to temporarily
-log into the server account (`@conduit`) from a web client
-
-## General potential issues
-
-#### Potential DNS issues when using Docker
-
-Docker has issues with its default DNS setup that may cause DNS to not be
-properly functional when running conduwuit, resulting in federation issues. The
-symptoms of this have shown in excessively long room joins (30+ minutes) from
-very long DNS timeouts, log entries of "mismatching responding nameservers",
-and/or partial or non-functional inbound/outbound federation.
-
-This is **not** a conduwuit issue, and is purely a Docker issue. It is not
-sustainable for heavy DNS activity which is normal for Matrix federation. The
-workarounds for this are:
- Use DNS over TCP via the config option `query_over_tcp_only = true`
- Don't use Docker's default DNS setup and instead allow the container to use
-and communicate with your host's DNS servers (host's `/etc/resolv.conf`)
-
-#### DNS No connections available error message
-
-If you receive spurious amounts of error logs saying "DNS No connections
-available", this is due to your DNS server (servers from `/etc/resolv.conf`)
-being overloaded and unable to handle typical Matrix federation volume. Some
-users have reported that the upstream servers are rate-limiting them as well
-when they get this error (e.g. popular upstreams like Google DNS).
-
-Matrix federation is extremely heavy and sends wild amounts of DNS requests.
-Unfortunately this is by design and has only gotten worse with more
-server/destination resolution steps. Synapse also expects a very perfect DNS
-setup.
-
-There are some ways you can reduce the amount of DNS queries, but ultimately
-the best solution/fix is selfhosting a high quality caching DNS server like
-[Unbound][unbound-arch] without any upstream resolvers, and without DNSSEC
-validation enabled.
-
-DNSSEC validation is highly recommended to be **disabled** due to DNSSEC being
-very computationally expensive, and is extremely susceptible to denial of
-service, especially on Matrix. Many servers also strangely have broken DNSSEC
-setups and will result in non-functional federation.
-
-conduwuit cannot provide a "works-for-everyone" Unbound DNS setup guide, but
-the [official Unbound tuning guide][unbound-tuning] and the [Unbound Arch Linux wiki page][unbound-arch]
-may be of interest. Disabling DNSSEC on Unbound is commenting out trust-anchors
-config options and removing the `validator` module.
-
-**Avoid** using `systemd-resolved` as it does **not** perform very well under
-high load, and we have identified its DNS caching to not be very effective.
-
-dnsmasq can possibly work, but it does **not** support TCP fallback which can be
-problematic when receiving large DNS responses such as from large SRV records.
-If you still want to use dnsmasq, make sure you **disable** `dns_tcp_fallback`
-in conduwuit config.
-
-Raising `dns_cache_entries` in conduwuit config from the default can also assist
-in DNS caching, but a full-fledged external caching resolver is better and more
-reliable.
-
-If you don't have IPv6 connectivity, changing `ip_lookup_strategy` to match
-your setup can help reduce unnecessary AAAA queries
-(`1 - Ipv4Only (Only query for A records, no AAAA/IPv6)`).
-
-If your DNS server supports it, some users have reported enabling
-`query_over_tcp_only` to force only TCP querying by default has improved DNS
-reliability at a slight performance cost due to TCP overhead.
-
-## RocksDB / database issues
-
-#### Database corruption
-
-If your database is corrupted *and* is failing to start (e.g. checksum
-mismatch), it may be recoverable but careful steps must be taken, and there is
-no guarantee it may be recoverable.
-
-The first thing that can be done is launching conduwuit with the
-`rocksdb_repair` config option set to true. This will tell RocksDB to attempt to
-repair itself at launch. If this does not work, disable the option and continue
-reading.
-
-RocksDB has the following recovery modes:
-
- `TolerateCorruptedTailRecords`
- `AbsoluteConsistency`
- `PointInTime`
- `SkipAnyCorruptedRecord`
-
-By default, conduwuit uses `TolerateCorruptedTailRecords` as generally these may
-be due to bad federation and we can re-fetch the correct data over federation.
-The RocksDB default is `PointInTime` which will attempt to restore a "snapshot"
-of the data when it was last known to be good. This data can be either a few
-seconds old, or multiple minutes prior. `PointInTime` may not be suitable for
-default usage due to clients and servers possibly not being able to handle
-sudden "backwards time travels", and `AbsoluteConsistency` may be too strict.
-
-`AbsoluteConsistency` will fail to start the database if any sign of corruption
-is detected. `SkipAnyCorruptedRecord` will skip all forms of corruption unless
-it forbids the database from opening (e.g. too severe). Usage of
-`SkipAnyCorruptedRecord` voids any support as this may cause more damage and/or
-leave your database in a permanently inconsistent state, but it may do something
-if `PointInTime` does not work as a last ditch effort.
-
-With this in mind:
-
- First start conduwuit with the `PointInTime` recovery method. See the [example
-config](configuration/examples.md) for how to do this using
-`rocksdb_recovery_mode`
- If your database successfully opens, clients are recommended to clear their
-client cache to account for the rollback
- Leave your conduwuit running in `PointInTime` for at least 30-60 minutes so as
-much possible corruption is restored
- If all goes will, you should be able to restore back to using
-`TolerateCorruptedTailRecords` and you have successfully recovered your database
-
-## Debugging
-
-Note that users should not really be debugging things. If you find yourself
-debugging and find the issue, please let us know and/or how we can fix it.
-Various debug commands can be found in `!admin debug`.
-
-#### Debug/Trace log level
-
-conduwuit builds without debug or trace log levels at compile time by default
-for substantial performance gains in CPU usage and improved compile times. If
-you need to access debug/trace log levels, you will need to build without the
-`release_max_log_level` feature or use our provided static debug binaries.
-
-#### Changing log level dynamically
-
-conduwuit supports changing the tracing log environment filter on-the-fly using
-the admin command `!admin debug change-log-level <log env filter>`. This accepts
-a string **without quotes** the same format as the `log` config option.
-
-Example: `!admin debug change-log-level debug`
-
-This can also accept complex filters such as:
-`!admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,ruma_state_res=trace`
-`!admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,conduit_service[send{dest="example.org"}]=trace`
-
-And to reset the log level to the one that was set at startup / last config
-load, simply pass the `--reset` flag.
-
-`!admin debug change-log-level --reset`
-
-#### Pinging servers
-
-conduwuit can ping other servers using `!admin debug ping <server>`. This takes
-a server name and goes through the server discovery process and queries
-`/_matrix/federation/v1/version`. Errors are outputted.
-
-While it does measure the latency of the request, it is not indicative of
-server performance on either side as that endpoint is completely unauthenticated
-and simply fetches a string on a static JSON endpoint. It is very low cost both
-bandwidth and computationally.
-
-#### Allocator memory stats
-
-When using jemalloc with jemallocator's `stats` feature (`--enable-stats`), you
-can see conduwuit's high-level allocator stats by using
-`!admin server memory-usage` at the bottom.
-
-If you are a developer, you can also view the raw jemalloc statistics with
-`!admin debug memory-stats`. Please note that this output is extremely large
-which may only be visible in the conduwuit console CLI due to PDU size limits,
-and is not easy for non-developers to understand.
-
-[unbound-tuning]: https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/performance.html
-[unbound-arch]: https://wiki.archlinux.org/title/Unbound
@@ -1,70 +0,0 @@
-# Setting up TURN/STURN
-
-In order to make or receive calls, a TURN server is required. conduwuit suggests
-using [Coturn](https://github.com/coturn/coturn) for this purpose, which is also
-available as a Docker image.
-
-### Configuration
-
-Create a configuration file called `coturn.conf` containing:
-
-```conf
-use-auth-secret
-static-auth-secret=<a secret key>
-realm=<your server domain>
-```
-
-A common way to generate a suitable alphanumeric secret key is by using `pwgen
-s 64 1`.
-
-These same values need to be set in conduwuit. See the [example
-config](configuration/examples.md) in the TURN section for configuring these and
-restart conduwuit after.
-
-`turn_secret` or a path to `turn_secret_file` must have a value of your
-coturn `static-auth-secret`, or use `turn_username` and `turn_password`
-if using legacy username:password TURN authentication (not preferred).
-
-`turn_uris` must be the list of TURN URIs you would like to send to the client.
-Typically you will just replace the example domain `example.turn.uri` with the
-`realm` you set from the example config.
-
-If you are using TURN over TLS, you can replace `turn:` with `turns:` in the
-`turn_uris` config option to instruct clients to attempt to connect to
-TURN over TLS. This is highly recommended.
-
-If you need unauthenticated access to the TURN URIs, or some clients may be
-having trouble, you can enable `turn_guest_access` in conduwuit which disables
-authentication for the TURN URI endpoint `/_matrix/client/v3/voip/turnServer`
-
-### Run
-
-Run the [Coturn](https://hub.docker.com/r/coturn/coturn) image using
-
-```bash
-docker run -d --network=host -v
-$(pwd)/coturn.conf:/etc/coturn/turnserver.conf coturn/coturn
-```
-
-or docker-compose. For the latter, paste the following section into a file
-called `docker-compose.yml` and run `docker compose up -d` in the same
-directory.
-
-```yml
-version: 3
-services:
-    turn:
-      container_name: coturn-server
-      image: docker.io/coturn/coturn
-      restart: unless-stopped
-      network_mode: "host"
-      volumes:
-        - ./coturn.conf:/etc/coturn/turnserver.conf
-```
-
-To understand why the host networking mode is used and explore alternative
-configuration options, please visit [Coturn's Docker
-documentation](https://github.com/coturn/coturn/blob/master/docker/coturn/README.md).
-
-For security recommendations see Synapse's [Coturn
-documentation](https://element-hq.github.io/synapse/latest/turn-howto.html).
@@ -1,249 +0,0 @@
-interpreter = ["bash", "-euo", "pipefail", "-c"]
-
-[[task]]
-name = "engage"
-group = "versions"
-script = "engage --version"
-
-[[task]]
-name = "nix"
-group = "versions"
-script = "nix --version"
-
-[[task]]
-name = "direnv"
-group = "versions"
-script = "direnv --version"
-
-[[task]]
-name = "rustc"
-group = "versions"
-script = "rustc --version"
-
-[[task]]
-name = "cargo"
-group = "versions"
-script = "cargo --version"
-
-[[task]]
-name = "cargo-fmt"
-group = "versions"
-script = "cargo fmt --version"
-
-[[task]]
-name = "rustdoc"
-group = "versions"
-script = "rustdoc --version"
-
-[[task]]
-name = "cargo-clippy"
-group = "versions"
-script = "cargo clippy -- --version"
-
-[[task]]
-name = "cargo-audit"
-group = "versions"
-script = "cargo audit --version"
-
-[[task]]
-name = "cargo-deb"
-group = "versions"
-script = "cargo deb --version"
-
-[[task]]
-name = "lychee"
-group = "versions"
-script = "lychee --version"
-
-[[task]]
-name = "markdownlint"
-group = "versions"
-script = "markdownlint --version"
-
-[[task]]
-name = "dpkg"
-group = "versions"
-script = "dpkg --version"
-
-[[task]]
-name = "cargo-audit"
-group = "security"
-script = "cargo audit -D warnings -D unmaintained -D unsound -D yanked"
-
-[[task]]
-name = "cargo-fmt"
-group = "lints"
-script = """
-cargo fmt --check -- --color=always
-"""
-
-[[task]]
-name = "cargo-doc"
-group = "lints"
-script = """
-env DIRENV_DEVSHELL=all-features \
-    RUSTDOCFLAGS="-D warnings" \
-    direnv exec . \
-    cargo doc \
-        --workspace \
-        --locked \
-        --profile test \
-        --all-features \
-        --no-deps \
-        --document-private-items \
-        --color always
-"""
-
-[[task]]
-name = "clippy/default"
-group = "lints"
-script = """
-direnv exec . \
-cargo clippy \
-    --workspace \
-    --locked \
-    --profile test \
-    --color=always \
-    -- \
-    -D warnings
-"""
-
-[[task]]
-name = "clippy/all"
-group = "lints"
-script = """
-env DIRENV_DEVSHELL=all-features \
-    direnv exec . \
-    cargo clippy \
-        --workspace \
-        --locked \
-        --profile test \
-        --all-features \
-        --color=always \
-        -- \
-        -D warnings
-"""
-
-[[task]]
-name = "clippy/no-features"
-group = "lints"
-script = """
-env DIRENV_DEVSHELL=no-features \
-    direnv exec . \
-    cargo clippy \
-        --workspace \
-        --locked \
-        --profile test \
-        --no-default-features \
-        --color=always \
-        -- \
-        -D warnings
-"""
-
-[[task]]
-name = "clippy/other-features"
-group = "lints"
-script = """
-direnv exec . \
-cargo clippy \
-    --workspace \
-    --locked \
-    --profile test \
-    --no-default-features \
-    --features=console,systemd,element_hacks,direct_tls,perf_measurements,brotli_compression,blurhashing \
-    --color=always \
-    -- \
-    -D warnings
-"""
-
-[[task]]
-name = "lychee"
-group = "lints"
-script = "lychee --verbose --offline docs *.md --exclude development.md --exclude contributing.md --exclude testing.md"
-
-[[task]]
-name = "markdownlint"
-group = "lints"
-script = "markdownlint docs *.md || true" # TODO: fix the ton of markdown lints so we can drop `|| true`
-
-[[task]]
-name = "cargo/all"
-group = "tests"
-script = """
-env DIRENV_DEVSHELL=all-features \
-    direnv exec . \
-    cargo test \
-        --workspace \
-        --locked \
-        --profile test \
-        --all-targets \
-        --no-fail-fast \
-        --all-features \
-        --color=always \
-        -- \
-        --color=always
-"""
-
-[[task]]
-name = "cargo/default"
-group = "tests"
-script = """
-env DIRENV_DEVSHELL=default \
-    direnv exec . \
-    cargo test \
-        --workspace \
-        --locked \
-        --profile test \
-        --all-targets \
-        --no-fail-fast \
-        --color=always \
-        -- \
-        --color=always
-"""
-
-[[task]]
-name = "cargo/no-features"
-group = "tests"
-script = """
-env DIRENV_DEVSHELL=no-features \
-    direnv exec . \
-    cargo test \
-        --workspace \
-        --locked \
-        --profile test \
-        --all-targets \
-        --no-fail-fast \
-        --no-default-features \
-        --color=always \
-        -- \
-        --color=always
-"""
-
-# Checks if the generated example config differs from the checked in repo's
-# example config.
-[[task]]
-name = "example-config"
-group = "tests"
-depends = ["cargo/default"]
-script = """
-git diff --exit-code conduwuit-example.toml
-"""
-
-# Ensure that the flake's default output can build and run without crashing
-#
-# This is a dynamically-linked jemalloc build, which is a case not covered by
-# our other tests. We've had linking problems in the past with dynamic
-# jemalloc builds that usually show up as an immediate segfault or "invalid free"
-[[task]]
-name = "nix-default"
-group = "tests"
-script = """
-env DIRENV_DEVSHELL=dynamic \
-    CARGO_PROFILE="test" \
-    direnv exec . \
-    bin/nix-build-and-cache just .#default-test
-env DIRENV_DEVSHELL=dynamic \
-    CARGO_PROFILE="test" \
-    direnv exec . \
-    nix run -L .#default-test -- --help && nix run -L .#default-test -- --version
-"""
@@ -1,634 +0,0 @@
-{
-  "nodes": {
-    "attic": {
-      "inputs": {
-        "crane": "crane",
-        "flake-compat": "flake-compat",
-        "flake-parts": "flake-parts",
-        "nix-github-actions": "nix-github-actions",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1731270564,
-        "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
-        "owner": "zhaofengli",
-        "repo": "attic",
-        "rev": "47752427561f1c34debb16728a210d378f0ece36",
-        "type": "github"
-      },
-      "original": {
-        "owner": "zhaofengli",
-        "ref": "main",
-        "repo": "attic",
-        "type": "github"
-      }
-    },
-    "cachix": {
-      "inputs": {
-        "devenv": "devenv",
-        "flake-compat": "flake-compat_2",
-        "git-hooks": "git-hooks",
-        "nixpkgs": "nixpkgs_4"
-      },
-      "locked": {
-        "lastModified": 1737621947,
-        "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
-        "owner": "cachix",
-        "repo": "cachix",
-        "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "ref": "master",
-        "repo": "cachix",
-        "type": "github"
-      }
-    },
-    "cachix_2": {
-      "inputs": {
-        "devenv": [
-          "cachix",
-          "devenv"
-        ],
-        "flake-compat": [
-          "cachix",
-          "devenv"
-        ],
-        "git-hooks": [
-          "cachix",
-          "devenv"
-        ],
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "lastModified": 1728672398,
-        "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
-        "owner": "cachix",
-        "repo": "cachix",
-        "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "ref": "latest",
-        "repo": "cachix",
-        "type": "github"
-      }
-    },
-    "complement": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1734303596,
-        "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=",
-        "owner": "girlbossceo",
-        "repo": "complement",
-        "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "girlbossceo",
-        "ref": "main",
-        "repo": "complement",
-        "type": "github"
-      }
-    },
-    "crane": {
-      "inputs": {
-        "nixpkgs": [
-          "attic",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1722960479,
-        "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
-        "owner": "ipetkov",
-        "repo": "crane",
-        "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ipetkov",
-        "repo": "crane",
-        "type": "github"
-      }
-    },
-    "crane_2": {
-      "locked": {
-        "lastModified": 1737689766,
-        "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=",
-        "owner": "ipetkov",
-        "repo": "crane",
-        "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ipetkov",
-        "ref": "master",
-        "repo": "crane",
-        "type": "github"
-      }
-    },
-    "devenv": {
-      "inputs": {
-        "cachix": "cachix_2",
-        "flake-compat": [
-          "cachix",
-          "flake-compat"
-        ],
-        "git-hooks": [
-          "cachix",
-          "git-hooks"
-        ],
-        "nix": "nix",
-        "nixpkgs": [
-          "cachix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1733323168,
-        "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
-        "owner": "cachix",
-        "repo": "devenv",
-        "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "devenv",
-        "type": "github"
-      }
-    },
-    "fenix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "rust-analyzer-src": "rust-analyzer-src"
-      },
-      "locked": {
-        "lastModified": 1737786656,
-        "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=",
-        "owner": "nix-community",
-        "repo": "fenix",
-        "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "main",
-        "repo": "fenix",
-        "type": "github"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1733328505,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_3": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1733328505,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "ref": "master",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-parts": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "attic",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1722555600,
-        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "flake-parts_2": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "cachix",
-          "devenv",
-          "nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1712014858,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "ref": "main",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "git-hooks": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "flake-compat"
-        ],
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "cachix",
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable_2"
-      },
-      "locked": {
-        "lastModified": 1733318908,
-        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "cachix",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
-    "libgit2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1697646580,
-        "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
-        "owner": "libgit2",
-        "repo": "libgit2",
-        "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "libgit2",
-        "repo": "libgit2",
-        "type": "github"
-      }
-    },
-    "liburing": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1737600516,
-        "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=",
-        "owner": "axboe",
-        "repo": "liburing",
-        "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681",
-        "type": "github"
-      },
-      "original": {
-        "owner": "axboe",
-        "ref": "master",
-        "repo": "liburing",
-        "type": "github"
-      }
-    },
-    "nix": {
-      "inputs": {
-        "flake-compat": [
-          "cachix",
-          "devenv"
-        ],
-        "flake-parts": "flake-parts_2",
-        "libgit2": "libgit2",
-        "nixpkgs": "nixpkgs_3",
-        "nixpkgs-23-11": [
-          "cachix",
-          "devenv"
-        ],
-        "nixpkgs-regression": [
-          "cachix",
-          "devenv"
-        ],
-        "pre-commit-hooks": [
-          "cachix",
-          "devenv"
-        ]
-      },
-      "locked": {
-        "lastModified": 1727438425,
-        "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
-        "owner": "domenkozar",
-        "repo": "nix",
-        "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
-        "type": "github"
-      },
-      "original": {
-        "owner": "domenkozar",
-        "ref": "devenv-2.24",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
-    "nix-filter": {
-      "locked": {
-        "lastModified": 1731533336,
-        "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
-        "owner": "numtide",
-        "repo": "nix-filter",
-        "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "ref": "main",
-        "repo": "nix-filter",
-        "type": "github"
-      }
-    },
-    "nix-github-actions": {
-      "inputs": {
-        "nixpkgs": [
-          "attic",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729742964,
-        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1726042813,
-        "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1724316499,
-        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1730741070,
-        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1730531603,
-        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1717432640,
-        "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1733212471,
-        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
-      "locked": {
-        "lastModified": 1737717945,
-        "narHash": "sha256-ET91TMkab3PmOZnqiJQYOtSGvSTvGeHoegAv4zcTefM=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "ecd26a469ac56357fd333946a99086e992452b6a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "rocksdb": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1737828695,
-        "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=",
-        "owner": "girlbossceo",
-        "repo": "rocksdb",
-        "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "girlbossceo",
-        "ref": "v9.9.3",
-        "repo": "rocksdb",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "attic": "attic",
-        "cachix": "cachix",
-        "complement": "complement",
-        "crane": "crane_2",
-        "fenix": "fenix",
-        "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils",
-        "liburing": "liburing",
-        "nix-filter": "nix-filter",
-        "nixpkgs": "nixpkgs_5",
-        "rocksdb": "rocksdb"
-      }
-    },
-    "rust-analyzer-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1737728869,
-        "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=",
-        "owner": "rust-lang",
-        "repo": "rust-analyzer",
-        "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636",
-        "type": "github"
-      },
-      "original": {
-        "owner": "rust-lang",
-        "ref": "nightly",
-        "repo": "rust-analyzer",
-        "type": "github"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
@@ -1,570 +0,0 @@
-{
-  inputs = {
-    attic.url = "github:zhaofengli/attic?ref=main";
-    cachix.url = "github:cachix/cachix?ref=master";
-    complement = { url = "github:girlbossceo/complement?ref=main"; flake = false; };
-    crane = { url = "github:ipetkov/crane?ref=master"; };
-    fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; };
-    flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; };
-    flake-utils.url = "github:numtide/flake-utils?ref=main";
-    nix-filter.url = "github:numtide/nix-filter?ref=main";
-    nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable";
-    rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.9.3"; flake = false; };
-    liburing = { url = "github:axboe/liburing?ref=master"; flake = false; };
-  };
-
-  outputs = inputs:
-    inputs.flake-utils.lib.eachDefaultSystem (system:
-    let
-      pkgsHost = import inputs.nixpkgs{
-        inherit system;
-      };
-      pkgsHostStatic = pkgsHost.pkgsStatic;
-
-      # The Rust toolchain to use
-      toolchain = inputs.fenix.packages.${system}.fromToolchainFile {
-        file = ./rust-toolchain.toml;
-
-        # See also `rust-toolchain.toml`
-        sha256 = "sha256-lMLAupxng4Fd9F1oDw8gx+qA0RuF7ou7xhNU8wgs0PU=";
-      };
-
-      mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {
-        inherit pkgs;
-        book = self.callPackage ./nix/pkgs/book {};
-        complement = self.callPackage ./nix/pkgs/complement {};
-        craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain));
-        inherit inputs;
-        main = self.callPackage ./nix/pkgs/main {};
-        oci-image = self.callPackage ./nix/pkgs/oci-image {};
-        tini = pkgs.tini.overrideAttrs {
-            # newer clang/gcc is unhappy with tini-static: <https://3.dog/~strawberry/pb/c8y4>
-            patches = [ (pkgs.fetchpatch {
-                url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch";
-                hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k=";
-              })
-            ];
-        };
-        liburing = pkgs.liburing.overrideAttrs {
-          # Tests weren't building
-          outputs = [ "out" "dev" "man" ];
-          buildFlags = [ "library" ];
-          src = inputs.liburing;
-        };
-        rocksdb = (pkgs.rocksdb.override {
-          liburing = self.liburing;
-        }).overrideAttrs (old: {
-          src = inputs.rocksdb;
-          version = pkgs.lib.removePrefix
-            "v"
-            (builtins.fromJSON (builtins.readFile ./flake.lock))
-              .nodes.rocksdb.original.ref;
-          # we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
-          # unsetting this so i don't have to revert it and make this nix exclusive
-          patches = [];
-          cmakeFlags = pkgs.lib.subtractLists
-            [
-              # no real reason to have snappy, no one uses this
-              "-DWITH_SNAPPY=1"
-              # we dont need to use ldb or sst_dump (core_tools)
-              "-DWITH_CORE_TOOLS=1"
-              # we dont need to build rocksdb tests
-              "-DWITH_TESTS=1"
-              # we use rust-rocksdb via C interface and dont need C++ RTTI
-              "-DUSE_RTTI=1"
-              # this doesn't exist in RocksDB, and USE_SSE is deprecated for
-              # PORTABLE=$(march)
-              "-DFORCE_SSE42=1"
-              # PORTABLE will get set in main/default.nix
-              "-DPORTABLE=1"
-            ]
-            old.cmakeFlags
-            ++ [
-              # no real reason to have snappy, no one uses this
-              "-DWITH_SNAPPY=0"
-              # we dont need to use ldb or sst_dump (core_tools)
-              "-DWITH_CORE_TOOLS=0"
-              # we dont need trace tools
-              "-DWITH_TRACE_TOOLS=0"
-              # we dont need to build rocksdb tests
-              "-DWITH_TESTS=0"
-              # we use rust-rocksdb via C interface and dont need C++ RTTI
-              "-DUSE_RTTI=0"
-            ];
-
-          # outputs has "tools" which we dont need or use
-          outputs = [ "out" ];
-
-          # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
-          preInstall = "";
-        });
-      });
-
-      scopeHost = mkScope pkgsHost;
-      scopeHostStatic = mkScope pkgsHostStatic;
-      scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic;
-      mkCrossScope = crossSystem:
-        let pkgsCrossStatic = (import inputs.nixpkgs {
-          inherit system;
-          crossSystem = {
-           config = crossSystem;
-          };
-        }).pkgsStatic;
-         in
-        mkScope pkgsCrossStatic;
-
-      mkDevShell = scope: scope.pkgs.mkShell {
-        env = scope.main.env // {
-          # Rust Analyzer needs to be able to find the path to default crate
-          # sources, and it can read this environment variable to do so. The
-          # `rust-src` component is required in order for this to work.
-          RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";
-
-          # Convenient way to access a pinned version of Complement's source
-          # code.
-          COMPLEMENT_SRC = inputs.complement.outPath;
-
-          # Needed for Complement: <https://github.com/golang/go/issues/52690>
-          CGO_CFLAGS = "-Wl,--no-gc-sections";
-          CGO_LDFLAGS = "-Wl,--no-gc-sections";
-        };
-
-        # Development tools
-        packages = [
-          # Always use nightly rustfmt because most of its options are unstable
-          #
-          # This needs to come before `toolchain` in this list, otherwise
-          # `$PATH` will have stable rustfmt instead.
-          inputs.fenix.packages.${system}.latest.rustfmt
-
-          toolchain
-        ]
-        ++ (with pkgsHost.pkgs; [
-          engage
-          cargo-audit
-
-          # Required by hardened-malloc.rs dep
-          binutils
-
-          # Needed for producing Debian packages
-          cargo-deb
-
-          # Needed for CI to check validity of produced Debian packages (dpkg-deb)
-          dpkg
-
-          # Needed for Complement
-          go
-
-          # Needed for our script for Complement
-          jq
-
-          # Needed for finding broken markdown links
-          lychee
-
-          # Needed for linting markdown files
-          markdownlint-cli
-
-          # Useful for editing the book locally
-          mdbook
-
-          # used for rust caching in CI to speed it up
-          sccache
-        ]
-        # liburing is Linux-exclusive
-        ++ lib.optional stdenv.hostPlatform.isLinux liburing)
-        ++ scope.main.buildInputs
-        ++ scope.main.propagatedBuildInputs
-        ++ scope.main.nativeBuildInputs;
-      };
-    in
-    {
-      packages = {
-        default = scopeHost.main.override {
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # jemalloc profiling/stats features are expensive and shouldn't
-                # be expected on non-debug builds.
-                "jemalloc_prof"
-                "jemalloc_stats"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        default-debug = scopeHost.main.override {
-            profile = "dev";
-            # debug build users expect full logs
-            disable_release_max_log_level = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        # just a test profile used for things like CI and complement
-        default-test = scopeHost.main.override {
-            profile = "test";
-            disable_release_max_log_level = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        all-features = scopeHost.main.override {
-            all_features = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # jemalloc profiling/stats features are expensive and shouldn't
-                # be expected on non-debug builds.
-                "jemalloc_prof"
-                "jemalloc_stats"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        all-features-debug = scopeHost.main.override {
-            profile = "dev";
-            all_features = true;
-            # debug build users expect full logs
-            disable_release_max_log_level = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        hmalloc = scopeHost.main.override { features = ["hardened_malloc"]; };
-
-        oci-image = scopeHost.oci-image;
-        oci-image-all-features = scopeHost.oci-image.override {
-          main = scopeHost.main.override {
-            all_features = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # jemalloc profiling/stats features are expensive and shouldn't
-                # be expected on non-debug builds.
-                "jemalloc_prof"
-                "jemalloc_stats"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-          };
-        };
-        oci-image-all-features-debug = scopeHost.oci-image.override {
-          main = scopeHost.main.override {
-            profile = "dev";
-            all_features = true;
-            # debug build users expect full logs
-            disable_release_max_log_level = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-          };
-        };
-        oci-image-hmalloc = scopeHost.oci-image.override {
-          main = scopeHost.main.override {
-            features = ["hardened_malloc"];
-          };
-        };
-
-        book = scopeHost.book;
-
-        complement = scopeHost.complement;
-        static-complement = scopeHostStatic.complement;
-        # macOS containers don't exist, so the complement images must be forced to linux
-        linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement;
-      }
-      //
-      builtins.listToAttrs
-        (builtins.concatLists
-          (builtins.map
-            (crossSystem:
-              let
-                binaryName = "static-${crossSystem}";
-                scopeCrossStatic = mkCrossScope crossSystem;
-              in
-              [
-                # An output for a statically-linked binary
-                {
-                  name = binaryName;
-                  value = scopeCrossStatic.main;
-                }
-
-                # An output for a statically-linked binary with x86_64 haswell
-                # target optimisations
-                {
-                  name = "${binaryName}-x86_64-haswell-optimised";
-                  value = scopeCrossStatic.main.override {
-                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
-                  };
-                }
-
-                # An output for a statically-linked unstripped debug ("dev") binary
-                {
-                  name = "${binaryName}-debug";
-                  value = scopeCrossStatic.main.override {
-                    profile = "dev";
-                    # debug build users expect full logs
-                    disable_release_max_log_level = true;
-                  };
-                }
-
-                # An output for a statically-linked unstripped debug binary with the
-                # "test" profile (for CI usage only)
-                {
-                  name = "${binaryName}-test";
-                  value = scopeCrossStatic.main.override {
-                    profile = "test";
-                    disable_release_max_log_level = true;
-                    disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                    ];
-                  };
-                }
-
-                # An output for a statically-linked binary with `--all-features`
-                {
-                  name = "${binaryName}-all-features";
-                  value = scopeCrossStatic.main.override {
-                    all_features = true;
-                    disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # jemalloc profiling/stats features are expensive and shouldn't
-                        # be expected on non-debug builds.
-                        "jemalloc_prof"
-                        "jemalloc_stats"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                    ];
-                  };
-                }
-
-                # An output for a statically-linked binary with `--all-features` and with x86_64 haswell
-                # target optimisations
-                {
-                  name = "${binaryName}-all-features-x86_64-haswell-optimised";
-                  value = scopeCrossStatic.main.override {
-                    all_features = true;
-                    disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # jemalloc profiling/stats features are expensive and shouldn't
-                        # be expected on non-debug builds.
-                        "jemalloc_prof"
-                        "jemalloc_stats"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                    ];
-                    x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
-                  };
-                }
-
-                # An output for a statically-linked unstripped debug ("dev") binary with `--all-features`
-                {
-                  name = "${binaryName}-all-features-debug";
-                  value = scopeCrossStatic.main.override {
-                    profile = "dev";
-                    all_features = true;
-                    # debug build users expect full logs
-                    disable_release_max_log_level = true;
-                    disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                    ];
-                  };
-                }
-
-                # An output for a statically-linked binary with hardened_malloc
-                {
-                  name = "${binaryName}-hmalloc";
-                  value = scopeCrossStatic.main.override {
-                    features = ["hardened_malloc"];
-                  };
-                }
-
-                # An output for an OCI image based on that binary
-                {
-                  name = "oci-image-${crossSystem}";
-                  value = scopeCrossStatic.oci-image;
-                }
-
-                # An output for an OCI image based on that binary with x86_64 haswell
-                # target optimisations
-                {
-                  name = "oci-image-${crossSystem}-x86_64-haswell-optimised";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that unstripped debug ("dev") binary
-                {
-                  name = "oci-image-${crossSystem}-debug";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                        profile = "dev";
-                        # debug build users expect full logs
-                        disable_release_max_log_level = true;
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that binary with `--all-features`
-                {
-                  name = "oci-image-${crossSystem}-all-features";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      all_features = true;
-                      disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # jemalloc profiling/stats features are expensive and shouldn't
-                        # be expected on non-debug builds.
-                        "jemalloc_prof"
-                        "jemalloc_stats"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                      ];
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell
-                # target optimisations
-                {
-                  name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      all_features = true;
-                      disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # jemalloc profiling/stats features are expensive and shouldn't
-                        # be expected on non-debug builds.
-                        "jemalloc_prof"
-                        "jemalloc_stats"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                      ];
-                      x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false);
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features`
-                {
-                  name = "oci-image-${crossSystem}-all-features-debug";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      profile = "dev";
-                      all_features = true;
-                      # debug build users expect full logs
-                      disable_release_max_log_level = true;
-                      disable_features = [
-                        # dont include experimental features
-                        "experimental"
-                        # this is non-functional on nix for some reason
-                        "hardened_malloc"
-                        # conduwuit_mods is a development-only hot reload feature
-                        "conduwuit_mods"
-                      ];
-                    };
-                  };
-                }
-
-                # An output for an OCI image based on that binary with hardened_malloc
-                {
-                  name = "oci-image-${crossSystem}-hmalloc";
-                  value = scopeCrossStatic.oci-image.override {
-                    main = scopeCrossStatic.main.override {
-                      features = ["hardened_malloc"];
-                    };
-                  };
-                }
-
-                # An output for a complement OCI image for the specified platform
-                {
-                  name = "complement-${crossSystem}";
-                  value = scopeCrossStatic.complement;
-                }
-              ]
-            )
-            [
-              #"x86_64-apple-darwin"
-              #"aarch64-apple-darwin"
-              "x86_64-linux-gnu"
-              "x86_64-linux-musl"
-              "aarch64-linux-musl"
-            ]
-          )
-        );
-
-      devShells.default = mkDevShell scopeHostStatic;
-      devShells.all-features = mkDevShell
-        (scopeHostStatic.overrideScope (final: prev: {
-          main = prev.main.override {
-            all_features = true;
-            disable_features = [
-                # dont include experimental features
-                "experimental"
-                # jemalloc profiling/stats features are expensive and shouldn't
-                # be expected on non-debug builds.
-                "jemalloc_prof"
-                "jemalloc_stats"
-                # this is non-functional on nix for some reason
-                "hardened_malloc"
-                # conduwuit_mods is a development-only hot reload feature
-                "conduwuit_mods"
-            ];
-        };
-        }));
-      devShells.no-features = mkDevShell
-        (scopeHostStatic.overrideScope (final: prev: {
-          main = prev.main.override { default_features = false; };
-        }));
-      devShells.dynamic = mkDevShell scopeHost;
-    });
-}
@@ -0,0 +1,2 @@
+podman build -t misc-webserver -f "Dockerfile"
+podman save --format oci-archive localhost/misc-webserver:latest | gzip | ssh fedora@213.32.25.24 -T "zcat | sudo podman load"
@@ -1,36 +0,0 @@
-{ inputs
-
-# Dependencies
-, main
-, mdbook
-, stdenv
-}:
-
-stdenv.mkDerivation {
-  inherit (main) pname version;
-
-  src = inputs.nix-filter {
-    root = inputs.self;
-    include = [
-      "book.toml"
-      "conduwuit-example.toml"
-      "CODE_OF_CONDUCT.md"
-      "CONTRIBUTING.md"
-      "README.md"
-      "development.md"
-      "debian/conduwuit.service"
-      "debian/README.md"
-      "arch/conduwuit.service"
-      "docs"
-      "theme"
-    ];
-  };
-
-  nativeBuildInputs = [
-    mdbook
-  ];
-
-  buildPhase = ''
-    mdbook build -d $out
-  '';
-}
@@ -1,50 +0,0 @@
-[global]
-address = "0.0.0.0"
-allow_device_name_federation = true
-allow_guest_registration = true
-allow_public_room_directory_over_federation = true
-allow_public_room_directory_without_auth = true
-allow_registration = true
-database_path = "/database"
-log = "trace,h2=warn,hyper=warn"
-port = [8008, 8448]
-trusted_servers = []
-only_query_trusted_key_servers = false
-query_trusted_key_servers_first = false
-query_trusted_key_servers_first_on_join = false
-yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
-ip_range_denylist = []
-url_preview_domain_contains_allowlist = ["*"]
-url_preview_domain_explicit_denylist = ["*"]
-media_compat_file_link = false
-media_startup_check = true
-prune_missing_media = true
-log_colors = false
-admin_room_notices = false
-allow_check_for_updates = false
-intentionally_unknown_config_option_for_testing = true
-rocksdb_log_level = "debug"
-rocksdb_max_log_files = 1
-rocksdb_recovery_mode = 0
-rocksdb_paranoid_file_checks = true
-log_guest_registrations = false
-allow_legacy_media = true
-startup_netburst = true
-startup_netburst_keep = -1
-
-# valgrind makes things so slow
-dns_timeout = 60
-dns_attempts = 20
-request_conn_timeout = 60
-request_timeout = 120
-well_known_conn_timeout = 60
-well_known_timeout = 60
-federation_idle_timeout = 300
-sender_timeout = 300
-sender_idle_timeout = 300
-sender_retry_backoff_limit = 300
-
-[global.tls]
-certs = "/certificate.crt"
-dual_protocol = true
-key = "/private_key.key"
@@ -1,112 +0,0 @@
-# Dependencies
-{ bashInteractive
-, buildEnv
-, coreutils
-, dockerTools
-, gawk
-, lib
-, main
-, openssl
-, stdenv
-, tini
-, writeShellScriptBin
-}:
-
-let
-  main' = main.override {
-    profile = "test";
-    all_features = true;
-    disable_release_max_log_level = true;
-    disable_features = [
-        # console/CLI stuff isn't used or relevant for complement
-        "console"
-        "tokio_console"
-        # sentry telemetry isn't useful for complement, disabled by default anyways
-        "sentry_telemetry"
-        "perf_measurements"
-        # this is non-functional on nix for some reason
-        "hardened_malloc"
-        # dont include experimental features
-        "experimental"
-        # compression isn't needed for complement
-        "brotli_compression"
-        "gzip_compression"
-        "zstd_compression"
-        # complement doesn't need hot reloading
-        "conduwuit_mods"
-        # complement doesn't have URL preview media tests
-        "url_preview"
-    ];
-  };
-
-  start = writeShellScriptBin "start" ''
-    set -euxo pipefail
-
-    ${lib.getExe openssl} genrsa -out private_key.key 2048
-    ${lib.getExe openssl} req \
-      -new \
-      -sha256 \
-      -key private_key.key \
-      -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=$SERVER_NAME" \
-      -out signing_request.csr
-    cp ${./v3.ext} v3.ext
-    echo "DNS.1 = $SERVER_NAME" >> v3.ext
-    echo "IP.1 = $(${lib.getExe gawk} 'END{print $1}' /etc/hosts)" \
-      >> v3.ext
-    ${lib.getExe openssl} x509 \
-      -req \
-      -extfile v3.ext \
-      -in signing_request.csr \
-      -CA /complement/ca/ca.crt \
-      -CAkey /complement/ca/ca.key \
-      -CAcreateserial \
-      -out certificate.crt \
-      -days 1 \
-      -sha256
-
-    ${lib.getExe' coreutils "env"} \
-      CONDUWUIT_SERVER_NAME="$SERVER_NAME" \
-      ${lib.getExe main'}
-  '';
-in
-
-dockerTools.buildImage {
-  name = "complement-conduwuit";
-  tag = "main";
-
-  copyToRoot = buildEnv {
-    name = "root";
-    pathsToLink = [
-      "/bin"
-    ];
-    paths = [
-      bashInteractive
-      coreutils
-      main'
-      start
-    ];
-  };
-
-  config = {
-    Cmd = [
-      "${lib.getExe start}"
-    ];
-
-    Entrypoint = if !stdenv.hostPlatform.isDarwin
-      # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
-      # are handled as expected
-      then [ "${lib.getExe' tini "tini"}" "--" ]
-      else [];
-
-    Env = [
-      "SSL_CERT_FILE=/complement/ca/ca.crt"
-      "CONDUWUIT_CONFIG=${./config.toml}"
-      "RUST_BACKTRACE=full"
-    ];
-
-    ExposedPorts = {
-      "8008/tcp" = {};
-      "8448/tcp" = {};
-    };
-  };
-}
@@ -1,6 +0,0 @@
-authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
@@ -1,87 +0,0 @@
-{ lib
-, pkgsBuildHost
-, rust
-, stdenv
-}:
-
-lib.optionalAttrs stdenv.hostPlatform.isStatic {
-  ROCKSDB_STATIC = "";
-}
-//
-{
-  CARGO_BUILD_RUSTFLAGS =
-    lib.concatStringsSep
-      " "
-      ([]
-        # This disables PIE for static builds, which isn't great in terms
-        # of security. Unfortunately, my hand is forced because nixpkgs'
-        # `libstdc++.a` is built without `-fPIE`, which precludes us from
-        # leaving PIE enabled.
-        ++ lib.optionals
-          stdenv.hostPlatform.isStatic
-          [ "-C" "relocation-model=static" ]
-        ++ lib.optionals
-          (stdenv.buildPlatform.config != stdenv.hostPlatform.config)
-          [
-            "-l"
-            "c"
-
-            "-l"
-            "stdc++"
-
-            "-L"
-            "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib"
-          ]
-      );
-}
-
-# What follows is stolen from [here][0]. Its purpose is to properly
-# configure compilers and linkers for various stages of the build, and
-# even covers the case of build scripts that need native code compiled and
-# run on the build platform (I think).
-#
-# [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68
-//
-(
-  let
-    inherit (rust.lib) envVars;
-  in
-  lib.optionalAttrs
-    (stdenv.targetPlatform.rust.rustcTarget
-      != stdenv.hostPlatform.rust.rustcTarget)
-    (
-      let
-        inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget;
-      in
-      {
-        "CC_${cargoEnvVarTarget}" = envVars.ccForTarget;
-        "CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget;
-        "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget;
-      }
-    )
-  //
-  (
-    let
-      inherit (stdenv.hostPlatform.rust) cargoEnvVarTarget rustcTarget;
-    in
-    {
-      "CC_${cargoEnvVarTarget}" = envVars.ccForHost;
-      "CXX_${cargoEnvVarTarget}" = envVars.cxxForHost;
-      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForHost;
-      CARGO_BUILD_TARGET = rustcTarget;
-    }
-  )
-  //
-  (
-    let
-      inherit (stdenv.buildPlatform.rust) cargoEnvVarTarget;
-    in
-    {
-      "CC_${cargoEnvVarTarget}" = envVars.ccForBuild;
-      "CXX_${cargoEnvVarTarget}" = envVars.cxxForBuild;
-      "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForBuild;
-      HOST_CC = "${pkgsBuildHost.stdenv.cc}/bin/cc";
-      HOST_CXX = "${pkgsBuildHost.stdenv.cc}/bin/c++";
-    }
-  )
-)
@@ -1,232 +0,0 @@
-# Dependencies (keep sorted)
-{ craneLib
-, inputs
-, jq
-, lib
-, libiconv
-, liburing
-, pkgsBuildHost
-, rocksdb
-, removeReferencesTo
-, rust
-, rust-jemalloc-sys
-, stdenv
-
-# Options (keep sorted)
-, all_features ? false
-, default_features ? true
-# default list of disabled features
-, disable_features ? [
-  # dont include experimental features
-  "experimental"
-  # jemalloc profiling/stats features are expensive and shouldn't
-  # be expected on non-debug builds.
-  "jemalloc_prof"
-  "jemalloc_stats"
-  # this is non-functional on nix for some reason
-  "hardened_malloc"
-  # conduwuit_mods is a development-only hot reload feature
-  "conduwuit_mods"
-]
-, disable_release_max_log_level ? false
-, features ? []
-, profile ? "release"
-# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
-# haswell is pretty much any x86 cpu made in the last 12 years, and
-# supports modern CPU extensions that rocksdb can make use of.
-# disable if trying to make a portable x86_64 build for very old hardware
-, x86_64_haswell_target_optimised ? false
-}:
-
-let
-# We perform default-feature unification in nix, because some of the dependencies
-# on the nix side depend on feature values.
-crateFeatures = path:
-  let manifest = lib.importTOML "${path}/Cargo.toml"; in
-  lib.remove "default" (lib.attrNames manifest.features);
-crateDefaultFeatures = path:
-  (lib.importTOML "${path}/Cargo.toml").features.default;
-allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main";
-allFeatures = crateFeatures "${inputs.self}/src/main";
-features' = lib.unique
-  (features ++
-    lib.optionals default_features allDefaultFeatures ++
-    lib.optionals all_features allFeatures);
-disable_features' = disable_features ++ lib.optionals disable_release_max_log_level ["release_max_log_level"];
-features'' = lib.subtractLists disable_features' features';
-
-featureEnabled = feature : builtins.elem feature features'';
-
-enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin;
-
-# This derivation will set the JEMALLOC_OVERRIDE variable, causing the
-# tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's
-# own. In order for this to work, we need to set flags on the build that match
-# whatever flags tikv-jemalloc-sys was going to use. These are dependent on
-# which features we enable in tikv-jemalloc-sys.
-rust-jemalloc-sys' = (rust-jemalloc-sys.override {
-  # tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature
-  unprefixed = true;
-}).overrideAttrs (old: {
-  configureFlags = old.configureFlags ++
-    # we dont need docs
-    [ "--disable-doc" ] ++
-    # we dont need cxx/C++ integration
-    [ "--disable-cxx" ] ++
-    # tikv-jemalloc-sys/profiling feature
-    lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" ++
-    # tikv-jemalloc-sys/stats feature
-    (if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]);
-});
-
-buildDepsOnlyEnv =
-  let
-    rocksdb' = (rocksdb.override {
-      jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
-      # rocksdb fails to build with prefixed jemalloc, which is required on
-      # darwin due to [1]. In this case, fall back to building rocksdb with
-      # libc malloc. This should not cause conflicts, because all of the
-      # jemalloc symbols are prefixed.
-      #
-      # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17
-      enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin;
-
-      # for some reason enableLiburing in nixpkgs rocksdb is default true
-      # which breaks Darwin entirely
-      enableLiburing = enableLiburing;
-    }).overrideAttrs (old: {
-      enableLiburing = enableLiburing;
-      cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [
-        # dont make a portable build if x86_64_haswell_target_optimised is enabled
-        "-DPORTABLE=1"
-      ] old.cmakeFlags
-      ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
-      )
-      ++ old.cmakeFlags;
-
-      # outputs has "tools" which we dont need or use
-      outputs = [ "out" ];
-
-      # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
-      preInstall = "";
-    });
-  in
-  {
-    # https://crane.dev/faq/rebuilds-bindgen.html
-    NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
-
-    CARGO_PROFILE = profile;
-    ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include";
-    ROCKSDB_LIB_DIR = "${rocksdb'}/lib";
-  }
-  //
-  (import ./cross-compilation-env.nix {
-    # Keep sorted
-    inherit
-      lib
-      pkgsBuildHost
-      rust
-      stdenv;
-  });
-
-buildPackageEnv = {
-  CONDUWUIT_VERSION_EXTRA = inputs.self.shortRev or inputs.self.dirtyShortRev or "";
-} // buildDepsOnlyEnv // {
-  # Only needed in static stdenv because these are transitive dependencies of rocksdb
-  CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS
-    + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic)
-      " -L${lib.getLib liburing}/lib -luring"
-    + lib.optionalString x86_64_haswell_target_optimised
-      " -Ctarget-cpu=haswell";
-};
-
-
-
-commonAttrs = {
-  inherit
-    (craneLib.crateNameFromCargoToml {
-      cargoToml = "${inputs.self}/Cargo.toml";
-    })
-    pname
-    version;
-
-    src = let filter = inputs.nix-filter.lib; in filter {
-      root = inputs.self;
-
-      # Keep sorted
-      include = [
-        "Cargo.lock"
-        "Cargo.toml"
-        "deps"
-        "src"
-      ];
-    };
-
-    # This is redundant with CI
-    doCheck = false;
-
-    cargoTestCommand = "cargo test --locked ";
-    cargoExtraArgs = "--no-default-features --locked "
-      + lib.optionalString
-        (features'' != [])
-        "--features " + (builtins.concatStringsSep "," features'');
-    cargoTestExtraArgs = "--no-default-features --locked "
-      + lib.optionalString
-        (features'' != [])
-        "--features " + (builtins.concatStringsSep "," features'');
-
-    dontStrip = profile == "dev" || profile == "test";
-    dontPatchELF = profile == "dev" || profile == "test";
-
-    buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'
-    # needed to build Rust applications on macOS
-    ++ lib.optionals stdenv.hostPlatform.isDarwin [
-        # https://github.com/NixOS/nixpkgs/issues/206242
-        # ld: library not found for -liconv
-        libiconv
-        # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
-        # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
-        pkgsBuildHost.darwin.apple_sdk.frameworks.Security
-      ];
-
-    nativeBuildInputs = [
-      # bindgen needs the build platform's libclang. Apparently due to "splicing
-      # weirdness", pkgs.rustPlatform.bindgenHook on its own doesn't quite do the
-      # right thing here.
-      pkgsBuildHost.rustPlatform.bindgenHook
-
-      # We don't actually depend on `jq`, but crane's `buildPackage` does, but
-      # its `buildDepsOnly` doesn't. This causes those two derivations to have
-      # differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious
-      # rebuilds of bindgen and its depedents.
-      jq
-  ];
- };
-in
-
-craneLib.buildPackage ( commonAttrs // {
-  cargoArtifacts = craneLib.buildDepsOnly (commonAttrs // {
-    env = buildDepsOnlyEnv;
-  });
-
-  # This is redundant with CI
-  doCheck = false;
-
-  cargoTestCommand = "cargo test --locked ";
-  cargoExtraArgs = "--no-default-features --locked "
-    + lib.optionalString
-      (features'' != [])
-      "--features " + (builtins.concatStringsSep "," features'');
-  cargoTestExtraArgs = "--no-default-features --locked "
-    + lib.optionalString
-      (features'' != [])
-      "--features " + (builtins.concatStringsSep "," features'');
-
-  env = buildPackageEnv;
-
-  passthru = {
-    env = buildPackageEnv;
-  };
-
-  meta.mainProgram = commonAttrs.pname;
-})
@@ -1,46 +0,0 @@
-{ inputs
-
-# Dependencies
-, dockerTools
-, lib
-, main
-, stdenv
-, tini
-}:
-
-dockerTools.buildLayeredImage {
-  name = main.pname;
-  tag = "main";
-  created = "@${toString inputs.self.lastModified}";
-  contents = [
-    dockerTools.caCertificates
-    main
-  ];
-  config = {
-    Entrypoint = if !stdenv.hostPlatform.isDarwin
-      # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
-      # are handled as expected
-      then [ "${lib.getExe' tini "tini"}" "--" ]
-      else [];
-    Cmd = [
-      "${lib.getExe main}"
-    ];
-    Env = [
-      "RUST_BACKTRACE=full"
-    ];
-    Labels = {
-      "org.opencontainers.image.authors" = "June Clementine Strawberry <june@girlboss.ceo> and Jason Volk
-      <jason@zemos.net>";
-      "org.opencontainers.image.created" ="@${toString inputs.self.lastModified}";
-      "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust";
-      "org.opencontainers.image.documentation" = "https://conduwuit.puppyirl.gay/";
-      "org.opencontainers.image.licenses" = "Apache-2.0";
-      "org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or "";
-      "org.opencontainers.image.source" = "https://github.com/girlbossceo/conduwuit";
-      "org.opencontainers.image.title" = main.pname;
-      "org.opencontainers.image.url" = "https://conduwuit.puppyirl.gay/";
-      "org.opencontainers.image.vendor" = "girlbossceo";
-      "org.opencontainers.image.version" = main.version;
-    };
-  };
-}
@@ -0,0 +1,10 @@
+{
+    "name": "workspace-root",
+    "private": true,
+    "pnpm": {
+        "patchedDependencies": {
+            "mdsvex@0.11.2": "patches/mdsvex@0.11.2.patch"
+        }
+    },
+    "packageManager": "pnpm@9.0.6+sha512.f6d863130973207cb7a336d6b439a242a26ac8068077df530d6a86069419853dc1ffe64029ec594a9c505a3a410d19643c870aba6776330f5cfddcf10a9c1617"
+}
@@ -0,0 +1,2 @@
+dist
+node_modules
@@ -0,0 +1,43 @@
+{
+  "name": "remark-callouts",
+  "version": "1.0.0",
+  "description": "",
+  "type": "module",
+  "main": "dist/index.esm.js",
+  "exports": {
+    "import": "./dist/index.esm.js",
+    "require": "./dist/index.cjs.js",
+    "types": "./dist/index.d.ts"
+  },
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "rollup -c",
+    "prepublish": "rollup -c",
+    "dev": "rollup -c -w",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@rollup/plugin-typescript": "^11.1.6",
+    "@types/mdast": "^4.0.4",
+    "@types/node": "^20.14.2",
+    "@types/svg-parser": "^2.0.6",
+    "@types/trim": "^0.1.3",
+    "@types/unist": "^3.0.2",
+    "mdast": "^3.0.0",
+    "rollup": "^4.18.0",
+    "rollup-plugin-dts": "^6.1.1",
+    "unified": "^6.2.0"
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "mdast-util-from-markdown": "^1.3.1",
+    "svg-parser": "^2.0.4",
+    "trim": "^0.0.1",
+    "unist-util-visit": "^4.1.2"
+  }
+}
@@ -0,0 +1,20 @@
+// rollup.config.js
+import typescript from '@rollup/plugin-typescript';
+import { dts } from "rollup-plugin-dts";
+import pkg from './package.json' with { type: "json" };
+
+export default [
+    {
+        input: 'src/index.ts',
+        output: [
+            { file: pkg.exports.require, format: 'cjs' },
+            { file: pkg.exports.import, format: 'es' }
+        ],
+        plugins: [typescript()]
+    },
+    {
+        input: 'src/index.ts',
+        output: [{ file: pkg.exports.types, format: 'es' }],
+        plugins: [dts()],
+    }
+];
@@ -0,0 +1,324 @@
+import { visit } from "unist-util-visit";
+import { fromMarkdown } from "mdast-util-from-markdown";
+// @ts-ignore
+import type { Plugin } from "unified";
+import type { Node, Data, Parent } from "unist";
+import type { Blockquote, Heading, Text, BlockContent } from "mdast";
+import { parse } from "svg-parser";
+// import { calloutTypes } from "./calloutTypes";
+
+// escape regex special characters
+function escapeRegExp(s: string) {
+  return s.replace(new RegExp(`[-[\\]{}()*+?.\\\\^$|/]`, "g"), "\\$&");
+}
+
+import tok from "./tokeniseCallout"
+
+function trim(str: string){
+  return str.replace(/^\s*|\s*$/g, '');
+}
+
+export interface Config {
+    // classNameMaps: {
+    //   block: ClassNameMap;
+    //   title: ClassNameMap;
+    // };
+    // dataMaps: {
+    //   block: (data: Data) => Data;
+    //   title: (data: Data) => Data;
+    // };
+  //   types: { [index: string]: string | object };
+  }
+  
+  export const defaultConfig: Config = {
+    // classNameMaps: {
+    //   block: "callout",
+    //   title: "callout-title",
+    // },
+    // dataMaps: {
+    //   block: (data) => data,
+    //   title: (data) => data,
+    // },
+  //   types: { ...calloutTypes },
+  };
+  
+  type ClassNames = string | string[];
+  type ClassNameMap = ClassNames | ((title: string) => ClassNames);
+  function formatClassNameMap(gen: ClassNameMap) {
+    return (title: string) => {
+      const classNames = typeof gen == "function" ? gen(title) : gen;
+      return typeof classNames == "object" ? classNames.join(" ") : classNames;
+    };
+  }
+  
+export const callouts: Plugin = function (providedConfig?: Partial<Config>) {
+  const config: Config = { ...defaultConfig, ...providedConfig };
+//   const defaultKeywords: string = Object.keys(config.types)
+//     .map(escapeRegExp)
+//     .join("|");
+    // @ts-ignore
+  const Parser = this.Parser
+  const blockTokenizers = Parser.prototype.blockTokenizers
+  const blockMethods = Parser.prototype.blockMethods
+//   console.log(blockMethods, blockTokenizers)
+
+  
+  blockTokenizers.callout = tok
+//   console.log(blockTokenizers.blockquote.toString())
+  var insertPoint = blockMethods.indexOf('fencedCode') + 1
+  blockMethods.splice(insertPoint, 0, 'callout')
+  
+  // @ts-ignore
+  const Compiler = this.Compiler
+
+  if (Compiler != null) {
+    const visitors = Compiler.prototype.visitors
+    if (visitors) {
+      visitors.callout = function (node: { keyword: string; title: string; }) {
+        var values = this.block(node).split('\n');
+        var result = [];
+        var length = values.length;
+        var index = -1;
+        var value;
+      
+        while (++index < length) {
+          value = values[index];
+          result[index] = (value ? ' ' : '') + value;
+        }
+      
+        return '> [!'+node.keyword+'] ' + node.title + '\n' + result.join('\n>');
+      }
+    }
+  }
+//   return function (tree) {
+//     visit(tree, (node: Node, index, parent: Parent) => {
+//       // Filter required elems
+//       if (node.type !== "blockquote") return;
+
+//       /** add breaks to text without needing spaces or escapes (turns enters into <br>)
+//        *  code taken directly from remark-breaks,
+//        *  see https://github.com/remarkjs/remark-breaks for more info on what this does.
+//        */
+//     //   visit(node, "text", (node: Text, index: number, parent: Parent) => {
+//     //     const result = [];
+//     //     let start = 0;
+
+//     //     find.lastIndex = 0;
+
+//     //     let match = find.exec(node.value);
+
+//     //     while (match) {
+//     //       const position = match.index;
+
+//     //       if (start !== position) {
+//     //         result.push({
+//     //           type: "text",
+//     //           value: node.value.slice(start, position),
+//     //         });
+//     //       }
+
+//     //       result.push({ type: "break" });
+//     //       start = position + match[0].length;
+//     //       match = find.exec(node.value);
+//     //     }
+
+//     //     if (result.length > 0 && parent && typeof index === "number") {
+//     //       if (start < node.value.length) {
+//     //         result.push({ type: "text", value: node.value.slice(start) });
+//     //       }
+
+//     //       parent.children.splice(index, 1, ...result);
+//     //       return index + result.length;
+//     //     }
+//     //   });
+
+//       /** add classnames to headings within blockquotes,
+//        * mainly to identify when using other plugins that
+//        * might interfere. for eg, rehype-auto-link-headings.
+//        */
+//       visit(node, "heading", (node) => {
+//         const heading = node as Heading;
+//         heading.data = {
+//           hProperties: {
+//             className: "blockquote-heading",
+//           },
+//         };
+//       });
+
+//       // wrap blockquote in a div
+//       const wrapper = {
+//         ...node,
+//         type: "element",
+//         tagName: "div",
+//         data: {
+//           hProperties: {},
+//         },
+//         children: [node],
+//       };
+
+//       parent.children.splice(Number(index), 1, wrapper);
+
+//       const blockquote = wrapper.children[0] as Blockquote;
+
+//       blockquote.data = {
+//         hProperties: {
+//           className: "blockquote",
+//         },
+//       };
+//       console.log(blockquote)
+
+//       // check for callout syntax starts here
+//       if (
+//         blockquote.children.length <= 0 ||
+//         blockquote.children[0].type !== "paragraph"
+//       )
+//         return;
+//       const paragraph = blockquote.children[0];
+//       console.log(paragraph)
+
+//       if (
+//         paragraph.children.length <= 0 ||
+//         paragraph.children[0].type !== "text"
+//       )
+//         return;
+
+//       const [t, ...rest] = paragraph.children;
+
+//       const regex = new RegExp(
+//         `^\\[!(?<keyword>(.*?))\\][\t\f ]?(?<title>.*?)$`,
+//         "gi"
+//       );
+//       const m = regex.exec(t.value);
+
+//       // if no callout syntax, forget about it.
+//       if (!m) return;
+
+//       const [key, title] = [m.groups?.keyword, m.groups?.title];
+
+//       // if there's nothing inside the brackets, is it really a callout ?
+//       if (!key) return;
+
+//       const keyword = key.toLowerCase();
+//     //   const isOneOfKeywords: boolean = new RegExp(defaultKeywords).test(
+//     //     keyword
+//     //   );
+
+//       if (title) {
+//         const mdast = fromMarkdown(title.trim()).children[0];
+//         if (mdast.type === "heading") {
+//           mdast.data = {
+//             ...mdast.data,
+//             hProperties: {
+//               className: "blockquote-heading",
+//             },
+//           };
+//         }
+//         blockquote.children.unshift(mdast as BlockContent);
+//       } else {
+//         t.value =
+//           typeof keyword.charAt(0) === "string"
+//             ? keyword.charAt(0).toUpperCase() + keyword.slice(1)
+//             : keyword;
+//       }
+
+//       const entry: { [index: string]: string } = {};
+
+//     //   if (isOneOfKeywords) {
+//         // if (typeof config?.types[keyword] === "string") {
+//         //   const e = String(config?.types[keyword]);
+//         //   Object.assign(entry, config?.types[e]);
+//         // } else {
+//         //   Object.assign(entry, config?.types[keyword]);
+//         // }
+//     //   } else {
+//         // Object.assign(entry, config?.types["note"]);
+//     //   }
+
+//       let parsedSvg;
+
+//       if (entry && entry.svg) {
+//         parsedSvg = parse(entry.svg);
+//       }
+
+//       // create icon and title node wrapped in div
+//       const titleNode: object = {
+//         type: "element",
+//         children: [
+//           {
+//             type: "element",
+//             tagName: "span",
+//             data: {
+//               hName: "span",
+//               hProperties: {
+//                 style: `color:${entry?.color}`,
+//                 className: "callout-icon",
+//               },
+//               hChildren: parsedSvg?.children ? parsedSvg.children : [],
+//             },
+//           },
+//           {
+//             type: "element",
+//             children: title ? [blockquote.children[0]] : [t],
+//             data: {
+//               hName: "strong",
+//             },
+//           },
+//         ],
+//         data: {
+//           ...blockquote.children[0]?.data,
+//           hProperties: {
+//             className: `${formatClassNameMap(config.classNameMaps.title)(
+//               keyword
+//             )} ${"note"}`,
+//             style: `background-color: ${entry?.color}1a;`,
+//           },
+//         },
+//       };
+
+//       // remove the callout paragraph from the content body
+//       if (title) {
+//         blockquote.children.shift();
+//       }
+
+//       if (rest.length > 0) {
+//         rest.shift();
+//         paragraph.children = rest;
+//       } else {
+//         blockquote.children.shift();
+//       }
+
+//       // wrap blockquote content in div
+//       const contentNode: object = {
+//         type: "element",
+//         children: blockquote.children,
+//         data: {
+//           hProperties: {
+//             className: "callout-content",
+//             style:
+//               parent.type !== "root"
+//                 ? `border-right:1px solid ${entry?.color}33;
+//                 border-bottom:1px solid ${entry?.color}33;`
+//                 : "",
+//           },
+//         },
+//       };
+
+//       if (blockquote.children.length > 0)
+//         blockquote.children = [contentNode] as BlockContent[];
+//       blockquote.children.unshift(titleNode as BlockContent);
+
+//       // Add classes for the callout block
+//       blockquote.data = config.dataMaps.block({
+//         ...blockquote.data,
+//         hProperties: {
+//           className: formatClassNameMap(config.classNameMaps.block)(
+//             keyword.toLowerCase()
+//           ),
+//           style: `border-left-color:${entry?.color};`,
+//         },
+//       });
+//     });
+//   };
+};
+
+export default callouts;
@@ -0,0 +1,245 @@
+'use strict';
+
+import trim from "trim";
+
+
+export default blockquote;
+
+var C_NEWLINE = '\n';
+var C_TAB = '\t';
+var C_SPACE = ' ';
+var C_GT = '>';
+// TODO:
+// - Grow/shrink support
+// - Customise AST output
+
+/* Tokenise a blockquote. */
+function blockquote(eat: { (arg0: string): any; (arg0: string): any; now: any; }, value: string, silent: boolean) {
+    var self = this;
+    var offsets = self.offset;
+    var tokenizers = self.blockTokenizers;
+    var interruptors = [
+        ['indentedCode', { commonmark: true }],
+        ['fencedCode', { commonmark: true }],
+        ['atxHeading', { commonmark: true }],
+        ['setextHeading', { commonmark: true }],
+        ['thematicBreak', { commonmark: true }],
+        ['html', { commonmark: true }],
+        ['list', { commonmark: true }],
+        ['definition', { commonmark: false }],
+        ['footnote', { commonmark: false }]
+    ];
+    var now = eat.now();
+    var currentLine = now.line;
+    var length = value.length;
+    var values = [];
+    var contents = [];
+    var indents = [];
+    var add;
+    var index = 0;
+    var character;
+    var rest;
+    var nextIndex;
+    var content;
+    var line;
+    var startIndex;
+    var prefixed;
+    var exit;
+
+    while (index < length) {
+        character = value.charAt(index);
+
+        if (character !== C_SPACE && character !== C_TAB) {
+            break;
+        }
+
+        index++;
+    }
+
+    if (value.charAt(index) !== C_GT) {
+        return;
+    }
+
+    const regex = /^>\s*\[!(?<keyword>(.*?))\][\t\f ]?(?<title>.*?)$/i;
+    nextIndex = value.indexOf(C_NEWLINE, index);
+    content = value.slice(index, nextIndex);
+    const m = regex.exec(content); // value.slice(index)
+    if (!m) {
+        return;
+    }
+    if (!m.groups?.keyword) return;
+
+    if (silent) {
+        return true;
+    }
+
+    index = 0;
+    let titleLine = true
+    while (index < length) {
+        nextIndex = value.indexOf(C_NEWLINE, index);
+        startIndex = index;
+        prefixed = false;
+
+        if (nextIndex === -1) {
+            nextIndex = length;
+        }
+
+        while (index < length) {
+            character = value.charAt(index);
+
+            if (character !== C_SPACE && character !== C_TAB) {
+                break;
+            }
+
+            index++;
+        }
+
+        if (value.charAt(index) === C_GT) {
+            index++;
+            prefixed = true;
+
+            if (value.charAt(index) === C_SPACE) {
+                index++;
+            }
+        } else {
+            index = startIndex;
+        }
+
+        //   regex.lastIndex = index
+
+        content = value.slice(index, nextIndex);
+
+        if (!prefixed && !trim(content)) {
+            index = startIndex;
+            break;
+        }
+
+        if (!prefixed) {
+            rest = value.slice(index);
+
+            /* Check if the following code contains a possible
+             * block. */
+            if (interrupt(interruptors, tokenizers, self, [eat, rest, true])) {
+                break;
+            }
+        }
+
+        line = startIndex === index ? content : value.slice(startIndex, nextIndex);
+
+        indents.push(index - startIndex);
+        values.push(line);
+        if (titleLine) {
+            titleLine = false
+        } else {
+            contents.push(content);
+        }
+
+        index = nextIndex + 1;
+    }
+
+    index = -1;
+    length = indents.length;
+    add = eat(values.join(C_NEWLINE));
+
+    while (++index < length) {
+        offsets[currentLine] = (offsets[currentLine] || 0) + indents[index];
+        currentLine++;
+    }
+
+    exit = self.enterBlock();
+    const title = self.tokenizeInline(m.groups?.title, now);
+    contents = self.tokenizeBlock(contents.join(C_NEWLINE), now);
+    exit();
+    // console.log(title,)
+    return add({
+        type: 'callout',
+        children: [{
+            type: "heading",
+            children: title,
+            data: { hName: 'svelte:fragment',
+            hProperties: {
+                slot: "title"
+            } }
+        }, {
+            type: "block",
+            children: contents,
+            data: { hName: 'svelte:fragment',
+            hProperties: {
+                slot: "body"
+            } }
+        }],
+        keyword: m.groups?.keyword,
+        data: {
+            hName: 'Components.Callout',
+            hProperties: {
+                "calloutType": m.groups?.keyword
+            },
+        }
+    });
+    // return add({
+    //     type: 'callout',
+    //     children: [{
+    //         type: "heading",
+    //         children: title,
+    //         data: { hName: 'div',
+    //         hProperties: {
+    //             className: "callout-title"
+    //         } }
+    //     }, {
+    //         type: "block",
+    //         children: contents,
+    //         data: { hName: 'div',
+    //         hProperties: {
+    //             className: "callout-content"
+    //         } }
+    //     }],
+    //     keyword: m.groups?.keyword,
+    //     data: {
+    //         hName: 'div',
+    //         hProperties: {
+    //             className: "callout",
+    //             "data-callout": m.groups?.keyword
+    //         },
+    //     }
+    // });
+}
+
+function interrupt(interruptors, tokenizers, ctx, params) {
+    var bools = ['pedantic', 'commonmark'];
+    var count = bools.length;
+    var length = interruptors.length;
+    var index = -1;
+    var interruptor;
+    var config;
+    var fn;
+    var offset;
+    var bool;
+    var ignore;
+
+    while (++index < length) {
+        interruptor = interruptors[index];
+        config = interruptor[1] || {};
+        fn = interruptor[0];
+        offset = -1;
+        ignore = false;
+
+        while (++offset < count) {
+            bool = bools[offset];
+
+            if (config[bool] !== undefined && config[bool] !== ctx.options[bool]) {
+                ignore = true;
+                break;
+            }
+        }
+
+        if (ignore) {
+            continue;
+        }
+
+        if (tokenizers[fn].apply(ctx, params)) {
+            return true;
+        }
+    }
+
+    return false;
+}
@@ -0,0 +1,14 @@
+{
+    "compilerOptions": {
+        "target": "es2020",
+        "module": "esnext",
+        "strict": true,
+        "esModuleInterop": true,
+        "moduleResolution": "node",
+        "skipLibCheck": true,
+        "noImplicitAny": true,
+        "allowJs": true,
+        "noEmit": true,
+        "resolveJsonModule": true
+    }
+}
@@ -0,0 +1,2 @@
+dist
+node_modules
@@ -0,0 +1,38 @@
+{
+  "name": "vite-plugin-thumbhash-svg",
+  "version": "1.0.0",
+  "description": "",
+  "type": "module",
+  "main": "dist/index.esm.js",
+  "exports": {
+    "import": "./dist/index.esm.js",
+    "require": "./dist/index.cjs.js",
+    "types": "./dist/index.d.ts"
+  },
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "rollup -c",
+    "prepublish": "rollup -c",
+    "dev": "rollup -c -w",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@rollup/plugin-typescript": "^11.1.6",
+    "@types/node": "^20.14.2",
+    "rollup": "^4.18.0",
+    "rollup-plugin-dts": "^6.1.1",
+    "vite": "^5.3.1"
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@napi-rs/canvas": "^0.1.53",
+    "@resvg/resvg-js": "^2.6.2",
+    "@rollup/pluginutils": "^5.1.0",
+    "thumbhash-node": "^0.1.3"
+  }
+}
@@ -0,0 +1,20 @@
+// rollup.config.js
+import typescript from '@rollup/plugin-typescript';
+import { dts } from "rollup-plugin-dts";
+import pkg from './package.json' with { type: "json" };
+
+export default [
+    {
+        input: 'src/index.ts',
+        output: [
+            { file: pkg.exports.require, format: 'cjs' },
+            { file: pkg.exports.import, format: 'es' }
+        ],
+        plugins: [typescript()]
+    },
+    {
+        input: 'src/index.ts',
+        output: [{ file: pkg.exports.types, format: 'es' }],
+        plugins: [dts()],
+    }
+];
@@ -0,0 +1,236 @@
+import { createFilter } from '@rollup/pluginutils'
+import { basename } from 'node:path'
+import { relative } from 'node:path/posix'
+import { readFile, access } from 'node:fs/promises'
+import { constants } from 'node:fs'
+import { extname } from 'node:path';
+
+import { loadImage, createCanvas, ImageData } from '@napi-rs/canvas'
+import { Resvg } from '@resvg/resvg-js'
+import { rgbaToThumbHash, thumbHashToRGBA } from 'thumbhash-node'
+import type { Plugin, ResolvedConfig } from 'vite'
+
+export type OutputExtension = 'png' | 'jpg' | 'webp' | 'avif'
+
+export type Options =
+    | {
+        include?: Array<string | RegExp> | string | RegExp
+        exclude?: Array<string | RegExp> | string | RegExp
+        outputExtension?: OutputExtension
+    }
+    | undefined
+
+interface LoaderParams {
+    thumbSrc: string
+    thumbWidth: number
+    thumbHeight: number
+    originalSrc: string
+    originalWidth: number
+    originalHeight: number
+}
+
+const loader = (params: LoaderParams) => {
+    return `export default ${JSON.stringify(params)}`
+}
+
+async function loadImageAndConvertToRgba(path: string) {
+    const maxSize = 100
+    const imgPath = path
+    let image;
+    //   console.log(path, extname(path))
+    if (extname(path) === ".svg") {
+        const svg = await readFile(imgPath);
+        const resvg = new Resvg(svg)
+        const render = resvg.render()
+        image = await loadImage(render.asPng())
+    } else {
+        // canvas handles all file loading for us
+        image = await loadImage(imgPath)
+
+    }
+    const width = image.width
+    const height = image.height
+
+    const scale = maxSize / Math.max(width, height)
+    const resizedWidth = Math.round(width * scale)
+    const resizedHeight = Math.round(height * scale)
+
+    const canvas = createCanvas(resizedWidth, resizedHeight)
+    const ctx = canvas.getContext('2d')
+    ctx.drawImage(image, 0, 0, resizedWidth, resizedHeight)
+
+    const imageData = ctx.getImageData(0, 0, resizedWidth, resizedHeight)
+    const rgba = new Uint8Array(imageData.data)
+
+    return {
+        originalWidth: width,
+        originalHeight: height,
+        height: imageData.height,
+        width: imageData.width,
+        rgba,
+    }
+}
+
+const fromRGBAToImageBuffer = (
+    rgba: Uint8Array,
+    mimeType: MimeType,
+    width: number,
+    height: number
+) => {
+    const thumb = rgbaToThumbHash(width, height, rgba)
+    const transformedRgba = thumbHashToRGBA(thumb)
+    const imageData = new ImageData(
+        new Uint8ClampedArray(transformedRgba.rgba),
+        transformedRgba.width,
+        transformedRgba.height
+    )
+
+    const canvas = createCanvas(transformedRgba.width, transformedRgba.height)
+    const context = canvas.getContext('2d')
+    //@ts-ignore
+    context.putImageData(imageData, 0, 0)
+    //@ts-ignore
+    const buffer = canvas.toBuffer(mimeType)
+
+    return buffer
+}
+
+type MimeType = 'image/webp' | 'image/jpeg' | 'image/avif' | 'image/png'
+
+const extToMimeTypeMap: Record<OutputExtension, MimeType> = {
+    avif: 'image/avif',
+    jpg: 'image/jpeg',
+    png: 'image/png',
+    webp: 'image/webp',
+}
+
+export const blurRE = /(?:\?|&)th(umb)?(?:&|$)/
+const isThumbHash = (id: string) => {
+    return !!id.match(blurRE)
+}
+
+const cleanId = (id: string) => id.replace(blurRE, '')
+
+const buildViteAsset = (referenceId: string) => `__VITE_ASSET__${referenceId}__`
+
+const buildDataURL = (buf: Buffer, mimeType: MimeType) => {
+    const dataPrefix = `data:${mimeType};base64,`
+
+    const dataURL = `${dataPrefix}${buf.toString('base64')}`
+
+    return dataURL
+}
+
+async function exists(path: string) {
+    try {
+        await access(path, constants.F_OK)
+        return true
+    } catch {
+        return false
+    }
+}
+
+const thumbHash = (options: Options = {}): Plugin => {
+    const { include, exclude, outputExtension = 'png' } = options
+
+    const bufferMimeType = extToMimeTypeMap[outputExtension]
+
+    const filter = createFilter(include, exclude)
+
+    let config: ResolvedConfig
+
+    const cache = new Map<string, importItem>()
+    type importItem = {
+        thumbSrc: string;
+        thumbWidth: number;
+        thumbHeight: number;
+        originalSrc: string;
+        originalWidth: number;
+        originalHeight: number;
+    }
+
+    return {
+        name: 'vite-plugin-thumbhash',
+        enforce: 'pre',
+
+        configResolved(cfg) {
+            config = cfg
+        },
+
+
+        async load(id) {
+            if (!filter(id)) {
+                return null
+            }
+
+            if (isThumbHash(id)) {
+                const cleanedId = cleanId(id)
+
+                if (cache.has(id)) {
+                    let loadedSource = cache.get(id) as importItem
+                    if (config.command !== 'serve') {
+                        const originalRefId = this.emitFile({
+                            type: 'asset',
+                            name: basename(cleanedId),
+                            source: await readFile(cleanedId),
+                        })
+                        loadedSource.originalSrc = buildViteAsset(originalRefId);
+                    }
+                    return loader(loadedSource)
+                }
+
+                const { rgba, width, height, originalHeight, originalWidth } =
+                    await loadImageAndConvertToRgba(cleanedId)
+
+                const buffer = fromRGBAToImageBuffer(
+                    rgba,
+                    bufferMimeType,
+                    width,
+                    height
+                )
+
+                const dataURL = buildDataURL(buffer, bufferMimeType)
+
+                // const referenceId = this.emitFile({
+                //     type: 'asset',
+                //     name: basename(cleanedId).replace(
+                //         /\.(jpg)|(jpeg)|(png)|(webp)|(avif)|(svg)/g,
+                //         `.${outputExtension}`
+                //     ),
+                //     source: buffer,
+                // })
+                const originalSrc = relative(config.root, cleanedId);
+                const loadedSource = {
+                    thumbSrc: dataURL,
+                    thumbWidth: width,
+                    thumbHeight: height,
+                    originalSrc,
+                    originalWidth: originalWidth,
+                    originalHeight: originalHeight,
+                }
+
+                cache.set(id, loadedSource)
+
+                if (config.command !== 'serve') {
+                    const originalRefId = this.emitFile({
+                        type: 'asset',
+                        name: basename(cleanedId),
+                        source: await readFile(cleanedId),
+                    })
+                    loadedSource.originalSrc = buildViteAsset(originalRefId);
+                }
+
+                return loader(loadedSource)
+
+
+
+                // import.meta.ROLLUP_FILE_URL_
+
+            }
+
+            return null
+        },
+    }
+}
+
+export { thumbHash }
@@ -0,0 +1,14 @@
+{
+    "compilerOptions": {
+        "target": "es2020",
+        "module": "esnext",
+        "strict": true,
+        "esModuleInterop": true,
+        "moduleResolution": "node",
+        "skipLibCheck": true,
+        "noImplicitAny": true,
+        "allowJs": true,
+        "noEmit": true,
+        "resolveJsonModule": true
+    }
+}
@@ -0,0 +1,14 @@
+.DS_Store
+node_modules
+/build
+/.svelte-kit
+/package
+.env
+.env.*
+!.env.example
+.vercel
+.output
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*
+output
+Dockerfile
@@ -0,0 +1,20 @@
+.DS_Store
+node_modules
+/build
+/.svelte-kit
+/package
+.env.sentry-build-plugin
+.env
+.env.*.local
+!.env.example
+.vercel
+.output
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*
+output
+Notes-1.0.0.tgz
+# Sentry Config File
+.sentryclirc
+
+# Sentry Config File
+.env.sentry-build-plugin
@@ -0,0 +1 @@
+engine-strict=true
@@ -0,0 +1,33 @@
+# build the sapper app
+FROM node:latest AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+ENV CI=1
+RUN corepack enable
+COPY ./../.. /app/
+WORKDIR /app
+
+# FROM base AS prod-deps
+# RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
+
+FROM base AS deps
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+# RUN cd packages/website; --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+FROM deps as build
+ENV NODE_OPTIONS="--max-old-space-size=4096"
+RUN cd packages/website; pnpm run build
+
+RUN cd packages/website; node server-esbuild.js
+
+FROM node:alpine
+
+WORKDIR /app
+
+COPY --from=build /app/packages/website/output .
+COPY --from=build /app/packages/website/build/client ./client/
+COPY --from=build /app/packages/website/build/prerendered ./prerendered/
+COPY --from=base /app/packages/website/package.json ./package.json
+
+ENV NODE_ENV production
+EXPOSE 3000
+CMD ["node", "."]
@@ -0,0 +1,44 @@
+<div
+  style={{
+    display: 'flex',
+    height: '100%',
+    width: '100%',
+    padding: '10px 20px',
+    // alignItems: 'center',
+    justifyContent: 'center',
+    flexDirection: 'column',
+    backgroundImage: 'linear-gradient(to bottom, #dbf4ff, #eff3fc)',
+    fontSize: 60,
+    // letterSpacing: -2,
+    fontWeight: 700,
+    // textAlign: 'center',
+  }}
+  >
+  <div style={{
+      fontSize: 15,
+      fontWeight: 600,
+      textTransform: 'uppercase',
+      letterSpacing: 1,
+      margin: '25px 0 10px',
+      color: 'gray',
+    }}>jade.ellis.link
+    </div>
+    <div 
+    style={{
+      backgroundImage: 'linear-gradient(90deg, rgb(30, 42, 85), rgb(22, 61, 120))',
+      backgroundClip: 'text',
+      '-webkit-background-clip': 'text',
+      color: 'transparent',
+    }}>The Potential Pitfalls of Pagination</div>
+    <aside style={{
+      fontSize: 20,
+      fontWeight: 500,
+      color:'#202020',
+      margin: '10px 0 10px',
+    }}>
+        Published on 
+        · By Jade Ellis
+        ·  4 min read
+    </aside>
+</div>
+
@@ -0,0 +1,30 @@
+{
+	"$schema": "https://biomejs.dev/schemas/1.9.0/schema.json",
+	"vcs": {
+		"enabled": true,
+		"clientKind": "git",
+		"useIgnoreFile": true
+	},
+	"files": {
+		"ignoreUnknown": false,
+		"ignore": []
+	},
+	"formatter": {
+		"enabled": true,
+		"indentStyle": "tab"
+	},
+	"organizeImports": {
+		"enabled": true
+	},
+	"linter": {
+		"enabled": true,
+		"rules": {
+			"recommended": true
+		}
+	},
+	"javascript": {
+		"formatter": {
+			"quoteStyle": "double"
+		}
+	}
+}
@@ -0,0 +1,68 @@
+const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
+import { SENTRY_HOST } from './src/lib/config.js';
+import { SENTRY_REPORT_URL } from './src/lib/config.js';
+
+const self = "'self'";
+const none = "'none'";
+/**
+ * @type {import("@sveltejs/kit").CspDirectives}
+ */
+const cspDirectives = {
+    'base-uri': [self],
+    'child-src': [self, "blob:"],
+    'connect-src': [self, "https://*.google-analytics.com", "https://" + SENTRY_HOST],
+    // 'connect-src': [self, 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'img-src': [self, 'data:',
+        'https://*.googletagmanager.com'],
+    'font-src': [self, 'data:'],
+    'form-action': [self],
+    'frame-ancestors': [self],
+    'frame-src': [
+        self,
+        // "https://*.stripe.com",
+        // "https://*.facebook.com",
+        // "https://*.facebook.net",
+        // 'https://hcaptcha.com',
+        // 'https://*.hcaptcha.com',
+    ],
+    'manifest-src': [self],
+    'media-src': [self, 'data:'],
+    'object-src': [none],
+    'style-src': [self, "unsafe-inline"],
+    // 'style-src': [self, "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'default-src': [
+        'self',
+        ...(rootDomain ? [rootDomain, `ws://${rootDomain}`] : []),
+        // 'https://*.google.com',
+        // 'https://*.googleapis.com',
+        // 'https://*.firebase.com',
+        // 'https://*.gstatic.com',
+        // 'https://*.cloudfunctions.net',
+        // 'https://*.algolia.net',
+        // 'https://*.facebook.com',
+        // 'https://*.facebook.net',
+        // 'https://*.stripe.com',
+        // 'https://*.sentry.io',
+    ],
+    'script-src': [
+        self,
+        // "unsafe-inline", // chrome suggestion
+        'https://*.googletagmanager.com'
+        // 'https://*.stripe.com',
+        // 'https://*.facebook.com',
+        // 'https://*.facebook.net',
+        // 'https://hcaptcha.com',
+        // 'https://*.hcaptcha.com',
+        // 'https://*.sentry.io',
+        // 'https://polyfill.io',
+    ],
+    'worker-src': [self, "blob:"],
+    // remove report-to & report-uri if you do not want to use Sentry reporting
+    'report-to': ["csp-endpoint"],
+    'report-uri': [
+        SENTRY_REPORT_URL,
+    ],
+};
+
+
+export default cspDirectives;
@@ -0,0 +1,387 @@
+// https://github.com/String10/Hakuba/blob/master/package.json
+// import { defineMDSveXConfig as defineConfig } from "mdsvex";
+// import type { Plugin, Settings } from 'unified';
+
+import remarkGfm from "remark-gfm";
+import remarkFrontmatter from "remark-frontmatter";
+import remarkWikiLink from "remark-wiki-link";
+
+import remarkMath from "remark-math"
+// @ts-ignore
+import remarkAbbr from "remark-abbr"
+import remarkFootnotes from 'remark-footnotes'
+import remarkCallouts from "remark-callouts";
+
+import rehypeKatexSvelte from 'rehype-katex-svelte';
+// import github from "remark-github";
+
+import rehypeSlug from 'rehype-slug';
+import remarkReadingTime from "remark-reading-time";
+// import rehypeToc from '@jsdevtools/rehype-toc';
+import { createHighlighter } from "@bitmachina/highlighter";
+
+import { parse, format } from "node:path";
+
+import slugify from 'slugify';
+
+export const NOTE_ICON = '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><line x1="18" y1="2" x2="22" y2="6"></line><path d="M7.5 20.5 19 9l-4-4L3.5 16.5 2 22z"></path></svg>';
+
+export const QUOTE_ICON = '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M3 21c3 0 7-1 7-8V5c0-1.25-.756-2.017-2-2H4c-1.25 0-2 .75-2 1.972V11c0 1.25.75 2 2 2 1 0 1 0 1 1v1c0 1-1 2-2 2s-1 .008-1 1.031V20c0 1 0 1 1 1z"></path><path d="M15 21c3 0 7-1 7-8V5c0-1.25-.757-2.017-2-2h-4c-1.25 0-2 .75-2 1.972V11c0 1.25.75 2 2 2h.75c0 2.25.25 4-2.75 4v3c0 1 0 1 1 1z"></path></svg>';
+
+export const INFO_ICON = '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"></circle><line x1="12" y1="16" x2="12" y2="12"></line><line x1="12" y1="8" x2="12.01" y2="8"></line></svg>';
+
+export const ICONS = {
+    note: NOTE_ICON,
+    quote: QUOTE_ICON,
+    info: INFO_ICON,
+};
+
+import { globSync } from 'glob'
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+
+const projects = globSync('node_modules/Notes/Projects/*.md')
+    .map((filepath) => {
+        return parse(filepath)
+    })
+    .map((path) => {
+        return format({
+            // ...path,
+            name: slugify(path.name, { lower: true }),
+            // base: undefined,
+            // root: "",
+            // ext: undefined,
+            // dir: path.dir.replace("/node_modules/Notes/Projects", "")
+        })
+    })
+/**
+ * @type {string[]}
+ */
+const permalinks = projects.map((p) => "/projects/" + p)
+
+// console.log(permalinks)
+
+/**
+ * @param {string} pageName
+ * @returns {string[]}
+ */
+function pageResolver(pageName) {
+    const slug = slugify(pageName, { lower: true });
+    return ["/", "/projects/"].map((p) => p + slug);
+}
+import { grammars } from 'tm-grammars'
+// console.log()
+
+/**
+ * @param {string} name
+ */
+function getGrammar(name) {
+    const metadata = grammars.find((grammar) => grammar.name == name)
+    if (!metadata) {
+        throw "Grammar not found"
+    }
+    return {
+        ...metadata,
+        id: name,
+
+        grammar: JSON.parse(readFileSync(fileURLToPath(import.meta.resolve('tm-grammars/grammars/' + name + '.json')), 'utf8')),
+    }
+}
+
+const hrefTemplate = (/** @type {string} */ permalink) => permalink
+
+// function customizeTOC(toc) {
+//     // console.log(toc)
+
+//     return {
+//         type: 'root',
+//         children: [{
+//             type: "element",
+//             // tagName: "svelte:component",
+//             // properties: { this: "{tocComponent}" },
+//             tagName: "div",
+//             properties: {},
+//             children: [toc],
+//         }]
+//     };
+// }
+/**
+ * @param {{level: number, title: string}[]} headings
+ */
+function buildNestedHeadings(headings) {
+    /**
+     * @type {{level: number, title: string, children: unknown}[]}
+     */
+    const result = [];
+    const stack = [{ level: 0, children: result }];
+
+    for (const heading of headings) {
+        while (
+            stack.length > 1 &&
+            heading.level <= stack[stack.length - 1].level
+        ) {
+            stack.pop();
+        }
+        const parent = stack[stack.length - 1];
+        const newHeading = {
+            ...heading,
+            children: [],
+            level: heading.level,
+        };
+        parent.children.push(newHeading);
+        stack.push(newHeading);
+    }
+
+    return result;
+}
+import { visit } from 'unist-util-visit';
+import { toString as mdast_tree_to_string } from 'mdast-util-to-string'
+
+
+import GithubSlugger from 'github-slugger'
+/**
+ * @param {{ prefix?: string; }} opts
+ */
+function add_toc_remark(opts) {
+    const slugs = new GithubSlugger()
+    const prefix = opts?.prefix || "";
+    return async function transformer(tree, vFile) {
+        slugs.reset()
+
+        vFile.data.flattenedHeadings = [];
+
+        visit(tree, 'heading', (node) => {
+            const title = mdast_tree_to_string(node);
+            vFile.data.flattenedHeadings.push({
+                level: node.depth,
+                title,
+                id: prefix + slugs.slug(title)
+            });
+        });
+
+        if (!vFile.data.fm) vFile.data.fm = {};
+        vFile.data.fm.flattenedHeadings = vFile.data.flattenedHeadings;
+        vFile.data.fm.headings = buildNestedHeadings(vFile.data.flattenedHeadings);
+    };
+}
+
+function add_data_to_fm(_opts) {
+    return async function transformer(tree, vFile) {
+        if (!vFile.data.fm) vFile.data.fm = {};
+
+        vFile.data.fm.readingTime = vFile.data.readingTime;
+    };
+}
+import { toString as hast_tree_to_string } from 'hast-util-to-string'
+/**
+ * Determines whether the given node is an HTML element.
+ */
+function isHtmlElementNode(node) {
+    return typeof node === "object" &&
+        node.type === "element" &&
+        typeof node.tagName === "string" &&
+        "properties" in node &&
+        typeof node.properties === "object";
+}
+const HEADINGS = ["h1", "h2", "h3", "h4", "h5", "h6"]
+/**
+ * Determines whether the given node is an HTML heading node, according to the specified options
+ */
+function isHeadingNode(node) {
+    return isHtmlElementNode(node) && HEADINGS.includes(node.tagName);
+}
+function add_toc_rehype(self, opts) {
+    return async function transformer(tree, vFile) {
+        // console.log(tree)
+        vFile.data.headings = [];
+
+        visit(tree, isHeadingNode, (node) => {
+            // console.log(node)
+            vFile.data.headings.push({
+                level: node.depth,
+                title: hast_tree_to_string(node),
+            });
+        });
+
+        if (!vFile.data.fm) vFile.data.fm = {};
+        vFile.data.fm.headings = vFile.data.headings;
+    };
+}
+
+
+import toCamel from "just-camel-case";
+const RE_SCRIPT_START =
+    /<script(?:\s+?[a-zA-z]+(=(?:["']){0,1}[a-zA-Z0-9]+(?<!module)(?:["']){0,1}){0,1})*\s*?>/;
+function vite_images_rehype(opts) {
+    return async function transformer(tree, vFile) {
+        const urls = new Map();
+        const url_count = new Map();
+
+        /**
+         * @param {string} url
+         */
+        function transformUrl(url) {
+            // url = decodeURIComponent(url)
+            // console.log("decoded", url)
+
+            // filenames can start with digits,
+            // prepend underscore to guarantee valid module name
+            let camel = `_${toCamel(url)}`;
+            const count = url_count.get(camel);
+            const dupe = urls.get(url);
+
+            if (count && !dupe) {
+                url_count.set(camel, count + 1);
+                camel = `${camel}_${count}`;
+            } else if (!dupe) {
+                url_count.set(camel, 1);
+            }
+
+            urls.set(url, {
+                path: url,
+                id: camel
+            });
+
+            return camel;
+
+
+        }
+        // console.log(tree)
+        // vFile.data.headings = [];
+
+        // console.log(tree)
+        visit(tree, { tagName: "img" }, (node) => {
+            let url = node.properties.src;
+            url = (url.includes("?") ? url + "&" : url + "?") + "url";
+
+            node.properties.src = `{${transformUrl(url)}}`
+            // new URL('./img.png', import.meta.url).href
+            // vFile.data.headings.push({
+            //     level: node.depth,
+            //     title: hast_tree_to_string(node),
+            // });
+        });
+        visit(tree, { tagName: "Components.img" }, (node) => {
+            let url = node.properties.src;
+            const thumb = (url.includes("?") ? url + "&" : url + "?") + "thumb";
+            url = (url.includes("?") ? url + "&" : url + "?") + "url";
+
+            node.properties.src = `{${transformUrl(url)}}`
+            node.properties.thumb = `{${transformUrl(thumb)}}`
+            // node.properties.src = `{new URL('${url}', import.meta.url)}`
+            // new URL('./img.png', import.meta.url).href
+            // vFile.data.headings.push({
+            //     level: node.depth,
+            //     title: hast_tree_to_string(node),
+            // });
+        });
+
+        let scripts = "";
+        urls.forEach((x) => (scripts += `import ${x.id} from "./${x.path}";\n`));
+        // urls.forEach((x) => (scripts += `const ${x.id} = new URL("${x.path}", import.meta.url);\n`));
+        // console.log(scripts)
+        // urls.forEach((x) => {
+        //     if (x.meta) {
+        //         let a = ["src", "width", "height"]
+        //         scripts += `import {${a.map((a) => a + " as " + x.id + "_" + a).join(",")}} from "${x.path.includes("?") ? x.path + "&as=metadata" : x.path + "?as=metadata:src;width;height"}";\n`
+        //     }
+        // });
+
+        let is_script = false;
+
+        visit(tree, { type: "raw" }, (node) => {
+            // console.log(node)
+            if (RE_SCRIPT_START.test(node.value)) {
+                // console.log("inserting")
+                is_script = true;
+                node.value = node.value.replace(RE_SCRIPT_START, (script) => {
+                    return `${script}\n${scripts}`;
+                });
+            }
+        });
+
+        if (!is_script) {
+            tree.children.push({
+                type: 'raw',
+                value: `<script>\n${scripts}</script>`,
+            })
+        }
+
+    };
+}
+/**
+ * @type {import("mdsvex").MdsvexOptions}
+ */
+const config = {
+    extensions: [".svelte.md", ".md", ".svx"],
+
+    //   fences: true,
+    //   ruleSpaces: false,
+    smartypants: {
+        dashes: "oldschool",
+    },
+
+    layout: {
+        _: "./src/lib/mdlayouts/default.svelte"
+    },
+
+    highlight: {
+        // @ts-ignore
+        highlighter: await createHighlighter({ theme: "github-dark", langs: ["http", "jsx", "javascript", "typescript", "rust"].map(getGrammar) }),
+        alias: {
+            ts: "typescript",
+            mdx: "markdown",
+            svelte: "svelte",
+            svx: "svx",
+            mdsvex: "svx",
+            sig: "ts",
+        }
+    },
+
+    remarkPlugins: [
+        // remarkFrontmatter,
+        // [github, {repository}],
+        remarkMath,
+        remarkAbbr,
+        [remarkFootnotes, { inlineNotes: true }],
+        remarkGfm,
+        [remarkCallouts, {}],
+        [remarkWikiLink, {
+            // @ts-ignore
+            aliasDivider: "|",
+            permalinks,
+            pageResolver,
+            hrefTemplate,
+
+            // wikiLinkClassName,
+            // newClassName,
+        }],
+        // [citePlugin, {
+        //   syntax: {
+        //     // see micromark-extension-cite
+        //     enableAltSyntax: false,
+        //     enablePandocSyntax: true,
+        //   },
+        //   toMarkdown: {
+        //     // see mdast-util-cite
+        //     standardizeAltSyntax: false,
+        //     enableAuthorSuppression: true,
+        //     useNodeValue: false,
+        //   },
+        // }],
+        // [remarkBibliography, { bibliography }],
+        // [remarkMermaid, {}]
+        remarkReadingTime,
+        add_data_to_fm,
+        [add_toc_remark, { prefix: "h-" }]
+    ],
+    rehypePlugins: [
+        // @ts-ignore
+        rehypeKatexSvelte,
+        // @ts-ignore
+        [rehypeSlug, { prefix: "h-" }],
+        vite_images_rehype
+    ],
+};
+
+export default config;
@@ -0,0 +1,111 @@
+{
+  "name": "website",
+  "version": "0.0.1",
+  "scripts": {
+    "dev": "vite dev",
+    "build": "vite build",
+    "preview": "vite preview",
+    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+    "fix": "biome lint --write . && biome format --write . && biome check . --write"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "1.9.4",
+    "@bitmachina/highlighter": "1.0.0-alpha.6",
+    "@fontsource/fira-mono": "^5.1.0",
+    "@json-feed-types/1_1": "^1.0.2",
+    "@rollup/pluginutils": "^5.1.3",
+    "@sentry/esbuild-plugin": "^2.22.6",
+    "@sveltejs/adapter-auto": "^3.3.1",
+    "@sveltejs/adapter-node": "^5.2.9",
+    "@sveltejs/kit": "^2.8.2",
+    "@sveltejs/vite-plugin-svelte": "^4.0.1",
+    "@types/fnv-plus": "^1.3.2",
+    "@types/node": "^20.17.7",
+    "@types/polka": "^0.5.7",
+    "@types/sharedworker": "^0.0.115",
+    "dotenv": "^16.4.5",
+    "esbuild": "^0.23.1",
+    "github-slugger": "^2.0.0",
+    "glob": "^10.4.5",
+    "hast-util-to-string": "^3.0.1",
+    "just-camel-case": "^6.2.0",
+    "mdast-util-to-string": "^4.0.0",
+    "mdsvex": "^0.11.2",
+    "rehype-katex-svelte": "~1.2.0",
+    "rehype-slug": "^6.0.0",
+    "remark-abbr": "^1.4.2",
+    "remark-callouts": "workspace:^",
+    "remark-footnotes": "^2.0.0",
+    "remark-frontmatter": "^5.0.0",
+    "remark-gfm": "^4.0.0",
+    "remark-github": "^12.0.0",
+    "remark-math": "^3.0.1",
+    "remark-reading-time": "^2.0.1",
+    "remark-wiki-link": "^0.0.4",
+    "rollup": "^4.27.4",
+    "rollup-plugin-type-as-json-schema": "^0.2.6",
+    "rollup-plugin-visualizer": "^5.12.0",
+    "schema-dts": "^1.1.2",
+    "sharp": "^0.33.5",
+    "svelte": "^5.2.7",
+    "svelte-check": "^4.1.0",
+    "svelte-seo": "^1.6.1",
+    "sveltekit-html-minifier": "^1.0.4",
+    "svgo": "^3.3.2",
+    "tm-grammars": "^1.19.5",
+    "tslib": "^2.8.1",
+    "typescript": "^5.7.2",
+    "unified": "^11.0.5",
+    "unist-util-visit": "^5.0.0",
+    "vite": "^5.4.2",
+    "vite-plugin-image-optimizer": "^1.1.8",
+    "vite-plugin-thumbhash": "^0.1.6",
+    "vite-plugin-thumbhash-svg": "workspace:^"
+  },
+  "type": "module",
+  "dependencies": {
+    "@babel/preset-typescript": "^7.26.0",
+    "@codemirror/commands": "^6.7.1",
+    "@codemirror/lang-javascript": "^6.2.2",
+    "@codemirror/language": "^6.10.3",
+    "@codemirror/lint": "^6.8.3",
+    "@codemirror/state": "^6.4.1",
+    "@codemirror/view": "^6.35.0",
+    "@isaacs/ttlcache": "^1.4.1",
+    "@lezer/highlight": "^1.2.1",
+    "@octokit/types": "^13.6.1",
+    "@resvg/resvg-js": "^2.6.2",
+    "@sentry/sveltekit": "^8.40.0",
+    "@steeze-ui/svelte-icon": "^1.6.2",
+    "@tabler/icons-svelte": "^3.22.0",
+    "@tusbar/cache-control": "^1.0.2",
+    "@uiw/codemirror-theme-github": "^4.23.6",
+    "Notes": "file:Notes-1.0.0.tgz",
+    "acorn": "^8.14.0",
+    "codemirror": "^6.0.1",
+    "fnv-plus": "^1.3.1",
+    "magic-string": "^0.30.13",
+    "octokit": "^3.2.1",
+    "satori": "^0.10.14",
+    "slugify": "^1.6.6",
+    "super-sitemap": "^0.14.20",
+    "svelte-codemirror-editor": "^1.4.1",
+    "terser": "^5.36.0",
+    "xmlbuilder2": "^3.1.1"
+  },
+  "targets": {
+    "module": {
+      "context": "node",
+      "engines": {
+        "node": ">= 20"
+      },
+      "outputFormat": "esmodule",
+      "optimize": true,
+      "includeNodeModules": true
+    }
+  },
+  "@parcel/resolver-default": {
+    "packageExports": true
+  }
+}
@@ -0,0 +1,60 @@
+import { sentryEsbuildPlugin } from "@sentry/esbuild-plugin";
+import esbuild from "esbuild";
+
+// https://github.com/evanw/esbuild/pull/2067
+const ESM_REQUIRE_SHIM = `
+await (async () => {
+  const { dirname } = await import("path");
+  const { fileURLToPath } = await import("url");
+
+  /**
+   * Shim entry-point related paths.
+   */
+  if (typeof globalThis.__filename === "undefined") {
+    globalThis.__filename = fileURLToPath(import.meta.url);
+  }
+  if (typeof globalThis.__dirname === "undefined") {
+    globalThis.__dirname = dirname(globalThis.__filename);
+  }
+  /**
+   * Shim require if needed.
+   */
+  if (typeof globalThis.require === "undefined") {
+    const { default: module } = await import("module");
+    globalThis.require = module.createRequire(import.meta.url);
+  }
+})();
+`;
+const banner = {
+    "js": ESM_REQUIRE_SHIM
+};
+
+esbuild.build({
+    sourcemap: true, // Source map generation must be turned on
+    platform: "node", // Node.js platform
+    target: "node22.0", // Node.js version
+    entryPoints: ["./build/index.js"], // Entry point file
+    outdir: "./output", // Output directory
+    bundle: true, // Generate an external bundle
+    splitting: true, // Enable code splitting
+    format: "esm", // Output format
+    loader: {
+        ".node": "copy",
+    },
+    alias: {
+        "perf_hooks": "node:perf_hooks",
+    },
+    banner,
+    plugins: [
+        // Put the Sentry esbuild plugin after all other plugins
+        sentryEsbuildPlugin({
+            org: "jade-ellis",
+            project: "jade-website-sveltekit",
+            authToken: process.env.SENTRY_AUTH_TOKEN,
+            sourcemaps: {
+                // Specify the directory containing build artifacts
+                assets: "./output/**",
+            } 
+        }),
+    ],
+});
@@ -0,0 +1,15 @@
+// See https://kit.svelte.dev/docs/types#app
+// for information about these interfaces
+import type { Middleware } from "polka"
+type Req = Parameters<Middleware>[0]
+declare global {
+	namespace App {
+		// interface Error {}
+		// interface Locals {}
+		// interface PageData {}
+		// interface PageState {}
+		interface Platform {
+            req: Req
+        }
+	}
+}
--- a/Show More
+++ b/Show More