chore(deps): update ruma digest to 3ecd80b

Signed-off-by: stratself <stratself@noreply.forgejo.ellis.link>

.forgejo/actions/timelord/action.yml

@@ -71,7 +71,7 @@ runs:
 
     - name: Install timelord-cli and git-warp-time
       if: steps.check-binaries.outputs.need-install == 'true'
-      uses: https://github.com/taiki-e/install-action@b5fddbb5361bce8a06fb168c9d403a6cc552b084 # v2
+      uses: https://github.com/taiki-e/install-action@3235f8901fd37ffed0052b276cec25a362fb82e9 # v2
       with:
         tool: git-warp-time,timelord-cli@3.0.1
 

.forgejo/workflows/documentation.yml

@@ -56,7 +56,7 @@ jobs:
 
       - name: Deploy to Cloudflare Pages (Production)
         if: github.ref == 'refs/heads/main' && vars.CLOUDFLARE_PROJECT_NAME != ''
-        uses: https://github.com/cloudflare/wrangler-action@9acf94ace14e7dc412b076f2c5c20b8ce93c79cd # v3
+        uses: https://github.com/cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
@@ -64,7 +64,7 @@ jobs:
 
       - name: Deploy to Cloudflare Pages (Preview)
         if: github.ref != 'refs/heads/main' && vars.CLOUDFLARE_PROJECT_NAME != ''
-        uses: https://github.com/cloudflare/wrangler-action@9acf94ace14e7dc412b076f2c5c20b8ce93c79cd # v3
+        uses: https://github.com/cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}

.forgejo/workflows/element.yml

@@ -121,7 +121,7 @@ jobs:
       - name: 🚀 Deploy to Cloudflare Pages
         if: vars.CLOUDFLARE_PROJECT_NAME != ''
         id: deploy
-        uses: https://github.com/cloudflare/wrangler-action@9acf94ace14e7dc412b076f2c5c20b8ce93c79cd # v3
+        uses: https://github.com/cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}

.forgejo/workflows/mirror-images.yml

@@ -55,7 +55,7 @@ jobs:
       #     repositories: continuwuity
 
       - name: Install regsync
-        uses: https://github.com/regclient/actions/regsync-installer@f3c6d87835906c175eb6ccfc18b348b69bb447e7 # main
+        uses: https://github.com/regclient/actions/regsync-installer@c70ad64367908075211b10dcd2ab9fad4bfa1816 # main
 
       - name: Check what images need mirroring
         run: |

.forgejo/workflows/release-image.yml

@@ -216,7 +216,7 @@ jobs:
           path: binaries
           merge-multiple: true
       - name: Create Release and Upload
-        uses: https://github.com/softprops/action-gh-release@v2
+        uses: https://github.com/softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
         with:
           draft: true
           files: binaries/*

CONTRIBUTING.md

@@ -137,9 +137,9 @@ ### Commit Messages
 
 Examples:
 ```
-feat: add user authentication
-fix(database): resolve connection pooling issue
-docs: update installation instructions
+feat: Add user authentication
+fix(database): Resolve connection pooling issue
+docs: Update installation instructions
 ```
 
 The project uses the `committed` hook to validate commit messages in pre-commit. This ensures all commits follow the conventional format.

Cargo.lock

@@ -4528,7 +4528,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.15.1"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "assign",
  "js_int",
@@ -4547,7 +4547,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.15.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4559,7 +4559,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.23.1"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "as_variant",
  "assign",
@@ -4581,7 +4581,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.18.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -4614,7 +4614,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.33.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "as_variant",
  "indexmap",
@@ -4635,7 +4635,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.14.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "bytes",
  "headers",
@@ -4658,7 +4658,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.12.1"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "js_int",
  "thiserror",
@@ -4667,7 +4667,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.18.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "as_variant",
  "cfg-if",
@@ -4683,7 +4683,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.14.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4695,7 +4695,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.20.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -4711,7 +4711,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.16.0"
-source = "git+https://github.com/ruma/ruma.git?rev=9c9dccc93f054bbd28f23f630223fffa6289ecbc#9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+source = "git+https://github.com/ruma/ruma.git?rev=3ecd80b92794d2d93f657a7b3db62d4be237526b#3ecd80b92794d2d93f657a7b3db62d4be237526b"
 dependencies = [
  "js_int",
  "ruma-common",

Cargo.toml

@@ -352,7 +352,7 @@ version = "1.1.1"
 [workspace.dependencies.ruma]
 # version = "0.14.1"
 git = "https://github.com/ruma/ruma.git"
-rev = "9c9dccc93f054bbd28f23f630223fffa6289ecbc"
+rev = "3ecd80b92794d2d93f657a7b3db62d4be237526b"
 features = [
     "appservice-api-c",
     "client-api",

docs/advanced/dns.mdx

@@ -74,13 +74,11 @@ ## Unbound
 
 - Increase `discard-timeout` to something like `4800` to wait longer for upstream resolvers, as recursion can take a long time to respond to some domains. Continuwuity default to `dns_timeout = 10` seconds, so dropping requests early would lead to unnecessary retries and/or failures.
 
-### Using a forwarder (optional)
+### Recursion versus forwarding
 
-Unbound by default employs **recursive resolution** and contacts many servers around the world. If this is not performant enough, consider forwarding your queries to public resolvers to benefit from their CDNs and get faster responses.
+Unbound by default employs **recursive resolution** and contacts many servers around the world. While this allows updated and authoritative answers and are generally viable for most users, sometimes these recursive queries can be too slow to fully resolve. As an alternative, you can consider **forwarding** your queries to public resolvers, and benefit from faster responses from their CDNs.
 
-However, most popular upstreams (such as Google DNS or Quad9) employ IP ratelimiting, so a generous cache is still needed to avoid making too many queries.
-
-DNS-over-TLS forwarders may also be used should you need on-the-wire encryption, but TLS overhead causes some speed penalties.
+Do note that most popular upstreams (such as Google DNS or Quad9) employ IP ratelimiting, so a generous cache is still needed to avoid making too many queries.
 
 If you want to use forwarders, configure it as follows:
 
@@ -99,6 +97,8 @@ # Use cloudflare public resolvers as an example
     # forward-addr: 2606:4700:4700::1111@53
 
 # alternatively, use DNS-over-TLS for forwarders.
+# this will encrypt traffic between you and the forwarder,
+# but takes more time due to TLS overhead.
 # forward-zone:
     # name: "."
     # forward-tls-upstream: yes
@@ -133,9 +133,11 @@ ### dnsmasq
 
 [arch-linux-dnsmasq]: https://wiki.archlinux.org/title/Dnsmasq
 
-### Technitium
+### Technitium DNS
 
-[Technitium][technitium] supports recursion as well as a myriad of forwarding protocols, allows saving cache to disk natively, and does work well with Continuwuity. Its default configurations however ratelimits single-IP requests by a lot, and hence must be changed. You may consult this [community guide][technitium-continuwuity] for more details on setting up a dedicated Technitium for Continuwuity.
+[Technitium DNS Server][technitium] supports recursion as well as a myriad of forwarding protocols, allows saving cache to disk natively, and does work well with Continuwuity. Its out-of-the-box configs however ratelimits single-IP requests by a lot, and hence must be changed.
+
+You may consult this [community guide][technitium-continuwuity] for more details on setting up and fine-tuning a dedicated Technitium instance for Continuwuity.
 
 [technitium]: https://github.com/TechnitiumSoftware/DnsServer
 [technitium-continuwuity]: https://muoi.me/~stratself/articles/technitium-continuwuity/
@@ -150,11 +152,13 @@ ## Testing
 
 ## Further steps
 
-- (Recommended) Set **`dns_cache_entries = 0`** inside Continuwuity and fully rely on the more performant external resolver.
+It is recommended to set **`dns_cache_entries = 0`** inside Continuwuity to fully rely on the external resolver. While Continuwuity does have an internal cache, it can run into reliability issues if you're federating with many domains.
+
+Additionally, you can also make the following improvements:
 
 - Consider employing **persistent cache to disk**, so your resolver can still run without hassle after a restart. Unbound, via [Cache DB module][unbound-cachedb], can use Redis as a storage backend for this feature.
 
-- Consider [enabling **Serve Stale**][unbound-serve-stale] functionality to serve expired data beyond DNS TTLs. Since most Matrix homeservers have static IPs, this should help improve federation with them especially when upstream resolvers have timed out. For dnsproxy, this corresponds to its [optimistic caching options][dnsproxy-usage].
+- Consider [enabling **Serve Stale**][unbound-serve-stale] functionality to serve expired data beyond DNS TTLs. Since most Matrix homeservers have static IPs, this should still allow federating with them when upstream resolvers have timed out. For dnsproxy, this corresponds to its [optimistic caching options][dnsproxy-usage].
 
 - If you still experience DNS performance issues, another step could be to **disable DNSSEC** (which is computationally expensive) at a cost of slightly decreased security. On Unbound this is done by commenting out `trust-anchors` config options and removing the `validator` module.
 

docs/calls/livekit.mdx

@@ -25,9 +25,9 @@ ### 2. Services
 :::tip Generating the secrets
 LiveKit provides a utility to generate secure random keys
 ```bash
-~$ docker run --rm livekit/livekit-server:latest generate-keys
-API Key:  APIUxUnMnSkuFWV
-API Secret:  t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
+docker run --rm livekit/livekit-server:latest generate-keys
+# API Key:  APIUxUnMnSkuFWV
+# API Secret:  t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
 ```
 :::
 
@@ -262,14 +262,14 @@ # livekit.yaml
 
 ## Testing
 
-To test that LiveKit is successfully integrated with Continuwuity, you will need to replicate its [Token Exchange Flow](https://github.com/element-hq/lk-jwt-service#%EF%B8%8F-how-it-works--token-exchange-flow).
+To test that LiveKit is successfully integrated with Continuwuity, you will need to replicate its [Token Exchange Flow](https://github.com/element-hq/lk-jwt-service#%EF%B8%8F-how-it-works--token-exchange-flow). Follow the steps below while checking Docker logs (`docker-compose logs --follow`), in order to help [troubleshooting](#troubleshooting) any issues.
 
 First, you will need an access token for your current login session. These can be found in your client's settings or obtained via [this website](https://timedout.uk/mxtoken.html).
 
-Then, using that token, fetch the discovery endpoints for MatrixRTC services
+Then, using that token, fetch the discovery endpoints for MatrixRTC services:
 
 ```bash
-curl -X POST -H "Authorization: Bearer <session-access-token>" \
+curl -H "Authorization: Bearer <session-access-token>" \
   https://matrix.example.com/_matrix/client/unstable/org.matrix.msc4143/rtc/transports
 ```
 
@@ -318,7 +318,7 @@ ## Testing
 You can then send this payload to the lk-jwt-service:
 
 ```bash
-~$ curl -X POST -d @payload.json https://livekit.example.com/get_token
+curl -X POST -d @payload.json https://livekit.example.com/get_token
 ```
 
 The lk-jwt-service will, after checking against Continuwuity, answer with a `jwt` token to create a LiveKit media room:
@@ -331,22 +331,31 @@ ## Testing
 
 ## Troubleshooting
 
-To debug any issues, you can place a call or redo the Testing instructions, and check the container logs for any specific errors. Use `docker-compose logs --follow` to follow them in real-time.
+To debug any issues, you can place a call or redo the Testing instructions, and check the container logs for any specific errors. Use `docker-compose logs --follow` to follow these logs in real-time.
 
 ### Common errors in Element Call UI
 
 - `MISSING_MATRIX_RTC_FOCUS`: LiveKit is missing from Continuwuity's config file
 - "Waiting for media" popup always showing: a LiveKit URL has been configured in Continuwuity, but your client cannot connect to it for some reason
 
+For browser-based clients, you can also inspect connections using DevTools' Networking tab, to see which requests are erroring out.
+
 ### Docker loopback networking issues
 
 Some distros do not allow Docker containers to connect to its host's public IP by default. This would cause `lk-jwt-service` to fail connecting to `livekit` or `continuwuity` on the same host. As a result, you would see connection refused/connection timeouts log entries in the JWT service, even when `LIVEKIT_URL` has been configured correctly.
 
+You can also test that this is the case by cURLing from a sidecar container:
+
+```bash
+docker run --rm --net container:lk-jwt-service docker.io/curlimages/curl https://livekit.example.com
+# --- some errors ---
+```
+
 To alleviate this, you can try one of the following workarounds:
 
 - Use `network_mode: host` for the `lk-jwt-service` container (instead of the default bridge networking).
 
-- Add an `extra_hosts` file mapping livekit's (and continuwuity's) domain name to a localhost address:
+- Add an `extra_hosts` file mapping livekit's (and continuwuity's) domain name to a locally-reachable address:
 
     ```diff
     # in docker-compose.yaml
@@ -360,12 +369,7 @@ ### Docker loopback networking issues
 
 - (**untested, use at your own risk**) Implement an iptables workaround as shown [here](https://forums.docker.com/t/unable-to-connect-to-host-service-from-inside-docker-container/145749/6).
 
-After implementing the changes and restarting your compose, you can test whether the connection works by cURLing from a sidecar container:
-
-```bash
-~$ docker run --rm --net container:lk-jwt-service docker.io/curlimages/curl https://livekit.example.com
-OK
-```
+After implementing the changes and restarting your compose, `lk-jwt-service` should now connect to your other services. The sidecar container test above should now return an `OK` from LiveKit.
 
 ### Workaround for non-federating servers
 

docs/deploying/docker.mdx

@@ -185,13 +185,15 @@ ## Testing
 
 Test that your setup works by following these [instructions](./generic.mdx#how-do-i-know-it-works)
 
+Check your container logs using `docker-compose logs --follow` to debug any issues. See the [Troubleshooting](../troubleshooting.mdx) page for common errors and how to fix them.
+
 ## Other deployment methods
 
 ### Docker - Quick Run
 
-:::note For testing only
-The instructions below are only meant for a quick demo of Continuwuity.
-For production deployment, we recommend using [Docker Compose](#docker-compose)
+:::warning For testing only
+The instructions below are only meant for a quick demo of Continuwuity with **federation disabled**.
+For production deployment, we recommend using [Docker Compose](#docker-compose).
 :::
 
 Get a working Continuwuity server with an admin user in four steps:
@@ -211,7 +213,7 @@ ### Docker - Quick Run
       -e CONTINUWUITY_SERVER_NAME="example.com" \
       -e CONTINUWUITY_DATABASE_PATH="/var/lib/continuwuity" \
       -e CONTINUWUITY_ADDRESS="0.0.0.0" \
-      -e CONTINUWUITY_ALLOW_REGISTRATION="false" \
+      -e CONTINUWUITY_ALLOW_FEDERATION="false" \
       --name continuwuity \
       forgejo.ellis.link/continuwuation/continuwuity:latest \
       /sbin/conduwuit
@@ -233,9 +235,9 @@ ### Docker - Quick Run
     Pick your own username and password!
     ```
 
-4. Configure your reverse proxy to forward HTTPS traffic to Continuwuity at port 8008. See [Docker Compose](#docker-compose) for examples.
+4. Configure your reverse proxy to forward HTTPS traffic to Continuwuity at port 8008. See [Docker Compose](#docker-compose) or the [Generic instructions](./generic.mdx#setting-up-the-reverse-proxy) for examples.
 
-Once configured, log in to your server with any Matrix client, and register for an account with the registration token from step 3. You'll automatically be invited to the admin room where you can [manage your server](../reference/admin).
+Once configured, log in to your server with any Matrix client, and register for an account with the registration token from step 3. If you did not configure step 4., log in via the `http://<your_server_ip>:8008` address. You will be automatically invited to the admin room where you can [manage your server](../reference/admin).
 
 ### (Optional) Building Custom Images
 
@@ -269,4 +271,5 @@ ## Next steps
 
 - For smooth federation, set up a caching resolver according to the [**DNS tuning guide**](../advanced/dns.mdx) (recommended)
 - To set up Audio/Video communication, see the [**Calls**](../calls.mdx) page.
+- Consult the [Maintenance](../maintenance.mdx) page for guidance on maintaining your homeserver.
 - If you want to set up an appservice, take a look at the [**Appservice Guide**](../appservices.mdx).

docs/deploying/generic.mdx

@@ -260,7 +260,7 @@ ## Starting Your Server
 ```
 
 You can then open [a Matrix client][matrix-clients],
-enter your homeserver address, and try to register with the provided token.
+enter your homeserver address, and register with the provided token.
 By default, the first user is the instance's first admin. They will be added
 to the `#admin:example.com` room and be able to [issue admin commands](../reference/admin/index.md).
 
@@ -296,4 +296,5 @@ ## What's next?
 
 - For smooth federation, set up a caching resolver according to the [**DNS tuning guide**](../advanced/dns.mdx) (recommended)
 - For Audio/Video call functionality see the [**Calls**](../calls.md) page.
+- Consult the [Maintenance](../maintenance.mdx) page for guidance on maintaining your homeserver.
 - If you want to set up an appservice, take a look at the [**Appservice Guide**](../appservices.md).

src/service/rooms/membership/mod.rs

@@ -73,7 +73,7 @@ fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
 				db: args.db.clone(),
 				antispam: args.depend::<antispam::Service>("antispam"),
 				globals: args.depend::<globals::Service>("globals"),
-				metadata: args.depend::<metadata::Service>("metadata"),
+				metadata: args.depend::<metadata::Service>("rooms::metadata"),
 				outlier: args.depend::<outlier::Service>("rooms::outlier"),
 				sending: args.depend::<sending::Service>("sending"),
 				server_keys: args.depend::<server_keys::Service>("server_keys"),