mirror of
https://forgejo.ellis.link/continuwuation/continuwuity/
synced 2026-07-05 16:51:38 +00:00
Compare commits
743 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f1b7710984 | |||
| 514c3bbcbf | |||
| da7d8c9821 | |||
| 45809b7970 | |||
| 910925b906 | |||
| 28263982cd | |||
| 52a4b9d586 | |||
| 786890baa0 | |||
| 3282ba8eab | |||
| f66c1d8f35 | |||
| 3d004b1923 | |||
| 06afe4f1a3 | |||
| 53d6887b86 | |||
| 8c77bd61e5 | |||
| e649af33b9 | |||
| e2fe166d63 | |||
| 4ee0bb7533 | |||
| 9a9cc94702 | |||
| 58a6e1232c | |||
| c0cb4afd8a | |||
| 69163b5391 | |||
| d4f6c053bc | |||
| 4f72326b07 | |||
| b7e449f490 | |||
| 2a1d7e49d9 | |||
| b7792f9e86 | |||
| adfe9f9f53 | |||
| 8fe1715019 | |||
| 9a91dce600 | |||
| eee4ef50d2 | |||
| 62e0b53f52 | |||
| 5fa3d5f6c8 | |||
| 9b80a99aa7 | |||
| bd525c100f | |||
| e6225f3265 | |||
| 54c94ca9ad | |||
| 017d4b3894 | |||
| 3b3eaf8744 | |||
| 0a634907f2 | |||
| 2f2848728f | |||
| 19a83c6891 | |||
| 2bfd678c71 | |||
| e936d18324 | |||
| 90797fa3cd | |||
| 5eea8fe880 | |||
| 12491dcc26 | |||
| 2eff454787 | |||
| e5dc5bedfc | |||
| 496ca52987 | |||
| 72f4c3cc53 | |||
| 6a8a114197 | |||
| 549864a052 | |||
| 52026bb0f1 | |||
| aed8e7d769 | |||
| 32fb6f247a | |||
| 90e14abecb | |||
| 6ced2511e4 | |||
| 93407ade03 | |||
| 6742d9237a | |||
| a32c7d0d9a | |||
| 761a6a53d0 | |||
| c56c035c15 | |||
| c804bf5780 | |||
| b87afeef80 | |||
| d0c7a62ce7 | |||
| 47582d1922 | |||
| 36a30f16b1 | |||
| 52ec6bc6da | |||
| 74788dcb19 | |||
| b35b72c34a | |||
| c1fc76040a | |||
| d1449d6575 | |||
| 9fdeb61c1a | |||
| 7c7d6762e2 | |||
| eda46d63a8 | |||
| 9fc9063c83 | |||
| 430347fc66 | |||
| 9df5c68d3c | |||
| 3ca068c985 | |||
| 138ec05cf2 | |||
| c7e5c8df22 | |||
| 91afbd122f | |||
| daaf09cb26 | |||
| e8d6fa565e | |||
| 47af5d3a39 | |||
| 63b5fd04be | |||
| d59a5c63f9 | |||
| 16aaeae21c | |||
| e60310eacc | |||
| 7b98ae54b5 | |||
| d67d6ca895 | |||
| 86d9e9e6a9 | |||
| b37480d6b2 | |||
| 0d806a2038 | |||
| 19700a081e | |||
| ed1b175fa4 | |||
| a91fc7041a | |||
| 18c59e036f | |||
| df3f646c92 | |||
| fb6e5d2838 | |||
| 33be65a865 | |||
| 975ec24167 | |||
| e8378e86fd | |||
| 57366ac90a | |||
| 9f8a716dc1 | |||
| 27367bac18 | |||
| 5199cde870 | |||
| b6bc7dfc16 | |||
| 945ea5a78a | |||
| d719fe2048 | |||
| 458e0b53ac | |||
| 2d65d47498 | |||
| e4922814b9 | |||
| 064028689c | |||
| 124241238e | |||
| 967e2cc54f | |||
| 6fdeadc356 | |||
| 478560daae | |||
| 0310b4b2c5 | |||
| 3eb4257ae8 | |||
| f1d3db0ea3 | |||
| e7b302955f | |||
| 85122c62cd | |||
| ba0ffee7cf | |||
| 86e1101b40 | |||
| fdcb7e3957 | |||
| c54e56a73e | |||
| fed9a599d9 | |||
| 0bb97a53c5 | |||
| 9b76c9a085 | |||
| 6f20b7bc3f | |||
| 580d9b0318 | |||
| ae572ec108 | |||
| b1c5b3d000 | |||
| 0c9230f35e | |||
| 77dab8fd20 | |||
| 10b5ca8e3a | |||
| f9eed42cb7 | |||
| 19f4c24c00 | |||
| 0a162b7bc4 | |||
| 0d1b130127 | |||
| 5e0e82e7e8 | |||
| 4bf0816bcc | |||
| ecbe035b36 | |||
| 4d30ee5d33 | |||
| 4844c6ae3e | |||
| 6603798d60 | |||
| 199f6eb67b | |||
| aa2f506996 | |||
| a3994fe1a3 | |||
| 6312ff8088 | |||
| 17cff1fb36 | |||
| aff6315ae1 | |||
| 574d3e9164 | |||
| 21e93f8feb | |||
| 4b2f032ae6 | |||
| 8a495a7d7f | |||
| cee51d5717 | |||
| 0483d3e155 | |||
| 2a4b9f9323 | |||
| 63a1a3d9ab | |||
| f19f5c71a5 | |||
| b009ffd31c | |||
| b6baf66399 | |||
| 6dac46e1ad | |||
| 4d40e20fdd | |||
| 3b6858e936 | |||
| 3b455218f5 | |||
| de24fcbb8c | |||
| 2adb9a7941 | |||
| d81f4df61c | |||
| 6b259d15ee | |||
| eeef60d540 | |||
| a01035e63a | |||
| 52c1544e6f | |||
| ed38212391 | |||
| 86fe98c90d | |||
| 4078062331 | |||
| 40935cf96a | |||
| 182c5a120e | |||
| 8e71ed7b63 | |||
| 7ca00e4ab9 | |||
| b8ca06029f | |||
| 2efe8f2ec0 | |||
| d1aa911739 | |||
| 4673282ca1 | |||
| 0c03195aec | |||
| 439bc2784d | |||
| 689a1ce59b | |||
| c141503ccb | |||
| bcadecdc3b | |||
| ab3be337cb | |||
| aa1281a9e0 | |||
| 115a2e802e | |||
| 968328d788 | |||
| f1cde5f323 | |||
| 832ee8650b | |||
| c0666a1793 | |||
| ddb4ef539f | |||
| 3faedc4581 | |||
| a3544353ba | |||
| b0612397d3 | |||
| 31737e127e | |||
| 486dcd208c | |||
| a945a4b2ad | |||
| c28ea44e11 | |||
| 3e4d6b2565 | |||
| 29ce21cd2e | |||
| d461c6977a | |||
| 5a0d6461d1 | |||
| 2ec7394785 | |||
| 8a5708b9f9 | |||
| cd46070bd3 | |||
| 9930e549a0 | |||
| 36ed20cb04 | |||
| 3907589b6c | |||
| 2a598af888 | |||
| f34f84832b | |||
| 0efa6ed1f2 | |||
| 2bf5876778 | |||
| 31982e84de | |||
| 970958652a | |||
| c94a395bf0 | |||
| 43adff926f | |||
| 04fce56381 | |||
| 4df2097e6c | |||
| 8b85b04d10 | |||
| 9e0bcd3be8 | |||
| 9509080e0d | |||
| 61066bb0c6 | |||
| 573d5bc50e | |||
| 162e6eb92f | |||
| cef4ebe38e | |||
| 316a0b7d58 | |||
| 2bcc56704b | |||
| 7f64de9727 | |||
| aea03f2f99 | |||
| 8edf9552b8 | |||
| d5f69c8a31 | |||
| 9ea9b0e04c | |||
| e8db01fc8d | |||
| f80e1e89a5 | |||
| b9dca84acf | |||
| e3ec1066c4 | |||
| 1445a8d446 | |||
| 9547c438d6 | |||
| 51d0e615f5 | |||
| eeb937416c | |||
| 0d5aa7ede1 | |||
| ba9dc27773 | |||
| abf5a155ba | |||
| 4696cbb751 | |||
| ebea06b687 | |||
| 62b58e1a6a | |||
| 1ba90deeba | |||
| 71ed283141 | |||
| a7ae7b2e75 | |||
| 0d45ae7e21 | |||
| 61e121ad5c | |||
| 31960beb75 | |||
| bdd9b6b50c | |||
| 216033cf20 | |||
| 95ddb1bbe5 | |||
| 1ad4ca0f67 | |||
| 95790d8152 | |||
| 02c61b3840 | |||
| 6ee501ac69 | |||
| 252ebb4642 | |||
| 0fb95df7a5 | |||
| a72eda19f1 | |||
| 4fc808114f | |||
| e3a9549824 | |||
| 073c033ab8 | |||
| 6e42be95bc | |||
| 1a77f57af5 | |||
| d427df0238 | |||
| f9f3ebe571 | |||
| 5969c1ae94 | |||
| 523016a42b | |||
| 7c42f6075b | |||
| bc37f7fc5b | |||
| 0932c929c3 | |||
| 8f4e95b4b9 | |||
| e84d1f02af | |||
| 772a326ac1 | |||
| 6276a632cc | |||
| bb48bd50bb | |||
| 3fb7586875 | |||
| e8cfde49ae | |||
| 7af4b392b3 | |||
| 2bdc498f18 | |||
| 9dfd143cc6 | |||
| 721ebbf340 | |||
| 0a5d136a32 | |||
| 0ece17b6a0 | |||
| 7d945bbd5d | |||
| 42039b2090 | |||
| dd7ca6b12e | |||
| b1c6be012a | |||
| 835308628e | |||
| c1486f425e | |||
| c80896dcb0 | |||
| 77b12692bb | |||
| 57237e831a | |||
| d62c48ebf7 | |||
| e2e85b962a | |||
| 788697d563 | |||
| 64ecd762be | |||
| 5cb0db6f31 | |||
| 58e41d48c7 | |||
| 67466b015b | |||
| 0ea68f27a2 | |||
| a3e57dbab4 | |||
| 7ece15bb1a | |||
| 336b32dead | |||
| 1faa09b6ce | |||
| d7a51c7107 | |||
| 30c9d6d2df | |||
| 74841b6711 | |||
| dabbdc7517 | |||
| 793d399477 | |||
| 15d69aefbb | |||
| 77b1652f4a | |||
| 5f9594363d | |||
| 5cba4b126f | |||
| d8a7f7c7ca | |||
| d3fca86dec | |||
| 5f88abf341 | |||
| 416814094c | |||
| 5b8799e71f | |||
| cc5349ee57 | |||
| 7b68572b2e | |||
| 057eb9f644 | |||
| 253603edbc | |||
| b771b9d160 | |||
| eb829c2951 | |||
| d32b39181a | |||
| 72b99a1f84 | |||
| ae37f218a2 | |||
| 40cecca103 | |||
| 2a80a82f74 | |||
| fbf4eac2dc | |||
| 4784010702 | |||
| 1c88854a54 | |||
| e0fe71c708 | |||
| 0f0dcb4f58 | |||
| 367c42ad28 | |||
| c8e0f7ebd3 | |||
| fdc9aec534 | |||
| 5f9cc83b18 | |||
| 47051af392 | |||
| c1a6e649da | |||
| 1d172be503 | |||
| f01e119890 | |||
| 4d27a935d6 | |||
| 512a96f832 | |||
| 6715f63acc | |||
| 3764faeefc | |||
| 5d4b7bfea3 | |||
| 4df08779e3 | |||
| 6b835a327d | |||
| 7dd61cd560 | |||
| d9535eccf1 | |||
| a97f91e079 | |||
| f0401b4fc7 | |||
| cda64b880a | |||
| 1f6cab9e2e | |||
| afa80576f4 | |||
| 5a63eb729c | |||
| 27da50136e | |||
| db724b67ff | |||
| 14a0d2f538 | |||
| 3b9932e09c | |||
| 02409c06b8 | |||
| bb51db0d7d | |||
| 834f2caffe | |||
| 202786c46b | |||
| 035bfea93c | |||
| 185f8c42dc | |||
| d5fc81d39e | |||
| 1cd0228d87 | |||
| 4968d4c8b7 | |||
| bb6ec1f352 | |||
| 14602e730e | |||
| cdaca69f3a | |||
| 9c1d5b3e95 | |||
| 3987331c3b | |||
| cb3ebcf24e | |||
| 2d4bf1b35f | |||
| 388cbeb60e | |||
| b4e104925d | |||
| 14c1d37b47 | |||
| 1bba4fd252 | |||
| 8af0662a18 | |||
| 2804278e9b | |||
| 7c36bd54f5 | |||
| 8e9c7c1a3b | |||
| 8fe8438f5d | |||
| a7d4f3537b | |||
| 18789f9aea | |||
| 2f50f1fc2a | |||
| 669efe092f | |||
| 820485da57 | |||
| 466c98677c | |||
| 4d9cfc0afe | |||
| ba2c123e82 | |||
| 384ddc89d1 | |||
| a023d2d306 | |||
| 61b080d1ef | |||
| 00d7d4a54f | |||
| c4a35e0f4d | |||
| 86cb9b331a | |||
| 277f85f0b0 | |||
| 497ec44c94 | |||
| 7c837cc694 | |||
| 98fb766bc2 | |||
| 6f83925a4f | |||
| e349dd284f | |||
| c57fe66d8d | |||
| ff28fd0927 | |||
| 7307f2dc80 | |||
| 6f56b665e7 | |||
| 7018ce4180 | |||
| 10dd8bebfe | |||
| 1658b3bf6c | |||
| 088fa3e725 | |||
| 4694186c97 | |||
| a5c61d5137 | |||
| 39a882c4a1 | |||
| f091d3a732 | |||
| ebf9a08cd1 | |||
| 4fef0a7ff2 | |||
| 2f37b446bc | |||
| 6185841b6a | |||
| 3e0d4b066e | |||
| 0d2eeed567 | |||
| b296720540 | |||
| d600aed8db | |||
| 9724953b5e | |||
| 1605176956 | |||
| 2b0aedf5fd | |||
| c78c431703 | |||
| 49b48b857d | |||
| bf1e42b225 | |||
| ec76a234db | |||
| 091514e9f9 | |||
| 789ad499f7 | |||
| 1e6eaa4337 | |||
| de97900b07 | |||
| cb68a3d0ae | |||
| d3852abe51 | |||
| 15845b1c55 | |||
| f7d558baa6 | |||
| edd80b2600 | |||
| 03eab32c27 | |||
| 636de8a708 | |||
| e212c91ebf | |||
| 83f3314f08 | |||
| 8c2cf67783 | |||
| 7436e2f4e1 | |||
| 9ba406761b | |||
| 97f49d6357 | |||
| 1a49bc6f87 | |||
| 833216256b | |||
| 5fa3087401 | |||
| e95c0bd53f | |||
| 52d1ed24a9 | |||
| 4c1638e495 | |||
| 3f69cf8ed7 | |||
| 560a615c29 | |||
| 2e19310a87 | |||
| 81c5c6b2bc | |||
| 73d8462ace | |||
| 8b5fda1fb5 | |||
| 6f9b4a989e | |||
| fe0d83d447 | |||
| 37dccdbeb0 | |||
| 1060adc670 | |||
| d963b89a07 | |||
| 680c972b44 | |||
| 88b59eb053 | |||
| 4a99de0d28 | |||
| 0e1f0683c6 | |||
| cec4abc7cd | |||
| e6cae5b8ed | |||
| 02ccf64d2e | |||
| 4d4d875231 | |||
| cdf05b9a8b | |||
| 9491be928d | |||
| 049babc7ca | |||
| 7b99757337 | |||
| d09de005e3 | |||
| e34fd76dc0 | |||
| 72dfe579ec | |||
| cfae9a34f4 | |||
| 0a4808ea79 | |||
| a9a18fc5f0 | |||
| c1434c7935 | |||
| 2e98ba3ed8 | |||
| 551cf48642 | |||
| d256a1c1fa | |||
| 5578144da9 | |||
| 5309a064e8 | |||
| 56d35b4e39 | |||
| 7375d1cad4 | |||
| 80baf948ae | |||
| ed37696cef | |||
| 0a04c60f31 | |||
| e44ac230a6 | |||
| 57c4567380 | |||
| a8a8e1ea51 | |||
| 02f69a7160 | |||
| f68205a341 | |||
| 9899632b8b | |||
| a0524a9566 | |||
| e70004c98f | |||
| e185f56f3a | |||
| 5058b7979a | |||
| 7f06a61242 | |||
| 54fefb421b | |||
| 9d39321deb | |||
| c64a4a71bc | |||
| 385b4b10d1 | |||
| c12dd20431 | |||
| 3ad7c3b30d | |||
| 7a58074a0d | |||
| 0c7abd792d | |||
| 0f64e6b49c | |||
| e7a1c71a25 | |||
| cd3b97ea26 | |||
| 845b731f8c | |||
| 97d2388717 | |||
| 962a4aedc6 | |||
| 0eee63f7a1 | |||
| eba38c2fa0 | |||
| 338cdc2a75 | |||
| 2dacb8e071 | |||
| 398f73b690 | |||
| 78d9c29a05 | |||
| 0406f755c2 | |||
| 1827888f09 | |||
| 8871b1f74b | |||
| c7489fd008 | |||
| 7f5f4df64e | |||
| 15d87c00bf | |||
| 7cae42634e | |||
| bd94ec4033 | |||
| db7d378a2e | |||
| 39b2e461be | |||
| ca358438ee | |||
| 4282d60181 | |||
| 10dbea72e8 | |||
| aa7c2ea1ad | |||
| 698d959407 | |||
| 4c831c3531 | |||
| 4dfdce303f | |||
| 8d8c310a64 | |||
| e50e24e22d | |||
| a215b63077 | |||
| 1d39210a0c | |||
| 360e0dada8 | |||
| cbf24a9483 | |||
| 6cb3f909c9 | |||
| b7c9ef89f0 | |||
| 64f7791ddb | |||
| 836047b54e | |||
| 256f8f679d | |||
| 154cda35f3 | |||
| 1bf6d2a117 | |||
| 69d33931fa | |||
| 83902a584b | |||
| bcff259875 | |||
| 496ca80393 | |||
| 34b992fc40 | |||
| 1ea9330df8 | |||
| 267e1c5d65 | |||
| 36285e7784 | |||
| 53ab20d1cd | |||
| 96adf034e6 | |||
| a75bf32a34 | |||
| c89ecd7b63 | |||
| 7f30f8419b | |||
| 0a81f4d629 | |||
| 4e456249ac | |||
| 01e403f05f | |||
| a2f6141f4b | |||
| 97a01a1500 | |||
| bf9c9716eb | |||
| 471eb54c66 | |||
| 755006c66d | |||
| ccd6072f2d | |||
| 24f7e1d658 | |||
| d62eeda130 | |||
| 3e1f97487f | |||
| a4e64383b7 | |||
| 204bc1367e | |||
| 1cc9dbf2a4 | |||
| 2cf28baf03 | |||
| f3fb218652 | |||
| 0924b7d27e | |||
| 8575f191a0 | |||
| fe7cfd96e7 | |||
| 8b0e86a05d | |||
| 8b8fef998c | |||
| decd6083a0 | |||
| 06184d8c9f | |||
| 7c20e22b75 | |||
| 3f862b58cb | |||
| 046a6356f3 | |||
| 3af0240ff5 | |||
| 5dcfff51cf | |||
| b9989f1713 | |||
| 1d3e3e7e62 | |||
| 0adf3aa956 | |||
| 7b1aabda9f | |||
| e31c5997b7 | |||
| 7ca0d137c4 | |||
| 0344bf71d8 | |||
| a07d3e24ea | |||
| 1bc7950748 | |||
| 0fd43ff6fa | |||
| 796136f1a6 | |||
| 447608985b | |||
| 5f4cd47d88 | |||
| a7244bdb68 | |||
| 91f2900463 | |||
| e44ae3bac9 | |||
| b692f9e6e7 | |||
| 695333fe5b | |||
| bc7a6c148f | |||
| bd3944573b | |||
| 21ac3c5a86 | |||
| 3976849b97 | |||
| a1e3619291 | |||
| a92fc78a90 | |||
| fc429ea564 | |||
| 69c931e18a | |||
| 284e0ce1e5 | |||
| a13779a051 | |||
| 7163714697 | |||
| 3998a14c32 | |||
| c79f2a3057 | |||
| 17837c51a0 | |||
| 99a7be0222 | |||
| 41ed2eb167 | |||
| 2b08460b16 | |||
| 4cf8f6e05b | |||
| ae37acb228 | |||
| 10c3045f5f | |||
| 8242718571 | |||
| 03db067aab | |||
| b28ddde1eb | |||
| 0134f69bf9 | |||
| 15878371bf | |||
| 980bd475b6 | |||
| 19204b097d | |||
| 567d809efe | |||
| 8171e3d614 | |||
| 98b221096b | |||
| 027f6a4b02 | |||
| 42028f155b | |||
| 6999246d19 | |||
| 01f6893c07 | |||
| ed93a4ad9f | |||
| cc8a4501b5 | |||
| cbb1632a1a | |||
| df59fc35b4 | |||
| c927bc7b30 | |||
| c1ce40c008 | |||
| 66be11a978 | |||
| 1aa44f9834 | |||
| b5b8d62622 | |||
| b9b3cddf70 | |||
| 62166f3cf8 | |||
| ed1fe717b9 | |||
| 69e4689b24 | |||
| cace197237 | |||
| 49e6d18ac6 | |||
| bf6783cb83 | |||
| 2ca7149a7f | |||
| bedec72489 | |||
| 80861b5f12 | |||
| f2d7654572 | |||
| bb037ca9f4 | |||
| fd236876af | |||
| 130b07f0e1 | |||
| 4dbf7f7673 | |||
| ed76f50e71 | |||
| 1fe13b927d | |||
| b11989504a | |||
| 87fa184af7 | |||
| aa9d43fad6 | |||
| cbcada087b | |||
| 9489369b75 | |||
| 9d11f56393 | |||
| 72eabc9796 | |||
| 2ca758425c | |||
| 991859a9e4 | |||
| b202e82c26 | |||
| a7fc905490 | |||
| d482e0ae3a | |||
| eccdb285b8 | |||
| 682c82d38b | |||
| dae95740d2 | |||
| 194252f446 | |||
| b12275a660 | |||
| 583a63ad30 | |||
| 3d08c0c4b4 | |||
| 9d237d105f | |||
| f20dfaeee4 | |||
| 17e95a404c | |||
| 6978cbbe60 | |||
| 955a695138 | |||
| 33091822b7 | |||
| 27fcd7fe3a | |||
| 7f92659a98 | |||
| 8bebec6687 | |||
| feabb732f9 | |||
| 7354c64034 | |||
| dccf1b97c8 | |||
| 8dfdd1f662 | |||
| 6a8850b556 | |||
| a575e21598 | |||
| eeeb23b634 | |||
| aa53b01b69 | |||
| b55cb5580c | |||
| fbdaa32743 | |||
| aa0bd60ba4 | |||
| cc1706bb83 | |||
| 604316eebe | |||
| a5af7b39bd | |||
| d83483abb2 | |||
| fb286017f3 | |||
| cf73f13a11 | |||
| 420c28873c | |||
| fdb40c9758 | |||
| d961fb1515 | |||
| 44ebf1f526 | |||
| f02a08de57 | |||
| ab241f8f65 | |||
| 45d316999a | |||
| b81aea642a | |||
| f3e8160d9b |
@@ -44,7 +44,7 @@ runs:
|
||||
|
||||
- name: Login to builtin registry
|
||||
if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
|
||||
uses: docker/login-action@v4
|
||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
|
||||
with:
|
||||
registry: ${{ env.BUILTIN_REGISTRY }}
|
||||
username: ${{ inputs.registry_user }}
|
||||
@@ -52,7 +52,7 @@ runs:
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
|
||||
uses: docker/setup-buildx-action@v4
|
||||
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
|
||||
with:
|
||||
# Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
|
||||
driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
|
||||
@@ -61,7 +61,7 @@ runs:
|
||||
- name: Extract metadata (tags) for Docker
|
||||
if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
|
||||
id: meta
|
||||
uses: docker/metadata-action@v6
|
||||
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
|
||||
with:
|
||||
flavor: |
|
||||
latest=auto
|
||||
|
||||
@@ -67,7 +67,7 @@ runs:
|
||||
uses: ./.forgejo/actions/rust-toolchain
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v4
|
||||
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
|
||||
with:
|
||||
# Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
|
||||
driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
|
||||
@@ -75,11 +75,11 @@ runs:
|
||||
|
||||
- name: Set up QEMU
|
||||
if: ${{ env.BUILDKIT_ENDPOINT == '' }}
|
||||
uses: docker/setup-qemu-action@v4
|
||||
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4
|
||||
|
||||
- name: Login to builtin registry
|
||||
if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
|
||||
uses: docker/login-action@v4
|
||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
|
||||
with:
|
||||
registry: ${{ env.BUILTIN_REGISTRY }}
|
||||
username: ${{ inputs.registry_user }}
|
||||
@@ -87,7 +87,7 @@ runs:
|
||||
|
||||
- name: Extract metadata (labels, annotations) for Docker
|
||||
id: meta
|
||||
uses: docker/metadata-action@v6
|
||||
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
|
||||
with:
|
||||
images: ${{ inputs.images }}
|
||||
# default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
|
||||
@@ -111,59 +111,3 @@ runs:
|
||||
|
||||
- uses: ./.forgejo/actions/timelord
|
||||
id: timelord
|
||||
|
||||
- name: Cache Rust registry
|
||||
if: ${{ env.BUILDKIT_ENDPOINT == '' }}
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
.cargo/git
|
||||
.cargo/git/checkouts
|
||||
.cargo/registry
|
||||
.cargo/registry/src
|
||||
key: continuwuity-rust-registry-image-${{hashFiles('**/Cargo.lock') }}
|
||||
|
||||
- name: Cache cargo target
|
||||
if: ${{ env.BUILDKIT_ENDPOINT == '' }}
|
||||
id: cache-cargo-target
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
cargo-target${{ env.CPU_SUFFIX }}-${{ inputs.slug }}-${{ inputs.profile }}
|
||||
key: continuwuity-cargo-target${{ env.CPU_SUFFIX }}-${{ inputs.slug }}-${{ inputs.profile }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}}
|
||||
|
||||
- name: Cache apt cache
|
||||
if: ${{ env.BUILDKIT_ENDPOINT == '' }}
|
||||
id: cache-apt
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
var-cache-apt-${{ inputs.slug }}
|
||||
key: continuwuity-var-cache-apt-${{ inputs.slug }}
|
||||
|
||||
- name: Cache apt lib
|
||||
if: ${{ env.BUILDKIT_ENDPOINT == '' }}
|
||||
id: cache-apt-lib
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
var-lib-apt-${{ inputs.slug }}
|
||||
key: continuwuity-var-lib-apt-${{ inputs.slug }}
|
||||
|
||||
- name: inject cache into docker
|
||||
if: ${{ env.BUILDKIT_ENDPOINT == '' }}
|
||||
uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.2
|
||||
with:
|
||||
cache-map: |
|
||||
{
|
||||
".cargo/registry": "/usr/local/cargo/registry",
|
||||
".cargo/git/db": "/usr/local/cargo/git/db",
|
||||
"cargo-target${{ env.CPU_SUFFIX }}-${{ inputs.slug }}-${{ inputs.profile }}": {
|
||||
"target": "/app/target",
|
||||
"id": "cargo-target${{ env.CPU_SUFFIX }}-${{ inputs.slug }}-${{ inputs.profile }}"
|
||||
},
|
||||
"var-cache-apt-${{ inputs.slug }}": "/var/cache/apt",
|
||||
"var-lib-apt-${{ inputs.slug }}": "/var/lib/apt",
|
||||
"${{ steps.timelord.outputs.database-path }}":"/timelord"
|
||||
}
|
||||
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
|
||||
|
||||
@@ -33,7 +33,7 @@ runs:
|
||||
echo "version=$(rustup --version)" >> $GITHUB_OUTPUT
|
||||
- name: Cache rustup toolchains
|
||||
if: steps.rustup-version.outputs.version == ''
|
||||
uses: actions/cache@v3
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
~/.rustup
|
||||
|
||||
@@ -17,7 +17,7 @@ inputs:
|
||||
llvm-version:
|
||||
description: 'LLVM version to install'
|
||||
required: false
|
||||
default: '20'
|
||||
default: '21'
|
||||
|
||||
outputs:
|
||||
llvm-version:
|
||||
@@ -57,7 +57,7 @@ runs:
|
||||
|
||||
- name: Check for LLVM cache
|
||||
id: cache
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/usr/bin/clang-*
|
||||
@@ -120,7 +120,7 @@ runs:
|
||||
|
||||
- name: Install additional packages
|
||||
if: inputs.extra-packages != ''
|
||||
uses: https://github.com/awalsh128/cache-apt-pkgs-action@latest
|
||||
uses: https://github.com/awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
|
||||
with:
|
||||
packages: ${{ inputs.extra-packages }}
|
||||
version: 1.0
|
||||
|
||||
@@ -65,7 +65,7 @@ runs:
|
||||
|
||||
- name: Cache toolchain binaries
|
||||
id: toolchain-cache
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
.cargo/bin
|
||||
@@ -76,7 +76,7 @@ runs:
|
||||
|
||||
- name: Cache Cargo registry and git
|
||||
id: registry-cache
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
.cargo/registry/index
|
||||
|
||||
@@ -31,7 +31,7 @@ runs:
|
||||
|
||||
- name: Restore binary cache
|
||||
id: binary-cache
|
||||
uses: actions/cache/restore@v4
|
||||
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/usr/share/rust/.cargo/bin
|
||||
@@ -71,13 +71,13 @@ runs:
|
||||
|
||||
- name: Install timelord-cli and git-warp-time
|
||||
if: steps.check-binaries.outputs.need-install == 'true'
|
||||
uses: https://github.com/taiki-e/install-action@v2
|
||||
uses: https://github.com/taiki-e/install-action@9bcaee1dcae34154180f412e2fa69355a7cda9f6 # v2
|
||||
with:
|
||||
tool: git-warp-time,timelord-cli@3.0.1
|
||||
|
||||
- name: Save binary cache
|
||||
if: steps.check-binaries.outputs.need-install == 'true'
|
||||
uses: actions/cache/save@v4
|
||||
uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/usr/share/rust/.cargo/bin
|
||||
@@ -87,7 +87,7 @@ runs:
|
||||
|
||||
- name: Restore timelord cache with fallbacks
|
||||
id: timelord-restore
|
||||
uses: actions/cache/restore@v4
|
||||
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: ${{ env.TIMELORD_CACHE_PATH }}
|
||||
key: ${{ env.TIMELORD_KEY }}
|
||||
@@ -114,7 +114,7 @@ runs:
|
||||
timelord sync --source-dir ${{ env.TIMELORD_PATH }} --cache-dir ${{ env.TIMELORD_CACHE_PATH }}
|
||||
|
||||
- name: Save updated timelord cache immediately
|
||||
uses: actions/cache/save@v4
|
||||
uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: ${{ env.TIMELORD_CACHE_PATH }}
|
||||
key: ${{ env.TIMELORD_KEY }}
|
||||
|
||||
@@ -45,7 +45,6 @@
|
||||
- [ ] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes)
|
||||
myself, if applicable. This includes ensuring code compiles.
|
||||
- [ ] My commit messages follow the [commit message format][c1cm] and are descriptive.
|
||||
- [ ] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->.
|
||||
|
||||
<!--
|
||||
Notes on these requirements:
|
||||
@@ -79,4 +78,3 @@
|
||||
[c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks
|
||||
[c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally
|
||||
[c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages
|
||||
[n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
name: Auto Labeler
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, reopened]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
issues: write
|
||||
|
||||
jobs:
|
||||
auto-label:
|
||||
name: Apply labels based on changed files
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Apply PR Labels
|
||||
uses: https://github.com/actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
|
||||
with:
|
||||
script: |
|
||||
const allFiles = await github.paginate(github.rest.pulls.listFiles, {
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
pull_number: context.issue.number,
|
||||
});
|
||||
|
||||
const fileNames = allFiles.map(f => f.filename);
|
||||
const labelsToAdd = new Set();
|
||||
|
||||
for (const file of fileNames) {
|
||||
if (file.startsWith('docs/') || file.startsWith('theme/') || (file.endsWith('.md') && !file.startsWith('changelog.d/')) || file == 'rspress.config.ts') {
|
||||
labelsToAdd.add('Documentation');
|
||||
}
|
||||
if (file.startsWith('.forgejo/')) {
|
||||
labelsToAdd.add('Meta/CI');
|
||||
}
|
||||
if (file.startsWith('pkg/') || file.startsWith('nix/') || file === 'flake.nix' || file === 'flake.lock' || file.startsWith('docker/')) {
|
||||
labelsToAdd.add('Meta/Packaging');
|
||||
}
|
||||
if (file === 'Cargo.lock') {
|
||||
labelsToAdd.add('Dependencies');
|
||||
}
|
||||
}
|
||||
|
||||
if (labelsToAdd.size > 0) {
|
||||
const labelsArray = Array.from(labelsToAdd);
|
||||
console.log('Adding labels:', labelsArray);
|
||||
await github.rest.issues.addLabels({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: context.issue.number,
|
||||
labels: labelsArray,
|
||||
});
|
||||
} else {
|
||||
console.log('No files changed that require auto-labeling.');
|
||||
}
|
||||
@@ -10,7 +10,7 @@ on:
|
||||
- "v*.*.*"
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '30 0 * * *'
|
||||
- cron: '30 0 * * 1'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
@@ -41,26 +41,15 @@ jobs:
|
||||
# else
|
||||
# echo "No workaround needed for llvm-project#153385"
|
||||
# fi
|
||||
- name: Pick compatible clang version
|
||||
id: clang-version
|
||||
run: |
|
||||
# both latest need to use clang-23, but oldstable and previous can just use clang
|
||||
if [[ "${{ matrix.container }}" == "ubuntu-latest" ]]; then
|
||||
echo "Using clang-23 package for ${{ matrix.container }}"
|
||||
echo "version=clang-23" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "Using default clang package for ${{ matrix.container }}"
|
||||
echo "version=clang" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Checkout repository with full history
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ github.ref_name }}
|
||||
|
||||
- name: Cache Cargo registry
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/registry
|
||||
@@ -92,10 +81,13 @@ jobs:
|
||||
BASE_VERSION=$(cargo metadata --no-deps --format-version 1 | jq -r ".packages[] | select(.name == \"conduwuit\").version" | sed 's/[^a-zA-Z0-9.+]/~/g')
|
||||
# VERSION is the package version, COMPONENT is used in
|
||||
# apt's repository config like a git repo branch
|
||||
if [[ "${{ forge.ref }}" == "refs/tags/"* ]]; then
|
||||
# Use the "stable" component for tagged releases
|
||||
VERSION=$BASE_VERSION
|
||||
if [[ ${{ forge.ref_name }} =~ ^v+[0-9]+\.+[0-9]+\.+[0-9]+$ ]]; then
|
||||
# Use the "stable" component for tagged semver releases
|
||||
COMPONENT="stable"
|
||||
VERSION=$BASE_VERSION
|
||||
elif [[ ${{ forge.ref_name }} =~ ^v+[0-9]+\.+[0-9]+\.+[0-9]+ ]]; then
|
||||
# Use the "unstable" component for tagged semver pre-releases
|
||||
COMPONENT="unstable"
|
||||
else
|
||||
# Use the "dev" component for development builds
|
||||
SHA=$(echo "${{ forge.sha }}" | cut -c1-7)
|
||||
@@ -127,7 +119,7 @@ jobs:
|
||||
run: |
|
||||
apt-get update -y
|
||||
# Build dependencies for rocksdb
|
||||
apt-get install -y liburing-dev ${{ steps.clang-version.outputs.version }}
|
||||
apt-get install -y liburing-dev clang
|
||||
|
||||
- name: Run cargo-deb
|
||||
id: cargo-deb
|
||||
|
||||
@@ -16,7 +16,7 @@ on:
|
||||
# - '.forgejo/workflows/build-fedora.yml'
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '30 0 * * *'
|
||||
- cron: '30 0 * * 2'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
@@ -30,14 +30,14 @@ jobs:
|
||||
echo "Fedora version: $VERSION"
|
||||
|
||||
- name: Checkout repository with full history
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ github.ref_name }}
|
||||
|
||||
|
||||
- name: Cache DNF packages
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/var/cache/dnf
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
dnf-fedora${{ steps.fedora.outputs.version }}-
|
||||
|
||||
- name: Cache Cargo registry
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/registry
|
||||
@@ -57,7 +57,7 @@ jobs:
|
||||
cargo-fedora${{ steps.fedora.outputs.version }}-
|
||||
|
||||
- name: Cache Rust build dependencies
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
~/rpmbuild/BUILD/*/target/release/deps
|
||||
@@ -105,7 +105,7 @@ jobs:
|
||||
RELEASE_SUFFIX=""
|
||||
TAG_NAME="${{ github.ref_name }}"
|
||||
# Extract version from tag (remove v prefix if present)
|
||||
TAG_VERSION=$(echo "$TAG_NAME" | sed 's/^v//')
|
||||
TAG_VERSION=$(echo "$TAG_NAME" | sed 's/^v//' | tr '-' '~')
|
||||
|
||||
# Create spec file with tag version
|
||||
sed -e "s/^Version:.*$/Version: $TAG_VERSION/" \
|
||||
@@ -270,9 +270,13 @@ jobs:
|
||||
|
||||
# Determine the group based on ref type and branch
|
||||
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
|
||||
GROUP="stable"
|
||||
# For tags, extract the tag name for version info
|
||||
TAG_NAME="${{ github.ref_name }}"
|
||||
if [[ "$TAG_NAME" == *"-"* ]]; then
|
||||
GROUP="unstable"
|
||||
else
|
||||
GROUP="stable"
|
||||
fi
|
||||
elif [ "${{ github.ref_name }}" = "main" ]; then
|
||||
GROUP="dev"
|
||||
else
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
name: Build / Static via Nix
|
||||
|
||||
concurrency:
|
||||
group: "build-nix-${{ forge.ref }}"
|
||||
cancel-in-progress: true
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*.*.*"
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '30 0 * * 3'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: "Build ${{ matrix.filename }} Binary"
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- package: default-static-x86_64
|
||||
filename: conduwuit-linux-static-amd64
|
||||
- package: default-static-aarch64
|
||||
filename: conduwuit-linux-static-arm64
|
||||
|
||||
- package: max-perf-static-aarch64
|
||||
filename: conduwuit-linux-static-arm64-maxperf
|
||||
- package: max-perf-haswell-static-x86_64
|
||||
filename: conduwuit-haswell-linux-static-amd64-maxperf
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||
|
||||
- name: Install Lix
|
||||
uses: https://github.com/samueldr/lix-gha-installer-action@a0fee77b2a98bb7c5c0ed7ae6d6ad4903dbdad0d
|
||||
with:
|
||||
extra_nix_config: experimental-features = nix-command flakes flake-self-attrs
|
||||
|
||||
- name: Build static binary
|
||||
run: |
|
||||
nix build .#${{ matrix.package }}
|
||||
install -D result/bin/conduwuit /tmp/binaries/${{ matrix.filename }}
|
||||
|
||||
- name: Upload binary artifact
|
||||
uses: forgejo/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.filename }}
|
||||
path: /tmp/binaries/${{ matrix.filename }}
|
||||
|
||||
release-binaries:
|
||||
name: "Release Binaries"
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- build
|
||||
permissions:
|
||||
contents: write
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
steps:
|
||||
- name: Download binary artifacts
|
||||
uses: forgejo/download-artifact@v4
|
||||
with:
|
||||
pattern: conduwuit*
|
||||
path: binaries
|
||||
merge-multiple: true
|
||||
- name: Create Release and Upload
|
||||
uses: https://github.com/softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3
|
||||
with:
|
||||
draft: true
|
||||
files: binaries/*
|
||||
@@ -1,13 +1,8 @@
|
||||
name: Check Changelog
|
||||
name: Checks / Changelog
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, synchronize, reopened, ready_for_review]
|
||||
|
||||
|
||||
concurrency:
|
||||
group: "${{ github.workflow }}-${{ github.ref }}"
|
||||
cancel-in-progress: true
|
||||
types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
@@ -16,26 +11,22 @@ permissions:
|
||||
|
||||
jobs:
|
||||
check-changelog:
|
||||
name: Check for changelog
|
||||
name: Check changelog is added
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
fetch-depth: 0
|
||||
persist-credentials: false
|
||||
sparse-checkout: .
|
||||
|
||||
- name: Check for changelog entry
|
||||
id: check_files
|
||||
run: |
|
||||
git fetch origin ${GITHUB_BASE_REF}
|
||||
AUTH=$(echo -n "x-access-token:${{ secrets.GITHUB_TOKEN }}" | base64 -w 0)
|
||||
git config --global http.${{ github.server_url }}/.extraheader "Authorization: basic $AUTH"
|
||||
git clone "${{ github.event.repository.clone_url }}" repo.git --bare
|
||||
|
||||
git -C repo.git fetch origin pull/${{ github.event.pull_request.number }}/head
|
||||
|
||||
# Check for Added (A) or Modified (M) files in changelog.d
|
||||
CHANGELOG_CHANGES=$(git diff --name-status origin/${GITHUB_BASE_REF} HEAD -- changelog.d/)
|
||||
CHANGELOG_CHANGES=$(git -C repo.git diff --name-status ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} -- changelog.d/)
|
||||
|
||||
SRC_CHANGES=$(git diff --name-status origin/${GITHUB_BASE_REF} HEAD -- src/)
|
||||
SRC_CHANGES=$(git -C repo.git diff --name-status ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} -- src/)
|
||||
|
||||
echo "Changes in changelog.d/:"
|
||||
echo "$CHANGELOG_CHANGES"
|
||||
@@ -54,7 +45,7 @@ jobs:
|
||||
echo "src_changed=false" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Manage PR Comment
|
||||
- name: Manage PR Labels
|
||||
uses: https://github.com/actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
|
||||
env:
|
||||
HAS_CHANGELOG: ${{ steps.check_files.outputs.has_changelog }}
|
||||
@@ -63,41 +54,37 @@ jobs:
|
||||
script: |
|
||||
const hasChangelog = process.env.HAS_CHANGELOG === 'true';
|
||||
const srcChanged = process.env.SRC_CHANGED === 'true';
|
||||
const commentSignature = '<!-- changelog-check-action -->';
|
||||
const commentBody = `${commentSignature}\nPlease add a changelog fragment to \`changelog.d/\` describing your changes.`;
|
||||
|
||||
const { data: currentUser } = await github.rest.users.getAuthenticated();
|
||||
|
||||
const { data: comments } = await github.rest.issues.listComments({
|
||||
const { data: pullRequest } = await github.rest.pulls.get({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: context.issue.number,
|
||||
pull_number: context.issue.number,
|
||||
});
|
||||
|
||||
const botComment = comments.find(comment =>
|
||||
comment.user.id === currentUser.id &&
|
||||
comment.body.includes(commentSignature)
|
||||
);
|
||||
const currentLabels = pullRequest.labels.map(l => l.name);
|
||||
|
||||
const shouldWarn = srcChanged && !hasChangelog;
|
||||
|
||||
if (!shouldWarn) {
|
||||
if (botComment) {
|
||||
console.log('Changelog found or not required. Deleting existing warning comment.');
|
||||
await github.rest.issues.deleteComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
comment_id: botComment.id,
|
||||
});
|
||||
}
|
||||
if (hasChangelog) {
|
||||
console.log('PR has changelog');
|
||||
await github.rest.issues.addLabels({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: context.issue.number,
|
||||
labels: ['Changelog/Added'],
|
||||
});
|
||||
} else if (currentLabels.includes('Changelog/None')) {
|
||||
console.log('PR has Changelog/None label, skipping.');
|
||||
} else if (srcChanged) {
|
||||
console.log('PR is missing changelog');
|
||||
await github.rest.issues.addLabels({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: context.issue.number,
|
||||
labels: ['Changelog/Missing'],
|
||||
});
|
||||
core.setFailed("Missing changelog entry (detected)");
|
||||
} else if (currentLabels.includes('Changelog/Missing')) {
|
||||
core.setFailed("Missing changelog entry (label)");
|
||||
} else {
|
||||
if (!botComment) {
|
||||
console.log('Changelog missing and required. Creating warning comment.');
|
||||
await github.rest.issues.createComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: context.issue.number,
|
||||
body: commentBody,
|
||||
});
|
||||
}
|
||||
console.log('Changelog not needed');
|
||||
// Changelog is probably not needed
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Sync repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
@@ -32,12 +32,12 @@ jobs:
|
||||
|
||||
- name: Setup Node.js
|
||||
if: steps.runner-env.outputs.node_major == '' || steps.runner-env.outputs.node_major < '20'
|
||||
uses: https://github.com/actions/setup-node@v6
|
||||
uses: https://github.com/actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
with:
|
||||
node-version: 22
|
||||
|
||||
- name: Cache npm dependencies
|
||||
uses: actions/cache@v3
|
||||
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: ~/.npm
|
||||
key: continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}-${{ hashFiles('package-lock.json') }}
|
||||
@@ -56,7 +56,7 @@ jobs:
|
||||
|
||||
- name: Deploy to Cloudflare Pages (Production)
|
||||
if: github.ref == 'refs/heads/main' && vars.CLOUDFLARE_PROJECT_NAME != ''
|
||||
uses: https://github.com/cloudflare/wrangler-action@v3
|
||||
uses: https://github.com/cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
|
||||
with:
|
||||
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
||||
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
@@ -64,7 +64,7 @@ jobs:
|
||||
|
||||
- name: Deploy to Cloudflare Pages (Preview)
|
||||
if: github.ref != 'refs/heads/main' && vars.CLOUDFLARE_PROJECT_NAME != ''
|
||||
uses: https://github.com/cloudflare/wrangler-action@v3
|
||||
uses: https://github.com/cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
|
||||
with:
|
||||
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
||||
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: 📦 Setup Node.js
|
||||
uses: https://github.com/actions/setup-node@v6
|
||||
uses: https://github.com/actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
with:
|
||||
node-version: "22"
|
||||
|
||||
@@ -121,7 +121,7 @@ jobs:
|
||||
- name: 🚀 Deploy to Cloudflare Pages
|
||||
if: vars.CLOUDFLARE_PROJECT_NAME != ''
|
||||
id: deploy
|
||||
uses: https://github.com/cloudflare/wrangler-action@v3
|
||||
uses: https://github.com/cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
|
||||
with:
|
||||
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
||||
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
|
||||
@@ -2,8 +2,11 @@ name: Mirror Container Images
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# Run every 2 hours
|
||||
- cron: "0 */2 * * *"
|
||||
# Run nightly
|
||||
- cron: "25 2 * * *"
|
||||
|
||||
workflow_call:
|
||||
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
dry_run:
|
||||
@@ -38,7 +41,7 @@ jobs:
|
||||
DOCKER_MIRROR_TOKEN: ${{ secrets.DOCKER_MIRROR_TOKEN }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
@@ -52,7 +55,7 @@ jobs:
|
||||
# repositories: continuwuity
|
||||
|
||||
- name: Install regsync
|
||||
uses: https://github.com/regclient/actions/regsync-installer@main
|
||||
uses: https://github.com/regclient/actions/regsync-installer@9a2d4216180dbb3e2dccfa60d2dd4afd98e42ec5 # main
|
||||
|
||||
- name: Check what images need mirroring
|
||||
run: |
|
||||
|
||||
@@ -9,6 +9,7 @@ on:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: read
|
||||
|
||||
jobs:
|
||||
fast-checks:
|
||||
@@ -16,7 +17,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
@@ -40,14 +41,36 @@ jobs:
|
||||
cargo +nightly fmt --all -- --check && \
|
||||
echo "✅ Formatting check passed" || \
|
||||
exit 1
|
||||
check-changes:
|
||||
name: Check changed files
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
rust: ${{ steps.filter.outputs.rust }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Check for file changes
|
||||
uses: https://github.com/dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4
|
||||
id: filter
|
||||
with:
|
||||
filters: |
|
||||
rust:
|
||||
- '**/*.rs'
|
||||
- '**/Cargo.toml'
|
||||
- '**/Cargo.lock'
|
||||
|
||||
clippy-and-tests:
|
||||
name: Clippy and Cargo Tests
|
||||
runs-on: ubuntu-latest
|
||||
needs: check-changes
|
||||
if: needs.check-changes.outputs.rust == 'true'
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
||||
@@ -9,6 +9,9 @@ on:
|
||||
paths-ignore:
|
||||
- "*.md"
|
||||
- "**/*.md"
|
||||
- "*.mdx"
|
||||
- "**/*.mdx"
|
||||
- "changelog.d/**"
|
||||
- ".gitlab-ci.yml"
|
||||
- ".gitignore"
|
||||
- "renovate.json"
|
||||
@@ -43,7 +46,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Prepare Docker build environment
|
||||
@@ -59,7 +62,7 @@ jobs:
|
||||
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
||||
- name: Build and push Docker image by digest
|
||||
id: build
|
||||
uses: docker/build-push-action@v7
|
||||
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7
|
||||
with:
|
||||
context: .
|
||||
file: "docker/Dockerfile"
|
||||
@@ -97,7 +100,7 @@ jobs:
|
||||
needs: build-release
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Create multi-platform manifest
|
||||
@@ -130,7 +133,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Prepare max-perf Docker build environment
|
||||
@@ -146,7 +149,7 @@ jobs:
|
||||
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
||||
- name: Build and push max-perf Docker image by digest
|
||||
id: build
|
||||
uses: docker/build-push-action@v7
|
||||
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7
|
||||
with:
|
||||
context: .
|
||||
file: "docker/Dockerfile"
|
||||
@@ -184,7 +187,7 @@ jobs:
|
||||
needs: build-maxperf
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Create max-perf manifest
|
||||
@@ -195,3 +198,34 @@ jobs:
|
||||
images: ${{ env.IMAGE_PATH }}
|
||||
registry_user: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
|
||||
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
||||
|
||||
release-binaries:
|
||||
name: "Release Binaries"
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- build-release
|
||||
- build-maxperf
|
||||
permissions:
|
||||
contents: write
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
steps:
|
||||
- name: Download binary artifacts
|
||||
uses: forgejo/download-artifact@v4
|
||||
with:
|
||||
pattern: conduwuit*
|
||||
path: binaries
|
||||
merge-multiple: true
|
||||
- name: Create Release and Upload
|
||||
uses: https://github.com/softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3
|
||||
with:
|
||||
draft: true
|
||||
files: binaries/*
|
||||
|
||||
mirror_images:
|
||||
name: "Mirror Images"
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- merge-maxperf
|
||||
- merge-release
|
||||
secrets: inherit
|
||||
uses: ./.forgejo/workflows/mirror-images.yml
|
||||
|
||||
@@ -43,11 +43,11 @@ jobs:
|
||||
name: Renovate
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ghcr.io/renovatebot/renovate:43.59.4@sha256:f951508dea1e7d71cbe6deca298ab0a05488e7631229304813f630cc06010892
|
||||
image: ghcr.io/renovatebot/renovate:43.246.1@sha256:5965c08f8ca5baff8dc9bf3a32c44ca71fef843ad94880e9696d46e1d722b0fa
|
||||
options: --tmpfs /tmp:exec
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
show-progress: false
|
||||
|
||||
@@ -55,7 +55,7 @@ jobs:
|
||||
run: /usr/local/renovate/node -e 'console.log(`node heap limit = ${require("v8").getHeapStatistics().heap_size_limit / (1024 * 1024)} Mb`)'
|
||||
|
||||
- name: Restore renovate repo cache
|
||||
uses: actions/cache/restore@v4
|
||||
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/tmp/renovate/cache/renovate/repository
|
||||
@@ -64,7 +64,7 @@ jobs:
|
||||
renovate-repo-cache-
|
||||
|
||||
- name: Restore renovate package cache
|
||||
uses: actions/cache/restore@v4
|
||||
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/tmp/renovate/cache/renovate/renovate-cache-sqlite
|
||||
@@ -73,7 +73,7 @@ jobs:
|
||||
renovate-package-cache-
|
||||
|
||||
- name: Restore renovate OSV cache
|
||||
uses: actions/cache/restore@v4
|
||||
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/tmp/osv
|
||||
@@ -90,12 +90,12 @@ jobs:
|
||||
RENOVATE_PLATFORM: forgejo
|
||||
RENOVATE_ENDPOINT: ${{ github.server_url }}
|
||||
RENOVATE_AUTODISCOVER: 'false'
|
||||
RENOVATE_REPOSITORIES: '["${{ github.repository }}"]'
|
||||
RENOVATE_REPOSITORIES: '["${{ github.repository }}", "continuwuation/resolvematrix"]'
|
||||
|
||||
RENOVATE_GIT_TIMEOUT: 60000
|
||||
|
||||
RENOVATE_REQUIRE_CONFIG: 'required'
|
||||
RENOVATE_ONBOARDING: 'false'
|
||||
# RENOVATE_ONBOARDING: 'false'
|
||||
RENOVATE_INHERIT_CONFIG: 'true'
|
||||
|
||||
RENOVATE_GITHUB_TOKEN_WARN: 'false'
|
||||
@@ -109,7 +109,7 @@ jobs:
|
||||
- name: Save renovate repo cache
|
||||
if: always()
|
||||
uses:
|
||||
actions/cache/save@v4
|
||||
actions/cache/save@v5
|
||||
with:
|
||||
path: |
|
||||
/tmp/renovate/cache/renovate/repository
|
||||
@@ -117,7 +117,7 @@ jobs:
|
||||
|
||||
- name: Save renovate package cache
|
||||
if: always()
|
||||
uses: actions/cache/save@v4
|
||||
uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/tmp/renovate/cache/renovate/renovate-cache-sqlite
|
||||
@@ -125,7 +125,7 @@ jobs:
|
||||
|
||||
- name: Save renovate OSV cache
|
||||
if: always()
|
||||
uses: actions/cache/save@v4
|
||||
uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6
|
||||
with:
|
||||
path: |
|
||||
/tmp/osv
|
||||
|
||||
@@ -14,7 +14,7 @@ jobs:
|
||||
update-flake-hashes:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: true
|
||||
token: ${{ secrets.FORGEJO_TOKEN }}
|
||||
@@ -27,7 +27,7 @@ jobs:
|
||||
- name: Get new toolchain hash
|
||||
run: |
|
||||
# Set the current sha256 to an empty hash to make `nix build` calculate a new one
|
||||
awk '/fromToolchainFile *\{/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = lib.fakeSha256;"); found=0} 1' nix/rust.nix > temp.nix
|
||||
awk '/fromToolchainName *\{/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = lib.fakeSha256;"); found=0} 1' nix/rust.nix > temp.nix
|
||||
mv temp.nix nix/rust.nix
|
||||
|
||||
# Build continuwuity and filter for the new hash
|
||||
@@ -39,7 +39,7 @@ jobs:
|
||||
sed -i "s|lib.fakeSha256|\"$new_hash\"|" nix/rust.nix
|
||||
|
||||
echo "New hash:"
|
||||
awk -F'"' '/fromToolchainFile/{found=1; next} found && /sha256 =/{print $2; found=0}' nix/rust.nix
|
||||
awk -F'"' '/fromToolchainName/{found=1; next} found && /sha256 =/{print $2; found=0}' nix/rust.nix
|
||||
echo "Expected new hash:"
|
||||
cat new_toolchain_hash.txt
|
||||
|
||||
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
github: [JadedBlueEyes, nexy7574, gingershaped]
|
||||
github: [JadedBlueEyes, timedoutuk, gingershaped]
|
||||
custom:
|
||||
- https://timedout.uk/donate.html
|
||||
- https://jade.ellis.link/sponsors
|
||||
|
||||
@@ -24,7 +24,7 @@ repos:
|
||||
- id: check-added-large-files
|
||||
|
||||
- repo: https://github.com/crate-ci/typos
|
||||
rev: v1.45.0
|
||||
rev: v1.47.2
|
||||
hooks:
|
||||
- id: typos
|
||||
- id: typos
|
||||
|
||||
@@ -1,3 +1,62 @@
|
||||
# Continuwuity 0.5.8 (2026-04-24)
|
||||
|
||||
## Features
|
||||
|
||||
- LDAP can now optionally be connected to using StartTLS, and you may unsafely skip verification. Contributed by @getz (#1389)
|
||||
- Users will now be prevented from removing their email if the server is configured to require an email when registering an account.
|
||||
|
||||
## Bugfixes
|
||||
|
||||
- Fixed a situation where multiple email addresses could be associated with one user when that user changes their email address.
|
||||
|
||||
## Improved Documentation
|
||||
|
||||
- Updated config docs to state we support room version 12, and set it as default. Contributed by @ezera. (#1622)
|
||||
- Improve instructions for generic deployments, removing unnecessary parts and documenting the new initial registration token flow. Contributed by @stratself (#1677)
|
||||
|
||||
|
||||
# Continuwuity v0.5.7 (2026-04-17)
|
||||
|
||||
## Features
|
||||
|
||||
- Re-added support for reading registration tokens from a file. Contributed by @ginger and @benbot. (#1371)
|
||||
- Add new config option to allow or disallow search engine indexing through a `<meta ../>` tag. Defaults to blocking indexing (`content="noindex"`). Contributed by @s1lv3r and @ginger. (#1527)
|
||||
- Add new config option for [MSC4439](https://github.com/matrix-org/matrix-spec-proposals/pull/4439)
|
||||
PGP key URIs. Contributed by LogN. (#1609)
|
||||
- Added `!admin users reset-push-rules` command to reset the notification settings of users. Contributed by @nex. (#1613)
|
||||
- Notification pushers are now automatically removed when their associated device is. Admin commands now exist for manual cleanup too. Contributed by @nex. (#1614)
|
||||
- Implemented option to deprioritize servers for room join requests. Contributed by @ezera. (#1624)
|
||||
- Added admin commands to get build information and features. Contributed by @Jade (#1629)
|
||||
- Added support for associating email addresses with accounts, requiring email addresses for registration, and resetting passwords via email. Contributed by @ginger
|
||||
- Added support for requiring users to accept terms and conditions when registering.
|
||||
- Added support for using an admin command to issue self-service password reset links.
|
||||
|
||||
## Bugfixes
|
||||
|
||||
- Fixed corrupted appservice registrations causing the server to enter a crash loop. Contributed by @nex. (#1265)
|
||||
- Prevent removing the admin room alias (`#admins`) to avoid accidentally breaking admin room functionality. Contributed by @0xnim (#1448)
|
||||
- Stripped `join_authorised_via_users_server` from json if user is already in room (@partha:cxy.run) (#1542)
|
||||
- Fixed internal server errors for fetching thumbnails. Contributed by @PerformativeJade (#1572)
|
||||
- Fixed error 500 when joining non-existent rooms. Contributed by @ezera. (#1579)
|
||||
- Refactored nix package. Breaking, since `all-features` package no longer exists. Continuwuity is now built with jemalloc and liburing by default. Contributed by @Henry-Hiles (QuadRadical). (#1596)
|
||||
- Fixed resolving IP of servers that only use SRV delegation. Contributed by @tulir. (#1615)
|
||||
- Fixed "Sender must be a local user" error for make_join, make_knock, and make_leave federation routes. Contributed by @nex. (#1623)
|
||||
- Fixed restricted joins not being signed when we are being used as an authorising server. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat). (#1630)
|
||||
- Fixed room alias deletion so removing one local alias no longer removes other aliases from room alias listings.
|
||||
- Stopped left rooms from being unconditionally sent on initial sync, hopefully fixing spurious appearances of left rooms in some clients (and making sync faster as a bonus). Contributed by @ginger
|
||||
- Correct the response field name for MatrixRTC transports. Contributed by @spaetz
|
||||
|
||||
## Improved Documentation
|
||||
|
||||
- Added Testing and Troubleshooting instructions for Livekit documentation. Contributed by @stratself. (#1429)
|
||||
- Refactored docker docs to include new initial token workflow, and add Caddyfile example. Contributed by @stratself. (#1594)
|
||||
- Add DNS tuning guide for Continuwuity. Users are recommended to set up a local caching resolver following the guide's advice. Contributed by @stratself (#1601)
|
||||
|
||||
## Misc
|
||||
|
||||
- Fixed compiler warning in cf_opts.rs when building in release. Contributed by @ezera. (#1620)
|
||||
|
||||
|
||||
# Continuwuity 0.5.6 (2026-03-03)
|
||||
|
||||
## Security
|
||||
|
||||
+1
-1
@@ -1 +1 @@
|
||||
Contributors are expected to follow the [Continuwuity Community Guidelines](continuwuity.org/community/guidelines).
|
||||
Contributors are expected to follow the [Continuwuity Community Guidelines](https://continuwuity.org/community/guidelines).
|
||||
|
||||
+3
-3
@@ -137,9 +137,9 @@ ### Commit Messages
|
||||
|
||||
Examples:
|
||||
```
|
||||
feat: add user authentication
|
||||
fix(database): resolve connection pooling issue
|
||||
docs: update installation instructions
|
||||
feat: Add user authentication
|
||||
fix(database): Resolve connection pooling issue
|
||||
docs: Update installation instructions
|
||||
```
|
||||
|
||||
The project uses the `committed` hook to validate commit messages in pre-commit. This ensures all commits follow the conventional format.
|
||||
|
||||
Generated
+1431
-1163
File diff suppressed because it is too large
Load Diff
+73
-73
@@ -12,7 +12,7 @@ license = "Apache-2.0"
|
||||
# See also `rust-toolchain.toml`
|
||||
readme = "README.md"
|
||||
repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
|
||||
version = "0.5.7-alpha.1"
|
||||
version = "26.6.0-alpha.1"
|
||||
|
||||
[workspace.metadata.crane]
|
||||
name = "conduwuit"
|
||||
@@ -36,20 +36,23 @@ version = "0.3"
|
||||
features = ["ffi", "std", "union"]
|
||||
|
||||
[workspace.dependencies.const-str]
|
||||
version = "0.7.0"
|
||||
version = "1.1.0"
|
||||
|
||||
[workspace.dependencies.ctor]
|
||||
version = "0.9.0"
|
||||
version = "1.0.6"
|
||||
|
||||
[workspace.dependencies.dtor]
|
||||
version = "1.0.0"
|
||||
|
||||
[workspace.dependencies.cargo_toml]
|
||||
version = "0.22"
|
||||
version = "1.0"
|
||||
default-features = false
|
||||
features = ["features"]
|
||||
|
||||
[workspace.dependencies.toml]
|
||||
version = "0.9.5"
|
||||
version = "1.1.2"
|
||||
default-features = false
|
||||
features = ["parse"]
|
||||
features = ["parse", "serde"]
|
||||
|
||||
[workspace.dependencies.sanitize-filename]
|
||||
version = "0.6.0"
|
||||
@@ -60,7 +63,7 @@ default-features = false
|
||||
|
||||
# used for TURN server authentication
|
||||
[workspace.dependencies.hmac]
|
||||
version = "0.12.1"
|
||||
version = "0.13.0"
|
||||
default-features = false
|
||||
|
||||
# used for checking if an IP is in specific subnets / CIDR ranges easier
|
||||
@@ -68,7 +71,7 @@ default-features = false
|
||||
version = "0.1.3"
|
||||
|
||||
[workspace.dependencies.rand]
|
||||
version = "0.10.0"
|
||||
version = "0.10.1"
|
||||
|
||||
# Used for the http request / response body type for Ruma endpoints used with reqwest
|
||||
[workspace.dependencies.bytes]
|
||||
@@ -102,15 +105,18 @@ default-features = false
|
||||
features = ["typed-header", "tracing", "cookie"]
|
||||
|
||||
[workspace.dependencies.axum-server]
|
||||
version = "0.7.2"
|
||||
version = "0.8.0"
|
||||
default-features = false
|
||||
|
||||
# to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
|
||||
[workspace.dependencies.axum-server-dual-protocol]
|
||||
version = "0.7"
|
||||
# version = "0.7"
|
||||
git = "https://github.com/vinchona/axum-server-dual-protocol.git"
|
||||
rev = "ca6db055254255b74238673ce4135698e347d71c" # feat!: bump axum_server to 0.8.0
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.axum-client-ip]
|
||||
version = "0.7"
|
||||
version = "1.3"
|
||||
|
||||
[workspace.dependencies.tower]
|
||||
version = "0.5.2"
|
||||
@@ -118,7 +124,7 @@ default-features = false
|
||||
features = ["util"]
|
||||
|
||||
[workspace.dependencies.tower-http]
|
||||
version = "0.6.8"
|
||||
version = "0.7.0"
|
||||
default-features = false
|
||||
features = [
|
||||
"add-extension",
|
||||
@@ -134,13 +140,12 @@ features = [
|
||||
[workspace.dependencies.rustls]
|
||||
version = "0.23.25"
|
||||
default-features = false
|
||||
features = ["aws_lc_rs"]
|
||||
|
||||
[workspace.dependencies.reqwest]
|
||||
version = "0.12.15"
|
||||
version = "0.13.2"
|
||||
default-features = false
|
||||
features = [
|
||||
"rustls-tls-native-roots",
|
||||
"rustls-no-provider",
|
||||
"socks",
|
||||
"hickory-dns",
|
||||
"http2",
|
||||
@@ -159,7 +164,7 @@ features = ["raw_value"]
|
||||
|
||||
# Used for appservice registration files
|
||||
[workspace.dependencies.serde-saphyr]
|
||||
version = "0.0.23"
|
||||
version = "0.0.28"
|
||||
|
||||
# Used to load forbidden room/user regex from config
|
||||
[workspace.dependencies.serde_regex]
|
||||
@@ -167,7 +172,7 @@ version = "1.1.0"
|
||||
|
||||
# Used for ruma wrapper
|
||||
[workspace.dependencies.serde_html_form]
|
||||
version = "0.2.6"
|
||||
version = "0.4.0"
|
||||
|
||||
# Used for password hashing
|
||||
[workspace.dependencies.argon2]
|
||||
@@ -175,7 +180,7 @@ version = "0.5.3"
|
||||
features = ["alloc", "rand"]
|
||||
default-features = false
|
||||
|
||||
# Used to generate thumbnails for images & blurhashes
|
||||
# Used to generate thumbnails for images
|
||||
[workspace.dependencies.image]
|
||||
version = "0.25.5"
|
||||
default-features = false
|
||||
@@ -186,14 +191,6 @@ features = [
|
||||
"webp",
|
||||
]
|
||||
|
||||
[workspace.dependencies.blurhash]
|
||||
version = "0.2.3"
|
||||
default-features = false
|
||||
features = [
|
||||
"fast-linear-to-srgb",
|
||||
"image",
|
||||
]
|
||||
|
||||
# logging
|
||||
[workspace.dependencies.log]
|
||||
version = "0.4.27"
|
||||
@@ -251,7 +248,7 @@ features = [
|
||||
]
|
||||
|
||||
[workspace.dependencies.tokio-metrics]
|
||||
version = "0.4.0"
|
||||
version = "0.5.0"
|
||||
|
||||
[workspace.dependencies.libloading]
|
||||
version = "0.9.0"
|
||||
@@ -299,7 +296,7 @@ default-features = false
|
||||
features = ["env", "toml"]
|
||||
|
||||
[workspace.dependencies.hickory-resolver]
|
||||
version = "0.25.2"
|
||||
version = "0.26.0"
|
||||
default-features = false
|
||||
features = [
|
||||
"serde",
|
||||
@@ -319,7 +316,7 @@ default-features = false
|
||||
|
||||
# Used to make working with iterators easier, was already a transitive depdendency
|
||||
[workspace.dependencies.itertools]
|
||||
version = "0.14.0"
|
||||
version = "0.15.0"
|
||||
|
||||
# to parse user-friendly time durations in admin commands
|
||||
#TODO: overlaps chrono?
|
||||
@@ -340,56 +337,55 @@ version = "0.1.88"
|
||||
[workspace.dependencies.lru-cache]
|
||||
version = "0.1.2"
|
||||
|
||||
[workspace.dependencies.assign]
|
||||
version = "1.1.1"
|
||||
|
||||
# Used for matrix spec type definitions and helpers
|
||||
[workspace.dependencies.ruma]
|
||||
git = "https://forgejo.ellis.link/continuwuation/ruwuma"
|
||||
#branch = "conduwuit-changes"
|
||||
rev = "1415caf8a32af4d943580c5ea4e12be1974593c2"
|
||||
# version = "0.14.1"
|
||||
git = "https://github.com/ruma/ruma.git"
|
||||
rev = "3ecd80b92794d2d93f657a7b3db62d4be237526b"
|
||||
features = [
|
||||
"compat",
|
||||
"rand",
|
||||
"appservice-api-c",
|
||||
"client-api",
|
||||
"federation-api",
|
||||
"markdown",
|
||||
"push-gateway-api-c",
|
||||
"unstable-exhaustive-types",
|
||||
"state-res",
|
||||
"rand",
|
||||
"markdown",
|
||||
"ring-compat",
|
||||
"compat-upload-signatures",
|
||||
"identifiers-validation",
|
||||
"unstable-unspecified",
|
||||
"unstable-msc2448",
|
||||
"compat-optional-txn-pdus",
|
||||
"compat-get-3pids",
|
||||
"unstable-msc2666",
|
||||
"unstable-msc2867",
|
||||
"unstable-msc2870",
|
||||
"unstable-msc3026",
|
||||
"unstable-msc3061",
|
||||
"unstable-msc3814",
|
||||
"unstable-msc3245",
|
||||
"unstable-msc3266",
|
||||
"unstable-msc3381", # polls
|
||||
"unstable-msc3489", # beacon / live location
|
||||
"unstable-msc3575",
|
||||
"unstable-msc3930", # polls push rules
|
||||
"unstable-msc3381",
|
||||
"unstable-msc3489",
|
||||
"unstable-msc3930",
|
||||
"unstable-msc4075",
|
||||
"unstable-msc4095",
|
||||
"unstable-msc4121",
|
||||
"unstable-msc4125",
|
||||
"unstable-msc4155",
|
||||
"unstable-msc4186",
|
||||
"unstable-msc4203", # sending to-device events to appservices
|
||||
"unstable-msc4210", # remove legacy mentions
|
||||
"unstable-msc4195",
|
||||
"unstable-msc4203",
|
||||
"unstable-msc4310",
|
||||
"unstable-msc4380",
|
||||
"unstable-msc4143",
|
||||
"unstable-msc4293",
|
||||
"unstable-msc4406",
|
||||
"unstable-msc4439",
|
||||
"unstable-msc4466",
|
||||
"unstable-extensible-events",
|
||||
"unstable-pdu",
|
||||
"unstable-msc4155",
|
||||
"unstable-msc4143", # livekit well_known response
|
||||
"unstable-msc4284",
|
||||
"unstable-msc4439", # pgp_key in .well_known/matrix/support
|
||||
]
|
||||
|
||||
[workspace.dependencies.rust-rocksdb]
|
||||
git = "https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1"
|
||||
rev = "31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9"
|
||||
rev = "0a25ff92f7c09b55eec496b9c192c7d5136ab2b8"
|
||||
default-features = false
|
||||
features = [
|
||||
"multi-threaded-cf",
|
||||
@@ -400,43 +396,45 @@ features = [
|
||||
]
|
||||
|
||||
[workspace.dependencies.sha2]
|
||||
version = "0.10.8"
|
||||
version = "0.11.0"
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.sha1]
|
||||
version = "0.10.6"
|
||||
version = "0.11.0"
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.openidconnect]
|
||||
version = "4.0.1"
|
||||
|
||||
# optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
|
||||
[workspace.dependencies.opentelemetry]
|
||||
version = "0.31.0"
|
||||
version = "0.32.0"
|
||||
|
||||
[workspace.dependencies.tracing-flame]
|
||||
version = "0.2.0"
|
||||
|
||||
[workspace.dependencies.tracing-opentelemetry]
|
||||
version = "0.32.0"
|
||||
version = "0.33.0"
|
||||
|
||||
[workspace.dependencies.opentelemetry_sdk]
|
||||
version = "0.31.0"
|
||||
version = "0.32.0"
|
||||
features = ["rt-tokio"]
|
||||
|
||||
[workspace.dependencies.opentelemetry-otlp]
|
||||
version = "0.31.0"
|
||||
version = "0.32.0"
|
||||
features = ["http", "grpc-tonic", "trace", "logs", "metrics"]
|
||||
|
||||
|
||||
|
||||
# optional sentry metrics for crash/panic reporting
|
||||
[workspace.dependencies.sentry]
|
||||
version = "0.46.0"
|
||||
version = "0.48.0"
|
||||
default-features = false
|
||||
features = [
|
||||
"backtrace",
|
||||
"contexts",
|
||||
"debug-images",
|
||||
"panic",
|
||||
"rustls",
|
||||
"tower",
|
||||
"tower-http",
|
||||
"tracing",
|
||||
@@ -445,9 +443,9 @@ features = [
|
||||
]
|
||||
|
||||
[workspace.dependencies.sentry-tracing]
|
||||
version = "0.46.0"
|
||||
version = "0.48.0"
|
||||
[workspace.dependencies.sentry-tower]
|
||||
version = "0.46.0"
|
||||
version = "0.48.0"
|
||||
|
||||
# jemalloc usage
|
||||
[workspace.dependencies.tikv-jemalloc-sys]
|
||||
@@ -481,7 +479,7 @@ default-features = false
|
||||
features = ["resource"]
|
||||
|
||||
[workspace.dependencies.sd-notify]
|
||||
version = "0.4.5"
|
||||
version = "0.5.0"
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.hardened_malloc-rs]
|
||||
@@ -540,27 +538,22 @@ version = "2.1.1"
|
||||
features = ["std"]
|
||||
|
||||
[workspace.dependencies.minicbor-serde]
|
||||
version = "0.6.0"
|
||||
version = "0.7.0"
|
||||
features = ["std"]
|
||||
|
||||
[workspace.dependencies.maplit]
|
||||
version = "1.0.2"
|
||||
|
||||
[workspace.dependencies.ldap3]
|
||||
version = "0.12.0"
|
||||
default-features = false
|
||||
features = ["sync", "tls-rustls", "rustls-provider"]
|
||||
|
||||
[workspace.dependencies.yansi]
|
||||
version = "1.0.1"
|
||||
|
||||
[workspace.dependencies.askama]
|
||||
version = "0.15.0"
|
||||
version = "0.16.0"
|
||||
|
||||
[workspace.dependencies.lettre]
|
||||
version = "0.11.19"
|
||||
default-features = false
|
||||
features = ["smtp-transport", "pool", "hostname", "builder", "rustls", "rustls-native-certs", "tokio1", "ring", "tokio1-rustls", "tracing", "serde"]
|
||||
features = ["smtp-transport", "pool", "hostname", "builder", "rustls", "rustls-native-certs", "tokio1", "rustls-no-provider", "tokio1-rustls", "tracing", "serde"]
|
||||
|
||||
[workspace.dependencies.governor]
|
||||
version = "0.10.4"
|
||||
@@ -570,6 +563,9 @@ features = ["std"]
|
||||
[workspace.dependencies.nonzero_ext]
|
||||
version = "0.3.0"
|
||||
|
||||
[workspace.dependencies.serde_urlencoded]
|
||||
version = "0.7.1"
|
||||
|
||||
#
|
||||
# Patches
|
||||
#
|
||||
@@ -657,6 +653,10 @@ default-features = false
|
||||
package = "conduwuit"
|
||||
path = "src/main"
|
||||
|
||||
[workspace.dependencies.ruminuwuity]
|
||||
package = "ruminuwuity"
|
||||
path = "src/ruminuwuity"
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
# Release profiles
|
||||
|
||||
@@ -23,6 +23,7 @@ ### Responsible Disclosure
|
||||
1. **Contact members of the team directly** over E2EE private message.
|
||||
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
|
||||
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk)
|
||||
- [@ginger:gingershaped.computer](https://matrix.to/#/@ginger:gingershaped.computer)
|
||||
2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
|
||||
3. **Do not disclose the vulnerability publicly** until it has been addressed
|
||||
4. **Provide detailed information** about the vulnerability, including:
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
Appservice device management as outlined in MSC4190 (part of Matrix 1.17) is now fully supported. Contributed by @ginger.
|
||||
@@ -1 +0,0 @@
|
||||
Added support for associating email addresses with accounts, requiring email addresses for registration, and resetting passwords via email. Contributed by @ginger
|
||||
@@ -0,0 +1 @@
|
||||
The invite recipient's membership event is now included in invite stripped state, which should fix flaky invite display in some clients. Contributed by @ginger
|
||||
@@ -1 +0,0 @@
|
||||
Added support for using an admin command to issue self-service password reset links.
|
||||
@@ -1 +0,0 @@
|
||||
Stopped left rooms from being unconditionally sent on initial sync, hopefully fixing spurious appearances of left rooms in some clients (and making sync faster as a bonus). Contributed by @ginger
|
||||
@@ -1 +0,0 @@
|
||||
Added support for requiring users to accept terms and conditions when registering.
|
||||
@@ -0,0 +1 @@
|
||||
Switched from Continuwuity's fork of Ruma back to upstream Ruma. Contributed by @ginger.
|
||||
@@ -0,0 +1 @@
|
||||
Users may now be forbidden from deactivating their own accounts with the new `allow_deactivation` config option. Contributed by @ginger.
|
||||
@@ -0,0 +1 @@
|
||||
Added support for Matrix 1.16's `state_after` feature, allowing clients which understand it to sync room state changes more reliably. Contributed by @ginger.
|
||||
@@ -0,0 +1 @@
|
||||
Added support for authenticating clients using the new OAuth 2.0 login API. Contributed by @ginger.
|
||||
@@ -0,0 +1 @@
|
||||
Added support for MSC4466, which allows clients to customize how changes to a user's global profile are propagated. Contributed by @ginger.
|
||||
@@ -1 +0,0 @@
|
||||
Fixed room alias deletion so removing one local alias no longer removes other aliases from room alias listings.
|
||||
@@ -0,0 +1 @@
|
||||
Devices which set their presence as "offline" will no longer be considered for presence updates. Contributed by @timedout.
|
||||
@@ -0,0 +1 @@
|
||||
Removed support for guest user registration, a little-used and deprecated approach to room previews.
|
||||
@@ -0,0 +1 @@
|
||||
The deprecated `well_known.rtc_focus_server_urls` config option has been removed. MatrixRTC foci should be configured using the `matrix_rtc.foci` config option.
|
||||
@@ -0,0 +1 @@
|
||||
The version of Debian that the Docker-based build process uses has been upgraded from Bookworm to Trixie, meaning that standalone binaries now have a minimum glibc of 2.41, and can no longer be used on distro versions from before 2025-01-30
|
||||
@@ -0,0 +1 @@
|
||||
Support for server-side blurhashing (part of MSC2448) has been removed.
|
||||
@@ -1 +0,0 @@
|
||||
Fixed corrupted appservice registrations causing the server to enter a crash loop. Contributed by @nex.
|
||||
@@ -1 +0,0 @@
|
||||
Re-added support for reading registration tokens from a file. Contributed by @ginger and @benbot.
|
||||
@@ -1 +0,0 @@
|
||||
Added Testing and Troubleshooting instructions for Livekit documentation. Contributed by @stratself.
|
||||
@@ -1 +0,0 @@
|
||||
Prevent removing the admin room alias (`#admins`) to avoid accidentally breaking admin room functionality. Contributed by @0xnim
|
||||
@@ -0,0 +1 @@
|
||||
Updated [MSC4284: Policy Servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) implementation to support the newly stabilised proposal. Contributed by @nex.
|
||||
@@ -0,0 +1 @@
|
||||
Add performance tuning documentation. Contributed by @stratself.
|
||||
@@ -1 +0,0 @@
|
||||
Add new config option to allow or disallow search engine indexing through a `<meta ../>` tag. Defaults to blocking indexing (`content="noindex"`). Contributed by @s1lv3r and @ginger.
|
||||
@@ -1 +0,0 @@
|
||||
Stripped `join_authorised_via_users_server` from json if user is already in room (@partha:cxy.run)
|
||||
@@ -1 +0,0 @@
|
||||
Fixed internal server errors for fetching thumbnails. Contributed by @PerformativeJade
|
||||
@@ -1 +0,0 @@
|
||||
Fixed error 500 when joining non-existent rooms. Contributed by @ezera.
|
||||
@@ -1 +0,0 @@
|
||||
Refactored nix package. Breaking, since `all-features` package no longer exists. Continuwuity is now built with jemalloc and liburing by default. Contributed by @Henry-Hiles (QuadRadical).
|
||||
@@ -1,2 +0,0 @@
|
||||
Add new config option for [MSC4439](https://github.com/matrix-org/matrix-spec-proposals/pull/4439)
|
||||
PGP key URIs. Contributed by LogN.
|
||||
@@ -1 +0,0 @@
|
||||
Added `!admin users reset-push-rules` command to reset the notification settings of users. Contributed by @nex.
|
||||
@@ -1 +0,0 @@
|
||||
Notification pushers are now automatically removed when their associated device is. Admin commands now exist for manual cleanup too. Contributed by @nex.
|
||||
@@ -1 +0,0 @@
|
||||
Fixed resolving IP of servers that only use SRV delegation. Contributed by @tulir.
|
||||
@@ -1 +0,0 @@
|
||||
Fixed compiler warning in cf_opts.rs when building in release. Contributed by @ezera.
|
||||
@@ -1 +0,0 @@
|
||||
Fixed "Sender must be a local user" error for make_join, make_knock, and make_leave federation routes. Contributed by @nex.
|
||||
@@ -1 +0,0 @@
|
||||
Added admin commands to get build information and features. Contributed by @Jade
|
||||
@@ -1 +0,0 @@
|
||||
Fixed restricted joins not being signed when we are being used as an authorising server. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat).
|
||||
@@ -0,0 +1 @@
|
||||
Explain accessing Continuwuity's server console when deployed via Docker.
|
||||
@@ -0,0 +1 @@
|
||||
Added config option for default room ACLs. Contributed by @eve.
|
||||
@@ -0,0 +1 @@
|
||||
Removed support for LDAP.
|
||||
@@ -0,0 +1 @@
|
||||
Clarified in the config that `max_request_size` affects federated media as well.
|
||||
@@ -0,0 +1 @@
|
||||
Added support for fallback encryption keys.
|
||||
@@ -0,0 +1 @@
|
||||
Fixed a bug that caused the server to drop events during processing if several events for the same room were sent in a singular transaction. Contributed by @nex.
|
||||
@@ -0,0 +1 @@
|
||||
Add `!admin users reject-all-invites` to clean invite spam
|
||||
@@ -0,0 +1 @@
|
||||
fix `!admin query account-data account-data-get` not returning the content
|
||||
@@ -0,0 +1,9 @@
|
||||
Implemented event rejection, which should resolve and prevent future netsplits of the kinds observed
|
||||
within some Continuwuity rooms.
|
||||
Also resolved several bugs related to both soft-failing events, and event backfilling, which should
|
||||
improve state resolution stability.
|
||||
The `!admin debug get-pdu` command was updated to disambiguate event acceptance status, and
|
||||
`!admin debug show-auth-chain` was added to visually display event auth chains, which may assist
|
||||
developers in debugging strangely complex events.
|
||||
|
||||
Contributed by @nex.
|
||||
@@ -0,0 +1 @@
|
||||
Fixed an issue where Continuwuity would only advertise support for the unstable endpoint for Mutual Rooms (MSC2666), despite only supporting the stable endpoint. Contributed by @Henry-Hiles (QuadRadical)
|
||||
@@ -0,0 +1 @@
|
||||
Added example configuration using caddy-docker-proxy in the livekit setup section of the docs. Contributed by @Cease
|
||||
@@ -0,0 +1 @@
|
||||
Fixed admin commands being ignored when they had leading whitespace before admin commands. Contributed by @kitvonsnookerz.
|
||||
@@ -0,0 +1 @@
|
||||
Fixed several bugs in the `POST /_matrix/client/v3/rooms/{roomId}/upgrade` endpoint. Contributed by @nex.
|
||||
@@ -0,0 +1 @@
|
||||
Added full support for [MSC4168: Update `m.space.*` state on room upgrade](https://github.com/matrix-org/matrix-spec-proposals/pull/4168). Contributed by @nex.
|
||||
@@ -0,0 +1,2 @@
|
||||
Improved the performance and reliability of fetching missing events, improving network partition recovery. Contributed
|
||||
by @nex.
|
||||
@@ -0,0 +1 @@
|
||||
Remove support for MSC4373, as the MSC is now closed. Contributed by @vel.
|
||||
@@ -0,0 +1 @@
|
||||
Added static builds using Nix, allowing for Continuwuity on musl. During this, we also introduced a `max-perf-haswell` package, separating it from `max-perf`, so you may want to swap to this if you are on NixOS. Contributed by @Henry-Hiles (QuadRadical).
|
||||
@@ -0,0 +1 @@
|
||||
Added support for MSC4380 invite blocking, which has become part of the Matrix specification in v1.18. Contributed by @nex.
|
||||
@@ -0,0 +1 @@
|
||||
Added `!admin debug get-state-at` command
|
||||
@@ -0,0 +1 @@
|
||||
Added support for linking an external identity provider with OIDC. Contributed by @ginger.
|
||||
@@ -0,0 +1 @@
|
||||
Adjusted legacy sync logic to no longer use the `roomsynctoken_shortstatehash` database column. Once this change has been confirmed to be stable and reliable, a future update will remove it entirely, significantly decreasing database sizes. Contributed by @ginger.
|
||||
@@ -7,7 +7,6 @@
|
||||
[global]
|
||||
address = "0.0.0.0"
|
||||
allow_device_name_federation = true
|
||||
allow_guest_registration = true
|
||||
allow_public_room_directory_over_federation = true
|
||||
allow_registration = true
|
||||
database_path = "/database"
|
||||
@@ -32,7 +31,6 @@ rocksdb_log_level = "info"
|
||||
rocksdb_max_log_files = 1
|
||||
rocksdb_recovery_mode = 0
|
||||
rocksdb_paranoid_file_checks = true
|
||||
log_guest_registrations = false
|
||||
allow_legacy_media = true
|
||||
startup_netburst = true
|
||||
startup_netburst_keep = -1
|
||||
|
||||
+205
-180
@@ -291,12 +291,13 @@
|
||||
#ip_lookup_strategy = 5
|
||||
|
||||
# Max request size for file uploads in bytes. Defaults to 20MB.
|
||||
# Also limits incoming federated media.
|
||||
#
|
||||
#max_request_size = 20971520
|
||||
|
||||
# This item is undocumented. Please contribute documentation for it.
|
||||
#
|
||||
#max_fetch_prev_events = 192
|
||||
#max_fetch_prev_events = 1024
|
||||
|
||||
# How many incoming federation transactions the server is willing to be
|
||||
# processing at any given time before it becomes overloaded and starts
|
||||
@@ -371,21 +372,18 @@
|
||||
#
|
||||
#federation_timeout = 60
|
||||
|
||||
# MSC4284 Policy server request timeout (seconds). Generally policy
|
||||
# Policy server request timeout (seconds). Generally policy
|
||||
# servers should respond near instantly, however may slow down under
|
||||
# load. If a policy server doesn't respond in a short amount of time, the
|
||||
# room it is configured in may become unusable if this limit is set too
|
||||
# high. 10 seconds is a good default, however dropping this to 3-5 seconds
|
||||
# can be acceptable.
|
||||
# high. 30 seconds is a good default, however lower values may be
|
||||
# acceptable if temporary send failures are an okay trade-off.
|
||||
#
|
||||
# Please be aware that policy requests are *NOT* currently re-tried, so if
|
||||
# a spam check request fails, the event will be assumed to be not spam,
|
||||
# which in some cases may result in spam being sent to or received from
|
||||
# the room that would typically be prevented.
|
||||
#
|
||||
# About policy servers: https://matrix.org/blog/2025/04/introducing-policy-servers/
|
||||
# (Stabilized in Matrix v1.18)
|
||||
#
|
||||
#policy_server_request_timeout = 10
|
||||
#policy_server_request_timeout = 30
|
||||
|
||||
# Federation client idle connection pool timeout (seconds).
|
||||
#
|
||||
@@ -523,17 +521,15 @@
|
||||
#
|
||||
#recaptcha_private_site_key =
|
||||
|
||||
# Policy documents, such as terms and conditions or a privacy policy,
|
||||
# which users must agree to when registering an account.
|
||||
# Controls whether users are allowed to deactivate their own accounts
|
||||
# through the account management panel or their Matrix clients. Server
|
||||
# admins can always deactivate users using the relevant admin commands.
|
||||
#
|
||||
# Example:
|
||||
# ```ignore
|
||||
# [global.registration_terms.privacy_policy]
|
||||
# en = { name = "Privacy Policy", url = "https://homeserver.example/en/privacy_policy.html" }
|
||||
# es = { name = "Política de Privacidad", url = "https://homeserver.example/es/privacy_policy.html" }
|
||||
# ```
|
||||
# Note that, in some jurisdictions, you may be legally required to honor
|
||||
# users who request to deactivate their accounts if you set this option
|
||||
# to `false`.
|
||||
#
|
||||
#registration_terms = {}
|
||||
#allow_deactivation = true
|
||||
|
||||
# Controls whether encrypted rooms and events are allowed.
|
||||
#
|
||||
@@ -573,18 +569,6 @@
|
||||
#
|
||||
#allow_public_room_directory_over_federation = false
|
||||
|
||||
# Allow guests/unauthenticated users to access TURN credentials.
|
||||
#
|
||||
# This is the equivalent of Synapse's `turn_allow_guests` config option.
|
||||
# This allows any unauthenticated user to call the endpoint
|
||||
# `/_matrix/client/v3/voip/turnServer`.
|
||||
#
|
||||
# It is unlikely you need to enable this as all major clients support
|
||||
# authentication for this endpoint and prevents misuse of your TURN server
|
||||
# from potential bots.
|
||||
#
|
||||
#turn_allow_guests = false
|
||||
|
||||
# Set this to true to lock down your server's public room directory and
|
||||
# only allow admins to publish rooms to the room directory. Unpublishing
|
||||
# is still allowed by all users with this enabled.
|
||||
@@ -619,7 +603,7 @@
|
||||
# Set to false to disable users from joining or creating room versions
|
||||
# that aren't officially supported by continuwuity.
|
||||
#
|
||||
# continuwuity officially supports room versions 6 - 11.
|
||||
# continuwuity officially supports room versions 6 - 12.
|
||||
#
|
||||
# continuwuity has slightly experimental (though works fine in practice)
|
||||
# support for versions 3 - 5.
|
||||
@@ -631,9 +615,41 @@
|
||||
# rather than an integer. Forgetting the quotes will make the server fail
|
||||
# to start!
|
||||
#
|
||||
# Per spec, room version "11" is the default.
|
||||
# Per spec, room version "12" is the default.
|
||||
#
|
||||
#default_room_version = "11"
|
||||
#default_room_version = "12"
|
||||
|
||||
# A default allow value for the Access Control List when creating a room.
|
||||
#
|
||||
# If a list is provided, new rooms will be created with
|
||||
# a m.room.server_acl event. Only servers which match one of the patterns
|
||||
# in the list will be permitted to participate in the room.
|
||||
#
|
||||
# ACLs in existing rooms will not be updated automatically. This is not
|
||||
# a substitute for moderation bots.
|
||||
#
|
||||
#default_room_acl_allow =
|
||||
|
||||
# A default deny value for the Access Control List when creating a room.
|
||||
#
|
||||
# If a list is provided, new rooms will be created with
|
||||
# a m.room.server_acl event. Servers which match one of the patterns
|
||||
# in the list will be NOT permitted to participate in the room.
|
||||
#
|
||||
# This config cannot be used if the default_room_acl_allow config is used.
|
||||
#
|
||||
# ACLs in existing rooms will not be updated automatically. This is not
|
||||
# a substitute for moderation bots.
|
||||
#
|
||||
#default_room_acl_deny =
|
||||
|
||||
# The number of forward extremities to tolerate in a room before
|
||||
# attempting to manually squash them with a "dummy event". Setting this
|
||||
# above 20 will hinder its efficacy, and setting it below 5 will cause
|
||||
# more dummy events to be sent than necessary (which increases federation
|
||||
# traffic).
|
||||
#
|
||||
#dummy_event_threshold = 10
|
||||
|
||||
# Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
|
||||
# Jaeger exporter. Traces will be sent via OTLP to a collector (such as
|
||||
@@ -1282,21 +1298,6 @@
|
||||
#
|
||||
#brotli_compression = false
|
||||
|
||||
# Set to true to allow user type "guest" registrations. Some clients like
|
||||
# Element attempt to register guest users automatically.
|
||||
#
|
||||
#allow_guest_registration = false
|
||||
|
||||
# Set to true to log guest registrations in the admin room. Note that
|
||||
# these may be noisy or unnecessary if you're a public homeserver.
|
||||
#
|
||||
#log_guest_registrations = false
|
||||
|
||||
# Set to true to allow guest registrations/users to auto join any rooms
|
||||
# specified in `auto_join_rooms`.
|
||||
#
|
||||
#allow_guests_auto_join_rooms = false
|
||||
|
||||
# Enable the legacy unauthenticated Matrix media repository endpoints.
|
||||
# These endpoints consist of:
|
||||
# - /_matrix/media/*/config
|
||||
@@ -1409,6 +1410,20 @@
|
||||
#
|
||||
#ignore_messages_from_server_names = []
|
||||
|
||||
# List of server names that continuwuity will deprioritize (try last) when
|
||||
# a client requests to join a room.
|
||||
#
|
||||
# This can be used to potentially speed up room join requests, by
|
||||
# deprioritizing sending join requests through servers that are known to
|
||||
# be large or slow.
|
||||
#
|
||||
# continuwuity will still send join requests to servers in this list if
|
||||
# the room couldn't be joined via other servers it federates with.
|
||||
#
|
||||
# example: ["example.com"]
|
||||
#
|
||||
#deprioritize_joins_through_servers = []
|
||||
|
||||
# Send messages from users that the user has ignored to the client.
|
||||
#
|
||||
# There is no way for clients to receive messages sent while a user was
|
||||
@@ -1419,6 +1434,11 @@
|
||||
#
|
||||
#send_messages_from_ignored_users_to_client = false
|
||||
|
||||
# Send "org.matrix.dummy_event" events to the client. This is a debugging
|
||||
# option.
|
||||
#
|
||||
#send_dummy_events_to_clients = false
|
||||
|
||||
# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
|
||||
# do not want continuwuity to send outbound requests to. Defaults to
|
||||
# RFC1918, unroutable, loopback, multicast, and testnet addresses for
|
||||
@@ -1582,19 +1602,6 @@
|
||||
#
|
||||
#block_non_admin_invites = false
|
||||
|
||||
# Enable or disable making requests to MSC4284 Policy Servers.
|
||||
# It is recommended you keep this enabled unless you experience frequent
|
||||
# connectivity issues, such as in a restricted networking environment.
|
||||
#
|
||||
#enable_msc4284_policy_servers = true
|
||||
|
||||
# Enable running locally generated events through configured MSC4284
|
||||
# policy servers. You may wish to disable this if your server is
|
||||
# single-user for a slight speed benefit in some rooms, but otherwise
|
||||
# should leave it enabled.
|
||||
#
|
||||
#policy_server_check_own_events = true
|
||||
|
||||
# Allow admins to enter commands in rooms other than "#admins" (admin
|
||||
# room) by prefixing your message with "\!admin" or "\\!admin" followed up
|
||||
# a normal continuwuity admin command. The reply will be publicly visible
|
||||
@@ -1861,6 +1868,11 @@
|
||||
#
|
||||
#support_page =
|
||||
|
||||
# The ed25519 public key for the policy server available at this server's
|
||||
# name. Must be unpadded base64.
|
||||
#
|
||||
#policy_server_public_key =
|
||||
|
||||
# Role string for server support contacts, to be served as part of the
|
||||
# MSC1929 server support endpoint at /.well-known/matrix/support.
|
||||
#
|
||||
@@ -1886,34 +1898,6 @@
|
||||
#
|
||||
#support_pgp_key =
|
||||
|
||||
# **DEPRECATED**: Use `[global.matrix_rtc].foci` instead.
|
||||
#
|
||||
# A list of MatrixRTC foci URLs which will be served as part of the
|
||||
# MSC4143 client endpoint at /.well-known/matrix/client.
|
||||
#
|
||||
# This option is deprecated and will be removed in a future release.
|
||||
# Please migrate to the new `[global.matrix_rtc]` config section.
|
||||
#
|
||||
#rtc_focus_server_urls = []
|
||||
|
||||
[global.blurhashing]
|
||||
|
||||
# blurhashing x component, 4 is recommended by https://blurha.sh/
|
||||
#
|
||||
#components_x = 4
|
||||
|
||||
# blurhashing y component, 3 is recommended by https://blurha.sh/
|
||||
#
|
||||
#components_y = 3
|
||||
|
||||
# Max raw size that the server will blurhash, this is the size of the
|
||||
# image after converting it to raw data, it should be higher than the
|
||||
# upload limit but not too high. The higher it is the higher the
|
||||
# potential load will be for clients requesting blurhashes. The default
|
||||
# is 33.55MB. Setting it to 0 disables blurhashing.
|
||||
#
|
||||
#blurhash_max_raw_size = 33554432
|
||||
|
||||
[global.matrix_rtc]
|
||||
|
||||
# A list of MatrixRTC foci (transports) which will be served via the
|
||||
@@ -1931,94 +1915,6 @@
|
||||
#
|
||||
#foci = []
|
||||
|
||||
[global.ldap]
|
||||
|
||||
# Whether to enable LDAP login.
|
||||
#
|
||||
# example: "true"
|
||||
#
|
||||
#enable = false
|
||||
|
||||
# Whether to force LDAP authentication or authorize classical password
|
||||
# login.
|
||||
#
|
||||
# example: "true"
|
||||
#
|
||||
#ldap_only = false
|
||||
|
||||
# URI of the LDAP server.
|
||||
#
|
||||
# example: "ldap://ldap.example.com:389"
|
||||
#
|
||||
#uri = ""
|
||||
|
||||
# Root of the searches.
|
||||
#
|
||||
# example: "ou=users,dc=example,dc=org"
|
||||
#
|
||||
#base_dn = ""
|
||||
|
||||
# Bind DN if anonymous search is not enabled.
|
||||
#
|
||||
# You can use the variable `{username}` that will be replaced by the
|
||||
# entered username. In such case, the password used to bind will be the
|
||||
# one provided for the login and not the one given by
|
||||
# `bind_password_file`. Beware: automatically granting admin rights will
|
||||
# not work if you use this direct bind instead of a LDAP search.
|
||||
#
|
||||
# example: "cn=ldap-reader,dc=example,dc=org" or
|
||||
# "cn={username},ou=users,dc=example,dc=org"
|
||||
#
|
||||
#bind_dn = ""
|
||||
|
||||
# Path to a file on the system that contains the password for the
|
||||
# `bind_dn`.
|
||||
#
|
||||
# The server must be able to access the file, and it must not be empty.
|
||||
#
|
||||
#bind_password_file = ""
|
||||
|
||||
# Search filter to limit user searches.
|
||||
#
|
||||
# You can use the variable `{username}` that will be replaced by the
|
||||
# entered username for more complex filters.
|
||||
#
|
||||
# example: "(&(objectClass=person)(memberOf=matrix))"
|
||||
#
|
||||
#filter = "(objectClass=*)"
|
||||
|
||||
# Attribute to use to uniquely identify the user.
|
||||
#
|
||||
# example: "uid" or "cn"
|
||||
#
|
||||
#uid_attribute = "uid"
|
||||
|
||||
# Attribute containing the display name of the user.
|
||||
#
|
||||
# example: "givenName" or "sn"
|
||||
#
|
||||
#name_attribute = "givenName"
|
||||
|
||||
# Root of the searches for admin users.
|
||||
#
|
||||
# Defaults to `base_dn` if empty.
|
||||
#
|
||||
# example: "ou=admins,dc=example,dc=org"
|
||||
#
|
||||
#admin_base_dn = ""
|
||||
|
||||
# The LDAP search filter to find administrative users for continuwuity.
|
||||
#
|
||||
# If left blank, administrative state must be configured manually for each
|
||||
# user.
|
||||
#
|
||||
# You can use the variable `{username}` that will be replaced by the
|
||||
# entered username for more complex filters.
|
||||
#
|
||||
# example: "(objectClass=conduwuitAdmin)" or "(uid={username})"
|
||||
#
|
||||
#admin_filter = ""
|
||||
|
||||
#[global.antispam]
|
||||
|
||||
#[global.antispam.meowlnir]
|
||||
@@ -2087,12 +1983,141 @@
|
||||
#
|
||||
#sender =
|
||||
|
||||
# Whether to require that users provide an email address when they
|
||||
# register.
|
||||
# Whether to allow public registration with an email address.
|
||||
#
|
||||
# Note that, if this option is enabled, anyone will be able to register an
|
||||
# account with just an email address.
|
||||
#
|
||||
# If either this option or `require_email_for_token_registration` are set,
|
||||
# users will not be allowed to remove their email address.
|
||||
#
|
||||
#require_email_for_registration = false
|
||||
|
||||
# Whether to require that users who register with a registration token
|
||||
# provide an email address.
|
||||
# provide an email address. This option is independent of
|
||||
# `require_email_for_registration`.
|
||||
#
|
||||
#require_email_for_token_registration = false
|
||||
|
||||
#[global.registration_terms]
|
||||
|
||||
# The language code to provide to clients along with the policy documents.
|
||||
#
|
||||
#language = "en"
|
||||
|
||||
# Policy documents, such as terms and conditions or a privacy policy,
|
||||
# which users must agree to when registering an account.
|
||||
#
|
||||
# Example:
|
||||
# ```ignore
|
||||
# [global.registration_terms.documents]
|
||||
# privacy_policy = { name = "Privacy Policy", url = "https://homeserver.example/en/privacy_policy.html" }
|
||||
# ```
|
||||
#
|
||||
#documents =
|
||||
|
||||
#[global.oauth]
|
||||
|
||||
# The compatibility mode to use for OAuth.
|
||||
#
|
||||
# - "disabled": OAuth will be unavailable. Users will only be able to log
|
||||
# in using legacy authentication.
|
||||
# - "hybrid": OAuth and legacy authentication will both be available. Some
|
||||
# clients may only use one or the other.
|
||||
# - "exclusive": Only OAuth will be available. Clients which require
|
||||
# legacy authentication will be unable to log in.
|
||||
#
|
||||
#compatibility_mode = "hybrid"
|
||||
|
||||
#[global.oauth.oidc]
|
||||
# Uncommenting this section will enable Continuwuity's support for
|
||||
# authenticating users using an OpenID Connect-compatible identity provider.
|
||||
# This is referred to as "delegated authentication".
|
||||
#
|
||||
# IMPORTANT NOTE: When delegated authentication is active, Continuwuity will behave as if
|
||||
# the `global.oauth.compatibility_mode` setting is set to `exclusive`.
|
||||
# Matrix clients which do not support OAuth login (also referred to as "next-gen auth") will NOT be able
|
||||
# to log in while delegated authentication is active.
|
||||
|
||||
|
||||
# The OIDC issuer URL. Continuwuity will use OpenID Connect Discovery to
|
||||
# automatically fetch the identity provider's metadata from this URL.
|
||||
# Generally you should set this to the base domain your identity provider
|
||||
# runs on.
|
||||
#
|
||||
#discovery_url =
|
||||
|
||||
# The OAuth client ID for Continuwuity to use when communicating with the
|
||||
# identity provider.
|
||||
#
|
||||
#client_id =
|
||||
|
||||
# The OAuth client secret for Continuwuity to use when communicating with
|
||||
# the identity provider.
|
||||
#
|
||||
#client_secret =
|
||||
|
||||
# A path to a file which Continuwuity will read the client secret from.
|
||||
# If this option is set, it will override `client_secret`.
|
||||
#
|
||||
# The server will fail to start if the file cannot be read.
|
||||
#
|
||||
#client_secret_file =
|
||||
|
||||
# Additional scopes Continuwuity should request from the IDP. This may be
|
||||
# necessary to access certain claims. Continuwuity always requests the
|
||||
# `openid` scope.
|
||||
#
|
||||
#additional_scopes = []
|
||||
|
||||
# Whether the user should be prompted to choose a localpart
|
||||
# when signing in for the first time. If this is `false`, Continuwuity
|
||||
# will attempt to use the value of the `preferred_username_claim`
|
||||
# (see below) as the user's localpart. Authentication will
|
||||
# fail if this claim is missing or is not a valid localpart.
|
||||
#
|
||||
#prompt_for_localpart = true
|
||||
|
||||
# The claim to use for the user's localpart, if `prompt_for_localpart` is
|
||||
# false.
|
||||
#
|
||||
#preferred_username_claim = "preferred_username"
|
||||
|
||||
# The claim which will be used to set the user's email address,
|
||||
# either on initial registration or on every login depending on
|
||||
# the value of `profile_key_import_mode`. Continuwuity assumes that
|
||||
# the IDP has taken care of verifying that the user controls the email
|
||||
# address it provides.
|
||||
#
|
||||
# This option does nothing if SMTP is not configured.
|
||||
#
|
||||
# If this option is set, and `profile_key_import_mode` is `on_login`,
|
||||
# users will not be able to change their email addresses themselves.
|
||||
#
|
||||
#email_claim = "email"
|
||||
|
||||
# Defines how claims returned from the IDP should be mapped to a user's
|
||||
# profile data. The profile field named in each key will be set from the
|
||||
# claim named in the corresponding value when the user first registers,
|
||||
# and possibly on subsequent logins as well, depending on the value of
|
||||
# `profile_key_import_mode` (see below).
|
||||
#
|
||||
# Per-room overrides to the user's display name or avatar will be
|
||||
# preserved by the import process.
|
||||
#
|
||||
# SECURITY NOTE: If the `avatar_url` field is set, Continuwuity will
|
||||
# perform a HTTP GET to the URL in the mapped claim and use the returned
|
||||
# file as the user's profile picture. Make sure your users are not able
|
||||
# to set the value of the mapped claim to an arbitrary URL.
|
||||
#
|
||||
#profile_key_map = { displayname = "name" }
|
||||
|
||||
# When profile keys should be imported from the IDP's claims.
|
||||
#
|
||||
# - "on_registration": Listed keys will be imported once, when the user
|
||||
# logs in for the first time and their shadow account is created.
|
||||
# - "on_login": Listed keys will be imported every time the user logs in.
|
||||
# Additionally, users will not be able to manually edit any listed keys
|
||||
# through their Matrix client.
|
||||
#
|
||||
#profile_key_import_mode = "on_registration"
|
||||
|
||||
+7
-5
@@ -1,5 +1,5 @@
|
||||
ARG RUST_VERSION=1
|
||||
ARG DEBIAN_VERSION=bookworm
|
||||
ARG DEBIAN_VERSION=trixie
|
||||
|
||||
FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
|
||||
FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-${DEBIAN_VERSION} AS base
|
||||
@@ -10,19 +10,21 @@ RUN rm -f /etc/apt/apt.conf.d/docker-clean
|
||||
|
||||
# Match Rustc version as close as possible
|
||||
# rustc -vV
|
||||
ARG LLVM_VERSION=21
|
||||
ARG LLVM_VERSION=22
|
||||
# ENV RUSTUP_TOOLCHAIN=${RUST_VERSION}
|
||||
|
||||
# Install repo tools
|
||||
# Line one: compiler tools
|
||||
# Line two: curl, for downloading binaries and wget because llvm.sh is broken with curl
|
||||
# Line three: for xx-verify
|
||||
# golang, cmake: For aws-lc-rs bindgen
|
||||
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
|
||||
--mount=type=cache,target=/var/lib/apt,sharing=locked \
|
||||
apt-get update && apt-get install -y \
|
||||
pkg-config make jq \
|
||||
wget curl git software-properties-common \
|
||||
wget curl git lsb-release gpg \
|
||||
file
|
||||
# golang cmake
|
||||
|
||||
# LLVM packages
|
||||
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
|
||||
@@ -48,7 +50,7 @@ EOF
|
||||
|
||||
# Developer tool versions
|
||||
# renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
|
||||
ENV BINSTALL_VERSION=1.17.9
|
||||
ENV BINSTALL_VERSION=1.20.1
|
||||
# renovate: datasource=github-releases depName=psastras/sbom-rs
|
||||
ENV CARGO_SBOM_VERSION=0.9.1
|
||||
# renovate: datasource=crate depName=lddtree
|
||||
@@ -162,7 +164,7 @@ ENV CONDUWUIT_VERSION_EXTRA=$CONDUWUIT_VERSION_EXTRA
|
||||
ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA
|
||||
|
||||
ARG RUST_PROFILE=release
|
||||
ARG CARGO_FEATURES="default,http3"
|
||||
ARG CARGO_FEATURES="default"
|
||||
|
||||
# Build the binary
|
||||
RUN --mount=type=cache,target=/usr/local/cargo/registry \
|
||||
|
||||
@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \
|
||||
|
||||
# Developer tool versions
|
||||
# renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
|
||||
ENV BINSTALL_VERSION=1.17.9
|
||||
ENV BINSTALL_VERSION=1.20.1
|
||||
# renovate: datasource=github-releases depName=psastras/sbom-rs
|
||||
ENV CARGO_SBOM_VERSION=0.9.1
|
||||
# renovate: datasource=crate depName=lddtree
|
||||
|
||||
@@ -69,11 +69,6 @@
|
||||
"label": "Configuration Reference",
|
||||
"name": "/reference/config"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"label": "Environment Variables",
|
||||
"name": "/reference/environment-variables"
|
||||
},
|
||||
{
|
||||
"type": "dir",
|
||||
"label": "Admin Command Reference",
|
||||
|
||||
@@ -3,5 +3,16 @@
|
||||
"type": "file",
|
||||
"name": "delegation",
|
||||
"label": "Delegation / split-domain"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"name": "dns",
|
||||
"label": "DNS tuning (recommended)"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"name": "performance",
|
||||
"label": "Performance tuning"
|
||||
}
|
||||
|
||||
]
|
||||
|
||||
@@ -18,12 +18,14 @@ ## Configuration
|
||||
```toml
|
||||
[global.well_known]
|
||||
|
||||
# defaults to port :443 if not specified
|
||||
client = "https://matrix.example.com"
|
||||
|
||||
# port number MUST be specified
|
||||
server = "matrix.example.com:443"
|
||||
|
||||
# (optional) customize your support contacts
|
||||
# Defaults to members of the admin room if unset
|
||||
#support_page =
|
||||
#support_role = "m.role.admin"
|
||||
#support_email =
|
||||
@@ -42,9 +44,11 @@ # (optional) customize your support contacts
|
||||
client=https://matrix.example.com,
|
||||
server=matrix.example.com:443
|
||||
}
|
||||
```
|
||||
|
||||
## Serving with a reverse proxy
|
||||
# You can also configure individual `.well-knowns` like this
|
||||
# CONTINUWUITY_WELL_KNOWN__CLIENT: https://matrix.example.com
|
||||
# CONTINUWUITY_WELL_KNOWN__SERVER: matrix.example.com:443
|
||||
```
|
||||
|
||||
After doing the steps above, Continuwuity will serve these 3 JSON files:
|
||||
|
||||
@@ -54,9 +58,11 @@ ## Serving with a reverse proxy
|
||||
|
||||
To enable full discovery, you will need to reverse proxy these paths from the base domain back to Continuwuity.
|
||||
|
||||
## Reverse proxying well-known files to Continuwuity
|
||||
|
||||
<details>
|
||||
|
||||
<summary>For Caddy</summary>
|
||||
<summary>For **Caddy**</summary>
|
||||
|
||||
```
|
||||
matrix.example.com:443 {
|
||||
@@ -72,7 +78,7 @@ ## Serving with a reverse proxy
|
||||
|
||||
<details>
|
||||
|
||||
<summary>For Traefik (via Docker labels)</summary>
|
||||
<summary>For **Traefik** (via Docker labels)</summary>
|
||||
|
||||
```
|
||||
services:
|
||||
@@ -87,16 +93,17 @@ ## Serving with a reverse proxy
|
||||
|
||||
</details>
|
||||
|
||||
Restart Continuwuity and your reverse proxy. Once that's done, visit these routes and check that the responses match the examples below:
|
||||
|
||||
For **Docker** users, consult the compose files in the [Appendix section](#docker-compose-examples).
|
||||
|
||||
After applying these changes, restart Continuwuity and your reverse proxy.Visit these routes and check that the responses match the examples below:
|
||||
|
||||
<details open>
|
||||
|
||||
<summary>`https://example.com/.well-known/matrix/server`</summary>
|
||||
|
||||
```json
|
||||
{
|
||||
"m.server": "matrix.example.com:443"
|
||||
}
|
||||
{ "m.server": "matrix.example.com:443" }
|
||||
```
|
||||
|
||||
</details>
|
||||
@@ -115,12 +122,59 @@ ## Serving with a reverse proxy
|
||||
|
||||
</details>
|
||||
|
||||
### Serving well-known files manually
|
||||
|
||||
Instead of configuring `[global.well_known]` options and reverse proxying well-known URIs, you can serve these files directly as static JSON that match the ones above. This is useful if your base domain points to a different physical server, and reverse proxying isn't feasible.
|
||||
|
||||
<details>
|
||||
|
||||
<summary>Example Caddyfile **for the base domain**</summary>
|
||||
|
||||
```
|
||||
https://example.com {
|
||||
|
||||
respond /.well-known/matrix/server 200 {
|
||||
body `{"m.server":"matrix.example.com:443"}`
|
||||
}
|
||||
|
||||
handle /.well-known/matrix/client {
|
||||
header Access-Control-Allow-Origin *
|
||||
respond <<JSON
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.example.com/"
|
||||
}
|
||||
}
|
||||
JSON
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
Remember to set the `Access-Control-Allow-Origin: *` header in your `/.well-known/matrix/client` path for web clients to work.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
Check that other servers can connect to you.
|
||||
Here are some tools that can help identify federation issues:
|
||||
|
||||
- [Matrix Connectivity Tester](https://federationtester.mtrnord.blog/)
|
||||
- [Matrix Federation Tester](https://federationtester.matrix.org/)
|
||||
|
||||
### Cannot log in with web clients
|
||||
|
||||
Make sure there is an `Access-Control-Allow-Origin: *` header in your `/.well-known/matrix/client` path. While Continuwuity serves this header by default, it may be dropped by reverse proxies or other middlewares.
|
||||
|
||||
### Issues with alternative setups
|
||||
|
||||
As Matrix clients prioritize well-known URIs for their destination, this can lead to issues with alternative methods of accessing the server that doesn't use a publicly routeable IP and domain name. You will probably find yourself connecting to non-existent/undesired URLs in certain cases like:
|
||||
|
||||
- Accessing to the server via localhost IPs (e.g. for testing purposes)
|
||||
- Accessing the server from behind a VPN, or from alternative networks (such as from an onionsite)
|
||||
|
||||
In these scenarios, further configurations would be needed. Refer to the [Related Documentation](#related-documentation) section for resolution steps and see how they could apply to your use case.
|
||||
|
||||
---
|
||||
|
||||
## Using SRV records (not recommended)
|
||||
@@ -204,3 +258,45 @@ ## Related Documentation
|
||||
- [Server-to-Server resolution](https://spec.matrix.org/v1.17/server-server-api/#resolving-server-names) (see this for more information on SRV records)
|
||||
- [Client-to-Server resolution](https://spec.matrix.org/v1.17/client-server-api/#server-discovery)
|
||||
- [MSC1929: Homeserver Admin Contact and Support page](https://github.com/matrix-org/matrix-spec-proposals/pull/1929)
|
||||
|
||||
## Appendix
|
||||
|
||||
### Docker Compose examples
|
||||
|
||||
The following Compose files are taken from [Docker instructions](../deploying/docker.mdx) and reconfigured to support split-domain delegation. Note the updated `CONTINUWUITY_WELL_KNOWN` variable and relevant changes in reverse proxy rules.
|
||||
|
||||
<details>
|
||||
<summary>Caddy (using Caddyfile) - delegated.docker-compose.with-caddy.yml ([view raw](/advanced/delegated.docker-compose.with-caddy.yml))</summary>
|
||||
|
||||
```yaml file="../public/advanced/delegated.docker-compose.with-caddy.yml"
|
||||
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>Caddy (using labels) - delegated.docker-compose.with-caddy-labels.yml ([view raw](/advanced/delegated.docker-compose.with-caddy-labels.yml))</summary>
|
||||
|
||||
```yaml file="../public/advanced/delegated.docker-compose.with-caddy-labels.yml"
|
||||
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>Traefik (for existing setup) - delegated.docker-compose.for-traefik.yml ([view raw](/advanced/delegated.docker-compose.for-traefik.yml))</summary>
|
||||
|
||||
```yaml file="../public/advanced/delegated.docker-compose.for-traefik.yml"
|
||||
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>Traefik included - delegated.docker-compose.with-traefik.yml ([view raw](/advanced/delegated.docker-compose.with-traefik.yml))</summary>
|
||||
|
||||
```yaml file="../public/advanced/delegated.docker-compose.with-traefik.yml"
|
||||
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
@@ -0,0 +1,169 @@
|
||||
# DNS Tuning (recommended)
|
||||
|
||||
For federation, Matrix homeservers conduct an enormous amount of DNS requests, sometimes up to thousands of queries per minute. Normal DNS resolvers are simply not designed for this load, and running Continuwuity with them will likely result in various [DNS and federation errors](../troubleshooting#dns-issues).
|
||||
|
||||
To solve this issue, it is strongly recommended to self-host a high-quality, external caching DNS resolver for Continuwuity. This guide will use [Unbound][unbound] as the recommended example, but the general principle applies to any resolver.
|
||||
|
||||
[unbound]: https://wiki.archlinux.org/title/Unbound
|
||||
|
||||
## Overview
|
||||
|
||||
For generic deployments, install your resolver of choice and configure `/etc/resolv.conf` to point to it. The resolver should ideally reside on the same host as Continuwuity.
|
||||
|
||||
```txt title="/etc/resolv.conf"
|
||||
nameserver 127.0.0.1
|
||||
```
|
||||
|
||||
**Avoid using `systemd-resolved`** as it does **not** perform very well under high load, and we have identified its DNS caching to not be very effective.
|
||||
|
||||
### For Docker users
|
||||
|
||||
Docker bridge networks uses a non-performant resolver to intercept and respond to container hostnames, and **this should also be avoided**. Instead, mount a custom `/etc/resolv.conf` file into the container, and hardcode a resolver address to bypass Docker's.
|
||||
|
||||
It is recommended to run a dedicated resolver container for Continuwuity, as to separate from the host's resolver setup. To do this, create a custom bridge network and IP range, and explicitly define an IP address for the resolver container.
|
||||
|
||||
<details>
|
||||
<summary>Example Docker deployment with unbound</summary>
|
||||
|
||||
```yaml title="docker-compose.yml"
|
||||
networks:
|
||||
matrix_net:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "10.10.10.0/24"
|
||||
|
||||
services:
|
||||
homeserver:
|
||||
# ...
|
||||
volume:
|
||||
- ./continuwuity-resolv.conf:/etc/resolv.conf:ro
|
||||
|
||||
unbound:
|
||||
# ...
|
||||
networks:
|
||||
matrix_net:
|
||||
ipv4_address: 10.10.10.20
|
||||
```
|
||||
|
||||
```txt title="continuwuity-resolv.conf"
|
||||
nameserver 10.10.10.20
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
### For IPv4-only users
|
||||
|
||||
If you don't have IPv6 connectivity, changing `ip_lookup_strategy` to only resolve for IPv4 will reduce unnecessary AAAA queries.
|
||||
|
||||
```toml title="continuwuity.toml"
|
||||
[global]
|
||||
# 1 - Ipv4Only (Only query for A records, no AAAA/IPv6)
|
||||
ip_lookup_strategy = 1
|
||||
```
|
||||
|
||||
## Unbound
|
||||
|
||||
[Unbound][unbound] is the recommended resolver to run with Continuwuity. For Docker users, the `docker.io/madnuttah/unbound` image ([Github repo][madnuttah-unbound-repo]) can be used.
|
||||
|
||||
After installation, you can tune `/etc/unbound/unbound.conf` values according to your needs. While Continuwuity cannot recommend a "works-for-everyone" Unbound DNS setup guide, the official [Unbound tuning guide][unbound-tuning-guide] and the [Unbound Arch Linux wiki page][unbound-arch-linux] may be of interest.
|
||||
|
||||
Some values that are commonly tuned include:
|
||||
|
||||
- Increase `rrset-cache-size` and `msg-cache-size` to something much higher than the default `4M`, such as `64M`.
|
||||
|
||||
- Increase `discard-timeout` to something like `4800` to wait longer for upstream resolvers, as recursion can take a long time to respond to some domains. Continuwuity default to `dns_timeout = 10` seconds, so dropping requests early would lead to unnecessary retries and/or failures.
|
||||
|
||||
### Recursion versus forwarding
|
||||
|
||||
Unbound by default employs **recursive resolution** and contacts many servers around the world. While this allows updated and authoritative answers and are generally viable for most users, sometimes these recursive queries can be too slow to fully resolve. As an alternative, you can consider **forwarding** your queries to public resolvers, and benefit from faster responses from their CDNs.
|
||||
|
||||
Do note that most popular upstreams (such as Google DNS or Quad9) employ IP ratelimiting, so a generous cache is still needed to avoid making too many queries.
|
||||
|
||||
If you want to use forwarders, configure it as follows:
|
||||
|
||||
<details>
|
||||
|
||||
<summary>unbound.conf</summary>
|
||||
|
||||
```
|
||||
# Use cloudflare public resolvers as an example
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: 1.0.0.1@53
|
||||
forward-addr: 1.1.1.1@53
|
||||
# Also use IPv6 ones if you're dual-stack
|
||||
# forward-addr: 2606:4700:4700::1001@53
|
||||
# forward-addr: 2606:4700:4700::1111@53
|
||||
|
||||
# alternatively, use DNS-over-TLS for forwarders.
|
||||
# this will encrypt traffic between you and the forwarder,
|
||||
# but takes more time due to TLS overhead.
|
||||
# forward-zone:
|
||||
# name: "."
|
||||
# forward-tls-upstream: yes
|
||||
# forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
# forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
# forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
# forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
[madnuttah-unbound-repo]: https://github.com/madnuttah/unbound-docker/
|
||||
[unbound-tuning-guide]: https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/performance.html
|
||||
[unbound-arch-linux]: https://wiki.archlinux.org/title/Unbound
|
||||
|
||||
## Other resolvers
|
||||
|
||||
### dnsproxy
|
||||
|
||||
[Dnsproxy][dnsproxy] and its sister product [AdGuard Home][adguard-home] are known to work with Continuwuity and has an official Docker image. They have support for DNS-over-HTTPS as well as DNS-over-QUIC, but not recursion.
|
||||
|
||||
To best utilise dnsproxy, you should enable proper caching with `--cache` and set `--cache-size` to something bigger, like `64000000`.
|
||||
|
||||
[dnsproxy]: https://github.com/AdguardTeam/dnsproxy
|
||||
[adguard-home]: https://github.com/AdguardTeam/AdGuardHome
|
||||
|
||||
### dnsmasq
|
||||
|
||||
[dnsmasq][arch-linux-dnsmasq] can possibly work with Continuwuity, though it only supports forwarding rather than recursion. Increase the `cache-size` to something like `30000` for better caching performance.
|
||||
|
||||
However, `dnsmasq` does not support TCP fallback which can be problematic when receiving large DNS responses such as from large SRV records. If you still want to use dnsmasq, make sure you disable `dns_tcp_fallback` in Continuwuity config.
|
||||
|
||||
[arch-linux-dnsmasq]: https://wiki.archlinux.org/title/Dnsmasq
|
||||
|
||||
### Technitium DNS
|
||||
|
||||
[Technitium DNS Server][technitium] supports recursion as well as a myriad of forwarding protocols, allows saving cache to disk natively, and does work well with Continuwuity. Its out-of-the-box configs however ratelimits single-IP requests by a lot, and hence must be changed.
|
||||
|
||||
You may consult this [community guide][technitium-continuwuity] for more details on setting up and fine-tuning a dedicated Technitium instance for Continuwuity.
|
||||
|
||||
[technitium]: https://github.com/TechnitiumSoftware/DnsServer
|
||||
[technitium-continuwuity]: https://muoi.me/~stratself/articles/technitium-continuwuity/
|
||||
|
||||
## Testing
|
||||
|
||||
As a rough stress test, you can run `!admin query resolver flush-cache -a` or `!admin server clear-caches` to trigger a netburst of DNS queries. If your resolver can handle these loads without problem, then it should be ready for regular Continuwuity activity.
|
||||
|
||||
To test connectivity against a specific server, use `!admin debug ping <SERVER_NAME>` and `!admin debug resolve-true-destination <SERVER_NAME>`.
|
||||
|
||||
Note that it is expected that not all servers will be resolved, as some of them may be temporarily offline, have broken DNS and/or discovery configuration, or have been decommissioned.
|
||||
|
||||
## Further steps
|
||||
|
||||
It is recommended to set **`dns_cache_entries = 0`** inside Continuwuity to fully rely on the external resolver. While Continuwuity does have an internal cache, it can run into reliability issues if you're federating with many domains.
|
||||
|
||||
Additionally, you can also make the following improvements:
|
||||
|
||||
- Consider employing **persistent cache to disk**, so your resolver can still run without hassle after a restart. Unbound, via [Cache DB module][unbound-cachedb], can use Redis as a storage backend for this feature.
|
||||
|
||||
- Consider [enabling **Serve Stale**][unbound-serve-stale] functionality to serve expired data beyond DNS TTLs. Since most Matrix homeservers have static IPs, this should still allow federating with them when upstream resolvers have timed out. For dnsproxy, this corresponds to its [optimistic caching options][dnsproxy-usage].
|
||||
|
||||
- If you still experience DNS performance issues, another step could be to **disable DNSSEC** (which is computationally expensive) at a cost of slightly decreased security. On Unbound this is done by commenting out `trust-anchors` config options and removing the `validator` module.
|
||||
|
||||
- Some users have reported that setting `query_over_tcp_only = true` in Continuwuity has improved DNS reliability at a slight performance cost due to TCP overhead. Generally this is not needed if your resolver and homeserver is on the same machine.
|
||||
|
||||
[unbound-cachedb]: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#cache-db-module-options
|
||||
[unbound-serve-stale]: https://wiki.archlinux.org/title/Unbound#Serving_expired_records
|
||||
[dnsproxy-usage]: https://github.com/AdguardTeam/dnsproxy#usage
|
||||
@@ -0,0 +1,135 @@
|
||||
# Performance tuning
|
||||
|
||||
Continuwuity's default configs are suited for many typical setups and scales appropriately with the size of your hardware. However, there are many scenarios where additional modifications can be made to better utilize your server resources.
|
||||
|
||||
This page aims to outline various performance tweaks for Continuwuity and their effects. These adjustments are especially helpful for homeservers that join many large federated rooms or have many users, and it will become increasingly necessary as the Matrix network expands. As always, your mileage may vary according to your setup's specifics. If you have further discussions or recommendations, please share them in the community rooms.
|
||||
|
||||
## DNS tuning (recommended)
|
||||
|
||||
Please see the dedicated [DNS tuning guide](./dns.mdx).
|
||||
|
||||
## Cache capacities
|
||||
|
||||
If you have memory to spare, consider increasing the `cache_capacity_modifier` value to a larger number to allow more data to be stored in hot memory. This *significantly* speeds up many intensive operations (such as state resolutions) and decreases CPU usage and disk I/O. Start with a baseline of `cache_capacity_modifier = 2.0` and tune up until you are satisfied with RAM usage.
|
||||
|
||||
On the other hand, if your system doesn't have a lot of RAM, consider decreasing the cache capacity modifier to something smaller than `1.0` to avoid low-memory issues (at the cost of higher load on disk/CPU). This recommendation also works if your system has abnormally little RAM compared to the number of CPU cores (for example, 2GB RAM for 12 cores), as cache capacities scale according to number of available cores.
|
||||
|
||||
## Disabling some features
|
||||
|
||||
You can disable outgoing **typing notifications** and **read markers** to reduce strain on the CPU and network when actively participating in rooms.
|
||||
|
||||
```toml
|
||||
# disables sending read receipts
|
||||
allow_outgoing_read_receipts = false
|
||||
# disables sending typing notifications
|
||||
allow_outgoing_typing = false
|
||||
```
|
||||
|
||||
Outgoing presence updates are also considered very expensive and have been disabled by default (`allow_outgoing_presence = false`). For more savings, you may wish to disable _all_ processing of presence entirely.
|
||||
|
||||
```toml title=continuwuity.toml
|
||||
# disabling presence updates entirely
|
||||
allow_local_presence = false
|
||||
allow_incoming_presence = false
|
||||
allow_outgoing_presence = false
|
||||
```
|
||||
|
||||
## Tuning database compression
|
||||
|
||||
:::warning
|
||||
These steps SHOULD be done **before** starting Continuwuity for the first time. While switching database compression midway through is theoretically possible, this has not been tested extensively in the wild.
|
||||
:::
|
||||
|
||||
### Changing the compression algorithm
|
||||
|
||||
For reduced CPU usage at a tradeoff of increased storage space, consider deploying Continuwuity with the faster and less intensive `lz4` algorithm instead of `zstd` for rocksdb, and disable WAL compression entirely:
|
||||
|
||||
```toml
|
||||
### in continuwuity.toml ###
|
||||
rocksdb_compression_algo = "lz4"
|
||||
rocksdb_wal_compression = "none"
|
||||
```
|
||||
|
||||
This tweak can especially be helpful if you have an older or less performant CPU (e.g. a Raspberry Pi) and disk space to spare.
|
||||
|
||||
### Increasing bottommost layer compression (`zstd` only)
|
||||
|
||||
The bottommost layer of the database usually contains old and read-only data, so it is a suitable place for further compression. In Continuwuity, this is possible by setting `rocksdb_bottommost_compression = true` and tuning `rocksdb_bottommost_compression_level` to a more compact level than the default one used in `rocksdb_compression_level`. This tweak comes at a cost of increased CPU usage, but may prevent your database from growing too large in the long run.
|
||||
|
||||
For those using `zstd` compression, the compression level ranges from 1 to 22. An example like this could apply:
|
||||
|
||||
```toml
|
||||
### in continuwuity.toml ###
|
||||
rocksdb_compression_algo = "zstd"
|
||||
rocksdb_compression_level = 32767 # magic number, translates to level 3 on zstd
|
||||
rocksdb_bottommost_compression = true
|
||||
rocksdb_bottommost_compression_level = 9 # level 9 on zstd
|
||||
```
|
||||
|
||||
For `lz4` users, the default level (`-1`) is already the most compact. You can only further decrease it to favor compression speed over ratio.
|
||||
|
||||
Consult these documents for more information on compression tuning and levels:
|
||||
|
||||
- [Rocksdb compression documentation][rocksdb-compression]
|
||||
- [Rocksdb default compression levels][rocksdb-compression-defaults]
|
||||
- [Zstd manual][zstd-manual]
|
||||
- [Lz4 manual][lz4-manual]
|
||||
|
||||
[rocksdb-compression]: https://github.com/facebook/rocksdb/wiki/Compression
|
||||
[rocksdb-compression-defaults]: https://github.com/facebook/rocksdb/blob/main/include/rocksdb/options.h#L208-L217
|
||||
[zstd-manual]: https://facebook.github.io/zstd/zstd_manual.html
|
||||
[lz4-manual]: https://github.com/lz4/lz4/blob/release/doc/lz4_manual.html
|
||||
|
||||
## Other tweaks
|
||||
|
||||
### Using UNIX sockets
|
||||
|
||||
If your homeserver and reverse proxy live on the same machine, you may wish to expose Continuwuity on a UNIX socket instead of a port. This removes TCP overhead between the two programs.
|
||||
|
||||
<details>
|
||||
|
||||
<summary>Example config with Caddy</summary>
|
||||
|
||||
```toml
|
||||
### in continuwuity.toml ###
|
||||
|
||||
# `address` and `port` has to be commented out first
|
||||
#address = ["127.0.0.1", "::1"]
|
||||
#port = 8008
|
||||
unix_socket_path = "/run/continuwuity/continuwuity.sock"
|
||||
```
|
||||
|
||||
```
|
||||
### in your Caddyfile ###
|
||||
https://matrix.example.com {
|
||||
reverse_proxy unix//run/continuwuity/continuwuity.sock
|
||||
|
||||
# alternatively, use the http2-plaintext protocol
|
||||
# reverse_proxy unix+h2c//run/continuwuity/continuwuity.sock
|
||||
}
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
### Tuning your trusted servers
|
||||
|
||||
:::info Vet your trusted servers!
|
||||
Trusted servers are your first point of contact when obtaining public keys from other servers, and they could theoretically impersonate other servers and cause significant harm to your deployment. Please thoroughly verify your trusted servers' credibility before adding them to your configuration.
|
||||
:::
|
||||
|
||||
Trusted servers are queried sequentially in the order they are listed. If you have multiple trusted servers configured, put the faster ones first:
|
||||
|
||||
```toml
|
||||
# Example config, using maintainers' recommended homeservers
|
||||
trusted_servers = ["codestorm.net","starstruck.systems","unredacted.org","matrix.org"]
|
||||
```
|
||||
|
||||
Avoid prioritising `matrix.org` as your primary trusted server, as it tends to be quite slow.
|
||||
|
||||
Some users have also reported that increasing `trusted_server_batch_size` has helped with faster joins for huge rooms. Start with doubling the default to `2048` until you find a suitable value.
|
||||
|
||||
### Enable HTTP/3 on your reverse proxy
|
||||
|
||||
Consider enabling the newer **HTTP/3** protocol for inbound connections to Continuwuity. In Caddy HTTP/3 is allowed by default, but you must expose port :443/**udp** on your firewall.
|
||||
|
||||
HTTP/3 can vastly improve Client-Server connections especially on unstable networks, as it reduces packet losses and latency from TCP head-of-line blocking, includes workarounds for network switching, and reduces connection establishment handshakes. Continuwuity also includes experimental _outbound_ HTTP/3 support in its Docker images, so connections between Continuwuity servers can benefit from this too.
|
||||
+122
-21
@@ -25,9 +25,9 @@ ### 2. Services
|
||||
:::tip Generating the secrets
|
||||
LiveKit provides a utility to generate secure random keys
|
||||
```bash
|
||||
~$ docker run --rm livekit/livekit-server:latest generate-keys
|
||||
API Key: APIUxUnMnSkuFWV
|
||||
API Secret: t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
|
||||
docker run --rm livekit/livekit-server:latest generate-keys
|
||||
# API Key: APIUxUnMnSkuFWV
|
||||
# API Secret: t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
|
||||
```
|
||||
:::
|
||||
|
||||
@@ -91,7 +91,7 @@ ### 3. Telling clients where to find LiveKit
|
||||
|
||||
To tell clients where to find LiveKit, you need to add the address of your `lk-jwt-service` to the `[global.matrix_rtc]` config section using the `foci` option.
|
||||
|
||||
The variable should be a list of servers serving as MatrixRTC endpoints. Clients discover these via the `/_matrix/client/v1/rtc/transports` endpoint (MSC4143).
|
||||
The variable should be a list of servers serving as MatrixRTC endpoints. Replace the URL with the address you are deploying your instance of lk-jwt-service to:
|
||||
|
||||
```toml
|
||||
[global.matrix_rtc]
|
||||
@@ -100,7 +100,10 @@ ### 3. Telling clients where to find LiveKit
|
||||
]
|
||||
```
|
||||
|
||||
Remember to replace the URL with the address you are deploying your instance of lk-jwt-service to.
|
||||
This will expose LiveKit information on the following endpoints for clients to discover:
|
||||
|
||||
- `/_matrix/client/unstable/org.matrix.msc4143/rtc/transports` (MSC4143 unstable, behind auth)
|
||||
- `/.well-known/matrix/client` (fallback, not behind auth. Only enabled if `[global.well_known].client` is set)
|
||||
|
||||
### 4. Configure your Reverse Proxy
|
||||
|
||||
@@ -114,6 +117,7 @@ ### 4. Configure your Reverse Proxy
|
||||
|
||||
<details>
|
||||
<summary>Example caddy config</summary>
|
||||
|
||||
```
|
||||
livekit.example.com {
|
||||
|
||||
@@ -127,10 +131,12 @@ ### 4. Configure your Reverse Proxy
|
||||
reverse_proxy 127.0.0.1:7880
|
||||
}
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>Example nginx config</summary>
|
||||
|
||||
```
|
||||
server {
|
||||
server_name livekit.example.com;
|
||||
@@ -167,16 +173,88 @@ ### 4. Configure your Reverse Proxy
|
||||
'' close;
|
||||
}
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>Example traefik router</summary>
|
||||
|
||||
```
|
||||
# on LiveKit itself
|
||||
traefik.http.routers.livekit.rule=Host(`livekit.example.com`)
|
||||
# on the JWT service
|
||||
traefik.http.routers.livekit-jwt.rule=Host(`livekit.example.com`) && (PathPrefix(`/sfu/get`) || PathPrefix(`/healthz`) || PathPrefix(`/get_token`))
|
||||
```
|
||||
|
||||
</details>
|
||||
<details>
|
||||
<summary>Example docker compose file with caddy-docker-proxy labels</summary>
|
||||
```yaml
|
||||
# This setup assumes all containers share the same bridge network
|
||||
services:
|
||||
lk-jwt-service:
|
||||
image: ghcr.io/element-hq/lk-jwt-service:latest
|
||||
container_name: lk-jwt-service
|
||||
# lk-jwt-service environment config here..
|
||||
labels:
|
||||
caddy: livekit.example.com
|
||||
caddy.@lk-jwt-service.path: "/sfu/get* /healthz* /get_token*"
|
||||
caddy.reverse_proxy: "@lk-jwt-service {{upstreams 8081}}"
|
||||
|
||||
|
||||
livekit:
|
||||
image: livekit/livekit-server:latest
|
||||
container_name: livekit
|
||||
command: --config /etc/livekit.yaml
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
caddy: livekit.example.com
|
||||
caddy.reverse_proxy: "{{upstreams 7880}}"
|
||||
volumes:
|
||||
- ./livekit.yaml:/etc/livekit.yaml:ro
|
||||
ports:
|
||||
- "127.0.0.1:7880:7880/tcp"
|
||||
- "7881:7881/tcp"
|
||||
- "50100-50200:50100-50200/udp"
|
||||
|
||||
|
||||
caddy:
|
||||
image: lucaslorentz/caddy-docker-proxy:ci-alpine
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
environment:
|
||||
- CADDY_INGRESS_NETWORKS=caddy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./data:/data
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
# If you already configured `[global.well_known]` with Continuwuity,
|
||||
# comment out the *_respond labels and add this line
|
||||
# caddy.reverse_proxy: /.well-known/matrix/* homeserver:8008
|
||||
caddy.1_respond: /.well-known/matrix/server {"m.server":"matrix.example.com:443"}
|
||||
caddy.2_respond: /.well-known/matrix/client {"m.server":{"base_url":"https://matrix.example.com"},"m.homeserver":{"base_url":"https://matrix.example.com"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.example.com"}]}
|
||||
|
||||
# If you are having problems with continuwuity serving headers uncomment
|
||||
# the header section below.
|
||||
|
||||
# caddy: example.com
|
||||
# caddy.0_header: "*"
|
||||
# caddy.0_header.Access-Control-Allow-Origin: "*"
|
||||
# caddy.0_header.Access-Control-Allow-Methods: "GET, POST, OPTIONS"
|
||||
# caddy.0_header.Access-Control-Allow-Headers: "Authorization"
|
||||
# caddy.0_header.Content-Type: "application/json"
|
||||
|
||||
homeserver:
|
||||
image: forgejo.ellis.link/continuwuation/continuwuity:latest
|
||||
restart: unless-stopped
|
||||
# add additional environment, volume, and network config here...
|
||||
labels:
|
||||
caddy: matrix.example.com
|
||||
caddy.reverse_proxy: "{{upstreams 8008}}"
|
||||
|
||||
```
|
||||
</details>
|
||||
|
||||
|
||||
@@ -210,7 +288,7 @@ ### add these to livekit's docker-compose ###
|
||||
### if you're using `network_mode: host`, you can skip this part
|
||||
```
|
||||
|
||||
Recreate the LiveKit container (with `docker-compose up -d livekit`) to apply these changes. Remember to allow the new `3478/udp` and `50100:50200/udp` ports through your firewall.
|
||||
Recreate the LiveKit container (with `docker-compose up -d livekit`) to apply these changes. Remember to allow the new `3478/udp` and `50300:50400/udp` ports through your firewall.
|
||||
|
||||
### Integration with an external TURN server
|
||||
|
||||
@@ -253,15 +331,29 @@ # livekit.yaml
|
||||
|
||||
## Testing
|
||||
|
||||
To test that LiveKit is successfully integrated with Continuwuity, you will need to replicate its [Token Exchange Flow](https://github.com/element-hq/lk-jwt-service#%EF%B8%8F-how-it-works--token-exchange-flow).
|
||||
To test that LiveKit is successfully integrated with Continuwuity, you will need to replicate its [Token Exchange Flow](https://github.com/element-hq/lk-jwt-service#%EF%B8%8F-how-it-works--token-exchange-flow). Follow the steps below while checking Docker logs (`docker-compose logs --follow`), in order to help [troubleshooting](#troubleshooting) any issues.
|
||||
|
||||
First, you will need an access token for your current login session. These can be found in your client's settings or obtained via [this website](https://timedout.uk/mxtoken.html).
|
||||
|
||||
Then, using that token, request another OpenID token for use with the lk-jwt-service:
|
||||
Then, using that token, fetch the discovery endpoints for MatrixRTC services:
|
||||
|
||||
```bash
|
||||
~$ curl -X POST -H "Authorization: Bearer <session-access-token>" \
|
||||
curl -H "Authorization: Bearer <session-access-token>" \
|
||||
https://matrix.example.com/_matrix/client/unstable/org.matrix.msc4143/rtc/transports
|
||||
```
|
||||
|
||||
In the output, you should see the LiveKit URL matching the one [configured above](#3-telling-clients-where-to-find-livekit).
|
||||
|
||||
With the same token, request another OpenID token for use with the lk-jwt-service:
|
||||
|
||||
```bash
|
||||
curl -X POST -H "Authorization: Bearer <session-access-token>" \
|
||||
https://matrix.example.com/_matrix/client/v3/user/@user:example.com/openid/request_token
|
||||
```
|
||||
|
||||
You will see a response as below:
|
||||
|
||||
```json
|
||||
{"access_token":"<openid_access_token>","token_type":"Bearer","matrix_server_name":"example.com","expires_in":3600}
|
||||
```
|
||||
|
||||
@@ -295,30 +387,44 @@ ## Testing
|
||||
You can then send this payload to the lk-jwt-service:
|
||||
|
||||
```bash
|
||||
~$ curl -X POST -d @payload.json https://livekit.example.com/get_token
|
||||
curl -X POST -d @payload.json https://livekit.example.com/get_token
|
||||
```
|
||||
|
||||
The lk-jwt-service will, after checking against Continuwuity, answer with a `jwt` token to create a LiveKit media room:
|
||||
|
||||
```json
|
||||
{"url":"wss://livekit.example.com","jwt":"a_really_really_long_string"}
|
||||
```
|
||||
|
||||
The lk-jwt-service will, after checking against Continuwuity, answer with a `jwt` token to create a LiveKit media room. Use this token to test at the [LiveKit Connection Tester](https://livekit.io/connection-test). If everything works there, then you have set up LiveKit successfully!
|
||||
Use this token to test at the [LiveKit Connection Tester](https://livekit.io/connection-test). If everything works there, then you have set up LiveKit successfully!
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
To debug any issues, you can place a call or redo the Testing instructions, and check the container logs for any specific errors. Use `docker-compose logs --follow` to follow them in real-time.
|
||||
To debug any issues, you can place a call or redo the Testing instructions, and check the container logs for any specific errors. Use `docker-compose logs --follow` to follow these logs in real-time.
|
||||
|
||||
### Common errors in Element Call UI
|
||||
|
||||
- `MISSING_MATRIX_RTC_FOCUS`: LiveKit is missing from Continuwuity's config file
|
||||
- "Waiting for media" popup always showing: a LiveKit URL has been configured in Continuwuity, but your client cannot connect to it for some reason
|
||||
|
||||
For browser-based clients, you can also inspect connections using DevTools' Networking tab, to see which requests are erroring out.
|
||||
|
||||
### Docker loopback networking issues
|
||||
|
||||
Some distros do not allow Docker containers to connect to its host's public IP by default. This would cause `lk-jwt-service` to fail connecting to `livekit` or `continuwuity` on the same host. As a result, you would see connection refused/connection timeouts log entries in the JWT service, even when `LIVEKIT_URL` has been configured correctly.
|
||||
|
||||
You can also test that this is the case by cURLing from a sidecar container:
|
||||
|
||||
```bash
|
||||
docker run --rm --net container:lk-jwt-service docker.io/curlimages/curl https://livekit.example.com
|
||||
# --- some errors ---
|
||||
```
|
||||
|
||||
To alleviate this, you can try one of the following workarounds:
|
||||
|
||||
- Use `network_mode: host` for the `lk-jwt-service` container (instead of the default bridge networking).
|
||||
|
||||
- Add an `extra_hosts` file mapping livekit's (and continuwuity's) domain name to a localhost address:
|
||||
- Add an `extra_hosts` file mapping livekit's (and continuwuity's) domain name to a locally-reachable address:
|
||||
|
||||
```diff
|
||||
# in docker-compose.yaml
|
||||
@@ -332,12 +438,7 @@ ### Docker loopback networking issues
|
||||
|
||||
- (**untested, use at your own risk**) Implement an iptables workaround as shown [here](https://forums.docker.com/t/unable-to-connect-to-host-service-from-inside-docker-container/145749/6).
|
||||
|
||||
After implementing the changes and restarting your compose, you can test whether the connection works by cURLing from a sidecar container:
|
||||
|
||||
```bash
|
||||
~$ docker run --rm --net container:lk-jwt-service docker.io/curlimages/curl https://livekit.example.com
|
||||
OK
|
||||
```
|
||||
After implementing the changes and restarting your compose, `lk-jwt-service` should now connect to your other services. The sidecar container test above should now return an `OK` from LiveKit.
|
||||
|
||||
### Workaround for non-federating servers
|
||||
|
||||
@@ -363,8 +464,8 @@ ## Related Documentation
|
||||
|
||||
Specifications:
|
||||
|
||||
- [MatrixRTC proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)
|
||||
- [LiveKit proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4195)
|
||||
- [MSC4143 - MatrixRTC proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)
|
||||
- [MSC4195 - LiveKit proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4195)
|
||||
|
||||
Source code:
|
||||
|
||||
|
||||
+67
-43
@@ -2,66 +2,90 @@ # Configuration
|
||||
|
||||
This chapter describes various ways to configure Continuwuity.
|
||||
|
||||
## Basics
|
||||
## Configuration file
|
||||
|
||||
Continuwuity uses a config file for the majority of the settings, but also supports
|
||||
setting individual config options via commandline.
|
||||
Continuwuity uses a TOML config file for all of its settings. This is the recommended way to configure Continuwuity. Please refer to the [example config file](./reference/config.mdx) for all of these settings.
|
||||
|
||||
Please refer to the [example config
|
||||
file](./reference/config.mdx) for all of those
|
||||
settings.
|
||||
You can specify the config file to be used by Continuwuity with the command-line flag `-c` or `--config`:
|
||||
|
||||
The config file to use can be specified on the commandline when running
|
||||
Continuwuity by specifying the `-c`, `--config` flag. Alternatively, you can use
|
||||
the environment variable `CONTINUWUITY_CONFIG` to specify the config file to be
|
||||
used; see [the section on environment variables](#environment-variables) for
|
||||
more information.
|
||||
```bash
|
||||
./conduwuit -c /path/to/continuwuity.toml
|
||||
```
|
||||
|
||||
## Option commandline flag
|
||||
Alternatively, you can use the environment variable `CONTINUWUITY_CONFIG` to specify the config file to be used; see [the section on environment variables](#environment-variables) for more information.
|
||||
|
||||
Continuwuity supports setting individual config options in TOML format from the
|
||||
`-O` / `--option` flag. For example, you can set your server name via `-O
|
||||
server_name=\"example.com\"`.
|
||||
## Environment variables
|
||||
|
||||
All of the options in the config file can also be specified by using environment variables. This is ideal for containerised deployments and infrastructure-as-code scenarios.
|
||||
|
||||
The environment variable names are represented in all caps and prefixed with `CONTINUWUITY_`. They are mapped to config options in the ways demonstrated below:
|
||||
|
||||
```bash
|
||||
# Top-level options (those inside the [global] section) are simply capitalised
|
||||
CONTINUWUITY_SERVER_NAME="matrix.example.com"
|
||||
CONTINUWUITY_PORT="8008"
|
||||
CONTINUWUITY_DATABASE_PATH="/var/lib/continuwuity"
|
||||
|
||||
# Nested config sections use double underscores `__`
|
||||
|
||||
# This maps to the `server` field of the [global.well_known] section in TOML
|
||||
CONTINUWUITY_WELL_KNOWN__SERVER="example.com:443"
|
||||
|
||||
# This maps to the `base_url` field of the `[global.antispam.draupnir]` section in TOML
|
||||
CONTINUWUITY_ANTISPAM__DRAUPNIR__BASE_URL="https://draupnir.example.com"
|
||||
|
||||
# Alternatively, you can pass a (quoted) struct to define an entire section
|
||||
# This maps to the [global.well_known] section
|
||||
CONTINUWUITY_WELL_KNOWN="{ client=https://example.com,server=example.com:443 }"
|
||||
```
|
||||
|
||||
### Alternative prefixes
|
||||
|
||||
For backwards compatibility, Continuwuity also supports the following environment variable prefixes, in order of descending priority:
|
||||
|
||||
- `CONDUWUIT_*` (compatibility)
|
||||
- `CONDUIT_*` (legacy)
|
||||
|
||||
As an example, the environment variable `CONTINUWUITY_CONFIG` can also be expressed as `CONDUWUIT_CONFIG` or `CONDUIT_CONFIG`.
|
||||
|
||||
## Option command-line flag
|
||||
|
||||
Continuwuity also supports setting individual config options in TOML format from the `-O` / `--option` flag. For example, you can set your server name via `-O server_name=\"example.com\"`.
|
||||
|
||||
Note that the config is parsed as TOML, and shells like `bash` will remove quotes. Therefore, if the config option is a string, quote escapes must be properly handled. If the config option is a number or a boolean, this does not apply.
|
||||
|
||||
Note that the config is parsed as TOML, and shells like bash will remove quotes.
|
||||
So unfortunately it is required to escape quotes if the config option takes a
|
||||
string. This does not apply to options that take booleans or numbers:
|
||||
- `--option allow_registration=true` works ✅
|
||||
- `-O max_request_size=99999999` works ✅
|
||||
- `-O server_name=example.com` does not work ❌
|
||||
- `--option log=\"debug\"` works ✅
|
||||
- `--option server_name='"example.com'"` works ✅
|
||||
|
||||
## Execute commandline flag
|
||||
## Order of priority
|
||||
|
||||
Continuwuity supports running admin commands on startup using the commandline
|
||||
argument `--execute`. The most notable use for this is to create an admin user
|
||||
on first startup.
|
||||
The above configuration methods are prioritised, in descending order, as below:
|
||||
|
||||
The syntax of this is a standard admin command without the prefix such as
|
||||
`./conduwuit --execute "users create_user june"`
|
||||
- Command-line `-o`/`--option` flags
|
||||
- Environment variables
|
||||
- `CONTINUWUITY_*` variables
|
||||
- `CONDUWUIT_*` variables
|
||||
- `CONDUIT_*` variables
|
||||
- Config file
|
||||
|
||||
An example output of a success is:
|
||||
```
|
||||
Therefore, you can use environment variables or the options flags to override values in the config file.
|
||||
|
||||
---
|
||||
|
||||
## Executing startup commands
|
||||
|
||||
Continuwuity supports running admin commands on startup using the command-line flag `--execute`. This is treated as a standard admin command, without the need for the `!admin` prefix. For example, to create a new user:
|
||||
|
||||
```bash
|
||||
# Equivalent to `!admin users create_user june`
|
||||
./conduwuit --execute "users create_user june"
|
||||
INFO conduwuit_service::admin::startup: Startup command #0 completed:
|
||||
Created user with user_id: @june:girlboss.ceo and password: `<redacted>`
|
||||
```
|
||||
|
||||
This commandline argument can be paired with the `--option` flag.
|
||||
Alternatively, you can configure `CONTINUWUITY_ADMIN_EXECUTE` or the config file value `admin_execute` with a list of commands.
|
||||
|
||||
## Environment variables
|
||||
|
||||
All of the settings that are found in the config file can be specified by using
|
||||
environment variables. The environment variable names should be all caps and
|
||||
prefixed with `CONTINUWUITY_`.
|
||||
|
||||
For example, if the setting you are changing is `max_request_size`, then the
|
||||
environment variable to set is `CONTINUWUITY_MAX_REQUEST_SIZE`.
|
||||
|
||||
To modify config options not in the `[global]` context such as
|
||||
`[global.well_known]`, use the `__` suffix split:
|
||||
`CONTINUWUITY_WELL_KNOWN__SERVER`
|
||||
|
||||
Conduit and conduwuit's environment variables are also supported for backwards
|
||||
compatibility, via the `CONDUIT_` and `CONDUWUIT_` prefixes respectively (e.g.
|
||||
`CONDUIT_SERVER_NAME`).
|
||||
This command-line argument can be paired with the `--option` flag.
|
||||
|
||||
@@ -34,6 +34,11 @@
|
||||
"name": "kubernetes",
|
||||
"label": "Kubernetes"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"name": "nomad",
|
||||
"label": "Nomad"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"name": "freebsd",
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
# Continuwuity - Behind Traefik Reverse Proxy
|
||||
|
||||
services:
|
||||
homeserver:
|
||||
### If you already built the continuwuity image with 'docker build' or want to use the Docker Hub image,
|
||||
### then you are ready to go.
|
||||
image: forgejo.ellis.link/continuwuation/continuwuity:latest
|
||||
restart: unless-stopped
|
||||
command: /sbin/conduwuit
|
||||
volumes:
|
||||
- db:/var/lib/continuwuity
|
||||
#- ./continuwuity.toml:/etc/continuwuity.toml
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.continuwuity.rule=(Host(`matrix.example.com`) || (Host(`example.com`) && PathPrefix(`/.well-known/matrix`)))"
|
||||
- "traefik.http.routers.continuwuity.entrypoints=websecure" # your HTTPS entry point
|
||||
- "traefik.http.routers.continuwuity.tls=true"
|
||||
- "traefik.http.routers.continuwuity.service=continuwuity"
|
||||
- "traefik.http.services.continuwuity.loadbalancer.server.port=6167"
|
||||
# possibly, depending on your config:
|
||||
# - "traefik.http.routers.continuwuity.tls.certresolver=letsencrypt"
|
||||
environment:
|
||||
CONTINUWUITY_SERVER_NAME: your.server.name.example # EDIT THIS
|
||||
CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
|
||||
CONTINUWUITY_PORT: 6167 # should match the loadbalancer traefik label
|
||||
CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
|
||||
CONTINUWUITY_ALLOW_REGISTRATION: 'true'
|
||||
CONTINUWUITY_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
|
||||
#CONTINUWUITY_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
|
||||
CONTINUWUITY_ALLOW_FEDERATION: 'true'
|
||||
CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
|
||||
CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
|
||||
#CONTINUWUITY_LOG: warn,state_res=warn
|
||||
CONTINUWUITY_ADDRESS: 0.0.0.0
|
||||
#CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
|
||||
|
||||
# We need some way to serve the client and server .well-known json. The simplest way is via the CONTINUWUITY_WELL_KNOWN
|
||||
# variable / config option, there are multiple ways to do this, e.g. in the continuwuity.toml file, and in a separate
|
||||
# see the override file for more information about delegation
|
||||
CONTINUWUITY_WELL_KNOWN: |
|
||||
{
|
||||
client=https://your.server.name.example,
|
||||
server=your.server.name.example:443
|
||||
}
|
||||
#cpuset: "0-4" # Uncomment to limit to specific CPU cores
|
||||
ulimits: # Continuwuity uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
|
||||
nofile:
|
||||
soft: 1048567
|
||||
hard: 1048567
|
||||
|
||||
### Uncomment if you want to use your own Element-Web App.
|
||||
### Note: You need to provide a config.json for Element and you also need a second
|
||||
### Domain or Subdomain for the communication between Element and Continuwuity
|
||||
### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
|
||||
# element-web:
|
||||
# image: vectorim/element-web:latest
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - ./element_config.json:/app/config.json
|
||||
# networks:
|
||||
# - proxy
|
||||
# depends_on:
|
||||
# - homeserver
|
||||
|
||||
volumes:
|
||||
db:
|
||||
|
||||
networks:
|
||||
# This is the network Traefik listens to, if your network has a different
|
||||
# name, don't forget to change it here and in the docker-compose.override.yml
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
# vim: ts=2:sw=2:expandtab
|
||||
@@ -1,36 +0,0 @@
|
||||
# Continuwuity - Traefik Reverse Proxy Labels
|
||||
|
||||
services:
|
||||
homeserver:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network
|
||||
|
||||
- "traefik.http.routers.to-continuwuity.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)" # Change to the address on which Continuwuity is hosted
|
||||
- "traefik.http.routers.to-continuwuity.tls=true"
|
||||
- "traefik.http.routers.to-continuwuity.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.routers.to-continuwuity.middlewares=cors-headers@docker"
|
||||
- "traefik.http.services.to_continuwuity.loadbalancer.server.port=6167"
|
||||
|
||||
- "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
|
||||
- "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||
- "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
|
||||
|
||||
# If you want to have your account on <DOMAIN>, but host Continuwuity on a subdomain,
|
||||
# you can let it only handle the well known file on that domain instead
|
||||
#- "traefik.http.routers.to-matrix-wellknown.rule=Host(`<DOMAIN>`) && PathPrefix(`/.well-known/matrix`)"
|
||||
#- "traefik.http.routers.to-matrix-wellknown.tls=true"
|
||||
#- "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt"
|
||||
#- "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker"
|
||||
|
||||
### Uncomment this if you uncommented Element-Web App in the docker-compose.yml
|
||||
# element-web:
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network
|
||||
|
||||
# - "traefik.http.routers.to-element-web.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)" # Change to the address on which Element-Web is hosted
|
||||
# - "traefik.http.routers.to-element-web.tls=true"
|
||||
# - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"
|
||||
|
||||
# vim: ts=2:sw=2:expandtab
|
||||
@@ -1,60 +0,0 @@
|
||||
services:
|
||||
caddy:
|
||||
# This compose file uses caddy-docker-proxy as the reverse proxy for Continuwuity!
|
||||
# For more info, visit https://github.com/lucaslorentz/caddy-docker-proxy
|
||||
image: lucaslorentz/caddy-docker-proxy:ci-alpine
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
environment:
|
||||
- CADDY_INGRESS_NETWORKS=caddy
|
||||
networks:
|
||||
- caddy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./data:/data
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
caddy: example.com
|
||||
caddy.reverse_proxy: /.well-known/matrix/* homeserver:6167
|
||||
|
||||
homeserver:
|
||||
### If you already built the Continuwuity image with 'docker build' or want to use a registry image,
|
||||
### then you are ready to go.
|
||||
image: forgejo.ellis.link/continuwuation/continuwuity:latest
|
||||
restart: unless-stopped
|
||||
command: /sbin/conduwuit
|
||||
volumes:
|
||||
- db:/var/lib/continuwuity
|
||||
- /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
|
||||
#- ./continuwuity.toml:/etc/continuwuity.toml
|
||||
environment:
|
||||
CONTINUWUITY_SERVER_NAME: example.com # EDIT THIS
|
||||
CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
|
||||
CONTINUWUITY_PORT: 6167
|
||||
CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
|
||||
CONTINUWUITY_ALLOW_REGISTRATION: 'true'
|
||||
CONTINUWUITY_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
|
||||
#CONTINUWUITY_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
|
||||
CONTINUWUITY_ALLOW_FEDERATION: 'true'
|
||||
CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
|
||||
CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
|
||||
#CONTINUWUITY_LOG: warn,state_res=warn
|
||||
CONTINUWUITY_ADDRESS: 0.0.0.0
|
||||
#CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
|
||||
|
||||
# Required for .well-known delegation - edit these according to your chosen domain
|
||||
CONTINUWUITY_WELL_KNOWN__CLIENT: https://matrix.example.com
|
||||
CONTINUWUITY_WELL_KNOWN__SERVER: matrix.example.com:443
|
||||
networks:
|
||||
- caddy
|
||||
labels:
|
||||
caddy: matrix.example.com
|
||||
caddy.reverse_proxy: "{{upstreams 6167}}"
|
||||
|
||||
volumes:
|
||||
db:
|
||||
|
||||
networks:
|
||||
caddy:
|
||||
external: true
|
||||
@@ -1,160 +0,0 @@
|
||||
# Continuwuity - Behind Traefik Reverse Proxy
|
||||
|
||||
services:
|
||||
homeserver:
|
||||
### If you already built the Continuwuity image with 'docker build' or want to use the Docker Hub image,
|
||||
### then you are ready to go.
|
||||
image: forgejo.ellis.link/continuwuation/continuwuity:latest
|
||||
restart: unless-stopped
|
||||
command: /sbin/conduwuit
|
||||
volumes:
|
||||
- db:/var/lib/continuwuity
|
||||
- /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
|
||||
#- ./continuwuity.toml:/etc/continuwuity.toml
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.continuwuity.rule=(Host(`matrix.example.com`) || (Host(`example.com`) && PathPrefix(`/.well-known/matrix`)))"
|
||||
- "traefik.http.routers.continuwuity.entrypoints=websecure"
|
||||
- "traefik.http.routers.continuwuity.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.services.continuwuity.loadbalancer.server.port=6167"
|
||||
# Uncomment and adjust the following if you want to use middleware
|
||||
# - "traefik.http.routers.continuwuity.middlewares=secureHeaders@file"
|
||||
environment:
|
||||
CONTINUWUITY_SERVER_NAME: your.server.name.example # EDIT THIS
|
||||
CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
|
||||
CONTINUWUITY_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
|
||||
CONTINUWUITY_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
|
||||
#CONTINUWUITY_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
|
||||
CONTINUWUITY_ADDRESS: 0.0.0.0
|
||||
CONTINUWUITY_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
|
||||
CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
|
||||
#CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
|
||||
### Uncomment and change values as desired, note that Continuwuity has plenty of config options, so you should check out the example example config too
|
||||
# Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
|
||||
# CONTINUWUITY_LOG: info # default is: "warn,state_res=warn"
|
||||
# CONTINUWUITY_ALLOW_ENCRYPTION: 'true'
|
||||
# CONTINUWUITY_ALLOW_FEDERATION: 'true'
|
||||
# CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
|
||||
# CONTINUWUITY_ALLOW_INCOMING_PRESENCE: true
|
||||
# CONTINUWUITY_ALLOW_OUTGOING_PRESENCE: true
|
||||
# CONTINUWUITY_ALLOW_LOCAL_PRESENCE: true
|
||||
# CONTINUWUITY_WORKERS: 10
|
||||
# CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
|
||||
# CONTINUWUITY_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"
|
||||
|
||||
# We need some way to serve the client and server .well-known json. The simplest way is via the CONTINUWUITY_WELL_KNOWN
|
||||
# variable / config option, there are multiple ways to do this, e.g. in the continuwuity.toml file, and in a separate
|
||||
# reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included
|
||||
CONTINUWUITY_WELL_KNOWN: |
|
||||
{
|
||||
client=https://your.server.name.example,
|
||||
server=your.server.name.example:443
|
||||
}
|
||||
#cpuset: "0-4" # Uncomment to limit to specific CPU cores
|
||||
ulimits: # Continuwuity uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
|
||||
nofile:
|
||||
soft: 1048567
|
||||
hard: 1048567
|
||||
|
||||
### Uncomment if you want to use your own Element-Web App.
|
||||
### Note: You need to provide a config.json for Element and you also need a second
|
||||
### Domain or Subdomain for the communication between Element and Continuwuity
|
||||
### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
|
||||
# element-web:
|
||||
# image: vectorim/element-web:latest
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - ./element_config.json:/app/config.json
|
||||
# networks:
|
||||
# - proxy
|
||||
# depends_on:
|
||||
# - homeserver
|
||||
|
||||
traefik:
|
||||
image: "traefik:latest"
|
||||
container_name: "traefik"
|
||||
restart: "unless-stopped"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:z"
|
||||
- "acme:/etc/traefik/acme"
|
||||
#- "./traefik_config:/etc/traefik:z"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# middleware redirect
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
# global redirect to https
|
||||
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.redirs.entrypoints=web"
|
||||
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
|
||||
|
||||
configs:
|
||||
- source: dynamic.yml
|
||||
target: /etc/traefik/dynamic.yml
|
||||
|
||||
environment:
|
||||
TRAEFIK_LOG_LEVEL: DEBUG
|
||||
TRAEFIK_ENTRYPOINTS_WEB: true
|
||||
TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"
|
||||
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
|
||||
|
||||
TRAEFIK_ENTRYPOINTS_WEBSECURE: true
|
||||
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"
|
||||
TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
|
||||
#TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_MIDDLEWARES: secureHeaders@file # if you want to enabled STS
|
||||
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT: true
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: # Set this to the email you want to receive certificate expiration emails for
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_KEYTYPE: EC384
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE: true
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"
|
||||
|
||||
# Since Traefik 3.6.3, paths with certain "encoded characters" are now blocked by default; we need a couple, or else things *will* break
|
||||
TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDSLASH: true
|
||||
TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDHASH: true
|
||||
|
||||
TRAEFIK_PROVIDERS_DOCKER: true
|
||||
TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
|
||||
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
|
||||
|
||||
TRAEFIK_PROVIDERS_FILE: true
|
||||
TRAEFIK_PROVIDERS_FILE_FILENAME: "/etc/traefik/dynamic.yml"
|
||||
|
||||
configs:
|
||||
dynamic.yml:
|
||||
content: |
|
||||
# Optionally set STS headers, like in https://hstspreload.org
|
||||
# http:
|
||||
# middlewares:
|
||||
# secureHeaders:
|
||||
# headers:
|
||||
# forceSTSHeader: true
|
||||
# stsIncludeSubdomains: true
|
||||
# stsPreload: true
|
||||
# stsSeconds: 31536000
|
||||
tls:
|
||||
options:
|
||||
default:
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
minVersion: VersionTLS12
|
||||
|
||||
volumes:
|
||||
db:
|
||||
acme:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
||||
# vim: ts=2:sw=2:expandtab
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user