chore: Lockfile updates

The first part of getting admin command docs on the website.

Next is is including it in the same way we do the example config or
readme.

There's also the beginnings of manpage generation here, although it's
kinda sus and I'm not sure how it's supposed to work. I'll leave that to
anyone who wants to package it.

We introduce the beginings of the xtask pattern here - we do a lot of
file generation, I thought it would be best to avoid doing that on every
compilation. It also helps avoid lots of runtime deps.

We'll need to document generating this stuff & probably add pre-commit
hooks for it, though.

.cargo/config.toml

@@ -0,0 +1,2 @@
+[alias]
+xtask = "run --package xtask --"

.forgejo/actions/rust-toolchain/action.yml

@@ -19,11 +19,20 @@ outputs:
   rustc_version:
     description: The rustc version installed
     value: ${{ steps.rustc-version.outputs.version }}
+  rustup_version:
+    description: The rustup version installed
+    value: ${{ steps.rustup-version.outputs.version }}
 
 runs:
   using: composite
   steps:
+    - name: Check if rustup is already installed
+      shell: bash
+      id: rustup-version
+      run: |
+        echo "version=$(rustup --version)" >> $GITHUB_OUTPUT
     - name: Cache rustup toolchains
+      if: steps.rustup-version.outputs.version == ''
       uses: actions/cache@v3
       with:
         path: |
@@ -33,6 +42,7 @@ runs:
         # Requires repo to be cloned if toolchain is not specified
         key: ${{ runner.os }}-rustup-${{ inputs.toolchain || hashFiles('**/rust-toolchain.toml') }}
     - name: Install Rust toolchain
+      if: steps.rustup-version.outputs.version == ''
       shell: bash
       run: |
         if ! command -v rustup &> /dev/null ; then

.forgejo/workflows/release-image.yml

@@ -57,7 +57,6 @@ jobs:
 
   build-image:
     runs-on: dind
-    container: ghcr.io/catthehacker/ubuntu:act-latest
     needs: define-variables
     permissions:
       contents: read
@@ -181,14 +180,14 @@ jobs:
           file: "docker/Dockerfile"
           build-args: |
             GIT_COMMIT_HASH=${{ github.sha }})
-            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
+            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
             GIT_REMOTE_URL=${{github.event.repository.html_url }}
             GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          # cache-to: type=gha,mode=max
           sbom: true
           outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true
         env:
@@ -211,7 +210,6 @@ jobs:
 
   merge:
     runs-on: dind
-    container: ghcr.io/catthehacker/ubuntu:act-latest
     needs: [define-variables, build-image]
     steps:
       - name: Download digests

Cargo.lock

@@ -47,12 +47,56 @@ dependencies = [
  "alloc-no-stdlib",
 ]
 
+[[package]]
+name = "anstream"
+version = "0.6.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "301af1932e46185686725e0fad2f8f2aa7da69dd70bf6ecc44d6b703844a3933"
+dependencies = [
+ "anstyle",
+ "anstyle-parse",
+ "anstyle-query",
+ "anstyle-wincon",
+ "colorchoice",
+ "is_terminal_polyfill",
+ "utf8parse",
+]
+
 [[package]]
 name = "anstyle"
 version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
 
+[[package]]
+name = "anstyle-parse"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2"
+dependencies = [
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle-query"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c8bdeb6047d8983be085bab0ba1472e6dc604e7041dbf6fcd5e71523014fae9"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
+[[package]]
+name = "anstyle-wincon"
+version = "3.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "403f75924867bb1033c59fbf0797484329750cfbe3c4325cd33127941fabc882"
+dependencies = [
+ "anstyle",
+ "once_cell_polyfill",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "anyhow"
 version = "1.0.98"
@@ -717,14 +761,25 @@ dependencies = [
  "clap_derive",
 ]
 
+[[package]]
+name = "clap-markdown"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2a2617956a06d4885b490697b5307ebb09fec10b088afc18c81762d848c2339"
+dependencies = [
+ "clap",
+]
+
 [[package]]
 name = "clap_builder"
 version = "4.5.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "379026ff283facf611b0ea629334361c4211d1b12ee01024eec1591133b04120"
 dependencies = [
+ "anstream",
  "anstyle",
  "clap_lex",
+ "strsim",
 ]
 
 [[package]]
@@ -745,6 +800,16 @@ version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 
+[[package]]
+name = "clap_mangen"
+version = "0.2.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc33c849748320656a90832f54a5eeecaa598e92557fb5dedebc3355746d31e4"
+dependencies = [
+ "clap",
+ "roff",
+]
+
 [[package]]
 name = "cmake"
 version = "0.1.54"
@@ -760,6 +825,12 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"
 
+[[package]]
+name = "colorchoice"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75"
+
 [[package]]
 name = "concurrent-queue"
 version = "2.5.0"
@@ -794,6 +865,7 @@ dependencies = [
  "tokio-metrics",
  "tracing",
  "tracing-flame",
+ "tracing-journald",
  "tracing-opentelemetry",
  "tracing-subscriber",
 ]
@@ -2334,6 +2406,12 @@ version = "2.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"
 
+[[package]]
+name = "is_terminal_polyfill"
+version = "1.70.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
+
 [[package]]
 name = "itertools"
 version = "0.12.1"
@@ -2924,6 +3002,12 @@ dependencies = [
  "portable-atomic",
 ]
 
+[[package]]
+name = "once_cell_polyfill"
+version = "1.70.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4895175b425cb1f87721b59f0f286c2092bd4af812243672510e1ac53e2e0ad"
+
 [[package]]
 name = "openssl-probe"
 version = "0.1.6"
@@ -3692,6 +3776,12 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "roff"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3"
+
 [[package]]
 name = "ruma"
 version = "0.10.1"
@@ -4524,6 +4614,12 @@ dependencies = [
  "quote",
 ]
 
+[[package]]
+name = "strsim"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
+
 [[package]]
 name = "subslice"
 version = "0.2.3"
@@ -5067,6 +5163,17 @@ dependencies = [
  "tracing-subscriber",
 ]
 
+[[package]]
+name = "tracing-journald"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc0b4143302cf1022dac868d521e36e8b27691f72c84b3311750d5188ebba657"
+dependencies = [
+ "libc",
+ "tracing-core",
+ "tracing-subscriber",
+]
+
 [[package]]
 name = "tracing-log"
 version = "0.2.0"
@@ -5244,6 +5351,12 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
 
+[[package]]
+name = "utf8parse"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+
 [[package]]
 name = "uuid"
 version = "1.16.0"
@@ -5843,6 +5956,26 @@ dependencies = [
  "markup5ever",
 ]
 
+[[package]]
+name = "xtask"
+version = "0.5.0-rc.5"
+dependencies = [
+ "clap",
+ "serde",
+ "serde_json",
+]
+
+[[package]]
+name = "xtask-admin-command"
+version = "0.5.0-rc.5"
+dependencies = [
+ "clap-markdown",
+ "clap_builder",
+ "clap_mangen",
+ "conduwuit",
+ "conduwuit_admin",
+]
+
 [[package]]
 name = "yansi"
 version = "1.0.1"

Cargo.toml

@@ -2,7 +2,7 @@
 
 [workspace]
 resolver = "2"
-members = ["src/*"]
+members = ["src/*", "xtask/*"]
 default-members = ["src/*"]
 
 [workspace.package]
@@ -213,6 +213,8 @@ default-features = false
 version = "0.3.19"
 default-features = false
 features = ["env-filter", "std", "tracing", "tracing-log", "ansi", "fmt"]
+[workspace.dependencies.tracing-journald]
+version = "0.3.1"
 [workspace.dependencies.tracing-core]
 version = "0.1.33"
 default-features = false
@@ -381,7 +383,7 @@ features = [
     "unstable-msc4121",
     "unstable-msc4125",
     "unstable-msc4186",
-    "unstable-msc4203", # sending to-device events to appservices 
+    "unstable-msc4203", # sending to-device events to appservices
     "unstable-msc4210", # remove legacy mentions
     "unstable-extensible-events",
     "unstable-pdu",
@@ -637,6 +639,11 @@ package = "conduwuit_build_metadata"
 path = "src/build_metadata"
 default-features = false
 
+
+[workspace.dependencies.conduwuit]
+package = "conduwuit"
+path = "src/main"
+
 ###############################################################################
 #
 # Release profiles

SECURITY.md

@@ -20,10 +20,10 @@ ### Responsible Disclosure
 
 We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
 
-1. Contact members of the team over E2EE private message.
+1. **Contact members of the team directly** over E2EE private message.
    - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
    - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
-2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
+2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
 3. **Do not disclose the vulnerability publicly** until it has been addressed
 4. **Provide detailed information** about the vulnerability, including:
    - A clear description of the issue
@@ -48,7 +48,7 @@ ## Security Update Process
 
 When security vulnerabilities are identified:
 
-1. We will develop and test fixes in a private branch
+1. We will develop and test fixes in a private fork
 2. Security updates will be released as soon as possible
 3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
 4. Critical security updates may be backported to the previous stable release

arch/conduwuit.service

@@ -16,6 +16,10 @@ DeviceAllow=char-tty
 StandardInput=tty-force
 StandardOutput=tty
 StandardError=journal+console
+
+Environment="CONTINUWUITY_LOG_TO_JOURNALD=1"
+Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
+
 TTYReset=yes
 # uncomment to allow buffer to be cleared every restart
 TTYVTDisallocate=no

conduwuit-example.toml

@@ -660,6 +660,21 @@
 #
 #log_thread_ids = false
 
+# Enable journald logging on Unix platforms
+#
+# When enabled, log output will be sent to the systemd journal
+# This is only supported on Unix platforms
+#
+#log_to_journald = false
+
+# The syslog identifier to use with journald logging
+#
+# Only used when journald logging is enabled
+#
+# Defaults to the binary name
+#
+#journald_identifier =
+
 # OpenID token expiration/TTL in seconds.
 #
 # These are the OpenID tokens that are primarily used for Matrix account

debian/conduwuit.service

@@ -14,6 +14,9 @@ Type=notify
 
 Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 
+Environment="CONTINUWUITY_LOG_TO_JOURNALD=1"
+Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
+
 ExecStart=/usr/sbin/conduwuit
 
 ReadWritePaths=/var/lib/conduwuit /etc/conduwuit

src/admin/admin.rs

@@ -10,7 +10,7 @@
 
 #[derive(Debug, Parser)]
 #[command(name = "conduwuit", version = conduwuit::version())]
-pub(super) enum AdminCommand {
+pub enum AdminCommand {
 	#[command(subcommand)]
 	/// - Commands for managing appservices
 	Appservices(AppserviceCommand),

src/admin/appservice/mod.rs

@@ -7,7 +7,7 @@
 
 #[derive(Debug, Subcommand)]
 #[admin_command_dispatch]
-pub(super) enum AppserviceCommand {
+pub enum AppserviceCommand {
 	/// - Register an appservice using its registration YAML
 	///
 	/// This command needs a YAML generated by an appservice (such as a bridge),

src/admin/check/mod.rs

@@ -7,6 +7,6 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum CheckCommand {
+pub enum CheckCommand {
 	CheckAllUsers,
 }

src/admin/debug/mod.rs

@@ -11,7 +11,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum DebugCommand {
+pub enum DebugCommand {
 	/// - Echo input of admin command
 	Echo {
 		message: Vec<String>,
@@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
 		reset: bool,
 	},
 
-	/// - Verify json signatures
+	/// - Sign JSON blob
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	SignJson,
 
-	/// - Verify json signatures
+	/// - Verify JSON signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.

src/admin/debug/tester.rs

@@ -4,7 +4,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, clap::Subcommand)]
-pub(crate) enum TesterCommand {
+pub enum TesterCommand {
 	Panic,
 	Failure,
 	Tester,

src/admin/federation/mod.rs

@@ -8,7 +8,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum FederationCommand {
+pub enum FederationCommand {
 	/// - List all rooms we are currently handling an incoming pdu from
 	IncomingFederation,
 

src/admin/media/mod.rs

@@ -9,7 +9,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum MediaCommand {
+pub enum MediaCommand {
 	/// - Deletes a single media file from our database and on the filesystem
 	///   via a single MXC URL or event ID (not redacted)
 	Delete {
@@ -90,10 +90,10 @@ pub(super) enum MediaCommand {
 		#[arg(short, long, default_value("10000"))]
 		timeout: u32,
 
-		#[arg(short, long, default_value("800"))]
+		#[arg(long, default_value("800"))]
 		width: u32,
 
-		#[arg(short, long, default_value("800"))]
+		#[arg(long, default_value("800"))]
 		height: u32,
 	},
 }

src/admin/mod.rs

@@ -33,6 +33,8 @@
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}
 
+pub use crate::admin::AdminCommand;
+
 /// Install the admin command processor
 pub async fn init(admin_service: &service::admin::Service) {
 	_ = admin_service

src/admin/query/account_data.rs

@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/account_data.rs
-pub(crate) enum AccountDataCommand {
+pub enum AccountDataCommand {
 	/// - Returns all changes to the account data that happened after `since`.
 	ChangesSince {
 		/// Full user ID

src/admin/query/appservice.rs

@@ -6,7 +6,7 @@
 
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/appservice.rs
-pub(crate) enum AppserviceCommand {
+pub enum AppserviceCommand {
 	/// - Gets the appservice registration info/details from the ID as a string
 	GetRegistration {
 		/// Appservice registration ID

src/admin/query/globals.rs

@@ -6,7 +6,7 @@
 
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/globals.rs
-pub(crate) enum GlobalsCommand {
+pub enum GlobalsCommand {
 	DatabaseVersion,
 
 	CurrentCount,

src/admin/query/mod.rs

@@ -27,7 +27,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// Query tables from database
-pub(super) enum QueryCommand {
+pub enum QueryCommand {
 	/// - account_data.rs iterators and getters
 	#[command(subcommand)]
 	AccountData(AccountDataCommand),

src/admin/query/presence.rs

@@ -7,7 +7,7 @@
 
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/presence.rs
-pub(crate) enum PresenceCommand {
+pub enum PresenceCommand {
 	/// - Returns the latest presence event for the given user.
 	GetPresence {
 		/// Full user ID

src/admin/query/pusher.rs

@@ -5,7 +5,7 @@
 use crate::Context;
 
 #[derive(Debug, Subcommand)]
-pub(crate) enum PusherCommand {
+pub enum PusherCommand {
 	/// - Returns all the pushers for the user.
 	GetPushers {
 		/// Full user ID

src/admin/query/raw.rs

@@ -19,7 +19,7 @@
 #[derive(Debug, Subcommand)]
 #[allow(clippy::enum_variant_names)]
 /// Query tables from database
-pub(crate) enum RawCommand {
+pub enum RawCommand {
 	/// - List database maps
 	RawMaps,
 

src/admin/query/resolver.rs

@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// Resolver service and caches
-pub(crate) enum ResolverCommand {
+pub enum ResolverCommand {
 	/// Query the destinations cache
 	DestinationsCache {
 		server_name: Option<OwnedServerName>,

src/admin/query/room_alias.rs

@@ -7,7 +7,7 @@
 
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/rooms/alias.rs
-pub(crate) enum RoomAliasCommand {
+pub enum RoomAliasCommand {
 	ResolveLocalAlias {
 		/// Full room alias
 		alias: OwnedRoomAliasId,

src/admin/query/room_state_cache.rs

@@ -6,7 +6,7 @@
 use crate::Context;
 
 #[derive(Debug, Subcommand)]
-pub(crate) enum RoomStateCacheCommand {
+pub enum RoomStateCacheCommand {
 	ServerInRoom {
 		server: OwnedServerName,
 		room_id: OwnedRoomId,

src/admin/query/room_timeline.rs

@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// Query tables from database
-pub(crate) enum RoomTimelineCommand {
+pub enum RoomTimelineCommand {
 	Pdus {
 		room_id: OwnedRoomOrAliasId,
 

src/admin/query/sending.rs

@@ -8,7 +8,7 @@
 
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/sending.rs
-pub(crate) enum SendingCommand {
+pub enum SendingCommand {
 	/// - Queries database for all `servercurrentevent_data`
 	ActiveRequests,
 

src/admin/query/short.rs

@@ -7,7 +7,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// Query tables from database
-pub(crate) enum ShortCommand {
+pub enum ShortCommand {
 	ShortEventId {
 		event_id: OwnedEventId,
 	},

src/admin/query/users.rs

@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/users.rs
-pub(crate) enum UsersCommand {
+pub enum UsersCommand {
 	CountUsers,
 
 	IterUsers,

src/admin/room/alias.rs

@@ -8,7 +8,7 @@
 use crate::Context;
 
 #[derive(Debug, Subcommand)]
-pub(crate) enum RoomAliasCommand {
+pub enum RoomAliasCommand {
 	/// - Make an alias point to a room.
 	Set {
 		#[arg(short, long)]

src/admin/room/directory.rs

@@ -6,7 +6,7 @@
 use crate::{Context, PAGE_SIZE, get_room_info};
 
 #[derive(Debug, Subcommand)]
-pub(crate) enum RoomDirectoryCommand {
+pub enum RoomDirectoryCommand {
 	/// - Publish a room to the room directory
 	Publish {
 		/// The room id of the room to publish

src/admin/room/info.rs

@@ -7,7 +7,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(crate) enum RoomInfoCommand {
+pub enum RoomInfoCommand {
 	/// - List joined members in a room
 	ListJoinedMembers {
 		room_id: OwnedRoomId,

src/admin/room/mod.rs

@@ -16,7 +16,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum RoomCommand {
+pub enum RoomCommand {
 	/// - List all rooms the server knows about
 	#[clap(alias = "list")]
 	ListRooms {

src/admin/room/moderation.rs

@@ -12,7 +12,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(crate) enum RoomModerationCommand {
+pub enum RoomModerationCommand {
 	/// - Bans a room from local users joining and evicts all our local users
 	///   (including server
 	/// admins)

src/admin/server/mod.rs

@@ -9,7 +9,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum ServerCommand {
+pub enum ServerCommand {
 	/// - Time elapsed since startup
 	Uptime,
 

src/admin/user/mod.rs

@@ -8,7 +8,7 @@
 
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
-pub(super) enum UserCommand {
+pub enum UserCommand {
 	/// - Create a new user
 	#[clap(alias = "create")]
 	CreateUser {

src/api/client/membership.rs

@@ -1243,7 +1243,6 @@ async fn join_room_by_id_helper_remote(
 		services.rooms.timeline.get_pdu(event_id).await.ok()
 	};
 
-	debug!("running stateres check on send_join parsed PDU");
 	let auth_check = state_res::event_auth::auth_check(
 		&state_res::RoomVersion::new(&room_version_id)?,
 		&parsed_join_pdu,
@@ -2163,6 +2162,109 @@ async fn knock_room_by_id_helper(
 		}
 	}
 
+	// For knock_restricted rooms, check if the user meets the restricted conditions
+	// If they do, attempt to join instead of knock
+	// This is not mentioned in the spec, but should be allowable (we're allowed to
+	// auto-join invites to knocked rooms)
+	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
+	if let JoinRule::KnockRestricted(restricted) = &join_rule {
+		let restriction_rooms: Vec<_> = restricted
+			.allow
+			.iter()
+			.filter_map(|a| match a {
+				| AllowRule::RoomMembership(r) => Some(&r.room_id),
+				| _ => None,
+			})
+			.collect();
+
+		// Check if the user is in any of the allowed rooms
+		let mut user_meets_restrictions = false;
+		for restriction_room_id in &restriction_rooms {
+			if services
+				.rooms
+				.state_cache
+				.is_joined(sender_user, restriction_room_id)
+				.await
+			{
+				user_meets_restrictions = true;
+				break;
+			}
+		}
+
+		// If the user meets the restrictions, try joining instead
+		if user_meets_restrictions {
+			debug_info!(
+				"{sender_user} meets the restricted criteria in knock_restricted room \
+				 {room_id}, attempting to join instead of knock"
+			);
+			// For this case, we need to drop the state lock and get a new one in
+			// join_room_by_id_helper We need to release the lock here and let
+			// join_room_by_id_helper acquire it again
+			drop(state_lock);
+			match join_room_by_id_helper(
+				services,
+				sender_user,
+				room_id,
+				reason.clone(),
+				servers,
+				None,
+				&None,
+			)
+			.await
+			{
+				| Ok(_) => return Ok(knock_room::v3::Response::new(room_id.to_owned())),
+				| Err(e) => {
+					debug_warn!(
+						"Failed to convert knock to join for {sender_user} in {room_id}: {e:?}"
+					);
+					// Get a new state lock for the remaining knock logic
+					let new_state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+					let server_in_room = services
+						.rooms
+						.state_cache
+						.server_in_room(services.globals.server_name(), room_id)
+						.await;
+
+					let local_knock = server_in_room
+						|| servers.is_empty()
+						|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
+
+					if local_knock {
+						knock_room_helper_local(
+							services,
+							sender_user,
+							room_id,
+							reason,
+							servers,
+							new_state_lock,
+						)
+						.boxed()
+						.await?;
+					} else {
+						knock_room_helper_remote(
+							services,
+							sender_user,
+							room_id,
+							reason,
+							servers,
+							new_state_lock,
+						)
+						.boxed()
+						.await?;
+					}
+
+					return Ok(knock_room::v3::Response::new(room_id.to_owned()));
+				},
+			}
+		}
+	} else if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
+		debug_warn!(
+			"{sender_user} attempted to knock on room {room_id} but its join rule is \
+			 {join_rule:?}, not knock or knock_restricted"
+		);
+	}
+
 	let server_in_room = services
 		.rooms
 		.state_cache
@@ -2210,6 +2312,12 @@ async fn knock_room_helper_local(
 		return Err!(Request(Forbidden("This room does not support knocking.")));
 	}
 
+	// Verify that this room has a valid knock or knock_restricted join rule
+	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
+	if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
+		return Err!(Request(Forbidden("This room's join rule does not allow knocking.")));
+	}
+
 	let content = RoomMemberEventContent {
 		displayname: services.users.displayname(sender_user).await.ok(),
 		avatar_url: services.users.avatar_url(sender_user).await.ok(),

src/build_metadata/build.rs

@@ -79,12 +79,12 @@ fn main() {
 
 	// --- Rerun Triggers ---
 	// TODO: The git rerun triggers seem to always run
-	// Rerun if the git HEAD changes
-	println!("cargo:rerun-if-changed=.git/HEAD");
-	// Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
-	if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"]) {
-		println!("cargo:rerun-if-changed=.git/{ref_path}");
-	}
+	// // Rerun if the git HEAD changes
+	// println!("cargo:rerun-if-changed=.git/HEAD");
+	// // Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
+	// if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"])
+	// { 	println!("cargo:rerun-if-changed=.git/{ref_path}");
+	// }
 
 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH");
 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH_SHORT");

src/core/config/check.rs

@@ -219,6 +219,15 @@ pub fn check(config: &Config) -> Result {
 		));
 	}
 
+	// Check if support contact information is configured
+	if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
+		warn!(
+			"No support contact information (support_email or support_mxid) is configured in \
+			 the well_known section. Users in the admin room will be automatically listed as \
+			 support contacts in the /.well-known/matrix/support endpoint."
+		);
+	}
+
 	if config
 		.url_preview_domain_contains_allowlist
 		.contains(&"*".to_owned())

src/core/config/mod.rs

@@ -795,6 +795,24 @@ pub struct Config {
 	#[serde(default)]
 	pub log_thread_ids: bool,
 
+	/// Enable journald logging on Unix platforms
+	///
+	/// When enabled, log output will be sent to the systemd journal
+	/// This is only supported on Unix platforms
+	///
+	/// default: false
+	#[cfg(target_family = "unix")]
+	#[serde(default)]
+	pub log_to_journald: bool,
+
+	/// The syslog identifier to use with journald logging
+	///
+	/// Only used when journald logging is enabled
+	///
+	/// Defaults to the binary name
+	#[cfg(target_family = "unix")]
+	pub journald_identifier: Option<String>,
+
 	/// OpenID token expiration/TTL in seconds.
 	///
 	/// These are the OpenID tokens that are primarily used for Matrix account

src/core/matrix/state_res/event_auth.rs

@@ -13,7 +13,6 @@
 		power_levels::RoomPowerLevelsEventContent,
 		third_party_invite::RoomThirdPartyInviteEventContent,
 	},
-	EventId,
 	int,
 	serde::{Base64, Raw},
 };
@@ -22,6 +21,7 @@
 	de::{Error as _, IgnoredAny},
 };
 use serde_json::{from_str as from_json_str, value::RawValue as RawJsonValue};
+
 use super::{
 	Error, Event, Result, StateEventType, StateKey, TimelineEventType,
 	power_levels::{
@@ -217,9 +217,8 @@ struct RoomCreateContentFields {
 	}
 
 	/*
-	// TODO: In the past this code was commented as it caused problems with Synapse. This is no
-	// longer the case. This needs to be implemented.
-	// See also: https://github.com/ruma/ruma/pull/2064
+	// TODO: In the past this code caused problems federating with synapse, maybe this has been
+	// resolved already. Needs testing.
 	//
 	// 2. Reject if auth_events
 	// a. auth_events cannot have duplicate keys since it's a BTree
@@ -251,33 +250,11 @@ struct RoomCreateContentFields {
 
 	let room_create_event = match room_create_event {
 		| None => {
-			error!(
-				create_event = room_create_event.as_ref().map(Event::event_id).unwrap_or(<&EventId>::try_from("$unknown").unwrap()).as_str(),
-				power_levels = power_levels_event.as_ref().map(Event::event_id).unwrap_or(<&EventId>::try_from("$unknown").unwrap()).as_str(),
-				member_event = sender_member_event.as_ref().map(Event::event_id).unwrap_or(<&EventId>::try_from("$unknown").unwrap()).as_str(),
-				"no m.room.create event found for {} ({})!",
-				incoming_event.event_id().as_str(),
-				incoming_event.room_id().as_str()
-			);
+			warn!("no m.room.create event in auth chain");
 			return Ok(false);
 		},
 		| Some(e) => e,
 	};
-	// just re-check 1.2 to work around a bug
-	let Some(room_id_server_name) = incoming_event.room_id().server_name() else {
-		warn!("room ID has no servername");
-		return Ok(false);
-	};
-
-	if room_id_server_name != room_create_event.sender().server_name() {
-		warn!(
-			"servername of room ID origin ({}) does not match servername of m.room.create \
-			 sender ({})",
-			room_id_server_name,
-			room_create_event.sender().server_name()
-		);
-		return Ok(false);
-	}
 
 	// 3. If event does not have m.room.create in auth_events reject
 	if !incoming_event
@@ -661,7 +638,7 @@ struct GetThirdPartyInvite {
 				warn!(?target_user_membership_event_id, "Banned user can't join");
 				false
 			} else if (join_rules == JoinRule::Invite
-                    || room_version.allow_knocking && join_rules == JoinRule::Knock)
+                    || room_version.allow_knocking && (join_rules == JoinRule::Knock || matches!(join_rules, JoinRule::KnockRestricted(_))))
                 // If the join_rule is invite then allow if membership state is invite or join
                     && (target_user_current_membership == MembershipState::Join
                         || target_user_current_membership == MembershipState::Invite)

src/core/matrix/state_res/mod.rs

@@ -609,7 +609,7 @@ async fn iterative_auth_check<'a, E, F, Fut, S>(
 		let fetch_state = |ty: &StateEventType, key: &str| {
 			future::ready(auth_state.get(&ty.with_state_key(key)))
 		};
-		debug!("running auth check on {:?}", event.event_id());
+
 		let auth_result =
 			auth_check(room_version, &event, current_third_party.as_ref(), fetch_state).await;
 
@@ -726,12 +726,8 @@ async fn get_mainline_depth<E, F, Fut>(
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
 {
-	let mut room_id = None;
 	while let Some(sort_ev) = event {
-		trace!(event_id = sort_ev.event_id().as_str(), "mainline");
-		if room_id.is_none() {
-			room_id = Some(sort_ev.room_id().to_owned());
-		}
+		debug!(event_id = sort_ev.event_id().as_str(), "mainline");
 
 		let id = sort_ev.event_id();
 		if let Some(depth) = mainline_map.get(id) {
@@ -750,7 +746,7 @@ async fn get_mainline_depth<E, F, Fut>(
 			}
 		}
 	}
-	warn!("could not find a power event in the mainline map for {room_id:?}, defaulting to zero depth");
+	// Did not find a power level event so we default to zero
 	Ok(0)
 }
 

src/core/mod.rs

@@ -21,7 +21,10 @@
 pub use ::tracing;
 pub use config::Config;
 pub use error::Error;
-pub use info::{rustc_flags_capture, version, version::version};
+pub use info::{
+	rustc_flags_capture, version,
+	version::{name, version},
+};
 pub use matrix::{Event, EventTypeExt, PduCount, PduEvent, PduId, RoomVersion, pdu, state_res};
 pub use server::Server;
 pub use utils::{ctor, dtor, implement, result, result::Result};

src/main/Cargo.toml

@@ -43,6 +43,7 @@ default = [
 	"io_uring",
 	"jemalloc",
 	"jemalloc_conf",
+	"journald",
 	"media_thumbnail",
 	"release_max_log_level",
 	"systemd",
@@ -130,6 +131,11 @@ sentry_telemetry = [
 systemd = [
 	"conduwuit-router/systemd",
 ]
+journald = [ # This is a stub on non-unix platforms
+	"dep:tracing-journald",
+]
+
+
 # enable the tokio_console server ncompatible with release_max_log_level
 tokio_console = [
 	"dep:console-subscriber",
@@ -183,6 +189,7 @@ tracing-opentelemetry.optional = true
 tracing-opentelemetry.workspace = true
 tracing-subscriber.workspace = true
 tracing.workspace = true
+tracing-journald = { workspace = true, optional = true }
 
 [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies]
 hardened_malloc-rs.workspace = true

src/main/clap.rs

@@ -15,7 +15,7 @@
 #[clap(
 	about,
 	long_about = None,
-	name = "conduwuit",
+	name = conduwuit_core::name(),
 	version = conduwuit_core::version(),
 )]
 pub(crate) struct Args {

src/main/logging.rs

@@ -43,6 +43,16 @@ pub(crate) fn init(
 		.with(console_layer.with_filter(console_reload_filter))
 		.with(cap_layer);
 
+	// If journald logging is enabled on Unix platforms, create a separate
+	// subscriber for it
+	#[cfg(all(target_family = "unix", feature = "journald"))]
+	if config.log_to_journald {
+		println!("Initialising journald logging");
+		if let Err(e) = init_journald_logging(config) {
+			eprintln!("Failed to initialize journald logging: {e}");
+		}
+	}
+
 	#[cfg(feature = "sentry_telemetry")]
 	let subscriber = {
 		let sentry_filter = EnvFilter::try_new(&config.sentry_filter)
@@ -122,6 +132,28 @@ pub(crate) fn init(
 	Ok(ret)
 }
 
+#[cfg(all(target_family = "unix", feature = "journald"))]
+fn init_journald_logging(config: &Config) -> Result<()> {
+	use tracing_journald::Layer as JournaldLayer;
+
+	let journald_filter =
+		EnvFilter::try_new(&config.log).map_err(|e| err!(Config("log", "{e}.")))?;
+
+	let mut journald_layer = JournaldLayer::new()
+		.map_err(|e| err!(Config("journald", "Failed to initialize journald layer: {e}.")))?;
+
+	if let Some(ref identifier) = config.journald_identifier {
+		journald_layer = journald_layer.with_syslog_identifier(identifier.to_owned());
+	}
+
+	let journald_subscriber =
+		Registry::default().with(journald_layer.with_filter(journald_filter));
+
+	let _guard = tracing::subscriber::set_default(journald_subscriber);
+
+	Ok(())
+}
+
 fn tokio_console_enabled(config: &Config) -> (bool, &'static str) {
 	if !cfg!(all(feature = "tokio_console", tokio_unstable)) {
 		return (false, "");
@@ -141,7 +173,10 @@ fn tokio_console_enabled(config: &Config) -> (bool, &'static str) {
 	(true, "")
 }
 
-fn set_global_default<S: SubscriberExt + Send + Sync>(subscriber: S) {
+fn set_global_default<S>(subscriber: S)
+where
+	S: tracing::Subscriber + Send + Sync + 'static,
+{
 	tracing::subscriber::set_global_default(subscriber)
 		.expect("the global default tracing subscriber failed to be initialized");
 }

src/service/rooms/event_handler/handle_outlier_pdu.rs

@@ -76,7 +76,7 @@ pub(super) async fn handle_outlier_pdu<'a>(
 		// 5. Reject "due to auth events" if can't get all the auth events or some of
 		//    the auth events are also rejected "due to auth events"
 		// NOTE: Step 5 is not applied anymore because it failed too often
-		debug!("Fetching auth events for {}", incoming_pdu.event_id);
+		debug!("Fetching auth events");
 		Box::pin(self.fetch_and_handle_outliers(
 			origin,
 			&incoming_pdu.auth_events,
@@ -88,12 +88,12 @@ pub(super) async fn handle_outlier_pdu<'a>(
 
 	// 6. Reject "due to auth events" if the event doesn't pass auth based on the
 	//    auth events
-	debug!("Checking {} based on auth events", incoming_pdu.event_id);
+	debug!("Checking based on auth events");
 	// Build map of auth events
 	let mut auth_events = HashMap::with_capacity(incoming_pdu.auth_events.len());
 	for id in &incoming_pdu.auth_events {
 		let Ok(auth_event) = self.services.timeline.get_pdu(id).await else {
-			warn!("Could not find auth event {id} for {}", incoming_pdu.event_id);
+			warn!("Could not find auth event {id}");
 			continue;
 		};
 
@@ -119,7 +119,10 @@ pub(super) async fn handle_outlier_pdu<'a>(
 	}
 
 	// The original create event must be in the auth events
-	if !auth_events.contains_key(&(StateEventType::RoomCreate, String::new().into())) {
+	if !matches!(
+		auth_events.get(&(StateEventType::RoomCreate, String::new().into())),
+		Some(_) | None
+	) {
 		return Err!(Request(InvalidParam("Incoming event refers to wrong create event.")));
 	}
 
@@ -128,7 +131,6 @@ pub(super) async fn handle_outlier_pdu<'a>(
 		ready(auth_events.get(&key))
 	};
 
-	debug!("running auth check to handle outlier pdu {:?}", incoming_pdu.event_id);
 	let auth_check = state_res::event_auth::auth_check(
 		&to_room_version(&room_version_id),
 		&incoming_pdu,

src/service/rooms/event_handler/upgrade_outlier_pdu.rs

@@ -1,6 +1,12 @@
 use std::{borrow::Borrow, collections::BTreeMap, iter::once, sync::Arc, time::Instant};
 
-use conduwuit::{Err, Result, debug, debug_info, err, implement, matrix::{EventTypeExt, PduEvent, StateKey, state_res}, trace, utils::stream::{BroadbandExt, ReadyExt}, warn, info};
+use conduwuit::{
+	Err, Result, debug, debug_info, err, implement,
+	matrix::{EventTypeExt, PduEvent, StateKey, state_res},
+	trace,
+	utils::stream::{BroadbandExt, ReadyExt},
+	warn,
+};
 use futures::{FutureExt, StreamExt, future::ready};
 use ruma::{CanonicalJsonValue, RoomId, ServerName, events::StateEventType};
 
@@ -38,7 +44,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 		return Err!(Request(InvalidParam("Event has been soft failed")));
 	}
 
-	debug!("Upgrading pdu {} from outlier to timeline pdu", incoming_pdu.event_id);
+	debug!("Upgrading to timeline pdu");
 	let timer = Instant::now();
 	let room_version_id = get_room_version_id(create_event)?;
 
@@ -46,7 +52,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 	//     backwards extremities doing all the checks in this list starting at 1.
 	//     These are not timeline events.
 
-	debug!("Resolving state at event {}", incoming_pdu.event_id);
+	debug!("Resolving state at event");
 	let mut state_at_incoming_event = if incoming_pdu.prev_events.len() == 1 {
 		self.state_at_incoming_degree_one(&incoming_pdu).await?
 	} else {
@@ -64,7 +70,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 		state_at_incoming_event.expect("we always set this to some above");
 	let room_version = to_room_version(&room_version_id);
 
-	debug!("Performing auth check to upgrade {}", incoming_pdu.event_id);
+	debug!("Performing auth check");
 	// 11. Check the auth of the event passes based on the state of the event
 	let state_fetch_state = &state_at_incoming_event;
 	let state_fetch = |k: StateEventType, s: StateKey| async move {
@@ -74,7 +80,6 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 		self.services.timeline.get_pdu(event_id).await.ok()
 	};
 
-	debug!("running auth check on {}", incoming_pdu.event_id);
 	let auth_check = state_res::event_auth::auth_check(
 		&room_version,
 		&incoming_pdu,
@@ -88,7 +93,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 		return Err!(Request(Forbidden("Event has failed auth check with state at the event.")));
 	}
 
-	debug!("Gathering auth events for {}", incoming_pdu.event_id);
+	debug!("Gathering auth events");
 	let auth_events = self
 		.services
 		.state
@@ -106,7 +111,6 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 		ready(auth_events.get(&key).cloned())
 	};
 
-	debug!("running auth check on {} with claimed state auth", incoming_pdu.event_id);
 	let auth_check = state_res::event_auth::auth_check(
 		&room_version,
 		&incoming_pdu,
@@ -117,7 +121,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 	.map_err(|e| err!(Request(Forbidden("Auth check failed: {e:?}"))))?;
 
 	// Soft fail check before doing state res
-	debug!("Performing soft-fail check on {}", incoming_pdu.event_id);
+	debug!("Performing soft-fail check");
 	let soft_fail = match (auth_check, incoming_pdu.redacts_id(&room_version_id)) {
 		| (false, _) => true,
 		| (true, None) => false,
@@ -214,8 +218,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu(
 	// 14. Check if the event passes auth based on the "current state" of the room,
 	//     if not soft fail it
 	if soft_fail {
-		info!("Soft failing event {}", incoming_pdu.event_id);
-		assert!(extremities.is_empty(), "soft_fail extremities empty");
+		debug!("Soft failing event");
 		let extremities = extremities.iter().map(Borrow::borrow);
 
 		self.services

src/service/rooms/timeline/mod.rs

@@ -698,20 +698,6 @@ pub async fn create_hash_and_sign_event(
 			.await
 			.saturating_add(uint!(1));
 
-		if state_key.is_none() {
-			if prev_events.is_empty() {
-				warn!("Timeline event had zero prev_events, something broke.");
-				return Err!(Request(Unknown("Timeline event had zero prev_events.")));
-			}
-			if depth.le(&uint!(2)) {
-				warn!(
-					"Had unsafe depth of {depth} in {room_id} when creating non-state event. \
-					 Bad!"
-				);
-				return Err!(Request(Unknown("Unsafe depth for non-state event.")));
-			}
-		};
-
 		let mut unsigned = unsigned.unwrap_or_default();
 
 		if let Some(state_key) = &state_key {
@@ -771,7 +757,6 @@ pub async fn create_hash_and_sign_event(
 			ready(auth_events.get(&key))
 		};
 
-		debug!("running auth check on new {} event by {} in {}", pdu.kind, pdu.sender, pdu.room_id);
 		let auth_check = state_res::auth_check(
 			&room_version,
 			&pdu,
@@ -976,9 +961,8 @@ pub async fn append_incoming_pdu<'a, Leaves>(
 		state_lock: &'a RoomMutexGuard,
 	) -> Result<Option<RawPduId>>
 	where
-		Leaves: Iterator<Item = &'a EventId> + Send + Clone + 'a,
+		Leaves: Iterator<Item = &'a EventId> + Send + 'a,
 	{
-		assert!(new_room_leaves.clone().count() > 0, "extremities are empty");
 		// We append to state before appending the pdu, so we don't have a moment in
 		// time with the pdu without it's state. This is okay because append_pdu can't
 		// fail.
@@ -1158,7 +1142,7 @@ pub async fn backfill_if_required(&self, room_id: &RoomId, from: PduCount) -> Re
 			.boxed();
 
 		while let Some(ref backfill_server) = servers.next().await {
-			info!("Asking {backfill_server} for backfill in {:?}", room_id.to_owned());
+			info!("Asking {backfill_server} for backfill");
 			let response = self
 				.services
 				.sending
@@ -1186,7 +1170,7 @@ pub async fn backfill_if_required(&self, room_id: &RoomId, from: PduCount) -> Re
 			}
 		}
 
-		warn!("No servers could backfill, but backfill was needed in room {room_id}");
+		info!("No servers could backfill, but backfill was needed in room {room_id}");
 		Ok(())
 	}
 

xtask/generate-admin-command/Cargo.toml

@@ -0,0 +1,26 @@
+[package]
+name = "xtask-admin-command"
+authors.workspace = true
+categories.workspace = true
+description.workspace = true
+edition.workspace = true
+homepage.workspace = true
+keywords.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[dependencies]
+clap-markdown = "0.1.5"
+clap_builder = { version = "4.5.38", default-features = false }
+clap_mangen = "0.2"
+
+conduwuit-admin.workspace = true
+
+# Hack to prevent rebuilds
+conduwuit.workspace = true
+
+[lints]
+workspace = true

xtask/generate-admin-command/src/main.rs

@@ -0,0 +1,58 @@
+use std::{
+	fs::{self, File},
+	io,
+	path::Path,
+};
+
+use clap_builder::{Command, CommandFactory};
+use conduwuit_admin::AdminCommand;
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+	let mut args = std::env::args().skip(1);
+	let task = args.next();
+	match task {
+		| None => todo!(),
+		| Some(t) => match t.as_str() {
+			| "man" => {
+				let dir = Path::new("./admin-man");
+				gen_manpages(dir)?;
+			},
+			| "md" => {
+				let command = AdminCommand::command().name("admin");
+
+				let res = clap_markdown::help_markdown_command_custom(
+					&command,
+					&clap_markdown::MarkdownOptions::default(),
+				);
+
+				println!("{res}");
+			},
+			| invalid => return Err(format!("Invalid task name: {invalid}").into()),
+		},
+	}
+	Ok(())
+}
+
+fn gen_manpages(dir: &Path) -> Result<(), io::Error> {
+	fn r#gen(dir: &Path, c: &Command, prefix: Option<&str>) -> Result<(), io::Error> {
+		fs::create_dir_all(dir)?;
+		let sub_name = c.get_display_name().unwrap_or_else(|| c.get_name());
+		let name = if let Some(prefix) = prefix {
+			format!("{prefix}-{sub_name}")
+		} else {
+			sub_name.to_owned()
+		};
+
+		let mut out = File::create(dir.join(format!("{name}.1")))?;
+		let clap_mangen = clap_mangen::Man::new(c.to_owned().disable_help_flag(true));
+		clap_mangen.render(&mut out)?;
+
+		for sub in c.get_subcommands() {
+			r#gen(&dir.join(sub_name), sub, Some(&name))?;
+		}
+
+		Ok(())
+	}
+
+	r#gen(dir, &AdminCommand::command().name("admin"), None)
+}

xtask/main/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "xtask"
+authors.workspace = true
+categories.workspace = true
+description.workspace = true
+edition.workspace = true
+homepage.workspace = true
+keywords.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[dependencies]
+clap.workspace = true
+# Required for working with JSON output from cargo metadata
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+
+[lints]
+workspace = true

xtask/main/src/main.rs

@@ -0,0 +1,11 @@
+use std::{env, process::Command};
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+	let mut child = Command::new("cargo").args(["run", "--package", "xtask-admin-command", "--"].into_iter().map(ToOwned::to_owned).chain(env::args().skip(2)))
+    // .stdout(Stdio::piped())
+    // .stderr(Stdio::piped())
+    .spawn()
+    .expect("failed to execute child");
+	child.wait()?;
+	Ok(())
+}