feat(ci): Add Fedora RPM package build workflow

Build and publish RPM packages for Fedora using rpkg and official
rust-packaging macros. Packages are automatically signed by Forgejo's
built-in package registry (introduced in v9.0).

Publishes packages to organised groups:
- continuwuity (binary): base group (stable/dev/branch-name)
- continuwuity-debuginfo: GROUP-debug
- continuwuity (source RPM): GROUP-src

Workflow triggers on pushes to relevant paths and version tags (v*).
Tagged releases use clean version numbers (v1.2.3 becomes 1.2.3-1)
while branch builds use sanitised branch name versioning.

Uses dnf builddep to install build dependencies directly from the
generated SRPM, ensuring consistency between CI and spec file without
duplication. This also prevents hiding packaging issues that could
occur with --nodeps fallbacks.

.forgejo/workflows/build-fedora.yml

@@ -11,7 +11,7 @@ on:
     tags:
       - 'v*'
     paths:
-      - 'fedora/**'
+      - 'pkg/fedora/**'
       - 'src/**'
       - 'Cargo.toml'
       - 'Cargo.lock'
@@ -41,7 +41,7 @@ jobs:
           path: |
             /var/cache/dnf
             /var/cache/yum
-          key: dnf-fedora${{ steps.fedora.outputs.version }}-${{ hashFiles('fedora/continuwuity.spec.rpkg') }}-v1
+          key: dnf-fedora${{ steps.fedora.outputs.version }}-${{ hashFiles('pkg/fedora/continuwuity.spec.rpkg') }}-v1
           restore-keys: |
             dnf-fedora${{ steps.fedora.outputs.version }}-
 
@@ -114,14 +114,14 @@ jobs:
             # Create spec file with tag version
             sed -e "s/^Version:.*$/Version:        $TAG_VERSION/" \
                 -e "s/^Release:.*$/Release:        1%{?dist}/" \
-                fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+                pkg/fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           elif [ "${{ github.ref_name }}" = "main" ]; then
             # Main branch gets .dev suffix
             RELEASE_SUFFIX=".dev"
 
             # Replace the Release line to include our suffix
             sed "s/^Release:.*$/Release:        1${RELEASE_SUFFIX}%{?dist}/" \
-              fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+              pkg/fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           else
             # Other branches get sanitized branch name as suffix
             SAFE_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9]/_/g' | cut -c1-20)
@@ -129,32 +129,13 @@ jobs:
 
             # Replace the Release line to include our suffix
             sed "s/^Release:.*$/Release:        1${RELEASE_SUFFIX}%{?dist}/" \
-              fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+              pkg/fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           fi
 
           rpkg srpm --outdir "$HOME/rpmbuild/SRPMS"
 
           ls -la $HOME/rpmbuild/SRPMS/
 
-      - name: Setup GPG for RPM signing
-        run: |
-          # Skip if no signing key is configured
-          if [ -z "${{ secrets.RPM_SIGNING_KEY }}" ]; then
-            echo "No RPM signing key configured - skipping signing setup"
-            exit 0
-          fi
-
-          echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
-
-          # Get the key ID (look for the sec line, not the uid line)
-          KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep "^sec" | head -1 | awk '{print $2}' | cut -d'/' -f2)
-          echo "Using GPG key: $KEY_ID"
-
-          cat > ~/.rpmmacros << EOF
-          %_signature gpg
-          %_gpg_name $KEY_ID
-          %__gpg /usr/bin/gpg
-          EOF
 
       - name: Install build dependencies from SRPM
         run: |
@@ -184,62 +165,6 @@ jobs:
             --define "_sourcedir $GITHUB_WORKSPACE" \
             --nocheck  # Skip %check section to avoid test dependencies
 
-      - name: Sign RPM packages
-        run: |
-          # Skip if no signing key is configured
-          if [ -z "${{ secrets.RPM_SIGNING_KEY }}" ]; then
-            echo "No RPM signing key configured - skipping package signing"
-            exit 0
-          fi
-
-          # Export GPG_TTY to avoid terminal warnings
-          export GPG_TTY=/dev/null
-
-          for rpm in $(find "$HOME/rpmbuild" -name "*.rpm" -type f); do
-            echo "Signing: $(basename $rpm)"
-
-            # Use expect or provide empty passphrase via stdin for batch signing
-            if ! echo "" | rpmsign --addsign "$rpm" 2>&1; then
-              echo "ERROR: Failed to sign $rpm"
-              exit 1
-            fi
-          done
-
-          echo "Successfully signed all RPMs"
-
-      - name: Verify RPM signatures
-        run: |
-          # Skip if no signing key is configured
-          if [ -z "${{ secrets.RPM_SIGNING_KEY }}" ]; then
-            echo "No RPM signing key configured - skipping signature verification"
-            exit 0
-          fi
-
-          echo "Importing GPG public key for verification..."
-          rpm --import fedora/RPM-GPG-KEY-continuwuity.asc
-
-          FAILED_COUNT=0
-          TOTAL_COUNT=0
-
-          for rpm in $(find "$HOME/rpmbuild" -name "*.rpm" -type f); do
-            echo -n "Verifying $(basename $rpm): "
-            TOTAL_COUNT=$((TOTAL_COUNT + 1))
-
-            if rpm --checksig "$rpm"; then
-              echo " ✓"
-            else
-              echo " ✗ FAILED"
-              FAILED_COUNT=$((FAILED_COUNT + 1))
-            fi
-          done
-
-          # Fail if any RPMs failed verification
-          if [ "$FAILED_COUNT" -gt 0 ]; then
-            echo "ERROR: $FAILED_COUNT out of $TOTAL_COUNT RPMs failed signature verification"
-            exit 1
-          fi
-
-          echo "Successfully verified all $TOTAL_COUNT RPM signatures"
 
       - name: Test RPM installation
         run: |

.forgejo/workflows/prek-checks.yml

@@ -1,7 +1,11 @@
 name: Checks / Prek
 
 on:
+  pull_request:
   push:
+    branches:
+      - main
+  workflow_dispatch:
 
 permissions:
   contents: read

.forgejo/workflows/release-image.yml

@@ -3,14 +3,26 @@ concurrency:
   group: "release-image-${{ github.ref }}"
 
 on:
-  push:
+  pull_request:
     paths-ignore:
       - "*.md"
       - "**/*.md"
       - ".gitlab-ci.yml"
       - ".gitignore"
       - "renovate.json"
-      - "debian/**"
+      - "pkg/**"
+      - "docker/**"
+      - "docs/**"
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "*.md"
+      - "**/*.md"
+      - ".gitlab-ci.yml"
+      - ".gitignore"
+      - "renovate.json"
+      - "pkg/**"
       - "docker/**"
       - "docs/**"
   # Allows you to run this workflow manually from the Actions tab
@@ -93,6 +105,10 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
+          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
+          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
@@ -250,6 +266,10 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
+          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
+          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
 
       - name: Extract metadata (tags) for Docker
         id: meta

Cargo.toml

@@ -48,15 +48,15 @@ features = ["ffi", "std", "union"]
 version = "0.6.2"
 
 [workspace.dependencies.ctor]
-version = "0.2.9"
+version = "0.5.0"
 
 [workspace.dependencies.cargo_toml]
-version = "0.21"
+version = "0.22"
 default-features = false
 features = ["features"]
 
 [workspace.dependencies.toml]
-version = "0.8.14"
+version = "0.9.5"
 default-features = false
 features = ["parse"]
 
@@ -411,25 +411,28 @@ default-features = false
 
 # optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
 [workspace.dependencies.opentelemetry]
-version = "0.21.0"
+version = "0.30.0"
 
 [workspace.dependencies.tracing-flame]
 version = "0.2.0"
 
 [workspace.dependencies.tracing-opentelemetry]
-version = "0.22.0"
+version = "0.31.0"
 
 [workspace.dependencies.opentelemetry_sdk]
-version = "0.21.2"
+version = "0.30.0"
 features = ["rt-tokio"]
 
-[workspace.dependencies.opentelemetry-jaeger]
+[workspace.dependencies.opentelemetry-otlp]
-version = "0.20.0"
+version = "0.30.0"
-features = ["rt-tokio"]
+features = ["http", "trace", "logs", "metrics"]
+
+[workspace.dependencies.opentelemetry-jaeger-propagator]
+version = "0.30.0"
 
 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.37.0"
+version = "0.42.0"
 default-features = false
 features = [
     "backtrace",
@@ -445,9 +448,9 @@ features = [
 ]
 
 [workspace.dependencies.sentry-tracing]
-version = "0.37.0"
+version = "0.42.0"
 [workspace.dependencies.sentry-tower]
-version = "0.37.0"
+version = "0.42.0"
 
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
@@ -476,7 +479,7 @@ features = ["use_std"]
 version = "0.4"
 
 [workspace.dependencies.nix]
-version = "0.29.0"
+version = "0.30.1"
 default-features = false
 features = ["resource"]
 
@@ -498,7 +501,7 @@ version = "0.4.3"
 default-features = false
 
 [workspace.dependencies.termimad]
-version = "0.31.2"
+version = "0.34.0"
 default-features = false
 
 [workspace.dependencies.checked_ops]
@@ -536,11 +539,11 @@ version = "0.2"
 version = "0.2"
 
 [workspace.dependencies.minicbor]
-version = "0.26.3"
+version = "2.1.1"
 features = ["std"]
 
 [workspace.dependencies.minicbor-serde]
-version = "0.4.1"
+version = "0.6.0"
 features = ["std"]
 
 [workspace.dependencies.maplit]
@@ -764,25 +767,6 @@ incremental = true
 
 [profile.dev.package.conduwuit_core]
 inherits = "dev"
-#rustflags = [
-#	'--cfg', 'conduwuit_mods',
-#	'-Ztime-passes',
-#	'-Zmir-opt-level=0',
-#	'-Ztls-model=initial-exec',
-#	'-Cprefer-dynamic=true',
-#	'-Zstaticlib-prefer-dynamic=true',
-#	'-Zstaticlib-allow-rdylib-deps=true',
-#	'-Zpacked-bundled-libs=false',
-#	'-Zplt=true',
-#	'-Clink-arg=-Wl,--as-needed',
-#	'-Clink-arg=-Wl,--allow-shlib-undefined',
-#	'-Clink-arg=-Wl,-z,lazy',
-#	'-Clink-arg=-Wl,-z,unique',
-#	'-Clink-arg=-Wl,-z,nodlopen',
-#	'-Clink-arg=-Wl,-z,nodelete',
-#]
-[profile.dev.package.xtask-generate-commands]
-inherits = "dev"
 [profile.dev.package.conduwuit]
 inherits = "dev"
 #rustflags = [

arch/conduwuit.service

@@ -1,84 +0,0 @@
-[Unit]
-
-Description=Continuwuity - Matrix homeserver
-Wants=network-online.target
-After=network-online.target
-Documentation=https://continuwuity.org/
-RequiresMountsFor=/var/lib/private/conduwuit
-Alias=matrix-conduwuit.service
-
-[Service]
-DynamicUser=yes
-Type=notify-reload
-ReloadSignal=SIGUSR1
-
-TTYPath=/dev/tty25
-DeviceAllow=char-tty
-StandardInput=tty-force
-StandardOutput=tty
-StandardError=journal+console
-
-Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
-Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
-Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit"
-
-TTYReset=yes
-# uncomment to allow buffer to be cleared every restart
-TTYVTDisallocate=no
-
-TTYColumns=120
-TTYRows=40
-
-AmbientCapabilities=
-CapabilityBoundingSet=
-
-DevicePolicy=closed
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
-#ProcSubset=pid
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectProc=invisible
-ProtectSystem=strict
-PrivateDevices=yes
-PrivateMounts=yes
-PrivateTmp=yes
-PrivateUsers=yes
-PrivateIPC=yes
-RemoveIPC=yes
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service @resources
-SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
-SystemCallErrorNumber=EPERM
-StateDirectory=conduwuit
-
-RuntimeDirectory=conduwuit
-RuntimeDirectoryMode=0750
-
-Environment=CONTINUWUITY_CONFIG=%d/config.toml
-LoadCredential=config.toml:/etc/conduwuit/conduwuit.toml
-BindPaths=/var/lib/private/conduwuit:/var/lib/matrix-conduit
-BindPaths=/var/lib/private/conduwuit:/var/lib/private/matrix-conduit
-
-ExecStart=/usr/bin/conduwuit
-Restart=on-failure
-RestartSec=5
-
-TimeoutStopSec=4m
-TimeoutStartSec=4m
-
-StartLimitInterval=1m
-StartLimitBurst=5
-
-[Install]
-WantedBy=multi-user.target

conduwuit-example.toml

@@ -79,9 +79,9 @@
 # This is the only directory where continuwuity will save its data,
 # including media. Note: this was previously "/var/lib/matrix-conduit".
 #
-# YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a `systemd` service.
+# YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a
-# The service file sets it to `/var/lib/conduwuit` using an environment variable
+# `systemd` service. The service file sets it to `/var/lib/conduwuit`
-# and also grants write access.
+# using an environment variable and also grants write access.
 #
 # example: "/var/lib/conduwuit"
 #
@@ -591,13 +591,19 @@
 #
 #default_room_version = 11
 
-# This item is undocumented. Please contribute documentation for it.
+# Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
+# Jaeger exporter. Traces will be sent via OTLP to a collector (such as
+# Jaeger) that supports the OpenTelemetry Protocol.
 #
-#allow_jaeger = false
+# Configure your OTLP endpoint using the OTEL_EXPORTER_OTLP_ENDPOINT
+# environment variable (defaults to http://localhost:4318).
+#
+#allow_otlp = false
 
-# This item is undocumented. Please contribute documentation for it.
+# Filter for OTLP tracing spans. This controls which spans are exported
+# to the OTLP collector.
 #
-#jaeger_filter = "info"
+#otlp_filter = "info"
 
 # If the 'perf_measurements' compile-time feature is enabled, enables
 # collecting folded stack trace profile of tracing spans using

debian/conduwuit.service

@@ -1,71 +0,0 @@
-[Unit]
-
-Description=Continuwuity - Matrix homeserver
-Wants=network-online.target
-After=network-online.target
-Documentation=https://continuwuity.org/
-Alias=matrix-conduwuit.service
-
-[Service]
-DynamicUser=yes
-User=conduwuit
-Group=conduwuit
-Type=notify
-
-Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
-
-Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
-Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
-Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit"
-
-ExecStart=/usr/sbin/conduwuit
-
-ReadWritePaths=/var/lib/conduwuit /etc/conduwuit
-
-AmbientCapabilities=
-CapabilityBoundingSet=
-
-DevicePolicy=closed
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
-#ProcSubset=pid
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectProc=invisible
-ProtectSystem=strict
-PrivateDevices=yes
-PrivateMounts=yes
-PrivateTmp=yes
-PrivateUsers=yes
-PrivateIPC=yes
-RemoveIPC=yes
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service @resources
-SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
-SystemCallErrorNumber=EPERM
-#StateDirectory=conduwuit
-
-RuntimeDirectory=conduwuit
-RuntimeDirectoryMode=0750
-
-Restart=on-failure
-RestartSec=5
-
-TimeoutStopSec=2m
-TimeoutStartSec=2m
-
-StartLimitInterval=1m
-StartLimitBurst=5
-
-[Install]
-WantedBy=multi-user.target

debian/postinst

@@ -1,44 +0,0 @@
-#!/bin/sh
-set -e
-
-# TODO: implement debconf support that is maintainable without duplicating the config
-#. /usr/share/debconf/confmodule
-
-CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
-CONDUWUIT_CONFIG_PATH=/etc/conduwuit
-
-case "$1" in
-  configure)
-    # Create the `conduwuit` user if it does not exist yet.
-    if ! getent passwd conduwuit > /dev/null ; then
-      echo 'Adding system user for the conduwuit Matrix homeserver' 1>&2
-      adduser --system --group --quiet \
-        --home "$CONDUWUIT_DATABASE_PATH" \
-        --disabled-login \
-        --shell "/usr/sbin/nologin" \
-        conduwuit
-    fi
-
-    # Create the database path if it does not exist yet and fix up ownership
-    # and permissions for the config.
-    mkdir -v -p "$CONDUWUIT_DATABASE_PATH"
-
-    # symlink the previous location for compatibility if it does not exist yet.
-    if ! test -L "/var/lib/matrix-conduit" ; then
-        ln -s -v "$CONDUWUIT_DATABASE_PATH" "/var/lib/matrix-conduit"
-    fi
-
-    chown -v conduwuit:conduwuit -R "$CONDUWUIT_DATABASE_PATH"
-    chown -v conduwuit:conduwuit -R "$CONDUWUIT_CONFIG_PATH"
-
-    chmod -v 740 "$CONDUWUIT_DATABASE_PATH"
-
-    echo ''
-    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
-    echo 'To start the server, run: systemctl start conduwuit.service'
-    echo ''
-
-    ;;
-esac
-
-#DEBHELPER#

docs/configuration/examples.md

@@ -9,24 +9,11 @@
 
 </details>
 
-## Debian systemd unit file
+## systemd unit file
 
 <details>
-<summary>Debian systemd unit file</summary>
+<summary>systemd unit file</summary>
 
 ```
-{{#include ../../debian/conduwuit.service}}
+{{#include ../../pkg/conduwuit.service}}
 ```
-
-</details>
-
-## Arch Linux systemd unit file
-
-<details>
-<summary>Arch Linux systemd unit file</summary>
-
-```
-{{#include ../../arch/conduwuit.service}}
-```
-
-</details>

docs/deploying/debian.md

@@ -1 +1 @@
-{{#include ../../debian/README.md}}
+{{#include ../../pkg/debian/README.md}}

fedora/RPM-GPG-KEY-continuwuity.asc

@@ -1,16 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEaLM5LhYJKwYBBAHaRw8BAQdAlnMcp/fMzYfwqeExDsEx2qfZg8NjamGh0slC
-9bkUpQW0O0NvbnRpbnV3dWl0eSBDSSAoUlBNIFBhY2thZ2UgU2lnbmluZykgPGNp
-QGNvbnRpbnV3dWl0eS5vcmc+iJYEExYIAD4WIQShcq3anZQUJ0FNTm1eD/c/QRqv
-ygUCaLM5LgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBeD/c/
-QRqvyk3QAQCjurJLpDANckZflsEVRwxDOUCrED4LdyWpbOuVmhGikwD/fGwkpdUa
-ngP1l+bhlprJN5J1P5UOeNZtKce0vFZaBwC4MwRoszkuFgkrBgEEAdpHDwEBB0CJ
-RpQlzJt/TdYx8AOkNIYan6qbxijjjpZWDIbZp95CfIj1BBgWCAAmFiEEoXKt2p2U
-FCdBTU5tXg/3P0Ear8oFAmizOS4CGwIFCQPCZwAAgQkQXg/3P0Ear8p2IAQZFggA
-HRYhBN/tBNmxKe70FHf4CRoGaPIa/K9qBQJoszkuAAoJEBoGaPIa/K9qf7EBAJ9D
-pdKRji4gy9LWR3w9Ha7Tekmw7kSPGYLZlkDqjiuCAQCCupMGB9r2XPc2/G/KIV+7
-HpWfIANhPsCn1Q9kcloCCIv9AQCy+xDsdtkOw7JnB4g1EKfPlPhN6j3Cjk1vlG2N
-WN/p2AEAkozKVDAbvWEi/s7W9DNWckXm1SS0Og/sv5nGV8okIg4=
-=dxDr
------END PGP PUBLIC KEY BLOCK-----

flake.nix

@@ -48,7 +48,7 @@
           pkgs.lib.makeScope pkgs.newScope (self: {
             inherit pkgs inputs;
             craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain);
-            main = self.callPackage ./nix/pkgs/main { };
+            main = self.callPackage ./pkg/nix/pkgs/main { };
             liburing = pkgs.liburing.overrideAttrs {
               # Tests weren't building
               outputs = [

pkg/conduwuit.service

@@ -9,7 +9,8 @@ Alias=matrix-conduwuit.service
 DynamicUser=yes
 User=conduwuit
 Group=conduwuit
-Type=notify
+Type=notify-reload
+ReloadSignal=SIGUSR1
 
 Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 
@@ -59,8 +60,8 @@ RuntimeDirectoryMode=0750
 Restart=on-failure
 RestartSec=5
 
-TimeoutStopSec=2m
+TimeoutStopSec=4m
-TimeoutStartSec=2m
+TimeoutStartSec=4m
 
 StartLimitInterval=1m
 StartLimitBurst=5

pkg/debian/postinst

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+# TODO: implement debconf support that is maintainable without duplicating the config
+#. /usr/share/debconf/confmodule
+
+CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
+CONDUWUIT_CONFIG_PATH=/etc/conduwuit
+
+case "$1" in
+  configure)
+    echo ''
+    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
+    echo 'To start the server, run: systemctl start conduwuit.service'
+    echo ''
+
+    ;;
+esac
+
+#DEBHELPER#

pkg/debian/postrm

@@ -20,24 +20,18 @@ case $1 in
 
     if [ -d "$CONDUWUIT_CONFIG_PATH" ]; then
       if test -L "$CONDUWUIT_CONFIG_PATH"; then
-        echo "Deleting conduwuit configuration files"
+        echo "Deleting continuwuity configuration files"
         rm -v -r "$CONDUWUIT_CONFIG_PATH"
       fi
     fi
 
     if [ -d "$CONDUWUIT_DATABASE_PATH" ]; then
       if test -L "$CONDUWUIT_DATABASE_PATH"; then
-        echo "Deleting conduwuit database directory"
+        echo "Deleting continuwuity database directory"
         rm -r "$CONDUWUIT_DATABASE_PATH"
       fi
     fi
 
-    if [ -d "$CONDUWUIT_DATABASE_PATH_SYMLINK" ]; then
-      if test -L "$CONDUWUIT_DATABASE_SYMLINK"; then
-        echo "Removing matrix-conduit symlink"
-        rm -r "$CONDUWUIT_DATABASE_PATH_SYMLINK"
-      fi
-    fi
     ;;
 esac
 

pkg/fedora/continuwuity.spec.rpkg

@@ -50,7 +50,7 @@ find .cargo/registry/ -executable -name "*.rs" -exec chmod -x {} +
 
 %install
 install -Dpm0755 target/rpm/conduwuit -t %{buildroot}%{_bindir}
-install -Dpm0644 fedora/conduwuit.service -t %{buildroot}%{_unitdir}
+install -Dpm0644 pkg/conduwuit.service -t %{buildroot}%{_unitdir}
 install -Dpm0644 conduwuit-example.toml %{buildroot}%{_sysconfdir}/conduwuit/conduwuit.toml
 
 %files

src/admin/Cargo.toml

@@ -89,6 +89,7 @@ serde_yaml.workspace = true
 tokio.workspace = true
 tracing-subscriber.workspace = true
 tracing.workspace = true
+ctor.workspace = true
 
 [lints]
 workspace = true

src/admin/mod.rs

@@ -29,6 +29,8 @@ pub(crate) use crate::{context::Context, utils::get_room_info};
 
 pub(crate) const PAGE_SIZE: usize = 100;
 
+use ctor::{ctor, dtor};
+
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}

src/api/Cargo.toml

@@ -93,6 +93,7 @@ serde.workspace = true
 sha1.workspace = true
 tokio.workspace = true
 tracing.workspace = true
+ctor.workspace = true
 
 [lints]
 workspace = true

src/api/client/message.rs

@@ -321,7 +321,7 @@ pub(crate) fn event_filter(item: PdusIterItem, filter: &RoomEventFilter) -> Opti
 	filter.matches(pdu).then_some(item)
 }
 
-#[cfg_attr(debug_assertions, conduwuit::ctor)]
+#[cfg_attr(debug_assertions, ctor::ctor)]
 fn _is_sorted() {
 	debug_assert!(
 		IGNORED_MESSAGE_TYPES.is_sorted(),

src/core/config/mod.rs

@@ -126,9 +126,9 @@ pub struct Config {
 	/// This is the only directory where continuwuity will save its data,
 	/// including media. Note: this was previously "/var/lib/matrix-conduit".
 	///
-	/// YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a `systemd` service.
+	/// YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a
-	/// The service file sets it to `/var/lib/conduwuit` using an environment variable
+	/// `systemd` service. The service file sets it to `/var/lib/conduwuit`
-	/// and also grants write access.
+	/// using an environment variable and also grants write access.
 	///
 	/// example: "/var/lib/conduwuit"
 	pub database_path: PathBuf,
@@ -714,12 +714,21 @@ pub struct Config {
 	#[serde(default)]
 	pub well_known: WellKnownConfig,
 
-	#[serde(default)]
+	/// Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
-	pub allow_jaeger: bool,
+	/// Jaeger exporter. Traces will be sent via OTLP to a collector (such as
+	/// Jaeger) that supports the OpenTelemetry Protocol.
+	///
+	/// Configure your OTLP endpoint using the OTEL_EXPORTER_OTLP_ENDPOINT
+	/// environment variable (defaults to http://localhost:4318).
+	#[serde(default, alias = "allow_jaeger")]
+	pub allow_otlp: bool,
 
+	/// Filter for OTLP tracing spans. This controls which spans are exported
+	/// to the OTLP collector.
+	///
 	/// default: "info"
-	#[serde(default = "default_jaeger_filter")]
+	#[serde(default = "default_otlp_filter", alias = "jaeger_filter")]
-	pub jaeger_filter: String,
+	pub otlp_filter: String,
 
 	/// If the 'perf_measurements' compile-time feature is enabled, enables
 	/// collecting folded stack trace profile of tracing spans using
@@ -2367,7 +2376,7 @@ fn default_tracing_flame_filter() -> String {
 		.to_owned()
 }
 
-fn default_jaeger_filter() -> String {
+fn default_otlp_filter() -> String {
 	cfg!(debug_assertions)
 		.then_some("trace,h2=off")
 		.unwrap_or("info")

src/database/Cargo.toml

@@ -66,6 +66,7 @@ serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
 tracing.workspace = true
+ctor.workspace = true
 
 [lints]
 workspace = true

src/database/mod.rs

@@ -3,6 +3,8 @@
 extern crate conduwuit_core as conduwuit;
 extern crate rust_rocksdb as rocksdb;
 
+use ctor::{ctor, dtor};
+
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}

src/macros/rustc.rs

@@ -13,13 +13,13 @@ pub(super) fn flags_capture(args: TokenStream) -> TokenStream {
 	let ret = quote! {
 		pub static RUSTC_FLAGS: [&str; #flag_len] = [#( #flag ),*];
 
-		#[conduwuit_core::ctor]
+		#[ctor]
 		fn _set_rustc_flags() {
 			conduwuit_core::info::rustc::FLAGS.lock().insert(#crate_name, &RUSTC_FLAGS);
 		}
 
 		// static strings have to be yanked on module unload
-		#[conduwuit_core::dtor]
+		#[dtor]
 		fn _unset_rustc_flags() {
 			conduwuit_core::info::rustc::FLAGS.lock().remove(#crate_name);
 		}

src/main/Cargo.toml

@@ -32,12 +32,12 @@ a cool hard fork of Conduit, a Matrix homeserver written in Rust"""
 section = "net"
 priority = "optional"
 conf-files = ["/etc/conduwuit/conduwuit.toml"]
-maintainer-scripts = "../../debian/"
+maintainer-scripts = "../../pkg/debian/"
-systemd-units = { unit-name = "conduwuit", start = false }
+systemd-units = { unit-name = "conduwuit", start = false, unit-scripts = "../../pkg/" }
 assets = [
-	["../../debian/README.md", "usr/share/doc/conduwuit/README.Debian", "644"],
+	["../../pkg/debian/README.md", "usr/share/doc/conduwuit/README.Debian", "644"],
 	["../../README.md", "usr/share/doc/conduwuit/", "644"],
-	["../../target/release/conduwuit", "usr/sbin/conduwuit", "755"],
+	["../../target/release/conduwuit", "usr/bin/conduwuit", "755"],
 	["../../conduwuit-example.toml", "etc/conduwuit/conduwuit.toml", "640"],
 ]
 
@@ -126,7 +126,8 @@ perf_measurements = [
 	"dep:tracing-flame",
 	"dep:tracing-opentelemetry",
 	"dep:opentelemetry_sdk",
-	"dep:opentelemetry-jaeger",
+	"dep:opentelemetry-otlp",
+	"dep:opentelemetry-jaeger-propagator",
 	"conduwuit-core/perf_measurements",
 	"conduwuit-core/sentry_telemetry",
 ]
@@ -202,11 +203,14 @@ clap.workspace = true
 console-subscriber.optional = true
 console-subscriber.workspace = true
 const-str.workspace = true
+ctor.workspace = true
 log.workspace = true
-opentelemetry-jaeger.optional = true
-opentelemetry-jaeger.workspace = true
 opentelemetry.optional = true
 opentelemetry.workspace = true
+opentelemetry-otlp.optional = true
+opentelemetry-otlp.workspace = true
+opentelemetry-jaeger-propagator.optional = true
+opentelemetry-jaeger-propagator.workspace = true
 opentelemetry_sdk.optional = true
 opentelemetry_sdk.workspace = true
 sentry-tower.optional = true
@@ -226,6 +230,7 @@ tracing-subscriber.workspace = true
 tracing.workspace = true
 tracing-journald = { workspace = true, optional = true }
 
+
 [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies]
 hardened_malloc-rs.workspace = true
 hardened_malloc-rs.optional = true

src/main/logging.rs

@@ -7,6 +7,8 @@ use conduwuit_core::{
 	log::{ConsoleFormat, ConsoleWriter, LogLevelReloadHandles, capture, fmt_span},
 	result::UnwrapOrErr,
 };
+#[cfg(feature = "perf_measurements")]
+use opentelemetry::trace::TracerProvider;
 use tracing_subscriber::{EnvFilter, Layer, Registry, fmt, layer::SubscriberExt, reload};
 
 #[cfg(feature = "perf_measurements")]
@@ -87,30 +89,35 @@ pub(crate) fn init(
 			(None, None)
 		};
 
-		let jaeger_filter = EnvFilter::try_new(&config.jaeger_filter)
+		let otlp_filter = EnvFilter::try_new(&config.otlp_filter)
-			.map_err(|e| err!(Config("jaeger_filter", "{e}.")))?;
+			.map_err(|e| err!(Config("otlp_filter", "{e}.")))?;
 
-		let jaeger_layer = config.allow_jaeger.then(|| {
+		let otlp_layer = config.allow_otlp.then(|| {
 			opentelemetry::global::set_text_map_propagator(
-				opentelemetry_jaeger::Propagator::new(),
+				opentelemetry_jaeger_propagator::Propagator::new(),
 			);
 
-			let tracer = opentelemetry_jaeger::new_agent_pipeline()
+			let exporter = opentelemetry_otlp::SpanExporter::builder()
-				.with_auto_split_batch(true)
+				.with_http()
-				.with_service_name(conduwuit_core::name())
+				.build()
-				.install_batch(opentelemetry_sdk::runtime::Tokio)
+				.expect("Failed to create OTLP exporter");
-				.expect("jaeger agent pipeline");
+
+			let provider = opentelemetry_sdk::trace::SdkTracerProvider::builder()
+				.with_batch_exporter(exporter)
+				.build();
+
+			let tracer = provider.tracer(conduwuit_core::name());
 
 			let telemetry = tracing_opentelemetry::layer().with_tracer(tracer);
 
-			let (jaeger_reload_filter, jaeger_reload_handle) =
+			let (otlp_reload_filter, otlp_reload_handle) =
-				reload::Layer::new(jaeger_filter.clone());
+				reload::Layer::new(otlp_filter.clone());
-			reload_handles.add("jaeger", Box::new(jaeger_reload_handle));
+			reload_handles.add("otlp", Box::new(otlp_reload_handle));
 
-			Some(telemetry.with_filter(jaeger_reload_filter))
+			Some(telemetry.with_filter(otlp_reload_filter))
 		});
 
-		let subscriber = subscriber.with(flame_layer).with(jaeger_layer);
+		let subscriber = subscriber.with(flame_layer).with(otlp_layer);
 		(subscriber, flame_guard)
 	};
 

src/main/mod.rs

@@ -13,6 +13,7 @@ mod sentry;
 mod server;
 mod signal;
 
+use ctor::{ctor, dtor};
 use server::Server;
 
 rustc_flags_capture! {}

src/router/Cargo.toml

@@ -125,6 +125,7 @@ tokio.workspace = true
 tower.workspace = true
 tower-http.workspace = true
 tracing.workspace = true
+ctor.workspace = true
 
 [target.'cfg(all(unix, target_os = "linux"))'.dependencies]
 sd-notify.workspace = true

src/router/mod.rs

@@ -12,6 +12,7 @@ use std::{panic::AssertUnwindSafe, pin::Pin, sync::Arc};
 
 use conduwuit::{Error, Result, Server};
 use conduwuit_service::Services;
+use ctor::{ctor, dtor};
 use futures::{Future, FutureExt, TryFutureExt};
 
 conduwuit::mod_ctor! {}

src/service/Cargo.toml

@@ -117,6 +117,7 @@ webpage.optional = true
 blurhash.workspace = true
 blurhash.optional = true
 recaptcha-verify = { version = "0.1.5", default-features = false }
+ctor.workspace = true
 
 [lints]
 workspace = true

src/service/mod.rs

@@ -33,6 +33,7 @@ pub mod users;
 extern crate conduwuit_core as conduwuit;
 extern crate conduwuit_database as database;
 
+use ctor::{ctor, dtor};
 pub(crate) use service::{Args, Dep, Service};
 
 pub use crate::services::Services;