refactor(ci): Use dnf builddep for RPM build dependencies

Move build dependency installation after SRPM generation to use dnf
builddep, eliminating duplication between CI config and spec file.
Dependencies are now sourced directly from the SRPM, ensuring consistency
and reducing maintenance.

Also fix test installation to properly fail when dependencies cannot be
met, removing the fallback to --nodeps which could hide packaging issues.

.forgejo/workflows/build-fedora.yml

@@ -11,7 +11,7 @@ on:
     tags:
       - 'v*'
     paths:
-      - 'pkg/fedora/**'
+      - 'fedora/**'
       - 'src/**'
       - 'Cargo.toml'
       - 'Cargo.lock'
@@ -41,7 +41,7 @@ jobs:
           path: |
             /var/cache/dnf
             /var/cache/yum
-          key: dnf-fedora${{ steps.fedora.outputs.version }}-${{ hashFiles('pkg/fedora/continuwuity.spec.rpkg') }}-v1
+          key: dnf-fedora${{ steps.fedora.outputs.version }}-${{ hashFiles('fedora/continuwuity.spec.rpkg') }}-v1
           restore-keys: |
             dnf-fedora${{ steps.fedora.outputs.version }}-
 
@@ -114,14 +114,14 @@ jobs:
             # Create spec file with tag version
             sed -e "s/^Version:.*$/Version:        $TAG_VERSION/" \
                 -e "s/^Release:.*$/Release:        1%{?dist}/" \
-                pkg/fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+                fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           elif [ "${{ github.ref_name }}" = "main" ]; then
             # Main branch gets .dev suffix
             RELEASE_SUFFIX=".dev"
 
             # Replace the Release line to include our suffix
             sed "s/^Release:.*$/Release:        1${RELEASE_SUFFIX}%{?dist}/" \
-              pkg/fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+              fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           else
             # Other branches get sanitized branch name as suffix
             SAFE_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9]/_/g' | cut -c1-20)
@@ -129,13 +129,32 @@ jobs:
 
             # Replace the Release line to include our suffix
             sed "s/^Release:.*$/Release:        1${RELEASE_SUFFIX}%{?dist}/" \
-              pkg/fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+              fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           fi
 
           rpkg srpm --outdir "$HOME/rpmbuild/SRPMS"
 
           ls -la $HOME/rpmbuild/SRPMS/
 
+      - name: Setup GPG for RPM signing
+        run: |
+          # Skip if no signing key is configured
+          if [ -z "${{ secrets.RPM_SIGNING_KEY }}" ]; then
+            echo "No RPM signing key configured - skipping signing setup"
+            exit 0
+          fi
+
+          echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
+
+          # Get the key ID (look for the sec line, not the uid line)
+          KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep "^sec" | head -1 | awk '{print $2}' | cut -d'/' -f2)
+          echo "Using GPG key: $KEY_ID"
+
+          cat > ~/.rpmmacros << EOF
+          %_signature gpg
+          %_gpg_name $KEY_ID
+          %__gpg /usr/bin/gpg
+          EOF
 
       - name: Install build dependencies from SRPM
         run: |
@@ -165,6 +184,62 @@ jobs:
             --define "_sourcedir $GITHUB_WORKSPACE" \
             --nocheck  # Skip %check section to avoid test dependencies
 
+      - name: Sign RPM packages
+        run: |
+          # Skip if no signing key is configured
+          if [ -z "${{ secrets.RPM_SIGNING_KEY }}" ]; then
+            echo "No RPM signing key configured - skipping package signing"
+            exit 0
+          fi
+
+          # Export GPG_TTY to avoid terminal warnings
+          export GPG_TTY=/dev/null
+
+          for rpm in $(find "$HOME/rpmbuild" -name "*.rpm" -type f); do
+            echo "Signing: $(basename $rpm)"
+
+            # Use expect or provide empty passphrase via stdin for batch signing
+            if ! echo "" | rpmsign --addsign "$rpm" 2>&1; then
+              echo "ERROR: Failed to sign $rpm"
+              exit 1
+            fi
+          done
+
+          echo "Successfully signed all RPMs"
+
+      - name: Verify RPM signatures
+        run: |
+          # Skip if no signing key is configured
+          if [ -z "${{ secrets.RPM_SIGNING_KEY }}" ]; then
+            echo "No RPM signing key configured - skipping signature verification"
+            exit 0
+          fi
+
+          echo "Importing GPG public key for verification..."
+          rpm --import fedora/RPM-GPG-KEY-continuwuity.asc
+
+          FAILED_COUNT=0
+          TOTAL_COUNT=0
+
+          for rpm in $(find "$HOME/rpmbuild" -name "*.rpm" -type f); do
+            echo -n "Verifying $(basename $rpm): "
+            TOTAL_COUNT=$((TOTAL_COUNT + 1))
+
+            if rpm --checksig "$rpm"; then
+              echo " ✓"
+            else
+              echo " ✗ FAILED"
+              FAILED_COUNT=$((FAILED_COUNT + 1))
+            fi
+          done
+
+          # Fail if any RPMs failed verification
+          if [ "$FAILED_COUNT" -gt 0 ]; then
+            echo "ERROR: $FAILED_COUNT out of $TOTAL_COUNT RPMs failed signature verification"
+            exit 1
+          fi
+
+          echo "Successfully verified all $TOTAL_COUNT RPM signatures"
 
       - name: Test RPM installation
         run: |

.forgejo/workflows/prek-checks.yml

@@ -1,11 +1,7 @@
 name: Checks / Prek
 
 on:
-  pull_request:
   push:
-    branches:
-      - main
-  workflow_dispatch:
 
 permissions:
   contents: read

.forgejo/workflows/release-image.yml

@@ -3,26 +3,14 @@ concurrency:
   group: "release-image-${{ github.ref }}"
 
 on:
-  pull_request:
-    paths-ignore:
-      - "*.md"
-      - "**/*.md"
-      - ".gitlab-ci.yml"
-      - ".gitignore"
-      - "renovate.json"
-      - "pkg/**"
-      - "docker/**"
-      - "docs/**"
   push:
-    branches:
-      - main
     paths-ignore:
       - "*.md"
       - "**/*.md"
       - ".gitlab-ci.yml"
       - ".gitignore"
       - "renovate.json"
-      - "pkg/**"
+      - "debian/**"
       - "docker/**"
       - "docs/**"
   # Allows you to run this workflow manually from the Actions tab
@@ -105,10 +93,6 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
-          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
-          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
@@ -266,10 +250,6 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
-          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
-          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
 
       - name: Extract metadata (tags) for Docker
         id: meta

Cargo.toml

@@ -48,15 +48,15 @@ features = ["ffi", "std", "union"]
 version = "0.6.2"
 
 [workspace.dependencies.ctor]
-version = "0.5.0"
+version = "0.2.9"
 
 [workspace.dependencies.cargo_toml]
-version = "0.22"
+version = "0.21"
 default-features = false
 features = ["features"]
 
 [workspace.dependencies.toml]
-version = "0.9.5"
+version = "0.8.14"
 default-features = false
 features = ["parse"]
 
@@ -411,28 +411,25 @@ default-features = false
 
 # optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
 [workspace.dependencies.opentelemetry]
-version = "0.30.0"
+version = "0.21.0"
 
 [workspace.dependencies.tracing-flame]
 version = "0.2.0"
 
 [workspace.dependencies.tracing-opentelemetry]
-version = "0.31.0"
+version = "0.22.0"
 
 [workspace.dependencies.opentelemetry_sdk]
-version = "0.30.0"
+version = "0.21.2"
 features = ["rt-tokio"]
 
-[workspace.dependencies.opentelemetry-otlp]
+[workspace.dependencies.opentelemetry-jaeger]
-version = "0.30.0"
+version = "0.20.0"
-features = ["http", "trace", "logs", "metrics"]
+features = ["rt-tokio"]
-
-[workspace.dependencies.opentelemetry-jaeger-propagator]
-version = "0.30.0"
 
 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.42.0"
+version = "0.37.0"
 default-features = false
 features = [
     "backtrace",
@@ -448,9 +445,9 @@ features = [
 ]
 
 [workspace.dependencies.sentry-tracing]
-version = "0.42.0"
+version = "0.37.0"
 [workspace.dependencies.sentry-tower]
-version = "0.42.0"
+version = "0.37.0"
 
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
@@ -479,7 +476,7 @@ features = ["use_std"]
 version = "0.4"
 
 [workspace.dependencies.nix]
-version = "0.30.1"
+version = "0.29.0"
 default-features = false
 features = ["resource"]
 
@@ -501,7 +498,7 @@ version = "0.4.3"
 default-features = false
 
 [workspace.dependencies.termimad]
-version = "0.34.0"
+version = "0.31.2"
 default-features = false
 
 [workspace.dependencies.checked_ops]
@@ -539,11 +536,11 @@ version = "0.2"
 version = "0.2"
 
 [workspace.dependencies.minicbor]
-version = "2.1.1"
+version = "0.26.3"
 features = ["std"]
 
 [workspace.dependencies.minicbor-serde]
-version = "0.6.0"
+version = "0.4.1"
 features = ["std"]
 
 [workspace.dependencies.maplit]
@@ -767,6 +764,25 @@ incremental = true
 
 [profile.dev.package.conduwuit_core]
 inherits = "dev"
+#rustflags = [
+#	'--cfg', 'conduwuit_mods',
+#	'-Ztime-passes',
+#	'-Zmir-opt-level=0',
+#	'-Ztls-model=initial-exec',
+#	'-Cprefer-dynamic=true',
+#	'-Zstaticlib-prefer-dynamic=true',
+#	'-Zstaticlib-allow-rdylib-deps=true',
+#	'-Zpacked-bundled-libs=false',
+#	'-Zplt=true',
+#	'-Clink-arg=-Wl,--as-needed',
+#	'-Clink-arg=-Wl,--allow-shlib-undefined',
+#	'-Clink-arg=-Wl,-z,lazy',
+#	'-Clink-arg=-Wl,-z,unique',
+#	'-Clink-arg=-Wl,-z,nodlopen',
+#	'-Clink-arg=-Wl,-z,nodelete',
+#]
+[profile.dev.package.xtask-generate-commands]
+inherits = "dev"
 [profile.dev.package.conduwuit]
 inherits = "dev"
 #rustflags = [

arch/conduwuit.service

@@ -0,0 +1,84 @@
+[Unit]
+
+Description=Continuwuity - Matrix homeserver
+Wants=network-online.target
+After=network-online.target
+Documentation=https://continuwuity.org/
+RequiresMountsFor=/var/lib/private/conduwuit
+Alias=matrix-conduwuit.service
+
+[Service]
+DynamicUser=yes
+Type=notify-reload
+ReloadSignal=SIGUSR1
+
+TTYPath=/dev/tty25
+DeviceAllow=char-tty
+StandardInput=tty-force
+StandardOutput=tty
+StandardError=journal+console
+
+Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
+Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
+Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit"
+
+TTYReset=yes
+# uncomment to allow buffer to be cleared every restart
+TTYVTDisallocate=no
+
+TTYColumns=120
+TTYRows=40
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+
+DevicePolicy=closed
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+#ProcSubset=pid
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+PrivateUsers=yes
+PrivateIPC=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service @resources
+SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
+SystemCallErrorNumber=EPERM
+StateDirectory=conduwuit
+
+RuntimeDirectory=conduwuit
+RuntimeDirectoryMode=0750
+
+Environment=CONTINUWUITY_CONFIG=%d/config.toml
+LoadCredential=config.toml:/etc/conduwuit/conduwuit.toml
+BindPaths=/var/lib/private/conduwuit:/var/lib/matrix-conduit
+BindPaths=/var/lib/private/conduwuit:/var/lib/private/matrix-conduit
+
+ExecStart=/usr/bin/conduwuit
+Restart=on-failure
+RestartSec=5
+
+TimeoutStopSec=4m
+TimeoutStartSec=4m
+
+StartLimitInterval=1m
+StartLimitBurst=5
+
+[Install]
+WantedBy=multi-user.target

conduwuit-example.toml

@@ -79,9 +79,9 @@
 # This is the only directory where continuwuity will save its data,
 # including media. Note: this was previously "/var/lib/matrix-conduit".
 #
-# YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a
+# YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a `systemd` service.
-# `systemd` service. The service file sets it to `/var/lib/conduwuit`
+# The service file sets it to `/var/lib/conduwuit` using an environment variable
-# using an environment variable and also grants write access.
+# and also grants write access.
 #
 # example: "/var/lib/conduwuit"
 #
@@ -591,19 +591,13 @@
 #
 #default_room_version = 11
 
-# Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
+# This item is undocumented. Please contribute documentation for it.
-# Jaeger exporter. Traces will be sent via OTLP to a collector (such as
-# Jaeger) that supports the OpenTelemetry Protocol.
 #
-# Configure your OTLP endpoint using the OTEL_EXPORTER_OTLP_ENDPOINT
+#allow_jaeger = false
-# environment variable (defaults to http://localhost:4318).
-#
-#allow_otlp = false
 
-# Filter for OTLP tracing spans. This controls which spans are exported
+# This item is undocumented. Please contribute documentation for it.
-# to the OTLP collector.
 #
-#otlp_filter = "info"
+#jaeger_filter = "info"
 
 # If the 'perf_measurements' compile-time feature is enabled, enables
 # collecting folded stack trace profile of tracing spans using

debian/conduwuit.service

@@ -0,0 +1,71 @@
+[Unit]
+
+Description=Continuwuity - Matrix homeserver
+Wants=network-online.target
+After=network-online.target
+Documentation=https://continuwuity.org/
+Alias=matrix-conduwuit.service
+
+[Service]
+DynamicUser=yes
+User=conduwuit
+Group=conduwuit
+Type=notify
+
+Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
+
+Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
+Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
+Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit"
+
+ExecStart=/usr/sbin/conduwuit
+
+ReadWritePaths=/var/lib/conduwuit /etc/conduwuit
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+
+DevicePolicy=closed
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+#ProcSubset=pid
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+PrivateUsers=yes
+PrivateIPC=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service @resources
+SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
+SystemCallErrorNumber=EPERM
+#StateDirectory=conduwuit
+
+RuntimeDirectory=conduwuit
+RuntimeDirectoryMode=0750
+
+Restart=on-failure
+RestartSec=5
+
+TimeoutStopSec=2m
+TimeoutStartSec=2m
+
+StartLimitInterval=1m
+StartLimitBurst=5
+
+[Install]
+WantedBy=multi-user.target

debian/postinst

@@ -0,0 +1,44 @@
+#!/bin/sh
+set -e
+
+# TODO: implement debconf support that is maintainable without duplicating the config
+#. /usr/share/debconf/confmodule
+
+CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
+CONDUWUIT_CONFIG_PATH=/etc/conduwuit
+
+case "$1" in
+  configure)
+    # Create the `conduwuit` user if it does not exist yet.
+    if ! getent passwd conduwuit > /dev/null ; then
+      echo 'Adding system user for the conduwuit Matrix homeserver' 1>&2
+      adduser --system --group --quiet \
+        --home "$CONDUWUIT_DATABASE_PATH" \
+        --disabled-login \
+        --shell "/usr/sbin/nologin" \
+        conduwuit
+    fi
+
+    # Create the database path if it does not exist yet and fix up ownership
+    # and permissions for the config.
+    mkdir -v -p "$CONDUWUIT_DATABASE_PATH"
+
+    # symlink the previous location for compatibility if it does not exist yet.
+    if ! test -L "/var/lib/matrix-conduit" ; then
+        ln -s -v "$CONDUWUIT_DATABASE_PATH" "/var/lib/matrix-conduit"
+    fi
+
+    chown -v conduwuit:conduwuit -R "$CONDUWUIT_DATABASE_PATH"
+    chown -v conduwuit:conduwuit -R "$CONDUWUIT_CONFIG_PATH"
+
+    chmod -v 740 "$CONDUWUIT_DATABASE_PATH"
+
+    echo ''
+    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
+    echo 'To start the server, run: systemctl start conduwuit.service'
+    echo ''
+
+    ;;
+esac
+
+#DEBHELPER#

debian/postrm

@@ -20,18 +20,24 @@ case $1 in
 
     if [ -d "$CONDUWUIT_CONFIG_PATH" ]; then
       if test -L "$CONDUWUIT_CONFIG_PATH"; then
-        echo "Deleting continuwuity configuration files"
+        echo "Deleting conduwuit configuration files"
         rm -v -r "$CONDUWUIT_CONFIG_PATH"
       fi
     fi
 
     if [ -d "$CONDUWUIT_DATABASE_PATH" ]; then
       if test -L "$CONDUWUIT_DATABASE_PATH"; then
-        echo "Deleting continuwuity database directory"
+        echo "Deleting conduwuit database directory"
         rm -r "$CONDUWUIT_DATABASE_PATH"
       fi
     fi
 
+    if [ -d "$CONDUWUIT_DATABASE_PATH_SYMLINK" ]; then
+      if test -L "$CONDUWUIT_DATABASE_SYMLINK"; then
+        echo "Removing matrix-conduit symlink"
+        rm -r "$CONDUWUIT_DATABASE_PATH_SYMLINK"
+      fi
+    fi
     ;;
 esac
 

docs/configuration/examples.md

@@ -9,11 +9,24 @@
 
 </details>
 
-## systemd unit file
+## Debian systemd unit file
 
 <details>
-<summary>systemd unit file</summary>
+<summary>Debian systemd unit file</summary>
 
 ```
-{{#include ../../pkg/conduwuit.service}}
+{{#include ../../debian/conduwuit.service}}
 ```
+
+</details>
+
+## Arch Linux systemd unit file
+
+<details>
+<summary>Arch Linux systemd unit file</summary>
+
+```
+{{#include ../../arch/conduwuit.service}}
+```
+
+</details>

docs/deploying/debian.md

@@ -1 +1 @@
-{{#include ../../pkg/debian/README.md}}
+{{#include ../../debian/README.md}}

fedora/RPM-GPG-KEY-continuwuity.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEaLM5LhYJKwYBBAHaRw8BAQdAlnMcp/fMzYfwqeExDsEx2qfZg8NjamGh0slC
+9bkUpQW0O0NvbnRpbnV3dWl0eSBDSSAoUlBNIFBhY2thZ2UgU2lnbmluZykgPGNp
+QGNvbnRpbnV3dWl0eS5vcmc+iJYEExYIAD4WIQShcq3anZQUJ0FNTm1eD/c/QRqv
+ygUCaLM5LgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBeD/c/
+QRqvyk3QAQCjurJLpDANckZflsEVRwxDOUCrED4LdyWpbOuVmhGikwD/fGwkpdUa
+ngP1l+bhlprJN5J1P5UOeNZtKce0vFZaBwC4MwRoszkuFgkrBgEEAdpHDwEBB0CJ
+RpQlzJt/TdYx8AOkNIYan6qbxijjjpZWDIbZp95CfIj1BBgWCAAmFiEEoXKt2p2U
+FCdBTU5tXg/3P0Ear8oFAmizOS4CGwIFCQPCZwAAgQkQXg/3P0Ear8p2IAQZFggA
+HRYhBN/tBNmxKe70FHf4CRoGaPIa/K9qBQJoszkuAAoJEBoGaPIa/K9qf7EBAJ9D
+pdKRji4gy9LWR3w9Ha7Tekmw7kSPGYLZlkDqjiuCAQCCupMGB9r2XPc2/G/KIV+7
+HpWfIANhPsCn1Q9kcloCCIv9AQCy+xDsdtkOw7JnB4g1EKfPlPhN6j3Cjk1vlG2N
+WN/p2AEAkozKVDAbvWEi/s7W9DNWckXm1SS0Og/sv5nGV8okIg4=
+=dxDr
+-----END PGP PUBLIC KEY BLOCK-----

fedora/conduwuit.service

@@ -9,8 +9,7 @@ Alias=matrix-conduwuit.service
 DynamicUser=yes
 User=conduwuit
 Group=conduwuit
-Type=notify-reload
+Type=notify
-ReloadSignal=SIGUSR1
 
 Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 
@@ -60,8 +59,8 @@ RuntimeDirectoryMode=0750
 Restart=on-failure
 RestartSec=5
 
-TimeoutStopSec=4m
+TimeoutStopSec=2m
-TimeoutStartSec=4m
+TimeoutStartSec=2m
 
 StartLimitInterval=1m
 StartLimitBurst=5

fedora/continuwuity.spec.rpkg

@@ -50,7 +50,7 @@ find .cargo/registry/ -executable -name "*.rs" -exec chmod -x {} +
 
 %install
 install -Dpm0755 target/rpm/conduwuit -t %{buildroot}%{_bindir}
-install -Dpm0644 pkg/conduwuit.service -t %{buildroot}%{_unitdir}
+install -Dpm0644 fedora/conduwuit.service -t %{buildroot}%{_unitdir}
 install -Dpm0644 conduwuit-example.toml %{buildroot}%{_sysconfdir}/conduwuit/conduwuit.toml
 
 %files

flake.nix

@@ -48,7 +48,7 @@
           pkgs.lib.makeScope pkgs.newScope (self: {
             inherit pkgs inputs;
             craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain);
-            main = self.callPackage ./pkg/nix/pkgs/main { };
+            main = self.callPackage ./nix/pkgs/main { };
             liburing = pkgs.liburing.overrideAttrs {
               # Tests weren't building
               outputs = [

pkg/debian/postinst

@@ -1,20 +0,0 @@
-#!/bin/sh
-set -e
-
-# TODO: implement debconf support that is maintainable without duplicating the config
-#. /usr/share/debconf/confmodule
-
-CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
-CONDUWUIT_CONFIG_PATH=/etc/conduwuit
-
-case "$1" in
-  configure)
-    echo ''
-    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
-    echo 'To start the server, run: systemctl start conduwuit.service'
-    echo ''
-
-    ;;
-esac
-
-#DEBHELPER#

src/admin/Cargo.toml

@@ -89,7 +89,6 @@ serde_yaml.workspace = true
 tokio.workspace = true
 tracing-subscriber.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [lints]
 workspace = true

src/admin/mod.rs

@@ -29,8 +29,6 @@ pub(crate) use crate::{context::Context, utils::get_room_info};
 
 pub(crate) const PAGE_SIZE: usize = 100;
 
-use ctor::{ctor, dtor};
-
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}

src/api/Cargo.toml

@@ -93,7 +93,6 @@ serde.workspace = true
 sha1.workspace = true
 tokio.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [lints]
 workspace = true

src/api/client/message.rs

@@ -321,7 +321,7 @@ pub(crate) fn event_filter(item: PdusIterItem, filter: &RoomEventFilter) -> Opti
 	filter.matches(pdu).then_some(item)
 }
 
-#[cfg_attr(debug_assertions, ctor::ctor)]
+#[cfg_attr(debug_assertions, conduwuit::ctor)]
 fn _is_sorted() {
 	debug_assert!(
 		IGNORED_MESSAGE_TYPES.is_sorted(),

src/core/config/mod.rs

@@ -126,9 +126,9 @@ pub struct Config {
 	/// This is the only directory where continuwuity will save its data,
 	/// including media. Note: this was previously "/var/lib/matrix-conduit".
 	///
-	/// YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a
+	/// YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a `systemd` service.
-	/// `systemd` service. The service file sets it to `/var/lib/conduwuit`
+	/// The service file sets it to `/var/lib/conduwuit` using an environment variable
-	/// using an environment variable and also grants write access.
+	/// and also grants write access.
 	///
 	/// example: "/var/lib/conduwuit"
 	pub database_path: PathBuf,
@@ -714,21 +714,12 @@ pub struct Config {
 	#[serde(default)]
 	pub well_known: WellKnownConfig,
 
-	/// Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
+	#[serde(default)]
-	/// Jaeger exporter. Traces will be sent via OTLP to a collector (such as
+	pub allow_jaeger: bool,
-	/// Jaeger) that supports the OpenTelemetry Protocol.
-	///
-	/// Configure your OTLP endpoint using the OTEL_EXPORTER_OTLP_ENDPOINT
-	/// environment variable (defaults to http://localhost:4318).
-	#[serde(default, alias = "allow_jaeger")]
-	pub allow_otlp: bool,
 
-	/// Filter for OTLP tracing spans. This controls which spans are exported
-	/// to the OTLP collector.
-	///
 	/// default: "info"
-	#[serde(default = "default_otlp_filter", alias = "jaeger_filter")]
+	#[serde(default = "default_jaeger_filter")]
-	pub otlp_filter: String,
+	pub jaeger_filter: String,
 
 	/// If the 'perf_measurements' compile-time feature is enabled, enables
 	/// collecting folded stack trace profile of tracing spans using
@@ -2376,7 +2367,7 @@ fn default_tracing_flame_filter() -> String {
 		.to_owned()
 }
 
-fn default_otlp_filter() -> String {
+fn default_jaeger_filter() -> String {
 	cfg!(debug_assertions)
 		.then_some("trace,h2=off")
 		.unwrap_or("info")

src/database/Cargo.toml

@@ -66,7 +66,6 @@ serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [lints]
 workspace = true

src/database/mod.rs

@@ -3,8 +3,6 @@
 extern crate conduwuit_core as conduwuit;
 extern crate rust_rocksdb as rocksdb;
 
-use ctor::{ctor, dtor};
-
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}

src/macros/rustc.rs

@@ -13,13 +13,13 @@ pub(super) fn flags_capture(args: TokenStream) -> TokenStream {
 	let ret = quote! {
 		pub static RUSTC_FLAGS: [&str; #flag_len] = [#( #flag ),*];
 
-		#[ctor]
+		#[conduwuit_core::ctor]
 		fn _set_rustc_flags() {
 			conduwuit_core::info::rustc::FLAGS.lock().insert(#crate_name, &RUSTC_FLAGS);
 		}
 
 		// static strings have to be yanked on module unload
-		#[dtor]
+		#[conduwuit_core::dtor]
 		fn _unset_rustc_flags() {
 			conduwuit_core::info::rustc::FLAGS.lock().remove(#crate_name);
 		}

src/main/Cargo.toml

@@ -32,12 +32,12 @@ a cool hard fork of Conduit, a Matrix homeserver written in Rust"""
 section = "net"
 priority = "optional"
 conf-files = ["/etc/conduwuit/conduwuit.toml"]
-maintainer-scripts = "../../pkg/debian/"
+maintainer-scripts = "../../debian/"
-systemd-units = { unit-name = "conduwuit", start = false, unit-scripts = "../../pkg/" }
+systemd-units = { unit-name = "conduwuit", start = false }
 assets = [
-	["../../pkg/debian/README.md", "usr/share/doc/conduwuit/README.Debian", "644"],
+	["../../debian/README.md", "usr/share/doc/conduwuit/README.Debian", "644"],
 	["../../README.md", "usr/share/doc/conduwuit/", "644"],
-	["../../target/release/conduwuit", "usr/bin/conduwuit", "755"],
+	["../../target/release/conduwuit", "usr/sbin/conduwuit", "755"],
 	["../../conduwuit-example.toml", "etc/conduwuit/conduwuit.toml", "640"],
 ]
 
@@ -126,8 +126,7 @@ perf_measurements = [
 	"dep:tracing-flame",
 	"dep:tracing-opentelemetry",
 	"dep:opentelemetry_sdk",
-	"dep:opentelemetry-otlp",
+	"dep:opentelemetry-jaeger",
-	"dep:opentelemetry-jaeger-propagator",
 	"conduwuit-core/perf_measurements",
 	"conduwuit-core/sentry_telemetry",
 ]
@@ -203,14 +202,11 @@ clap.workspace = true
 console-subscriber.optional = true
 console-subscriber.workspace = true
 const-str.workspace = true
-ctor.workspace = true
 log.workspace = true
+opentelemetry-jaeger.optional = true
+opentelemetry-jaeger.workspace = true
 opentelemetry.optional = true
 opentelemetry.workspace = true
-opentelemetry-otlp.optional = true
-opentelemetry-otlp.workspace = true
-opentelemetry-jaeger-propagator.optional = true
-opentelemetry-jaeger-propagator.workspace = true
 opentelemetry_sdk.optional = true
 opentelemetry_sdk.workspace = true
 sentry-tower.optional = true
@@ -230,7 +226,6 @@ tracing-subscriber.workspace = true
 tracing.workspace = true
 tracing-journald = { workspace = true, optional = true }
 
-
 [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies]
 hardened_malloc-rs.workspace = true
 hardened_malloc-rs.optional = true

src/main/logging.rs

@@ -7,8 +7,6 @@ use conduwuit_core::{
 	log::{ConsoleFormat, ConsoleWriter, LogLevelReloadHandles, capture, fmt_span},
 	result::UnwrapOrErr,
 };
-#[cfg(feature = "perf_measurements")]
-use opentelemetry::trace::TracerProvider;
 use tracing_subscriber::{EnvFilter, Layer, Registry, fmt, layer::SubscriberExt, reload};
 
 #[cfg(feature = "perf_measurements")]
@@ -89,35 +87,30 @@ pub(crate) fn init(
 			(None, None)
 		};
 
-		let otlp_filter = EnvFilter::try_new(&config.otlp_filter)
+		let jaeger_filter = EnvFilter::try_new(&config.jaeger_filter)
-			.map_err(|e| err!(Config("otlp_filter", "{e}.")))?;
+			.map_err(|e| err!(Config("jaeger_filter", "{e}.")))?;
 
-		let otlp_layer = config.allow_otlp.then(|| {
+		let jaeger_layer = config.allow_jaeger.then(|| {
 			opentelemetry::global::set_text_map_propagator(
-				opentelemetry_jaeger_propagator::Propagator::new(),
+				opentelemetry_jaeger::Propagator::new(),
 			);
 
-			let exporter = opentelemetry_otlp::SpanExporter::builder()
+			let tracer = opentelemetry_jaeger::new_agent_pipeline()
-				.with_http()
+				.with_auto_split_batch(true)
-				.build()
+				.with_service_name(conduwuit_core::name())
-				.expect("Failed to create OTLP exporter");
+				.install_batch(opentelemetry_sdk::runtime::Tokio)
-
+				.expect("jaeger agent pipeline");
-			let provider = opentelemetry_sdk::trace::SdkTracerProvider::builder()
-				.with_batch_exporter(exporter)
-				.build();
-
-			let tracer = provider.tracer(conduwuit_core::name());
 
 			let telemetry = tracing_opentelemetry::layer().with_tracer(tracer);
 
-			let (otlp_reload_filter, otlp_reload_handle) =
+			let (jaeger_reload_filter, jaeger_reload_handle) =
-				reload::Layer::new(otlp_filter.clone());
+				reload::Layer::new(jaeger_filter.clone());
-			reload_handles.add("otlp", Box::new(otlp_reload_handle));
+			reload_handles.add("jaeger", Box::new(jaeger_reload_handle));
 
-			Some(telemetry.with_filter(otlp_reload_filter))
+			Some(telemetry.with_filter(jaeger_reload_filter))
 		});
 
-		let subscriber = subscriber.with(flame_layer).with(otlp_layer);
+		let subscriber = subscriber.with(flame_layer).with(jaeger_layer);
 		(subscriber, flame_guard)
 	};
 

src/main/mod.rs

@@ -13,7 +13,6 @@ mod sentry;
 mod server;
 mod signal;
 
-use ctor::{ctor, dtor};
 use server::Server;
 
 rustc_flags_capture! {}

src/router/Cargo.toml

@@ -125,7 +125,6 @@ tokio.workspace = true
 tower.workspace = true
 tower-http.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [target.'cfg(all(unix, target_os = "linux"))'.dependencies]
 sd-notify.workspace = true

src/router/mod.rs

@@ -12,7 +12,6 @@ use std::{panic::AssertUnwindSafe, pin::Pin, sync::Arc};
 
 use conduwuit::{Error, Result, Server};
 use conduwuit_service::Services;
-use ctor::{ctor, dtor};
 use futures::{Future, FutureExt, TryFutureExt};
 
 conduwuit::mod_ctor! {}

src/service/Cargo.toml

@@ -117,7 +117,6 @@ webpage.optional = true
 blurhash.workspace = true
 blurhash.optional = true
 recaptcha-verify = { version = "0.1.5", default-features = false }
-ctor.workspace = true
 
 [lints]
 workspace = true

src/service/mod.rs

@@ -33,7 +33,6 @@ pub mod users;
 extern crate conduwuit_core as conduwuit;
 extern crate conduwuit_database as database;
 
-use ctor::{ctor, dtor};
 pub(crate) use service::{Args, Dep, Service};
 
 pub use crate::services::Services;