Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Continuwuity

A community-driven Matrix homeserver in Rust

forgejo.ellis.link

GitHub

Codeberg

Why does this exist?

The original conduwuit project has been archived and is no longer maintained. Rather than letting this Rust-based Matrix homeserver disappear, a group of community contributors have forked the project to continue its development, fix outstanding issues, and add new features.

We aim to provide a stable, well-maintained alternative for current conduwuit users and welcome newcomers seeking a lightweight, efficient Matrix homeserver.

Who are we?

We are a group of Matrix enthusiasts, developers and system administrators who have used conduwuit and believe in its potential. Our team includes both previous contributors to the original project and new developers who want to help maintain and improve this important piece of Matrix infrastructure.

We operate as an open community project, welcoming contributions from anyone interested in improving continuwuity.

What is Matrix?

Matrix is an open, federated, and extensible network for decentralized communication. Users from any Matrix homeserver can chat with users from all other homeservers over federation. Matrix is designed to be extensible and built on top of. You can even use bridges such as Matrix Appservices to communicate with users outside of Matrix, like a community on Discord.

What are the project's goals?

Continuwuity aims to:

  • Maintain a stable, reliable Matrix homeserver implementation in Rust
  • Improve compatibility and specification compliance with the Matrix protocol
  • Fix bugs and performance issues from the original conduwuit
  • Add missing features needed by homeserver administrators
  • Provide comprehensive documentation and easy deployment options
  • Create a sustainable development model for long-term maintenance
  • Keep a lightweight, efficient codebase that can run on modest hardware

Can I try it out?

Check out the documentation for installation instructions.

There are currently no open registration Continuwuity instances available.

What are we working on?

We're working our way through all of the issues in the Forgejo project.

Can I migrate my data from x?

  • Conduwuit: Yes
  • Conduit: No, database is now incompatible
  • Grapevine: No, database is now incompatible
  • Dendrite: No
  • Synapse: No

We haven't written up a guide on migrating from incompatible homeservers yet. Reach out to us if you need to do this!

How can I deploy my own?

If you want to connect an appservice to Continuwuity, take a look at the appservices documentation.

How can I contribute?

See the contributor's guide

Contact

Join our Matrix room and space to chat with us about the project!

Configuration

This chapter describes various ways to configure Continuwuity.

Basics

Continuwuity uses a config file for the majority of the settings, but also supports setting individual config options via commandline.

Please refer to the example config file for all of those settings.

The config file to use can be specified on the commandline when running Continuwuity by specifying the -c, --config flag. Alternatively, you can use the environment variable CONDUWUIT_CONFIG to specify the config file to used. Conduit's environment variables are supported for backwards compatibility.

Option commandline flag

Continuwuity supports setting individual config options in TOML format from the -O / --option flag. For example, you can set your server name via -O server_name=\"example.com\".

Note that the config is parsed as TOML, and shells like bash will remove quotes. So unfortunately it is required to escape quotes if the config option takes a string. This does not apply to options that take booleans or numbers:

  • --option allow_registration=true works ✅
  • -O max_request_size=99999999 works ✅
  • -O server_name=example.com does not work ❌
  • --option log=\"debug\" works ✅
  • --option server_name='"example.com'" works ✅

Execute commandline flag

Continuwuity supports running admin commands on startup using the commandline argument --execute. The most notable use for this is to create an admin user on first startup.

The syntax of this is a standard admin command without the prefix such as ./conduwuit --execute "users create_user june"

An example output of a success is:

INFO conduwuit_service::admin::startup: Startup command #0 completed:
Created user with user_id: @june:girlboss.ceo and password: `<redacted>`

This commandline argument can be paired with the --option flag.

Environment variables

All of the settings that are found in the config file can be specified by using environment variables. The environment variable names should be all caps and prefixed with CONDUWUIT_.

For example, if the setting you are changing is max_request_size, then the environment variable to set is CONDUWUIT_MAX_REQUEST_SIZE.

To modify config options not in the [global] context such as [global.well_known], use the __ suffix split: CONDUWUIT_WELL_KNOWN__SERVER

Conduit's environment variables are supported for backwards compatibility (e.g. CONDUIT_SERVER_NAME).

Example configuration

Example configuration 
### continuwuity Configuration
###
### THIS FILE IS GENERATED. CHANGES/CONTRIBUTIONS IN THE REPO WILL BE
### OVERWRITTEN!
###
### You should rename this file before configuring your server. Changes to
### documentation and defaults can be contributed in source code at
### src/core/config/mod.rs. This file is generated when building.
###
### Any values pre-populated are the default values for said config option.
###
### At the minimum, you MUST edit all the config options to your environment
### that say "YOU NEED TO EDIT THIS".
###
### For more information, see:
### https://continuwuity.org/configuration.html

[global]

# The server_name is the pretty name of this server. It is used as a
# suffix for user and room IDs/aliases.
#
# See the docs for reverse proxying and delegation:
# https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
#
# Also see the `[global.well_known]` config section at the very bottom.
#
# Examples of delegation:
# - https://puppygock.gay/.well-known/matrix/server
# - https://puppygock.gay/.well-known/matrix/client
#
# YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
# WIPE.
#
# example: "continuwuity.org"
#
#server_name =

# The default address (IPv4 or IPv6) continuwuity will listen on.
#
# If you are using Docker or a container NAT networking setup, this must
# be "0.0.0.0".
#
# To listen on multiple addresses, specify a vector e.g. ["127.0.0.1",
# "::1"]
#
#address = ["127.0.0.1", "::1"]

# The port(s) continuwuity will listen on.
#
# For reverse proxying, see:
# https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
#
# If you are using Docker, don't change this, you'll need to map an
# external port to this.
#
# To listen on multiple ports, specify a vector e.g. [8080, 8448]
#
#port = 8008

# The UNIX socket continuwuity will listen on.
#
# continuwuity cannot listen on both an IP address and a UNIX socket. If
# listening on a UNIX socket, you MUST remove/comment the `address` key.
#
# Remember to make sure that your reverse proxy has access to this socket
# file, either by adding your reverse proxy to the appropriate user group
# or granting world R/W permissions with `unix_socket_perms` (666
# minimum).
#
# example: "/run/continuwuity/continuwuity.sock"
#
#unix_socket_path =

# The default permissions (in octal) to create the UNIX socket with.
#
#unix_socket_perms = 660

# This is the only directory where continuwuity will save its data,
# including media. Note: this was previously "/var/lib/matrix-conduit".
#
# YOU NEED TO EDIT THIS.
#
# example: "/var/lib/continuwuity"
#
#database_path =

# continuwuity supports online database backups using RocksDB's Backup
# engine API. To use this, set a database backup path that continuwuity
# can write to.
#
# For more information, see:
# https://continuwuity.org/maintenance.html#backups
#
# example: "/opt/continuwuity-db-backups"
#
#database_backup_path =

# The amount of online RocksDB database backups to keep/retain, if using
# "database_backup_path", before deleting the oldest one.
#
#database_backups_to_keep = 1

# Text which will be added to the end of the user's displayname upon
# registration with a space before the text. In Conduit, this was the
# lightning bolt emoji.
#
# To disable, set this to "" (an empty string).
#
# The default is the trans pride flag.
#
# example: "🏳️‍⚧️"
#
#new_user_displayname_suffix = "🏳️‍⚧️"

# If enabled, continuwuity will send a simple GET request periodically to
# `https://continuwuity.org/.well-known/continuwuity/announcements` for any new
# announcements or major updates. This is not an update check endpoint.
#
#allow_announcements_check = true

# Set this to any float value to multiply continuwuity's in-memory LRU
# caches with such as "auth_chain_cache_capacity".
#
# May be useful if you have significant memory to spare to increase
# performance.
#
# If you have low memory, reducing this may be viable.
#
# By default, the individual caches such as "auth_chain_cache_capacity"
# are scaled by your CPU core count.
#
#cache_capacity_modifier = 1.0

# Set this to any float value in megabytes for continuwuity to tell the
# database engine that this much memory is available for database read
# caches.
#
# May be useful if you have significant memory to spare to increase
# performance.
#
# Similar to the individual LRU caches, this is scaled up with your CPU
# core count.
#
# This defaults to 128.0 + (64.0 * CPU core count).
#
#db_cache_capacity_mb = varies by system

# Set this to any float value in megabytes for continuwuity to tell the
# database engine that this much memory is available for database write
# caches.
#
# May be useful if you have significant memory to spare to increase
# performance.
#
# Similar to the individual LRU caches, this is scaled up with your CPU
# core count.
#
# This defaults to 48.0 + (4.0 * CPU core count).
#
#db_write_buffer_capacity_mb = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#pdu_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#auth_chain_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#shorteventid_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#eventidshort_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#eventid_pdu_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#shortstatekey_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#statekeyshort_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#servernameevent_data_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#stateinfo_cache_capacity = varies by system

# This item is undocumented. Please contribute documentation for it.
#
#roomid_spacehierarchy_cache_capacity = varies by system

# Maximum entries stored in DNS memory-cache. The size of an entry may
# vary so please take care if raising this value excessively. Only
# decrease this when using an external DNS cache. Please note that
# systemd-resolved does *not* count as an external cache, even when
# configured to do so.
#
#dns_cache_entries = 32768

# Minimum time-to-live in seconds for entries in the DNS cache. The
# default may appear high to most administrators; this is by design as the
# majority of NXDOMAINs are correct for a long time (e.g. the server is no
# longer running Matrix). Only decrease this if you are using an external
# DNS cache.
#
#dns_min_ttl = 10800

# Minimum time-to-live in seconds for NXDOMAIN entries in the DNS cache.
# This value is critical for the server to federate efficiently.
# NXDOMAIN's are assumed to not be returning to the federation and
# aggressively cached rather than constantly rechecked.
#
# Defaults to 3 days as these are *very rarely* false negatives.
#
#dns_min_ttl_nxdomain = 259200

# Number of DNS nameserver retries after a timeout or error.
#
#dns_attempts = 10

# The number of seconds to wait for a reply to a DNS query. Please note
# that recursive queries can take up to several seconds for some domains,
# so this value should not be too low, especially on slower hardware or
# resolvers.
#
#dns_timeout = 10

# Fallback to TCP on DNS errors. Set this to false if unsupported by
# nameserver.
#
#dns_tcp_fallback = true

# Enable to query all nameservers until the domain is found. Referred to
# as "trust_negative_responses" in hickory_resolver. This can avoid
# useless DNS queries if the first nameserver responds with NXDOMAIN or
# an empty NOERROR response.
#
#query_all_nameservers = true

# Enable using *only* TCP for querying your specified nameservers instead
# of UDP.
#
# If you are running continuwuity in a container environment, this config
# option may need to be enabled. For more details, see:
# https://continuwuity.org/troubleshooting.html#potential-dns-issues-when-using-docker
#
#query_over_tcp_only = false

# DNS A/AAAA record lookup strategy
#
# Takes a number of one of the following options:
# 1 - Ipv4Only (Only query for A records, no AAAA/IPv6)
#
# 2 - Ipv6Only (Only query for AAAA records, no A/IPv4)
#
# 3 - Ipv4AndIpv6 (Query for A and AAAA records in parallel, uses whatever
# returns a successful response first)
#
# 4 - Ipv6thenIpv4 (Query for AAAA record, if that fails then query the A
# record)
#
# 5 - Ipv4thenIpv6 (Query for A record, if that fails then query the AAAA
# record)
#
# If you don't have IPv6 networking, then for better DNS performance it
# may be suitable to set this to Ipv4Only (1) as you will never ever use
# the AAAA record contents even if the AAAA record is successful instead
# of the A record.
#
#ip_lookup_strategy = 5

# Max request size for file uploads in bytes. Defaults to 20MB.
#
#max_request_size = 20971520

# This item is undocumented. Please contribute documentation for it.
#
#max_fetch_prev_events = 192

# Default/base connection timeout (seconds). This is used only by URL
# previews and update/news endpoint checks.
#
#request_conn_timeout = 10

# Default/base request timeout (seconds). The time waiting to receive more
# data from another server. This is used only by URL previews,
# update/news, and misc endpoint checks.
#
#request_timeout = 35

# Default/base request total timeout (seconds). The time limit for a whole
# request. This is set very high to not cancel healthy requests while
# serving as a backstop. This is used only by URL previews and update/news
# endpoint checks.
#
#request_total_timeout = 320

# Default/base idle connection pool timeout (seconds). This is used only
# by URL previews and update/news endpoint checks.
#
#request_idle_timeout = 5

# Default/base max idle connections per host. This is used only by URL
# previews and update/news endpoint checks. Defaults to 1 as generally the
# same open connection can be re-used.
#
#request_idle_per_host = 1

# Federation well-known resolution connection timeout (seconds).
#
#well_known_conn_timeout = 6

# Federation HTTP well-known resolution request timeout (seconds).
#
#well_known_timeout = 10

# Federation client request timeout (seconds). You most definitely want
# this to be high to account for extremely large room joins, slow
# homeservers, your own resources etc.
#
#federation_timeout = 300

# Federation client idle connection pool timeout (seconds).
#
#federation_idle_timeout = 25

# Federation client max idle connections per host. Defaults to 1 as
# generally the same open connection can be re-used.
#
#federation_idle_per_host = 1

# Federation sender request timeout (seconds). The time it takes for the
# remote server to process sent transactions can take a while.
#
#sender_timeout = 180

# Federation sender idle connection pool timeout (seconds).
#
#sender_idle_timeout = 180

# Federation sender transaction retry backoff limit (seconds).
#
#sender_retry_backoff_limit = 86400

# Appservice URL request connection timeout. Defaults to 35 seconds as
# generally appservices are hosted within the same network.
#
#appservice_timeout = 35

# Appservice URL idle connection pool timeout (seconds).
#
#appservice_idle_timeout = 300

# Notification gateway pusher idle connection pool timeout.
#
#pusher_idle_timeout = 15

# Maximum time to receive a request from a client (seconds).
#
#client_receive_timeout = 75

# Maximum time to process a request received from a client (seconds).
#
#client_request_timeout = 180

# Maximum time to transmit a response to a client (seconds)
#
#client_response_timeout = 120

# Grace period for clean shutdown of client requests (seconds).
#
#client_shutdown_timeout = 10

# Grace period for clean shutdown of federation requests (seconds).
#
#sender_shutdown_timeout = 5

# Enables registration. If set to false, no users can register on this
# server.
#
# If set to true without a token configured, users can register with no
# form of 2nd-step only if you set the following option to true:
# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
#
# If you would like registration only via token reg, please configure
# `registration_token` or `registration_token_file`.
#
#allow_registration = false

# Enabling this setting opens registration to anyone without restrictions.
# This makes your server vulnerable to abuse
#
#yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false

# A static registration token that new users will have to provide when
# creating an account. If unset and `allow_registration` is true,
# you must set
# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
# to true to allow open registration without any conditions.
#
# YOU NEED TO EDIT THIS OR USE registration_token_file.
#
# example: "o&^uCtes4HPf0Vu@F20jQeeWE7"
#
#registration_token =

# Path to a file on the system that gets read for additional registration
# tokens. Multiple tokens can be added if you separate them with
# whitespace
#
# continuwuity must be able to access the file, and it must not be empty
#
# example: "/etc/continuwuity/.reg_token"
#
#registration_token_file =

# Controls whether encrypted rooms and events are allowed.
#
#allow_encryption = true

# Controls whether federation is allowed or not. It is not recommended to
# disable this after the fact due to potential federation breakage.
#
#allow_federation = true

# Allows federation requests to be made to itself
#
# This isn't intended and is very likely a bug if federation requests are
# being sent to yourself. This currently mainly exists for development
# purposes.
#
#federation_loopback = false

# Always calls /forget on behalf of the user if leaving a room. This is a
# part of MSC4267 "Automatically forgetting rooms on leave"
#
#forget_forced_upon_leave = false

# Set this to true to require authentication on the normally
# unauthenticated profile retrieval endpoints (GET)
# "/_matrix/client/v3/profile/{userId}".
#
# This can prevent profile scraping.
#
#require_auth_for_profile_requests = false

# Set this to true to allow your server's public room directory to be
# federated. Set this to false to protect against /publicRooms spiders,
# but will forbid external users from viewing your server's public room
# directory. If federation is disabled entirely (`allow_federation`), this
# is inherently false.
#
#allow_public_room_directory_over_federation = false

# Set this to true to allow your server's public room directory to be
# queried without client authentication (access token) through the Client
# APIs. Set this to false to protect against /publicRooms spiders.
#
#allow_public_room_directory_without_auth = false

# Allow guests/unauthenticated users to access TURN credentials.
#
# This is the equivalent of Synapse's `turn_allow_guests` config option.
# This allows any unauthenticated user to call the endpoint
# `/_matrix/client/v3/voip/turnServer`.
#
# It is unlikely you need to enable this as all major clients support
# authentication for this endpoint and prevents misuse of your TURN server
# from potential bots.
#
#turn_allow_guests = false

# Set this to true to lock down your server's public room directory and
# only allow admins to publish rooms to the room directory. Unpublishing
# is still allowed by all users with this enabled.
#
#lockdown_public_room_directory = false

# Set this to true to allow federating device display names / allow
# external users to see your device display name. If federation is
# disabled entirely (`allow_federation`), this is inherently false. For
# privacy reasons, this is best left disabled.
#
#allow_device_name_federation = false

# Config option to allow or disallow incoming federation requests that
# obtain the profiles of our local users from
# `/_matrix/federation/v1/query/profile`
#
# Increases privacy of your local user's such as display names, but some
# remote users may get a false "this user does not exist" error when they
# try to invite you to a DM or room. Also can protect against profile
# spiders.
#
# This is inherently false if `allow_federation` is disabled
#
#allow_inbound_profile_lookup_federation_requests = true

# Allow standard users to create rooms. Appservices and admins are always
# allowed to create rooms
#
#allow_room_creation = true

# Set to false to disable users from joining or creating room versions
# that aren't officially supported by continuwuity.
#
# continuwuity officially supports room versions 6 - 11.
#
# continuwuity has slightly experimental (though works fine in practice)
# support for versions 3 - 5.
#
#allow_unstable_room_versions = true

# Default room version continuwuity will create rooms with.
#
# Per spec, room version 11 is the default.
#
#default_room_version = 11

# This item is undocumented. Please contribute documentation for it.
#
#allow_jaeger = false

# This item is undocumented. Please contribute documentation for it.
#
#jaeger_filter = "info"

# If the 'perf_measurements' compile-time feature is enabled, enables
# collecting folded stack trace profile of tracing spans using
# tracing_flame. The resulting profile can be visualized with inferno[1],
# speedscope[2], or a number of other tools.
#
# [1]: https://github.com/jonhoo/inferno
# [2]: www.speedscope.app
#
#tracing_flame = false

# This item is undocumented. Please contribute documentation for it.
#
#tracing_flame_filter = "info"

# This item is undocumented. Please contribute documentation for it.
#
#tracing_flame_output_path = "./tracing.folded"

# Examples:
#
# - No proxy (default):
#
#       proxy = "none"
#
# - For global proxy, create the section at the bottom of this file:
#
#       [global.proxy]
#       global = { url = "socks5h://localhost:9050" }
#
# - To proxy some domains:
#
#       [global.proxy]
#       [[global.proxy.by_domain]]
#       url = "socks5h://localhost:9050"
#       include = ["*.onion", "matrix.myspecial.onion"]
#       exclude = ["*.myspecial.onion"]
#
# Include vs. Exclude:
#
# - If include is an empty list, it is assumed to be `["*"]`.
#
# - If a domain matches both the exclude and include list, the proxy will
#   only be used if it was included because of a more specific rule than
#   it was excluded. In the above example, the proxy would be used for
#   `ordinary.onion`, `matrix.myspecial.onion`, but not
#   `hello.myspecial.onion`.
#
#proxy = "none"

# Servers listed here will be used to gather public keys of other servers
# (notary trusted key servers).
#
# Currently, continuwuity doesn't support inbound batched key requests, so
# this list should only contain other Synapse servers.
#
# example: ["matrix.org", "tchncs.de"]
#
#trusted_servers = ["matrix.org"]

# Whether to query the servers listed in trusted_servers first or query
# the origin server first. For best security, querying the origin server
# first is advised to minimize the exposure to a compromised trusted
# server. For maximum federation/join performance this can be set to true,
# however other options exist to query trusted servers first under
# specific high-load circumstances and should be evaluated before setting
# this to true.
#
#query_trusted_key_servers_first = false

# Whether to query the servers listed in trusted_servers first
# specifically on room joins. This option limits the exposure to a
# compromised trusted server to room joins only. The join operation
# requires gathering keys from many origin servers which can cause
# significant delays. Therefor this defaults to true to mitigate
# unexpected delays out-of-the-box. The security-paranoid or those willing
# to tolerate delays are advised to set this to false. Note that setting
# query_trusted_key_servers_first to true causes this option to be
# ignored.
#
#query_trusted_key_servers_first_on_join = true

# Only query trusted servers for keys and never the origin server. This is
# intended for clusters or custom deployments using their trusted_servers
# as forwarding-agents to cache and deduplicate requests. Notary servers
# do not act as forwarding-agents by default, therefor do not enable this
# unless you know exactly what you are doing.
#
#only_query_trusted_key_servers = false

# Maximum number of keys to request in each trusted server batch query.
#
#trusted_server_batch_size = 1024

# Max log level for continuwuity. Allows debug, info, warn, or error.
#
# See also:
# https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
#
# **Caveat**:
# For release builds, the tracing crate is configured to only implement
# levels higher than error to avoid unnecessary overhead in the compiled
# binary from trace macros. For debug builds, this restriction is not
# applied.
#
#log = "info"

# Output logs with ANSI colours.
#
#log_colors = true

# Configures the span events which will be outputted with the log.
#
#log_span_events = "none"

# Configures whether CONTINUWUITY_LOG EnvFilter matches values using
# regular expressions. See the tracing_subscriber documentation on
# Directives.
#
#log_filter_regex = true

# Toggles the display of ThreadId in tracing log output.
#
#log_thread_ids = false

# OpenID token expiration/TTL in seconds.
#
# These are the OpenID tokens that are primarily used for Matrix account
# integrations (e.g. Vector Integrations in Element), *not* OIDC/OpenID
# Connect/etc.
#
#openid_token_ttl = 3600

# Allow an existing session to mint a login token for another client.
# This requires interactive authentication, but has security ramifications
# as a malicious client could use the mechanism to spawn more than one
# session.
# Enabled by default.
#
#login_via_existing_session = true

# Login token expiration/TTL in milliseconds.
#
# These are short-lived tokens for the m.login.token endpoint.
# This is used to allow existing sessions to create new sessions.
# see login_via_existing_session.
#
#login_token_ttl = 120000

# Static TURN username to provide the client if not using a shared secret
# ("turn_secret"), It is recommended to use a shared secret over static
# credentials.
#
#turn_username = false

# Static TURN password to provide the client if not using a shared secret
# ("turn_secret"). It is recommended to use a shared secret over static
# credentials.
#
#turn_password = false

# Vector list of TURN URIs/servers to use.
#
# Replace "example.turn.uri" with your TURN domain, such as the coturn
# "realm" config option. If using TURN over TLS, replace the URI prefix
# "turn:" with "turns:".
#
# example: ["turn:example.turn.uri?transport=udp",
# "turn:example.turn.uri?transport=tcp"]
#
#turn_uris = []

# TURN secret to use for generating the HMAC-SHA1 hash apart of username
# and password generation.
#
# This is more secure, but if needed you can use traditional static
# username/password credentials.
#
#turn_secret = false

# TURN secret to use that's read from the file path specified.
#
# This takes priority over "turn_secret" first, and falls back to
# "turn_secret" if invalid or failed to open.
#
# example: "/etc/continuwuity/.turn_secret"
#
#turn_secret_file =

# TURN TTL, in seconds.
#
#turn_ttl = 86400

# List/vector of room IDs or room aliases that continuwuity will make
# newly registered users join. The rooms specified must be rooms that you
# have joined at least once on the server, and must be public.
#
# example: ["#continuwuity:continuwuity.org",
# "!main-1:continuwuity.org"]
#
#auto_join_rooms = []

# Config option to automatically deactivate the account of any user who
# attempts to join a:
# - banned room
# - forbidden room alias
# - room alias or ID with a forbidden server name
#
# This may be useful if all your banned lists consist of toxic rooms or
# servers that no good faith user would ever attempt to join, and
# to automatically remediate the problem without any admin user
# intervention.
#
# This will also make the user leave all rooms. Federation (e.g. remote
# room invites) are ignored here.
#
# Defaults to false as rooms can be banned for non-moderation-related
# reasons and this performs a full user deactivation.
#
#auto_deactivate_banned_room_attempts = false

# RocksDB log level. This is not the same as continuwuity's log level.
# This is the log level for the RocksDB engine/library which show up in
# your database folder/path as `LOG` files. continuwuity will log RocksDB
# errors as normal through tracing or panics if severe for safety.
#
#rocksdb_log_level = "error"

# This item is undocumented. Please contribute documentation for it.
#
#rocksdb_log_stderr = false

# Max RocksDB `LOG` file size before rotating in bytes. Defaults to 4MB in
# bytes.
#
#rocksdb_max_log_file_size = 4194304

# Time in seconds before RocksDB will forcibly rotate logs.
#
#rocksdb_log_time_to_roll = 0

# Set this to true to use RocksDB config options that are tailored to HDDs
# (slower device storage).
#
# It is worth noting that by default, continuwuity will use RocksDB with
# Direct IO enabled. *Generally* speaking this improves performance as it
# bypasses buffered I/O (system page cache). However there is a potential
# chance that Direct IO may cause issues with database operations if your
# setup is uncommon. This has been observed with FUSE filesystems, and
# possibly ZFS filesystem. RocksDB generally deals/corrects these issues
# but it cannot account for all setups. If you experience any weird
# RocksDB issues, try enabling this option as it turns off Direct IO and
# feel free to report in the continuwuity Matrix room if this option fixes
# your DB issues.
#
# For more information, see:
# https://github.com/facebook/rocksdb/wiki/Direct-IO
#
#rocksdb_optimize_for_spinning_disks = false

# Enables direct-io to increase database performance via unbuffered I/O.
#
# For more details about direct I/O and RockDB, see:
# https://github.com/facebook/rocksdb/wiki/Direct-IO
#
# Set this option to false if the database resides on a filesystem which
# does not support direct-io like FUSE, or any form of complex filesystem
# setup such as possibly ZFS.
#
#rocksdb_direct_io = true

# Amount of threads that RocksDB will use for parallelism on database
# operations such as cleanup, sync, flush, compaction, etc. Set to 0 to
# use all your logical threads. Defaults to your CPU logical thread count.
#
#rocksdb_parallelism_threads = varies by system

# Maximum number of LOG files RocksDB will keep. This must *not* be set to
# 0. It must be at least 1. Defaults to 3 as these are not very useful
# unless troubleshooting/debugging a RocksDB bug.
#
#rocksdb_max_log_files = 3

# Type of RocksDB database compression to use.
#
# Available options are "zstd", "bz2", "lz4", or "none".
#
# It is best to use ZSTD as an overall good balance between
# speed/performance, storage, IO amplification, and CPU usage. For more
# performance but less compression (more storage used) and less CPU usage,
# use LZ4.
#
# For more details, see:
# https://github.com/facebook/rocksdb/wiki/Compression
#
# "none" will disable compression.
#
#rocksdb_compression_algo = "zstd"

# Level of compression the specified compression algorithm for RocksDB to
# use.
#
# Default is 32767, which is internally read by RocksDB as the default
# magic number and translated to the library's default compression level
# as they all differ. See their `kDefaultCompressionLevel`.
#
# Note when using the default value we may override it with a setting
# tailored specifically for continuwuity.
#
#rocksdb_compression_level = 32767

# Level of compression the specified compression algorithm for the
# bottommost level/data for RocksDB to use. Default is 32767, which is
# internally read by RocksDB as the default magic number and translated to
# the library's default compression level as they all differ. See their
# `kDefaultCompressionLevel`.
#
# Since this is the bottommost level (generally old and least used data),
# it may be desirable to have a very high compression level here as it's
# less likely for this data to be used. Research your chosen compression
# algorithm.
#
# Note when using the default value we may override it with a setting
# tailored specifically for continuwuity.
#
#rocksdb_bottommost_compression_level = 32767

# Whether to enable RocksDB's "bottommost_compression".
#
# At the expense of more CPU usage, this will further compress the
# database to reduce more storage. It is recommended to use ZSTD
# compression with this for best compression results. This may be useful
# if you're trying to reduce storage usage from the database.
#
# See https://github.com/facebook/rocksdb/wiki/Compression for more details.
#
#rocksdb_bottommost_compression = true

# Database recovery mode (for RocksDB WAL corruption).
#
# Use this option when the server reports corruption and refuses to start.
# Set mode 2 (PointInTime) to cleanly recover from this corruption. The
# server will continue from the last good state, several seconds or
# minutes prior to the crash. Clients may have to run "clear-cache &
# reload" to account for the rollback. Upon success, you may reset the
# mode back to default and restart again. Please note in some cases the
# corruption error may not be cleared for at least 30 minutes of operation
# in PointInTime mode.
#
# As a very last ditch effort, if PointInTime does not fix or resolve
# anything, you can try mode 3 (SkipAnyCorruptedRecord) but this will
# leave the server in a potentially inconsistent state.
#
# The default mode 1 (TolerateCorruptedTailRecords) will automatically
# drop the last entry in the database if corrupted during shutdown, but
# nothing more. It is extraordinarily unlikely this will desynchronize
# clients. To disable any form of silent rollback set mode 0
# (AbsoluteConsistency).
#
# The options are:
# 0 = AbsoluteConsistency
# 1 = TolerateCorruptedTailRecords (default)
# 2 = PointInTime (use me if trying to recover)
# 3 = SkipAnyCorruptedRecord (you now voided your Continuwuity warranty)
#
# For more information on these modes, see:
# https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes
#
# For more details on recovering a corrupt database, see:
# https://continuwuity.org/troubleshooting.html#database-corruption
#
#rocksdb_recovery_mode = 1

# Enables or disables paranoid SST file checks. This can improve RocksDB
# database consistency at a potential performance impact due to further
# safety checks ran.
#
# For more information, see:
# https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks
#
#rocksdb_paranoid_file_checks = false

# Enables or disables checksum verification in rocksdb at runtime.
# Checksums are usually hardware accelerated with low overhead; they are
# enabled in rocksdb by default. Older or slower platforms may see gains
# from disabling.
#
#rocksdb_checksums = true

# Enables the "atomic flush" mode in rocksdb. This option is not intended
# for users. It may be removed or ignored in future versions. Atomic flush
# may be enabled by the paranoid to possibly improve database integrity at
# the cost of performance.
#
#rocksdb_atomic_flush = false

# Database repair mode (for RocksDB SST corruption).
#
# Use this option when the server reports corruption while running or
# panics. If the server refuses to start use the recovery mode options
# first. Corruption errors containing the acronym 'SST' which occur after
# startup will likely require this option.
#
# - Backing up your database directory is recommended prior to running the
#   repair.
#
# - Disabling repair mode and restarting the server is recommended after
#   running the repair.
#
# See https://continuwuity.org/troubleshooting.html#database-corruption for more details on recovering a corrupt database.
#
#rocksdb_repair = false

# This item is undocumented. Please contribute documentation for it.
#
#rocksdb_read_only = false

# This item is undocumented. Please contribute documentation for it.
#
#rocksdb_secondary = false

# Enables idle CPU priority for compaction thread. This is not enabled by
# default to prevent compaction from falling too far behind on busy
# systems.
#
#rocksdb_compaction_prio_idle = false

# Enables idle IO priority for compaction thread. This prevents any
# unexpected lag in the server's operation and is usually a good idea.
# Enabled by default.
#
#rocksdb_compaction_ioprio_idle = true

# Enables RocksDB compaction. You should never ever have to set this
# option to false. If you for some reason find yourself needing to use
# this option as part of troubleshooting or a bug, please reach out to us
# in the continuwuity Matrix room with information and details.
#
# Disabling compaction will lead to a significantly bloated and
# explosively large database, gradually poor performance, unnecessarily
# excessive disk read/writes, and slower shutdowns and startups.
#
#rocksdb_compaction = true

# Level of statistics collection. Some admin commands to display database
# statistics may require this option to be set. Database performance may
# be impacted by higher settings.
#
# Option is a number ranging from 0 to 6:
# 0 = No statistics.
# 1 = No statistics in release mode (default).
# 2 to 3 = Statistics with no performance impact.
# 3 to 5 = Statistics with possible performance impact.
# 6 = All statistics.
#
#rocksdb_stats_level = 1

# This is a password that can be configured that will let you login to the
# server bot account (currently `@conduit`) for emergency troubleshooting
# purposes such as recovering/recreating your admin room, or inviting
# yourself back.
#
# See https://continuwuity.org/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room.
#
# Once this password is unset, all sessions will be logged out for
# security purposes.
#
# example: "F670$2CP@Hw8mG7RY1$%!#Ic7YA"
#
#emergency_password =

# This item is undocumented. Please contribute documentation for it.
#
#notification_push_path = "/_matrix/push/v1/notify"

# Allow local (your server only) presence updates/requests.
#
# Note that presence on continuwuity is very fast unlike Synapse's. If
# using outgoing presence, this MUST be enabled.
#
#allow_local_presence = true

# Allow incoming federated presence updates/requests.
#
# This option receives presence updates from other servers, but does not
# send any unless `allow_outgoing_presence` is true. Note that presence on
# continuwuity is very fast unlike Synapse's.
#
#allow_incoming_presence = true

# Allow outgoing presence updates/requests.
#
# This option sends presence updates to other servers, but does not
# receive any unless `allow_incoming_presence` is true. Note that presence
# on continuwuity is very fast unlike Synapse's. If using outgoing
# presence, you MUST enable `allow_local_presence` as well.
#
#allow_outgoing_presence = true

# How many seconds without presence updates before you become idle.
# Defaults to 5 minutes.
#
#presence_idle_timeout_s = 300

# How many seconds without presence updates before you become offline.
# Defaults to 30 minutes.
#
#presence_offline_timeout_s = 1800

# Enable the presence idle timer for remote users.
#
# Disabling is offered as an optimization for servers participating in
# many large rooms or when resources are limited. Disabling it may cause
# incorrect presence states (i.e. stuck online) to be seen for some remote
# users.
#
#presence_timeout_remote_users = true

# Allow receiving incoming read receipts from remote servers.
#
#allow_incoming_read_receipts = true

# Allow sending read receipts to remote servers.
#
#allow_outgoing_read_receipts = true

# Allow outgoing typing updates to federation.
#
#allow_outgoing_typing = true

# Allow incoming typing updates from federation.
#
#allow_incoming_typing = true

# Maximum time federation user can indicate typing.
#
#typing_federation_timeout_s = 30

# Minimum time local client can indicate typing. This does not override a
# client's request to stop typing. It only enforces a minimum value in
# case of no stop request.
#
#typing_client_timeout_min_s = 15

# Maximum time local client can indicate typing.
#
#typing_client_timeout_max_s = 45

# Set this to true for continuwuity to compress HTTP response bodies using
# zstd. This option does nothing if continuwuity was not built with
# `zstd_compression` feature. Please be aware that enabling HTTP
# compression may weaken TLS. Most users should not need to enable this.
# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
# before deciding to enable this.
#
#zstd_compression = false

# Set this to true for continuwuity to compress HTTP response bodies using
# gzip. This option does nothing if continuwuity was not built with
# `gzip_compression` feature. Please be aware that enabling HTTP
# compression may weaken TLS. Most users should not need to enable this.
# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before
# deciding to enable this.
#
# If you are in a large amount of rooms, you may find that enabling this
# is necessary to reduce the significantly large response bodies.
#
#gzip_compression = false

# Set this to true for continuwuity to compress HTTP response bodies using
# brotli. This option does nothing if continuwuity was not built with
# `brotli_compression` feature. Please be aware that enabling HTTP
# compression may weaken TLS. Most users should not need to enable this.
# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
# before deciding to enable this.
#
#brotli_compression = false

# Set to true to allow user type "guest" registrations. Some clients like
# Element attempt to register guest users automatically.
#
#allow_guest_registration = false

# Set to true to log guest registrations in the admin room. Note that
# these may be noisy or unnecessary if you're a public homeserver.
#
#log_guest_registrations = false

# Set to true to allow guest registrations/users to auto join any rooms
# specified in `auto_join_rooms`.
#
#allow_guests_auto_join_rooms = false

# Enable the legacy unauthenticated Matrix media repository endpoints.
# These endpoints consist of:
# - /_matrix/media/*/config
# - /_matrix/media/*/upload
# - /_matrix/media/*/preview_url
# - /_matrix/media/*/download/*
# - /_matrix/media/*/thumbnail/*
#
# The authenticated equivalent endpoints are always enabled.
#
# Defaults to true for now, but this is highly subject to change, likely
# in the next release.
#
#allow_legacy_media = true

# This item is undocumented. Please contribute documentation for it.
#
#freeze_legacy_media = true

# Check consistency of the media directory at startup:
# 1. When `media_compat_file_link` is enabled, this check will upgrade
#    media when switching back and forth between Conduit and conduwuit.
#    Both options must be enabled to handle this.
# 2. When media is deleted from the directory, this check will also delete
#    its database entry.
#
# If none of these checks apply to your use cases, and your media
# directory is significantly large setting this to false may reduce
# startup time.
#
#media_startup_check = true

# Enable backward-compatibility with Conduit's media directory by creating
# symlinks of media.
#
# This option is only necessary if you plan on using Conduit again.
# Otherwise setting this to false reduces filesystem clutter and overhead
# for managing these symlinks in the directory. This is now disabled by
# default. You may still return to upstream Conduit but you have to run
# continuwuity at least once with this set to true and allow the
# media_startup_check to take place before shutting down to return to
# Conduit.
#
#media_compat_file_link = false

# Prune missing media from the database as part of the media startup
# checks.
#
# This means if you delete files from the media directory the
# corresponding entries will be removed from the database. This is
# disabled by default because if the media directory is accidentally moved
# or inaccessible, the metadata entries in the database will be lost with
# sadness.
#
#prune_missing_media = false

# List of forbidden server names via regex patterns that we will block
# incoming AND outgoing federation with, and block client room joins /
# remote user invites.
#
# Note that your messages can still make it to forbidden servers through
# backfilling. Events we receive from forbidden servers via backfill
# from servers we *do* federate with will be stored in the database.
#
# This check is applied on the room ID, room alias, sender server name,
# sender user's server name, inbound federation X-Matrix origin, and
# outbound federation handler.
#
# You can set this to ["*"] to block all servers by default, and then
# use `allowed_remote_server_names` to allow only specific servers.
#
# example: ["badserver\\.tld$", "badphrase", "19dollarfortnitecards"]
#
#forbidden_remote_server_names = []

# List of allowed server names via regex patterns that we will allow,
# regardless of if they match `forbidden_remote_server_names`.
#
# This option has no effect if `forbidden_remote_server_names` is empty.
#
# example: ["goodserver\\.tld$", "goodphrase"]
#
#allowed_remote_server_names = []

# Vector list of regex patterns of server names that continuwuity will
# refuse to download remote media from.
#
# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
#
#prevent_media_downloads_from = []

# List of forbidden server names via regex patterns that we will block all
# outgoing federated room directory requests for. Useful for preventing
# our users from wandering into bad servers or spaces.
#
# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
#
#forbidden_remote_room_directory_server_names = []

# Vector list of regex patterns of server names that continuwuity will not
# send messages to the client from.
#
# Note that there is no way for clients to receive messages once a server
# has become unignored without doing a full sync. This is a protocol
# limitation with the current sync protocols. This means this is somewhat
# of a nuclear option.
#
# example: ["reallybadserver\.tld$", "reallybadphrase",
# "69dollarfortnitecards"]
#
#ignore_messages_from_server_names = []

# Send messages from users that the user has ignored to the client.
#
# There is no way for clients to receive messages sent while a user was
# ignored without doing a full sync. This is a protocol limitation with
# the current sync protocols. Disabling this option will move
# responsibility of ignoring messages to the client, which can avoid this
# limitation.
#
#send_messages_from_ignored_users_to_client = false

# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
# do not want continuwuity to send outbound requests to. Defaults to
# RFC1918, unroutable, loopback, multicast, and testnet addresses for
# security.
#
# Please be aware that this is *not* a guarantee. You should be using a
# firewall with zones as doing this on the application layer may have
# bypasses.
#
# Currently this does not account for proxies in use like Synapse does.
#
# To disable, set this to be an empty vector (`[]`).
#
# Defaults to:
# ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12",
# "192.168.0.0/16", "100.64.0.0/10", "192.0.0.0/24", "169.254.0.0/16",
# "192.88.99.0/24", "198.18.0.0/15", "192.0.2.0/24", "198.51.100.0/24",
# "203.0.113.0/24", "224.0.0.0/4", "::1/128", "fe80::/10", "fc00::/7",
# "2001:db8::/32", "ff00::/8", "fec0::/10"]
#
#ip_range_denylist =

# Optional IP address or network interface-name to bind as the source of
# URL preview requests. If not set, it will not bind to a specific
# address or interface.
#
# Interface names only supported on Linux, Android, and Fuchsia platforms;
# all other platforms can specify the IP address. To list the interfaces
# on your system, use the command `ip link show`.
#
# example: `"eth0"` or `"1.2.3.4"`
#
#url_preview_bound_interface =

# Vector list of domains allowed to send requests to for URL previews.
#
# This is a *contains* match, not an explicit match. Putting "google.com"
# will match "https://google.com" and
# "http://mymaliciousdomainexamplegoogle.com" Setting this to "*" will
# allow all URL previews. Please note that this opens up significant
# attack surface to your server, you are expected to be aware of the risks
# by doing so.
#
#url_preview_domain_contains_allowlist = []

# Vector list of explicit domains allowed to send requests to for URL
# previews.
#
# This is an *explicit* match, not a contains match. Putting "google.com"
# will match "https://google.com", "http://google.com", but not
# "https://mymaliciousdomainexamplegoogle.com". Setting this to "*" will
# allow all URL previews. Please note that this opens up significant
# attack surface to your server, you are expected to be aware of the risks
# by doing so.
#
#url_preview_domain_explicit_allowlist = []

# Vector list of explicit domains not allowed to send requests to for URL
# previews.
#
# This is an *explicit* match, not a contains match. Putting "google.com"
# will match "https://google.com", "http://google.com", but not
# "https://mymaliciousdomainexamplegoogle.com". The denylist is checked
# first before allowlist. Setting this to "*" will not do anything.
#
#url_preview_domain_explicit_denylist = []

# Vector list of URLs allowed to send requests to for URL previews.
#
# Note that this is a *contains* match, not an explicit match. Putting
# "google.com" will match "https://google.com/",
# "https://google.com/url?q=https://mymaliciousdomainexample.com", and
# "https://mymaliciousdomainexample.com/hi/google.com" Setting this to "*"
# will allow all URL previews. Please note that this opens up significant
# attack surface to your server, you are expected to be aware of the risks
# by doing so.
#
#url_preview_url_contains_allowlist = []

# Maximum amount of bytes allowed in a URL preview body size when
# spidering. Defaults to 256KB in bytes.
#
#url_preview_max_spider_size = 256000

# Option to decide whether you would like to run the domain allowlist
# checks (contains and explicit) on the root domain or not. Does not apply
# to URL contains allowlist. Defaults to false.
#
# Example usecase: If this is enabled and you have "wikipedia.org" allowed
# in the explicit and/or contains domain allowlist, it will allow all
# subdomains under "wikipedia.org" such as "en.m.wikipedia.org" as the
# root domain is checked and matched. Useful if the domain contains
# allowlist is still too broad for you but you still want to allow all the
# subdomains under a root domain.
#
#url_preview_check_root_domain = false

# List of forbidden room aliases and room IDs as strings of regex
# patterns.
#
# Regex can be used or explicit contains matches can be done by just
# specifying the words (see example).
#
# This is checked upon room alias creation, custom room ID creation if
# used, and startup as warnings if any room aliases in your database have
# a forbidden room alias/ID.
#
# example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
#
#forbidden_alias_names = []

# List of forbidden username patterns/strings.
#
# Regex can be used or explicit contains matches can be done by just
# specifying the words (see example).
#
# This is checked upon username availability check, registration, and
# startup as warnings if any local users in your database have a forbidden
# username.
#
# example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
#
#forbidden_usernames = []

# Retry failed and incomplete messages to remote servers immediately upon
# startup. This is called bursting. If this is disabled, said messages may
# not be delivered until more messages are queued for that server. Do not
# change this option unless server resources are extremely limited or the
# scale of the server's deployment is huge. Do not disable this unless you
# know what you are doing.
#
#startup_netburst = true

# Messages are dropped and not reattempted. The `startup_netburst` option
# must be enabled for this value to have any effect. Do not change this
# value unless you know what you are doing. Set this value to -1 to
# reattempt every message without trimming the queues; this may consume
# significant disk. Set this value to 0 to drop all messages without any
# attempt at redelivery.
#
#startup_netburst_keep = 50

# Block non-admin local users from sending room invites (local and
# remote), and block non-admin users from receiving remote room invites.
#
# Admins are always allowed to send and receive all room invites.
#
#block_non_admin_invites = false

# Allow admins to enter commands in rooms other than "#admins" (admin
# room) by prefixing your message with "\!admin" or "\\!admin" followed up
# a normal continuwuity admin command. The reply will be publicly visible
# to the room, originating from the sender.
#
# example: \\!admin debug ping puppygock.gay
#
#admin_escape_commands = true

# Automatically activate the continuwuity admin room console / CLI on
# startup. This option can also be enabled with `--console` continuwuity
# argument.
#
#admin_console_automatic = false

# List of admin commands to execute on startup.
#
# This option can also be configured with the `--execute` continuwuity
# argument and can take standard shell commands and environment variables
#
# For example: `./continuwuity --execute "server admin-notice continuwuity
# has started up at $(date)"`
#
# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
#
#admin_execute = []

# Ignore errors in startup commands.
#
# If false, continuwuity will error and fail to start if an admin execute
# command (`--execute` / `admin_execute`) fails.
#
#admin_execute_errors_ignore = false

# List of admin commands to execute on SIGUSR2.
#
# Similar to admin_execute, but these commands are executed when the
# server receives SIGUSR2 on supporting platforms.
#
#admin_signal_execute = []

# Controls the max log level for admin command log captures (logs
# generated from running admin commands). Defaults to "info" on release
# builds, else "debug" on debug builds.
#
#admin_log_capture = "info"

# The default room tag to apply on the admin room.
#
# On some clients like Element, the room tag "m.server_notice" is a
# special pinned room at the very bottom of your room list. The
# continuwuity admin room can be pinned here so you always have an
# easy-to-access shortcut dedicated to your admin room.
#
#admin_room_tag = "m.server_notice"

# Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
# This is NOT enabled by default.
#
#sentry = false

# Sentry reporting URL, if a custom one is desired.
#
#sentry_endpoint = ""

# Report your continuwuity server_name in Sentry.io crash reports and
# metrics.
#
#sentry_send_server_name = false

# Performance monitoring/tracing sample rate for Sentry.io.
#
# Note that too high values may impact performance, and can be disabled by
# setting it to 0.0 (0%) This value is read as a percentage to Sentry,
# represented as a decimal. Defaults to 15% of traces (0.15)
#
#sentry_traces_sample_rate = 0.15

# Whether to attach a stacktrace to Sentry reports.
#
#sentry_attach_stacktrace = false

# Send panics to Sentry. This is true by default, but Sentry has to be
# enabled. The global `sentry` config option must be enabled to send any
# data.
#
#sentry_send_panic = true

# Send errors to sentry. This is true by default, but sentry has to be
# enabled. This option is only effective in release-mode; forced to false
# in debug-mode.
#
#sentry_send_error = true

# Controls the tracing log level for Sentry to send things like
# breadcrumbs and transactions
#
#sentry_filter = "info"

# Enable the tokio-console. This option is only relevant to developers.
#
#	For more information, see:
# https://continuwuity.org/development.html#debugging-with-tokio-console
#
#tokio_console = false

# This item is undocumented. Please contribute documentation for it.
#
#test = false

# Controls whether admin room notices like account registrations, password
# changes, account deactivations, room directory publications, etc will be
# sent to the admin room. Update notices and normal admin command
# responses will still be sent.
#
#admin_room_notices = true

# Enable database pool affinity support. On supporting systems, block
# device queue topologies are detected and the request pool is optimized
# for the hardware; db_pool_workers is determined automatically.
#
#db_pool_affinity = true

# Sets the number of worker threads in the frontend-pool of the database.
# This number should reflect the I/O capabilities of the system,
# such as the queue-depth or the number of simultaneous requests in
# flight. Defaults to 32 or four times the number of CPU cores, whichever
# is greater.
#
# Note: This value is only used if db_pool_affinity is disabled or not
# detected on the system, otherwise it is determined automatically.
#
#db_pool_workers = 32

# When db_pool_affinity is enabled and detected, the size of any worker
# group will not exceed the determined value. This is necessary when
# thread-pooling approach does not scale to the full capabilities of
# high-end hardware; using detected values without limitation could
# degrade performance.
#
# The value is multiplied by the number of cores which share a device
# queue, since group workers can be scheduled on any of those cores.
#
#db_pool_workers_limit = 64

# Determines the size of the queues feeding the database's frontend-pool.
# The size of the queue is determined by multiplying this value with the
# number of pool workers. When this queue is full, tokio tasks conducting
# requests will yield until space is available; this is good for
# flow-control by avoiding buffer-bloat, but can inhibit throughput if
# too low.
#
#db_pool_queue_mult = 4

# Sets the initial value for the concurrency of streams. This value simply
# allows overriding the default in the code. The default is 32, which is
# the same as the default in the code. Note this value is itself
# overridden by the computed stream_width_scale, unless that is disabled;
# this value can serve as a fixed-width instead.
#
#stream_width_default = 32

# Scales the stream width starting from a base value detected for the
# specific system. The base value is the database pool worker count
# determined from the hardware queue size (e.g. 32 for SSD or 64 or 128+
# for NVMe). This float allows scaling the width up or down by multiplying
# it (e.g. 1.5, 2.0, etc). The maximum result can be the size of the pool
# queue (see: db_pool_queue_mult) as any larger value will stall the tokio
# task. The value can also be scaled down (e.g. 0.5)  to improve
# responsiveness for many users at the cost of throughput for each.
#
# Setting this value to 0.0 causes the stream width to be fixed at the
# value of stream_width_default. The default scale is 1.0 to match the
# capabilities detected for the system.
#
#stream_width_scale = 1.0

# Sets the initial amplification factor. This controls batch sizes of
# requests made by each pool worker, multiplying the throughput of each
# stream. This value is somewhat abstract from specific hardware
# characteristics and can be significantly larger than any thread count or
# queue size. This is because each database query may require several
# index lookups, thus many database queries in a batch may make progress
# independently while also sharing index and data blocks which may or may
# not be cached. It is worthwhile to submit huge batches to reduce
# complexity. The maximum value is 32768, though sufficient hardware is
# still advised for that.
#
#stream_amplification = 1024

# Number of sender task workers; determines sender parallelism. Default is
# '0' which means the value is determined internally, likely matching the
# number of tokio worker-threads or number of cores, etc. Override by
# setting a non-zero value.
#
#sender_workers = 0

# Enables listener sockets; can be set to false to disable listening. This
# option is intended for developer/diagnostic purposes only.
#
#listening = true

# Enables configuration reload when the server receives SIGUSR1 on
# supporting platforms.
#
#config_reload_signal = true

[global.tls]

# Path to a valid TLS certificate file.
#
# example: "/path/to/my/certificate.crt"
#
#certs =

# Path to a valid TLS certificate private key.
#
# example: "/path/to/my/certificate.key"
#
#key =

# Whether to listen and allow for HTTP and HTTPS connections (insecure!)
#
#dual_protocol = false

[global.well_known]

# The server URL that the client well-known file will serve. This should
# not contain a port, and should just be a valid HTTPS URL.
#
# example: "https://matrix.example.com"
#
#client =

# The server base domain of the URL with a specific port that the server
# well-known file will serve. This should contain a port at the end, and
# should not be a URL.
#
# example: "matrix.example.com:443"
#
#server =

# URL to a support page for the server, which will be served as part of
# the MSC1929 server support endpoint at /.well-known/matrix/support.
# Will be included alongside any contact information
#
#support_page =

# Role string for server support contacts, to be served as part of the
# MSC1929 server support endpoint at /.well-known/matrix/support.
#
#support_role = "m.role.admin"

# Email address for server support contacts, to be served as part of the
# MSC1929 server support endpoint.
# This will be used along with support_mxid if specified.
#
#support_email =

# Matrix ID for server support contacts, to be served as part of the
# MSC1929 server support endpoint.
# This will be used along with support_email if specified.
#
# If no email or mxid is specified, all of the server's admins will be
# listed.
#
#support_mxid =

[global.blurhashing]

# blurhashing x component, 4 is recommended by https://blurha.sh/
#
#components_x = 4

# blurhashing y component, 3 is recommended by https://blurha.sh/
#
#components_y = 3

# Max raw size that the server will blurhash, this is the size of the
# image after converting it to raw data, it should be higher than the
# upload limit but not too high. The higher it is the higher the
# potential load will be for clients requesting blurhashes. The default
# is 33.55MB. Setting it to 0 disables blurhashing.
#
#blurhash_max_raw_size = 33554432

Debian systemd unit file

Debian systemd unit file 
[Unit]

Description=Continuwuity - Matrix homeserver
Wants=network-online.target
After=network-online.target
Documentation=https://continuwuity.org/
Alias=matrix-conduwuit.service

[Service]
DynamicUser=yes
User=conduwuit
Group=conduwuit
Type=notify

Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"

ExecStart=/usr/sbin/conduwuit

ReadWritePaths=/var/lib/conduwuit /etc/conduwuit

AmbientCapabilities=
CapabilityBoundingSet=

DevicePolicy=closed
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
#ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
PrivateIPC=yes
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service @resources
SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
SystemCallErrorNumber=EPERM
#StateDirectory=conduwuit

RuntimeDirectory=conduwuit
RuntimeDirectoryMode=0750

Restart=on-failure
RestartSec=5

TimeoutStopSec=2m
TimeoutStartSec=2m

StartLimitInterval=1m
StartLimitBurst=5

[Install]
WantedBy=multi-user.target

Arch Linux systemd unit file

Arch Linux systemd unit file 
[Unit]

Description=Continuwuity - Matrix homeserver
Wants=network-online.target
After=network-online.target
Documentation=https://continuwuity.org/
RequiresMountsFor=/var/lib/private/conduwuit
Alias=matrix-conduwuit.service
[Service]
DynamicUser=yes
Type=notify-reload
ReloadSignal=SIGUSR1

TTYPath=/dev/tty25
DeviceAllow=char-tty
StandardInput=tty-force
StandardOutput=tty
StandardError=journal+console
TTYReset=yes
# uncomment to allow buffer to be cleared every restart
TTYVTDisallocate=no

TTYColumns=120
TTYRows=40

AmbientCapabilities=
CapabilityBoundingSet=

DevicePolicy=closed
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
#ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
PrivateIPC=yes
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service @resources
SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
SystemCallErrorNumber=EPERM
StateDirectory=conduwuit

RuntimeDirectory=conduwuit
RuntimeDirectoryMode=0750

Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
BindPaths=/var/lib/private/conduwuit:/var/lib/matrix-conduit
BindPaths=/var/lib/private/conduwuit:/var/lib/private/matrix-conduit

ExecStart=/usr/bin/conduwuit
Restart=on-failure
RestartSec=5

TimeoutStopSec=4m
TimeoutStartSec=4m

StartLimitInterval=1m
StartLimitBurst=5

[Install]
WantedBy=multi-user.target

Deploying

This chapter describes various ways to deploy Continuwuity.

Generic deployment documentation

Getting help

If you run into any problems while setting up Continuwuity, ask us in #continuwuity:continuwuity.org or open an issue on Forgejo.

Installing Continuwuity

Static prebuilt binary

You may simply download the binary that fits your machine architecture (x86_64 or aarch64). Run uname -m to see what you need.

Prebuilt fully static musl binaries can be downloaded from the latest tagged release here or main CI branch workflow artifact output. These also include Debian/Ubuntu packages.

These can be curl'd directly from. ci-bins are CI workflow binaries by commit hash/revision, and releases are tagged releases. Sort by descending last modified for the latest.

These binaries have jemalloc and io_uring statically linked and included with them, so no additional dynamic dependencies need to be installed.

For the best performance; if using an x86_64 CPU made in the last ~15 years, we recommend using the -haswell- optimised binaries. This sets -march=haswell which is the most compatible and highest performance with optimised binaries. The database backend, RocksDB, most benefits from this as it will then use hardware accelerated CRC32 hashing/checksumming which is critical for performance.

Compiling

Alternatively, you may compile the binary yourself. We recommend using Nix (or Lix) to build Continuwuity as this has the most guaranteed reproducibiltiy and easiest to get a build environment and output going. This also allows easy cross-compilation.

You can run the nix build -L .#static-x86_64-linux-musl-all-features or nix build -L .#static-aarch64-linux-musl-all-features commands based on architecture to cross-compile the necessary static binary located at result/bin/conduwuit. This is reproducible with the static binaries produced in our CI.

If wanting to build using standard Rust toolchains, make sure you install:

  • liburing-dev on the compiling machine, and liburing on the target host
  • LLVM and libclang for RocksDB

You can build Continuwuity using cargo build --release --all-features

Adding a Continuwuity user

While Continuwuity can run as any user it is better to use dedicated users for different services. This also allows you to make sure that the file permissions are correctly set up.

In Debian, you can use this command to create a Continuwuity user:

sudo adduser --system continuwuity --group --disabled-login --no-create-home

For distros without adduser (or where it's a symlink to useradd):

sudo useradd -r --shell /usr/bin/nologin --no-create-home continuwuity

Forwarding ports in the firewall or the router

Matrix's default federation port is port 8448, and clients must be using port 443. If you would like to use only port 443, or a different port, you will need to setup delegation. Continuwuity has config options for doing delegation, or you can configure your reverse proxy to manually serve the necessary JSON files to do delegation (see the [global.well_known] config section).

If Continuwuity runs behind a router or in a container and has a different public IP address than the host system these public ports need to be forwarded directly or indirectly to the port mentioned in the config.

Note for NAT users; if you have trouble connecting to your server from the inside of your network, you need to research your router and see if it supports "NAT hairpinning" or "NAT loopback".

If your router does not support this feature, you need to research doing local DNS overrides and force your Matrix DNS records to use your local IP internally. This can be done at the host level using /etc/hosts. If you need this to be on the network level, consider something like NextDNS or Pi-Hole.

Setting up a systemd service

Two example systemd units for Continuwuity can be found on the configuration page. You may need to change the ExecStart= path to where you placed the Continuwuity binary if it is not /usr/bin/conduwuit.

On systems where rsyslog is used alongside journald (i.e. Red Hat-based distros and OpenSUSE), put $EscapeControlCharactersOnReceive off inside /etc/rsyslog.conf to allow color in logs.

If you are using a different database_path other than the systemd unit configured default /var/lib/conduwuit, you need to add your path to the systemd unit's ReadWritePaths=. This can be done by either directly editing conduwuit.service and reloading systemd, or running systemctl edit conduwuit.service and entering the following:

[Service]
ReadWritePaths=/path/to/custom/database/path

Creating the Continuwuity configuration file

Now we need to create the Continuwuity's config file in /etc/continuwuity/continuwuity.toml. The example config can be found at conduwuit-example.toml.

Please take a moment to read the config. You need to change at least the server name.

RocksDB is the only supported database backend.

Setting the correct file permissions

If you are using a dedicated user for Continuwuity, you will need to allow it to read the config. To do that you can run this:

sudo chown -R root:root /etc/conduwuit
sudo chmod -R 755 /etc/conduwuit

If you use the default database path you also need to run this:

sudo mkdir -p /var/lib/conduwuit/
sudo chown -R continuwuity:continuwuity /var/lib/conduwuit/
sudo chmod 700 /var/lib/conduwuit/

Setting up the Reverse Proxy

We recommend Caddy as a reverse proxy, as it is trivial to use, handling TLS certificates, reverse proxy headers, etc transparently with proper defaults. For other software, please refer to their respective documentation or online guides.

Caddy

After installing Caddy via your preferred method, create /etc/caddy/conf.d/conduwuit_caddyfile and enter this (substitute for your server name).

your.server.name, your.server.name:8448 {
    # TCP reverse_proxy
    reverse_proxy 127.0.0.1:6167
    # UNIX socket
    #reverse_proxy unix//run/conduwuit/conduwuit.sock
}

That's it! Just start and enable the service and you're set.

sudo systemctl enable --now caddy

Other Reverse Proxies

As we would prefer our users to use Caddy, we will not provide configuration files for other proxys.

You will need to reverse proxy everything under following routes:

  • /_matrix/ - core Matrix C-S and S-S APIs
  • /_conduwuit/ - ad-hoc Continuwuity routes such as /local_user_count and /server_version

You can optionally reverse proxy the following individual routes:

  • /.well-known/matrix/client and /.well-known/matrix/server if using Continuwuity to perform delegation (see the [global.well_known] config section)
  • /.well-known/matrix/support if using Continuwuity to send the homeserver admin contact and support page (formerly known as MSC1929)
  • / if you would like to see hewwo from conduwuit woof! at the root

See the following spec pages for more details on these files:

Examples of delegation:

For Apache and Nginx there are many examples available online.

Lighttpd is not supported as it seems to mess with the X-Matrix Authorization header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.

If using Apache, you need to use nocanon in your ProxyPass directive to prevent httpd from messing with the X-Matrix header (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).

If using Nginx, you need to give Continuwuity the request URI using $request_uri, or like so:

  • proxy_pass http://127.0.0.1:6167$request_uri;
  • proxy_pass http://127.0.0.1:6167;

Nginx users need to increase client_max_body_size (default is 1M) to match max_request_size defined in conduwuit.toml.

You're done

Now you can start Continuwuity with:

sudo systemctl start conduwuit

Set it to start automatically when your system boots with:

sudo systemctl enable conduwuit

How do I know it works?

You can open a Matrix client, enter your homeserver and try to register.

You can also use these commands as a quick health check (replace your.server.name).

curl https://your.server.name/_conduwuit/server_version

# If using port 8448
curl https://your.server.name:8448/_conduwuit/server_version

# If federation is enabled
curl https://your.server.name:8448/_matrix/federation/v1/version
  • To check if your server can talk with other homeservers, you can use the Matrix Federation Tester. If you can register but cannot join federated rooms check your config again and also check if the port 8448 is open and forwarded correctly.

What's next?

Audio/Video calls

For Audio/Video call functionality see the TURN Guide.

Appservices

If you want to set up an appservice, take a look at the Appservice Guide.

Continuwuity for NixOS

Continuwuity can be acquired by Nix (or Lix) from various places:

  • The flake.nix at the root of the repo
  • The default.nix at the root of the repo
  • From Continuwuity's binary cache

NixOS module

The flake.nix and default.nix do not currently provide a NixOS module (contributions welcome!), so services.matrix-conduit from Nixpkgs can be used to configure Continuwuity.

Conduit NixOS Config Module and SQLite

Beware! The services.matrix-conduit module defaults to SQLite as a database backend. Continuwuity dropped SQLite support in favor of exclusively supporting the much faster RocksDB. Make sure that you are using the RocksDB backend before migrating!

There is a tool to migrate a Conduit SQLite database to RocksDB.

If you want to run the latest code, you should get Continuwuity from the flake.nix or default.nix and set services.matrix-conduit.package appropriately to use Continuwuity instead of Conduit.

UNIX sockets

Due to the lack of a Continuwuity NixOS module, when using the services.matrix-conduit module a workaround like the one below is necessary to use UNIX sockets. This is because the UNIX socket option does not exist in Conduit, and the module forcibly sets the address and port config options.

options.services.matrix-conduit.settings = lib.mkOption {
  apply = old: old // (
    if (old.global ? "unix_socket_path")
    then { global = builtins.removeAttrs old.global [ "address" "port" ]; }
    else {  }
  );
};

Additionally, the matrix-conduit systemd unit in the module does not allow the AF_UNIX socket address family in their systemd unit's RestrictAddressFamilies= which disallows the namespace from accessing or creating UNIX sockets and has to be enabled like so:

systemd.services.conduit.serviceConfig.RestrictAddressFamilies = [ "AF_UNIX" ];

Even though those workarounds are feasible a Continuwuity NixOS configuration module, developed and published by the community, would be appreciated.

jemalloc and hardened profile

Continuwuity uses jemalloc by default. This may interfere with the hardened.nix profile due to them using scudo by default. You must either disable/hide scudo from Continuwuity, or disable jemalloc like so:

let
    conduwuit = pkgs.unstable.conduwuit.override {
      enableJemalloc = false;
    };
in

Continuwuity for Docker

Docker

To run Continuwuity with Docker you can either build the image yourself or pull it from a registry.

Use a registry

OCI images for Continuwuity are available in the registries listed below.

RegistryImageNotes
Forgejo Registryforgejo.ellis.link/continuwuation/continuwuity:latestLatest tagged image.
Forgejo Registryforgejo.ellis.link/continuwuation/continuwuity:mainMain branch image.

Use

docker image pull $LINK

to pull it to your machine.

Run

When you have the image you can simply run it with

docker run -d -p 8448:6167 \
    -v db:/var/lib/continuwuity/ \
    -e CONTINUWUITY_SERVER_NAME="your.server.name" \
    -e CONTINUWUITY_ALLOW_REGISTRATION=false \
    --name continuwuity $LINK

or you can use docker compose.

The -d flag lets the container run in detached mode. You may supply an optional continuwuity.toml config file, the example config can be found here. You can pass in different env vars to change config values on the fly. You can even configure Continuwuity completely by using env vars. For an overview of possible values, please take a look at the docker-compose.yml file.

If you just want to test Continuwuity for a short time, you can use the --rm flag, which will clean up everything related to your container after you stop it.

Docker-compose

If the docker run command is not for you or your setup, you can also use one of the provided docker-compose files.

Depending on your proxy setup, you can use one of the following files;

When picking the traefik-related compose file, rename it so it matches docker-compose.yml, and rename the override file to docker-compose.override.yml. Edit the latter with the values you want for your server.

When picking the caddy-docker-proxy compose file, it's important to first create the caddy network before spinning up the containers:

docker network create caddy

After that, you can rename it so it matches docker-compose.yml and spin up the containers!

Additional info about deploying Continuwuity can be found here.

Build

Official Continuwuity images are built using Docker Buildx and the Dockerfile found at docker/Dockerfile. This approach uses common Docker tooling and enables multi-platform builds efficiently.

The resulting images are broadly compatible with Docker and other container runtimes like Podman or containerd.

The images do not contain a shell. They contain only the Continuwuity binary, required libraries, TLS certificates and metadata. Please refer to the docker/Dockerfile for the specific details of the image composition.

To build an image locally using Docker Buildx, you can typically run a command like:

# Build for the current platform and load into the local Docker daemon
docker buildx build --load --tag continuwuity:latest -f docker/Dockerfile .

# Example: Build for specific platforms and push to a registry.
# docker buildx build --platform linux/amd64,linux/arm64 --tag registry.io/org/continuwuity:latest -f docker/Dockerfile . --push

# Example: Build binary optimized for the current CPU
# docker buildx build --load --tag continuwuity:latest --build-arg TARGET_CPU=native -f docker/Dockerfile .

Refer to the Docker Buildx documentation for more advanced build options.

Run

If you already have built the image or want to use one from the registries, you can just start the container and everything else in the compose file in detached mode with:

docker compose up -d

Note: Don't forget to modify and adjust the compose file to your needs.

Use Traefik as Proxy

As a container user, you probably know about Traefik. It is a easy to use reverse proxy for making containerized app and services available through the web. With the two provided files, docker-compose.for-traefik.yml (or docker-compose.with-traefik.yml) and docker-compose.override.yml, it is equally easy to deploy and use Continuwuity, with a little caveat. If you already took a look at the files, then you should have seen the well-known service, and that is the little caveat. Traefik is simply a proxy and loadbalancer and is not able to serve any kind of content, but for Continuwuity to federate, we need to either expose ports 443 and 8448 or serve two endpoints .well-known/matrix/client and .well-known/matrix/server.

With the service well-known we use a single nginx container that will serve those two files.

Voice communication

See the TURN page.

Continuwuity for Kubernetes

Continuwuity doesn't support horizontal scalability or distributed loading natively, however a community maintained Helm Chart is available here to run conduwuit on Kubernetes: https://gitlab.cronce.io/charts/conduwuit

This should be compatible with continuwuity, but you will need to change the image reference.

Should changes need to be made, please reach out to the maintainer as this is not maintained/controlled by the Continuwuity maintainers.

Continuwuity for Arch Linux

Continuwuity is available on the archlinuxcn repository and AUR, with the same package name continuwuity, which includes latest taggged version. The development version is available on AUR as continuwuity-git

Simply install the continuwuity package. Configure the service in /etc/conduwuit/conduwuit.toml, then enable/start the continuwuity.service.

Continuwuity for Debian

Information about downloading and deploying the Debian package. This may also be referenced for other apt-based distros such as Ubuntu.

Installation

It is recommended to see the generic deployment guide for further information if needed as usage of the Debian package is generally related.

No apt repository is currently offered yet, it is in the works/development.

Configuration

When installed, the example config is placed at /etc/conduwuit/conduwuit.toml as the default config. The config mentions things required to be changed before starting.

You can tweak more detailed settings by uncommenting and setting the config options in /etc/conduwuit/conduwuit.toml.

Running

The package uses the conduwuit.service systemd unit file to start and stop Continuwuity. The binary is installed at /usr/sbin/conduwuit.

This package assumes by default that conduwuit will be placed behind a reverse proxy. The default config options apply (listening on localhost and TCP port 6167). Matrix federation requires a valid domain name and TLS, so you will need to set up TLS certificates and renewal for it to work properly if you intend to federate.

Consult various online documentation and guides on setting up a reverse proxy and TLS. Caddy is documented at the generic deployment guide as it's the easiest and most user friendly.

Continuwuity for FreeBSD

Continuwuity at the moment does not provide FreeBSD builds or have FreeBSD packaging, however Continuwuity does build and work on FreeBSD using the system-provided RocksDB.

Contributions for getting Continuwuity packaged are welcome.

Setting up TURN/STURN

In order to make or receive calls, a TURN server is required. Continuwuity suggests using Coturn for this purpose, which is also available as a Docker image.

Configuration

Create a configuration file called coturn.conf containing:

use-auth-secret
static-auth-secret=<a secret key>
realm=<your server domain>

A common way to generate a suitable alphanumeric secret key is by using pwgen -s 64 1.

These same values need to be set in Continuwuity. See the example config in the TURN section for configuring these and restart Continuwuity after.

turn_secret or a path to turn_secret_file must have a value of your coturn static-auth-secret, or use turn_username and turn_password if using legacy username:password TURN authentication (not preferred).

turn_uris must be the list of TURN URIs you would like to send to the client. Typically you will just replace the example domain example.turn.uri with the realm you set from the example config.

If you are using TURN over TLS, you can replace turn: with turns: in the turn_uris config option to instruct clients to attempt to connect to TURN over TLS. This is highly recommended.

If you need unauthenticated access to the TURN URIs, or some clients may be having trouble, you can enable turn_guest_access in Continuwuity which disables authentication for the TURN URI endpoint /_matrix/client/v3/voip/turnServer

Run

Run the Coturn image using

docker run -d --network=host -v
$(pwd)/coturn.conf:/etc/coturn/turnserver.conf coturn/coturn

or docker-compose. For the latter, paste the following section into a file called docker-compose.yml and run docker compose up -d in the same directory.

version: 3
services:
    turn:
      container_name: coturn-server
      image: docker.io/coturn/coturn
      restart: unless-stopped
      network_mode: "host"
      volumes:
        - ./coturn.conf:/etc/coturn/turnserver.conf

To understand why the host networking mode is used and explore alternative configuration options, please visit Coturn's Docker documentation.

For security recommendations see Synapse's Coturn documentation.

Setting up Appservices

Getting help

If you run into any problems while setting up an Appservice: ask us in #continuwuity:continuwuity.org or open an issue on Forgejo.

Set up the appservice - general instructions

Follow whatever instructions are given by the appservice. This usually includes downloading, changing its config (setting domain, homeserver url, port etc.) and later starting it.

At some point the appservice guide should ask you to add a registration yaml file to the homeserver. In Synapse you would do this by adding the path to the homeserver.yaml, but in Continuwuity you can do this from within Matrix:

First, go into the #admins room of your homeserver. The first person that registered on the homeserver automatically joins it. Then send a message into the room like this:

!admin appservices register
```
paste
the
contents
of
the
yaml
registration
here
```

You can confirm it worked by sending a message like this: !admin appservices list

The server bot should answer with Appservices (1): your-bridge

Then you are done. Continuwuity will send messages to the appservices and the appservice can send requests to the homeserver. You don't need to restart Continuwuity, but if it doesn't work, restarting while the appservice is running could help.

Appservice-specific instructions

Remove an appservice

To remove an appservice go to your admin room and execute

!admin appservices unregister <name>

where <name> one of the output of appservices list.

Maintaining your Continuwuity setup

Moderation

Continuwuity has moderation through admin room commands. "binary commands" (medium priority) and an admin API (low priority) is planned. Some moderation-related config options are available in the example config such as "global ACLs" and blocking media requests to certain servers. See the example config for the moderation config options under the "Moderation / Privacy / Security" section.

Continuwuity has moderation admin commands for:

  • managing room aliases (!admin rooms alias)
  • managing room directory (!admin rooms directory)
  • managing room banning/blocking and user removal (!admin rooms moderation)
  • managing user accounts (!admin users)
  • fetching /.well-known/matrix/support from servers (!admin federation)
  • blocking incoming federation for certain rooms (not the same as room banning) (!admin federation)
  • deleting media (see the media section)

Any commands with -list in them will require a codeblock in the message with each object being newline delimited. An example of doing this is:

!admin rooms moderation ban-list-of-rooms
```
!roomid1:server.name
#badroomalias1:server.name
!roomid2:server.name
!roomid3:server.name
#badroomalias2:server.name
```

Database (RocksDB)

Generally there is very little you need to do. Compaction is ran automatically based on various defined thresholds tuned for Continuwuity to be high performance with the least I/O amplifcation or overhead. Manually running compaction is not recommended, or compaction via a timer, due to creating unnecessary I/O amplification. RocksDB is built with io_uring support via liburing for improved read performance.

RocksDB troubleshooting can be found in the RocksDB section of troubleshooting.

Compression

Some RocksDB settings can be adjusted such as the compression method chosen. See the RocksDB section in the example config.

btrfs users have reported that database compression does not need to be disabled on Continuwuity as the filesystem already does not attempt to compress. This can be validated by using filefrag -v on a .SST file in your database, and ensure the physical_offset matches (no filesystem compression). It is very important to ensure no additional filesystem compression takes place as this can render unbuffered Direct IO inoperable, significantly slowing down read and write performance. See https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility

Compression is done using the COW mechanism so it’s incompatible with nodatacow. Direct IO read works on compressed files but will fall back to buffered writes and leads to no compression even if force compression is set. Currently nodatasum and compression don’t work together.

Files in database

Do not touch any of the files in the database directory. This must be said due to users being mislead by the .log files in the RocksDB directory, thinking they're server logs or database logs, however they are critical RocksDB files related to WAL tracking.

The only safe files that can be deleted are the LOG files (all caps). These are the real RocksDB telemetry/log files, however Continuwuity has already configured to only store up to 3 RocksDB LOG files due to generally being useless for average users unless troubleshooting something low-level. If you would like to store nearly none at all, see the rocksdb_max_log_files config option.

Backups

Currently only RocksDB supports online backups. If you'd like to backup your database online without any downtime, see the !admin server command for the backup commands and the database_backup_path config options in the example config. Please note that the format of the database backup is not the exact same. This is unfortunately a bad design choice by Facebook as we are using the database backup engine API from RocksDB, however the data is still there and can still be joined together.

To restore a backup from an online RocksDB backup:

  • shutdown Continuwuity
  • create a new directory for merging together the data
  • in the online backup created, copy all .sst files in $DATABASE_BACKUP_PATH/shared_checksum to your new directory
  • trim all the strings so instead of ######_sxxxxxxxxx.sst, it reads ######.sst. A way of doing this with sed and bash is for file in *.sst; do mv "$file" "$(echo "$file" | sed 's/_s.*/.sst/')"; done
  • copy all the files in $DATABASE_BACKUP_PATH/1 (or the latest backup number if you have multiple) to your new directory
  • set your database_path config option to your new directory, or replace your old one with the new one you crafted
  • start up Continuwuity again and it should open as normal

If you'd like to do an offline backup, shutdown Continuwuity and copy your database_path directory elsewhere. This can be restored with no modifications needed.

Backing up media is also just copying the media/ directory from your database directory.

Media

Media still needs various work, however Continuwuity implements media deletion via:

  • MXC URI or Event ID (unencrypted and attempts to find the MXC URI in the event)
  • Delete list of MXC URIs
  • Delete remote media in the past N seconds/minutes via filesystem metadata on the file created time (btime) or file modified time (mtime)

See the !admin media command for further information. All media in Continuwuity is stored at $DATABASE_DIR/media. This will be configurable soon.

If you are finding yourself needing extensive granular control over media, we recommend looking into Matrix Media Repo. Continuwuity intends to implement various utilities for media, but MMR is dedicated to extensive media management.

Built-in S3 support is also planned, but for now using a "S3 filesystem" on media/ works. Continuwuity also sends a Cache-Control header of 1 year and immutable for all media requests (download and thumbnail) to reduce unnecessary media requests from browsers, reduce bandwidth usage, and reduce load.

Troubleshooting Continuwuity

Docker users ⚠️

Docker can be difficult to use and debug. It's common for Docker misconfigurations to cause issues, particularly with networking and permissions. Please check that your issues are not due to problems with your Docker setup.

Continuwuity and Matrix issues

Lost access to admin room

You can reinvite yourself to the admin room through the following methods:

  • Use the --execute "users make_user_admin <username>" Continuwuity binary argument once to invite yourslf to the admin room on startup
  • Use the Continuwuity console/CLI to run the users make_user_admin command
  • Or specify the emergency_password config option to allow you to temporarily log into the server account (@conduit) from a web client

General potential issues

Potential DNS issues when using Docker

Docker's DNS setup for containers in a non-default network intercepts queries to enable resolving of container hostnames to IP addresses. However, due to performance issues with Docker's built-in resolver, this can cause DNS queries to take a long time to resolve, resulting in federation issues.

This is particularly common with Docker Compose, as custom networks are easily created and configured.

Symptoms of this include excessively long room joins (30+ minutes) from very long DNS timeouts, log entries of "mismatching responding nameservers", and/or partial or non-functional inbound/outbound federation.

This is not a bug in continuwuity. Docker's default DNS resolver is not suitable for heavy DNS activity, which is normal for federated protocols like Matrix.

Workarounds:

  • Use DNS over TCP via the config option query_over_tcp_only = true
  • Bypass Docker's default DNS setup and instead allow the container to use and communicate with your host's DNS servers. Typically, this can be done by mounting the host's /etc/resolv.conf.

DNS No connections available error message

If you receive spurious amounts of error logs saying "DNS No connections available", this is due to your DNS server (servers from /etc/resolv.conf) being overloaded and unable to handle typical Matrix federation volume. Some users have reported that the upstream servers are rate-limiting them as well when they get this error (e.g. popular upstreams like Google DNS).

Matrix federation is extremely heavy and sends wild amounts of DNS requests. Unfortunately this is by design and has only gotten worse with more server/destination resolution steps. Synapse also expects a very perfect DNS setup.

There are some ways you can reduce the amount of DNS queries, but ultimately the best solution/fix is selfhosting a high quality caching DNS server like Unbound without any upstream resolvers, and without DNSSEC validation enabled.

DNSSEC validation is highly recommended to be disabled due to DNSSEC being very computationally expensive, and is extremely susceptible to denial of service, especially on Matrix. Many servers also strangely have broken DNSSEC setups and will result in non-functional federation.

Continuwuity cannot provide a "works-for-everyone" Unbound DNS setup guide, but the official Unbound tuning guide and the Unbound Arch Linux wiki page may be of interest. Disabling DNSSEC on Unbound is commenting out trust-anchors config options and removing the validator module.

Avoid using systemd-resolved as it does not perform very well under high load, and we have identified its DNS caching to not be very effective.

dnsmasq can possibly work, but it does not support TCP fallback which can be problematic when receiving large DNS responses such as from large SRV records. If you still want to use dnsmasq, make sure you disable dns_tcp_fallback in Continuwuity config.

Raising dns_cache_entries in Continuwuity config from the default can also assist in DNS caching, but a full-fledged external caching resolver is better and more reliable.

If you don't have IPv6 connectivity, changing ip_lookup_strategy to match your setup can help reduce unnecessary AAAA queries (1 - Ipv4Only (Only query for A records, no AAAA/IPv6)).

If your DNS server supports it, some users have reported enabling query_over_tcp_only to force only TCP querying by default has improved DNS reliability at a slight performance cost due to TCP overhead.

RocksDB / database issues

Database corruption

If your database is corrupted and is failing to start (e.g. checksum mismatch), it may be recoverable but careful steps must be taken, and there is no guarantee it may be recoverable.

The first thing that can be done is launching Continuwuity with the rocksdb_repair config option set to true. This will tell RocksDB to attempt to repair itself at launch. If this does not work, disable the option and continue reading.

RocksDB has the following recovery modes:

  • TolerateCorruptedTailRecords
  • AbsoluteConsistency
  • PointInTime
  • SkipAnyCorruptedRecord

By default, Continuwuity uses TolerateCorruptedTailRecords as generally these may be due to bad federation and we can re-fetch the correct data over federation. The RocksDB default is PointInTime which will attempt to restore a "snapshot" of the data when it was last known to be good. This data can be either a few seconds old, or multiple minutes prior. PointInTime may not be suitable for default usage due to clients and servers possibly not being able to handle sudden "backwards time travels", and AbsoluteConsistency may be too strict.

AbsoluteConsistency will fail to start the database if any sign of corruption is detected. SkipAnyCorruptedRecord will skip all forms of corruption unless it forbids the database from opening (e.g. too severe). Usage of SkipAnyCorruptedRecord voids any support as this may cause more damage and/or leave your database in a permanently inconsistent state, but it may do something if PointInTime does not work as a last ditch effort.

With this in mind:

  • First start Continuwuity with the PointInTime recovery method. See the example config for how to do this using rocksdb_recovery_mode
  • If your database successfully opens, clients are recommended to clear their client cache to account for the rollback
  • Leave your Continuwuity running in PointInTime for at least 30-60 minutes so as much possible corruption is restored
  • If all goes will, you should be able to restore back to using TolerateCorruptedTailRecords and you have successfully recovered your database

Debugging

Note that users should not really be debugging things. If you find yourself debugging and find the issue, please let us know and/or how we can fix it. Various debug commands can be found in !admin debug.

Debug/Trace log level

Continuwuity builds without debug or trace log levels at compile time by default for substantial performance gains in CPU usage and improved compile times. If you need to access debug/trace log levels, you will need to build without the release_max_log_level feature or use our provided static debug binaries.

Changing log level dynamically

Continuwuity supports changing the tracing log environment filter on-the-fly using the admin command !admin debug change-log-level <log env filter>. This accepts a string without quotes the same format as the log config option.

Example: !admin debug change-log-level debug

This can also accept complex filters such as: !admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,ruma_state_res=trace !admin debug change-log-level info,conduit_service[{dest="example.com"}]=trace,conduit_service[send{dest="example.org"}]=trace

And to reset the log level to the one that was set at startup / last config load, simply pass the --reset flag.

!admin debug change-log-level --reset

Pinging servers

Continuwuity can ping other servers using !admin debug ping <server>. This takes a server name and goes through the server discovery process and queries /_matrix/federation/v1/version. Errors are outputted.

While it does measure the latency of the request, it is not indicative of server performance on either side as that endpoint is completely unauthenticated and simply fetches a string on a static JSON endpoint. It is very low cost both bandwidth and computationally.

Allocator memory stats

When using jemalloc with jemallocator's stats feature (--enable-stats), you can see Continuwuity's high-level allocator stats by using !admin server memory-usage at the bottom.

If you are a developer, you can also view the raw jemalloc statistics with !admin debug memory-stats. Please note that this output is extremely large which may only be visible in the Continuwuity console CLI due to PDU size limits, and is not easy for non-developers to understand.

Development

Information about developing the project. If you are only interested in using it, you can safely ignore this page. If you plan on contributing, see the contributor's guide.

Continuwuity project layout

Continuwuity uses a collection of sub-crates, packages, or workspace members that indicate what each general area of code is for. All of the workspace members are under src/. The workspace definition is at the top level / root Cargo.toml.

The crate names are generally self-explanatory:

  • admin is the admin room
  • api is the HTTP API, Matrix C-S and S-S endpoints, etc
  • core is core Continuwuity functionality like config loading, error definitions, global utilities, logging infrastructure, etc
  • database is RocksDB methods, helpers, RocksDB config, and general database definitions, utilities, or functions
  • macros are Continuwuity Rust macros like general helper macros, logging and error handling macros, and syn and procedural macros used for admin room commands and others
  • main is the "primary" sub-crate. This is where the main() function lives, tokio worker and async initialisation, Sentry initialisation, clap init, and signal handling. If you are adding new Rust features, they must go here.
  • router is the webserver and request handling bits, using axum, tower, tower-http, hyper, etc, and the global server state to access services.
  • service is the high-level database definitions and functions for data, outbound/sending code, and other business logic such as media fetching.

It is highly unlikely you will ever need to add a new workspace member, but if you truly find yourself needing to, we recommend reaching out to us in the Matrix room for discussions about it beforehand.

The primary inspiration for this design was apart of hot reloadable development, to support "Continuwuity as a library" where specific parts can simply be swapped out. There is evidence Conduit wanted to go this route too as axum is technically an optional feature in Conduit, and can be compiled without the binary or axum library for handling inbound web requests; but it was never completed or worked.

See the Rust documentation on Workspaces for general questions and information on Cargo workspaces.

Adding compile-time features

If you'd like to add a compile-time feature, you must first define it in the main workspace crate located in src/main/Cargo.toml. The feature must enable a feature in the other workspace crate(s) you intend to use it in. Then the said workspace crate(s) must define the feature there in its Cargo.toml.

So, if this is adding a feature to the API such as woof, you define the feature in the api crate's Cargo.toml as woof = []. The feature definition in main's Cargo.toml will be woof = ["conduwuit-api/woof"].

The rationale for this is due to Rust / Cargo not supporting "workspace level features", we must make a choice of; either scattering features all over the workspace crates, making it difficult for anyone to add or remove default features; or define all the features in one central workspace crate that propagate down/up to the other workspace crates. It is a Cargo pitfall, and we'd like to see better developer UX in Rust's Workspaces.

Additionally, the definition of one single place makes "feature collection" in our Nix flake a million times easier instead of collecting and deduping them all from searching in all the workspace crates' Cargo.tomls. Though we wouldn't need to do this if Rust supported workspace-level features to begin with.

List of forked dependencies

During Continuwuity development, we have had to fork some dependencies to support our use-cases in some areas. This ranges from things said upstream project won't accept for any reason, faster-paced development (unresponsive or slow upstream), Continuwuity-specific usecases, or lack of time to upstream some things.

Debugging with tokio-console

tokio-console can be a useful tool for debugging and profiling. To make a tokio-console-enabled build of Continuwuity, enable the tokio_console feature, disable the default release_max_log_level feature, and set the --cfg tokio_unstable flag to enable experimental tokio APIs. A build might look like this:

RUSTFLAGS="--cfg tokio_unstable" cargo +nightly build \
    --release \
    --no-default-features \
    --features=systemd,element_hacks,gzip_compression,brotli_compression,zstd_compression,tokio_console

You will also need to enable the tokio_console config option in Continuwuity when starting it. This was due to tokio-console causing gradual memory leak/usage if left enabled.

Contributing guide

This page is for about contributing to Continuwuity. The development page may be of interest for you as well.

If you would like to work on an issue that is not assigned, preferably ask in the Matrix room first at #continuwuity:continuwuity.org, and comment on it.

Linting and Formatting

It is mandatory all your changes satisfy the lints (clippy, rustc, rustdoc, etc) and your code is formatted via the nightly cargo fmt. A lot of the rustfmt.toml features depend on nightly toolchain. It would be ideal if they weren't nightly-exclusive features, but they currently still are. CI's rustfmt uses nightly.

If you need to allow a lint, please make sure it's either obvious as to why (e.g. clippy saying redundant clone but it's actually required) or it has a comment saying why. Do not write inefficient code for the sake of satisfying lints. If a lint is wrong and provides a more inefficient solution or suggestion, allow the lint and mention that in a comment.

Running CI tests locally

continuwuity's CI for tests, linting, formatting, audit, etc use engage. engage can be installed from nixpkgs or cargo install engage. continuwuity's Nix flake devshell has the nixpkgs engage with direnv. Use engage --help for more usage details.

To test, format, lint, etc that CI would do, install engage, allow the .envrc file using direnv allow, and run engage.

All of the tasks are defined at the engage.toml file. You can view all of them neatly by running engage list

If you would like to run only a specific engage task group, use just:

  • engage just <group>
  • Example: engage just lints

If you would like to run a specific engage task in a specific group, use just <GROUP> [TASK]: engage just lints cargo-fmt

The following binaries are used in engage.toml:

Matrix tests

CI runs Complement, but currently does not fail if results from the checked-in results differ with the new results. If your changes are done to fix Matrix tests, note that in your pull request. If more Complement tests start failing from your changes, please review the logs (they are uploaded as artifacts) and determine if they're intended or not.

If you'd like to run Complement locally using Nix, see the testing page.

Sytest support will come soon.

Writing documentation

Continuwuity's website uses mdbook and deployed via CI using GitHub Pages in the documentation.yml workflow file with Nix's mdbook in the devshell. All documentation is in the docs/ directory at the top level. The compiled mdbook website is also uploaded as an artifact.

To build the documentation using Nix, run: bin/nix-build-and-cache just .#book

The output of the mdbook generation is in result/. mdbooks can be opened in your browser from the individual HTML files without any web server needed.

Inclusivity and Diversity

All MUST code and write with inclusivity and diversity in mind. See the following page by Google on writing inclusive code and documentation.

This EXPLICITLY forbids usage of terms like "blacklist"/"whitelist" and "master"/"slave", forbids gender-specific words and phrases, forbids ableist language like "sanity-check", "cripple", or "insane", and forbids culture-specific language (e.g. US-only holidays or cultures).

No exceptions are allowed. Dependencies that may use these terms are allowed but do not replicate the name in your functions or variables.

In addition to language, write and code with the user experience in mind. This is software that intends to be used by everyone, so make it easy and comfortable for everyone to use. 🏳️‍⚧️

Variable, comment, function, etc standards

Rust's default style and standards with regards to function names, variable names, comments, etc applies here.

Creating pull requests

Please try to keep contributions to the Forgejo Instance. While the mirrors of continuwuity allow for pull/merge requests, there is no guarantee the maintainers will see them in a timely manner. Additionally, please mark WIP or unfinished or incomplete PRs as drafts. This prevents us from having to ping once in a while to double check the status of it, especially when the CI completed successfully and everything so it looks done.

Direct all PRs/MRs to the main branch.

By sending a pull request or patch, you are agreeing that your changes are allowed to be licenced under the Apache-2.0 licence and all of your conduct is in line with the Contributor's Covenant, and continuwuity's Code of Conduct.

Contribution by users who violate either of these code of conducts will not have their contributions accepted. This includes users who have been banned from continuwuityMatrix rooms for Code of Conduct violations.

Testing

Complement

Have a look at Complement's repository for an explanation of what it is.

To test against Complement, with Nix (or Lix and direnv installed and set up (run direnv allow after setting up the hook), you can:

  • Run ./bin/complement "$COMPLEMENT_SRC" to build a Complement image, run the tests, and output the logs and results to the specified paths. This will also output the OCI image at result
  • Run nix build .#complement from the root of the repository to just build a Complement OCI image outputted to result (it's a .tar.gz file)
  • Or download the latest Complement OCI image from the CI workflow artifacts output from the commit/revision you want to test (e.g. from main) here

If you want to use your own prebuilt OCI image (such as from our CI) without needing Nix installed, put the image at complement_oci_image.tar.gz in the root of the repo and run the script.

If you're on macOS and need to build an image, run nix build .#linux-complement.

We have a Complement fork as some tests have needed to be fixed. This can be found at: https://forgejo.ellis.link/continuwuation/complement

Hot Reloading ("Live" Development)

Note that hot reloading has not been refactored in quite a while and is not guaranteed to work at this time.

Summary

When developing in debug-builds with the nightly toolchain, Continuwuity is modular using dynamic libraries and various parts of the application are hot-reloadable while the server is running: http api handlers, admin commands, services, database, etc. These are all split up into individual workspace crates as seen in the src/ directory. Changes to sourcecode in a crate rebuild that crate and subsequent crates depending on it. Reloading then occurs for the changed crates.

Release builds still produce static binaries which are unaffected. Rust's soundness guarantees are in full force. Thus you cannot hot-reload release binaries.

Requirements

Currently, this development setup only works on x86_64 and aarch64 Linux glibc. musl explicitly does not support hot reloadable libraries, and does not implement dlclose. macOS does not fully support our usage of RTLD_GLOBAL possibly due to some thread-local issues. This Rust issue may be of relevance, specifically this comment. It may be possible to get it working on only very modern macOS versions such as at least Sonoma, as currently loading dylibs is supported, but not unloading them in our setup, and the cited comment mentions an Apple WWDC confirming there have been TLS changes to somewhat make this possible.

As mentioned above this requires the nightly toolchain. This is due to reliance on various Cargo.toml features that are only available on nightly, most specifically RUSTFLAGS in Cargo.toml. Some of the implementation could also be simpler based on other various nightly features. We hope lots of nightly features start making it out of nightly sooner as there have been dozens of very helpful features that have been stuck in nightly ("unstable") for at least 5+ years that would make this simpler. We encourage greater community consensus to move these features into stability.

This currently only works on x86_64/aarch64 Linux with a glibc C library. musl C library, macOS, and likely other host architectures are not supported (if other architectures work, feel free to let us know and/or make a PR updating this). This should work on GNU ld and lld (rust-lld) and gcc/clang, however if you happen to have linker issues it's recommended to try using mold or gold linkers, and please let us know in the Continuwuity Matrix room the linker error and what linker solved this issue so we can figure out a solution. Ideally there should be minimal friction to using this, and in the future a build script (build.rs) may be suitable to making this easier to use if the capabilities allow us.

Usage

As of 19 May 2024, the instructions for using this are:

  1. Have patience. Don't hesitate to join the Continuwuity Matrix room to receive help using this. As indicated by the various rustflags used and some of the interesting issues linked at the bottom, this is definitely not something the Rust ecosystem or toolchain is used to doing.

  2. Install the nightly toolchain using rustup. You may need to use rustup override set nightly in your local Continuwuity directory, or use cargo +nightly for all actions.

  3. Uncomment cargo-features at the top level / root Cargo.toml

  4. Scroll down to the # Developer profile section and uncomment ALL the rustflags for each dev profile and their respective packages.

  5. In each workspace crate's Cargo.toml (everything under src/* AND deps/rust-rocksdb/Cargo.toml), uncomment the dylib crate type under [lib].

  6. Due to this rpath issue, you must export the LD_LIBRARY_PATH environment variable to your nightly Rust toolchain library directory. If using rustup (hopefully), use this: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/

  7. Start the server. You can use cargo +nightly run for this along with the standard.

  8. Make some changes where you need to.

  9. In a separate terminal window in the same directory (or using a terminal multiplexer like tmux), run the build Cargo command cargo +nightly build. Cargo should only rebuild what was changed / what's necessary, so it should not be rebuilding all the crates.

  10. In your Continuwuity server terminal, hit/send CTRL+C signal. This will tell Continuwuity to find which libraries need to be reloaded, and reloads them as necessary.

  11. If there were no errors, it will tell you it successfully reloaded # modules, and your changes should now be visible. Repeat 7 - 9 as needed.

To shutdown Continuwuity in this setup, hit/send CTRL+\. Normal builds still shutdown with CTRL+C as usual.

Steps 1 - 5 are the initial first-time steps for using this. To remove the hot reload setup, revert/comment all the Cargo.toml changes.

As mentioned in the requirements section, if you happen to have some linker issues, try using the -fuse-ld= rustflag and specify mold or gold in all the rustflags definitions in the top level Cargo.toml, and please let us know in the Continuwuity Matrix room the problem. mold can be installed typically through your distro, and gold is provided by the binutils package.

It's possible a helper script can be made to do all of this, or most preferably a specially made build script (build.rs). cargo watch support will be implemented soon which will eliminate the need to manually run cargo build all together.

Addendum

Conduit was inherited as a single crate without modularity or reloading in its design. Reasonable partitioning and abstraction allowed a split into several crates, though many circular dependencies had to be corrected. The resulting crates now form a directed graph as depicted in figures below. The interfacing between these crates is still extremely broad which is not mitigable.

Initially hot_lib_reload was investigated but found appropriate for a project designed with modularity through limited interfaces, not a large and complex existing codebase. Instead a bespoke solution built directly on libloading satisfied our constraints. This required relatively minimal modifications and zero maintenance burden compared to what would be required otherwise. The technical difference lies with relocation processing: we leverage global bindings (RTLD_GLOBAL) in a very intentional way. Most libraries and off-the-shelf module systems (such as hot_lib_reload) restrict themselves to local bindings (RTLD_LOCAL). This allows them to release software to multiple platforms with much greater consistency, but at the cost of burdening applications to explicitly manage these bindings. In our case with an optional feature for developers, we shrug any such requirement to enjoy the cost/benefit on platforms where global relocations are properly cooperative.

To make use of RTLD_GLOBAL the application has to be oriented as a directed acyclic graph. The primary rule is simple and illustrated in the figure below: no crate is allowed to call a function or use a variable from a crate below it.

Continuwuity's dynamic library setup diagram - created by Jason Volk

When a symbol is referenced between crates they become bound: crates cannot be unloaded until their calling crates are first unloaded. Thus we start the reloading process from the crate which has no callers. There is a small problem though: the first crate is called by the base executable itself! This is solved by using an RTLD_LOCAL binding for just one link between the main executable and the first crate, freeing the executable from all modules as no global binding ever occurs between them.

Continuwuity's reload and load order diagram - created by Jason Volk

Proper resource management is essential for reliable reloading to occur. This is a very basic ask in RAII-idiomatic Rust and the exposure to reloading hazards is remarkably low, generally stemming from poor patterns and practices. Unfortunately static analysis doesn't enforce reload-safety programmatically (though it could one day), for now hazards can be avoided by knowing a few basic do's and dont's:

  1. Understand that code is memory. Just like one is forbidden from referencing free'd memory, one must not transfer control to free'd code. Exposure to this is primarily from two things:

    • Callbacks, which this project makes very little use of.
    • Async tasks, which are addressed below.

  2. Tie all resources to a scope or object lifetime with greatest possible symmetry (locality). For our purposes this applies to code resources, which means async blocks and tokio tasks.

    • Never spawn a task without receiving and storing its JoinHandle.
    • Always wait on join handles before leaving a scope or in another cleanup function called by an owning scope.

  3. Know any minor specific quirks documented in code or here:

    • Don't use tokio::spawn, instead use our Handle in core/server.rs, which is reachable in most of the codebase via services() or other state. This is due to some bugs or assumptions made in tokio, as it happens in unsafe {} blocks, which are mitigated by circumventing some thread-local variables. Using runtime handles is good practice in any case.

The initial implementation PR is available here.

Continuwuity Community Guidelines

Welcome to the Continuwuity commuwunity! We're excited to have you here. Continuwuity is a continuation of the conduwuit homeserver, which in turn is a hard-fork of the Conduit homeserver, aimed at making Matrix more accessible and inclusive for everyone.

This space is dedicated to fostering a positive, supportive, and welcoming environment for everyone. These guidelines apply to all Continuwuity spaces, including our Matrix rooms and any other community channels that reference them. We've written these guidelines to help us all create an environment where everyone feels safe and respected.

For code and contribution guidelines, please refer to the Contributor's Covenant. Below are additional guidelines specific to the Continuwuity community.

Our Values and Expected Behaviors

We strive to create a community based on mutual respect, collaboration, and inclusivity. We expect all members to:

  1. Be Respectful and Inclusive: Treat everyone with respect. We're committed to a community where everyone feels safe, regardless of background, identity, or experience. Discrimination, harassment, or hate speech won't be tolerated. Remember that each person experiences the world differently; share your own perspective and be open to learning about others'.

  2. Be Positive and Constructive: Engage in discussions constructively and support each other. If you feel angry or frustrated, take a break before participating. Approach disagreements with the goal of understanding, not winning. Focus on the issue, not the person.

  3. Communicate Clearly and Kindly: Our community includes neurodivergent individuals and those who may not appreciate sarcasm or subtlety. Communicate clearly and kindly. Avoid ambiguity and ensure your messages can be easily understood by all. Avoid placing the burden of education on marginalized groups; please make an effort to look into your questions before asking others for detailed explanations.

  4. Be Open to Improving Inclusivity: Actively participate in making our community more inclusive. Report behaviour that contradicts these guidelines (see Reporting and Enforcement below) and be open to constructive feedback aimed at improving our community. Understand that discussing negative experiences can be emotionally taxing; focus on the message, not the tone.

  5. Commit to Our Values: Building an inclusive community requires ongoing effort from everyone. Recognise that addressing bias and discrimination is a continuous process that needs commitment and action from all members.

Unacceptable Behaviors

To ensure everyone feels safe and welcome, the following behaviors are considered unacceptable within the Continuwuity community:

  • Harassment and Discrimination: Avoid offensive comments related to background, family status, gender, gender identity or expression, marital status, sex, sexual orientation, native language, age, ability, race and/or ethnicity, caste, national origin, socioeconomic status, religion, geographic location, or any other dimension of diversity. Don't deliberately misgender someone or question the legitimacy of their gender identity.

  • Violence and Threats: Do not engage in any form of violence or threats, including inciting violence towards anyone or encouraging self-harm. Posting or threatening to post someone else's personally identifying information ("doxxing") is also forbidden.

  • Personal Attacks: Disagreements happen, but they should never turn into personal attacks. Don't insult, demean, or belittle others.

  • Unwelcome Attention or Contact: Avoid unwelcome sexual attention, inappropriate physical contact (or simulation thereof), sexualized comments, jokes, or imagery.

  • Disruption: Do not engage in sustained disruption of discussions, events, or other community activities.

  • Bad Faith Actions: Do not intentionally make false reports or otherwise abuse the reporting process.

This is not an exhaustive list. Any behaviour that makes others feel unsafe or unwelcome may be subject to enforcement action.

Matrix Community

These Community Guidelines apply to the entire Continuwuity Matrix Space and its rooms, including:

#continuwuity:continuwuity.org

This room is for support and discussions about Continuwuity. Ask questions, share insights, and help each other out while adhering to these guidelines.

We ask that this room remain focused on the Continuwuity software specifically: the team are typically happy to engage in conversations about related subjects in the off-topic room.

#offtopic:continuwuity.org

For off-topic community conversations about any subject. While this room allows for a wide range of topics, the same guidelines apply. Please keep discussions respectful and inclusive, and avoid divisive or stressful subjects like specific country/world politics unless handled with exceptional care and respect for diverse viewpoints.

General topics, such as world events, are welcome as long as they follow the guidelines. If a member of the team asks for the conversation to end, please respect their decision.

#dev:continuwuity.org

This room is dedicated to discussing active development of Continuwuity, including ongoing issues or code development. Collaboration here must follow these guidelines, and please consider raising an issue on the repository to help track progress.

Reporting and Enforcement

We take these Community Guidelines seriously to protect our community members. If you witness or experience unacceptable behaviour, or have any other concerns, please report it.

How to Report:

  • Alert Moderators in the Room: If you feel comfortable doing so, you can address the issue publicly in the relevant room by mentioning the moderation bot, @rock:continuwuity.org, which will immediately alert all available moderators.
  • Direct Message: If you're not comfortable raising the issue publicly, please send a direct message (DM) to one of the room moderators.

Reports will be handled with discretion. We will investigate promptly and thoroughly.

Enforcement Actions:

Anyone asked to stop unacceptable behaviour is expected to comply immediately. Failure to do so, or engaging in prohibited behaviour, may result in enforcement action. Moderators may take actions they deem appropriate, including but not limited to:

  1. Warning: A direct message or public warning identifying the violation and requesting corrective action.
  2. Temporary Mute: Temporary restriction from participating in discussions for a specified period.
  3. Kick or Ban: Removal from a room (kick) or the entire community space (ban). Egregious or repeated violations may result in an immediate ban. Bans are typically permanent and reviewed only in exceptional circumstances.

Retaliation against those who report concerns in good faith will not be tolerated and will be subject to the same enforcement actions.

Together, let's build and maintain a community where everyone feels valued, safe, and respected.

— The Continuwuity Moderation Team

Security Policy for Continuwuity

This document outlines the security policy for Continuwuity. Our goal is to maintain a secure platform for all users, and we take security matters seriously.

Supported Versions

We provide security updates for the following versions of Continuwuity:

VersionSupported
Latest release
Main branch
Older releases

We may backport fixes to the previous release at our discretion, but we don't guarantee this.

Reporting a Vulnerability

Responsible Disclosure

We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:

  1. Contact members of the team directly over E2EE private message.
  2. Email the security team at [email protected]. This is not E2EE, so don't include sensitive details.
  3. Do not disclose the vulnerability publicly until it has been addressed
  4. Provide detailed information about the vulnerability, including:
    • A clear description of the issue
    • Steps to reproduce
    • Potential impact
    • Any possible mitigations
    • Version(s) affected, including specific commits if possible

If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.

What to Expect

When you report a security vulnerability:

  1. Acknowledgment: We will acknowledge receipt of your report.
  2. Assessment: We will assess the vulnerability and determine its impact on our users
  3. Updates: We will provide updates on our progress in addressing the vulnerability, and may request you help test mitigations
  4. Resolution: Once resolved, we will notify you and discuss coordinated disclosure
  5. Credit: We will recognize your contribution (unless you prefer to remain anonymous)

Security Update Process

When security vulnerabilities are identified:

  1. We will develop and test fixes in a private fork
  2. Security updates will be released as soon as possible
  3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
  4. Critical security updates may be backported to the previous stable release

Additional Resources

This security policy was last updated on May 25, 2025.