studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
6,176 Commits 2 Branches 0 Tags
cf21ffc45247bc15d44ec023d41cb2cf597f2130
Commit Graph

6176 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sienna Meridian Satterwhite
cf21ffc452 Add production Dockerfile for container builds
Some checks failed
Main / Init (push) Has been cancelled
Details
Main / Lint (push) Has been cancelled
Details
Main / Test (push) Has been cancelled
Details
Main / OpenSearch (push) Has been cancelled
Details
Main / Package (push) Has been cancelled
Details
Main / Publish (push) Has been cancelled
Details 
Multi-stage build using rust:slim-bookworm with io_uring support.
Built by buildkitd on the x86_64 server — no cross-compilation needed.
 2026-03-10 18:48:44 +00:00
Sienna Meridian Satterwhite
c9cddc80d9 Add OpenSearch search backend with hybrid neural+BM25 support 
Extract a SearchBackend trait from the existing RocksDB search code and
add an OpenSearch implementation supporting cross-room search, relevance
ranking, fuzzy matching, English stemming, and optional hybrid
neural+BM25 semantic search using sentence-transformers.

Fix macOS build by gating RLIMIT_NPROC and getrusage to supported
platforms.
 2026-03-08 17:41:20 +00:00
Jason Volk
9d47ffff05 Bump 1.5.1
Some checks failed
Main / Init (push) Has been cancelled
Details
Main / Lint (push) Has been cancelled
Details
Main / Test (push) Has been cancelled
Details
Main / Package (push) Has been cancelled
Details
Main / Publish (push) Has been cancelled
Details 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 11:20:50 +00:00
Jason Volk
2bbf773390 Fix typo. (#352) 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 09:49:58 +00:00
Jason Volk
ea8961a50d Merge remote-tracking branch 'alametti/base-domain-well-known-docs' 2026-03-07 05:33:15 +00:00
Ava Pek
9a830c9bfc Update MatrixRTC reverse proxy instructions 
The `get_token` route needs to be included as well, see:
- https://www.exodrifter.space/entries/20260221100913
- https://continuwuity.org/calls/livekit#4-configure-your-reverse-proxy
 2026-03-07 05:06:19 +00:00
Ava Pek
eb2e0d2d9f Replace ; with : in docker docs 
Fixes #338
 2026-03-07 05:06:13 +00:00
Jason Volk
3127eca67c Add conditional UIAA flows for SSO and password. (#314) 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 04:43:18 +00:00
Jason Volk
449b80de1d Skip reserving capacity in fetch_auth_chain helper containers for now. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 03:39:13 +00:00
dasha_uwu
74a8fb7ed4 New way to configure livekit 2026-03-07 03:18:41 +00:00
dasha_uwu
fbbea7ae1d Refactor Event.redacts_id to look at room version rules, use it 2026-03-07 03:18:41 +00:00
dasha_uwu
9246636b87 Set default value for encryption_enabled_by_default_for_room_type 2026-03-07 03:18:41 +00:00
Jason Volk
88bec526cb Reduce debuginfo to limited for dependencies in dbg profile. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 03:18:41 +00:00
Jason Volk
4b03feef85 Handle prev_events without interruption by sibling failure. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 03:18:41 +00:00
Jason Volk
3fa22ea9d9 Ensure limits for prev and auth events are respected. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 00:49:34 +00:00
Jason Volk
513c1184fe Adjust federation send handler sans applying topological sort. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-07 00:49:34 +00:00
Jason Volk
0ecdb86aca Prevent duplicate fetches; optimize conflicted-subgraph. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-06 05:50:51 +00:00
Jason Volk
9a2000744c Skip sentinel password migration when no SSO IdP configured. (59791db213) (#313) 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-06 05:50:51 +00:00
André Lametti
505b331534 Docs: add example for root domain delegation 
- Change link in README to internal documentation link; original more
  detailed link is preserved in documentation page as a reference.
- Add Caddy example.

TODO:
- [x] Add example for Caddy
- [ ] Add example for Traefik
 2026-03-04 16:06:02 -05:00
André Lametti
b81ef81a70 Docs: add example for root domain delegation 
Although the procedure is documented in the example configuration file,
whether it is possible to use the root domain as the server name of a
tuwunel instance hosted on a subdomain, and a practical example of doing
so, is often requested in the unofficial support matrix room.

TODO:
- [ ] Add example for Caddy
- [ ] Add example for Traefik
 2026-03-04 16:06:01 -05:00
Jason Volk
b20ad8a622 Add config to inhibit account registration for SSO provider. 
Add config option to inhibit random fallback ID's for SSO registration.

Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 19:56:51 +00:00
Jason Volk
93aee26e11 Add option for trusted providers to associate with existing accounts. (fixes #252) 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 19:56:51 +00:00
Jason Volk
b423e1c5e6 Add users util to check if account has a password. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 19:56:51 +00:00
Jason Volk
0420f527c5 Add oauth util to check for existence of session by user_id. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 19:56:51 +00:00
André Lametti
0ee71890ed Add missing docs index entry for podman 2026-03-04 10:58:12 -05:00
André Lametti
a023ca3771 Fix typo in quote order 2026-03-04 09:28:13 -05:00
André Lametti
dfcf157b59 Declare tuwunel upstream in single block 
This is essentially a variable so it is more clear to use an `upstream`
declaration in case the IP or port changes.
 2026-03-04 08:57:14 -05:00
Jason Volk
902a86b581 Bump aws-lc-rs. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 07:58:11 +00:00
Jason Volk
ab1cbbc8ab Skip already-accepted events from inclusion in recursive evals. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 07:58:11 +00:00
Jason Volk
6d39c40a8a Disable compression for random-small-cache type. 
Increase auth_chain persistent index block size.

Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 07:58:11 +00:00
Jason Volk
ff3ccc77aa List a sentinel value for encryption_enabled_by_default to avoid confusion. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 07:54:54 +00:00
Jason Volk
8c8cc6d91e Move inner auth_chan eval into closure. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 01:42:21 +00:00
Jason Volk
2b2c14513f Constrain size of FuturesUnordered for conflicted-subgraph. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-04 01:42:21 +00:00
Jason Volk
6d6c5a3a9b Optimize conflicted-subgraph with single state container. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 14:52:39 +00:00
Jason Volk
7d5ed3f002 Optimize inlining of math checked!() and expected!() predicates. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 14:31:46 +00:00
Jason Volk
59791db213 Add db migration and further origin-overwrite rectifications. (6bed0d38f) (#313) 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:44 +00:00
Jason Volk
d00cfcb85a Merge remote-tracking branch 'hatomist/fix/sso-origin-overwrite' 2026-03-03 06:12:26 +00:00
June Strawberry
5a55f84104 add rpm/sysusers, temporarily fix rpm/postinst 
Signed-off-by: June Strawberry <june@vern.cc>
 2026-03-03 06:12:09 +00:00
Jason Volk
9e75453303 Add TaskMonitor interval metrics w/ admin command. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
bf8ae48ec2 Tweak default malloc conf. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
39cf124813 Refactor conflicted_subgraph into stream::unfold() pattern. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
9fb6594975 Fix db pool worker debug busy-counter from underflowing. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
63b0014f8f Split topological_sort; semi try_unfold refactor. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
357a5b7a74 Stub database stream size_hint(); use proper accessor methods for cursor state. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
d959dd740f Optimize get_shared_rooms()/intersection_sorted_stream2() for tighter loops. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
e9ca105d79 Use assert_eq to print values on test failures. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
254b53adf4 Split auth_chain shortid and eventid gathering callstacks. 
Optimize event parse for auth_chain auth_events fetch.

Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
42570a5a7c Optimize sequential auth_chain chasing in power_sort. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
9ede830ffe Move state_res from tuwunel_core to tuwunel_service. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00
Jason Volk
6a550baf5f Add generic timeline.get_pdu suite to deserialize into other structs. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-03-03 06:12:09 +00:00