diff --git a/.config/deny.toml b/.cargo/deny.toml
similarity index 100%
rename from .config/deny.toml
rename to .cargo/deny.toml
diff --git a/.config/rustfmt.toml b/.cargo/rustfmt.toml
similarity index 100%
rename from .config/rustfmt.toml
rename to .cargo/rustfmt.toml
diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
index 957f6fdb2f..56de9aa3c0 100644
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -37,12 +37,15 @@ runs:
     - name: Setup rust (stable)
       if: ${{ contains(inputs.dependencies, 'rust') && !contains(inputs.dependencies, 'rust-nightly') }}
       uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1
+      with:
+        rustflags: ""
     - name: Setup rust (nightly)
       if: ${{ contains(inputs.dependencies, 'rust-nightly') }}
       uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1
       with:
         toolchain: nightly
         components: rustfmt
+        rustflags: ""
     - name: Setup rust dependencies
       if: ${{ contains(inputs.dependencies, 'rust') }}
       uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index 1c2ff1bf65..473d793386 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -16,7 +16,6 @@ env:
   POSTGRES_DB: authentik
   POSTGRES_USER: authentik
   POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
-  RUSTFLAGS: "-Dwarnings"
 
 permissions:
   # Needed for checkout
diff --git a/CODEOWNERS b/CODEOWNERS
index ffb2bffde4..b30e702902 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -16,7 +16,7 @@ Cargo.toml                              @goauthentik/backend
 Cargo.lock                              @goauthentik/backend
 go.mod                                  @goauthentik/backend
 go.sum                                  @goauthentik/backend
-.config/                                @goauthentik/backend
+.cargo/                                 @goauthentik/backend
 rust-toolchain.toml                     @goauthentik/backend
 # Infrastructure
 .github/                                @goauthentik/infrastructure
diff --git a/Makefile b/Makefile
index 769bfc7226..bceb5ed42a 100644
--- a/Makefile
+++ b/Makefile
@@ -84,7 +84,7 @@ test: ## Run the server tests and produce a coverage report (locally)
 lint-fix:  ## Lint and automatically fix errors in the python source code. Reports spelling errors.
 	$(UV) run black $(PY_SOURCES)
 	$(UV) run ruff check --fix $(PY_SOURCES)
-	$(CARGO) +nightly fmt --all -- --config-path .config/rustfmt.toml
+	$(CARGO) +nightly fmt --all -- --config-path .cargo/rustfmt.toml
 
 lint-spellcheck:  ## Reports spelling errors.
 	npm run lint:spellcheck
@@ -359,16 +359,16 @@ ci-lint-pending-migrations: ci--meta-debug
 	$(UV) run ak makemigrations --check
 
 ci-lint-cargo-deny: ci--meta-debug
-	$(CARGO) deny --locked --workspace check --config .config/deny.toml
+	$(CARGO) deny --locked --workspace check --config .cargo/deny.toml
 
 ci-lint-cargo-machete: ci--meta-debug
 	$(CARGO) machete
 
 ci-lint-rustfmt: ci--meta-debug
-	$(CARGO) +nightly fmt --all --check -- --config-path .config/rustfmt.toml
+	$(CARGO) +nightly fmt --all --check -- --config-path .cargo/rustfmt.toml
 
 ci-lint-clippy: ci--meta-debug
-	$(CARGO) clippy -- -D warnings
+	$(CARGO) clippy --workspace -- -D warnings
 
 ci-test: ci--meta-debug
 	$(UV) run coverage run manage.py test --keepdb authentik