Merge remote-tracking branch 'upstream/master' into fix

před 1 rokem · 7cd525b513
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,18 @@
 # 2025-01-19
 ## Conduwuit support
 Thanks to [Virkkunen](https://github.com/Virkkunen), we now have optional experimental [Conduwuit](https://conduwuit.puppyirl.gay/) homeserver support for new installations.
 Conduwuit is a fork of [Conduit](./docs/configuring-playbook-conduit.md), which the playbook also supports. See [Differences from upstream Conduit](https://conduwuit.puppyirl.gay/differences.html).
 Existing installations do **not** need to be updated. **Synapse is still the default homeserver implementation** installed by the playbook.
 To try out Conduwuit, we recommend that you **use a new server**. Refer to our [Configuring Conduwuit](./docs/configuring-playbook-conduwuit.md) guide for details.
 **The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse/Conduit/Dendrite to Conduwuit) without data loss.
 # 2025-01-14
 ## (Backward Compatibility Break) Synapse v1.122.0 requires Postgres v13
--- a/README.md
+++ b/README.md
@@ -52,6 +52,7 @@ The homeserver is the backbone of your Matrix system. Choose one from the follow
 | ---- | -------- | ----------- | ------------- |
 | [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
 | [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
 | [Conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) |
 | [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |
 ### Clients
--- a/docs/configuring-playbook-conduit.md
+++ b/docs/configuring-playbook-conduit.md
@@ -6,6 +6,8 @@ See the project's [documentation](https://docs.conduit.rs/) to learn what it doe
 By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.
 💡 **Note**: The playbook also supports installing a (currently) faster-moving Conduit fork called [Conduwuit](./configuring-playbook-conduwuit.md).
 ⚠️ **Warnings**:
 - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
@@ -48,9 +50,9 @@ Since it is difficult to create the first user account on Conduit (see [famedly/
 ## Configuring bridges / appservices
 Automatic appservice setup is currently unsupported when using Conduit. After setting up the service as usual you may notice that it is unable to start.
 For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver.
 You will have to manually register appservices using the the [register-appservice](https://gitlab.com/famedly/conduit/-/blob/next/APPSERVICES.md) command.
 For Conduit, you will have to manually register appservices using the the [register-appservice](https://gitlab.com/famedly/conduit/-/blob/next/APPSERVICES.md) command.
 Find the `registration.yaml` in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`, then pass the content to Conduit:
--- a/docs/configuring-playbook-conduwuit.md
+++ b/docs/configuring-playbook-conduwuit.md
@@ -0,0 +1,95 @@
 # Configuring Conduwuit (optional)
 The playbook can install and configure the [Conduwuit](https://conduwuit.puppyirl.gay/) Matrix server for you.
 See the project's [documentation](https://conduwuit.puppyirl.gay/) to learn what it does and why it might be useful to you.
 By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.
 💡 **Note**: Conduwuit is a fork of [Conduit](./configuring-playbook-conduit.md), which the playbook also supports. See [Differences from upstream Conduit](https://conduwuit.puppyirl.gay/differences.html).
 ⚠️ **Warnings**:
 - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduwuit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
 - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
 ## Adjusting the playbook configuration
 To use Conduwuit, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:
 ```yaml
 matrix_homeserver_implementation: conduwuit
 # Registering users can only happen via the API,
 # so it makes sense to enable it, at least initially.
 matrix_conduwuit_config_allow_registration: true
 # Generate a strong registration token to protect the registration endpoint from abuse.
 # You can create one with a command like `pwgen -s 64 1`.
 matrix_conduwuit_config_registration_token: ''
 ```
 ### Extending the configuration
 There are some additional things you may wish to configure about the server.
 Take a look at:
 - `roles/custom/matrix-conduwuit/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2` for the server's default configuration
 There are various Ansible variables that control settings in the `conduwuit.toml` file.
 If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://conduwuit.puppyirl.gay/configuration.html#environment-variables) using `matrix_conduwuit_environment_variables_extension`. For example:
 ```yaml
 matrix_conduwuit_environment_variables_extension: |
  CONDUWUIT_MAX_REQUEST_SIZE=50000000
  CONDUWUIT_REQUEST_TIMEOUT=60
 ```
 ## Creating the first user account
 Unlike other homeserver implementations (like Synapse and Dendrite), Conduwuit does not support creating users via the command line or via the playbook.
 If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
 This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
 The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.
 ## Configuring bridges / appservices
 For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver.
 For Conduwuit, you will have to manually register appservices using the [`!admin appservices register` command](https://conduwuit.puppyirl.gay/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account.
 The server's bot account has a Matrix ID of `@conduit:example.com` (not `@conduwuit:example.com`!) due to Conduwuit's historical legacy.
 Your first user account would already have been invited to an admin room with this bot.
 Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`.
 Then, send its content to the existing admin room:
    !admin appservices register
    ```
    as_token: <token>
    de.sorunome.msc2409.push_ephemeral: true
    hs_token: <token>
    id: signal
    namespaces:
      aliases:
      - exclusive: true
        regex: ^#signal_.+:example\.org$
      users:
      - exclusive: true
        regex: ^@signal_.+:example\.org$
      - exclusive: true
        regex: ^@signalbot:example\.org$
    rate_limited: false
    sender_localpart: _bot_signalbot
    url: http://matrix-mautrix-signal:29328
    ```
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -35,6 +35,8 @@ For a more custom setup, see the [Other configuration options](#other-configurat
  - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation
  - [Configuring Conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [Conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation
  - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation
 - Server components:
--- a/docs/container-images.md
+++ b/docs/container-images.md
@@ -10,6 +10,7 @@ We try to stick to official images (provided by their respective projects) as mu
 | ------- | --------------- | -------- | ----------- |
 | [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network |
 | [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements |
 | [Conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduwuit is a fork of Conduit. |
 | [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. |
 ## Clients
--- a/docs/howto-srv-server-delegation.md
+++ b/docs/howto-srv-server-delegation.md
@@ -18,7 +18,7 @@ The up-to-date list can be accessed on [traefik's documentation](https://doc.tra
 **Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels:
 - if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md) or [Dendrite](./configuring-playbook-dendrite.md))
 - if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [Conduwuit](./configuring-playbook-conduwuit.md) or [Dendrite](./configuring-playbook-dendrite.md))
 - if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached
 Also, all instructions below are from an older version of the playbook and may not work anymore.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -232,7 +232,7 @@ matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_revers
 matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}"
 # Starting from version `0.6.0` Conduit natively supports some sync v3 (sliding-sync) features.
 matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit'] else '') }}"
 matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit'] else '') }}"
 ########################################################################
 #                                                                      #
@@ -553,6 +553,7 @@ matrix_homeserver_container_client_api_endpoint: |-
      'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled | default(false) else ('matrix-synapse:'+ matrix_synapse_container_client_api_port | default('8008') | string)),
      'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
      'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
      'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
    }[matrix_homeserver_implementation]
  }}
@@ -562,6 +563,7 @@ matrix_homeserver_container_federation_api_endpoint: |-
      'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else ('matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | default('8008') | string)),
      'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
      'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
      'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
    }[matrix_homeserver_implementation]
  }}
@@ -5503,6 +5505,7 @@ grafana_default_home_dashboard_path: |-
      'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled and matrix_synapse_metrics_enabled else ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else '')),
      'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
      'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
      'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
    }[matrix_homeserver_implementation]
  }}
@@ -5560,6 +5563,7 @@ matrix_registration_shared_secret: |-
      'synapse': matrix_synapse_registration_shared_secret | default (''),
      'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
      'conduit': '',
      'conduwuit': '',
    }[matrix_homeserver_implementation]
  }}
@@ -5804,6 +5808,68 @@ matrix_conduit_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix
 ######################################################################
 ######################################################################
 #
 # matrix-conduwuit
 #
 ######################################################################
 matrix_conduwuit_enabled: "{{ matrix_homeserver_implementation == 'conduwuit' }}"
 matrix_conduwuit_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_conduwuit_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}"
 matrix_conduwuit_container_network: "{{ matrix_homeserver_container_network }}"
 matrix_conduwuit_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_conduwuit_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
    ) | unique
  }}
 matrix_conduwuit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
 matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_conduwuit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_conduwuit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_conduwuit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduwuit_container_labels_public_client_root_redirection_url != '' }}"
 matrix_conduwuit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
 matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
 matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
 matrix_conduwuit_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
 matrix_conduwuit_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
 matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
 matrix_conduwuit_config_turn_uris: |
  {{
    ([
      'turns:' + matrix_server_fqn_matrix + '?transport=udp',
      'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
    ] if matrix_coturn_enabled and matrix_coturn_tls_enabled else [])
    +
    ([
      'turn:' + matrix_server_fqn_matrix + '?transport=udp',
      'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
    ] if matrix_coturn_enabled else [])
  }}
 matrix_conduwuit_config_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
 matrix_conduwuit_config_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
 matrix_conduwuit_config_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
 matrix_conduwuit_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
 ######################################################################
 #
 # /matrix-conduwuit
 #
 ######################################################################
 ######################################################################
 #
 # matrix-user-creator
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@@ -21,7 +21,7 @@ setuptools==75.8.0
 snowballstemmer==2.2.0
 Sphinx==8.1.3
 sphinx-intl==2.3.1
 sphinx-markdown-builder==0.6.7
 sphinx-markdown-builder==0.6.8
 sphinxcontrib-applehelp==2.0.0
 sphinxcontrib-devhelp==2.0.0
 sphinxcontrib-htmlhelp==2.1.0
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -49,7 +49,7 @@ matrix_monitoring_container_network: matrix-monitoring
 matrix_homeserver_enabled: true
 # This will contain the homeserver implementation that is in use.
 # Valid values: synapse, dendrite, conduit
 # Valid values: synapse, dendrite, conduit, conduwuit
 #
 # By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
 #
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@@ -3,7 +3,7 @@
 - name: Fail if invalid homeserver implementation
  ansible.builtin.fail:
    msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit']"
 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@@ -131,7 +131,7 @@ matrix_conduit_allow_registration: false
 matrix_conduit_allow_federation: true
 # Enable the display name lightning bolt on registration.
 matrix_conduit_enable_lightning_bolt: true
 matrix_conduit_enable_lightning_bolt: false
 matrix_conduit_trusted_servers:
 - "matrix.org"
--- a/roles/custom/matrix-conduwuit/defaults/main.yml
+++ b/roles/custom/matrix-conduwuit/defaults/main.yml
@@ -0,0 +1,189 @@
 ---
 # conduwuit is a very cool, featureful fork of conduit (https://gitlab.com/famedly/conduit).
 # Project source code URL: https://github.com/girlbossceo/conduwuit
 # See: https://conduwuit.puppyirl.gay/
 matrix_conduwuit_enabled: true
 matrix_conduwuit_hostname: ''
 matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_registry_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}"
 matrix_conduwuit_docker_image_name_prefix: "docker.io/"
 # renovate: datasource=docker depName=ghcr.io/girlbossceo/conduwuit
 matrix_conduwuit_docker_image_tag: v0.4.6-8f7ade4c22533a3177bfd8f175e178573ba6c1d4
 matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}"
 matrix_conduwuit_docker_image_registry_prefix: ghcr.io/
 matrix_conduwuit_base_path: "{{ matrix_base_data_path }}/conduwuit"
 matrix_conduwuit_config_path: "{{ matrix_conduwuit_base_path }}/config"
 matrix_conduwuit_data_path: "{{ matrix_conduwuit_base_path }}/data"
 matrix_conduwuit_config_port_number: 6167
 matrix_conduwuit_tmp_directory_size_mb: 500
 # List of systemd services that matrix-conduwuit.service depends on
 matrix_conduwuit_systemd_required_services_list: "{{ matrix_conduwuit_systemd_required_services_list_default + matrix_conduwuit_systemd_required_services_list_auto + matrix_conduwuit_systemd_required_services_list_custom }}"
 matrix_conduwuit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
 matrix_conduwuit_systemd_required_services_list_auto: []
 matrix_conduwuit_systemd_required_services_list_custom: []
 # List of systemd services that matrix-conduwuit.service wants
 matrix_conduwuit_systemd_wanted_services_list: []
 # Controls how long to sleep for after starting the matrix-synapse container.
 #
 # Delaying, so that the homeserver can manage to fully start and various services
 # that depend on it (`matrix_conduwuit_systemd_required_services_list` and `matrix_conduwuit_systemd_wanted_services_list`)
 # may only start after the homeserver is up and running.
 #
 # This can be set to 0 to remove the delay.
 matrix_conduwuit_systemd_service_post_start_delay_seconds: 3
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_conduwuit_container_network: ""
 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_conduwuit_container_additional_networks: "{{ matrix_conduwuit_container_additional_networks_auto + matrix_conduwuit_container_additional_networks_custom }}"
 matrix_conduwuit_container_additional_networks_auto: []
 matrix_conduwuit_container_additional_networks_custom: []
 # matrix_conduwuit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
 # To inject your own other container labels, see `matrix_conduwuit_container_labels_additional_labels`.
 matrix_conduwuit_container_labels_traefik_enabled: true
 matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_conduwuit_container_network }}"
 matrix_conduwuit_container_labels_traefik_entrypoints: web-secure
 matrix_conduwuit_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 # Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint.
 matrix_conduwuit_container_labels_public_client_root_enabled: true
 matrix_conduwuit_container_labels_public_client_root_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
 matrix_conduwuit_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)"
 matrix_conduwuit_container_labels_public_client_root_traefik_priority: 0
 matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"
 matrix_conduwuit_container_labels_public_client_root_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints != 'web' }}"
 matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 matrix_conduwuit_container_labels_public_client_root_redirection_enabled: false
 matrix_conduwuit_container_labels_public_client_root_redirection_url: ""
 # Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint.
 matrix_conduwuit_container_labels_public_client_api_enabled: true
 matrix_conduwuit_container_labels_public_client_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
 matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix: /_matrix
 matrix_conduwuit_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}`)"
 matrix_conduwuit_container_labels_public_client_api_traefik_priority: 0
 matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"
 matrix_conduwuit_container_labels_public_client_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints != 'web' }}"
 matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 # Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint.
 # This is similar to `matrix_conduwuit_container_labels_public_client_api_enabled`, but the entrypoint and intent is different.
 matrix_conduwuit_container_labels_internal_client_api_enabled: false
 matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}"
 matrix_conduwuit_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix }}`)"
 matrix_conduwuit_container_labels_internal_client_api_traefik_priority: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }}"
 matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: ""
 # Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint.
 matrix_conduwuit_container_labels_public_federation_api_enabled: "{{ matrix_conduwuit_config_allow_federation }}"
 matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
 matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix: /_matrix
 matrix_conduwuit_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix }}`)"
 matrix_conduwuit_container_labels_public_federation_api_traefik_priority: 0
 matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: ''
 # TLS is force-enabled here, because the spec (https://spec.matrix.org/v1.9/server-server-api/#tls) says that the federation API must use HTTPS.
 matrix_conduwuit_container_labels_public_federation_api_traefik_tls: true
 matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 # Controls whether labels will be added that expose the `/_conduwuit` path prefix on a public Traefik entrypoint.
 matrix_conduwuit_container_labels_public_conduwuit_api_enabled: true
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_path_prefix: /_conduwuit
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_path_prefix }}`)"
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority: 0
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints != 'web' }}"
 matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 # matrix_conduwuit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
 # Example:
 # matrix_conduwuit_container_labels_additional_labels: |
 #   my.label=1
 #   another.label="here"
 matrix_conduwuit_container_labels_additional_labels: ''
 # Extra arguments for the Docker container
 matrix_conduwuit_container_extra_arguments: []
 # Specifies which template files to use when configuring conduwuit.
 # If you'd like to have your own different configuration, feel free to copy and paste
 # the original files into your inventory (e.g. in `inventory/host_vars/matrix.example.com/`)
 # and then change the specific host's `vars.yml` file like this:
 # matrix_conduwuit_template_conduwuit_config: "{{ playbook_dir }}/inventory/host_vars/matrix.example.com/conduwuit.toml.j2"
 matrix_conduwuit_template_conduwuit_config: "{{ role_path }}/templates/conduwuit.toml.j2"
 # Max size for uploads, in bytes
 matrix_conduwuit_config_server_name: "{{ matrix_domain }}"
 # Max size for uploads, in bytes
 matrix_conduwuit_config_max_request_size: 20_000_000
 # Enables registration. If set to false, no users can register on this server.
 matrix_conduwuit_config_allow_registration: false
 # Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting.
 # This is only used when `matrix_conduwuit_config_allow_registration` is set to true and no registration token is configured.
 matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false
 # Controls the `registration_token` setting.
 # When registration is enabled (`matrix_conduwuit_config_allow_registration`) you:
 # - either need to set a token to protect registration from abuse
 # - or you need to enable the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting
 #   (see `matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`),
 #   to allow registration without any form of 2nd-step.
 matrix_conduwuit_config_registration_token: ''
 # Controls the `new_user_displayname_suffix` setting.
 # This is the suffix that will be added to the displayname of new users.
 # Upstream defaults this to "🏳️‍⚧️", but we keep this consistent across all homeserver implementations and do not enable a suffix.
 matrix_conduwuit_config_new_user_displayname_suffix: ""
 # Controls the `allow_check_for_updates` setting.
 matrix_conduwuit_config_allow_check_for_updates: false
 # Controls the `emergency_password` setting.
 matrix_conduwuit_config_emergency_password: ''
 # Controls the `allow_federation` setting.
 matrix_conduwuit_config_allow_federation: true
 matrix_conduwuit_trusted_servers:
 - "matrix.org"
 matrix_conduwuit_config_log: "info,state_res=warn,rocket=off,_=off,sled=off"
 # TURN integration.
 # See: https://conduwuit.puppyirl.gay/turn.html
 matrix_conduwuit_config_turn_uris: []
 matrix_conduwuit_config_turn_secret: ''
 matrix_conduwuit_config_turn_username: ''
 matrix_conduwuit_config_turn_password: ''
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_conduwuit_self_check_validate_certificates: true
 # Additional environment variables to pass to the container.
 #
 # Environment variables take priority over settings in the configuration file.
 #
 # Example:
 # matrix_conduwuit_environment_variables_extension: |
 #   CONDUWUIT_MAX_REQUEST_SIZE=50000000
 #   CONDUWUIT_REQUEST_TIMEOUT=60
 matrix_conduwuit_environment_variables_extension: ''
--- a/roles/custom/matrix-conduwuit/tasks/install.yml
+++ b/roles/custom/matrix-conduwuit/tasks/install.yml
@@ -0,0 +1,60 @@
 ---
 - name: Ensure conduwuit config path exists
  ansible.builtin.file:
    path: "{{ matrix_conduwuit_config_path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure conduwuit data path exists
  ansible.builtin.file:
    path: "{{ matrix_conduwuit_data_path }}"
    state: directory
    mode: 0770
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure conduwuit configuration installed
  ansible.builtin.template:
    src: "{{ matrix_conduwuit_template_conduwuit_config }}"
    dest: "{{ matrix_conduwuit_config_path }}/conduwuit.toml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure conduwuit support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_conduwuit_base_path }}/{{ item }}"
    mode: 0640
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - labels
    - env
 - name: Ensure conduwuit container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_conduwuit_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 - name: Ensure conduwuit container image is pulled
  community.docker.docker_image:
    name: "{{ matrix_conduwuit_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_conduwuit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduwuit_docker_image_force_pull }}"
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed
 - name: Ensure matrix-conduwuit.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-conduwuit.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service"
    mode: 0644
--- a/roles/custom/matrix-conduwuit/tasks/main.yml
+++ b/roles/custom/matrix-conduwuit/tasks/main.yml
@@ -0,0 +1,29 @@
 ---
 - tags:
    - setup-all
    - setup-conduwuit
    - install-all
    - install-conduwuit
  block:
    - when: matrix_conduwuit_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
    - when: matrix_conduwuit_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
 - tags:
    - setup-all
    - setup-conduwuit
  block:
    - when: not matrix_conduwuit_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
 - tags:
    - self-check
  block:
    - when: matrix_conduwuit_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
    - when: matrix_conduwuit_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
--- a/roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml
+++ b/roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml
@@ -0,0 +1,23 @@
 ---
 - name: Check Matrix Client API
  ansible.builtin.uri:
    url: "{{ matrix_conduwuit_client_api_url_endpoint_public }}"
    follow_redirects: none
    validate_certs: "{{ matrix_conduwuit_self_check_validate_certificates }}"
  register: result_matrix_conduwuit_client_api
  ignore_errors: true
  check_mode: false
  when: matrix_conduwuit_enabled | bool
  delegate_to: 127.0.0.1
  become: false
 - name: Fail if Matrix Client API not working
  ansible.builtin.fail:
    msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_conduwuit_client_api_url_endpoint_public }}`). Is Conduwuit running? Is port 443 open in your firewall? Full error: {{ result_matrix_conduwuit_client_api }}"
  when: "matrix_conduwuit_enabled | bool and (result_matrix_conduwuit_client_api.failed or 'json' not in result_matrix_conduwuit_client_api)"
 - name: Report working Matrix Client API
  ansible.builtin.debug:
    msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_conduwuit_client_api_url_endpoint_public }}`) is working"
  when: matrix_conduwuit_enabled | bool
--- a/roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml
+++ b/roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml
@@ -0,0 +1,28 @@
 ---
 - name: Check Matrix Federation API
  ansible.builtin.uri:
    url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
    follow_redirects: none
    validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
  register: result_matrix_synapse_federation_api
  ignore_errors: true
  check_mode: false
  when: matrix_synapse_enabled | bool
  delegate_to: 127.0.0.1
  become: false
 - name: Fail if Matrix Federation API not working
  ansible.builtin.fail:
    msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
  when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
 - name: Fail if Matrix Federation API unexpectedly enabled
  ansible.builtin.fail:
    msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled."
  when: "matrix_synapse_enabled | bool and not matrix_synapse_federation_enabled | bool and not result_matrix_synapse_federation_api.failed"
 - name: Report working Matrix Federation API
  ansible.builtin.debug:
    msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
  when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool"
--- a/roles/custom/matrix-conduwuit/tasks/setup_install.yml
+++ b/roles/custom/matrix-conduwuit/tasks/setup_install.yml
@@ -0,0 +1,59 @@
 ---
 - name: Ensure conduwuit config path exists
  ansible.builtin.file:
    path: "{{ matrix_conduwuit_config_path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure conduwuit data path exists
  ansible.builtin.file:
    path: "{{ matrix_conduwuit_data_path }}"
    state: directory
    mode: 0770
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure conduwuit configuration installed
  ansible.builtin.template:
    src: "{{ matrix_conduwuit_template_conduwuit_config }}"
    dest: "{{ matrix_conduwuit_config_path }}/conduwuit.toml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure conduwuit support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_conduwuit_base_path }}/{{ item }}"
    mode: 0640
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - labels
 - name: Ensure conduwuit container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_conduwuit_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 - name: Ensure conduwuit container image is pulled
  community.docker.docker_image:
    name: "{{ matrix_conduwuit_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_conduwuit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduwuit_docker_image_force_pull }}"
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed
 - name: Ensure matrix-conduwuit.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-conduwuit.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service"
    mode: 0644
--- a/roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml
@@ -0,0 +1,19 @@
 ---
 - name: Check existence of matrix-conduwuit service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service"
  register: matrix_conduwuit_service_stat
 - when: matrix_conduwuit_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-conduwuit is stopped
      ansible.builtin.systemd:
        name: matrix-conduwuit
        state: stopped
        daemon_reload: true
    - name: Ensure matrix-conduwuit.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service"
        state: absent
--- a/roles/custom/matrix-conduwuit/tasks/uninstall.yml
+++ b/roles/custom/matrix-conduwuit/tasks/uninstall.yml
@@ -0,0 +1,19 @@
 ---
 - name: Check existence of matrix-conduwuit service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service"
  register: matrix_conduwuit_service_stat
 - when: matrix_conduwuit_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-conduwuit is stopped
      ansible.builtin.systemd:
        name: matrix-conduwuit
        state: stopped
        daemon_reload: true
    - name: Ensure matrix-conduwuit.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service"
        state: absent
--- a/roles/custom/matrix-conduwuit/tasks/validate_config.yml
+++ b/roles/custom/matrix-conduwuit/tasks/validate_config.yml
@@ -0,0 +1,11 @@
 ---
 - name: Fail if required conduwuit settings not defined
  ansible.builtin.fail:
    msg: >-
      You need to define a required configuration setting (`{{ item.name }}`).
  when: "item.when | bool and vars[item.name] == ''"
  with_items:
    - {'name': 'matrix_conduwuit_hostname', when: true}
    - {'name': 'matrix_conduwuit_container_network', when: true}
    - {'name': 'matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_conduwuit_container_labels_internal_client_api_enabled }}"}
--- a/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
+++ b/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
--- a/roles/custom/matrix-conduwuit/templates/env.j2
+++ b/roles/custom/matrix-conduwuit/templates/env.j2
@@ -0,0 +1 @@
 {{ matrix_conduwuit_environment_variables_extension }}
--- a/roles/custom/matrix-conduwuit/templates/labels.j2
+++ b/roles/custom/matrix-conduwuit/templates/labels.j2
@@ -0,0 +1,165 @@
 {% if matrix_conduwuit_container_labels_traefik_enabled %}
 traefik.enable=true
 {% if matrix_conduwuit_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_conduwuit_container_labels_traefik_docker_network }}
 {% endif %}
 traefik.http.services.matrix-conduwuit.loadbalancer.server.port={{ matrix_conduwuit_config_port_number }}
 {% if matrix_conduwuit_container_labels_public_client_root_enabled %}
 ############################################################
 #                                                          #
 # Public Root path (/)                                     #
 #                                                          #
 ############################################################
 {% set client_root_middlewares = [] %}
 {% if matrix_conduwuit_container_labels_public_client_root_redirection_enabled %}
 {% set client_root_middlewares = client_root_middlewares + ['matrix-conduwuit-client-root-redirect'] %}
 traefik.http.middlewares.matrix-conduwuit-client-root-redirect.redirectregex.regex=(.*)
 traefik.http.middlewares.matrix-conduwuit-client-root-redirect.redirectregex.replacement={{ matrix_conduwuit_container_labels_public_client_root_redirection_url }}
 {% endif %}
 traefik.http.routers.matrix-conduwuit-public-client-root.rule={{ matrix_conduwuit_container_labels_public_client_root_traefik_rule }}
 traefik.http.routers.matrix-conduwuit-public-client-root.middlewares={{ client_root_middlewares | join(',') }}
 {% if matrix_conduwuit_container_labels_public_client_root_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-conduwuit-public-client-root.priority={{ matrix_conduwuit_container_labels_public_client_root_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-conduwuit-public-client-root.service=matrix-conduwuit
 traefik.http.routers.matrix-conduwuit-public-client-root.entrypoints={{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints }}
 traefik.http.routers.matrix-conduwuit-public-client-root.tls={{ matrix_conduwuit_container_labels_public_client_root_traefik_tls | to_json }}
 {% if matrix_conduwuit_container_labels_public_client_root_traefik_tls %}
 traefik.http.routers.matrix-conduwuit-public-client-root.tls.certResolver={{ matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver }}
 {% endif %}
 ############################################################
 #                                                          #
 # /Public Root path (/)                                    #
 #                                                          #
 ############################################################
 {% endif %}
 {% if matrix_conduwuit_container_labels_public_client_api_enabled %}
 ############################################################
 #                                                          #
 # Public Client-API (/_matrix)                             #
 #                                                          #
 ############################################################
 traefik.http.routers.matrix-conduwuit-public-client-api.rule={{ matrix_conduwuit_container_labels_public_client_api_traefik_rule }}
 {% if matrix_conduwuit_container_labels_public_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-conduwuit-public-client-api.priority={{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-conduwuit-public-client-api.service=matrix-conduwuit
 traefik.http.routers.matrix-conduwuit-public-client-api.entrypoints={{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints }}
 traefik.http.routers.matrix-conduwuit-public-client-api.tls={{ matrix_conduwuit_container_labels_public_client_api_traefik_tls | to_json }}
 {% if matrix_conduwuit_container_labels_public_client_api_traefik_tls %}
 traefik.http.routers.matrix-conduwuit-public-client-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver }}
 {% endif %}
 ############################################################
 #                                                          #
 # /Public Client-API (/_matrix)                            #
 #                                                          #
 ############################################################
 {% endif %}
 {% if matrix_conduwuit_container_labels_internal_client_api_enabled %}
 ############################################################
 #                                                          #
 # Internal Client-API (/_matrix)                           #
 #                                                          #
 ############################################################
 traefik.http.routers.matrix-conduwuit-internal-client-api.rule={{ matrix_conduwuit_container_labels_internal_client_api_traefik_rule }}
 {% if matrix_conduwuit_container_labels_internal_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-conduwuit-internal-client-api.priority={{ matrix_conduwuit_container_labels_internal_client_api_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-conduwuit-internal-client-api.service=matrix-conduwuit
 traefik.http.routers.matrix-conduwuit-internal-client-api.entrypoints={{ matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints }}
 ############################################################
 #                                                          #
 # /Internal Client-API (/_matrix)                          #
 #                                                          #
 ############################################################
 {% endif %}
 {% if matrix_conduwuit_container_labels_public_federation_api_enabled %}
 ############################################################
 #                                                          #
 # Public Federation-API (/_matrix)                         #
 #                                                          #
 ############################################################
 traefik.http.routers.matrix-conduwuit-public-federation-api.rule={{ matrix_conduwuit_container_labels_public_federation_api_traefik_rule }}
 {% if matrix_conduwuit_container_labels_public_federation_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-conduwuit-public-federation-api.priority={{ matrix_conduwuit_container_labels_public_federation_api_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-conduwuit-public-federation-api.service=matrix-conduwuit
 traefik.http.routers.matrix-conduwuit-public-federation-api.entrypoints={{ matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints }}
 traefik.http.routers.matrix-conduwuit-public-federation-api.tls={{ matrix_conduwuit_container_labels_public_federation_api_traefik_tls | to_json }}
 {% if matrix_conduwuit_container_labels_public_federation_api_traefik_tls %}
 traefik.http.routers.matrix-conduwuit-public-federation-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver }}
 {% endif %}
 ############################################################
 #                                                          #
 # /Public Federation-API (/_matrix)                        #
 #                                                          #
 ############################################################
 {% endif %}
 {% if matrix_conduwuit_container_labels_public_conduwuit_api_enabled %}
 ############################################################
 #                                                          #
 # Public Conduwuit-API (/_conduwuit)                       #
 #                                                          #
 ############################################################
 traefik.http.routers.matrix-conduwuit-public-conduwuit-api.rule={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_rule }}
 {% if matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-conduwuit-public-conduwuit-api.priority={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-conduwuit-public-conduwuit-api.service=matrix-conduwuit
 traefik.http.routers.matrix-conduwuit-public-conduwuit-api.entrypoints={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints }}
 traefik.http.routers.matrix-conduwuit-public-conduwuit-api.tls={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls | to_json }}
 {% if matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls %}
 traefik.http.routers.matrix-conduwuit-public-conduwuit-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls_certResolver }}
 {% endif %}
 ############################################################
 #                                                          #
 # /Public Conduwuit-API (/_conduwuit)                      #
 #                                                          #
 ############################################################
 {% endif %}
 {% endif %}
 {{ matrix_conduwuit_container_labels_additional_labels }}
--- a/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2
+++ b/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2
@@ -0,0 +1,51 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=conduwuit Matrix homeserver
 {% for service in matrix_conduwuit_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduwuit 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduwuit 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name=matrix-conduwuit \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduwuit_tmp_directory_size_mb }}m \
 			--network={{ matrix_conduwuit_container_network }} \
 			--env CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml \
 			--label-file={{ matrix_conduwuit_base_path }}/labels \
 			--mount type=bind,src={{ matrix_conduwuit_data_path }},dst=/var/lib/conduwuit \
 			--mount type=bind,src={{ matrix_conduwuit_config_path }},dst=/etc/conduwuit,ro \
 			{% for arg in matrix_conduwuit_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_conduwuit_docker_image }}
 {% for network in matrix_conduwuit_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-conduwuit
 {% endfor %}
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduwuit
 {% if matrix_conduwuit_systemd_service_post_start_delay_seconds != 0 %}
 ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_conduwuit_systemd_service_post_start_delay_seconds }}
 {% endif %}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduwuit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduwuit 2>/dev/null || true'
 ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduwuit /bin/sh -c 'kill -HUP 1'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-conduwuit
 [Install]
 WantedBy=multi-user.target
--- a/roles/custom/matrix-conduwuit/vars/main.yml
+++ b/roles/custom/matrix-conduwuit/vars/main.yml
@@ -0,0 +1,4 @@
 ---
 matrix_conduwuit_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduwuit_hostname }}/_matrix/client/versions"
 matrix_conduwuit_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduwuit_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -48,6 +48,10 @@ matrix_synapse_container_image_customizations_enabled: |-
 # The version that will be installed is specified in `matrix_synapse_ext_synapse_s3_storage_provider_version`.
 matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"
 # Controls whether to install an old version of boto3 and botocore, to work around the following issue:
 # https://github.com/aws/aws-cli/issues/9214
 matrix_synapse_container_image_customizations_s3_storage_provider_installation_old_boto_workaround_enabled: true
 # Controls whether custom build steps will be added to the Dockerfile for installing auto-accept-invite module.
 # The version that will be installed is specified in `matrix_synapse_ext_synapse_auto_accept_invite_version`.
 matrix_synapse_container_image_customizations_auto_accept_invite_installation_enabled: "{{ matrix_synapse_ext_synapse_auto_accept_invite_enabled }}"
--- a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2
@@ -6,8 +6,12 @@ RUN pip install synapse-auto-accept-invite=={{ matrix_synapse_ext_synapse_auto_a
 {% endif %}
 {% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %}
 {% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_old_boto_workaround_enabled %}
 RUN pip install 'boto3<1.36.0' 'botocore<1.36.0' synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }}
 {% else %}
 RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }}
 {% endif %}
 {% endif %}
 {% if matrix_synapse_container_image_customizations_templates_enabled %}
 {#
--- a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduwuit.yml
+++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduwuit.yml
@@ -0,0 +1,5 @@
 ---
 - name: Ensure Conduwuit user registered - {{ user.username | quote }}
  ansible.builtin.debug:
    msg: "Not registering user. To register Conduwuit users, message the Conduwuit bot"
--- a/setup.yml
+++ b/setup.yml
@@ -106,6 +106,7 @@
    - custom/matrix-synapse-reverse-proxy-companion
    - custom/matrix-dendrite
    - custom/matrix-conduit
    - custom/matrix-conduwuit
    - custom/matrix-synapse-admin
    - custom/matrix-synapse-usage-exporter
    - galaxy/prometheus_node_exporter