Add continuwuity support (#4267)

* continuwuity support

* continuwuity support

* use main instead of commit tag

* fix docker image link

* migration from conduwuit

* fix yaml lint

* backup directories and linter fixes

* linter fixes

README.md

@@ -53,6 +53,7 @@ The homeserver is the backbone of your Matrix system. Choose one from the follow
 | [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
 | [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
 | [conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) |
+| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | [Link](docs/configuring-playbook-continuwuity.md) |
 | [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |
 
 ### Clients

docs/configuring-playbook-continuwuity.md

@@ -0,0 +1,108 @@
+<!--
+SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Configuring continuwuity (optional)
+
+The playbook can install and configure the [continuwuity](https://continuwuity.org) Matrix server for you.
+
+See the project's [documentation](https://continuwuity.org) to learn what it does and why it might be useful to you.
+
+By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.
+
+💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports.
+
+> [!WARNING]
+> - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
+> - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
+
+## Adjusting the playbook configuration
+
+To use continuwuity, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:
+
+```yaml
+matrix_homeserver_implementation: continuwuity
+
+# Registering users can only happen via the API,
+# so it makes sense to enable it, at least initially.
+matrix_continuwuity_config_allow_registration: true
+
+# Generate a strong registration token to protect the registration endpoint from abuse.
+# You can create one with a command like `pwgen -s 64 1`.
+matrix_continuwuity_config_registration_token: ''
+```
+
+### Extending the configuration
+
+There are some additional things you may wish to configure about the server.
+
+Take a look at:
+
+- `roles/custom/matrix-continuwuity/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2` for the server's default configuration
+
+There are various Ansible variables that control settings in the `continuwuity.toml` file.
+
+If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example:
+
+```yaml
+matrix_continuwuity_environment_variables_extension: |
+  continuwuity_MAX_REQUEST_SIZE=50000000
+  continuwuity_REQUEST_TIMEOUT=60
+```
+
+## Creating the first user account
+
+Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook.
+
+If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
+
+This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
+
+The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.
+
+
+## Configuring bridges / appservices
+
+For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver.
+
+For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account.
+
+The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy.
+Your first user account would already have been invited to an admin room with this bot.
+
+Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`.
+
+Then, send its content to the existing admin room:
+
+    !admin appservices register
+
+    ```
+    as_token: <token>
+    de.sorunome.msc2409.push_ephemeral: true
+    hs_token: <token>
+    id: signal
+    namespaces:
+      aliases:
+      - exclusive: true
+        regex: ^#signal_.+:example\.org$
+      users:
+      - exclusive: true
+        regex: ^@signal_.+:example\.org$
+      - exclusive: true
+        regex: ^@signalbot:example\.org$
+    rate_limited: false
+    sender_localpart: _bot_signalbot
+    url: http://matrix-mautrix-signal:29328
+    ```
+
+## Migrating from conduwuit
+
+Since continuwuity is a drop-in replacement for conduwuit, migration is possible. First, make sure that continuwuity is properly set up on your `vars.yml` and run the tag `just run-tags migrate-conduwuit`
+
+## Troubleshooting
+
+As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-continuwuity`.

docs/configuring-playbook.md

@@ -53,6 +53,8 @@ For a more custom setup, see the [Other configuration options](#other-configurat
 
   - [Configuring conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation
 
+  - [Configuring continuwuity](configuring-playbook-continuwuity.md), if you've switched to the [continuwuity](https://continuwuity.org) homeserver implementation
+
   - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation
 
 - Server components:

docs/container-images.md

@@ -28,6 +28,7 @@ We try to stick to official images (provided by their respective projects) as mu
 | [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network |
 | [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements |
 | [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. |
+| [continuwuity](configuring-playbook-continuwuity.md) | [continuwuation/continuwuity](https://forgejo.ellis.link/continuwuation/continuwuity) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. |
 | [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. |
 
 ## Clients

docs/howto-srv-server-delegation.md

@@ -26,7 +26,7 @@ The up-to-date list can be accessed on [traefik's documentation](https://doc.tra
 
 **Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels:
 
-- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md) or [Dendrite](./configuring-playbook-dendrite.md))
+- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md))
 - if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached
 
 Also, all instructions below are from an older version of the playbook and may not work anymore.

group_vars/matrix_servers

@@ -243,7 +243,7 @@ matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_revers
 matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}"
 
 # Starting from version `0.6.0` Conduit natively supports some sync v3 (sliding-sync) features.
-matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit'] else '') }}"
+matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit', 'continuwuity'] else '') }}"
 
 ########################################################################
 #                                                                      #
@@ -567,6 +567,7 @@ matrix_homeserver_container_client_api_endpoint: |-
       'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
       'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
       'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
+      'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string),
     }[matrix_homeserver_implementation]
   }}
 
@@ -577,6 +578,7 @@ matrix_homeserver_container_federation_api_endpoint: |-
       'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
       'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
       'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
+      'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string),
     }[matrix_homeserver_implementation]
   }}
 
@@ -5640,6 +5642,7 @@ grafana_default_home_dashboard_path: |-
       'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
       'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
       'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
+      'continuwuity': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
     }[matrix_homeserver_implementation]
   }}
 
@@ -5700,6 +5703,7 @@ matrix_registration_shared_secret: |-
       'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
       'conduit': '',
       'conduwuit': '',
+      'continuwuity': '',
     }[matrix_homeserver_implementation]
   }}
 
@@ -5977,6 +5981,58 @@ matrix_conduwuit_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabl
 ######################################################################
 
 
+######################################################################
+#
+# matrix-continuwuity
+#
+######################################################################
+
+matrix_continuwuity_enabled: "{{ matrix_homeserver_implementation == 'continuwuity' }}"
+
+matrix_continuwuity_hostname: "{{ matrix_server_fqn_matrix }}"
+
+matrix_continuwuity_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}"
+
+matrix_continuwuity_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_continuwuity_docker_image_registry_prefix_upstream_default }}"
+
+matrix_continuwuity_container_network: "{{ matrix_homeserver_container_network }}"
+
+matrix_continuwuity_container_additional_networks_auto: |
+  {{
+    (
+      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_continuwuity_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+    ) | unique
+  }}
+
+matrix_continuwuity_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
+matrix_continuwuity_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_continuwuity_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
+matrix_continuwuity_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+
+matrix_continuwuity_container_labels_public_client_root_redirection_enabled: "{{ matrix_continuwuity_container_labels_public_client_root_redirection_url != '' }}"
+matrix_continuwuity_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
+
+matrix_continuwuity_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
+matrix_continuwuity_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
+matrix_continuwuity_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
+
+matrix_continuwuity_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
+matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
+
+matrix_continuwuity_config_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}"
+matrix_continuwuity_config_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
+matrix_continuwuity_config_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
+matrix_continuwuity_config_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
+
+matrix_continuwuity_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
+
+######################################################################
+#
+# /matrix-continuwuity
+#
+######################################################################
+
+
 ######################################################################
 #
 # matrix-user-creator

i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-continuwuity.po

@@ -0,0 +1,134 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community
+# members
+# This file is distributed under the same license as the
+# matrix-docker-ansible-deploy package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2025.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: matrix-docker-ansible-deploy \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: bg\n"
+"Language-Team: bg <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../../docs/configuring-playbook-continuwuity.md:1
+msgid "Configuring continuwuity (optional)"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:3
+msgid "The playbook can install and configure the [continuwuity](https://continuwuity.org/) Matrix server for you."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:5
+msgid "See the project's [documentation](https://continuwuity.org/) to learn what it does and why it might be useful to you."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:7
+msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:9
+msgid "💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:11
+msgid "⚠️ **Warnings**:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:13
+msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse -> continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:15
+msgid "**Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:17
+msgid "Adjusting the playbook configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:19
+msgid "To use continuwuity, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:33
+msgid "Extending the configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:35
+msgid "There are some additional things you may wish to configure about the server."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:37
+msgid "Take a look at:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:39
+msgid "`roles/custom/matrix-continuwuity/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:40
+msgid "`roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2` for the server's default configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:42
+msgid "There are various Ansible variables that control settings in the `continuwuity.toml` file."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:44
+msgid "If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:52
+msgid "Creating the first user account"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:54
+msgid "Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:56
+msgid "If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:58
+msgid "This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:60
+msgid "The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:63
+msgid "Configuring bridges / appservices"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:65
+msgid "For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:67
+msgid "For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices#set-up-the-appservice---general-instructions) sent to the server bot account."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:69
+msgid "The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy. Your first user account would already have been invited to an admin room with this bot."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:72
+msgid "Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-continuwuity.md:74
+msgid "Then, send its content to the existing admin room:"
+msgstr ""

roles/custom/matrix-base/defaults/main.yml

@@ -81,7 +81,7 @@ matrix_monitoring_container_network: matrix-monitoring
 matrix_homeserver_enabled: true
 
 # This will contain the homeserver implementation that is in use.
-# Valid values: synapse, dendrite, conduit, conduwuit
+# Valid values: synapse, dendrite, conduit, conduwuit, continuwuity
 #
 # By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
 #

roles/custom/matrix-base/tasks/validate_config.yml

@@ -13,7 +13,7 @@
 - name: Fail if invalid homeserver implementation
   ansible.builtin.fail:
     msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
-  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit']"
+  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit', 'continuwuity']"
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:

roles/custom/matrix-continuwuity/defaults/main.yml

@@ -0,0 +1,195 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+# continuwuity is a continuation of conduwuit (https://conduwuit.puppyirl.gay/).
+# Project source code URL: https://forgejo.ellis.link/continuwuation/continuwuity/
+# See: https://continuwuity.org/
+
+matrix_continuwuity_enabled: true
+
+matrix_continuwuity_hostname: ''
+
+matrix_continuwuity_docker_image: "{{ matrix_continuwuity_docker_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_docker_image_tag }}"
+# renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/
+matrix_continuwuity_docker_image_tag: main
+matrix_continuwuity_docker_image_force_pull: "{{ matrix_continuwuity_docker_image.endswith(':latest') }}"
+matrix_continuwuity_docker_image_registry_prefix: "{{ matrix_continuwuity_docker_image_registry_prefix_upstream }}"
+matrix_continuwuity_docker_image_registry_prefix_upstream: "{{ matrix_continuwuity_docker_image_registry_prefix_upstream_default }}"
+matrix_continuwuity_docker_image_registry_prefix_upstream_default: forgejo.ellis.link
+
+matrix_continuwuity_base_path: "{{ matrix_base_data_path }}/continuwuity"
+matrix_continuwuity_config_path: "{{ matrix_continuwuity_base_path }}/config"
+matrix_continuwuity_data_path: "{{ matrix_continuwuity_base_path }}/data"
+
+matrix_continuwuity_config_port_number: 6167
+
+matrix_continuwuity_tmp_directory_size_mb: 500
+
+# List of systemd services that matrix-continuwuity.service depends on
+matrix_continuwuity_systemd_required_services_list: "{{ matrix_continuwuity_systemd_required_services_list_default + matrix_continuwuity_systemd_required_services_list_auto + matrix_continuwuity_systemd_required_services_list_custom }}"
+matrix_continuwuity_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_continuwuity_systemd_required_services_list_auto: []
+matrix_continuwuity_systemd_required_services_list_custom: []
+
+# List of systemd services that matrix-continuwuity.service wants
+matrix_continuwuity_systemd_wanted_services_list: []
+
+# Controls how long to sleep for after starting the matrix-synapse container.
+#
+# Delaying, so that the homeserver can manage to fully start and various services
+# that depend on it (`matrix_continuwuity_systemd_required_services_list` and `matrix_continuwuity_systemd_wanted_services_list`)
+# may only start after the homeserver is up and running.
+#
+# This can be set to 0 to remove the delay.
+matrix_continuwuity_systemd_service_post_start_delay_seconds: 3
+
+# The base container network. It will be auto-created by this role if it doesn't exist already.
+matrix_continuwuity_container_network: ""
+
+# A list of additional container networks that the container would be connected to.
+# The role does not create these networks, so make sure they already exist.
+# Use this to expose this container to another reverse proxy, which runs in a different container network.
+matrix_continuwuity_container_additional_networks: "{{ matrix_continuwuity_container_additional_networks_auto + matrix_continuwuity_container_additional_networks_custom }}"
+matrix_continuwuity_container_additional_networks_auto: []
+matrix_continuwuity_container_additional_networks_custom: []
+
+# matrix_continuwuity_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
+# See `../templates/labels.j2` for details.
+#
+# To inject your own other container labels, see `matrix_continuwuity_container_labels_additional_labels`.
+matrix_continuwuity_container_labels_traefik_enabled: true
+matrix_continuwuity_container_labels_traefik_docker_network: "{{ matrix_continuwuity_container_network }}"
+matrix_continuwuity_container_labels_traefik_entrypoints: web-secure
+matrix_continuwuity_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint.
+matrix_continuwuity_container_labels_public_client_root_enabled: true
+matrix_continuwuity_container_labels_public_client_root_traefik_hostname: "{{ matrix_continuwuity_hostname }}"
+matrix_continuwuity_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_continuwuity_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)"
+matrix_continuwuity_container_labels_public_client_root_traefik_priority: 0
+matrix_continuwuity_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_continuwuity_container_labels_traefik_entrypoints }}"
+matrix_continuwuity_container_labels_public_client_root_traefik_tls: "{{ matrix_continuwuity_container_labels_public_client_root_traefik_entrypoints != 'web' }}"
+matrix_continuwuity_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_continuwuity_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+matrix_continuwuity_container_labels_public_client_root_redirection_enabled: false
+matrix_continuwuity_container_labels_public_client_root_redirection_url: ""
+
+# Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint.
+matrix_continuwuity_container_labels_public_client_api_enabled: true
+matrix_continuwuity_container_labels_public_client_api_traefik_hostname: "{{ matrix_continuwuity_hostname }}"
+matrix_continuwuity_container_labels_public_client_api_traefik_path_prefix: /_matrix
+matrix_continuwuity_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_continuwuity_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_continuwuity_container_labels_public_client_api_traefik_path_prefix }}`)"
+matrix_continuwuity_container_labels_public_client_api_traefik_priority: 0
+matrix_continuwuity_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_continuwuity_container_labels_traefik_entrypoints }}"
+matrix_continuwuity_container_labels_public_client_api_traefik_tls: "{{ matrix_continuwuity_container_labels_public_client_api_traefik_entrypoints != 'web' }}"
+matrix_continuwuity_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_continuwuity_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
+# Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint.
+# This is similar to `matrix_continuwuity_container_labels_public_client_api_enabled`, but the entrypoint and intent is different.
+matrix_continuwuity_container_labels_internal_client_api_enabled: false
+matrix_continuwuity_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_continuwuity_container_labels_public_client_api_traefik_path_prefix }}"
+matrix_continuwuity_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_continuwuity_container_labels_internal_client_api_traefik_path_prefix }}`)"
+matrix_continuwuity_container_labels_internal_client_api_traefik_priority: "{{ matrix_continuwuity_container_labels_public_client_api_traefik_priority }}"
+matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints: ""
+
+# Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint.
+matrix_continuwuity_container_labels_public_federation_api_enabled: "{{ matrix_continuwuity_config_allow_federation }}"
+matrix_continuwuity_container_labels_public_federation_api_traefik_hostname: "{{ matrix_continuwuity_hostname }}"
+matrix_continuwuity_container_labels_public_federation_api_traefik_path_prefix: /_matrix
+matrix_continuwuity_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_continuwuity_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_continuwuity_container_labels_public_federation_api_traefik_path_prefix }}`)"
+matrix_continuwuity_container_labels_public_federation_api_traefik_priority: 0
+matrix_continuwuity_container_labels_public_federation_api_traefik_entrypoints: ''
+# TLS is force-enabled here, because the spec (https://spec.matrix.org/v1.9/server-server-api/#tls) says that the federation API must use HTTPS.
+matrix_continuwuity_container_labels_public_federation_api_traefik_tls: true
+matrix_continuwuity_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_continuwuity_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
+# Controls whether labels will be added that expose the `/_continuwuity` path prefix on a public Traefik entrypoint.
+matrix_continuwuity_container_labels_public_continuwuity_api_enabled: true
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_hostname: "{{ matrix_continuwuity_hostname }}"
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_path_prefix: /_continuwuity
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_rule: "Host(`{{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_path_prefix }}`)"
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_priority: 0
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_entrypoints: "{{ matrix_continuwuity_container_labels_traefik_entrypoints }}"
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_tls: "{{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_entrypoints != 'web' }}"
+matrix_continuwuity_container_labels_public_continuwuity_api_traefik_tls_certResolver: "{{ matrix_continuwuity_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
+# matrix_continuwuity_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_continuwuity_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_continuwuity_container_labels_additional_labels: ''
+
+# Extra arguments for the Docker container
+matrix_continuwuity_container_extra_arguments: []
+
+# Specifies which template files to use when configuring continuwuity.
+# If you'd like to have your own different configuration, feel free to copy and paste
+# the original files into your inventory (e.g. in `inventory/host_vars/matrix.example.com/`)
+# and then change the specific host's `vars.yml` file like this:
+# matrix_continuwuity_template_continuwuity_config: "{{ playbook_dir }}/inventory/host_vars/matrix.example.com/continuwuity.toml.j2"
+matrix_continuwuity_template_continuwuity_config: "{{ role_path }}/templates/continuwuity.toml.j2"
+
+# Max size for uploads, in bytes
+matrix_continuwuity_config_server_name: "{{ matrix_domain }}"
+
+# Max size for uploads, in bytes
+matrix_continuwuity_config_max_request_size: 20_000_000
+
+# Enables registration. If set to false, no users can register on this server.
+matrix_continuwuity_config_allow_registration: false
+
+# Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting.
+# This is only used when `matrix_continuwuity_config_allow_registration` is set to true and no registration token is configured.
+matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false
+
+# Controls the `registration_token` setting.
+# When registration is enabled (`matrix_continuwuity_config_allow_registration`) you:
+# - either need to set a token to protect registration from abuse
+# - or you need to enable the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting
+#   (see `matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`),
+#   to allow registration without any form of 2nd-step.
+matrix_continuwuity_config_registration_token: ''
+
+# Controls the `new_user_displayname_suffix` setting.
+# This is the suffix that will be added to the displayname of new users.
+# Upstream defaults this to "🏳️‍⚧️", but we keep this consistent across all homeserver implementations and do not enable a suffix.
+matrix_continuwuity_config_new_user_displayname_suffix: ""
+
+# Controls the `allow_check_for_updates` setting.
+matrix_continuwuity_config_allow_check_for_updates: false
+
+# Controls the `emergency_password` setting.
+matrix_continuwuity_config_emergency_password: ''
+
+# Controls the `allow_federation` setting.
+matrix_continuwuity_config_allow_federation: true
+
+matrix_continuwuity_trusted_servers:
+ - "matrix.org"
+
+matrix_continuwuity_config_log: "info,state_res=warn,rocket=off,_=off,sled=off"
+
+# TURN integration.
+# See: https://continuwuity.org/turn
+matrix_continuwuity_config_turn_uris: []
+matrix_continuwuity_config_turn_secret: ''
+matrix_continuwuity_config_turn_username: ''
+matrix_continuwuity_config_turn_password: ''
+
+# Controls whether the self-check feature should validate SSL certificates.
+matrix_continuwuity_self_check_validate_certificates: true
+
+# Additional environment variables to pass to the container.
+#
+# Environment variables take priority over settings in the configuration file.
+#
+# Example:
+# matrix_continuwuity_environment_variables_extension: |
+#   continuwuity_MAX_REQUEST_SIZE=50000000
+#   continuwuity_REQUEST_TIMEOUT=60
+matrix_continuwuity_environment_variables_extension: ''

roles/custom/matrix-continuwuity/tasks/install.yml

@@ -0,0 +1,64 @@
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Ensure continuwuity config path exists
+  ansible.builtin.file:
+    path: "{{ matrix_continuwuity_config_path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure continuwuity data path exists
+  ansible.builtin.file:
+    path: "{{ matrix_continuwuity_data_path }}"
+    state: directory
+    mode: 0770
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure continuwuity configuration installed
+  ansible.builtin.template:
+    src: "{{ matrix_continuwuity_template_continuwuity_config }}"
+    dest: "{{ matrix_continuwuity_config_path }}/continuwuity.toml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure continuwuity support files installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_continuwuity_base_path }}/{{ item }}"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - labels
+    - env
+
+- name: Ensure continuwuity container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_continuwuity_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure continuwuity container image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_continuwuity_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_continuwuity_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_continuwuity_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure matrix-continuwuity.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-continuwuity.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
+    mode: 0644

roles/custom/matrix-continuwuity/tasks/main.yml

@@ -0,0 +1,40 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- tags:
+    - setup-all
+    - setup-continuwuity
+    - install-all
+    - install-continuwuity
+  block:
+    - when: matrix_continuwuity_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_continuwuity_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
+
+- tags:
+    - setup-all
+    - setup-continuwuity
+  block:
+    - when: not matrix_continuwuity_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
+
+- tags:
+    - self-check
+  block:
+    - when: matrix_continuwuity_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
+
+    - when: matrix_continuwuity_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
+
+- tags:
+    - migrate-conduwuit
+  block:
+    - when: matrix_continuwuity_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_from_conduwuit.yml"

roles/custom/matrix-continuwuity/tasks/migrate_from_conduwuit.yml

@@ -0,0 +1,65 @@
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+# This migrates the conduwuit server implementation (`/matrix/conduwuit`) to continuwuity (`/matrix/continuwuity`),
+#
+# Here, we merely backup the fresh continuwuity folder, relocate conduwuit directory to continuwuity (`/matrix/conduwuit`)
+#
+# and restore continuwuity labels.
+
+- name: Check existence of conduwuit directory
+  ansible.builtin.stat:
+    path: "{{ matrix_base_data_path }}/conduwuit"
+  register: matrix_conduwuit_directory_stat
+
+- name: Check existence of continuwuity directory
+  ansible.builtin.stat:
+    path: "{{ matrix_base_data_path }}/continuwuity"
+  register: matrix_continuwuity_directory_stat
+
+- when: >
+        matrix_conduwuit_directory_stat.stat.exists | bool and
+        matrix_continuwuity_directory_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-continuwuity.service systemd service is stopped
+      ansible.builtin.systemd:
+        name: matrix-continuwuity
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure continuwuity directory is backed up
+      ansible.builtin.command:
+        cmd: "mv {{ matrix_base_data_path }}/continuwuity {{ matrix_base_data_path }}/continuwuity_old"
+        creates: "{{ matrix_base_data_path }}/continuwuity_old"
+        removes: "{{ matrix_base_data_path }}/continuwuity"
+
+    - name: Ensure conduwuit directory contents are copied to continuwuity
+      ansible.builtin.copy:
+        src: "{{ matrix_base_data_path }}/conduwuit/"
+        dest: "{{ matrix_base_data_path }}/continuwuity"
+        remote_src: true
+        mode: preserve
+
+    - name: Ensure conduwuit.toml file is renamed
+      ansible.builtin.command:
+        cmd: "mv {{ matrix_base_data_path }}/continuwuity/config/conduwuit.toml {{ matrix_base_data_path }}/continuwuity/config/continuwuity.toml"
+        removes: "{{ matrix_base_data_path }}/continuwuity/config/conduwuit.toml"
+
+    - name: Ensure continuwuity labels are restored
+      ansible.builtin.copy:
+        src: "{{ matrix_base_data_path }}/continuwuity_old/labels"
+        dest: "{{ matrix_base_data_path }}/continuwuity/labels"
+        remote_src: true
+        force: true
+        mode: preserve
+
+    - name: Ensure matrix-continuwuity.service systemd service is started
+      ansible.builtin.systemd:
+        name: matrix-continuwuity
+        state: started
+        enabled: true
+        daemon_reload: true

roles/custom/matrix-continuwuity/tasks/self_check_client_api.yml

@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check Matrix Client API
+  ansible.builtin.uri:
+    url: "{{ matrix_continuwuity_client_api_url_endpoint_public }}"
+    follow_redirects: none
+    validate_certs: "{{ matrix_continuwuity_self_check_validate_certificates }}"
+  register: result_matrix_continuwuity_client_api
+  ignore_errors: true
+  check_mode: false
+  when: matrix_continuwuity_enabled | bool
+  delegate_to: 127.0.0.1
+  become: false
+
+- name: Fail if Matrix Client API not working
+  ansible.builtin.fail:
+    msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_continuwuity_client_api_url_endpoint_public }}`). Is continuwuity running? Is port 443 open in your firewall? Full error: {{ result_matrix_continuwuity_client_api }}"
+  when: "matrix_continuwuity_enabled | bool and (result_matrix_continuwuity_client_api.failed or 'json' not in result_matrix_continuwuity_client_api)"
+
+- name: Report working Matrix Client API
+  ansible.builtin.debug:
+    msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_continuwuity_client_api_url_endpoint_public }}`) is working"
+  when: matrix_continuwuity_enabled | bool

roles/custom/matrix-continuwuity/tasks/self_check_federation_api.yml

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check Matrix Federation API
+  ansible.builtin.uri:
+    url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
+    follow_redirects: none
+    validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
+  register: result_matrix_synapse_federation_api
+  ignore_errors: true
+  check_mode: false
+  when: matrix_synapse_enabled | bool
+  delegate_to: 127.0.0.1
+  become: false
+
+- name: Fail if Matrix Federation API not working
+  ansible.builtin.fail:
+    msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
+  when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
+
+- name: Fail if Matrix Federation API unexpectedly enabled
+  ansible.builtin.fail:
+    msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled."
+  when: "matrix_synapse_enabled | bool and not matrix_synapse_federation_enabled | bool and not result_matrix_synapse_federation_api.failed"
+
+- name: Report working Matrix Federation API
+  ansible.builtin.debug:
+    msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
+  when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool"

roles/custom/matrix-continuwuity/tasks/setup_install.yml

@@ -0,0 +1,63 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Ensure continuwuity config path exists
+  ansible.builtin.file:
+    path: "{{ matrix_continuwuity_config_path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure continuwuity data path exists
+  ansible.builtin.file:
+    path: "{{ matrix_continuwuity_data_path }}"
+    state: directory
+    mode: 0770
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure continuwuity configuration installed
+  ansible.builtin.template:
+    src: "{{ matrix_continuwuity_template_continuwuity_config }}"
+    dest: "{{ matrix_continuwuity_config_path }}/continuwuity.toml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure continuwuity support files installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_continuwuity_base_path }}/{{ item }}"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - labels
+
+- name: Ensure continuwuity container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_continuwuity_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure continuwuity container image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_continuwuity_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_continuwuity_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_continuwuity_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure matrix-continuwuity.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-continuwuity.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
+    mode: 0644

roles/custom/matrix-continuwuity/tasks/setup_uninstall.yml

@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of matrix-continuwuity service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
+  register: matrix_continuwuity_service_stat
+
+- when: matrix_continuwuity_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-continuwuity is stopped
+      ansible.builtin.systemd:
+        name: matrix-continuwuity
+        state: stopped
+        daemon_reload: true
+
+    - name: Ensure matrix-continuwuity.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
+        state: absent

roles/custom/matrix-continuwuity/tasks/uninstall.yml

@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of matrix-continuwuity service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
+  register: matrix_continuwuity_service_stat
+
+- when: matrix_continuwuity_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-continuwuity is stopped
+      ansible.builtin.systemd:
+        name: matrix-continuwuity
+        state: stopped
+        daemon_reload: true
+
+    - name: Ensure matrix-continuwuity.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
+        state: absent

roles/custom/matrix-continuwuity/tasks/validate_config.yml

@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Fail if required continuwuity settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
+  with_items:
+    - {'name': 'matrix_continuwuity_hostname', when: true}
+    - {'name': 'matrix_continuwuity_container_network', when: true}
+    - {'name': 'matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_continuwuity_container_labels_internal_client_api_enabled }}"}

roles/custom/matrix-continuwuity/templates/env.j2

@@ -0,0 +1 @@
+{{ matrix_continuwuity_environment_variables_extension }}

roles/custom/matrix-continuwuity/templates/env.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-continuwuity/templates/labels.j2

@@ -0,0 +1,173 @@
+{#
+SPDX-FileCopyrightText: 2025 MDAD project contributors
+SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if matrix_continuwuity_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_continuwuity_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_continuwuity_container_labels_traefik_docker_network }}
+{% endif %}
+
+traefik.http.services.matrix-continuwuity.loadbalancer.server.port={{ matrix_continuwuity_config_port_number }}
+
+
+{% if matrix_continuwuity_container_labels_public_client_root_enabled %}
+############################################################
+#                                                          #
+# Public Root path (/)                                     #
+#                                                          #
+############################################################
+
+{% set client_root_middlewares = [] %}
+
+{% if matrix_continuwuity_container_labels_public_client_root_redirection_enabled %}
+{% set client_root_middlewares = client_root_middlewares + ['matrix-continuwuity-client-root-redirect'] %}
+traefik.http.middlewares.matrix-continuwuity-client-root-redirect.redirectregex.regex=(.*)
+traefik.http.middlewares.matrix-continuwuity-client-root-redirect.redirectregex.replacement={{ matrix_continuwuity_container_labels_public_client_root_redirection_url }}
+{% endif %}
+
+traefik.http.routers.matrix-continuwuity-public-client-root.rule={{ matrix_continuwuity_container_labels_public_client_root_traefik_rule }}
+
+traefik.http.routers.matrix-continuwuity-public-client-root.middlewares={{ client_root_middlewares | join(',') }}
+
+{% if matrix_continuwuity_container_labels_public_client_root_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-continuwuity-public-client-root.priority={{ matrix_continuwuity_container_labels_public_client_root_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-continuwuity-public-client-root.service=matrix-continuwuity
+traefik.http.routers.matrix-continuwuity-public-client-root.entrypoints={{ matrix_continuwuity_container_labels_public_client_root_traefik_entrypoints }}
+traefik.http.routers.matrix-continuwuity-public-client-root.tls={{ matrix_continuwuity_container_labels_public_client_root_traefik_tls | to_json }}
+
+{% if matrix_continuwuity_container_labels_public_client_root_traefik_tls %}
+traefik.http.routers.matrix-continuwuity-public-client-root.tls.certResolver={{ matrix_continuwuity_container_labels_public_client_root_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Public Root path (/)                                    #
+#                                                          #
+############################################################
+{% endif %}
+
+
+{% if matrix_continuwuity_container_labels_public_client_api_enabled %}
+############################################################
+#                                                          #
+# Public Client-API (/_matrix)                             #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-continuwuity-public-client-api.rule={{ matrix_continuwuity_container_labels_public_client_api_traefik_rule }}
+
+{% if matrix_continuwuity_container_labels_public_client_api_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-continuwuity-public-client-api.priority={{ matrix_continuwuity_container_labels_public_client_api_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-continuwuity-public-client-api.service=matrix-continuwuity
+traefik.http.routers.matrix-continuwuity-public-client-api.entrypoints={{ matrix_continuwuity_container_labels_public_client_api_traefik_entrypoints }}
+
+traefik.http.routers.matrix-continuwuity-public-client-api.tls={{ matrix_continuwuity_container_labels_public_client_api_traefik_tls | to_json }}
+{% if matrix_continuwuity_container_labels_public_client_api_traefik_tls %}
+traefik.http.routers.matrix-continuwuity-public-client-api.tls.certResolver={{ matrix_continuwuity_container_labels_public_client_api_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Public Client-API (/_matrix)                            #
+#                                                          #
+############################################################
+{% endif %}
+
+
+{% if matrix_continuwuity_container_labels_internal_client_api_enabled %}
+############################################################
+#                                                          #
+# Internal Client-API (/_matrix)                           #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-continuwuity-internal-client-api.rule={{ matrix_continuwuity_container_labels_internal_client_api_traefik_rule }}
+
+{% if matrix_continuwuity_container_labels_internal_client_api_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-continuwuity-internal-client-api.priority={{ matrix_continuwuity_container_labels_internal_client_api_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-continuwuity-internal-client-api.service=matrix-continuwuity
+traefik.http.routers.matrix-continuwuity-internal-client-api.entrypoints={{ matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints }}
+
+############################################################
+#                                                          #
+# /Internal Client-API (/_matrix)                          #
+#                                                          #
+############################################################
+{% endif %}
+
+
+{% if matrix_continuwuity_container_labels_public_federation_api_enabled %}
+############################################################
+#                                                          #
+# Public Federation-API (/_matrix)                         #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-continuwuity-public-federation-api.rule={{ matrix_continuwuity_container_labels_public_federation_api_traefik_rule }}
+
+{% if matrix_continuwuity_container_labels_public_federation_api_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-continuwuity-public-federation-api.priority={{ matrix_continuwuity_container_labels_public_federation_api_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-continuwuity-public-federation-api.service=matrix-continuwuity
+traefik.http.routers.matrix-continuwuity-public-federation-api.entrypoints={{ matrix_continuwuity_container_labels_public_federation_api_traefik_entrypoints }}
+
+traefik.http.routers.matrix-continuwuity-public-federation-api.tls={{ matrix_continuwuity_container_labels_public_federation_api_traefik_tls | to_json }}
+{% if matrix_continuwuity_container_labels_public_federation_api_traefik_tls %}
+traefik.http.routers.matrix-continuwuity-public-federation-api.tls.certResolver={{ matrix_continuwuity_container_labels_public_federation_api_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Public Federation-API (/_matrix)                        #
+#                                                          #
+############################################################
+{% endif %}
+
+
+
+
+{% if matrix_continuwuity_container_labels_public_continuwuity_api_enabled %}
+############################################################
+#                                                          #
+# Public continuwuity-API (/_continuwuity)                       #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-continuwuity-public-continuwuity-api.rule={{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_rule }}
+
+{% if matrix_continuwuity_container_labels_public_continuwuity_api_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-continuwuity-public-continuwuity-api.priority={{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-continuwuity-public-continuwuity-api.service=matrix-continuwuity
+traefik.http.routers.matrix-continuwuity-public-continuwuity-api.entrypoints={{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_entrypoints }}
+
+traefik.http.routers.matrix-continuwuity-public-continuwuity-api.tls={{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_tls | to_json }}
+{% if matrix_continuwuity_container_labels_public_continuwuity_api_traefik_tls %}
+traefik.http.routers.matrix-continuwuity-public-continuwuity-api.tls.certResolver={{ matrix_continuwuity_container_labels_public_continuwuity_api_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Public continuwuity-API (/_continuwuity)                      #
+#                                                          #
+############################################################
+{% endif %}
+
+
+{% endif %}
+
+{{ matrix_continuwuity_container_labels_additional_labels }}

roles/custom/matrix-continuwuity/templates/systemd/matrix-continuwuity.service.j2

@@ -0,0 +1,51 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=continuwuity Matrix homeserver
+{% for service in matrix_continuwuity_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-continuwuity 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-continuwuity 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-continuwuity \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_continuwuity_tmp_directory_size_mb }}m \
+			--network={{ matrix_continuwuity_container_network }} \
+			--env continuwuity_CONFIG=/etc/continuwuity/continuwuity.toml \
+			--label-file={{ matrix_continuwuity_base_path }}/labels \
+			--mount type=bind,src={{ matrix_continuwuity_data_path }},dst=/var/lib/continuwuity \
+			--mount type=bind,src={{ matrix_continuwuity_config_path }},dst=/etc/continuwuity,ro \
+			{% for arg in matrix_continuwuity_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_continuwuity_docker_image }}
+
+{% for network in matrix_continuwuity_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-continuwuity
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-continuwuity
+
+{% if matrix_continuwuity_systemd_service_post_start_delay_seconds != 0 %}
+ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_continuwuity_systemd_service_post_start_delay_seconds }}
+{% endif %}
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-continuwuity 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-continuwuity 2>/dev/null || true'
+ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-continuwuity /bin/sh -c 'kill -HUP 1'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-continuwuity
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-continuwuity/templates/systemd/matrix-continuwuity.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2025 MDAD project contributors
+SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-continuwuity/vars/main.yml

@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+matrix_continuwuity_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_continuwuity_hostname }}/_matrix/client/versions"
+matrix_continuwuity_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_continuwuity_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"

roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_continuwuity.yml

@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Ensure continuwuity user registered - {{ user.username | quote }}
+  ansible.builtin.debug:
+    msg: "Not registering user. To register continuwuity users, message the continuwuity bot"

setup.yml

@@ -105,6 +105,7 @@
     - custom/matrix-dendrite
     - custom/matrix-conduit
     - custom/matrix-conduwuit
+    - custom/matrix-continuwuity
     - custom/matrix-synapse-admin
     - custom/matrix-synapse-usage-exporter
     - galaxy/prometheus_node_exporter