diff --git a/README.md b/README.md
index 5fada48..97bcd73 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Roles for deploying matrix infrastructure using ansible.
 ## Roles
 
 - [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client
+- [`conduwuit`](roles/conduwuit/README.md): [conduwuit](https://conduwuit.puppyirl.gay/), a uwu fork of conduit
 - [`element`](roles/element/README.md): [Element](https://element.io/) Web Client
 - [`hydrogen`](roles/hydrogen/README.md): [Hydrogen](https://matrix.org/ecosystem/clients/hydrogen/) lightweight web client
 - [`synapse`](roles/synapse/README.md): [Synapse](https://github.com/element-hq/synapse/),
diff --git a/galaxy.yml b/galaxy.yml
index 8493116..271e220 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -19,3 +19,4 @@ tags:
   - element
   - hydrogen
   - cinny
+  - conduwuit
diff --git a/roles/conduwuit/README.md b/roles/conduwuit/README.md
new file mode 100644
index 0000000..803f9c1
--- /dev/null
+++ b/roles/conduwuit/README.md
@@ -0,0 +1,12 @@
+# `finallycoffee.matrix.conduwuit` ansible role
+
+Deploy [conduwuit](https://conduwuit.puppyirl.gay/), a fork of
+conduit, written in rust and using rocksdb.
+
+Please note that conduwuit is still under development.
+
+## Required configuation
+
+- `conduwuit_server_name` - domain the matrix server should be authoritative for.
+  Note that this can not be changed later!
+- `conduwuit_config_registration_token` - when `conduwuit_config_allow_registration` is `true`
diff --git a/roles/conduwuit/defaults/main/config.yml b/roles/conduwuit/defaults/main/config.yml
new file mode 100644
index 0000000..bd93a8e
--- /dev/null
+++ b/roles/conduwuit/defaults/main/config.yml
@@ -0,0 +1,26 @@
+---
+conduwuit_config_server_name: "{{ conduwuit_server_name }}"
+conduwuit_config_address: ~
+conduwuit_config_port: 8008
+conduwuit_config_unix_socket_path: "/run/conduwuit/conduwuit.sock"
+conduwuit_config_unix_socket_perms: "0660"
+conduwuit_config_database_path: "{{ conduwuit_data_path }}"
+
+conduwuit_config_allow_registration: false
+conduwuit_config_registration_token: ~
+conduwuit_config_registration_token_file: ~
+
+conduwuit_config: {}
+conduwuit_default_config:
+  server_name: "{{ conduwuit_config_server_name }}"
+  address: "{{ conduwuit_config_address }}"
+  port: "{{ conduwuit_config_port }}"
+  unix_socket_path: "{{ conduwuit_config_unix_socket_path }}"
+  unix_socket_perms: "{{ conduwuit_config_unix_socket_perms }}"
+  database_path: "{{ conduwuit_config_database_path }}"
+  allow_registration: "{{ conduwuit_config_allow_registration }}"
+  registration_token: "{{ conduwuit_config_registration_token }}"
+  registration_token_file: "{{ conduwuit_config_registration_token_file }}"
+conduwuit_merged_config: >-2
+  {{ conduwuit_default_config | default({}, true)
+     | combine(conduwuit_config | default({}, true, recursive=True) }}
diff --git a/roles/conduwuit/defaults/main/container.yml b/roles/conduwuit/defaults/main/container.yml
new file mode 100644
index 0000000..6b26f1b
--- /dev/null
+++ b/roles/conduwuit/defaults/main/container.yml
@@ -0,0 +1,44 @@
+---
+conduwuit_container_name: "conduwuit"
+conduwuit_container_image: >-2
+  {{
+    [
+      conduwuit_container_image_repository,
+      conduwuit_container_image_tag | default(conduwuit_version, true)
+    ]
+  }}
+conduwuit_container_image_registry: ghcr.io
+conduwuit_container_image_namespace: girlbossceo
+conduwuit_container_image_name: conduwuit
+conduwuit_container_image_repository: >-2
+  {{ conduwuit_container_image_registry
+  + (('/' + conduwuit_container_image_namespace)
+      if conduwuit_container_image_namespace else '')
+  + conduwuit_container_image_name }}
+conduwuit_container_image_source: pull
+conduwuit_container_image_force_source: >-2
+  {{ conduwuit_container_image_tag | bool }}
+conduwuit_container_image_tag: ~
+conduwuit_container_env:
+  CONDUWUIT_CONFIG: "{{ conduwuit_config_file }}"
+conduwuit_container_user: "{{ conduwuit_run_uid }}:{{ conduwuit_run_gid }}"
+conduwuit_container_ports: ~
+conduwuit_container_labels: ~
+conduwuit_container_ulimits: ~
+conduwuit_container_networks: ~
+conduwuit_container_dns_servers: ~
+conduwuit_container_etc_hosts: ~
+conduwuit_container_memory: ~
+conduwuit_container_memory_reversation: ~
+conduwuit_container_memory_swap: ~
+conduwuit_container_state: >-2
+  {{ (conduwuit_state == 'present') | ternary('started', 'absent') }}
+conduwuit_container_restart_policy: "on-failure"
+
+conduwuit_container_default_volumes:
+  - "{{ conduwuit_config_file }}:{{ conduwuit_config_file }}:ro"
+  - "{{ conduwuit_data_path }}:{{ conduwuit_data_path }}:z"
+conduwuit_container_volumes: ~
+conduwuit_container_all_volumes: >-2
+  {{ conduwuit_container_default_volumes | default([], true)
+    + conduwuit_container_volumes | default([], true) }}
diff --git a/roles/conduwuit/defaults/main/main.yml b/roles/conduwuit/defaults/main/main.yml
new file mode 100644
index 0000000..d5411d7
--- /dev/null
+++ b/roles/conduwuit/defaults/main/main.yml
@@ -0,0 +1,10 @@
+---
+conduwuit_user: conduwuit
+conduwuit_version: "0.4.6"
+
+conduwuit_server_name: ~
+conduwuit_config_file: "/etc/conduwuit/conduwuit.toml"
+conduwuit_data_path: "/var/lib/conduwuit"
+
+conduwuit_state: present
+conduwuit_deployment_method: docker
diff --git a/roles/conduwuit/defaults/main/user.yml b/roles/conduwuit/defaults/main/user.yml
new file mode 100644
index 0000000..5bc7595
--- /dev/null
+++ b/roles/conduwuit/defaults/main/user.yml
@@ -0,0 +1,6 @@
+---
+conduwuit_user_system: true
+conduwuit_user_create_home: false
+
+conduwuit_run_uid: "{{ conduwuit_user_info.uid | default(conduwuit_user) }}"
+conduwuit_run_gid: "{{ conduwuit_user_info.gid | default(conduwuit_user) }}"
diff --git a/roles/conduwuit/tasks/check.yml b/roles/conduwuit/tasks/check.yml
new file mode 100644
index 0000000..ed1f0ed
--- /dev/null
+++ b/roles/conduwuit/tasks/check.yml
@@ -0,0 +1,34 @@
+---
+- name: Ensure 'conduwuit_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      State '{{ conduwuit_state }}' is not known,
+      supported states are {{ conduwuit_states | join(', ') }}
+  when: conduwuit_state not in conduwuit_states
+
+- name: Ensure 'conduwuit_deployment_method' is supported
+  ansible.builtin.fail:
+    msg: >-2
+      Deployment method '{{ conduwuit_deployment_method }}'
+      is unknown! Supported methods are:
+      {{ conduwuit_deployment_methods | join(', ') }}
+  when: conduwuit_deployment_method not in conduwuit_deployment_methods
+
+- name: Ensure required variables are given
+  ansible.builtin.fail:
+    msg: "Required variable '{{ item }}' is undefined!"
+  loop: "{{ conduwuit_required_variables }}"
+  when: >-2
+    item not in hostvars[inventory_hostname]
+    or hostvars[inventory_hostname][item] | length == 0
+
+- name: Ensure conditionally required variables are given
+  ansible.builtin.fail:
+    msg: "Required variable '{{ item.name }}' is undefined!"
+  loop: "{{ conduwuit_conditionally_required_variables }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: >-2
+    item.when
+    and (item.name not in hostvars[inventory_hostname]
+        or hostvars[inventory_hostname][item.name] | length == 0)
diff --git a/roles/conduwuit/tasks/deploy-docker.yml b/roles/conduwuit/tasks/deploy-docker.yml
new file mode 100644
index 0000000..208a784
--- /dev/null
+++ b/roles/conduwuit/tasks/deploy-docker.yml
@@ -0,0 +1,26 @@
+---
+- name: Ensure container image '{{ conduwuit_container_image }}' is {{ conduwuit_state }}
+  community.docker.docker_image:
+    name: "{{ conduwuit_container_image }}"
+    state: "{{ conduwuit_state }}"
+    source: "{{ conduwuit_container_image_source }}"
+    force_source: "{{ conduwuit_container_image_force_source }}"
+
+- name: Ensure container '{{ conduwuit_container_name }}' is {{ conduwuit_container_state }}
+  community.docker.docker_container:
+    name: "{{ conduwuit_container_name }}"
+    image: "{{ conduwuit_container_image }}"
+    env: "{{ conduwuit_container_env | default(omit) }}"
+    user: "{{ conduwuit_container_user }}"
+    ports: "{{ conduwuit_container_ports | default(omit, true) }}"
+    labels: "{{ conduwuit_container_labels | default(omit, true) }}"
+    volumes: "{{ conduwuit_container_all_volumes }}"
+    ulimits: "{{ conduwuit_container_ulimits | default(omit, true) }}"
+    networks: "{{ conduwuit_container_networks | default(omit, true) }}"
+    dns_servers: "{{ conduwuit_container_dns_servers | default(omit, true) }}"
+    etc_hosts: "{{ conduwuit_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ conduwuit_container_memory | default(omit, true) }}"
+    memory_reservation: "{{ conduwuit_container_memory_reversation | default(omit, true) }}"
+    memory_swap: "{{ conduwuit_container_memory_swap | default(omit, true) }}"
+    restart_policy: "{{ conduwuit_container_restart_policy }}"
+    state: "{{ conduwuit_container_state }}"
diff --git a/roles/conduwuit/tasks/main.yml b/roles/conduwuit/tasks/main.yml
new file mode 100644
index 0000000..96a469b
--- /dev/null
+++ b/roles/conduwuit/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Check preconditions
+  ansible.builtin.include_tasks:
+    file: check.yml
+
+- name: Ensure conduwuit user '{{ conduwuit_user }}' is {{ conduwuit_state }}
+  ansible.builtin.user:
+    name: "{{ conduwuit_user }}"
+    state: "{{ conduwuit_state }}"
+    system: "{{ conduwuit_user_system | default(true) }}"
+    create_home: "{{ conduwuit_user_create_home | default(false) }}"
+  register: conduwuit_user_info
+
+- name: Ensure config directory exists
+  ansible.builtin.file:
+    path: "{{ conduwuit_config_file | dirname }}"
+    state: "{{ (conduwuit_state == 'present') | state('directory', 'absent') }}"
+    owner: "{{ conduwuit_run_uid }}"
+    group: "{{ conduwuit_run_gid }}"
+    mode: "0750"
+
+- name: Template config file '{{ conduwuit_config_file }}'
+  ansible.builtin.template:
+    src: "conduwuit.toml.j2"
+    dest: "{{ conduwuit_config_file }}"
+    owner: "{{ conduwuit_run_uid }}"
+    group: "{{ conduwuit_run_gid }}"
+    mode: "0640"
+  when: conduwuit_state == 'present'
+
+- name: Ensure data directory '{{ conduwuit_data_path }}' is {{ conduwuit_state }}
+  ansible.builtin.file:
+    path: "{{ conduwuit_data_path }}"
+    state: "{{ (conduwuit_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ conduwuit_run_uid }}"
+    group: "{{ conduwuit_run_gid }}"
+    mode: "0750"
+
+- name: Ensure deployment using {{ conduwuit_deployment_method }} runs
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ conduwuit_deployment_method }}"
diff --git a/roles/conduwuit/templates/conduwuit.toml.j2 b/roles/conduwuit/templates/conduwuit.toml.j2
new file mode 100644
index 0000000..6fb6d58
--- /dev/null
+++ b/roles/conduwuit/templates/conduwuit.toml.j2
@@ -0,0 +1,4 @@
+[global]
+{% for item in conduwuit_merged_config.global | dict2items %}
+{{ item.key }}={{ item.value }}
+{% endfor %}
diff --git a/roles/conduwuit/vars/main.yml b/roles/conduwuit/vars/main.yml
new file mode 100644
index 0000000..53f3796
--- /dev/null
+++ b/roles/conduwuit/vars/main.yml
@@ -0,0 +1,15 @@
+---
+conduwuit_states:
+  - "present"
+  - "absent"
+conduwuit_deployment_methods:
+  - "docker"
+
+conduwuit_required_variables:
+  - "conduwuit_server_name"
+
+conduwuit_conditionally_required_variables:
+  - name: "conduwuit_config_registration_token"
+    when: >-2
+      {{ conduwuit_config_allow_registration and
+        not (conduwuit_config_registration_token_file | str | length > 0) }}