diff --git a/infra/matrix/prerequisites.md b/infra/matrix/prerequisites.md new file mode 100644 index 00000000..a9fcb95b --- /dev/null +++ b/infra/matrix/prerequisites.md @@ -0,0 +1,95 @@ +# Matrix/Conduit Prerequisites + +> Issue: [#183](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/183) + +## Target Host Requirements + +### Option A: Deploy on Hermes VPS (143.198.27.163) +- **Pros**: Existing infrastructure, Ezra home territory +- **Cons**: Already hosting multiple wizards, resource contention +- **Ports available**: Need to verify 443, 8448 free or proxyable + +### Option B: Deploy on Allegro (167.99.126.228) +- **Pros**: Separate host from Hermes, already has Nostr relay +- **Cons**: Allegro-Primus runs there; check resource headroom + +### Option C: New VPS +- **Pros**: Clean slate, dedicated resources +- **Cons**: Additional cost, new maintenance surface + +### Recommended: Option A (Hermes) or dedicated lightweight VPS + +--- + +## Required Ports + +| Port | Protocol | Purpose | Visibility | +|------|----------|---------|------------| +| 443 | TCP | Client HTTPS (Caddy/Nginx → Conduit) | Public | +| 8448 | TCP | Server-to-server federation | Public | +| 6167 | TCP | Conduit internal (localhost only) | Localhost | +| 80 | TCP | ACME HTTP challenge (redirects to 443) | Public | + +## DNS Requirements + +``` +# A record +matrix.timmy.foundation. A + +# Optional: subdomains for federation delegation +_timatrix._tcp.timmy.foundation. SRV 10 0 8448 matrix.timmy.foundation. +``` + +## Host Software + +```bash +# Docker + Compose (required) +docker --version # >= 24.0 +docker compose version # >= 2.20 + +# Or install if missing: +curl -fsSL https://get.docker.com | sh +``` + +## Reverse Proxy (choose one) + +### Option 1: Caddy (recommended for automatic TLS) +```bash +apt install caddy # or use official repo +``` + +### Option 2: Nginx (if already deployed) +```bash +apt install nginx certbot python3-certbot-nginx +``` + +## TLS Certificate Requirements + +- Valid domain pointing to server IP +- Port 80 open for ACME challenge (HTTP-01) +- Or: DNS challenge for wildcard/internal domains + +## Storage + +| Component | Minimum | Recommended | +|-----------|---------|-------------| +| Conduit DB | 5 GB | 20 GB | +| Media uploads | 10 GB | 50 GB+ | +| Logs | 2 GB | 5 GB | + +## Missing Prerequisites (Blocking) + +1. [ ] **Target host selected** — Hermes vs Allegro vs new +2. [ ] **Domain/subdomain assigned** — matrix.timmy.foundation? +3. [ ] **DNS A record created** — pointing to target host +4. [ ] **Ports verified open** — 443, 8448 on target host +5. [ ] **Reverse proxy decision** — Caddy vs Nginx +6. [ ] **SSL strategy confirmed** — Let's Encrypt via proxy + +## Next Steps After Prerequisites + +1. Fill in `conduit.toml` with actual domain +2. Put admin registration secret in `.env` +3. Run `./deploy-matrix.sh` +4. Create first admin account +5. Create fleet rooms