Add Matrix/Conduit prerequisites documentation (#183)

2026-04-05 00:05:25 +00:00
parent 45ee2c6e2e
commit 7172d26547
1 changed files with 95 additions and 0 deletions
--- a/infra/matrix/prerequisites.md
+++ b/infra/matrix/prerequisites.md
@@ -0,0 +1,95 @@
+# Matrix/Conduit Prerequisites
+
+> Issue: [#183](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/183)
+
+## Target Host Requirements
+
+### Option A: Deploy on Hermes VPS (143.198.27.163)
+- **Pros**: Existing infrastructure, Ezra home territory
+- **Cons**: Already hosting multiple wizards, resource contention
+- **Ports available**: Need to verify 443, 8448 free or proxyable
+
+### Option B: Deploy on Allegro (167.99.126.228)
+- **Pros**: Separate host from Hermes, already has Nostr relay
+- **Cons**: Allegro-Primus runs there; check resource headroom
+
+### Option C: New VPS
+- **Pros**: Clean slate, dedicated resources
+- **Cons**: Additional cost, new maintenance surface
+
+### Recommended: Option A (Hermes) or dedicated lightweight VPS
+
+---
+
+## Required Ports
+
+| Port | Protocol | Purpose | Visibility |
+|------|----------|---------|------------|
+| 443 | TCP | Client HTTPS (Caddy/Nginx → Conduit) | Public |
+| 8448 | TCP | Server-to-server federation | Public |
+| 6167 | TCP | Conduit internal (localhost only) | Localhost |
+| 80 | TCP | ACME HTTP challenge (redirects to 443) | Public |
+
+## DNS Requirements
+
+```
+# A record
+matrix.timmy.foundation.    A    <SERVER_IP>
+
+# Optional: subdomains for federation delegation
+_timatrix._tcp.timmy.foundation.  SRV  10 0 8448 matrix.timmy.foundation.
+```
+
+## Host Software
+
+```bash
+# Docker + Compose (required)
+docker --version  # >= 24.0
+docker compose version  # >= 2.20
+
+# Or install if missing:
+curl -fsSL https://get.docker.com | sh
+```
+
+## Reverse Proxy (choose one)
+
+### Option 1: Caddy (recommended for automatic TLS)
+```bash
+apt install caddy  # or use official repo
+```
+
+### Option 2: Nginx (if already deployed)
+```bash
+apt install nginx certbot python3-certbot-nginx
+```
+
+## TLS Certificate Requirements
+
+- Valid domain pointing to server IP
+- Port 80 open for ACME challenge (HTTP-01)
+- Or: DNS challenge for wildcard/internal domains
+
+## Storage
+
+| Component | Minimum | Recommended |
+|-----------|---------|-------------|
+| Conduit DB | 5 GB | 20 GB |
+| Media uploads | 10 GB | 50 GB+ |
+| Logs | 2 GB | 5 GB |
+
+## Missing Prerequisites (Blocking)
+
+1. [ ] **Target host selected** — Hermes vs Allegro vs new
+2. [ ] **Domain/subdomain assigned** — matrix.timmy.foundation?
+3. [ ] **DNS A record created** — pointing to target host
+4. [ ] **Ports verified open** — 443, 8448 on target host
+5. [ ] **Reverse proxy decision** — Caddy vs Nginx
+6. [ ] **SSL strategy confirmed** — Let's Encrypt via proxy
+
+## Next Steps After Prerequisites
+
+1. Fill in `conduit.toml` with actual domain
+2. Put admin registration secret in `.env`
+3. Run `./deploy-matrix.sh`
+4. Create first admin account
+5. Create fleet rooms