From 7872adb5a3a26d9eb1a594e684b68abe89108845 Mon Sep 17 00:00:00 2001
From: Ezra <ezra@hermes.local>
Date: Sun, 5 Apr 2026 06:10:57 +0000
Subject: [PATCH] [scaffold] Add Matrix/Conduit deployment:
 deploy/matrix/scripts/bootstrap.sh

---
 deploy/matrix/scripts/bootstrap.sh | 46 ++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 deploy/matrix/scripts/bootstrap.sh

diff --git a/deploy/matrix/scripts/bootstrap.sh b/deploy/matrix/scripts/bootstrap.sh
new file mode 100644
index 00000000..0a1c8449
--- /dev/null
+++ b/deploy/matrix/scripts/bootstrap.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+set -euo pipefail
+
+MATRIX_SERVER_NAME=${1:-"fleet.example.com"}
+ADMIN_USER=${2:-"admin"}
+BOT_USERS=("bilbo" "ezra" "allegro" "bezalel" "gemini" "timmy")
+
+echo "=== Fleet Matrix Bootstrap ==="
+echo "Server: $MATRIX_SERVER_NAME"
+
+REG_TOKEN=$(openssl rand -hex 32)
+echo "$REG_TOKEN" > .registration_token
+
+cat > docker-compose.override.yml << EOF
+version: "3.8"
+services:
+  conduit:
+    environment:
+      CONDUIT_SERVER_NAME: $MATRIX_SERVER_NAME
+      CONDUIT_REGISTRATION_TOKEN: $REG_TOKEN
+EOF
+
+ADMIN_PW=$(openssl rand -base64 24)
+cat > admin-register.json << EOF
+{"username": "$ADMIN_USER", "password": "$ADMIN_PW", "admin": true}
+EOF
+
+mkdir -p bot-tokens
+for bot in "${BOT_USERS[@]}"; do
+    BOT_PW=$(openssl rand -base64 24)
+    echo "{"username": "$bot", "password": "$BOT_PW"}" > "bot-tokens/${bot}.json"
+done
+
+cat > room-topology.yaml << 'EOF'
+spaces:
+  fleet-command:
+    name: "Fleet Command"
+    rooms:
+      - {name: "📢 Announcements", encrypted: false}
+      - {name: "⚡ Operations", encrypted: true}
+      - {name: "🔮 Intelligence", encrypted: true}
+      - {name: "🛠️ Infrastructure", encrypted: true}
+EOF
+
+echo "Bootstrap complete. Check admin-password.txt and bot-tokens/"
+echo "Admin password: $ADMIN_PW"