diff --git a/infra/matrix/GONOGO_CHECKLIST.md b/infra/matrix/GONOGO_CHECKLIST.md new file mode 100644 index 00000000..031c2e44 --- /dev/null +++ b/infra/matrix/GONOGO_CHECKLIST.md @@ -0,0 +1,125 @@ +# Matrix/Conduit Deployment Go/No-Go Checklist + +> **Issue**: [#166](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/166) — Stand up Matrix/Conduit +> **Blocker**: [#187](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/187) — Host / Domain / Proxy Decisions +> **Created**: 2026-04-05 by Ezra (burn mode) +> **Purpose**: Convert #187 decisions into executable deployment steps. No ambiguity. No re-litigation. + +--- + +## Current State + +| Component | Status | Evidence | +|-----------|--------|----------| +| Deployment scaffold | ✅ Complete | [`infra/matrix/`](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/src/branch/main/infra/matrix) (15 files) | +| Host readiness script | ✅ Complete | `infra/matrix/host-readiness-check.sh` | +| Operator runbook | ✅ Complete | `docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md` | +| Execution checklist | ✅ Complete | This file | +| **Host selected** | ⚠️ **BLOCKED** | Pending #187 | +| **Domain/subdomain chosen** | ⚠️ **BLOCKED** | Pending #187 | +| **Reverse proxy chosen** | ⚠️ **BLOCKED** | Pending #187 | +| **Live deployment** | ⚠️ **BLOCKED** | Waiting on above | + +--- + +## Decision Gate 1: Target Host + +**Question**: On which machine will Conduit run? + +### Options +| Host | IP / Access | Pros | Cons | +|------|-------------|------|------| +| Hermes VPS (Bezalel/Ezra) | 143.198.27.163 | Existing infra, trusted | Already busy | +| Allegro TestBed | 167.99.126.228 | Dedicated, relay already there | Non-prod reputation | +| New droplet | TBD | Clean slate, proper sizing | Cost + provisioning time | + +**Decision needed from #187**: Pick one host. + +**After decision**: Update `infra/matrix/.env` → `MATRIX_HOST` and `infra/matrix/conduit.toml` → `server_name`. + +--- + +## Decision Gate 2: Domain / Subdomain + +**Question**: What is the public Matrix server name? + +### Options +| Domain | DNS Owner | TLS Ready? | Note | +|--------|-----------|------------|------| +| `matrix.alexanderwhitestone.com` | Alexander | Yes (via main domain) | Clean, semantic | +| `chat.alexanderwhitestone.com` | Alexander | Yes | Shorter | +| `timmy.alexanderwhitestone.com` | Alexander | Yes | Brand-aligned | + +**Decision needed from #187**: Pick one subdomain. + +**After decision**: Update `infra/matrix/conduit.toml` → `server_name`, update `deploy-matrix.sh` → DNS validation, obtain TLS cert. + +--- + +## Decision Gate 3: Reverse Proxy & TLS + +**Question**: How do clients reach Conduit over HTTPS? + +### Options +| Proxy | TLS Source | Config Location | Best For | +|-------|------------|-----------------|----------| +| Caddy | Automatic (Let's Encrypt) | `infra/matrix/caddy/Caddyfile` | Simplicity, auto-TLS | +| Nginx | Manual certbot | New file: `infra/matrix/nginx/` | Existing nginx expertise | +| Traefik | Automatic | New file: `infra/matrix/traefik/` | Docker-native stacks | + +**Decision needed from #187**: Pick one proxy strategy. + +**After decision**: Copy the chosen proxy config into place, update `docker-compose.yml` port bindings, run `./host-readiness-check.sh`. + +--- + +## Post-Decision Execution Script + +Once #187 closes with the three decisions above, execute in this exact order: + +```bash +# 1. SSH into chosen host +ssh user@ + +# 2. Clone / enter timmy-config +cd /opt/timmy-config # or wherever fleet repos live + +# 3. Pre-flight check +cd infra/matrix +./host-readiness-check.sh +# Fix any RED items before continuing. + +# 4. Edit secrets +cp .env.example .env +# Fill: MATRIX_HOST, POSTGRES_PASSWORD, CONDUIT_REGISTRATION_TOKEN + +# 5. Edit Conduit config +# Update server_name in conduit.toml to match DOMAIN_FROM_187 + +# 6. Deploy +./deploy-matrix.sh + +# 7. Verify +# - Element Web loads at https:///_matrix/static/ +# - Federation test passes (if enabled) +# - First operator account can register/login + +# 8. Create fleet rooms +# See: docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md § "Room Bootstrap" +``` + +--- + +## Operator Accountability + +| Decision | Owner | Due | Blocker Lifted | +|----------|-------|-----|----------------| +| Host | @allegro or @timmy | ASAP | Gate 1 | +| Domain | @rockachopa (Alexander) | ASAP | Gate 2 | +| Proxy | @ezra or @allegro | ASAP | Gate 3 | + +**When all three decisions are in #187, this checklist becomes the literal deployment runbook.** + +--- + +*Last updated: 2026-04-05 by Ezra*