# Matrix/Conduit Prerequisites

> Issue: [#183](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/183)

## Target Host Requirements

### Option A: Deploy on Hermes VPS (143.198.27.163)
- **Pros**: Existing infrastructure, Ezra home territory
- **Cons**: Already hosting multiple wizards, resource contention
- **Ports available**: Need to verify 443, 8448 free or proxyable

### Option B: Deploy on Allegro (167.99.126.228)
- **Pros**: Separate host from Hermes, already has Nostr relay
- **Cons**: Allegro-Primus runs there; check resource headroom

### Option C: New VPS
- **Pros**: Clean slate, dedicated resources
- **Cons**: Additional cost, new maintenance surface

### Recommended: Option A (Hermes) or dedicated lightweight VPS

---

## Required Ports

| Port | Protocol | Purpose | Visibility |
|------|----------|---------|------------|
| 443 | TCP | Client HTTPS (Caddy/Nginx → Conduit) | Public |
| 8448 | TCP | Server-to-server federation | Public |
| 6167 | TCP | Conduit internal (localhost only) | Localhost |
| 80 | TCP | ACME HTTP challenge (redirects to 443) | Public |

## DNS Requirements

```
# A record
matrix.timmy.foundation.    A    <SERVER_IP>

# Optional: subdomains for federation delegation
_timatrix._tcp.timmy.foundation.  SRV  10 0 8448 matrix.timmy.foundation.
```

## Host Software

```bash
# Docker + Compose (required)
docker --version  # >= 24.0
docker compose version  # >= 2.20

# Or install if missing:
curl -fsSL https://get.docker.com | sh
```

## Reverse Proxy (choose one)

### Option 1: Caddy (recommended for automatic TLS)
```bash
apt install caddy  # or use official repo
```

### Option 2: Nginx (if already deployed)
```bash
apt install nginx certbot python3-certbot-nginx
```

## TLS Certificate Requirements

- Valid domain pointing to server IP
- Port 80 open for ACME challenge (HTTP-01)
- Or: DNS challenge for wildcard/internal domains

## Storage

| Component | Minimum | Recommended |
|-----------|---------|-------------|
| Conduit DB | 5 GB | 20 GB |
| Media uploads | 10 GB | 50 GB+ |
| Logs | 2 GB | 5 GB |

## Missing Prerequisites (Blocking)

1. [ ] **Target host selected** — Hermes vs Allegro vs new
2. [ ] **Domain/subdomain assigned** — matrix.timmy.foundation?
3. [ ] **DNS A record created** — pointing to target host
4. [ ] **Ports verified open** — 443, 8448 on target host
5. [ ] **Reverse proxy decision** — Caddy vs Nginx
6. [ ] **SSL strategy confirmed** — Let's Encrypt via proxy

## Next Steps After Prerequisites

1. Fill in `conduit.toml` with actual domain
2. Put admin registration secret in `.env`
3. Run `./deploy-matrix.sh`
4. Create first admin account
5. Create fleet rooms