# Matrix/Conduit Deployment Go/No-Go Checklist > **Issue**: [#166](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/166) — Stand up Matrix/Conduit > **Blocker**: [#187](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/187) — Host / Domain / Proxy Decisions > **Created**: 2026-04-05 by Ezra (burn mode) > **Purpose**: Convert #187 decisions into executable deployment steps. No ambiguity. No re-litigation. --- ## Current State | Component | Status | Evidence | |-----------|--------|----------| | Deployment scaffold | ✅ Complete | [`infra/matrix/`](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/src/branch/main/infra/matrix) (15 files) | | Host readiness script | ✅ Complete | `infra/matrix/host-readiness-check.sh` | | Operator runbook | ✅ Complete | `docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md` | | Execution checklist | ✅ Complete | This file | | **Host selected** | ⚠️ **BLOCKED** | Pending #187 | | **Domain/subdomain chosen** | ⚠️ **BLOCKED** | Pending #187 | | **Reverse proxy chosen** | ⚠️ **BLOCKED** | Pending #187 | | **Live deployment** | ⚠️ **BLOCKED** | Waiting on above | --- ## Decision Gate 1: Target Host **Question**: On which machine will Conduit run? ### Options | Host | IP / Access | Pros | Cons | |------|-------------|------|------| | Hermes VPS (Bezalel/Ezra) | 143.198.27.163 | Existing infra, trusted | Already busy | | Allegro TestBed | 167.99.126.228 | Dedicated, relay already there | Non-prod reputation | | New droplet | TBD | Clean slate, proper sizing | Cost + provisioning time | **Decision needed from #187**: Pick one host. **After decision**: Update `infra/matrix/.env` → `MATRIX_HOST` and `infra/matrix/conduit.toml` → `server_name`. --- ## Decision Gate 2: Domain / Subdomain **Question**: What is the public Matrix server name? ### Options | Domain | DNS Owner | TLS Ready? | Note | |--------|-----------|------------|------| | `matrix.alexanderwhitestone.com` | Alexander | Yes (via main domain) | Clean, semantic | | `chat.alexanderwhitestone.com` | Alexander | Yes | Shorter | | `timmy.alexanderwhitestone.com` | Alexander | Yes | Brand-aligned | **Decision needed from #187**: Pick one subdomain. **After decision**: Update `infra/matrix/conduit.toml` → `server_name`, update `deploy-matrix.sh` → DNS validation, obtain TLS cert. --- ## Decision Gate 3: Reverse Proxy & TLS **Question**: How do clients reach Conduit over HTTPS? ### Options | Proxy | TLS Source | Config Location | Best For | |-------|------------|-----------------|----------| | Caddy | Automatic (Let's Encrypt) | `infra/matrix/caddy/Caddyfile` | Simplicity, auto-TLS | | Nginx | Manual certbot | New file: `infra/matrix/nginx/` | Existing nginx expertise | | Traefik | Automatic | New file: `infra/matrix/traefik/` | Docker-native stacks | **Decision needed from #187**: Pick one proxy strategy. **After decision**: Copy the chosen proxy config into place, update `docker-compose.yml` port bindings, run `./host-readiness-check.sh`. --- ## Post-Decision Execution Script Once #187 closes with the three decisions above, execute in this exact order: ```bash # 1. SSH into chosen host ssh user@ # 2. Clone / enter timmy-config cd /opt/timmy-config # or wherever fleet repos live # 3. Pre-flight check cd infra/matrix ./host-readiness-check.sh # Fix any RED items before continuing. # 4. Edit secrets cp .env.example .env # Fill: MATRIX_HOST, POSTGRES_PASSWORD, CONDUIT_REGISTRATION_TOKEN # 5. Edit Conduit config # Update server_name in conduit.toml to match DOMAIN_FROM_187 # 6. Deploy ./deploy-matrix.sh # 7. Verify # - Element Web loads at https:///_matrix/static/ # - Federation test passes (if enabled) # - First operator account can register/login # 8. Create fleet rooms # See: docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md § "Room Bootstrap" ``` --- ## Operator Accountability | Decision | Owner | Due | Blocker Lifted | |----------|-------|-----|----------------| | Host | @allegro or @timmy | ASAP | Gate 1 | | Domain | @rockachopa (Alexander) | ASAP | Gate 2 | | Proxy | @ezra or @allegro | ASAP | Gate 3 | **When all three decisions are in #187, this checklist becomes the literal deployment runbook.** --- *Last updated: 2026-04-05 by Ezra*