126 lines
4.2 KiB
Markdown
126 lines
4.2 KiB
Markdown
# Matrix/Conduit Deployment Go/No-Go Checklist
|
|
|
|
> **Issue**: [#166](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/166) — Stand up Matrix/Conduit
|
|
> **Blocker**: [#187](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/187) — Host / Domain / Proxy Decisions
|
|
> **Created**: 2026-04-05 by Ezra (burn mode)
|
|
> **Purpose**: Convert #187 decisions into executable deployment steps. No ambiguity. No re-litigation.
|
|
|
|
---
|
|
|
|
## Current State
|
|
|
|
| Component | Status | Evidence |
|
|
|-----------|--------|----------|
|
|
| Deployment scaffold | ✅ Complete | [`infra/matrix/`](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/src/branch/main/infra/matrix) (15 files) |
|
|
| Host readiness script | ✅ Complete | `infra/matrix/host-readiness-check.sh` |
|
|
| Operator runbook | ✅ Complete | `docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md` |
|
|
| Execution checklist | ✅ Complete | This file |
|
|
| **Host selected** | ⚠️ **BLOCKED** | Pending #187 |
|
|
| **Domain/subdomain chosen** | ⚠️ **BLOCKED** | Pending #187 |
|
|
| **Reverse proxy chosen** | ⚠️ **BLOCKED** | Pending #187 |
|
|
| **Live deployment** | ⚠️ **BLOCKED** | Waiting on above |
|
|
|
|
---
|
|
|
|
## Decision Gate 1: Target Host
|
|
|
|
**Question**: On which machine will Conduit run?
|
|
|
|
### Options
|
|
| Host | IP / Access | Pros | Cons |
|
|
|------|-------------|------|------|
|
|
| Hermes VPS (Bezalel/Ezra) | 143.198.27.163 | Existing infra, trusted | Already busy |
|
|
| Allegro TestBed | 167.99.126.228 | Dedicated, relay already there | Non-prod reputation |
|
|
| New droplet | TBD | Clean slate, proper sizing | Cost + provisioning time |
|
|
|
|
**Decision needed from #187**: Pick one host.
|
|
|
|
**After decision**: Update `infra/matrix/.env` → `MATRIX_HOST` and `infra/matrix/conduit.toml` → `server_name`.
|
|
|
|
---
|
|
|
|
## Decision Gate 2: Domain / Subdomain
|
|
|
|
**Question**: What is the public Matrix server name?
|
|
|
|
### Options
|
|
| Domain | DNS Owner | TLS Ready? | Note |
|
|
|--------|-----------|------------|------|
|
|
| `matrix.alexanderwhitestone.com` | Alexander | Yes (via main domain) | Clean, semantic |
|
|
| `chat.alexanderwhitestone.com` | Alexander | Yes | Shorter |
|
|
| `timmy.alexanderwhitestone.com` | Alexander | Yes | Brand-aligned |
|
|
|
|
**Decision needed from #187**: Pick one subdomain.
|
|
|
|
**After decision**: Update `infra/matrix/conduit.toml` → `server_name`, update `deploy-matrix.sh` → DNS validation, obtain TLS cert.
|
|
|
|
---
|
|
|
|
## Decision Gate 3: Reverse Proxy & TLS
|
|
|
|
**Question**: How do clients reach Conduit over HTTPS?
|
|
|
|
### Options
|
|
| Proxy | TLS Source | Config Location | Best For |
|
|
|-------|------------|-----------------|----------|
|
|
| Caddy | Automatic (Let's Encrypt) | `infra/matrix/caddy/Caddyfile` | Simplicity, auto-TLS |
|
|
| Nginx | Manual certbot | New file: `infra/matrix/nginx/` | Existing nginx expertise |
|
|
| Traefik | Automatic | New file: `infra/matrix/traefik/` | Docker-native stacks |
|
|
|
|
**Decision needed from #187**: Pick one proxy strategy.
|
|
|
|
**After decision**: Copy the chosen proxy config into place, update `docker-compose.yml` port bindings, run `./host-readiness-check.sh`.
|
|
|
|
---
|
|
|
|
## Post-Decision Execution Script
|
|
|
|
Once #187 closes with the three decisions above, execute in this exact order:
|
|
|
|
```bash
|
|
# 1. SSH into chosen host
|
|
ssh user@<HOST_FROM_187>
|
|
|
|
# 2. Clone / enter timmy-config
|
|
cd /opt/timmy-config # or wherever fleet repos live
|
|
|
|
# 3. Pre-flight check
|
|
cd infra/matrix
|
|
./host-readiness-check.sh
|
|
# Fix any RED items before continuing.
|
|
|
|
# 4. Edit secrets
|
|
cp .env.example .env
|
|
# Fill: MATRIX_HOST, POSTGRES_PASSWORD, CONDUIT_REGISTRATION_TOKEN
|
|
|
|
# 5. Edit Conduit config
|
|
# Update server_name in conduit.toml to match DOMAIN_FROM_187
|
|
|
|
# 6. Deploy
|
|
./deploy-matrix.sh
|
|
|
|
# 7. Verify
|
|
# - Element Web loads at https://<DOMAIN>/_matrix/static/
|
|
# - Federation test passes (if enabled)
|
|
# - First operator account can register/login
|
|
|
|
# 8. Create fleet rooms
|
|
# See: docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md § "Room Bootstrap"
|
|
```
|
|
|
|
---
|
|
|
|
## Operator Accountability
|
|
|
|
| Decision | Owner | Due | Blocker Lifted |
|
|
|----------|-------|-----|----------------|
|
|
| Host | @allegro or @timmy | ASAP | Gate 1 |
|
|
| Domain | @rockachopa (Alexander) | ASAP | Gate 2 |
|
|
| Proxy | @ezra or @allegro | ASAP | Gate 3 |
|
|
|
|
**When all three decisions are in #187, this checklist becomes the literal deployment runbook.**
|
|
|
|
---
|
|
|
|
*Last updated: 2026-04-05 by Ezra*
|