4.2 KiB
Matrix/Conduit Deployment Go/No-Go Checklist
Issue: #166 — Stand up Matrix/Conduit
Blocker: #187 — Host / Domain / Proxy Decisions
Created: 2026-04-05 by Ezra (burn mode)
Purpose: Convert #187 decisions into executable deployment steps. No ambiguity. No re-litigation.
Current State
| Component | Status | Evidence |
|---|---|---|
| Deployment scaffold | ✅ Complete | infra/matrix/ (15 files) |
| Host readiness script | ✅ Complete | infra/matrix/host-readiness-check.sh |
| Operator runbook | ✅ Complete | docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md |
| Execution checklist | ✅ Complete | This file |
| Host selected | ⚠️ BLOCKED | Pending #187 |
| Domain/subdomain chosen | ⚠️ BLOCKED | Pending #187 |
| Reverse proxy chosen | ⚠️ BLOCKED | Pending #187 |
| Live deployment | ⚠️ BLOCKED | Waiting on above |
Decision Gate 1: Target Host
Question: On which machine will Conduit run?
Options
| Host | IP / Access | Pros | Cons |
|---|---|---|---|
| Hermes VPS (Bezalel/Ezra) | 143.198.27.163 | Existing infra, trusted | Already busy |
| Allegro TestBed | 167.99.126.228 | Dedicated, relay already there | Non-prod reputation |
| New droplet | TBD | Clean slate, proper sizing | Cost + provisioning time |
Decision needed from #187: Pick one host.
After decision: Update infra/matrix/.env → MATRIX_HOST and infra/matrix/conduit.toml → server_name.
Decision Gate 2: Domain / Subdomain
Question: What is the public Matrix server name?
Options
| Domain | DNS Owner | TLS Ready? | Note |
|---|---|---|---|
matrix.alexanderwhitestone.com |
Alexander | Yes (via main domain) | Clean, semantic |
chat.alexanderwhitestone.com |
Alexander | Yes | Shorter |
timmy.alexanderwhitestone.com |
Alexander | Yes | Brand-aligned |
Decision needed from #187: Pick one subdomain.
After decision: Update infra/matrix/conduit.toml → server_name, update deploy-matrix.sh → DNS validation, obtain TLS cert.
Decision Gate 3: Reverse Proxy & TLS
Question: How do clients reach Conduit over HTTPS?
Options
| Proxy | TLS Source | Config Location | Best For |
|---|---|---|---|
| Caddy | Automatic (Let's Encrypt) | infra/matrix/caddy/Caddyfile |
Simplicity, auto-TLS |
| Nginx | Manual certbot | New file: infra/matrix/nginx/ |
Existing nginx expertise |
| Traefik | Automatic | New file: infra/matrix/traefik/ |
Docker-native stacks |
Decision needed from #187: Pick one proxy strategy.
After decision: Copy the chosen proxy config into place, update docker-compose.yml port bindings, run ./host-readiness-check.sh.
Post-Decision Execution Script
Once #187 closes with the three decisions above, execute in this exact order:
# 1. SSH into chosen host
ssh user@<HOST_FROM_187>
# 2. Clone / enter timmy-config
cd /opt/timmy-config # or wherever fleet repos live
# 3. Pre-flight check
cd infra/matrix
./host-readiness-check.sh
# Fix any RED items before continuing.
# 4. Edit secrets
cp .env.example .env
# Fill: MATRIX_HOST, POSTGRES_PASSWORD, CONDUIT_REGISTRATION_TOKEN
# 5. Edit Conduit config
# Update server_name in conduit.toml to match DOMAIN_FROM_187
# 6. Deploy
./deploy-matrix.sh
# 7. Verify
# - Element Web loads at https://<DOMAIN>/_matrix/static/
# - Federation test passes (if enabled)
# - First operator account can register/login
# 8. Create fleet rooms
# See: docs/matrix-fleet-comms/DEPLOYMENT_RUNBOOK.md § "Room Bootstrap"
Operator Accountability
| Decision | Owner | Due | Blocker Lifted |
|---|---|---|---|
| Host | @allegro or @timmy | ASAP | Gate 1 |
| Domain | @rockachopa (Alexander) | ASAP | Gate 2 |
| Proxy | @ezra or @allegro | ASAP | Gate 3 |
When all three decisions are in #187, this checklist becomes the literal deployment runbook.
Last updated: 2026-04-05 by Ezra