d6741b1cf4
Some checks are pending
Validate Matrix Scaffold / validate-scaffold (push) Waiting to run
- Add Gitea workflow to validate matrix scaffold on every push/PR (#183) - Add docker-compose.test.yml for local Conduit testing (#166) - Add test-local-integration.sh: end-to-end Hermes Matrix adapter proof without requiring public DNS/domain This makes #183 self-enforcing and proves #166 is execution-ready pending only the host/domain decision in #187.
Matrix/Conduit Deployment Scaffold
This directory contains an executable deployment path for standing up a Matrix homeserver (Conduit) for sovereign human-to-fleet encrypted communication.
Status
| Component | State |
|---|---|
| Deployment scaffold | ✅ Present |
| Target host | ⚠️ Requires selection |
| Reverse proxy (Caddy/Nginx) | ⚠️ Pending host provisioning |
| TLS certificates | ⚠️ Pending DNS + proxy setup |
| Federation | ⚠️ Pending DNS SRV records |
| Fleet bot integration | ⚠️ Post-deployment |
Quick Start
cd /path/to/timmy-config/infra/matrix
# 1. Read prerequisites.md — ensure host is ready
# 2. Edit conduit.toml with your domain
# 3. Copy .env.example → .env and fill secrets
# 4. Run: ./deploy-matrix.sh
Architecture
┌─────────────────────────────────────────────────────────────┐
│ Host (VPS) │
│ ┌─────────────────┐ ┌──────────────────────────────┐ │
│ │ Caddy/Nginx │─────▶│ Conduit (Matrix homeserver) │ │
│ │ :443/:8448 │ │ :6167 (internal) │ │
│ └─────────────────┘ └──────────────────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ TLS termination SQLite/RocksDB storage │
│ Let's Encrypt Config: conduit.toml │
└─────────────────────────────────────────────────────────────┘
Files
| File | Purpose |
|---|---|
prerequisites.md |
Host requirements, ports, DNS, decisions |
docker-compose.yml |
Conduit + optionally Element-Web |
conduit.toml |
Homeserver configuration scaffold |
deploy-matrix.sh |
One-command deployment script |
.env.example |
Environment variable template |
caddy/Caddyfile |
Reverse proxy configuration |
Post-Deployment
- Create admin account via registration or CLI
- Create fleet rooms (encrypted by default)
- Onboard Alexander as operator
- Deploy fleet bots (Hermes gateway with Matrix platform adapter)
- Evaluate Telegram-to-Matrix bridge (mautrix-telegram)
Decisions Log
- Homeserver: Conduit (lightweight, Rust, single binary, SQLite default)
- Database: SQLite for single-host; migrate to PostgreSQL if scale demands
- Reverse proxy: Caddy (automatic HTTPS) or Nginx (existing familiarity)
- Client: Element Web (optional, self-hosted) + native apps
- Federation: Enabled (required for multi-homeserver fleet topology)