Initial commit: Open sourcing all of the Maple Open Technologies code.

cloud/infrastructure/production/README.md

@@ -0,0 +1,129 @@
+# Maple Open Technologies - Production Infrastructure
+
+This directory contains configuration and documentation for deploying Maple Open Technologies to production on DigitalOcean.
+
+## Quick Start
+
+```bash
+# 1. Copy environment template
+cp .env.template .env
+
+# 2. Edit .env and replace all CHANGEME values
+nano .env
+
+# 3. Set secure permissions
+chmod 600 .env
+
+# 4. Verify .env is gitignored
+git check-ignore -v .env
+
+# 5. Start with setup documentation
+cd setup/
+cat 00-getting-started.md
+```
+
+## Directory Structure
+
+```
+production/
+├── .env.template       # Template with CHANGEME placeholders (safe to commit)
+├── .env               # Your actual config (gitignored, NEVER commit)
+├── .gitignore         # Ensures .env is never committed to Git
+├── .claudeignore      # Protects secrets from LLMs/AI assistants
+├── README.md          # This file
+└── setup/             # Step-by-step deployment guides
+    ├── 00-getting-started.md
+    ├── 01_init_docker_swarm.md
+    └── ... (more guides)
+```
+
+## Environment Configuration
+
+### `.env.template` vs `.env`
+
+| File | Purpose | Git Status | Contains |
+|------|---------|------------|----------|
+| `.env.template` | Template for team | ✅ Committed | `CHANGEME` placeholders |
+| `.env` | Your actual config | ❌ Gitignored | Real IPs, passwords, tokens |
+
+### Security Rules
+
+🔒 **DO:**
+- Keep `.env` file with `chmod 600` permissions
+- Store backups of `.env` securely (encrypted)
+- Use `.env.template` to share config structure
+- Verify `.env` is gitignored before adding secrets
+- Trust `.claudeignore` to protect secrets from AI assistants
+
+🚫 **DON'T:**
+- Commit `.env` to Git
+- Share `.env` via email/Slack/unencrypted channels
+- Use world-readable permissions (644, 777)
+- Hardcode values from `.env` in documentation
+
+### Multi-Layer Security Protection
+
+This directory uses **three layers** of secret protection:
+
+1. **`.gitignore`** - Prevents committing secrets to Git repository
+2. **`.claudeignore`** - Prevents LLMs/AI assistants from reading secrets
+3. **File permissions** - `chmod 600` prevents other users from reading secrets
+
+All three layers work together to protect your production infrastructure.
+
+## Setup Guides
+
+Follow these guides in order:
+
+1. **[00-getting-started.md](setup/00-getting-started.md)**
+   - Local workspace setup
+   - DigitalOcean API token configuration
+   - `.env` file initialization
+
+2. **[01_init_docker_swarm.md](setup/01_init_docker_swarm.md)**
+   - Create DigitalOcean droplets (Ubuntu 24.04)
+   - Install Docker on nodes
+   - Configure Docker Swarm with private networking
+   - Verify cluster connectivity
+
+3. **More guides coming...**
+   - Cassandra deployment
+   - Redis setup
+   - Application deployment
+   - SSL/HTTPS configuration
+
+## Infrastructure Overview
+
+### Naming Convention
+
+Format: `{company}-{role}-{sequential-number}-{environment}`
+
+Examples:
+- `mapleopentech-swarm-manager-1-prod`
+- `mapleopentech-swarm-worker-1-prod`
+- `mapleopentech-swarm-worker-2-prod`
+
+**Why this pattern?**
+- Simple sequential numbering (never reused)
+- No role-specific prefixes (use Docker labels instead)
+- Easy to scale (just add worker-N)
+- Flexible (can repurpose servers without renaming)
+
+## Getting Help
+
+### Documentation
+
+- Setup guides in `setup/` directory
+- `.env.template` has inline comments for all variables
+- Each guide includes troubleshooting section
+
+### Common Issues
+
+1. **`.env` file missing**: Run `cp .env.template .env`
+2. **Variables not loading**: Run `source .env` in your terminal
+3. **Git showing .env**: It shouldn't be - check `.gitignore`
+
+---
+
+**Last Updated**: November 3, 2025
+**Maintained By**: Infrastructure Team