mapleopentech/monorepo
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
monorepo/cloud/infrastructure/production/README.md

129 lines
3.6 KiB
Markdown
Raw Blame History

# Maple Open Technologies - Production Infrastructure
This directory contains configuration and documentation for deploying Maple Open Technologies to production on DigitalOcean.
## Quick Start
```bash
# 1. Copy environment template
cp .env.template .env
# 2. Edit .env and replace all CHANGEME values
nano .env
# 3. Set secure permissions
chmod 600 .env
# 4. Verify .env is gitignored
git check-ignore -v .env
# 5. Start with setup documentation
cd setup/
cat 00-getting-started.md
```
## Directory Structure
```
production/
├── .env.template # Template with CHANGEME placeholders (safe to commit)
├── .env # Your actual config (gitignored, NEVER commit)
├── .gitignore # Ensures .env is never committed to Git
├── .claudeignore # Protects secrets from LLMs/AI assistants
├── README.md # This file
└── setup/ # Step-by-step deployment guides
├── 00-getting-started.md
├── 01_init_docker_swarm.md
└── ... (more guides)
```
## Environment Configuration
### `.env.template` vs `.env`
| File | Purpose | Git Status | Contains |
|------|---------|------------|----------|
| `.env.template` | Template for team | ✅ Committed | `CHANGEME` placeholders |
| `.env` | Your actual config | ❌ Gitignored | Real IPs, passwords, tokens |
### Security Rules
🔒 **DO:**
- Keep `.env` file with `chmod 600` permissions
- Store backups of `.env` securely (encrypted)
- Use `.env.template` to share config structure
- Verify `.env` is gitignored before adding secrets
- Trust `.claudeignore` to protect secrets from AI assistants
🚫 **DON'T:**
- Commit `.env` to Git
- Share `.env` via email/Slack/unencrypted channels
- Use world-readable permissions (644, 777)
- Hardcode values from `.env` in documentation
### Multi-Layer Security Protection
This directory uses **three layers** of secret protection:
1. **`.gitignore`** - Prevents committing secrets to Git repository
2. **`.claudeignore`** - Prevents LLMs/AI assistants from reading secrets
3. **File permissions** - `chmod 600` prevents other users from reading secrets
All three layers work together to protect your production infrastructure.
## Setup Guides
Follow these guides in order:
1. **[00-getting-started.md](setup/00-getting-started.md)**
- Local workspace setup
- DigitalOcean API token configuration
- `.env` file initialization
2. **[01_init_docker_swarm.md](setup/01_init_docker_swarm.md)**
- Create DigitalOcean droplets (Ubuntu 24.04)
- Install Docker on nodes
- Configure Docker Swarm with private networking
- Verify cluster connectivity
3. **More guides coming...**
- Cassandra deployment
- Redis setup
- Application deployment
- SSL/HTTPS configuration
## Infrastructure Overview
### Naming Convention
Format: `{company}-{role}-{sequential-number}-{environment}`
Examples:
- `mapleopentech-swarm-manager-1-prod`
- `mapleopentech-swarm-worker-1-prod`
- `mapleopentech-swarm-worker-2-prod`
**Why this pattern?**
- Simple sequential numbering (never reused)
- No role-specific prefixes (use Docker labels instead)
- Easy to scale (just add worker-N)
- Flexible (can repurpose servers without renaming)
## Getting Help
### Documentation
- Setup guides in `setup/` directory
- `.env.template` has inline comments for all variables
- Each guide includes troubleshooting section
### Common Issues
1. **`.env` file missing**: Run `cp .env.template .env`
2. **Variables not loading**: Run `source .env` in your terminal
3. **Git showing .env**: It shouldn't be - check `.gitignore`
---
**Last Updated**: November 3, 2025
**Maintained By**: Infrastructure Team
Reference in a new issue View git blame Copy permalink