monorepo/cloud/infrastructure/production

Maple Open Technologies - Production Infrastructure

This directory contains configuration and documentation for deploying Maple Open Technologies to production on DigitalOcean.

Quick Start

# 1. Copy environment template
cp .env.template .env

# 2. Edit .env and replace all CHANGEME values
nano .env

# 3. Set secure permissions
chmod 600 .env

# 4. Verify .env is gitignored
git check-ignore -v .env

# 5. Start with setup documentation
cd setup/
cat 00-getting-started.md

Directory Structure

production/
├── .env.template       # Template with CHANGEME placeholders (safe to commit)
├── .env               # Your actual config (gitignored, NEVER commit)
├── .gitignore         # Ensures .env is never committed to Git
├── .claudeignore      # Protects secrets from LLMs/AI assistants
├── README.md          # This file
└── setup/             # Step-by-step deployment guides
    ├── 00-getting-started.md
    ├── 01_init_docker_swarm.md
    └── ... (more guides)

Environment Configuration

.env.template vs .env

File	Purpose	Git Status	Contains
.env.template	Template for team	✅ Committed	CHANGEME placeholders
.env	Your actual config	❌ Gitignored	Real IPs, passwords, tokens

Security Rules

🔒 DO:

• Keep .env file with chmod 600 permissions
• Store backups of .env securely (encrypted)
• Use .env.template to share config structure
• Verify .env is gitignored before adding secrets
• Trust .claudeignore to protect secrets from AI assistants

🚫 DON'T:

• Commit .env to Git
• Share .env via email/Slack/unencrypted channels
• Use world-readable permissions (644, 777)
• Hardcode values from .env in documentation

Multi-Layer Security Protection

This directory uses three layers of secret protection:

1. .gitignore - Prevents committing secrets to Git repository
2. .claudeignore - Prevents LLMs/AI assistants from reading secrets
3. File permissions - chmod 600 prevents other users from reading secrets

All three layers work together to protect your production infrastructure.

Setup Guides

Follow these guides in order:

1. 00-getting-started.md

   • Local workspace setup
   • DigitalOcean API token configuration
   • .env file initialization

2. 01_init_docker_swarm.md

   • Create DigitalOcean droplets (Ubuntu 24.04)
   • Install Docker on nodes
   • Configure Docker Swarm with private networking
   • Verify cluster connectivity

3. More guides coming...

   • Cassandra deployment
   • Redis setup
   • Application deployment
   • SSL/HTTPS configuration

Infrastructure Overview

Naming Convention

Format: {company}-{role}-{sequential-number}-{environment}

Examples:

• mapleopentech-swarm-manager-1-prod
• mapleopentech-swarm-worker-1-prod
• mapleopentech-swarm-worker-2-prod

Why this pattern?

• Simple sequential numbering (never reused)
• No role-specific prefixes (use Docker labels instead)
• Easy to scale (just add worker-N)
• Flexible (can repurpose servers without renaming)

Getting Help

Documentation

• Setup guides in setup/ directory
• .env.template has inline comments for all variables
• Each guide includes troubleshooting section

Common Issues

1. .env file missing: Run cp .env.template .env
2. Variables not loading: Run source .env in your terminal
3. Git showing .env: It shouldn't be - check .gitignore

---

Last Updated: November 3, 2025 Maintained By: Infrastructure Team