mapleopentech/monorepo
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
monorepo/cloud/infrastructure/production/README.md

3.6 KiB
Raw Blame History

Maple Open Technologies - Production Infrastructure

This directory contains configuration and documentation for deploying Maple Open Technologies to production on DigitalOcean.

Quick Start

# 1. Copy environment template
cp .env.template .env

# 2. Edit .env and replace all CHANGEME values
nano .env

# 3. Set secure permissions
chmod 600 .env

# 4. Verify .env is gitignored
git check-ignore -v .env

# 5. Start with setup documentation
cd setup/
cat 00-getting-started.md

Directory Structure

production/
├── .env.template       # Template with CHANGEME placeholders (safe to commit)
├── .env               # Your actual config (gitignored, NEVER commit)
├── .gitignore         # Ensures .env is never committed to Git
├── .claudeignore      # Protects secrets from LLMs/AI assistants
├── README.md          # This file
└── setup/             # Step-by-step deployment guides
    ├── 00-getting-started.md
    ├── 01_init_docker_swarm.md
    └── ... (more guides)

Environment Configuration

.env.template vs .env

File Purpose Git Status Contains
.env.template Template for team Committed CHANGEME placeholders
.env Your actual config Gitignored Real IPs, passwords, tokens

Security Rules

🔒 DO:

  • Keep .env file with chmod 600 permissions
  • Store backups of .env securely (encrypted)
  • Use .env.template to share config structure
  • Verify .env is gitignored before adding secrets
  • Trust .claudeignore to protect secrets from AI assistants

🚫 DON'T:

  • Commit .env to Git
  • Share .env via email/Slack/unencrypted channels
  • Use world-readable permissions (644, 777)
  • Hardcode values from .env in documentation

Multi-Layer Security Protection

This directory uses three layers of secret protection:

  1. .gitignore - Prevents committing secrets to Git repository
  2. .claudeignore - Prevents LLMs/AI assistants from reading secrets
  3. File permissions - chmod 600 prevents other users from reading secrets

All three layers work together to protect your production infrastructure.

Setup Guides

Follow these guides in order:

  1. 00-getting-started.md

    • Local workspace setup
    • DigitalOcean API token configuration
    • .env file initialization

  2. 01_init_docker_swarm.md

    • Create DigitalOcean droplets (Ubuntu 24.04)
    • Install Docker on nodes
    • Configure Docker Swarm with private networking
    • Verify cluster connectivity

  3. More guides coming...

    • Cassandra deployment
    • Redis setup
    • Application deployment
    • SSL/HTTPS configuration

Infrastructure Overview

Naming Convention

Format: {company}-{role}-{sequential-number}-{environment}

Examples:

  • mapleopentech-swarm-manager-1-prod
  • mapleopentech-swarm-worker-1-prod
  • mapleopentech-swarm-worker-2-prod

Why this pattern?

  • Simple sequential numbering (never reused)
  • No role-specific prefixes (use Docker labels instead)
  • Easy to scale (just add worker-N)
  • Flexible (can repurpose servers without renaming)

Getting Help

Documentation

  • Setup guides in setup/ directory
  • .env.template has inline comments for all variables
  • Each guide includes troubleshooting section

Common Issues

  1. .env file missing: Run cp .env.template .env
  2. Variables not loading: Run source .env in your terminal
  3. Git showing .env: It shouldn't be - check .gitignore

Last Updated: November 3, 2025 Maintained By: Infrastructure Team