Tech Story
As a developer or operator, I want comprehensive production documentation so that anyone (including future-me) can understand how the system is deployed, how the auth flows work, and how to perform common operational tasks without needing to reverse-engineer the code.
Context
By the time this milestone is complete, Station will have a non-trivial production setup: Terraform-managed infra, Nginx reverse proxy, Docker Compose services, a CI/CD pipeline, Redis-backed auth, and OAuth M2M. None of this is obvious from the source code alone. Good documentation is what separates a portfolio project from a professional one.
Technical Elaboration
README.md (repo root) — update
Current README focuses on local development. Add a top-level Production section that links to the detail docs below. Also add:
- Architecture overview: what each service is and how they relate
- Subdomain map:
api.drdnt.org → backend, station.drdnt.org → frontend, bot.drdnt.org → reserved
- Quick-reference: how to trigger a deploy (push a
v* tag)
- Quick-reference: how to check service health on the VPS
docs/deployment.md — new
Full deployment runbook. Sections:
- Prerequisites — Linode account, domain registrar access, GitHub secrets
- First-time setup — step-by-step: Terraform apply → bootstrap VPS → Nginx + Certbot → set
.env.production → first deploy
- Routine deploys — tag and push; what GitHub Actions does; how to watch the workflow
- Rollback — how to re-tag a previous version and push to trigger a rollback deploy
- Secrets management — what secrets exist, where they live (VPS
.env.production, GitHub Secrets), how to rotate them
- Monitoring basics —
docker compose ps, docker compose logs -f backend, free -h, df -h
- Common issues — OOM: check
free -h, consider adding swap or upgrading. Container crash loop: docker compose logs backend --tail=100. Cert expired: certbot renew.
docs/architecture.md — new
Plain-English architecture explanation with a text diagram:
Internet
│
▼
Nginx (VPS host, port 80/443)
├── api.drdnt.org ──► Station Backend (Docker, port 3001)
│ │
│ ┌───┴────────────────┐
│ │ PostgreSQL (Docker) │
│ │ Redis (Docker) │
│ └────────────────────┘
├── station.drdnt.org ──► Station Frontend (Docker, port 3000)
└── bot.drdnt.org ──► (reserved / health endpoint)
Station Backend ◄──── Station-Bot (Linode VPS, separate Docker Compose)
OAuth 2.0 Client Credentials
Explain each component in 2–3 sentences. Link to the deployment and OAuth docs.
docs/oauth-m2m.md — new
The M2M auth flow explained for someone who hasn't worked with OAuth before:
- What Client Credentials is and when to use it (vs user login)
- The full request/response cycle with example curl commands
- How Station-Bot uses it (token acquisition, caching, refresh, retry)
- How to register a new OAuth client (admin endpoint, bcrypt secret)
- How to revoke a client (set
isActive: false in DB)
- Security properties: short-lived tokens, JTI blacklist, bcrypt secrets
docs/cicd.md — new (referenced in #90)
- Pipeline diagram: tag push → GitHub Actions → GHCR → SSH → VPS → health check
- Required GitHub Secrets table (name, description, how to generate/rotate)
- How to manually re-run a failed deploy
- Monorepo CI: which workflows run on PRs vs tags
Definition of Done
Dependencies
- Depends on: all other v0.2.0 issues (can only be finalized once implementation is complete)
- Blocks: nothing — docs are the last step before milestone close
Tech Story
As a developer or operator, I want comprehensive production documentation so that anyone (including future-me) can understand how the system is deployed, how the auth flows work, and how to perform common operational tasks without needing to reverse-engineer the code.
Context
By the time this milestone is complete, Station will have a non-trivial production setup: Terraform-managed infra, Nginx reverse proxy, Docker Compose services, a CI/CD pipeline, Redis-backed auth, and OAuth M2M. None of this is obvious from the source code alone. Good documentation is what separates a portfolio project from a professional one.
Technical Elaboration
README.md(repo root) — updateCurrent README focuses on local development. Add a top-level Production section that links to the detail docs below. Also add:
api.drdnt.org→ backend,station.drdnt.org→ frontend,bot.drdnt.org→ reservedv*tag)docs/deployment.md— newFull deployment runbook. Sections:
.env.production→ first deploy.env.production, GitHub Secrets), how to rotate themdocker compose ps,docker compose logs -f backend,free -h,df -hfree -h, consider adding swap or upgrading. Container crash loop:docker compose logs backend --tail=100. Cert expired:certbot renew.docs/architecture.md— newPlain-English architecture explanation with a text diagram:
Explain each component in 2–3 sentences. Link to the deployment and OAuth docs.
docs/oauth-m2m.md— newThe M2M auth flow explained for someone who hasn't worked with OAuth before:
isActive: falsein DB)docs/cicd.md— new (referenced in #90)Definition of Done
README.mdupdated with Production section and links to detail docsdocs/deployment.mdwritten covering first-time setup through rollbackdocs/architecture.mdwritten with text diagram and plain-English explanationsdocs/oauth-m2m.mdwritten with curl examples for the Client Credentials flowdocs/cicd.mdwritten with secrets table and pipeline diagramDependencies