← All docs
Infrastructure & IT
The Territori stack
Every service, account and configuration decision behind territori.io. Update this doc whenever a service changes, a plan is upgraded or a new credential is created.
Core services
Domain & Registrar
Spaceship
Domain: territori.io
Cost: ~$15/year
Nameservers: Delegated to Cloudflare (2026-05-02)
Email forwarding: janice@territori.io → personal inbox, managed here
Hosting
Vercel
Plan: Pro Pro
Public site: territori.io → repo territori-io/web
Internal docs: internal.territori.io → repo territori-io/internal
Both deploy automatically on push to main.
DNS & Security
Cloudflare
Plan: Free Free
DNS: Full setup, nameservers active
AI crawlers: Do not block (allow crawlers)
Zero Trust: Free tier, gates internal.territori.io via email OTP — any @territori.io address, 24-hour sessions
Email
Spaceship Forwarding
Address: janice@territori.io
Forwards to: janice.wilson@mac.com
Sending: Replies go from personal inbox — no dedicated business SMTP yet.
Note: Upgrade to Google Workspace ($6/mo) before client sends — better deliverability for transactional email.
Database
Neon
Type: PostgreSQL + PostGIS
Tables: 25 entities, 27 enums
ORM: Prisma
Data loaded: 54,512 Clallam parcels, Jefferson County GeoJSON
Indexes: PostGIS GiST on all geometry columns
Source Control
GitHub
Org: territori-io (private)
web: Next.js 16 app — territori.io
internal: Internal docs — internal.territori.io
Branch protection enabled on main for both repos.
DNS records
Managed via Cloudflare. All records are proxied (orange cloud) unless noted.
| Type |
Name |
Value |
Purpose |
Status |
| A / CNAME |
territori.io |
cname.vercel-dns.com |
Public website |
Live |
| CNAME |
internal |
cname.vercel-dns.com |
Internal docs — gated by Zero Trust |
Live |
| MX |
territori.io |
Spaceship mail servers |
Email forwarding (janice@territori.io) |
Live |
Cloudflare Zero Trust
Free tier — up to 50 seats. Protects internal.territori.io via one-time email passcode.
| Setting |
Value |
Notes |
| Application |
Territori Internal |
Self-hosted, targets internal.territori.io |
| Policy |
Team Only — Allow |
Emails ending in @territori.io |
| Identity provider |
One-time PIN (email OTP) |
No external IdP required |
| Session duration |
24 hours |
Re-authenticates once daily |
To add a new team member: No policy change needed — anyone with a @territori.io email address can authenticate automatically. To add an external collaborator without a @territori.io address, add their specific email as an additional Include rule in the Team Only policy.
Upgrade flags
Things to revisit as the product grows.
| Service |
Current |
Upgrade to |
Trigger |
| Email |
Spaceship forwarding |
Google Workspace ($6/mo) |
Before first client delivery — needed for transactional email deliverability |
| Cloudflare |
Free |
Pro ($20/mo) |
Only if WAF or advanced bot management becomes necessary — not needed now |
| Neon |
Free / Launch |
Scale tier |
When live subscriber queries start hitting the DB regularly |
Territori · Internal · Not for distribution
Last updated: 2026-05-02