diff --git a/.deployment/production/docker-compose.yml b/.deployment/production/docker-compose.yml
new file mode 100644
index 0000000..2f56473
--- /dev/null
+++ b/.deployment/production/docker-compose.yml
@@ -0,0 +1,9 @@
+version: "3"
+
+services:
+  django-server:
+    build: ../../
+    ports:
+      - "8042:8042"
+    env_file:
+      - production.secrets.env
diff --git a/.deployment/production/production.secrets.env b/.deployment/production/production.secrets.env
new file mode 100644
index 0000000..28ec94a
Binary files /dev/null and b/.deployment/production/production.secrets.env differ
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..058ee43
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.secrets.env filter=git-crypt diff=git-crypt
diff --git a/Dockerfile b/Dockerfile
index 436d65e..af71bc2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,5 +13,9 @@ RUN pip3 install --upgrade pip && \
 
 COPY . .
 
-CMD ["gunicorn", "pluralityspace.wsgi:application", \
-                 "--bind", "0.0.0.0:8042"]
+# TODO #1: build a real production setup with gunicorn, nginx for static files etc.
+#CMD ["gunicorn", "pluralityspace.wsgi:application", \
+#                 "--bind", "0.0.0.0:8042"]
+
+ENTRYPOINT ["python3", "./manage.py"]
+CMD ["runserver", "0.0.0.0:8042"]
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..b29ca5e
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,34 @@
+# General settings
+APP_NAME := pluralityspace
+PYTHON ?= python3
+
+# Development server
+SERVER_LISTEN ?= 0.0.0.0:8042
+
+# Deployment settings
+STAGE ?= production
+GIT_CRYPT_KEY ?= ~/.git-crypt-keys/$(APP_NAME)-$(STAGE).key
+DOCKER_COMPOSE_YML := .deployment/$(STAGE)/docker-compose.yml
+
+.PHONY: run decrypt deploy-production
+
+# Default target: none
+all:
+
+
+### Local development
+
+# Run django development server
+run:
+	$(PYTHON) manage.py runserver $(SERVER_LISTEN)
+
+
+### Deployment
+
+# Unlock git-crypted production secrets
+decrypt:
+	git-crypt unlock $(GIT_CRYPT_KEY)
+
+# Deploy on production using docker-compose
+deploy:
+	docker-compose -f $(DOCKER_COMPOSE_YML) up --build --detach