From 46c6e45eaef7d55bb03a7695a82bac310ab4146b Mon Sep 17 00:00:00 2001
From: pacnpal <183241239+pacnpal@users.noreply.github.com>
Date: Wed, 20 Aug 2025 10:28:51 -0400
Subject: [PATCH] Security: Remove sensitive files from git tracking and update
 .gitignore

- Remove scripts/systemd/thrillwiki-automation.env from git tracking
- Remove scripts/systemd/thrillwiki-deployment.env from git tracking
- Update .gitignore to prevent future commits of sensitive environment files
- Add patterns for systemd environment files and other potential secrets

These files contained sensitive configuration that should not be in version control.
---
 .gitignore                                |   7 +-
 scripts/systemd/thrillwiki-automation.env | 203 --------------
 scripts/systemd/thrillwiki-deployment.env | 321 ----------------------
 3 files changed, 6 insertions(+), 525 deletions(-)
 delete mode 100644 scripts/systemd/thrillwiki-automation.env
 delete mode 100644 scripts/systemd/thrillwiki-deployment.env

diff --git a/.gitignore b/.gitignore
index 53c7fb26..9740b139 100644
--- a/.gitignore
+++ b/.gitignore
@@ -389,4 +389,9 @@ Temporary Items
 logs/
 profiles
 .thrillwiki-github-token
-.thrillwiki-template-config
\ No newline at end of file
+.thrillwiki-template-config
+
+# Environment files with potential secrets
+scripts/systemd/thrillwiki-automation***REMOVED***
+scripts/systemd/thrillwiki-deployment***REMOVED***
+scripts/systemd/****REMOVED***
\ No newline at end of file
diff --git a/scripts/systemd/thrillwiki-automation.env b/scripts/systemd/thrillwiki-automation.env
deleted file mode 100644
index e1e653bc..00000000
--- a/scripts/systemd/thrillwiki-automation.env
+++ /dev/null
@@ -1,203 +0,0 @@
-# ThrillWiki Automation Service Environment Configuration
-# Copy this file to thrillwiki-automation***REMOVED*** and customize for your environment
-# 
-# Security Note: This file should have restricted permissions (600) as it may contain
-# sensitive information like GitHub Personal Access Tokens
-
-# [AWS-SECRET-REMOVED]====================================
-# PROJECT CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Base project directory (usually auto-detected)
-# PROJECT_DIR=/home/ubuntu/thrillwiki
-
-# Service name for systemd integration
-# SERVICE_NAME=thrillwiki
-
-# [AWS-SECRET-REMOVED]====================================
-# GITHUB REPOSITORY CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub repository remote name
-# GITHUB_REPO=origin
-
-# Branch to pull from
-# GITHUB_BRANCH=main
-
-# GitHub Personal Access Token (PAT) - Required for private repositories
-# Generate at: https://github.com/settings/tokens
-# Required permissions: repo (Full control of private repositories)
-GITHUB_TOKEN=[GITHUB-TOKEN-REMOVED]
-
-# GitHub token file location (alternative to GITHUB_TOKEN)
-# GITHUB_TOKEN_FILE=/home/ubuntu/thrillwiki/.github-pat
-
-# [AWS-SECRET-REMOVED]====================================
-# AUTOMATION TIMING CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Repository pull interval in seconds (default: 300 = 5 minutes)
-# PULL_INTERVAL=300
-
-# Health check interval in seconds (default: 60 = 1 minute)
-# HEALTH_CHECK_INTERVAL=60
-
-# Server startup timeout in seconds (default: 120 = 2 minutes)
-# STARTUP_TIMEOUT=120
-
-# Restart delay after failure in seconds (default: 10)
-# RESTART_DELAY=10
-
-# [AWS-SECRET-REMOVED]====================================
-# LOGGING CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Log directory (default: project_dir/logs)
-# LOG_DIR=/home/ubuntu/thrillwiki/logs
-
-# Log file path
-# LOG_[AWS-SECRET-REMOVED]proof-automation.log
-
-# Maximum log file size in bytes (default: 10485760 = 10MB)
-# MAX_LOG_SIZE=10485760
-
-# Lock file location to prevent multiple instances
-# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
-
-# [AWS-SECRET-REMOVED]====================================
-# DEVELOPMENT SERVER CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Server host address (default: 0.0.0.0 for all interfaces)
-# SERVER_HOST=0.0.0.0
-
-# Server port (default: 8000)
-# SERVER_PORT=8000
-
-# [AWS-SECRET-REMOVED]====================================
-# DJANGO CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Django settings module
-# DJANGO_SETTINGS_MODULE=thrillwiki.settings
-
-# Python path
-# PYTHONPATH=/home/ubuntu/thrillwiki
-
-# [AWS-SECRET-REMOVED]====================================
-# ADVANCED CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub authentication script location
-# GITHUB_AUTH_[AWS-SECRET-REMOVED]ithub-auth.py
-
-# Enable verbose logging (true/false)
-# VERBOSE_LOGGING=false
-
-# Enable debug mode for troubleshooting (true/false)
-# DEBUG_MODE=false
-
-# Custom git remote URL (overrides GITHUB_REPO if set)
-# CUSTOM_GIT_REMOTE=https://github.com/username/repository.git
-
-# Email notifications for critical failures (requires email configuration)
-# NOTIFICATION_EMAIL=admin@example.com
-
-# Maximum consecutive failures before alerting (default: 5)
-# MAX_CONSECUTIVE_FAILURES=5
-
-# Enable automatic dependency updates (true/false, default: true)
-# AUTO_UPDATE_DEPENDENCIES=true
-
-# Enable automatic migrations on code changes (true/false, default: true)
-# AUTO_MIGRATE=true
-
-# Enable automatic static file collection (true/false, default: true)
-# AUTO_COLLECTSTATIC=true
-
-# [AWS-SECRET-REMOVED]====================================
-# SECURITY CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub authentication method (token|ssh|https)
-# Default: token (uses GITHUB_TOKEN or GITHUB_TOKEN_FILE)
-# GITHUB_AUTH_METHOD=token
-
-# SSH key path for git operations (when using ssh auth method)
-# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
-
-# Git user configuration for commits
-# GIT_USER_NAME="ThrillWiki Automation"
-# GIT_USER_EMAIL="automation@thrillwiki.local"
-
-# [AWS-SECRET-REMOVED]====================================
-# MONITORING AND HEALTH CHECKS
-# [AWS-SECRET-REMOVED]====================================
-
-# Health check URL to verify server is running
-# HEALTH_CHECK_URL=http://localhost:8000/health/
-
-# Health check timeout in seconds
-# HEALTH_CHECK_TIMEOUT=30
-
-# Enable system resource monitoring (true/false)
-# MONITOR_RESOURCES=true
-
-# Memory usage threshold for warnings (in MB)
-# MEMORY_WARNING_THRESHOLD=1024
-
-# CPU usage threshold for warnings (percentage)
-# CPU_WARNING_THRESHOLD=80
-
-# Disk usage threshold for warnings (percentage)
-# DISK_WARNING_THRESHOLD=90
-
-# [AWS-SECRET-REMOVED]====================================
-# INTEGRATION SETTINGS
-# [AWS-SECRET-REMOVED]====================================
-
-# Webhook integration (if using thrillwiki-webhook service)
-# WEBHOOK_INTEGRATION=true
-
-# Slack webhook URL for notifications (optional)
-# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/url
-
-# Discord webhook URL for notifications (optional)
-# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your/webhook/url
-
-# [AWS-SECRET-REMOVED]====================================
-# USAGE EXAMPLES
-# [AWS-SECRET-REMOVED]====================================
-
-# Example 1: Basic setup with GitHub PAT
-GITHUB_TOKEN=[GITHUB-TOKEN-REMOVED]
-# PULL_INTERVAL=300
-# AUTO_MIGRATE=true
-
-# Example 2: Enhanced monitoring setup
-# HEALTH_CHECK_INTERVAL=30
-# MONITOR_RESOURCES=true
-# NOTIFICATION_EMAIL=admin@thrillwiki.com
-# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook
-
-# Example 3: Development environment with frequent pulls
-# PULL_INTERVAL=60
-# DEBUG_MODE=true
-# VERBOSE_LOGGING=true
-# AUTO_UPDATE_DEPENDENCIES=true
-
-# [AWS-SECRET-REMOVED]====================================
-# INSTALLATION NOTES
-# [AWS-SECRET-REMOVED]====================================
-
-# 1. Copy this file: cp thrillwiki-automation***REMOVED***.example thrillwiki-automation***REMOVED***
-# 2. Set secure permissions: chmod 600 thrillwiki-automation***REMOVED***
-# 3. Customize the settings above for your environment
-# 4. Enable the service: sudo systemctl enable thrillwiki-automation
-# 5. Start the service: sudo systemctl start thrillwiki-automation
-# 6. Check status: sudo systemctl status thrillwiki-automation
-# 7. View logs: sudo journalctl -u thrillwiki-automation -f
-
-# For security, ensure only the ubuntu user can read this file:
-# sudo chown ubuntu:ubuntu thrillwiki-automation***REMOVED***
-# sudo chmod 600 thrillwiki-automation***REMOVED***
diff --git a/scripts/systemd/thrillwiki-deployment.env b/scripts/systemd/thrillwiki-deployment.env
deleted file mode 100644
index 5c889cef..00000000
--- a/scripts/systemd/thrillwiki-deployment.env
+++ /dev/null
@@ -1,321 +0,0 @@
-# ThrillWiki Deployment Service Environment Configuration
-# This file is generated automatically by the deployment system and integrates
-# with deployment presets for consistent configuration across environments.
-# 
-# Security Note: This file should have restricted permissions (600) as it may contain
-# sensitive information like GitHub Personal Access Tokens
-
-# [AWS-SECRET-REMOVED]====================================
-# PROJECT CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Base project directory
-PROJECT_DIR=/home/thrillwiki/thrillwiki
-
-# Service name for systemd integration
-SERVICE_NAME=thrillwiki-deployment
-
-# Deployment mode (automated|manual|timer)
-DEPLOYMENT_MODE=automated
-
-# [AWS-SECRET-REMOVED]====================================
-# GITHUB REPOSITORY CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub repository remote name
-GITHUB_REPO=origin
-
-# Branch to pull from
-GITHUB_BRANCH=main
-
-# GitHub Personal Access Token (PAT) - Required for private repositories
-# This will be populated automatically during deployment setup
-# GITHUB_TOKEN=
-
-# GitHub token file location (alternative to GITHUB_TOKEN)
-GITHUB_TOKEN_FILE=/home/thrillwiki/thrillwiki/.github-pat
-
-# [AWS-SECRET-REMOVED]====================================
-# DEPLOYMENT PRESET CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Deployment preset (dev, prod, demo, testing)
-# This determines the automation timing and behavior
-DEPLOYMENT_PRESET=dev
-
-# [AWS-SECRET-REMOVED]====================================
-# AUTOMATION TIMING CONFIGURATION (Preset-based)
-# [AWS-SECRET-REMOVED]====================================
-
-# Repository pull interval in seconds
-# Default values by preset:
-# - dev: 60s (1 minute)
-# - prod: 300s (5 minutes)  
-# - demo: 120s (2 minutes)
-# - testing: 180s (3 minutes)
-PULL_INTERVAL=60
-
-# Health check interval in seconds
-HEALTH_CHECK_INTERVAL=30
-
-# Server startup timeout in seconds
-STARTUP_TIMEOUT=120
-
-# Restart delay after failure in seconds
-RESTART_DELAY=10
-
-# [AWS-SECRET-REMOVED]====================================
-# DEPLOYMENT BEHAVIOR CONFIGURATION (Preset-based)
-# [AWS-SECRET-REMOVED]====================================
-
-# Debug mode for troubleshooting
-DEBUG_MODE=true
-
-# Enable automatic dependency updates
-AUTO_UPDATE_DEPENDENCIES=true
-
-# Enable automatic migrations on code changes
-AUTO_MIGRATE=true
-
-# Enable automatic static file collection
-AUTO_COLLECTSTATIC=true
-
-# Log level (DEBUG|INFO|WARNING|ERROR)
-LOG_LEVEL=DEBUG
-
-# [AWS-SECRET-REMOVED]====================================
-# SECURITY CONFIGURATION (Preset-based)
-# [AWS-SECRET-REMOVED]====================================
-
-# Django debug mode
-DJANGO_DEBUG=true
-
-# SSL required
-SSL_REQUIRED=false
-
-# CORS allowed
-CORS_ALLOWED=true
-
-# Allowed hosts (comma-separated)
-ALLOWED_HOSTS=*
-
-# [AWS-SECRET-REMOVED]====================================
-# LOGGING CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Log directory
-LOG_DIR=/home/thrillwiki/thrillwiki/logs
-
-# Log file path for deployment automation
-LOG_[AWS-SECRET-REMOVED]ployment-automation.log
-
-# Maximum log file size in bytes (10MB default)
-MAX_LOG_SIZE=10485760
-
-# Lock file location to prevent multiple instances
-LOCK_FILE=/tmp/thrillwiki-deployment.lock
-
-# [AWS-SECRET-REMOVED]====================================
-# DEVELOPMENT SERVER CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Server host address
-SERVER_HOST=0.0.0.0
-
-# Server port
-SERVER_PORT=8000
-
-# Health check URL
-HEALTH_CHECK_URL=http://localhost:8000/
-
-# Health check timeout in seconds
-HEALTH_CHECK_TIMEOUT=30
-
-# [AWS-SECRET-REMOVED]====================================
-# DJANGO CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Django settings module
-DJANGO_SETTINGS_MODULE=thrillwiki.settings
-
-# Python path
-PYTHONPATH=/home/thrillwiki/thrillwiki
-
-# UV executable path
-UV_EXECUTABLE=/home/thrillwiki/.local/bin/uv
-
-# Django development server command (following .clinerules)
-DJANGO_RUNSERVER_CMD=lsof -ti :8000 | xargs kill -9; find . -type d -name '__pycache__' -exec rm -r {} +; uv run manage.py tailwind runserver
-
-# Enable development server auto-cleanup
-AUTO_CLEANUP_PROCESSES=true
-
-# [AWS-SECRET-REMOVED]====================================
-# SYSTEMD SERVICE CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Service user and group
-SERVICE_USER=thrillwiki
-SERVICE_GROUP=thrillwiki
-
-# Service working directory
-SERVICE_WORKING_DIR=/home/thrillwiki/thrillwiki
-
-# Service restart policy
-SERVICE_RESTART=always
-SERVICE_RESTART_SEC=30
-
-# Service timeout configuration
-SERVICE_TIMEOUT_START=180
-SERVICE_TIMEOUT_STOP=120
-
-# Maximum restart attempts
-MAX_RESTART_ATTEMPTS=3
-
-# Restart cooldown period
-RESTART_COOLDOWN=300
-
-# [AWS-SECRET-REMOVED]====================================
-# SMART DEPLOYMENT TIMER CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Timer service configuration
-TIMER_ON_BOOT_SEC=5min
-TIMER_ON_UNIT_ACTIVE_SEC=5min
-TIMER_RANDOMIZED_DELAY_SEC=30sec
-TIMER_PERSISTENT=true
-
-# [AWS-SECRET-REMOVED]====================================
-# MONITORING AND HEALTH CHECKS
-# [AWS-SECRET-REMOVED]====================================
-
-# Enable system resource monitoring
-MONITOR_RESOURCES=true
-
-# Memory usage threshold for warnings (in MB)
-MEMORY_WARNING_THRESHOLD=512
-
-# CPU usage threshold for warnings (percentage)
-CPU_WARNING_THRESHOLD=70
-
-# Disk usage threshold for warnings (percentage)
-DISK_WARNING_THRESHOLD=85
-
-# [AWS-SECRET-REMOVED]====================================
-# INTEGRATION SETTINGS
-# [AWS-SECRET-REMOVED]====================================
-
-# Integration with other services
-WEBHOOK_INTEGRATION=false
-
-# Email notifications for critical failures
-# NOTIFICATION_EMAIL=
-
-# Maximum consecutive failures before alerting
-MAX_CONSECUTIVE_FAILURES=5
-
-# [AWS-SECRET-REMOVED]====================================
-# ADVANCED CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Enable verbose logging
-VERBOSE_LOGGING=true
-
-# Custom git remote URL (overrides GITHUB_REPO if set)
-# CUSTOM_GIT_REMOTE=
-
-# GitHub authentication method (token|ssh|https)
-GITHUB_AUTH_METHOD=token
-
-# SSH key path for git operations (when using ssh auth method)
-# SSH_KEY_PATH=/home/thrillwiki/.ssh/***REMOVED***
-
-# Git user configuration for commits
-GIT_USER_NAME="ThrillWiki Deployment"
-GIT_USER_EMAIL="deployment@thrillwiki.local"
-
-# [AWS-SECRET-REMOVED]====================================
-# ENVIRONMENT AND SYSTEM CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# System PATH additions (for UV and other tools)
-ADDITIONAL_PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin
-
-# Python environment configuration
-PYTHON_EXECUTABLE=python3
-
-# Service state and runtime directories
-SERVICE_LOGS_DIR=/var/log/thrillwiki-deployment
-SERVICE_STATE_DIR=/var/lib/thrillwiki-deployment
-SERVICE_RUNTIME_DIR=/run/thrillwiki-deployment
-
-# [AWS-SECRET-REMOVED]====================================
-# PRESET-SPECIFIC OVERRIDES
-# [AWS-SECRET-REMOVED]====================================
-# The following section contains preset-specific configurations that override
-# the defaults above based on the DEPLOYMENT_PRESET value.
-# These are automatically applied by the deployment system.
-
-# Development preset overrides (applied when DEPLOYMENT_PRESET=dev)
-# PULL_INTERVAL=60
-# HEALTH_CHECK_INTERVAL=30
-# DEBUG_MODE=true
-# AUTO_MIGRATE=true
-# AUTO_UPDATE_DEPENDENCIES=true
-# LOG_LEVEL=DEBUG
-# SSL_REQUIRED=false
-# CORS_ALLOWED=true
-# DJANGO_DEBUG=true
-# ALLOWED_HOSTS=*
-
-# Production preset overrides (applied when DEPLOYMENT_PRESET=prod)
-# PULL_INTERVAL=300
-# HEALTH_CHECK_INTERVAL=60
-# DEBUG_MODE=false
-# AUTO_MIGRATE=true
-# AUTO_UPDATE_DEPENDENCIES=false
-# LOG_LEVEL=WARNING
-# SSL_REQUIRED=true
-# CORS_ALLOWED=false
-# DJANGO_DEBUG=false
-# ALLOWED_HOSTS=production-host
-
-# Demo preset overrides (applied when DEPLOYMENT_PRESET=demo)
-# PULL_INTERVAL=120
-# HEALTH_CHECK_INTERVAL=45
-# DEBUG_MODE=false
-# AUTO_MIGRATE=true
-# AUTO_UPDATE_DEPENDENCIES=true
-# LOG_LEVEL=INFO
-# SSL_REQUIRED=false
-# CORS_ALLOWED=true
-# DJANGO_DEBUG=false
-# ALLOWED_HOSTS=demo-host
-
-# Testing preset overrides (applied when DEPLOYMENT_PRESET=testing)
-# PULL_INTERVAL=180
-# HEALTH_CHECK_INTERVAL=30
-# DEBUG_MODE=true
-# AUTO_MIGRATE=true
-# AUTO_UPDATE_DEPENDENCIES=true
-# LOG_LEVEL=DEBUG
-# SSL_REQUIRED=false
-# CORS_ALLOWED=true
-# DJANGO_DEBUG=true
-# ALLOWED_HOSTS=test-host
-
-# [AWS-SECRET-REMOVED]====================================
-# INSTALLATION AND SECURITY NOTES
-# [AWS-SECRET-REMOVED]====================================
-
-# For security, ensure only the thrillwiki user can read this file:
-# sudo chown thrillwiki:thrillwiki thrillwiki-deployment***REMOVED***
-# sudo chmod 600 thrillwiki-deployment***REMOVED***
-
-# Service management commands:
-# sudo systemctl enable thrillwiki-deployment.service
-# sudo systemctl enable thrillwiki-smart-deploy.timer
-# sudo systemctl start thrillwiki-deployment.service
-# sudo systemctl start thrillwiki-smart-deploy.timer
-# sudo systemctl status thrillwiki-deployment.service
-# sudo journalctl -u thrillwiki-deployment -f
\ No newline at end of file