Security: Remove sensitive files from git tracking and update .gitignore

- Remove scripts/systemd/thrillwiki-automation.env from git tracking - Remove scripts/systemd/thrillwiki-deployment.env from git tracking - Update .gitignore to prevent future commits of sensitive environment files - Add patterns for systemd environment files and other potential secrets These files contained sensitive configuration that should not be in version control.
2025-12-20 12:31:22 -05:00 · 2025-08-20 10:28:51 -04:00
parent f5db23a791
commit 46c6e45eae
3 changed files with 6 additions and 525 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -390,3 +390,8 @@ logs/
 profiles
 .thrillwiki-github-token
 .thrillwiki-template-config
 # Environment files with potential secrets
 scripts/systemd/thrillwiki-automation***REMOVED***
 scripts/systemd/thrillwiki-deployment***REMOVED***
 scripts/systemd/****REMOVED***
--- a/scripts/systemd/thrillwiki-automation.env
+++ b/scripts/systemd/thrillwiki-automation.env
@@ -1,203 +0,0 @@
 # ThrillWiki Automation Service Environment Configuration
 # Copy this file to thrillwiki-automation***REMOVED*** and customize for your environment
 # 
 # Security Note: This file should have restricted permissions (600) as it may contain
 # sensitive information like GitHub Personal Access Tokens
 # [AWS-SECRET-REMOVED]====================================
 # PROJECT CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Base project directory (usually auto-detected)
 # PROJECT_DIR=/home/ubuntu/thrillwiki
 # Service name for systemd integration
 # SERVICE_NAME=thrillwiki
 # [AWS-SECRET-REMOVED]====================================
 # GITHUB REPOSITORY CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # GitHub repository remote name
 # GITHUB_REPO=origin
 # Branch to pull from
 # GITHUB_BRANCH=main
 # GitHub Personal Access Token (PAT) - Required for private repositories
 # Generate at: https://github.com/settings/tokens
 # Required permissions: repo (Full control of private repositories)
 GITHUB_TOKEN=[GITHUB-TOKEN-REMOVED]
 # GitHub token file location (alternative to GITHUB_TOKEN)
 # GITHUB_TOKEN_FILE=/home/ubuntu/thrillwiki/.github-pat
 # [AWS-SECRET-REMOVED]====================================
 # AUTOMATION TIMING CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Repository pull interval in seconds (default: 300 = 5 minutes)
 # PULL_INTERVAL=300
 # Health check interval in seconds (default: 60 = 1 minute)
 # HEALTH_CHECK_INTERVAL=60
 # Server startup timeout in seconds (default: 120 = 2 minutes)
 # STARTUP_TIMEOUT=120
 # Restart delay after failure in seconds (default: 10)
 # RESTART_DELAY=10
 # [AWS-SECRET-REMOVED]====================================
 # LOGGING CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Log directory (default: project_dir/logs)
 # LOG_DIR=/home/ubuntu/thrillwiki/logs
 # Log file path
 # LOG_[AWS-SECRET-REMOVED]proof-automation.log
 # Maximum log file size in bytes (default: 10485760 = 10MB)
 # MAX_LOG_SIZE=10485760
 # Lock file location to prevent multiple instances
 # LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
 # [AWS-SECRET-REMOVED]====================================
 # DEVELOPMENT SERVER CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Server host address (default: 0.0.0.0 for all interfaces)
 # SERVER_HOST=0.0.0.0
 # Server port (default: 8000)
 # SERVER_PORT=8000
 # [AWS-SECRET-REMOVED]====================================
 # DJANGO CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Django settings module
 # DJANGO_SETTINGS_MODULE=thrillwiki.settings
 # Python path
 # PYTHONPATH=/home/ubuntu/thrillwiki
 # [AWS-SECRET-REMOVED]====================================
 # ADVANCED CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # GitHub authentication script location
 # GITHUB_AUTH_[AWS-SECRET-REMOVED]ithub-auth.py
 # Enable verbose logging (true/false)
 # VERBOSE_LOGGING=false
 # Enable debug mode for troubleshooting (true/false)
 # DEBUG_MODE=false
 # Custom git remote URL (overrides GITHUB_REPO if set)
 # CUSTOM_GIT_REMOTE=https://github.com/username/repository.git
 # Email notifications for critical failures (requires email configuration)
 # NOTIFICATION_EMAIL=admin@example.com
 # Maximum consecutive failures before alerting (default: 5)
 # MAX_CONSECUTIVE_FAILURES=5
 # Enable automatic dependency updates (true/false, default: true)
 # AUTO_UPDATE_DEPENDENCIES=true
 # Enable automatic migrations on code changes (true/false, default: true)
 # AUTO_MIGRATE=true
 # Enable automatic static file collection (true/false, default: true)
 # AUTO_COLLECTSTATIC=true
 # [AWS-SECRET-REMOVED]====================================
 # SECURITY CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # GitHub authentication method (token|ssh|https)
 # Default: token (uses GITHUB_TOKEN or GITHUB_TOKEN_FILE)
 # GITHUB_AUTH_METHOD=token
 # SSH key path for git operations (when using ssh auth method)
 # SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
 # Git user configuration for commits
 # GIT_USER_NAME="ThrillWiki Automation"
 # GIT_USER_EMAIL="automation@thrillwiki.local"
 # [AWS-SECRET-REMOVED]====================================
 # MONITORING AND HEALTH CHECKS
 # [AWS-SECRET-REMOVED]====================================
 # Health check URL to verify server is running
 # HEALTH_CHECK_URL=http://localhost:8000/health/
 # Health check timeout in seconds
 # HEALTH_CHECK_TIMEOUT=30
 # Enable system resource monitoring (true/false)
 # MONITOR_RESOURCES=true
 # Memory usage threshold for warnings (in MB)
 # MEMORY_WARNING_THRESHOLD=1024
 # CPU usage threshold for warnings (percentage)
 # CPU_WARNING_THRESHOLD=80
 # Disk usage threshold for warnings (percentage)
 # DISK_WARNING_THRESHOLD=90
 # [AWS-SECRET-REMOVED]====================================
 # INTEGRATION SETTINGS
 # [AWS-SECRET-REMOVED]====================================
 # Webhook integration (if using thrillwiki-webhook service)
 # WEBHOOK_INTEGRATION=true
 # Slack webhook URL for notifications (optional)
 # SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/url
 # Discord webhook URL for notifications (optional)
 # DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your/webhook/url
 # [AWS-SECRET-REMOVED]====================================
 # USAGE EXAMPLES
 # [AWS-SECRET-REMOVED]====================================
 # Example 1: Basic setup with GitHub PAT
 GITHUB_TOKEN=[GITHUB-TOKEN-REMOVED]
 # PULL_INTERVAL=300
 # AUTO_MIGRATE=true
 # Example 2: Enhanced monitoring setup
 # HEALTH_CHECK_INTERVAL=30
 # MONITOR_RESOURCES=true
 # NOTIFICATION_EMAIL=admin@thrillwiki.com
 # SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook
 # Example 3: Development environment with frequent pulls
 # PULL_INTERVAL=60
 # DEBUG_MODE=true
 # VERBOSE_LOGGING=true
 # AUTO_UPDATE_DEPENDENCIES=true
 # [AWS-SECRET-REMOVED]====================================
 # INSTALLATION NOTES
 # [AWS-SECRET-REMOVED]====================================
 # 1. Copy this file: cp thrillwiki-automation***REMOVED***.example thrillwiki-automation***REMOVED***
 # 2. Set secure permissions: chmod 600 thrillwiki-automation***REMOVED***
 # 3. Customize the settings above for your environment
 # 4. Enable the service: sudo systemctl enable thrillwiki-automation
 # 5. Start the service: sudo systemctl start thrillwiki-automation
 # 6. Check status: sudo systemctl status thrillwiki-automation
 # 7. View logs: sudo journalctl -u thrillwiki-automation -f
 # For security, ensure only the ubuntu user can read this file:
 # sudo chown ubuntu:ubuntu thrillwiki-automation***REMOVED***
 # sudo chmod 600 thrillwiki-automation***REMOVED***
--- a/scripts/systemd/thrillwiki-deployment.env
+++ b/scripts/systemd/thrillwiki-deployment.env
@@ -1,321 +0,0 @@
 # ThrillWiki Deployment Service Environment Configuration
 # This file is generated automatically by the deployment system and integrates
 # with deployment presets for consistent configuration across environments.
 # 
 # Security Note: This file should have restricted permissions (600) as it may contain
 # sensitive information like GitHub Personal Access Tokens
 # [AWS-SECRET-REMOVED]====================================
 # PROJECT CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Base project directory
 PROJECT_DIR=/home/thrillwiki/thrillwiki
 # Service name for systemd integration
 SERVICE_NAME=thrillwiki-deployment
 # Deployment mode (automated|manual|timer)
 DEPLOYMENT_MODE=automated
 # [AWS-SECRET-REMOVED]====================================
 # GITHUB REPOSITORY CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # GitHub repository remote name
 GITHUB_REPO=origin
 # Branch to pull from
 GITHUB_BRANCH=main
 # GitHub Personal Access Token (PAT) - Required for private repositories
 # This will be populated automatically during deployment setup
 # GITHUB_TOKEN=
 # GitHub token file location (alternative to GITHUB_TOKEN)
 GITHUB_TOKEN_FILE=/home/thrillwiki/thrillwiki/.github-pat
 # [AWS-SECRET-REMOVED]====================================
 # DEPLOYMENT PRESET CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Deployment preset (dev, prod, demo, testing)
 # This determines the automation timing and behavior
 DEPLOYMENT_PRESET=dev
 # [AWS-SECRET-REMOVED]====================================
 # AUTOMATION TIMING CONFIGURATION (Preset-based)
 # [AWS-SECRET-REMOVED]====================================
 # Repository pull interval in seconds
 # Default values by preset:
 # - dev: 60s (1 minute)
 # - prod: 300s (5 minutes)  
 # - demo: 120s (2 minutes)
 # - testing: 180s (3 minutes)
 PULL_INTERVAL=60
 # Health check interval in seconds
 HEALTH_CHECK_INTERVAL=30
 # Server startup timeout in seconds
 STARTUP_TIMEOUT=120
 # Restart delay after failure in seconds
 RESTART_DELAY=10
 # [AWS-SECRET-REMOVED]====================================
 # DEPLOYMENT BEHAVIOR CONFIGURATION (Preset-based)
 # [AWS-SECRET-REMOVED]====================================
 # Debug mode for troubleshooting
 DEBUG_MODE=true
 # Enable automatic dependency updates
 AUTO_UPDATE_DEPENDENCIES=true
 # Enable automatic migrations on code changes
 AUTO_MIGRATE=true
 # Enable automatic static file collection
 AUTO_COLLECTSTATIC=true
 # Log level (DEBUG|INFO|WARNING|ERROR)
 LOG_LEVEL=DEBUG
 # [AWS-SECRET-REMOVED]====================================
 # SECURITY CONFIGURATION (Preset-based)
 # [AWS-SECRET-REMOVED]====================================
 # Django debug mode
 DJANGO_DEBUG=true
 # SSL required
 SSL_REQUIRED=false
 # CORS allowed
 CORS_ALLOWED=true
 # Allowed hosts (comma-separated)
 ALLOWED_HOSTS=*
 # [AWS-SECRET-REMOVED]====================================
 # LOGGING CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Log directory
 LOG_DIR=/home/thrillwiki/thrillwiki/logs
 # Log file path for deployment automation
 LOG_[AWS-SECRET-REMOVED]ployment-automation.log
 # Maximum log file size in bytes (10MB default)
 MAX_LOG_SIZE=10485760
 # Lock file location to prevent multiple instances
 LOCK_FILE=/tmp/thrillwiki-deployment.lock
 # [AWS-SECRET-REMOVED]====================================
 # DEVELOPMENT SERVER CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Server host address
 SERVER_HOST=0.0.0.0
 # Server port
 SERVER_PORT=8000
 # Health check URL
 HEALTH_CHECK_URL=http://localhost:8000/
 # Health check timeout in seconds
 HEALTH_CHECK_TIMEOUT=30
 # [AWS-SECRET-REMOVED]====================================
 # DJANGO CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Django settings module
 DJANGO_SETTINGS_MODULE=thrillwiki.settings
 # Python path
 PYTHONPATH=/home/thrillwiki/thrillwiki
 # UV executable path
 UV_EXECUTABLE=/home/thrillwiki/.local/bin/uv
 # Django development server command (following .clinerules)
 DJANGO_RUNSERVER_CMD=lsof -ti :8000 | xargs kill -9; find . -type d -name '__pycache__' -exec rm -r {} +; uv run manage.py tailwind runserver
 # Enable development server auto-cleanup
 AUTO_CLEANUP_PROCESSES=true
 # [AWS-SECRET-REMOVED]====================================
 # SYSTEMD SERVICE CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Service user and group
 SERVICE_USER=thrillwiki
 SERVICE_GROUP=thrillwiki
 # Service working directory
 SERVICE_WORKING_DIR=/home/thrillwiki/thrillwiki
 # Service restart policy
 SERVICE_RESTART=always
 SERVICE_RESTART_SEC=30
 # Service timeout configuration
 SERVICE_TIMEOUT_START=180
 SERVICE_TIMEOUT_STOP=120
 # Maximum restart attempts
 MAX_RESTART_ATTEMPTS=3
 # Restart cooldown period
 RESTART_COOLDOWN=300
 # [AWS-SECRET-REMOVED]====================================
 # SMART DEPLOYMENT TIMER CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Timer service configuration
 TIMER_ON_BOOT_SEC=5min
 TIMER_ON_UNIT_ACTIVE_SEC=5min
 TIMER_RANDOMIZED_DELAY_SEC=30sec
 TIMER_PERSISTENT=true
 # [AWS-SECRET-REMOVED]====================================
 # MONITORING AND HEALTH CHECKS
 # [AWS-SECRET-REMOVED]====================================
 # Enable system resource monitoring
 MONITOR_RESOURCES=true
 # Memory usage threshold for warnings (in MB)
 MEMORY_WARNING_THRESHOLD=512
 # CPU usage threshold for warnings (percentage)
 CPU_WARNING_THRESHOLD=70
 # Disk usage threshold for warnings (percentage)
 DISK_WARNING_THRESHOLD=85
 # [AWS-SECRET-REMOVED]====================================
 # INTEGRATION SETTINGS
 # [AWS-SECRET-REMOVED]====================================
 # Integration with other services
 WEBHOOK_INTEGRATION=false
 # Email notifications for critical failures
 # NOTIFICATION_EMAIL=
 # Maximum consecutive failures before alerting
 MAX_CONSECUTIVE_FAILURES=5
 # [AWS-SECRET-REMOVED]====================================
 # ADVANCED CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # Enable verbose logging
 VERBOSE_LOGGING=true
 # Custom git remote URL (overrides GITHUB_REPO if set)
 # CUSTOM_GIT_REMOTE=
 # GitHub authentication method (token|ssh|https)
 GITHUB_AUTH_METHOD=token
 # SSH key path for git operations (when using ssh auth method)
 # SSH_KEY_PATH=/home/thrillwiki/.ssh/***REMOVED***
 # Git user configuration for commits
 GIT_USER_NAME="ThrillWiki Deployment"
 GIT_USER_EMAIL="deployment@thrillwiki.local"
 # [AWS-SECRET-REMOVED]====================================
 # ENVIRONMENT AND SYSTEM CONFIGURATION
 # [AWS-SECRET-REMOVED]====================================
 # System PATH additions (for UV and other tools)
 ADDITIONAL_PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin
 # Python environment configuration
 PYTHON_EXECUTABLE=python3
 # Service state and runtime directories
 SERVICE_LOGS_DIR=/var/log/thrillwiki-deployment
 SERVICE_STATE_DIR=/var/lib/thrillwiki-deployment
 SERVICE_RUNTIME_DIR=/run/thrillwiki-deployment
 # [AWS-SECRET-REMOVED]====================================
 # PRESET-SPECIFIC OVERRIDES
 # [AWS-SECRET-REMOVED]====================================
 # The following section contains preset-specific configurations that override
 # the defaults above based on the DEPLOYMENT_PRESET value.
 # These are automatically applied by the deployment system.
 # Development preset overrides (applied when DEPLOYMENT_PRESET=dev)
 # PULL_INTERVAL=60
 # HEALTH_CHECK_INTERVAL=30
 # DEBUG_MODE=true
 # AUTO_MIGRATE=true
 # AUTO_UPDATE_DEPENDENCIES=true
 # LOG_LEVEL=DEBUG
 # SSL_REQUIRED=false
 # CORS_ALLOWED=true
 # DJANGO_DEBUG=true
 # ALLOWED_HOSTS=*
 # Production preset overrides (applied when DEPLOYMENT_PRESET=prod)
 # PULL_INTERVAL=300
 # HEALTH_CHECK_INTERVAL=60
 # DEBUG_MODE=false
 # AUTO_MIGRATE=true
 # AUTO_UPDATE_DEPENDENCIES=false
 # LOG_LEVEL=WARNING
 # SSL_REQUIRED=true
 # CORS_ALLOWED=false
 # DJANGO_DEBUG=false
 # ALLOWED_HOSTS=production-host
 # Demo preset overrides (applied when DEPLOYMENT_PRESET=demo)
 # PULL_INTERVAL=120
 # HEALTH_CHECK_INTERVAL=45
 # DEBUG_MODE=false
 # AUTO_MIGRATE=true
 # AUTO_UPDATE_DEPENDENCIES=true
 # LOG_LEVEL=INFO
 # SSL_REQUIRED=false
 # CORS_ALLOWED=true
 # DJANGO_DEBUG=false
 # ALLOWED_HOSTS=demo-host
 # Testing preset overrides (applied when DEPLOYMENT_PRESET=testing)
 # PULL_INTERVAL=180
 # HEALTH_CHECK_INTERVAL=30
 # DEBUG_MODE=true
 # AUTO_MIGRATE=true
 # AUTO_UPDATE_DEPENDENCIES=true
 # LOG_LEVEL=DEBUG
 # SSL_REQUIRED=false
 # CORS_ALLOWED=true
 # DJANGO_DEBUG=true
 # ALLOWED_HOSTS=test-host
 # [AWS-SECRET-REMOVED]====================================
 # INSTALLATION AND SECURITY NOTES
 # [AWS-SECRET-REMOVED]====================================
 # For security, ensure only the thrillwiki user can read this file:
 # sudo chown thrillwiki:thrillwiki thrillwiki-deployment***REMOVED***
 # sudo chmod 600 thrillwiki-deployment***REMOVED***
 # Service management commands:
 # sudo systemctl enable thrillwiki-deployment.service
 # sudo systemctl enable thrillwiki-smart-deploy.timer
 # sudo systemctl start thrillwiki-deployment.service
 # sudo systemctl start thrillwiki-smart-deploy.timer
 # sudo systemctl status thrillwiki-deployment.service
 # sudo journalctl -u thrillwiki-deployment -f