feat: complete monorepo structure with frontend and shared resources

- Add complete backend/ directory with full Django application
- Add frontend/ directory with Vite + TypeScript setup ready for Next.js
- Add comprehensive shared/ directory with:
  - Complete documentation and memory-bank archives
  - Media files and avatars (letters, park/ride images)
  - Deployment scripts and automation tools
  - Shared types and utilities
- Add architecture/ directory with migration guides
- Configure pnpm workspace for monorepo development
- Update .gitignore to exclude .django_tailwind_cli/ build artifacts
- Preserve all historical documentation in shared/docs/memory-bank/
- Set up proper structure for full-stack development with shared resources

shared/scripts/systemd/thrillwiki-automation.env.example

@@ -0,0 +1,296 @@
+# ThrillWiki Automation Service Environment Configuration
+# Copy this file to thrillwiki-automation***REMOVED*** and customize for your environment
+# 
+# Security Note: This file should have restricted permissions (600) as it may contain
+# sensitive information like GitHub Personal Access Tokens
+
+# [AWS-SECRET-REMOVED]====================================
+# PROJECT CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Base project directory (usually auto-detected)
+# PROJECT_DIR=/home/ubuntu/thrillwiki
+
+# Service name for systemd integration
+# SERVICE_NAME=thrillwiki
+
+# [AWS-SECRET-REMOVED]====================================
+# GITHUB REPOSITORY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub repository remote name
+# GITHUB_REPO=origin
+
+# Branch to pull from
+# GITHUB_BRANCH=main
+
+# GitHub Personal Access Token (PAT) - Required for private repositories
+# Generate at: https://github.com/settings/tokens
+# Required permissions: repo (Full control of private repositories)
+# GITHUB_TOKEN=ghp_your_personal_access_token_here
+
+# GitHub token file location (alternative to GITHUB_TOKEN)
+# GITHUB_TOKEN_FILE=/home/ubuntu/thrillwiki/.github-pat
+GITHUB_PAT_FILE=/home/ubuntu/thrillwiki/.github-pat
+
+# [AWS-SECRET-REMOVED]====================================
+# AUTOMATION TIMING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Repository pull interval in seconds (default: 300 = 5 minutes)
+# PULL_INTERVAL=300
+
+# Health check interval in seconds (default: 60 = 1 minute)
+# HEALTH_CHECK_INTERVAL=60
+
+# Server startup timeout in seconds (default: 120 = 2 minutes)
+# STARTUP_TIMEOUT=120
+
+# Restart delay after failure in seconds (default: 10)
+# RESTART_DELAY=10
+
+# [AWS-SECRET-REMOVED]====================================
+# LOGGING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Log directory (default: project_dir/logs)
+# LOG_DIR=/home/ubuntu/thrillwiki/logs
+
+# Log file path
+# LOG_[AWS-SECRET-REMOVED]proof-automation.log
+
+# Maximum log file size in bytes (default: 10485760 = 10MB)
+# MAX_LOG_SIZE=10485760
+
+# Lock file location to prevent multiple instances
+# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
+
+# [AWS-SECRET-REMOVED]====================================
+# DEVELOPMENT SERVER CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Server host address (default: 0.0.0.0 for all interfaces)
+# SERVER_HOST=0.0.0.0
+
+# Server port (default: 8000)
+# SERVER_PORT=8000
+
+# [AWS-SECRET-REMOVED]====================================
+# DEPLOYMENT CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Deployment preset (dev, prod, demo, testing)
+# DEPLOYMENT_PRESET=dev
+
+# Repository URL for deployment
+# GITHUB_REPO_URL=https://github.com/username/repository.git
+
+# Repository branch for deployment
+# GITHUB_REPO_BRANCH=main
+
+# Enable Django project setup during deployment
+# DJANGO_PROJECT_SETUP=true
+
+# Skip GitHub authentication setup
+# SKIP_GITHUB_SETUP=false
+
+# Skip repository configuration
+# SKIP_REPO_CONFIG=false
+
+# Skip systemd service setup
+# SKIP_SERVICE_SETUP=false
+
+# Force deployment even if target exists
+# FORCE_DEPLOY=false
+
+# Remote deployment user
+# REMOTE_USER=ubuntu
+
+# Remote deployment host
+# REMOTE_HOST=
+
+# Remote deployment port
+# REMOTE_PORT=22
+
+# Remote deployment path
+# REMOTE_PATH=/home/ubuntu/thrillwiki
+
+# [AWS-SECRET-REMOVED]====================================
+# DJANGO CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Django settings module
+# DJANGO_SETTINGS_MODULE=thrillwiki.settings
+
+# Python path
+# PYTHONPATH=/home/ubuntu/thrillwiki
+
+# UV executable path (for systems where UV is not in standard PATH)
+# UV_EXECUTABLE=/home/ubuntu/.local/bin/uv
+
+# Django development server command (used by bulletproof automation)
+# DJANGO_RUNSERVER_CMD=uv run manage.py tailwind runserver
+
+# Enable development server auto-cleanup (kills processes on port 8000)
+# AUTO_CLEANUP_PROCESSES=true
+
+# [AWS-SECRET-REMOVED]====================================
+# ADVANCED CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub authentication script location
+# GITHUB_AUTH_[AWS-SECRET-REMOVED]ithub-auth.py
+
+# Enable verbose logging (true/false)
+# VERBOSE_LOGGING=false
+
+# Enable debug mode for troubleshooting (true/false)
+# DEBUG_MODE=false
+
+# Custom git remote URL (overrides GITHUB_REPO if set)
+# CUSTOM_GIT_REMOTE=https://github.com/username/repository.git
+
+# Email notifications for critical failures (requires email configuration)
+# NOTIFICATION_EMAIL=admin@example.com
+
+# Maximum consecutive failures before alerting (default: 5)
+# MAX_CONSECUTIVE_FAILURES=5
+
+# Enable automatic dependency updates (true/false, default: true)
+# AUTO_UPDATE_DEPENDENCIES=true
+
+# Enable automatic migrations on code changes (true/false, default: true)
+# AUTO_MIGRATE=true
+
+# Enable automatic static file collection (true/false, default: true)
+# AUTO_COLLECTSTATIC=true
+
+# [AWS-SECRET-REMOVED]====================================
+# SECURITY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub authentication method (token|ssh|https)
+# Default: token (uses GITHUB_TOKEN or GITHUB_TOKEN_FILE)
+# GITHUB_AUTH_METHOD=token
+
+# SSH key path for git operations (when using ssh auth method)
+# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
+
+# Git user configuration for commits
+# GIT_USER_NAME="ThrillWiki Automation"
+# GIT_USER_EMAIL="automation@thrillwiki.local"
+
+# [AWS-SECRET-REMOVED]====================================
+# MONITORING AND HEALTH CHECKS
+# [AWS-SECRET-REMOVED]====================================
+
+# Health check URL to verify server is running
+# HEALTH_CHECK_URL=http://localhost:8000/health/
+
+# Health check timeout in seconds
+# HEALTH_CHECK_TIMEOUT=30
+
+# Enable system resource monitoring (true/false)
+# MONITOR_RESOURCES=true
+
+# Memory usage threshold for warnings (in MB)
+# MEMORY_WARNING_THRESHOLD=1024
+
+# CPU usage threshold for warnings (percentage)
+# CPU_WARNING_THRESHOLD=80
+
+# Disk usage threshold for warnings (percentage)
+# DISK_WARNING_THRESHOLD=90
+
+# [AWS-SECRET-REMOVED]====================================
+# INTEGRATION SETTINGS
+# [AWS-SECRET-REMOVED]====================================
+
+# Webhook integration (if using thrillwiki-webhook service)
+# WEBHOOK_INTEGRATION=true
+
+# Slack webhook URL for notifications (optional)
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/url
+
+# Discord webhook URL for notifications (optional)
+# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your/webhook/url
+
+# [AWS-SECRET-REMOVED]====================================
+# ENVIRONMENT AND SYSTEM CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# System PATH additions (for UV and other tools)
+# ADDITIONAL_PATH=/home/ubuntu/.local/bin:/home/ubuntu/.cargo/bin
+
+# Python environment configuration
+# PYTHON_EXECUTABLE=python3
+
+# Enable verbose logging for debugging
+# VERBOSE_LOGGING=false
+
+# Debug mode for development
+# DEBUG_MODE=false
+
+# Service restart configuration
+# MAX_RESTART_ATTEMPTS=3
+# RESTART_COOLDOWN=300
+
+# Health check configuration
+# HEALTH_CHECK_URL=http://localhost:8000/health/
+# HEALTH_CHECK_TIMEOUT=30
+
+# System resource monitoring
+# MONITOR_RESOURCES=true
+# MEMORY_WARNING_THRESHOLD=1024
+# CPU_WARNING_THRESHOLD=80
+# DISK_WARNING_THRESHOLD=90
+
+# Lock file configuration
+# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
+
+# GitHub authentication method (token|ssh|https)
+# GITHUB_AUTH_METHOD=token
+
+# SSH key path for git operations (when using ssh auth method)
+# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
+
+# Git user configuration for commits
+# GIT_USER_NAME="ThrillWiki Automation"
+# GIT_USER_EMAIL="automation@thrillwiki.local"
+
+# [AWS-SECRET-REMOVED]====================================
+# USAGE EXAMPLES
+# [AWS-SECRET-REMOVED]====================================
+
+# Example 1: Basic setup with GitHub PAT
+# GITHUB_TOKEN=ghp_your_token_here
+# PULL_INTERVAL=300
+# AUTO_MIGRATE=true
+
+# Example 2: Enhanced monitoring setup
+# HEALTH_CHECK_INTERVAL=30
+# MONITOR_RESOURCES=true
+# NOTIFICATION_EMAIL=admin@thrillwiki.com
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook
+
+# Example 3: Development environment with frequent pulls
+# PULL_INTERVAL=60
+# DEBUG_MODE=true
+# VERBOSE_LOGGING=true
+# AUTO_UPDATE_DEPENDENCIES=true
+
+# [AWS-SECRET-REMOVED]====================================
+# INSTALLATION NOTES
+# [AWS-SECRET-REMOVED]====================================
+
+# 1. Copy this file: cp thrillwiki-automation***REMOVED***.example thrillwiki-automation***REMOVED***
+# 2. Set secure permissions: chmod 600 thrillwiki-automation***REMOVED***
+# 3. Customize the settings above for your environment
+# 4. Enable the service: sudo systemctl enable thrillwiki-automation
+# 5. Start the service: sudo systemctl start thrillwiki-automation
+# 6. Check status: sudo systemctl status thrillwiki-automation
+# 7. View logs: sudo journalctl -u thrillwiki-automation -f
+
+# For security, ensure only the ubuntu user can read this file:
+# sudo chown ubuntu:ubuntu thrillwiki-automation***REMOVED***
+# sudo chmod 600 thrillwiki-automation***REMOVED***

shared/scripts/systemd/thrillwiki-automation.service

@@ -0,0 +1,106 @@
+[Unit]
+Description=ThrillWiki Bulletproof Development Automation
+Documentation=man:thrillwiki-automation(8)
+After=network.target
+Wants=network.target
+Before=thrillwiki.service
+PartOf=thrillwiki.service
+
+[Service]
+Type=simple
+User=ubuntu
+Group=ubuntu
+[AWS-SECRET-REMOVED]
+[AWS-SECRET-REMOVED]s/vm/bulletproof-automation.sh
+ExecStop=/bin/kill -TERM $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=10
+KillMode=mixed
+KillSignal=SIGTERM
+TimeoutStopSec=60
+TimeoutStartSec=120
+StartLimitIntervalSec=300
+StartLimitBurst=3
+
+# Environment variables - Load from file for security
+EnvironmentFile=-[AWS-SECRET-REMOVED]thrillwiki-automation***REMOVED***
+Environment=PROJECT_DIR=/home/ubuntu/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-automation
+Environment=GITHUB_REPO=origin
+Environment=GITHUB_BRANCH=main
+Environment=PULL_INTERVAL=300
+Environment=HEALTH_CHECK_INTERVAL=60
+Environment=STARTUP_TIMEOUT=120
+Environment=RESTART_DELAY=10
+Environment=LOG_DIR=/home/ubuntu/thrillwiki/logs
+Environment=MAX_LOG_SIZE=10485760
+Environment=SERVER_HOST=0.0.0.0
+Environment=SERVER_PORT=8000
+Environment=PATH=/home/ubuntu/.local/bin:/home/ubuntu/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]llwiki
+
+# Security settings - Enhanced hardening for automation script
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions - Allow access to necessary directories
+ReadWritePaths=/home/ubuntu/thrillwiki
+[AWS-SECRET-REMOVED]ogs
+[AWS-SECRET-REMOVED]edia
+[AWS-SECRET-REMOVED]taticfiles
+[AWS-SECRET-REMOVED]ploads
+ReadWritePaths=/home/ubuntu/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/ubuntu/.github-pat
+ReadOnlyPaths=/home/ubuntu/.ssh
+ReadOnlyPaths=/home/ubuntu/.local
+
+# Resource limits - Appropriate for automation script
+LimitNOFILE=65536
+LimitNPROC=1024
+MemoryMax=512M
+CPUQuota=50%
+TasksMax=256
+
+# Timeouts
+WatchdogSec=300
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-automation
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Enhanced logging for debugging
+# Ensure logs are captured and rotated properly
+LogsDirectory=thrillwiki-automation
+LogsDirectoryMode=0755
+StateDirectory=thrillwiki-automation
+StateDirectoryMode=0755
+RuntimeDirectory=thrillwiki-automation
+RuntimeDirectoryMode=0755
+
+# Capabilities - Minimal required capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target
+Also=thrillwiki.service

shared/scripts/systemd/thrillwiki-deployment.service

@@ -0,0 +1,103 @@
+[Unit]
+Description=ThrillWiki Complete Deployment Automation Service
+Documentation=man:thrillwiki-deployment(8)
+After=network.target network-online.target
+Wants=network-online.target
+Before=thrillwiki-smart-deploy.timer
+PartOf=thrillwiki-smart-deploy.timer
+
+[Service]
+Type=simple
+User=thrillwiki
+Group=thrillwiki
+[AWS-SECRET-REMOVED]wiki
+[AWS-SECRET-REMOVED]ripts/vm/deploy-automation.sh
+ExecStop=/bin/kill -TERM $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=30
+KillMode=mixed
+KillSignal=SIGTERM
+TimeoutStopSec=120
+TimeoutStartSec=180
+StartLimitIntervalSec=600
+StartLimitBurst=3
+
+# Environment variables - Load from file for security and preset integration
+EnvironmentFile=-[AWS-SECRET-REMOVED]emd/thrillwiki-deployment***REMOVED***
+Environment=PROJECT_DIR=/home/thrillwiki/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-deployment
+Environment=GITHUB_REPO=origin
+Environment=GITHUB_BRANCH=main
+Environment=DEPLOYMENT_MODE=automated
+Environment=LOG_DIR=/home/thrillwiki/thrillwiki/logs
+Environment=MAX_LOG_SIZE=10485760
+Environment=SERVER_HOST=0.0.0.0
+Environment=SERVER_PORT=8000
+Environment=PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]thrillwiki
+
+# Security settings - Enhanced hardening for deployment automation
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions - Allow access to necessary directories
+[AWS-SECRET-REMOVED]ki
+[AWS-SECRET-REMOVED]ki/logs
+[AWS-SECRET-REMOVED]ki/media
+[AWS-SECRET-REMOVED]ki/staticfiles
+[AWS-SECRET-REMOVED]ki/uploads
+ReadWritePaths=/home/thrillwiki/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/thrillwiki/.github-pat
+ReadOnlyPaths=/home/thrillwiki/.ssh
+ReadOnlyPaths=/home/thrillwiki/.local
+
+# Resource limits - Appropriate for deployment automation
+LimitNOFILE=65536
+LimitNPROC=2048
+MemoryMax=1G
+CPUQuota=75%
+TasksMax=512
+
+# Timeouts and watchdog
+WatchdogSec=600
+RuntimeMaxSec=0
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-deployment
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Enhanced logging for debugging
+LogsDirectory=thrillwiki-deployment
+LogsDirectoryMode=0755
+StateDirectory=thrillwiki-deployment
+StateDirectoryMode=0755
+RuntimeDirectory=thrillwiki-deployment
+RuntimeDirectoryMode=0755
+
+# Capabilities - Minimal required capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target
+Also=thrillwiki-smart-deploy.timer

shared/scripts/systemd/thrillwiki-smart-deploy.service

@@ -0,0 +1,76 @@
+[Unit]
+Description=ThrillWiki Smart Deployment Service
+Documentation=man:thrillwiki-smart-deploy(8)
+After=network.target thrillwiki-deployment.service
+Wants=network.target
+PartOf=thrillwiki-smart-deploy.timer
+
+[Service]
+Type=oneshot
+User=thrillwiki
+Group=thrillwiki
+[AWS-SECRET-REMOVED]wiki
+[AWS-SECRET-REMOVED]ripts/smart-deploy.sh
+TimeoutStartSec=300
+TimeoutStopSec=60
+
+# Environment variables - Load from deployment configuration
+EnvironmentFile=-[AWS-SECRET-REMOVED]emd/thrillwiki-deployment***REMOVED***
+Environment=PROJECT_DIR=/home/thrillwiki/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-smart-deploy
+Environment=DEPLOYMENT_MODE=timer
+Environment=LOG_DIR=/home/thrillwiki/thrillwiki/logs
+Environment=PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]thrillwiki
+
+# Security settings - Inherited from main deployment service
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions
+[AWS-SECRET-REMOVED]ki
+[AWS-SECRET-REMOVED]ki/logs
+[AWS-SECRET-REMOVED]ki/media
+[AWS-SECRET-REMOVED]ki/staticfiles
+[AWS-SECRET-REMOVED]ki/uploads
+ReadWritePaths=/home/thrillwiki/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/thrillwiki/.github-pat
+ReadOnlyPaths=/home/thrillwiki/.ssh
+ReadOnlyPaths=/home/thrillwiki/.local
+
+# Resource limits
+LimitNOFILE=65536
+LimitNPROC=1024
+MemoryMax=512M
+CPUQuota=50%
+TasksMax=256
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-smart-deploy
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target

shared/scripts/systemd/thrillwiki-smart-deploy.timer

@@ -0,0 +1,17 @@
+[Unit]
+Description=ThrillWiki Smart Deployment Timer
+Documentation=man:thrillwiki-smart-deploy(8)
+Requires=thrillwiki-smart-deploy.service
+After=thrillwiki-deployment.service
+
+[Timer]
+# Default timer configuration (can be overridden by environment)
+OnBootSec=5min
+OnUnitActiveSec=5min
+Unit=thrillwiki-smart-deploy.service
+Persistent=true
+RandomizedDelaySec=30sec
+
+[Install]
+WantedBy=timers.target
+Also=thrillwiki-smart-deploy.service

shared/scripts/systemd/thrillwiki-webhook.service

@@ -0,0 +1,39 @@
+[Unit]
+Description=ThrillWiki GitHub Webhook Listener
+After=network.target
+Wants=network.target
+
+[Service]
+Type=simple
+User=ubuntu
+Group=ubuntu
+[AWS-SECRET-REMOVED]
+ExecStart=/usr/bin/python3 /home/ubuntu/thrillwiki/scripts/webhook-listener.py
+Restart=always
+RestartSec=10
+
+# Environment variables
+Environment=WEBHOOK_PORT=9000
+Environment=WEBHOOK_SECRET=your_webhook_secret_here
+Environment=VM_HOST=localhost
+Environment=VM_PORT=22
+Environment=VM_USER=ubuntu
+Environment=VM_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
+Environment=VM_PROJECT_PATH=/home/ubuntu/thrillwiki
+Environment=REPO_URL=https://github.com/YOUR_USERNAME/thrillwiki_django_no_react.git
+Environment=DEPLOY_BRANCH=main
+
+# Security settings
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+[AWS-SECRET-REMOVED]ogs
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-webhook
+
+[Install]
+WantedBy=multi-user.target

shared/scripts/systemd/thrillwiki.service

@@ -0,0 +1,45 @@
+[Unit]
+Description=ThrillWiki Django Application
+After=network.target postgresql.service
+Wants=network.target
+Requires=postgresql.service
+
+[Service]
+Type=forking
+User=ubuntu
+Group=ubuntu
+[AWS-SECRET-REMOVED]
+[AWS-SECRET-REMOVED]s/ci-start.sh
+ExecStop=/bin/kill -TERM $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
+[AWS-SECRET-REMOVED]ngo.pid
+Restart=always
+RestartSec=10
+
+# Environment variables
+Environment=DJANGO_SETTINGS_MODULE=thrillwiki.settings
+[AWS-SECRET-REMOVED]llwiki
+Environment=PATH=/home/ubuntu/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+
+# Security settings
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+[AWS-SECRET-REMOVED]ogs
+[AWS-SECRET-REMOVED]edia
+[AWS-SECRET-REMOVED]taticfiles
+[AWS-SECRET-REMOVED]ploads
+
+# Resource limits
+LimitNOFILE=65536
+TimeoutStartSec=300
+TimeoutStopSec=30
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki
+
+[Install]
+WantedBy=multi-user.target