feat: complete monorepo structure with frontend and shared resources

- Add complete backend/ directory with full Django application - Add frontend/ directory with Vite + TypeScript setup ready for Next.js - Add comprehensive shared/ directory with: - Complete documentation and memory-bank archives - Media files and avatars (letters, park/ride images) - Deployment scripts and automation tools - Shared types and utilities - Add architecture/ directory with migration guides - Configure pnpm workspace for monorepo development - Update .gitignore to exclude .django_tailwind_cli/ build artifacts - Preserve all historical documentation in shared/docs/memory-bank/ - Set up proper structure for full-stack development with shared resources
2025-12-20 17:11:09 -05:00 · 2025-08-23 18:40:07 -04:00
parent b0e0678590
commit d504d41de2
762 changed files with 142636 additions and 0 deletions
--- a/shared/scripts/systemd/thrillwiki-automation.service
+++ b/shared/scripts/systemd/thrillwiki-automation.service
@@ -0,0 +1,106 @@
+[Unit]
+Description=ThrillWiki Bulletproof Development Automation
+Documentation=man:thrillwiki-automation(8)
+After=network.target
+Wants=network.target
+Before=thrillwiki.service
+PartOf=thrillwiki.service
+
+[Service]
+Type=simple
+User=ubuntu
+Group=ubuntu
+[AWS-SECRET-REMOVED]
+[AWS-SECRET-REMOVED]s/vm/bulletproof-automation.sh
+ExecStop=/bin/kill -TERM $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=10
+KillMode=mixed
+KillSignal=SIGTERM
+TimeoutStopSec=60
+TimeoutStartSec=120
+StartLimitIntervalSec=300
+StartLimitBurst=3
+
+# Environment variables - Load from file for security
+EnvironmentFile=-[AWS-SECRET-REMOVED]thrillwiki-automation***REMOVED***
+Environment=PROJECT_DIR=/home/ubuntu/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-automation
+Environment=GITHUB_REPO=origin
+Environment=GITHUB_BRANCH=main
+Environment=PULL_INTERVAL=300
+Environment=HEALTH_CHECK_INTERVAL=60
+Environment=STARTUP_TIMEOUT=120
+Environment=RESTART_DELAY=10
+Environment=LOG_DIR=/home/ubuntu/thrillwiki/logs
+Environment=MAX_LOG_SIZE=10485760
+Environment=SERVER_HOST=0.0.0.0
+Environment=SERVER_PORT=8000
+Environment=PATH=/home/ubuntu/.local/bin:/home/ubuntu/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]llwiki
+
+# Security settings - Enhanced hardening for automation script
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions - Allow access to necessary directories
+ReadWritePaths=/home/ubuntu/thrillwiki
+[AWS-SECRET-REMOVED]ogs
+[AWS-SECRET-REMOVED]edia
+[AWS-SECRET-REMOVED]taticfiles
+[AWS-SECRET-REMOVED]ploads
+ReadWritePaths=/home/ubuntu/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/ubuntu/.github-pat
+ReadOnlyPaths=/home/ubuntu/.ssh
+ReadOnlyPaths=/home/ubuntu/.local
+
+# Resource limits - Appropriate for automation script
+LimitNOFILE=65536
+LimitNPROC=1024
+MemoryMax=512M
+CPUQuota=50%
+TasksMax=256
+
+# Timeouts
+WatchdogSec=300
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-automation
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Enhanced logging for debugging
+# Ensure logs are captured and rotated properly
+LogsDirectory=thrillwiki-automation
+LogsDirectoryMode=0755
+StateDirectory=thrillwiki-automation
+StateDirectoryMode=0755
+RuntimeDirectory=thrillwiki-automation
+RuntimeDirectoryMode=0755
+
+# Capabilities - Minimal required capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target
+Also=thrillwiki.service