Configure PostgreSQL with PostGIS support

- Updated database settings to use dj_database_url for environment-based configuration - Added dj-database-url dependency - Configured PostGIS backend for spatial data support - Set default DATABASE_URL for production PostgreSQL connection
2025-12-21 13:31:09 -05:00 · 2025-08-19 18:51:33 -04:00
parent 274ba650b3
commit f4f8ec8f9b
44 changed files with 22869 additions and 8 deletions
--- a/scripts/systemd/thrillwiki-automation.env
+++ b/scripts/systemd/thrillwiki-automation.env
@@ -0,0 +1,203 @@
+# ThrillWiki Automation Service Environment Configuration
+# Copy this file to thrillwiki-automation***REMOVED*** and customize for your environment
+# 
+# Security Note: This file should have restricted permissions (600) as it may contain
+# sensitive information like GitHub Personal Access Tokens
+
+# [AWS-SECRET-REMOVED]====================================
+# PROJECT CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Base project directory (usually auto-detected)
+# PROJECT_DIR=/home/ubuntu/thrillwiki
+
+# Service name for systemd integration
+# SERVICE_NAME=thrillwiki
+
+# [AWS-SECRET-REMOVED]====================================
+# GITHUB REPOSITORY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub repository remote name
+# GITHUB_REPO=origin
+
+# Branch to pull from
+# GITHUB_BRANCH=main
+
+# GitHub Personal Access Token (PAT) - Required for private repositories
+# Generate at: https://github.com/settings/tokens
+# Required permissions: repo (Full control of private repositories)
+GITHUB_TOKEN=[GITHUB-TOKEN-REMOVED]
+
+# GitHub token file location (alternative to GITHUB_TOKEN)
+# GITHUB_TOKEN_FILE=/home/ubuntu/thrillwiki/.github-pat
+
+# [AWS-SECRET-REMOVED]====================================
+# AUTOMATION TIMING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Repository pull interval in seconds (default: 300 = 5 minutes)
+# PULL_INTERVAL=300
+
+# Health check interval in seconds (default: 60 = 1 minute)
+# HEALTH_CHECK_INTERVAL=60
+
+# Server startup timeout in seconds (default: 120 = 2 minutes)
+# STARTUP_TIMEOUT=120
+
+# Restart delay after failure in seconds (default: 10)
+# RESTART_DELAY=10
+
+# [AWS-SECRET-REMOVED]====================================
+# LOGGING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Log directory (default: project_dir/logs)
+# LOG_DIR=/home/ubuntu/thrillwiki/logs
+
+# Log file path
+# LOG_[AWS-SECRET-REMOVED]proof-automation.log
+
+# Maximum log file size in bytes (default: 10485760 = 10MB)
+# MAX_LOG_SIZE=10485760
+
+# Lock file location to prevent multiple instances
+# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
+
+# [AWS-SECRET-REMOVED]====================================
+# DEVELOPMENT SERVER CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Server host address (default: 0.0.0.0 for all interfaces)
+# SERVER_HOST=0.0.0.0
+
+# Server port (default: 8000)
+# SERVER_PORT=8000
+
+# [AWS-SECRET-REMOVED]====================================
+# DJANGO CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Django settings module
+# DJANGO_SETTINGS_MODULE=thrillwiki.settings
+
+# Python path
+# PYTHONPATH=/home/ubuntu/thrillwiki
+
+# [AWS-SECRET-REMOVED]====================================
+# ADVANCED CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub authentication script location
+# GITHUB_AUTH_[AWS-SECRET-REMOVED]ithub-auth.py
+
+# Enable verbose logging (true/false)
+# VERBOSE_LOGGING=false
+
+# Enable debug mode for troubleshooting (true/false)
+# DEBUG_MODE=false
+
+# Custom git remote URL (overrides GITHUB_REPO if set)
+# CUSTOM_GIT_REMOTE=https://github.com/username/repository.git
+
+# Email notifications for critical failures (requires email configuration)
+# NOTIFICATION_EMAIL=admin@example.com
+
+# Maximum consecutive failures before alerting (default: 5)
+# MAX_CONSECUTIVE_FAILURES=5
+
+# Enable automatic dependency updates (true/false, default: true)
+# AUTO_UPDATE_DEPENDENCIES=true
+
+# Enable automatic migrations on code changes (true/false, default: true)
+# AUTO_MIGRATE=true
+
+# Enable automatic static file collection (true/false, default: true)
+# AUTO_COLLECTSTATIC=true
+
+# [AWS-SECRET-REMOVED]====================================
+# SECURITY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub authentication method (token|ssh|https)
+# Default: token (uses GITHUB_TOKEN or GITHUB_TOKEN_FILE)
+# GITHUB_AUTH_METHOD=token
+
+# SSH key path for git operations (when using ssh auth method)
+# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
+
+# Git user configuration for commits
+# GIT_USER_NAME="ThrillWiki Automation"
+# GIT_USER_EMAIL="automation@thrillwiki.local"
+
+# [AWS-SECRET-REMOVED]====================================
+# MONITORING AND HEALTH CHECKS
+# [AWS-SECRET-REMOVED]====================================
+
+# Health check URL to verify server is running
+# HEALTH_CHECK_URL=http://localhost:8000/health/
+
+# Health check timeout in seconds
+# HEALTH_CHECK_TIMEOUT=30
+
+# Enable system resource monitoring (true/false)
+# MONITOR_RESOURCES=true
+
+# Memory usage threshold for warnings (in MB)
+# MEMORY_WARNING_THRESHOLD=1024
+
+# CPU usage threshold for warnings (percentage)
+# CPU_WARNING_THRESHOLD=80
+
+# Disk usage threshold for warnings (percentage)
+# DISK_WARNING_THRESHOLD=90
+
+# [AWS-SECRET-REMOVED]====================================
+# INTEGRATION SETTINGS
+# [AWS-SECRET-REMOVED]====================================
+
+# Webhook integration (if using thrillwiki-webhook service)
+# WEBHOOK_INTEGRATION=true
+
+# Slack webhook URL for notifications (optional)
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/url
+
+# Discord webhook URL for notifications (optional)
+# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your/webhook/url
+
+# [AWS-SECRET-REMOVED]====================================
+# USAGE EXAMPLES
+# [AWS-SECRET-REMOVED]====================================
+
+# Example 1: Basic setup with GitHub PAT
+GITHUB_TOKEN=[GITHUB-TOKEN-REMOVED]
+# PULL_INTERVAL=300
+# AUTO_MIGRATE=true
+
+# Example 2: Enhanced monitoring setup
+# HEALTH_CHECK_INTERVAL=30
+# MONITOR_RESOURCES=true
+# NOTIFICATION_EMAIL=admin@thrillwiki.com
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook
+
+# Example 3: Development environment with frequent pulls
+# PULL_INTERVAL=60
+# DEBUG_MODE=true
+# VERBOSE_LOGGING=true
+# AUTO_UPDATE_DEPENDENCIES=true
+
+# [AWS-SECRET-REMOVED]====================================
+# INSTALLATION NOTES
+# [AWS-SECRET-REMOVED]====================================
+
+# 1. Copy this file: cp thrillwiki-automation***REMOVED***.example thrillwiki-automation***REMOVED***
+# 2. Set secure permissions: chmod 600 thrillwiki-automation***REMOVED***
+# 3. Customize the settings above for your environment
+# 4. Enable the service: sudo systemctl enable thrillwiki-automation
+# 5. Start the service: sudo systemctl start thrillwiki-automation
+# 6. Check status: sudo systemctl status thrillwiki-automation
+# 7. View logs: sudo journalctl -u thrillwiki-automation -f
+
+# For security, ensure only the ubuntu user can read this file:
+# sudo chown ubuntu:ubuntu thrillwiki-automation***REMOVED***
+# sudo chmod 600 thrillwiki-automation***REMOVED***
--- a/scripts/systemd/thrillwiki-automation.env.example
+++ b/scripts/systemd/thrillwiki-automation.env.example
@@ -0,0 +1,296 @@
+# ThrillWiki Automation Service Environment Configuration
+# Copy this file to thrillwiki-automation***REMOVED*** and customize for your environment
+# 
+# Security Note: This file should have restricted permissions (600) as it may contain
+# sensitive information like GitHub Personal Access Tokens
+
+# [AWS-SECRET-REMOVED]====================================
+# PROJECT CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Base project directory (usually auto-detected)
+# PROJECT_DIR=/home/ubuntu/thrillwiki
+
+# Service name for systemd integration
+# SERVICE_NAME=thrillwiki
+
+# [AWS-SECRET-REMOVED]====================================
+# GITHUB REPOSITORY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub repository remote name
+# GITHUB_REPO=origin
+
+# Branch to pull from
+# GITHUB_BRANCH=main
+
+# GitHub Personal Access Token (PAT) - Required for private repositories
+# Generate at: https://github.com/settings/tokens
+# Required permissions: repo (Full control of private repositories)
+# GITHUB_TOKEN=ghp_your_personal_access_token_here
+
+# GitHub token file location (alternative to GITHUB_TOKEN)
+# GITHUB_TOKEN_FILE=/home/ubuntu/thrillwiki/.github-pat
+GITHUB_PAT_FILE=/home/ubuntu/thrillwiki/.github-pat
+
+# [AWS-SECRET-REMOVED]====================================
+# AUTOMATION TIMING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Repository pull interval in seconds (default: 300 = 5 minutes)
+# PULL_INTERVAL=300
+
+# Health check interval in seconds (default: 60 = 1 minute)
+# HEALTH_CHECK_INTERVAL=60
+
+# Server startup timeout in seconds (default: 120 = 2 minutes)
+# STARTUP_TIMEOUT=120
+
+# Restart delay after failure in seconds (default: 10)
+# RESTART_DELAY=10
+
+# [AWS-SECRET-REMOVED]====================================
+# LOGGING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Log directory (default: project_dir/logs)
+# LOG_DIR=/home/ubuntu/thrillwiki/logs
+
+# Log file path
+# LOG_[AWS-SECRET-REMOVED]proof-automation.log
+
+# Maximum log file size in bytes (default: 10485760 = 10MB)
+# MAX_LOG_SIZE=10485760
+
+# Lock file location to prevent multiple instances
+# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
+
+# [AWS-SECRET-REMOVED]====================================
+# DEVELOPMENT SERVER CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Server host address (default: 0.0.0.0 for all interfaces)
+# SERVER_HOST=0.0.0.0
+
+# Server port (default: 8000)
+# SERVER_PORT=8000
+
+# [AWS-SECRET-REMOVED]====================================
+# DEPLOYMENT CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Deployment preset (dev, prod, demo, testing)
+# DEPLOYMENT_PRESET=dev
+
+# Repository URL for deployment
+# GITHUB_REPO_URL=https://github.com/username/repository.git
+
+# Repository branch for deployment
+# GITHUB_REPO_BRANCH=main
+
+# Enable Django project setup during deployment
+# DJANGO_PROJECT_SETUP=true
+
+# Skip GitHub authentication setup
+# SKIP_GITHUB_SETUP=false
+
+# Skip repository configuration
+# SKIP_REPO_CONFIG=false
+
+# Skip systemd service setup
+# SKIP_SERVICE_SETUP=false
+
+# Force deployment even if target exists
+# FORCE_DEPLOY=false
+
+# Remote deployment user
+# REMOTE_USER=ubuntu
+
+# Remote deployment host
+# REMOTE_HOST=
+
+# Remote deployment port
+# REMOTE_PORT=22
+
+# Remote deployment path
+# REMOTE_PATH=/home/ubuntu/thrillwiki
+
+# [AWS-SECRET-REMOVED]====================================
+# DJANGO CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Django settings module
+# DJANGO_SETTINGS_MODULE=thrillwiki.settings
+
+# Python path
+# PYTHONPATH=/home/ubuntu/thrillwiki
+
+# UV executable path (for systems where UV is not in standard PATH)
+# UV_EXECUTABLE=/home/ubuntu/.local/bin/uv
+
+# Django development server command (used by bulletproof automation)
+# DJANGO_RUNSERVER_CMD=uv run manage.py tailwind runserver
+
+# Enable development server auto-cleanup (kills processes on port 8000)
+# AUTO_CLEANUP_PROCESSES=true
+
+# [AWS-SECRET-REMOVED]====================================
+# ADVANCED CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub authentication script location
+# GITHUB_AUTH_[AWS-SECRET-REMOVED]ithub-auth.py
+
+# Enable verbose logging (true/false)
+# VERBOSE_LOGGING=false
+
+# Enable debug mode for troubleshooting (true/false)
+# DEBUG_MODE=false
+
+# Custom git remote URL (overrides GITHUB_REPO if set)
+# CUSTOM_GIT_REMOTE=https://github.com/username/repository.git
+
+# Email notifications for critical failures (requires email configuration)
+# NOTIFICATION_EMAIL=admin@example.com
+
+# Maximum consecutive failures before alerting (default: 5)
+# MAX_CONSECUTIVE_FAILURES=5
+
+# Enable automatic dependency updates (true/false, default: true)
+# AUTO_UPDATE_DEPENDENCIES=true
+
+# Enable automatic migrations on code changes (true/false, default: true)
+# AUTO_MIGRATE=true
+
+# Enable automatic static file collection (true/false, default: true)
+# AUTO_COLLECTSTATIC=true
+
+# [AWS-SECRET-REMOVED]====================================
+# SECURITY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub authentication method (token|ssh|https)
+# Default: token (uses GITHUB_TOKEN or GITHUB_TOKEN_FILE)
+# GITHUB_AUTH_METHOD=token
+
+# SSH key path for git operations (when using ssh auth method)
+# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
+
+# Git user configuration for commits
+# GIT_USER_NAME="ThrillWiki Automation"
+# GIT_USER_EMAIL="automation@thrillwiki.local"
+
+# [AWS-SECRET-REMOVED]====================================
+# MONITORING AND HEALTH CHECKS
+# [AWS-SECRET-REMOVED]====================================
+
+# Health check URL to verify server is running
+# HEALTH_CHECK_URL=http://localhost:8000/health/
+
+# Health check timeout in seconds
+# HEALTH_CHECK_TIMEOUT=30
+
+# Enable system resource monitoring (true/false)
+# MONITOR_RESOURCES=true
+
+# Memory usage threshold for warnings (in MB)
+# MEMORY_WARNING_THRESHOLD=1024
+
+# CPU usage threshold for warnings (percentage)
+# CPU_WARNING_THRESHOLD=80
+
+# Disk usage threshold for warnings (percentage)
+# DISK_WARNING_THRESHOLD=90
+
+# [AWS-SECRET-REMOVED]====================================
+# INTEGRATION SETTINGS
+# [AWS-SECRET-REMOVED]====================================
+
+# Webhook integration (if using thrillwiki-webhook service)
+# WEBHOOK_INTEGRATION=true
+
+# Slack webhook URL for notifications (optional)
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/url
+
+# Discord webhook URL for notifications (optional)
+# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your/webhook/url
+
+# [AWS-SECRET-REMOVED]====================================
+# ENVIRONMENT AND SYSTEM CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# System PATH additions (for UV and other tools)
+# ADDITIONAL_PATH=/home/ubuntu/.local/bin:/home/ubuntu/.cargo/bin
+
+# Python environment configuration
+# PYTHON_EXECUTABLE=python3
+
+# Enable verbose logging for debugging
+# VERBOSE_LOGGING=false
+
+# Debug mode for development
+# DEBUG_MODE=false
+
+# Service restart configuration
+# MAX_RESTART_ATTEMPTS=3
+# RESTART_COOLDOWN=300
+
+# Health check configuration
+# HEALTH_CHECK_URL=http://localhost:8000/health/
+# HEALTH_CHECK_TIMEOUT=30
+
+# System resource monitoring
+# MONITOR_RESOURCES=true
+# MEMORY_WARNING_THRESHOLD=1024
+# CPU_WARNING_THRESHOLD=80
+# DISK_WARNING_THRESHOLD=90
+
+# Lock file configuration
+# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
+
+# GitHub authentication method (token|ssh|https)
+# GITHUB_AUTH_METHOD=token
+
+# SSH key path for git operations (when using ssh auth method)
+# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
+
+# Git user configuration for commits
+# GIT_USER_NAME="ThrillWiki Automation"
+# GIT_USER_EMAIL="automation@thrillwiki.local"
+
+# [AWS-SECRET-REMOVED]====================================
+# USAGE EXAMPLES
+# [AWS-SECRET-REMOVED]====================================
+
+# Example 1: Basic setup with GitHub PAT
+# GITHUB_TOKEN=ghp_your_token_here
+# PULL_INTERVAL=300
+# AUTO_MIGRATE=true
+
+# Example 2: Enhanced monitoring setup
+# HEALTH_CHECK_INTERVAL=30
+# MONITOR_RESOURCES=true
+# NOTIFICATION_EMAIL=admin@thrillwiki.com
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook
+
+# Example 3: Development environment with frequent pulls
+# PULL_INTERVAL=60
+# DEBUG_MODE=true
+# VERBOSE_LOGGING=true
+# AUTO_UPDATE_DEPENDENCIES=true
+
+# [AWS-SECRET-REMOVED]====================================
+# INSTALLATION NOTES
+# [AWS-SECRET-REMOVED]====================================
+
+# 1. Copy this file: cp thrillwiki-automation***REMOVED***.example thrillwiki-automation***REMOVED***
+# 2. Set secure permissions: chmod 600 thrillwiki-automation***REMOVED***
+# 3. Customize the settings above for your environment
+# 4. Enable the service: sudo systemctl enable thrillwiki-automation
+# 5. Start the service: sudo systemctl start thrillwiki-automation
+# 6. Check status: sudo systemctl status thrillwiki-automation
+# 7. View logs: sudo journalctl -u thrillwiki-automation -f
+
+# For security, ensure only the ubuntu user can read this file:
+# sudo chown ubuntu:ubuntu thrillwiki-automation***REMOVED***
+# sudo chmod 600 thrillwiki-automation***REMOVED***
--- a/scripts/systemd/thrillwiki-automation.service
+++ b/scripts/systemd/thrillwiki-automation.service
@@ -0,0 +1,106 @@
+[Unit]
+Description=ThrillWiki Bulletproof Development Automation
+Documentation=man:thrillwiki-automation(8)
+After=network.target
+Wants=network.target
+Before=thrillwiki.service
+PartOf=thrillwiki.service
+
+[Service]
+Type=simple
+User=ubuntu
+Group=ubuntu
+[AWS-SECRET-REMOVED]
+[AWS-SECRET-REMOVED]s/vm/bulletproof-automation.sh
+ExecStop=/bin/kill -TERM $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=10
+KillMode=mixed
+KillSignal=SIGTERM
+TimeoutStopSec=60
+TimeoutStartSec=120
+StartLimitIntervalSec=300
+StartLimitBurst=3
+
+# Environment variables - Load from file for security
+EnvironmentFile=-[AWS-SECRET-REMOVED]thrillwiki-automation***REMOVED***
+Environment=PROJECT_DIR=/home/ubuntu/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-automation
+Environment=GITHUB_REPO=origin
+Environment=GITHUB_BRANCH=main
+Environment=PULL_INTERVAL=300
+Environment=HEALTH_CHECK_INTERVAL=60
+Environment=STARTUP_TIMEOUT=120
+Environment=RESTART_DELAY=10
+Environment=LOG_DIR=/home/ubuntu/thrillwiki/logs
+Environment=MAX_LOG_SIZE=10485760
+Environment=SERVER_HOST=0.0.0.0
+Environment=SERVER_PORT=8000
+Environment=PATH=/home/ubuntu/.local/bin:/home/ubuntu/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]llwiki
+
+# Security settings - Enhanced hardening for automation script
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions - Allow access to necessary directories
+ReadWritePaths=/home/ubuntu/thrillwiki
+[AWS-SECRET-REMOVED]ogs
+[AWS-SECRET-REMOVED]edia
+[AWS-SECRET-REMOVED]taticfiles
+[AWS-SECRET-REMOVED]ploads
+ReadWritePaths=/home/ubuntu/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/ubuntu/.github-pat
+ReadOnlyPaths=/home/ubuntu/.ssh
+ReadOnlyPaths=/home/ubuntu/.local
+
+# Resource limits - Appropriate for automation script
+LimitNOFILE=65536
+LimitNPROC=1024
+MemoryMax=512M
+CPUQuota=50%
+TasksMax=256
+
+# Timeouts
+WatchdogSec=300
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-automation
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Enhanced logging for debugging
+# Ensure logs are captured and rotated properly
+LogsDirectory=thrillwiki-automation
+LogsDirectoryMode=0755
+StateDirectory=thrillwiki-automation
+StateDirectoryMode=0755
+RuntimeDirectory=thrillwiki-automation
+RuntimeDirectoryMode=0755
+
+# Capabilities - Minimal required capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target
+Also=thrillwiki.service
--- a/scripts/systemd/thrillwiki-deployment.env
+++ b/scripts/systemd/thrillwiki-deployment.env
@@ -0,0 +1,321 @@
+# ThrillWiki Deployment Service Environment Configuration
+# This file is generated automatically by the deployment system and integrates
+# with deployment presets for consistent configuration across environments.
+# 
+# Security Note: This file should have restricted permissions (600) as it may contain
+# sensitive information like GitHub Personal Access Tokens
+
+# [AWS-SECRET-REMOVED]====================================
+# PROJECT CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Base project directory
+PROJECT_DIR=/home/thrillwiki/thrillwiki
+
+# Service name for systemd integration
+SERVICE_NAME=thrillwiki-deployment
+
+# Deployment mode (automated|manual|timer)
+DEPLOYMENT_MODE=automated
+
+# [AWS-SECRET-REMOVED]====================================
+# GITHUB REPOSITORY CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# GitHub repository remote name
+GITHUB_REPO=origin
+
+# Branch to pull from
+GITHUB_BRANCH=main
+
+# GitHub Personal Access Token (PAT) - Required for private repositories
+# This will be populated automatically during deployment setup
+# GITHUB_TOKEN=
+
+# GitHub token file location (alternative to GITHUB_TOKEN)
+GITHUB_TOKEN_FILE=/home/thrillwiki/thrillwiki/.github-pat
+
+# [AWS-SECRET-REMOVED]====================================
+# DEPLOYMENT PRESET CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Deployment preset (dev, prod, demo, testing)
+# This determines the automation timing and behavior
+DEPLOYMENT_PRESET=dev
+
+# [AWS-SECRET-REMOVED]====================================
+# AUTOMATION TIMING CONFIGURATION (Preset-based)
+# [AWS-SECRET-REMOVED]====================================
+
+# Repository pull interval in seconds
+# Default values by preset:
+# - dev: 60s (1 minute)
+# - prod: 300s (5 minutes)  
+# - demo: 120s (2 minutes)
+# - testing: 180s (3 minutes)
+PULL_INTERVAL=60
+
+# Health check interval in seconds
+HEALTH_CHECK_INTERVAL=30
+
+# Server startup timeout in seconds
+STARTUP_TIMEOUT=120
+
+# Restart delay after failure in seconds
+RESTART_DELAY=10
+
+# [AWS-SECRET-REMOVED]====================================
+# DEPLOYMENT BEHAVIOR CONFIGURATION (Preset-based)
+# [AWS-SECRET-REMOVED]====================================
+
+# Debug mode for troubleshooting
+DEBUG_MODE=true
+
+# Enable automatic dependency updates
+AUTO_UPDATE_DEPENDENCIES=true
+
+# Enable automatic migrations on code changes
+AUTO_MIGRATE=true
+
+# Enable automatic static file collection
+AUTO_COLLECTSTATIC=true
+
+# Log level (DEBUG|INFO|WARNING|ERROR)
+LOG_LEVEL=DEBUG
+
+# [AWS-SECRET-REMOVED]====================================
+# SECURITY CONFIGURATION (Preset-based)
+# [AWS-SECRET-REMOVED]====================================
+
+# Django debug mode
+DJANGO_DEBUG=true
+
+# SSL required
+SSL_REQUIRED=false
+
+# CORS allowed
+CORS_ALLOWED=true
+
+# Allowed hosts (comma-separated)
+ALLOWED_HOSTS=*
+
+# [AWS-SECRET-REMOVED]====================================
+# LOGGING CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Log directory
+LOG_DIR=/home/thrillwiki/thrillwiki/logs
+
+# Log file path for deployment automation
+LOG_[AWS-SECRET-REMOVED]ployment-automation.log
+
+# Maximum log file size in bytes (10MB default)
+MAX_LOG_SIZE=10485760
+
+# Lock file location to prevent multiple instances
+LOCK_FILE=/tmp/thrillwiki-deployment.lock
+
+# [AWS-SECRET-REMOVED]====================================
+# DEVELOPMENT SERVER CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Server host address
+SERVER_HOST=0.0.0.0
+
+# Server port
+SERVER_PORT=8000
+
+# Health check URL
+HEALTH_CHECK_URL=http://localhost:8000/
+
+# Health check timeout in seconds
+HEALTH_CHECK_TIMEOUT=30
+
+# [AWS-SECRET-REMOVED]====================================
+# DJANGO CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Django settings module
+DJANGO_SETTINGS_MODULE=thrillwiki.settings
+
+# Python path
+PYTHONPATH=/home/thrillwiki/thrillwiki
+
+# UV executable path
+UV_EXECUTABLE=/home/thrillwiki/.local/bin/uv
+
+# Django development server command (following .clinerules)
+DJANGO_RUNSERVER_CMD=lsof -ti :8000 | xargs kill -9; find . -type d -name '__pycache__' -exec rm -r {} +; uv run manage.py tailwind runserver
+
+# Enable development server auto-cleanup
+AUTO_CLEANUP_PROCESSES=true
+
+# [AWS-SECRET-REMOVED]====================================
+# SYSTEMD SERVICE CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Service user and group
+SERVICE_USER=thrillwiki
+SERVICE_GROUP=thrillwiki
+
+# Service working directory
+SERVICE_WORKING_DIR=/home/thrillwiki/thrillwiki
+
+# Service restart policy
+SERVICE_RESTART=always
+SERVICE_RESTART_SEC=30
+
+# Service timeout configuration
+SERVICE_TIMEOUT_START=180
+SERVICE_TIMEOUT_STOP=120
+
+# Maximum restart attempts
+MAX_RESTART_ATTEMPTS=3
+
+# Restart cooldown period
+RESTART_COOLDOWN=300
+
+# [AWS-SECRET-REMOVED]====================================
+# SMART DEPLOYMENT TIMER CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Timer service configuration
+TIMER_ON_BOOT_SEC=5min
+TIMER_ON_UNIT_ACTIVE_SEC=5min
+TIMER_RANDOMIZED_DELAY_SEC=30sec
+TIMER_PERSISTENT=true
+
+# [AWS-SECRET-REMOVED]====================================
+# MONITORING AND HEALTH CHECKS
+# [AWS-SECRET-REMOVED]====================================
+
+# Enable system resource monitoring
+MONITOR_RESOURCES=true
+
+# Memory usage threshold for warnings (in MB)
+MEMORY_WARNING_THRESHOLD=512
+
+# CPU usage threshold for warnings (percentage)
+CPU_WARNING_THRESHOLD=70
+
+# Disk usage threshold for warnings (percentage)
+DISK_WARNING_THRESHOLD=85
+
+# [AWS-SECRET-REMOVED]====================================
+# INTEGRATION SETTINGS
+# [AWS-SECRET-REMOVED]====================================
+
+# Integration with other services
+WEBHOOK_INTEGRATION=false
+
+# Email notifications for critical failures
+# NOTIFICATION_EMAIL=
+
+# Maximum consecutive failures before alerting
+MAX_CONSECUTIVE_FAILURES=5
+
+# [AWS-SECRET-REMOVED]====================================
+# ADVANCED CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# Enable verbose logging
+VERBOSE_LOGGING=true
+
+# Custom git remote URL (overrides GITHUB_REPO if set)
+# CUSTOM_GIT_REMOTE=
+
+# GitHub authentication method (token|ssh|https)
+GITHUB_AUTH_METHOD=token
+
+# SSH key path for git operations (when using ssh auth method)
+# SSH_KEY_PATH=/home/thrillwiki/.ssh/***REMOVED***
+
+# Git user configuration for commits
+GIT_USER_NAME="ThrillWiki Deployment"
+GIT_USER_EMAIL="deployment@thrillwiki.local"
+
+# [AWS-SECRET-REMOVED]====================================
+# ENVIRONMENT AND SYSTEM CONFIGURATION
+# [AWS-SECRET-REMOVED]====================================
+
+# System PATH additions (for UV and other tools)
+ADDITIONAL_PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin
+
+# Python environment configuration
+PYTHON_EXECUTABLE=python3
+
+# Service state and runtime directories
+SERVICE_LOGS_DIR=/var/log/thrillwiki-deployment
+SERVICE_STATE_DIR=/var/lib/thrillwiki-deployment
+SERVICE_RUNTIME_DIR=/run/thrillwiki-deployment
+
+# [AWS-SECRET-REMOVED]====================================
+# PRESET-SPECIFIC OVERRIDES
+# [AWS-SECRET-REMOVED]====================================
+# The following section contains preset-specific configurations that override
+# the defaults above based on the DEPLOYMENT_PRESET value.
+# These are automatically applied by the deployment system.
+
+# Development preset overrides (applied when DEPLOYMENT_PRESET=dev)
+# PULL_INTERVAL=60
+# HEALTH_CHECK_INTERVAL=30
+# DEBUG_MODE=true
+# AUTO_MIGRATE=true
+# AUTO_UPDATE_DEPENDENCIES=true
+# LOG_LEVEL=DEBUG
+# SSL_REQUIRED=false
+# CORS_ALLOWED=true
+# DJANGO_DEBUG=true
+# ALLOWED_HOSTS=*
+
+# Production preset overrides (applied when DEPLOYMENT_PRESET=prod)
+# PULL_INTERVAL=300
+# HEALTH_CHECK_INTERVAL=60
+# DEBUG_MODE=false
+# AUTO_MIGRATE=true
+# AUTO_UPDATE_DEPENDENCIES=false
+# LOG_LEVEL=WARNING
+# SSL_REQUIRED=true
+# CORS_ALLOWED=false
+# DJANGO_DEBUG=false
+# ALLOWED_HOSTS=production-host
+
+# Demo preset overrides (applied when DEPLOYMENT_PRESET=demo)
+# PULL_INTERVAL=120
+# HEALTH_CHECK_INTERVAL=45
+# DEBUG_MODE=false
+# AUTO_MIGRATE=true
+# AUTO_UPDATE_DEPENDENCIES=true
+# LOG_LEVEL=INFO
+# SSL_REQUIRED=false
+# CORS_ALLOWED=true
+# DJANGO_DEBUG=false
+# ALLOWED_HOSTS=demo-host
+
+# Testing preset overrides (applied when DEPLOYMENT_PRESET=testing)
+# PULL_INTERVAL=180
+# HEALTH_CHECK_INTERVAL=30
+# DEBUG_MODE=true
+# AUTO_MIGRATE=true
+# AUTO_UPDATE_DEPENDENCIES=true
+# LOG_LEVEL=DEBUG
+# SSL_REQUIRED=false
+# CORS_ALLOWED=true
+# DJANGO_DEBUG=true
+# ALLOWED_HOSTS=test-host
+
+# [AWS-SECRET-REMOVED]====================================
+# INSTALLATION AND SECURITY NOTES
+# [AWS-SECRET-REMOVED]====================================
+
+# For security, ensure only the thrillwiki user can read this file:
+# sudo chown thrillwiki:thrillwiki thrillwiki-deployment***REMOVED***
+# sudo chmod 600 thrillwiki-deployment***REMOVED***
+
+# Service management commands:
+# sudo systemctl enable thrillwiki-deployment.service
+# sudo systemctl enable thrillwiki-smart-deploy.timer
+# sudo systemctl start thrillwiki-deployment.service
+# sudo systemctl start thrillwiki-smart-deploy.timer
+# sudo systemctl status thrillwiki-deployment.service
+# sudo journalctl -u thrillwiki-deployment -f
--- a/scripts/systemd/thrillwiki-deployment.service
+++ b/scripts/systemd/thrillwiki-deployment.service
@@ -0,0 +1,103 @@
+[Unit]
+Description=ThrillWiki Complete Deployment Automation Service
+Documentation=man:thrillwiki-deployment(8)
+After=network.target network-online.target
+Wants=network-online.target
+Before=thrillwiki-smart-deploy.timer
+PartOf=thrillwiki-smart-deploy.timer
+
+[Service]
+Type=simple
+User=thrillwiki
+Group=thrillwiki
+[AWS-SECRET-REMOVED]wiki
+[AWS-SECRET-REMOVED]ripts/vm/deploy-automation.sh
+ExecStop=/bin/kill -TERM $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=30
+KillMode=mixed
+KillSignal=SIGTERM
+TimeoutStopSec=120
+TimeoutStartSec=180
+StartLimitIntervalSec=600
+StartLimitBurst=3
+
+# Environment variables - Load from file for security and preset integration
+EnvironmentFile=-[AWS-SECRET-REMOVED]emd/thrillwiki-deployment***REMOVED***
+Environment=PROJECT_DIR=/home/thrillwiki/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-deployment
+Environment=GITHUB_REPO=origin
+Environment=GITHUB_BRANCH=main
+Environment=DEPLOYMENT_MODE=automated
+Environment=LOG_DIR=/home/thrillwiki/thrillwiki/logs
+Environment=MAX_LOG_SIZE=10485760
+Environment=SERVER_HOST=0.0.0.0
+Environment=SERVER_PORT=8000
+Environment=PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]thrillwiki
+
+# Security settings - Enhanced hardening for deployment automation
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions - Allow access to necessary directories
+[AWS-SECRET-REMOVED]ki
+[AWS-SECRET-REMOVED]ki/logs
+[AWS-SECRET-REMOVED]ki/media
+[AWS-SECRET-REMOVED]ki/staticfiles
+[AWS-SECRET-REMOVED]ki/uploads
+ReadWritePaths=/home/thrillwiki/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/thrillwiki/.github-pat
+ReadOnlyPaths=/home/thrillwiki/.ssh
+ReadOnlyPaths=/home/thrillwiki/.local
+
+# Resource limits - Appropriate for deployment automation
+LimitNOFILE=65536
+LimitNPROC=2048
+MemoryMax=1G
+CPUQuota=75%
+TasksMax=512
+
+# Timeouts and watchdog
+WatchdogSec=600
+RuntimeMaxSec=0
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-deployment
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Enhanced logging for debugging
+LogsDirectory=thrillwiki-deployment
+LogsDirectoryMode=0755
+StateDirectory=thrillwiki-deployment
+StateDirectoryMode=0755
+RuntimeDirectory=thrillwiki-deployment
+RuntimeDirectoryMode=0755
+
+# Capabilities - Minimal required capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target
+Also=thrillwiki-smart-deploy.timer
--- a/scripts/systemd/thrillwiki-smart-deploy.service
+++ b/scripts/systemd/thrillwiki-smart-deploy.service
@@ -0,0 +1,76 @@
+[Unit]
+Description=ThrillWiki Smart Deployment Service
+Documentation=man:thrillwiki-smart-deploy(8)
+After=network.target thrillwiki-deployment.service
+Wants=network.target
+PartOf=thrillwiki-smart-deploy.timer
+
+[Service]
+Type=oneshot
+User=thrillwiki
+Group=thrillwiki
+[AWS-SECRET-REMOVED]wiki
+[AWS-SECRET-REMOVED]ripts/smart-deploy.sh
+TimeoutStartSec=300
+TimeoutStopSec=60
+
+# Environment variables - Load from deployment configuration
+EnvironmentFile=-[AWS-SECRET-REMOVED]emd/thrillwiki-deployment***REMOVED***
+Environment=PROJECT_DIR=/home/thrillwiki/thrillwiki
+Environment=SERVICE_NAME=thrillwiki-smart-deploy
+Environment=DEPLOYMENT_MODE=timer
+Environment=LOG_DIR=/home/thrillwiki/thrillwiki/logs
+Environment=PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin:/usr/local/bin:/usr/bin:/bin
+[AWS-SECRET-REMOVED]thrillwiki
+
+# Security settings - Inherited from main deployment service
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=false
+RemoveIPC=true
+
+# File system permissions
+[AWS-SECRET-REMOVED]ki
+[AWS-SECRET-REMOVED]ki/logs
+[AWS-SECRET-REMOVED]ki/media
+[AWS-SECRET-REMOVED]ki/staticfiles
+[AWS-SECRET-REMOVED]ki/uploads
+ReadWritePaths=/home/thrillwiki/.cache
+ReadWritePaths=/tmp
+ReadOnlyPaths=/home/thrillwiki/.github-pat
+ReadOnlyPaths=/home/thrillwiki/.ssh
+ReadOnlyPaths=/home/thrillwiki/.local
+
+# Resource limits
+LimitNOFILE=65536
+LimitNPROC=1024
+MemoryMax=512M
+CPUQuota=50%
+TasksMax=256
+
+# Logging configuration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=thrillwiki-smart-deploy
+SyslogFacility=daemon
+SyslogLevel=info
+SyslogLevelPrefix=true
+
+# Capabilities
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateDevices=true
+ProtectClock=true
+ProtectHostname=true
+
+[Install]
+WantedBy=multi-user.target
--- a/scripts/systemd/thrillwiki-smart-deploy.timer
+++ b/scripts/systemd/thrillwiki-smart-deploy.timer
@@ -0,0 +1,17 @@
+[Unit]
+Description=ThrillWiki Smart Deployment Timer
+Documentation=man:thrillwiki-smart-deploy(8)
+Requires=thrillwiki-smart-deploy.service
+After=thrillwiki-deployment.service
+
+[Timer]
+# Default timer configuration (can be overridden by environment)
+OnBootSec=5min
+OnUnitActiveSec=5min
+Unit=thrillwiki-smart-deploy.service
+Persistent=true
+RandomizedDelaySec=30sec
+
+[Install]
+WantedBy=timers.target
+Also=thrillwiki-smart-deploy.service