pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2025-12-20 16:11:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
66ed4347a900099eef2c80d4a0b071beabeeff74
thrillwiki_django_no_react/scripts/systemd/thrillwiki-deployment.service
pacnpal f4f8ec8f9b Configure PostgreSQL with PostGIS support 
- Updated database settings to use dj_database_url for environment-based configuration
- Added dj-database-url dependency
- Configured PostGIS backend for spatial data support
- Set default DATABASE_URL for production PostgreSQL connection
2025-08-19 18:51:33 -04:00

103 lines
2.7 KiB
Desktop File
Raw Blame History

[Unit]
Description=ThrillWiki Complete Deployment Automation Service
Documentation=man:thrillwiki-deployment(8)
After=network.target network-online.target
Wants=network-online.target
Before=thrillwiki-smart-deploy.timer
PartOf=thrillwiki-smart-deploy.timer
[Service]
Type=simple
User=thrillwiki
Group=thrillwiki
[AWS-SECRET-REMOVED]wiki
[AWS-SECRET-REMOVED]ripts/vm/deploy-automation.sh
ExecStop=/bin/kill -TERM $MAINPID
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=30
KillMode=mixed
KillSignal=SIGTERM
TimeoutStopSec=120
TimeoutStartSec=180
StartLimitIntervalSec=600
StartLimitBurst=3
# Environment variables - Load from file for security and preset integration
EnvironmentFile=-[AWS-SECRET-REMOVED]emd/thrillwiki-deployment***REMOVED***
Environment=PROJECT_DIR=/home/thrillwiki/thrillwiki
Environment=SERVICE_NAME=thrillwiki-deployment
Environment=GITHUB_REPO=origin
Environment=GITHUB_BRANCH=main
Environment=DEPLOYMENT_MODE=automated
Environment=LOG_DIR=/home/thrillwiki/thrillwiki/logs
Environment=MAX_LOG_SIZE=10485760
Environment=SERVER_HOST=0.0.0.0
Environment=SERVER_PORT=8000
Environment=PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin:/usr/local/bin:/usr/bin:/bin
[AWS-SECRET-REMOVED]thrillwiki
# Security settings - Enhanced hardening for deployment automation
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictSUIDSGID=true
RestrictRealtime=true
RestrictNamespaces=true
LockPersonality=true
MemoryDenyWriteExecute=false
RemoveIPC=true
# File system permissions - Allow access to necessary directories
[AWS-SECRET-REMOVED]ki
[AWS-SECRET-REMOVED]ki/logs
[AWS-SECRET-REMOVED]ki/media
[AWS-SECRET-REMOVED]ki/staticfiles
[AWS-SECRET-REMOVED]ki/uploads
ReadWritePaths=/home/thrillwiki/.cache
ReadWritePaths=/tmp
ReadOnlyPaths=/home/thrillwiki/.github-pat
ReadOnlyPaths=/home/thrillwiki/.ssh
ReadOnlyPaths=/home/thrillwiki/.local
# Resource limits - Appropriate for deployment automation
LimitNOFILE=65536
LimitNPROC=2048
MemoryMax=1G
CPUQuota=75%
TasksMax=512
# Timeouts and watchdog
WatchdogSec=600
RuntimeMaxSec=0
# Logging configuration
StandardOutput=journal
StandardError=journal
SyslogIdentifier=thrillwiki-deployment
SyslogFacility=daemon
SyslogLevel=info
SyslogLevelPrefix=true
# Enhanced logging for debugging
LogsDirectory=thrillwiki-deployment
LogsDirectoryMode=0755
StateDirectory=thrillwiki-deployment
StateDirectoryMode=0755
RuntimeDirectory=thrillwiki-deployment
RuntimeDirectoryMode=0755
# Capabilities - Minimal required capabilities
CapabilityBoundingSet=
AmbientCapabilities=
PrivateDevices=true
ProtectClock=true
ProtectHostname=true
[Install]
WantedBy=multi-user.target
Also=thrillwiki-smart-deploy.timer
Reference in New Issue View Git Blame Copy Permalink